Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

freed and allocated stack it's short, Only 2 frames. How to increase into 5 frames? #982

Closed
TyphoonWu opened this issue Jul 2, 2018 · 5 comments
Closed

freed and allocated stack it's short, Only 2 frames. How to increase into 5 frames? #982

TyphoonWu opened this issue Jul 2, 2018 · 5 comments
Assignees
@eugenis

Comments

@TyphoonWu
Copy link

freed and allocated stack it's short, Only 2 frames. How to increase into 5 frames?
06-28 02:53:44.196 4831 4831 I : freed by thread T0 here:
06-28 02:53:44.196 4831 4831 I :
06-28 02:53:44.196 4831 4831 I : #0 0xf087ead3 (/system/lib/libclang_rt.asan-arm-android.so+0x98ad3)
06-28 02:53:44.196 4831 4831 I :
06-28 02:53:44.196 4831 4831 I : #1 0xed5254c3 (/data/asan/vendor/lib/hw/[email protected]+0x1d4c3)
06-28 02:53:44.196 4831 4831 I :
06-28 02:53:44.197 4831 4831 I :
06-28 02:53:44.197 4831 4831 I : previously allocated by thread T0 here:
06-28 02:53:44.197 4831 4831 I :
06-28 02:53:44.197 4831 4831 I : #0 0xf087e44f (/system/lib/libclang_rt.asan-arm-android.so+0x9844f)
06-28 02:53:44.197 4831 4831 I :
06-28 02:53:44.197 4831 4831 I : #1 0xed5254a9 (/data/asan/vendor/lib/hw/[email protected]+0x1d4a9)
06-28 02:53:44.197 4831 4831 I :
@eugenis
Copy link
Contributor

eugenis commented Jul 2, 2018

Three options:

  1. Build [email protected] with ASan
  2. Build [email protected] with -fno-omit-frame-pointer (this is done automatically when you build with ASan)
  3. Add fast_unwind_on_malloc=0 to asan options. This will slow down program execution a lot. Depending on what is more convenient for you, asan options can be set through environment (ASAN_OPTIONS) or in /asan.options file, or in an application/binary-specific file (see https://android.googlesource.com/platform/system/core/+/master/rootdir/asan.options#8).

@TyphoonWu
Copy link
Author

TyphoonWu commented Jul 3, 2018
edited
Loading

I verify on android O,
Only add 'fast_unwind_on_malloc=0' or both add 'fast_unwind_on_malloc=0' and 'malloc_context_size=5', ASAN SEGV.
Here is my changes:

  1. Android.bp
  •   cflags: [

  •           "-Wno-error",   

  •       "-fno-omit-frame-pointer",

  •           "-O0",

  •           "-Wno-frame-larger-than=",

  •           "-fsanitize-recover=address"

  •   ],

  •   clang: true,

  •   sanitize: {

  •                   address: true,

  •   },
  1. ASAN_OPTIONS in device:
    C:\Users\guanping>adb shell cat system/asan.options
    allow_user_segv_handler=1
    detect_odr_violation=0
    alloc_dealloc_mismatch=0
    allocator_may_return_null=1
    detect_container_overflow=0
    abort_on_error=1
    halt_on_error=0
    verbosity=1
    fast_unwind_on_malloc=0
    malloc_context_size=2
    include_if_exists=/system/asan.options.%b
  2. logs, Only 2 frames:
    06-28 03:53:54.885 4723 4723 I : freed by thread T0 here:
    06-28 03:53:54.885 4723 4723 I :
    06-28 03:53:54.885 4723 4723 I : #0 0xf2780ad3 (/system/lib/libclang_rt.asan-arm-android.so+0x98ad3)
    06-28 03:53:54.885 4723 4723 I :
    06-28 03:53:54.885 4723 4723 I : Upgrade the LLVM code to avoid creating AVX instructions instead of SSE2 instructions #1 0xef11e4c3 (/data/asan/vendor/lib/hw/[email protected]+0x1d4c3)
    06-28 03:53:54.885 4723 4723 I :
    06-28 03:53:54.885 4723 4723 I :
    06-28 03:53:54.886 4723 4723 I : previously allocated by thread T0 here:
    06-28 03:53:54.886 4723 4723 I :
    06-28 03:53:54.886 4723 4723 I : #0 0xf278044f (/system/lib/libclang_rt.asan-arm-android.so+0x9844f)
    06-28 03:53:54.886 4723 4723 I :
    06-28 03:53:54.886 4723 4723 I : Upgrade the LLVM code to avoid creating AVX instructions instead of SSE2 instructions #1 0xef11e4a9 (/data/asan/vendor/lib/hw/[email protected]+0x1d4a9)
  3. When I set the malloc_context_size=3, ASAN SEGV.
    06-28 03:56:42.099 6233 6233 I :
    06-28 03:56:42.099 6233 6233 I :
    06-28 03:56:42.099 6233 6233 I : redzone=16
    06-28 03:56:42.099 6233 6233 I :
    06-28 03:56:42.099 6233 6233 I : max_redzone=2048
    06-28 03:56:42.099 6233 6233 I :
    06-28 03:56:42.099 6233 6233 I : quarantine_size_mb=16M
    06-28 03:56:42.099 6233 6233 I :
    06-28 03:56:42.099 6233 6233 I : thread_local_quarantine_size_kb=64K
    06-28 03:56:42.099 6233 6233 I :
    06-28 03:56:42.099 6233 6233 I : malloc_context_size=3
    06-28 03:56:42.099 6233 6233 I :
    06-28 03:56:42.099 6233 6233 I : SHADOW_SCALE: 3
    06-28 03:56:42.099 6233 6233 I :
    06-28 03:56:42.100 6233 6233 I : SHADOW_GRANULARITY: 8
    06-28 03:56:42.100 6233 6233 I :
    06-28 03:56:42.100 6233 6233 I : SHADOW_OFFSET: 0x0
    06-28 03:56:45.348 6233 6233 I :
    06-28 03:56:45.348 6233 6233 I : ==6233==ERROR: AddressSanitizer: SEGV on unknown address 0x0000001f (pc 0xe741273c bp 0xff983e20 sp 0xff9836b8 T0)
    06-28 03:56:45.348 6233 6233 I :
    06-28 03:56:45.348 6233 6233 I :
    06-28 03:56:45.348 6233 6233 I : ==6233==The signal is caused by a READ memory access.
    06-28 03:56:45.348 6233 6233 I :
    06-28 03:56:45.348 6233 6233 I : ==6233==Hint: address points to the zero page.
    06-28 03:56:45.348 6233 6233 I :
    06-28 03:56:45.381 6233 6233 I :
    06-28 03:56:45.382 6233 6233 I :
    06-28 03:56:45.382 6233 6233 I :
    06-28 03:56:45.382 6233 6233 I : AddressSanitizer can not provide additional info.
    06-28 03:56:45.382 6233 6233 I :
    06-28 03:56:45.382 6233 6233 I : SUMMARY: AddressSanitizer: SEGV
    06-28 03:56:45.382 6233 6233 I :
    06-28 03:56:45.383 6233 6233 I : ==6233==ABORTING
    06-28 03:56:45.383 6233 6233 I :
    06-28 03:56:45.383 6233 6233 F libc : Fatal signal 6 (SIGABRT), code -6 in tid 6233 (android.hardwar), pid 6233 (android.hardwar)
    ......
    06-28 03:56:45.483 6462 6462 F DEBUG : ABI: 'arm'
    06-28 03:56:45.483 6462 6462 F DEBUG : pid: 6233, tid: 6233, name: android.hardwar >>> /vendor/bin/hw/[email protected] <<<
    06-28 03:56:45.483 6462 6462 F DEBUG : signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr --------
    06-28 03:56:45.483 6462 6462 F DEBUG : r0 00000000 r1 00001859 r2 00000006 r3 00000008
    06-28 03:56:45.483 6462 6462 F DEBUG : r4 00001859 r5 00001859 r6 e7d5b244 r7 0000010c
    06-28 03:56:45.483 6462 6462 F DEBUG : r8 00000000 r9 e776ece8 sl 00000000 fp ff983e20
    06-28 03:56:45.483 6462 6462 F DEBUG : ip e7d5bc90 sp e7d5b230 lr e746b781 pc e7465438 cpsr 20070030
    06-28 03:56:45.501 6462 6462 F DEBUG :
    06-28 03:56:45.501 6462 6462 F DEBUG : backtrace:
    06-28 03:56:45.502 6462 6462 F DEBUG : #00 pc 0001a438 /system/lib/libc.so (abort+63)
    06-28 03:56:45.502 6462 6462 F DEBUG : Upgrade the LLVM code to avoid creating AVX instructions instead of SSE2 instructions #1 pc 000a18b3 /system/lib/libclang_rt.asan-arm-android.so (__sanitizer::Abort()+40)
    06-28 03:56:45.502 6462 6462 F DEBUG : Build failed on RHEL 5.6 #2 pc 000a6449 /system/lib/libclang_rt.asan-arm-android.so (__sanitizer::Die()+60)
    06-28 03:56:45.502 6462 6462 F DEBUG : globals are broken if PIC and nonPIC objects are mixed:  #3 pc 0008ffc0 /system/lib/libclang_rt.asan-arm-android.so (__asan::ScopedInErrorReport::~ScopedInErrorReport()+352)
    06-28 03:56:45.502 6462 6462 F DEBUG : Clang changes behaviour of MemIntrinsic functions before we instrument their arguments #4 pc 000900b8 /system/lib/libclang_rt.asan-arm-android.so (__asan::ReportDeadlySignal(int, __sanitizer::SignalContext const&)+160)
    06-28 03:56:45.502 6462 6462 F DEBUG : ASAN fails to link programs with -O0 #5 pc 0008f0fc /system/lib/libclang_rt.asan-arm-android.so (__asan::AsanOnDeadlySignal(int, void*, void*)+188)
    06-28 03:56:45.502 6462 6462 F DEBUG : clang on CentOS  #6 pc 00018a08 /system/lib/libc.so
    06-28 03:56:45.502 6462 6462 F DEBUG : No redzones for weak symbols #7 pc 0007c738 /system/lib/vndk-sp/libc++.so (unw_set_fpreg+53)
    06-28 03:56:45.502 6462 6462 F DEBUG : implement adaptive redzones  #8 pc 00053968 /system/lib/vndk-sp/libc++.so (std::__1::ios_base::clear(unsigned int)+115)
    06-28 03:56:45.503 6462 6462 F DEBUG : Asan logo is no longer relevant #9 pc 0001f70c [stack:ff964000]

06-28 03:56:45.502 6462 6462 F DEBUG : #7 pc 0007c738 /system/lib/vndk-sp/libc++.so (unw_set_fpreg+53)
06-28 03:56:45.502 6462 6462 F DEBUG : #8 pc 00053968 /system/lib/vndk-sp/libc++.so (std::__1::ios_base::clear(unsigned int)+115)
It's at AOSP code:
external/libunwind_llvm/src/libunwind.cpp:223
external/libcxx/src/ios.cpp:274 (discriminator 3)

@eugenis
Copy link
Contributor

eugenis commented Jul 3, 2018 via email

@TyphoonWu
Copy link
Author

@eugenis Thanks for you input. /system/lib/vndk-sp/libc++.so it's AOSP code, May be have bug on it.
Looks like it impossible enlarge the frames print.

@Shuang-Zi
Copy link

@TyphoonWu @eugenis
Hello everyone, I also encountered this problem recently. The frames printed by freed and previously allocated are too few, and they are all in libcxx, which makes me unable to locate the problem in my own code.
I have done all the operations mentioned above, but it didn't work.
I would like to ask, is there any other suggestion?
Thanks.

@Shuang-Zi Shuang-Zi mentioned this issue Mar 16, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@eugenis eugenis

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@eugenis @TyphoonWu @Shuang-Zi