Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HWasan with external clang runtime (undefined symbol: __hwasan_tls) #129489

Open
n-bes opened this issue Aug 23, 2024 · 4 comments
Open

HWasan with external clang runtime (undefined symbol: __hwasan_tls) #129489

n-bes opened this issue Aug 23, 2024 · 4 comments
Labels
A-sanitizers Area: Sanitizers for correctness and code quality C-bug Category: This is a bug. O-AArch64 Armv8-A or later processors in AArch64 mode PG-exploit-mitigations Project group: Exploit mitigations

Comments

@n-bes
Copy link

n-bes commented Aug 23, 2024
edited
Loading

Hi. I want to build with HWAsan and join c / rust / python code. I prepared example based on a public project https://github.com/pyca/cryptography

Steps to repro

  • Clone cryptography
  • Create config.toml
  • Create Dockerfile
  • Create hello.py
  • Build it
  • Run hello.py

Setup cryptography

git clone --recursive --branch=43.0.0 --depth=1 --single-branch [email protected]:pyca/cryptography.git
cd cryptography

config.toml

Create config.toml with content:

[build]
target="aarch64-unknown-linux-gnu"

rustflags = [
	"-g",
	"-Z", "sanitizer=hwaddress",
	"-Z", "external-clangrt",
	"-L", "/usr/lib/llvm-20/lib/clang/20/lib/linux/",
	"-l", "clang_rt.hwasan-aarch64",
	"-C", "link-arg=-fuse-ld=/usr/bin/ld.lld-20",
	"-C", "linker=/usr/bin/clang-20",
	"-C", "lto=no"
]

Dockerfile

Create Dockerfile with content:

FROM ubuntu:24.04 AS env
ENV DEBIAN_FRONTEND="noninteractive"
RUN apt-get update -y && \
    apt-get install -y \
        autoconf \
        cmake \
        curl \
        gnupg \
        libffi-dev \
        libssl-dev \
        lsb-release \
        ninja-build \
        patchelf \
        pkg-config \
        python3-dbg \
        python3-dev \
        python3-pip \
        python3-venv \
        software-properties-common \
        wget
RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- --default-toolchain nightly -y
ENV PATH=/root/.cargo/bin:$PATH
RUN wget https://apt.llvm.org/llvm.sh && \
    chmod +x llvm.sh && \
    ./llvm.sh 20 && \
    ln -s /usr/bin/lld-20 /usr/local/bin/lld && \
    ln -s /usr/bin/clang-20 /usr/local/bin/clang && \
    ln -s /usr/bin/clang++-20 /usr/local/bin/clang++ && \
    ln -s /usr/bin/clang-20 /usr/local/bin/cc && \
    ln -s /usr/bin/clang++-20 /usr/local/bin/c++ && \
    rm /usr/bin/ld && \
    ln -s /usr/lib/llvm-20/bin/ld.lld /usr/bin/ld
RUN python3 -m venv /venv
RUN echo "/usr/lib/llvm-20/lib/clang/20/lib/linux" > /etc/ld.so.conf.d/clang.conf && ldconfig
ENV CC=/usr/bin/clang-20
ENV CXX=/usr/bin/clang++-20
ENV CFLAGS="-g -fsanitize=hwaddress -shared-libsan -mllvm -hwasan-globals=0 -std=c23"
ENV CCFLAGS="-g -fsanitize=hwaddress -shared-libsan -mllvm -hwasan-globals=0 -std=c23"
ENV CXXFLAGS="-g -fsanitize=hwaddress -shared-libsan -mllvm -hwasan-globals=0 -std=c++23"
# ENV CPPFLAGS="-g -fsanitize=hwaddress -shared-libsan -mllvm -hwasan-globals=0" | ?
ENV LDFLAGS="-fsanitize=hwaddress -shared-libsan"
ENV LDSHARED="/usr/bin/clang-20 -shared"
ENV RUSTFLAGS="-g -Zsanitizer=hwaddress -C linker=/usr/bin/clang-20 -C link-arg=-fuse-ld=/usr/bin/ld.lld-20 -C lto=no -Zexternal-clangrt -C target-feature=+tagged-globals"
ENV CARGO_BUILD_TARGET="aarch64-unknown-linux-gnu"
COPY config.toml /.cargo/

FROM env AS run
WORKDIR /src
COPY . .

