Skip to content

mpi4py: osc/ucx dynamic window heap-buffer-overflow #13561

New issue
New issue
Open
Bug
Open
mpi4py: osc/ucx dynamic window heap-buffer-overflow#13561
Bug
Assignees
janjust
Labels
Target: mainbug
@devreal

Description

@devreal
devreal
opened on Dec 9, 2025

Running mpi4py's test suite with current Open MPI main under address sanitizer I get this heap-buffer-overflow in osc/ucx:

testAttachDetach (test_win.TestWinCreateDynamicSelf.testAttachDetach) ... =================================================================
==1565753==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x62f00085e260 at pc 0x7fffeaa006f3 bp 0x7fffffff5820 sp 0x7fffffff5818
READ of size 8 at 0x62f00085e260 thread T0
    #0 0x7fffeaa006f2 in ompi_osc_find_attached_region_position ../../../../../ompi/mca/osc/ucx/osc_ucx_component.c:1022
    #1 0x7fffeaa007c9 in ompi_osc_find_attached_region_position ../../../../../ompi/mca/osc/ucx/osc_ucx_component.c:1032
    #2 0x7fffeaa014b0 in ompi_osc_ucx_win_attach ../../../../../ompi/mca/osc/ucx/osc_ucx_component.c:1112
    #3 0x7fffea53c98b in PMPI_Win_attach /gpfs/projects/SchuchartGroup/src/openmpi/ompi/build/ompi/mpi/c/win_attach_generated.c:61
[...]

0x62f00085e260 is located 416 bytes before 56152-byte region [0x62f00085e400,0x62f00086bf58)
allocated by thread T0 here:
    #0 0x7ffff77fdf97 in __interceptor_calloc ../../../../libsanitizer/asan/asan_malloc_linux.cpp:77
    #1 0x7fffea9fd03f in component_select ../../../../../ompi/mca/osc/ucx/osc_ucx_component.c:647
    #2 0x7fffea9db5c3 in ompi_osc_base_select ../../../../ompi/mca/osc/base/osc_base_init.c:87
    #3 0x7fffea38fa87 in ompi_win_create_dynamic ../../ompi/win/win.c:359
    #4 0x7fffea53e508 in PMPI_Win_create_dynamic /gpfs/projects/SchuchartGroup/src/openmpi/ompi/build/ompi/mpi/c/win_create_dynamic_generated.c:75
    #5 0x7fffeb060808 in __pyx_pf_6mpi4py_3MPI_3Win_24Create_dynamic src/mpi4py/MPI.c:216700
    #6 0x7fffeb060808 in __pyx_pw_6mpi4py_3MPI_3Win_25Create_dynamic src/mpi4py/MPI.c:216633

Looks like the something gets messed up in the dynamic window.

Metadata

Metadata

Assignees

Labels

Target: mainbug

Type

Bug

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions