Skip to content

Instantly share code, notes, and snippets.

@dogbert17

dogbert17/gist:89a3383f8f401304e60d0510317e1a5a

Created October 15, 2017 12:29
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save dogbert17/89a3383f8f401304e60d0510317e1a5a to your computer and use it in GitHub Desktop.
Save dogbert17/89a3383f8f401304e60d0510317e1a5a to your computer and use it in GitHub Desktop.
Download ZIP
SEGV in t/spec/S17-lowlevel/thread.t
Raw
gistfile1.txt
dogbert@dogbert-VirtualBox ~/repos/rakudo $ ./perl6 t/spec/S17-lowlevel/thread.t
1..29
ok 1 - Are we running in initial thread? (1)
ok 2 - Are we running in initial thread? (2)
ok 3 - The object is-a 'Thread'
ok 4 - Are we running on another thread? (1)
ok 5 - Are we running on another thread? (2)
ok 6 - Code in thread ran
ok 7 - Thread was finished
ok 8 - Thread.finish does block
ok 9 - Starting app_lifetime thread that sleeps won't block main thread
ok 10 - Thread 1 got non-zero ID
ok 11 - Thread 2 got non-zero ID
ok 12 - Threads got different IDs
ok 13 - Thread 1 actually ran
ok 14 - Thread 2 also ran
ok 15 - Has correct name
ok 16 - Name doesn't vanish after finishing
ok 17 - Default thread name is <anon>
ok 18 - Correct Thread stringification (anon case)
ok 19 - Correct Thread stringification (name case)
ok 20 - Correct $*THREAD instance in thread 1 before finish
ok 21 - Correct $*THREAD instance in thread 2 before finish
ok 22 - Correct $*THREAD instance in thread 1 after finish
ok 23 - Correct $*THREAD instance in thread 2 after finish
ok 24 - $*THREAD available in initial thread
ok 25 - Initial thread has an ID
=================================================================
==5459== ERROR: AddressSanitizer: heap-use-after-free on address 0xb4c6ae94 at pc 0xb5449b23 bp 0x943f6af8 sp 0x943f6aec
READ of size 4 at 0xb4c6ae94 thread T14
#0 0xb5449b22 in check_reg /home/dogbert/repos/rakudo/nqp/MoarVM/src/core/interp.c:15
#1 0xb54db6a7 in MVM_interp_run /home/dogbert/repos/rakudo/nqp/MoarVM/src/core/interp.c:5612
#2 0xb551b36b in start_thread /home/dogbert/repos/rakudo/nqp/MoarVM/src/core/threads.c:85
#3 0xb61bc9c6 (/usr/lib/i386-linux-gnu/libasan.so.0+0x1a9c6)
#4 0xb61ac2ac (/usr/lib/i386-linux-gnu/libasan.so.0+0xa2ac)
#5 0xb50ccf71 in start_thread (/lib/i386-linux-gnu/libpthread.so.0+0x6f71)
#6 0xb51d03ed (/lib/i386-linux-gnu/libc.so.6+0xee3ed)
0xb4c6ae94 is located 20 bytes inside of 488-byte region [0xb4c6ae80,0xb4c6b068)
freed by thread T16 here:
#0 0xb61b8774 (/usr/lib/i386-linux-gnu/libasan.so.0+0x16774)
#1 0xb54e095b in MVM_free /home/dogbert/repos/rakudo/nqp/MoarVM/src/core/alloc.h:40
#2 0xb54e1616 in MVM_tc_destroy /home/dogbert/repos/rakudo/nqp/MoarVM/src/core/threadcontext.c:113
#3 0xb55712b8 in finish_gc /home/dogbert/repos/rakudo/nqp/MoarVM/src/gc/orchestrate.c:210
#4 0xb5571ef2 in run_gc /home/dogbert/repos/rakudo/nqp/MoarVM/src/gc/orchestrate.c:373
#5 0xb5572b63 in MVM_gc_enter_from_allocator /home/dogbert/repos/rakudo/nqp/MoarVM/src/gc/orchestrate.c:486
#6 0xb55735fa in MVM_gc_allocate_nursery /home/dogbert/repos/rakudo/nqp/MoarVM/src/gc/allocation.c:32
#7 0xb55733ce in MVM_gc_allocate /home/dogbert/repos/rakudo/nqp/MoarVM/src/gc/allocation.h:13
#8 0xb55736da in MVM_gc_allocate_zeroed /home/dogbert/repos/rakudo/nqp/MoarVM/src/gc/allocation.c:49
#9 0xb5574422 in MVM_gc_allocate_frame /home/dogbert/repos/rakudo/nqp/MoarVM/src/gc/allocation.c:99
#10 0xb54f5c69 in allocate_frame /home/dogbert/repos/rakudo/nqp/MoarVM/src/core/frame.c:242
#11 0xb54f860f in MVM_frame_invoke /home/dogbert/repos/rakudo/nqp/MoarVM/src/core/frame.c:492
#12 0xb54d6edb in MVM_interp_run /home/dogbert/repos/rakudo/nqp/MoarVM/src/core/interp.c:5459
#13 0xb551b36b in start_thread /home/dogbert/repos/rakudo/nqp/MoarVM/src/core/threads.c:85
#14 0xb61bc9c6 (/usr/lib/i386-linux-gnu/libasan.so.0+0x1a9c6)
#15 0xb51d03ed (/lib/i386-linux-gnu/libc.so.6+0xee3ed)
previously allocated by thread T0 here:
#0 0xb61b8905 (/usr/lib/i386-linux-gnu/libasan.so.0+0x16905)
#1 0xb54e0915 in MVM_calloc /home/dogbert/repos/rakudo/nqp/MoarVM/src/core/alloc.h:11
#2 0xb54e0989 in MVM_tc_create /home/dogbert/repos/rakudo/nqp/MoarVM/src/core/threadcontext.c:8
#3 0xb551ad2b in MVM_thread_new /home/dogbert/repos/rakudo/nqp/MoarVM/src/core/threads.c:29
#4 0xb54a8245 in MVM_interp_run /home/dogbert/repos/rakudo/nqp/MoarVM/src/core/interp.c:3739
#5 0xb582f706 in MVM_vm_run_file /home/dogbert/repos/rakudo/nqp/MoarVM/src/moar.c:401
#6 0x8049461 in main /home/dogbert/repos/rakudo/nqp/MoarVM/src/main.c:257
#7 0xb50fbaf2 (/lib/i386-linux-gnu/libc.so.6+0x19af2)
Thread T14 created by T0 here:
#0 0xb61ac1d0 (/usr/lib/i386-linux-gnu/libasan.so.0+0xa1d0)
#1 0xb584dfa2 in uv_thread_create /home/dogbert/repos/rakudo/nqp/MoarVM/3rdparty/libuv/src/unix/thread.c:179
#2 0xb54b0c8a in MVM_interp_run /home/dogbert/repos/rakudo/nqp/MoarVM/src/core/interp.c:4060
#3 0xb582f706 in MVM_vm_run_file /home/dogbert/repos/rakudo/nqp/MoarVM/src/moar.c:401
#4 0x8049461 in main /home/dogbert/repos/rakudo/nqp/MoarVM/src/main.c:257
#5 0xb50fbaf2 (/lib/i386-linux-gnu/libc.so.6+0x19af2)
Thread T16 created by T0 here:
#0 0xb61ac1d0 (/usr/lib/i386-linux-gnu/libasan.so.0+0xa1d0)
#1 0xb584dfa2 in uv_thread_create /home/dogbert/repos/rakudo/nqp/MoarVM/3rdparty/libuv/src/unix/thread.c:179
#2 0xb54b0c8a in MVM_interp_run /home/dogbert/repos/rakudo/nqp/MoarVM/src/core/interp.c:4060
#3 0xb582f706 in MVM_vm_run_file /home/dogbert/repos/rakudo/nqp/MoarVM/src/moar.c:401
#4 0x8049461 in main /home/dogbert/repos/rakudo/nqp/MoarVM/src/main.c:257
#5 0xb50fbaf2 (/lib/i386-linux-gnu/libc.so.6+0x19af2)
SUMMARY: AddressSanitizer: heap-use-after-free /home/dogbert/repos/rakudo/nqp/MoarVM/src/core/interp.c:15 check_reg
Shadow bytes around the buggy address:
0x3698d580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x3698d590: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x3698d5a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x3698d5b0: 00 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa
0x3698d5c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x3698d5d0: fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd
0x3698d5e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x3698d5f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x3698d600: fd fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa
0x3698d610: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x3698d620: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap righ redzone: fb
Freed Heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
ASan internal: fe
==5459== ABORTING
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment