Thanks Evgeniy, Before I run under GDB, I perform:
set env LD_PRELOAD /usr/lib/x86_64-linux-gnu/libasan.so.5 > What's the backtrace of the crash? Here is the backtrace: (gdb) r ... Program received signal SIGSEGV, Segmentation fault. 0x000055555578cb83 in internal_malloc (n=n@entry=0x20, file=file@entry=0x0, line=line@entry=0x0, flags=<optimized out>) at malloc.c:820 820 malloc.c: No such file or directory. (gdb) bt full #0 0x000055555578cb83 in internal_malloc (n=n@entry=0x20, file=file@entry=0x0, line=line@entry=0x0, flags=<optimized out>) at malloc.c:820 p = <optimized out> nunits = <optimized out> m = <optimized out> z = <optimized out> nbytes = <optimized out> mg = <optimized out> #1 0x000055555578e5fe in internal_calloc (flags=0x0, line=0x0, file=0x0, s=0x20, n=0x1) at malloc.c:1322 total = 0x20 result = <optimized out> total = <optimized out> result = <optimized out> #2 calloc (n=n@entry=0x1, s=s@entry=0x20) at malloc.c:1472 No locals. #3 0x00007ffff7439c05 in _dlerror_run ( operate=operate@entry=0x7ffff7439490 <dlsym_doit>, args=args@entry=0x7fffffffdef0) at dlerror.c:148 result = <optimized out> #4 0x00007ffff7439525 in __dlsym (handle=<optimized out>, name=0x7ffff76f28c7 "mmap") at dlsym.c:70 --Type <RET> for more, q to quit, c to continue without paging-- args = {handle = 0xffffffffffffffff, name = 0x7ffff76f28c7 "mmap", who = 0x7ffff76d2c19, sym = 0x0} result = <optimized out> #5 0x00007ffff76d2c19 in ?? () from /usr/lib/x86_64-linux-gnu/libasan.so.5 No symbol table info available. #6 0x00007ffff768db28 in ?? () from /usr/lib/x86_64-linux-gnu/libasan.so.5 No symbol table info available. #7 0x00007ffff76b1887 in ?? () from /usr/lib/x86_64-linux-gnu/libasan.so.5 No symbol table info available. #8 0x00007ffff7fe0ce6 in _dl_init (main_map=0x7ffff7ffe190, argc=0x1, argv=0x7fffffffe028, env=0x7fffffffe038) at dl-init.c:104 addrs = <optimized out> cnt = <optimized out> preinit_array = <optimized out> preinit_array_size = <optimized out> i = <optimized out> #9 0x00007ffff7fd013a in _dl_start_user () from /lib64/ld-linux-x86-64.so.2 audit_list = 0x0 _dl_rtld_libname2 = {name = 0x0, next = 0x0, dont_free = 0x0} library_path = 0x0 version_info = 0x0 load_time = 0xbb757 _dl_rtld_libname = { ... } > Perhaps ASan did not initialize in time? Try a breakpoint on __asan_init. It looks like __asan_init is being called: (gdb) r The program being debugged has been started already. Start it from the beginning? (y or n) y ... Breakpoint 2, 0x00007ffff76b1a60 in __asan_init () from /usr/lib/x86_64-linux-gnu/libasan.so.5 (gdb) n Single stepping until exit from function __asan_init, which has no line number information. 0x00007ffff76b1730 in ?? () from /usr/lib/x86_64-linux-gnu/libasan.so.5 (gdb) n Cannot find bounds of current function (gdb) n Cannot find bounds of current function (gdb) c Continuing. Program received signal SIGSEGV, Segmentation fault. 0x000055555578cb83 in internal_malloc (n=n@entry=0x20, file=file@entry=0x0, line=line@entry=0x0, flags=<optimized out>) at malloc.c:820 820 in malloc.c I can't find malloc.c in the Bash sources. Cf., https://git.savannah.gnu.org/cgit/bash.git/tree/. I don't know where it is coming from. Jeff On Friday, January 15, 2021 at 2:57:53 PM UTC-5 Evgeniy Stepanov wrote: > 0x7fff8000(0xffffffffbc0) looks fine - it's a shadow address for ~near top > of the main thread stack. Perhaps ASan did not initialize in time? What's > the backtrace of the crash? Try a breakpoint on __asan_init. Try running > with ASAN_OPTIONS=verbosity=2,debug=1, it should print the memory layout. > > > On Fri, Jan 15, 2021 at 11:48 AM Jeffrey Walton <nolo...