Skip to content

Instantly share code, notes, and snippets.

@dogbert17

dogbert17/gist:cb6b2556c0880f80bdfeab82393f654f

Last active August 17, 2017 22:03
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save dogbert17/cb6b2556c0880f80bdfeab82393f654f to your computer and use it in GitHub Desktop.
Save dogbert17/cb6b2556c0880f80bdfeab82393f654f to your computer and use it in GitHub Desktop.
Download ZIP
ASAN barfage
Raw
gistfile1.txt
dogbert@dogbert-VirtualBox ~/repos/rakudo $ ./perl6-m -v
This is Rakudo version 2017.07-194-ga30ce6bca built on MoarVM version 2017.07-453-gc4ee23b4
implementing Perl 6.c
dogbert@dogbert-VirtualBox ~/repos/rakudo $ ./perl6-m t/spec/S17-lowlevel/lock.t
1..23
ok 1 - Running code under lock
ok 2 - Running another piece of code under lock
ok 3 - code that dies under lock throws
ok 4 - Code that dies in run does release the lock
ok 5 - Even from another thread
ok 6 - Lock is at least somewhat effective
ok 7 - Condition variable worked
=================================================================
==19088== ERROR: AddressSanitizer: heap-use-after-free on address 0xb4f30514 at pc 0xb57f4ee4 bp 0xb1175a18 sp 0xb1175a0c
READ of size 4 at 0xb4f30514 thread T1
#0 0xb57f4ee3 in push /home/dogbert/repos/rakudo/nqp/MoarVM/src/6model/reprs/VMArray.c:461
#1 0xb57ddffa in MVM_repr_push_o /home/dogbert/repos/rakudo/nqp/MoarVM/src/6model/reprconv.c:342
#2 0xb59699d6 in worker /home/dogbert/repos/rakudo/nqp/MoarVM/src/spesh/worker.c:13
#3 0xb5809fa4 in invoke_handler /home/dogbert/repos/rakudo/nqp/MoarVM/src/6model/reprs/MVMCFunction.c:9
#4 0xb571dc0f in thread_initial_invoke /home/dogbert/repos/rakudo/nqp/MoarVM/src/core/threads.c:59
#5 0xb565e003 in MVM_interp_run /home/dogbert/repos/rakudo/nqp/MoarVM/src/core/interp.c:88
#6 0xb571ddfa in start_thread /home/dogbert/repos/rakudo/nqp/MoarVM/src/core/threads.c:83
#7 0xb5a4dd16 in uv__thread_start (//home/dogbert/repos/rakudo/nqp/MoarVM/../../install/lib/libmoar.so+0x54ed16)
#8 0xb61c29c6 (/usr/lib/i386-linux-gnu/libasan.so.0+0x1a9c6)
#9 0xb61b22ac (/usr/lib/i386-linux-gnu/libasan.so.0+0xa2ac)
#10 0xb5337f71 in start_thread (/lib/i386-linux-gnu/libpthread.so.0+0x6f71)
#11 0xb543b3ed (/lib/i386-linux-gnu/libc.so.6+0xee3ed)
0xb4f30514 is located 20 bytes inside of 480-byte region [0xb4f30500,0xb4f306e0)
freed by thread T0 here:
#0 0xb61be774 (/usr/lib/i386-linux-gnu/libasan.so.0+0x16774)
#1 0xb56e4a81 in MVM_free /home/dogbert/repos/rakudo/nqp/MoarVM/src/core/alloc.h:40
#2 0xb56e56ac in MVM_tc_destroy /home/dogbert/repos/rakudo/nqp/MoarVM/src/core/threadcontext.c:112
#3 0xb576f050 in finish_gc /home/dogbert/repos/rakudo/nqp/MoarVM/src/gc/orchestrate.c:210
#4 0xb576f9dd in run_gc /home/dogbert/repos/rakudo/nqp/MoarVM/src/gc/orchestrate.c:358
#5 0xb577057f in MVM_gc_enter_from_allocator /home/dogbert/repos/rakudo/nqp/MoarVM/src/gc/orchestrate.c:466
#6 0xb571e7ff in try_join /home/dogbert/repos/rakudo/nqp/MoarVM/src/core/threads.c:188
#7 0xb571e8f2 in MVM_thread_join /home/dogbert/repos/rakudo/nqp/MoarVM/src/core/threads.c:194
#8 0xb56b2d65 in MVM_interp_run /home/dogbert/repos/rakudo/nqp/MoarVM/src/core/interp.c:3736
#9 0xb5a2d160 in MVM_vm_run_file /home/dogbert/repos/rakudo/nqp/MoarVM/src/moar.c:356
#10 0x8049461 in main /home/dogbert/repos/rakudo/nqp/MoarVM/src/main.c:255
#11 0xb5366af2 (/lib/i386-linux-gnu/libc.so.6+0x19af2)
previously allocated by thread T0 here:
#0 0xb61be905 (/usr/lib/i386-linux-gnu/libasan.so.0+0x16905)
