Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Failing NAPI test with debug ASAN build #14

Open
trevnorris opened this issue Oct 31, 2023 · 0 comments
Open

Failing NAPI test with debug ASAN build #14

trevnorris opened this issue Oct 31, 2023 · 0 comments
Assignees

Comments

@trevnorris
Copy link
Contributor

The following usually reproduces the issue:

$ ./configure --enable-asan --debug
$ make -j16 test-build-js-native-api
$ for i in $(seq 1 4); do ./out/Debug/nsolid test/js-native-api/test_object/test.js & done

Which can produce the following ASAN output:

ASAN output
test/js-native-api/test_object/test.js
=================================================================
==931054==ERROR: AddressSanitizer: heap-use-after-free on address 0x6110000439e8 at pc 0x5654dd028aa2 bp 0x7ffc1ddb7090 sp 0x7ffc1ddb7088
READ of size 8 at 0x6110000439e8 thread T0
    #0 0x5654dd028aa1 in std::_Hashtable, std::__detail::_Identity, std::equal_to, std::hash, std::__detail::_Mod_range_hashing, std::__detail::_Default_ranged_hash, std::__detail::_Prime_rehash_policy, std::__detail::_Hashtable_traits >::size() const /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/hashtable.h:649:16
    #1 0x5654dd033c74 in std::_Hashtable, std::__detail::_Identity, std::equal_to, std::hash, std::__detail::_Mod_range_hashing, std::__detail::_Default_ranged_hash, std::__detail::_Prime_rehash_policy, std::__detail::_Hashtable_traits >::empty() const /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/hashtable.h:653:16
    #2 0x5654dd025564 in std::unordered_set, std::equal_to, std::allocator >::empty() const /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/unordered_set.h:300:21
    #3 0x5654dd01046c in node_napi_env__::DrainFinalizerQueue() /var/projects/nodesource/nsolid-v20/out/../src/node_api.cc:72:30
    #4 0x5654dd023ec0 in node_napi_env__::EnqueueFinalizer(v8impl::RefTracker*)::$_0::operator()(node::Environment*) const /var/projects/nodesource/nsolid-v20/out/../src/node_api.cc:63:7
    #5 0x5654dd023dd7 in node::CallbackQueue::CallbackImpl::Call(node::Environment*) /var/projects/nodesource/nsolid-v20/out/../src/callback_queue-inl.h:90:10
    #6 0x5654dcea71ac in node::Environment::RunAndClearNativeImmediates(bool)::$_8::operator()(node::CallbackQueue*) const /var/projects/nodesource/nsolid-v20/out/../src/env.cc:1240:15
    #7 0x5654dcea460b in node::Environment::RunAndClearNativeImmediates(bool) /var/projects/nodesource/nsolid-v20/out/../src/env.cc:1253:10
    #8 0x5654dcea3726 in node::Environment::CleanupHandles() /var/projects/nodesource/nsolid-v20/out/../src/env.cc:1100:3
    #9 0x5654dcea6031 in node::Environment::RunCleanup() /var/projects/nodesource/nsolid-v20/out/../src/env.cc:1177:5
    #10 0x5654dcc4c5aa in node::FreeEnvironment(node::Environment*) /var/projects/nodesource/nsolid-v20/out/../src/api/environment.cc:506:10
    #11 0x5654dcc3b348 in node::FunctionDeleter::operator()(node::Environment*) const /var/projects/nodesource/nsolid-v20/out/../src/util.h:675:39
    #12 0x5654dcc3b1c0 in std::unique_ptr >::~unique_ptr() /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/unique_ptr.h:396:4
    #13 0x5654dd36e5a8 in node::NodeMainInstance::Run() /var/projects/nodesource/nsolid-v20/out/../src/node_main_instance.cc:92:1
    #14 0x5654dcff3cb0 in node::StartInternal(int, char**) /var/projects/nodesource/nsolid-v20/out/../src/node.cc:1384:24
    #15 0x5654dcff33d8 in node::Start(int, char**) /var/projects/nodesource/nsolid-v20/out/../src/node.cc:1391:27
    #16 0x5654e2220391 in main /var/projects/nodesource/nsolid-v20/out/../src/node_main.cc:97:10
    #17 0x7fa2d0429d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #18 0x7fa2d0429e3f in __libc_start_main csu/../csu/libc-start.c:392:3
    #19 0x5654dcb632f4 in _start (/var/projects/nodesource/nsolid-v20/out/Debug/nsolid+0x23632f4) (BuildId: 8fe0b597538bf75b8910d90b631446b6588fc07a)
0x6110000439e8 is located 104 bytes inside of 232-byte region [0x611000043980,0x611000043a68)
freed by thread T0 here:
    #0 0x5654dcc2176d in operator delete(void*) (/var/projects/nodesource/nsolid-v20/out/Debug/nsolid+0x242176d) (BuildId: 8fe0b597538bf75b8910d90b631446b6588fc07a)
    #1 0x5654dd0269c1 in node_napi_env__::~node_napi_env__() /var/projects/nodesource/nsolid-v20/out/../src/node_api_internals.h:11:8
    #2 0x5654dd024eac in napi_env__::DeleteMe() /var/projects/nodesource/nsolid-v20/out/../src/js_native_api_v8.h:130:5
    #3 0x5654dd010377 in node_napi_env__::DeleteMe() /var/projects/nodesource/nsolid-v20/out/../src/node_api.cc:32:15
    #4 0x5654dd02acdb in napi_env__::Unref() /var/projects/nodesource/nsolid-v20/out/../src/js_native_api_v8.h:68:22
    #5 0x5654dd023eb7 in node_napi_env__::EnqueueFinalizer(v8impl::RefTracker*)::$_0::operator()(node::Environment*) const /var/projects/nodesource/nsolid-v20/out/../src/node_api.cc:62:7
    #6 0x5654dd023dd7 in node::CallbackQueue::CallbackImpl::Call(node::Environment*) /var/projects/nodesource/nsolid-v20/out/../src/callback_queue-inl.h:90:10                                                                              
    #7 0x5654dcea71ac in node::Environment::RunAndClearNativeImmediates(bool)::$_8::operator()(node::CallbackQueue*) const /var/projects/nodesource/nsolid-v20/out/../src/env.cc:1240:15
    #8 0x5654dcea460b in node::Environment::RunAndClearNativeImmediates(bool) /var/projects/nodesource/nsolid-v20/out/../src/env.cc:1253:10
    #9 0x5654dcea3726 in node::Environment::CleanupHandles() /var/projects/nodesource/nsolid-v20/out/../src/env.cc:1100:3
    #10 0x5654dcea6031 in node::Environment::RunCleanup() /var/projects/nodesource/nsolid-v20/out/../src/env.cc:1177:5
    #11 0x5654dcc4c5aa in node::FreeEnvironment(node::Environment*) /var/projects/nodesource/nsolid-v20/out/../src/api/environment.cc:506:10                                                                                                                                                                                       
    #12 0x5654dcc3b348 in node::FunctionDeleter::operator()(node::Environment*) const /var/projects/nodesource/nsolid-v20/out/../src/util.h:675:39
    #13 0x5654dcc3b1c0 in std::unique_ptr >::~unique_ptr() /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/unique_ptr.h:396:4
    #14 0x5654dd36e5a8 in node::NodeMainInstance::Run() /var/projects/nodesource/nsolid-v20/out/../src/node_main_instance.cc:92:1
    #15 0x5654dcff3cb0 in node::StartInternal(int, char**) /var/projects/nodesource/nsolid-v20/out/../src/node.cc:1384:24
    #16 0x5654dcff33d8 in node::Start(int, char**) /var/projects/nodesource/nsolid-v20/out/../src/node.cc:1391:27
    #17 0x5654e2220391 in main /var/projects/nodesource/nsolid-v20/out/../src/node_main.cc:97:10
    #18 0x7fa2d0429d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
previously allocated by thread T0 here:
    #0 0x5654dcc20f0d in operator new(unsigned long) (/var/projects/nodesource/nsolid-v20/out/Debug/nsolid+0x2420f0d) (BuildId: 8fe0b597538bf75b8910d90b631446b6588fc07a)
    #1 0x5654dd012c7a in v8impl::(anonymous namespace)::NewEnv(v8::Local, std::__cxx11::basic_string, std::allocator > const&, int) /var/projects/nodesource/nsolid-v20/out/../src/node_api.cc:188:12
    #2 0x5654dd01260b in napi_module_register_by_symbol(v8::Local, v8::Local, v8::Local, napi_value__* (*)(napi_env__*, napi_value__*), int) /var/projects/nodesource/nsolid-v20/out/../src/node_api.cc:727:18
    #3 0x5654dd03b246 in node::binding::DLOpen(v8::FunctionCallbackInfo const&)::$_0::operator()(node::binding::DLib*) const /var/projects/nodesource/nsolid-v20/out/../src/node_binding.cc:501:9
    #4 0x5654dd03a623 in bool std::__invoke_impl const&)::$_0&, node::binding::DLib*>(std::__invoke_other, node::binding::DLOpen(v8::FunctionCallbackInfo const&)::$_0&, node::binding::DLib*&&) /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../.. /include/c++/12/bits/invoke.h:61:14
    #5 0x5654dd03a581 in std::enable_if const&)::$_0&, node::binding::DLib*>, bool>::type std::__invoke_r const&)::$_0&, node::binding::DLib*>(node::binding::DLOpen(v8::FunctionCallbackInfo const&)::$_0&, node::binding::DLib*&&) /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/invoke.h:114:9
    #6 0x5654dd03a421 in std::_Function_handler const&)::$_0>::_M_invoke(std::_Any_data const&, node::binding::DLib*&&) /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/std_function.h:290:9
    #7 0x5654dcee2999 in std::function::operator()(node::binding::DLib*) const /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/std_function.h:591:9
    #8 0x5654dce9b20d in node::Environment::TryLoadAddon(char const*, int, std::function const&) /var/projects/nodesource/nsolid-v20/out/../src/env.cc:684:8
    #9 0x5654dd03540f in node::binding::DLOpen(v8::FunctionCallbackInfo const&) /var/projects/nodesource/nsolid-v20/out/../src/node_binding.cc:459:8
    #10 0x5654de1e00c9 in v8::internal::FunctionCallbackArguments::Call(v8::internal::CallHandlerInfo) /var/projects/nodesource/nsolid-v20/out/../deps/v8/src/api/api-arguments-inl.h:146:3
    #11 0x5654de1ddf48 in v8::internal::MaybeHandle v8::internal::(anonymous namespace)::HandleApiCallHelper(v8::internal::Isolate*, v8::internal::Handle, v8::internal::Handle, v8::internal::Handle, unsigned long*, int) /var/projects/nodesource/nsolid-v20/out/../deps/v8/src/builtins/builtins-api.cc:113:36
    #12 0x5654de1dadb1 in v8::internal::Builtin_Impl_HandleApiCall(v8::internal::BuiltinArguments, v8::internal::Isolate*) /var/projects/nodesource/nsolid-v20/out/../deps/v8/src/builtins/builtins-api.cc:144:5
    #13 0x5654de1dadb1 in v8::internal::Builtin_HandleApiCall(int, unsigned long*, v8::internal::Isolate*) /var/projects/nodesource/nsolid-v20/out/../deps/v8/src/builtins/builtins-api.cc:135:1
    #14 0x5654e1832075 in Builtins_CEntry_Return1_ArgvOnStack_BuiltinExit embedded.o
    #15 0x5654e1790a9b in Builtins_InterpreterEntryTrampoline embedded.o
    #16 0x5654e1790a9b in Builtins_InterpreterEntryTrampoline embedded.o
    #17 0x5654e1790a9b in Builtins_InterpreterEntryTrampoline embedded.o
    #18 0x56546194b04c  ()
    #19 0x56546194a4ce  ()
    #20 0x5654e1790a9b in Builtins_InterpreterEntryTrampoline embedded.o
    #21 0x5654e1790a9b in Builtins_InterpreterEntryTrampoline embedded.o
    #22 0x5654e1790a9b in Builtins_InterpreterEntryTrampoline embedded.o
    #23 0x5654e1790a9b in Builtins_InterpreterEntryTrampoline embedded.o
    #24 0x5654e1790a9b in Builtins_InterpreterEntryTrampoline embedded.o
    #25 0x5654e1790a9b in Builtins_InterpreterEntryTrampoline embedded.o
    #26 0x5654e1790a9b in Builtins_InterpreterEntryTrampoline embedded.o
    #27 0x5654e178e81b in Builtins_JSEntryTrampoline embedded.o
    #28 0x5654e178e542 in Builtins_JSEntry embedded.o
    #29 0x5654de735a42 in v8::internal::GeneratedCode::Call(unsigned long, unsigned long, unsigned long, unsigned long, long, unsigned long**) /var/projects/nodesource/nsolid-v20/out/../deps/v8/src/execution/simulator.h:154:12
    #30 0x5654de735a42 in v8::internal::(anonymous namespace)::Invoke(v8::internal::Isolate*, v8::internal::(anonymous namespace)::InvokeParams const&) /var/projects/nodesource/nsolid-v20/out/../deps/v8/src/execution/execution.cc:427:33
    #31 0x5654de734873 in v8::internal::Execution::Call(v8::internal::Isolate*, v8::internal::Handle, v8::internal::Handle, int, v8::internal::Handle*) /var/projects/nodesource/nsolid-v20/out/../deps/v8/src/execution/execution.cc:529:10
SUMMARY: AddressSanitizer: heap-use-after-free /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/hashtable.h:649:16 in std::_Hashtable, std::__detail::_Identity, std::equal_to, std::hash, std::__detail::_Mod_range_hashing, std::__detail::_Default_ranged_hash, std::__detail::_Prime_rehash_policy, std::__detail::_Hashtable_traits >::size() const
Shadow bytes around the buggy address:
  0x0c22800006e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c22800006f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2280000700: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
  0x0c2280000710: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2280000720: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
=>0x0c2280000730: fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]fd fd
  0x0c2280000740: fd fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa
  0x0c2280000750: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
  0x0c2280000760: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2280000770: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
  0x0c2280000780: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==931054==ABORTING

It's interesting to note that nothing NSolid specific is in the call stacks, but so far I haven't been able to replicate this issue in vanilla Node.js.

@trevnorris trevnorris self-assigned this Oct 31, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant