pr103953.C FAILs with -O3

pinskia at gcc dot gnu.org via Gcc-bugs Sat, 07 Mar 2026 11:18:41 -0800

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=119930


--- Comment #23 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
-fsanitize=address even gives an error at -O0 for the lambda object being used
after the scope ends:

Program returned: 1
=================================================================
==1==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7a81b44f0080
at pc 0x000000402067 bp 0x7ffd8fe34eb0 sp 0x7ffd8fe34ea8
READ of size 8 at 0x7a81b44f0080 thread T0
    #0 0x000000402066 in
f()::{lambda()#2}::operator()(f()::{lambda()#2}::_ZZ1fvENKUlvE0_clEv.Frame*)
[clone .actor] (/app/output.s+0x402066) (BuildId:
a9cb4727b57885a9cd0f2668289a8d6085b7c729)
    #1 0x000000402b1d in
std::__n4861::coroutine_handle<task::promise_type>::resume() const
(/app/output.s+0x402b1d) (BuildId: a9cb4727b57885a9cd0f2668289a8d6085b7c729)
    #2 0x00000040262f in f() (/app/output.s+0x40262f) (BuildId:
a9cb4727b57885a9cd0f2668289a8d6085b7c729)
    #3 0x000000402733 in main (/app/output.s+0x402733) (BuildId:
a9cb4727b57885a9cd0f2668289a8d6085b7c729)
    #4 0x7e81b6429d8f  (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f) (BuildId:
095c7ba148aeca81668091f718047078d57efddb)
    #5 0x7e81b6429e3f in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x29e3f) (BuildId:
095c7ba148aeca81668091f718047078d57efddb)
    #6 0x0000004011a4 in _start (/app/output.s+0x4011a4) (BuildId:
a9cb4727b57885a9cd0f2668289a8d6085b7c729)

Address 0x7a81b44f0080 is located in stack of thread T0 at offset 128 in frame
    #0 0x000000402506 in f() (/app/output.s+0x402506) (BuildId:
a9cb4727b57885a9cd0f2668289a8d6085b7c729)

  This frame has 4 object(s):
    [48, 49) '<unknown>'
    [64, 72) 'coroutine_A' (line 63)
    [96, 104) 'coroutine_B' (line 67)
    [128, 136) '<unknown>' <== Memory access at offset 128 is inside this
variable
HINT: this may be a false positive if your program uses some custom stack
unwind mechanism, swapcontext or vfork
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-scope (/app/output.s+0x402066)
(BuildId: a9cb4727b57885a9cd0f2668289a8d6085b7c729) in
f()::{lambda()#2}::operator()(f()::{lambda()#2}::_ZZ1fvENKUlvE0_clEv.Frame*)
[clone .actor]
Shadow bytes around the buggy address:
  0x7a81b44efe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x7a81b44efe80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x7a81b44eff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x7a81b44eff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x7a81b44f0000: f1 f1 f1 f1 f1 f1 f8 f2 00 f2 f2 f2 00 f2 f2 f2
=>0x7a81b44f0080:[f8]f3 f3 f3 f3 f3 f3 f3 f3 f3 f3 f3 f3 f3 f3 f3
  0x7a81b44f0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x7a81b44f0180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x7a81b44f0200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x7a81b44f0280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x7a81b44f0300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==1==ABORTING

[Bug tree-optimization/119930] [16 regression] g++.dg/coroutines/torture/pr103953.C FAILs with -O3

Reply via email to