Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Shadow memory range interleaves with an existing memory mapping. ASan cannot proceed correctly. ABORTING #100

Open
chifflier opened this issue Apr 4, 2017 · 2 comments
Open

Shadow memory range interleaves with an existing memory mapping. ASan cannot proceed correctly. ABORTING #100

chifflier opened this issue Apr 4, 2017 · 2 comments
Labels
upstream

Comments

@chifflier
Copy link

Hi,

cargo-fuzz is not working anymore here, but I cannot find the source of the problem. The error is triggered when starting the fuzzer:

$ cargo fuzz run fuzzer_script_1
...
     Running `fuzz/target/x86_64-unknown-linux-gnu/debug/fuzzer_script_1 -artifact_prefix=/home/pollux/CODE/RUST/der-parser/fuzz/artifacts/fuzzer_script_1/ /home/pollux/CODE/RUST/der-parser/fuzz/corpus/fuzzer_script_1`
==6747==Shadow memory range interleaves with an existing memory mapping. ASan cannot proceed correctly. ABORTING.
==6747==ASan shadow was supposed to be located in the [0x00007fff7000-0x10007fff7fff] range.
==6747==Process memory map follows:
	0x0005eba8d000-0x0005ebc94000	/home/pollux/CODE/RUST/der-parser/fuzz/target/x86_64-unknown-linux-gnu/debug/fuzzer_script_1
	0x0005ebe93000-0x0005ebe98000	/home/pollux/CODE/RUST/der-parser/fuzz/target/x86_64-unknown-linux-gnu/debug/fuzzer_script_1
	0x0005ebe98000-0x0005ebe9f000	/home/pollux/CODE/RUST/der-parser/fuzz/target/x86_64-unknown-linux-gnu/debug/fuzzer_script_1
	0x0005ebe9f000-0x0005edd2a000	
	0x0005edd2a000-0x0005f18ed000	
	0x0005f18ed000-0x0005f18ee000	[heap]
	0x03a358fd1000-0x03a359323000	
	0x03a359323000-0x03a359426000	/lib/x86_64-linux-gnu/libm-2.24.so
	0x03a359426000-0x03a359625000	/lib/x86_64-linux-gnu/libm-2.24.so
	0x03a359625000-0x03a359626000	/lib/x86_64-linux-gnu/libm-2.24.so
	0x03a359626000-0x03a359627000	/lib/x86_64-linux-gnu/libm-2.24.so
	0x03a359627000-0x03a3597bc000	/lib/x86_64-linux-gnu/libc-2.24.so
	0x03a3597bc000-0x03a3599bb000	/lib/x86_64-linux-gnu/libc-2.24.so
	0x03a3599bb000-0x03a3599bf000	/lib/x86_64-linux-gnu/libc-2.24.so
	0x03a3599bf000-0x03a3599c1000	/lib/x86_64-linux-gnu/libc-2.24.so
	0x03a3599c1000-0x03a3599c5000	
	0x03a3599c5000-0x03a3599db000	/lib/x86_64-linux-gnu/libgcc_s.so.1
	0x03a3599db000-0x03a359bda000	/lib/x86_64-linux-gnu/libgcc_s.so.1
	0x03a359bda000-0x03a359bdb000	/lib/x86_64-linux-gnu/libgcc_s.so.1
	0x03a359bdb000-0x03a359bdc000	/lib/x86_64-linux-gnu/libgcc_s.so.1
	0x03a359bdc000-0x03a359bf4000	/lib/x86_64-linux-gnu/libpthread-2.24.so
	0x03a359bf4000-0x03a359df3000	/lib/x86_64-linux-gnu/libpthread-2.24.so
	0x03a359df3000-0x03a359df4000	/lib/x86_64-linux-gnu/libpthread-2.24.so
	0x03a359df4000-0x03a359df5000	/lib/x86_64-linux-gnu/libpthread-2.24.so
	0x03a359df5000-0x03a359df9000	
	0x03a359df9000-0x03a359e00000	/lib/x86_64-linux-gnu/librt-2.24.so
	0x03a359e00000-0x03a359fff000	/lib/x86_64-linux-gnu/librt-2.24.so
	0x03a359fff000-0x03a35a000000	/lib/x86_64-linux-gnu/librt-2.24.so
	0x03a35a000000-0x03a35a001000	/lib/x86_64-linux-gnu/librt-2.24.so
	0x03a35a001000-0x03a35a003000	/lib/x86_64-linux-gnu/libdl-2.24.so
	0x03a35a003000-0x03a35a203000	/lib/x86_64-linux-gnu/libdl-2.24.so
	0x03a35a203000-0x03a35a204000	/lib/x86_64-linux-gnu/libdl-2.24.so
	0x03a35a204000-0x03a35a205000	/lib/x86_64-linux-gnu/libdl-2.24.so
	0x03a35a205000-0x03a35a377000	/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.22
	0x03a35a377000-0x03a35a577000	/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.22
	0x03a35a577000-0x03a35a581000	/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.22
	0x03a35a581000-0x03a35a583000	/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.22
	0x03a35a583000-0x03a35a587000	
	0x03a35a587000-0x03a35a5aa000	/lib/x86_64-linux-gnu/ld-2.24.so
	0x03a35a76c000-0x03a35a782000	
	0x03a35a790000-0x03a35a7a6000	
	0x03a35a7a6000-0x03a35a7a8000	[vvar]
	0x03a35a7a8000-0x03a35a7aa000	[vdso]
	0x03a35a7aa000-0x03a35a7ab000	/lib/x86_64-linux-gnu/ld-2.24.so
	0x03a35a7ab000-0x03a35a7ac000	/lib/x86_64-linux-gnu/ld-2.24.so
	0x03a35a7ac000-0x03a35a7ad000	
	0x03eca912c000-0x03eca914e000	[stack]
==6747==End of process memory map.

cargo-fuzz version 0.4.1
llvm & clang version 3.8.1 (Debian)
rustc 1.18.0-nightly
note: compiled kernel with grsecurity, I don't know if that is of any importance - cargo-fuzz 0.3.1 worked previously on the same kernel.

The same happens when creating a new crate (type lib) and adding a fuzzer.
@ghost
Copy link

ghost commented Jul 29, 2017

I have this error too.

[cooper@cooper-laptop speck-cbc]$ cargo +nightly fuzz run fuzz_target_1
       Fresh speck v1.1.0
       Fresh byteorder v1.1.0
       Fresh arbitrary v0.1.0
       Fresh gcc v0.3.51
       Fresh speck-cbc v0.1.0 (file:///home/cooper/Documents/programing/rust/speck-cbc)
       Fresh libfuzzer-sys v0.1.0 (https://github.com/rust-fuzz/libfuzzer-sys.git#67f73995)
       Fresh speck-cbc-fuzz v0.0.1 (file:///home/cooper/Documents/programing/rust/speck-cbc/fuzz)
    Finished dev [unoptimized + debuginfo] target(s) in 0.0 secs
       Fresh gcc v0.3.51
       Fresh speck v1.1.0
       Fresh byteorder v1.1.0
       Fresh arbitrary v0.1.0
       Fresh speck-cbc v0.1.0 (file:///home/cooper/Documents/programing/rust/speck-cbc)
       Fresh libfuzzer-sys v0.1.0 (https://github.com/rust-fuzz/libfuzzer-sys.git#67f73995)
       Fresh speck-cbc-fuzz v0.0.1 (file:///home/cooper/Documents/programing/rust/speck-cbc/fuzz)
    Finished dev [unoptimized + debuginfo] target(s) in 0.0 secs
     Running `fuzz/target/x86_64-unknown-linux-gnu/debug/fuzz_target_1 -artifact_prefix=/home/cooper/Documents/programing/rust/speck-cbc/fuzz/artifacts/fuzz_target_1/ /home/cooper/Documents/programing/rust/speck-cbc/fuzz/corpus/fuzz_target_1`
==29374==Shadow memory range interleaves with an existing memory mapping. ASan cannot proceed correctly. ABORTING.
==29374==ASan shadow was supposed to be located in the [0x00007fff7000-0x10007fff7fff] range.
==29374==Process memory map follows:
	0x0ed0bee8f000-0x0ed0bf05e000	/home/cooper/Documents/programing/rust/speck-cbc/fuzz/target/x86_64-unknown-linux-gnu/debug/fuzz_target_1
	0x0ed0bf25e000-0x0ed0bf264000	/home/cooper/Documents/programing/rust/speck-cbc/fuzz/target/x86_64-unknown-linux-gnu/debug/fuzz_target_1
	0x0ed0bf264000-0x0ed0bf26a000	/home/cooper/Documents/programing/rust/speck-cbc/fuzz/target/x86_64-unknown-linux-gnu/debug/fuzz_target_1
	0x0ed0bf26a000-0x0ed0c10e4000	
	0x697e5a554000-0x697e5a8a6000	
	0x697e5a8a6000-0x697e5a9b7000	/usr/lib/libm-2.25.so
	0x697e5a9b7000-0x697e5abb6000	/usr/lib/libm-2.25.so
	0x697e5abb6000-0x697e5abb7000	/usr/lib/libm-2.25.so
	0x697e5abb7000-0x697e5abb8000	/usr/lib/libm-2.25.so
	0x697e5abb8000-0x697e5ad55000	/usr/lib/libc-2.25.so
	0x697e5ad55000-0x697e5af54000	/usr/lib/libc-2.25.so
	0x697e5af54000-0x697e5af58000	/usr/lib/libc-2.25.so
	0x697e5af58000-0x697e5af5a000	/usr/lib/libc-2.25.so
	0x697e5af5a000-0x697e5af5e000	
	0x697e5af5e000-0x697e5af74000	/usr/lib/libgcc_s.so.1
	0x697e5af74000-0x697e5b173000	/usr/lib/libgcc_s.so.1
	0x697e5b173000-0x697e5b174000	/usr/lib/libgcc_s.so.1
	0x697e5b174000-0x697e5b175000	/usr/lib/libgcc_s.so.1
	0x697e5b175000-0x697e5b18e000	/usr/lib/libpthread-2.25.so
	0x697e5b18e000-0x697e5b38d000	/usr/lib/libpthread-2.25.so
	0x697e5b38d000-0x697e5b38e000	/usr/lib/libpthread-2.25.so
	0x697e5b38e000-0x697e5b38f000	/usr/lib/libpthread-2.25.so
	0x697e5b38f000-0x697e5b393000	
	0x697e5b393000-0x697e5b39a000	/usr/lib/librt-2.25.so
	0x697e5b39a000-0x697e5b599000	/usr/lib/librt-2.25.so
	0x697e5b599000-0x697e5b59a000	/usr/lib/librt-2.25.so
	0x697e5b59a000-0x697e5b59b000	/usr/lib/librt-2.25.so
	0x697e5b59b000-0x697e5b59e000	/usr/lib/libdl-2.25.so
	0x697e5b59e000-0x697e5b79d000	/usr/lib/libdl-2.25.so
	0x697e5b79d000-0x697e5b79e000	/usr/lib/libdl-2.25.so
	0x697e5b79e000-0x697e5b79f000	/usr/lib/libdl-2.25.so
	0x697e5b79f000-0x697e5b919000	/usr/lib/libstdc++.so.6.0.24
	0x697e5b919000-0x697e5bb18000	/usr/lib/libstdc++.so.6.0.24
	0x697e5bb18000-0x697e5bb22000	/usr/lib/libstdc++.so.6.0.24
	0x697e5bb22000-0x697e5bb24000	/usr/lib/libstdc++.so.6.0.24
	0x697e5bb24000-0x697e5bb27000	
	0x697e5bb27000-0x697e5bb4a000	/usr/lib/ld-2.25.so
	0x697e5bce9000-0x697e5bcef000	
	0x697e5bd1c000-0x697e5bd30000	
	0x697e5bd34000-0x697e5bd45000	
	0x697e5bd45000-0x697e5bd48000	[vvar]
	0x697e5bd48000-0x697e5bd4a000	[vdso]
	0x697e5bd4a000-0x697e5bd4b000	/usr/lib/ld-2.25.so
	0x697e5bd4b000-0x697e5bd4c000	/usr/lib/ld-2.25.so
	0x697e5bd4c000-0x697e5bd4d000	
	0x71c64bf06000-0x71c64bf28000	[stack]
==29374==End of process memory map.

@bennofs
Copy link

bennofs commented Jul 30, 2017
edited
Loading

This is google/sanitizers#837. rustc always creates PIE executables by default (you can disable this with -C relocation-model=dynamic-no-pic)

bennofs added a commit to bennofs/cargo-fuzz that referenced this issue Jul 30, 2017
@bennofs
workaround for issue rust-fuzz#100
154dcce 
Using link-args, we force the load address for the executable to be higher than
the shadow memory area required by address sanitizer.
feroldi pushed a commit to feroldi/cci that referenced this issue Aug 2, 2017
Disable sanitizers because of Linux kernel issue
aa3b599 
Context: rust-fuzz/cargo-fuzz#100
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
upstream
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@whitequark @chifflier @bennofs