connectedhomeip icon indicating copy to clipboard operation
connectedhomeip copied to clipboard

Published 20 hours ago verified publisher icon project-chip

ASAN failure during unit tests storing fabric info

Open bzbarsky-apple opened this issue 3 years ago • 1 comments

https://github.com/project-chip/connectedhomeip/runs/4558860959?check_suite_focus=true shows an ASAN failure. It's based on master commit 9338395fb503eb3df4bdc40c28ea987de0e5f582 in terms of the code inspection below.

Problem

ASAN output: 
;; This buffer is for text that is not saved, and for Lisp evaluation.
;; To create a file, visit it with C-x C-f and enter text in its buffer.

AddressSanitizer:DEADLYSIGNAL
=================================================================
==40593==ERROR: AddressSanitizer: SEGV on unknown address 0x000253000048 (pc 0x7fff2031841f bp 0x7000054d6470 sp 0x7000054d61d8 T1)
==40593==The signal is caused by a READ memory access.
    #0 0x7fff2031841f in objc_release+0x1f (libobjc.A.dylib:x86_64+0x841f)
    #1 0x105798943 in chip::DeviceLayer::PersistedStorage::KeyValueStoreManager::Put(char const*, void const*, unsigned long) KeyValueStoreManager.h:222
    #2 0x10579808c in chip::Server::ServerStorageDelegate::SyncSetKeyValue(char const*, void const*, unsigned short) Server.h:108
    #3 0x105798582 in chip::Server::ServerStorageDelegate::SyncStore(unsigned char, char const*, void const*, unsigned short) Server.h:122
    #4 0x105798778 in non-virtual thunk to chip::Server::ServerStorageDelegate::SyncStore(unsigned char, char const*, void const*, unsigned short) Server.h
    #5 0x1056e44d9 in chip::FabricInfo::CommitToStorage(chip::FabricStorage*) FabricTable.cpp:108
    #6 0x1056eaafd in chip::FabricTable::Store(unsigned char) FabricTable.cpp:450
    #7 0x10543f1e2 in emberAfOperationalCredentialsClusterAddNOCCallback(chip::app::CommandHandler*, chip::app::ConcreteCommandPath const&, chip::app::Clusters::OperationalCredentials::Commands::AddNOC::DecodableType const&) operational-credentials-server.cpp:454
    #8 0x105495d4f in chip::app::Clusters::OperationalCredentials::DispatchServerCommand(chip::app::CommandHandler*, chip::app::ConcreteCommandPath const&, chip::TLV::TLVReader&) IMClusterCommandHandler.cpp:1265
    #9 0x10549bfdb in chip::app::DispatchSingleClusterCommand(chip::app::ConcreteCommandPath const&, chip::TLV::TLVReader&, chip::app::CommandHandler*) IMClusterCommandHandler.cpp:1899
    #10 0x1054ccde5 in chip::app::InteractionModelEngine::DispatchCommand(chip::app::CommandHandler&, chip::app::ConcreteCommandPath const&, chip::TLV::TLVReader&) InteractionModelEngine.cpp:598
    #11 0x1054af712 in chip::app::CommandHandler::ProcessCommandDataIB(chip::app::CommandDataIB::Parser&) CommandHandler.cpp:288
    #12 0x1054ad9e3 in chip::app::CommandHandler::ProcessInvokeRequest(chip::System::PacketBufferHandle&&, bool) CommandHandler.cpp:130
    #13 0x1054ac79f in chip::app::CommandHandler::OnInvokeCommandRequest(chip::Messaging::ExchangeContext*, chip::PayloadHeader const&, chip::System::PacketBufferHandle&&, bool) CommandHandler.cpp:79
    #14 0x1054c8419 in chip::app::InteractionModelEngine::OnInvokeCommandRequest(chip::Messaging::ExchangeContext*, chip::PayloadHeader const&, chip::System::PacketBufferHandle&&, bool, chip::Protocols::InteractionModel::Status&) InteractionModelEngine.cpp:281
    #15 0x1054cae91 in chip::app::InteractionModelEngine::OnMessageReceived(chip::Messaging::ExchangeContext*, chip::PayloadHeader const&, chip::System::PacketBufferHandle&&) InteractionModelEngine.cpp:420
    #16 0x1055b2c53 in chip::Messaging::ExchangeContext::HandleMessage(unsigned int, chip::PayloadHeader const&, chip::Transport::PeerAddress const&, chip::BitFlags<chip::Messaging::MessageFlagValues, unsigned int>, chip::System::PacketBufferHandle&&) ExchangeContext.cpp:486
    #17 0x1055bb959 in chip::Messaging::ExchangeManager::OnMessageReceived(chip::PacketHeader const&, chip::PayloadHeader const&, chip::SessionHandle const&, chip::Transport::PeerAddress const&, chip::SessionMessageDelegate::DuplicateMessage, chip::System::PacketBufferHandle&&) ExchangeMgr.cpp:308
    #18 0x1055fd74a in chip::SessionManager::SecureUnicastMessageDispatch(chip::PacketHeader const&, chip::Transport::PeerAddress const&, chip::System::PacketBufferHandle&&) SessionManager.cpp:535
    #19 0x1055fc51c in chip::SessionManager::OnMessageReceived(chip::Transport::PeerAddress const&, chip::System::PacketBufferHandle&&) SessionManager.cpp:378
    #20 0x10560d287 in chip::TransportMgrBase::HandleMessageReceived(chip::Transport::PeerAddress const&, chip::System::PacketBufferHandle&&) TransportMgrBase.cpp:71
    #21 0x10571f9fa in chip::Transport::Base::HandleMessageReceived(chip::Transport::PeerAddress const&, chip::System::PacketBufferHandle&&) Base.h:102
    #22 0x10571f0db in chip::Transport::UDP::OnUdpReceive(chip::Inet::UDPEndPoint*, chip::System::PacketBufferHandle&&, chip::Inet::IPPacketInfo const*) UDP.cpp:120
    #23 0x105569164 in chip::Inet::UDPEndPointImplSockets::HandlePendingIO(chip::BitFlags<chip::System::SocketEventFlags, unsigned char>) UDPEndPointImplSockets.cpp:688
    #24 0x10556753b in invocation function for block in chip::Inet::UDPEndPointImplSockets::BindImpl(chip::Inet::IPAddressType, chip::Inet::IPAddress const&, unsigned short, chip::Inet::InterfaceId) UDPEndPointImplSockets.cpp:218
    #25 0x105f31b5a in __wrap_dispatch_source_set_event_handler_block_invoke+0xca (libclang_rt.asan_osx_dynamic.dylib:x86_64+0x43b5a)
    #26 0x7fff202ce805 in _dispatch_client_callout+0x7 (libdispatch.dylib:x86_64+0x3805)
    #27 0x7fff202d11af in _dispatch_continuation_pop+0x1a6 (libdispatch.dylib:x86_64+0x61af)
    #28 0x7fff202e1563 in _dispatch_source_invoke+0x80c (libdispatch.dylib:x86_64+0x16563)
    #29 0x7fff202d4492 in _dispatch_lane_serial_drain+0x106 (libdispatch.dylib:x86_64+0x9492)
    #30 0x7fff202d50ac in _dispatch_lane_invoke+0x16d (libdispatch.dylib:x86_64+0xa0ac)
    #31 0x7fff202dec0c in _dispatch_workloop_worker_thread+0x32a (libdispatch.dylib:x86_64+0x13c0c)
    #32 0x7fff2047545c in _pthread_wqthread+0x139 (libsystem_pthread.dylib:x86_64+0x345c)
    #33 0x7fff2047442e in start_wqthread+0xe (libsystem_pthread.dylib:x86_64+0x242e)

