P4
When running HS :tier2 tests with ASAN enabled binaries on Linux, some cds related tests
e.g. runtime/cds/appcds/CommandLineFlagCombo.java show the following issue :
==13532==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x5030000452c3 at pc 0x154427733f96 bp 0x153ff7c4fc60 sp 0x153ff7c4f420
READ of size 16 at 0x5030000452c3 thread T14 (VM Thread)
#0 0x154427733f95 in memcpy (/usr/lib64/libasan.so.8+0xf4f95) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
#1 0x1544209c767b in ArchiveBuilder::make_shallow_copy(DumpRegion*, ArchiveBuilder::SourceObjInfo*) src/hotspot/share/cds/archiveBuilder.cpp:694
#2 0x1544209c8f31 in ArchiveBuilder::make_shallow_copies(DumpRegion*, ArchiveBuilder::SourceObjList const*) src/hotspot/share/cds/archiveBuilder.cpp:656
#3 0x1544209c8f31 in ArchiveBuilder::dump_ro_metadata() src/hotspot/share/cds/archiveBuilder.cpp:640
#4 0x154421897b2b in DynamicArchiveBuilder::doit() src/hotspot/share/cds/dynamicArchive.cpp:135
#5 0x154421897b2b in VM_PopulateDynamicDumpSharedSpace::doit() src/hotspot/share/cds/dynamicArchive.cpp:399
#6 0x154423d2ddfc in VM_Operation::evaluate() src/hotspot/share/runtime/vmOperations.cpp:74
#7 0x154423d39e0a in VMThread::evaluate_operation(VM_Operation*) src/hotspot/share/runtime/vmThread.cpp:282
#8 0x154423d3c4c2 in VMThread::inner_execute(VM_Operation*) src/hotspot/share/runtime/vmThread.cpp:426
#9 0x154423d3cb96 in VMThread::loop() src/hotspot/share/runtime/vmThread.cpp:492
#10 0x154423d3cb96 in VMThread::run() src/hotspot/share/runtime/vmThread.cpp:176
#11 0x154423b18f7f in Thread::call_run() src/hotspot/share/runtime/thread.cpp:243
#12 0x154422fcf5f2 in thread_native_entry src/hotspot/os/linux/os_linux.cpp:868
#13 0x15442769dff5 (/usr/lib64/libasan.so.8+0x5eff5) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
#14 0x1544273f06e9 in start_thread (/lib64/libpthread.so.0+0xa6e9) (BuildId: 938e42b7e407d175ee3ef9a89c038168101d330c)
#15 0x15442753358e in clone (/lib64/libc.so.6+0x11858e) (BuildId: 74f77bf013a66413c77197c121955e029c32d259)
0x5030000452c3 is located 0 bytes after 19-byte region [0x5030000452b0,0x5030000452c3)
allocated by thread T1 here:
#0 0x1544277362b7 in malloc (/usr/lib64/libasan.so.8+0xf72b7) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
#1 0x154422fb4877 in permit_forbidden_function::malloc(unsigned long) src/hotspot/share/utilities/permitForbiddenFunctions.hpp:63
#2 0x154422fb4877 in os::malloc(unsigned long, MemTag, NativeCallStack const&) src/hotspot/share/runtime/os.cpp:659
#3 0x15442097079b in AllocateHeap(unsigned long, MemTag, NativeCallStack const&, AllocFailStrategy::AllocFailEnum) src/hotspot/share/memory/allocation.cpp:40
#4 0x15442097079b in AllocateHeap(unsigned long, MemTag, AllocFailStrategy::AllocFailEnum) src/hotspot/share/memory/allocation.cpp:50
#5 0x1544239e3b60 in SymbolTableConfig::allocate_node_impl(unsigned long, Symbol const&) src/hotspot/share/classfile/symbolTable.cpp:195
#6 0x1544239e3b60 in SymbolTableConfig::allocate_node(void*, unsigned long, Symbol const&) src/hotspot/share/classfile/symbolTable.cpp:137
