Skip to content

[LSAN] macOS: Leak sanitizer crashes when using with AppKit #117476

New issue
New issue
Open
Open
[LSAN] macOS: Leak sanitizer crashes when using with AppKit#117476
Labels
compiler-rt:lsanLeak sanitizer
@madsmtm

Description

@madsmtm
madsmtm
opened on Nov 24, 2024

Building and running the following program under LeakSanitizer on macOS crashes with "bad pointer" on both Aarch64 and x86_64 Rosetta.

// foo.m #import <AppKit/AppKit.h> int main() { [NSApplication sharedApplication]; return 0; }

I tested this in a virtual machine as well, this problem is present in at least macOS 13.7.1, macOS 14.7.1 and macOS 15.1.1.

Full backtrace on macOS 15.1.1 (build 24B91) 

$ echo """ #import <AppKit/AppKit.h> int main() {  [NSApplication sharedApplication];  return 0; } """ > foo.m $ /opt/homebrew/opt/llvm/bin/clang -framework AppKit -fsanitize=leak foo.m $ lldb ./a.out (lldb) target create "./a.out" Current executable set to './a.out' (arm64). (lldb) r Process 3758 launched: './a.out' (arm64) a.out(3758,0x1f37a7840) malloc: nano zone abandoned due to inability to reserve vm space. LeakSanitizer: bad pointer 0x9ce7e5f09a407d7c LeakSanitizer: CHECK failed: sanitizer_allocator_secondary.h:177 "((IsAligned(reinterpret_cast<uptr>(p), page_size_))) != (0)" (0x0, 0x0) (tid=19136) Process 3758 stopped * thread #1, queue = 'com.apple.main-thread', stop reason = signal SIGABRT  frame #0: 0x000000018e65a600 libsystem_kernel.dylib`__pthread_kill + 8 libsystem_kernel.dylib`__pthread_kill: -> 0x18e65a600 <+8>: b.lo 0x18e65a620 ; <+40>  0x18e65a604 <+12>: pacibsp   0x18e65a608 <+16>: stp x29, x30, [sp, #-0x10]!  0x18e65a60c <+20>: mov x29, sp Target 0: (a.out) stopped. (lldb) bt * thread #1, queue = 'com.apple.main-thread', stop reason = signal SIGABRT  * frame #0: 0x000000018e65a600 libsystem_kernel.dylib`__pthread_kill + 8  frame #1: 0x000000018e692f70 libsystem_pthread.dylib`pthread_kill + 288  frame #2: 0x000000018e59f908 libsystem_c.dylib`abort + 128  frame #3: 0x0000000100199a0c libclang_rt.lsan_osx_dynamic.dylib`__sanitizer::Abort() + 80  frame #4: 0x000000010019904c libclang_rt.lsan_osx_dynamic.dylib`__sanitizer::Die() + 104  frame #5: 0x0000000100199160 libclang_rt.lsan_osx_dynamic.dylib`__sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) + 152  frame #6: 0x00000001001a7e10 libclang_rt.lsan_osx_dynamic.dylib`__sanitizer::CombinedAllocator<__sanitizer::SizeClassAllocator64<__lsan::AP64<__sanitizer::LocalAddressSpaceView>>, __sanitizer::LargeMmapAllocatorPtrArrayDynamic>::GetMetaData(void const*) + 348  frame #7: 0x00000001001a7298 libclang_rt.lsan_osx_dynamic.dylib`__lsan::lsan_mz_size(void const*) + 28  frame #8: 0x000000018e4a29c8 libsystem_malloc.dylib`malloc_size + 124  frame #9: 0x000000018e81d734 CoreFoundation`____CFBinaryPlistCreateObjectFiltered_block_invoke + 192  frame #10: 0x000000018e730820 CoreFoundation`__CFBinaryPlistCreateObjectFiltered + 996  frame #11: 0x000000018e81e020 CoreFoundation`__CFPropertyListCreateFilteredDictionary + 1896  frame #12: 0x000000018e73183c CoreFoundation`__CFBinaryPlistCreateObjectFiltered + 5120  frame #13: 0x000000018e7b7f0c CoreFoundation`_CFPropertyListCreateFiltered + 268  frame #14: 0x000000018e8b4eec CoreFoundation`__CFBundleCreateStringsFromPlistData + 116  frame #15: 0x000000018e8b4ba4 CoreFoundation`_loadStringsFromData + 348  frame #16: 0x000000018e8b43ac CoreFoundation`_loadStringsInOrder + 176  frame #17: 0x000000018e8b28c0 CoreFoundation`_copyStringTable + 848  frame #18: 0x000000018e8b20f0 CoreFoundation`_CFBundleCopyLocalizedStringForLocalizationTableURLAndMarkdownOption + 204  frame #19: 0x000000018e761718 CoreFoundation`_CFCopyLocalizedVersionKey + 196  frame #20: 0x000000018e761420 CoreFoundation`_CFCopyVersionDictionary + 196  frame #21: 0x000000018e76133c CoreFoundation`___CFCopySystemVersionDictionary_block_invoke + 48  frame #22: 0x000000018e4e0658 libdispatch.dylib`_dispatch_client_callout + 20  frame #23: 0x000000018e4e1ea0 libdispatch.dylib`_dispatch_once_callout + 32  frame #24: 0x000000018e761308 CoreFoundation`_CFCopySystemVersionDictionary + 92  frame #25: 0x0000000194173fc0 libMobileGestalt.dylib`___lldb_unnamed_symbol1339 + 52  frame #26: 0x000000019417f2e0 libMobileGestalt.dylib`___lldb_unnamed_symbol1784 + 28  frame #27: 0x000000019418a394 libMobileGestalt.dylib`___lldb_unnamed_symbol2288 + 20  frame #28: 0x00000001941777a0 libMobileGestalt.dylib`___lldb_unnamed_symbol1405 + 516  frame #29: 0x000000019417376c libMobileGestalt.dylib`MGGetBoolAnswer + 36  frame #30: 0x0000000194198360 libMobileGestalt.dylib`___lldb_unnamed_symbol2587 + 64  frame #31: 0x0000000194190190 libMobileGestalt.dylib`___lldb_unnamed_symbol2472 + 120  frame #32: 0x0000000194182b88 libMobileGestalt.dylib`___lldb_unnamed_symbol1943 + 128  frame #33: 0x00000001941776a0 libMobileGestalt.dylib`___lldb_unnamed_symbol1405 + 260  frame #34: 0x000000019297c86c AppKit`__NSUserAccentColorGetHardwareAccentColorName_block_invoke + 196  frame #35: 0x000000018e4e0658 libdispatch.dylib`_dispatch_client_callout + 20  frame #36: 0x000000018e4e1ea0 libdispatch.dylib`_dispatch_once_callout + 32  frame #37: 0x000000019297c9dc AppKit`__NSUserAccentHasHardwareColor_block_invoke + 96  frame #38: 0x000000018e4e0658 libdispatch.dylib`_dispatch_client_callout + 20  frame #39: 0x000000018e4e1ea0 libdispatch.dylib`_dispatch_once_callout + 32  frame #40: 0x000000019227330c AppKit`NSColorGetUserAccentColor + 364  frame #41: 0x0000000192293044 AppKit`+[NSAppearance _aquaAppearance] + 64  frame #42: 0x0000000192271cd0 AppKit`+[NSAppearance appearanceNamed:] + 32  frame #43: 0x0000000192271324 AppKit`-[NSSystemAppearanceProxy init] + 124  frame #44: 0x0000000192271298 AppKit`__38+[NSSystemAppearanceProxy systemProxy]_block_invoke + 24  frame #45: 0x000000018e4e0658 libdispatch.dylib`_dispatch_client_callout + 20  frame #46: 0x000000018e4e1ea0 libdispatch.dylib`_dispatch_once_callout + 32  frame #47: 0x000000019227127c AppKit`+[NSSystemAppearanceProxy systemProxy] + 64  frame #48: 0x0000000192271208 AppKit`-[NSApplication(NSApplicationAppearance_Internal) _registerForAppearanceNotifications] + 32  frame #49: 0x000000019226ee24 AppKit`-[NSApplication init] + 908  frame #50: 0x000000019226e8cc AppKit`+[NSApplication sharedApplication] + 128  frame #51: 0x0000000100003f84 a.out`main + 52  frame #52: 0x000000018e310274 dyld`start + 2840

The crash seems to be in:

llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_allocator_secondary.h

Lines 175 to 178 in c4d656a

if (!IsAligned(reinterpret_cast<uptr>(p), page_size_)) {
Printf("%s: bad pointer %p\n", SanitizerToolName, p);
CHECK(IsAligned(reinterpret_cast<uptr>(p), page_size_));
}

Clang version: (I'm using the Clang from Homebrew here, because Apple's bundled Clang does not have LeakSanitizer enabled. The problem also reproduces with the Clang from Nixpkgs, and with rustc)

Homebrew clang version 19.1.4 Target: arm64-apple-darwin24.1.0 Thread model: posix InstalledDir: /opt/homebrew/Cellar/llvm/19.1.4/bin Configuration file: /opt/homebrew/etc/clang/arm64-apple-darwin24.cfg

Let me know if there's anything else I can do to resolve this!

Metadata

Metadata

Assignees

No one assigned

    Labels

    compiler-rt:lsanLeak sanitizer

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions