From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 246CB388BA5C; Thu, 15 Dec 2022 09:57:11 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 246CB388BA5C DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1671098231; bh=dCkIHUL4q/cVzdCHNgZawYRfGVJU0JCm87Otn0rKSaw=; h=From:To:Subject:Date:In-Reply-To:References:From; b=HMkxDynReHx531uLB48i7YdBpOfL7MmyxpOsPiicVVdLOcNMocAJ7Y19SiOVxZf5+ t0EMslAru/WTb8WzDWF1AWp5xOfHZixyIOVe3Y9c4JMSRzmwzEKaCl15x+/+J5KTyx +HkK4mg3S82b68EP+UKK5/A317eShHw7rXnjGakQ= From: "marxin at gcc dot gnu.org" To: gcc-rust@gcc.gnu.org Subject: [Bug rust/108124] Rust: ASAN&UBSAN issues when tests are run Date: Thu, 15 Dec 2022 09:57:09 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: rust X-Bugzilla-Version: 13.0 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: marxin at gcc dot gnu.org X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: 13.0 X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: short_desc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D108124 Martin Li=C5=A1ka changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|Rust: UBSAN issues when |Rust: ASAN&UBSAN issues |tests are run |when tests are run --- Comment #2 from Martin Li=C5=A1ka --- One more example of ASAN issue: /dev/shm/objdir2/gcc/testsuite/rust10/../../gccrs -B/dev/shm/objdir2/gcc/testsuite/rust10/../../ /home/marxin/Programming/gcc/gcc/testsuite/rust/compile/torture/generics16.= rs -fdiagnostics-plain-output -frust-incomplete-and-experimental-compiler-do-not-use -O0 -S -o generics16= .s /usr/include/c++/12/bits/stl_iterator.h:1096:17: runtime error: reference binding to null pointer of type 'struct SubstitutionParamMapping' /usr/include/c++/12/bits/stl_vector.h:1207:16: runtime error: reference bin= ding to null pointer of type 'struct value_type' =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D13693=3D=3DERROR: AddressSanitizer: heap-use-after-free on address 0x= 60e000005700 at pc 0x000003b57bfe bp 0x7fffffff9a10 sp 0x7fffffff9a08 READ of size 4 at 0x60e000005700 thread T0 #0 0x3b57bfd in Rust::TyTy::BaseType::get_kind() const /home/marxin/Programming/gcc/gcc/rust/typecheck/rust-tyty.h:206 #1 0x3b57bfd in Rust::TyTy::BaseRules::unify(Rust::TyTy::BaseType*) /home/marxin/Programming/gcc/gcc/rust/typecheck/rust-tyty-rules.h:113 #2 0x3a87ea1 in Rust::TyTy::IntType::unify(Rust::TyTy::BaseType*) /home/marxin/Programming/gcc/gcc/rust/typecheck/rust-tyty.cc:1880 #3 0x3b77be0 in Rust::TyTy::ADTRules::visit(Rust::TyTy::ADTType&) /home/marxin/Programming/gcc/gcc/rust/typecheck/rust-tyty-rules.h:1125 #4 0x3b54d25 in Rust::TyTy::BaseRules::unify(Rust::TyTy::BaseType*) /home/marxin/Programming/gcc/gcc/rust/typecheck/rust-tyty-rules.h:81 #5 0x3a87121 in Rust::TyTy::ADTType::unify(Rust::TyTy::BaseType*) /home/marxin/Programming/gcc/gcc/rust/typecheck/rust-tyty.cc:980 #6 0x3ece21f in Rust::Resolver::TypeCheckImplItem::visit(Rust::HIR::Function&) /home/marxin/Programming/gcc/gcc/rust/typecheck/rust-hir-type-check-implite= m.cc:369 #7 0x3ed2071 in Rust::Resolver::TypeCheckImplItem::Resolve(Rust::HIR::ImplBlock*, Rust::HIR::ImplItem*, Rust::TyTy::BaseType*) /home/marxin/Programming/gcc/gcc/rust/typecheck/rust-hir-type-check-implite= m.cc:338 #8 0x3ccdd4b in Rust::Resolver::TypeCheckItem::visit(Rust::HIR::ImplBlo= ck&) /home/marxin/Programming/gcc/gcc/rust/typecheck/rust-hir-type-check-item.cc= :118 #9 0x3cc72e7 in Rust::Resolver::TypeCheckItem::Resolve(Rust::HIR::Item&) /home/marxin/Programming/gcc/gcc/rust/typecheck/rust-hir-type-check-item.cc= :39 #10 0x39c3724 in Rust::Resolver::TypeResolution::Resolve(Rust::HIR::Cra= te&) /home/marxin/Programming/gcc/gcc/rust/typecheck/rust-hir-type-check.cc:48 #11 0x2aff5ff in Rust::Session::compile_crate(char const*) /home/marxin/Programming/gcc/gcc/rust/rust-session-manager.cc:565 #12 0x2b0420e in Rust::Session::handle_input_files(int, char const**) /home/marxin/Programming/gcc/gcc/rust/rust-session-manager.cc:362 #13 0x212ce46 in grs_langhook_parse_file /home/marxin/Programming/gcc/gcc/rust/rust-lang.cc:184 #14 0xcf3b22e in compile_file /home/marxin/Programming/gcc/gcc/toplev.cc:444 #15 0xcf4f14d in do_compile /home/marxin/Programming/gcc/gcc/toplev.cc:= 2125 #16 0xcf4f14d in toplev::main(int, char**) /home/marxin/Programming/gcc/gcc/toplev.cc:2277 #17 0x10409e86 in main /home/marxin/Programming/gcc/gcc/main.cc:39 #18 0x7ffff6a2c5af in __libc_start_call_main (/lib64/libc.so.6+0x275af) #19 0x7ffff6a2c678 in __libc_start_main_impl (/lib64/libc.so.6+0x27678) #20 0x212cbd4 in _start ../sysdeps/x86_64/start.S:115 0x60e000005700 is located 32 bytes inside of 152-byte region [0x60e0000056e0,0x60e000005778) freed by thread T0 here: #0 0x7ffff78bb0e8 (/lib64/libasan.so.8+0xbb0e8) #1 0x3b8f222 in Rust::TyTy::TypeCheckCallExpr::visit(Rust::TyTy::ADTTyp= e&) /home/marxin/Programming/gcc/gcc/rust/typecheck/rust-tyty-call.cc:69 previously allocated by thread T0 here: #0 0x7ffff78bc40f in __interceptor_malloc (/lib64/libasan.so.8+0xbc40f) #1 0x109248eb in operator new(unsigned long) ../../../../libstdc++-v3/libsupc++/new_op.cc:50 SUMMARY: AddressSanitizer: heap-use-after-free /home/marxin/Programming/gcc/gcc/rust/typecheck/rust-tyty.h:206 in Rust::TyTy::BaseType::get_kind() const Shadow bytes around the buggy address: 0x0c1c7fff8a90: 00 00 00 00 00 00 00 00 00 00 00 00 fa fa fa fa 0x0c1c7fff8aa0: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00 0x0c1c7fff8ab0: 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa fa 0x0c1c7fff8ac0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c1c7fff8ad0: 00 00 00 fa fa fa fa fa fa fa fa fa fd fd fd fd =3D>0x0c1c7fff8ae0:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa 0x0c1c7fff8af0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00 0x0c1c7fff8b00: 00 00 00 00 00 00 00 00 00 00 00 fa fa fa fa fa 0x0c1c7fff8b10: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00 0x0c1c7fff8b20: 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa fa 0x0c1c7fff8b30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07=20 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb =3D=3D13693=3D=3DABORTING --=20 You are receiving this mail because: You are on the CC list for the bug.=