aguludunu commented 1 year ago

I use address sanitizer in gcc 8.3.0, and I have seen this check failed very rarely: ==1696631==AddressSanitizer CHECK failed: ../../../../src/libsanitizer/asan/asan_allocator.cc:151 "((alloc_magic[1])) == ((reinterpret_cast(m)))" (0x606000c78a10, 0x606000c78a30)

The call stack is like this:

0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50

1 0x00007f3ff7af9535 in __GI_abort () at abort.c:79

2 0x00007f400badbe6b in __sanitizer::Abort () at ../../../../src/libsanitizer/sanitizer_common/sanitizer_posix_libcdep.cc:145

3 0x00007f400bae3ed8 in __sanitizer::Die () at ../../../../src/libsanitizer/sanitizer_common/sanitizer_termination.cc:57

4 0x00007f400bac8fe0 in __asan::AsanCheckFailed (file=, line=, cond=, v1=, v2=) at ../../../../src/libsanitizer/asan/asan_rtl.cc:68

5 0x00007f400bae3f3a in __sanitizer::CheckFailed (file=file@entry=0x7f400bafb3a8 "../../../../src/libsanitizer/asan/asan_allocator.cc", line=line@entry=151, cond=cond@entry=0x7f400bafc1f0 "((alloc_magic[1])) == ((reinterpret_cast(m)))", v1=105965446203920, v2=v2@entry=105965446203952) at ../../../../src/libsanitizer/sanitizer_common/sanitizer_termination.cc:77

6 0x00007f400b9ffdfb in __asan::QuarantineCallback::Recycle (this=this@entry=0x7f3fbca596c8, m=0x606000c78a30) at ../../../../src/libsanitizer/asan/asan_allocator.cc:151

7 0x00007f400ba001ee in sanitizer::Quarantine<asan::QuarantineCallback, asan::AsanChunk>::DoRecycle (this=this@entry=0x7f400bd350b8 <asan::instance+2097784>, c=c@entry=0x7f3fbca59730, cb=..., cb@entry=...) at ../../../../src/libsanitizer/sanitizer_common/sanitizer_quarantine.h:181

8 0x00007f400ba006cd in sanitizer::Quarantine<asan::QuarantineCallback, asan::AsanChunk>::Recycle (this=this@entry=0x7f400bd350b8 <asan::instance+2097784>, cb=...) at ../../../../src/libsanitizer/sanitizer_common/sanitizer_quarantine.h:169

9 0x00007f400ba00a0e in sanitizer::Quarantine<asan::QuarantineCallback, asan::AsanChunk>::Drain (this=this@entry=0x7f400bd350b8 <asan::instance+2097784>, c=c@entry=0x7f3fbc24e060, cb=...) at ../../../../src/libsanitizer/sanitizer_common/sanitizer_quarantine.h:118

10 0x00007f400ba01183 in sanitizer::Quarantine<asan::QuarantineCallback, asan::AsanChunk>::Put (size=, ptr=0x60800266a490, cb=..., c=0x7f3fbc24e060, this=0x7f400bd350b8 <asan::instance+2097784>) at ../../../../src/libsanitizer/sanitizer_common/sanitizer_quarantine.h:109

11 asan::Allocator::QuarantineChunk (stack=0x60800266a4a0, ptr=0x60800266a4a0, m=0x60800266a490, this=0x7f400bb34e40 <asan::instance>) at ../../../../src/libsanitizer/asan/asan_allocator.cc:564

12 asan::Allocator::Deallocate (this=this@entry=0x7f400bb34e40 <asan::instance>, ptr=ptr@entry=0x60800266a4a0, delete_size=delete_size@entry=0, stack=stack@entry=0x7f3fbca59800, alloc_type=alloc_type@entry=__asan::FROM_MALLOC) at ../../../../src/libsanitizer/asan/asan_allocator.cc:609

13 0x00007f400b9fc657 in __asan::asan_free (ptr=ptr@entry=0x60800266a4a0, stack=stack@entry=0x7f3fbca59800, alloc_type=alloc_type@entry=__asan::FROM_MALLOC) at ../../../../src/libsanitizer/asan/asan_allocator.cc:803

14 0x00007f400babdf8b in __interceptor_free (ptr=0x60800266a4a0) at ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:69

15 0x00007f400b4a097d in UPF_Free (allocator=0x7f40030a1fe0, ptr=0x60800266a4a0) at /media/linux/e88caffa-e29c-4e87-b464-0be8822d68aa/Jenkins/workspace/680323_TAVASCAN_LNXPC_San_TAG/common/framework/upf/upf/c++_wrappers_facade/memorypool/UPF_Malloc.cpp:1401

The address of "m" in __asan::QuarantineCallback::Recycle is 0x606000c78a30 and its memory is below: 0x606000c789b0: 0x00667474 0x15c63030 0x406c5de6 0x15c4a4ae 0x606000c789c0: 0xcc6e96b9 0x00000000 0x00c789d0 0x00006060 0x606000c789d0: 0x00005d03 0x0a00005d 0x00000038 0x380001e9 0x606000c789e0: 0x3e8001f9 0x016b00d1 0x04b00200 0x00000000 0x606000c789f0: 0x00000000 0x00000000 0x00000000 0x213a51cb 0x606000c78a00: 0x017200d7 0x04b00201 0x00000000 0x00000000 0x606000c78a10: 0x00000000 0x00000000 0x3e70f0f1 0x3f800000 0x606000c78a20: 0x00000000 0x00000000 0x00c78a10 0x00006060 0x606000c78a30: 0x00005d00 0x0a00005d 0x00000038 0x4d00018c 0x606000c78a40: 0x1d8001d5 0x00a10055 0x04b00200 0x00000000 0x606000c78a50: 0x00000000 0x00000000 0x00000000 0x213a51cb 0x606000c78a60: 0x00220012 0x04b00201 0x00000000 0x00000000 0x606000c78a70: 0x00000000 0x00000000 0x3e70f0f1 0x3f800000 0x606000c78a80: 0xcc6e96b9 0x00000000 0x00c78a90 0x00006060 0x606000c78a90: 0x00001b02 0x0affffff 0x00000038 0x7c0000db 0x606000c78aa0: 0x00000038 0x00000000 0x00000000 0xbebebebe 0x606000c78ab0: 0x008bf6a8 0x00006060 0x00000000 0x00000000 0x606000c78ac0: 0x00000000 0x00000000 0x213a510f 0x007e04b0 0x606000c78ad0: 0xbebe0006 0xbebebebe 0x00000001 0x00000000 0x606000c78ae0: 0xcc6e96b9 0x00000000 0x00c78af0 0x00006060 0x606000c78af0: 0x00000503 0x0a000005 0x00000034 0x4700013c 0x606000c78b00: 0x01000122 0x6f736572 0x65637275 0x2f77762f 0x606000c78b10: 0x746e6f46 0x48595a2f 0x705f6965 0x5f73756c 0x606000c78b20: 0x61435756 0x2d495572 0x75676552 0x2e72616c 0x606000c78b30: 0x00667474 0x15c4832d 0x00004288 0xbfe66667 0x606000c78b40: 0xcc6e96b9 0x00000000 0x00c78b50 0x00006060 0x606000c78b50: 0x00000503 0x0a000005 0x00000034 0x4e800144 0x606000c78b60: 0x03800124 0x6f736572 0x65637275 0x2f77762f 0x606000c78b70: 0x746e6f46 0x48595a2f 0x705f6965 0x5f73756c 0x606000c78b80: 0x61435756 0x2d495572 0x75676552 0x2e72616c 0x606000c78b90: 0x00667474 0x00000000 0x04b00200 0x00000000 0x606000c78ba0: 0xcc6e96b9 0x00000000 0x00c78bb0 0x00006060 0x606000c78bb0: 0x00000503 0x0a000005 0x00000034 0x66800144 0x606000c78bc0: 0x66000137 0x6f736572 0x65637275 0x2f77762f 0x606000c78bd0: 0x746e6f46 0x48595a2f 0x705f6965 0x5f73756c 0x606000c78be0: 0x61435756 0x2d495572 0x75676552 0x2e72616c 0x606000c78bf0: 0x00667474 0xbebebebe 0x636e7546 0x00000000 0x606000c78c00: 0x00000000 0x00000000 0x00c78c10 0x00006060 0x606000c78c10: 0x00000500 0x0a000005 0x00000034 0x18000161 0x606000c78c20: 0x1b800148 0x6f736572 0x65637275 0x2f77762f 0x606000c78c30: 0x746e6f46 0x48595a2f 0x705f6965 0x5f73756c 0x606000c78c40: 0x61435756 0x2d495572 0x75676552 0x2e72616c 0x606000c78c50: 0x00667474 0x00006060 0x00000000 0x00000000 0x606000c78c60: 0x00000000 0x00000000 0x00c78c70 0x00006060 0x606000c78c70: 0x00000500 0x0a000005 0x00000034 0x35000149 0x606000c78c80: 0x3b000162 0x6f736572 0x65637275 0x2f77762f 0x606000c78c90: 0x746e6f46 0x48595a2f 0x705f6965 0x5f73756c 0x606000c78ca0: 0x61435756 0x2d495572 0x75676552 0x2e72616c 0x606000c78cb0: 0x00667474 0xbebebebe 0x203b3020 0x15c63000 0x606000c78cc0: 0x00000000 0x00000000 0x00c78cd0 0x00006060 0x606000c78cd0: 0x00005d00 0x0a00005d 0x00000038 0x05800186 0x606000c78ce0: 0x568001b3 0x15c466e2 0x406c2648 0x15c463cb 0x606000c78cf0: 0x406c248b 0x15c463cb 0x406c229d 0x15c46491 0x606000c78d00: 0x406c21a6 0x15c46604 0x406c2111 0x15c4697e 0x606000c78d10: 0x406c1d03 0x15c47b42 0xbebebebe 0xbebebebe 0x606000c78d20: 0xcc6e96b9 0x00000000 0x00c78d30 0x00006060 0x606000c78d30: 0x00000503 0x0a000005 0x00000034 0x5400011e 0x606000c78d40: 0x1c800109 0x6f736572 0x65637275 0x2f77762f 0x606000c78d50: 0x746e6f46 0x48595a2f 0x705f6965 0x5f73756c 0x606000c78d60: 0x61435756 0x2d495572 0x75676552 0x2e72616c 0x606000c78d70: 0x00667474 0xfb4b0301 0x000045e7 0xbe4ccccd 0x606000c78d80: 0x00000000 0x00000000 0x00c78d90 0x00006060 0x606000c78d90: 0x00000500 0x0a000005 0x00000034 0x4d800156 0x606000c78da0: 0x04800171 0x6f736572 0x65637275 0x2f77762f

// M B L L L L L L L L L H H U U U U U U // | ^ // ---------------------| // M -- magic value kAllocBegMagic // B -- address of ChunkHeader pointing to the first 'H' The memory of "B" is "0x00c78a10 0x00006060", this is not the address of "H", and the "H"'s actually address is 0x606000c78a30. Why this happens? Is it a problem with my program or the sanitizer? Is this issue the same as https://github.com/google/sanitizers/issues/1193?

And I have seen another check failed below: AddressSanitizer CHECK failed: ../../../../src/libsanitizer/asan/asan_allocator.cc:137 "((m->chunk_state)) == ((CHUNK_QUARANTINE))" (0xa8, 0x3)

maflcko commented 1 year ago

gcc 8.3.0

I'd recommend to always try the latest version of the sanitizer and compiler, if you run into any issues. Often, the issue is already fixed.