From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id A587E385840E; Mon, 29 May 2023 20:18:55 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org A587E385840E DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1685391535; bh=rVwndokomGYmT0m5GGngaCCXGhUbHWkH5M98QedL7Aw=; h=From:To:Subject:Date:From; b=ySr2tgkfisn8Nq6vIdrDiaYd6M/K5BD8YwYng9ES/B+HG8s28HZButP6PpktTBGu6 MMZs2dVXmEDV806YdwhXoIBweB5egbdDeIkzud3pIWyufxrrxYbRrVpO+wMdp6EpiX DMVLHb8cPJreu5c10/5usjYr/gJBDRsu/TV/a7H0= From: "sneves at dei dot uc.pt" To: gcc-bugs@gcc.gnu.org Subject: [Bug sanitizer/110027] New: Misaligned vector store on detect_stack_use_after_return Date: Mon, 29 May 2023 20:18:55 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: sanitizer X-Bugzilla-Version: 13.1.1 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: sneves at dei dot uc.pt X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter cc target_milestone Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D110027 Bug ID: 110027 Summary: Misaligned vector store on detect_stack_use_after_return Product: gcc Version: 13.1.1 Status: UNCONFIRMED Severity: normal Priority: P3 Component: sanitizer Assignee: unassigned at gcc dot gnu.org Reporter: sneves at dei dot uc.pt CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org, jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxi= n at gcc dot gnu.org Target Milestone: --- (As reported by Jack O'Connor, along with reproducibility instructions, at https://gist.github.com/oconnor663/69176654f1db1bb96077d6ff4141a022) Given the following snippet, #include int main() { __m512i v =3D _mm512_set1_epi32(0); // It doesn't really matter what we do next, as long as we convince the // compiler to put v on the stack. Here we just read an int from it. return *((int *)&v); } compiled with `gcc repro.c -g -mavx512f -fsanitize=3Daddress` results in a segfault due to a misaligned AVX-512 store. The assembly output is visible = at https://gist.github.com/oconnor663/69176654f1db1bb96077d6ff4141a022#file-re= pro-s. Specifically, we have the relevant sequence andq $-64, %rsp subq $192, %rsp leaq 32(%rsp), %rbx ... cmpl $0, __asan_option_detect_stack_use_after_return(%rip) je .L1 ... call __asan_stack_malloc_1@PLT ... movq %rax, %rbx ... .L1: leaq 160(%rbx), %rax movq %rax, %rcx ... vmovdqa64 %zmm0, -128(%rcx) Now, if `__asan_option_detect_stack_use_after_return` is 0, the variable at %rcx-128 is correctly aligned to 64. However, if it is 1, __asan_stack_mall= oc_1 returns something aligned to 64 << 1 (as per https://github.com/gcc-mirror/gcc/blob/master/gcc/asan.cc#L1917) and adding= 160 results in %rcx-128 being only aligned to 32. And thus the segfault. Interestingly this seems to be only reproducible on Arch Linux. Other gcc 13.1.1 builds, Fedora for instance, seem to behave correctly. It is unclear= to me what the reason for this is.=