Opened 8 years ago
Closed 6 years ago
#11097 closed Bugs (fixed)
test_scheduled_tp - ThreadSanitizer: heap-use-after-free
| Reported by: | viboes | Owned by: | viboes |
|---|---|---|---|
| Milestone: | Boost 1.62.0 | Component: | thread |
| Version: | Boost 1.57.0 | Severity: | Problem |
| Keywords: | Cc: |
Description
Test output: BenPope x86_64 Ubuntu - thread - test_scheduled_tp_p / clang-linux-3.6~tsan~c14_libc++
Rev 7e43647340008d6bf42c4fd90980f57f9483de73 / Tue, 10 Mar 2015 11:15:03 +0000
Compile [2015-03-10 15:33:41 UTC]: succeed
"clang++-3.6" -c -x c++ -Wextra -Wno-long-long -Wno-unused-parameter -Wunused-function -std=c++1y -stdlib=libc++ -fsanitize=thread -O0 -fno-inline -Wall -pthread -fPIC -m64 -Wextra -Wno-long-long -Wno-unused-parameter -Wunused-function -DBOOST_ALL_NO_LIB=1 -DBOOST_CHRONO_DYN_LINK=1 -DBOOST_SYSTEM_DYN_LINK=1 -DBOOST_SYSTEM_NO_DEPRECATED -DBOOST_THREAD_BUILD_DLL=1 -DBOOST_THREAD_POSIX -DBOOST_THREAD_THROW_IF_PRECONDITION_NOT_SATISFIED -DBOOST_THREAD_USE_DLL=1 -I".." -o "/home/ben/development/boost/test/build/develop/results/boost/bin.v2/libs/thread/test/test_scheduled_tp_p.test/clang-linux-3.6~tsan~c14_libc++/debug/address-model-64/architecture-x86/debug-symbols-off/threading-multi/test_scheduled_tp.o" "../libs/thread/test/test_scheduled_tp.cpp"
Link [2015-03-10 15:33:41 UTC]: succeed
"clang++-3.6" -Wl,-R -Wl,"/home/ben/development/boost/test/build/develop/results/boost/bin.v2/libs/chrono/build/clang-linux-3.6~tsan~c14_libc++/debug/address-model-64/architecture-x86/debug-symbols-off/threading-multi" -Wl,-R -Wl,"/home/ben/development/boost/test/build/develop/results/boost/bin.v2/libs/system/build/clang-linux-3.6~tsan~c14_libc++/debug/address-model-64/architecture-x86/debug-symbols-off/threading-multi" -Wl,-R -Wl,"/home/ben/development/boost/test/build/develop/results/boost/bin.v2/libs/thread/build/clang-linux-3.6~tsan~c14_libc++/debug/address-model-64/architecture-x86/debug-symbols-off/threading-multi" -Wl,-rpath-link -Wl,"/home/ben/development/boost/test/build/develop/results/boost/bin.v2/libs/chrono/build/clang-linux-3.6~tsan~c14_libc++/debug/address-model-64/architecture-x86/debug-symbols-off/threading-multi" -Wl,-rpath-link -Wl,"/home/ben/development/boost/test/build/develop/results/boost/bin.v2/libs/system/build/clang-linux-3.6~tsan~c14_libc++/debug/address-model-64/architecture-x86/debug-symbols-off/threading-multi" -Wl,-rpath-link -Wl,"/home/ben/development/boost/test/build/develop/results/boost/bin.v2/libs/thread/build/clang-linux-3.6~tsan~c14_libc++/debug/address-model-64/architecture-x86/debug-symbols-off/threading-multi" -o "/home/ben/development/boost/test/build/develop/results/boost/bin.v2/libs/thread/test/test_scheduled_tp_p.test/clang-linux-3.6~tsan~c14_libc++/debug/address-model-64/architecture-x86/debug-symbols-off/threading-multi/test_scheduled_tp_p" -Wl,--start-group "/home/ben/development/boost/test/build/develop/results/boost/bin.v2/libs/thread/test/test_scheduled_tp_p.test/clang-linux-3.6~tsan~c14_libc++/debug/address-model-64/architecture-x86/debug-symbols-off/threading-multi/test_scheduled_tp.o" "/home/ben/development/boost/test/build/develop/results/boost/bin.v2/libs/thread/test/test_scheduled_tp_p.test/clang-linux-3.6~tsan~c14_libc++/debug/address-model-64/architecture-x86/debug-symbols-off/threading-multi/winrt_init.o" "/home/ben/development/boost/test/build/develop/results/boost/bin.v2/libs/thread/build/clang-linux-3.6~tsan~c14_libc++/debug/address-model-64/architecture-x86/debug-symbols-off/threading-multi/libboost_thread.so.1.58.0" "/home/ben/development/boost/test/build/develop/results/boost/bin.v2/libs/chrono/build/clang-linux-3.6~tsan~c14_libc++/debug/address-model-64/architecture-x86/debug-symbols-off/threading-multi/libboost_chrono.so.1.58.0" "/home/ben/development/boost/test/build/develop/results/boost/bin.v2/libs/system/build/clang-linux-3.6~tsan~c14_libc++/debug/address-model-64/architecture-x86/debug-symbols-off/threading-multi/libboost_system.so.1.58.0" -Wl,-Bstatic -Wl,-Bdynamic -lrt -Wl,--end-group -fsanitize=thread -lc++ -lc++abi -pthread -m64
RmTemps /home/ben/development/boost/test/build/develop/results/boost/bin.v2/libs/thread/test/sync_tq_single_thread_p.test/clang-linux-3.6~tsan~c14_libc++/debug/address-model-64/architecture-x86/debug-symbols-off/threading-multi/sync_tq_single_thread_p
rm -f "/home/ben/development/boost/test/build/develop/results/boost/bin.v2/libs/thread/test/sync_tq_single_thread_p.test/clang-linux-3.6~tsan~c14_libc++/debug/address-model-64/architecture-x86/debug-symbols-off/threading-multi/sync/mutual_exclusion/sync_pq/tq_single_thread_pass.o" "/home/ben/development/boost/test/build/develop/results/boost/bin.v2/libs/thread/test/sync_tq_single_thread_p.test/clang-linux-3.6~tsan~c14_libc++/debug/address-model-64/architecture-x86/debug-symbols-off/threading-multi/winrt_init.o"
Run [2015-03-10 15:33:41 UTC]: fail
==================
WARNING: ThreadSanitizer: heap-use-after-free (pid=20383)
Read of size 8 at 0x7d0c0000efe0 by thread T4 (mutexes: write M22):
#0 memcpy /home/development/llvm/3.6.0/final/llvm.src/projects/compiler-rt/lib/tsan/rtl/tsan_interceptors.cc:638:3 (test_scheduled_tp_p+0x00000046dc20)
#1 boost::chrono::time_point<boost::chrono::steady_clock, boost::chrono::duration<long, boost::ratio<1l, 1000000000l> > >::time_since_epoch() const <null> (test_scheduled_tp_p+0x0000004fcbc6)
#2 bool boost::chrono::operator< <boost::chrono::steady_clock, boost::chrono::duration<long, boost::ratio<1l, 1000000000l> >, boost::chrono::duration<long, boost::ratio<1l, 1000000000l> > >(boost::chrono::time_point<boost::chrono::steady_clock, boost::chrono::duration<long, boost::ratio<1l, 1000000000l> > > const&, boost::chrono::time_point<boost::chrono::steady_clock, boost::chrono::duration<long, boost::ratio<1l, 1000000000l> > > const&) <null> (test_scheduled_tp_p+0x0000004d53e5)
#3 boost::cv_status boost::condition_variable::wait_until<boost::chrono::steady_clock, boost::chrono::duration<long, boost::ratio<1l, 1000000000l> > >(boost::unique_lock<boost::mutex>&, boost::chrono::time_point<boost::chrono::steady_clock, boost::chrono::duration<long, boost::ratio<1l, 1000000000l> > > const&) <null> (test_scheduled_tp_p+0x000000503c28)
#4 boost::concurrent::sync_timed_queue<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock>::wait_until_not_empty_time_reached_or_closed(boost::unique_lock<boost::mutex>&) <null> (test_scheduled_tp_p+0x000000500ae3)
#5 boost::concurrent::sync_timed_queue<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock>::wait_pull(boost::unique_lock<boost::mutex>&, boost::detail::nullary_function<void ()>&) <null> (test_scheduled_tp_p+0x0000005007c0)
#6 boost::concurrent::sync_timed_queue<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock>::wait_pull(boost::detail::nullary_function<void ()>&) <null> (test_scheduled_tp_p+0x00000050050c)
#7 boost::executors::detail::priority_executor_base<boost::concurrent::sync_timed_queue<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock> >::loop() <null> (test_scheduled_tp_p+0x0000005002ad)
#8 void boost::_mfi::mf0<void, boost::executors::detail::priority_executor_base<boost::concurrent::sync_timed_queue<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock> > >::call<boost::executors::scheduled_thread_pool*>(boost::executors::scheduled_thread_pool*&, void const*) const <null> (test_scheduled_tp_p+0x0000005063c9)
#9 void boost::_mfi::mf0<void, boost::executors::detail::priority_executor_base<boost::concurrent::sync_timed_queue<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock> > >::operator()<boost::executors::scheduled_thread_pool*>(boost::executors::scheduled_thread_pool*&) const <null> (test_scheduled_tp_p+0x00000050627f)
#10 void boost::_bi::list1<boost::_bi::value<boost::executors::scheduled_thread_pool*> >::operator()<boost::_mfi::mf0<void, boost::executors::detail::priority_executor_base<boost::concurrent::sync_timed_queue<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock> > >, boost::_bi::list0>(boost::_bi::type<void>, boost::_mfi::mf0<void, boost::executors::detail::priority_executor_base<boost::concurrent::sync_timed_queue<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock> > >&, boost::_bi::list0&, int) <null> (test_scheduled_tp_p+0x000000506159)
#11 boost::_bi::bind_t<void, boost::_mfi::mf0<void, boost::executors::detail::priority_executor_base<boost::concurrent::sync_timed_queue<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock> > >, boost::_bi::list1<boost::_bi::value<boost::executors::scheduled_thread_pool*> > >::operator()() <null> (test_scheduled_tp_p+0x000000506084)
#12 _ZN5boost6detail6invokeINS_3_bi6bind_tIvNS_4_mfi3mf0IvNS_9executors6detail22priority_executor_baseINS_10concurrent16sync_timed_queueINS0_16nullary_functionIFvvEEENS_6chrono12steady_clockEEEEEEENS2_5list1INS2_5valueIPNS6_21scheduled_thread_poolEEEEEEEJEEEDTclclsr5boostE7forwardIT_Efp_Espclsr5boostE7forwardIT0_Efp0_EEEOSQ_DpOSR_ <null> (test_scheduled_tp_p+0x000000506008)
