Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ASLR and "malloc returned something that is in RVM address space" #158

Open
wks opened this issue Feb 1, 2024 · 0 comments
Open

ASLR and "malloc returned something that is in RVM address space" #158

wks opened this issue Feb 1, 2024 · 0 comments

Comments

@wks
Copy link
Collaborator

wks commented Feb 1, 2024

When executing rvm, there is a 50% chance that the error message "malloc returned something that is in RVM address space" will appear. For example:

$ ./dist/RBaseBaseSemiSpace_x86_64_m32-linux/rvm 
malloc returned something that is in RVM address space: 0x661c9360
malloc returned something that is in RVM address space: 0x661c93b0
malloc returned something that is in RVM address space: 0x661c93d0
[2024-02-01T09:10:06Z INFO  mmtk::memory_manager] Initialized MMTk with SemiSpace (FixedHeapSize(104857600))
malloc returned something that is in RVM address space: 0x661d1400
malloc returned something that is in RVM address space: 0x661d2510
malloc returned something that is in RVM address space: 0x661f40a0
malloc returned something that is in RVM address space: 0x661f40f0
malloc returned something that is in RVM address space: 0x661f4170
malloc returned something that is in RVM address space: 0x661f41c0
malloc returned something that is in RVM address space: 0x661f4210
malloc returned something that is in RVM address space: 0x661f4260
...
malloc returned something that is in RVM address space: 0x661ff8f0
malloc returned something that is in RVM address space: 0x661f15e0
malloc returned something that is in RVM address space: 0x661f15e0
malloc returned something that is in RVM address space: 0x661ff930
malloc returned something that is in RVM address space: 0x661ff930
malloc returned something that is in RVM address space: 0x661ff8f0
malloc returned something that is in RVM address space: 0x661ff8f0
malloc returned something that is in RVM address space: 0x661ff8f0
malloc returned something that is in RVM address space: 0x661ff8f0
vm: Please specify a class to execute.
vm:   You can invoke the VM with the "-help" flag for usage information.

It seems to be related to address space layout randomization (ASLR). If I turn ASLR off using setarch -R, the error message disappears.

$ setarch -R ./dist/RBaseBaseSemiSpace_x86_64_m32-linux/rvm 
[2024-02-01T09:18:04Z INFO  mmtk::memory_manager] Initialized MMTk with SemiSpace (FixedHeapSize(104857600))
vm: Please specify a class to execute.
vm:   You can invoke the VM with the "-help" flag for usage information.

So it may be related to the way malloc and mmtk-core manages the address space. I am not sure whether it is related to a random failure like this:

rvm -jar dacapo-2006-10-MR2.jar lusearch
malloc returned something that is in RVM address space: 0x615a5370
malloc returned something that is in RVM address space: 0x615a53c0
malloc returned something that is in RVM address space: 0x615a53e0
[2024-02-01T09:03:00Z INFO  mmtk::memory_manager] Initialized MMTk with SemiSpace (FixedHeapSize(104857600))
JikesRVM: Unhandled opcode 0x8e during decoding of instruction at 60610a00, stopped decoding

Fatal error: NullPointerException within uninterruptible region.
trapCode = 0
trapInfo = 0x00000000
Exiting virtual machine due to uninterruptibility violation.
Thread #1
-- Stack --
(0x6145a530 14268)   at [0x6145a530, 0x64360dbf] Lorg/jikesrvm/VM; sysFail(Ljava/lang/String;)V at line 2455 at bytecode index 14 at machine code offset 0x0000004c
(0x6145a56c 2945)   at [0x6145a56c, 0x00000000] Lorg/jikesrvm/runtime/RuntimeEntrypoints; deliverHardwareException(ILorg/vmmagic/unboxed/Word;)V at line 780 at bytecode index 368 at machine code offset 0x0000041b
   at [0x6145a580, 0x00000000] <native frame>
   at [0x61462b64, 0x64253682] <native frame>
(0x61462ba8 3100)   at [0x61462ba8, 0x642132e2] Lorg/jikesrvm/runtime/SysCall; sysAlloc(Lorg/vmmagic/unboxed/Address;IIII)Lorg/vmmagic/unboxed/Address; at line 270 at bytecode index 8 at machine code offset 0x00000052
(0x61462bec 8929)   at [0x61462bec, 0x64213401] Lorg/jikesrvm/mm/mminterface/MMTkMutatorContext; slowPath(IIII)Lorg/vmmagic/unboxed/Address; at line 379 at bytecode index 22 at machine code offset 0x00000062
(0x61462c4c 8928)   at [0x61462c4c, 0x64214f58] Lorg/jikesrvm/mm/mminterface/MMTkMutatorContext; bumpAllocatorFastPath(IIIII)Lorg/vmmagic/unboxed/Address; at line 367 at bytecode index 111 at machine code offset 0x00000101
(0x61462c98 8925)   at [0x61462c98, 0x64370d04] Lorg/jikesrvm/mm/mminterface/MMTkMutatorContext; alloc(IIIII)Lorg/vmmagic/unboxed/Address; at line 331 at bytecode index 38 at machine code offset 0x000000c8
(0x61462ce0 3404)   at [0x61462ce0, 0x64371038] Lorg/jikesrvm/mm/mminterface/MemoryManager; allocateSpace(Lorg/jikesrvm/mm/mminterface/Selected$Mutator;IIIII)Lorg/vmmagic/unboxed/Address; at line 729 at bytecode index 16 at machine code offset 0x0000006c
(0x61462d30 3400)   at [0x61462d30, 0x6436216f] Lorg/jikesrvm/mm/mminterface/MemoryManager; allocateScalar(ILorg/jikesrvm/objectmodel/TIB;IIII)Ljava/lang/Object; at line 629 at bytecode index 29 at machine code offset 0x00000094
(0x61462d7c 2931)   at [0x61462d7c, 0x64371fa6] Lorg/jikesrvm/runtime/RuntimeEntrypoints; resolvedNewScalar(ILorg/jikesrvm/objectmodel/TIB;ZIIII)Ljava/lang/Object; at line 330 at bytecode index 9 at machine code offset 0x0000006f
(0x61462db4 3377)   at [0x61462db4, 0x6436d583] Lorg/jikesrvm/mm/mminterface/MemoryManager; boot(Lorg/jikesrvm/runtime/BootRecord;)V at line 208 at bytecode index 100 at machine code offset 0x0000018a
(0x61462dd8 14091)   at [0x61462dd8, 0x6436e0ad] Lorg/jikesrvm/VM; finishBooting()V at line 202 at bytecode index 57 at machine code offset 0x000000db
(0x61462df0 14090)   at [0x61462df0, 0xf07377e0] Lorg/jikesrvm/VM; boot()V at line 172 at bytecode index 103 at machine code offset 0x00000115
********************************************************************************
*                      Abnormal termination of Jikes RVM                       *
* Jikes RVM terminated abnormally indicating a problem in the virtual machine. *
* Jikes RVM relies on community support to get debug information. Help improve *
* Jikes RVM for everybody by reporting this error. Please see:                 *
*                    http://www.jikesrvm.org/ReportingBugs/                    *
********************************************************************************
JikesRVM: Failing instruction starting at f0753b5b wasn't in RVM address space
JikesRVM: unexpected hardware trap outside of RVM address space - 0xf0753b5b (nil)
fault address 0x67a4e738
eip           0xf0753b5b
eax (T0)      0x6145a35c
ebx (ctrs)    0xf077ea30
ecx (S0)      0x1f
edx (T1)      0x6060e1a4
esi (TR)      (nil)
edi (S1)      0x67a4e738
ebp           0x7c967e3f
esp (SP)      0x6145a300
cs            0x23
ds            0x2b
es            0x2b
fs            (nil)
gs            0x63
ss            0x2b
trapno        0x0000000e
err           0x00000004
eflags        0x00010206
fpregs        0x615aba50
oldmask       0x00000000
cr2           0x67a4e738
attempting to dump proc map ...
3c000000-3d000000 rwxp 00000000 00:00 0 
60000000-61493000 rwxp 00000000 103:03 98456302                          /home/wks/projects/mmtk-github/parallels/feature/fork/jikesrvm/dist/RBaseBaseSemiSpace_x86_64_m32-linux/RVM.data.image
615a5000-615e8000 rw-p 00000000 00:00 0                                  [heap]
64000000-64375000 rwxp 00000000 103:03 98456301                          /home/wks/projects/mmtk-github/parallels/feature/fork/jikesrvm/dist/RBaseBaseSemiSpace_x86_64_m32-linux/RVM.code.image
67000000-67054000 r--p 00000000 103:03 98456304                          /home/wks/projects/mmtk-github/parallels/feature/fork/jikesrvm/dist/RBaseBaseSemiSpace_x86_64_m32-linux/RVM.rmap.image
ef600000-ef881000 rw-p 00000000 00:00 0 
efa00000-efa22000 r--p 00000000 103:02 1478230                           /usr/lib32/libc.so.6
efa22000-efba4000 r-xp 00022000 103:02 1478230                           /usr/lib32/libc.so.6
efba4000-efc1f000 r--p 001a4000 103:02 1478230                           /usr/lib32/libc.so.6
efc1f000-efc21000 r--p 0021e000 103:02 1478230                           /usr/lib32/libc.so.6
efc21000-efc22000 rw-p 00220000 103:02 1478230                           /usr/lib32/libc.so.6
efc22000-efc27000 rw-p 00000000 00:00 0 
efdd7000-efdda000 r--p 00000000 103:02 1478404                           /usr/lib32/libgcc_s.so.1
efdda000-efdf9000 r-xp 00003000 103:02 1478404                           /usr/lib32/libgcc_s.so.1
efdf9000-efdfe000 r--p 00022000 103:02 1478404                           /usr/lib32/libgcc_s.so.1
efdfe000-efdff000 r--p 00027000 103:02 1478404                           /usr/lib32/libgcc_s.so.1
efdff000-efe00000 rw-p 00028000 103:02 1478404                           /usr/lib32/libgcc_s.so.1
efe00000-efe29000 r--p 00000000 103:03 98456347                          /home/wks/projects/mmtk-github/parallels/feature/fork/jikesrvm/dist/RBaseBaseSemiSpace_x86_64_m32-linux/libmmtk.so
efe29000-f03fa000 r-xp 00029000 103:03 98456347                          /home/wks/projects/mmtk-github/parallels/feature/fork/jikesrvm/dist/RBaseBaseSemiSpace_x86_64_m32-linux/libmmtk.so
f03fa000-f05bf000 r--p 005fa000 103:03 98456347                          /home/wks/projects/mmtk-github/parallels/feature/fork/jikesrvm/dist/RBaseBaseSemiSpace_x86_64_m32-linux/libmmtk.so
f05bf000-f05f0000 r--p 007bf000 103:03 98456347                          /home/wks/projects/mmtk-github/parallels/feature/fork/jikesrvm/dist/RBaseBaseSemiSpace_x86_64_m32-linux/libmmtk.so
f05f0000-f05f1000 rw-p 007f0000 103:03 98456347                          /home/wks/projects/mmtk-github/parallels/feature/fork/jikesrvm/dist/RBaseBaseSemiSpace_x86_64_m32-linux/libmmtk.so
f05f1000-f05f2000 rw-p 00000000 00:00 0 
f060e000-f0610000 rw-p 00000000 00:00 0 
f0610000-f061d000 r--p 00000000 103:02 1478240                           /usr/lib32/libm.so.6
f061d000-f06ab000 r-xp 0000d000 103:02 1478240                           /usr/lib32/libm.so.6
f06ab000-f06e2000 r--p 0009b000 103:02 1478240                           /usr/lib32/libm.so.6
f06e2000-f06e3000 r--p 000d1000 103:02 1478240                           /usr/lib32/libm.so.6
f06e3000-f06e4000 rw-p 000d2000 103:02 1478240                           /usr/lib32/libm.so.6
f0729000-f072c000 r--p 00000000 103:03 98456345                          /home/wks/projects/mmtk-github/parallels/feature/fork/jikesrvm/dist/RBaseBaseSemiSpace_x86_64_m32-linux/libjvm.so
f072c000-f0739000 r-xp 00003000 103:03 98456345                          /home/wks/projects/mmtk-github/parallels/feature/fork/jikesrvm/dist/RBaseBaseSemiSpace_x86_64_m32-linux/libjvm.so
f0739000-f0740000 r--p 00010000 103:03 98456345                          /home/wks/projects/mmtk-github/parallels/feature/fork/jikesrvm/dist/RBaseBaseSemiSpace_x86_64_m32-linux/libjvm.so
f0740000-f0741000 r--p 00016000 103:03 98456345                          /home/wks/projects/mmtk-github/parallels/feature/fork/jikesrvm/dist/RBaseBaseSemiSpace_x86_64_m32-linux/libjvm.so
f0741000-f0742000 rw-p 00017000 103:03 98456345                          /home/wks/projects/mmtk-github/parallels/feature/fork/jikesrvm/dist/RBaseBaseSemiSpace_x86_64_m32-linux/libjvm.so
f0742000-f0744000 rw-p 00000000 00:00 0 
f0744000-f0748000 r--p 00000000 00:00 0                                  [vvar]
f0748000-f074a000 r-xp 00000000 00:00 0                                  [vdso]
f074a000-f074b000 r--p 00000000 103:02 1478123                           /usr/lib32/ld-linux.so.2
f074b000-f076e000 r-xp 00001000 103:02 1478123                           /usr/lib32/ld-linux.so.2
f076e000-f077c000 r--p 00024000 103:02 1478123                           /usr/lib32/ld-linux.so.2
f077c000-f077e000 r--p 00031000 103:02 1478123                           /usr/lib32/ld-linux.so.2
f077e000-f077f000 rw-p 00033000 103:02 1478123                           /usr/lib32/ld-linux.so.2
ffbc8000-ffbea000 rw-p 00000000 00:00 0                                  [stack]
@wks wks mentioned this issue Mar 19, 2024
Merged
wks added a commit that referenced this issue Mar 20, 2024
@wks
CI: Run tests without ASLR (#162)
f449754 
The boot images are built with the assumption that they will be loaded
at a specific address. ASLR will cause some shared objects to be loaded
at the addresses of the boot images, and the boot images will overwrite
their sections, causing illegal instruction errors and other errors.
This problem is easy to reproduce locally, and manifests very frequently
when running on GitHub CI.

This PR modifies CI scripts to mitigate the problem. It adds `setarch
-R` before executing `rvm` to disable ASLR.

This PR is a workaround. The proper fix is take control over the loading
process and not let the system loader load shared objects in the address
range of the boot image.

Related issue: #158
@qinsoon qinsoon mentioned this issue Apr 17, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@wks