https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113430
Bug ID: 113430 Summary: Trivial program segfaults intermittently with ASAN since Linux 6.7 Product: gcc Version: 13.2.1 Status: UNCONFIRMED Severity: normal Priority: P3 Component: sanitizer Assignee: unassigned at gcc dot gnu.org Reporter: tavianator at gmail dot com CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org, jakub at gcc dot gnu.org, kcc at gcc dot gnu.org Target Milestone: --- Since updating to Linux 6.7, I'm getting intermittent segfaults with ASAN and ASLR enabled. $ cat foo.c int main(void) { return 0; } $ gcc -fsanitize=address foo.c -o foo $ while ./foo; do :; done AddressSanitizer:DEADLYSIGNAL ================================================================= ==337494==ERROR: AddressSanitizer: SEGV on unknown address 0x636c68879e78 (pc 0x7dde493b538f bp 0x000000000000 sp 0x7ffc78949970 T0) ==337494==The signal is caused by a READ memory access. AddressSanitizer:DEADLYSIGNAL AddressSanitizer: nested bug in the same thread, aborting. tavianator@graphene $ gcc --version gcc (GCC) 13.2.1 20230801 Copyright (C) 2023 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. $ uname -a Linux graphene 6.7.0-arch3-1 #1 SMP PREEMPT_DYNAMIC Sat, 13 Jan 2024 14:37:14 +0000 x86_64 GNU/Linux Here's the backtrace: (gdb) set disable-randomization off (gdb) run Starting program: /home/tavianator/code/bfs/foo [Thread debugging using libthread_db enabled] Using host libthread_db library "/usr/lib/libthread_db.so.1". Program received signal SIGSEGV, Segmentation fault. do_lookup_x (undef_name=undef_name@entry=0x761941b3e6d8 "_thread_db_sizeof_pthread", new_hash=new_hash@entry=3872132951, old_hash=old_hash@entry=0x7ffff16f0cc8, ref=0x0, result=result@entry=0x7ffff16f0cd0, scope=<optimized out>, i=0, version=0x0, flags=3, skip=<optimized out>, type_class=0, undef_map=<optimized out>) at dl-lookup.c:405 405 const ElfW(Sym) *symtab = (const void *) D_PTR (map, l_info[DT_SYMTAB]); (gdb) bt #0 do_lookup_x (undef_name=undef_name@entry=0x761941b3e6d8 "_thread_db_sizeof_pthread", new_hash=new_hash@entry=3872132951, old_hash=old_hash@entry=0x7ffff16f0cc8, ref=0x0, result=result@entry=0x7ffff16f0cd0, scope=<optimized out>, i=0, version=0x0, flags=3, skip=<optimized out>, type_class=0, undef_map=<optimized out>) at dl-lookup.c:405 #1 0x00007619421e20b8 in _dl_lookup_symbol_x (undef_name=0x761941b3e6d8 "_thread_db_sizeof_pthread", undef_map=<optimized out>, ref=0x7ffff16f0d58, symbol_scope=<optimized out>, version=0x0, type_class=0, flags=3, skip_map=0x0) at dl-lookup.c:793 #2 0x000076194197300e in do_sym (handle=<optimized out>, name=0x761941b3e6d8 "_thread_db_sizeof_pthread", who=0x761941afffb3 <__sanitizer::ThreadDescriptorSize()+35>, vers=vers@entry=0x0, flags=flags@entry=2) at dl-sym.c:146 #3 0x0000761941973331 in _dl_sym (handle=<optimized out>, name=<optimized out>, who=<optimized out>) at dl-sym.c:195 #4 0x00007619418a6ae8 in dlsym_doit (a=a@entry=0x7ffff16f0fc0) at dlsym.c:40 #5 0x00007619421d94e1 in __GI__dl_catch_exception (exception=exception@entry=0x7ffff16f0f20, operate=0x7619418a6ad0 <dlsym_doit>, args=0x7ffff16f0fc0) at dl-catch.c:237 #6 0x00007619421d9603 in _dl_catch_error (objname=0x7ffff16f0f78, errstring=0x7ffff16f0f80, mallocedp=0x7ffff16f0f77, operate=<optimized out>, args=<optimized out>) at dl-catch.c:256 #7 0x00007619418a64f7 in _dlerror_run (operate=operate@entry=0x7619418a6ad0 <dlsym_doit>, args=args@entry=0x7ffff16f0fc0) at dlerror.c:138 #8 0x00007619418a6b75 in dlsym_implementation (dl_caller=<optimized out>, name=<optimized out>, handle=<optimized out>) at dlsym.c:54 #9 ___dlsym (handle=<optimized out>, name=<optimized out>) at dlsym.c:68 #10 0x0000761941afffb3 in __sanitizer::ThreadDescriptorSize () at /usr/src/debug/gcc/gcc/libsanitizer/sanitizer_common/sanitizer_linux_libcdep.cpp:298 #11 0x0000761941b017ae in __sanitizer::ThreadDescriptorSize () at /usr/src/debug/gcc/gcc/libsanitizer/sanitizer_common/sanitizer_linux_libcdep.cpp:294 #12 __sanitizer::GetTls (size=0x7ffff16f1098, addr=0x7619421b0040) at /usr/src/debug/gcc/gcc/libsanitizer/sanitizer_common/sanitizer_linux_libcdep.cpp:498 #13 __sanitizer::GetThreadStackAndTls (main=true, stk_addr=stk_addr@entry=0x7619421b0020, stk_size=stk_size@entry=0x7ffff16f10a0, tls_addr=tls_addr@entry=0x7619421b0040, tls_size=tls_size@entry=0x7ffff16f1098) at /usr/src/debug/gcc/gcc/libsanitizer/sanitizer_common/sanitizer_linux_libcdep.cpp:595 #14 0x0000761941af0ff4 in __asan::AsanThread::SetThreadStackAndTls (this=this@entry=0x7619421b0000, options=<optimized out>) at /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_thread.h:77 #15 0x0000761941af14ee in __asan::AsanThread::Init (this=this@entry=0x7619421b0000, options=options@entry=0x0) at /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_thread.cpp:234 #16 0x0000761941af19e5 in __asan::AsanThread::ThreadStart (this=this@entry=0x7619421b0000, os_id=338380) at /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_thread.cpp:264 #17 0x0000761941af2604 in __asan::CreateMainThread () at /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_thread.cpp:295 #18 0x0000761941aee9df in __asan::AsanInitInternal () at /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_rtl.cpp:480 #19 0x00007619421dd02a in _dl_init (main_map=0x76194220c2d0, argc=1, argv=0x7ffff16f11a8, env=0x7ffff16f11b8) at dl-init.c:122 #20 0x00007619421f32d0 in _dl_start_user () from /lib64/ld-linux-x86-64.so.2 #21 0x0000000000000001 in ?? () #22 0x00007ffff16f1e1a in ?? () #23 0x0000000000000000 in ?? ()