Created
June 22, 2018 18:32
-
-
Save dogbert17/397a596aeba361531c94f606a2b0a72e to your computer and use it in GitHub Desktop.
Simpler example which borks
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| dogbert@dogbert-VirtualBox ~/repos/rakudo $ cat test.pl6 | |
| await (^2).map({ start { EVAL '1 + 1' } }); | |
| dogbert@dogbert-VirtualBox ~/repos/rakudo $ ASAN_OPTIONS=detect_leaks=0 MVM_SPESH_DISABLE=1 ./perl6 --profile test.pl6 | |
| ================================================================= | |
| ==5509==ERROR: AddressSanitizer: heap-use-after-free on address 0x61800007e728 at pc 0x7f4717e95c09 bp 0x7f4710e97c40 sp 0x7f4710e97c30 | |
| READ of size 8 at 0x61800007e728 thread T3 | |
| #0 0x7f4717e95c08 in MVM_interp_run src/core/interp.c:210 | |
| #1 0x7f4717eede35 in start_thread src/core/threads.c:87 | |
| #2 0x7f471725e6b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9) | |
| #3 0x7f471757b41c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x10741c) | |
| 0x61800007e728 is located 680 bytes inside of 896-byte region [0x61800007e480,0x61800007e800) | |
| freed by thread T3 here: | |
| #0 0x7f4718f9b961 in realloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98961) | |
| #1 0x7f471805e174 in MVM_realloc src/core/alloc.h:20 | |
| #2 0x7f471805e174 in MVM_spesh_graph_grow_deopt_table src/spesh/graph.c:42 | |
| #3 0x7f471805e2ba in MVM_spesh_graph_add_deopt_annotation src/spesh/graph.c:61 | |
| #4 0x7f4718062284 in build_cfg src/spesh/graph.c:366 | |
| #5 0x7f4718066307 in MVM_spesh_graph_create src/spesh/graph.c:1231 | |
| #6 0x7f471813b1ab in add_instrumentation src/profiler/instrument.c:233 | |
| #7 0x7f471813b1ab in MVM_profile_instrument src/profiler/instrument.c:254 | |
| #8 0x7f4717ece5ca in instrumentation_level_barrier src/core/frame.c:104 | |
| #9 0x7f4717ed1b3c in MVM_frame_invoke src/core/frame.c:392 | |
| #10 0x7f4717fbc372 in invoke_handler src/6model/reprs/MVMCode.c:10 | |
| #11 0x7f4717e921d2 in MVM_interp_run src/core/interp.c:991 | |
| #12 0x7f4717eede35 in start_thread src/core/threads.c:87 | |
| #13 0x7f471725e6b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9) | |
| previously allocated by thread T3 here: | |
| #0 0x7f4718f9b961 in realloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98961) | |
| #1 0x7f471805e174 in MVM_realloc src/core/alloc.h:20 | |
| #2 0x7f471805e174 in MVM_spesh_graph_grow_deopt_table src/spesh/graph.c:42 | |
| #3 0x7f471805e2ba in MVM_spesh_graph_add_deopt_annotation src/spesh/graph.c:61 | |
| #4 0x7f4718062284 in build_cfg src/spesh/graph.c:366 | |
| #5 0x7f4718066307 in MVM_spesh_graph_create src/spesh/graph.c:1231 | |
| #6 0x7f471813b1ab in add_instrumentation src/profiler/instrument.c:233 | |
| #7 0x7f471813b1ab in MVM_profile_instrument src/profiler/instrument.c:254 | |
| #8 0x7f4717ece5ca in instrumentation_level_barrier src/core/frame.c:104 | |
| #9 0x7f4717ed1b3c in MVM_frame_invoke src/core/frame.c:392 | |
| #10 0x7f4717fbc372 in invoke_handler src/6model/reprs/MVMCode.c:10 | |
| #11 0x7f4717e921d2 in MVM_interp_run src/core/interp.c:991 | |
| #12 0x7f4717eede35 in start_thread src/core/threads.c:87 | |
| #13 0x7f471725e6b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9) | |
| Thread T3 created by T2 here: | |
| #0 0x7f4718f39253 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x36253) | |
| #1 0x7f47181eb9bf in uv_thread_create 3rdparty/libuv/src/unix/thread.c:198 | |
| Thread T2 created by T0 here: | |
| #0 0x7f4718f39253 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x36253) | |
| #1 0x7f47181eb9bf in uv_thread_create 3rdparty/libuv/src/unix/thread.c:198 | |
| SUMMARY: AddressSanitizer: heap-use-after-free src/core/interp.c:210 MVM_interp_run | |
| Shadow bytes around the buggy address: | |
| 0x0c3080007c90: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd | |
| 0x0c3080007ca0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd | |
| 0x0c3080007cb0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd | |
| 0x0c3080007cc0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd | |
| 0x0c3080007cd0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd | |
| =>0x0c3080007ce0: fd fd fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd | |
| 0x0c3080007cf0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd | |
| 0x0c3080007d00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa | |
| 0x0c3080007d10: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd | |
| 0x0c3080007d20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd | |
| 0x0c3080007d30: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd | |
| Shadow byte legend (one shadow byte represents 8 application bytes): | |
| Addressable: 00 | |
| Partially addressable: 01 02 03 04 05 06 07 | |
| Heap left redzone: fa | |
| Heap right redzone: fb | |
| Freed heap region: fd | |
| Stack left redzone: f1 | |
| Stack mid redzone: f2 | |
| Stack right redzone: f3 | |
| Stack partial redzone: f4 | |
| Stack after return: f5 | |
| Stack use after scope: f8 | |
| Global redzone: f9 | |
| Global init order: f6 | |
| Poisoned by user: f7 | |
| Container overflow: fc | |
| Array cookie: ac | |
| Intra object redzone: bb | |
| ASan internal: fe | |
| ==5509==ABORTING |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment