-
Bug
-
Resolution: Unresolved
-
P4
-
26
-
generic
-
linux
Various nsk jvmti tests show memory issues when running with ASAN enabled binaries .
E.g. on Linux x86_64
hotspot/jtreg/vmTestbase/nsk/jvmti/RawMonitorEnter/rawmonenter003/TestDescription.java
==9799==ERROR: AddressSanitizer: global-buffer-overflow on address 0x153dff3a7040 at pc 0x153dfb3725eb bp 0x153d9fc55ca0 sp 0x153d9fc55c98
READ of size 4 at 0x153dff3a7040 thread T30 (MainThread)
#0 0x153dfb3725ea in unsigned int Bytes::get_native<unsigned int>(void const*) src/hotspot/cpu/x86/bytes_x86.hpp:43
#1 0x153dfb3725ea in Bytes::get_native_u4(unsigned char*) src/hotspot/cpu/x86/bytes_x86.hpp:63
#2 0x153dfb3725ea in JvmtiRawMonitor::is_valid() src/hotspot/share/prims/jvmtiRawMonitor.cpp:94
#3 0x153dfb19b16c in jvmti_RawMonitorEnter hotspot/variant-server/gensrc/jvmtifiles/jvmtiEnter.cpp:5121
#4 0x153dff399524 in _jvmtiEnv::RawMonitorEnter(_jrawMonitorID*) support/modules_include/java.base/jvmti.h:2491
#5 0x153dff399524 in Java_nsk_jvmti_RawMonitorEnter_rawmonenter003_check test/hotspot/jtreg/vmTestbase/nsk/jvmti/RawMonitorEnter/rawmonenter003/rawmonenter003.cpp:82
#6 0x153de6cc8f84 (<unknown module>)
0x153dff3a7040 is located 32 bytes before global variable 'allocBytes' defined in '/myfolder/jdk/test/hotspot/jtreg/vmTestbase/nsk/share/jvmti/Injector.cpp:99:11' (0x153dff3a7060) of size 3
0x153dff3a7040 is located 6 bytes after global variable 'bad_buf' defined in '/myfolder/jdk/test/hotspot/jtreg/vmTestbase/nsk/jvmti/RawMonitorEnter/rawmonenter003/rawmonenter003.cpp:39:13' (0x153dff3a7020) of size 26
'bad_buf' is ascii string 'this is a bad raw monitor'
SUMMARY: AddressSanitizer: global-buffer-overflow src/hotspot/cpu/x86/bytes_x86.hpp:43 in unsigned int Bytes::get_native<unsigned int>(void const*)
Shadow bytes around the buggy address:
0x153dff3a6d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x153dff3a6e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x153dff3a6e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x153dff3a6f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x153dff3a6f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x153dff3a7000: 00 00 00 00 00 00 00 02[f9]f9 f9 f9 03 f9 f9 f9
0x153dff3a7080: f9 f9 f9 f9 03 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
0x153dff3a7100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x153dff3a7180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x153dff3a7200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x153dff3a7280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Thread T30 (MainThread) created by T1 here:
#0 0x153e002b4191 in pthread_create (/usr/lib64/libasan.so.8+0xef191) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
#1 0x153dfbad2850 in os::create_thread(Thread*, os::ThreadType, unsigned long) src/hotspot/os/linux/os_linux.cpp:1061
#2 0x153dfaec6984 in JVM_StartThread src/hotspot/share/prims/jvm.cpp:2811
#3 0x153de6cc8f84 (<unknown module>)
#4 0x153de6cc4437 (<unknown module>)
#5 0x153de6cc4437 (<unknown module>)
#6 0x153de6cbcfa5 (<unknown module>)
#7 0x153dfab112c9 in JavaCalls::call_helper(JavaValue*, methodHandle const&, JavaCallArguments*, JavaThread*) src/hotspot/share/runtime/javaCalls.cpp:415
#8 0x153dfadf3ed1 in jni_invoke_static src/hotspot/share/prims/jni.cpp:883
#9 0x153dfadfd1f4 in jni_CallStaticVoidMethod src/hotspot/share/prims/jni.cpp:1712
#10 0x153e001a3edb in invokeStaticMainWithArgs src/java.base/share/native/libjli/java.c:392
#11 0x153e001a7b6f in JavaMain src/java.base/share/native/libjli/java.c:640
#12 0x153e001ace58 in ThreadJavaMain src/java.base/unix/native/libjli/java_md.c:646
#13 0x153e00223ff5 (/usr/lib64/libasan.so.8+0x5eff5) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
Thread T1 created by T0 here:
#0 0x153e002b4191 in pthread_create (/usr/lib64/libasan.so.8+0xef191) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
#1 0x153e001ae7a8 in CallJavaMainInNewThread src/java.base/unix/native/libjli/java_md.c:687
#2 0x153e001aa400 in ContinueInNewThread src/java.base/share/native/libjli/java.c:2340
#3 0x153e001abd5d in JLI_Launch src/java.base/share/native/libjli/java.c:330
#4 0x55b739cfc0fc in main src/java.base/share/native/launcher/main.c:150
#5 0x153dfffd624c in __libc_start_main (/lib64/libc.so.6+0x3524c) (BuildId: 74f77bf013a66413c77197c121955e029c32d259)
==9799==ABORTING
E.g. on Linux x86_64
hotspot/jtreg/vmTestbase/nsk/jvmti/RawMonitorEnter/rawmonenter003/TestDescription.java
==9799==ERROR: AddressSanitizer: global-buffer-overflow on address 0x153dff3a7040 at pc 0x153dfb3725eb bp 0x153d9fc55ca0 sp 0x153d9fc55c98
READ of size 4 at 0x153dff3a7040 thread T30 (MainThread)
#0 0x153dfb3725ea in unsigned int Bytes::get_native<unsigned int>(void const*) src/hotspot/cpu/x86/bytes_x86.hpp:43
#1 0x153dfb3725ea in Bytes::get_native_u4(unsigned char*) src/hotspot/cpu/x86/bytes_x86.hpp:63
#2 0x153dfb3725ea in JvmtiRawMonitor::is_valid() src/hotspot/share/prims/jvmtiRawMonitor.cpp:94
#3 0x153dfb19b16c in jvmti_RawMonitorEnter hotspot/variant-server/gensrc/jvmtifiles/jvmtiEnter.cpp:5121
#4 0x153dff399524 in _jvmtiEnv::RawMonitorEnter(_jrawMonitorID*) support/modules_include/java.base/jvmti.h:2491
#5 0x153dff399524 in Java_nsk_jvmti_RawMonitorEnter_rawmonenter003_check test/hotspot/jtreg/vmTestbase/nsk/jvmti/RawMonitorEnter/rawmonenter003/rawmonenter003.cpp:82
#6 0x153de6cc8f84 (<unknown module>)
0x153dff3a7040 is located 32 bytes before global variable 'allocBytes' defined in '/myfolder/jdk/test/hotspot/jtreg/vmTestbase/nsk/share/jvmti/Injector.cpp:99:11' (0x153dff3a7060) of size 3
0x153dff3a7040 is located 6 bytes after global variable 'bad_buf' defined in '/myfolder/jdk/test/hotspot/jtreg/vmTestbase/nsk/jvmti/RawMonitorEnter/rawmonenter003/rawmonenter003.cpp:39:13' (0x153dff3a7020) of size 26
'bad_buf' is ascii string 'this is a bad raw monitor'
SUMMARY: AddressSanitizer: global-buffer-overflow src/hotspot/cpu/x86/bytes_x86.hpp:43 in unsigned int Bytes::get_native<unsigned int>(void const*)
Shadow bytes around the buggy address:
0x153dff3a6d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x153dff3a6e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x153dff3a6e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x153dff3a6f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x153dff3a6f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x153dff3a7000: 00 00 00 00 00 00 00 02[f9]f9 f9 f9 03 f9 f9 f9
0x153dff3a7080: f9 f9 f9 f9 03 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
0x153dff3a7100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x153dff3a7180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x153dff3a7200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x153dff3a7280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Thread T30 (MainThread) created by T1 here:
#0 0x153e002b4191 in pthread_create (/usr/lib64/libasan.so.8+0xef191) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
#1 0x153dfbad2850 in os::create_thread(Thread*, os::ThreadType, unsigned long) src/hotspot/os/linux/os_linux.cpp:1061
#2 0x153dfaec6984 in JVM_StartThread src/hotspot/share/prims/jvm.cpp:2811
#3 0x153de6cc8f84 (<unknown module>)
#4 0x153de6cc4437 (<unknown module>)
#5 0x153de6cc4437 (<unknown module>)
#6 0x153de6cbcfa5 (<unknown module>)
#7 0x153dfab112c9 in JavaCalls::call_helper(JavaValue*, methodHandle const&, JavaCallArguments*, JavaThread*) src/hotspot/share/runtime/javaCalls.cpp:415
#8 0x153dfadf3ed1 in jni_invoke_static src/hotspot/share/prims/jni.cpp:883
#9 0x153dfadfd1f4 in jni_CallStaticVoidMethod src/hotspot/share/prims/jni.cpp:1712
#10 0x153e001a3edb in invokeStaticMainWithArgs src/java.base/share/native/libjli/java.c:392
#11 0x153e001a7b6f in JavaMain src/java.base/share/native/libjli/java.c:640
#12 0x153e001ace58 in ThreadJavaMain src/java.base/unix/native/libjli/java_md.c:646
#13 0x153e00223ff5 (/usr/lib64/libasan.so.8+0x5eff5) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
Thread T1 created by T0 here:
#0 0x153e002b4191 in pthread_create (/usr/lib64/libasan.so.8+0xef191) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
#1 0x153e001ae7a8 in CallJavaMainInNewThread src/java.base/unix/native/libjli/java_md.c:687
#2 0x153e001aa400 in ContinueInNewThread src/java.base/share/native/libjli/java.c:2340
#3 0x153e001abd5d in JLI_Launch src/java.base/share/native/libjli/java.c:330
#4 0x55b739cfc0fc in main src/java.base/share/native/launcher/main.c:150
#5 0x153dfffd624c in __libc_start_main (/lib64/libc.so.6+0x3524c) (BuildId: 74f77bf013a66413c77197c121955e029c32d259)
==9799==ABORTING