AddressSanitizer: attempting free on address which was not malloc()-ed

2,269 views
Skip to first unread message

sothy shan

unread,
Jul 12, 2017, 6:20:22 AM7/12/17
to address-sanitizer
Hello,
I'm running the gcc 6.3.0 version with opensource code in ubuntu 16.04 LTS.
When I run my code, I am getting error.


==5094==ERROR: AddressSanitizer: attempting free on address which was not malloc()-ed: 0x603000012d78 in thread T0
    #0 0x7f6115c33630 in operator delete(void*) (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc8630)
    #1 0x12054a6 in fluid_msg::PortCommon::~PortCommon() /usr/local/include/fluid/ofcommon/common.hh:28
    #2 0x1205842 in fluid_msg::of10::Port::~Port() /usr/local/include/fluid/of10/of10common.hh:26
    #3 0x1214d62 in void std::_Destroy<fluid_msg::of10::Port>(fluid_msg::of10::Port*) /usr/include/c++/6/bits/stl_construct.h:93
    #4 0x1213686 in void std::_Destroy_aux<false>::__destroy<fluid_msg::of10::Port*>(fluid_msg::of10::Port*, fluid_msg::of10::Port*) /usr/include/c++/6/bits/stl_construct.h:103
    #5 0x120f4e6 in void std::_Destroy<fluid_msg::of10::Port*>(fluid_msg::of10::Port*, fluid_msg::of10::Port*) /usr/include/c++/6/bits/stl_construct.h:126
    #6 0x120c5e5 in void std::_Destroy<fluid_msg::of10::Port*, fluid_msg::of10::Port>(fluid_msg::of10::Port*, fluid_msg::of10::Port*, std::allocator<fluid_msg::of10::Port>&) /usr/include/c++/6/bits/stl_construct.h:151
    #7 0x1208a0a in std::vector<fluid_msg::of10::Port, std::allocator<fluid_msg::of10::Port> >::~vector() /usr/include/c++/6/bits/stl_vector.h:426
    #8 0x1205966 in fluid_msg::of10::FeaturesReply::~FeaturesReply() /usr/local/include/fluid/of10msg.hh:121
    #9 0x1238881 in ofd::of_server::OFconnection::proces_read_msg(seastar::temporary_buffer<char>) /home/sothy/netbricks/bitbucket/ofd/ofserver.hh:513
    #10 0x12353b8 in _ZZN3ofd9of_server12OFconnection8read_oneEvENKUlT_E_clIN7seastar6futureIJNS5_16temporary_bufferIcEEEEEEEDaS2_ /home/sothy/netbricks/bitbucket/ofd/ofserver.hh:450
    #11 0x128108f in seastar::future<> seastar::futurize<seastar::future<> >::apply<ofd::of_server::OFconnection::read_one()::{lambda(auto:1)#1}, seastar::future<seastar::temporary_buffer<char> > >(ofd::of_server::OFconnection::read_one()::{lambda(auto:1)#1}&&, seastar::future<seastar::temporary_buffer<char> >&&) /home/sothy/netbricks/development/seastar/core/future.hh:1312
    #12 0x1340a2f in _ZZN7seastar6futureIJNS_16temporary_bufferIcEEEE12then_wrappedIZN3ofd9of_server12OFconnection8read_oneEvEUlT_E_NS0_IJEEEEET0_OS8_ENUlSC_E_clINS_12future_stateIJS2_EEEEEDaSC_ /home/sothy/netbricks/development/seastar/core/future.hh:940
    #13 0x134131c in seastar::continuation<seastar::future<> seastar::future<seastar::temporary_buffer<char> >::then_wrapped<ofd::of_server::OFconnection::read_one()::{lambda(auto:1)#1}, seastar::future<> >(ofd::of_server::OFconnection::read_one()::{lambda(auto:1)#1}&&)::{lambda(auto:2)#1}, seastar::temporary_buffer<char> >::run() /home/sothy/netbricks/development/seastar/core/future.hh:395
    #14 0x456004 in seastar::reactor::run_tasks(seastar::circular_buffer<std::unique_ptr<seastar::task, std::default_delete<seastar::task> >, std::allocator<std::unique_ptr<seastar::task, std::default_delete<seastar::task> > > >&) core/reactor.cc:2316
    #15 0x45cc46 in seastar::reactor::run() core/reactor.cc:2774
    #16 0xab585e in seastar::app_template::run_deprecated(int, char**, std::function<void ()>&&) core/app-template.cc:142
    #17 0x1218aa0 in main /home/sothy/netbricks/bitbucket/ofd/ofapp.cc:186
    #18 0x7f6110f2682f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #19 0x415428 in _start (/home/sothy/netbricks/bitbucket/ofd/a.out+0x415428)

0x603000012d78 is located 24 bytes inside of 32-byte region [0x603000012d60,0x603000012d80)
allocated by thread T0 here:
    #0 0x7f6115c32fb0 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc7fb0)
    #1 0x7f61142f96f8 in std::string::_Rep::_S_create(unsigned long, unsigned long, std::allocator<char> const&) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0xd36f8)

SUMMARY: AddressSanitizer: bad-free (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc8630) in operator delete(void*)
==5094==ABORTING

+++++++++++++++++++++++++++++++++++++++++++++++++++++++==
According to the code, https://github.com/OpenNetworkingFoundation/libfluid_msg/blob/master/fluid/ofcommon/common.hh (line 28).
It is destrucutor call. I guess it should delete automatically.
My question is that why I am getting this strange reasons?
Thanks For your help.

Best regards

Maxim Ostapenko

unread,
Jul 12, 2017, 8:52:12 AM7/12/17
to address-sanitizer
Hm, looks pretty the same to https://github.com/google/sanitizers/issues/830. Could you provide more details how to reproduce the issue?

sothy shan

unread,
Jul 12, 2017, 11:55:45 AM7/12/17
to address-sanitizer


On Wednesday, July 12, 2017 at 2:52:12 PM UTC+2, Maxim Ostapenko wrote:
Hm, looks pretty the same to https://github.com/google/sanitizers/issues/830. Could you provide more details how to reproduce the issue?

This error is made at run-time.  From the stack, FeatureReply DTOR is called.
From there, of10::Port DTOR is called and subsequently Port Common is called.
When PortCommon is called , it gives error.

[~PortCommon] https://github.com/OpenNetworkingFoundation/libfluid_msg/blob/master/fluid/ofcommon/common.hh (line 28).
[~Port] https://github.com/OpenNetworkingFoundation/libfluid_msg/blob/master/fluid/of10/of10common.hh
[~~FeaturesReply() /usr/local/include/fluid/of10msg.hh:121] https://github.com/OpenNetworkingFoundation/libfluid_msg/blob/master/fluid/of10msg.hh

These information is not enough. I can provide more details. Bit complex to reproduce the issue. Otherwise, I can do some test here if you propose.

Best regards
Sothy



 

Yuri Gribov

unread,
Jul 12, 2017, 3:12:15 PM7/12/17
to address-...@googlegroups.com
On Wed, Jul 12, 2017 at 4:55 PM, sothy shan <soth...@gmail.com> wrote:
>
>
> On Wednesday, July 12, 2017 at 2:52:12 PM UTC+2, Maxim Ostapenko wrote:
>>
>> Hm, looks pretty the same to
>> https://github.com/google/sanitizers/issues/830. Could you provide more
>> details how to reproduce the issue?
>
>
> This error is made at run-time. From the stack, FeatureReply DTOR is
> called.
> From there, of10::Port DTOR is called and subsequently Port Common is
> called.
> When PortCommon is called , it gives error.

You built your app with GCC6 (which thus used libstdc++ headers from
GCC6) but then ran it with libstdc++ from GCC5
(/usr/lib/x86_64-linux-gnu/libstdc++.so.6) which might have caused ABI
mismatch. Try to set up LD_LIBRARY_PATH appropriately so that app
loads proper libstdc++.so.
> --
> You received this message because you are subscribed to the Google Groups
> "address-sanitizer" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to address-saniti...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

sothy shan

unread,
Jul 13, 2017, 4:54:46 AM7/13/17
to address-sanitizer


On Wednesday, July 12, 2017 at 9:12:15 PM UTC+2, Yuri Gribov wrote:
On Wed, Jul 12, 2017 at 4:55 PM, sothy shan <soth...@gmail.com> wrote:
>
>
> On Wednesday, July 12, 2017 at 2:52:12 PM UTC+2, Maxim Ostapenko wrote:
>>
>> Hm, looks pretty the same to
>> https://github.com/google/sanitizers/issues/830. Could you provide more
>> details how to reproduce the issue?
>
>
> This error is made at run-time.  From the stack, FeatureReply DTOR is
> called.
> From there, of10::Port DTOR is called and subsequently Port Common is
> called.
> When PortCommon is called , it gives error.

You built your app with GCC6 (which thus used libstdc++ headers from
GCC6) but then ran it with libstdc++ from GCC5
(/usr/lib/x86_64-linux-gnu/libstdc++.so.6) which might have caused ABI
mismatch. Try to set up LD_LIBRARY_PATH appropriately so that app
loads proper libstdc++.so.

Yes. It seems that problem.  However, I get into another problem.

4096==ERROR: AddressSanitizer: attempting double-free on 0x604000004250 in thread T0:
    #0 0x7f818389b630 in operator delete(void*) (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc8630)
    #1 0x7f817f4d50e1 in fluid_msg::PacketOutCommon::~PacketOutCommon() fluid/ofcommon/msg.cc:307
    #2 0x12168ad in void std::_Destroy<fluid_msg::of10::PacketOut>(fluid_msg::of10::PacketOut*) /usr/include/c++/6/bits/stl_construct.h:93
    #3 0x121493b in void std::_Destroy_aux<false>::__destroy<fluid_msg::of10::PacketOut*>(fluid_msg::of10::PacketOut*, fluid_msg::of10::PacketOut*) /usr/include/c++/6/bits/stl_construct.h:103
    #4 0x1210e07 in void std::_Destroy<fluid_msg::of10::PacketOut*>(fluid_msg::of10::PacketOut*, fluid_msg::of10::PacketOut*) /usr/include/c++/6/bits/stl_construct.h:126
    #5 0x120e31b in void std::_Destroy<fluid_msg::of10::PacketOut*, fluid_msg::of10::PacketOut>(fluid_msg::of10::PacketOut*, fluid_msg::of10::PacketOut*, std::allocator<fluid_msg::of10::PacketOut>&) /usr/include/c++/6/bits/stl_construct.h:151
    #6 0x1213430 in void std::vector<fluid_msg::of10::PacketOut, std::allocator<fluid_msg::of10::PacketOut> >::_M_emplace_back_aux<fluid_msg::of10::PacketOut>(fluid_msg::of10::PacketOut&&) /usr/include/c++/6/bits/vector.tcc:436
    #7 0x120ef66 in void std::vector<fluid_msg::of10::PacketOut, std::allocator<fluid_msg::of10::PacketOut> >::emplace_back<fluid_msg::of10::PacketOut>(fluid_msg::of10::PacketOut&&) /usr/include/c++/6/bits/vector.tcc:101
    #8 0x120c1ec in std::vector<fluid_msg::of10::PacketOut, std::allocator<fluid_msg::of10::PacketOut> >::push_back(fluid_msg::of10::PacketOut&&) /usr/include/c++/6/bits/stl_vector.h:933
    #9 0x11e890e in ofd::topology_manager::feature_response_process(fluid_msg::of10::FeaturesReply) topo/topologymanager.cc:605
    #10 0x11e51cb in ofd::topology_manager::read_queue_msg(ofd::wrap_msg) topo/topologymanager.cc:24
    #11 0x11e61d6 in operator()<seastar::future<ofd::wrap_msg> > topo/topologymanager.cc:99
    #12 0x11f0649 in apply<ofd::topology_manager::process_Msg()::<lambda()>::<lambda(auto:37)>, seastar::future<ofd::wrap_msg> > /home/sothy/netbricks/development/seastar/core/future.hh:1312
    #13 0x1203d0b in operator()<seastar::future_state<ofd::wrap_msg> > /home/sothy/netbricks/development/seastar/core/future.hh:940
    #14 0x1204612 in run /home/sothy/netbricks/development/seastar/core/future.hh:395
    #15 0x456004 in seastar::reactor::run_tasks(seastar::circular_buffer<std::unique_ptr<seastar::task, std::default_delete<seastar::task> >, std::allocator<std::unique_ptr<seastar::task, std::default_delete<seastar::task> > > >&) core/reactor.cc:2316
    #16 0x45cc46 in seastar::reactor::run() core/reactor.cc:2774
    #17 0xab585e in seastar::app_template::run_deprecated(int, char**, std::function<void ()>&&) core/app-template.cc:142
    #18 0x12193ba in main /home/sothy/netbricks/bitbucket/ofd/ofapp.cc:186
    #19 0x7f817eb9582f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #20 0x415428 in _start (/home/sothy/netbricks/bitbucket/ofd/a.out+0x415428)

0x604000004250 is located 0 bytes inside of 45-byte region [0x604000004250,0x60400000427d)
freed by thread T0 here:
    #0 0x7f818389b630 in operator delete(void*) (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc8630)
    #1 0x7f817f4d50e1 in fluid_msg::PacketOutCommon::~PacketOutCommon() fluid/ofcommon/msg.cc:307
    #2 0x11e891a in ofd::topology_manager::feature_response_process(fluid_msg::of10::FeaturesReply) topo/topologymanager.cc:577
    #3 0x11e51cb in ofd::topology_manager::read_queue_msg(ofd::wrap_msg) topo/topologymanager.cc:24
    #4 0x11e61d6 in operator()<seastar::future<ofd::wrap_msg> > topo/topologymanager.cc:99
    #5 0x11f0649 in apply<ofd::topology_manager::process_Msg()::<lambda()>::<lambda(auto:37)>, seastar::future<ofd::wrap_msg> > /home/sothy/netbricks/development/seastar/core/future.hh:1312
    #6 0x1203d0b in operator()<seastar::future_state<ofd::wrap_msg> > /home/sothy/netbricks/development/seastar/core/future.hh:940
    #7 0x1204612 in run /home/sothy/netbricks/development/seastar/core/future.hh:395
    #8 0x456004 in seastar::reactor::run_tasks(seastar::circular_buffer<std::unique_ptr<seastar::task, std::default_delete<seastar::task> >, std::allocator<std::unique_ptr<seastar::task, std::default_delete<seastar::task> > > >&) core/reactor.cc:2316
    #9 0x45cc46 in seastar::reactor::run() core/reactor.cc:2774
    #10 0xab585e in seastar::app_template::run_deprecated(int, char**, std::function<void ()>&&) core/app-template.cc:142
    #11 0x12193ba in main /home/sothy/netbricks/bitbucket/ofd/ofapp.cc:186
    #12 0x7f817eb9582f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

previously allocated by thread T0 here:
    #0 0x7f818389afb0 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc7fb0)
    #1 0x7f817f4d59e4 in fluid_msg::PacketOutCommon::data(void*, unsigned long) fluid/ofcommon/msg.cc:380

SUMMARY: AddressSanitizer: double-free (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc8630) in operator delete(void*)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
In summary,
std::vector<of10::PacketOut>  vec_packet_out=feature_response_process(std::move(featuresReply));

Within feature_response_process(), I create PacketOut one by one (within for loop) and add into vector.
PacketOutCommon::~PacketOutCommon() {
if (this->data_len_) {
::operator delete(this->data_);
}
}

As shown in line 307, ::operator delete(this->data_); In my understanding, vector keeps copy of PacketOut.

My question is that why this error comes?

Thanks again.

Best regards
Sothy
 


Reply all
Reply to author
Forward
0 new messages