Last active
March 31, 2023 12:51
-
-
Save jbourassa/82f3a89c83465ae33c7875338c923200 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ ASAN_OPTIONS=detect_stack_use_after_return=1 \ | |
| DYLD_INSERT_LIBRARIES=$HOME/.rustup/toolchains/nightly-aarch64-apple-darwin/lib/rustlib/aarch64-apple-darwin/lib/librustc-nightly_rt.asan.dylib \ | |
| ruby -Ilib examples/crash.rb | |
| Using wasmtime-rb 6.0.0: /Users/jbourassa/src/github.com/bytecodealliance/wasmtime-rb/lib/wasmtime/wasmtime_rb.bundle | |
| ================================================================= | |
| ==68819==ERROR: AddressSanitizer: heap-use-after-free on address 0x000106e5af30 at pc 0x0001129dd114 bp 0x00016cf599b0 sp 0x00016cf599a8 | |
| WRITE of size 8 at 0x000106e5af30 thread T0 | |
| #0 0x1129dd110 in wasmtime_rb::ruby_api::func::make_func_closure::_$u7b$$u7b$closure$u7d$$u7d$::hc435f6e5fd9cf7d8 func.rs:270 | |
| #1 0x1129c500c in wasmtime::func::Func::invoke::hc54fcea15d9124cb func.rs:1125 | |
| #2 0x11294fb10 in std::panicking::try::do_call::hf6708b0126bf6553 panicking.rs:487 | |
| #3 0x112a02ba4 in __rust_try+0x1c (wasmtime_rb.bundle:arm64+0xe76ba4) (BuildId: 29e7e1e1b9273419b16b31f1efe2aae932000000200000000100000000000d00) | |
| #4 0x1129c4598 in wasmtime::trampoline::func::stub_fn::h72c605e476de8712 func.rs:39 | |
| #5 0x1041f8090 (<unknown module>) | |
| #6 0xa2d0001041f8020 (<unknown module>) | |
| #7 0x914f800112d0177c (<unknown module>) | |
| #8 0x1129c66d0 in wasmtime::func::Func::call_impl::h11763b1bee0d92fc func.rs:1053 | |
| #9 0x1129da28c in wasmtime_rb::ruby_api::func::Func::invoke::h2df006c72a10403a func.rs:182 | |
| #10 0x1128ba9b0 in std::panicking::try::do_call::hb6379103ca1d7625 panicking.rs:487 | |
| #11 0x112a02ba4 in __rust_try+0x1c (wasmtime_rb.bundle:arm64+0xe76ba4) (BuildId: 29e7e1e1b9273419b16b31f1efe2aae932000000200000000100000000000d00) | |
| #12 0x1129e8848 in wasmtime_rb::ruby_api::func::init::anon::h87467a1bc0ba7728 method.rs:2599 | |
| #13 0x1046e6170 in vm_call_cfunc_with_frame+0xe4 (libruby.3.2.dylib:arm64+0x262170) (BuildId: abc4c43c0bf83de58701765c9b2dec8e32000000200000000100000000000d00) | |
| #14 0x1046e84d0 in vm_sendish+0x4c8 (libruby.3.2.dylib:arm64+0x2644d0) (BuildId: abc4c43c0bf83de58701765c9b2dec8e32000000200000000100000000000d00) | |
| #15 0x1046c9bbc in vm_exec_core+0x2398 (libruby.3.2.dylib:arm64+0x245bbc) (BuildId: abc4c43c0bf83de58701765c9b2dec8e32000000200000000100000000000d00) | |
| #16 0x1046dd0e4 in rb_vm_exec+0xad0 (libruby.3.2.dylib:arm64+0x2590e4) (BuildId: abc4c43c0bf83de58701765c9b2dec8e32000000200000000100000000000d00) | |
| #17 0x1046ec92c in invoke_block_from_c_bh+0x394 (libruby.3.2.dylib:arm64+0x26892c) (BuildId: abc4c43c0bf83de58701765c9b2dec8e32000000200000000100000000000d00) | |
