AddressSanitizer: stack-buffer-underflow in `BlobStore::write`

[JaySon-Huang]

Bug Report

Please answer these questions before submitting your issue. Thanks!

1. Minimal reproduce step (Required)

# Only available under Linux
> cat ../tests/sanitize/asan.suppression
leak:fiu_enable

> cmake -DCMAKE_BUILD_TYPE=ASan -DENABLE_TESTS=ON -GNinja ..
> ninja -j16 gtests_dbms && LSAN_OPTIONS=suppressions=../tests/sanitize/asan.suppression ./dbms/gtests_dbms --gtest_filter='*PageDirectoryTest*:*PageDirectoryGCTest*:*VersionedEntriesTest*:*LogFileRWTest*:*WALSeriTest*:*WALStoreTest*:*WALLognameTest*:*WALLognameSetTest*:*PageStorageWith2PagesTest*:*PageStorageTest*:*SpaceMapTest*:*BlobStoreTest*:*BlobStoreStatsTest*'

2. What did you expect to see? (Required)

3. What did you see instead (Required)

[ RUN      ] BlobStoreTest.testBlobStoreGcStats
[2022/02/16 17:46:59.778 +08:00] [DEBUG] [BlobStore.cpp:769] ["BlobStore:Created a new BlobStat [blob_id=1]"] [thread_id=1]
=================================================================
==119854==ERROR: AddressSanitizer: stack-buffer-underflow on address 0x7fff87638880 at pc 0x000005806bb7 bp 0x7fff87638870 sp 0x7fff87638038
READ of size 1024 at 0x7fff87638880 thread T0
    #0 0x5806bb6 in __asan_memcpy /root/llvm-project/compiler-rt/lib/asan/asan_interceptors_memintrinsics.cpp:22:3
    #1 0x5976515 in DB::ReadBuffer::read(char*, unsigned long) /DATA/disk1/jaysonhuang/tics/dbms/src/IO/ReadBuffer.h:135:13
    #2 0x5976515 in DB::ReadBuffer::readStrict(char*, unsigned long) /DATA/disk1/jaysonhuang/tics/dbms/src/IO/ReadBuffer.h:146:18
    #3 0xc73d710 in DB::PS::V3::BlobStore::write(DB::WriteBatch&, std::__1::shared_ptr<DB::WriteLimiter> const&) /DATA/disk1/jaysonhuang/tics/dbms/src/Storages/Page/V3/BlobStore.cpp:118:32
    #4 0x8f3b78f in DB::PS::V3::tests::BlobStoreTest_testBlobStoreGcStats_Test::TestBody() /DATA/disk1/jaysonhuang/tics/dbms/src/Storages/Page/V3/tests/gtest_blob_store.cpp:707:28
    #5 0x191504f0 in void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2401:10
    #6 0x191504f0 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2437:14
    #7 0x19100a88 in testing::Test::Run() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2473:5
    #8 0x19103b97 in testing::TestInfo::Run() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2655:11
    #9 0x191050ff in testing::TestCase::Run() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2773:28
    #10 0x191202f8 in testing::internal::UnitTestImpl::RunAllTests() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:4673:43
    #11 0x19152520 in bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2401:10
    #12 0x19152520 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2437:14
    #13 0x1911ef1a in testing::UnitTest::Run() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:4281:10
    #14 0x93efc1a in RUN_ALL_TESTS() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/include/gtest/gtest.h:2237:46
    #15 0x93efc1a in main /DATA/disk1/jaysonhuang/tics/dbms/src/TestUtils/gtests_dbms_main.cpp:22:16
    #16 0x7f0a8439d554 in __libc_start_main (/lib64/libc.so.6+0x22554)
    #17 0x578b268 in _start (/DATA/disk1/jaysonhuang/tics/cmake-build-asan/dbms/gtests_dbms+0x578b268)

Address 0x7fff87638880 is located in stack of thread T0 at offset 0 in frame
    #0 0x59762df in DB::ReadBuffer::readStrict(char*, unsigned long) /DATA/disk1/jaysonhuang/tics/dbms/src/IO/ReadBuffer.h:145

  This frame has 1 object(s):
    [32, 56) 'ref.tmp' (line 147) <== Memory access at offset 0 partially underflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-underflow /root/llvm-project/compiler-rt/lib/asan/asan_interceptors_memintrinsics.cpp:22:3 in __asan_memcpy
Shadow bytes around the buggy address:
  0x100070ebf0c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100070ebf0d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100070ebf0e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100070ebf0f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100070ebf100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x100070ebf110:[f1]f1 f1 f1 f8 f8 f8 f3 f3 f3 f3 f3 00 00 00 00
  0x100070ebf120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100070ebf130: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 f8 f8 f8 f8
  0x100070ebf140: f8 f8 f2 f2 f2 f2 f8 f8 f8 f8 f2 f2 f2 f2 f8 f8
  0x100070ebf150: f2 f2 f8 f8 f2 f2 f8 f8 f2 f2 00 f2 f2 f2 f8 f8
  0x100070ebf160: f8 f2 f2 f2 f2 f2 f8 f8 f8 f8 f8 f8 f8 f8 f2 f2
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==119854==ABORTING

[ RUN      ] BlobStoreTest.testBlobStoreGcStats2
[2022/02/16 17:50:21.680 +08:00] [DEBUG] [BlobStore.cpp:769] ["BlobStore:Created a new BlobStat [blob_id=1]"] [thread_id=1]
=================================================================
==122799==ERROR: AddressSanitizer: stack-buffer-underflow on address 0x7ffc65888040 at pc 0x000005806bb7 bp 0x7ffc65888030 sp 0x7ffc658877f8
READ of size 1024 at 0x7ffc65888040 thread T0
    #0 0x5806bb6 in __asan_memcpy /root/llvm-project/compiler-rt/lib/asan/asan_interceptors_memintrinsics.cpp:22:3
    #1 0x5976515 in DB::ReadBuffer::read(char*, unsigned long) /DATA/disk1/jaysonhuang/tics/dbms/src/IO/ReadBuffer.h:135:13
    #2 0x5976515 in DB::ReadBuffer::readStrict(char*, unsigned long) /DATA/disk1/jaysonhuang/tics/dbms/src/IO/ReadBuffer.h:146:18
    #3 0xc73d710 in DB::PS::V3::BlobStore::write(DB::WriteBatch&, std::__1::shared_ptr<DB::WriteLimiter> const&) /DATA/disk1/jaysonhuang/tics/dbms/src/Storages/Page/V3/BlobStore.cpp:118:32
    #4 0x8f42223 in DB::PS::V3::tests::BlobStoreTest_testBlobStoreGcStats2_Test::TestBody() /DATA/disk1/jaysonhuang/tics/dbms/src/Storages/Page/V3/tests/gtest_blob_store.cpp:790:28
    #5 0x191504f0 in void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2401:10
    #6 0x191504f0 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2437:14
    #7 0x19100a88 in testing::Test::Run() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2473:5
    #8 0x19103b97 in testing::TestInfo::Run() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2655:11
    #9 0x191050ff in testing::TestCase::Run() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2773:28
    #10 0x191202f8 in testing::internal::UnitTestImpl::RunAllTests() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:4673:43
    #11 0x19152520 in bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2401:10
    #12 0x19152520 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2437:14
    #13 0x1911ef1a in testing::UnitTest::Run() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:4281:10
    #14 0x93efc1a in RUN_ALL_TESTS() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/include/gtest/gtest.h:2237:46
    #15 0x93efc1a in main /DATA/disk1/jaysonhuang/tics/dbms/src/TestUtils/gtests_dbms_main.cpp:22:16
    #16 0x7f2db8a32554 in __libc_start_main (/lib64/libc.so.6+0x22554)
    #17 0x578b268 in _start (/DATA/disk1/jaysonhuang/tics/cmake-build-asan/dbms/gtests_dbms+0x578b268)

Address 0x7ffc65888040 is located in stack of thread T0 at offset 0 in frame
    #0 0x59762df in DB::ReadBuffer::readStrict(char*, unsigned long) /DATA/disk1/jaysonhuang/tics/dbms/src/IO/ReadBuffer.h:145

  This frame has 1 object(s):
    [32, 56) 'ref.tmp' (line 147) <== Memory access at offset 0 partially underflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-underflow /root/llvm-project/compiler-rt/lib/asan/asan_interceptors_memintrinsics.cpp:22:3 in __asan_memcpy
Shadow bytes around the buggy address:
  0x10000cb08fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10000cb08fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10000cb08fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10000cb08fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10000cb08ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x10000cb09000: 00 00 00 00 00 00 00 00[f1]f1 f1 f1 f8 f8 f8 f3
  0x10000cb09010: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
  0x10000cb09020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10000cb09030: f1 f1 f1 f1 f8 f8 f8 f8 f8 f8 f2 f2 f2 f2 f8 f8
  0x10000cb09040: f8 f8 f2 f2 f2 f2 f8 f8 f2 f2 f8 f8 f2 f2 f8 f8
  0x10000cb09050: f2 f2 00 f2 f2 f2 f8 f8 f8 f2 f2 f2 f2 f2 f8 f8
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==122799==ABORTING

4. What is your TiFlash version? (Required)

[JaySon-Huang]

[ RUN      ] PageStorageTest.MultipleWriteRead
[2022/02/16 17:51:28.297 +08:00] [INFO] [WALStore.cpp:124] ["WALStore:Creating log file for writing [fullname=/DATA/disk1/jaysonhuang/tics/cmake-build-asan/tmp/PageStorageTest.MultipleWriteRead/log_1_0]"] [thread_id=1]
[2022/02/16 17:51:28.298 +08:00] [DEBUG] [BlobStore.cpp:769] ["BlobStore:Created a new BlobStat [blob_id=1]"] [thread_id=1]
=================================================================
==124486==ERROR: AddressSanitizer: heap-use-after-free on address 0x7f292c287800 at pc 0x000005806bb7 bp 0x7ffda561c3b0 sp 0x7ffda561bb78
READ of size 2098933 at 0x7f292c287800 thread T0
    #0 0x5806bb6 in __asan_memcpy /root/llvm-project/compiler-rt/lib/asan/asan_interceptors_memintrinsics.cpp:22:3
    #1 0x5976515 in DB::ReadBuffer::read(char*, unsigned long) /DATA/disk1/jaysonhuang/tics/dbms/src/IO/ReadBuffer.h:135:13
    #2 0x5976515 in DB::ReadBuffer::readStrict(char*, unsigned long) /DATA/disk1/jaysonhuang/tics/dbms/src/IO/ReadBuffer.h:146:18
    #3 0xc73d710 in DB::PS::V3::BlobStore::write(DB::WriteBatch&, std::__1::shared_ptr<DB::WriteLimiter> const&) /DATA/disk1/jaysonhuang/tics/dbms/src/Storages/Page/V3/BlobStore.cpp:118:32
    #4 0xc78cada in DB::PS::V3::PageStorageImpl::write(DB::WriteBatch&&, std::__1::shared_ptr<DB::WriteLimiter> const&) /DATA/disk1/jaysonhuang/tics/dbms/src/Storages/Page/V3/PageStorageImpl.cpp:80:28
    #5 0x9039ec8 in DB::PS::V3::PageStorageImpl::write(DB::WriteBatch&&) /DATA/disk1/jaysonhuang/tics/dbms/src/Storages/Page/V3/PageStorageImpl.h:55:47
    #6 0x9039ec8 in DB::PS::V3::tests::PageStorageTest_MultipleWriteRead_Test::TestBody() /DATA/disk1/jaysonhuang/tics/dbms/src/Storages/Page/V3/tests/gtest_page_storage.cpp:203:23
    #7 0x191504f0 in void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2401:10
    #8 0x191504f0 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2437:14
    #9 0x19100a88 in testing::Test::Run() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2473:5
    #10 0x19103b97 in testing::TestInfo::Run() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2655:11
    #11 0x191050ff in testing::TestCase::Run() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2773:28
    #12 0x191202f8 in testing::internal::UnitTestImpl::RunAllTests() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:4673:43
    #13 0x19152520 in bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2401:10
    #14 0x19152520 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2437:14
    #15 0x1911ef1a in testing::UnitTest::Run() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:4281:10
    #16 0x93efc1a in RUN_ALL_TESTS() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/include/gtest/gtest.h:2237:46
    #17 0x93efc1a in main /DATA/disk1/jaysonhuang/tics/dbms/src/TestUtils/gtests_dbms_main.cpp:22:16
    #18 0x7f292dfbb554 in __libc_start_main (/lib64/libc.so.6+0x22554)
    #19 0x578b268 in _start (/DATA/disk1/jaysonhuang/tics/cmake-build-asan/dbms/gtests_dbms+0x578b268)

0x7f292c287800 is located 0 bytes inside of 2098933-byte region [0x7f292c287800,0x7f292c487ef5)
freed by thread T0 here:
    #0 0x5807592 in free /root/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:111:3
    #1 0x8eeeaf1 in std::__1::__function::__value_func<void (char*)>::operator()(char*&&) const /opt/tiflash-env/sysroot/bin/../include/c++/v1/__functional/function.h:498:16
    #2 0x8eeeaf1 in std::__1::function<void (char*)>::operator()(char*) const /opt/tiflash-env/sysroot/bin/../include/c++/v1/__functional/function.h:1175:12
    #3 0x8eeeaf1 in std::__1::__shared_ptr_pointer<char*, std::__1::function<void (char*)>, std::__1::allocator<char> >::__on_zero_shared() /opt/tiflash-env/sysroot/bin/../include/c++/v1/__memory/shared_ptr.h:267:5
    #4 0x90399a6 in std::__1::__shared_count::__release_shared() /opt/tiflash-env/sysroot/bin/../include/c++/v1/__memory/shared_ptr.h:177:9
    #5 0x90399a6 in std::__1::__shared_weak_count::__release_shared() /opt/tiflash-env/sysroot/bin/../include/c++/v1/__memory/shared_ptr.h:219:27
    #6 0x90399a6 in std::__1::shared_ptr<char>::~shared_ptr() /opt/tiflash-env/sysroot/bin/../include/c++/v1/__memory/shared_ptr.h:959:19
    #7 0x90399a6 in DB::PS::V3::tests::PageStorageTest_MultipleWriteRead_Test::TestBody()::$_0::operator()() const /DATA/disk1/jaysonhuang/tics/dbms/src/Storages/Page/V3/tests/gtest_page_storage.cpp:197:13
    #8 0x90399a6 in DB::PS::V3::tests::PageStorageTest_MultipleWriteRead_Test::TestBody() /DATA/disk1/jaysonhuang/tics/dbms/src/Storages/Page/V3/tests/gtest_page_storage.cpp:183:21
    #9 0x191504f0 in void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2401:10
    #10 0x191504f0 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2437:14
    #11 0x19100a88 in testing::Test::Run() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2473:5
    #12 0x19103b97 in testing::TestInfo::Run() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2655:11
    #13 0x191050ff in testing::TestCase::Run() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2773:28
    #14 0x191202f8 in testing::internal::UnitTestImpl::RunAllTests() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:4673:43
    #15 0x19152520 in bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2401:10
    #16 0x19152520 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2437:14
    #17 0x1911ef1a in testing::UnitTest::Run() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:4281:10
    #18 0x93efc1a in RUN_ALL_TESTS() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/include/gtest/gtest.h:2237:46
    #19 0x93efc1a in main /DATA/disk1/jaysonhuang/tics/dbms/src/TestUtils/gtests_dbms_main.cpp:22:16
    #20 0x7f292dfbb554 in __libc_start_main (/lib64/libc.so.6+0x22554)

previously allocated by thread T0 here:
    #0 0x58077fd in malloc /root/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:129:3
    #1 0x90397bf in DB::PS::V3::tests::PageStorageTest_MultipleWriteRead_Test::TestBody()::$_0::operator()() const /DATA/disk1/jaysonhuang/tics/dbms/src/Storages/Page/V3/tests/gtest_page_storage.cpp:189:47
    #2 0x90397bf in DB::PS::V3::tests::PageStorageTest_MultipleWriteRead_Test::TestBody() /DATA/disk1/jaysonhuang/tics/dbms/src/Storages/Page/V3/tests/gtest_page_storage.cpp:183:21
    #3 0x191504f0 in void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2401:10
    #4 0x191504f0 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2437:14
    #5 0x19100a88 in testing::Test::Run() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2473:5
    #6 0x19103b97 in testing::TestInfo::Run() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2655:11
    #7 0x191050ff in testing::TestCase::Run() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2773:28
    #8 0x191202f8 in testing::internal::UnitTestImpl::RunAllTests() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:4673:43
    #9 0x19152520 in bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2401:10
    #10 0x19152520 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:2437:14
    #11 0x1911ef1a in testing::UnitTest::Run() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/src/gtest.cc:4281:10
    #12 0x93efc1a in RUN_ALL_TESTS() /DATA/disk1/jaysonhuang/tics/contrib/googletest/googletest/include/gtest/gtest.h:2237:46
    #13 0x93efc1a in main /DATA/disk1/jaysonhuang/tics/dbms/src/TestUtils/gtests_dbms_main.cpp:22:16
    #14 0x7f292dfbb554 in __libc_start_main (/lib64/libc.so.6+0x22554)

SUMMARY: AddressSanitizer: heap-use-after-free /root/llvm-project/compiler-rt/lib/asan/asan_interceptors_memintrinsics.cpp:22:3 in __asan_memcpy
Shadow bytes around the buggy address:
  0x0fe5a5848eb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0fe5a5848ec0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0fe5a5848ed0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0fe5a5848ee0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0fe5a5848ef0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0fe5a5848f00:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0fe5a5848f10: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0fe5a5848f20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0fe5a5848f30: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0fe5a5848f40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0fe5a5848f50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==124486==ABORTING