[llvm-bugs] [Bug 117476] [LSAN] macOS: Leak sanitizer hangs or crashes when using with AppKit

LLVM Bugs via llvm-bugs Sun, 24 Nov 2024 03:07:17 -0800

Issue	117476
Summary	[LSAN] macOS: Leak sanitizer hangs or crashes when using with AppKit
Labels	new issue
Assignees
Reporter	madsmtm

    Building and running the following program under LeakSanitizer on macOS crashes with "bad pointer" on both Aarch64 and x86_64 Rosetta.


```objective-c
// foo.m
#import <AppKit/AppKit.h>

int main() {
    [NSApplication sharedApplication];
    return 0;
}
```

I tested this in a virtual machine as well, this problem is present in at least macOS 13.7.1, macOS 14.7.1 and macOS 15.1.1.

<details><summary>Full backtrace on macOS 15.1.1 (build 24B91)</summary>
<p>

```console
$ echo """
#import <AppKit/AppKit.h>

int main() {
    [NSApplication sharedApplication];
    return 0;
}
""" > foo.m
$ /opt/homebrew/opt/llvm/bin/clang -framework AppKit -fsanitize=leak foo.m
$ lldb ./a.out
(lldb) target create "./a.out"
Current executable set to './a.out' (arm64).
(lldb) r
Process 3758 launched: './a.out' (arm64)
a.out(3758,0x1f37a7840) malloc: nano zone abandoned due to inability to reserve vm space.
LeakSanitizer: bad pointer 0x9ce7e5f09a407d7c
LeakSanitizer: CHECK failed: sanitizer_allocator_secondary.h:177 "((IsAligned(reinterpret_cast<uptr>(p), page_size_))) != (0)" (0x0, 0x0) (tid=19136)
Process 3758 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = signal SIGABRT
 frame #0: 0x000000018e65a600 libsystem_kernel.dylib`__pthread_kill + 8
libsystem_kernel.dylib`__pthread_kill:
->  0x18e65a600 <+8>:  b.lo 0x18e65a620    ; <+40>
    0x18e65a604 <+12>: pacibsp 
    0x18e65a608 <+16>: stp    x29, x30, [sp, #-0x10]!
    0x18e65a60c <+20>: mov    x29, sp
Target 0: (a.out) stopped.
(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = signal SIGABRT
  * frame #0: 0x000000018e65a600 libsystem_kernel.dylib`__pthread_kill + 8
    frame #1: 0x000000018e692f70 libsystem_pthread.dylib`pthread_kill + 288
    frame #2: 0x000000018e59f908 libsystem_c.dylib`abort + 128
    frame #3: 0x0000000100199a0c libclang_rt.lsan_osx_dynamic.dylib`__sanitizer::Abort() + 80
    frame #4: 0x000000010019904c libclang_rt.lsan_osx_dynamic.dylib`__sanitizer::Die() + 104
    frame #5: 0x0000000100199160 libclang_rt.lsan_osx_dynamic.dylib`__sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) + 152
    frame #6: 0x00000001001a7e10 libclang_rt.lsan_osx_dynamic.dylib`__sanitizer::CombinedAllocator<__sanitizer::SizeClassAllocator64<__lsan::AP64<__sanitizer::LocalAddressSpaceView>>, __sanitizer::LargeMmapAllocatorPtrArrayDynamic>::GetMetaData(void const*) + 348
    frame #7: 0x00000001001a7298 libclang_rt.lsan_osx_dynamic.dylib`__lsan::lsan_mz_size(void const*) + 28
 frame #8: 0x000000018e4a29c8 libsystem_malloc.dylib`malloc_size + 124
 frame #9: 0x000000018e81d734 CoreFoundation`____CFBinaryPlistCreateObjectFiltered_block_invoke + 192
 frame #10: 0x000000018e730820 CoreFoundation`__CFBinaryPlistCreateObjectFiltered + 996
    frame #11: 0x000000018e81e020 CoreFoundation`__CFPropertyListCreateFilteredDictionary + 1896
    frame #12: 0x000000018e73183c CoreFoundation`__CFBinaryPlistCreateObjectFiltered + 5120
    frame #13: 0x000000018e7b7f0c CoreFoundation`_CFPropertyListCreateFiltered + 268
 frame #14: 0x000000018e8b4eec CoreFoundation`__CFBundleCreateStringsFromPlistData + 116
    frame #15: 0x000000018e8b4ba4 CoreFoundation`_loadStringsFromData + 348
    frame #16: 0x000000018e8b43ac CoreFoundation`_loadStringsInOrder + 176
    frame #17: 0x000000018e8b28c0 CoreFoundation`_copyStringTable + 848
    frame #18: 0x000000018e8b20f0 CoreFoundation`_CFBundleCopyLocalizedStringForLocalizationTableURLAndMarkdownOption + 204
