https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111505
Bug ID: 111505
Summary: Asan (address-sanitizer) bootstrap fails since
r14-4003-geaa8e8541349df
Product: gcc
Version: 14.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: bootstrap
Assignee: unassigned at gcc dot gnu.org
Reporter: jamborm at gcc dot gnu.org
CC: dmalcolm at gcc dot gnu.org, fkastl at suse dot cz
Blocks: 86656
Target Milestone: ---
Host: x86_64-linux-gnu
Target: x86_64-linux-gnu
Bootstrapping with active address sanitizer fails at the beginning of
stage 3 since r14-4003-geaa8e8541349df (ggc, jit: forcibly clear GTY
roots in jit).
To reproduce, use --with-build-config=bootstrap-asan at configure
time, for example:
../src/configure --prefix=/home/user/install/prefix --enable-languages=c,c++
--enable-checking=release --enable-host-shared --disable-multilib
--with-build-config=bootstrap-asan
and run make (and wait).
At least one failure happens during configure script run of libiberty,
which fails with "C compiler cannot create executables" and the
corresponding config.log contains the following ASAN errors:
configure:3470: /home/mjambor/gcc/mine/b-obj/./prev-gcc/xgcc
-B/home/mjambor/gcc/mine/b-obj/./prev-gcc/
-B/home/mjambor/gcc/mine/inst/x86_64-pc-linux-gnu/bin/
-B/home/mjambor/gcc/mine/inst/x86_64-pc-linux-gnu/bin/
-B/home/mjambor/gcc/mine/inst/x86_64-pc-linux-gnu/lib/ -isystem
/home/mjambor/gcc/mine/inst/x86_64-pc-linux-gnu/include -isystem
/home/mjambor/gcc/mine/inst/x86_64-pc-linux-gnu/sys-include -fchecking=1 -o
conftest -g -O2 -fchecking=1 -fsanitize=address -static-libstdc++
-static-libgcc -fsanitize=address -static-libasan
-B/home/mjambor/gcc/mine/b-obj/prev-x86_64-pc-linux-gnu/libsanitizer/
-B/home/mjambor/gcc/mine/b-obj/prev-x86_64-pc-linux-gnu/libsanitizer/asan/
-B/home/mjambor/gcc/mine/b-obj/prev-x86_64-pc-linux-gnu/libsanitizer/asan/.libs
conftest.c >&5
=================================================================
==2683==ERROR: AddressSanitizer: global-buffer-overflow on address
0x00000718d4d0 at pc 0x0000007cd234 bp 0x7ffdc15756e0 sp 0x7ffdc1574ea0
WRITE of size 16 at 0x00000718d4d0 thread T0
#0 0x7cd233 in __interceptor_memset
/home/mjambor/gcc/mine/src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:847
#1 0x12151ab in ggc_common_finalize()
/home/mjambor/gcc/mine/src/gcc/ggc-common.cc:1311
#2 0x1dad8ef in toplev::finalize()
/home/mjambor/gcc/mine/src/gcc/toplev.cc:2354
#3 0x796732 in main /home/mjambor/gcc/mine/src/gcc/main.cc:42
#4 0x7f74182281af in __libc_start_call_main (/lib64/libc.so.6+0x281af)
(BuildId: 7729cbd8376d2b42276cc2cc10693449ff810847)
#5 0x7f7418228278 in __libc_start_main@@GLIBC_2.34
(/lib64/libc.so.6+0x28278) (BuildId: 7729cbd8376d2b42276cc2cc10693449ff810847)
#6 0x797e84 in _start ../sysdeps/x86_64/start.S:115
0x00000718d4d0 is located 48 bytes before global variable 'int_n_enabled_p'
defined in '/home/mjambor/gcc/mine/src/gcc/tree.cc:234:6' (0x718d500) of size 1
0x00000718d4d0 is located 0 bytes after global variable 'int_n_trees' defined
in '/home/mjambor/gcc/mine/src/gcc/tree.cc:235:22' (0x718d4c0) of size 16
SUMMARY: AddressSanitizer: global-buffer-overflow
/home/mjambor/gcc/mine/src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:847
in __interceptor_memset
Shadow bytes around the buggy address:
0x00000718d200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x00000718d280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x00000718d300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x00000718d380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x00000718d400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x00000718d480: 00 00 00 00 f9 f9 f9 f9 00 00[f9]f9 f9 f9 f9 f9
0x00000718d500: 01 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
0x00000718d580: 00 00 00 00 00 00 00 00 00 00 00 f9 f9 f9 f9 f9
0x00000718d600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x00000718d680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x00000718d700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==2683==ABORTING
[...]
