Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

--list=opencl-devices: SegFault with ASan #1231

Closed
loverszhaokai opened this issue Apr 27, 2015 · 4 comments
Closed

--list=opencl-devices: SegFault with ASan #1231

loverszhaokai opened this issue Apr 27, 2015 · 4 comments
Assignees
@loverszhaokai
Labels
notes/external issues

Comments

@loverszhaokai
Copy link
Contributor

#1. Prepare

$ export ASAN_OPTIONS='abort_on_error=1'
$ CC=clang AFL_USE_ASAN=1 AFL_HARDEN=1 ./configure --enable-asan --enable-memdbg && make -sj8
#2. Reproduce

$ ./john --list=opencl-devices
Segmentation fault
#3. Gdb

$ gdb ./john
$ set args --list=opencl-devices
$ r
Starting program: /home/kai/workspace/john_jumbo/JohnTheRipper_fuzz_options/run/john --list=opencl-devices
[Thread debugging using libthread_db enabled]

Program received signal SIGSEGV, Segmentation fault.
__interceptor_free (ptr=0x6060000e9ae0) at /home/kai/workspace/llvm-3.6.0.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:29
29 INTERCEPTOR(void, free, void *ptr) {
Missing separate debuginfos, use: debuginfo-install glibc-2.12-1.132.el6.x86_64 gmp-4.3.1-7.el6_2.2.x86_64 keyutils-libs-1.4-4.el6.x86_64 krb5-libs-1.10.3-10.el6_4.3.x86_64 libX11-1.5.0-4.el6.x86_64 libXau-1.0.6-4.el6.x86_64 libXdamage-1.1.3-4.el6.x86_64 libXext-1.3.1-2.el6.x86_64 libXfixes-5.0-3.el6.x86_64 libXinerama-1.1.2-2.el6.x86_64 libXxf86vm-1.1.2-2.el6.x86_64 libcom_err-1.41.12-14.el6.x86_64 libdrm-2.4.39-1.el6.x86_64 libgcc-4.4.7-3.el6.x86_64 libselinux-2.0.94-5.3.el6.x86_64 libstdc++-4.4.7-3.el6.x86_64 libxcb-1.8.1-1.el6.x86_64 mesa-dri-drivers-9.0-0.8.el6_4.3.x86_64 mesa-libGL-9.0-0.8.el6_4.3.x86_64 nss-softokn-freebl-3.14.3-3.el6_4.x86_64 numactl-2.0.7-6.el6.x86_64 opencl-1.2-intel-cpu-3.1.1.11385-1.x86_64 openssl-1.0.1e-16.el6_5.4.x86_64 zlib-1.2.3-29.el6.x86_64

$ bt
#0 __interceptor_free (ptr=0x6060000e9ae0) at /home/kai/workspace/llvm-3.6.0.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:29
#1 0x00007fffeac44637 in ?? () from /usr/lib64/libnvidia-opencl.so.1
#2 0x00007fffeac66070 in ?? () from /usr/lib64/libnvidia-opencl.so.1
#3 0x00007fffeac394e2 in ?? () from /usr/lib64/libnvidia-opencl.so.1
#4 0x00007fffeace4388 in ?? () from /usr/lib64/libnvidia-opencl.so.1
#5 0x00007fffeace4026 in ?? () from /usr/lib64/libnvidia-opencl.so.1
#6 0x00007ffff70e6172 in khrIcdVendorAdd () from /usr/lib64/libOpenCL.so.1
#7 0x00007ffff70e8106 in khrIcdOsVendorsEnumerate () from /usr/lib64/libOpenCL.so.1
#8 0x00007ffff70e77e0 in clGetPlatformIDs () from /usr/lib64/libOpenCL.so.1
#9 0x00000000009673ce in start_opencl_environment ()
#10 0x000000000095a14b in opencl_preinit ()
#11 0x00000000009250b1 in listconf_parse_early ()
#12 0x00000000008c795f in john_init ()
#13 0x00000000008c6a58 in main ()
@frank-dittrich
Copy link
Collaborator

What is the output of ./john --list=build-info?

Does the segfault also occur if you use make -sj8 debug instead of make -sj8?
If so, gdb should point to the exact statement which caused the segfault.

Does the segfault disappear if you don't use --enable-memdbg or --enable-asan?

@magnumripper
Copy link
Member

I have seen enough ASan problems with CUDA and OpenCL to consider that combination useless right now. That is, the problems are with ASan, not JtR. Unless you can somehow show that this is not such a problem I will ignore it.

@magnumripper
Copy link
Member

Does the segfault also occur if you use make -sj8 debug instead of make -sj8?
If so, gdb should point to the exact statement which caused the segfault.

He used --enable-asan with configure so we're down to -O1 (or -Og if supported) already.

@magnumripper magnumripper changed the title --list=opencl-devices: SegFault --list=opencl-devices: SegFault with ASan Apr 27, 2015
@loverszhaokai
Copy link
Contributor Author

@frank-dittrich

What is the output of ./john --list=build-info?

$ ./john --list=build-info
Version: 1.8.0.4-jumbo-1-bleeding_memdbg_asan
Build: linux-gnu 64-bit AVX-autoconf
Arch: 64-bit LE
$JOHN is ./
Format interface version: 13
Max. number of reported tunable costs: 3
Rec file version: REC4
Charset file version: CHR3
CHARSET_MIN: 1 (0x01)
CHARSET_MAX: 255 (0xff)
CHARSET_LENGTH: 24
Max. Markov mode level: 400
Max. Markov mode password length: 30
File locking: fcntl()
Compiler version: 4.2.1 Compatible Clang 3.6.0 (tags/RELEASE_360/final)
gcc version: 4.2.1
clang version: 3.6.0 (tags/RELEASE_360/final)
CUDA library version: 5.5
OpenCL library version: 1.1
OpenSSL library version: 01000105f
OpenSSL 1.0.1e-fips 11 Feb 2013
GMP library version: 4.3.1
fseek(): fseek
ftell(): ftell
fopen(): fopen
memmem(): System's

Built with these debugging options
memdbg=on
ASan (Address Sanitizer debugging)

Does the segfault also occur if you use make -sj8 debug instead of make -sj8?

Yes

If so, gdb should point to the exact statement which caused the segfault.

The gdb output is the same with make -sj8

Does the segfault disappear if you don't use --enable-memdbg or --enable-asan?

--enable-asan --enable-memdbg --enable-asan --enable-memdbg none
SegFault SegFault OK OK

@loverszhaokai loverszhaokai mentioned this issue Apr 28, 2015
Closed
@magnumripper magnumripper mentioned this issue Apr 28, 2015
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@loverszhaokai loverszhaokai

Labels
notes/external issues
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@magnumripper @frank-dittrich @loverszhaokai