#13 void boost::detail::thread_data<boost::_bi::bind_t<void, boost::_mfi::mf0<void, boost::executors::detail::priority_executor_base<boost::concurrent::sync_timed_queue<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock> > >, boost::_bi::list1<boost::_bi::value<boost::executors::scheduled_thread_pool*> > >>::run2<>(boost::detail::tuple_indices<>) <null> (test_scheduled_tp_p+0x000000505faf)
#14 boost::detail::thread_data<boost::_bi::bind_t<void, boost::_mfi::mf0<void, boost::executors::detail::priority_executor_base<boost::concurrent::sync_timed_queue<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock> > >, boost::_bi::list1<boost::_bi::value<boost::executors::scheduled_thread_pool*> > >>::run() <null> (test_scheduled_tp_p+0x000000505ee0)
#15 boost::(anonymous namespace)::thread_proxy(void*) <null> (libboost_thread.so.1.58.0+0x0000000256e1)
Previous write of size 8 at 0x7d0c0000efe0 by main thread (mutexes: write M22):
#0 operator delete(void*) /home/development/llvm/3.6.0/final/llvm.src/projects/compiler-rt/lib/tsan/rtl/tsan_interceptors.cc:603:3 (test_scheduled_tp_p+0x00000046d2bb)
#1 std::__1::__split_buffer<boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock>, std::__1::allocator<boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock> >&>::~__split_buffer() <null> (test_scheduled_tp_p+0x0000004f6684)
#2 void std::__1::vector<boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock>, std::__1::allocator<boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock> > >::__push_back_slow_path<boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock> >(boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock>&&) <null> (test_scheduled_tp_p+0x0000004f47ff)
#3 boost::detail::priority_queue<boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock>, std::__1::vector<boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock>, std::__1::allocator<boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock> > >, std::__1::less<boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock> > >::push(boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock>&&) <null> (test_scheduled_tp_p+0x0000004f1d11)
#4 boost::concurrent::sync_priority_queue<boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock>, std::__1::vector<boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock>, std::__1::allocator<boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock> > >, std::__1::less<boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock> > >::push(boost::lock_guard<boost::mutex>&, boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock>&&) <null> (test_scheduled_tp_p+0x0000004f144f)
#5 boost::concurrent::sync_priority_queue<boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock>, std::__1::vector<boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock>, std::__1::allocator<boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock> > >, std::__1::less<boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock> > >::push(boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock>&&) <null> (test_scheduled_tp_p+0x0000004f0ff1)
#6 void boost::concurrent::sync_timed_queue<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock>::push<boost::chrono::duration<long, boost::ratio<1l, 1000000000l> > >(boost::detail::nullary_function<void ()>&&, boost::chrono::time_point<boost::chrono::steady_clock, boost::chrono::duration<long, boost::ratio<1l, 1000000000l> > > const&) <null> (test_scheduled_tp_p+0x0000004f0dcf)
#7 boost::executors::detail::scheduled_executor_base<boost::chrono::steady_clock>::submit_after(boost::detail::nullary_function<void ()>, boost::chrono::duration<long, boost::ratio<1l, 1000000000l> > const&) <null> (test_scheduled_tp_p+0x0000004d59bf)
#8 test_timing(int) <null> (test_scheduled_tp_p+0x0000004d2be2)
#9 main <null> (test_scheduled_tp_p+0x0000004d3757)
Mutex M22 (0x7fff5066a048) created at:
#0 pthread_mutex_init /home/development/llvm/3.6.0/final/llvm.src/projects/compiler-rt/lib/tsan/rtl/tsan_interceptors.cc:1082:3 (test_scheduled_tp_p+0x0000004715e0)
#1 boost::mutex::mutex() <null> (test_scheduled_tp_p+0x0000004e5837)
