Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dsn_replica_dup_test failed for ASAN due to heap-use-after-free error #2089

Closed
empiredan opened this issue Aug 3, 2024 · 1 comment
Closed

dsn_replica_dup_test failed for ASAN due to heap-use-after-free error #2089

empiredan opened this issue Aug 3, 2024 · 1 comment
Labels
component/duplication cluster duplication type/bug This issue reports a bug. unit-test

Comments

@empiredan
Copy link
Contributor

Firstly build Pegasus for ASAN by following command:

./run.sh build --test -t debug -v -j $(nproc) --sanitizer address --disable_gperf

Then, execute dsn_replica_dup_test by following command:

./run.sh test -m dsn_replica_dup_test

Error occurred as the following logs:

[ RUN      ] mutation_batch_test.add_mutation_if_valid/0
=================================================================
==39111==ERROR: AddressSanitizer: heap-use-after-free on address 0x6030010b2300 at pc 0x7faecab78397 bp 0x7faeaa68a410 sp 0x7faeaa689bb8
READ of size 5 at 0x6030010b2300 thread T37 (replica.default)
    #0 0x7faecab78396 in __interceptor_memcpy ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:827
    #1 0x7faec7bdad29 in dsn::blob::create_from_bytes(char const*, unsigned long) /root/apache/pegasus/src/utils/blob.h:75
    #2 0x7faec7bc638e in dsn::replication::mutation_batch::add_mutation_if_valid(dsn::ref_ptr<dsn::replication::mutation>&, long) /root/apache/pegasus/src/replica/duplication/mutation_batch.cpp:202
    #3 0x557ccb1be340 in dsn::replication::mutation_batch_test_add_mutation_if_valid_Test::TestBody() /root/apache/pegasus/src/replica/duplication/test/mutation_batch_test.cpp:136
    #4 0x557ccb2d7dd6 in void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) (/root/apache/pegasus/build/debug/src/replica/duplication/test/dsn_replica_dup_test+0x486dd6)
    #5 0x557ccb2d07a0 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) (/root/apache/pegasus/build/debug/src/replica/duplication/test/dsn_replica_dup_test+0x47f7a0)
    #6 0x557ccb2aae31 in testing::Test::Run() (/root/apache/pegasus/build/debug/src/replica/duplication/test/dsn_replica_dup_test+0x459e31)
    #7 0x557ccb2ab94c in testing::TestInfo::Run() (/root/apache/pegasus/build/debug/src/replica/duplication/test/dsn_replica_dup_test+0x45a94c)
    #8 0x557ccb2ac352 in testing::TestSuite::Run() (/root/apache/pegasus/build/debug/src/replica/duplication/test/dsn_replica_dup_test+0x45b352)
    #9 0x557ccb2bc879 in testing::internal::UnitTestImpl::RunAllTests() (/root/apache/pegasus/build/debug/src/replica/duplication/test/dsn_replica_dup_test+0x46b879)
    #10 0x557ccb2d8f19 in bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) (/root/apache/pegasus/build/debug/src/replica/duplication/test/dsn_replica_dup_test+0x487f19)
    #11 0x557ccb2d1ac6 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) (/root/apache/pegasus/build/debug/src/replica/duplication/test/dsn_replica_dup_test+0x480ac6)
    #12 0x557ccb2bae7a in testing::UnitTest::Run() (/root/apache/pegasus/build/debug/src/replica/duplication/test/dsn_replica_dup_test+0x469e7a)
    #13 0x557ccb1b411b in RUN_ALL_TESTS() /root/apache/pegasus/thirdparty/output/include/gtest/gtest.h:2317
    #14 0x557ccb1b4c90 in gtest_app::start(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) /root/apache/pegasus/src/replica/duplication/test/main.cpp:39
    #15 0x7faec8372559 in dsn::service_node::start_app() /root/apache/pegasus/src/runtime/service_engine.cpp:87
    #16 0x7faec83ab598 in dsn::service_control_task::exec() /root/apache/pegasus/src/runtime/tool_api.cpp:66
    #17 0x7faec84ddcba in dsn::task::exec_internal() /root/apache/pegasus/src/runtime/task/task.cpp:173
    #18 0x7faec85837ab in dsn::task_worker::loop() /root/apache/pegasus/src/runtime/task/task_worker.cpp:245
    #19 0x7faec8583309 in dsn::task_worker::run_internal() /root/apache/pegasus/src/runtime/task/task_worker.cpp:225
    #20 0x7faec858e76f in void std::__invoke_impl<void, void (dsn::task_worker::*&)(), dsn::task_worker*&>(std::__invoke_memfun_deref, void (dsn::task_worker::*&)(), dsn::task_worker*&) /usr/include/c++/11/bits/invoke.h:74
    #21 0x7faec858e5ea in std::__invoke_result<void (dsn::task_worker::*&)(), dsn::task_worker*&>::type std::__invoke<void (dsn::task_worker::*&)(), dsn::task_worker*&>(void (dsn::task_worker::*&)(), dsn::task_worker*&) /usr/include/c++/11/bits/invoke.h:96
    #22 0x7faec858e516 in void std::_Bind<void (dsn::task_worker::*(dsn::task_worker*))()>::__call<void, , 0ul>(std::tuple<>&&, std::_Index_tuple<0ul>) /usr/include/c++/11/functional:420
    #23 0x7faec858e3d5 in void std::_Bind<void (dsn::task_worker::*(dsn::task_worker*))()>::operator()<, void>() /usr/include/c++/11/functional:503
    #24 0x7faec858e307 in void std::__invoke_impl<void, std::_Bind<void (dsn::task_worker::*(dsn::task_worker*))()>>(std::__invoke_other, std::_Bind<void (dsn::task_worker::*(dsn::task_worker*))()>&&) /usr/include/c++/11/bits/invoke.h:61
    #25 0x7faec858e2c2 in std::__invoke_result<std::_Bind<void (dsn::task_worker::*(dsn::task_worker*))()>>::type std::__invoke<std::_Bind<void (dsn::task_worker::*(dsn::task_worker*))()>>(std::_Bind<void (dsn::task_worker::*(dsn::task_worker*))()>&&) /usr/include/c++/11/bits/invoke.h:96
    #26 0x7faec858e263 in void std::thread::_Invoker<std::tuple<std::_Bind<void (dsn::task_worker::*(dsn::task_worker*))()> > >::_M_invoke<0ul>(std::_Index_tuple<0ul>) /usr/include/c++/11/bits/std_thread.h:259
    #27 0x7faec858e233 in std::thread::_Invoker<std::tuple<std::_Bind<void (dsn::task_worker::*(dsn::task_worker*))()> > >::operator()() /usr/include/c++/11/bits/std_thread.h:266
    #28 0x7faec858e213 in std::thread::_State_impl<std::thread::_Invoker<std::tuple<std::_Bind<void (dsn::task_worker::*(dsn::task_worker*))()> > > >::_M_run() /usr/include/c++/11/bits/std_thread.h:211
    #29 0x7faec0cd7252  (/lib/x86_64-linux-gnu/libstdc++.so.6+0xdc252)
    #30 0x7faec095fac2  (/lib/x86_64-linux-gnu/libc.so.6+0x94ac2)
    #31 0x7faec09f0a03 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x125a03)

0x6030010b2300 is located 16 bytes inside of 32-byte region [0x6030010b22f0,0x6030010b2310)
freed by thread T37 (replica.default) here:
    #0 0x7faecabf524f in operator delete(void*, unsigned long) ../../../../src/libsanitizer/asan/asan_new_delete.cpp:172
    #1 0x557ccb08d7dc in dsn::blob::create_from_bytes(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&&)::{lambda(char*)#1}::operator()(char*) const (/root/apache/pegasus/build/debug/src/replica/duplication/test/dsn_replica_dup_test+0x23c7dc)
    #2 0x557ccb0eac8a in std::_Sp_counted_deleter<char*, dsn::blob::create_from_bytes(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&&)::{lambda(char*)#1}, std::allocator<void>, (__gnu_cxx::_Lock_policy)2>::_M_dispose() /usr/include/c++/11/bits/shared_ptr_base.h:442
    #3 0x557ccb0a5e7e in std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release() /usr/include/c++/11/bits/shared_ptr_base.h:168
    #4 0x557ccb09da45 in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::~__shared_count() /usr/include/c++/11/bits/shared_ptr_base.h:705
    #5 0x557ccb08d649 in std::__shared_ptr<char, (__gnu_cxx::_Lock_policy)2>::~__shared_ptr() (/root/apache/pegasus/build/debug/src/replica/duplication/test/dsn_replica_dup_test+0x23c649)
    #6 0x557ccb08d669 in std::shared_ptr<char>::~shared_ptr() (/root/apache/pegasus/build/debug/src/replica/duplication/test/dsn_replica_dup_test+0x23c669)
    #7 0x557ccb08d781 in dsn::blob::~blob() (/root/apache/pegasus/build/debug/src/replica/duplication/test/dsn_replica_dup_test+0x23c781)
    #8 0x557ccb0de6e7 in std::_Head_base<2ul, dsn::blob, false>::~_Head_base() /usr/include/c++/11/tuple:187
    #9 0x557ccb0de707 in std::_Tuple_impl<2ul, dsn::blob>::~_Tuple_impl() /usr/include/c++/11/tuple:416
    #10 0x557ccb0de727 in std::_Tuple_impl<1ul, dsn::task_code, dsn::blob>::~_Tuple_impl() /usr/include/c++/11/tuple:258
    #11 0x557ccb0de747 in std::_Tuple_impl<0ul, unsigned long, dsn::task_code, dsn::blob>::~_Tuple_impl() /usr/include/c++/11/tuple:258
    #12 0x557ccb0de767 in std::tuple<unsigned long, dsn::task_code, dsn::blob>::~tuple() /usr/include/c++/11/tuple:609
    #13 0x557ccb0de78b in void __gnu_cxx::new_allocator<std::_Rb_tree_node<std::tuple<unsigned long, dsn::task_code, dsn::blob> > >::destroy<std::tuple<unsigned long, dsn::task_code, dsn::blob> >(std::tuple<unsigned long, dsn::task_code, dsn::blob>*) /usr/include/c++/11/ext/new_allocator.h:168
    #14 0x557ccb0d5a2e in void std::allocator_traits<std::allocator<std::_Rb_tree_node<std::tuple<unsigned long, dsn::task_code, dsn::blob> > > >::destroy<std::tuple<unsigned long, dsn::task_code, dsn::blob> >(std::allocator<std::_Rb_tree_node<std::tuple<unsigned long, dsn::task_code, dsn::blob> > >&, std::tuple<unsigned long, dsn::task_code, dsn::blob>*) /usr/include/c++/11/bits/alloc_traits.h:535
    #15 0x557ccb0ca58e in std::_Rb_tree<std::tuple<unsigned long, dsn::task_code, dsn::blob>, std::tuple<unsigned long, dsn::task_code, dsn::blob>, std::_Identity<std::tuple<unsigned long, dsn::task_code, dsn::blob> >, dsn::replication::mutation_tuple_cmp, std::allocator<std::tuple<unsigned long, dsn::task_code, dsn::blob> > >::_M_destroy_node(std::_Rb_tree_node<std::tuple<unsigned long, dsn::task_code, dsn::blob> >*) /usr/include/c++/11/bits/stl_tree.h:623
    #16 0x557ccb0ba8de in std::_Rb_tree<std::tuple<unsigned long, dsn::task_code, dsn::blob>, std::tuple<unsigned long, dsn::task_code, dsn::blob>, std::_Identity<std::tuple<unsigned long, dsn::task_code, dsn::blob> >, dsn::replication::mutation_tuple_cmp, std::allocator<std::tuple<unsigned long, dsn::task_code, dsn::blob> > >::_M_drop_node(std::_Rb_tree_node<std::tuple<unsigned long, dsn::task_code, dsn::blob> >*) /usr/include/c++/11/bits/stl_tree.h:631
    #17 0x557ccb0acede in std::_Rb_tree<std::tuple<unsigned long, dsn::task_code, dsn::blob>, std::tuple<unsigned long, dsn::task_code, dsn::blob>, std::_Identity<std::tuple<unsigned long, dsn::task_code, dsn::blob> >, dsn::replication::mutation_tuple_cmp, std::allocator<std::tuple<unsigned long, dsn::task_code, dsn::blob> > >::_M_erase(std::_Rb_tree_node<std::tuple<unsigned long, dsn::task_code, dsn::blob> >*) /usr/include/c++/11/bits/stl_tree.h:1891
    #18 0x557ccb0a2529 in std::_Rb_tree<std::tuple<unsigned long, dsn::task_code, dsn::blob>, std::tuple<unsigned long, dsn::task_code, dsn::blob>, std::_Identity<std::tuple<unsigned long, dsn::task_code, dsn::blob> >, dsn::replication::mutation_tuple_cmp, std::allocator<std::tuple<unsigned long, dsn::task_code, dsn::blob> > >::~_Rb_tree() /usr/include/c++/11/bits/stl_tree.h:984
    #19 0x557ccb0989f5 in std::set<std::tuple<unsigned long, dsn::task_code, dsn::blob>, dsn::replication::mutation_tuple_cmp, std::allocator<std::tuple<unsigned long, dsn::task_code, dsn::blob> > >::~set() /usr/include/c++/11/bits/stl_set.h:281
    #20 0x557ccb1d4d3c in dsn::replication::mutation_batch_test::check_mutation_contents(std::set<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&, dsn::replication::mutation_batch&) /root/apache/pegasus/src/replica/duplication/test/mutation_batch_test.cpp:72
    #21 0x557ccb1be242 in dsn::replication::mutation_batch_test_add_mutation_if_valid_Test::TestBody() /root/apache/pegasus/src/replica/duplication/test/mutation_batch_test.cpp:132
    #22 0x557ccb2d7dd6 in void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) (/root/apache/pegasus/build/debug/src/replica/duplication/test/dsn_replica_dup_test+0x486dd6)
    #23 0x557ccb2d07a0 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) (/root/apache/pegasus/build/debug/src/replica/duplication/test/dsn_replica_dup_test+0x47f7a0)
    #24 0x557ccb2aae31 in testing::Test::Run() (/root/apache/pegasus/build/debug/src/replica/duplication/test/dsn_replica_dup_test+0x459e31)
    #25 0x557ccb2ab94c in testing::TestInfo::Run() (/root/apache/pegasus/build/debug/src/replica/duplication/test/dsn_replica_dup_test+0x45a94c)
    #26 0x557ccb2ac352 in testing::TestSuite::Run() (/root/apache/pegasus/build/debug/src/replica/duplication/test/dsn_replica_dup_test+0x45b352)
    #27 0x557ccb2bc879 in testing::internal::UnitTestImpl::RunAllTests() (/root/apache/pegasus/build/debug/src/replica/duplication/test/dsn_replica_dup_test+0x46b879)
    #28 0x557ccb2d8f19 in bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) (/root/apache/pegasus/build/debug/src/replica/duplication/test/dsn_replica_dup_test+0x487f19)
    #29 0x557ccb2d1ac6 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) (/root/apache/pegasus/build/debug/src/replica/duplication/test/dsn_replica_dup_test+0x480ac6)

previously allocated by thread T37 (replica.default) here:
    #0 0x7faecabf41e7 in operator new(unsigned long) ../../../../src/libsanitizer/asan/asan_new_delete.cpp:99
    #1 0x557ccb08d8b2 in dsn::blob::create_from_bytes(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&&) (/root/apache/pegasus/build/debug/src/replica/duplication/test/dsn_replica_dup_test+0x23c8b2)
    #2 0x557ccb099cd6 in dsn::replication::replica_test_base::create_test_mutation(long, long, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /root/apache/pegasus/src/replica/test/replica_test_base.h:78
    #3 0x557ccb09aa20 in dsn::replication::duplication_test_base::create_test_mutation(long, long, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /root/apache/pegasus/src/replica/duplication/test/duplication_test_base.h:82
    #4 0x557ccb09ab3a in dsn::replication::duplication_test_base::create_test_mutation(long, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /root/apache/pegasus/src/replica/duplication/test/duplication_test_base.h:89
    #5 0x557ccb1be0b4 in dsn::replication::mutation_batch_test_add_mutation_if_valid_Test::TestBody() /root/apache/pegasus/src/replica/duplication/test/mutation_batch_test.cpp:130
    #6 0x557ccb2d7dd6 in void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) (/root/apache/pegasus/build/debug/src/replica/duplication/test/dsn_replica_dup_test+0x486dd6)
    #7 0x557ccb2d07a0 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) (/root/apache/pegasus/build/debug/src/replica/duplication/test/dsn_replica_dup_test+0x47f7a0)
    #8 0x557ccb2aae31 in testing::Test::Run() (/root/apache/pegasus/build/debug/src/replica/duplication/test/dsn_replica_dup_test+0x459e31)
    #9 0x557ccb2ab94c in testing::TestInfo::Run() (/root/apache/pegasus/build/debug/src/replica/duplication/test/dsn_replica_dup_test+0x45a94c)
    #10 0x557ccb2ac352 in testing::TestSuite::Run() (/root/apache/pegasus/build/debug/src/replica/duplication/test/dsn_replica_dup_test+0x45b352)
    #11 0x557ccb2bc879 in testing::internal::UnitTestImpl::RunAllTests() (/root/apache/pegasus/build/debug/src/replica/duplication/test/dsn_replica_dup_test+0x46b879)
    #12 0x557ccb2d8f19 in bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) (/root/apache/pegasus/build/debug/src/replica/duplication/test/dsn_replica_dup_test+0x487f19)
    #13 0x557ccb2d1ac6 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) (/root/apache/pegasus/build/debug/src/replica/duplication/test/dsn_replica_dup_test+0x480ac6)
    #14 0x557ccb2bae7a in testing::UnitTest::Run() (/root/apache/pegasus/build/debug/src/replica/duplication/test/dsn_replica_dup_test+0x469e7a)
    #15 0x557ccb1b411b in RUN_ALL_TESTS() /root/apache/pegasus/thirdparty/output/include/gtest/gtest.h:2317
    #16 0x557ccb1b4c90 in gtest_app::start(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) /root/apache/pegasus/src/replica/duplication/test/main.cpp:39
    #17 0x7faec8372559 in dsn::service_node::start_app() /root/apache/pegasus/src/runtime/service_engine.cpp:87
    #18 0x7faec83ab598 in dsn::service_control_task::exec() /root/apache/pegasus/src/runtime/tool_api.cpp:66
    #19 0x7faec84ddcba in dsn::task::exec_internal() /root/apache/pegasus/src/runtime/task/task.cpp:173
    #20 0x7faec85837ab in dsn::task_worker::loop() /root/apache/pegasus/src/runtime/task/task_worker.cpp:245
    #21 0x7faec8583309 in dsn::task_worker::run_internal() /root/apache/pegasus/src/runtime/task/task_worker.cpp:225
    #22 0x7faec858e76f in void std::__invoke_impl<void, void (dsn::task_worker::*&)(), dsn::task_worker*&>(std::__invoke_memfun_deref, void (dsn::task_worker::*&)(), dsn::task_worker*&) /usr/include/c++/11/bits/invoke.h:74
    #23 0x7faec858e5ea in std::__invoke_result<void (dsn::task_worker::*&)(), dsn::task_worker*&>::type std::__invoke<void (dsn::task_worker::*&)(), dsn::task_worker*&>(void (dsn::task_worker::*&)(), dsn::task_worker*&) /usr/include/c++/11/bits/invoke.h:96
    #24 0x7faec858e516 in void std::_Bind<void (dsn::task_worker::*(dsn::task_worker*))()>::__call<void, , 0ul>(std::tuple<>&&, std::_Index_tuple<0ul>) /usr/include/c++/11/functional:420
    #25 0x7faec858e3d5 in void std::_Bind<void (dsn::task_worker::*(dsn::task_worker*))()>::operator()<, void>() /usr/include/c++/11/functional:503
    #26 0x7faec858e307 in void std::__invoke_impl<void, std::_Bind<void (dsn::task_worker::*(dsn::task_worker*))()>>(std::__invoke_other, std::_Bind<void (dsn::task_worker::*(dsn::task_worker*))()>&&) /usr/include/c++/11/bits/invoke.h:61
    #27 0x7faec858e2c2 in std::__invoke_result<std::_Bind<void (dsn::task_worker::*(dsn::task_worker*))()>>::type std::__invoke<std::_Bind<void (dsn::task_worker::*(dsn::task_worker*))()>>(std::_Bind<void (dsn::task_worker::*(dsn::task_worker*))()>&&) /usr/include/c++/11/bits/invoke.h:96
    #28 0x7faec858e263 in void std::thread::_Invoker<std::tuple<std::_Bind<void (dsn::task_worker::*(dsn::task_worker*))()> > >::_M_invoke<0ul>(std::_Index_tuple<0ul>) /usr/include/c++/11/bits/std_thread.h:259
    #29 0x7faec858e233 in std::thread::_Invoker<std::tuple<std::_Bind<void (dsn::task_worker::*(dsn::task_worker*))()> > >::operator()() /usr/include/c++/11/bits/std_thread.h:266

Thread T37 (replica.default) created by T0 here:
    #0 0x7faecab96685 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:216
    #1 0x7faec0cd7328 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) (/lib/x86_64-linux-gnu/libstdc++.so.6+0xdc328)
    #2 0x7faec858bb6f in std::_MakeUniq<std::thread>::__single_object std::make_unique<std::thread, std::_Bind<void (dsn::task_worker::*(dsn::task_worker*))()> >(std::_Bind<void (dsn::task_worker::*(dsn::task_worker*))()>&&) /usr/include/c++/11/bits/unique_ptr.h:962
    #3 0x7faec857f3d8 in dsn::task_worker::start() /root/apache/pegasus/src/runtime/task/task_worker.cpp:92
    #4 0x7faec85018d0 in dsn::task_worker_pool::start() /root/apache/pegasus/src/runtime/task/task_engine.cpp:105
    #5 0x7faec8507b5e in dsn::task_engine::start() /root/apache/pegasus/src/runtime/task/task_engine.cpp:262
    #6 0x7faec83740da in dsn::service_node::start() /root/apache/pegasus/src/runtime/service_engine.cpp:135
    #7 0x7faec837720d in dsn::service_engine::start_node(dsn::service_app_spec&) /root/apache/pegasus/src/runtime/service_engine.cpp:239
    #8 0x7faec835822b in run /root/apache/pegasus/src/runtime/service_api_c.cpp:557
    #9 0x7faec834f4ae in dsn_run_config(char const*, bool) /root/apache/pegasus/src/runtime/service_api_c.cpp:226
    #10 0x557ccb1afdc4 in main /root/apache/pegasus/src/replica/duplication/test/main.cpp:54
    #11 0x7faec08f4d8f  (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f)

SUMMARY: AddressSanitizer: heap-use-after-free ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:827 in __interceptor_memcpy
Shadow bytes around the buggy address:
  0x0c068020e410: fd fd fd fa fa fa fa fa fa fa fa fa fd fd fd fa
  0x0c068020e420: fa fa fd fd fd fd fa fa fd fd fd fd fa fa fd fd
  0x0c068020e430: fd fa fa fa 00 00 00 fa fa fa fd fd fd fa fa fa
  0x0c068020e440: fd fd fd fa fa fa fd fd fd fa fa fa fd fd fd fd
  0x0c068020e450: fa fa fa fa fa fa fa fa fd fd fd fa fa fa fd fd
=>0x0c068020e460:[fd]fd fa fa fd fd fd fd fa fa fd fd fd fd fa fa
  0x0c068020e470: fd fd fd fa fa fa fd fd fd fa fa fa fd fd fd fd
  0x0c068020e480: fa fa fd fd fd fa fa fa fd fd fd fd fa fa fd fd
  0x0c068020e490: fd fa fa fa fd fd fd fd fa fa fd fd fd fd fa fa
  0x0c068020e4a0: fd fd fd fd fa fa fd fd fd fd fa fa fd fd fd fa
  0x0c068020e4b0: fa fa fd fd fd fa fa fa fd fd fd fa fa fa fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==39111==ABORTING
./run.sh: line 45: 39111 Aborted                 (core dumped) ./dsn_replica_dup_test
@empiredan empiredan added the type/bug This issue reports a bug. label Aug 3, 2024
@empiredan empiredan mentioned this issue Aug 3, 2024
Merged
empiredan added a commit that referenced this issue Aug 15, 2024
@empiredan
fix(duplication): fix the dangling pointer after blob object is mov…
e68c2b9 
…ed (#2088)

#2089

Refactor `blob` object to avoid the dangling pointer leading to heap-use-after-free
error which happened in #2089 after `blob` object is moved. Also refactor and add
some tests for `blob` and `mutation_batch`.
@empiredan
Copy link
Contributor Author

This issue has been fixed by #2088.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
component/duplication cluster duplication type/bug This issue reports a bug. unit-test
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@empiredan