search

uchenily / uvio

c++20 coroutines runtime driven by libuv
MIT License
5 stars 0 forks source link

run gtest TestTcpListener.ListenAndAccept core dump #2

Closed uchenily closed 3 months ago

uchenily commented 4 months ago

2024-05-09 09:33:36.153 |DEBUG| ../uvio/runtime.hpp:41 spawn task ... [==========] Running 9 tests from 4 test suites. [----------] Global test environment set-up. [----------] 1 test from TestSuiteName [ RUN ] TestSuiteName.TestName [ OK ] TestSuiteName.TestName (0 ms) [----------] 1 test from TestSuiteName (0 ms total)

[----------] 2 tests from TestFixtureName [ RUN ] TestFixtureName.TestName [ OK ] TestFixtureName.TestName (0 ms) [ RUN ] TestFixtureName.TestName2 [ OK ] TestFixtureName.TestName2 (0 ms) [----------] 2 tests from TestFixtureName (0 ms total)

[----------] 1 test from TestTcpListener [ RUN ] TestTcpListener.ListenAndAccept 2024-05-09 09:33:36.154 |DEBUG| ../uvio/runtime.hpp:43 spawn end. 2024-05-09 09:33:36.154 |DEBUG| ../uvio/runtime.hpp:41 spawn task ... 2024-05-09 09:33:36.154 |DEBUG| ../uvio/runtime.hpp:43 spawn end. 2024-05-09 09:33:36.154 |DEBUG| ../uvio/runtime.hpp:26 loop run ... /__w/_temp/8317d7c6-753c-4db3-89c4-a6b6c67a5ac4.sh: line 3: 1696 Segmentation fault (core dumped) ./build/tests/gtests/all_gtests Error: Process completed with exit code 139.

https://github.com/uchenily/uvio/actions/runs/9015311335/job/24769680565

uchenily commented 4 months ago 
2024-05-09 12:34:14.914 |DEBUG| ../uvio/runtime.hpp:26 loop run ...
2024-05-09 12:34:14.914 |DEBUG| ../uvio/runtime.hpp:41 spawn task ...
2024-05-09 12:34:14.915 |DEBUG| ../uvio/runtime.hpp:43 spawn end.
2024-05-09 12:34:14.915 |DEBUG| ../uvio/runtime.hpp:41 spawn task ...
2024-05-09 12:34:14.915 |DEBUG| ../uvio/runtime.hpp:43 spawn end.
=================================================================
==664==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x513000000001 at pc 0x55e3f37bb41f bp 0x7ffc757b1d50 sp 0x7ffc757b1d48
READ of size 8 at 0x513000000001 thread T0
    #0 0x55e3f37bb41e in main::$_0::operator()() const (.resume) test_coredump.cpp
    #1 0x55e3f37b8941 in main (/__w/uvio/uvio/build/tests/test_coredump+0x10a941) (BuildId: 826358e8fb7190f0304987aa7c74b24248285ecd)
    #2 0x7fea3bf2cd8f  (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f) (BuildId: 962015aa9d133c6cbcfb31ec300596d7f44d3348)
    #3 0x7fea3bf2ce3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e3f) (BuildId: 962015aa9d133c6cbcfb31ec300596d7f44d3348)
    #4 0x55e3f36dd644 in _start (/__w/uvio/uvio/build/tests/test_coredump+0x2f644) (BuildId: 826358e8fb7190f0304987aa7c74b24248285ecd)

0x513000000001 is located 63 bytes before 352-byte region [0x513000000040,0x5130000001a0)
allocated by thread T0 here:
    #0 0x55e3f37b645d in operator new(unsigned long) (/__w/uvio/uvio/build/tests/test_coredump+0x10845d) (BuildId: 826358e8fb7190f0304987aa7c74b24248285ecd)
    #1 0x55e3f37bae43 in main::$_0::operator()() const (.resume) test_coredump.cpp
    #2 0x55e3f37b8941 in main (/__w/uvio/uvio/build/tests/test_coredump+0x10a941) (BuildId: 826358e8fb7190f0304987aa7c74b24248285ecd)
    #3 0x7fea3bf2cd8f  (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f) (BuildId: 962015aa9d133c6cbcfb31ec300596d7f44d3348)

SUMMARY: AddressSanitizer: heap-buffer-overflow test_coredump.cpp in main::$_0::operator()() const (.resume)
Shadow bytes around the buggy address:
  0x512ffffffd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x512ffffffe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x512ffffffe80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x512fffffff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x512fffffff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x513000000000:[fa]fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x513000000080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x513000000100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x513000000180: 00 00 00 00 fa fa fa fa fa fa fa fa fa fa fa fa
  0x513000000200: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x513000000280: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==664==ABORTING
Error: Process completed with exit code 1.

https://github.com/uchenily/uvio/actions/runs/9017323185/job/24775608773?pr=3

uchenily commented 4 months ago

clang++ 测试test_latch -Dbuildtype=debug -Db_sanitize=address 时会出现问题. 不加asan运行正常

# ./build/tests/test_latch
=================================================================
==166481==ERROR: AddressSanitizer: heap-use-after-free on address 0x507000ab0d28 at pc 0x590c5ae79022 bp 0x7ffdb5246700 sp 0x7ffdb52466f8
WRITE of size 8 at 0x507000ab0d28 thread T0
    #0 0x590c5ae79021 in std::__1::coroutine_handle<void>::operator=[abi:se170006](std::nullptr_t) /usr/bin/../include/c++/v1/__coroutine/coroutine_handle.h:43:19
    #1 0x590c5ae78c98 in uvio::sync::Latch::notify_all() /root/uvio/build/../uvio/sync/latch.hpp:80:27
    #2 0x590c5ae78bd0 in uvio::sync::Latch::count_down(long) /root/uvio/build/../uvio/sync/latch.hpp:53:13
    #3 0x590c5ae77ad8 in uvio::sync::Latch::arrive_and_wait(long) /root/uvio/build/../uvio/sync/latch.hpp:69:9
    #4 0x590c5ae74db2 in test(long) (.resume) /root/uvio/build/../tests/test_latch.cpp:24:20
    #5 0x590c5ae7ba4d in std::__1::coroutine_handle<uvio::detail::TaskPromise<void>>::resume[abi:se170006]() const /usr/bin/../include/c++/v1/__coroutine/coroutine_handle.h:167:9
    #6 0x590c5ae72665 in uvio::block_on(uvio::Task<void>&&) /root/uvio/build/../uvio/runtime.hpp:27:12
    #7 0x590c5ae721fc in main /root/uvio/build/../tests/test_latch.cpp:31:5
    #8 0x73e86214bd49  (/usr/lib/libc.so.6+0x25d49) (BuildId: 915eeec6439cfded1125deefc44a8d73e57873d9)
    #9 0x73e86214be0b in __libc_start_main (/usr/lib/libc.so.6+0x25e0b) (BuildId: 915eeec6439cfded1125deefc44a8d73e57873d9)
    #10 0x590c5ad36374 in _start (/root/uvio/build/tests/test_latch+0x30374) (BuildId: d50d0ab2ace9d21b4bad372daf6b4f54e6244978)

0x507000ab0d28 is located 24 bytes inside of 72-byte region [0x507000ab0d10,0x507000ab0d58)
freed by thread T0 here:
    #0 0x590c5ae6e06a in operator delete(void*) (/root/uvio/build/tests/test_latch+0x16806a) (BuildId: d50d0ab2ace9d21b4bad372daf6b4f54e6244978)
    #1 0x590c5ae73cb8 in latch_test(uvio::sync::Latch&, std::__1::atomic<unsigned long>&) (.destroy) /root/uvio/build/../tests/test_latch.cpp:8:6
    #2 0x590c5ae7aabc in std::__1::coroutine_handle<uvio::detail::TaskPromise<void>>::destroy[abi:se170006]() const /usr/bin/../include/c++/v1/__coroutine/coroutine_handle.h:173:9
    #3 0x590c5ae780e8 in uvio::detail::TaskPromise<void>::final_suspend()::FinalAwaiter::await_suspend(std::__1::coroutine_handle<uvio::detail::TaskPromise<void>>) const /root/uvio/build/../uvio/coroutine/task.hpp:31:32
    #4 0x590c5ae73103 in latch_test(uvio::sync::Latch&, std::__1::atomic<unsigned long>&) (.resume) /root/uvio/build/../tests/test_latch.cpp:8:6
    #5 0x590c5ae78fdd in std::__1::coroutine_handle<void>::resume[abi:se170006]() const /usr/bin/../include/c++/v1/__coroutine/coroutine_handle.h:78:9
    #6 0x590c5ae78c8b in uvio::sync::Latch::notify_all() /root/uvio/build/../uvio/sync/latch.hpp:78:31
    #7 0x590c5ae78bd0 in uvio::sync::Latch::count_down(long) /root/uvio/build/../uvio/sync/latch.hpp:53:13
    #8 0x590c5ae77ad8 in uvio::sync::Latch::arrive_and_wait(long) /root/uvio/build/../uvio/sync/latch.hpp:69:9
    #9 0x590c5ae74db2 in test(long) (.resume) /root/uvio/build/../tests/test_latch.cpp:24:20
    #10 0x590c5ae7ba4d in std::__1::coroutine_handle<uvio::detail::TaskPromise<void>>::resume[abi:se170006]() const /usr/bin/../include/c++/v1/__coroutine/coroutine_handle.h:167:9
    #11 0x590c5ae72665 in uvio::block_on(uvio::Task<void>&&) /root/uvio/build/../uvio/runtime.hpp:27:12
    #12 0x590c5ae721fc in main /root/uvio/build/../tests/test_latch.cpp:31:5
    #13 0x73e86214bd49  (/usr/lib/libc.so.6+0x25d49) (BuildId: 915eeec6439cfded1125deefc44a8d73e57873d9)
    #14 0x73e86214be0b in __libc_start_main (/usr/lib/libc.so.6+0x25e0b) (BuildId: 915eeec6439cfded1125deefc44a8d73e57873d9)
    #15 0x590c5ad36374 in _start (/root/uvio/build/tests/test_latch+0x30374) (BuildId: d50d0ab2ace9d21b4bad372daf6b4f54e6244978)

previously allocated by thread T0 here:
    #0 0x590c5ae6d5d2 in operator new(unsigned long) (/root/uvio/build/tests/test_latch+0x1675d2) (BuildId: d50d0ab2ace9d21b4bad372daf6b4f54e6244978)
    #1 0x590c5ae702a0 in latch_test(uvio::sync::Latch&, std::__1::atomic<unsigned long>&) /root/uvio/build/../tests/test_latch.cpp:8:6
    #2 0x590c5ae74cf8 in test(long) (.resume) /root/uvio/build/../tests/test_latch.cpp:21:15
    #3 0x590c5ae7ba4d in std::__1::coroutine_handle<uvio::detail::TaskPromise<void>>::resume[abi:se170006]() const /usr/bin/../include/c++/v1/__coroutine/coroutine_handle.h:167:9
    #4 0x590c5ae72665 in uvio::block_on(uvio::Task<void>&&) /root/uvio/build/../uvio/runtime.hpp:27:12
    #5 0x590c5ae721fc in main /root/uvio/build/../tests/test_latch.cpp:31:5
    #6 0x73e86214bd49  (/usr/lib/libc.so.6+0x25d49) (BuildId: 915eeec6439cfded1125deefc44a8d73e57873d9)
    #7 0x73e86214be0b in __libc_start_main (/usr/lib/libc.so.6+0x25e0b) (BuildId: 915eeec6439cfded1125deefc44a8d73e57873d9)
    #8 0x590c5ad36374 in _start (/root/uvio/build/tests/test_latch+0x30374) (BuildId: d50d0ab2ace9d21b4bad372daf6b4f54e6244978)

SUMMARY: AddressSanitizer: heap-use-after-free /usr/bin/../include/c++/v1/__coroutine/coroutine_handle.h:43:19 in std::__1::coroutine_handle<void>::operator=[abi:se170006](std::nullptr_t)
Shadow bytes around the buggy address:
  0x507000ab0a80: 00 00 00 00 00 00 00 fa fa fa fa fa 00 00 00 00
  0x507000ab0b00: 00 00 00 00 00 fa fa fa fa fa 00 00 00 00 00 00
  0x507000ab0b80: 00 00 00 fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x507000ab0c00: 00 fa fa fa fa fa 00 00 00 00 00 00 00 00 00 fa
  0x507000ab0c80: fa fa fa fa 00 00 00 00 00 00 00 00 00 fa fa fa
=>0x507000ab0d00: fa fa fd fd fd[fd]fd fd fd fd fd fa fa fa fa fa
  0x507000ab0d80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x507000ab0e00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x507000ab0e80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x507000ab0f00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x507000ab0f80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==166481==ABORTING
uchenily commented 4 months ago

zedio enable asan (GCC)

+set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=address -fno-omit-frame-pointer")
+set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fsanitize=address")

latch_test

2024-05-09 22:27:38.780 [INFO ] 168218 ZEDIO-WORKER-0 /root/zedio/tests/latch_test.cpp:30 expected: 100000, actual 100000
2024-05-09 22:27:38.780 [TRACE] 168218 ZEDIO-WORKER-0 /root/zedio/zedio/runtime/driver.hpp:68 poll 1 io events, 0 timer events
2024-05-09 22:27:38.780 [TRACE] 168218 ZEDIO-WORKER-0 /root/zedio/zedio/runtime/current_thread/worker.hpp:44 stop

=================================================================
==168218==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 104 byte(s) in 1 object(s) allocated from:
    #0 0x7c414e8e0002 in operator new(unsigned long) /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_new_delete.cpp:95
    #1 0x5d36183d6927 in latch_test(zedio::sync::Latch&, unsigned long, std::atomic<unsigned long>&) /root/zedio/tests/latch_test.cpp:17
    #2 0x5d36183d7da6 in test /root/zedio/tests/latch_test.cpp:25
    #3 0x5d36183d913d in operator() /root/zedio/zedio/runtime/runtime.hpp:18
    #4 0x5d36183e016b in std::__n4861::coroutine_handle<void>::resume() const /usr/include/c++/13.2.1/coroutine:135
    #5 0x5d36183e54e0 in zedio::runtime::current_thread::Worker::execute_task(std::__n4861::coroutine_handle<void>) /root/zedio/zedio/runtime/current_thread/worker.hpp:77
    #6 0x5d36183e4f62 in zedio::runtime::current_thread::Worker::run() /root/zedio/zedio/runtime/current_thread/worker.hpp:34
    #7 0x5d36183e670d in zedio::runtime::current_thread::Handle::wait() /root/zedio/zedio/runtime/current_thread/handle.hpp:28
    #8 0x5d36183f52c7 in zedio::runtime::detail::Runtime<zedio::runtime::current_thread::Handle>::block_on(zedio::async::Task<void>&&) /root/zedio/zedio/runtime/runtime.hpp:32
    #9 0x5d36183d88a5 in main /root/zedio/tests/latch_test.cpp:36
    #10 0x7c414e241d49  (/usr/lib/libc.so.6+0x25d49) (BuildId: 915eeec6439cfded1125deefc44a8d73e57873d9)
    #11 0x7c414e241e0b in __libc_start_main (/usr/lib/libc.so.6+0x25e0b) (BuildId: 915eeec6439cfded1125deefc44a8d73e57873d9)
    #12 0x5d36183d58a4 in _start (/root/zedio/build/tests/latch_test+0xb8a4) (BuildId: c341ba87b0e24af1237c0712886b80079a8dcd65)

Indirect leak of 10395632 byte(s) in 99958 object(s) allocated from:
    #0 0x7c414e8e0002 in operator new(unsigned long) /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_new_delete.cpp:95
    #1 0x5d36183d6927 in latch_test(zedio::sync::Latch&, unsigned long, std::atomic<unsigned long>&) /root/zedio/tests/latch_test.cpp:17
    #2 0x5d36183d7da6 in test /root/zedio/tests/latch_test.cpp:25
    #3 0x5d36183d913d in operator() /root/zedio/zedio/runtime/runtime.hpp:18
    #4 0x5d36183e016b in std::__n4861::coroutine_handle<void>::resume() const /usr/include/c++/13.2.1/coroutine:135
    #5 0x5d36183e54e0 in zedio::runtime::current_thread::Worker::execute_task(std::__n4861::coroutine_handle<void>) /root/zedio/zedio/runtime/current_thread/worker.hpp:77
    #6 0x5d36183e4f62 in zedio::runtime::current_thread::Worker::run() /root/zedio/zedio/runtime/current_thread/worker.hpp:34
    #7 0x5d36183e670d in zedio::runtime::current_thread::Handle::wait() /root/zedio/zedio/runtime/current_thread/handle.hpp:28
    #8 0x5d36183f52c7 in zedio::runtime::detail::Runtime<zedio::runtime::current_thread::Handle>::block_on(zedio::async::Task<void>&&) /root/zedio/zedio/runtime/runtime.hpp:32
    #9 0x5d36183d88a5 in main /root/zedio/tests/latch_test.cpp:36
    #10 0x7c414e241d49  (/usr/lib/libc.so.6+0x25d49) (BuildId: 915eeec6439cfded1125deefc44a8d73e57873d9)
    #11 0x7c414e241e0b in __libc_start_main (/usr/lib/libc.so.6+0x25e0b) (BuildId: 915eeec6439cfded1125deefc44a8d73e57873d9)
    #12 0x5d36183d58a4 in _start (/root/zedio/build/tests/latch_test+0xb8a4) (BuildId: c341ba87b0e24af1237c0712886b80079a8dcd65)

SUMMARY: AddressSanitizer: 10395736 byte(s) leaked in 99959 allocation(s).