https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101380
puspmvqyfzxrbytwsu at niwghx dot com changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|Segmentation fault in |Segmentation fault in
|__asan_init |address sanitizer
| |initialization, caused by
| |mmap-ing into the running
| |code
--- Comment #2 from puspmvqyfzxrbytwsu at niwghx dot com ---
The crash seems to only occur with ASLR enabled. When disabling ASLR via
setarch or gdb, I could not reproduce the issue.
I was not able to get a useful stack trace using gdb (when looking at the
segmentation fault, the stack trace printed by gdb looked like corrupted data,
with only a single stack frame printed).
So, I did some debugging with ptrace to get a stack trace before the program
crashes. From this, it looks like the allocator initialization code of the
address sanitizer library causes the crash by performing an mmap-syscall,
mapping something into the address range of the code which is being executed:
system call 9 is mmap
-> argument 0, here 0x0000600000000000, is the starting address (in the process
address space)
-> argument 1, here 0x0000040000000000, is the length to be mapped
=> The address range from 0x0000600000000000 to 0x0000640000000000 will be
mapped.
-> The instruction pointer, here 0x000063C62D125104, is within this address
range.
/* ==== system call entry information (acquired with ptrace) ==== */
entering system call 0x09:
argument 0: 0x0000600000000000
argument 1: 0x0000040000003000
argument 2: 0x0000000000000000
argument 3: 0x0000000000004032
argument 4: 0xFFFFFFFFFFFFFFFF
argument 5: 0x0000000000000000
/* ==== stack trace (acquired with libunwind-ptrace) ==== */
[RIP: 0x000063C62D125104, RSP: 0x000079E7984D2D50]
_ZN11__sanitizer13internal_mmapEPvmiiiy+0x8
[RIP: 0x000063C62D129430, RSP: 0x000079E7984D2D70]
_ZN11__sanitizer9MmapNamedEPvmiiPKc+0x8
[RIP: 0x000063C62D12A049, RSP: 0x000079E7984D2DA0]
_ZN11__sanitizer20ReservedAddressRange4InitEmPKcm+0x8
[RIP: 0x000063C62D07931B, RSP: 0x000079E7984D2DC0]
_ZN6__asan19InitializeAllocatorERKNS_16AllocatorOptionsE+0xA7
[RIP: 0x000063C62D1174DF, RSP: 0x000079E7984D2DF0]
_ZN6__asanL16AsanInitInternalEv.part.0+0xA7
[RIP: 0x000063C62DA63F6E, RSP: 0x000079E7984D2E40] _dl_init+0x1
/* ================ */
Upon exit from the system call, I got the following information from ptrace
(indicating success of mmap):
system call exiting: return value: 0x0000600000000000, is error: 0
At this point, I could no longer obtain a useful stack trace via
libunwind-ptrace. (Only a single stack-frame, not able to get a procedure name
corresponding to it, similar to what I got with gdb).
Then the segmentation fault occurs.