#1 0xb56e4a3b in MVM_calloc /home/dogbert/repos/rakudo/nqp/MoarVM/src/core/alloc.h:11
#2 0xb56e4aaf in MVM_tc_create /home/dogbert/repos/rakudo/nqp/MoarVM/src/core/threadcontext.c:8
#3 0xb571d8c2 in MVM_thread_new /home/dogbert/repos/rakudo/nqp/MoarVM/src/core/threads.c:29
#4 0xb56b2bda in MVM_interp_run /home/dogbert/repos/rakudo/nqp/MoarVM/src/core/interp.c:3731
#5 0xb5a2d160 in MVM_vm_run_file /home/dogbert/repos/rakudo/nqp/MoarVM/src/moar.c:356
#6 0x8049461 in main /home/dogbert/repos/rakudo/nqp/MoarVM/src/main.c:255
#7 0xb5366af2 (/lib/i386-linux-gnu/libc.so.6+0x19af2)
Thread T1 created by T0 here:
#0 0xb61b21d0 (/usr/lib/i386-linux-gnu/libasan.so.0+0xa1d0)
#1 0xb5a4dd70 in uv_thread_create (//home/dogbert/repos/rakudo/nqp/MoarVM/../../install/lib/libmoar.so+0x54ed70)
#2 0xb596a0ef in MVM_spesh_worker_setup /home/dogbert/repos/rakudo/nqp/MoarVM/src/spesh/worker.c:149
#3 0xb5a2c93d in MVM_vm_create_instance /home/dogbert/repos/rakudo/nqp/MoarVM/src/moar.c:301
#4 0x8049356 in main /home/dogbert/repos/rakudo/nqp/MoarVM/src/main.c:238
#5 0xb5366af2 (/lib/i386-linux-gnu/libc.so.6+0x19af2)
SUMMARY: AddressSanitizer: heap-use-after-free /home/dogbert/repos/rakudo/nqp/MoarVM/src/6model/reprs/VMArray.c:461 push
Shadow bytes around the buggy address:
0x369e6050: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x369e6060: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x369e6070: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x369e6080: fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa
0x369e6090: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x369e60a0: fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd
0x369e60b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x369e60c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x369e60d0: fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa
0x369e60e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x369e60f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap righ redzone: fb
Freed Heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
ASan internal: fe
==19088== ABORTING
Another run:
dogbert@dogbert-VirtualBox ~/repos/rakudo $ MVM_SPESH_DISABLE=1 ./perl6-m t/spec/S17-lowlevel/lock.t
1..23
ok 1 - Running code under lock
ok 2 - Running another piece of code under lock
ok 3 - code that dies under lock throws
ok 4 - Code that dies in run does release the lock
ok 5 - Even from another thread
=================================================================
==24196== ERROR: AddressSanitizer: heap-use-after-free on address 0xb4e3b414 at pc 0xb56e4bf3 bp 0xa1febb88 sp 0xa1febb7c
READ of size 4 at 0xb4e3b414 thread T3
#0 0xb56e4bf2 in MVM_gc_allocate_object /home/dogbert/repos/rakudo/nqp/MoarVM/src/gc/allocation.c:86
#1 0xb5784274 in allocate /home/dogbert/repos/rakudo/nqp/MoarVM/src/6model/reprs/P6opaque.c:60
#2 0xb55b5e59 in MVM_args_get_pos_obj /home/dogbert/repos/rakudo/nqp/MoarVM/src/core/args.c:289
#3 0xb55e52ed in MVM_interp_run /home/dogbert/repos/rakudo/nqp/MoarVM/src/core/interp.c:1057
#4 0xb5690dfa in start_thread /home/dogbert/repos/rakudo/nqp/MoarVM/src/core/threads.c:83
#5 0xb59c0d16 in uv__thread_start (//home/dogbert/repos/rakudo/nqp/MoarVM/../../install/lib/libmoar.so+0x54ed16)
#6 0xb61359c6 (/usr/lib/i386-linux-gnu/libasan.so.0+0x1a9c6)
#7 0xb61252ac (/usr/lib/i386-linux-gnu/libasan.so.0+0xa2ac)
#8 0xb52aaf71 in start_thread (/lib/i386-linux-gnu/libpthread.so.0+0x6f71)
#9 0xb53ae3ed (/lib/i386-linux-gnu/libc.so.6+0xee3ed)
0xb4e3b414 is located 20 bytes inside of 480-byte region [0xb4e3b400,0xb4e3b5e0)
freed by thread T0 here:
#0 0xb6131774 (/usr/lib/i386-linux-gnu/libasan.so.0+0x16774)
#1 0xb5657a81 in MVM_free /home/dogbert/repos/rakudo/nqp/MoarVM/src/core/alloc.h:40
#2 0xb56586ac in MVM_tc_destroy /home/dogbert/repos/rakudo/nqp/MoarVM/src/core/threadcontext.c:112
#3 0xb56e2050 in finish_gc /home/dogbert/repos/rakudo/nqp/MoarVM/src/gc/orchestrate.c:210
#4 0xb56e29dd in run_gc /home/dogbert/repos/rakudo/nqp/MoarVM/src/gc/orchestrate.c:358
#5 0xb56e357f in MVM_gc_enter_from_allocator /home/dogbert/repos/rakudo/nqp/MoarVM/src/gc/orchestrate.c:466
#6 0xb56917ff in try_join /home/dogbert/repos/rakudo/nqp/MoarVM/src/core/threads.c:188
#7 0xb56918f2 in MVM_thread_join /home/dogbert/repos/rakudo/nqp/MoarVM/src/core/threads.c:194
#8 0xb5625d65 in MVM_interp_run /home/dogbert/repos/rakudo/nqp/MoarVM/src/core/interp.c:3736
#9 0xb59a0160 in MVM_vm_run_file /home/dogbert/repos/rakudo/nqp/MoarVM/src/moar.c:356
#10 0x8049461 in main /home/dogbert/repos/rakudo/nqp/MoarVM/src/main.c:255
#11 0xb52d9af2 (/lib/i386-linux-gnu/libc.so.6+0x19af2)
previously allocated by thread T0 here:
#0 0xb6131905 (/usr/lib/i386-linux-gnu/libasan.so.0+0x16905)
#1 0xb5657a3b in MVM_calloc /home/dogbert/repos/rakudo/nqp/MoarVM/src/core/alloc.h:11
#2 0xb5657aaf in MVM_tc_create /home/dogbert/repos/rakudo/nqp/MoarVM/src/core/threadcontext.c:8
#3 0xb56908c2 in MVM_thread_new /home/dogbert/repos/rakudo/nqp/MoarVM/src/core/threads.c:29
#4 0xb5625bda in MVM_interp_run /home/dogbert/repos/rakudo/nqp/MoarVM/src/core/interp.c:3731
#5 0xb59a0160 in MVM_vm_run_file /home/dogbert/repos/rakudo/nqp/MoarVM/src/moar.c:356
#6 0x8049461 in main /home/dogbert/repos/rakudo/nqp/MoarVM/src/main.c:255
#7 0xb52d9af2 (/lib/i386-linux-gnu/libc.so.6+0x19af2)
Thread T3 created by T0 here:
#0 0xb61251d0 (/usr/lib/i386-linux-gnu/libasan.so.0+0xa1d0)
#1 0xb59c0d70 in uv_thread_create (//home/dogbert/repos/rakudo/nqp/MoarVM/../../install/lib/libmoar.so+0x54ed70)
#2 0xb562d7eb in MVM_interp_run /home/dogbert/repos/rakudo/nqp/MoarVM/src/core/interp.c:4051
#3 0xb59a0160 in MVM_vm_run_file /home/dogbert/repos/rakudo/nqp/MoarVM/src/moar.c:356
#4 0x8049461 in main /home/dogbert/repos/rakudo/nqp/MoarVM/src/main.c:255
#5 0xb52d9af2 (/lib/i386-linux-gnu/libc.so.6+0x19af2)
SUMMARY: AddressSanitizer: heap-use-after-free /home/dogbert/repos/rakudo/nqp/MoarVM/src/gc/allocation.c:86 MVM_gc_allocate_object
Shadow bytes around the buggy address:
0x369c7630: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x369c7640: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x369c7650: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x369c7660: fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa
0x369c7670: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x369c7680: fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd
0x369c7690: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x369c76a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x369c76b0: fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa
0x369c76c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x369c76d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap righ redzone: fb
Freed Heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
ASan internal: fe
==24196== ABORTING
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment