Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Null pointer dereference in beam_jit_bs_construct_fail_info #7282

Closed
RobinMorisset opened this issue May 24, 2023 · 3 comments · Fixed by #7289
Closed

Null pointer dereference in beam_jit_bs_construct_fail_info #7282

RobinMorisset opened this issue May 24, 2023 · 3 comments · Fixed by #7289
Assignees
@bjorng
Labels
bug Issue is reported as a bug team:VM Assigned to OTP team VM

Comments

@RobinMorisset
Copy link
Contributor

Describe the bug
Running the following code:

f(_V0) ->
    <<
        (atom_to_binary(ok)):(case _V0 of
            _V3 when
                is_number(_V3);
                is_boolean((is_integer(_V3) andalso 18446744073709551615) bxor 0) orelse
                    (ok /= {})
            ->
                0;
            _ ->
                ok
        end)/binary
    >>.

start() ->
    f(ok).

with the following commands:

erlc -W0 ~/minimized/segv.erl
cerl -asan -pa . -noshell -s segv start -s init stop

results in the following error message:

AddressSanitizer:DEADLYSIGNAL
=================================================================
==852348==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000000526cdd bp 0x7f94637fa930 sp 0x7f94637fa8e0 T7)
==852348==The signal is caused by a READ memory access.
==852348==Hint: address points to the zero page.
    #0 0x526cdc in beam_jit_bs_construct_fail_info(process*, unsigned long, unsigned long, unsigned long) beam/jit/beam_jit_common.cpp:1061
    #1 0x7f944f80029e  (/memfd:vmem (deleted)+0x29e)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV beam/jit/beam_jit_common.cpp:1061 in beam_jit_bs_construct_fail_info(process*, unsigned long, unsigned long, unsigned long)
Thread T7 (erts_sched_4) created by T0 here:
    #0 0x7f9466052eb3 in __interceptor_pthread_create (/lib64/libasan.so.5+0x52eb3)
    #1 0x11d025c in ethr_thr_create pthread/ethread.c:401
    #2 0x48998a in erts_start_schedulers beam/erl_process.c:8816
    #3 0xbe0cee in erl_start beam/erl_init.c:2563
    #4 0x46023a in main sys/unix/erl_main.c:33
    #5 0x7f9463c3ad84 in __libc_start_main (/lib64/libc.so.6+0x3ad84)

==852348==ABORTING

Affected versions
master

Additional context
There is no symptom without asan.
@RobinMorisset RobinMorisset added the bug Issue is reported as a bug label May 24, 2023
@bjorng bjorng added the team:VM Assigned to OTP team VM label May 24, 2023
@bjorng bjorng self-assigned this May 24, 2023
@frej
Copy link
Contributor

frej commented May 24, 2023

It doesn't crash if compiled with +no_ssa_opt_private_append so I'd say this is my fault.

@frej
Copy link
Contributor

frej commented May 24, 2023
edited

It doesn't crash if compiled with +no_ssa_opt_private_append so I'd say this is my fault.

I take that back, no private_append is involved (nor append for that matter), sorry for the noise, I'm just so used to anything involving binaries being my fault :)

@bjorng bjorng mentioned this issue May 24, 2023
Merged
@bjorng bjorng linked a pull request May 24, 2023 that will close this issue
x86 JIT: Fix error info for failed binary construction #7289
Merged
@bjorng
Copy link
Contributor

bjorng commented May 24, 2023

Without asan, there was one symptom -- the error information was wrong in the stacktrace was incorrect.

bjorng added a commit that referenced this issue May 25, 2023
@bjorng
Merge pull request #7289 from bjorng/bjorn/erts/fix-bad-reason/GH-7282/…
5270005 
…OTP-18602

x86 JIT: Fix error info for failed binary construction
@bjorng bjorng closed this as completed in 20eb31b May 25, 2023
rickard-green pushed a commit that referenced this issue Jun 8, 2023
Merge branch 'bjorn/erts/fix-bad-reason/GH-7282/OTP-18602' into maint-26
a55717c 
* bjorn/erts/fix-bad-reason/GH-7282/OTP-18602:
  x86 JIT: Fix error info for failed binary construction
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bjorng bjorng

Labels
bug Issue is reported as a bug team:VM Assigned to OTP team VM
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

x86 JIT: Fix error info for failed binary construction bjorng/otp
3 participants
@bjorng @frej @RobinMorisset