intermittent clang sanitizer failure during 'make check-tcg': null pointer deref in IntervalTreeNode

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

* intermittent clang sanitizer failure during 'make check-tcg': null pointer deref in IntervalTreeNode
@ 2023-07-04 16:20 Peter Maydell
  2023-07-05  5:14 ` Richard Henderson
  0 siblings, 1 reply; 2+ messages in thread
From: Peter Maydell @ 2023-07-04 16:20 UTC (permalink / raw)
  To: QEMU Developers, Richard Henderson

If you build QEMU with the clang UB sanitizer and do a
'make check-tcg' run, it can fail like this:

  TEST    vma-pthread-with-libinsn.so on aarch64
../../util/interval-tree.c:751:32: runtime error: member access within
null pointer of type 'IntervalTreeNode' (aka 'struct
IntervalTreeNode')
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
../../util/interval-tree.c:751:32 in

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
../../util/interval-tree.c:751:32 in
make[1]: *** [Makefile:181: run-plugin-vma-pthread-with-libinsn.so] Error 124
make: *** [/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/tests/Makefile.include:56:
run-tcg-tests-aarch64-linux-user] Error 2

I only saw this once; when I re-ran the test passed...

thanks
-- PMM


^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: intermittent clang sanitizer failure during 'make check-tcg': null pointer deref in IntervalTreeNode
  2023-07-04 16:20 intermittent clang sanitizer failure during 'make check-tcg': null pointer deref in IntervalTreeNode Peter Maydell
@ 2023-07-05  5:14 ` Richard Henderson
  0 siblings, 0 replies; 2+ messages in thread
From: Richard Henderson @ 2023-07-05  5:14 UTC (permalink / raw)
  To: Peter Maydell, QEMU Developers

On 7/4/23 18:20, Peter Maydell wrote:
> If you build QEMU with the clang UB sanitizer and do a
> 'make check-tcg' run, it can fail like this:
> 
>    TEST    vma-pthread-with-libinsn.so on aarch64
> ../../util/interval-tree.c:751:32: runtime error: member access within
> null pointer of type 'IntervalTreeNode' (aka 'struct
> IntervalTreeNode')
> SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
> ../../util/interval-tree.c:751:32 in
> 
> SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
> ../../util/interval-tree.c:751:32 in
> make[1]: *** [Makefile:181: run-plugin-vma-pthread-with-libinsn.so] Error 124
> make: *** [/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/tests/Makefile.include:56:
> run-tcg-tests-aarch64-linux-user] Error 2
> 
> I only saw this once; when I re-ran the test passed...

Hmm.

The 751:32 reference is "left->subtree_last".

Three lines above we checked

         if (node->rb.rb_left) {

but then read it again within the IF

             IntervalTreeNode *left = rb_to_itree(node->rb.rb_left);

I suspect a normal optimizing compiler combines these two reads, but UBSAN does not and 
thus the check and the use race.

On the to-do list...


r~


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2023-07-05  5:15 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-07-04 16:20 intermittent clang sanitizer failure during 'make check-tcg': null pointer deref in IntervalTreeNode Peter Maydell
2023-07-05  5:14 ` Richard Henderson

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).