search

google / sanitizers

AddressSanitizer, ThreadSanitizer, MemorySanitizer
Other
11.33k stars 1.02k forks source link

Workarounds for #837 (Shadow memory range interleaves with an existing memory mapping. ASan cannot proceed correctly. ABORTING.) #856

Open kcc opened 7 years ago

kcc commented 7 years ago

Due to a kernel change asan may not work: https://github.com/google/sanitizers/issues/837 The kernel change is now reverted upstream, but a few kernel releases are not fully compatible with asan. This issue will list all possible workarounds as well as affected kernel versions (CC: @kees)

eugenis commented 7 years ago

This problem is present in Linux 4.12, and fixed in 4.13rc5. Both the break and the fix are present in 4.4.84 LTS track. The breaking change is also present in Ubuntu kernel 4.4.0-93, and likely to be fixed in the following update of the kernel package.

The bug is limited to x86_64 and AArch64 platforms.

You are most likely seeing this bug if a position-independent executable is loaded between addresses 0x 0001 0000 0000 and 0x 0100 0000 0000. With ASLR disabled (try setarch x86_64 -R <your_binary>) the executable would be loaded at 0x 0001 0000 0000.

As for the workarounds, there is not much one can do. Load a different kernel, or don't build your binary as PIE (use -no-pie linker flag).

illera88 commented 3 years ago

I'm having this problem with the kernel 5.4.0-1028-gcp

i-rocky commented 3 years ago

Any update on this? 5.4.0-52-generic

rlillback commented 3 years ago

I too am having this problem with kernel 5.4.0-52-generic

i-rocky commented 3 years ago

I too am having this problem with kernel 5.4.0-52-generic

Did you use -fsanitize=address in your build command? In my case removing that made it work. Also don't use -O3 (optimizations),

leahneukirchen commented 3 years ago

FYI, this error can happen when you run an ASan-enabled-binary under valgrind. :)

ramosian-glider commented 2 years ago

AddressSanitizer is not supposed to work under Valgrind, this is WAI.

surechen commented 2 years ago

I have the same problem, is there a solution? Linux version 5.4.0-42-generic (buildd@lgw01-amd64-038) (gcc version 9.3.0 (Ubuntu 9.3.0-10ubuntu2)) #46-Ubuntu SMP Fri Jul 10 00:24:02 UTC 2020

cassepipe commented 2 years ago

@surechen Are you sure you are not using -fsanitize=address when compiling ? Asan (address sanitizer enabled by this flag) and valgrind can't work together at the same time : https://github.com/google/sanitizers/issues/856#issuecomment-727254300

surechen commented 2 years ago

@surechen Are you sure you are not using -fsanitize=address when compiling ? Asan (address sanitizer enabled by this flag) and valgrind can't work together at the same time : #856 (comment)

Hi, Thanks. In fact, I use Rust, and my executable dynamically loads a dynamic link library “xxxxxx.so” when running. I linked the librustc-nightly_rt.asan.a statically for this dynamic link library “xxxxxx.so”. My executable are compiled including the RUSTFLAGS "-zsanitizer =address".

This is the build.rs for my dynamic link library “xxxxxx.so”

println!("cargo:rustc-link-lib=static=rustc-nightly_rt.asan");
println!("cargo:rustc-link-arg=-Wl,--whole-archive");

ssss

crrodriguez commented 10 months ago

sudo sysctl -w kernel.randomize_va_space=0 works for me as workaround with gcc

mariadb-RoelVandePaar commented 5 months ago

I use UB+ASAN (UBSAN and ASAN combined) builds of MariaDB server often. I recently noticed an issue where these builds would fail to start with a SIGSEGV (and Shadow memory range interleaves with an existing memory mapping. ASan cannot proceed correctly. ABORTING.). Looking through the linked issues in this ticket, and especially https://github.com/phoenix-rtos/phoenix-rtos-project/issues/1032, and though I did not see any specific DEADLYSIGNAL messages, I tried:

sudo sysctl vm.mmap_rnd_bits=28

And it fixed the issue!

Here is the full fault seen:

Segmentation fault
==3386==Shadow memory range interleaves with an existing memory mapping. ASan cannot proceed correctly. ABORTING.
==3386==ASan shadow was supposed to be located in the [0x00007fff7000-0x10007fff7fff] range.
==3386==This might be related to ELF_ET_DYN_BASE change in Linux 4.12.
==3386==Process memory map follows:
    0x0659970ae000-0x065997400000   
    0x065997400000-0x0659974b2000   /usr/lib/x86_64-linux-gnu/libcrypto.so.3
    0x0659974b2000-0x065997720000   /usr/lib/x86_64-linux-gnu/libcrypto.so.3
    0x065997720000-0x0659977f1000   /usr/lib/x86_64-linux-gnu/libcrypto.so.3
    0x0659977f1000-0x06599784c000   /usr/lib/x86_64-linux-gnu/libcrypto.so.3
    0x06599784c000-0x06599784f000   /usr/lib/x86_64-linux-gnu/libcrypto.so.3
    0x06599784f000-0x065997852000   
    0x065997a00000-0x065997a22000   /usr/lib/x86_64-linux-gnu/libc.so.6
    0x065997a22000-0x065997b9a000   /usr/lib/x86_64-linux-gnu/libc.so.6
    0x065997b9a000-0x065997bf2000   /usr/lib/x86_64-linux-gnu/libc.so.6
    0x065997bf2000-0x065997bf6000   /usr/lib/x86_64-linux-gnu/libc.so.6
    0x065997bf6000-0x065997bf8000   /usr/lib/x86_64-linux-gnu/libc.so.6
    0x065997bf8000-0x065997c05000   
    0x065997d4c000-0x065997d50000   /usr/lib/x86_64-linux-gnu/libzstd.so.1.5.4
    0x065997d50000-0x065997dee000   /usr/lib/x86_64-linux-gnu/libzstd.so.1.5.4
    0x065997dee000-0x065997dfe000   /usr/lib/x86_64-linux-gnu/libzstd.so.1.5.4
    0x065997dfe000-0x065997dff000   /usr/lib/x86_64-linux-gnu/libzstd.so.1.5.4
    0x065997dff000-0x065997e00000   /usr/lib/x86_64-linux-gnu/libzstd.so.1.5.4
    0x065997e00000-0x065997e07000   /usr/lib/x86_64-linux-gnu/libubsan.so.1.0.0
    0x065997e07000-0x065997e50000   /usr/lib/x86_64-linux-gnu/libubsan.so.1.0.0
    0x065997e50000-0x065997e68000   /usr/lib/x86_64-linux-gnu/libubsan.so.1.0.0
    0x065997e68000-0x065997e6a000   /usr/lib/x86_64-linux-gnu/libubsan.so.1.0.0
    0x065997e6a000-0x065997e6d000   /usr/lib/x86_64-linux-gnu/libubsan.so.1.0.0
    0x065997e6d000-0x06599840f000   
    0x065998438000-0x065998448000   
    0x065998448000-0x06599844c000   /usr/lib/x86_64-linux-gnu/libgpg-error.so.0.33.1
    0x06599844c000-0x065998462000   /usr/lib/x86_64-linux-gnu/libgpg-error.so.0.33.1
    0x065998462000-0x06599846c000   /usr/lib/x86_64-linux-gnu/libgpg-error.so.0.33.1
    0x06599846c000-0x06599846d000   /usr/lib/x86_64-linux-gnu/libgpg-error.so.0.33.1
    0x06599846d000-0x06599846e000   /usr/lib/x86_64-linux-gnu/libgpg-error.so.0.33.1
    0x06599846e000-0x065998472000   /usr/lib/x86_64-linux-gnu/libkmod.so.2.4.0
    0x065998472000-0x065998483000   /usr/lib/x86_64-linux-gnu/libkmod.so.2.4.0
    0x065998483000-0x065998488000   /usr/lib/x86_64-linux-gnu/libkmod.so.2.4.0
    0x065998488000-0x065998489000   /usr/lib/x86_64-linux-gnu/libkmod.so.2.4.0
    0x065998489000-0x06599848a000   /usr/lib/x86_64-linux-gnu/libkmod.so.2.4.0
    0x06599848a000-0x06599848f000   /usr/lib/x86_64-linux-gnu/libudev.so.1.7.5
    0x06599848f000-0x0659984ac000   /usr/lib/x86_64-linux-gnu/libudev.so.1.7.5
    0x0659984ac000-0x0659984b6000   /usr/lib/x86_64-linux-gnu/libudev.so.1.7.5
    0x0659984b6000-0x0659984b7000   /usr/lib/x86_64-linux-gnu/libudev.so.1.7.5
    0x0659984b7000-0x0659984b8000   /usr/lib/x86_64-linux-gnu/libudev.so.1.7.5
    0x0659984b8000-0x0659984c7000   /usr/lib/x86_64-linux-gnu/libgcrypt.so.20.4.1
    0x0659984c7000-0x0659985b6000   /usr/lib/x86_64-linux-gnu/libgcrypt.so.20.4.1
    0x0659985b6000-0x0659985f6000   /usr/lib/x86_64-linux-gnu/libgcrypt.so.20.4.1
    0x0659985f6000-0x0659985fb000   /usr/lib/x86_64-linux-gnu/libgcrypt.so.20.4.1
    0x0659985fb000-0x0659985ff000   /usr/lib/x86_64-linux-gnu/libgcrypt.so.20.4.1
    0x0659985ff000-0x065998600000   
    0x065998600000-0x06599869c000   /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.31
    0x06599869c000-0x0659987cb000   /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.31
    0x0659987cb000-0x065998858000   /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.31
    0x065998858000-0x065998863000   /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.31
    0x065998863000-0x065998866000   /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.31
    0x065998866000-0x06599886a000   
    0x06599886b000-0x065998874000   
    0x065998874000-0x065998876000   /usr/lib/x86_64-linux-gnu/libuuid.so.1.3.0
    0x065998876000-0x06599887a000   /usr/lib/x86_64-linux-gnu/libuuid.so.1.3.0
    0x06599887a000-0x06599887b000   /usr/lib/x86_64-linux-gnu/libuuid.so.1.3.0
    0x06599887b000-0x06599887c000   /usr/lib/x86_64-linux-gnu/libuuid.so.1.3.0
    0x06599887c000-0x06599887d000   /usr/lib/x86_64-linux-gnu/libuuid.so.1.3.0
    0x06599887d000-0x06599887f000   
    0x06599887f000-0x065998882000   /usr/lib/x86_64-linux-gnu/libgcc_s.so.1
    0x065998882000-0x06599889d000   /usr/lib/x86_64-linux-gnu/libgcc_s.so.1
    0x06599889d000-0x0659988a1000   /usr/lib/x86_64-linux-gnu/libgcc_s.so.1
    0x0659988a1000-0x0659988a2000   /usr/lib/x86_64-linux-gnu/libgcc_s.so.1
    0x0659988a2000-0x0659988a3000   /usr/lib/x86_64-linux-gnu/libgcc_s.so.1
    0x0659988a3000-0x0659988a6000   /usr/lib/x86_64-linux-gnu/liblz4.so.1.9.4
    0x0659988a6000-0x0659988c1000   /usr/lib/x86_64-linux-gnu/liblz4.so.1.9.4
    0x0659988c1000-0x0659988c4000   /usr/lib/x86_64-linux-gnu/liblz4.so.1.9.4
    0x0659988c4000-0x0659988c5000   /usr/lib/x86_64-linux-gnu/liblz4.so.1.9.4
    0x0659988c5000-0x0659988c6000   /usr/lib/x86_64-linux-gnu/liblz4.so.1.9.4
    0x0659988c6000-0x0659988c9000   /usr/lib/x86_64-linux-gnu/liblzma.so.5.4.1
    0x0659988c9000-0x0659988ea000   /usr/lib/x86_64-linux-gnu/liblzma.so.5.4.1
    0x0659988ea000-0x0659988f6000   /usr/lib/x86_64-linux-gnu/liblzma.so.5.4.1
    0x0659988f6000-0x0659988f7000   /usr/lib/x86_64-linux-gnu/liblzma.so.5.4.1
    0x0659988f7000-0x0659988f8000   /usr/lib/x86_64-linux-gnu/liblzma.so.5.4.1
    0x0659988f8000-0x0659988fa000   
    0x0659988fa000-0x0659988fd000   /usr/lib/x86_64-linux-gnu/libcap.so.2.66
    0x0659988fd000-0x065998902000   /usr/lib/x86_64-linux-gnu/libcap.so.2.66
    0x065998902000-0x065998904000   /usr/lib/x86_64-linux-gnu/libcap.so.2.66
    0x065998904000-0x065998905000   /usr/lib/x86_64-linux-gnu/libcap.so.2.66
    0x065998905000-0x065998906000   /usr/lib/x86_64-linux-gnu/libcap.so.2.66
    0x065998906000-0x065998909000   /usr/lib/x86_64-linux-gnu/libdaxctl.so.1.2.5
    0x065998909000-0x06599890e000   /usr/lib/x86_64-linux-gnu/libdaxctl.so.1.2.5
    0x06599890e000-0x065998911000   /usr/lib/x86_64-linux-gnu/libdaxctl.so.1.2.5
    0x065998911000-0x065998912000   /usr/lib/x86_64-linux-gnu/libdaxctl.so.1.2.5
    0x065998912000-0x065998913000   /usr/lib/x86_64-linux-gnu/libdaxctl.so.1.2.5
    0x065998913000-0x06599891c000   /usr/lib/x86_64-linux-gnu/libndctl.so.6.1.21
    0x06599891c000-0x065998932000   /usr/lib/x86_64-linux-gnu/libndctl.so.6.1.21
    0x065998932000-0x06599893c000   /usr/lib/x86_64-linux-gnu/libndctl.so.6.1.21
    0x06599893c000-0x06599893d000   /usr/lib/x86_64-linux-gnu/libndctl.so.6.1.21
    0x06599893d000-0x06599893e000   /usr/lib/x86_64-linux-gnu/libndctl.so.6.1.21
    0x06599893e000-0x06599894c000   /usr/lib/x86_64-linux-gnu/libm.so.6
    0x06599894c000-0x0659989ca000   /usr/lib/x86_64-linux-gnu/libm.so.6
    0x0659989ca000-0x065998a25000   /usr/lib/x86_64-linux-gnu/libm.so.6
    0x065998a25000-0x065998a26000   /usr/lib/x86_64-linux-gnu/libm.so.6
    0x065998a26000-0x065998a27000   /usr/lib/x86_64-linux-gnu/libm.so.6
    0x065998a27000-0x065998a29000   
    0x065998a29000-0x065998a3e000   /usr/lib/x86_64-linux-gnu/libsystemd.so.0.35.0
    0x065998a3e000-0x065998abe000   /usr/lib/x86_64-linux-gnu/libsystemd.so.0.35.0
    0x065998abe000-0x065998aec000   /usr/lib/x86_64-linux-gnu/libsystemd.so.0.35.0
    0x065998aec000-0x065998af7000   /usr/lib/x86_64-linux-gnu/libsystemd.so.0.35.0
    0x065998af7000-0x065998af8000   /usr/lib/x86_64-linux-gnu/libsystemd.so.0.35.0
    0x065998af8000-0x065998af9000   
    0x065998af9000-0x065998afd000   /usr/lib/x86_64-linux-gnu/libpmem.so.1.0.0
    0x065998afd000-0x065998b47000   /usr/lib/x86_64-linux-gnu/libpmem.so.1.0.0
    0x065998b47000-0x065998b4d000   /usr/lib/x86_64-linux-gnu/libpmem.so.1.0.0
    0x065998b4d000-0x065998b4e000   /usr/lib/x86_64-linux-gnu/libpmem.so.1.0.0
    0x065998b4e000-0x065998b4f000   /usr/lib/x86_64-linux-gnu/libpmem.so.1.0.0
    0x065998b4f000-0x065998b51000   /usr/lib/liburing.so.2.2
    0x065998b51000-0x065998b53000   /usr/lib/liburing.so.2.2
    0x065998b53000-0x065998b54000   /usr/lib/liburing.so.2.2
    0x065998b54000-0x065998b55000   /usr/lib/liburing.so.2.2
    0x065998b55000-0x065998b56000   /usr/lib/liburing.so.2.2
    0x065998b56000-0x065998b58000   /usr/lib/x86_64-linux-gnu/libcrypt.so.1.1.0
    0x065998b58000-0x065998b6c000   /usr/lib/x86_64-linux-gnu/libcrypt.so.1.1.0
    0x065998b6c000-0x065998b86000   /usr/lib/x86_64-linux-gnu/libcrypt.so.1.1.0
    0x065998b86000-0x065998b87000   /usr/lib/x86_64-linux-gnu/libcrypt.so.1.1.0
    0x065998b87000-0x065998b88000   /usr/lib/x86_64-linux-gnu/libcrypt.so.1.1.0
    0x065998b88000-0x065998b90000   
    0x065998b92000-0x065998ba2000   
    0x065998ba2000-0x065998ba3000   /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
    0x065998ba3000-0x065998bcb000   /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
    0x065998bcb000-0x065998bd5000   /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
    0x065998bd5000-0x065998bd7000   /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
    0x065998bd7000-0x065998bd9000   /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
    0x5e6e14672000-0x5e6e1c45c000   /test/UBASAN_MD120324-mariadb-11.5.0-linux-x86_64-dbg/bin/mariadbd
    0x5e6e1c45c000-0x5e6e2164b000   /test/UBASAN_MD120324-mariadb-11.5.0-linux-x86_64-dbg/bin/mariadbd
    0x5e6e2164b000-0x5e6e223f1000   /test/UBASAN_MD120324-mariadb-11.5.0-linux-x86_64-dbg/bin/mariadbd
    0x5e6e223f2000-0x5e6e22577000   /test/UBASAN_MD120324-mariadb-11.5.0-linux-x86_64-dbg/bin/mariadbd
    0x5e6e22577000-0x5e6e2b198000   /test/UBASAN_MD120324-mariadb-11.5.0-linux-x86_64-dbg/bin/mariadbd
    0x5e6e2b198000-0x5e6e2c34c000   
    0x7fff10e8c000-0x7fff10ead000   [stack]
    0x7fff10f47000-0x7fff10f4b000   [vvar]
    0x7fff10f4b000-0x7fff10f4d000   [vdso]
    0xffffffffff600000-0xffffffffff601000   [vsyscall]
==3386==End of process memory map.
RingsC commented 4 months ago

I use UB+ASAN (UBSAN and ASAN combined) builds of MariaDB server often. I recently noticed an issue where these builds would fail to start with a SIGSEGV (and Shadow memory range interleaves with an existing memory mapping. ASan cannot proceed correctly. ABORTING.). Looking through the linked issues in this ticket, and especially phoenix-rtos/phoenix-rtos-project#1032, and though I did not see any specific DEADLYSIGNAL messages, I tried:

sudo sysctl vm.mmap_rnd_bits=28

And it fixed the issue!

Here is the full fault seen:

Segmentation fault
==3386==Shadow memory range interleaves with an existing memory mapping. ASan cannot proceed correctly. ABORTING.
==3386==ASan shadow was supposed to be located in the [0x00007fff7000-0x10007fff7fff] range.
==3386==This might be related to ELF_ET_DYN_BASE change in Linux 4.12.
==3386==Process memory map follows:
  0x0659970ae000-0x065997400000   
  0x065997400000-0x0659974b2000   /usr/lib/x86_64-linux-gnu/libcrypto.so.3
  0x0659974b2000-0x065997720000   /usr/lib/x86_64-linux-gnu/libcrypto.so.3
  0x065997720000-0x0659977f1000   /usr/lib/x86_64-linux-gnu/libcrypto.so.3
  0x0659977f1000-0x06599784c000   /usr/lib/x86_64-linux-gnu/libcrypto.so.3
  0x06599784c000-0x06599784f000   /usr/lib/x86_64-linux-gnu/libcrypto.so.3
  0x06599784f000-0x065997852000   
  0x065997a00000-0x065997a22000   /usr/lib/x86_64-linux-gnu/libc.so.6
  0x065997a22000-0x065997b9a000   /usr/lib/x86_64-linux-gnu/libc.so.6
  0x065997b9a000-0x065997bf2000   /usr/lib/x86_64-linux-gnu/libc.so.6
  0x065997bf2000-0x065997bf6000   /usr/lib/x86_64-linux-gnu/libc.so.6
  0x065997bf6000-0x065997bf8000   /usr/lib/x86_64-linux-gnu/libc.so.6
  0x065997bf8000-0x065997c05000   
  0x065997d4c000-0x065997d50000   /usr/lib/x86_64-linux-gnu/libzstd.so.1.5.4
  0x065997d50000-0x065997dee000   /usr/lib/x86_64-linux-gnu/libzstd.so.1.5.4
  0x065997dee000-0x065997dfe000   /usr/lib/x86_64-linux-gnu/libzstd.so.1.5.4
  0x065997dfe000-0x065997dff000   /usr/lib/x86_64-linux-gnu/libzstd.so.1.5.4
  0x065997dff000-0x065997e00000   /usr/lib/x86_64-linux-gnu/libzstd.so.1.5.4
  0x065997e00000-0x065997e07000   /usr/lib/x86_64-linux-gnu/libubsan.so.1.0.0
  0x065997e07000-0x065997e50000   /usr/lib/x86_64-linux-gnu/libubsan.so.1.0.0
  0x065997e50000-0x065997e68000   /usr/lib/x86_64-linux-gnu/libubsan.so.1.0.0
  0x065997e68000-0x065997e6a000   /usr/lib/x86_64-linux-gnu/libubsan.so.1.0.0
  0x065997e6a000-0x065997e6d000   /usr/lib/x86_64-linux-gnu/libubsan.so.1.0.0
  0x065997e6d000-0x06599840f000   
  0x065998438000-0x065998448000   
  0x065998448000-0x06599844c000   /usr/lib/x86_64-linux-gnu/libgpg-error.so.0.33.1
  0x06599844c000-0x065998462000   /usr/lib/x86_64-linux-gnu/libgpg-error.so.0.33.1
  0x065998462000-0x06599846c000   /usr/lib/x86_64-linux-gnu/libgpg-error.so.0.33.1
  0x06599846c000-0x06599846d000   /usr/lib/x86_64-linux-gnu/libgpg-error.so.0.33.1
  0x06599846d000-0x06599846e000   /usr/lib/x86_64-linux-gnu/libgpg-error.so.0.33.1
  0x06599846e000-0x065998472000   /usr/lib/x86_64-linux-gnu/libkmod.so.2.4.0
  0x065998472000-0x065998483000   /usr/lib/x86_64-linux-gnu/libkmod.so.2.4.0
  0x065998483000-0x065998488000   /usr/lib/x86_64-linux-gnu/libkmod.so.2.4.0
  0x065998488000-0x065998489000   /usr/lib/x86_64-linux-gnu/libkmod.so.2.4.0
  0x065998489000-0x06599848a000   /usr/lib/x86_64-linux-gnu/libkmod.so.2.4.0
  0x06599848a000-0x06599848f000   /usr/lib/x86_64-linux-gnu/libudev.so.1.7.5
  0x06599848f000-0x0659984ac000   /usr/lib/x86_64-linux-gnu/libudev.so.1.7.5
  0x0659984ac000-0x0659984b6000   /usr/lib/x86_64-linux-gnu/libudev.so.1.7.5
  0x0659984b6000-0x0659984b7000   /usr/lib/x86_64-linux-gnu/libudev.so.1.7.5
  0x0659984b7000-0x0659984b8000   /usr/lib/x86_64-linux-gnu/libudev.so.1.7.5
  0x0659984b8000-0x0659984c7000   /usr/lib/x86_64-linux-gnu/libgcrypt.so.20.4.1
  0x0659984c7000-0x0659985b6000   /usr/lib/x86_64-linux-gnu/libgcrypt.so.20.4.1
  0x0659985b6000-0x0659985f6000   /usr/lib/x86_64-linux-gnu/libgcrypt.so.20.4.1
  0x0659985f6000-0x0659985fb000   /usr/lib/x86_64-linux-gnu/libgcrypt.so.20.4.1
  0x0659985fb000-0x0659985ff000   /usr/lib/x86_64-linux-gnu/libgcrypt.so.20.4.1
  0x0659985ff000-0x065998600000   
  0x065998600000-0x06599869c000   /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.31
  0x06599869c000-0x0659987cb000   /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.31
  0x0659987cb000-0x065998858000   /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.31
  0x065998858000-0x065998863000   /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.31
  0x065998863000-0x065998866000   /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.31
  0x065998866000-0x06599886a000   
  0x06599886b000-0x065998874000   
  0x065998874000-0x065998876000   /usr/lib/x86_64-linux-gnu/libuuid.so.1.3.0
  0x065998876000-0x06599887a000   /usr/lib/x86_64-linux-gnu/libuuid.so.1.3.0
  0x06599887a000-0x06599887b000   /usr/lib/x86_64-linux-gnu/libuuid.so.1.3.0
  0x06599887b000-0x06599887c000   /usr/lib/x86_64-linux-gnu/libuuid.so.1.3.0
  0x06599887c000-0x06599887d000   /usr/lib/x86_64-linux-gnu/libuuid.so.1.3.0
  0x06599887d000-0x06599887f000   
  0x06599887f000-0x065998882000   /usr/lib/x86_64-linux-gnu/libgcc_s.so.1
  0x065998882000-0x06599889d000   /usr/lib/x86_64-linux-gnu/libgcc_s.so.1
  0x06599889d000-0x0659988a1000   /usr/lib/x86_64-linux-gnu/libgcc_s.so.1
