Opened 3 years ago

Closed 3 years ago

#20237 closed defect (invalid)

Hardened browser gets ASan failure after upgrading to Linux 4.7.4

Reported by: cypherpunks Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

The hardened Tor browser 6.5a3 stopped working after I upgraded my Debian system to kernel version "4.7.0-1-amd64 #1 SMP Debian 4.7.4-2 (2016-09-19) x86_64 GNU/Linux" (from 4.6.4-1). I get the following:

==6701==Parsed ASAN_OPTIONS: detect_leaks=0:verbosity=999
==6701==AddressSanitizer: failed to intercept '__isoc99_printf'
==6701==AddressSanitizer: failed to intercept '__isoc99_sprintf'
==6701==AddressSanitizer: failed to intercept '__isoc99_snprintf'
==6701==AddressSanitizer: failed to intercept '__isoc99_fprintf'
==6701==AddressSanitizer: failed to intercept '__isoc99_vprintf'
==6701==AddressSanitizer: failed to intercept '__isoc99_vsprintf'
==6701==AddressSanitizer: failed to intercept '__isoc99_vsnprintf'
==6701==AddressSanitizer: failed to intercept '__isoc99_vfprintf'
==6701==AddressSanitizer: libc interceptors initialized
|| `[0x10007fff8000, 0x7fffffffffff]` || HighMem    ||
|| `[0x02008fff7000, 0x10007fff7fff]` || HighShadow ||
|| `[0x00008fff7000, 0x02008fff6fff]` || ShadowGap  ||
|| `[0x00007fff8000, 0x00008fff6fff]` || LowShadow  ||
|| `[0x000000000000, 0x00007fff7fff]` || LowMem     ||
MemToShadow(shadow): 0x00008fff7000 0x000091ff6dff 0x004091ff6e00 0x02008fff6fff
redzone=16
max_redzone=2048
quarantine_size=256M
malloc_context_size=30
SHADOW_SCALE: 3
SHADOW_GRANULARITY: 8
SHADOW_OFFSET: 7fff8000
==6701==ERROR: AddressSanitizer failed to allocate 0xdfff0001000 (15392894357504) bytes at address 2008fff7000 (errno: 12)
==6701==ReserveShadowMemoryRange failed while trying to map 0xdfff0001000 bytes. Perhaps you're using ulimit -v

I have "ulimit -v" set to unlimited, "ulimit -d" to 8G, "ulimit -s" to 8M, "ulimit -m" to 1.5G. Browser 6.5a2-hardened fails the same way.

Child Tickets

Change History (2)

comment:1 Changed 3 years ago by cypherpunks

"ulimit -d unlimited" fixes the problem. The other limits are still set.

comment:2 Changed 3 years ago by cypherpunks

Resolution: invalid
Status: newclosed

Linux has been letting people set RLIMIT_DATA forever... but didn't really implement it until May 2016‽‽‽:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f4fcd55841fc9e46daac553b39361572453c2b88

I'll close this.

Note: See TracTickets for help on using tickets.