==40593==Register values:
rax = 0x000000025300002e  rbx = 0x00007000054d6280  rcx = 0x0000000253000028  rdx = 0x00000001057bfc00  
rdi = 0x0000608000018820  rsi = 0x0000000000000000  rbp = 0x00007000054d6470  rsp = 0x00007000054d61d8  
 r8 = 0x0000000000000001   r9 = 0x0000000000000000  r10 = 0x00007000054d4d00  r11 = 0x0000000000000206  
r12 = 0x0000000000000000  r13 = 0x000000010a804180  r14 = 0x000060400001bb10  r15 = 0x0000000000000110  
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (libobjc.A.dylib:x86_64+0x841f) in objc_release+0x1f
Thread T1 created by T0 here:
    <empty stack>

==40593==ABORTING

Proposed Solution

Not sure yet. Trying to figure out which value was garbage....

bzbarsky-apple avatar Dec 17 '21 17:12 bzbarsky-apple

The relevant code has changed significantly, so not sure how useful this is at this point.

@tcarmelveilleux thoughts?

bzbarsky-apple avatar Jun 28 '22 19:06 bzbarsky-apple

Issue Scrub: Per @tcarmelveilleux we don't believe this is an issue anymore.

woody-apple avatar Nov 02 '22 17:11 woody-apple