Memory Sanitizer crashes after it calls mmap

Hi there,

I’m trying to use the memory sanitizer of LLVM 3.3. It’s crashing during MSan initialization (__msan::InitShadow). Here’s the strace output.

mmap(0x400000000000, 35184372088831, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0x400000000000
— SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x55edf4b36720} —
+++ killed by SIGSEGV (core dumped) +++

Because of the -fsanitize=memory option, clang maps all segments in the 0x5555555??? range which is zero’ed out by this mmap. According to the Memory Sanitizer paper, the application is expected between 0x600000000000 and 0x7fffffffffff. Why aren’t the application segments mapped there?

Can anyone shed some light on this?

I would like to stick with 3.3 if that’s possible.

Thanks alot,

If your application is mapped at 0x55555…, then that means you are running a PIE binary with ASLR disabled. This can happen if you’re running under gdb, which disables ASLR. This particular choice of address space layout conflicted with MSan’s shadow memory.

This problem has been addressed in more recent versions of LLVM:

Thanks for your response.

I resolved my issue by backporting the changes in 24975 to 3.3. Needed to
update the MSan allocator base addres and to rewrite some macros and
InitShadow() in compiler-rt as well as a few simple changes to the
MemorySanitizer llvm pass.