#2 boost::concurrent::detail::sync_queue_base<boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock>, boost::detail::priority_queue<boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock>, std::__1::vector<boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock>, std::__1::allocator<boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock> > >, std::__1::less<boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock> > > >::sync_queue_base() <null> (test_scheduled_tp_p+0x000000506572)
#3 boost::concurrent::sync_priority_queue<boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock>, std::__1::vector<boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock>, std::__1::allocator<boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock> > >, std::__1::less<boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock> > >::sync_priority_queue() <null> (test_scheduled_tp_p+0x000000506513)
#4 boost::concurrent::sync_timed_queue<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock>::sync_timed_queue() <null> (test_scheduled_tp_p+0x0000005064c3)
#5 boost::executors::detail::priority_executor_base<boost::concurrent::sync_timed_queue<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock> >::priority_executor_base() <null> (test_scheduled_tp_p+0x000000506470)
#6 boost::executors::detail::scheduled_executor_base<boost::chrono::steady_clock>::scheduled_executor_base() <null> (test_scheduled_tp_p+0x0000004ffc13)
#7 boost::executors::scheduled_thread_pool::scheduled_thread_pool(unsigned long) <null> (test_scheduled_tp_p+0x0000004d5cf0)
#8 test_timing(int) <null> (test_scheduled_tp_p+0x0000004d2934)
#9 main <null> (test_scheduled_tp_p+0x0000004d3757)
Thread T4 (tid=20394, running) created by main thread at:
#0 pthread_create /home/development/llvm/3.6.0/final/llvm.src/projects/compiler-rt/lib/tsan/rtl/tsan_interceptors.cc:896:3 (test_scheduled_tp_p+0x0000004701b1)
#1 boost::thread::start_thread_noexcept() <null> (libboost_thread.so.1.58.0+0x0000000255b0)
#2 boost::thread::start_thread() <null> (test_scheduled_tp_p+0x0000004dd8f3)
#3 boost::thread::thread<boost::_bi::bind_t<void, boost::_mfi::mf0<void, boost::executors::detail::priority_executor_base<boost::concurrent::sync_timed_queue<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock> > >, boost::_bi::list1<boost::_bi::value<boost::executors::scheduled_thread_pool*> > >&>(boost::_bi::bind_t<void, boost::_mfi::mf0<void, boost::executors::detail::priority_executor_base<boost::concurrent::sync_timed_queue<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock> > >, boost::_bi::list1<boost::_bi::value<boost::executors::scheduled_thread_pool*> > >&) <null> (test_scheduled_tp_p+0x000000504e6a)
#4 boost::thread* boost::thread_group::create_thread<boost::_bi::bind_t<void, boost::_mfi::mf0<void, boost::executors::detail::priority_executor_base<boost::concurrent::sync_timed_queue<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock> > >, boost::_bi::list1<boost::_bi::value<boost::executors::scheduled_thread_pool*> > > >(boost::_bi::bind_t<void, boost::_mfi::mf0<void, boost::executors::detail::priority_executor_base<boost::concurrent::sync_timed_queue<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock> > >, boost::_bi::list1<boost::_bi::value<boost::executors::scheduled_thread_pool*> > >) <null> (test_scheduled_tp_p+0x0000004ffcba)
#5 boost::executors::scheduled_thread_pool::scheduled_thread_pool(unsigned long) <null> (test_scheduled_tp_p+0x0000004d5df0)
#6 test_timing(int) <null> (test_scheduled_tp_p+0x0000004d2934)
#7 main <null> (test_scheduled_tp_p+0x0000004d3757)
SUMMARY: ThreadSanitizer: heap-use-after-free ??:0 boost::chrono::time_point<boost::chrono::steady_clock, boost::chrono::duration<long, boost::ratio<1l, 1000000000l> > >::time_since_epoch() const
==================
1
2
3
4
5
==================
WARNING: ThreadSanitizer: heap-use-after-free (pid=20383)
Read of size 8 at 0x7d080000edd0 by thread T10 (mutexes: write M84):
#0 memcpy /home/development/llvm/3.6.0/final/llvm.src/projects/compiler-rt/lib/tsan/rtl/tsan_interceptors.cc:638:3 (test_scheduled_tp_p+0x00000046dc20)
#1 boost::chrono::time_point<boost::chrono::steady_clock, boost::chrono::duration<long, boost::ratio<1l, 1000000000l> > >::time_since_epoch() const <null> (test_scheduled_tp_p+0x0000004fcbc6)
#2 bool boost::chrono::operator< <boost::chrono::steady_clock, boost::chrono::duration<long, boost::ratio<1l, 1000000000l> >, boost::chrono::duration<long, boost::ratio<1l, 1000000000l> > >(boost::chrono::time_point<boost::chrono::steady_clock, boost::chrono::duration<long, boost::ratio<1l, 1000000000l> > > const&, boost::chrono::time_point<boost::chrono::steady_clock, boost::chrono::duration<long, boost::ratio<1l, 1000000000l> > > const&) <null> (test_scheduled_tp_p+0x0000004d53e5)
#3 boost::cv_status boost::condition_variable::wait_until<boost::chrono::steady_clock, boost::chrono::duration<long, boost::ratio<1l, 1000000000l> > >(boost::unique_lock<boost::mutex>&, boost::chrono::time_point<boost::chrono::steady_clock, boost::chrono::duration<long, boost::ratio<1l, 1000000000l> > > const&) <null> (test_scheduled_tp_p+0x000000503c28)
#4 boost::concurrent::sync_timed_queue<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock>::wait_until_not_empty_time_reached_or_closed(boost::unique_lock<boost::mutex>&) <null> (test_scheduled_tp_p+0x000000500ae3)
#5 boost::concurrent::sync_timed_queue<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock>::wait_pull(boost::unique_lock<boost::mutex>&, boost::detail::nullary_function<void ()>&) <null> (test_scheduled_tp_p+0x0000005007c0)
#6 boost::concurrent::sync_timed_queue<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock>::wait_pull(boost::detail::nullary_function<void ()>&) <null> (test_scheduled_tp_p+0x00000050050c)
#7 boost::executors::detail::priority_executor_base<boost::concurrent::sync_timed_queue<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock> >::loop() <null> (test_scheduled_tp_p+0x0000005002ad)
#8 void boost::_mfi::mf0<void, boost::executors::detail::priority_executor_base<boost::concurrent::sync_timed_queue<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock> > >::call<boost::executors::scheduled_thread_pool*>(boost::executors::scheduled_thread_pool*&, void const*) const <null> (test_scheduled_tp_p+0x0000005063c9)
#9 void boost::_mfi::mf0<void, boost::executors::detail::priority_executor_base<boost::concurrent::sync_timed_queue<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock> > >::operator()<boost::executors::scheduled_thread_pool*>(boost::executors::scheduled_thread_pool*&) const <null> (test_scheduled_tp_p+0x00000050627f)
#10 void boost::_bi::list1<boost::_bi::value<boost::executors::scheduled_thread_pool*> >::operator()<boost::_mfi::mf0<void, boost::executors::detail::priority_executor_base<boost::concurrent::sync_timed_queue<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock> > >, boost::_bi::list0>(boost::_bi::type<void>, boost::_mfi::mf0<void, boost::executors::detail::priority_executor_base<boost::concurrent::sync_timed_queue<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock> > >&, boost::_bi::list0&, int) <null> (test_scheduled_tp_p+0x000000506159)
#11 boost::_bi::bind_t<void, boost::_mfi::mf0<void, boost::executors::detail::priority_executor_base<boost::concurrent::sync_timed_queue<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock> > >, boost::_bi::list1<boost::_bi::value<boost::executors::scheduled_thread_pool*> > >::operator()() <null> (test_scheduled_tp_p+0x000000506084)
#12 _ZN5boost6detail6invokeINS_3_bi6bind_tIvNS_4_mfi3mf0IvNS_9executors6detail22priority_executor_baseINS_10concurrent16sync_timed_queueINS0_16nullary_functionIFvvEEENS_6chrono12steady_clockEEEEEEENS2_5list1INS2_5valueIPNS6_21scheduled_thread_poolEEEEEEEJEEEDTclclsr5boostE7forwardIT_Efp_Espclsr5boostE7forwardIT0_Efp0_EEEOSQ_DpOSR_ <null> (test_scheduled_tp_p+0x000000506008)
#13 void boost::detail::thread_data<boost::_bi::bind_t<void, boost::_mfi::mf0<void, boost::executors::detail::priority_executor_base<boost::concurrent::sync_timed_queue<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock> > >, boost::_bi::list1<boost::_bi::value<boost::executors::scheduled_thread_pool*> > >>::run2<>(boost::detail::tuple_indices<>) <null> (test_scheduled_tp_p+0x000000505faf)
#14 boost::detail::thread_data<boost::_bi::bind_t<void, boost::_mfi::mf0<void, boost::executors::detail::priority_executor_base<boost::concurrent::sync_timed_queue<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock> > >, boost::_bi::list1<boost::_bi::value<boost::executors::scheduled_thread_pool*> > >>::run() <null> (test_scheduled_tp_p+0x000000505ee0)
#15 boost::(anonymous namespace)::thread_proxy(void*) <null> (libboost_thread.so.1.58.0+0x0000000256e1)
Previous write of size 8 at 0x7d080000edd0 by thread T15 (mutexes: write M84):
#0 operator delete(void*) /home/development/llvm/3.6.0/final/llvm.src/projects/compiler-rt/lib/tsan/rtl/tsan_interceptors.cc:603:3 (test_scheduled_tp_p+0x00000046d2bb)
#1 std::__1::__split_buffer<boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock>, std::__1::allocator<boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock> >&>::~__split_buffer() <null> (test_scheduled_tp_p+0x0000004f6684)
#2 void std::__1::vector<boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock>, std::__1::allocator<boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock> > >::__push_back_slow_path<boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock> >(boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock>&&) <null> (test_scheduled_tp_p+0x0000004f47ff)
#3 boost::detail::priority_queue<boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock>, std::__1::vector<boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock>, std::__1::allocator<boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock> > >, std::__1::less<boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock> > >::push(boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock>&&) <null> (test_scheduled_tp_p+0x0000004f1d11)
#4 boost::concurrent::sync_priority_queue<boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock>, std::__1::vector<boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock>, std::__1::allocator<boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock> > >, std::__1::less<boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock> > >::push(boost::lock_guard<boost::mutex>&, boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock>&&) <null> (test_scheduled_tp_p+0x0000004f144f)
#5 boost::concurrent::sync_priority_queue<boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock>, std::__1::vector<boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock>, std::__1::allocator<boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock> > >, std::__1::less<boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock> > >::push(boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock>&&) <null> (test_scheduled_tp_p+0x0000004f0ff1)
#6 void boost::concurrent::sync_timed_queue<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock>::push<boost::chrono::duration<long, boost::ratio<1l, 1000000000l> > >(boost::detail::nullary_function<void ()>&&, boost::chrono::time_point<boost::chrono::steady_clock, boost::chrono::duration<long, boost::ratio<1l, 1000000000l> > > const&) <null> (test_scheduled_tp_p+0x0000004f0dcf)
#7 boost::executors::detail::scheduled_executor_base<boost::chrono::steady_clock>::submit_after(boost::detail::nullary_function<void ()>, boost::chrono::duration<long, boost::ratio<1l, 1000000000l> > const&) <null> (test_scheduled_tp_p+0x0000004d59bf)
#8 func2(boost::executors::scheduled_thread_pool*, boost::chrono::duration<long, boost::ratio<1l, 1000000000l> >) <null> (test_scheduled_tp_p+0x0000004d2807)
#9 void boost::_bi::list2<boost::_bi::value<boost::executors::scheduled_thread_pool*>, boost::_bi::value<boost::chrono::duration<long, boost::ratio<1l, 1000000000l> > > >::operator()<void (*)(boost::executors::scheduled_thread_pool*, boost::chrono::duration<long, boost::ratio<1l, 1000000000l> >), boost::_bi::list0>(boost::_bi::type<void>, void (*&)(boost::executors::scheduled_thread_pool*, boost::chrono::duration<long, boost::ratio<1l, 1000000000l> >), boost::_bi::list0&, int) <null> (test_scheduled_tp_p+0x0000004e54f6)
#10 boost::_bi::bind_t<void, void (*)(boost::executors::scheduled_thread_pool*, boost::chrono::duration<long, boost::ratio<1l, 1000000000l> >), boost::_bi::list2<boost::_bi::value<boost::executors::scheduled_thread_pool*>, boost::_bi::value<boost::chrono::duration<long, boost::ratio<1l, 1000000000l> > > > >::operator()() <null> (test_scheduled_tp_p+0x0000004e5354)
#11 _ZN5boost6detail6invokeINS_3_bi6bind_tIvPFvPNS_9executors21scheduled_thread_poolENS_6chrono8durationIlNS_5ratioILl1ELl1000000000EEEEEENS2_5list2INS2_5valueIS6_EENSF_ISB_EEEEEEJEEEDTclclsr5boostE7forwardIT_Efp_Espclsr5boostE7forwardIT0_Efp0_EEEOSK_DpOSL_ <null> (test_scheduled_tp_p+0x0000004e52d8)
#12 void boost::detail::thread_data<boost::_bi::bind_t<void, void (*)(boost::executors::scheduled_thread_pool*, boost::chrono::duration<long, boost::ratio<1l, 1000000000l> >), boost::_bi::list2<boost::_bi::value<boost::executors::scheduled_thread_pool*>, boost::_bi::value<boost::chrono::duration<long, boost::ratio<1l, 1000000000l> > > > >>::run2<>(boost::detail::tuple_indices<>) <null> (test_scheduled_tp_p+0x0000004e527f)
#13 boost::detail::thread_data<boost::_bi::bind_t<void, void (*)(boost::executors::scheduled_thread_pool*, boost::chrono::duration<long, boost::ratio<1l, 1000000000l> >), boost::_bi::list2<boost::_bi::value<boost::executors::scheduled_thread_pool*>, boost::_bi::value<boost::chrono::duration<long, boost::ratio<1l, 1000000000l> > > > >>::run() <null> (test_scheduled_tp_p+0x0000004e1270)
#14 boost::(anonymous namespace)::thread_proxy(void*) <null> (libboost_thread.so.1.58.0+0x0000000256e1)
Mutex M84 (0x7fff5066a060) created at:
#0 pthread_mutex_init /home/development/llvm/3.6.0/final/llvm.src/projects/compiler-rt/lib/tsan/rtl/tsan_interceptors.cc:1082:3 (test_scheduled_tp_p+0x0000004715e0)
#1 boost::mutex::mutex() <null> (test_scheduled_tp_p+0x0000004e5837)
#2 boost::concurrent::detail::sync_queue_base<boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock>, boost::detail::priority_queue<boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock>, std::__1::vector<boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock>, std::__1::allocator<boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock> > >, std::__1::less<boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock> > > >::sync_queue_base() <null> (test_scheduled_tp_p+0x000000506572)
#3 boost::concurrent::sync_priority_queue<boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock>, std::__1::vector<boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock>, std::__1::allocator<boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock> > >, std::__1::less<boost::concurrent::detail::scheduled_type<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock> > >::sync_priority_queue() <null> (test_scheduled_tp_p+0x000000506513)
#4 boost::concurrent::sync_timed_queue<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock>::sync_timed_queue() <null> (test_scheduled_tp_p+0x0000005064c3)
#5 boost::executors::detail::priority_executor_base<boost::concurrent::sync_timed_queue<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock> >::priority_executor_base() <null> (test_scheduled_tp_p+0x000000506470)
#6 boost::executors::detail::scheduled_executor_base<boost::chrono::steady_clock>::scheduled_executor_base() <null> (test_scheduled_tp_p+0x0000004ffc13)
#7 boost::executors::scheduled_thread_pool::scheduled_thread_pool(unsigned long) <null> (test_scheduled_tp_p+0x0000004d5cf0)
#8 test_deque_multi(int) <null> (test_scheduled_tp_p+0x0000004d3311)
#9 main <null> (test_scheduled_tp_p+0x0000004d388a)
Thread T10 (tid=20979, running) created by main thread at:
#0 pthread_create /home/development/llvm/3.6.0/final/llvm.src/projects/compiler-rt/lib/tsan/rtl/tsan_interceptors.cc:896:3 (test_scheduled_tp_p+0x0000004701b1)
#1 boost::thread::start_thread_noexcept() <null> (libboost_thread.so.1.58.0+0x0000000255b0)
#2 boost::thread::start_thread() <null> (test_scheduled_tp_p+0x0000004dd8f3)
#3 boost::thread::thread<boost::_bi::bind_t<void, boost::_mfi::mf0<void, boost::executors::detail::priority_executor_base<boost::concurrent::sync_timed_queue<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock> > >, boost::_bi::list1<boost::_bi::value<boost::executors::scheduled_thread_pool*> > >&>(boost::_bi::bind_t<void, boost::_mfi::mf0<void, boost::executors::detail::priority_executor_base<boost::concurrent::sync_timed_queue<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock> > >, boost::_bi::list1<boost::_bi::value<boost::executors::scheduled_thread_pool*> > >&) <null> (test_scheduled_tp_p+0x000000504e6a)
#4 boost::thread* boost::thread_group::create_thread<boost::_bi::bind_t<void, boost::_mfi::mf0<void, boost::executors::detail::priority_executor_base<boost::concurrent::sync_timed_queue<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock> > >, boost::_bi::list1<boost::_bi::value<boost::executors::scheduled_thread_pool*> > > >(boost::_bi::bind_t<void, boost::_mfi::mf0<void, boost::executors::detail::priority_executor_base<boost::concurrent::sync_timed_queue<boost::detail::nullary_function<void ()>, boost::chrono::steady_clock> > >, boost::_bi::list1<boost::_bi::value<boost::executors::scheduled_thread_pool*> > >) <null> (test_scheduled_tp_p+0x0000004ffcba)
#5 boost::executors::scheduled_thread_pool::scheduled_thread_pool(unsigned long) <null> (test_scheduled_tp_p+0x0000004d5df0)
#6 test_deque_multi(int) <null> (test_scheduled_tp_p+0x0000004d3311)
#7 main <null> (test_scheduled_tp_p+0x0000004d388a)
Thread T15 (tid=20984, finished) created by main thread at:
#0 pthread_create /home/development/llvm/3.6.0/final/llvm.src/projects/compiler-rt/lib/tsan/rtl/tsan_interceptors.cc:896:3 (test_scheduled_tp_p+0x0000004701b1)
#1 boost::thread::start_thread_noexcept() <null> (libboost_thread.so.1.58.0+0x0000000255b0)
#2 boost::thread::start_thread() <null> (test_scheduled_tp_p+0x0000004dd8f3)
#3 boost::thread::thread<boost::_bi::bind_t<void, void (*)(boost::executors::scheduled_thread_pool*, boost::chrono::duration<long, boost::ratio<1l, 1000000000l> >), boost::_bi::list2<boost::_bi::value<boost::executors::scheduled_thread_pool*>, boost::_bi::value<boost::chrono::duration<long, boost::ratio<1l, 1000000000l> > > > >&>(boost::_bi::bind_t<void, void (*)(boost::executors::scheduled_thread_pool*, boost::chrono::duration<long, boost::ratio<1l, 1000000000l> >), boost::_bi::list2<boost::_bi::value<boost::executors::scheduled_thread_pool*>, boost::_bi::value<boost::chrono::duration<long, boost::ratio<1l, 1000000000l> > > > >&) <null> (test_scheduled_tp_p+0x0000004d81fa)
#4 boost::thread* boost::thread_group::create_thread<boost::_bi::bind_t<void, void (*)(boost::executors::scheduled_thread_pool*, boost::chrono::duration<long, boost::ratio<1l, 1000000000l> >), boost::_bi::list2<boost::_bi::value<boost::executors::scheduled_thread_pool*>, boost::_bi::value<boost::chrono::duration<long, boost::ratio<1l, 1000000000l> > > > > >(boost::_bi::bind_t<void, void (*)(boost::executors::scheduled_thread_pool*, boost::chrono::duration<long, boost::ratio<1l, 1000000000l> >), boost::_bi::list2<boost::_bi::value<boost::executors::scheduled_thread_pool*>, boost::_bi::value<boost::chrono::duration<long, boost::ratio<1l, 1000000000l> > > > >) <null> (test_scheduled_tp_p+0x0000004d6a1a)
#5 test_deque_multi(int) <null> (test_scheduled_tp_p+0x0000004d35a2)
#6 main <null> (test_scheduled_tp_p+0x0000004d388a)
SUMMARY: ThreadSanitizer: heap-use-after-free ??:0 boost::chrono::time_point<boost::chrono::steady_clock, boost::chrono::duration<long, boost::ratio<1l, 1000000000l> > >::time_since_epoch() const
==================
No errors detected.
ThreadSanitizer: reported 2 warnings
EXIT STATUS: 66
Change History (12)
comment:1 by , 8 years ago
| Component: | None → thread |
|---|---|
| Owner: | set to |
| Status: | new → assigned |
comment:2 by , 6 years ago
comment:3 by , 6 years ago
Hi,
sorry for the inconvenience. Any help on this will be much appreciated.
comment:4 by , 6 years ago
Well, the problem is likely in sync_timed_queue, but I've no idea what its locking policy is.
comment:5 by , 6 years ago
Sorry, was confusing this with a race condition; locking policy might not be relevant. In any case, I'm not familiar enough with the internals of boost to help.
comment:6 by , 6 years ago
It seems as though the report in the description was not compiled with enough debug information to give line numbers. The report in the zcash bug does have line numbers; note that it is not necessarily exactly the same bug.
comment:10 by , 6 years ago
I believe that I've found where the problem is. The call to super::data_.top().time
super::not_empty_.wait_until(lk, super::data_.top().time);
pass the time by reference while we need to copy it, as the storage can be re-arranged.
template <class T, class Clock>
bool sync_timed_queue<T, Clock>::wait_until_not_empty_time_reached_or_closed(unique_lock<mutex>& lk)
{
for (;;)
{
if (super::closed(lk)) return true;
while (! super::empty(lk)) {
if (! time_not_reached(lk)) return false;
- super::not_empty_.wait_until(lk, super::data_.top().time);
+ time_point tp = super::data_.top().time;
+ super::not_empty_.wait_until(lk, tp);
if (super::closed(lk)) return true;
}
if (super::closed(lk)) return true;
super::not_empty_.wait(lk);
}
//return false;
}
See this commit
https://github.com/boostorg/thread/commit/c52a34c2cf1b2e9807a70065c03b0555895963df
comment:11 by , 6 years ago
| Milestone: | To Be Determined → Boost 1.62.0 |
|---|
comment:12 by , 6 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
https://github.com/zcash/zcash/issues/1241
Any response to this? Use-after-free is often an exploitable security bug, and boost is used in security-critical software such as Bitcoin.