<table border="1" cellspacing="0" cellpadding="8">

    <tr>

        <th>Issue</th>

        <td>

            <a href=https://github.com/llvm/llvm-project/issues/84009>84009</a>

        </td>

    </tr>

    <tr>

        <th>Summary</th>

        <td>

            heap-use-after-free may cause deadblock when program exit.

        </td>

    </tr>

    <tr>

      <th>Labels</th>

      <td>

            new issue

      </td>

    </tr>

    <tr>

      <th>Assignees</th>

      <td>

      </td>

    </tr>

    <tr>

      <th>Reporter</th>

      <td>

          ehds

      </td>

    </tr>

</table>

<pre>

    ## Describtion

If a detached thread trigger `heap-use-after-free` during program exiting, it will cause a deadblock.

## Reproduction

Creating 5 never join threads to write `globa_p` which will be released before program exit, the detached thread then would trigger `heap-use-after-free` error.

test.cc 

```c++

#include <pthread.h>

#include <stdio.h>

#include <unistd.h>

#include <iostream>

int *globa_p; // global int ptr.

void *task(void *argv) {

  for (;;) {

    *globa_p = 1;  // memory maybe released when process exit. it will cause

 // heap-use-after-free error.

  }

}

int main() {

  globa_p = new int(1);

  pthread_t t1, t2, t3, t4, t5, t6;

 pthread_create(&t1, NULL, task, NULL);

  pthread_create(&t3, NULL, task, NULL);

  pthread_create(&t2, NULL, task, NULL);

  pthread_create(&t4, NULL, task, NULL);

  pthread_create(&t5, NULL, task, NULL);

 pthread_create(&t6, NULL, task, NULL);

  // waiting task is running.

  sleep(1);

  // memory leak, asan will report when process exit.

  delete globa_p;  // release memory.

  // Not join threas.

}

```

```

root@506ddec0995f:/tmp# clang++  test.cc -o test -g  -fsanitize=address -O0

root@506ddec0995f:/tmp# ./test

=================================================================

==12019==ERROR: AddressSanitizer: heap-use-after-free on address 0x602000000010 at pc 0x0000004c6b45 bp 0x7f5a585fbe40 sp 0x7f5a585fbe38

WRITE of size 4 at 0x602000000010 thread T4

```

Program print one line `heap-use-after-free` ERROR info, and blocked.

The stack information is as follows:

```

  thread #1, name = 'test', stop reason = signal SIGSTOP

    frame #0: 0x00000000004ab060 test`__sanitizer::BlockingMutex::Lock() + 64

    frame #1: 0x00000000004be129 test`__lsan::LockStuffAndStopTheWorldCallback(dl_phdr_info*, unsigned long, void*) + 9

    frame #2: 0x00007f5a5d3a83d5 libc.so.6`__GI___dl_iterate_phdr(callback=(test`__lsan::LockStuffAndStopTheWorldCallback(dl_phdr_info*, unsigned long, void*)), data=0x00007ffd56add758) at dl-iteratephdr.c:75:13

    frame #3: 0x00000000004be10f test`__lsan::LockStuffAndStopTheWorld(void (*)(__sanitizer::SuspendedThreadsList const&, void*), void*) + 31

 frame #4: 0x00000000004bb8c8 test`__lsan::CheckForLeaks() + 104

    frame #5: 0x00000000004bb842 test`__lsan::DoLeakCheck() + 34

    frame #6: 0x00007f5a5d28f8a7 libc.so.6`__run_exit_handlers(status=0, listp=0x00007f5a5d435718, run_list_atexit=true, run_dtors=true) at exit.c:108:8

    frame #7: 0x00007f5a5d28fa60 libc.so.6`__GI_exit(status=<unavailable>) at exit.c:139:3

    frame #8: 0x00007f5a5d26d08a libc.so.6`__libc_start_main(main=(test`main at test.cc:21), argc=1, argv=0x00007ffd56add958, init=<unavailable>, fini=<unavailable>, rtld_fini=<unavailable>, stack_end=0x00007ffd56add948) at libc-start.c:342:3

```

```

  thread #5, name = 'test', stop reason = signal SIGSTOP

    frame #0: 0x00007f5a5d47b170 libpthread.so.0`__lll_lock_wait(futex=0x00007f5a5d7fb990, private=0) at lowlevellock.c:52:7

    frame #1: 0x00007f5a5d473131 libpthread.so.0`__GI___pthread_mutex_lock(mutex=0x00007f5a5d7fb990) at pthread_mutex_lock.c:115:7

    frame #2: 0x00007f5a5d3a8291 libc.so.6`__GI___dl_iterate_phdr(callback=(libgcc_s.so.1`___lldb_unnamed_symbol290), data=0x00007f5a585fa340) at dl-iteratephdr.c:40:3

    frame #3: 0x00007f5a5d4506c1 libgcc_s.so.1`_Unwind_Find_FDE + 97

    frame #4: 0x00007f5a5d44c868 libgcc_s.so.1`___lldb_unnamed_symbol272 + 104

    frame #5: 0x00007f5a5d44da20 libgcc_s.so.1`___lldb_unnamed_symbol275 + 80

 frame #6: 0x00007f5a5d44e76c libgcc_s.so.1`_Unwind_Backtrace + 60

 frame #7: 0x00000000004ba7e4 test`__sanitizer::BufferedStackTrace::UnwindSlow(unsigned long, unsigned int) + 68

    frame #8: 0x000000000049d573 test`__sanitizer::BufferedStackTrace::UnwindImpl(unsigned long, unsigned long, void*, bool, unsigned int) + 179

    frame #9: 0x000000000042811d test`__asan::ErrorGeneric::Print() + 397

    frame #10: 0x00000000004988b9 test`__asan::ScopedInErrorReport::~ScopedInErrorReport() + 57

    frame #11: 0x000000000049a4ee test`__asan::ReportGenericError(unsigned long, unsigned long, unsigned long, unsigned long, bool, unsigned long, unsigned int, bool) + 1198

    frame #12: 0x000000000049b07b test`__asan_report_store4 + 43

    frame #13: 0x00000000004c6b45 test`task(argv=0x0000000000000000) at test.cc:14:14

    frame #14: 0x00007f5a5d470609 libpthread.so.0`start_thread(arg=<unavailable>) at pthread_create.c:477:8

    frame #15: 0x00007f5a5d368133 libc.so.6`__clone at clone.S:95

```

</pre>

<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJzUWM1u4zgSfhrmQtigSP0efHDiTiNA73QjyWCOAkVSNie0KJBU3JnDPvuClOSfSM5mp7ELbCAoMilWfVX1sapEaq3cNkKsQHILks0N7dxOm5XYcXtTaf62ApgATOBGWGZk5aRuANoAtH6oIYVcOMp2gkO3M4Jy6IzcboWBIEU7QdtFZ8WC1k6YRW2EACmCvDOy2cLW6K2heyh-SiebLcB3UDp4kEpBRjsrgmzKK6XZy7JXONx7OI-iNZp37ISnv98ZQb1AmMBGvAoD_9SyGdBZ6DQ8GOmEx7dVuqJl6zEddpLteuWVgEYoQa3gsBK1NuICqsfpdmJq90408KA79RkXCGO0uTDKCeuWjMFhLEX9xQC-9ddouGyY6riAgNy1veLlDpAvc_PWcamvznaNtO76YqmtM4LuT9PhLhsHAV6PjiO3EOB7gO9hGFHQz7fu0rJXLblf5Kh9ATgff1KzfQW4gCAbrIOw1gYCnANy66_LOXimFwKygZHXPqrfi702b3BP386jd_AhaY1mwtoQu-UlwwbZg4yZUF3ECUKQbQbDjg9Hr-ypbDz2S9TngBtx8P4BOI8ALryFZyIgHMJZOuiiwDEc7iTc43BPwj09Lj2uYZ7yIqhP-9W__f7tW3g7OH38fdIK59eSX1iLf2Ft_Atrk0-tnV2afmbpMfo9TQ40pKvwOpQWmq5pZLM9ksQqIdprQb6kqxI0aKSWNj0tjWi1cTPEHQVwoYQT8GwDjjIH1g-yl7N6f9PuLBva5Xs2j1nnItteDhqtHYhRglLOBUNFkdSArAG-d_vWZ2WmqM_lPmlBOCa1hQ6PcLGFcFFb2kgn_xKAbCjnxtu4-P5J8Uv_KKwbsJHN__11ZkiEUVT0j18eH78_ArKG695DT4PPjB-by1S6gaMz0c8UYdT_RQhSB1sG0c9-IGZpFSewaiH6mdUJTfKkrkSMoL0cIXmP7I_Hh-cvUNfQyr8EjL20d_KH-vccz_Llx1A6W-OzpG4EVLIRH5TGYDmUTa3D1mg4DB2A4BeUft4JaB1lL-FNs6e-C_DbkVpYa6X0wXrezCGCI2KASciVDd2LkKEBzgK3cOaHrdMt9NtEN2HWN0lUwaeHr0_P33-c6lJtwnpMkI_N6Ofga1qhFAXqgxSVpT0LIiDrW2-XbLb_6Jz42Q990-xlrCL4FqbxjJpooqYSES5OapSlzUnck-vqet3wJ6fb5534QxvF76hSFQ2quCrbHTdl7_C1N7xrQj_IodJ9W-ZLdpjrURUzoPAJVOAQJzQnPIFKVmxp9TINyL4-lGXJVSmdMNSJoBngnI1wyAbg_H9hR7juIKeOArIZcdc8SSnnWRICQB3kajFA9bKXDJB1lgCyjsiMC8hcXFD9n8Tl1B7lI858Qpunzrai4YI_9y3tN2kdZLrxxE3fmzkJHokG6Efc8RR3lbN8DvfdTrCXe22-Cfpiz3gaoTmiJnOCYzwneKO9yCD-TCyZk5q-ZxrO65xm75hmuqb0hbPc0YYrYTxa66jrrI-394uS1rVnwfeiYpJkUe5n_Xr_RkldaPrJxplOjDPcaWOPY4EqoUp7gkQoB2SdzyDPZpDTFE33SP-ZccIb2nX6SqWilRK-JX-vkxSArOdImU90phzl9J1O_6u0jhpXDn1s-He-Hf2A1zmUdEDWOBoYRs2W-eo1PL9Od1SRBKfKJnhyxpw7WMtGXpszTvHyoxdCJShFw2dUx-Nm9kYugpHBZyTGJ599pvM5rxvJf6luDDTMqigLvBi_8axeoj5SSpW-bJS-DQU4r_vaccHirK6KInC8NfLVd7uB8r0T9EGJV6HCR7V3Q-K9kH1cZkZUJCLRLKqQ18cOe-8hBZCeRx_gC4Cmq3pGR8kVXHOVBhfR36k0SlZbxkrrl0VhWakUr8qu8aHlpX3bV1rhgHWmXPStEiUxul4uYnRlY5KJexOUsmDGJabfm4NseHkfbpsvfQWec0w8kRizPM2nEuetzPDnUvkom1OMPi07CbJz9L72TJJ5HIssZVe9cEvZizOUib49msjLpiWHZiK-3oJ1dS2M4E8-gTx7wf14r-5J6QPA-aSPOA6Ez_mhVZvL-PkETsGTjPxNOA_7Vn0IZ9Ln3MFKa3UNcpTNdXLFBDPOo4ifMNNj1f5ijDZfRSOMZP3ID9OfcBwr-CxTo2mnXOR5VczpeGK6FfyhCboew-dxP_HPuZmT5mRW8bR3LmgsxJziXuJgXdDxKd__-4FJSOZpNb44xCoq5ggW4alBFcqqS4PK_lihtE4bEQd58VxOiqYtbP-1OEgbTvAuavz535AGTy1CFPe3GVXTbJWhFBUz5aXvS_qxXvsHLdHlMU-fgrPsSkMWTdIaSfOIkHe1hCn_2UodDA_LJ0DWRfKuRbjhK8ILUtAbsYoyVKQxzlF6s1slKaMsSguW55mooyRCnFVpnZEaFbii5EauMMIxIiiJcJzG6ZLVcU1SzqK8qnBcpCBGYk-lWir1ul9qs72R1nZilccIFTeKVkLZcHSPcThi9JMAY5BsbszKr1lU3daCGPl-1p6kOOmUWM2dJezp23AEfzyAPx5JHc_BlzedUaudc63tT2gAvt9Kt-uqJdN7gO-9ouHfojX6T8EcwPcBngX4PsD_VwAAAP__N1Iflg">