| #18 0x1046d56fc in rb_yield_1+0x78 (libruby.3.2.dylib:arm64+0x2516fc) (BuildId: abc4c43c0bf83de58701765c9b2dec8e32000000200000000100000000000d00) | |
| #19 0x1045b5e7c in int_dotimes+0x144 (libruby.3.2.dylib:arm64+0x131e7c) (BuildId: abc4c43c0bf83de58701765c9b2dec8e32000000200000000100000000000d00) | |
| #20 0x1046e6170 in vm_call_cfunc_with_frame+0xe4 (libruby.3.2.dylib:arm64+0x262170) (BuildId: abc4c43c0bf83de58701765c9b2dec8e32000000200000000100000000000d00) | |
| #21 0x1046e84d0 in vm_sendish+0x4c8 (libruby.3.2.dylib:arm64+0x2644d0) (BuildId: abc4c43c0bf83de58701765c9b2dec8e32000000200000000100000000000d00) | |
| #22 0x1046c9b70 in vm_exec_core+0x234c (libruby.3.2.dylib:arm64+0x245b70) (BuildId: abc4c43c0bf83de58701765c9b2dec8e32000000200000000100000000000d00) | |
| #23 0x1046dd0e4 in rb_vm_exec+0xad0 (libruby.3.2.dylib:arm64+0x2590e4) (BuildId: abc4c43c0bf83de58701765c9b2dec8e32000000200000000100000000000d00) | |
| #24 0x104521f3c in rb_ec_exec_node+0x128 (libruby.3.2.dylib:arm64+0x9df3c) (BuildId: abc4c43c0bf83de58701765c9b2dec8e32000000200000000100000000000d00) | |
| #25 0x104521da8 in ruby_run_node+0x5c (libruby.3.2.dylib:arm64+0x9dda8) (BuildId: abc4c43c0bf83de58701765c9b2dec8e32000000200000000100000000000d00) | |
| #26 0x102ea7f30 in main+0x64 (ruby:arm64+0x100003f30) (BuildId: 9a3f437e3e453df5aa10c232cc19795732000000200000000100000000000d00) | |
| #27 0x19c93fe4c (<unknown module>) | |
| #28 0x5357ffffffffffc (<unknown module>) | |
| 0x000106e5af30 is located 0 bytes inside of 16-byte region [0x000106e5af30,0x000106e5af40) | |
| freed by thread T0 here: | |
| #0 0x10329ace4 in wrap_free+0x8c (librustc-nightly_rt.asan.dylib:arm64+0x3ece4) (BuildId: 31bdcb1179dd3203aa5361ad5e96177032000000200000000100000000000b00) | |
| #1 0x112a02ba4 in __rust_try+0x1c (wasmtime_rb.bundle:arm64+0xe76ba4) (BuildId: 29e7e1e1b9273419b16b31f1efe2aae932000000200000000100000000000d00) | |
| #2 0x11299e784 in magnus::typed_data::DataTypeFunctions::extern_free::h204833853071aa81 typed_data.rs:130 | |
| #3 0x104544450 in obj_free+0x8a0 (libruby.3.2.dylib:arm64+0xc0450) (BuildId: abc4c43c0bf83de58701765c9b2dec8e32000000200000000100000000000d00) | |
| #4 0x104543aac in gc_sweep_page+0x270 (libruby.3.2.dylib:arm64+0xbfaac) (BuildId: abc4c43c0bf83de58701765c9b2dec8e32000000200000000100000000000d00) | |
| #5 0x104542250 in gc_sweep_step+0x130 (libruby.3.2.dylib:arm64+0xbe250) (BuildId: abc4c43c0bf83de58701765c9b2dec8e32000000200000000100000000000d00) | |
| #6 0x104541c00 in gc_sweep+0xa40 (libruby.3.2.dylib:arm64+0xbdc00) (BuildId: abc4c43c0bf83de58701765c9b2dec8e32000000200000000100000000000d00) | |
| #7 0x104547040 in gc_start+0xd98 (libruby.3.2.dylib:arm64+0xc3040) (BuildId: abc4c43c0bf83de58701765c9b2dec8e32000000200000000100000000000d00) | |
| #8 0x10453a748 in objspace_xmalloc0+0xb8 (libruby.3.2.dylib:arm64+0xb6748) (BuildId: abc4c43c0bf83de58701765c9b2dec8e32000000200000000100000000000d00) | |
| #9 0x1046cf9a0 in callable_method_entry_or_negative+0x248 (libruby.3.2.dylib:arm64+0x24b9a0) (BuildId: abc4c43c0bf83de58701765c9b2dec8e32000000200000000100000000000d00) | |
| #10 0x1046d4580 in rb_check_funcall_default_kw+0x178 (libruby.3.2.dylib:arm64+0x250580) (BuildId: abc4c43c0bf83de58701765c9b2dec8e32000000200000000100000000000d00) | |
| #11 0x1045bd22c in convert_type_with_id+0x38 (libruby.3.2.dylib:arm64+0x13922c) (BuildId: abc4c43c0bf83de58701765c9b2dec8e32000000200000000100000000000d00) | |
| #12 0x1045bd7b4 in rb_to_int+0x48 (libruby.3.2.dylib:arm64+0x1397b4) (BuildId: abc4c43c0bf83de58701765c9b2dec8e32000000200000000100000000000d00) | |
| #13 0x104522d0c in rb_protect+0x160 (libruby.3.2.dylib:arm64+0x9ed0c) (BuildId: abc4c43c0bf83de58701765c9b2dec8e32000000200000000100000000000d00) | |
| #14 0x112044bbc in _$LT$magnus..integer..Integer$u20$as$u20$magnus..try_convert..TryConvert$GT$::try_convert::hc2d0c9bda7181f5f integer.rs:415 | |
| #15 0x11204ec58 in _$LT$i32$u20$as$u20$magnus..try_convert..TryConvert$GT$::try_convert::hdfd15b80ab65208a try_convert.rs:81 | |
| #16 0x1129d41e0 in _$LT$magnus..value..Value$u20$as$u20$wasmtime_rb..ruby_api..convert..ToWasmVal$GT$::to_wasm_val::he113da9357e12752 convert.rs:68 | |
| #17 0x1129dc07c in wasmtime_rb::ruby_api::func::make_func_closure::_$u7b$$u7b$closure$u7d$$u7d$::hc435f6e5fd9cf7d8 func.rs:230 | |
| #18 0x1129c500c in wasmtime::func::Func::invoke::hc54fcea15d9124cb func.rs:1125 | |
| #19 0x11294fb10 in std::panicking::try::do_call::hf6708b0126bf6553 panicking.rs:487 | |
| #20 0x112a02ba4 in __rust_try+0x1c (wasmtime_rb.bundle:arm64+0xe76ba4) (BuildId: 29e7e1e1b9273419b16b31f1efe2aae932000000200000000100000000000d00) | |
| #21 0x1129c4598 in wasmtime::trampoline::func::stub_fn::h72c605e476de8712 func.rs:39 | |
| #22 0x1041f8090 (<unknown module>) | |
| #23 0xa2d0001041f8020 (<unknown module>) | |
| #24 0x914f800112d0177c (<unknown module>) | |
| #25 0x1129c66d0 in wasmtime::func::Func::call_impl::h11763b1bee0d92fc func.rs:1053 | |
| #26 0x1129da28c in wasmtime_rb::ruby_api::func::Func::invoke::h2df006c72a10403a func.rs:182 | |
| #27 0x1128ba9b0 in std::panicking::try::do_call::hb6379103ca1d7625 panicking.rs:487 | |
| #28 0x112a02ba4 in __rust_try+0x1c (wasmtime_rb.bundle:arm64+0xe76ba4) (BuildId: 29e7e1e1b9273419b16b31f1efe2aae932000000200000000100000000000d00) | |
| #29 0x1129e8848 in wasmtime_rb::ruby_api::func::init::anon::h87467a1bc0ba7728 method.rs:2599 | |
| previously allocated by thread T0 here: | |
| #0 0x10329abb4 in wrap_malloc+0x88 (librustc-nightly_rt.asan.dylib:arm64+0x3ebb4) (BuildId: 31bdcb1179dd3203aa5361ad5e96177032000000200000000100000000000b00) | |
| #1 0x112138d54 in __rdl_alloc alloc.rs:381 | |
| #2 0x1129db928 in wasmtime_rb::ruby_api::func::make_func_closure::_$u7b$$u7b$closure$u7d$$u7d$::hc435f6e5fd9cf7d8 func.rs:214 | |
| #3 0x1129c500c in wasmtime::func::Func::invoke::hc54fcea15d9124cb func.rs:1125 | |
| #4 0x11294fb10 in std::panicking::try::do_call::hf6708b0126bf6553 panicking.rs:487 | |
| #5 0x112a02ba4 in __rust_try+0x1c (wasmtime_rb.bundle:arm64+0xe76ba4) (BuildId: 29e7e1e1b9273419b16b31f1efe2aae932000000200000000100000000000d00) | |
| #6 0x1129c4598 in wasmtime::trampoline::func::stub_fn::h72c605e476de8712 func.rs:39 | |
| #7 0x1041f8090 (<unknown module>) | |
| #8 0xa2d0001041f8020 (<unknown module>) | |
| #9 0x914f800112d0177c (<unknown module>) | |
| #10 0x1129c66d0 in wasmtime::func::Func::call_impl::h11763b1bee0d92fc func.rs:1053 | |
| #11 0x1129da28c in wasmtime_rb::ruby_api::func::Func::invoke::h2df006c72a10403a func.rs:182 | |
| #12 0x1128ba9b0 in std::panicking::try::do_call::hb6379103ca1d7625 panicking.rs:487 | |
| #13 0x112a02ba4 in __rust_try+0x1c (wasmtime_rb.bundle:arm64+0xe76ba4) (BuildId: 29e7e1e1b9273419b16b31f1efe2aae932000000200000000100000000000d00) | |
| #14 0x1129e8848 in wasmtime_rb::ruby_api::func::init::anon::h87467a1bc0ba7728 method.rs:2599 | |
| #15 0x1046e6170 in vm_call_cfunc_with_frame+0xe4 (libruby.3.2.dylib:arm64+0x262170) (BuildId: abc4c43c0bf83de58701765c9b2dec8e32000000200000000100000000000d00) | |
| #16 0x1046e84d0 in vm_sendish+0x4c8 (libruby.3.2.dylib:arm64+0x2644d0) (BuildId: abc4c43c0bf83de58701765c9b2dec8e32000000200000000100000000000d00) | |
| #17 0x1046c9bbc in vm_exec_core+0x2398 (libruby.3.2.dylib:arm64+0x245bbc) (BuildId: abc4c43c0bf83de58701765c9b2dec8e32000000200000000100000000000d00) | |
| #18 0x1046dd0e4 in rb_vm_exec+0xad0 (libruby.3.2.dylib:arm64+0x2590e4) (BuildId: abc4c43c0bf83de58701765c9b2dec8e32000000200000000100000000000d00) | |
| #19 0x1046ec92c in invoke_block_from_c_bh+0x394 (libruby.3.2.dylib:arm64+0x26892c) (BuildId: abc4c43c0bf83de58701765c9b2dec8e32000000200000000100000000000d00) | |
| #20 0x1046d56fc in rb_yield_1+0x78 (libruby.3.2.dylib:arm64+0x2516fc) (BuildId: abc4c43c0bf83de58701765c9b2dec8e32000000200000000100000000000d00) | |
| #21 0x1045b5e7c in int_dotimes+0x144 (libruby.3.2.dylib:arm64+0x131e7c) (BuildId: abc4c43c0bf83de58701765c9b2dec8e32000000200000000100000000000d00) | |
| #22 0x1046e6170 in vm_call_cfunc_with_frame+0xe4 (libruby.3.2.dylib:arm64+0x262170) (BuildId: abc4c43c0bf83de58701765c9b2dec8e32000000200000000100000000000d00) | |
| #23 0x1046e84d0 in vm_sendish+0x4c8 (libruby.3.2.dylib:arm64+0x2644d0) (BuildId: abc4c43c0bf83de58701765c9b2dec8e32000000200000000100000000000d00) | |
| #24 0x1046c9b70 in vm_exec_core+0x234c (libruby.3.2.dylib:arm64+0x245b70) (BuildId: abc4c43c0bf83de58701765c9b2dec8e32000000200000000100000000000d00) | |
| #25 0x1046dd0e4 in rb_vm_exec+0xad0 (libruby.3.2.dylib:arm64+0x2590e4) (BuildId: abc4c43c0bf83de58701765c9b2dec8e32000000200000000100000000000d00) | |
| #26 0x104521f3c in rb_ec_exec_node+0x128 (libruby.3.2.dylib:arm64+0x9df3c) (BuildId: abc4c43c0bf83de58701765c9b2dec8e32000000200000000100000000000d00) | |
| #27 0x104521da8 in ruby_run_node+0x5c (libruby.3.2.dylib:arm64+0x9dda8) (BuildId: abc4c43c0bf83de58701765c9b2dec8e32000000200000000100000000000d00) | |
| #28 0x102ea7f30 in main+0x64 (ruby:arm64+0x100003f30) (BuildId: 9a3f437e3e453df5aa10c232cc19795732000000200000000100000000000d00) | |
| #29 0x19c93fe4c (<unknown module>) | |
| SUMMARY: AddressSanitizer: heap-use-after-free func.rs:270 in wasmtime_rb::ruby_api::func::make_func_closure::_$u7b$$u7b$closure$u7d$$u7d$::hc435f6e5fd9cf7d8 | |
| Shadow bytes around the buggy address: | |
| 0x007020deb590: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa | |
| 0x007020deb5a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa | |
| 0x007020deb5b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa | |
| 0x007020deb5c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa | |
| 0x007020deb5d0: fa fa fa fa fa fa 00 00 fa fa 00 00 fa fa 00 00 | |
| =>0x007020deb5e0: fa fa 00 00 fa fa[fd]fd fa fa 02 fa fa fa 02 fa | |
| 0x007020deb5f0: fa fa 00 00 fa fa 00 00 fa fa 00 07 fa fa 02 fa | |
| 0x007020deb600: fa fa 02 fa fa fa fd fa fa fa fd fa fa fa fd fd | |
| 0x007020deb610: fa fa fd fd fa fa fd fd fa fa fd fa fa fa fd fd | |
| 0x007020deb620: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa | |
| 0x007020deb630: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa | |
| Shadow byte legend (one shadow byte represents 8 application bytes): | |
| Addressable: 00 | |
| Partially addressable: 01 02 03 04 05 06 07 | |
| Heap left redzone: fa | |
| Freed heap region: fd | |
| Stack left redzone: f1 | |
| Stack mid redzone: f2 | |
| Stack right redzone: f3 | |
| Stack after return: f5 | |
| Stack use after scope: f8 | |
| Global redzone: f9 | |
| Global init order: f6 | |
| Poisoned by user: f7 | |
| Container overflow: fc | |
| Array cookie: ac | |
| Intra object redzone: bb | |
| ASan internal: fe | |
| Left alloca redzone: ca | |
| Right alloca redzone: cb | |
| ==68819==ABORTING | |
| zsh: abort ASAN_OPTIONS=detect_stack_use_after_return=1 DYLD_INSERT_LIBRARIES= ruby -Ili |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment