Segmentation fault in ASan with my app

[ramosian-glider]

Originally reported on Google Code with ID 119

What steps will reproduce the problem?
I haven't figured this out, sorry. Feel free to contact me so if you want to work it
out :). 

What is the expected output? What do you see instead?
Expected to see my program run with ASane-enabled, but instead get
+ ./build/client/fruttle
ASAN:SIGSEGV
==16287== ERROR: AddressSanitizer crashed on unknown address 0x0000a1a47750 (pc 0x7fffffd18fff
sp 0x7fff697b7518 bp 0x7fff697b7960 T0)
AddressSanitizer can not provide additional info. ABORTING
==16287== LC_SEGMENT: 0x000113af6000--0x000113c42000 /System/Library/Components/CoreAudio.component/Contents/MacOS/CoreAudio+0x000000000000
==16287== LC_SEGMENT: 0x000113c42000--0x000113c59000 /System/Library/Components/CoreAudio.component/Contents/MacOS/CoreAudio+0x00000014c000
==16287== LC_SEGMENT: 0x000113c59000--0x000113cb5000 /System/Library/Components/CoreAudio.component/Contents/MacOS/CoreAudio+0x000000161000
<snip, a ton of lines like these>
==16223== LC_SEGMENT: 0x7fff9533b000--0x7fff9534e000 /usr/lib/libz.1.dylib+0x000000000000
==16223== LC_SEGMENT: 0x7fff7ba4c000--0x7fff7ba4d000 /usr/lib/libz.1.dylib+0x00000e7da000
==16223== LC_SEGMENT: 0x7fff97428000--0x7fff9ac34000 /usr/lib/libz.1.dylib+0x00000ec47000
==16223== LC_SEGMENT: 0x000008575000--0x000108575000 /Users/nick/Documents/Code/rubble-desktop/./build/client/fruttle+0x000000000000
==16223== LC_SEGMENT: 0x000108575000--0x00010d978000 /Users/nick/Documents/Code/rubble-desktop/./build/client/fruttle+0x000000000000
    #46 0x108575000 (/Users/nick/Documents/Code/rubble-desktop/./build/client/fruttle+0x0)
Stats: 0M malloced (0M for red zones) by 739 calls
Stats: 0M realloced by 18 calls
Stats: 0M freed by 499 calls
Stats: 0M really freed by 0 calls
Stats: 32M (8196 full pages) mmaped in 8 calls
  mmaps   by size class: 8:16383; 9:8191; 10:4095; 11:2047; 12:1024; 13:512; 14:256;
17:32; 
  mallocs by size class: 8:686; 9:36; 10:5; 11:1; 12:5; 13:4; 14:1; 17:1; 
  frees   by size class: 8:478; 9:17; 13:4; 
  rfrees  by size class: 
Stats: malloc large: 3 small slow: 9

What version of the product are you using? On what operating system?
$ clang --version
Apple clang version 4.1 (tags/Apple/clang-421.11.66) (based on LLVM 3.1svn)
Target: x86_64-apple-darwin11.4.2
Thread model: posix

on OSX 10.7.5

Please provide any additional information below.
Here's the stacktrace from lldb upon crash:

