[Bug sanitizer/65662] New: AddressSanitizer CHECK failed: ../../../../gcc/libsanitizer/sanitizer_common/sanitizer_allocator.h:835 "((res)) < ((kNumPossibleRegions))" (0x3ffb49, 0x80000)

[Bug sanitizer/65662] New: AddressSanitizer CHECK failed: ../../../../gcc/libsanitizer/sanitizer_common/sanitizer_allocator.h:835 "((res)) < ((kNumPossibleRegions))" (0x3ffb49, 0x80000)

[schwab@linux-m68k.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65662

            Bug ID: 65662
           Summary: AddressSanitizer CHECK failed:
                    ../../../../gcc/libsanitizer/sanitizer_common/sanitize
                    r_allocator.h:835 "((res)) < ((kNumPossibleRegions))"
                    (0x3ffb49, 0x80000)
           Product: gcc
           Version: 5.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: sanitizer
          Assignee: unassigned at gcc dot gnu.org
          Reporter: schwab@linux-m68k.org
                CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
                    jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, rguenther at suse dot de
            Target: aarch64-*-*

Breakpoint 1, ComputeRegionId (this=0x3ffb737bd60 <__asan::allocator>, 
    mem=4396780879872)
    at ../../../../gcc/libsanitizer/sanitizer_common/sanitizer_allocator.h:835
835         CHECK_LT(res, kNumPossibleRegions);
(gdb) p/x mem
$2 = 0x3ffb4900000

[Bug sanitizer/65662] AddressSanitizer CHECK failed: ../../../../gcc/libsanitizer/sanitizer_common/sanitizer_allocator.h:835 "((res)) < ((kNumPossibleRegions))" (0x3ffb49, 0x80000)

[schwab@linux-m68k.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65662

Andreas Schwab <schwab@linux-m68k.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Target Milestone|---                         |5.0

[Bug sanitizer/65662] AddressSanitizer CHECK failed: ../../../../gcc/libsanitizer/sanitizer_common/sanitizer_allocator.h:835 "((res)) < ((kNumPossibleRegions))" (0x3ffb49, 0x80000)

[jakub at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65662

--- Comment #1 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
There are dups for this already.
The issue is that aarch64-linux has 3 very much different virtual address space
sizes and stock libsanitizer supports only the smallest one.  I have a patch
for supporting the middle-one, see e.g.
http://pkgs.fedoraproject.org/cgit/gcc.git/tree/gcc5-libsanitize-aarch64-va42.patch
but supporting all 3 virtual address space sizes requires more changes
upstream, because the smallest virtual address space size is really too small
for anything usable.

[Bug sanitizer/65662] AddressSanitizer CHECK failed: ../../../../gcc/libsanitizer/sanitizer_common/sanitizer_allocator.h:835 "((res)) < ((kNumPossibleRegions))" (0x3ffb49, 0x80000)

[rguenth at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65662

Richard Biener <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|rguenther at suse dot de           |rguenth at gcc dot gnu.org
   Target Milestone|5.0                         |---

[Bug sanitizer/65662] AddressSanitizer CHECK failed: ../../../../gcc/libsanitizer/sanitizer_common/sanitizer_allocator.h:835 "((res)) < ((kNumPossibleRegions))" (0x3ffb49, 0x80000)

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65662

--- Comment #2 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
(In reply to Jakub Jelinek from comment #1)
> There are dups for this already.
> The issue is that aarch64-linux has 3 very much different virtual address
> space sizes and stock libsanitizer supports only the smallest one.  I have a
> patch for supporting the middle-one, see e.g.
> http://pkgs.fedoraproject.org/cgit/gcc.git/tree/gcc5-libsanitize-aarch64-
> va42.patch
> but supporting all 3 virtual address space sizes requires more changes
> upstream, because the smallest virtual address space size is really too
> small for anything usable.

The largest one is required to be supported for Cavium's ThunderX in a dual
socket case.  Can we declare address santizer broken for GCC 5 for AARCH64 due
to this?

I think MIPS has a similar issue too when different page sizes are used but
nobody upstream has reported it yet.

[Bug sanitizer/65662] AddressSanitizer CHECK failed: ../../../../gcc/libsanitizer/sanitizer_common/sanitizer_allocator.h:835 "((res)) < ((kNumPossibleRegions))" (0x3ffb49, 0x80000)

[jakub at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65662

--- Comment #3 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
I think it was a serious mistake to officially add support for it when it only
works on one of the 3 configurations.  Unfortunately there has not really been
any progress on this in the past 3 month since it has been reported, netierh
from aarch64 maintainers nor upstream.

[Bug sanitizer/65662] AddressSanitizer CHECK failed: ../../../../gcc/libsanitizer/sanitizer_common/sanitizer_allocator.h:835 "((res)) < ((kNumPossibleRegions))" (0x3ffb49, 0x80000)

[kcc at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65662

--- Comment #4 from Kostya Serebryany <kcc at gcc dot gnu.org> ---
AArch64 is being discussed at
https://groups.google.com/forum/#!topic/address-sanitizer/YzYRJEvVimw
Please join the discussion. 
We, the primary maintainers of asan, have no access to AArch64 boxes yet, 
so we rely on others here.

[Bug sanitizer/65662] AddressSanitizer CHECK failed: ../../../../gcc/libsanitizer/sanitizer_common/sanitizer_allocator.h:835 "((res)) < ((kNumPossibleRegions))" (0x3ffb49, 0x80000)

[kcc at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65662

--- Comment #5 from Kostya Serebryany <kcc at gcc dot gnu.org> ---
AArch64 is being discussed at
https://groups.google.com/forum/#!topic/address-sanitizer/YzYRJEvVimw
Please join the discussion. 
We, the primary maintainers of asan, have no access to AArch64 boxes yet, 
so we rely on others here.

[Bug sanitizer/65662] AddressSanitizer CHECK failed: ../../../../gcc/libsanitizer/sanitizer_common/sanitizer_allocator.h:835 "((res)) < ((kNumPossibleRegions))" (0x3ffb49, 0x80000)

[vekumar at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65662

vekumar at gcc dot gnu.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |vekumar at gcc dot gnu.org

--- Comment #6 from vekumar at gcc dot gnu.org ---
For 42 bit VA,  I have to change the SANITIZER_MMAP_RANGE_SIZE to  1 <<42.
Also compiler has to add the shadow offset instead of Oring it.

I am planning to post a patch in LLVM.

As Kostya said we can discuss in that thread.

[Bug sanitizer/65662] AddressSanitizer CHECK failed: ../../../../gcc/libsanitizer/sanitizer_common/sanitizer_allocator.h:835 "((res)) < ((kNumPossibleRegions))" (0x3ffb49, 0x80000)

[jakub at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65662

--- Comment #7 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
(In reply to vekumar from comment #6)
> For 42 bit VA,  I have to change the SANITIZER_MMAP_RANGE_SIZE to  1 <<42.

Sure.

> Also compiler has to add the shadow offset instead of Oring it.

You don't, see my patch.
As I said, the hard part is making sure all 3 layouts work with the same
libasan library - the problem is that the library assumes some decisions (like
whether to use 32-bit or 64-bit allocator) have to be done at library compile
time, when for aarch64 they really have to be done at runtime.

[Bug sanitizer/65662] AddressSanitizer CHECK failed: ../../../../gcc/libsanitizer/sanitizer_common/sanitizer_allocator.h:835 "((res)) < ((kNumPossibleRegions))" (0x3ffb49, 0x80000)

[vekumar at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65662

--- Comment #8 from vekumar at gcc dot gnu.org ---
(In reply to Jakub Jelinek from comment #7)
> (In reply to vekumar from comment #6)
> > For 42 bit VA,  I have to change the SANITIZER_MMAP_RANGE_SIZE to  1 <<42.
> 
> Sure.
> 
> > Also compiler has to add the shadow offset instead of Oring it.
> 
> You don't, see my patch.
> As I said, the hard part is making sure all 3 layouts work with the same
> libasan library - the problem is that the library assumes some decisions
> (like whether to use 32-bit or 64-bit allocator) have to be done at library
> compile time, when for aarch64 they really have to be done at runtime.

Hi Jakub, 

It was decided to make ASAN work for 42 bit VA without changing the default
allocator (32bit) and the default shadow offset (1<<36). 

Please see thread
https://groups.google.com/forum/#!topic/address-sanitizer/YzYRJEvVimw.

On 42 bit VA with default settings, I found that some cases (LLVM ASAN tests)
were failing because the compiler (LLVM) does Oring of shadow offset and ASAN
library code adds the shadow offset. Both access resulted in valid memory and
but we were poisoning the wrong shadow memory.

Now your patch turns on the 64 bit allocator. I agree to do this we need to
dynamically detect VA at runtime. 

Can you please join the thread and post your comments there.