[llvm-bugs] [Bug 34324] New: After r305058, AddressSanitizer CHECK failed: lib/asan/asan_errors.h:99 "((second_free_stack->size)) > ((0))" (0x0, 0x0)

via llvm-bugs llvm-bugs at lists.llvm.org
Fri Aug 25 09:50:34 PDT 2017 

https://bugs.llvm.org/show_bug.cgi?id=34324

            Bug ID: 34324
           Summary: After r305058, AddressSanitizer CHECK failed:
                    lib/asan/asan_errors.h:99 "((second_free_stack->size))
                    > ((0))" (0x0, 0x0)
           Product: compiler-rt
           Version: unspecified
          Hardware: PC
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P
         Component: compiler-rt
          Assignee: unassignedbugs at nondot.org
          Reporter: dimitry at andric.com
                CC: llvm-bugs at lists.llvm.org

After https://reviews.llvm.org/rL305058, which was meant to fix bug 33206, the
number of failing compiler-rt tests goes up from 5 to 58.  Before:

   Failing Tests (5):
       AddressSanitizer-i386-freebsd :: TestCases/Posix/asan-sigbus.cpp
       AddressSanitizer-i386-freebsd :: TestCases/Posix/fread_fwrite.cc
       LLVM :: Bindings/Go/go.test
       LLVM :: DebugInfo/PDB/pdbdump-debug-subsections.test
       LLVM :: tools/llvm-objdump/X86/macho-literals.test

After:

   Failing Tests (58):
       AddressSanitizer-Unit ::
Asan-i386-inline-Test/AddressSanitizer.DoubleFreeTest
       AddressSanitizer-Unit ::
Asan-i386-inline-Test/AddressSanitizer.ReallocFreedPointerTest
       AddressSanitizer-Unit ::
Asan-i386-inline-Test/AddressSanitizer.UseThenFreeThenUseTest
       AddressSanitizer-Unit ::
Asan-i386-inline-Test/AddressSanitizer.WrongFreeTest
       AddressSanitizer-Unit ::
Asan-i386-with-calls-Test/AddressSanitizer.DoubleFreeTest
       AddressSanitizer-Unit ::
Asan-i386-with-calls-Test/AddressSanitizer.ReallocFreedPointerTest
       AddressSanitizer-Unit ::
Asan-i386-with-calls-Test/AddressSanitizer.UseThenFreeThenUseTest
       AddressSanitizer-Unit ::
Asan-i386-with-calls-Test/AddressSanitizer.WrongFreeTest
       AddressSanitizer-i386-freebsd :: TestCases/Posix/asan-sigbus.cpp
       AddressSanitizer-i386-freebsd ::
TestCases/Posix/asan-symbolize-sanity-test.cc
       AddressSanitizer-i386-freebsd :: TestCases/Posix/closed-fds.cc
       AddressSanitizer-i386-freebsd :: TestCases/Posix/deep_thread_stack.cc
       AddressSanitizer-i386-freebsd :: TestCases/Posix/fread_fwrite.cc
       AddressSanitizer-i386-freebsd ::
TestCases/Posix/interception-in-shared-lib-test.cc
       AddressSanitizer-i386-freebsd :: TestCases/Posix/shared-lib-test.cc
       AddressSanitizer-i386-freebsd ::
TestCases/Posix/stack-use-after-return.cc
       AddressSanitizer-i386-freebsd :: TestCases/Posix/strndup_oob_test.cc
       AddressSanitizer-i386-freebsd :: TestCases/Posix/wait.cc
       AddressSanitizer-i386-freebsd :: TestCases/Posix/wait3.cc
       AddressSanitizer-i386-freebsd :: TestCases/Posix/wait4.cc
       AddressSanitizer-i386-freebsd :: TestCases/Posix/waitid.cc
       AddressSanitizer-i386-freebsd :: TestCases/alloca_big_alignment.cc
       AddressSanitizer-i386-freebsd :: TestCases/alloca_detect_custom_size_.cc
       AddressSanitizer-i386-freebsd :: TestCases/alloca_overflow_partial.cc
       AddressSanitizer-i386-freebsd :: TestCases/alloca_overflow_right.cc
       AddressSanitizer-i386-freebsd :: TestCases/alloca_underflow_left.cc
       AddressSanitizer-i386-freebsd :: TestCases/debug_double_free.cc
       AddressSanitizer-i386-freebsd :: TestCases/debug_report.cc
       AddressSanitizer-i386-freebsd :: TestCases/debug_stacks.cc
       AddressSanitizer-i386-freebsd :: TestCases/deep_stack_uaf.cc
       AddressSanitizer-i386-freebsd :: TestCases/describe_address.cc
       AddressSanitizer-i386-freebsd :: TestCases/double-free.cc
       AddressSanitizer-i386-freebsd :: TestCases/frexp_interceptor.cc
       AddressSanitizer-i386-freebsd :: TestCases/global-overflow.cc
       AddressSanitizer-i386-freebsd :: TestCases/heap-overflow.cc
       AddressSanitizer-i386-freebsd :: TestCases/heavy_uar_test.cc
       AddressSanitizer-i386-freebsd :: TestCases/initialization-bug.cc
       AddressSanitizer-i386-freebsd :: TestCases/invalid-free.cc
       AddressSanitizer-i386-freebsd :: TestCases/invalid-pointer-pairs.cc
       AddressSanitizer-i386-freebsd :: TestCases/large_func_test.cc
       AddressSanitizer-i386-freebsd :: TestCases/null_deref.cc
       AddressSanitizer-i386-freebsd :: TestCases/partial_right.cc
       AddressSanitizer-i386-freebsd :: TestCases/print_summary.cc
       AddressSanitizer-i386-freebsd :: TestCases/sanity_check_pure_c.c
       AddressSanitizer-i386-freebsd :: TestCases/stack-buffer-overflow.cc
       AddressSanitizer-i386-freebsd :: TestCases/strdup_oob_test.cc
       AddressSanitizer-i386-freebsd :: TestCases/strncpy-overflow.cc
       AddressSanitizer-i386-freebsd :: TestCases/time_interceptor.cc
       AddressSanitizer-i386-freebsd :: TestCases/use-after-delete.cc
       AddressSanitizer-i386-freebsd :: TestCases/use-after-free-right.cc
       AddressSanitizer-i386-freebsd :: TestCases/use-after-free.cc
       AddressSanitizer-i386-freebsd :: TestCases/use-after-scope-inlined.cc
       AddressSanitizer-i386-freebsd :: TestCases/vla_chrome_testcase.cc
       AddressSanitizer-i386-freebsd :: TestCases/vla_condition_overflow.cc
       AddressSanitizer-i386-freebsd :: TestCases/vla_loop_overfow.cc
       LLVM :: Bindings/Go/go.test
       LLVM :: DebugInfo/PDB/pdbdump-debug-subsections.test
       LLVM :: tools/llvm-objdump/X86/macho-literals.test