Create hello.py (from examples) with content:

from cryptography.fernet import Fernet
key = Fernet.generate_key()
f = Fernet(key)

message = b"A really secret message. Not for prying eyes."
private_data = f.encrypt(message)
public_data = f.decrypt(token)

print(f"Message: {message}")
print(f"Private data: {private_data}")
print(f"Public data: {public_data}")

Build

$ docker build . -q
$ docker run --rm -it <image>

$ source /venv/bin/activate
$ cargo build
$ pip3 install setuptools
Collecting setuptools
  Downloading setuptools-73.0.1-py3-none-any.whl.metadata (6.6 kB)
Downloading setuptools-73.0.1-py3-none-any.whl (2.3 MB)
   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 2.3/2.3 MB 1.6 MB/s eta 0:00:00
Installing collected packages: setuptools
Successfully installed setuptools-73.0.1

$ pip3 install --no-binary ":all:" cffi --no-clean -vv
---------------- CUT ----------------
  ld: error: undefined symbol: __hwasan_init
  >>> referenced by _configtest.c
  >>>               _configtest.o:(hwasan.module_ctor)
  clang-20: error: linker command failed with exit code 1 (use -v to see invocation)

  Note: will not use '__sync_synchronize()' in the C code
  ***** The above error message can be safely ignored.
---------------- CUT ----------------
  ld: error: undefined symbol: __hwasan_init
  >>> referenced by _configtest.c
  >>>               _configtest.o:(hwasan.module_ctor)
  clang-20: error: linker command failed with exit code 1 (use -v to see invocation)
  Note: will not use '__sync_synchronize()' in the C code
  ***** The above error message can be safely ignored.
---------------- CUT ----------------
  ld: error: undefined symbol: __hwasan_init
  >>> referenced by _configtest.c
  >>>               _configtest.o:(hwasan.module_ctor)
  clang-20: error: linker command failed with exit code 1 (use -v to see invocation)
  Note: will not use '__sync_synchronize()' in the C code
  ***** The above error message can be safely ignored.
---------------- CUT ----------------
  building '_cffi_backend' extension
  creating build/temp.linux-aarch64-cpython-312
  creating build/temp.linux-aarch64-cpython-312/src
  creating build/temp.linux-aarch64-cpython-312/src/c
  /usr/bin/clang-20 -fno-strict-overflow -Wsign-compare -DNDEBUG -g -O2 -Wall -g -fsanitize=hwaddress -shared-libsan -mllvm -hwasan-globals=0 -std=c23 -fPIC -DFFI_BUILDING=1 -DUSE__THREAD -I/venv/include -I/usr/include/python3.12 -c src/c/_cffi_backend.c -o build/temp.linux-aarch64-cpython-312/src/c/_cffi_backend.o
  src/c/_cffi_backend.c:4579:22: warning: 'Py_FileSystemDefaultEncoding' is deprecated [-Wdeprecated-declarations]
   4579 |                      Py_FileSystemDefaultEncoding, &filename_or_null, &flags))
        |                      ^
  /usr/include/python3.12/fileobject.h:22:1: note: 'Py_FileSystemDefaultEncoding' has been explicitly marked deprecated here
     22 | Py_DEPRECATED(3.12) PyAPI_DATA(const char *) Py_FileSystemDefaultEncoding;
        | ^
  /usr/include/python3.12/pyport.h:317:54: note: expanded from macro 'Py_DEPRECATED'
    317 | #define Py_DEPRECATED(VERSION_UNUSED) __attribute__((__deprecated__))
        |                                                      ^
  In file included from src/c/_cffi_backend.c:8027:
  In file included from src/c/cffi1_module.c:20:
  src/c/call_python.c:211:5: warning: "no definition for read_barrier(), missing synchronization for multi-thread initialization in embedded mode" [-W#warnings]
    211 | #   warning "no definition for read_barrier(), missing synchronization for\
        |     ^
  2 warnings generated.
  /usr/bin/clang-20 -shared -fsanitize=hwaddress -shared-libsan -g -fsanitize=hwaddress -shared-libsan -mllvm -hwasan-globals=0 -std=c23 build/temp.linux-aarch64-cpython-312/src/c/_cffi_backend.o -L/usr/lib/aarch64-linux-gnu -lffi -o build/lib.linux-aarch64-cpython-312/_cffi_backend.cpython-312-aarch64-linux-gnu.so
  clang-20: warning: argument unused during compilation: '-mllvm -hwasan-globals=0' [-Wunused-command-line-argument]
---------------- CUT ----------------
  Created wheel for pycparser: filename=pycparser-2.22-py3-none-any.whl size=117552 sha256=d57055b6dddc795bb4eca6fc3754bb5ed521035680dd552d86560baed33ef091
  Stored in directory: /root/.cache/pip/wheels/36/53/17/c0ae2e096d359a9a8faf47fd7ded8f4c878af41a3c66cb5199
Successfully built cffi pycparser
Installing collected packages: pycparser, cffi
---------------- CUT ----------------
Successfully installed cffi-1.17.0 pycparser-2.22
Removed build tracker: '/tmp/pip-build-tracker-62wvhedt'

Run with pip isolation (by default):

$ pip3 install -e . --no-binary ":all:" --no-clean -vv
Using pip 24.0 from /venv/lib/python3.12/site-packages/pip (python 3.12)
---------------- CUT ----------------
= note: ld.lld-20: error: undefined symbol: __hwasan_tls
      >>> referenced by mod.rs:536 (/rustc/eff09483c67e6fc96c8098ba46dce476162754c5/library/core/src/ptr/mod.rs:536)
      >>>               /tmp/pip-install-85vkgny3/maturin_6b5877bea7064e2bbabad687f355ccbb/target/aarch64-unknown-linux-gnu/release/deps/maturin-38e63050942023b0.maturin.5af50ad9ae4ddb95-cgu.01.rcgu.o:(core::ptr::drop_in_place$LT$$LP$core..any..TypeId$C$alloc..boxed..Box$LT$dyn$u20$core..any..Any$u2b$core..marker..Sync$u2b$core..marker..Send$GT$$RP$$GT$::h0a3864e356d1b87e)
      >>> referenced by function.rs:250 (/rustc/eff09483c67e6fc96c8098ba46dce476162754c5/library/core/src/ops/function.rs:250)
      >>>               /tmp/pip-install-85vkgny3/maturin_6b5877bea7064e2bbabad687f355ccbb/target/aarch64-unknown-linux-gnu/release/deps/maturin-38e63050942023b0.maturin.5af50ad9ae4ddb95-cgu.00.rcgu.o:(core::ops::function::FnOnce::call_once$u7b$$u7b$vtable.shim$u7d$$u7d$::haffe049bd93073b5)
      >>> referenced by mod.rs:536 (/rustc/eff09483c67e6fc96c8098ba46dce476162754c5/library/core/src/ptr/mod.rs:536)
      >>>               /tmp/pip-install-85vkgny3/maturin_6b5877bea7064e2bbabad687f355ccbb/target/aarch64-unknown-linux-gnu/release/deps/maturin-38e63050942023b0.maturin.5af50ad9ae4ddb95-cgu.01.rcgu.o:(core::ptr::drop_in_place$LT$$LP$core..any..TypeId$C$alloc..boxed..Box$LT$dyn$u20$core..any..Any$u2b$core..marker..Sync$u2b$core..marker..Send$GT$$RP$$GT$::h0a3864e356d1b87e)
      >>> referenced 39817 more times

      ld.lld-20: error: undefined symbol: __hwasan_loadN
      >>> referenced by function.rs:250 (/rustc/eff09483c67e6fc96c8098ba46dce476162754c5/library/core/src/ops/function.rs:250)
      >>>               /tmp/pip-install-85vkgny3/maturin_6b5877bea7064e2bbabad687f355ccbb/target/aarch64-unknown-linux-gnu/release/deps/maturin-38e63050942023b0.maturin.5af50ad9ae4ddb95-cgu.00.rcgu.o:(core::ops::function::FnOnce::call_once$u7b$$u7b$vtable.shim$u7d$$u7d$::haffe049bd93073b5)
      >>> referenced by intrinsics.rs:3325 (/rustc/eff09483c67e6fc96c8098ba46dce476162754c5/library/core/src/intrinsics.rs:3325)
      >>>               /tmp/pip-install-85vkgny3/maturin_6b5877bea7064e2bbabad687f355ccbb/target/aarch64-unknown-linux-gnu/release/deps/maturin-38e63050942023b0.maturin.5af50ad9ae4ddb95-cgu.01.rcgu.o:(_$LT$hashbrown..raw..RawTable$LT$T$C$A$GT$$u20$as$u20$core..ops..drop..Drop$GT$::drop::h059dda3c88ea07a7)
      >>> referenced by intrinsics.rs:3325 (/rustc/eff09483c67e6fc96c8098ba46dce476162754c5/library/core/src/intrinsics.rs:3325)
      >>>               /tmp/pip-install-85vkgny3/maturin_6b5877bea7064e2bbabad687f355ccbb/target/aarch64-unknown-linux-gnu/release/deps/maturin-38e63050942023b0.maturin.5af50ad9ae4ddb95-cgu.01.rcgu.o:(_$LT$hashbrown..raw..RawTable$LT$T$C$A$GT$$u20$as$u20$core..ops..drop..Drop$GT$::drop::h059dda3c88ea07a7)
      >>> referenced 3842 more times
---------------- CUT ----------------
error: `cargo build --manifest-path Cargo.toml --message-format=json-render-diagnostics --target aarch64-unknown-linux-gnu --release -v --no-default-features --locked` failed with code 101

We can see that ENVs and /.cargo/config.toml are ignored and a lot of HWasan errors showed. I dont know how to fix it correctly (it is problem one; possibly, question to python community).

Run without pip isolation (but it is unreal to do in real world application):

$ pip3 install -e . --no-binary ":all:" --no-clean -vv --no-build-isolation
---------------- CUT ----------------
Successfully installed cryptography-43.0.0
Removed build tracker: '/tmp/pip-build-tracker-bvpypdpj'

Run hello.py

$ python3 hello.py

Traceback (most recent call last):
  File "/src/hello.py", line 1, in <module>
    from cryptography.fernet import Fernet
  File "/src/src/cryptography/fernet.py", line 14, in <module>
    from cryptography.exceptions import InvalidSignature
  File "/src/src/cryptography/exceptions.py", line 9, in <module>
    from cryptography.hazmat.bindings._rust import exceptions as rust_exceptions
ImportError: /src/src/cryptography/hazmat/bindings/_rust.abi3.so: undefined symbol: __hwasan_tls

We can see that ENVs and /.cargo/config.toml are not ignored, but __hwasan_tls (it is problem #2).

Additional information

$ rustc --version --verbose

rustc 1.82.0-nightly (eff09483c 2024-08-22)
binary: rustc
commit-hash: eff09483c67e6fc96c8098ba46dce476162754c5
commit-date: 2024-08-22
host: aarch64-unknown-linux-gnu
release: 1.82.0-nightly
LLVM version: 19.1.0

$ clang --version
Ubuntu clang version 20.0.0 (++20240821083450+84fa7b438e1f-1~exp1~20240821203619.364)
Target: aarch64-unknown-linux-gnu
Thread model: posix
InstalledDir: /usr/lib/llvm-20/bin

Few things which helps me it other cases:

  • disable link-time-optimisation (otherwise link fails with R_AARCH64_ADR_PREL_PG_HI21 out of range)

  • use only lld as linker (otherwise link fails R_AARCH64_ADR_PREL_PG_HI21 out of range)

  • use shared (otherwise ASan conflicts or link fails)

  • use external clang runtime (otherwise ASan conflicts)

  • do not use gcc (sometimes it timeouts)

  • pass target-feature=+tagged-globals (otherwise R_AARCH64_ADR_PREL_PG_HI21 out of range)

  • pass -mllvm -hwasan-globals=0 (otherwise FP crashes)

  • use global cargo config with environment variables (in case env-only, args do not passed to cargo/rustc) (pip isolation)
@n-bes n-bes added the C-bug Category: This is a bug. label Aug 23, 2024
@rustbot rustbot added the needs-triage This issue may need triage. Remove it if it has been sufficiently triaged. label Aug 23, 2024
@n-bes
Copy link
Author

n-bes commented Aug 23, 2024

Any advice is welcome
Logs:

@workingjubilee workingjubilee added PG-exploit-mitigations Project group: Exploit mitigations A-sanitizers Area: Sanitizers for correctness and code quality O-AArch64 Armv8-A or later processors in AArch64 mode labels Aug 24, 2024
@workingjubilee
Copy link
Member

...we support hwasan?
@rcvalle ?

@n-bes
Copy link
Author

n-bes commented Aug 24, 2024

with LD_PRELOAD, possible, false-positive

$ LD_PRELOAD="/usr/lib/llvm-20/lib/clang/20/lib/linux/libclang_rt.hwasan-aarch64.so" python hello.py
==23210==ERROR: HWAddressSanitizer: tag-mismatch on address 0xffffaf5fc0f0 at pc 0xffffaf4a9070
READ of size 8 at 0xffffaf5fc0f0 tags: c6/00 (ptr/mem) in thread T0
    #0 0xffffaf4a9070 in once_cell::sync::OnceCell$LT$T$GT$::get::h74aaba8edb7b3a1e pyo3.663abc5042ebb2ea-cgu.12
    #1 0xffffaf48629c in pyo3::gil::GILGuard::assume::h7ab97064da765af1 pyo3.663abc5042ebb2ea-cgu.02
    #2 0xffffaf2ae5f8 in pyo3::impl_::trampoline::trampoline::h6bac7f608179330c cryptography_rust.2675ce9b9f5dd535-cgu.08
    #3 0xffffaf2cfe38 in PyInit__rust (/src/src/cryptography/hazmat/bindings/_rust.abi3.so+0x2cfe38) (BuildId: d7d9777c073eba735d03135ee9d8c18f82ee7edf)
    #4 0x0000006708a0 in _PyImport_LoadDynamicModuleWithSpec /usr/src/python3.12-3.12.3-1ubuntu0.1/build-static/../Python/importdl.c:169:9
    #5 0x00000066fce8 in _imp_create_dynamic_impl /usr/src/python3.12-3.12.3-1ubuntu0.1/build-static/../Python/import.c:3775:11
    #6 0x00000066fce8 in _imp_create_dynamic /usr/src/python3.12-3.12.3-1ubuntu0.1/build-static/../Python/clinic/import.c.h:506:20
    #7 0x000000503b9c in cfunction_vectorcall_FASTCALL /usr/src/python3.12-3.12.3-1ubuntu0.1/build-static/../Objects/methodobject.c:422:24
    #8 0x000000567874 in _PyEval_EvalFrameDefault /usr/src/python3.12-3.12.3-1ubuntu0.1/build-static/Python/bytecodes.c:3254:26
    #9 0x0000004c3b80 in _PyObject_VectorcallTstate /usr/src/python3.12-3.12.3-1ubuntu0.1/build-static/../Include/internal/pycore_call.h:92:11
    #10 0x0000004c3b80 in object_vacall /usr/src/python3.12-3.12.3-1ubuntu0.1/build-static/../Objects/call.c:850:14
    #11 0x0000004c5764 in PyObject_CallMethodObjArgs /usr/src/python3.12-3.12.3-1ubuntu0.1/build-static/../Objects/call.c:911:24
    #12 0x00000058e58c in import_find_and_load /usr/src/python3.12-3.12.3-1ubuntu0.1/build-static/../Python/import.c:2779:11
    #13 0x00000058e58c in PyImport_ImportModuleLevelObject /usr/src/python3.12-3.12.3-1ubuntu0.1/build-static/../Python/import.c:2862:15
    #14 0x000000568764 in import_name /usr/src/python3.12-3.12.3-1ubuntu0.1/build-static/../Python/ceval.c:2482:15
    #15 0x000000568764 in _PyEval_EvalFrameDefault /usr/src/python3.12-3.12.3-1ubuntu0.1/build-static/Python/bytecodes.c:2135:19
    #16 0x0000005625c0 in _PyEval_EvalFrame /usr/src/python3.12-3.12.3-1ubuntu0.1/build-static/../Include/internal/pycore_ceval.h:89:16
    #17 0x0000005625c0 in _PyEval_Vector /usr/src/python3.12-3.12.3-1ubuntu0.1/build-static/../Python/ceval.c:1683:12
    #18 0x0000005625c0 in PyEval_EvalCode /usr/src/python3.12-3.12.3-1ubuntu0.1/build-static/../Python/ceval.c:578:21
    #19 0x00000055f474 in builtin_exec_impl /usr/src/python3.12-3.12.3-1ubuntu0.1/build-static/../Python/bltinmodule.c:1096:17
    #20 0x00000055f474 in builtin_exec /usr/src/python3.12-3.12.3-1ubuntu0.1/build-static/../Python/clinic/bltinmodule.c.h:586:20
    #21 0x000000503888 in cfunction_vectorcall_FASTCALL_KEYWORDS /usr/src/python3.12-3.12.3-1ubuntu0.1/build-static/../Objects/methodobject.c:438:24
    #22 0x000000567874 in _PyEval_EvalFrameDefault /usr/src/python3.12-3.12.3-1ubuntu0.1/build-static/Python/bytecodes.c:3254:26
    #23 0x0000004c3b80 in _PyObject_VectorcallTstate /usr/src/python3.12-3.12.3-1ubuntu0.1/build-static/../Include/internal/pycore_call.h:92:11
    #24 0x0000004c3b80 in object_vacall /usr/src/python3.12-3.12.3-1ubuntu0.1/build-static/../Objects/call.c:850:14
    #25 0x0000004c5764 in PyObject_CallMethodObjArgs /usr/src/python3.12-3.12.3-1ubuntu0.1/build-static/../Objects/call.c:911:24
    #26 0x00000058e58c in import_find_and_load /usr/src/python3.12-3.12.3-1ubuntu0.1/build-static/../Python/import.c:2779:11
    #27 0x00000058e58c in PyImport_ImportModuleLevelObject /usr/src/python3.12-3.12.3-1ubuntu0.1/build-static/../Python/import.c:2862:15
    #28 0x000000568764 in import_name /usr/src/python3.12-3.12.3-1ubuntu0.1/build-static/../Python/ceval.c:2482:15
    #29 0x000000568764 in _PyEval_EvalFrameDefault /usr/src/python3.12-3.12.3-1ubuntu0.1/build-static/Python/bytecodes.c:2135:19
    #30 0x0000005625c0 in _PyEval_EvalFrame /usr/src/python3.12-3.12.3-1ubuntu0.1/build-static/../Include/internal/pycore_ceval.h:89:16
    #31 0x0000005625c0 in _PyEval_Vector /usr/src/python3.12-3.12.3-1ubuntu0.1/build-static/../Python/ceval.c:1683:12
    #32 0x0000005625c0 in PyEval_EvalCode /usr/src/python3.12-3.12.3-1ubuntu0.1/build-static/../Python/ceval.c:578:21
    #33 0x00000055f474 in builtin_exec_impl /usr/src/python3.12-3.12.3-1ubuntu0.1/build-static/../Python/bltinmodule.c:1096:17
    #34 0x00000055f474 in builtin_exec /usr/src/python3.12-3.12.3-1ubuntu0.1/build-static/../Python/clinic/bltinmodule.c.h:586:20
    #35 0x000000503888 in cfunction_vectorcall_FASTCALL_KEYWORDS /usr/src/python3.12-3.12.3-1ubuntu0.1/build-static/../Objects/methodobject.c:438:24
    #36 0x000000567874 in _PyEval_EvalFrameDefault /usr/src/python3.12-3.12.3-1ubuntu0.1/build-static/Python/bytecodes.c:3254:26
    #37 0x0000004c3b80 in _PyObject_VectorcallTstate /usr/src/python3.12-3.12.3-1ubuntu0.1/build-static/../Include/internal/pycore_call.h:92:11
    #38 0x0000004c3b80 in object_vacall /usr/src/python3.12-3.12.3-1ubuntu0.1/build-static/../Objects/call.c:850:14
    #39 0x0000004c5764 in PyObject_CallMethodObjArgs /usr/src/python3.12-3.12.3-1ubuntu0.1/build-static/../Objects/call.c:911:24
    #40 0x00000058e58c in import_find_and_load /usr/src/python3.12-3.12.3-1ubuntu0.1/build-static/../Python/import.c:2779:11
    #41 0x00000058e58c in PyImport_ImportModuleLevelObject /usr/src/python3.12-3.12.3-1ubuntu0.1/build-static/../Python/import.c:2862:15
    #42 0x000000568764 in import_name /usr/src/python3.12-3.12.3-1ubuntu0.1/build-static/../Python/ceval.c:2482:15
    #43 0x000000568764 in _PyEval_EvalFrameDefault /usr/src/python3.12-3.12.3-1ubuntu0.1/build-static/Python/bytecodes.c:2135:19
    #44 0x0000005625c0 in _PyEval_EvalFrame /usr/src/python3.12-3.12.3-1ubuntu0.1/build-static/../Include/internal/pycore_ceval.h:89:16
    #45 0x0000005625c0 in _PyEval_Vector /usr/src/python3.12-3.12.3-1ubuntu0.1/build-static/../Python/ceval.c:1683:12
    #46 0x0000005625c0 in PyEval_EvalCode /usr/src/python3.12-3.12.3-1ubuntu0.1/build-static/../Python/ceval.c:578:21
    #47 0x00000059b860 in run_eval_code_obj /usr/src/python3.12-3.12.3-1ubuntu0.1/build-static/../Python/pythonrun.c:1722:9
    #48 0x00000059b860 in run_mod /usr/src/python3.12-3.12.3-1ubuntu0.1/build-static/../Python/pythonrun.c:1743:19
    #49 0x000000680df0 in pyrun_file /usr/src/python3.12-3.12.3-1ubuntu0.1/build-static/../Python/pythonrun.c:1643:15
    #50 0x0000006809c4 in _PyRun_SimpleFileObject /usr/src/python3.12-3.12.3-1ubuntu0.1/build-static/../Python/pythonrun.c:433:13
    #51 0x000000680790 in _PyRun_AnyFileObject /usr/src/python3.12-3.12.3-1ubuntu0.1/build-static/../Python/pythonrun.c:78:15
    #52 0x00000068b7e8 in pymain_run_file_obj /usr/src/python3.12-3.12.3-1ubuntu0.1/build-static/../Modules/main.c:360:15
    #53 0x00000068b7e8 in pymain_run_file /usr/src/python3.12-3.12.3-1ubuntu0.1/build-static/../Modules/main.c:379:15
    #54 0x00000068b7e8 in pymain_run_python /usr/src/python3.12-3.12.3-1ubuntu0.1/build-static/../Modules/main.c:629:21
    #55 0x00000068b7e8 in Py_RunMain /usr/src/python3.12-3.12.3-1ubuntu0.1/build-static/../Modules/main.c:709:5
    #56 0x00000068b3a4 in Py_BytesMain /usr/src/python3.12-3.12.3-1ubuntu0.1/build-static/../Modules/main.c:763:12
    #57 0xffffb1fd84c0 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #58 0xffffb1fd8594 in __libc_start_main csu/../csu/libc-start.c:360:3
    #59 0x0000005f6e6c in _start (/usr/bin/python3.12+0x5f6e6c) (BuildId: 68b2107323bc2433746e01a6b0e473fc32fda806)


Thread: T0 0xeffe00002000 stack: [0xffffc6143000,0xffffc6943000) sz: 8388608 tls: [0xffffb2db1460,0xffffb2db2320)

Memory tags around the buggy address (one tag corresponds to 16 bytes):
  0xffffaf5fb800: 00  00  00  00  00  00  00  00  00  00  00  00  00  00  00  00
  0xffffaf5fb900: 00  00  00  00  00  00  00  00  00  00  00  00  00  00  00  00
  0xffffaf5fba00: 00  00  00  00  00  00  00  00  00  00  00  00  00  00  00  00
  0xffffaf5fbb00: 00  00  00  00  00  00  00  00  00  00  00  00  00  00  00  00
  0xffffaf5fbc00: 00  00  00  00  00  00  00  00  00  00  00  00  00  00  00  00
  0xffffaf5fbd00: 00  00  00  00  00  00  00  00  00  00  00  00  00  00  00  00
  0xffffaf5fbe00: 00  00  00  00  00  00  00  00  00  00  00  00  00  00  00  00
  0xffffaf5fbf00: 00  00  00  00  00  00  00  00  00  00  00  00  00  00  00  00
=>0xffffaf5fc000: 00  00  00  00  00  00  00  00  00  00  00  00  00  00  00 [00]
  0xffffaf5fc100: 00  00  00  00  00  00  00  00  00  00  00  00  00  00  00  00
  0xffffaf5fc200: 00  00  00  00  00  00  00  00  00  00  00  00  00  00  00  00
  0xffffaf5fc300: 00  00  00  00  00  00  00  00  00  00  00  00  00  00  00  00
  0xffffaf5fc400: 00  00  00  00  00  00  00  00  00  00  00  00  00  00  00  00
  0xffffaf5fc500: 00  00  00  00  00  00  00  00  00  00  00  00  00  00  00  00
  0xffffaf5fc600: 00  00  00  00  00  00  00  00  00  00  00  00  00  00  00  00
  0xffffaf5fc700: 00  00  00  00  00  00  00  00  00  00  00  00  00  00  00  00
  0xffffaf5fc800: 00  00  00  00  00  00  00  00  00  00  00  00  00  00  00  00
Tags for short granules around the buggy address (one tag corresponds to 16 bytes):
  0xffffaf5fbf00: ..  ..  ..  ..  ..  ..  ..  ..  ..  ..  ..  ..  ..  ..  ..  ..
=>0xffffaf5fc000: ..  ..  ..  ..  ..  ..  ..  ..  ..  ..  ..  ..  ..  ..  .. [..]
  0xffffaf5fc100: ..  ..  ..  ..  ..  ..  ..  ..  ..  ..  ..  ..  ..  ..  ..  ..
See https://clang.llvm.org/docs/HardwareAssistedAddressSanitizerDesign.html#short-granules for a description of short granule tags

Registers where the failure occurred (pc 0xffffaf4a9070):
    x0  c600ffffaf5fc0f0  x1  0000ffffb2d948a0  x2  0000ffffb07826c8  x3  0000ffffb07798f0
    x4  0000000000079830  x5  0000000000b2d8d0  x6  e100ef3dffe3d838  x7  0000ffffaf604b18
    x8  00000000000000c6  x9  0000000000000000  x10 0000000000000000  x11 0000000000000000
    x12 0000ffffc693fbb0  x13 0200effeffffffff  x14 00000ffffc693fc3  x15 0000000000000000
    x16 0000ffffb222d064  x17 0000000000000007  x18 0000000000000006  x19 3100ffffc693fbb0
    x20 0200efff00000000  x21 1000ffffc693fcb0  x22 00401dffc0000011  x23 0000ffffc693fc30
    x24 0200efff00000000  x25 0000ffffc693fc10  x26 00401dffc0000091  x27 00401dffc00000d1
    x28 0000000000b8a278  x29 0000ffffc693fc50  x30 0000ffffaf4a9074   sp 0000ffffc693fb80
SUMMARY: HWAddressSanitizer: tag-mismatch pyo3.663abc5042ebb2ea-cgu.12 in once_cell::sync::OnceCell$LT$T$GT$::get::h74aaba8edb7b3a1e

@n-bes n-bes mentioned this issue Aug 24, 2024
Open
1 task
@rcvalle
Copy link
Member

rcvalle commented Aug 27, 2024

...we support hwasan? @rcvalle ?

We've experimental support for it for some targets (see #123615 (comment)), but I don't know if it we currently support cross-language hardware-assisted AddressSanitizer.

Unfortunately, I don't have the hardware to reproduce this issue at hand at the moment, but if it hasn't been tried yet, I'd suggest trying matching the same LLVM version and runtimes version across languages, and proper LTO (i.e., -Clinker-plugin-lto).

@saethlin saethlin removed the needs-triage This issue may need triage. Remove it if it has been sufficiently triaged. label Sep 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-sanitizers Area: Sanitizers for correctness and code quality C-bug Category: This is a bug. O-AArch64 Armv8-A or later processors in AArch64 mode PG-exploit-mitigations Project group: Exploit mitigations
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@rcvalle @n-bes @saethlin @workingjubilee @rustbot