configure:3708: /home/mjambor/gcc/mine/b-obj/./prev-gcc/xgcc
-B/home/mjambor/gcc/mine/b-obj/./prev-gcc/
-B/home/mjambor/gcc/mine/inst/x86_64-pc-linux-gnu/bin/
-B/home/mjambor/gcc/mine/inst/x86_64-pc-linux-gnu/bin/
-B/home/mjambor/gcc/mine/inst/x86_64-pc-linux-gnu/lib/ -isystem
/home/mjambor/gcc/mine/inst/x86_64-pc-linux-gnu/include -isystem
/home/mjambor/gcc/mine/inst/x86_64-pc-linux-gnu/sys-include -fchecking=1 -c
-g -O2 -fchecking=1 -fsanitize=address conftest.c >&5
=================================================================
==2789==ERROR: AddressSanitizer: global-buffer-overflow on address
0x00000718d4d0 at pc 0x0000007cd234 bp 0x7ffd9f6fc140 sp 0x7ffd9f6fb900
WRITE of size 16 at 0x00000718d4d0 thread T0
#0 0x7cd233 in __interceptor_memset
/home/mjambor/gcc/mine/src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:847
#1 0x12151ab in ggc_common_finalize()
/home/mjambor/gcc/mine/src/gcc/ggc-common.cc:1311
#2 0x1dad8ef in toplev::finalize()
/home/mjambor/gcc/mine/src/gcc/toplev.cc:2354
#3 0x796732 in main /home/mjambor/gcc/mine/src/gcc/main.cc:42
#4 0x7fbdc4e281af in __libc_start_call_main (/lib64/libc.so.6+0x281af)
(BuildId: 7729cbd8376d2b42276cc2cc10693449ff810847)
#5 0x7fbdc4e28278 in __libc_start_main@@GLIBC_2.34
(/lib64/libc.so.6+0x28278) (BuildId: 7729cbd8376d2b42276cc2cc10693449ff810847)
#6 0x797e84 in _start ../sysdeps/x86_64/start.S:115
0x00000718d4d0 is located 48 bytes before global variable 'int_n_enabled_p'
defined in '/home/mjambor/gcc/mine/src/gcc/tree.cc:234:6' (0x718d500) of size 1
0x00000718d4d0 is located 0 bytes after global variable 'int_n_trees' defined
in '/home/mjambor/gcc/mine/src/gcc/tree.cc:235:22' (0x718d4c0) of size 16
SUMMARY: AddressSanitizer: global-buffer-overflow
/home/mjambor/gcc/mine/src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:847
in __interceptor_memset
Shadow bytes around the buggy address:
0x00000718d200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x00000718d280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x00000718d300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x00000718d380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x00000718d400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x00000718d480: 00 00 00 00 f9 f9 f9 f9 00 00[f9]f9 f9 f9 f9 f9
0x00000718d500: 01 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
0x00000718d580: 00 00 00 00 00 00 00 00 00 00 00 f9 f9 f9 f9 f9
0x00000718d600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x00000718d680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x00000718d700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==2789==ABORTING
Referenced Bugs:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86656
[Bug 86656] [meta-bug] Issues found with -fsanitize=address
