Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AddressSanitizer CHECK failed on linux kernel that is patched with PaX #228

ramosian-glider opened this issue Aug 31, 2015 · 8 comments


Copy link

Originally reported on Google Code with ID 228

When the linux kernel is patched with PaX ( and
the option UDEREF enable the use-after-free test fail with
laptop1 / # ./use-after-free
==13568==AddressSanitizer CHECK failed: /var/tmp/portage/sys-devel/llvm-3.3-r1/work/llvm-3.3.src/projects/compiler-rt/lib/sanitizer_common/sanitizer_allocator.h:310
"((kSpaceBeg)) == (( reinterpret_cast<uptr>(Mprotect(kSpaceBeg, kSpaceSize))))" (0x600000000000,
    #0 0x425b9f (/use-after-free+0x425b9f)
    #1 0x427371 (/use-after-free+0x427371)
    #2 0x414652 (/use-after-free+0x414652)
    #3 0x4112d5 (/use-after-free+0x4112d5)
    #4 0x4259a4 (/use-after-free+0x4259a4)
    #5 0x2f3cdc5ed45 (/lib64/
    #6 0x2f3cdc516c9 (/lib64/
laptop1 / #
PaX enable kernel have diffrent userland address space size then the usual 47 bit linux/amd64
userland address space size.
The test is done on a Gentoo Hardened system with Grsecurity and Pax enable kernel
with llvm 3.3 or gcc 4.8.1. Downstream bug

Reported by on 2013-09-30 20:19:54

Copy link
Member Author


Is it critical for you to run tests with PaX enabled? Can you run the tests on a normal

Reported by on 2013-10-01 02:21:44

Copy link
Member Author

You may try to change the shadow offset using 
  "-mllvm -asan-mapping-offset-log=N"
See more compile-time flags in lib/Transforms/Instrumentation/AddressSanitizer.cpp
But these options are by no means supported -- use them on your own risk.

Reported by konstantin.s.serebryany on 2013-10-01 07:40:55

Copy link
Member Author

This is not actionable on our side.
Please reopen if you have suggestions.

Reported by konstantin.s.serebryany on 2013-10-03 12:21:28

  • Status changed: WontFix

Copy link
Member Author

From :

>> And on the ASAN (Address Sanitizer) debacle; well… still the same.
>> Doesn’t work with PaX. I think there is a standstill on this.

Sure, this will not get fixed by itself. 
Patches to support PaX are welcome,
*especially* if they are accompanied by a public LLVM build bot.

Reported by konstantin.s.serebryany on 2013-12-26 11:58:31

Copy link
Member Author

Note that issue 246 deals with very similar problems

Reported by konstantin.s.serebryany on 2013-12-26 12:42:34

Copy link
Member Author

If anyone is still interested in using AddressSanitizer (or other Clang sanitizers)
under PaX kernels, I've implemented the necessary patches - details are here:

Reported by ndlmaker on 2015-01-25 20:41:39

Copy link
Member Author

Thanks for the details and work to get it working.
As you pointing out it should not be runing in production.

Reported by on 2015-01-25 21:46:00

Copy link
Member Author

Adding Project:AddressSanitizer as part of GitHub migration.

Reported by ramosian.glider on 2015-07-30 09:13:42

  • Labels added: ProjectAddressSanitizer

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet

No branches or pull requests

1 participant