https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65285
Bug ID: 65285 Summary: __asan_describe_address crashes when used with global variable Product: gcc Version: 4.9.2 Status: UNCONFIRMED Severity: normal Priority: P3 Component: sanitizer Assignee: unassigned at gcc dot gnu.org Reporter: peter at lekensteyn dot nl CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org, jakub at gcc dot gnu.org, kcc at gcc dot gnu.org While trying to use __asan_describe_address() on a global variable, it results in an ASAN check failure. (Originally noticed while using it in gdb.) cat <<SOURCE | ${CC:-cc} -fsanitize=address -g -x c - && ./a.out int foo[10]; int main(void) { return __asan_describe_address(foo); } SOURCE Output with GCC 4.9.2 (gcc-multilib 4.9.2-3 on Arch Linux x86_64): ==6238==AddressSanitizer CHECK failed: /build/gcc-multilib/src/gcc-4.9-20150204/libsanitizer/sanitizer_common/sanitizer_linux.cc:558 "((MtxUnlocked)) != ((atomic_load(m, memory_order_relaxed)))" (0x0, 0x0) #0 0x7f00a28d8030 in __asan::AsanCheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/usr/lib/libasan.so.1+0x5d030) #1 0x7f00a28dc293 in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/usr/lib/libasan.so.1+0x61293) #2 0x7f00a28df795 in __sanitizer::BlockingMutex::CheckLocked() (/usr/lib/libasan.so.1+0x64795) #3 0x7f00a28da601 in __asan::FindThreadByStackAddress(unsigned long) (/usr/lib/libasan.so.1+0x5f601) #4 0x7f00a28d60d0 in __asan::DescribeAddressIfStack(unsigned long, unsigned long) (/usr/lib/libasan.so.1+0x5b0d0) #5 0x7f00a28d6552 in __asan::DescribeAddress(unsigned long, unsigned long) (/usr/lib/libasan.so.1+0x5b552) #6 0x4006e8 in main /tmp/<stdin>:3 #7 0x7f00a24f87ff in __libc_start_main (/usr/lib/libc.so.6+0x207ff) #8 0x400608 in _start (/tmp/a.out+0x400608) With Clang 3.5.1 (clang 3.5.1-1 on Arch Linux x86_64) the output is: AddressSanitizer can not describe address in more detail (wild memory access suspected). On gcc 4.8.2-19ubuntu1 (Ubuntu 14.04) there is no output. I have not tested with GCC 5 yet, it takes a while to build. Expected result: a line reporting the location of the global variable. Output of `gcc -v` on Arch Linux x86_64: Using built-in specs. COLLECT_GCC=gcc COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-unknown-linux-gnu/4.9.2/lto-wrapper Target: x86_64-unknown-linux-gnu Configured with: /build/gcc-multilib/src/gcc-4.9-20150204/configure --prefix=/usr --libdir=/usr/lib --libexecdir=/usr/lib --mandir=/usr/share/man --infodir=/usr/share/info --with-bugurl=https://bugs.archlinux.org/ --enable-languages=c,c++,ada,fortran,go,lto,objc,obj-c++ --enable-shared --enable-threads=posix --with-system-zlib --enable-__cxa_atexit --disable-libunwind-exceptions --enable-clocale=gnu --disable-libstdcxx-pch --disable-libssp --enable-gnu-unique-object --enable-linker-build-id --enable-cloog-backend=isl --enable-lto --enable-plugin --enable-install-libiberty --with-linker-hash-style=gnu --enable-multilib --disable-werror --enable-checking=release Thread model: posix gcc version 4.9.2 20150204 (prerelease) (GCC)