[Bug sanitizer/59286] New: segfault in __sanitizer::StackDepotGet

[Joost.VandeVondele at mat dot ethz.ch]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59286

            Bug ID: 59286
           Summary: segfault in  __sanitizer::StackDepotGet
           Product: gcc
           Version: 4.9.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: sanitizer
          Assignee: unassigned at gcc dot gnu.org
          Reporter: Joost.VandeVondele at mat dot ethz.ch
                CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
                    jakub at gcc dot gnu.org, kcc at gcc dot gnu.org

Running our tsan instrumented code, I'm seeing a segfault in tsan. I have no
suitable testcase for this yet (short of building CP2K), so I'm posting the
backtrace here in case this rings a bell / triggers some suggestions on what
might be going on. I'll try to do some further testing.

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff4a27428 in __sanitizer::StackDepotGet (id=8388952,
size=0x7ffffffcb8f8) at
../../../../gcc/libsanitizer/sanitizer_common/sanitizer_stackdepot.cc:192
192          if (s->id == id) {
(gdb) bt
#0  0x00007ffff4a27428 in __sanitizer::StackDepotGet (id=8388952,
size=0x7ffffffcb8f8) at
../../../../gcc/libsanitizer/sanitizer_common/sanitizer_stackdepot.cc:192
#1  0x00007ffff4a1d9de in __tsan::ScopedReport::AddLocation (this=0x800158,
this@entry=0x7ffffffcb9f0, addr=140737488140536, addr@entry=137748196274048,
size=140737321271672, 
    size@entry=8) at ../../../../gcc/libsanitizer/tsan/tsan_rtl_report.cc:339
#2  0x00007ffff4a1ed30 in __tsan::ReportRace (thr=<optimized out>) at
../../../../gcc/libsanitizer/tsan/tsan_rtl_report.cc:697
#3  0x00007ffff4a21e02 in __tsan_report_race_thunk () at
../../../../gcc/libsanitizer/tsan/tsan_rtl_amd64.S:122
#4  0x00007ffff49ef9c8 in HandleRace (old=..., cur=..., shadow_mem=<optimized
out>, thr=<optimized out>) at ../../../../gcc/libsanitizer/tsan/tsan_rtl.cc:376
#5  MemoryAccessImpl (cur=..., shadow_mem=<optimized out>, kIsAtomic=<optimized
out>, kAccessIsWrite=<optimized out>, kAccessSizeLog=<optimized out>,
addr=<optimized out>, 
    thr=<optimized out>) at ../../../../gcc/libsanitizer/tsan/tsan_rtl.cc:460
#6  __tsan::MemoryAccess (thr=0x7ffff61f2780, pc=496049752, addr=82100428376,
kAccessSizeLog=8, kAccessIsWrite=true, kIsAtomic=true)
    at ../../../../gcc/libsanitizer/tsan/tsan_rtl.cc:531
#7  0x00007ffff67e62c0 in timings::timeset (routinen=<error reading variable:
Cannot access memory at address 0x3fe13824d8597625>, 
    handle=<error reading variable: Cannot access memory at address
0x3fe13824d8597005>, _routinen=<optimized out>) at
/data/vjoost/clean/cp2k/cp2k/src/../src/timings.F:254
(gdb) print s
$1 = (__sanitizer::StackDesc *) 0x4d634810890c558b
(gdb) print s->id
Cannot access memory at address 0x4d634810890c5593
(gdb) print id
$2 = 8388952
(gdb) list
187        CHECK_LT(idx, kTabSize);
188        atomic_uintptr_t *p = &depot.tab[idx];
189        uptr v = atomic_load(p, memory_order_consume);
190        StackDesc *s = (StackDesc*)(v & ~1);
191        for (; s; s = s->link) {
192          if (s->id == id) {
193            *size = s->size;
194            return s->stack;
195          }
196        }
(gdb) print idx
$3 = 4476
(gdb) print kTabSize
$5 = 1048576
(gdb) print depot.tab[idx]
$6 = {val_dont_use = 140737321271672}
(gdb) print depot