Skip to content

Failing NAPI test with debug ASAN build #14

Open
Open
Failing NAPI test with debug ASAN build#14
Assignees
santigimeno
Labels
P2Medium priorityTriageType: Bug
@trevnorris

Description

@trevnorris
trevnorris
opened on Oct 31, 2023

The following usually reproduces the issue:

$ ./configure --enable-asan --debug
$ make -j16 test-build-js-native-api
$ for i in $(seq 1 4); do ./out/Debug/nsolid test/js-native-api/test_object/test.js & done

Which can produce the following ASAN output:

ASAN output 
test/js-native-api/test_object/test.js
=================================================================
==931054==ERROR: AddressSanitizer: heap-use-after-free on address 0x6110000439e8 at pc 0x5654dd028aa2 bp 0x7ffc1ddb7090 sp 0x7ffc1ddb7088
READ of size 8 at 0x6110000439e8 thread T0
    #0 0x5654dd028aa1 in std::_Hashtable, std::__detail::_Identity, std::equal_to, std::hash, std::__detail::_Mod_range_hashing, std::__detail::_Default_ranged_hash, std::__detail::_Prime_rehash_policy, std::__detail::_Hashtable_traits >::size() const /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/hashtable.h:649:16
    #1 0x5654dd033c74 in std::_Hashtable, std::__detail::_Identity, std::equal_to, std::hash, std::__detail::_Mod_range_hashing, std::__detail::_Default_ranged_hash, std::__detail::_Prime_rehash_policy, std::__detail::_Hashtable_traits >::empty() const /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/hashtable.h:653:16
    #2 0x5654dd025564 in std::unordered_set, std::equal_to, std::allocator >::empty() const /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/unordered_set.h:300:21
    #3 0x5654dd01046c in node_napi_env__::DrainFinalizerQueue() /var/projects/nodesource/nsolid-v20/out/../src/node_api.cc:72:30
    #4 0x5654dd023ec0 in node_napi_env__::EnqueueFinalizer(v8impl::RefTracker*)::$_0::operator()(node::Environment*) const /var/projects/nodesource/nsolid-v20/out/../src/node_api.cc:63:7
    #5 0x5654dd023dd7 in node::CallbackQueue::CallbackImpl::Call(node::Environment*) /var/projects/nodesource/nsolid-v20/out/../src/callback_queue-inl.h:90:10
    #6 0x5654dcea71ac in node::Environment::RunAndClearNativeImmediates(bool)::$_8::operator()(node::CallbackQueue*) const /var/projects/nodesource/nsolid-v20/out/../src/env.cc:1240:15
    #7 0x5654dcea460b in node::Environment::RunAndClearNativeImmediates(bool) /var/projects/nodesource/nsolid-v20/out/../src/env.cc:1253:10
    #8 0x5654dcea3726 in node::Environment::CleanupHandles() /var/projects/nodesource/nsolid-v20/out/../src/env.cc:1100:3
    #9 0x5654dcea6031 in node::Environment::RunCleanup() /var/projects/nodesource/nsolid-v20/out/../src/env.cc:1177:5
    #10 0x5654dcc4c5aa in node::FreeEnvironment(node::Environment*) /var/projects/nodesource/nsolid-v20/out/../src/api/environment.cc:506:10
    #11 0x5654dcc3b348 in node::FunctionDeleter::operator()(node::Environment*) const /var/projects/nodesource/nsolid-v20/out/../src/util.h:675:39
    #12 0x5654dcc3b1c0 in std::unique_ptr >::~unique_ptr() /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/unique_ptr.h:396:4
    #13 0x5654dd36e5a8 in node::NodeMainInstance::Run() /var/projects/nodesource/nsolid-v20/out/../src/node_main_instance.cc:92:1
    #14 0x5654dcff3cb0 in node::StartInternal(int, char**) /var/projects/nodesource/nsolid-v20/out/../src/node.cc:1384:24
    #15 0x5654dcff33d8 in node::Start(int, char**) /var/projects/nodesource/nsolid-v20/out/../src/node.cc:1391:27
    #16 0x5654e2220391 in main /var/projects/nodesource/nsolid-v20/out/../src/node_main.cc:97:10
    #17 0x7fa2d0429d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #18 0x7fa2d0429e3f in __libc_start_main csu/../csu/libc-start.c:392:3
    #19 0x5654dcb632f4 in _start (/var/projects/nodesource/nsolid-v20/out/Debug/nsolid+0x23632f4) (BuildId: 8fe0b597538bf75b8910d90b631446b6588fc07a)
0x6110000439e8 is located 104 bytes inside of 232-byte region [0x611000043980,0x611000043a68)
freed by thread T0 here:
    #0 0x5654dcc2176d in operator delete(void*) (/var/projects/nodesource/nsolid-v20/out/Debug/nsolid+0x242176d) (BuildId: 8fe0b597538bf75b8910d90b631446b6588fc07a)
    #1 0x5654dd0269c1 in node_napi_env__::~node_napi_env__() /var/projects/nodesource/nsolid-v20/out/../src/node_api_internals.h:11:8
    #2 0x5654dd024eac in napi_env__::DeleteMe() /var/projects/nodesource/nsolid-v20/out/../src/js_native_api_v8.h:130:5
    #3 0x5654dd010377 in node_napi_env__::DeleteMe() /var/projects/nodesource/nsolid-v20/out/../src/node_api.cc:32:15
    #4 0x5654dd02acdb in napi_env__::Unref() /var/projects/nodesource/nsolid-v20/out/../src/js_native_api_v8.h:68:22
    #5 0x5654dd023eb7 in node_napi_env__::EnqueueFinalizer(v8impl::RefTracker*)::$_0::operator()(node::Environment*) const /var/projects/nodesource/nsolid-v20/out/../src/node_api.cc:62:7
    #6 0x5654dd023dd7 in node::CallbackQueue::CallbackImpl::Call(node::Environment*) /var/projects/nodesource/nsolid-v20/out/../src/callback_queue-inl.h:90:10                                                                              
    #7 0x5654dcea71ac in node::Environment::RunAndClearNativeImmediates(bool)::$_8::operator()(node::CallbackQueue*) const /var/projects/nodesource/nsolid-v20/out/../src/env.cc:1240:15
    #8 0x5654dcea460b in node::Environment::RunAndClearNativeImmediates(bool) /var/projects/nodesource/nsolid-v20/out/../src/env.cc:1253:10
    #9 0x5654dcea3726 in node::Environment::CleanupHandles() /var/projects/nodesource/nsolid-v20/out/../src/env.cc:1100:3
    #10 0x5654dcea6031 in node::Environment::RunCleanup() /var/projects/nodesource/nsolid-v20/out/../src/env.cc:1177:5
    #11 0x5654dcc4c5aa in node::FreeEnvironment(node::Environment*) /var/projects/nodesource/nsolid-v20/out/../src/api/environment.cc:506:10                                                                                                                                                                                       
    #12 0x5654dcc3b348 in node::FunctionDeleter::operator()(node::Environment*) const /var/projects/nodesource/nsolid-v20/out/../src/util.h:675:39
    #13 0x5654dcc3b1c0 in std::unique_ptr >::~unique_ptr() /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/unique_ptr.h:396:4
    #14 0x5654dd36e5a8 in node::NodeMainInstance::Run() /var/projects/nodesource/nsolid-v20/out/../src/node_main_instance.cc:92:1
    #15 0x5654dcff3cb0 in node::StartInternal(int, char**) /var/projects/nodesource/nsolid-v20/out/../src/node.cc:1384:24
    #16 0x5654dcff33d8 in node::Start(int, char**) /var/projects/nodesource/nsolid-v20/out/../src/node.cc:1391:27
    #17 0x5654e2220391 in main /var/projects/nodesource/nsolid-v20/out/../src/node_main.cc:97:10
    #18 0x7fa2d0429d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
previously allocated by thread T0 here:
    #0 0x5654dcc20f0d in operator new(unsigned long) (/var/projects/nodesource/nsolid-v20/out/Debug/nsolid+0x2420f0d) (BuildId: 8fe0b597538bf75b8910d90b631446b6588fc07a)
    #1 0x5654dd012c7a in v8impl::(anonymous namespace)::NewEnv(v8::Local, std::__cxx11::basic_string, std::allocator > const&, int) /var/projects/nodesource/nsolid-v20/out/../src/node_api.cc:188:12
    #2 0x5654dd01260b in napi_module_register_by_symbol(v8::Local, v8::Local, v8::Local, napi_value__* (*)(napi_env__*, napi_value__*), int) /var/projects/nodesource/nsolid-v20/out/../src/node_api.cc:727:18
    #3 0x5654dd03b246 in node::binding::DLOpen(v8::FunctionCallbackInfo const&)::$_0::operator()(node::binding::DLib*) const /var/projects/nodesource/nsolid-v20/out/../src/node_binding.cc:501:9
    #4 0x5654dd03a623 in bool std::__invoke_impl const&)::$_0&, node::binding::DLib*>(std::__invoke_other, node::binding::DLOpen(v8::FunctionCallbackInfo const&)::$_0&, node::binding::DLib*&&) /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../.. /include/c++/12/bits/invoke.h:61:14
    #5 0x5654dd03a581 in std::enable_if const&)::$_0&, node::binding::DLib*>, bool>::type std::__invoke_r const&)::$_0&, node::binding::DLib*>(node::binding::DLOpen(v8::FunctionCallbackInfo const&)::$_0&, node::binding::DLib*&&) /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/invoke.h:114:9
    #6 0x5654dd03a421 in std::_Function_handler const&)::$_0>::_M_invoke(std::_Any_data const&, node::binding::DLib*&&) /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/std_function.h:290:9
    #7 0x5654dcee2999 in std::function::operator()(node::binding::DLib*) const /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/std_function.h:591:9
    #8 0x5654dce9b20d in node::Environment::TryLoadAddon(char const*, int, std::function const&) /var/projects/nodesource/nsolid-v20/out/../src/env.cc:684:8
    #9 0x5654dd03540f in node::binding::DLOpen(v8::FunctionCallbackInfo const&) /var/projects/nodesource/nsolid-v20/out/../src/node_binding.cc:459:8
    #10 0x5654de1e00c9 in v8::internal::FunctionCallbackArguments::Call(v8::internal::CallHandlerInfo) /var/projects/nodesource/nsolid-v20/out/../deps/v8/src/api/api-arguments-inl.h:146:3
    #11 0x5654de1ddf48 in v8::internal::MaybeHandle v8::internal::(anonymous namespace)::HandleApiCallHelper(v8::internal::Isolate*, v8::internal::Handle, v8::internal::Handle, v8::internal::Handle, unsigned long*, int) /var/projects/nodesource/nsolid-v20/out/../deps/v8/src/builtins/builtins-api.cc:113:36
    #12 0x5654de1dadb1 in v8::internal::Builtin_Impl_HandleApiCall(v8::internal::BuiltinArguments, v8::internal::Isolate*) /var/projects/nodesource/nsolid-v20/out/../deps/v8/src/builtins/builtins-api.cc:144:5
    #13 0x5654de1dadb1 in v8::internal::Builtin_HandleApiCall(int, unsigned long*, v8::internal::Isolate*) /var/projects/nodesource/nsolid-v20/out/../deps/v8/src/builtins/builtins-api.cc:135:1
    #14 0x5654e1832075 in Builtins_CEntry_Return1_ArgvOnStack_BuiltinExit embedded.o
    #15 0x5654e1790a9b in Builtins_InterpreterEntryTrampoline embedded.o
    #16 0x5654e1790a9b in Builtins_InterpreterEntryTrampoline embedded.o
    #17 0x5654e1790a9b in Builtins_InterpreterEntryTrampoline embedded.o
    #18 0x56546194b04c  ()
    #19 0x56546194a4ce  ()
    #20 0x5654e1790a9b in Builtins_InterpreterEntryTrampoline embedded.o
    #21 0x5654e1790a9b in Builtins_InterpreterEntryTrampoline embedded.o
    #22 0x5654e1790a9b in Builtins_InterpreterEntryTrampoline embedded.o
    #23 0x5654e1790a9b in Builtins_InterpreterEntryTrampoline embedded.o
    #24 0x5654e1790a9b in Builtins_InterpreterEntryTrampoline embedded.o
    #25 0x5654e1790a9b in Builtins_InterpreterEntryTrampoline embedded.o
    #26 0x5654e1790a9b in Builtins_InterpreterEntryTrampoline embedded.o
    #27 0x5654e178e81b in Builtins_JSEntryTrampoline embedded.o
    #28 0x5654e178e542 in Builtins_JSEntry embedded.o
    #29 0x5654de735a42 in v8::internal::GeneratedCode::Call(unsigned long, unsigned long, unsigned long, unsigned long, long, unsigned long**) /var/projects/nodesource/nsolid-v20/out/../deps/v8/src/execution/simulator.h:154:12
    #30 0x5654de735a42 in v8::internal::(anonymous namespace)::Invoke(v8::internal::Isolate*, v8::internal::(anonymous namespace)::InvokeParams const&) /var/projects/nodesource/nsolid-v20/out/../deps/v8/src/execution/execution.cc:427:33
    #31 0x5654de734873 in v8::internal::Execution::Call(v8::internal::Isolate*, v8::internal::Handle, v8::internal::Handle, int, v8::internal::Handle*) /var/projects/nodesource/nsolid-v20/out/../deps/v8/src/execution/execution.cc:529:10
SUMMARY: AddressSanitizer: heap-use-after-free /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/hashtable.h:649:16 in std::_Hashtable, std::__detail::_Identity, std::equal_to, std::hash, std::__detail::_Mod_range_hashing, std::__detail::_Default_ranged_hash, std::__detail::_Prime_rehash_policy, std::__detail::_Hashtable_traits >::size() const
Shadow bytes around the buggy address:
  0x0c22800006e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c22800006f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2280000700: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
  0x0c2280000710: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2280000720: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
=>0x0c2280000730: fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]fd fd
  0x0c2280000740: fd fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa
  0x0c2280000750: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
  0x0c2280000760: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2280000770: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
  0x0c2280000780: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==931054==ABORTING

It's interesting to note that nothing NSolid specific is in the call stacks, but so far I haven't been able to replicate this issue in vanilla Node.js.

Metadata

Metadata

Assignees

Labels

P2Medium priorityTriageType: Bug

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions