Re: Asan help request

On Jul 24, 2013, at 8:41 PM, George Greer <perl@greerga.m-l.org> wrote:

> On Wed, 24 Jul 2013, Father Chrysostomos wrote:
> 
>> Could somebody with asan installed help me figure out which
>> commit on the smoke-me/padconst branch is causing asan to
>> get upset? I don't understand the output in the log at
>> <http://m-l.org/~perl/smoke/perl/linux/smoke-me_clang_sanitize=address/Father Chrysostomos/log9f8bc17bee719380806fbe448f675e416a5d9b57.log.gz>.
> 
> Mental note to self: remember to run Configure with -DDEBUGGING or the LLVM symbolizer won't work because it lacks debugging symbols.
> 
> The CGI uploadInfo and upload are because CGI rejects TMPDIR when it contains an = sign.  My smoke scripts set TMPDIR=$HOME/tmp/$SMOKEWHAT, which in the case of addresssanitizer means "smoke-me_clang_sanitize=address" or "blead_clang_sanitize=address". I did that because the perl tests are very sloppy about cleaning up the temporary directory and it grew very large over time.  This way each smoker has a private temporary directory that can be wiped after each run. Unfortunately CGI turns out not to like the equal sign.
> 
> The re/pat_rt_report.t failure symbolizes to:
> 
> ==4709==ERROR: AddressSanitizer: heap-use-after-free on address 0x60400009ad24 at pc 0x7def00 bp 0x7fffd63a7b00 sp 0x7fffd63a7af8
> WRITE of size 4 at 0x60400009ad24 thread T0
>   #0 0x7deeff in S_cleanup_regmatch_info_aux regexec.c:7625
>   #1 0x7181a2 in Perl_leave_scope scope.c:1097
>   #2 0x7c757f in Perl_regexec_flags regexec.c:2804
>   #3 0x65401c in Perl_pp_match pp_hot.c:1452
>   #4 0x5dd710 in Perl_runops_debug dump.c:2240
>   #5 0x498a4f in S_run_body perl.c:2496
>   #6 0x49837c in perl_run perl.c:2412
>   #7 0x443709 in main perlmain.c:114
>   #8 0x7f6ad45a3ea4 in __libc_start_main /build/buildd/eglibc-2.17/csu/libc-start.c:260
>   #9 0x44343c in _start ??:?
> 0x60400009ad24 is located 20 bytes inside of 40-byte region [0x60400009ad10,0x60400009ad38)
> freed by thread T0 here:
>   #0 0x435b32 in free ??:?
>   #1 0x5f72de in Perl_mg_free mg.c:561
>   #2 0x6a73ae in Perl_sv_free2 sv.c:6625
> previously allocated by thread T0 here:
>   #0 0x435c93 in calloc ??:?
>   #1 0x5deded in Perl_safesyscalloc util.c:330
> 
> Looks like it is trying to write to magic that has already been reaped as unused by leaving the scope.

Can you figure out which commit caused it to start?  (I would do it with smoke-me, but that would take weeks.)

• Asan help request by Father Chrysostomos
• Re: Asan help request by George Greer
• Re: Asan help request by Father Chrysostomos
• Re: Asan help request by Nicholas Clark
• Using braces on 'if'; Was: Re: Asan help request by Karl Williamson
• Re: Using braces on 'if'; Was: Re: Asan help request by Dave Mitchell
• Re: Using braces on 'if'; Was: Re: Asan help request by Steffen Mueller
• Re: Using braces on 'if'; Was: Re: Asan help request by Father Chrysostomos
• Re: Using braces on 'if'; Was: Re: Asan help request by Ricardo Signes
• Re: Using braces on 'if'; Was: Re: Asan help request by H.Merijn Brand
• Re: Using braces on 'if'; Was: Re: Asan help request by demerphq
• Re: Using braces on 'if'; Was: Re: Asan help request by H.Merijn Brand
• Re: Using braces on 'if'; Was: Re: Asan help request by Uri Guttman
• Re: Using braces on 'if'; Was: Re: Asan help request by H.Merijn Brand
• Re: Using braces on 'if'; Was: Re: Asan help request by demerphq
• Re: Asan help request by Father Chrysostomos
• Re: Asan help request by Nicholas Clark
• Re: Asan help request by Tony Cook