[llvm-bugs] [Bug 81470] Crash with clang sanitizers (on Debian)

Mon, 12 Feb 2024 03:53:00 -0800

Issue 81470
Summary Crash with clang sanitizers (on Debian)
Labels clang
Assignees
Reporter stevenwdv 
    I must be doing something wrong because I cannot get address sanitizer or memory sanitizer to work without randomly crashing on a minimal C program, even on a fresh install via Docker.
I can't imagine this not being reported but yet I can't find anything on this.

# Repro

```sh
#!/usr/bin/env sh
set -eu

docker run --interactive debian sh <<'EOF'

set -eu
export DEBIAN_FRONTEND=noninteractive
apt-get update && apt-get install -y clang

echo 'int main() {}' >main.c

for sanitizer in address memory; do
	>&2 echo "

======== Testing -fsanitize=$sanitizer ========
"
	clang -fsanitize="$sanitizer" -g main.c

	i=0
	while true; do
		i=$(($i+1))
		./a.out && ec=$? || ec=$?
		if [ $ec -ne 0 ]; then
			case $ec in
		 129) info=SIGHUP    ;;
		      130) info=SIGINT    ;;
		      131) info=SIGQUIT   ;;
		      132) info=SIGILL    ;;
		      133) info=SIGTRAP   ;;
		      134) info=SIGABRT   ;;
		      135) info=SIGBUS    ;;
		      136) info=SIGFPE    ;;
		      137) info=SIGKILL   ;;
		      138) info=SIGUSR1   ;;
		      139) info=SIGSEGV   ;;
		      140) info=SIGUSR2   ;;
		      141) info=SIGPIPE   ;;
		      142) info=SIGALRM   ;;
		      143) info=SIGTERM   ;;
		      144) info=SIGSTKFLT ;;
		      145) info=SIGCHLD   ;;
		      146) info=SIGCONT   ;;
		      147) info=SIGSTOP   ;;
		      148) info=SIGTSTP   ;;
		      149) info=SIGTTIN   ;;
		      150) info=SIGTTOU   ;;
		      151) info=SIGURG    ;;
		      152) info=SIGXCPU   ;;
		      153) info=SIGXFSZ   ;;
		      154) info=SIGVTALRM ;;
		      155) info=SIGPROF   ;;
		      156) info=SIGWINCH  ;;
		      157) info=SIGIO     ;;
		      158) info=SIGPWR    ;;
		      159) info=SIGSYS    ;;
		      *) info= ;;
		    esac
			>&2 echo '
>>>> Crashed with exit code' $ec $info "after $i executions

"
			[ $i -lt 50 ] || break
		fi
	done
done

EOF

```

The docker part if of course optional, but I used it to verify that it was not just my install.

<details>
<summary><h1>Output</h1></summary>

```
======== Testing -fsanitize=address ========

Segmentation fault (core dumped)

>>>> Crashed with exit code 139 SIGSEGV after 1 executions


Segmentation fault (core dumped)

>>>> Crashed with exit code 139 SIGSEGV after 3 executions


Segmentation fault (core dumped)

>>>> Crashed with exit code 139 SIGSEGV after 4 executions


Segmentation fault (core dumped)

>>>> Crashed with exit code 139 SIGSEGV after 8 executions


Segmentation fault (core dumped)

>>>> Crashed with exit code 139 SIGSEGV after 11 executions

```

[...etc...]

```
======== Testing -fsanitize=memory ========

Segmentation fault (core dumped)

>>>> Crashed with exit code 139 SIGSEGV after 5 executions


FATAL: Code 0x621db9d8f410 is out of application range. Non-PIE build?
FATAL: MemorySanitizer can not mmap the shadow memory.
FATAL: Make sure to compile with -fPIE and to link with -pie.
FATAL: Disabling ASLR is known to cause this error.
FATAL: If running under GDB, try 'set disable-randomization off'.
==4516==Process memory map follows:
	0x621db9d45000-0x621db9d66000	/a.out
	0x621db9d66000-0x621db9ded000	/a.out
	0x621db9ded000-0x621db9e19000	/a.out
	0x621db9e19000-0x621db9e1a000	/a.out
	0x621db9e1a000-0x621db9e1d000	/a.out
	0x621db9e1d000-0x621dbb771000	
	0x7f93eb300000-0x7f93eb400000	
	0x7f93eb500000-0x7f93eb600000	
	0x7f93eb700000-0x7f93eb800000	
	0x7f93eb900000-0x7f93eba00000	
	0x7f93eba1c000-0x7f93ebdc1000	
	0x7f93ebdc1000-0x7f93ebde7000	/usr/lib/x86_64-linux-gnu/libc.so.6
	0x7f93ebde7000-0x7f93ebf3c000	/usr/lib/x86_64-linux-gnu/libc.so.6
	0x7f93ebf3c000-0x7f93ebf8f000	/usr/lib/x86_64-linux-gnu/libc.so.6
	0x7f93ebf8f000-0x7f93ebf93000	/usr/lib/x86_64-linux-gnu/libc.so.6
	0x7f93ebf93000-0x7f93ebf95000	/usr/lib/x86_64-linux-gnu/libc.so.6
	0x7f93ebf95000-0x7f93ebfa2000	
	0x7f93ebfa2000-0x7f93ebfa5000	/usr/lib/x86_64-linux-gnu/libgcc_s.so.1
	0x7f93ebfa5000-0x7f93ebfbc000	/usr/lib/x86_64-linux-gnu/libgcc_s.so.1
	0x7f93ebfbc000-0x7f93ebfc0000	/usr/lib/x86_64-linux-gnu/libgcc_s.so.1
	0x7f93ebfc0000-0x7f93ebfc1000	/usr/lib/x86_64-linux-gnu/libgcc_s.so.1
	0x7f93ebfc1000-0x7f93ebfc2000	/usr/lib/x86_64-linux-gnu/libgcc_s.so.1
	0x7f93ebfc2000-0x7f93ebfd2000	/usr/lib/x86_64-linux-gnu/libm.so.6
	0x7f93ebfd2000-0x7f93ec045000	/usr/lib/x86_64-linux-gnu/libm.so.6
	0x7f93ec045000-0x7f93ec09f000	/usr/lib/x86_64-linux-gnu/libm.so.6
	0x7f93ec09f000-0x7f93ec0a0000	/usr/lib/x86_64-linux-gnu/libm.so.6
	0x7f93ec0a0000-0x7f93ec0a1000	/usr/lib/x86_64-linux-gnu/libm.so.6
	0x7f93ec0a1000-0x7f93ec0a8000	
	0x7f93ec0a8000-0x7f93ec0a9000	/usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
	0x7f93ec0a9000-0x7f93ec0ce000	/usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
	0x7f93ec0ce000-0x7f93ec0d8000	/usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
	0x7f93ec0d8000-0x7f93ec0da000	/usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
	0x7f93ec0da000-0x7f93ec0dc000	/usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
	0x7ffc351dd000-0x7ffc351fe000	[stack]
	0x7ffc352f2000-0x7ffc352f6000	[vvar]
	0x7ffc352f6000-0x7ffc352f8000	[vdso]
	0xffffffffff600000-0xffffffffff601000	[vsyscall]
==4516==End of process memory map.

>>>> Crashed with exit code 1 after 6 executions


FATAL: Code 0x620a33be2410 is out of application range. Non-PIE build?
FATAL: MemorySanitizer can not mmap the shadow memory.
FATAL: Make sure to compile with -fPIE and to link with -pie.
FATAL: Disabling ASLR is known to cause this error.
FATAL: If running under GDB, try 'set disable-randomization off'.
==4520==Process memory map follows:
	0x620a33b98000-0x620a33bb9000	/a.out
	0x620a33bb9000-0x620a33c40000	/a.out
	0x620a33c40000-0x620a33c6c000	/a.out
	0x620a33c6c000-0x620a33c6d000	/a.out
	0x620a33c6d000-0x620a33c70000	/a.out
	0x620a33c70000-0x620a355c4000	
	0x72b55c400000-0x72b55c500000	
	0x72b55c600000-0x72b55c700000	
	0x72b55c800000-0x72b55c900000	
	0x72b55ca00000-0x72b55cb00000	
	0x72b55cb6a000-0x72b55cf0f000	
	0x72b55cf0f000-0x72b55cf35000	/usr/lib/x86_64-linux-gnu/libc.so.6
	0x72b55cf35000-0x72b55d08a000	/usr/lib/x86_64-linux-gnu/libc.so.6
	0x72b55d08a000-0x72b55d0dd000	/usr/lib/x86_64-linux-gnu/libc.so.6
	0x72b55d0dd000-0x72b55d0e1000	/usr/lib/x86_64-linux-gnu/libc.so.6
	0x72b55d0e1000-0x72b55d0e3000	/usr/lib/x86_64-linux-gnu/libc.so.6
	0x72b55d0e3000-0x72b55d0f0000	
	0x72b55d0f0000-0x72b55d0f3000	/usr/lib/x86_64-linux-gnu/libgcc_s.so.1
	0x72b55d0f3000-0x72b55d10a000	/usr/lib/x86_64-linux-gnu/libgcc_s.so.1
	0x72b55d10a000-0x72b55d10e000	/usr/lib/x86_64-linux-gnu/libgcc_s.so.1
	0x72b55d10e000-0x72b55d10f000	/usr/lib/x86_64-linux-gnu/libgcc_s.so.1
	0x72b55d10f000-0x72b55d110000	/usr/lib/x86_64-linux-gnu/libgcc_s.so.1
	0x72b55d110000-0x72b55d120000	/usr/lib/x86_64-linux-gnu/libm.so.6
	0x72b55d120000-0x72b55d193000	/usr/lib/x86_64-linux-gnu/libm.so.6
	0x72b55d193000-0x72b55d1ed000	/usr/lib/x86_64-linux-gnu/libm.so.6
	0x72b55d1ed000-0x72b55d1ee000	/usr/lib/x86_64-linux-gnu/libm.so.6
	0x72b55d1ee000-0x72b55d1ef000	/usr/lib/x86_64-linux-gnu/libm.so.6
	0x72b55d1ef000-0x72b55d1f6000	
	0x72b55d1f6000-0x72b55d1f7000	/usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
	0x72b55d1f7000-0x72b55d21c000	/usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
	0x72b55d21c000-0x72b55d226000	/usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
	0x72b55d226000-0x72b55d228000	/usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
	0x72b55d228000-0x72b55d22a000	/usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
	0x7ffe55fa5000-0x7ffe55fc6000	[stack]
	0x7ffe55fec000-0x7ffe55ff0000	[vvar]
	0x7ffe55ff0000-0x7ffe55ff2000	[vdso]
	0xffffffffff600000-0xffffffffff601000	[vsyscall]
==4520==End of process memory map.

>>>> Crashed with exit code 1 after 10 executions


Segmentation fault (core dumped)

>>>> Crashed with exit code 139 SIGSEGV after 12 executions


Segmentation fault (core dumped)

>>>> Crashed with exit code 139 SIGSEGV after 14 executions


Segmentation fault (core dumped)

>>>> Crashed with exit code 139 SIGSEGV after 16 executions


Segmentation fault (core dumped)

>>>> Crashed with exit code 139 SIGSEGV after 18 executions


FATAL: Code 0x61ebf49bc410 is out of application range. Non-PIE build?
FATAL: MemorySanitizer can not mmap the shadow memory.
FATAL: Make sure to compile with -fPIE and to link with -pie.
FATAL: Disabling ASLR is known to cause this error.
FATAL: If running under GDB, try 'set disable-randomization off'.
==4530==Process memory map follows:
	0x61ebf4972000-0x61ebf4993000	/a.out
	0x61ebf4993000-0x61ebf4a1a000	/a.out
	0x61ebf4a1a000-0x61ebf4a46000	/a.out
	0x61ebf4a46000-0x61ebf4a47000	/a.out
	0x61ebf4a47000-0x61ebf4a4a000	/a.out
	0x61ebf4a4a000-0x61ebf639e000	
	0x7d9a31f00000-0x7d9a32000000	
	0x7d9a32100000-0x7d9a32200000	
	0x7d9a32300000-0x7d9a32400000	
	0x7d9a32500000-0x7d9a32600000	
	0x7d9a326d7000-0x7d9a32a7c000	
	0x7d9a32a7c000-0x7d9a32aa2000	/usr/lib/x86_64-linux-gnu/libc.so.6
	0x7d9a32aa2000-0x7d9a32bf7000	/usr/lib/x86_64-linux-gnu/libc.so.6
	0x7d9a32bf7000-0x7d9a32c4a000	/usr/lib/x86_64-linux-gnu/libc.so.6
	0x7d9a32c4a000-0x7d9a32c4e000	/usr/lib/x86_64-linux-gnu/libc.so.6
	0x7d9a32c4e000-0x7d9a32c50000	/usr/lib/x86_64-linux-gnu/libc.so.6
	0x7d9a32c50000-0x7d9a32c5d000	
	0x7d9a32c5d000-0x7d9a32c60000	/usr/lib/x86_64-linux-gnu/libgcc_s.so.1
	0x7d9a32c60000-0x7d9a32c77000	/usr/lib/x86_64-linux-gnu/libgcc_s.so.1
	0x7d9a32c77000-0x7d9a32c7b000	/usr/lib/x86_64-linux-gnu/libgcc_s.so.1
	0x7d9a32c7b000-0x7d9a32c7c000	/usr/lib/x86_64-linux-gnu/libgcc_s.so.1
	0x7d9a32c7c000-0x7d9a32c7d000	/usr/lib/x86_64-linux-gnu/libgcc_s.so.1
	0x7d9a32c7d000-0x7d9a32c8d000	/usr/lib/x86_64-linux-gnu/libm.so.6
	0x7d9a32c8d000-0x7d9a32d00000	/usr/lib/x86_64-linux-gnu/libm.so.6
	0x7d9a32d00000-0x7d9a32d5a000	/usr/lib/x86_64-linux-gnu/libm.so.6
	0x7d9a32d5a000-0x7d9a32d5b000	/usr/lib/x86_64-linux-gnu/libm.so.6
	0x7d9a32d5b000-0x7d9a32d5c000	/usr/lib/x86_64-linux-gnu/libm.so.6
	0x7d9a32d5c000-0x7d9a32d63000	
	0x7d9a32d63000-0x7d9a32d64000	/usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
	0x7d9a32d64000-0x7d9a32d89000	/usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
	0x7d9a32d89000-0x7d9a32d93000	/usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
	0x7d9a32d93000-0x7d9a32d95000	/usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
	0x7d9a32d95000-0x7d9a32d97000	/usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
	0x7ffef7fee000-0x7ffef800f000	[stack]
	0x7ffef8045000-0x7ffef8049000	[vvar]
	0x7ffef8049000-0x7ffef804b000	[vdso]
	0xffffffffff600000-0xffffffffff601000	[vsyscall]
==4530==End of process memory map.

>>>> Crashed with exit code 1 after 20 executions


Segmentation fault (core dumped)

>>>> Crashed with exit code 139 SIGSEGV after 21 executions


Segmentation fault (core dumped)

>>>> Crashed with exit code 139 SIGSEGV after 22 executions

```

[...etc...]
</details>

I did try explicitly adding `-fPIE -Wl,-pie` but it did not make a difference.


_______________________________________________
llvm-bugs mailing list
llvm-bugs@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs

Reply via email to