Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AddressSanitizer: stack-buffer-underflow in BlobStore::write #4054

Closed
JaySon-Huang opened this issue Feb 16, 2022 · 1 comment · Fixed by #4064
Closed

AddressSanitizer: stack-buffer-underflow in BlobStore::write #4054

JaySon-Huang opened this issue Feb 16, 2022 · 1 comment · Fixed by #4064
Assignees
@jiaqizho
Labels
type/bug The issue is confirmed as a bug.

Comments

@JaySon-Huang
Copy link
Contributor

JaySon-Huang commented Feb 16, 2022
edited
Loading

Bug Report

Please answer these questions before submitting your issue. Thanks!

1. Minimal reproduce step (Required)

# Only available under Linux
> cat ../tests/sanitize/asan.suppression
leak:fiu_enable

> cmake -DCMAKE_BUILD_TYPE=ASan -DENABLE_TESTS=ON -GNinja ..
> ninja -j16 gtests_dbms && LSAN_OPTIONS=suppressions=../tests/sanitize/asan.suppression ./dbms/gtests_dbms --gtest_filter='*PageDirectoryTest*:*PageDirectoryGCTest*:*VersionedEntriesTest*:*LogFileRWTest*:*WALSeriTest*:*WALStoreTest*:*WALLognameTest*:*WALLognameSetTest*:*PageStorageWith2PagesTest*:*PageStorageTest*:*SpaceMapTest*:*BlobStoreTest*:*BlobStoreStatsTest*'

2. What did you expect to see? (Required)

3. What did you see instead (Required)

[ RUN      ] BlobStoreTest.testBlobStoreGcStats
[2022/02/16 17:46:59.778 +08:00] [DEBUG] [BlobStore.cpp:769] ["BlobStore:Created a new BlobStat [blob_id=1]"] [thread_id=1]
=================================================================
==119854==ERROR: AddressSanitizer: stack-buffer-underflow on address 0x7fff87638880 at pc 0x000005806bb7 bp 0x7fff87638870 sp 0x7fff87638038
READ of size 1024 at 0x7fff87638880 thread T0
    #0 0x5806bb6 in __asan_memcpy /root/llvm-project/compiler-rt/lib/asan/asan_interceptors_memintrinsics.cpp:22:3
    #1 0x5976515 in DB::ReadBuffer::read(char*, unsigned long) /DATA/disk1/jaysonhuang/tics/dbms/src/IO/ReadBuffer.h:135:13
    #2 0x5976515 in DB::ReadBuffer::readStrict(char*, unsigned long) /DATA/disk1/jaysonhuang/tics/dbms/src/IO/ReadBuffer.h:146:18
    #3 0xc73d710 in DB::PS::V3::BlobStore::write(DB::WriteBatch&, std::__1::shared_ptr<DB::WriteLimiter> const&) /DATA/disk1/jaysonhuang/tics/dbms/src/Storages/Page/V3/BlobStore.cpp:118:32
    #4 0x8f3b78f in DB::PS::V3::tests::BlobStoreTest_testBlobStoreGcStats_Test::TestBody() /DATA/disk1/jaysonhuang/tics/dbms/src/Storages/Page/V3/tests/gtest_blob_store.cpp:707:28
    #5 0x191504f0 in void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2401:10
    #6 0x191504f0 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2437:14
    #7 0x19100a88 in testing::Test::Run() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2473:5
    #8 0x19103b97 in testing::TestInfo::Run() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2655:11
    #9 0x191050ff in testing::TestCase::Run() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2773:28
    #10 0x191202f8 in testing::internal::UnitTestImpl::RunAllTests() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:4673:43
    #11 0x19152520 in bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2401:10
    #12 0x19152520 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2437:14
    #13 0x1911ef1a in testing::UnitTest::Run() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:4281:10
    #14 0x93efc1a in RUN_ALL_TESTS() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/include/gtest/gtest.h:2237:46
    #15 0x93efc1a in main /DATA/disk1/jaysonhuang/tics/dbms/src/TestUtils/gtests_dbms_main.cpp:22:16
    #16 0x7f0a8439d554 in __libc_start_main (/lib64/libc.so.6+0x22554)
    #17 0x578b268 in _start (/DATA/disk1/jaysonhuang/tics/cmake-build-asan/dbms/gtests_dbms+0x578b268)

Address 0x7fff87638880 is located in stack of thread T0 at offset 0 in frame
    #0 0x59762df in DB::ReadBuffer::readStrict(char*, unsigned long) /DATA/disk1/jaysonhuang/tics/dbms/src/IO/ReadBuffer.h:145

  This frame has 1 object(s):
    [32, 56) 'ref.tmp' (line 147) <== Memory access at offset 0 partially underflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-underflow /root/llvm-project/compiler-rt/lib/asan/asan_interceptors_memintrinsics.cpp:22:3 in __asan_memcpy
Shadow bytes around the buggy address:
  0x100070ebf0c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100070ebf0d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100070ebf0e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100070ebf0f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100070ebf100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x100070ebf110:[f1]f1 f1 f1 f8 f8 f8 f3 f3 f3 f3 f3 00 00 00 00
  0x100070ebf120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100070ebf130: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 f8 f8 f8 f8
  0x100070ebf140: f8 f8 f2 f2 f2 f2 f8 f8 f8 f8 f2 f2 f2 f2 f8 f8
  0x100070ebf150: f2 f2 f8 f8 f2 f2 f8 f8 f2 f2 00 f2 f2 f2 f8 f8
  0x100070ebf160: f8 f2 f2 f2 f2 f2 f8 f8 f8 f8 f8 f8 f8 f8 f2 f2
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==119854==ABORTING

[ RUN      ] BlobStoreTest.testBlobStoreGcStats2
[2022/02/16 17:50:21.680 +08:00] [DEBUG] [BlobStore.cpp:769] ["BlobStore:Created a new BlobStat [blob_id=1]"] [thread_id=1]
=================================================================
==122799==ERROR: AddressSanitizer: stack-buffer-underflow on address 0x7ffc65888040 at pc 0x000005806bb7 bp 0x7ffc65888030 sp 0x7ffc658877f8
READ of size 1024 at 0x7ffc65888040 thread T0
    #0 0x5806bb6 in __asan_memcpy /root/llvm-project/compiler-rt/lib/asan/asan_interceptors_memintrinsics.cpp:22:3
    #1 0x5976515 in DB::ReadBuffer::read(char*, unsigned long) /DATA/disk1/jaysonhuang/tics/dbms/src/IO/ReadBuffer.h:135:13
    #2 0x5976515 in DB::ReadBuffer::readStrict(char*, unsigned long) /DATA/disk1/jaysonhuang/tics/dbms/src/IO/ReadBuffer.h:146:18
    #3 0xc73d710 in DB::PS::V3::BlobStore::write(DB::WriteBatch&, std::__1::shared_ptr<DB::WriteLimiter> const&) /DATA/disk1/jaysonhuang/tics/dbms/src/Storages/Page/V3/BlobStore.cpp:118:32
    #4 0x8f42223 in DB::PS::V3::tests::BlobStoreTest_testBlobStoreGcStats2_Test::TestBody() /DATA/disk1/jaysonhuang/tics/dbms/src/Storages/Page/V3/tests/gtest_blob_store.cpp:790:28
    #5 0x191504f0 in void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2401:10
    #6 0x191504f0 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2437:14
    #7 0x19100a88 in testing::Test::Run() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2473:5
    #8 0x19103b97 in testing::TestInfo::Run() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2655:11
    #9 0x191050ff in testing::TestCase::Run() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2773:28
    #10 0x191202f8 in testing::internal::UnitTestImpl::RunAllTests() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:4673:43
    #11 0x19152520 in bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2401:10
    #12 0x19152520 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2437:14
    #13 0x1911ef1a in testing::UnitTest::Run() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:4281:10
    #14 0x93efc1a in RUN_ALL_TESTS() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/include/gtest/gtest.h:2237:46
    #15 0x93efc1a in main /DATA/disk1/jaysonhuang/tics/dbms/src/TestUtils/gtests_dbms_main.cpp:22:16
    #16 0x7f2db8a32554 in __libc_start_main (/lib64/libc.so.6+0x22554)
    #17 0x578b268 in _start (/DATA/disk1/jaysonhuang/tics/cmake-build-asan/dbms/gtests_dbms+0x578b268)

Address 0x7ffc65888040 is located in stack of thread T0 at offset 0 in frame
    #0 0x59762df in DB::ReadBuffer::readStrict(char*, unsigned long) /DATA/disk1/jaysonhuang/tics/dbms/src/IO/ReadBuffer.h:145

  This frame has 1 object(s):
    [32, 56) 'ref.tmp' (line 147) <== Memory access at offset 0 partially underflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-underflow /root/llvm-project/compiler-rt/lib/asan/asan_interceptors_memintrinsics.cpp:22:3 in __asan_memcpy
Shadow bytes around the buggy address:
  0x10000cb08fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10000cb08fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10000cb08fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10000cb08fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10000cb08ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x10000cb09000: 00 00 00 00 00 00 00 00[f1]f1 f1 f1 f8 f8 f8 f3
  0x10000cb09010: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
  0x10000cb09020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10000cb09030: f1 f1 f1 f1 f8 f8 f8 f8 f8 f8 f2 f2 f2 f2 f8 f8
  0x10000cb09040: f8 f8 f2 f2 f2 f2 f8 f8 f2 f2 f8 f8 f2 f2 f8 f8
  0x10000cb09050: f2 f2 00 f2 f2 f2 f8 f8 f8 f2 f2 f2 f2 f2 f8 f8
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==122799==ABORTING

4. What is your TiFlash version? (Required)
@JaySon-Huang JaySon-Huang added the type/bug The issue is confirmed as a bug. label Feb 16, 2022
@JaySon-Huang
Copy link
Contributor Author 

[ RUN      ] PageStorageTest.MultipleWriteRead
[2022/02/16 17:51:28.297 +08:00] [INFO] [WALStore.cpp:124] ["WALStore:Creating log file for writing [fullname=/DATA/disk1/jaysonhuang/tics/cmake-build-asan/tmp/PageStorageTest.MultipleWriteRead/log_1_0]"] [thread_id=1]
[2022/02/16 17:51:28.298 +08:00] [DEBUG] [BlobStore.cpp:769] ["BlobStore:Created a new BlobStat [blob_id=1]"] [thread_id=1]
=================================================================
==124486==ERROR: AddressSanitizer: heap-use-after-free on address 0x7f292c287800 at pc 0x000005806bb7 bp 0x7ffda561c3b0 sp 0x7ffda561bb78
READ of size 2098933 at 0x7f292c287800 thread T0
    #0 0x5806bb6 in __asan_memcpy /root/llvm-project/compiler-rt/lib/asan/asan_interceptors_memintrinsics.cpp:22:3
    #1 0x5976515 in DB::ReadBuffer::read(char*, unsigned long) /DATA/disk1/jaysonhuang/tics/dbms/src/IO/ReadBuffer.h:135:13
    #2 0x5976515 in DB::ReadBuffer::readStrict(char*, unsigned long) /DATA/disk1/jaysonhuang/tics/dbms/src/IO/ReadBuffer.h:146:18
    #3 0xc73d710 in DB::PS::V3::BlobStore::write(DB::WriteBatch&, std::__1::shared_ptr<DB::WriteLimiter> const&) /DATA/disk1/jaysonhuang/tics/dbms/src/Storages/Page/V3/BlobStore.cpp:118:32
    #4 0xc78cada in DB::PS::V3::PageStorageImpl::write(DB::WriteBatch&&, std::__1::shared_ptr<DB::WriteLimiter> const&) /DATA/disk1/jaysonhuang/tics/dbms/src/Storages/Page/V3/PageStorageImpl.cpp:80:28
    #5 0x9039ec8 in DB::PS::V3::PageStorageImpl::write(DB::WriteBatch&&) /DATA/disk1/jaysonhuang/tics/dbms/src/Storages/Page/V3/PageStorageImpl.h:55:47
    #6 0x9039ec8 in DB::PS::V3::tests::PageStorageTest_MultipleWriteRead_Test::TestBody() /DATA/disk1/jaysonhuang/tics/dbms/src/Storages/Page/V3/tests/gtest_page_storage.cpp:203:23
    #7 0x191504f0 in void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2401:10
    #8 0x191504f0 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2437:14
    #9 0x19100a88 in testing::Test::Run() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2473:5
    #10 0x19103b97 in testing::TestInfo::Run() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2655:11
    #11 0x191050ff in testing::TestCase::Run() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2773:28
    #12 0x191202f8 in testing::internal::UnitTestImpl::RunAllTests() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:4673:43
    #13 0x19152520 in bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2401:10
    #14 0x19152520 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2437:14
    #15 0x1911ef1a in testing::UnitTest::Run() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:4281:10
    #16 0x93efc1a in RUN_ALL_TESTS() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/include/gtest/gtest.h:2237:46
    #17 0x93efc1a in main /DATA/disk1/jaysonhuang/tics/dbms/src/TestUtils/gtests_dbms_main.cpp:22:16
    #18 0x7f292dfbb554 in __libc_start_main (/lib64/libc.so.6+0x22554)
    #19 0x578b268 in _start (/DATA/disk1/jaysonhuang/tics/cmake-build-asan/dbms/gtests_dbms+0x578b268)

0x7f292c287800 is located 0 bytes inside of 2098933-byte region [0x7f292c287800,0x7f292c487ef5)
freed by thread T0 here:
    #0 0x5807592 in free /root/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:111:3
    #1 0x8eeeaf1 in std::__1::__function::__value_func<void (char*)>::operator()(char*&&) const /opt/tiflash-env/sysroot/bin/../include/c++/v1/__functional/function.h:498:16
    #2 0x8eeeaf1 in std::__1::function<void (char*)>::operator()(char*) const /opt/tiflash-env/sysroot/bin/../include/c++/v1/__functional/function.h:1175:12
    #3 0x8eeeaf1 in std::__1::__shared_ptr_pointer<char*, std::__1::function<void (char*)>, std::__1::allocator<char> >::__on_zero_shared() /opt/tiflash-env/sysroot/bin/../include/c++/v1/__memory/shared_ptr.h:267:5
    #4 0x90399a6 in std::__1::__shared_count::__release_shared() /opt/tiflash-env/sysroot/bin/../include/c++/v1/__memory/shared_ptr.h:177:9
    #5 0x90399a6 in std::__1::__shared_weak_count::__release_shared() /opt/tiflash-env/sysroot/bin/../include/c++/v1/__memory/shared_ptr.h:219:27
    #6 0x90399a6 in std::__1::shared_ptr<char>::~shared_ptr() /opt/tiflash-env/sysroot/bin/../include/c++/v1/__memory/shared_ptr.h:959:19
    #7 0x90399a6 in DB::PS::V3::tests::PageStorageTest_MultipleWriteRead_Test::TestBody()::$_0::operator()() const /DATA/disk1/jaysonhuang/tics/dbms/src/Storages/Page/V3/tests/gtest_page_storage.cpp:197:13
    #8 0x90399a6 in DB::PS::V3::tests::PageStorageTest_MultipleWriteRead_Test::TestBody() /DATA/disk1/jaysonhuang/tics/dbms/src/Storages/Page/V3/tests/gtest_page_storage.cpp:183:21
    #9 0x191504f0 in void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2401:10
    #10 0x191504f0 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2437:14
    #11 0x19100a88 in testing::Test::Run() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2473:5
    #12 0x19103b97 in testing::TestInfo::Run() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2655:11
    #13 0x191050ff in testing::TestCase::Run() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2773:28
    #14 0x191202f8 in testing::internal::UnitTestImpl::RunAllTests() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:4673:43
    #15 0x19152520 in bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2401:10
    #16 0x19152520 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2437:14
    #17 0x1911ef1a in testing::UnitTest::Run() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:4281:10
    #18 0x93efc1a in RUN_ALL_TESTS() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/include/gtest/gtest.h:2237:46
    #19 0x93efc1a in main /DATA/disk1/jaysonhuang/tics/dbms/src/TestUtils/gtests_dbms_main.cpp:22:16
    #20 0x7f292dfbb554 in __libc_start_main (/lib64/libc.so.6+0x22554)

previously allocated by thread T0 here:
    #0 0x58077fd in malloc /root/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:129:3
    #1 0x90397bf in DB::PS::V3::tests::PageStorageTest_MultipleWriteRead_Test::TestBody()::$_0::operator()() const /DATA/disk1/jaysonhuang/tics/dbms/src/Storages/Page/V3/tests/gtest_page_storage.cpp:189:47
    #2 0x90397bf in DB::PS::V3::tests::PageStorageTest_MultipleWriteRead_Test::TestBody() /DATA/disk1/jaysonhuang/tics/dbms/src/Storages/Page/V3/tests/gtest_page_storage.cpp:183:21
    #3 0x191504f0 in void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2401:10
    #4 0x191504f0 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2437:14
    #5 0x19100a88 in testing::Test::Run() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2473:5
    #6 0x19103b97 in testing::TestInfo::Run() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2655:11
    #7 0x191050ff in testing::TestCase::Run() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2773:28
    #8 0x191202f8 in testing::internal::UnitTestImpl::RunAllTests() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:4673:43
    #9 0x19152520 in bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2401:10
    #10 0x19152520 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2437:14
    #11 0x1911ef1a in testing::UnitTest::Run() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:4281:10
    #12 0x93efc1a in RUN_ALL_TESTS() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/include/gtest/gtest.h:2237:46
    #13 0x93efc1a in main /DATA/disk1/jaysonhuang/tics/dbms/src/TestUtils/gtests_dbms_main.cpp:22:16
    #14 0x7f292dfbb554 in __libc_start_main (/lib64/libc.so.6+0x22554)

SUMMARY: AddressSanitizer: heap-use-after-free /root/llvm-project/compiler-rt/lib/asan/asan_interceptors_memintrinsics.cpp:22:3 in __asan_memcpy
Shadow bytes around the buggy address:
  0x0fe5a5848eb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0fe5a5848ec0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0fe5a5848ed0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0fe5a5848ee0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0fe5a5848ef0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0fe5a5848f00:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0fe5a5848f10: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0fe5a5848f20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0fe5a5848f30: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0fe5a5848f40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0fe5a5848f50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==124486==ABORTING

This was referenced Feb 16, 2022
Closed
Closed
@jiaqizho jiaqizho mentioned this issue Feb 17, 2022
Merged
12 tasks
@JaySon-Huang JaySon-Huang mentioned this issue Feb 18, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jiaqizho jiaqizho

Labels
type/bug The issue is confirmed as a bug.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix some memory problem in blob ut.
2 participants
@JaySon-Huang @jiaqizho