Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ASAN does not work with FoundationDB #10813

Open
xis19 opened this issue Aug 23, 2023 · 0 comments
Open

ASAN does not work with FoundationDB #10813

xis19 opened this issue Aug 23, 2023 · 0 comments

Comments

@xis19
Copy link
Collaborator

xis19 commented Aug 23, 2023

Currently if ASAN flag is enabled (USE_ASAN), fdbserver would crash with the following steps:

  1. Start a fdbserver process (not simulation)
  2. Start a fdbcli and attach to the cluster
  3. Create a new database configure new single ssd

The error looks like

==19356==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==19356==WARNING: ASan is ignoring requested __asan_handle_no_return: stack type: default top: 0x7ffd481f1000; bottom 0x7f11bbe87000; size: 0x00eb8c36a000 (1011669704704)
False positive error reports may follow
For details see https://github.com/google/sanitizers/issues/189
=================================================================
==19356==ERROR: AddressSanitizer: stack-use-after-return on address 0x7f11bc597a60 at pc 0x000003129cd7 bp 0x7f11b4e72110 sp 0x7f11b4e718e0
READ of size 24 at 0x7f11bc597a60 thread T0
    #0 0x3129cd6 in __asan_memcpy /tmp/llvm-project/compiler-rt/lib/asan/asan_interceptors_memintrinsics.cpp:22:3
    #1 0xf1db10b in yy_reduce /root/src/contrib/sqlite/sqlite3.amalgamation.c
    #2 0xf1d4d57 in sqlite3Parser /root/src/contrib/sqlite/sqlite3.amalgamation.c:90481:7
    #3 0xf11cd0f in sqlite3RunParser /root/src/contrib/sqlite/sqlite3.amalgamation.c:91319:7
    #4 0xf215676 in sqlite3Prepare /root/src/contrib/sqlite/sqlite3.amalgamation.c:74207:5
    #5 0xf194f6f in sqlite3LockAndPrepare /root/src/contrib/sqlite/sqlite3.amalgamation.c:74302:8
    #6 0xf19504b in sqlite3_prepare_v2 /root/src/contrib/sqlite/sqlite3.amalgamation.c:74377:8
    #7 0x63c95fa in Statement /root/src/fdbserver/KeyValueStoreSQLite.actor.cpp:414:28
    #8 0x63c95fa in SQLiteDB::open(bool) /root/src/fdbserver/KeyValueStoreSQLite.actor.cpp:1537:12
    #9 0xca3aa3b in WorkPool<Coroutine, ThreadUnsafeSpinLock, true>::Worker::run() /root/src/fdbserver/coroimpl/CoroFlowCoro.actor.cpp:135:16
    #10 0xca3d198 in wrapRun /root/src/fdbserver/coroimpl/CoroFlowCoro.actor.cpp:85:3
    #11 0xca3d198 in Coroutine::entry(void*) /root/src/fdbserver/coroimpl/CoroFlowCoro.actor.cpp:90:56
    #12 0xf8d747d in Coro_StartWithArg /root/src/fdbrpc/libcoroutine/Coro.c:248:2
    #13 0x7f11be5dd18f  (/lib64/libc.so.6+0x4818f) (BuildId: 9470e279388f7f9cb2ed3b2872d0c2095b191ff4)

Address 0x7f11bc597a60 is located in stack of thread T0 at offset 96 in frame
    #0 0xf0e62bf in sqlite3ExprCodeTarget /root/src/contrib/sqlite/sqlite3.amalgamation.c:57656

  This frame has 5 object(s):
    [32, 64) 'w.i.i' (line 56549)
    [96, 100) 'regFree1' (line 57660) <== Memory access at offset 96 partially overflows this variable
    [112, 116) 'regFree2' (line 57661) <== Memory access at offset 96 partially underflows this variable
    [128, 216) 'opCompare' (line 58162)
    [256, 344) 'cacheX' (line 58163)
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-return /tmp/llvm-project/compiler-rt/lib/asan/asan_interceptors_memintrinsics.cpp:22:3 in __asan_memcpy
Shadow bytes around the buggy address:
  0x0fe2b78aaef0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
  0x0fe2b78aaf00: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
  0x0fe2b78aaf10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
  0x0fe2b78aaf20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
  0x0fe2b78aaf30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
=>0x0fe2b78aaf40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5[f5]f5 f5 f5
  0x0fe2b78aaf50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
  0x0fe2b78aaf60: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
  0x0fe2b78aaf70: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
  0x0fe2b78aaf80: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
  0x0fe2b78aaf90: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==19356==ABORTING

This is tested using clang compiler in the docker development environment.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@xis19