search

memgraph / memgraph

Open-source graph database, tuned for dynamic analytics environments. Easy to adopt, scale and own.
https://memgraph.com
Other
2.44k stars 121 forks source link

Heap use after free in memgraph__concurrent__storage_indices tests #902

Open Darych opened 1 year ago

Darych commented 1 year ago

Transaction object is deleted before being read in ApplyDeltasForRead. ASAN output:

==973327==ERROR: AddressSanitizer: heap-use-after-free on address 0xffff9b5ff730 at pc 0x000000825844 bp 0xffffa54ec5e0 sp 0xffffa54ec5f8
READ of size 8 at 0xffff9b5ff730 thread T3 (verifier1)
    #0 0x825840 in std::__atomic_base<unsigned long>::load(std::memory_order) const /opt/toolchain-v4/bin/../lib/gcc/aarch64-linux-gnu/11.2.0/../../../../include/c++/11.2.0/bits/atomic_base.h:481:9
    #1 0x825840 in void memgraph::storage::ApplyDeltasForRead<memgraph::storage::(anonymous namespace)::CurrentVersionHasLabel(memgraph::storage::Vertex const&, memgraph::storage::LabelId, memgraph::storage::Transaction*, memgraph::storage::View)::$_4>(memgraph::storage::Transaction*, memgraph::storage::Delta const*, memgraph::storage::View, memgraph::storage::(anonymous namespace)::CurrentVersionHasLabel(memgraph::storage::Vertex const&, memgraph::storage::LabelId, memgraph::storage::Transaction*, memgraph::storage::View)::$_4 const&) /home/aidar.linux/memgraph/src/storage/v2/mvcc.hpp:37:33
    #2 0x81a998 in memgraph::storage::(anonymous namespace)::CurrentVersionHasLabel(memgraph::storage::Vertex const&, memgraph::storage::LabelId, memgraph::storage::Transaction*, memgraph::storage::View) /home/aidar.linux/memgraph/src/storage/v2/indices.cpp:172:3
    #3 0x81a298 in memgraph::storage::LabelIndex::Iterable::Iterator::AdvanceUntilValid() /home/aidar.linux/memgraph/src/storage/v2/indices.cpp:348:9
    #4 0x81a5f0 in memgraph::storage::LabelIndex::Iterable::Iterator::operator++() /home/aidar.linux/memgraph/src/storage/v2/indices.cpp:339:3
    #5 0x8b4358 in memgraph::storage::VerticesIterable::Iterator::operator++() /home/aidar.linux/memgraph/src/storage/v2/storage.cpp:297:7
    #6 0x5309c4 in Storage_LabelIndex_Test::TestBody()::$_0::operator()() const /home/aidar.linux/memgraph/tests/concurrent/storage_indices.cpp:55:28
    #7 0x52ef8c in void std::__invoke_impl<void, Storage_LabelIndex_Test::TestBody()::$_0>(std::__invoke_other, Storage_LabelIndex_Test::TestBody()::$_0&&) /opt/toolchain-v4/bin/../lib/gcc/aarch64-linux-gnu/11.2.0/../../../../include/c++/11.2.0/bits/invoke.h:61:14
    #8 0x52edb8 in std::__invoke_result<Storage_LabelIndex_Test::TestBody()::$_0>::type std::__invoke<Storage_LabelIndex_Test::TestBody()::$_0>(Storage_LabelIndex_Test::TestBody()::$_0&&) /opt/toolchain-v4/bin/../lib/gcc/aarch64-linux-gnu/11.2.0/../../../../include/c++/11.2.0/bits/invoke.h:96:14
    #9 0x52ec1c in void std::thread::_Invoker<std::tuple<Storage_LabelIndex_Test::TestBody()::$_0> >::_M_invoke<0ul>(std::_Index_tuple<0ul>) /opt/toolchain-v4/bin/../lib/gcc/aarch64-linux-gnu/11.2.0/../../../../include/c++/11.2.0/bits/std_thread.h:253:13
    #10 0x52ea80 in std::thread::_Invoker<std::tuple<Storage_LabelIndex_Test::TestBody()::$_0> >::operator()() /opt/toolchain-v4/bin/../lib/gcc/aarch64-linux-gnu/11.2.0/../../../../include/c++/11.2.0/bits/std_thread.h:260:11
    #11 0x52e8d0 in std::thread::_State_impl<std::thread::_Invoker<std::tuple<Storage_LabelIndex_Test::TestBody()::$_0> > >::_M_run() /opt/toolchain-v4/bin/../lib/gcc/aarch64-linux-gnu/11.2.0/../../../../include/c++/11.2.0/bits/std_thread.h:211:13
    #12 0xe7d178 in execute_native_thread_routine /root/memgraph/environment/toolchain/build/gcc-11.2.0/build/aarch64-linux-gnu/libstdc++-v3/src/c++11/../../../../../libstdc++-v3/src/c++11/thread.cc:82:18
    #13 0xffffabbfd5c4  (/lib/aarch64-linux-gnu/libc.so.6+0x7d5c4)
    #14 0xffffabc65d18  (/lib/aarch64-linux-gnu/libc.so.6+0xe5d18)

0xffff9b5ff730 is located 0 bytes inside of 8-byte region [0xffff9b5ff730,0xffff9b5ff738)
freed by thread T1 (Storage GC) here:
    #0 0x5293c8 in operator delete(void*) /root/memgraph/environment/toolchain/build/llvm-13.0.0/projects/compiler-rt/lib/asan/asan_new_delete.cpp:152:3
    #1 0x80e05c in std::default_delete<std::atomic<unsigned long> >::operator()(std::atomic<unsigned long>*) const /opt/toolchain-v4/bin/../lib/gcc/aarch64-linux-gnu/11.2.0/../../../../include/c++/11.2.0/bits/unique_ptr.h:85:2
    #2 0x80db6c in std::unique_ptr<std::atomic<unsigned long>, std::default_delete<std::atomic<unsigned long> > >::~unique_ptr() /opt/toolchain-v4/bin/../lib/gcc/aarch64-linux-gnu/11.2.0/../../../../include/c++/11.2.0/bits/unique_ptr.h:361:4
    #3 0x90e13c in memgraph::storage::Transaction::~Transaction() /home/aidar.linux/memgraph/src/storage/v2/transaction.hpp:58:19
    #4 0x91debc in void std::destroy_at<memgraph::storage::Transaction>(memgraph::storage::Transaction*) /opt/toolchain-v4/bin/../lib/gcc/aarch64-linux-gnu/11.2.0/../../../../include/c++/11.2.0/bits/stl_construct.h:88:15
    #5 0x91de0c in void std::allocator_traits<std::allocator<std::_List_node<memgraph::storage::Transaction> > >::destroy<memgraph::storage::Transaction>(std::allocator<std::_List_node<memgraph::storage::Transaction> >&, memgraph::storage::Transaction*) /opt/toolchain-v4/bin/../lib/gcc/aarch64-linux-gnu/11.2.0/../../../../include/c++/11.2.0/bits/alloc_traits.h:533:4
    #6 0x91db48 in std::__cxx11::list<memgraph::storage::Transaction, std::allocator<memgraph::storage::Transaction> >::_M_erase(std::_List_iterator<memgraph::storage::Transaction>) /opt/toolchain-v4/bin/../lib/gcc/aarch64-linux-gnu/11.2.0/../../../../include/c++/11.2.0/bits/stl_list.h:1925:2
    #7 0x91c718 in std::__cxx11::list<memgraph::storage::Transaction, std::allocator<memgraph::storage::Transaction> >::pop_front() /opt/toolchain-v4/bin/../lib/gcc/aarch64-linux-gnu/11.2.0/../../../../include/c++/11.2.0/bits/stl_list.h:1198:15
    #8 0x91fdac in auto void memgraph::storage::Storage::CollectGarbage<false>()::'lambda'(auto&)::operator()<std::__cxx11::list<memgraph::storage::Transaction, std::allocator<memgraph::storage::Transaction> > >(auto&) const /home/aidar.linux/memgraph/src/storage/v2/storage.cpp:1619:30
    #9 0x90872c in decltype(auto) memgraph::utils::Synchronized<std::__cxx11::list<memgraph::storage::Transaction, std::allocator<memgraph::storage::Transaction> >, memgraph::utils::SpinLock>::WithLock<void memgraph::storage::Storage::CollectGarbage<false>()::'lambda'(auto&)>(auto&&) /home/aidar.linux/memgraph/src/utils/synchronized.hpp:117:12
    #10 0x904fc0 in void memgraph::storage::Storage::CollectGarbage<false>() /home/aidar.linux/memgraph/src/storage/v2/storage.cpp:1617:29
    #11 0x900d04 in memgraph::storage::Storage::Storage(memgraph::storage::Config)::$_23::operator()() const /home/aidar.linux/memgraph/src/storage/v2/storage.cpp:421:70
    #12 0x900c4c in void std::__invoke_impl<void, memgraph::storage::Storage::Storage(memgraph::storage::Config)::$_23&>(std::__invoke_other, memgraph::storage::Storage::Storage(memgraph::storage::Config)::$_23&) /opt/toolchain-v4/bin/../lib/gcc/aarch64-linux-gnu/11.2.0/../../../../include/c++/11.2.0/bits/invoke.h:61:14
    #13 0x900a84 in std::enable_if<is_invocable_r_v<void, memgraph::storage::Storage::Storage(memgraph::storage::Config)::$_23&>, void>::type std::__invoke_r<void, memgraph::storage::Storage::Storage(memgraph::storage::Config)::$_23&>(memgraph::storage::Storage::Storage(memgraph::storage::Config)::$_23&) /opt/toolchain-v4/bin/../lib/gcc/aarch64-linux-gnu/11.2.0/../../../../include/c++/11.2.0/bits/invoke.h:111:2
    #14 0x9006ac in std::_Function_handler<void (), memgraph::storage::Storage::Storage(memgraph::storage::Config)::$_23>::_M_invoke(std::_Any_data const&) /opt/toolchain-v4/bin/../lib/gcc/aarch64-linux-gnu/11.2.0/../../../../include/c++/11.2.0/bits/std_function.h:291:9
    #15 0x7653e8 in std::function<void ()>::operator()() const /opt/toolchain-v4/bin/../lib/gcc/aarch64-linux-gnu/11.2.0/../../../../include/c++/11.2.0/bits/std_function.h:560:9
    #16 0x9595cc in void memgraph::utils::Scheduler::Run<long, std::ratio<1l, 1000l> >(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::chrono::duration<long, std::ratio<1l, 1000l> > const&, std::function<void ()> const&)::'lambda'()::operator()() const /home/aidar.linux/memgraph/src/utils/scheduler.hpp:71:9
    #17 0x9590b0 in long std::__invoke_impl<void, void memgraph::utils::Scheduler::Run<long, std::ratio<1l, 1000l> >(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::chrono::duration<long, std::ratio<1l, 1000l> > const&, std::function<void ()> const&)::'lambda'()>(std::__invoke_other, std::ratio<1l, 1000l>&&) /opt/toolchain-v4/bin/../lib/gcc/aarch64-linux-gnu/11.2.0/../../../../include/c++/11.2.0/bits/invoke.h:61:14
    #18 0x958edc in std::__invoke_result<long>::type std::__invoke<void memgraph::utils::Scheduler::Run<long, std::ratio<1l, 1000l> >(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::chrono::duration<long, std::ratio<1l, 1000l> > const&, std::function<void ()> const&)::'lambda'()>(long&&) /opt/toolchain-v4/bin/../lib/gcc/aarch64-linux-gnu/11.2.0/../../../../include/c++/11.2.0/bits/invoke.h:96:14
    #19 0x958d40 in void std::thread::_Invoker<std::tuple<void memgraph::utils::Scheduler::Run<long, std::ratio<1l, 1000l> >(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::chrono::duration<long, std::ratio<1l, 1000l> > const&, std::function<void ()> const&)::'lambda'()> >::_M_invoke<0ul>(std::_Index_tuple<0ul>) /opt/toolchain-v4/bin/../lib/gcc/aarch64-linux-gnu/11.2.0/../../../../include/c++/11.2.0/bits/std_thread.h:253:13
    #20 0x958ba4 in std::thread::_Invoker<std::tuple<void memgraph::utils::Scheduler::Run<long, std::ratio<1l, 1000l> >(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::chrono::duration<long, std::ratio<1l, 1000l> > const&, std::function<void ()> const&)::'lambda'()> >::operator()() /opt/toolchain-v4/bin/../lib/gcc/aarch64-linux-gnu/11.2.0/../../../../include/c++/11.2.0/bits/std_thread.h:260:11
    #21 0x9588e8 in std::thread::_State_impl<std::thread::_Invoker<std::tuple<void memgraph::utils::Scheduler::Run<long, std::ratio<1l, 1000l> >(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::chrono::duration<long, std::ratio<1l, 1000l> > const&, std::function<void ()> const&)::'lambda'()> > >::_M_run() /opt/toolchain-v4/bin/../lib/gcc/aarch64-linux-gnu/11.2.0/../../../../include/c++/11.2.0/bits/std_thread.h:211:13
    #22 0xe7d178 in execute_native_thread_routine /root/memgraph/environment/toolchain/build/gcc-11.2.0/build/aarch64-linux-gnu/libstdc++-v3/src/c++11/../../../../../libstdc++-v3/src/c++11/thread.cc:82:18
    #23 0xffffabbfd5c4  (/lib/aarch64-linux-gnu/libc.so.6+0x7d5c4)
    #24 0xffffabc65d18  (/lib/aarch64-linux-gnu/libc.so.6+0xe5d18)

previously allocated by thread T7 (mutator0) here:
    #0 0x528a70 in operator new(unsigned long) /root/memgraph/environment/toolchain/build/llvm-13.0.0/projects/compiler-rt/lib/asan/asan_new_delete.cpp:95:3
    #1 0x80da50 in std::_MakeUniq<std::atomic<unsigned long> >::__single_object std::make_unique<std::atomic<unsigned long>, unsigned long>(unsigned long&&) /opt/toolchain-v4/bin/../lib/gcc/aarch64-linux-gnu/11.2.0/../../../../include/c++/11.2.0/bits/unique_ptr.h:962:30
    #2 0x80c6fc in memgraph::storage::Transaction::EnsureCommitTimestampExists() /home/aidar.linux/memgraph/src/storage/v2/transaction.hpp:63:24
    #3 0x90e598 in void memgraph::storage::CreateAndLinkDelta<memgraph::storage::Vertex, memgraph::storage::Delta::RecreateObjectTag>(memgraph::storage::Transaction*, memgraph::storage::Vertex*, memgraph::storage::Delta::RecreateObjectTag&&) /home/aidar.linux/memgraph/src/storage/v2/mvcc.hpp:115:16
    #4 0x8c3564 in memgraph::storage::Storage::Accessor::DeleteVertex(memgraph::storage::VertexAccessor*) /home/aidar.linux/memgraph/src/storage/v2/storage.cpp:567:3
    #5 0x533858 in Storage_LabelIndex_Test::TestBody()::$_1::operator()() const /home/aidar.linux/memgraph/tests/concurrent/storage_indices.cpp:93:11
    #6 0x532220 in void std::__invoke_impl<void, Storage_LabelIndex_Test::TestBody()::$_1>(std::__invoke_other, Storage_LabelIndex_Test::TestBody()::$_1&&) /opt/toolchain-v4/bin/../lib/gcc/aarch64-linux-gnu/11.2.0/../../../../include/c++/11.2.0/bits/invoke.h:61:14
    #7 0x53204c in std::__invoke_result<Storage_LabelIndex_Test::TestBody()::$_1>::type std::__invoke<Storage_LabelIndex_Test::TestBody()::$_1>(Storage_LabelIndex_Test::TestBody()::$_1&&) /opt/toolchain-v4/bin/../lib/gcc/aarch64-linux-gnu/11.2.0/../../../../include/c++/11.2.0/bits/invoke.h:96:14
    #8 0x531eb0 in void std::thread::_Invoker<std::tuple<Storage_LabelIndex_Test::TestBody()::$_1> >::_M_invoke<0ul>(std::_Index_tuple<0ul>) /opt/toolchain-v4/bin/../lib/gcc/aarch64-linux-gnu/11.2.0/../../../../include/c++/11.2.0/bits/std_thread.h:253:13
    #9 0x531d14 in std::thread::_Invoker<std::tuple<Storage_LabelIndex_Test::TestBody()::$_1> >::operator()() /opt/toolchain-v4/bin/../lib/gcc/aarch64-linux-gnu/11.2.0/../../../../include/c++/11.2.0/bits/std_thread.h:260:11
    #10 0x531b64 in std::thread::_State_impl<std::thread::_Invoker<std::tuple<Storage_LabelIndex_Test::TestBody()::$_1> > >::_M_run() /opt/toolchain-v4/bin/../lib/gcc/aarch64-linux-gnu/11.2.0/../../../../include/c++/11.2.0/bits/std_thread.h:211:13
    #11 0xe7d178 in execute_native_thread_routine /root/memgraph/environment/toolchain/build/gcc-11.2.0/build/aarch64-linux-gnu/libstdc++-v3/src/c++11/../../../../../libstdc++-v3/src/c++11/thread.cc:82:18
    #12 0xffffabbfd5c4  (/lib/aarch64-linux-gnu/libc.so.6+0x7d5c4)
    #13 0xffffabc65d18  (/lib/aarch64-linux-gnu/libc.so.6+0xe5d18)

Thread T3 (verifier1) created by T0 here:
    #0 0x476e00 in __interceptor_pthread_create /root/memgraph/environment/toolchain/build/llvm-13.0.0/projects/compiler-rt/lib/asan/asan_interceptors.cpp:207:3
    #1 0xe7d46c in __gthread_create /root/memgraph/environment/toolchain/build/gcc-11.2.0/build/aarch64-linux-gnu/libstdc++-v3/include/aarch64-linux-gnu/bits/gthr-default.h:663:35
    #2 0xe7d46c in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) /root/memgraph/environment/toolchain/build/gcc-11.2.0/build/aarch64-linux-gnu/libstdc++-v3/src/c++11/../../../../../libstdc++-v3/src/c++11/thread.cc:147:37
    #3 0x52e68c in std::thread::thread<Storage_LabelIndex_Test::TestBody()::$_0, void>(Storage_LabelIndex_Test::TestBody()::$_0&&) /opt/toolchain-v4/bin/../lib/gcc/aarch64-linux-gnu/11.2.0/../../../../include/c++/11.2.0/bits/std_thread.h:143:2
    #4 0x52e540 in decltype(new ((void*)(0))std::thread(std::declval<Storage_LabelIndex_Test::TestBody()::$_0>())) std::construct_at<std::thread, Storage_LabelIndex_Test::TestBody()::$_0>(std::thread*, Storage_LabelIndex_Test::TestBody()::$_0&&) /opt/toolchain-v4/bin/../lib/gcc/aarch64-linux-gnu/11.2.0/../../../../include/c++/11.2.0/bits/stl_construct.h:97:39
    #5 0x52df50 in void std::allocator_traits<std::allocator<std::thread> >::construct<std::thread, Storage_LabelIndex_Test::TestBody()::$_0>(std::allocator<std::thread>&, std::thread*, Storage_LabelIndex_Test::TestBody()::$_0&&) /opt/toolchain-v4/bin/../lib/gcc/aarch64-linux-gnu/11.2.0/../../../../include/c++/11.2.0/bits/alloc_traits.h:514:4
    #6 0x52c1d0 in std::thread& std::vector<std::thread, std::allocator<std::thread> >::emplace_back<Storage_LabelIndex_Test::TestBody()::$_0>(Storage_LabelIndex_Test::TestBody()::$_0&&) /opt/toolchain-v4/bin/../lib/gcc/aarch64-linux-gnu/11.2.0/../../../../include/c++/11.2.0/bits/vector.tcc:115:6
    #7 0x52b994 in Storage_LabelIndex_Test::TestBody() /home/aidar.linux/memgraph/tests/concurrent/storage_indices.cpp:38:15
    #8 0x5f5228 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) (/home/aidar.linux/memgraph/build/tests/concurrent/storage_indices+0x5f5228)
    #9 0x5d91f4 in testing::Test::Run() (/home/aidar.linux/memgraph/build/tests/concurrent/storage_indices+0x5d91f4)
    #10 0x5da558 in testing::TestInfo::Run() (/home/aidar.linux/memgraph/build/tests/concurrent/storage_indices+0x5da558)
    #11 0x5dad40 in testing::TestCase::Run() (/home/aidar.linux/memgraph/build/tests/concurrent/storage_indices+0x5dad40)
    #12 0x5e3d38 in testing::internal::UnitTestImpl::RunAllTests() (/home/aidar.linux/memgraph/build/tests/concurrent/storage_indices+0x5e3d38)
    #13 0x5f600c in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) (/home/aidar.linux/memgraph/build/tests/concurrent/storage_indices+0x5f600c)
    #14 0x5e37d0 in testing::UnitTest::Run() (/home/aidar.linux/memgraph/build/tests/concurrent/storage_indices+0x5e37d0)
    #15 0x53daac in RUN_ALL_TESTS() /home/aidar.linux/memgraph/libs/googletest/include/gtest/gtest.h:2233:46
    #16 0x52deb0 in main /home/aidar.linux/memgraph/tests/concurrent/storage_indices.cpp:208:10
    #17 0xffffabba73f8  (/lib/aarch64-linux-gnu/libc.so.6+0x273f8)
    #18 0xffffabba74c8 in __libc_start_main (/lib/aarch64-linux-gnu/libc.so.6+0x274c8)
    #19 0x45fa6c in _start (/home/aidar.linux/memgraph/build/tests/concurrent/storage_indices+0x45fa6c)

Thread T1 (Storage GC) created by T0 here:
    #0 0x476e00 in __interceptor_pthread_create /root/memgraph/environment/toolchain/build/llvm-13.0.0/projects/compiler-rt/lib/asan/asan_interceptors.cpp:207:3
    #1 0xe7d46c in __gthread_create /root/memgraph/environment/toolchain/build/gcc-11.2.0/build/aarch64-linux-gnu/libstdc++-v3/include/aarch64-linux-gnu/bits/gthr-default.h:663:35
    #2 0xe7d46c in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) /root/memgraph/environment/toolchain/build/gcc-11.2.0/build/aarch64-linux-gnu/libstdc++-v3/src/c++11/../../../../../libstdc++-v3/src/c++11/thread.cc:147:37
    #3 0x958434 in std::thread::thread<void memgraph::utils::Scheduler::Run<long, std::ratio<1l, 1000l> >(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::chrono::duration<long, std::ratio<1l, 1000l> > const&, std::function<void ()> const&)::'lambda'(), void>(long&&) /opt/toolchain-v4/bin/../lib/gcc/aarch64-linux-gnu/11.2.0/../../../../include/c++/11.2.0/bits/std_thread.h:143:2
    #4 0x90b92c in void memgraph::utils::Scheduler::Run<long, std::ratio<1l, 1000l> >(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::chrono::duration<long, std::ratio<1l, 1000l> > const&, std::function<void ()> const&) /home/aidar.linux/memgraph/src/utils/scheduler.hpp:49:15
    #5 0x8b6ef0 in memgraph::storage::Storage::Storage(memgraph::storage::Config) /home/aidar.linux/memgraph/src/storage/v2/storage.cpp:421:16
    #6 0x52b354 in Storage_LabelIndex_Test::TestBody() /home/aidar.linux/memgraph/tests/concurrent/storage_indices.cpp:30:16
    #7 0x5f5228 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) (/home/aidar.linux/memgraph/build/tests/concurrent/storage_indices+0x5f5228)
    #8 0x5d91f4 in testing::Test::Run() (/home/aidar.linux/memgraph/build/tests/concurrent/storage_indices+0x5d91f4)
    #9 0x5da558 in testing::TestInfo::Run() (/home/aidar.linux/memgraph/build/tests/concurrent/storage_indices+0x5da558)
    #10 0x5dad40 in testing::TestCase::Run() (/home/aidar.linux/memgraph/build/tests/concurrent/storage_indices+0x5dad40)
    #11 0x5e3d38 in testing::internal::UnitTestImpl::RunAllTests() (/home/aidar.linux/memgraph/build/tests/concurrent/storage_indices+0x5e3d38)
    #12 0x5f600c in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) (/home/aidar.linux/memgraph/build/tests/concurrent/storage_indices+0x5f600c)
    #13 0x5e37d0 in testing::UnitTest::Run() (/home/aidar.linux/memgraph/build/tests/concurrent/storage_indices+0x5e37d0)
    #14 0x53daac in RUN_ALL_TESTS() /home/aidar.linux/memgraph/libs/googletest/include/gtest/gtest.h:2233:46
    #15 0x52deb0 in main /home/aidar.linux/memgraph/tests/concurrent/storage_indices.cpp:208:10
    #16 0xffffabba73f8  (/lib/aarch64-linux-gnu/libc.so.6+0x273f8)
    #17 0xffffabba74c8 in __libc_start_main (/lib/aarch64-linux-gnu/libc.so.6+0x274c8)
    #18 0x45fa6c in _start (/home/aidar.linux/memgraph/build/tests/concurrent/storage_indices+0x45fa6c)

Thread T7 (mutator0) created by T0 here:
    #0 0x476e00 in __interceptor_pthread_create /root/memgraph/environment/toolchain/build/llvm-13.0.0/projects/compiler-rt/lib/asan/asan_interceptors.cpp:207:3
    #1 0xe7d46c in __gthread_create /root/memgraph/environment/toolchain/build/gcc-11.2.0/build/aarch64-linux-gnu/libstdc++-v3/include/aarch64-linux-gnu/bits/gthr-default.h:663:35
    #2 0xe7d46c in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) /root/memgraph/environment/toolchain/build/gcc-11.2.0/build/aarch64-linux-gnu/libstdc++-v3/src/c++11/../../../../../libstdc++-v3/src/c++11/thread.cc:147:37
    #3 0x531920 in std::thread::thread<Storage_LabelIndex_Test::TestBody()::$_1, void>(Storage_LabelIndex_Test::TestBody()::$_1&&) /opt/toolchain-v4/bin/../lib/gcc/aarch64-linux-gnu/11.2.0/../../../../include/c++/11.2.0/bits/std_thread.h:143:2
    #4 0x5317dc in decltype(new ((void*)(0))std::thread(std::declval<Storage_LabelIndex_Test::TestBody()::$_1>())) std::construct_at<std::thread, Storage_LabelIndex_Test::TestBody()::$_1>(std::thread*, Storage_LabelIndex_Test::TestBody()::$_1&&) /opt/toolchain-v4/bin/../lib/gcc/aarch64-linux-gnu/11.2.0/../../../../include/c++/11.2.0/bits/stl_construct.h:97:39
    #5 0x5311ec in void std::allocator_traits<std::allocator<std::thread> >::construct<std::thread, Storage_LabelIndex_Test::TestBody()::$_1>(std::allocator<std::thread>&, std::thread*, Storage_LabelIndex_Test::TestBody()::$_1&&) /opt/toolchain-v4/bin/../lib/gcc/aarch64-linux-gnu/11.2.0/../../../../include/c++/11.2.0/bits/alloc_traits.h:514:4
    #6 0x52c480 in std::thread& std::vector<std::thread, std::allocator<std::thread> >::emplace_back<Storage_LabelIndex_Test::TestBody()::$_1>(Storage_LabelIndex_Test::TestBody()::$_1&&) /opt/toolchain-v4/bin/../lib/gcc/aarch64-linux-gnu/11.2.0/../../../../include/c++/11.2.0/bits/vector.tcc:115:6
    #7 0x52bb80 in Storage_LabelIndex_Test::TestBody() /home/aidar.linux/memgraph/tests/concurrent/storage_indices.cpp:75:14
    #8 0x5f5228 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) (/home/aidar.linux/memgraph/build/tests/concurrent/storage_indices+0x5f5228)
    #9 0x5d91f4 in testing::Test::Run() (/home/aidar.linux/memgraph/build/tests/concurrent/storage_indices+0x5d91f4)
    #10 0x5da558 in testing::TestInfo::Run() (/home/aidar.linux/memgraph/build/tests/concurrent/storage_indices+0x5da558)
    #11 0x5dad40 in testing::TestCase::Run() (/home/aidar.linux/memgraph/build/tests/concurrent/storage_indices+0x5dad40)
    #12 0x5e3d38 in testing::internal::UnitTestImpl::RunAllTests() (/home/aidar.linux/memgraph/build/tests/concurrent/storage_indices+0x5e3d38)
    #13 0x5f600c in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) (/home/aidar.linux/memgraph/build/tests/concurrent/storage_indices+0x5f600c)
    #14 0x5e37d0 in testing::UnitTest::Run() (/home/aidar.linux/memgraph/build/tests/concurrent/storage_indices+0x5e37d0)
    #15 0x53daac in RUN_ALL_TESTS() /home/aidar.linux/memgraph/libs/googletest/include/gtest/gtest.h:2233:46
    #16 0x52deb0 in main /home/aidar.linux/memgraph/tests/concurrent/storage_indices.cpp:208:10
    #17 0xffffabba73f8  (/lib/aarch64-linux-gnu/libc.so.6+0x273f8)
    #18 0xffffabba74c8 in __libc_start_main (/lib/aarch64-linux-gnu/libc.so.6+0x274c8)
    #19 0x45fa6c in _start (/home/aidar.linux/memgraph/build/tests/concurrent/storage_indices+0x45fa6c)

SUMMARY: AddressSanitizer: heap-use-after-free /opt/toolchain-v4/bin/../lib/gcc/aarch64-linux-gnu/11.2.0/../../../../include/c++/11.2.0/bits/atomic_base.h:481:9 in std::__atomic_base<unsigned long>::load(std::memory_order) const
Shadow bytes around the buggy address:
  0x200ff36bfe90: fa fa fa fa fa fa fd fa fa fa fd fa fa fa fd fa
  0x200ff36bfea0: fa fa fa fa fa fa fd fa fa fa fd fa fa fa fd fa
  0x200ff36bfeb0: fa fa fa fa fa fa fd fa fa fa fd fa fa fa fd fa
  0x200ff36bfec0: fa fa fa fa fa fa fd fa fa fa fd fa fa fa fd fa
  0x200ff36bfed0: fa fa fa fa fa fa fd fa fa fa fd fa fa fa fd fa
=>0x200ff36bfee0: fa fa fa fa fa fa[fd]fa fa fa fd fa fa fa fd fa
  0x200ff36bfef0: fa fa fa fa fa fa fd fa fa fa fd fa fa fa fd fa
  0x200ff36bff00: fa fa fa fa fa fa fd fa fa fa fd fa fa fa fd fa
  0x200ff36bff10: fa fa fa fa fa fa fd fa fa fa fd fa fa fa fd fa
  0x200ff36bff20: fa fa fa fa fa fa fd fa fa fa fd fa fa fa fd fa
  0x200ff36bff30: fa fa fa fa fa fa fd fa fa fa fd fa fa fa fd fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==973327==ABORTING
gitbuda commented 1 year ago

Nice! @Darych, do you have an idea how to fix it? 👀

Darych commented 1 year ago

Currently, I don't know but I plan to find a way :)