@gmail.com> wrote: > >> Hi Everyone, >> >> I'm testing an Asan instrumented build of Bash. Bash and all dependencies >> have been instrumented. I'm working on Ubuntu 20.04 x86_64 fully patched. >> It has gcc (Ubuntu 9.3.0-17ubuntu1~20.04) 9.3.0. >> >> All of the executables and shared objects were built with >> CFLAGS/CXXFLAGS of -fsanitize=address and -fno-omit-frame-pointer. LDFLAGS >> includes -fno-lto. (I tried both with and without LTO). >> >> Bash is crashing in startup code. It looks like Asan is trying to setup a >> red zone: >> >> shr $0x3,%r15 >> ===> movl $0xf1f1f1f1,0x7fff8000(%r15) >> movl $0xf3f3f304,0x7fff8004(%r15) >> >> r15 is 0xffffffffbc0. The effective address of 0x7fff8000(0xffffffffbc0) >> does seem to be a bit sideways. >> >> Does anyone know where to go from here? >> >> ----- >> >> (gdb) r >> ... >> Program received signal SIGSEGV, Segmentation fault. >> 0x000055555578cb83 in internal_malloc (n=n@entry=0x20, >> file=file@entry=0x0, >> line=line@entry=0x0, flags=<optimized out>) at malloc.c:820 >> 820 in malloc.c >> (gdb) disass >> Dump of assembler code for function internal_malloc: >> 0x000055555578cb20 <+0>: push %rbp >> 0x000055555578cb21 <+1>: mov %rsp,%rbp >> 0x000055555578cb24 <+4>: push %r15 >> 0x000055555578cb26 <+6>: lea -0x90(%rbp),%rcx >> 0x000055555578cb2d <+13>: push %r14 >> 0x000055555578cb2f <+15>: mov %rsi,%r14 >> 0x000055555578cb32 <+18>: push %r13 >> 0x000055555578cb34 <+20>: mov %rdi,%r13 >> 0x000055555578cb37 <+23>: push %r12 >> 0x000055555578cb39 <+25>: push %rbx >> 0x000055555578cb3a <+26>: sub $0xa8,%rsp >> 0x000055555578cb41 <+33>: mov 0x6d2e8(%rip),%rax # >> 0x5555557f9e30 >> 0x000055555578cb48 <+40>: mov %edx,-0xa0(%rbp) >> 0x000055555578cb4e <+46>: mov (%rax),%edx >> 0x000055555578cb50 <+48>: mov %rcx,-0x98(%rbp) >> 0x000055555578cb57 <+55>: test %edx,%edx >> 0x000055555578cb59 <+57>: jne 0x55555578d7cf >> <internal_malloc+3247> >> 0x000055555578cb5f <+63>: lea 0x4856a(%rip),%rax # >> 0x5555557d50d0 >> 0x000055555578cb66 <+70>: mov %rax,0x8(%rcx) >> 0x000055555578cb6a <+74>: lea -0x51(%rip),%rax # >> 0x55555578cb20 --Type <RET> for more, q to quit, c to continue without >> paging-- >> <internal_malloc> >> 0x000055555578cb71 <+81>: movq $0x41b58ab3,(%rcx) >> 0x000055555578cb78 <+88>: mov %rax,0x10(%rcx) >> 0x000055555578cb7c <+92>: mov %rcx,%r15 >> 0x000055555578cb7f <+95>: shr $0x3,%r15 >> => 0x000055555578cb83 <+99>: movl $0xf1f1f1f1,0x7fff8000(%r15) >> 0x000055555578cb8e <+110>: movl $0xf3f3f304,0x7fff8004(%r15) >> 0x000055555578cb99 <+121>: mov 0xc6261(%rip),%ebx # >> 0x555555852e00 <pagesz> >> 0x000055555578cb9f <+127>: lea 0x60(%rcx),%r8 >> 0x000055555578cba3 <+131>: mov %fs:0x28,%rax >> 0x000055555578cbac <+140>: mov %rax,-0x38(%rbp) >> 0x000055555578cbb0 <+144>: xor %eax,%eax >> 0x000055555578cbb2 <+146>: test %ebx,%ebx >> 0x000055555578cbb4 <+148>: je 0x55555578d3c0 >> <internal_malloc+2208> >> 0x000055555578cbba <+154>: lea 0x23(%r13),%rsi >> 0x000055555578cbbe <+158>: sar %ebx >> 0x000055555578cbc0 <+160>: and $0xfffffffffffffff0,%rsi >> 0x000055555578cbc4 <+164>: movslq %ebx,%rbx >> 0x000055555578cbc7 <+167>: cmp %rbx,%rsi >> 0x000055555578cbca <+170>: jg 0x55555578d100 >> <internal_malloc+1504> >> 0x000055555578cbd0 <+176>: mov $0x10,%eax >> 0x000055555578cbd5 <+181>: mov $0x1,%ebx >> ... >> >> (gdb) info registers >> rax 0x55555578cb20 0x55555578cb20 >> rbx 0x0 0x0 >> rcx 0x7fffffffde00 0x7fffffffde00 >> rdx 0x0 0x0 >> rsi 0x0 0x0 >> rdi 0x20 0x20 >> rbp 0x7fffffffde90 0x7fffffffde90 >> rsp 0x7fffffffddc0 0x7fffffffddc0 >> r8 0x0 0x0 >> r9 0x1 0x1 >> r10 0x7ffff7438b0f 0x7ffff7438b0f >> r11 0x55555578e5e0 0x55555578e5e0 >> r12 0x20 0x20 >> r13 0x20 0x20 >> r14 0x0 0x0 >> r15 0xffffffffbc0 0xffffffffbc0 >> rip 0x55555578cb83 0x55555578cb83 <internal_malloc+99> >> eflags 0x10206 [ PF IF RF ] >> cs 0x33 0x33 >> ss 0x2b 0x2b >> ds 0x0 0x0 >> es 0x0 0x0 >> fs 0x0 0x0 >> >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "address-sanitizer" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to address-saniti...@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/address-sanitizer/0752f970-ec19-4aab-8ca1-c4c6b3c1e1a2n%40googlegroups.com >> >> <https://groups.google.com/d/msgid/address-sanitizer/0752f970-ec19-4aab-8ca1-c4c6b3c1e1a2n%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "address-sanitizer" group. To unsubscribe from this group and stop receiving emails from it, send an email to address-sanitizer+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/address-sanitizer/774185d0-920a-4a24-8b94-9cb88d4d3206n%40googlegroups.com.