Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-54352

UBSan: signed integer overflow in magma::LSMTreeStats::operator+=

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Major
    • Elixir
    • Elixir
    • storage-engine
    • None
    • Untriaged
    • 1
    • Unknown

    Description

      As seen during CV for an unrelated patch: http://cv.jenkins.couchbase.com/job/kv_engine.ASan-UBSan/job/master/32103/UndefinedBehaviourSanitizer/ (ASan + UBSan, DebugOptimized build):

      ...
      		 
      [ RUN      ] KVStoreParam/KVStoreParamTest.CompactAndScan/magma
      		 
      runtime error: signed integer overflow: 7310594991874794752 - -4702111234474983746 cannot be represented in type 'long'
      		 
       
      		 
          #0 0xa7e5e4 in std::common_type >, std::chrono::duration > >::type std::chrono::operator-, long, std::ratio<1l, 1l> >(std::chrono::duration > const&, std::chrono::duration > const&) /opt/gcc-10.2.0/lib/gcc/x86_64-pc-linux-gnu/10.2.0/../../../../include/c++/10.2.0/chrono:564:34
      		 
          #1 0x380367f in magma::LSMTreeStats::operator+=(magma::LSMTreeStats const&) /home/couchbase/jenkins/workspace/kv_engine.ASan-UBSan_master/magma/magma/db_stats.cc:771:48
      		 
          #2 0x3ad953e in magma::KVStore::GetKVStoreStats() /home/couchbase/jenkins/workspace/kv_engine.ASan-UBSan_master/magma/magma/kvstore/stats.cc:48:14
      		 
          #3 0x3804242 in magma::Magma::GetKVStoreStats(unsigned short) /home/couchbase/jenkins/workspace/kv_engine.ASan-UBSan_master/magma/magma/db_stats.cc:421:24
      		 
          #4 0x89d4f7 in MagmaMemoryTrackingProxy::GetKVStoreStats(unsigned short) /home/couchbase/jenkins/workspace/kv_engine.ASan-UBSan_master/kv_engine/engines/ep/src/kvstore/magma-kvstore/magma-memory-tracking-proxy.cc:294:19
      		 
          #5 0x89d0fd in MagmaKVStore::getDbFileInfo(Vbid) /home/couchbase/jenkins/workspace/kv_engine.ASan-UBSan_master/kv_engine/engines/ep/src/kvstore/magma-kvstore/magma-kvstore.cc:3540:37
      		 
          #6 0x88fafc in MagmaKVStore::compactDBInternal(std::unique_lock&, std::shared_ptr)::$_17::operator()(FileInfo&) const /home/couchbase/jenkins/workspace/kv_engine.ASan-UBSan_master/kv_engine/engines/ep/src/kvstore/magma-kvstore/magma-kvstore.cc:2528:23
      		 
          #7 0x88bf4e in MagmaKVStore::compactDBInternal(std::unique_lock&, std::shared_ptr) /home/couchbase/jenkins/workspace/kv_engine.ASan-UBSan_master/kv_engine/engines/ep/src/kvstore/magma-kvstore/magma-kvstore.cc:2531:5
      		 
          #8 0x88b8cb in MagmaKVStore::compactDB(std::unique_lock&, std::shared_ptr) /home/couchbase/jenkins/workspace/kv_engine.ASan-UBSan_master/kv_engine/engines/ep/src/kvstore/magma-kvstore/magma-kvstore.cc:2499:12
      		 
          #9 0x3006873 in KVStoreParamTest_CompactAndScan_Test::TestBody()::$_12::operator()() const /home/couchbase/jenkins/workspace/kv_engine.ASan-UBSan_master/build/../kv_engine/engines/ep/tests/module_tests/kvstore_test.cc:1062:13
      		 
          #10 0x7f10e17e12ef in execute_native_thread_routine /tmp/deploy/objdir/../gcc-10.2.0/libstdc++-v3/src/c++11/thread.cc:80:18
      		 
          #11 0x7f10e2b756da in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76da)
      		 
          #12 0x7f10e122361e in clone /build/glibc-CVJwZb/glibc-2.27/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95

      There's also a second instance during compaction:

      runtime error: signed integer overflow: 7310594991874794752 - -4702111234474983746 cannot be represented in type 'long'
      		 
       
      		 
          #0 0xa7e5e4 in std::common_type >, std::chrono::duration > >::type std::chrono::operator-, long, std::ratio<1l, 1l> >(std::chrono::duration > const&, std::chrono::duration > const&) /opt/gcc-10.2.0/lib/gcc/x86_64-pc-linux-gnu/10.2.0/../../../../include/c++/10.2.0/chrono:564:34
      		 
          #1 0x380367f in magma::LSMTreeStats::operator+=(magma::LSMTreeStats const&) /home/couchbase/jenkins/workspace/kv_engine.ASan-UBSan_master/magma/magma/db_stats.cc:771:48
      		 
          #2 0x3ad953e in magma::KVStore::GetKVStoreStats() /home/couchbase/jenkins/workspace/kv_engine.ASan-UBSan_master/magma/magma/kvstore/stats.cc:48:14
      		 
          #3 0x3804242 in magma::Magma::GetKVStoreStats(unsigned short) /home/couchbase/jenkins/workspace/kv_engine.ASan-UBSan_master/magma/magma/db_stats.cc:421:24
      		 
          #4 0x89d4f7 in MagmaMemoryTrackingProxy::GetKVStoreStats(unsigned short) /home/couchbase/jenkins/workspace/kv_engine.ASan-UBSan_master/kv_engine/engines/ep/src/kvstore/magma-kvstore/magma-memory-tracking-proxy.cc:294:19
      		 
          #5 0x89d0fd in MagmaKVStore::getDbFileInfo(Vbid) /home/couchbase/jenkins/workspace/kv_engine.ASan-UBSan_master/kv_engine/engines/ep/src/kvstore/magma-kvstore/magma-kvstore.cc:3540:37
      		 
          #6 0x88fafc in MagmaKVStore::compactDBInternal(std::unique_lock&, std::shared_ptr)::$_17::operator()(FileInfo&) const /home/couchbase/jenkins/workspace/kv_engine.ASan-UBSan_master/kv_engine/engines/ep/src/kvstore/magma-kvstore/magma-kvstore.cc:2528:23
      		 
          #7 0x88bf4e in MagmaKVStore::compactDBInternal(std::unique_lock&, std::shared_ptr) /home/couchbase/jenkins/workspace/kv_engine.ASan-UBSan_master/kv_engine/engines/ep/src/kvstore/magma-kvstore/magma-kvstore.cc:2531:5
      		 
          #8 0x88b8cb in MagmaKVStore::compactDB(std::unique_lock&, std::shared_ptr) /home/couchbase/jenkins/workspace/kv_engine.ASan-UBSan_master/kv_engine/engines/ep/src/kvstore/magma-kvstore/magma-kvstore.cc:2499:12
      		 
          #9 0x2fd1f96 in KVStoreParamTestSkipRocks_ListPersistedVBucketsPurgeSeqnoAfterRestart_Test::TestBody() /home/couchbase/jenkins/workspace/kv_engine.ASan-UBSan_master/build/../kv_engine/engines/ep/tests/module_tests/kvstore_test.cc:800:13
      		 
          #10 0x3648ca9 in void testing::internal::HandleSehExceptionsInMethodIfSupported(testing::Test*, void (testing::Test::*)(), char const*) /home/couchbase/jenkins/workspace/cbdeps-platform-build-old/deps/packages/build/googletest/googletest-prefix/src/googletest/googletest/src/gtest.cc:2607
      		 
          #11 0x3648ca9 in void testing::internal::HandleExceptionsInMethodIfSupported(testing::Test*, void (testing::Test::*)(), char const*) /home/couchbase/jenkins/workspace/cbdeps-platform-build-old/deps/packages/build/googletest/googletest-prefix/src/googletest/googletest/src/gtest.cc:2643
      		 
          #12 0x363d91f in testing::Test::Run() (.part.647) /home/couchbase/jenkins/workspace/cbdeps-platform-build-old/deps/packages/build/googletest/googletest-prefix/src/googletest/googletest/src/gtest.cc:2682
      		 
          #13 0x363db51 in testing::Test::Run() /home/couchbase/jenkins/workspace/cbdeps-platform-build-old/deps/packages/build/googletest/googletest-prefix/src/googletest/googletest/src/gtest.cc:2673
      		 
          #14 0x363db51 in testing::TestInfo::Run() (.part.648) /home/couchbase/jenkins/workspace/cbdeps-platform-build-old/deps/packages/build/googletest/googletest-prefix/src/googletest/googletest/src/gtest.cc:2861
      		 
          #15 0x363e21e in testing::TestInfo::Run() /home/couchbase/jenkins/workspace/cbdeps-platform-build-old/deps/packages/build/googletest/googletest-prefix/src/googletest/googletest/src/gtest.cc:2834
      		 
          #16 0x363e21e in testing::TestSuite::Run() (.part.649) /home/couchbase/jenkins/workspace/cbdeps-platform-build-old/deps/packages/build/googletest/googletest-prefix/src/googletest/googletest/src/gtest.cc:3015
      		 
          #17 0x363fa24 in testing::TestSuite::Run() /home/couchbase/jenkins/workspace/cbdeps-platform-build-old/deps/packages/build/googletest/googletest-prefix/src/googletest/googletest/src/gtest.cc:3041
      		 
          #18 0x363fa24 in testing::internal::UnitTestImpl::RunAllTests() /home/couchbase/jenkins/workspace/cbdeps-platform-build-old/deps/packages/build/googletest/googletest-prefix/src/googletest/googletest/src/gtest.cc:5855
      		 
          #19 0x3649159 in bool testing::internal::HandleSehExceptionsInMethodIfSupported(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /home/couchbase/jenkins/workspace/cbdeps-platform-build-old/deps/packages/build/googletest/googletest-prefix/src/googletest/googletest/src/gtest.cc:2607
      		 
          #20 0x3649159 in bool testing::internal::HandleExceptionsInMethodIfSupported(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /home/couchbase/jenkins/workspace/cbdeps-platform-build-old/deps/packages/build/googletest/googletest-prefix/src/googletest/googletest/src/gtest.cc:2643
      		 
          #21 0x363dc51 in testing::UnitTest::Run() /home/couchbase/jenkins/workspace/cbdeps-platform-build-old/deps/packages/build/googletest/googletest-prefix/src/googletest/googletest/src/gtest.cc:5438
      		 
          #22 0x2616ba4 in main /home/couchbase/jenkins/workspace/kv_engine.ASan-UBSan_master/build/../kv_engine/engines/ep/tests/module_tests/ep_unit_tests_main.cc:170:16
      		 
          #23 0x7f37a44d1c86 in __libc_start_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310
      		 
          #24 0x5e66b9 in _start (/home/couchbase/jenkins/workspace/kv_engine.ASan-UBSan_master/build/kv_engine/ep-engine_ep_unit_tests+0x5e66b9)

      Steps to Reproduce

      Either run above CV job, or ctest -R ep-engine_ep_unit_tests.KVStoreParam/KVStoreParamTest after enabling UndefinedSanitizer.

      Attachments

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. MB-55652 UBSan: signed integer overflow in LSMTreeStats::Merge

          • Major - Major loss of function.
          • Closed
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              rohan.suri Rohan Suri
              drigby Dave Rigby
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                PagerDuty