From: "marxin at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-rust@gcc.gnu.org
Subject: [Bug rust/108124] Rust: ASAN&UBSAN issues when tests are run
Date: Thu, 15 Dec 2022 09:57:09 +0000 [thread overview]
Message-ID: <bug-108124-35322-eh1rnMCYvO@http.gcc.gnu.org/bugzilla/> (raw)
In-Reply-To: <bug-108124-35322@http.gcc.gnu.org/bugzilla/>
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108124
Martin Liška <marxin at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|Rust: UBSAN issues when |Rust: ASAN&UBSAN issues
|tests are run |when tests are run
--- Comment #2 from Martin Liška <marxin at gcc dot gnu.org> ---
One more example of ASAN issue:
/dev/shm/objdir2/gcc/testsuite/rust10/../../gccrs
-B/dev/shm/objdir2/gcc/testsuite/rust10/../../
/home/marxin/Programming/gcc/gcc/testsuite/rust/compile/torture/generics16.rs
-fdiagnostics-plain-output
-frust-incomplete-and-experimental-compiler-do-not-use -O0 -S -o generics16.s
/usr/include/c++/12/bits/stl_iterator.h:1096:17: runtime error: reference
binding to null pointer of type 'struct SubstitutionParamMapping'
/usr/include/c++/12/bits/stl_vector.h:1207:16: runtime error: reference binding
to null pointer of type 'struct value_type'
=================================================================
==13693==ERROR: AddressSanitizer: heap-use-after-free on address 0x60e000005700
at pc 0x000003b57bfe bp 0x7fffffff9a10 sp 0x7fffffff9a08
READ of size 4 at 0x60e000005700 thread T0
#0 0x3b57bfd in Rust::TyTy::BaseType::get_kind() const
/home/marxin/Programming/gcc/gcc/rust/typecheck/rust-tyty.h:206
#1 0x3b57bfd in Rust::TyTy::BaseRules::unify(Rust::TyTy::BaseType*)
/home/marxin/Programming/gcc/gcc/rust/typecheck/rust-tyty-rules.h:113
#2 0x3a87ea1 in Rust::TyTy::IntType::unify(Rust::TyTy::BaseType*)
/home/marxin/Programming/gcc/gcc/rust/typecheck/rust-tyty.cc:1880
#3 0x3b77be0 in Rust::TyTy::ADTRules::visit(Rust::TyTy::ADTType&)
/home/marxin/Programming/gcc/gcc/rust/typecheck/rust-tyty-rules.h:1125
#4 0x3b54d25 in Rust::TyTy::BaseRules::unify(Rust::TyTy::BaseType*)
/home/marxin/Programming/gcc/gcc/rust/typecheck/rust-tyty-rules.h:81
#5 0x3a87121 in Rust::TyTy::ADTType::unify(Rust::TyTy::BaseType*)
/home/marxin/Programming/gcc/gcc/rust/typecheck/rust-tyty.cc:980
#6 0x3ece21f in
Rust::Resolver::TypeCheckImplItem::visit(Rust::HIR::Function&)
/home/marxin/Programming/gcc/gcc/rust/typecheck/rust-hir-type-check-implitem.cc:369
#7 0x3ed2071 in
Rust::Resolver::TypeCheckImplItem::Resolve(Rust::HIR::ImplBlock*,
Rust::HIR::ImplItem*, Rust::TyTy::BaseType*)
/home/marxin/Programming/gcc/gcc/rust/typecheck/rust-hir-type-check-implitem.cc:338
#8 0x3ccdd4b in Rust::Resolver::TypeCheckItem::visit(Rust::HIR::ImplBlock&)
/home/marxin/Programming/gcc/gcc/rust/typecheck/rust-hir-type-check-item.cc:118
#9 0x3cc72e7 in Rust::Resolver::TypeCheckItem::Resolve(Rust::HIR::Item&)
/home/marxin/Programming/gcc/gcc/rust/typecheck/rust-hir-type-check-item.cc:39
#10 0x39c3724 in Rust::Resolver::TypeResolution::Resolve(Rust::HIR::Crate&)
/home/marxin/Programming/gcc/gcc/rust/typecheck/rust-hir-type-check.cc:48
#11 0x2aff5ff in Rust::Session::compile_crate(char const*)
/home/marxin/Programming/gcc/gcc/rust/rust-session-manager.cc:565
#12 0x2b0420e in Rust::Session::handle_input_files(int, char const**)
/home/marxin/Programming/gcc/gcc/rust/rust-session-manager.cc:362
#13 0x212ce46 in grs_langhook_parse_file
/home/marxin/Programming/gcc/gcc/rust/rust-lang.cc:184
#14 0xcf3b22e in compile_file
/home/marxin/Programming/gcc/gcc/toplev.cc:444
#15 0xcf4f14d in do_compile /home/marxin/Programming/gcc/gcc/toplev.cc:2125
#16 0xcf4f14d in toplev::main(int, char**)
/home/marxin/Programming/gcc/gcc/toplev.cc:2277
#17 0x10409e86 in main /home/marxin/Programming/gcc/gcc/main.cc:39
#18 0x7ffff6a2c5af in __libc_start_call_main (/lib64/libc.so.6+0x275af)
#19 0x7ffff6a2c678 in __libc_start_main_impl (/lib64/libc.so.6+0x27678)
#20 0x212cbd4 in _start ../sysdeps/x86_64/start.S:115
0x60e000005700 is located 32 bytes inside of 152-byte region
[0x60e0000056e0,0x60e000005778)
freed by thread T0 here:
#0 0x7ffff78bb0e8 (/lib64/libasan.so.8+0xbb0e8)
#1 0x3b8f222 in Rust::TyTy::TypeCheckCallExpr::visit(Rust::TyTy::ADTType&)
/home/marxin/Programming/gcc/gcc/rust/typecheck/rust-tyty-call.cc:69
previously allocated by thread T0 here:
#0 0x7ffff78bc40f in __interceptor_malloc (/lib64/libasan.so.8+0xbc40f)
#1 0x109248eb in operator new(unsigned long)
../../../../libstdc++-v3/libsupc++/new_op.cc:50
SUMMARY: AddressSanitizer: heap-use-after-free
/home/marxin/Programming/gcc/gcc/rust/typecheck/rust-tyty.h:206 in
Rust::TyTy::BaseType::get_kind() const
Shadow bytes around the buggy address:
0x0c1c7fff8a90: 00 00 00 00 00 00 00 00 00 00 00 00 fa fa fa fa
0x0c1c7fff8aa0: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00
0x0c1c7fff8ab0: 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa fa
0x0c1c7fff8ac0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c1c7fff8ad0: 00 00 00 fa fa fa fa fa fa fa fa fa fd fd fd fd
=>0x0c1c7fff8ae0:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa
0x0c1c7fff8af0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c1c7fff8b00: 00 00 00 00 00 00 00 00 00 00 00 fa fa fa fa fa
0x0c1c7fff8b10: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00
0x0c1c7fff8b20: 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa fa
0x0c1c7fff8b30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==13693==ABORTING
--
You are receiving this mail because:
You are on the CC list for the bug.
next prev parent reply other threads:[~2022-12-15 9:57 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-15 9:47 [Bug rust/108124] New: UBSAN " marxin at gcc dot gnu.org
2022-12-15 9:47 ` [Bug rust/108124] Rust: " marxin at gcc dot gnu.org
2022-12-15 9:51 ` marxin at gcc dot gnu.org
2022-12-15 9:57 ` marxin at gcc dot gnu.org [this message]
2023-04-26 6:57 ` [Bug rust/108124] Rust: ASAN&UBSAN " rguenth at gcc dot gnu.org
2023-07-27 9:24 ` rguenth at gcc dot gnu.org
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-108124-35322-eh1rnMCYvO@http.gcc.gnu.org/bugzilla/ \
--to=gcc-bugzilla@gcc.gnu.org \
--cc=gcc-rust@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).