Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG]: ASAN reports use after free in M::Init::createContext #272

Open
owenhilyard opened this issue Dec 19, 2024 · 1 comment
Open

[BUG]: ASAN reports use after free in M::Init::createContext #272

owenhilyard opened this issue Dec 19, 2024 · 1 comment
Labels
bug Something isn't working

Comments

@owenhilyard
Copy link

Bug description

I used LD_PRELOAD to inject libasan while trying to chase down some odd behavior, and what I found was that starting up MAX causes it to have a use after free. It's possible this is not a real use after free, but it does stop me from being able to use ASAN to debug anything using MAX.

==125165==ERROR: AddressSanitizer: heap-use-after-free on address 0x50c000551250 at pc 0x7f205cef5676 bp 0x7fff69ca7c70 sp 0x7fff69ca7430
READ of size 36 at 0x50c000551250 thread T0
    #0 0x7f205cef5675 in memcpy (/usr/lib64/libasan.so.8.0.0+0xf5675) (BuildId: a4ad7eb954b390cf00f07fa10952988a41d9fc7a)
    #1 0x7f1fe2e65a56 in std::__detail::__variant::__gen_vtable_impl<std::__detail::__variant::_Multi_array<std::__detail::__variant::__deduce_visit_result<std::variant<bool, int, unsigned int, long, double, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::vector<bool, std::allocator<bool> >, std::vector<int, std::allocator<int> >, std::vector<unsigned int, std::allocator<unsigned int> >, std::vector<long, std::allocator<long> >, std::vector<double, std::allocator<double> >, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >, unsigned long, std::vector<unsigned long, std::allocator<unsigned long> >, std::vector<unsigned char, std::allocator<unsigned char> > > > (*)(opentelemetry::v1::sdk::common::AttributeConverter&, std::variant<bool, int, long, unsigned int, double, char const*, std::basic_string_view<char, std::char_traits<char> >, opentelemetry::v1::nostd::span<bool const, 18446744073709551615ul>, opentelemetry::v1::nostd::span<int const, 18446744073709551615ul>, opentelemetry::v1::nostd::span<long const, 18446744073709551615ul>, opentelemetry::v1::nostd::span<unsigned int const, 18446744073709551615ul>, opentelemetry::v1::nostd::span<double const, 18446744073709551615ul>, opentelemetry::v1::nostd::span<std::basic_string_view<char, std::char_traits<char> > const, 18446744073709551615ul>, unsigned long, opentelemetry::v1::nostd::span<unsigned long const, 18446744073709551615ul>, opentelemetry::v1::nostd::span<unsigned char const, 18446744073709551615ul> > const&)>, std::integer_sequence<unsigned long, 6ul> >::__visit_invoke(opentelemetry::v1::sdk::common::AttributeConverter&, std::variant<bool, int, long, unsigned int, double, char const*, std::basic_string_view<char, std::char_traits<char> >, opentelemetry::v1::nostd::span<bool const, 18446744073709551615ul>, opentelemetry::v1::nostd::span<int const, 18446744073709551615ul>, opentelemetry::v1::nostd::span<long const, 18446744073709551615ul>, opentelemetry::v1::nostd::span<unsigned int const, 18446744073709551615ul>, opentelemetry::v1::nostd::span<double const, 18446744073709551615ul>, opentelemetry::v1::nostd::span<std::basic_string_view<char, std::char_traits<char> > const, 18446744073709551615ul>, unsigned long, opentelemetry::v1::nostd::span<unsigned long const, 18446744073709551615ul>, opentelemetry::v1::nostd::span<unsigned char const, 18446744073709551615ul> > const&) (/home/ohilyard/Documents/projects/mojo/max/examples/custom_ops/.magic/envs/default/lib/python3.12/site-packages/max/_driver/../lib/libmodular-framework-common.so+0x465a56) (BuildId: ee5989467e988b95)
    #2 0x7f1fe2e6375e in opentelemetry::v1::sdk::common::AttributeMap::SetAttribute(std::basic_string_view<char, std::char_traits<char> >, std::variant<bool, int, long, unsigned int, double, char const*, std::basic_string_view<char, std::char_traits<char> >, opentelemetry::v1::nostd::span<bool const, 18446744073709551615ul>, opentelemetry::v1::nostd::span<int const, 18446744073709551615ul>, opentelemetry::v1::nostd::span<long const, 18446744073709551615ul>, opentelemetry::v1::nostd::span<unsigned int const, 18446744073709551615ul>, opentelemetry::v1::nostd::span<double const, 18446744073709551615ul>, opentelemetry::v1::nostd::span<std::basic_string_view<char, std::char_traits<char> > const, 18446744073709551615ul>, unsigned long, opentelemetry::v1::nostd::span<unsigned long const, 18446744073709551615ul>, opentelemetry::v1::nostd::span<unsigned char const, 18446744073709551615ul> > const&) (/home/ohilyard/Documents/projects/mojo/max/examples/custom_ops/.magic/envs/default/lib/python3.12/site-packages/max/_driver/../lib/libmodular-framework-common.so+0x46375e) (BuildId: ee5989467e988b95)
    #3 0x7f1fe2e613e9 in M::Telemetry::TelemetryContext::TelemetryContext(M::Settings&, llvm::StringMap<std::variant<bool, int, long, unsigned int, double, llvm::StringRef, llvm::ArrayRef<bool>, llvm::ArrayRef<int>, llvm::ArrayRef<long>, llvm::ArrayRef<unsigned int>, llvm::ArrayRef<double>, unsigned long, llvm::ArrayRef<unsigned long>, llvm::ArrayRef<unsigned char> >, llvm::MallocAllocator> const&) (/home/ohilyard/Documents/projects/mojo/max/examples/custom_ops/.magic/envs/default/lib/python3.12/site-packages/max/_driver/../lib/libmodular-framework-common.so+0x4613e9) (BuildId: ee5989467e988b95)
    #4 0x7f1fe2e3ae34 in M::Telemetry::TelemetryContext& M::GenericUniquePtrSet::emplace<M::Telemetry::TelemetryContext, M::Settings&, llvm::StringMap<std::variant<bool, int, long, unsigned int, double, llvm::StringRef, llvm::ArrayRef<bool>, llvm::ArrayRef<int>, llvm::ArrayRef<long>, llvm::ArrayRef<unsigned int>, llvm::ArrayRef<double>, unsigned long, llvm::ArrayRef<unsigned long>, llvm::ArrayRef<unsigned char> >, llvm::MallocAllocator> const&>(M::Settings&, llvm::StringMap<std::variant<bool, int, long, unsigned int, double, llvm::StringRef, llvm::ArrayRef<bool>, llvm::ArrayRef<int>, llvm::ArrayRef<long>, llvm::ArrayRef<unsigned int>, llvm::ArrayRef<double>, unsigned long, llvm::ArrayRef<unsigned long>, llvm::ArrayRef<unsigned char> >, llvm::MallocAllocator> const&) (/home/ohilyard/Documents/projects/mojo/max/examples/custom_ops/.magic/envs/default/lib/python3.12/site-packages/max/_driver/../lib/libmodular-framework-common.so+0x43ae34) (BuildId: ee5989467e988b95)
    #5 0x7f1fe2e39abb in M::Init::createContext(llvm::StringRef, M::Init::Options const&) (/home/ohilyard/Documents/projects/mojo/max/examples/custom_ops/.magic/envs/default/lib/python3.12/site-packages/max/_driver/../lib/libmodular-framework-common.so+0x439abb) (BuildId: ee5989467e988b95)
    #6 0x7f1fe2df1cec in M::Engine::Context::create(M::Engine::Config const&) (/home/ohilyard/Documents/projects/mojo/max/examples/custom_ops/.magic/envs/default/lib/python3.12/site-packages/max/_driver/../lib/libmodular-framework-common.so+0x3f1cec) (BuildId: ee5989467e988b95)
    #7 0x7f1fe2dfb975 in M_newRuntimeContext (/home/ohilyard/Documents/projects/mojo/max/examples/custom_ops/.magic/envs/default/lib/python3.12/site-packages/max/_driver/../lib/libmodular-framework-common.so+0x3fb975) (BuildId: ee5989467e988b95)
    #8 0x7f203acd87d8 in M::core::InferenceSession::InferenceSession(pybind11::dict const&) (/home/ohilyard/Documents/projects/mojo/max/examples/custom_ops/.magic/envs/default/lib/python3.12/site-packages/max/_engine/core.cpython-312-x86_64-linux-gnu.so+0x587d8) (BuildId: 4643e43263f1e221)
    #9 0x7f203accec85 in _ZNO8pybind116detail15argument_loaderIJRNS0_16value_and_holderENS_4dictEEE9call_implIvRZNS0_8initimpl11constructorIJS4_EE7executeINS_6class_IN1M4core16InferenceSessionEJSt10shared_ptrISE_EEEEJNS_5arg_vEETnNSt9enable_ifIXntsrT_9has_aliasEiE4typeELi0EEEvRSK_DpRKT0_EUlS3_S4_E_JLm0ELm1EENS0_9void_typeEEESK_OT0_St16integer_sequenceImJXspT1_EEEOT2_ (/home/ohilyard/Documents/projects/mojo/max/examples/custom_ops/.magic/envs/default/lib/python3.12/site-packages/max/_engine/core.cpython-312-x86_64-linux-gnu.so+0x4ec85) (BuildId: 4643e43263f1e221)
    #10 0x7f203accebc6 in _ZZN8pybind1112cpp_function10initializeIZNS_6detail8initimpl11constructorIJNS_4dictEEE7executeINS_6class_IN1M4core16InferenceSessionEJSt10shared_ptrISB_EEEEJNS_5arg_vEETnNSt9enable_ifIXntsrT_9has_aliasEiE4typeELi0EEEvRSH_DpRKT0_EUlRNS2_16value_and_holderES5_E_vJSQ_S5_EJNS_4nameENS_9is_methodENS_7siblingENS2_24is_new_style_constructorESF_EEEvOSH_PFT0_DpT1_EDpRKT2_ENUlRNS2_13function_callEE_8__invokeES17_ (/home/ohilyard/Documents/projects/mojo/max/examples/custom_ops/.magic/envs/default/lib/python3.12/site-packages/max/_engine/core.cpython-312-x86_64-linux-gnu.so+0x4ebc6) (BuildId: 4643e43263f1e221)
    #11 0x7f203acaed7a in pybind11::cpp_function::dispatcher(_object*, _object*, _object*) (/home/ohilyard/Documents/projects/mojo/max/examples/custom_ops/.magic/envs/default/lib/python3.12/site-packages/max/_engine/core.cpython-312-x86_64-linux-gnu.so+0x2ed7a) (BuildId: 4643e43263f1e221)
    #12 0x55e15d7d0587 in cfunction_call /usr/local/src/conda/python-3.12.8/Objects/methodobject.c:537
    #13 0x55e15d7b075a in _PyObject_MakeTpCall /usr/local/src/conda/python-3.12.8/Objects/call.c:240
    #14 0x55e15d7fd776 in _PyObject_VectorcallTstate /usr/local/src/conda/python-3.12.8/Include/internal/pycore_call.h:90
    #15 0x55e15d7fd776 in _PyObject_VectorcallTstate /usr/local/src/conda/python-3.12.8/Include/internal/pycore_call.h:77
    #16 0x55e15d7fd776 in method_vectorcall /usr/local/src/conda/python-3.12.8/Objects/classobject.c:91
    #17 0x55e15d7de481 in slot_tp_init /usr/local/src/conda/python-3.12.8/Objects/typeobject.c:9035
    #18 0x55e15d7b0cb4 in type_call /usr/local/src/conda/python-3.12.8/Objects/typeobject.c:1679
    #19 0x7f203d8b3f5a in pybind11_meta_call (/home/ohilyard/Documents/projects/mojo/max/examples/custom_ops/.magic/envs/default/lib/python3.12/site-packages/max/_driver/core.cpython-312-x86_64-linux-gnu.so+0x22f5a) (BuildId: 2e40e50ec012d90e)
    #20 0x55e15d7b075a in _PyObject_MakeTpCall /usr/local/src/conda/python-3.12.8/Objects/call.c:240
    #21 0x55e15d6be6a0 in _PyEval_EvalFrameDefault Python/bytecodes.c:2715
    #22 0x55e15d7b33a1 in _PyObject_FastCallDictTstate /usr/local/src/conda/python-3.12.8/Objects/call.c:144
    #23 0x55e15d7de29b in _PyObject_Call_Prepend /usr/local/src/conda/python-3.12.8/Objects/call.c:508
    #24 0x55e15d7de29b in slot_tp_init /usr/local/src/conda/python-3.12.8/Objects/typeobject.c:9032
    #25 0x55e15d7b0713 in type_call /usr/local/src/conda/python-3.12.8/Objects/typeobject.c:1679
    #26 0x55e15d7b0713 in _PyObject_MakeTpCall /usr/local/src/conda/python-3.12.8/Objects/call.c:240
    #27 0x55e15d6be6a0 in _PyEval_EvalFrameDefault Python/bytecodes.c:2715
    #28 0x55e15d866740 in PyEval_EvalCode /usr/local/src/conda/python-3.12.8/Python/ceval.c:578
    #29 0x55e15d88af19 in run_eval_code_obj /usr/local/src/conda/python-3.12.8/Python/pythonrun.c:1722
    #30 0x55e15d885d34 in run_mod /usr/local/src/conda/python-3.12.8/Python/pythonrun.c:1743
    #31 0x55e15d89e77f in pyrun_file /usr/local/src/conda/python-3.12.8/Python/pythonrun.c:1643
    #32 0x55e15d89ddfd in _PyRun_SimpleFileObject /usr/local/src/conda/python-3.12.8/Python/pythonrun.c:433
    #33 0x55e15d89dac3 in _PyRun_AnyFileObject /usr/local/src/conda/python-3.12.8/Python/pythonrun.c:78
    #34 0x55e15d896dfd in pymain_run_file_obj /usr/local/src/conda/python-3.12.8/Modules/main.c:360
    #35 0x55e15d896dfd in pymain_run_file /usr/local/src/conda/python-3.12.8/Modules/main.c:379
    #36 0x55e15d896dfd in pymain_run_python /usr/local/src/conda/python-3.12.8/Modules/main.c:633
    #37 0x55e15d896dfd in Py_RunMain /usr/local/src/conda/python-3.12.8/Modules/main.c:713
    #38 0x55e15d8510c6 in Py_BytesMain /usr/local/src/conda/python-3.12.8/Modules/main.c:767
    #39 0x7f205cc38087 in __libc_start_call_main (/lib64/libc.so.6+0x2a087) (BuildId: b871aacf7b252210b87d2e5dbea81bda8ada61f1)
    #40 0x7f205cc3814a in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x2a14a) (BuildId: b871aacf7b252210b87d2e5dbea81bda8ada61f1)
    #41 0x55e15d850f70  (/home/ohilyard/Documents/projects/mojo/max/examples/custom_ops/.magic/envs/default/bin/python3.12+0x2a4f70)

0x50c000551250 is located 80 bytes inside of 120-byte region [0x50c000551200,0x50c000551278)
freed by thread T0 here:
    #0 0x7f205cef6638 in free.part.0 (/usr/lib64/libasan.so.8.0.0+0xf6638) (BuildId: a4ad7eb954b390cf00f07fa10952988a41d9fc7a)
    #1 0x7f1fe2e61328 in M::Telemetry::TelemetryContext::TelemetryContext(M::Settings&, llvm::StringMap<std::variant<bool, int, long, unsigned int, double, llvm::StringRef, llvm::ArrayRef<bool>, llvm::ArrayRef<int>, llvm::ArrayRef<long>, llvm::ArrayRef<unsigned int>, llvm::ArrayRef<double>, unsigned long, llvm::ArrayRef<unsigned long>, llvm::ArrayRef<unsigned char> >, llvm::MallocAllocator> const&) (/home/ohilyard/Documents/projects/mojo/max/examples/custom_ops/.magic/envs/default/lib/python3.12/site-packages/max/_driver/../lib/libmodular-framework-common.so+0x461328) (BuildId: ee5989467e988b95)
    #2 0x7f1fe2e3ae34 in M::Telemetry::TelemetryContext& M::GenericUniquePtrSet::emplace<M::Telemetry::TelemetryContext, M::Settings&, llvm::StringMap<std::variant<bool, int, long, unsigned int, double, llvm::StringRef, llvm::ArrayRef<bool>, llvm::ArrayRef<int>, llvm::ArrayRef<long>, llvm::ArrayRef<unsigned int>, llvm::ArrayRef<double>, unsigned long, llvm::ArrayRef<unsigned long>, llvm::ArrayRef<unsigned char> >, llvm::MallocAllocator> const&>(M::Settings&, llvm::StringMap<std::variant<bool, int, long, unsigned int, double, llvm::StringRef, llvm::ArrayRef<bool>, llvm::ArrayRef<int>, llvm::ArrayRef<long>, llvm::ArrayRef<unsigned int>, llvm::ArrayRef<double>, unsigned long, llvm::ArrayRef<unsigned long>, llvm::ArrayRef<unsigned char> >, llvm::MallocAllocator> const&) (/home/ohilyard/Documents/projects/mojo/max/examples/custom_ops/.magic/envs/default/lib/python3.12/site-packages/max/_driver/../lib/libmodular-framework-common.so+0x43ae34) (BuildId: ee5989467e988b95)
    #3 0x7f1fe2e39abb in M::Init::createContext(llvm::StringRef, M::Init::Options const&) (/home/ohilyard/Documents/projects/mojo/max/examples/custom_ops/.magic/envs/default/lib/python3.12/site-packages/max/_driver/../lib/libmodular-framework-common.so+0x439abb) (BuildId: ee5989467e988b95)
    #4 0x7f1fe2df1cec in M::Engine::Context::create(M::Engine::Config const&) (/home/ohilyard/Documents/projects/mojo/max/examples/custom_ops/.magic/envs/default/lib/python3.12/site-packages/max/_driver/../lib/libmodular-framework-common.so+0x3f1cec) (BuildId: ee5989467e988b95)
    #5 0x7f1fe2dfb975 in M_newRuntimeContext (/home/ohilyard/Documents/projects/mojo/max/examples/custom_ops/.magic/envs/default/lib/python3.12/site-packages/max/_driver/../lib/libmodular-framework-common.so+0x3fb975) (BuildId: ee5989467e988b95)
    #6 0x7f203acd87d8 in M::core::InferenceSession::InferenceSession(pybind11::dict const&) (/home/ohilyard/Documents/projects/mojo/max/examples/custom_ops/.magic/envs/default/lib/python3.12/site-packages/max/_engine/core.cpython-312-x86_64-linux-gnu.so+0x587d8) (BuildId: 4643e43263f1e221)
    #7 0x7f203accec85 in _ZNO8pybind116detail15argument_loaderIJRNS0_16value_and_holderENS_4dictEEE9call_implIvRZNS0_8initimpl11constructorIJS4_EE7executeINS_6class_IN1M4core16InferenceSessionEJSt10shared_ptrISE_EEEEJNS_5arg_vEETnNSt9enable_ifIXntsrT_9has_aliasEiE4typeELi0EEEvRSK_DpRKT0_EUlS3_S4_E_JLm0ELm1EENS0_9void_typeEEESK_OT0_St16integer_sequenceImJXspT1_EEEOT2_ (/home/ohilyard/Documents/projects/mojo/max/examples/custom_ops/.magic/envs/default/lib/python3.12/site-packages/max/_engine/core.cpython-312-x86_64-linux-gnu.so+0x4ec85) (BuildId: 4643e43263f1e221)
    #8 0x7f203accebc6 in _ZZN8pybind1112cpp_function10initializeIZNS_6detail8initimpl11constructorIJNS_4dictEEE7executeINS_6class_IN1M4core16InferenceSessionEJSt10shared_ptrISB_EEEEJNS_5arg_vEETnNSt9enable_ifIXntsrT_9has_aliasEiE4typeELi0EEEvRSH_DpRKT0_EUlRNS2_16value_and_holderES5_E_vJSQ_S5_EJNS_4nameENS_9is_methodENS_7siblingENS2_24is_new_style_constructorESF_EEEvOSH_PFT0_DpT1_EDpRKT2_ENUlRNS2_13function_callEE_8__invokeES17_ (/home/ohilyard/Documents/projects/mojo/max/examples/custom_ops/.magic/envs/default/lib/python3.12/site-packages/max/_engine/core.cpython-312-x86_64-linux-gnu.so+0x4ebc6) (BuildId: 4643e43263f1e221)
    #9 0x7f203acaed7a in pybind11::cpp_function::dispatcher(_object*, _object*, _object*) (/home/ohilyard/Documents/projects/mojo/max/examples/custom_ops/.magic/envs/default/lib/python3.12/site-packages/max/_engine/core.cpython-312-x86_64-linux-gnu.so+0x2ed7a) (BuildId: 4643e43263f1e221)
    #10 0x55e15d7d0587 in cfunction_call /usr/local/src/conda/python-3.12.8/Objects/methodobject.c:537

previously allocated by thread T0 here:
    #0 0x7f205cef7997 in malloc (/usr/lib64/libasan.so.8.0.0+0xf7997) (BuildId: a4ad7eb954b390cf00f07fa10952988a41d9fc7a)
    #1 0x7f1fe2f2bfb9 in llvm::WritableMemoryBuffer::getNewUninitMemBuffer(unsigned long, llvm::Twine const&, std::optional<llvm::Align>) (/home/ohilyard/Documents/projects/mojo/max/examples/custom_ops/.magic/envs/default/lib/python3.12/site-packages/max/_driver/../lib/libmodular-framework-common.so+0x52bfb9) (BuildId: ee5989467e988b95)
    #2 0x7f1fe2f2c320 in llvm::ErrorOr<std::unique_ptr<llvm::MemoryBuffer, std::default_delete<llvm::MemoryBuffer> > > getOpenFileImpl<llvm::MemoryBuffer>(int, llvm::Twine const&, unsigned long, unsigned long, long, bool, bool, std::optional<llvm::Align>) (/home/ohilyard/Documents/projects/mojo/max/examples/custom_ops/.magic/envs/default/lib/python3.12/site-packages/max/_driver/../lib/libmodular-framework-common.so+0x52c320) (BuildId: ee5989467e988b95)
    #3 0x7f1fe2f2be58 in llvm::ErrorOr<std::unique_ptr<llvm::MemoryBuffer, std::default_delete<llvm::MemoryBuffer> > > getFileAux<llvm::MemoryBuffer>(llvm::Twine const&, unsigned long, unsigned long, bool, bool, bool, std::optional<llvm::Align>) (/home/ohilyard/Documents/projects/mojo/max/examples/custom_ops/.magic/envs/default/lib/python3.12/site-packages/max/_driver/../lib/libmodular-framework-common.so+0x52be58) (BuildId: ee5989467e988b95)
    #4 0x7f1fe2f2bdc5 in llvm::MemoryBuffer::getFile(llvm::Twine const&, bool, bool, bool, std::optional<llvm::Align>) (/home/ohilyard/Documents/projects/mojo/max/examples/custom_ops/.magic/envs/default/lib/python3.12/site-packages/max/_driver/../lib/libmodular-framework-common.so+0x52bdc5) (BuildId: ee5989467e988b95)
    #5 0x7f1fe2e612b5 in M::Telemetry::TelemetryContext::TelemetryContext(M::Settings&, llvm::StringMap<std::variant<bool, int, long, unsigned int, double, llvm::StringRef, llvm::ArrayRef<bool>, llvm::ArrayRef<int>, llvm::ArrayRef<long>, llvm::ArrayRef<unsigned int>, llvm::ArrayRef<double>, unsigned long, llvm::ArrayRef<unsigned long>, llvm::ArrayRef<unsigned char> >, llvm::MallocAllocator> const&) (/home/ohilyard/Documents/projects/mojo/max/examples/custom_ops/.magic/envs/default/lib/python3.12/site-packages/max/_driver/../lib/libmodular-framework-common.so+0x4612b5) (BuildId: ee5989467e988b95)
    #6 0x7f1fe2e3ae34 in M::Telemetry::TelemetryContext& M::GenericUniquePtrSet::emplace<M::Telemetry::TelemetryContext, M::Settings&, llvm::StringMap<std::variant<bool, int, long, unsigned int, double, llvm::StringRef, llvm::ArrayRef<bool>, llvm::ArrayRef<int>, llvm::ArrayRef<long>, llvm::ArrayRef<unsigned int>, llvm::ArrayRef<double>, unsigned long, llvm::ArrayRef<unsigned long>, llvm::ArrayRef<unsigned char> >, llvm::MallocAllocator> const&>(M::Settings&, llvm::StringMap<std::variant<bool, int, long, unsigned int, double, llvm::StringRef, llvm::ArrayRef<bool>, llvm::ArrayRef<int>, llvm::ArrayRef<long>, llvm::ArrayRef<unsigned int>, llvm::ArrayRef<double>, unsigned long, llvm::ArrayRef<unsigned long>, llvm::ArrayRef<unsigned char> >, llvm::MallocAllocator> const&) (/home/ohilyard/Documents/projects/mojo/max/examples/custom_ops/.magic/envs/default/lib/python3.12/site-packages/max/_driver/../lib/libmodular-framework-common.so+0x43ae34) (BuildId: ee5989467e988b95)
    #7 0x7f1fe2e39abb in M::Init::createContext(llvm::StringRef, M::Init::Options const&) (/home/ohilyard/Documents/projects/mojo/max/examples/custom_ops/.magic/envs/default/lib/python3.12/site-packages/max/_driver/../lib/libmodular-framework-common.so+0x439abb) (BuildId: ee5989467e988b95)
    #8 0x7f1fe2df1cec in M::Engine::Context::create(M::Engine::Config const&) (/home/ohilyard/Documents/projects/mojo/max/examples/custom_ops/.magic/envs/default/lib/python3.12/site-packages/max/_driver/../lib/libmodular-framework-common.so+0x3f1cec) (BuildId: ee5989467e988b95)
    #9 0x7f1fe2dfb975 in M_newRuntimeContext (/home/ohilyard/Documents/projects/mojo/max/examples/custom_ops/.magic/envs/default/lib/python3.12/site-packages/max/_driver/../lib/libmodular-framework-common.so+0x3fb975) (BuildId: ee5989467e988b95)
    #10 0x7f203acd87d8 in M::core::InferenceSession::InferenceSession(pybind11::dict const&) (/home/ohilyard/Documents/projects/mojo/max/examples/custom_ops/.magic/envs/default/lib/python3.12/site-packages/max/_engine/core.cpython-312-x86_64-linux-gnu.so+0x587d8) (BuildId: 4643e43263f1e221)
    #11 0x7f203accec85 in _ZNO8pybind116detail15argument_loaderIJRNS0_16value_and_holderENS_4dictEEE9call_implIvRZNS0_8initimpl11constructorIJS4_EE7executeINS_6class_IN1M4core16InferenceSessionEJSt10shared_ptrISE_EEEEJNS_5arg_vEETnNSt9enable_ifIXntsrT_9has_aliasEiE4typeELi0EEEvRSK_DpRKT0_EUlS3_S4_E_JLm0ELm1EENS0_9void_typeEEESK_OT0_St16integer_sequenceImJXspT1_EEEOT2_ (/home/ohilyard/Documents/projects/mojo/max/examples/custom_ops/.magic/envs/default/lib/python3.12/site-packages/max/_engine/core.cpython-312-x86_64-linux-gnu.so+0x4ec85) (BuildId: 4643e43263f1e221)
    #12 0x7f203accebc6 in _ZZN8pybind1112cpp_function10initializeIZNS_6detail8initimpl11constructorIJNS_4dictEEE7executeINS_6class_IN1M4core16InferenceSessionEJSt10shared_ptrISB_EEEEJNS_5arg_vEETnNSt9enable_ifIXntsrT_9has_aliasEiE4typeELi0EEEvRSH_DpRKT0_EUlRNS2_16value_and_holderES5_E_vJSQ_S5_EJNS_4nameENS_9is_methodENS_7siblingENS2_24is_new_style_constructorESF_EEEvOSH_PFT0_DpT1_EDpRKT2_ENUlRNS2_13function_callEE_8__invokeES17_ (/home/ohilyard/Documents/projects/mojo/max/examples/custom_ops/.magic/envs/default/lib/python3.12/site-packages/max/_engine/core.cpython-312-x86_64-linux-gnu.so+0x4ebc6) (BuildId: 4643e43263f1e221)
    #13 0x7f203acaed7a in pybind11::cpp_function::dispatcher(_object*, _object*, _object*) (/home/ohilyard/Documents/projects/mojo/max/examples/custom_ops/.magic/envs/default/lib/python3.12/site-packages/max/_engine/core.cpython-312-x86_64-linux-gnu.so+0x2ed7a) (BuildId: 4643e43263f1e221)
    #14 0x55e15d7d0587 in cfunction_call /usr/local/src/conda/python-3.12.8/Objects/methodobject.c:537

SUMMARY: AddressSanitizer: heap-use-after-free (/usr/lib64/libasan.so.8.0.0+0xf5675) (BuildId: a4ad7eb954b390cf00f07fa10952988a41d9fc7a) in memcpy
Shadow bytes around the buggy address:
  0x50c000550f80: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
  0x50c000551000: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
  0x50c000551080: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x50c000551100: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
  0x50c000551180: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
=>0x50c000551200: fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd fd fa
  0x50c000551280: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x50c000551300: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x50c000551380: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x50c000551400: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x50c000551480: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==125165==ABORTING

Steps to reproduce

This particular stack trace comes from running the addition.py MAX example under asan with LD_PRELOAD=/usr/lib64/libasan.so.8.0.0 python3 ./addition.py. I'm getting libasan from the libasan-14.0.1-0.15.fc40.x86_64 package.

System information

- What OS did you do install MAX on ?

Fedora 40 (Linux 6.11.11-200.fc40.x86_64)

- Provide version information for MAX by pasting the output of max -v`
max 25.1.0.dev2024121705
- Provide version information for Mojo by pasting the output of mojo -v`
mojo 25.1.0.dev2024121705 (67a9f701)
- Provide Magic CLI version by pasting the output of `magic -v`
magic 0.4.0 - (based on pixi 0.33.0)
@owenhilyard owenhilyard added the bug Something isn't working label Dec 19, 2024
@ehsanmok
Copy link
Member

Thanks for reporting! To my knowledge, we've discussed this already and looks like a false positive. I'll circulate this internally in case.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ehsanmok @owenhilyard