[llvm-bugs] [Bug 145259] [ASan] [AArch64] Simple program crashes on startup with `mmap` failure in ASan runtime on Clang 20

Sun, 22 Jun 2025 21:02:39 -0700

Issue 145259
Summary [ASan] [AArch64] Simple program crashes on startup with `mmap` failure in ASan runtime on Clang 20
Labels clang
Assignees
Reporter happyme531 
    **Description:**

When compiling a minimal C++ "Hello, World!" program with `-fsanitize=address` on AArch64 with a recent Clang 20 development build, the resulting executable fails immediately upon execution.

The error message indicates an "out of memory" failure when the AddressSanitizer runtime attempts to `mmap` its shadow memory at `0x040000000000`. The program crashes before `main()` is called, and the stack trace is empty, suggesting a failure very early in the runtime initialization process.

**Environment:**

*   **Clang Version:**
    ```
    Debian clang version 20.1.7 (++20250613123054+9ba132be8eea-1~exp1~20250613003154.130)
    Target: aarch64-unknown-linux-gnu
    Thread model: posix
    InstalledDir: /usr/lib/llvm-20/bin
    ```
*   **Operating System:**
    ```
> lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description:    Debian GNU/Linux 11 (bullseye)
Release:        11
Codename:       bullseye

> ulimit -a
Maximum size of core files created                              (kB, -c) 0
Maximum size of a process’s data segment                        (kB, -d) unlimited
Control of maximum nice priority                                    (-e) 0
Maximum size of files created by the shell                      (kB, -f) unlimited
Maximum number of pending signals                                   (-i) 126000
Maximum size that may be locked into memory                     (kB, -l) 4033516
Maximum resident set size                                       (kB, -m) unlimited
Maximum number of open file descriptors                             (-n) 1048576
Maximum bytes in POSIX message queues                           (kB, -q) 800
Maximum realtime scheduling priority                                (-r) 0
Maximum stack size                                              (kB, -s) 8192
Maximum amount of CPU time in seconds                      (seconds, -t) unlimited
Maximum number of processes available to current user               (-u) 126000
Maximum amount of virtual memory available to each process      (kB, -v) unlimited
Maximum contiguous realtime CPU time                                (-y) unlimited
    ```
*   **Hardware:** Rockchip RK3588 development board, with 32GB RAM.

**Steps to Reproduce:**

1.  Create the following C++ file (`test.cpp`):
    ```cpp
    #include <iostream>

    int main() {
      std::cout << "Hello, World!" << std::endl;
      return 0;
    }
    ```

2.  Compile it with Clang 20 and AddressSanitizer enabled:
    ```sh
    clang++-20 ./test.cpp -fsanitize=address
    ```

3.  Run the resulting executable:
    ```sh
    ./a.out
    ```

**Actual Result:**

The program crashes immediately with the following error from the AddressSanitizer runtime:

```
==843770==ERROR: AddressSanitizer: out of memory: failed to allocate 0x2000 (8192) bytes of memory at address 0x040000000000 (error code: 12)
==843770==Process memory map follows:
        0x000ffffff000-0x001200000000
        0x001200000000-0x001400000000
        0x001400000000-0x002000000000
        0x00556ef70000-0x00556f0bf000   /tmp/a.out
        0x00556f0cf000-0x00556f0d3000   /tmp/a.out
        0x00556f0d3000-0x00556f0d6000   /tmp/a.out
        0x00556f0d6000-0x00556fa6a000
        0x007f9c200000-0x007f9c300000
        0x007f9c400000-0x007f9c500000
        0x007f9c572000-0x007f9ca00000
        0x007f9cb00000-0x007f9cc00000
        0x007f9cca3000-0x007f9ccb3000
        0x007f9ccb3000-0x007f9ce0f000   /usr/lib/aarch64-linux-gnu/libc-2.31.so
        0x007f9ce0f000-0x007f9ce1e000   /usr/lib/aarch64-linux-gnu/libc-2.31.so
        0x007f9ce1e000-0x007f9ce22000   /usr/lib/aarch64-linux-gnu/libc-2.31.so
        0x007f9ce22000-0x007f9ce24000   /usr/lib/aarch64-linux-gnu/libc-2.31.so
        0x007f9ce24000-0x007f9ce27000
        0x007f9ce27000-0x007f9ce3a000   /usr/lib/aarch64-linux-gnu/libgcc_s.so.1
        0x007f9ce3a000-0x007f9ce49000   /usr/lib/aarch64-linux-gnu/libgcc_s.so.1
        0x007f9ce49000-0x007f9ce4a000   /usr/lib/aarch64-linux-gnu/libgcc_s.so.1
        0x007f9ce4a000-0x007f9ce4b000   /usr/lib/aarch64-linux-gnu/libgcc_s.so.1
        0x007f9ce4b000-0x007f9ce5e000   /usr/lib/aarch64-linux-gnu/libresolv-2.31.so
        0x007f9ce5e000-0x007f9ce6e000   /usr/lib/aarch64-linux-gnu/libresolv-2.31.so
        0x007f9ce6e000-0x007f9ce6f000   /usr/lib/aarch64-linux-gnu/libresolv-2.31.so
        0x007f9ce6f000-0x007f9ce70000   /usr/lib/aarch64-linux-gnu/libresolv-2.31.so
        0x007f9ce70000-0x007f9ce72000
        0x007f9ce72000-0x007f9ce75000   /usr/lib/aarch64-linux-gnu/libdl-2.31.so
        0x007f9ce75000-0x007f9ce84000   /usr/lib/aarch64-linux-gnu/libdl-2.31.so
        0x007f9ce84000-0x007f9ce85000   /usr/lib/aarch64-linux-gnu/libdl-2.31.so
        0x007f9ce85000-0x007f9ce86000   /usr/lib/aarch64-linux-gnu/libdl-2.31.so
        0x007f9ce86000-0x007f9ce8d000   /usr/lib/aarch64-linux-gnu/librt-2.31.so
        0x007f9ce8d000-0x007f9ce9c000   /usr/lib/aarch64-linux-gnu/librt-2.31.so
        0x007f9ce9c000-0x007f9ce9d000   /usr/lib/aarch64-linux-gnu/librt-2.31.so
        0x007f9ce9d000-0x007f9ce9e000   /usr/lib/aarch64-linux-gnu/librt-2.31.so
        0x007f9ce9e000-0x007f9ceba000   /usr/lib/aarch64-linux-gnu/libpthread-2.31.so
        0x007f9ceba000-0x007f9cec9000   /usr/lib/aarch64-linux-gnu/libpthread-2.31.so
        0x007f9cec9000-0x007f9ceca000   /usr/lib/aarch64-linux-gnu/libpthread-2.31.so
        0x007f9ceca000-0x007f9cecb000   /usr/lib/aarch64-linux-gnu/libpthread-2.31.so
        0x007f9cecb000-0x007f9cecf000
        0x007f9cecf000-0x007f9cf68000   /usr/lib/aarch64-linux-gnu/libm-2.31.so
        0x007f9cf68000-0x007f9cf78000   /usr/lib/aarch64-linux-gnu/libm-2.31.so
        0x007f9cf78000-0x007f9cf79000   /usr/lib/aarch64-linux-gnu/libm-2.31.so
        0x007f9cf79000-0x007f9cf7a000   /usr/lib/aarch64-linux-gnu/libm-2.31.so
        0x007f9cf7a000-0x007f9d131000   /usr/lib/aarch64-linux-gnu/libstdc++.so.6.0.28
        0x007f9d131000-0x007f9d141000   /usr/lib/aarch64-linux-gnu/libstdc++.so.6.0.28
        0x007f9d141000-0x007f9d14c000   /usr/lib/aarch64-linux-gnu/libstdc++.so.6.0.28
        0x007f9d14c000-0x007f9d14f000   /usr/lib/aarch64-linux-gnu/libstdc++.so.6.0.28
        0x007f9d14f000-0x007f9d175000
        0x007f9d175000-0x007f9d196000   /usr/lib/aarch64-linux-gnu/ld-2.31.so
        0x007f9d196000-0x007f9d1a3000
        0x007f9d1a3000-0x007f9d1a5000   [vvar]
        0x007f9d1a5000-0x007f9d1a6000   [vdso]
        0x007f9d1a6000-0x007f9d1a7000   /usr/lib/aarch64-linux-gnu/ld-2.31.so
        0x007f9d1a7000-0x007f9d1a9000   /usr/lib/aarch64-linux-gnu/ld-2.31.so
        0x007fc451a000-0x007fc453b000   [stack]
==843770==End of process memory map.
AddressSanitizer: CHECK failed: sanitizer_common.cpp:61 "((0 && "unable to mmap")) != (0)" (0x0, 0x0) (tid=843770)
    <empty stack>
```

**Expected Result:**

The program should execute successfully, print "Hello, World!" to the console, and exit with status 0.

```
Hello, World!
```

**Additional Notes:**

Older Clang versions will also crash but with another (looks related) issue: https://github.com/llvm/llvm-project/issues/65144#issuecomment-1746565874


_______________________________________________
llvm-bugs mailing list
llvm-bugs@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs

Reply via email to