sanitizer error

Bug #1904779 reported by Douglas Katzman on 2020-11-18
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
SBCL
Undecided
Unassigned

Bug Description

Possibly a spurious failure related to our workaround for https://sourceware.org/bugzilla/show_bug.cgi?id=1780 ?
The customary solution of adding no_sanitize to our C code seems premature until I can say for certain that this is not a bug. If the bytes from the sigcontext that the kernel placed on the user stack were not marked as clean in the shadow memory for the user stack, that would explain it.

==2986==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7feb778adbb0 at pc 0x55890a38dcd0 bp 0x7feb778ad9a0 sp 0x7feb778ad160
READ of size 128 at 0x7feb778adbb0 thread T0
    #0 0x55890a38dccf in pthread_sigmask third_party/llvm/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc:4165:12
    #1 0x55890a4030c2 in maybe_gc third_party/lisp/sbcl/src/src/runtime/gc-common.c:1872:13
    #2 0x55890a420b66 in interrupt_handle_pending third_party/lisp/sbcl/src/src/runtime/interrupt.c:1057:18
    #3 0x55890a423683 in low_level_handle_now_handler third_party/lisp/sbcl/src/src/runtime/interrupt.c:1801:5
    #4 0x7febbbc7599f (/usr/grte/v4/lib64/libpthread.so.0+0xf99f)

Address 0x7feb778adbb0 is a wild pointer.
SUMMARY: AddressSanitizer: stack-buffer-overflow third_party/llvm/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc:4165:12 in pthread_sigmask
Shadow bytes around the buggy address:
  0x0ffdeef0db20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ffdeef0db30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ffdeef0db40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ffdeef0db50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ffdeef0db60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0ffdeef0db70: f1 f1 f1 f1 00 00[f3]f3 00 00 00 00 00 00 00 00
  0x0ffdeef0db80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f3 f3
  0x0ffdeef0db90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ffdeef0dba0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ffdeef0dbb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ffdeef0dbc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable: 00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone: fa
  Freed heap region: fd
  Stack left redzone: f1
  Stack mid redzone: f2
  Stack right redzone: f3
  Stack after return: f5
  Stack use after scope: f8
  Global redzone: f9
  Global init order: f6
  Poisoned by user: f7
  Container overflow: fc
  Array cookie: ac
  Intra object redzone: bb
  ASan internal: fe
  Left alloca redzone: ca
  Right alloca redzone: cb
  Shadow gap: cc
==2986==ABORTING

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers