SBCL

sanitizer error

Bug #1904779 reported by Douglas Katzman
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
SBCL
Fix Released
Undecided
Douglas Katzman

Bug Description

Possibly a spurious failure related to our workaround for https://sourceware.org/bugzilla/show_bug.cgi?id=1780 ?
The customary solution of adding no_sanitize to our C code seems premature until I can say for certain that this is not a bug. If the bytes from the sigcontext that the kernel placed on the user stack were not marked as clean in the shadow memory for the user stack, that would explain it.

==2986==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7feb778adbb0 at pc 0x55890a38dcd0 bp 0x7feb778ad9a0 sp 0x7feb778ad160
READ of size 128 at 0x7feb778adbb0 thread T0
    #0 0x55890a38dccf in pthread_sigmask third_party/llvm/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc:4165:12
    #1 0x55890a4030c2 in maybe_gc third_party/lisp/sbcl/src/src/runtime/gc-common.c:1872:13
    #2 0x55890a420b66 in interrupt_handle_pending third_party/lisp/sbcl/src/src/runtime/interrupt.c:1057:18
    #3 0x55890a423683 in low_level_handle_now_handler third_party/lisp/sbcl/src/src/runtime/interrupt.c:1801:5
    #4 0x7febbbc7599f (/usr/grte/v4/lib64/libpthread.so.0+0xf99f)

Address 0x7feb778adbb0 is a wild pointer.
SUMMARY: AddressSanitizer: stack-buffer-overflow third_party/llvm/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc:4165:12 in pthread_sigmask
Shadow bytes around the buggy address:
  0x0ffdeef0db20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ffdeef0db30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ffdeef0db40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ffdeef0db50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ffdeef0db60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0ffdeef0db70: f1 f1 f1 f1 00 00[f3]f3 00 00 00 00 00 00 00 00
  0x0ffdeef0db80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f3 f3
  0x0ffdeef0db90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ffdeef0dba0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ffdeef0dbb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ffdeef0dbc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable: 00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone: fa
  Freed heap region: fd
  Stack left redzone: f1
  Stack mid redzone: f2
  Stack right redzone: f3
  Stack after return: f5
  Stack use after scope: f8
  Global redzone: f9
  Global init order: f6
  Poisoned by user: f7
  Container overflow: fc
  Array cookie: ac
  Intra object redzone: bb
  ASan internal: fe
  Left alloca redzone: ca
  Right alloca redzone: cb
  Shadow gap: cc
==2986==ABORTING

Revision history for this message
Douglas Katzman (dougk) wrote :

reproduction steps:
export CC=/your/path/to/clang
export CFLAGS="-fsanitize=address -DADDRESS_SANITIZER"
export LINKFLAGS="-fsanitize=address"

./run-tests.sh clos-typechecking.impure.lisp

Revision history for this message
Douglas Katzman (dougk) wrote :

fixed in https://sourceforge.net/p/sbcl/sbcl/ci/448aad9dfcf02625829fa52fb320b16d7a2146dd/

Changed in sbcl:
assignee: nobody → Douglas Katzman (dougk)
status: New → Fix Committed
Stas Boukarev (stassats)
Changed in sbcl:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.