  0x0659988a1000-0x0659988a2000   /usr/lib/x86_64-linux-gnu/libgcc_s.so.1
  0x0659988a2000-0x0659988a3000   /usr/lib/x86_64-linux-gnu/libgcc_s.so.1
  0x0659988a3000-0x0659988a6000   /usr/lib/x86_64-linux-gnu/liblz4.so.1.9.4
  0x0659988a6000-0x0659988c1000   /usr/lib/x86_64-linux-gnu/liblz4.so.1.9.4
  0x0659988c1000-0x0659988c4000   /usr/lib/x86_64-linux-gnu/liblz4.so.1.9.4
  0x0659988c4000-0x0659988c5000   /usr/lib/x86_64-linux-gnu/liblz4.so.1.9.4
  0x0659988c5000-0x0659988c6000   /usr/lib/x86_64-linux-gnu/liblz4.so.1.9.4
  0x0659988c6000-0x0659988c9000   /usr/lib/x86_64-linux-gnu/liblzma.so.5.4.1
  0x0659988c9000-0x0659988ea000   /usr/lib/x86_64-linux-gnu/liblzma.so.5.4.1
  0x0659988ea000-0x0659988f6000   /usr/lib/x86_64-linux-gnu/liblzma.so.5.4.1
  0x0659988f6000-0x0659988f7000   /usr/lib/x86_64-linux-gnu/liblzma.so.5.4.1
  0x0659988f7000-0x0659988f8000   /usr/lib/x86_64-linux-gnu/liblzma.so.5.4.1
  0x0659988f8000-0x0659988fa000   
  0x0659988fa000-0x0659988fd000   /usr/lib/x86_64-linux-gnu/libcap.so.2.66
  0x0659988fd000-0x065998902000   /usr/lib/x86_64-linux-gnu/libcap.so.2.66
  0x065998902000-0x065998904000   /usr/lib/x86_64-linux-gnu/libcap.so.2.66
  0x065998904000-0x065998905000   /usr/lib/x86_64-linux-gnu/libcap.so.2.66
  0x065998905000-0x065998906000   /usr/lib/x86_64-linux-gnu/libcap.so.2.66
  0x065998906000-0x065998909000   /usr/lib/x86_64-linux-gnu/libdaxctl.so.1.2.5
  0x065998909000-0x06599890e000   /usr/lib/x86_64-linux-gnu/libdaxctl.so.1.2.5
  0x06599890e000-0x065998911000   /usr/lib/x86_64-linux-gnu/libdaxctl.so.1.2.5
  0x065998911000-0x065998912000   /usr/lib/x86_64-linux-gnu/libdaxctl.so.1.2.5
  0x065998912000-0x065998913000   /usr/lib/x86_64-linux-gnu/libdaxctl.so.1.2.5
  0x065998913000-0x06599891c000   /usr/lib/x86_64-linux-gnu/libndctl.so.6.1.21
  0x06599891c000-0x065998932000   /usr/lib/x86_64-linux-gnu/libndctl.so.6.1.21
  0x065998932000-0x06599893c000   /usr/lib/x86_64-linux-gnu/libndctl.so.6.1.21
  0x06599893c000-0x06599893d000   /usr/lib/x86_64-linux-gnu/libndctl.so.6.1.21
  0x06599893d000-0x06599893e000   /usr/lib/x86_64-linux-gnu/libndctl.so.6.1.21
  0x06599893e000-0x06599894c000   /usr/lib/x86_64-linux-gnu/libm.so.6
  0x06599894c000-0x0659989ca000   /usr/lib/x86_64-linux-gnu/libm.so.6
  0x0659989ca000-0x065998a25000   /usr/lib/x86_64-linux-gnu/libm.so.6
  0x065998a25000-0x065998a26000   /usr/lib/x86_64-linux-gnu/libm.so.6
  0x065998a26000-0x065998a27000   /usr/lib/x86_64-linux-gnu/libm.so.6
  0x065998a27000-0x065998a29000   
  0x065998a29000-0x065998a3e000   /usr/lib/x86_64-linux-gnu/libsystemd.so.0.35.0
  0x065998a3e000-0x065998abe000   /usr/lib/x86_64-linux-gnu/libsystemd.so.0.35.0
  0x065998abe000-0x065998aec000   /usr/lib/x86_64-linux-gnu/libsystemd.so.0.35.0
  0x065998aec000-0x065998af7000   /usr/lib/x86_64-linux-gnu/libsystemd.so.0.35.0
  0x065998af7000-0x065998af8000   /usr/lib/x86_64-linux-gnu/libsystemd.so.0.35.0
  0x065998af8000-0x065998af9000   
  0x065998af9000-0x065998afd000   /usr/lib/x86_64-linux-gnu/libpmem.so.1.0.0
  0x065998afd000-0x065998b47000   /usr/lib/x86_64-linux-gnu/libpmem.so.1.0.0
  0x065998b47000-0x065998b4d000   /usr/lib/x86_64-linux-gnu/libpmem.so.1.0.0
  0x065998b4d000-0x065998b4e000   /usr/lib/x86_64-linux-gnu/libpmem.so.1.0.0
  0x065998b4e000-0x065998b4f000   /usr/lib/x86_64-linux-gnu/libpmem.so.1.0.0
  0x065998b4f000-0x065998b51000   /usr/lib/liburing.so.2.2
  0x065998b51000-0x065998b53000   /usr/lib/liburing.so.2.2
  0x065998b53000-0x065998b54000   /usr/lib/liburing.so.2.2
  0x065998b54000-0x065998b55000   /usr/lib/liburing.so.2.2
  0x065998b55000-0x065998b56000   /usr/lib/liburing.so.2.2
  0x065998b56000-0x065998b58000   /usr/lib/x86_64-linux-gnu/libcrypt.so.1.1.0
  0x065998b58000-0x065998b6c000   /usr/lib/x86_64-linux-gnu/libcrypt.so.1.1.0
  0x065998b6c000-0x065998b86000   /usr/lib/x86_64-linux-gnu/libcrypt.so.1.1.0
  0x065998b86000-0x065998b87000   /usr/lib/x86_64-linux-gnu/libcrypt.so.1.1.0
  0x065998b87000-0x065998b88000   /usr/lib/x86_64-linux-gnu/libcrypt.so.1.1.0
  0x065998b88000-0x065998b90000   
  0x065998b92000-0x065998ba2000   
  0x065998ba2000-0x065998ba3000   /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
  0x065998ba3000-0x065998bcb000   /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
  0x065998bcb000-0x065998bd5000   /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
  0x065998bd5000-0x065998bd7000   /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
  0x065998bd7000-0x065998bd9000   /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
  0x5e6e14672000-0x5e6e1c45c000   /test/UBASAN_MD120324-mariadb-11.5.0-linux-x86_64-dbg/bin/mariadbd
  0x5e6e1c45c000-0x5e6e2164b000   /test/UBASAN_MD120324-mariadb-11.5.0-linux-x86_64-dbg/bin/mariadbd
  0x5e6e2164b000-0x5e6e223f1000   /test/UBASAN_MD120324-mariadb-11.5.0-linux-x86_64-dbg/bin/mariadbd
  0x5e6e223f2000-0x5e6e22577000   /test/UBASAN_MD120324-mariadb-11.5.0-linux-x86_64-dbg/bin/mariadbd
  0x5e6e22577000-0x5e6e2b198000   /test/UBASAN_MD120324-mariadb-11.5.0-linux-x86_64-dbg/bin/mariadbd
  0x5e6e2b198000-0x5e6e2c34c000   
  0x7fff10e8c000-0x7fff10ead000   [stack]
  0x7fff10f47000-0x7fff10f4b000   [vvar]
  0x7fff10f4b000-0x7fff10f4d000   [vdso]
  0xffffffffff600000-0xffffffffff601000   [vsyscall]
==3386==End of process memory map.

I met same issue as your mentioned, and which caused stack-over-flow. 

==155884==Shadow memory range interleaves with an existing memory mapping. ASan cannot proceed correctly. ABORTING.
==155884==ASan shadow was supposed to be located in the [0x00007fff7000-0x10007fff7fff] range.
==155884==This might be related to ELF_ET_DYN_BASE change in Linux 4.12.
==155884==See https://github.com/google/sanitizers/issues/856 for possible workarounds.
==155884==Process memory map follows:
    0x061155cae000-0x061156000000   
    0x061156000000-0x061156028000   /usr/lib/x86_64-linux-gnu/libc.so.6
    0x061156028000-0x0611561bd000   /usr/lib/x86_64-linux-gnu/libc.so.6
    0x0611561bd000-0x061156215000   /usr/lib/x86_64-linux-gnu/libc.so.6
    0x061156215000-0x061156216000   /usr/lib/x86_64-linux-gnu/libc.so.6
    0x061156216000-0x06115621a000   /usr/lib/x86_64-linux-gnu/libc.so.6
    0x06115621a000-0x06115621c000   /usr/lib/x86_64-linux-gnu/libc.so.6
    0x06115621c000-0x061156229000   
    0x061156400000-0x06115649a000   /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.30
    0x06115649a000-0x0611565ab000   /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.30
    0x0611565ab000-0x06115661a000   /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.30
    0x06115661a000-0x06115661b000   /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.30
    0x06115661b000-0x061156626000   /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.30
    0x061156626000-0x061156629000   /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.30
    0x061156629000-0x06115662c000   
    0x06115682b000-0x061156895000   /home/lihao/workshop/shannon-bin/lib/private/libprotobuf-lite.so.3.19.4
    0x061156895000-0x0611569ad000   /home/lihao/workshop/shannon-bin/lib/private/libprotobuf-lite.so.3.19.4
    0x0611569ad000-0x0611569f0000   /home/lihao/workshop/shannon-bin/lib/private/libprotobuf-lite.so.3.19.4
    0x0611569f0000-0x0611569f2000   /home/lihao/workshop/shannon-bin/lib/private/libprotobuf-lite.so.3.19.4
    0x0611569f2000-0x0611569ff000   /home/lihao/workshop/shannon-bin/lib/private/libprotobuf-lite.so.3.19.4
    0x0611569ff000-0x061156a00000   
    0x061156a00000-0x061156ab2000   /home/lihao/workshop/shannon-bin/lib/private/libcrypto.so.3
    0x061156ab2000-0x061156d11000   /home/lihao/workshop/shannon-bin/lib/private/libcrypto.so.3
    0x061156d11000-0x061156de3000   /home/lihao/workshop/shannon-bin/lib/private/libcrypto.so.3
    0x061156de3000-0x061156e3e000   /home/lihao/workshop/shannon-bin/lib/private/libcrypto.so.3
    0x061156e3e000-0x061156e41000   /home/lihao/workshop/shannon-bin/lib/private/libcrypto.so.3
    0x061156e41000-0x061156e44000   
    0x061156e44000-0x061156e6a000   /home/lihao/workshop/shannon-bin/lib/private/libcrypto.so.3
    0x061156f19000-0x061156f27000   /usr/lib/x86_64-linux-gnu/libm.so.6
    0x061156f27000-0x061156fa3000   /usr/lib/x86_64-linux-gnu/libm.so.6
    0x061156fa3000-0x061156ffe000   /usr/lib/x86_64-linux-gnu/libm.so.6
    0x061156ffe000-0x061156fff000   /usr/lib/x86_64-linux-gnu/libm.so.6
    0x061156fff000-0x061157000000   /usr/lib/x86_64-linux-gnu/libm.so.6
    0x061157000000-0x061157024000   /usr/lib/x86_64-linux-gnu/libasan.so.6.0.0
    0x061157024000-0x0611570fb000   /usr/lib/x86_64-linux-gnu/libasan.so.6.0.0
    0x0611570fb000-0x06115712d000   /usr/lib/x86_64-linux-gnu/libasan.so.6.0.0
    0x06115712d000-0x06115712e000   /usr/lib/x86_64-linux-gnu/libasan.so.6.0.0
    0x06115712e000-0x061157132000   /usr/lib/x86_64-linux-gnu/libasan.so.6.0.0
    0x061157132000-0x061157135000   /usr/lib/x86_64-linux-gnu/libasan.so.6.0.0
    0x061157135000-0x0611579e9000   
    0x061157a56000-0x061157a6d000   
    0x061157a6d000-0x061157a70000   /usr/lib/x86_64-linux-gnu/libgcc_s.so.1
    0x061157a70000-0x061157a87000   /usr/lib/x86_64-linux-gnu/libgcc_s.so.1
    0x061157a87000-0x061157a8b000   /usr/lib/x86_64-linux-gnu/libgcc_s.so.1
    0x061157a8b000-0x061157a8c000   /usr/lib/x86_64-linux-gnu/libgcc_s.so.1
    0x061157a8c000-0x061157a8d000   /usr/lib/x86_64-linux-gnu/libgcc_s.so.1
    0x061157a8d000-0x061157a8f000   
    0x061157a8f000-0x061157a92000   /usr/lib/x86_64-linux-gnu/libnuma.so.1.0.0
    0x061157a92000-0x061157a98000   /usr/lib/x86_64-linux-gnu/libnuma.so.1.0.0
    0x061157a98000-0x061157a9a000   /usr/lib/x86_64-linux-gnu/libnuma.so.1.0.0
    0x061157a9a000-0x061157a9b000   /usr/lib/x86_64-linux-gnu/libnuma.so.1.0.0
    0x061157a9b000-0x061157a9c000   /usr/lib/x86_64-linux-gnu/libnuma.so.1.0.0
    0x061157a9c000-0x061157aba000   /home/lihao/workshop/shannon-bin/lib/private/libssl.so.3
    0x061157aba000-0x061157b15000   /home/lihao/workshop/shannon-bin/lib/private/libssl.so.3
    0x061157b15000-0x061157b32000   /home/lihao/workshop/shannon-bin/lib/private/libssl.so.3
    0x061157b32000-0x061157b3c000   /home/lihao/workshop/shannon-bin/lib/private/libssl.so.3
    0x061157b3c000-0x061157b40000   /home/lihao/workshop/shannon-bin/lib/private/libssl.so.3
    0x061157b40000-0x061157b47000   /home/lihao/workshop/shannon-bin/lib/private/libssl.so.3
    0x061157b51000-0x061157b5c000   
    0x061157b5c000-0x061157b5e000   /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
    0x061157b5e000-0x061157b88000   /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
    0x061157b88000-0x061157b93000   /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
    0x061157b93000-0x061157b94000   
    0x061157b94000-0x061157b96000   /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
    0x061157b96000-0x061157b98000   /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
    0x56cd9ab69000-0x56cd9eca2000   /home/lihao/workshop/shannon-bin/bin/mysqld
    0x56cd9eca2000-0x56cda3adf000   /home/lihao/workshop/shannon-bin/bin/mysqld
    0x56cda3adf000-0x56cda6b62000   /home/lihao/workshop/shannon-bin/bin/mysqld
    0x56cda6b63000-0x56cda6d31000   /home/lihao/workshop/shannon-bin/bin/mysqld
    0x56cda6d31000-0x56cda7bb7000   /home/lihao/workshop/shannon-bin/bin/mysqld
    0x56cda7bb7000-0x56cda8241000   
    0x7ffd8aac8000-0x7ffd8aae9000   [stack]
    0x7ffd8ab91000-0x7ffd8ab95000   [vvar]
    0x7ffd8ab95000-0x7ffd8ab97000   [vdso]
    0xffffffffff600000-0xffffffffff601000   [vsyscall]
==155884==End of process memory map.

uname -r
6.5.0-28-generic

lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 22.04.4 LTS
Release:    22.04
Codename:   jammy
mariadb-RoelVandePaar commented 4 months ago

@RingsC Did the sudo sysctl vm.mmap_rnd_bits=28 help in your case also?

RingsC commented 4 months ago

@RingsC Did the sudo sysctl vm.mmap_rnd_bits=28 help in your case also?

After use that, ASan does not issue the output message, It works.

eugenis commented 4 months ago

ulimit -s only affects the main thread stack. This overflow is on a secondary thread.

On Tue, Apr 23, 2024 at 11:59 PM RingsC @.***> wrote:

@RingsC https://github.com/RingsC Did the sudo sysctl vm.mmap_rnd_bits=28 help in your case also?

After use that, ASan does not issue the output message, but the stack over flow still exists.

I Alpha V.- (GPL). 868 AddressSanitizer:DEADLYSIGNAL 869 ================================================================= 870 ==158745==ERROR: AddressSanitizer: stack-overflow on address 0x15551f7dd158 (pc 0x55555c411f6c bp 0x15551f854180 sp 0x15551f7dd158 T44) 871 #0 0x55555c411f6c in ShannonBase::ML::ML_regression::train() /home/lihao/workshop/ShannonBase/ml/ml_regression.cpp:65 872 #1 0x55555c408ab1 in ShannonBase::ML::Auto_ML::train() /home/lihao/workshop/ShannonBase/ml/auto_ml.cpp:195 873 #2 0x55555a2c5254 in Item_func_ml_train::val_int() /home/lihao/workshop/ShannonBase/sql/item_func.cc:10068 874 #3 0x55555a1a4bb1 in Item::save_in_field_inner(Field, bool) /home/lihao/workshop/ShannonBase/sql/item.cc:6895 875 #4 0x55555a1b8ee4 in Item::save_in_field(Field, bool) /home/lihao/workshop/ShannonBase/sql/item.cc:6765 876 #5 0x55555a69db1d in sp_eval_expr(THD, Field, Item) /home/lihao/workshop/ShannonBase/sql/sp.cc:2591 877 #6 0x5555597ee90c in sp_rcontext::set_variable(THD, Field, Item) /home/lihao/workshop/ShannonBase/sql/sp_rcontext.cc:409 878 #7 0x5555597cd53f in sp_rcontext::set_variable(THD*, unsigned int, Item*) /home/lihao/workshop/ShannonBase/sql/sp_rcontext.h:172 879 #8 0x55555a630eb2 in Query_dumpvar::send_data(THD, mem_root_deque<Item> const&) /home/lihao/workshop/ShannonBase/sql/query_result.cc:722 880 #9 0x555559c43dbc in Query_expression::ExecuteIteratorQuery(THD) /home/lihao/workshop/ShannonBase/sql/sql_union.cc:1785 881 #10 0x555559c44184 in Query_expression::execute(THD) /home/lihao/workshop/ShannonBase/sql/sql_union.cc:1823 882 #11 0x555559ae554c in Sql_cmd_dml::execute_inner(THD) /home/lihao/workshop/ShannonBase/sql/sql_select.cc:1023 883 #12 0x555559b018e6 in Sql_cmd_dml::execute(THD) /home/lihao/workshop/ShannonBase/sql/sql_select.cc:794 884 #13 0x5555599f2da8 in mysql_execute_command(THD, bool) /home/lihao/workshop/ShannonBase/sql/sql_parse.cc:4797 885 #14 0x5555597dbd15 in sp_instr_stmt::exec_core(THD, unsigned int) /home/lihao/workshop/ShannonBase/sql/sp_instr.cc:992 886 #15 0x5555597e0530 in sp_lex_instr::reset_lex_and_exec_core(THD, unsigned int, bool) /home/lihao/workshop/ShannonBase/sql/sp_instr.cc:461 887 #16 0x5555597e0d4e in sp_lex_instr::validate_lex_and_execute_core(THD, unsigned int, bool) /home/lihao/workshop/ShannonBase/sql/sp_instr.cc:746 888 #17 0x5555597e228b in sp_instr_stmt::execute(THD, unsigned int) /home/lihao/workshop/ShannonBase/sql/sp_instr.cc:918 889 #18 0x5555597c2f7f in sp_head::execute(THD, bool) /home/lihao/workshop/ShannonBase/sql/sp_head.cc:2233 890 #19 0x5555597c62e6 in sp_head::execute_procedure(THD, mem_root_deque<Item>) /home/lihao/workshop/ShannonBase/sql/sp_head.cc:2953 891 #20 0x55555a6f9364 in Sql_cmd_call::execute_inner(THD) /home/lihao/workshop/ShannonBase/sql/sql_call.cc:236 892 #21 0x555559b018e6 in Sql_cmd_dml::execute(THD) /home/lihao/workshop/ShannonBase/sql/sql_select.cc:794 893 #22 0x5555599f2da8 in mysql_execute_command(THD, bool) /home/lihao/workshop/ShannonBase/sql/sql_parse.cc:4797 894 #23 0x5555599f6414 in dispatch_sql_command(THD, Parser_state) /home/lihao/workshop/ShannonBase/sql/sql_parse.cc:5447 895 #24 0x5555599f8f61 in dispatch_command(THD, COM_DATA const, enum_server_command) /home/lihao/workshop/ShannonBase/sql/sql_parse.cc:2112 896 #25 0x5555599fc724 in do_command(THD) /home/lihao/workshop/ShannonBase/sql/sql_parse.cc:1459 897 #26 0x555559ddc1a8 in handle_connection /home/lihao/workshop/ShannonBase/sql/conn_handler/connection_handler_per_thread.cc:303 898 #27 0x55555dda2f95 in pfs_spawn_thread /home/lihao/workshop/ShannonBase/storage/perfschema/pfs.cc:3043 899 #28 0x155553a94ac2 in start_thread nptl/pthread_create.c:442 900 #29 0x155553b2684f (/lib/x86_64-linux-gnu/libc.so.6+0x12684f) 901 902 SUMMARY: AddressSanitizer: stack-overflow /home/lihao/workshop/ShannonBase/ml/ml_regression.cpp:65 in ShannonBase::ML::ML_regression::train() 903 Thread T44 created by T0 here: 904 #0 0x155554a58685 in interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:216 905 #1 0x55555c3694ac in my_thread_create(my_thread_handle, pthread_attr_t const, void ()(void), void) /home/lihao/workshop/ShannonBase/mysys/my_thread.cc:80 906 #2 0x55555dda2e20 in pfs_spawn_thread_vc(unsigned int, unsigned int, my_thread_handle, pthread_attr_t const, void ()(void), void) /home/lihao/workshop/ShannonBase/storage/perfschema/pfs.cc:3089 907 #3 0x555559ddb039 in inline_mysql_thread_create /home/lihao/workshop/ShannonBase/include/mysql/psi/mysql_thread.h:139 908 #4 0x555559ddc5ed in Per_thread_connection_handler::add_connection(Channel_info) /home/lihao/workshop/ShannonBase/sql/conn_handler/connection_handler_per_thread.cc:420 909 #5 0x55555a00efe8 in Connection_handler_manager::process_new_connection(Channel_info) /home/lihao/workshop/ShannonBase/sql/conn_handler/connection_handler_manager.cc:260 910 #6 0x5555596da20e in Connection_acceptor::connection_event_loop() (/home/lihao/workshop/shannon-bin/bin/mysqld+0x418620e) 911 #7 0x5555596d2fa2 in mysqld_main(int, char**) /home/lihao/workshop/ShannonBase/sql/mysqld.cc:8355 912 #8 0x5555596aa635 in main /home/lihao/workshop/ShannonBase/sql/main.cc:25 913 #9 0x155553a29d8f in libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 914 915 ==158745==ABORTING

I incorporate LightGBM, which is ML tools, as static lib into my code. And when i try to invoke the functions. It causes the coredump, the call stack as described above. It's wiered message, stack-overflow, i have already used ulimit -s unlimted.

— Reply to this email directly, view it on GitHub https://github.com/google/sanitizers/issues/856#issuecomment-2074213627, or unsubscribe https://github.com/notifications/unsubscribe-auth/AADG4SSGS3MFUIHFO2HSKHTY65J6NAVCNFSM4DZ4EPTKU5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TEMBXGQZDCMZWGI3Q . You are receiving this because you were assigned.Message ID: @.***>

RingsC commented 4 months ago

ulimit -s only affects the main thread stack. This overflow is on a

secondary thread.

On Tue, Apr 23, 2024 at 11:59 PM RingsC @.***> wrote:

@RingsC https://github.com/RingsC Did the sudo sysctl

vm.mmap_rnd_bits=28 help in your case also?

After use that, ASan does not issue the output message, but the stack over

flow still exists.

I Alpha V.- (GPL).

868 AddressSanitizer:DEADLYSIGNAL

869 =================================================================

870 ==158745==ERROR: AddressSanitizer: stack-overflow on address 0x15551f7dd158 (pc 0x55555c411f6c bp 0x15551f854180 sp 0x15551f7dd158 T44)

871 #0 0x55555c411f6c in ShannonBase::ML::ML_regression::train() /home/lihao/workshop/ShannonBase/ml/ml_regression.cpp:65

872 #1 0x55555c408ab1 in ShannonBase::ML::Auto_ML::train() /home/lihao/workshop/ShannonBase/ml/auto_ml.cpp:195

873 #2 0x55555a2c5254 in Item_func_ml_train::val_int() /home/lihao/workshop/ShannonBase/sql/item_func.cc:10068

874 #3 0x55555a1a4bb1 in Item::save_in_field_inner(Field*, bool) /home/lihao/workshop/ShannonBase/sql/item.cc:6895

875 #4 0x55555a1b8ee4 in Item::save_in_field(Field*, bool) /home/lihao/workshop/ShannonBase/sql/item.cc:6765

876 #5 0x55555a69db1d in sp_eval_expr(THD, Field, Item**) /home/lihao/workshop/ShannonBase/sql/sp.cc:2591

877 #6 0x5555597ee90c in sp_rcontext::set_variable(THD, Field, Item**) /home/lihao/workshop/ShannonBase/sql/sp_rcontext.cc:409

878 #7 0x5555597cd53f in sp_rcontext::set_variable(THD*, unsigned int, Item**) /home/lihao/workshop/ShannonBase/sql/sp_rcontext.h:172

879 #8 0x55555a630eb2 in Query_dumpvar::send_data(THD, mem_root_deque<Item> const&) /home/lihao/workshop/ShannonBase/sql/query_result.cc:722

880 #9 0x555559c43dbc in Query_expression::ExecuteIteratorQuery(THD*) /home/lihao/workshop/ShannonBase/sql/sql_union.cc:1785

881 #10 0x555559c44184 in Query_expression::execute(THD*) /home/lihao/workshop/ShannonBase/sql/sql_union.cc:1823

882 #11 0x555559ae554c in Sql_cmd_dml::execute_inner(THD*) /home/lihao/workshop/ShannonBase/sql/sql_select.cc:1023

883 #12 0x555559b018e6 in Sql_cmd_dml::execute(THD*) /home/lihao/workshop/ShannonBase/sql/sql_select.cc:794

884 #13 0x5555599f2da8 in mysql_execute_command(THD*, bool) /home/lihao/workshop/ShannonBase/sql/sql_parse.cc:4797

885 #14 0x5555597dbd15 in sp_instr_stmt::exec_core(THD, unsigned int) /home/lihao/workshop/ShannonBase/sql/sp_instr.cc:992

886 #15 0x5555597e0530 in sp_lex_instr::reset_lex_and_exec_core(THD, unsigned int, bool) /home/lihao/workshop/ShannonBase/sql/sp_instr.cc:461

887 #16 0x5555597e0d4e in sp_lex_instr::validate_lex_and_execute_core(THD, unsigned int, bool) /home/lihao/workshop/ShannonBase/sql/sp_instr.cc:746

888 #17 0x5555597e228b in sp_instr_stmt::execute(THD, unsigned int) /home/lihao/workshop/ShannonBase/sql/sp_instr.cc:918

889 #18 0x5555597c2f7f in sp_head::execute(THD*, bool) /home/lihao/workshop/ShannonBase/sql/sp_head.cc:2233

890 #19 0x5555597c62e6 in sp_head::execute_procedure(THD, mem_root_deque<Item>*) /home/lihao/workshop/ShannonBase/sql/sp_head.cc:2953

891 #20 0x55555a6f9364 in Sql_cmd_call::execute_inner(THD*) /home/lihao/workshop/ShannonBase/sql/sql_call.cc:236

892 #21 0x555559b018e6 in Sql_cmd_dml::execute(THD*) /home/lihao/workshop/ShannonBase/sql/sql_select.cc:794

893 #22 0x5555599f2da8 in mysql_execute_command(THD*, bool) /home/lihao/workshop/ShannonBase/sql/sql_parse.cc:4797

894 #23 0x5555599f6414 in dispatch_sql_command(THD, Parser_state) /home/lihao/workshop/ShannonBase/sql/sql_parse.cc:5447

895 #24 0x5555599f8f61 in dispatch_command(THD, COM_DATA const, enum_server_command) /home/lihao/workshop/ShannonBase/sql/sql_parse.cc:2112

896 #25 0x5555599fc724 in do_command(THD*) /home/lihao/workshop/ShannonBase/sql/sql_parse.cc:1459

897 #26 0x555559ddc1a8 in handle_connection /home/lihao/workshop/ShannonBase/sql/conn_handler/connection_handler_per_thread.cc:303

898 #27 0x55555dda2f95 in pfs_spawn_thread /home/lihao/workshop/ShannonBase/storage/perfschema/pfs.cc:3043

899 #28 0x155553a94ac2 in start_thread nptl/pthread_create.c:442

900 #29 0x155553b2684f (/lib/x86_64-linux-gnu/libc.so.6+0x12684f)

901

902 SUMMARY: AddressSanitizer: stack-overflow /home/lihao/workshop/ShannonBase/ml/ml_regression.cpp:65 in ShannonBase::ML::ML_regression::train()

903 Thread T44 created by T0 here:

904 #0 0x155554a58685 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:216

905 #1 0x55555c3694ac in my_thread_create(my_thread_handle, pthread_attr_t const, void ()(void), void) /home/lihao/workshop/ShannonBase/mysys/my_thread.cc:80

906 #2 0x55555dda2e20 in pfs_spawn_thread_vc(unsigned int, unsigned int, my_thread_handle, pthread_attr_t const, void ()(void), void) /home/lihao/workshop/ShannonBase/storage/perfschema/pfs.cc:3089

907 #3 0x555559ddb039 in inline_mysql_thread_create /home/lihao/workshop/ShannonBase/include/mysql/psi/mysql_thread.h:139

908 #4 0x555559ddc5ed in Per_thread_connection_handler::add_connection(Channel_info*) /home/lihao/workshop/ShannonBase/sql/conn_handler/connection_handler_per_thread.cc:420

909 #5 0x55555a00efe8 in Connection_handler_manager::process_new_connection(Channel_info*) /home/lihao/workshop/ShannonBase/sql/conn_handler/connection_handler_manager.cc:260

910 #6 0x5555596da20e in Connection_acceptor::connection_event_loop() (/home/lihao/workshop/shannon-bin/bin/mysqld+0x418620e)

911 #7 0x5555596d2fa2 in mysqld_main(int, char**) /home/lihao/workshop/ShannonBase/sql/mysqld.cc:8355

912 #8 0x5555596aa635 in main /home/lihao/workshop/ShannonBase/sql/main.cc:25

913 #9 0x155553a29d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58

914

915 ==158745==ABORTING

I incorporate LightGBM, which is ML tools, as static lib into my code.

And when i try to invoke the functions. It causes the coredump, the call

stack as described above. It's wiered message, stack-overflow, i have

already used ulimit -s unlimted.

Reply to this email directly, view it on GitHub

https://github.com/google/sanitizers/issues/856#issuecomment-2074213627,

or unsubscribe

https://github.com/notifications/unsubscribe-auth/AADG4SSGS3MFUIHFO2HSKHTY65J6NAVCNFSM4DZ4EPTKU5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TEMBXGQZDCMZWGI3Q

.

You are receiving this because you were assigned.Message ID:

@.***>

En,yes. I have fixed it, thanks for your reply.

zuo000 commented 3 months ago

I tried change ShadowMemory Base from 0x7fff8000 to 0xbfff8000, because my binary was too large (2.2G), the error was gone, but another SEGV was reported: (i printed memory layout forcelly)

|| [0x1000bfff8000, 0x7fffffffffff] || HighMem || || [0x0200d7ff7000, 0x1000bfff7fff] || HighShadow || || [0x0000d7ff7000, 0x0200d7ff6fff] || ShadowGap || || [0x0000bfff8000, 0x0000d7ff6fff] || LowShadow || || [0x000000000000, 0x0000bfff7fff] || LowMem || MemToShadow(shadow): 0x0000d7ff7000 0x0000daff6dff 0x0040daff6e00 0x0200d7ff6fff redzone=16 max_redzone=2048 quarantine_size_mb=256M thread_local_quarantine_size_kb=1024K malloc_context_size=30 SHADOW_SCALE: 3 SHADOW_GRANULARITY: 8 SHADOW_OFFSET: 0xbfff8000 AddressSanitizer:DEADLYSIGNAL

==27259==ERROR: AddressSanitizer: SEGV on unknown address 0x00008f87c112 (pc 0x00005e69da85 bp 0x7fffffffdac0 sp 0x7ffffff32960 T0) ==27259==The signal is caused by a READ memory access.

0 0x5e69da85 in __static_initialization_and_destruction_0(int, int) (/myapp+0x5e69da85)

#1 0x5e7ad6a4 in _GLOBAL__sub_I_main.cpp (/myapp+0x5e7ad6a4)
#2 0x6fa06d4c in __libc_csu_init (/myapp+0x6fa06d4c)
#3 0x7ffff29124e4 in __libc_start_main (/libc.so.6+0x224e4)
#4 0x5e689c0d  (/myapp+0x5e689c0d)

could expert give some suggestion?

zuo000 commented 3 months ago

I tried change ShadowMemory Base from 0x7fff8000 to 0xbfff8000, because my binary was too large (2.2G), the error was gone, but another SEGV was reported: (i printed memory layout forcelly)

|| [0x1000bfff8000, 0x7fffffffffff] || HighMem ||

|| [0x0200d7ff7000, 0x1000bfff7fff] || HighShadow || || [0x0000d7ff7000, 0x0200d7ff6fff] || ShadowGap || || [0x0000bfff8000, 0x0000d7ff6fff] || LowShadow || || [0x000000000000, 0x0000bfff7fff] || LowMem || MemToShadow(shadow): 0x0000d7ff7000 0x0000daff6dff 0x0040daff6e00 0x0200d7ff6fff redzone=16 max_redzone=2048 quarantine_size_mb=256M thread_local_quarantine_size_kb=1024K malloc_context_size=30 SHADOW_SCALE: 3 SHADOW_GRANULARITY: 8 SHADOW_OFFSET: 0xbfff8000 AddressSanitizer:DEADLYSIGNAL ==27259==ERROR: AddressSanitizer: SEGV on unknown address 0x00008f87c112 (pc 0x00005e69da85 bp 0x7fffffffdac0 sp 0x7ffffff32960 T0) ==27259==The signal is caused by a READ memory access. #0 0x5e69da85 in __static_initialization_and_destruction_0(int, int) (/myapp+0x5e69da85) #1 0x5e7ad6a4 in _GLOBALsub_I_main.cpp (/myapp+0x5e7ad6a4) #2 0x6fa06d4c in libc_csu_init (/myapp+0x6fa06d4c) #3 0x7ffff29124e4 in __libc_start_main (/libc.so.6+0x224e4) #4 0x5e689c0d (/myapp+0x5e689c0d)

could expert give some suggestion?

after change the hardcoded Shadow Base in gcc source code, the SEGV was gone. I think this is a feasible workaround so far.