The AddressSanitizer-Unit tests all fail because of a new CHECK failure:

   [ RUN      ] AddressSanitizer.DoubleFreeTest
  
/share/dim/src/llvm/trunk/projects/compiler-rt/lib/asan/tests/asan_test.cc:463:
Failure
   Death test: DoubleFree()
       Result: died but not with expected error.
     Expected: ERROR: AddressSanitizer: attempting double-free.*is located 0
bytes inside of 400-byte region.*freed by thread T0 here.*previously allocated
by thread T0 here
   Actual msg:
   [  DEATH   ] DoubleFree: x=0x2b003e40
   [  DEATH   ]
=================================================================
   [  DEATH   ] ==84873==AddressSanitizer CHECK failed:
/share/dim/src/llvm/trunk/projects/compiler-rt/lib/asan/asan_errors.h:99
"((second_free_stack->size)) > ((0))" (0x0, 0x0)
   [  DEATH   ]     #0 0x80e5e56 
(/home/dim/obj/llvm-305058-trunk-freebsd10-i386-ninja-rel-1/projects/compiler-rt/lib/asan/tests/default/Asan-i386-inline-Test+0x80e5e56)
   [  DEATH   ]     #1 0x80fb0e4 
(/home/dim/obj/llvm-305058-trunk-freebsd10-i386-ninja-rel-1/projects/compiler-rt/lib/asan/tests/default/Asan-i386-inline-Test+0x80fb0e4)
   [  DEATH   ]     #2 0x80e11c0 
(/home/dim/obj/llvm-305058-trunk-freebsd10-i386-ninja-rel-1/projects/compiler-rt/lib/asan/tests/default/Asan-i386-inline-Test+0x80e11c0)
   [  DEATH   ]     #3 0x8073a66 
(/home/dim/obj/llvm-305058-trunk-freebsd10-i386-ninja-rel-1/projects/compiler-rt/lib/asan/tests/default/Asan-i386-inline-Test+0x8073a66)
   [  DEATH   ]     #4 0x80714bd 
(/home/dim/obj/llvm-305058-trunk-freebsd10-i386-ninja-rel-1/projects/compiler-rt/lib/asan/tests/default/Asan-i386-inline-Test+0x80714bd)
   [  DEATH   ]     #5 0x80dc41e 
(/home/dim/obj/llvm-305058-trunk-freebsd10-i386-ninja-rel-1/projects/compiler-rt/lib/asan/tests/default/Asan-i386-inline-Test+0x80dc41e)
   [  DEATH   ]     #6 0x81f69f6 
(/home/dim/obj/llvm-305058-trunk-freebsd10-i386-ninja-rel-1/projects/compiler-rt/lib/asan/tests/default/Asan-i386-inline-Test+0x81f69f6)
   [  DEATH   ]     #7 0x81867fd 
(/home/dim/obj/llvm-305058-trunk-freebsd10-i386-ninja-rel-1/projects/compiler-rt/lib/asan/tests/default/Asan-i386-inline-Test+0x81867fd)
   [  DEATH   ]     #8 0x81420e1 
(/home/dim/obj/llvm-305058-trunk-freebsd10-i386-ninja-rel-1/projects/compiler-rt/lib/asan/tests/default/Asan-i386-inline-Test+0x81420e1)
   [  DEATH   ]     #9 0x814470a 
(/home/dim/obj/llvm-305058-trunk-freebsd10-i386-ninja-rel-1/projects/compiler-rt/lib/asan/tests/default/Asan-i386-inline-Test+0x814470a)
   [  DEATH   ]     #10 0x8146252 
(/home/dim/obj/llvm-305058-trunk-freebsd10-i386-ninja-rel-1/projects/compiler-rt/lib/asan/tests/default/Asan-i386-inline-Test+0x8146252)
   [  DEATH   ]     #11 0x815f02b 
(/home/dim/obj/llvm-305058-trunk-freebsd10-i386-ninja-rel-1/projects/compiler-rt/lib/asan/tests/default/Asan-i386-inline-Test+0x815f02b)
   [  DEATH   ]     #12 0x8187e97 
(/home/dim/obj/llvm-305058-trunk-freebsd10-i386-ninja-rel-1/projects/compiler-rt/lib/asan/tests/default/Asan-i386-inline-Test+0x8187e97)
   [  DEATH   ]     #13 0x815e185 
(/home/dim/obj/llvm-305058-trunk-freebsd10-i386-ninja-rel-1/projects/compiler-rt/lib/asan/tests/default/Asan-i386-inline-Test+0x815e185)
   [  DEATH   ]     #14 0x830ed1f 
(/home/dim/obj/llvm-305058-trunk-freebsd10-i386-ninja-rel-1/projects/compiler-rt/lib/asan/tests/default/Asan-i386-inline-Test+0x830ed1f)
   [  DEATH   ]     #15 0x8070a19 
(/home/dim/obj/llvm-305058-trunk-freebsd10-i386-ninja-rel-1/projects/compiler-rt/lib/asan/tests/default/Asan-i386-inline-Test+0x8070a19)
   [  DEATH   ]
   [  DEATH   ]
   [  FAILED  ] AddressSanitizer.DoubleFreeTest (15 ms)
   [----------] 1 test from AddressSanitizer (15 ms total)

The rest of the tests are now failing because the printed thread ID is
different than before, e.g. it expects "T0" while the actual ID is "T16777215":

   ********************
   FAIL: AddressSanitizer-i386-freebsd :: TestCases/Posix/closed-fds.cc (323 of
616)
   ******************** TEST 'AddressSanitizer-i386-freebsd ::
TestCases/Posix/closed-fds.cc' FAILED ********************
   Script:
   --
   rm -f
/home/dim/obj/llvm-305058-trunk-freebsd10-i386-ninja-rel-1/projects/compiler-rt/test/asan/I386FreeBSDConfig/TestCases/Posix/Output/closed-fds.cc.tmp.log.*
   /home/dim/obj/llvm-305058-trunk-freebsd10-i386-ninja-rel-1/./bin/clang
--driver-mode=g++ -fsanitize=address -mno-omit-leaf-frame-pointer
-fno-omit-frame-pointer -fno-optimize-sibling-calls -gline-tables-only -m32 -O0
/share/dim/src/llvm/trunk/projects/compiler-rt/test/asan/TestCases/Posix/closed-fds.cc
-o
/home/dim/obj/llvm-305058-trunk-freebsd10-i386-ninja-rel-1/projects/compiler-rt/test/asan/I386FreeBSDConfig/TestCases/Posix/Output/closed-fds.cc.tmp
   env
ASAN_OPTIONS=log_path='"/home/dim/obj/llvm-305058-trunk-freebsd10-i386-ninja-rel-1/projects/compiler-rt/test/asan/I386FreeBSDConfig/TestCases/Posix/Output/closed-fds.cc.tmp.log"':verbosity=2
not
/home/dim/obj/llvm-305058-trunk-freebsd10-i386-ninja-rel-1/projects/compiler-rt/test/asan/I386FreeBSDConfig/TestCases/Posix/Output/closed-fds.cc.tmp
   FileCheck
/share/dim/src/llvm/trunk/projects/compiler-rt/test/asan/TestCases/Posix/closed-fds.cc
--check-prefix=CHECK-FILE <
/home/dim/obj/llvm-305058-trunk-freebsd10-i386-ninja-rel-1/projects/compiler-rt/test/asan/I386FreeBSDConfig/TestCases/Posix/Output/closed-fds.cc.tmp.log.*
   --
   Exit Code: 1

   Command Output (stderr):
   --
   Closing streams.
  
/share/dim/src/llvm/trunk/projects/compiler-rt/test/asan/TestCases/Posix/closed-fds.cc:32:17:
error: expected string not found in input
    // CHECK-FILE: {{WRITE of size 1 at 0x.* thread T0}}
                   ^
   <stdin>:30:1: note: scanning from here
   WRITE of size 1 at 0x2a200791 thread T16777215
   ^

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20170825/866266f1/attachment-0001.html>

More information about the llvm-bugs mailing list