asan: flaky memory leak in core/exception.cc:Exception::operator new

[avtikhon]

Tarantool version:
Tarantool 2.6.0-71-ga04778273
Target: Linux-x86_64-RelWithDebInfo
Build options: cmake . -DCMAKE_INSTALL_PREFIX=/usr/local -DENABLE_BACKTRACE=ON
Compiler: /usr/bin/clang-8 /usr/bin/clang++-8
C_FLAGS: -Wno-unknown-pragmas -fexceptions -funwind-tables -fno-omit-frame-pointer -fno-stack-protector -fno-common -msse2 -fsanitize=address -fsanitize-blacklist=/source/asan/asan.supp -std=c11 -Wall -Wextra -Wno-strict-aliasing -fsanitize=alignment,bool,bounds,builtin,enum,float-cast-overflow,float-divide-by-zero,function,integer-divide-by-zero,return,shift,unreachable,vla-bound -fno-sanitize-recover=alignment,bool,bounds,builtin,enum,float-cast-overflow,float-divide-by-zero,function,integer-divide-by-zero,return,shift,unreachable,vla-bound -Wno-char-subscripts -Wno-gnu-alignof-expression -Werror
CXX_FLAGS: -Wno-unknown-pragmas -fexceptions -funwind-tables -fno-omit-frame-pointer -fno-stack-protector -fno-common -msse2 -fsanitize=address -fsanitize-blacklist=/source/asan/asan.supp -std=c++11 -Wall -Wextra -Wno-strict-aliasing -fsanitize=alignment,bool,bounds,builtin,enum,float-cast-overflow,float-divide-by-zero,function,integer-divide-by-zero,return,shift,unreachable,vla-bound -fno-sanitize-recover=alignment,bool,bounds,builtin,enum,float-cast-overflow,float-divide-by-zero,function,integer-divide-by-zero,return,shift,unreachable,vla-bound -Wno-char-subscripts -Wno-invalid-offsetof -Wno-gnu-alignof-expression -Werror

OS version:
Debian GNU/Linux buster/sid

Bug description:
In asan/lsan check found memory leaks:

Direct leak of 848 byte(s) in 1 object(s) allocated from:
    #0 0x524c03 in __interceptor_malloc (/tnt/src/tarantool+0x524c03)
    #1 0xa0f0d2 in Exception::operator new(unsigned long) /source/src/lib/core/exception.cc:99:14
    #2 0xd73cc6 in BuildClientError /source/src/box/error.cc:192:20
    #3 0x6b5c08 in codeTriggerProgram /source/src/box/sql/trigger.c:598:3
    #4 0x6b5c08 in sql_row_trigger_program /source/src/box/sql/trigger.c:796
    #5 0x6b5c08 in sql_row_trigger /source/src/box/sql/trigger.c:866
    #6 0x6b6cd4 in sql_trigger_colmask /source/src/box/sql/trigger.c:945:5
    #7 0x6329b9 in sql_generate_row_delete /source/src/box/sql/delete.c:459:4
    #8 0x63227a in sql_table_delete_from /source/src/box/sql/delete.c:402:3
    #9 0x6b5e3d in codeTriggerProgram /source/src/box/sql/trigger.c:644:5
    #10 0x6b5e3d in sql_row_trigger_program /source/src/box/sql/trigger.c:796
    #11 0x6b5e3d in sql_row_trigger /source/src/box/sql/trigger.c:866
    #12 0x6b6cd4 in sql_trigger_colmask /source/src/box/sql/trigger.c:945:5
    #13 0x6329b9 in sql_generate_row_delete /source/src/box/sql/delete.c:459:4
    #14 0x63227a in sql_table_delete_from /source/src/box/sql/delete.c:402:3
    #15 0x6b5e3d in codeTriggerProgram /source/src/box/sql/trigger.c:644:5
    #16 0x6b5e3d in sql_row_trigger_program /source/src/box/sql/trigger.c:796
    #17 0x6b5e3d in sql_row_trigger /source/src/box/sql/trigger.c:866
    #18 0x6b6cd4 in sql_trigger_colmask /source/src/box/sql/trigger.c:945:5
    #19 0x6329b9 in sql_generate_row_delete /source/src/box/sql/delete.c:459:4
    #20 0x63227a in sql_table_delete_from /source/src/box/sql/delete.c:402:3
    #21 0x6b5e3d in codeTriggerProgram /source/src/box/sql/trigger.c:644:5
    #22 0x6b5e3d in sql_row_trigger_program /source/src/box/sql/trigger.c:796
    #23 0x6b5e3d in sql_row_trigger /source/src/box/sql/trigger.c:866
    #24 0x6b6cd4 in sql_trigger_colmask /source/src/box/sql/trigger.c:945:5
    #25 0x6329b9 in sql_generate_row_delete /source/src/box/sql/delete.c:459:4
    #26 0x63227a in sql_table_delete_from /source/src/box/sql/delete.c:402:3
    #27 0x6b5e3d in codeTriggerProgram /source/src/box/sql/trigger.c:644:5
    #28 0x6b5e3d in sql_row_trigger_program /source/src/box/sql/trigger.c:796
    #29 0x6b5e3d in sql_row_trigger /source/src/box/sql/trigger.c:866
    #30 0x6b6cd4 in sql_trigger_colmask /source/src/box/sql/trigger.c:945:5
    #31 0x6329b9 in sql_generate_row_delete /source/src/box/sql/delete.c:459:4
    #32 0x63227a in sql_table_delete_from /source/src/box/sql/delete.c:402:3
    #33 0x6b5e3d in codeTriggerProgram /source/src/box/sql/trigger.c:644:5
    #34 0x6b5e3d in sql_row_trigger_program /source/src/box/sql/trigger.c:796
    #35 0x6b5e3d in sql_row_trigger /source/src/box/sql/trigger.c:866
    #36 0x6b6cd4 in sql_trigger_colmask /source/src/box/sql/trigger.c:945:5
    #37 0x6329b9 in sql_generate_row_delete /source/src/box/sql/delete.c:459:4
    #38 0x63227a in sql_table_delete_from /source/src/box/sql/delete.c:402:3
    #39 0x6b5e3d in codeTriggerProgram /source/src/box/sql/trigger.c:644:5
    #40 0x6b5e3d in sql_row_trigger_program /source/src/box/sql/trigger.c:796
    #41 0x6b5e3d in sql_row_trigger /source/src/box/sql/trigger.c:866
    #42 0x6b6cd4 in sql_trigger_colmask /source/src/box/sql/trigger.c:945:5
    #43 0x6329b9 in sql_generate_row_delete /source/src/box/sql/delete.c:459:4

It was disabled in asan suppression file 'asan/lsan.supp' with block:

# test: sql-tap/gh2250-trigger-chain-limit.test.lua
# source: src/lib/core/exception.cc
leak:Exception::operator new

Steps to reproduce:
Start the docker container:

docker run --network=host -v $PWD:/source -w /source -ti registry.gitlab.com/tarantool/tarantool/testing/debian-buster:latest

Inside the docker container run:

mkdir /tnt ; cd /tnt/ ; rm -rf /tnt/*

CC=clang-8 CXX=clang++-8 cmake /source \
        -DCMAKE_BUILD_TYPE=RelWithDebInfo \
        -DENABLE_WERROR=ON \
        -DENABLE_ASAN=ON \
        -DENABLE_UB_SANITIZER=ON && make -j

cat >asan.patch <<EOF
diff --git a/asan/lsan.supp b/asan/lsan.supp
index 46b3001e9..e625d3c4b 100644
--- a/asan/lsan.supp
+++ b/asan/lsan.supp
@@ -50,7 +50,7 @@ leak:mh_i32ptr_new
 
 # test: sql-tap/gh2250-trigger-chain-limit.test.lua
 # source: src/lib/core/exception.cc
-leak:Exception::operator new
+#leak:Exception::operator new
 
 # test: vinyl/errinj.test.lua
 # source: src/lib/core/fiber.h
EOF
patch -p1 -i asan.patch

cd test

Create the reproducer test 'gh2250-trigger-chain-limit.test.lua' based on 'box-tap/gh2250-trigger-chain-limit.test.lua':

#!/usr/bin/env tarantool
box.cfg{log="tarantool.log"}
box.execute('CREATE TABLE t1 (s1 INT UNIQUE, s2 INT, s3 INT PRIMARY KEY);')
pcall(function() box.execute("UPDATE t1 SET s1=2") end)
os.exit()

And run it with:

export LSAN_OPTIONS=suppressions=/source/asan/lsan.supp ; export PATH=$PATH:/tnt/src ; LUA_PATH='test/sql-tap/lua/?.lua;test/sql/lua/?.lua;;' ./gh2250-trigger-chain-limit.test.lua

Optional (but very desirable):

• coredump
• backtrace
• netstat