[jira] [Created] (TS-4652) ASAN issue with logging with gcc 6.1.1

Bryan Call (JIRA) Tue, 12 Jul 2016 12:13:42 -0700

Bryan Call created TS-4652:
------------------------------

             Summary: ASAN issue with logging with gcc 6.1.1
                 Key: TS-4652
                 URL: https://issues.apache.org/jira/browse/TS-4652
             Project: Traffic Server
          Issue Type: Bug
            Reporter: Bryan Call



Doesn't happen all the time, but enough to make it difficult to do development:
{code}
[bcall@homer trafficserver]$ sudo /usr/local/bin/traffic_server
traffic_server: using root directory '/usr/local'
=================================================================
==13717==ERROR: AddressSanitizer: heap-buffer-overflow on address 
0x61600004fa98 at pc 0x7fe847e44a41 bp 0x7ffdb0ec75b0 sp 0x7ffdb0ec6d28
READ of size 518 at 0x61600004fa98 thread T0
    #0 0x7fe847e44a40  (/lib64/libasan.so.3+0x8ea40)
    #1 0x7fe847e46cad in __interceptor_vsnprintf (/lib64/libasan.so.3+0x90cad)
    #2 0x7fe847e47030 in __interceptor_snprintf (/lib64/libasan.so.3+0x91030)
    #3 0x8cfc63 in LogConfig::update_space_used() 
/home/bcall/dev/apache/trafficserver/proxy/logging/LogConfig.cc:786
    #4 0x8da373 in LogConfig::init(LogConfig*) 
/home/bcall/dev/apache/trafficserver/proxy/logging/LogConfig.cc:392
    #5 0x499024 in main /home/bcall/dev/apache/trafficserver/proxy/Main.cc:1833
    #6 0x7fe844d8e730 in __libc_start_main (/lib64/libc.so.6+0x20730)
    #7 0x4a9898 in _start (/usr/local/bin/traffic_server+0x4a9898)

0x61600004fa98 is located 0 bytes to the right of 536-byte region 
[0x61600004f880,0x61600004fa98)
allocated by thread T14 ([LOG_FLUSH]) here:
    #0 0x7fe847e7ce20 in malloc (/lib64/libasan.so.3+0xc6e20)
    #1 0x7fe847b850d5 in ats_malloc 
/home/bcall/dev/apache/trafficserver/lib/ts/ink_memory.cc:59
    #2 0x8d0dec in LogConfig::update_space_used() 
/home/bcall/dev/apache/trafficserver/proxy/logging/LogConfig.cc:774
    #3 0x8b2bd4 in Log::periodic_tasks(long) 
/home/bcall/dev/apache/trafficserver/proxy/logging/Log.cc:239
    #4 0x8b4fd2 in Log::flush_thread_main(void*) 
/home/bcall/dev/apache/trafficserver/proxy/logging/Log.cc:1308
    #5 0x8bdbcc in LoggingFlushContinuation::mainEvent(int, void*) 
/home/bcall/dev/apache/trafficserver/proxy/logging/Log.cc:292
    #6 0xd078a9 in Continuation::handleEvent(int, void*) 
/home/bcall/dev/apache/trafficserver/iocore/eventsystem/I_Continuation.h:153
    #7 0xd078a9 in EThread::execute() 
/home/bcall/dev/apache/trafficserver/iocore/eventsystem/UnixEThread.cc:298
    #8 0xd04f69 in spawn_thread_internal 
/home/bcall/dev/apache/trafficserver/iocore/eventsystem/Thread.cc:84
    #9 0x7fe845f4d5c9 in start_thread (/lib64/libpthread.so.0+0x75c9)

Thread T14 ([LOG_FLUSH]) created by T0 here:
    #0 0x7fe847de7458 in pthread_create (/lib64/libasan.so.3+0x31458)
    #1 0xd05b7c in ink_thread_create ../../lib/ts/ink_thread.h:147
    #2 0xd05b7c in Thread::start(char const*, unsigned long, void* (*)(void*), 
void*) /home/bcall/dev/apache/trafficserver/iocore/eventsystem/Thread.cc:99
    #3 0xd0e705 in EventProcessor::spawn_thread(Continuation*, char const*, 
unsigned long) 
/home/bcall/dev/apache/trafficserver/iocore/eventsystem/UnixEventProcessor.cc:184
    #4 0x8b69bd in Log::create_threads() 
/home/bcall/dev/apache/trafficserver/proxy/logging/Log.cc:999
    #5 0x8bbd2e in Log::init_when_enabled() 
/home/bcall/dev/apache/trafficserver/proxy/logging/Log.cc:957
    #6 0x8bca83 in Log::init(int) 
/home/bcall/dev/apache/trafficserver/proxy/logging/Log.cc:925
    #7 0x499024 in main /home/bcall/dev/apache/trafficserver/proxy/Main.cc:1833
    #8 0x7fe844d8e730 in __libc_start_main (/lib64/libc.so.6+0x20730)

SUMMARY: AddressSanitizer: heap-buffer-overflow (/lib64/libasan.so.3+0x8ea40)
Shadow bytes around the buggy address:
  0x0c2c80001f00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c2c80001f10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c2c80001f20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c2c80001f30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c2c80001f40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c2c80001f50: 00 00 00[fa]fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c2c80001f60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c2c80001f70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c2c80001f80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c2c80001f90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c2c80001fa0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==13717==ABORTING
{code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Created] (TS-4652) ASAN issue with logging with gcc 6.1.1

Reply via email to