Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

We found a memory leak when we fuzzing the project #2244

Open
Ljiee opened this issue May 16, 2020 · 1 comment
Open

We found a memory leak when we fuzzing the project #2244

Ljiee opened this issue May 16, 2020 · 1 comment

Comments

@Ljiee
Copy link

Ljiee commented May 16, 2020 

==252387==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 4224 byte(s) in 132 object(s) allocated from:
0x4cffd2: calloc at /root/llvm/src/projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:154:3
153  :   ENSURE_ASAN_INITED();
154 >:   GET_STACK_TRACE_MALLOC;
155  :   return asan_calloc(nmemb, size, &stack);

0x549d0c: priority_queue_add at /root/workspace/comdb2/sources/util/priority_queue.c:93:30
92  :
93 >:   priority_queue_item_t *i = calloc(1, sizeof(priority_queue_item_t));
94  :

0x5482b3: thdpool_enqueue at /root/workspace/comdb2/sources/util/thdpool.c:1066:28
1065  :             }
1066 >:             int queue_rc = priority_queue_add(&pool->queue, priority, item);
1067  :

0x56da49: __memp_sync_int at /root/workspace/comdb2/sources/berkdb/mp/mp_sync.c:1431:14
1430  :
1431 >: 					t_ret = thdpool_enqueue(trickle_thdpool,
1432  : 					    trickle_do_work, range, 0, NULL, 0,

0x56da49: __memp_sync_int at /root/workspace/comdb2/sources/berkdb/mp/mp_sync.c:1431:14
1430  :
1431 >: 					t_ret = thdpool_enqueue(trickle_thdpool,
1432  : 					    trickle_do_work, range, 0, NULL, 0,

0x674c67: __memp_trickle at /root/workspace/comdb2/sources/berkdb/mp/mp_trickle.c:116:8
115  : 	   of clean pages. So here we write all modified pages to disk. */
116 >: 	ret = __memp_sync_int(dbenv, NULL, n,
117  : 	    lru ? DB_SYNC_LRU : DB_SYNC_TRICKLE, nwrotep, 1, NULL, 0);

0x66a37a: __memp_trickle_pp at /root/workspace/comdb2/sources/berkdb/mp/mp_trickle.c:49:8
48  : 		__env_rep_enter(dbenv);
49 >: 	ret = __memp_trickle(dbenv, pct, nwrotep, lru);
50  : 	if (rep_check)

0x7ed752: memp_trickle_thread at /root/workspace/comdb2/sources/bdb/threads.c:118:14
117  :     again:
118 >:         rc = bdb_state->dbenv->memp_trickle(
119  :             bdb_state->dbenv, bdb_state->attr->memptricklepercent, &nwrote, 1);

0x9421: start_thread at ??:0:0


Direct leak of 4192 byte(s) in 131 object(s) allocated from:
0x4cffd2: calloc at /root/llvm/src/projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:154:3
153  :   ENSURE_ASAN_INITED();
154 >:   GET_STACK_TRACE_MALLOC;
155  :   return asan_calloc(nmemb, size, &stack);

0x549d0c: priority_queue_add at /root/workspace/comdb2/sources/util/priority_queue.c:93:30
92  :
93 >:   priority_queue_item_t *i = calloc(1, sizeof(priority_queue_item_t));
94  :

0x5482b3: thdpool_enqueue at /root/workspace/comdb2/sources/util/thdpool.c:1066:28
1065  :             }
1066 >:             int queue_rc = priority_queue_add(&pool->queue, priority, item);
1067  :

0x56da49: __memp_sync_int at /root/workspace/comdb2/sources/berkdb/mp/mp_sync.c:1431:14
1430  :
1431 >: 					t_ret = thdpool_enqueue(trickle_thdpool,
1432  : 					    trickle_do_work, range, 0, NULL, 0,

0x56cb20: __memp_sync_restartable at /root/workspace/comdb2/sources/berkdb/mp/mp_sync.c:401:6
400  : 	if ((ret =
401 >: 	    __memp_sync_int(dbenv, NULL, 0, DB_SYNC_CACHE, NULL,
402  : 	    restartable, (dbenv->tx_perfect_ckp ? lsnp : NULL), fixed)) != 0)

0x5a8063: __txn_checkpoint at /root/workspace/comdb2/sources/berkdb/txn/txn.c:2389:11
2388  : 	if (MPOOL_ON(dbenv) &&
2389 >: 			(ret = __memp_sync_restartable(dbenv,
2390  : 				   (LF_ISSET(DB_FORCE) ? NULL : &ckp_lsn), 0, 0)) != 0) {

0x61812c: __db_apprec at /root/workspace/comdb2/sources/berkdb/env/env_recover.c:1510:20
1509  : 		}
1510 >: 	} else if ((ret = __txn_checkpoint(dbenv, 0, 0, DB_FORCE)) != 0)
1511  : 		goto err;

0x5e4b81: __dbenv_open at /root/workspace/comdb2/sources/berkdb/env/env_open.c:0:0
1  : /*-
2  :  * See the file LICENSE for redistribution information.
3  :  *

0x7ebd0a: dbenv_open at /root/workspace/comdb2/sources/bdb/file.c:2780:10
2779  :     print(bdb_state, "opening %s\n", txndir);
2780 >:     rc = dbenv->open(dbenv, txndir, flags, S_IRUSR | S_IWUSR);
2781  :     if (rc != 0) {

0x7e9050: bdb_open_int at /root/workspace/comdb2/sources/bdb/file.c:5747:28
5746  :         */
5747 >:         bdb_state->dbenv = dbenv_open(bdb_state);
5748  :         if (bdb_state->dbenv == NULL) {

0xb18654: bdb_open_env at /root/workspace/comdb2/sources/bdb/file.c:6021:12
6020  :
6021 >:     return bdb_open_int(
6022  :         1, /* envonly */

0xafe5cb: open_bdb_env at /root/workspace/comdb2/sources/db/glue.c:3766:22
3765  :     /* open environment */
3766 >:     dbenv->bdb_env = bdb_open_env(
3767  :         dbenv->envname, dbenv->basedir, dbenv->bdb_attr, dbenv->bdb_callback,

0xaef772: init at /root/workspace/comdb2/sources/db/comdb2.c:3796:9
3795  :     /* open up the bdb_env now that we have set all the attributes */
3796 >:     if (open_bdb_env(thedb)) {
3797  :         logmsg(LOGMSG_FATAL, "failed to open bdb_env for %s\n", dbname);

0xaebb41: main at /root/workspace/comdb2/sources/db/comdb2.c:5466:9
5465  :
5466 >:     if (init(argc, argv) == -1) {
5467  :         logmsg(LOGMSG_FATAL, "failed to start\n");

0x27001: __libc_start_main at ??:0:0


Direct leak of 4192 byte(s) in 131 object(s) allocated from:
0x4cffd2: calloc at /root/llvm/src/projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:154:3
153  :   ENSURE_ASAN_INITED();
154 >:   GET_STACK_TRACE_MALLOC;
155  :   return asan_calloc(nmemb, size, &stack);

0x549d0c: priority_queue_add at /root/workspace/comdb2/sources/util/priority_queue.c:93:30
92  :
93 >:   priority_queue_item_t *i = calloc(1, sizeof(priority_queue_item_t));
94  :

0x5482b3: thdpool_enqueue at /root/workspace/comdb2/sources/util/thdpool.c:1066:28
1065  :             }
1066 >:             int queue_rc = priority_queue_add(&pool->queue, priority, item);
1067  :

0x56da49: __memp_sync_int at /root/workspace/comdb2/sources/berkdb/mp/mp_sync.c:1431:14
1430  :
1431 >: 					t_ret = thdpool_enqueue(trickle_thdpool,
1432  : 					    trickle_do_work, range, 0, NULL, 0,

0x56cb20: __memp_sync_restartable at /root/workspace/comdb2/sources/berkdb/mp/mp_sync.c:401:6
400  : 	if ((ret =
401 >: 	    __memp_sync_int(dbenv, NULL, 0, DB_SYNC_CACHE, NULL,
402  : 	    restartable, (dbenv->tx_perfect_ckp ? lsnp : NULL), fixed)) != 0)

0x5a8063: __txn_checkpoint at /root/workspace/comdb2/sources/berkdb/txn/txn.c:2389:11
2388  : 	if (MPOOL_ON(dbenv) &&
2389 >: 			(ret = __memp_sync_restartable(dbenv,
2390  : 				   (LF_ISSET(DB_FORCE) ? NULL : &ckp_lsn), 0, 0)) != 0) {

0x5edbfd: __txn_checkpoint_pp at /root/workspace/comdb2/sources/berkdb/txn/txn.c:2213:8
2212  : 		__env_rep_enter(dbenv);
2213 >: 	ret = __txn_checkpoint(dbenv, kbytes, minutes, flags);
2214  : 	if (rep_check)

0x79ae13: ll_checkpoint at /root/workspace/comdb2/sources/bdb/ll.c:1539:10
1538  :     /* do the real checkpoint */
1539 >:     rc = bdb_state->dbenv->txn_checkpoint(bdb_state->dbenv, 0, 0,
1540  :                                           force ? DB_FORCE : 0);

0x7ed286: checkpoint_thread at /root/workspace/comdb2/sources/bdb/threads.c:404:14
403  :
404 >:         rc = ll_checkpoint(bdb_state, 0);
405  :

0x9421: start_thread at ??:0:0


Direct leak of 32 byte(s) in 1 object(s) allocated from:
0x4cffd2: calloc at /root/llvm/src/projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:154:3
153  :   ENSURE_ASAN_INITED();
154 >:   GET_STACK_TRACE_MALLOC;
155  :   return asan_calloc(nmemb, size, &stack);

0x549d0c: priority_queue_add at /root/workspace/comdb2/sources/util/priority_queue.c:93:30
92  :
93 >:   priority_queue_item_t *i = calloc(1, sizeof(priority_queue_item_t));
94  :

0x5482b3: thdpool_enqueue at /root/workspace/comdb2/sources/util/thdpool.c:1066:28
1065  :             }
1066 >:             int queue_rc = priority_queue_add(&pool->queue, priority, item);
1067  :

0x56dc5e: __memp_sync_int at /root/workspace/comdb2/sources/berkdb/mp/mp_sync.c:1474:13
1473  :
1474 >: 				t_ret = thdpool_enqueue(trickle_thdpool,
1475  : 				    trickle_do_work, range, 0, NULL, 0,

0x674c67: __memp_trickle at /root/workspace/comdb2/sources/berkdb/mp/mp_trickle.c:116:8
115  : 	   of clean pages. So here we write all modified pages to disk. */
116 >: 	ret = __memp_sync_int(dbenv, NULL, n,
117  : 	    lru ? DB_SYNC_LRU : DB_SYNC_TRICKLE, nwrotep, 1, NULL, 0);

0x66a37a: __memp_trickle_pp at /root/workspace/comdb2/sources/berkdb/mp/mp_trickle.c:49:8
48  : 		__env_rep_enter(dbenv);
49 >: 	ret = __memp_trickle(dbenv, pct, nwrotep, lru);
50  : 	if (rep_check)

0x7ed752: memp_trickle_thread at /root/workspace/comdb2/sources/bdb/threads.c:118:14
117  :     again:
118 >:         rc = bdb_state->dbenv->memp_trickle(
119  :             bdb_state->dbenv, bdb_state->attr->memptricklepercent, &nwrote, 1);

0x9421: start_thread at ??:0:0


Direct leak of 32 byte(s) in 1 object(s) allocated from:
0x4cffd2: calloc at /root/llvm/src/projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:154:3
153  :   ENSURE_ASAN_INITED();
154 >:   GET_STACK_TRACE_MALLOC;
155  :   return asan_calloc(nmemb, size, &stack);

0x549d0c: priority_queue_add at /root/workspace/comdb2/sources/util/priority_queue.c:93:30
92  :
93 >:   priority_queue_item_t *i = calloc(1, sizeof(priority_queue_item_t));
94  :

0x5482b3: thdpool_enqueue at /root/workspace/comdb2/sources/util/thdpool.c:1066:28
1065  :             }
1066 >:             int queue_rc = priority_queue_add(&pool->queue, priority, item);
1067  :

0x56dc5e: __memp_sync_int at /root/workspace/comdb2/sources/berkdb/mp/mp_sync.c:1474:13
1473  :
1474 >: 				t_ret = thdpool_enqueue(trickle_thdpool,
1475  : 				    trickle_do_work, range, 0, NULL, 0,

0x56cb20: __memp_sync_restartable at /root/workspace/comdb2/sources/berkdb/mp/mp_sync.c:401:6
400  : 	if ((ret =
401 >: 	    __memp_sync_int(dbenv, NULL, 0, DB_SYNC_CACHE, NULL,
402  : 	    restartable, (dbenv->tx_perfect_ckp ? lsnp : NULL), fixed)) != 0)

0x5a8063: __txn_checkpoint at /root/workspace/comdb2/sources/berkdb/txn/txn.c:2389:11
2388  : 	if (MPOOL_ON(dbenv) &&
2389 >: 			(ret = __memp_sync_restartable(dbenv,
2390  : 				   (LF_ISSET(DB_FORCE) ? NULL : &ckp_lsn), 0, 0)) != 0) {

0x5edbfd: __txn_checkpoint_pp at /root/workspace/comdb2/sources/berkdb/txn/txn.c:2213:8
2212  : 		__env_rep_enter(dbenv);
2213 >: 	ret = __txn_checkpoint(dbenv, kbytes, minutes, flags);
2214  : 	if (rep_check)

0x79ae13: ll_checkpoint at /root/workspace/comdb2/sources/bdb/ll.c:1539:10
1538  :     /* do the real checkpoint */
1539 >:     rc = bdb_state->dbenv->txn_checkpoint(bdb_state->dbenv, 0, 0,
1540  :                                           force ? DB_FORCE : 0);

0x7ed286: checkpoint_thread at /root/workspace/comdb2/sources/bdb/threads.c:404:14
403  :
404 >:         rc = ll_checkpoint(bdb_state, 0);
405  :

0x9421: start_thread at ??:0:0

                                                                                                        Direct leak of 32 byte(s) in 1 object(s) allocated from:
0x549d0c: priority_queue_add at /root/workspace/comdb2/sources/util/priority_queue.c:93:30
92  :
93 >:   priority_queue_item_t *i = calloc(1, sizeof(priority_queue_item_t));
94  :

0x56dc5e: __memp_sync_int at /root/workspace/comdb2/sources/berkdb/mp/mp_sync.c:1474:13
1473  :
1474 >: 				t_ret = thdpool_enqueue(trickle_thdpool,
1475  : 				    trickle_do_work, range, 0, NULL, 0,

0x5a8063: __txn_checkpoint at /root/workspace/comdb2/sources/berkdb/txn/txn.c:2389:11
2388  : 	if (MPOOL_ON(dbenv) &&
2389 >: 			(ret = __memp_sync_restartable(dbenv,
2390  : 				   (LF_ISSET(DB_FORCE) ? NULL : &ckp_lsn), 0, 0)) != 0) {

0x61812c: __db_apprec at /root/workspace/comdb2/sources/berkdb/env/env_recover.c:1510:20
1509  : 		}
1510 >: 	} else if ((ret = __txn_checkpoint(dbenv, 0, 0, DB_FORCE)) != 0)
1511  : 		goto err;

0x5e4b81: __dbenv_open at /root/workspace/comdb2/sources/berkdb/env/env_open.c:0:0
1  : /*-
2  :  * See the file LICENSE for redistribution information.
3  :  *

0x7ebd0a: dbenv_open at /root/workspace/comdb2/sources/bdb/file.c:2780:10
2779  :     print(bdb_state, "opening %s\n", txndir);
2780 >:     rc = dbenv->open(dbenv, txndir, flags, S_IRUSR | S_IWUSR);
2781  :     if (rc != 0) {

0x7e9050: bdb_open_int at /root/workspace/comdb2/sources/bdb/file.c:5747:28
5746  :         */
5747 >:         bdb_state->dbenv = dbenv_open(bdb_state);
5748  :         if (bdb_state->dbenv == NULL) {

0xb18654: bdb_open_env at /root/workspace/comdb2/sources/bdb/file.c:6021:12
6020  :
6021 >:     return bdb_open_int(
6022  :         1, /* envonly */

0xafe5cb: open_bdb_env at /root/workspace/comdb2/sources/db/glue.c:3766:22
3765  :     /* open environment */
3766 >:     dbenv->bdb_env = bdb_open_env(
3767  :         dbenv->envname, dbenv->basedir, dbenv->bdb_attr, dbenv->bdb_callback,

0xaef772: init at /root/workspace/comdb2/sources/db/comdb2.c:3796:9
3795  :     /* open up the bdb_env now that we have set all the attributes */
3796 >:     if (open_bdb_env(thedb)) {
3797  :         logmsg(LOGMSG_FATAL, "failed to open bdb_env for %s\n", dbname);

0xaebb41: main at /root/workspace/comdb2/sources/db/comdb2.c:5466:9
5465  :
5466 >:     if (init(argc, argv) == -1) {
5467  :         logmsg(LOGMSG_FATAL, "failed to start\n");

0x27001: __libc_start_main at ??:0:0
@adizaimi
Copy link

adizaimi commented Oct 1, 2020

Thank you for submitting this. It is an ongoing struggle to get leaks under control given such complex system. We will try to address them in time -- I attempt to clean up on exit in #1599, however it is still a work in progress.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@adizaimi @Ljiee