Current executable set to './build/client/fruttle' (x86_64).
(lldb) run
Process 16078 launched: '/Users/nick/Documents/Code/rubble-desktop/build/client/fruttle'
(x86_64)
Process 16078 stopped
* thread #1: tid = 0x1f03, 0x00007fffffd18fff, stop reason = EXC_BAD_ACCESS (code=1,
address=0x97e8c750)
    frame #0: 0x00007fffffd18fff
-> 0x7fffffd18fff:  addb   %dl, -1869574000(%rax)
   0x7fffffd19005:  nop    
   0x7fffffd19006:  nop    
   0x7fffffd19007:  nop    
(lldb) bt
* thread #1: tid = 0x1f03, 0x00007fffffd18fff, stop reason = EXC_BAD_ACCESS (code=1,
address=0x97e8c750)
    frame #0: 0x00007fffffd18fff
    frame #1: 0x00007fff8d191416 libxpc.dylib`_xpc_connection_create + 341
    frame #2: 0x00007fff8d191d9a libxpc.dylib`xpc_connection_create + 32
    frame #3: 0x00007fff8c51a9e8 CoreFoundation`-[NSXPCConnection initWithServiceName:privileged:]
+ 232
    frame #4: 0x00007fff8c51a580 CoreFoundation`__CFXNotificationCenterSetupConnection
+ 176
    frame #5: 0x00007fff8c51a4c1 CoreFoundation`__CFXNotificationCenterCreate + 273
    frame #6: 0x00007fff8c51a39a CoreFoundation`__CFNotificationCenterGetDistributedCenter_block_invoke_1
+ 26
    frame #7: 0x00007fff8d5543f2 libdispatch.dylib`dispatch_once_f + 53
    frame #8: 0x00007fff8c5097aa CoreFoundation`CFNotificationCenterGetDistributedCenter
+ 74
    frame #9: 0x00007fff8c548868 CoreFoundation`____CFXPreferencesGetSourceForTriplet_block_invoke_1
+ 40
    frame #10: 0x00007fff8d5543f2 libdispatch.dylib`dispatch_once_f + 53
    frame #11: 0x00007fff8c5153ea CoreFoundation`__CFXPreferencesGetSourceForTriplet
+ 58
    frame #12: 0x00007fff8c521817 CoreFoundation`__CFXPreferencesGetSearchListForBundleID
+ 215
    frame #13: 0x00007fff8c5216f8 CoreFoundation`___CFXPreferencesCopyAppValue_block_invoke_1
+ 24
    frame #14: 0x00007fff8c52169a CoreFoundation`CFPreferencesCopyAppValue + 218
    frame #15: 0x00007fff8c524cee CoreFoundation`_CFBundleCopyUserLanguages + 222
    frame #16: 0x00007fff8c4f8d85 CoreFoundation`_CFBundleAddPreferredLprojNamesInDirectory
+ 1461
    frame #17: 0x00007fff8c4f987b CoreFoundation`_CFBundleGetLanguageSearchList + 123
    frame #18: 0x00007fff8c4f8d0a CoreFoundation`_CFBundleAddPreferredLprojNamesInDirectory
+ 1338
    frame #19: 0x00007fff8c4f987b CoreFoundation`_CFBundleGetLanguageSearchList + 123
    frame #20: 0x00007fff8c50c7bf CoreFoundation`CFBundleCopyResourceURL + 47
    frame #21: 0x00007fff8c50f2b4 CoreFoundation`CFBundleCopyLocalizedString + 372
    frame #22: 0x00007fff8c50d62c CoreFoundation`_CFCopyLocalizedVersionKey + 124
    frame #23: 0x00007fff8c50d413 CoreFoundation`_CFCopyVersionDictionary + 179
    frame #24: 0x000000010b44a9f9 CoreAudio`CAAppWorkArounds::UseCSCheckFix() + 37
    frame #25: 0x000000010b44ab16 CoreAudio`CAAppWorkArounds::Needs3385081WorkAround()
+ 20
    frame #26: 0x000000010b44ab6d CoreAudio`Prime() + 9
    frame #27: 0x00007fff8e9b5e06 libsystem_c.dylib`pthread_once + 86
    frame #28: 0x000000010b40714d CoreAudio`AUBase::AUBase(ComponentInstanceRecord*,
unsigned int, unsigned int, unsigned int) + 769
    frame #29: 0x000000010b42a9f1 CoreAudio`AUMixer3D::AUMixer3D(ComponentInstanceRecord*)
+ 37
    frame #30: 0x000000010b42d18d CoreAudio`ComponentEntryPoint<AUMixer3D>::Dispatch(ComponentParameters*,
AUMixer3D*) + 96
    frame #31: 0x00007fff91be1861 CarbonCore`CallComponentOpen + 46
    frame #32: 0x00007fff91b8f7ba CarbonCore`OpenAComponent + 397
    frame #33: 0x00007fff91b8f83b CarbonCore`OpenComponent + 17
    frame #34: 0x00000001080a4ffc OpenAL`Get3DMixerVersion() + 79
    frame #35: 0x00000001080a5190 OpenAL`GetALCExtensionList() + 137
    frame #36: 0x00000001080a0379 OpenAL`alcIsExtensionPresent + 61
    frame #37: 0x00000001080d3e58 libalure.1.dylib`init_alure + 40 at alure.cpp:130
    frame #38: 0x00007fff5fc0fda6 dyld`ImageLoaderMachO::doModInitFunctions(ImageLoader::LinkContext
const&) + 218
    frame #39: 0x00007fff5fc0faf2 dyld`ImageLoaderMachO::doInitialization(ImageLoader::LinkContext
const&) + 46
    frame #40: 0x00007fff5fc0d2e4 dyld`ImageLoader::recursiveInitialization(ImageLoader::LinkContext
const&, unsigned int, ImageLoader::InitializerTimingList&) + 260
    frame #41: 0x00007fff5fc0d27d dyld`ImageLoader::recursiveInitialization(ImageLoader::LinkContext
const&, unsigned int, ImageLoader::InitializerTimingList&) + 157
    frame #42: 0x00007fff5fc0e0b7 dyld`ImageLoader::runInitializers(ImageLoader::LinkContext
const&, ImageLoader::InitializerTimingList&) + 59
    frame #43: 0x00007fff5fc034dd dyld`dyld::initializeMainExecutable() + 206
    frame #44: 0x00007fff5fc0760b dyld`dyld::_main(macho_header const*, unsigned long,
int, char const**, char const**, char const**) + 1852
    frame #45: 0x00007fff5fc01059 dyld`_dyld_start + 49

This only occurs when the whole project is compiled with -faddress-sanitizer 

Reported by nick@astrant.net on 2012-10-11 12:40:20

[ramosian-glider]

Alex, have you seen something similar to this stack? 
Just by looking at it, I don't see anything that helps my analyze this. 
Could be a problem unrelated to asan (e.g. an uninitialized memory that behaves differently
under asan). 

Unless Alex knows something about this stack trace we'll need a reproducer. 

Reported by konstantin.s.serebryany on 2012-10-11 12:48:05

[ramosian-glider]

I haven't seen anything similar.

Reported by samsonov@google.com on 2012-10-12 08:05:23

[ramosian-glider]

Nick, can you please re-run the app with ASAN_OPTIONS=verbosity=2 and attach the log?
You can also try to set ASAN_OPTIONS=replace_cfallocator=0 to see if it helps to work
around the problem.

I guess we'll still need the repro.

Reported by ramosian.glider on 2012-10-12 08:35:50

• Status changed: Accepted
• Labels added: OpSys-OSX

[ramosian-glider]

Ping. Is this still reproducible?

Reported by ramosian.glider on 2012-10-25 09:00:38

[ramosian-glider]

Pong. Thanks for the reminder.

Reported by nick@astrant.net on 2012-10-25 09:20:13

---

• Attachment: asan-verbose
• Attachment: asan-no-replace-cfallocator

[ramosian-glider]

Will work on getting you a simpler testcase. 

Reported by nick@astrant.net on 2012-10-25 09:25:22

[ramosian-glider]

I've fixed a bug in the replace_cfallocator flag yesterday, which could change the output
of asan-no-replace-cfallocator. Could you please try with the latest Clang?
Overall I'd love to reproduce this locally somehow, because I still do not have an
idea what's going on.

Reported by ramosian.glider on 2012-10-25 09:25:41

[ramosian-glider]

I don't build clang, I get it from Apple. ;-) 

What revision should I at least checkout?

Reported by nick@astrant.net on 2012-10-25 09:41:39

[ramosian-glider]

I believe the Clang shipped by Apple doesn't fully support ASan at the moment.
Please take some trunk revision, e.g. 166410

Reported by ramosian.glider on 2012-10-25 09:54:33

[ramosian-glider]

I didn't even think of that.. They also shipped on that simply crashes on lambda's for
a while, haha. I'll check that revision, thanks!

Reported by nick@astrant.net on 2012-10-25 09:56:05

[ramosian-glider]

I can't reproduce it in clang version 3.2 (trunk 166676), so I think you can close this
bug. Seems like Apple shipped a version without (complete) asan support. 

Reported by nick@astrant.net on 2012-10-26 17:14:59

[ramosian-glider]

Reported by ramosian.glider on 2012-10-29 09:56:35

• Status changed: Invalid

[ramosian-glider]

Adding Project:AddressSanitizer as part of GitHub migration.

Reported by ramosian.glider on 2015-07-30 09:13:40

• Labels added: ProjectAddressSanitizer