ASAN does not work with FoundationDB
xis19 opened this issue · comments
Xiaoge Su commented
Currently if ASAN flag is enabled (USE_ASAN), fdbserver
would crash with the following steps:
- Start a
fdbserver
process (not simulation) - Start a
fdbcli
and attach to the cluster - Create a new database
configure new single ssd
The error looks like
==19356==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==19356==WARNING: ASan is ignoring requested __asan_handle_no_return: stack type: default top: 0x7ffd481f1000; bottom 0x7f11bbe87000; size: 0x00eb8c36a000 (1011669704704)
False positive error reports may follow
For details see https://github.com/google/sanitizers/issues/189
=================================================================
==19356==ERROR: AddressSanitizer: stack-use-after-return on address 0x7f11bc597a60 at pc 0x000003129cd7 bp 0x7f11b4e72110 sp 0x7f11b4e718e0
READ of size 24 at 0x7f11bc597a60 thread T0
#0 0x3129cd6 in __asan_memcpy /tmp/llvm-project/compiler-rt/lib/asan/asan_interceptors_memintrinsics.cpp:22:3
#1 0xf1db10b in yy_reduce /root/src/contrib/sqlite/sqlite3.amalgamation.c
#2 0xf1d4d57 in sqlite3Parser /root/src/contrib/sqlite/sqlite3.amalgamation.c:90481:7
#3 0xf11cd0f in sqlite3RunParser /root/src/contrib/sqlite/sqlite3.amalgamation.c:91319:7
#4 0xf215676 in sqlite3Prepare /root/src/contrib/sqlite/sqlite3.amalgamation.c:74207:5
#5 0xf194f6f in sqlite3LockAndPrepare /root/src/contrib/sqlite/sqlite3.amalgamation.c:74302:8
#6 0xf19504b in sqlite3_prepare_v2 /root/src/contrib/sqlite/sqlite3.amalgamation.c:74377:8
#7 0x63c95fa in Statement /root/src/fdbserver/KeyValueStoreSQLite.actor.cpp:414:28
#8 0x63c95fa in SQLiteDB::open(bool) /root/src/fdbserver/KeyValueStoreSQLite.actor.cpp:1537:12
#9 0xca3aa3b in WorkPool<Coroutine, ThreadUnsafeSpinLock, true>::Worker::run() /root/src/fdbserver/coroimpl/CoroFlowCoro.actor.cpp:135:16
#10 0xca3d198 in wrapRun /root/src/fdbserver/coroimpl/CoroFlowCoro.actor.cpp:85:3
#11 0xca3d198 in Coroutine::entry(void*) /root/src/fdbserver/coroimpl/CoroFlowCoro.actor.cpp:90:56
#12 0xf8d747d in Coro_StartWithArg /root/src/fdbrpc/libcoroutine/Coro.c:248:2
#13 0x7f11be5dd18f (/lib64/libc.so.6+0x4818f) (BuildId: 9470e279388f7f9cb2ed3b2872d0c2095b191ff4)
Address 0x7f11bc597a60 is located in stack of thread T0 at offset 96 in frame
#0 0xf0e62bf in sqlite3ExprCodeTarget /root/src/contrib/sqlite/sqlite3.amalgamation.c:57656
This frame has 5 object(s):
[32, 64) 'w.i.i' (line 56549)
[96, 100) 'regFree1' (line 57660) <== Memory access at offset 96 partially overflows this variable
[112, 116) 'regFree2' (line 57661) <== Memory access at offset 96 partially underflows this variable
[128, 216) 'opCompare' (line 58162)
[256, 344) 'cacheX' (line 58163)
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-return /tmp/llvm-project/compiler-rt/lib/asan/asan_interceptors_memintrinsics.cpp:22:3 in __asan_memcpy
Shadow bytes around the buggy address:
0x0fe2b78aaef0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x0fe2b78aaf00: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x0fe2b78aaf10: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x0fe2b78aaf20: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x0fe2b78aaf30: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
=>0x0fe2b78aaf40: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5[f5]f5 f5 f5
0x0fe2b78aaf50: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x0fe2b78aaf60: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x0fe2b78aaf70: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x0fe2b78aaf80: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x0fe2b78aaf90: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==19356==ABORTING
This is tested using clang compiler in the docker development environment.