Bug 93627 - ASan error heap-use-after-free in benchmark_run
Summary: ASan error heap-use-after-free in benchmark_run
Alias: None
Product: Beignet
Classification: Unclassified
Component: Beignet (show other bugs)
Version: unspecified
Hardware: x86-64 (AMD64) Linux (All)
: medium normal
Assignee: Xiuli Pan
QA Contact:
Depends on:
Reported: 2016-01-07 12:43 UTC by Frank Dittrich
Modified: 2018-10-12 21:26 UTC (History)
0 users

See Also:
i915 platform:
i915 features:


Description Frank Dittrich 2016-01-07 12:43:41 UTC
This is with latest beignet (commit fc410ee2d6138bac821fe20a0d35c3b283244071) and the patch mentioned in https://bugs.freedesktop.org/show_bug.cgi?id=93625.

I built beignet with adddress sanitizer support (-fsanitize=address) and then in the benchmark/ directory ran

$ ./benchmark_run

This results in the following ASan error:

==12824==ERROR: AddressSanitizer: heap-use-after-free on address 0x611000229888 at pc 0x7fb37c854bb2 bp 0x7fffdd333830 sp 0x7fffdd333820
READ of size 8 at 0x611000229888 thread T0
    #0 0x7fb37c854bb1 in clReleaseMemObject /home/fd/git/beignet/src/cl_api.c:668
    #1 0x7fb37cb177d8 in cl_buffer_destroy() /home/fd/git/beignet/utests/utest_helper.cpp:578
    #2 0x7fb37cb1138e in UTest::runAllBenchMark() /home/fd/git/beignet/utests/utest.cpp:243
    #3 0x401c99 in main /home/fd/git/beignet/benchmark/benchmark_run.cpp:101
    #4 0x7fb37a7a66ff in __libc_start_main (/lib64/libc.so.6+0x206ff)
    #5 0x402008 in _start (/home/fd/git/beignet/build/benchmark/benchmark_run+0x402008)

0x611000229888 is located 8 bytes inside of 224-byte region [0x611000229880,0x611000229960)
freed by thread T0 here:
    #0 0x7fb37cddc66a in __interceptor_free (/lib64/libasan.so.2+0x9866a)
    #1 0x7fb37c86544b in cl_kernel_delete /home/fd/git/beignet/src/cl_kernel.c:66

previously allocated by thread T0 here:
    #0 0x7fb37cddcb09 in __interceptor_calloc (/lib64/libasan.so.2+0x98b09)
    #1 0x7fb37c865245 in cl_calloc /home/fd/git/beignet/src/cl_alloc.c:54
    #2 0x7fb37c8b6b90  (/home/fd/git/beignet/build/src/libcl.so+0x87b90)

SUMMARY: AddressSanitizer: heap-use-after-free /home/fd/git/beignet/src/cl_api.c:668 clReleaseMemObject
Shadow bytes around the buggy address:
  0x0c228003d2c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c228003d2d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c228003d2e0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x0c228003d2f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c228003d300: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa
=>0x0c228003d310: fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c228003d320: fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa
  0x0c228003d330: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
  0x0c228003d340: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c228003d350: fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa
  0x0c228003d360: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
Comment 1 rongyang 2016-04-29 02:41:46 UTC
Hi, Xiuli,
    Please help to check it.
Comment 2 Xiuli Pan 2016-05-05 05:44:46 UTC
Hi Frank,

I am trying to fix those memory related problem, but I found there are always some bugs in link when I add -fsanitize=address in beignet.
Could you share about how you build beignet with -fsanitize=address?

Comment 3 GitLab Migration User 2018-10-12 21:26:30 UTC
-- GitLab Migration Automatic Message --

This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/beignet/beignet/issues/62.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.