This is the mail archive of the
gcc-help@gcc.gnu.org
mailing list for the GCC project.
Address Sanitizer fails due to odd system library mappings
- From: Richard Sewards <richard dot sewards at exfo dot com>
- To: "gcc-help at gcc dot gnu dot org" <gcc-help at gcc dot gnu dot org>
- Date: Fri, 15 May 2015 14:43:22 +0000
- Subject: Address Sanitizer fails due to odd system library mappings
- Authentication-results: sourceware.org; auth=none
Hi,
I've been building gcc 5.1.0 for a number of targets and one of them (an e500 powerpc linux target) is having difficulty running the address sanitizer.
With the default shadow configuration a trivial test program is unable start because ASAN cannot map the shadow memory. It quits, saying: "Shadow memory range interleaves with an existing memory mapping.". When I modify the location of the shadow offset to 0x40000000 (from 0x20000000) the trivial program works but a real application starts successfully but then fails when it attempts to allocate (new or malloc) a large (~2meg) chunk of memory.
On another powerpc linux target (e500mc) I have the sanitizer works fine, so I suspect there is a something in the failing target's system libraries that is causing problems. The e500mc target has a newer kernel and OS.
What I think is the culprit is the mapping of several system libraries (libm, libc, and libdl) to addresses around 0x30000000, and that this causes the initial failure with shadow offset 0x20000000 and causes a fragmentation problem for the ASAN's allocator when the shadow offset is 0x40000000.
When ASAN fails (with the default shadow offset 0x20000000), I see:
# ASAN_OPTIONS=verbosity=2 ./try 1 2 3
==1165==Parsed ASAN_OPTIONS: verbosity=2
==1165==AddressSanitizer: failed to intercept 'preadv'
==1165==AddressSanitizer: failed to intercept 'preadv64'
==1165==AddressSanitizer: failed to intercept 'pwritev'
==1165==AddressSanitizer: failed to intercept 'pwritev64'
==1165==AddressSanitizer: failed to intercept '__isoc99_scanf'
==1165==AddressSanitizer: failed to intercept '__isoc99_sscanf'
==1165==AddressSanitizer: failed to intercept '__isoc99_fscanf'
==1165==AddressSanitizer: failed to intercept '__isoc99_vscanf'
==1165==AddressSanitizer: failed to intercept '__isoc99_vsscanf'
==1165==AddressSanitizer: failed to intercept '__isoc99_vfscanf'
==1165==AddressSanitizer: failed to intercept '__isoc99_printf'
==1165==AddressSanitizer: failed to intercept '__isoc99_sprintf'
==1165==AddressSanitizer: failed to intercept '__isoc99_snprintf'
==1165==AddressSanitizer: failed to intercept '__isoc99_fprintf'
==1165==AddressSanitizer: failed to intercept '__isoc99_vprintf'
==1165==AddressSanitizer: failed to intercept '__isoc99_vsprintf'
==1165==AddressSanitizer: failed to intercept '__isoc99_vsnprintf'
==1165==AddressSanitizer: failed to intercept '__isoc99_vfprintf'
==1165==AddressSanitizer: failed to intercept 'accept4'
==1165==AddressSanitizer: failed to intercept 'pthread_mutexattr_getrobust'
==1165==AddressSanitizer: failed to intercept 'pthread_setname_np'
==1165==AddressSanitizer: failed to intercept 'timerfd_settime'
==1165==AddressSanitizer: failed to intercept 'timerfd_gettime'
==1165==AddressSanitizer: libc interceptors initialized
|| `[0x38000000, 0xbfffffff]` || HighMem ||
|| `[0x27000000, 0x37ffffff]` || HighShadow ||
|| `[0x24000000, 0x26ffffff]` || ShadowGap ||
|| `[0x20000000, 0x23ffffff]` || LowShadow ||
|| `[0x00000000, 0x1fffffff]` || LowMem ||
MemToShadow(shadow): 0x24000000 0x247fffff 0x24e00000 0x26ffffff
redzone=16
max_redzone=2048
quarantine_size=64M
malloc_context_size=30
SHADOW_SCALE: 3
SHADOW_GRANULARITY: 8
SHADOW_OFFSET: 20000000
==1165==Shadow memory range interleaves with an existing memory mapping. ASan cannot proceed correctly. ABORTING.
==1165==Process memory map follows:
0x00100000-0x00102000 [vdso]
0x0f7f0000-0x0f807000 /export/navusr3/local/gnu/5.1.0/H-x86_64-unknown-linux-gnu/powerpc-wr2e500v2-linux-gnuspe/lib/libgcc_s.so.1
0x0f807000-0x0f816000 /export/navusr3/local/gnu/5.1.0/H-x86_64-unknown-linux-gnu/powerpc-wr2e500v2-linux-gnuspe/lib/libgcc_s.so.1
0x0f816000-0x0f817000 /export/navusr3/local/gnu/5.1.0/H-x86_64-unknown-linux-gnu/powerpc-wr2e500v2-linux-gnuspe/lib/libgcc_s.so.1
0x0f827000-0x0f9b6000 /export/navusr3/local/gnu/5.1.0/H-x86_64-unknown-linux-gnu/powerpc-wr2e500v2-linux-gnuspe/lib/libstdc++.so.6.0.21
0x0f9b6000-0x0f9c5000 /export/navusr3/local/gnu/5.1.0/H-x86_64-unknown-linux-gnu/powerpc-wr2e500v2-linux-gnuspe/lib/libstdc++.so.6.0.21
0x0f9c5000-0x0f9cc000 /export/navusr3/local/gnu/5.1.0/H-x86_64-unknown-linux-gnu/powerpc-wr2e500v2-linux-gnuspe/lib/libstdc++.so.6.0.21
0x0f9cc000-0x0f9ce000 /export/navusr3/local/gnu/5.1.0/H-x86_64-unknown-linux-gnu/powerpc-wr2e500v2-linux-gnuspe/lib/libstdc++.so.6.0.21
0x0f9ce000-0x0f9d0000
0x0f9e0000-0x0f9e7000 /lib/librt-2.5.so
0x0f9e7000-0x0f9f7000 /lib/librt-2.5.so
0x0f9f7000-0x0f9f8000 /lib/librt-2.5.so
0x0f9f8000-0x0f9f9000 /lib/librt-2.5.so
0x0fa09000-0x0fb11000 /export/navusr3/local/gnu/5.1.0/H-x86_64-unknown-linux-gnu/powerpc-wr2e500v2-linux-gnuspe/lib/libasan.so.2.0.0
0x0fb11000-0x0fb21000 /export/navusr3/local/gnu/5.1.0/H-x86_64-unknown-linux-gnu/powerpc-wr2e500v2-linux-gnuspe/lib/libasan.so.2.0.0
0x0fb21000-0x0fb27000 /export/navusr3/local/gnu/5.1.0/H-x86_64-unknown-linux-gnu/powerpc-wr2e500v2-linux-gnuspe/lib/libasan.so.2.0.0
0x0fb27000-0x0ff80000
0x0ff90000-0x0ffaf000 /lib/ld-2.5.so
0x0ffbf000-0x0ffc1000 /lib/ld-2.5.so
0x0ffd0000-0x0ffe5000 /lib/libpthread-2.5.so
0x0ffe5000-0x0fff4000 /lib/libpthread-2.5.so
0x0fff4000-0x0fff5000 /lib/libpthread-2.5.so
0x0fff5000-0x0fff6000 /lib/libpthread-2.5.so
0x0fff6000-0x0fff8000
0x10000000-0x10002000 /export/navusr3/local/gnu/obj/5.1.0/try/try
0x10011000-0x10012000 /export/navusr3/local/gnu/obj/5.1.0/try/try
0x30000000-0x30001000
0x30001000-0x301b6000 /lib/libm-2.5.so
0x301b6000-0x301c5000 /lib/libm-2.5.so
0x301c5000-0x301c6000 /lib/libm-2.5.so
0x301c6000-0x301cc000 /lib/libm-2.5.so
0x301cc000-0x3032b000 /lib/libc-2.5.so
0x3032b000-0x3033a000 /lib/libc-2.5.so
0x3033a000-0x30340000 /lib/libc-2.5.so
0x30340000-0x30342000
0x30342000-0x30343000
0x30343000-0x30346000 /lib/libdl-2.5.so
0x30346000-0x30355000 /lib/libdl-2.5.so
0x30355000-0x30356000 /lib/libdl-2.5.so
0x30356000-0x30357000 /lib/libdl-2.5.so
0x30357000-0x3035e000
0x30360000-0x3050b000
0x7ffa6000-0x7ffbb000 [stack]
==1165==End of process memory map.
#
With the shadow offset at 0x40000000, the sanitizer fails with:
==889==ERROR: AddressSanitizer failed to allocate 0x273000 (2568192) bytes of LargeMmapAllocator (errno: 12)
==889==Process memory map follows:
0x00100000-0x00102000 [vdso]
0x0f7c4000-0x0f7cf000 /lib/libnss_files-2.5.so
0x0f7cf000-0x0f7de000 /lib/libnss_files-2.5.so
0x0f7de000-0x0f7df000 /lib/libnss_files-2.5.so
0x0f7df000-0x0f7e0000 /lib/libnss_files-2.5.so
0x0f7f0000-0x0f97f000 /export/navusr3/local/gnu/5.1.0/H-x86_64-unknown-linux-gnu/powerpc-wr2e500v2-linux-gnuspe/lib/libstdc++.so.6.0.21
0x0f97f000-0x0f98e000 /export/navusr3/local/gnu/5.1.0/H-x86_64-unknown-linux-gnu/powerpc-wr2e500v2-linux-gnuspe/lib/libstdc++.so.6.0.21
0x0f98e000-0x0f995000 /export/navusr3/local/gnu/5.1.0/H-x86_64-unknown-linux-gnu/powerpc-wr2e500v2-linux-gnuspe/lib/libstdc++.so.6.0.21
0x0f995000-0x0f997000 /export/navusr3/local/gnu/5.1.0/H-x86_64-unknown-linux-gnu/powerpc-wr2e500v2-linux-gnuspe/lib/libstdc++.so.6.0.21
0x0f997000-0x0f999000
0x0f9a9000-0x0f9c0000 /export/navusr3/local/gnu/5.1.0/H-x86_64-unknown-linux-gnu/powerpc-wr2e500v2-linux-gnuspe/lib/libgcc_s.so.1
0x0f9c0000-0x0f9cf000 /export/navusr3/local/gnu/5.1.0/H-x86_64-unknown-linux-gnu/powerpc-wr2e500v2-linux-gnuspe/lib/libgcc_s.so.1
0x0f9cf000-0x0f9d0000 /export/navusr3/local/gnu/5.1.0/H-x86_64-unknown-linux-gnu/powerpc-wr2e500v2-linux-gnuspe/lib/libgcc_s.so.1
0x0f9e0000-0x0f9e7000 /lib/librt-2.5.so
0x0f9e7000-0x0f9f7000 /lib/librt-2.5.so
0x0f9f7000-0x0f9f8000 /lib/librt-2.5.so
0x0f9f8000-0x0f9f9000 /lib/librt-2.5.so
0x0fa09000-0x0fb11000 /export/navusr3/local/gnu/5.1.0/H-x86_64-unknown-linux-gnu/powerpc-wr2e500v2-linux-gnuspe/lib/libasan.so.2.0.0
0x0fb11000-0x0fb21000 /export/navusr3/local/gnu/5.1.0/H-x86_64-unknown-linux-gnu/powerpc-wr2e500v2-linux-gnuspe/lib/libasan.so.2.0.0
0x0fb21000-0x0fb27000 /export/navusr3/local/gnu/5.1.0/H-x86_64-unknown-linux-gnu/powerpc-wr2e500v2-linux-gnuspe/lib/libasan.so.2.0.0
0x0fb27000-0x0ff80000
0x0ff90000-0x0ffaf000 /lib/ld-2.5.so
0x0ffbf000-0x0ffc1000 /lib/ld-2.5.so
0x0ffe0000-0x0ffe3000 /lib/libdl-2.5.so
0x0ffe3000-0x0fff2000 /lib/libdl-2.5.so
0x0fff2000-0x0fff3000 /lib/libdl-2.5.so
0x0fff3000-0x0fff4000 /lib/libdl-2.5.so
0x10000000-0x14d81000 /home/ricsew1/iw/r55--PeFlex/run-time/iut/appl/agent/bin.linux-e500-asan/gepeapp
0x14d90000-0x15126000 /home/ricsew1/iw/r55--PeFlex/run-time/iut/appl/agent/bin.linux-e500-asan/gepeapp
0x15126000-0x15422000 [heap]
0x30000000-0x30001000
0x30001000-0x301b6000 /lib/libm-2.5.so
0x301b6000-0x301c5000 /lib/libm-2.5.so
0x301c5000-0x301c6000 /lib/libm-2.5.so
0x301c6000-0x301cc000 /lib/libm-2.5.so
0x301cc000-0x301cd000
0x301cd000-0x301e2000 /lib/libpthread-2.5.so
0x301e2000-0x301f1000 /lib/libpthread-2.5.so
0x301f1000-0x301f2000 /lib/libpthread-2.5.so
0x301f2000-0x301f3000 /lib/libpthread-2.5.so
0x301f3000-0x301f5000
0x301f5000-0x30354000 /lib/libc-2.5.so
0x30354000-0x30363000 /lib/libc-2.5.so
0x30363000-0x30369000 /lib/libc-2.5.so
0x30369000-0x3036b000
0x3036b000-0x315fe000
0x31600000-0x32bfe000
0x32c00000-0x32d00000
0x32d00000-0x32d01000
0x32d01000-0x34e00000
0x34e00000-0x34e01000
0x34e01000-0x36ffb000
0x37000000-0x37603000
0x37603000-0x37604000
0x37604000-0x397fe000
0x39800000-0x3abfd000
0x3ac00000-0x3b200000
0x3b200000-0x3b201000
0x3b201000-0x3d400000
0x3d400000-0x3d401000
0x3d401000-0x3fafb000
0x3fb00000-0x3fffb000
0x3ffff000-0x48000000
0x48000000-0x4b000000
0x4b000000-0x58000000
0x58000000-0x58001000
0x58001000-0x5a000000
0x5a000000-0x5a001000
0x5a001000-0x5c200000
0x5c200000-0x5c201000
0x5c201000-0x5e200000
0x5e200000-0x5e201000
0x5e201000-0x60200000
0x60200000-0x60201000
0x60201000-0x62c8c000
0x62c8c000-0x62c8d000
0x62c8d000-0x64c8c000
0x64c8c000-0x64c8d000
0x64c8d000-0x66ef9000
0x66f00000-0x67000000
0x67000000-0x67001000
0x67001000-0x694fe000
0x69500000-0x69700000
0x69700000-0x69701000
0x69701000-0x6b700000
0x6b700000-0x6b701000
0x6b701000-0x6d700000
0x6d700000-0x6d701000
0x6d701000-0x6f700000
0x6f700000-0x6f701000
0x6f701000-0x717fe000
0x71800000-0x71900000
0x71900000-0x71901000
0x71901000-0x73900000
0x73900000-0x73901000
0x73901000-0x75d00000
0x75d00000-0x75d01000
0x75d01000-0x782ff000
0x78300000-0x7867f000
0x7867f000-0x78680000
0x78680000-0x7a6fe000
0x7a700000-0x7a8ee000
0x7a900000-0x7aa00000
0x7aa00000-0x7aa01000
0x7aa01000-0x7ca22000
0x7ca22000-0x7ca23000
0x7ca23000-0x7fb47000
0x7fc87000-0x7fc9c000 [stack]
0x7fc9c000-0x7ff0f000
==889==End of process memory map.
==889==AddressSanitizer CHECK failed: /usr/central.share/gnu/src/gcc-5.1.0/libsanitizer/sanitizer_common/sanitizer_posix.cc:121 "(("unable to mmap" && 0)) != (0)" (0x0, 0x0)
ERROR: Failed to mmap
Interestingly, this time libpthread is mapped into the 0x30000000 region but it was not in the trivial program.
I realize this may not be the correct forum for asking questions about system libraries, but have been unable to find out any information about how libraries are mapped. But since this affects the sanitizer, perhaps someone here has also seen this and can point me in the right direction.
Thanks in advance,
--
Richard Sewards