#7 0x1544239e3b60 in ConcurrentHashTable<SymbolTableConfig, (MemTag)11>::Node::create_node(void*, Symbol const&, ConcurrentHashTable<SymbolTableConfig, (MemTag)11>::Node*) src/hotspot/share/utilities/concurrentHashTable.hpp:93
#8 0x1544239e3b60 in bool ConcurrentHashTable<SymbolTableConfig, (MemTag)11>::internal_insert_get<SymbolTableLookup, ConcurrentHashTable<SymbolTableConfig, (MemTag)11>::insert<SymbolTableLookup>(Thread*, SymbolTableLookup&, Symbol const&, bool*, bool*)::NOP>(Thread*, SymbolTableLookup&, Symbol const&, ConcurrentHashTable<SymbolTableConfig, (MemTag)11>::insert<SymbolTableLookup>(Thread*, SymbolTableLookup&, Symbol const&, bool*, bool*)::NOP&, bool*, bool*) src/hotspot/share/utilities/concurrentHashTable.inline.hpp:896
#9 0x1544239e3b60 in bool ConcurrentHashTable<SymbolTableConfig, (MemTag)11>::insert<SymbolTableLookup>(Thread*, SymbolTableLookup&, Symbol const&, bool*, bool*) src/hotspot/share/utilities/concurrentHashTable.hpp:471
#10 0x1544239e3b60 in SymbolTable::do_add_if_needed(char const*, int, unsigned long, bool) src/hotspot/share/classfile/symbolTable.cpp:520
#11 0x1544223c24ca in JVM_FindClassFromCaller src/hotspot/share/prims/jvm.cpp:808
#12 0x154415e06297 in Java_java_lang_Class_forName0 src/java.base/share/native/libjava/Class.c:137
#13 0x15440e1c8f84 (<unknown module>)
#14 0x15440e1c45d1 (<unknown module>)
#15 0x15440e1c45d1 (<unknown module>)
#16 0x15440e1c45d1 (<unknown module>)
#17 0x15440e1bcfa5 (<unknown module>)
#18 0x1544220112c9 in JavaCalls::call_helper(JavaValue*, methodHandle const&, JavaCallArguments*, JavaThread*) src/hotspot/share/runtime/javaCalls.cpp:415
#19 0x1544222f3ed1 in jni_invoke_static src/hotspot/share/prims/jni.cpp:883
#20 0x1544222f6819 in jni_CallStaticObjectMethod src/hotspot/share/prims/jni.cpp:1572
#21 0x15442761facc in LoadMainClass src/java.base/share/native/libjli/java.c:1601
#22 0x15442761facc in JavaMain src/java.base/share/native/libjli/java.c:592
#23 0x154427626e58 in ThreadJavaMain src/java.base/unix/native/libjli/java_md.c:646
#24 0x15442769dff5 (/usr/lib64/libasan.so.8+0x5eff5) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
Thread T14 (VM Thread) created by T1 here:
#0 0x15442772e191 in pthread_create (/usr/lib64/libasan.so.8+0xef191) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
#1 0x154422fd2850 in os::create_thread(Thread*, os::ThreadType, unsigned long) src/hotspot/os/linux/os_linux.cpp:1061
#2 0x154423b5372f in Threads::create_vm(JavaVMInitArgs*, bool*) src/hotspot/share/runtime/threads.cpp:645
#3 0x1544222c5248 in JNI_CreateJavaVM_inner src/hotspot/share/prims/jni.cpp:3587
#4 0x1544222c5248 in JNI_CreateJavaVM src/hotspot/share/prims/jni.cpp:3678
#5 0x15442761e633 in InitializeJVM src/java.base/share/native/libjli/java.c:1506
#6 0x15442761e633 in JavaMain src/java.base/share/native/libjli/java.c:494
#7 0x154427626e58 in ThreadJavaMain src/java.base/unix/native/libjli/java_md.c:646
#8 0x15442769dff5 (/usr/lib64/libasan.so.8+0x5eff5) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
Thread T1 created by T0 here:
#0 0x15442772e191 in pthread_create (/usr/lib64/libasan.so.8+0xef191) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
#1 0x1544276287a8 in CallJavaMainInNewThread src/java.base/unix/native/libjli/java_md.c:687
#2 0x154427624400 in ContinueInNewThread src/java.base/share/native/libjli/java.c:2340
#3 0x154427625d5d in JLI_Launch src/java.base/share/native/libjli/java.c:330
#4 0x56316abbd0fc in main src/java.base/share/native/launcher/main.c:150
#5 0x15442745024c in __libc_start_main (/lib64/libc.so.6+0x3524c) (BuildId: 74f77bf013a66413c77197c121955e029c32d259)
SUMMARY: AddressSanitizer: heap-buffer-overflow (/usr/lib64/libasan.so.8+0xf4f95) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f) in memcpy
Shadow bytes around the buggy address:
0x503000045000: fa fa 00 00 00 fa fa fa 00 00 03 fa fa fa 00 00
0x503000045080: 07 fa fa fa fd fd fd fa fa fa fd fd fd fa fa fa
0x503000045100: 00 00 00 00 fa fa fd fd fd fa fa fa 00 00 00 00
0x503000045180: fa fa 00 00 00 00 fa fa 00 00 00 00 fa fa 00 00
0x503000045200: 00 00 fa fa fd fd fd fa fa fa 00 00 00 00 fa fa
=>0x503000045280: fd fd fd fa fa fa 00 00[03]fa fa fa fd fd fd fa
0x503000045300: fa fa fd fd fd fa fa fa 00 00 00 00 fa fa fd fd
0x503000045380: fd fa fa fa fd fd fd fa fa fa fd fd fd fa fa fa
0x503000045400: fd fd fd fa fa fa 00 00 00 00 fa fa fd fd fd fa
0x503000045480: fa fa 00 00 00 00 fa fa fd fd fd fa fa fa fd fd
0x503000045500: fd fa fa fa fd fd fd fa fa fa fd fd fd fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==13532==ABORTING
e.g. runtime/cds/appcds/CommandLineFlagCombo.java show the following issue :
==13532==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x5030000452c3 at pc 0x154427733f96 bp 0x153ff7c4fc60 sp 0x153ff7c4f420
READ of size 16 at 0x5030000452c3 thread T14 (VM Thread)
#0 0x154427733f95 in memcpy (/usr/lib64/libasan.so.8+0xf4f95) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
#1 0x1544209c767b in ArchiveBuilder::make_shallow_copy(DumpRegion*, ArchiveBuilder::SourceObjInfo*) src/hotspot/share/cds/archiveBuilder.cpp:694
#2 0x1544209c8f31 in ArchiveBuilder::make_shallow_copies(DumpRegion*, ArchiveBuilder::SourceObjList const*) src/hotspot/share/cds/archiveBuilder.cpp:656
#3 0x1544209c8f31 in ArchiveBuilder::dump_ro_metadata() src/hotspot/share/cds/archiveBuilder.cpp:640
#4 0x154421897b2b in DynamicArchiveBuilder::doit() src/hotspot/share/cds/dynamicArchive.cpp:135
#5 0x154421897b2b in VM_PopulateDynamicDumpSharedSpace::doit() src/hotspot/share/cds/dynamicArchive.cpp:399
#6 0x154423d2ddfc in VM_Operation::evaluate() src/hotspot/share/runtime/vmOperations.cpp:74
#7 0x154423d39e0a in VMThread::evaluate_operation(VM_Operation*) src/hotspot/share/runtime/vmThread.cpp:282
#8 0x154423d3c4c2 in VMThread::inner_execute(VM_Operation*) src/hotspot/share/runtime/vmThread.cpp:426
#9 0x154423d3cb96 in VMThread::loop() src/hotspot/share/runtime/vmThread.cpp:492
#10 0x154423d3cb96 in VMThread::run() src/hotspot/share/runtime/vmThread.cpp:176
#11 0x154423b18f7f in Thread::call_run() src/hotspot/share/runtime/thread.cpp:243
#12 0x154422fcf5f2 in thread_native_entry src/hotspot/os/linux/os_linux.cpp:868
#13 0x15442769dff5 (/usr/lib64/libasan.so.8+0x5eff5) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
#14 0x1544273f06e9 in start_thread (/lib64/libpthread.so.0+0xa6e9) (BuildId: 938e42b7e407d175ee3ef9a89c038168101d330c)
#15 0x15442753358e in clone (/lib64/libc.so.6+0x11858e) (BuildId: 74f77bf013a66413c77197c121955e029c32d259)
0x5030000452c3 is located 0 bytes after 19-byte region [0x5030000452b0,0x5030000452c3)
allocated by thread T1 here:
#0 0x1544277362b7 in malloc (/usr/lib64/libasan.so.8+0xf72b7) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
#1 0x154422fb4877 in permit_forbidden_function::malloc(unsigned long) src/hotspot/share/utilities/permitForbiddenFunctions.hpp:63
#2 0x154422fb4877 in os::malloc(unsigned long, MemTag, NativeCallStack const&) src/hotspot/share/runtime/os.cpp:659
#3 0x15442097079b in AllocateHeap(unsigned long, MemTag, NativeCallStack const&, AllocFailStrategy::AllocFailEnum) src/hotspot/share/memory/allocation.cpp:40
#4 0x15442097079b in AllocateHeap(unsigned long, MemTag, AllocFailStrategy::AllocFailEnum) src/hotspot/share/memory/allocation.cpp:50
#5 0x1544239e3b60 in SymbolTableConfig::allocate_node_impl(unsigned long, Symbol const&) src/hotspot/share/classfile/symbolTable.cpp:195
#6 0x1544239e3b60 in SymbolTableConfig::allocate_node(void*, unsigned long, Symbol const&) src/hotspot/share/classfile/symbolTable.cpp:137
#7 0x1544239e3b60 in ConcurrentHashTable<SymbolTableConfig, (MemTag)11>::Node::create_node(void*, Symbol const&, ConcurrentHashTable<SymbolTableConfig, (MemTag)11>::Node*) src/hotspot/share/utilities/concurrentHashTable.hpp:93
#8 0x1544239e3b60 in bool ConcurrentHashTable<SymbolTableConfig, (MemTag)11>::internal_insert_get<SymbolTableLookup, ConcurrentHashTable<SymbolTableConfig, (MemTag)11>::insert<SymbolTableLookup>(Thread*, SymbolTableLookup&, Symbol const&, bool*, bool*)::NOP>(Thread*, SymbolTableLookup&, Symbol const&, ConcurrentHashTable<SymbolTableConfig, (MemTag)11>::insert<SymbolTableLookup>(Thread*, SymbolTableLookup&, Symbol const&, bool*, bool*)::NOP&, bool*, bool*) src/hotspot/share/utilities/concurrentHashTable.inline.hpp:896
#9 0x1544239e3b60 in bool ConcurrentHashTable<SymbolTableConfig, (MemTag)11>::insert<SymbolTableLookup>(Thread*, SymbolTableLookup&, Symbol const&, bool*, bool*) src/hotspot/share/utilities/concurrentHashTable.hpp:471
#10 0x1544239e3b60 in SymbolTable::do_add_if_needed(char const*, int, unsigned long, bool) src/hotspot/share/classfile/symbolTable.cpp:520
#11 0x1544223c24ca in JVM_FindClassFromCaller src/hotspot/share/prims/jvm.cpp:808
#12 0x154415e06297 in Java_java_lang_Class_forName0 src/java.base/share/native/libjava/Class.c:137
#13 0x15440e1c8f84 (<unknown module>)
#14 0x15440e1c45d1 (<unknown module>)
#15 0x15440e1c45d1 (<unknown module>)
#16 0x15440e1c45d1 (<unknown module>)
#17 0x15440e1bcfa5 (<unknown module>)
#18 0x1544220112c9 in JavaCalls::call_helper(JavaValue*, methodHandle const&, JavaCallArguments*, JavaThread*) src/hotspot/share/runtime/javaCalls.cpp:415
#19 0x1544222f3ed1 in jni_invoke_static src/hotspot/share/prims/jni.cpp:883
#20 0x1544222f6819 in jni_CallStaticObjectMethod src/hotspot/share/prims/jni.cpp:1572
#21 0x15442761facc in LoadMainClass src/java.base/share/native/libjli/java.c:1601
#22 0x15442761facc in JavaMain src/java.base/share/native/libjli/java.c:592
#23 0x154427626e58 in ThreadJavaMain src/java.base/unix/native/libjli/java_md.c:646
#24 0x15442769dff5 (/usr/lib64/libasan.so.8+0x5eff5) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
Thread T14 (VM Thread) created by T1 here:
#0 0x15442772e191 in pthread_create (/usr/lib64/libasan.so.8+0xef191) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
#1 0x154422fd2850 in os::create_thread(Thread*, os::ThreadType, unsigned long) src/hotspot/os/linux/os_linux.cpp:1061
#2 0x154423b5372f in Threads::create_vm(JavaVMInitArgs*, bool*) src/hotspot/share/runtime/threads.cpp:645
#3 0x1544222c5248 in JNI_CreateJavaVM_inner src/hotspot/share/prims/jni.cpp:3587
#4 0x1544222c5248 in JNI_CreateJavaVM src/hotspot/share/prims/jni.cpp:3678
#5 0x15442761e633 in InitializeJVM src/java.base/share/native/libjli/java.c:1506
#6 0x15442761e633 in JavaMain src/java.base/share/native/libjli/java.c:494
#7 0x154427626e58 in ThreadJavaMain src/java.base/unix/native/libjli/java_md.c:646
#8 0x15442769dff5 (/usr/lib64/libasan.so.8+0x5eff5) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
Thread T1 created by T0 here:
#0 0x15442772e191 in pthread_create (/usr/lib64/libasan.so.8+0xef191) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
#1 0x1544276287a8 in CallJavaMainInNewThread src/java.base/unix/native/libjli/java_md.c:687
#2 0x154427624400 in ContinueInNewThread src/java.base/share/native/libjli/java.c:2340
#3 0x154427625d5d in JLI_Launch src/java.base/share/native/libjli/java.c:330
#4 0x56316abbd0fc in main src/java.base/share/native/launcher/main.c:150
#5 0x15442745024c in __libc_start_main (/lib64/libc.so.6+0x3524c) (BuildId: 74f77bf013a66413c77197c121955e029c32d259)
SUMMARY: AddressSanitizer: heap-buffer-overflow (/usr/lib64/libasan.so.8+0xf4f95) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f) in memcpy
Shadow bytes around the buggy address:
0x503000045000: fa fa 00 00 00 fa fa fa 00 00 03 fa fa fa 00 00
0x503000045080: 07 fa fa fa fd fd fd fa fa fa fd fd fd fa fa fa
0x503000045100: 00 00 00 00 fa fa fd fd fd fa fa fa 00 00 00 00
0x503000045180: fa fa 00 00 00 00 fa fa 00 00 00 00 fa fa 00 00
0x503000045200: 00 00 fa fa fd fd fd fa fa fa 00 00 00 00 fa fa
=>0x503000045280: fd fd fd fa fa fa 00 00[03]fa fa fa fd fd fd fa
0x503000045300: fa fa fd fd fd fa fa fa 00 00 00 00 fa fa fd fd
0x503000045380: fd fa fa fa fd fd fd fa fa fa fd fd fd fa fa fa
0x503000045400: fd fd fd fa fa fa 00 00 00 00 fa fa fd fd fd fa
0x503000045480: fa fa 00 00 00 00 fa fa fd fd fd fa fa fa fd fd
0x503000045500: fd fa fa fa fd fd fd fa fa fa fd fd fd fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==13532==ABORTING
- relates to
-
JDK-8358289 [asan] runtime/cds/appcds/aotCode/AOTCodeFlags.java reports heap-buffer-overflow in ArchiveBuilder
-
- Resolved
-