    frame #19: 0x000000018e761718 CoreFoundation`_CFCopyLocalizedVersionKey + 196
    frame #20: 0x000000018e761420 CoreFoundation`_CFCopyVersionDictionary + 196
    frame #21: 0x000000018e76133c CoreFoundation`___CFCopySystemVersionDictionary_block_invoke + 48
 frame #22: 0x000000018e4e0658 libdispatch.dylib`_dispatch_client_callout + 20
    frame #23: 0x000000018e4e1ea0 libdispatch.dylib`_dispatch_once_callout + 32
    frame #24: 0x000000018e761308 CoreFoundation`_CFCopySystemVersionDictionary + 92
 frame #25: 0x0000000194173fc0 libMobileGestalt.dylib`___lldb_unnamed_symbol1339 + 52
    frame #26: 0x000000019417f2e0 libMobileGestalt.dylib`___lldb_unnamed_symbol1784 + 28
 frame #27: 0x000000019418a394 libMobileGestalt.dylib`___lldb_unnamed_symbol2288 + 20
    frame #28: 0x00000001941777a0 libMobileGestalt.dylib`___lldb_unnamed_symbol1405 + 516
    frame #29: 0x000000019417376c libMobileGestalt.dylib`MGGetBoolAnswer + 36
    frame #30: 0x0000000194198360 libMobileGestalt.dylib`___lldb_unnamed_symbol2587 + 64
 frame #31: 0x0000000194190190 libMobileGestalt.dylib`___lldb_unnamed_symbol2472 + 120
    frame #32: 0x0000000194182b88 libMobileGestalt.dylib`___lldb_unnamed_symbol1943 + 128
    frame #33: 0x00000001941776a0 libMobileGestalt.dylib`___lldb_unnamed_symbol1405 + 260
    frame #34: 0x000000019297c86c AppKit`__NSUserAccentColorGetHardwareAccentColorName_block_invoke + 196
 frame #35: 0x000000018e4e0658 libdispatch.dylib`_dispatch_client_callout + 20
    frame #36: 0x000000018e4e1ea0 libdispatch.dylib`_dispatch_once_callout + 32
    frame #37: 0x000000019297c9dc AppKit`__NSUserAccentHasHardwareColor_block_invoke + 96
    frame #38: 0x000000018e4e0658 libdispatch.dylib`_dispatch_client_callout + 20
    frame #39: 0x000000018e4e1ea0 libdispatch.dylib`_dispatch_once_callout + 32
    frame #40: 0x000000019227330c AppKit`NSColorGetUserAccentColor + 364
    frame #41: 0x0000000192293044 AppKit`+[NSAppearance _aquaAppearance] + 64
 frame #42: 0x0000000192271cd0 AppKit`+[NSAppearance appearanceNamed:] + 32
    frame #43: 0x0000000192271324 AppKit`-[NSSystemAppearanceProxy init] + 124
    frame #44: 0x0000000192271298 AppKit`__38+[NSSystemAppearanceProxy systemProxy]_block_invoke + 24
 frame #45: 0x000000018e4e0658 libdispatch.dylib`_dispatch_client_callout + 20
    frame #46: 0x000000018e4e1ea0 libdispatch.dylib`_dispatch_once_callout + 32
    frame #47: 0x000000019227127c AppKit`+[NSSystemAppearanceProxy systemProxy] + 64
 frame #48: 0x0000000192271208 AppKit`-[NSApplication(NSApplicationAppearance_Internal) _registerForAppearanceNotifications] + 32
    frame #49: 0x000000019226ee24 AppKit`-[NSApplication init] + 908
    frame #50: 0x000000019226e8cc AppKit`+[NSApplication sharedApplication] + 128
 frame #51: 0x0000000100003f84 a.out`main + 52
    frame #52: 0x000000018e310274 dyld`start + 2840
```

</p>
</details>

The crash seems to be in:

https://github.com/llvm/llvm-project/blob/c4d656a4e992648f3490536336c230041c74dc38/compiler-rt/lib/sanitizer_common/sanitizer_allocator_secondary.h#L175-L178

Clang version: (I'm using the Clang from Homebrew here, because Apple's bundled Clang does not have LeakSanitizer enabled. The problem also reproduces with the Clang from Nixpkgs, and with `rustc`)
```
Homebrew clang version 19.1.4
Target: arm64-apple-darwin24.1.0
Thread model: posix
InstalledDir: /opt/homebrew/Cellar/llvm/19.1.4/bin
Configuration file: /opt/homebrew/etc/clang/arm64-apple-darwin24.cfg
```

Let me know if there's anything else I can do to resolve this!

_______________________________________________
llvm-bugs mailing list
llvm-bugs@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs

[llvm-bugs] [Bug 117476] [LSAN] macOS: Leak sanitizer hangs or crashes when using with AppKit

Reply via email to