[
https://issues.apache.org/jira/browse/DISPATCH-2274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17438315#comment-17438315
]
Jiri Daněk commented on DISPATCH-2274:
--------------------------------------
deallocating trace,
https://app.travis-ci.com/github/jiridanek/qpid-dispatch/jobs/546552347#L30105
{noformat}
15: ==25103==ERROR: AddressSanitizer: heap-use-after-free on address
0x613000013f68 at pc 0x00010338c1b9 bp 0x7ffeec96bc70 sp 0x7ffeec96bc68
15: READ of size 8 at 0x613000013f68 thread T0
15: #0 0x10338c1b8 in qd_link_pn container.c:1021
15: #1 0x1035b6915 in CORE_link_detach router_node.c:1809
15: #2 0x10345cda1 in qdr_connection_process connections.c:433
15: #3 0x10337b41e in writable_handler container.c:388
15: #4 0x1035d3886 in thread_run server.c:1149
15: #5 0x1035d2f4a in qd_server_run server.c:1527
15: #6 0x1032968de in main_process main.c:115
15: #7 0x1032951eb in main main.c:369
15: #8 0x7fff77f733d4 in start (libdyld.dylib:x86_64+0x163d4)
15:
15: 0x613000013f68 is located 168 bytes inside of 320-byte region
[0x613000013ec0,0x613000014000)
15: freed by thread T4 here:
15: #0 0x103e6fbed in wrap_free
(libclang_rt.asan_osx_dynamic.dylib:x86_64+0x5ebed)
15: #1 0x1033430dc in qd_dealloc alloc_pool.c:506
15: #2 0x10338077e in close_links container.c:318
15: #3 0x10337c1fc in qd_container_handle_event container.c:520
15: #4 0x1035da0b6 in handle server.c:1108
15: #5 0x1035d3773 in thread_run server.c:1133
15: #6 0x7fff781672ea in _pthread_body
(libsystem_pthread.dylib:x86_64+0x32ea)
15: #7 0x7fff7816a248 in _pthread_start
(libsystem_pthread.dylib:x86_64+0x6248)
15: #8 0x7fff7816640c in thread_start
(libsystem_pthread.dylib:x86_64+0x240c)
15:
15: previously allocated by thread T4 here:
15: #0 0x103e703a7 in wrap_posix_memalign
(libclang_rt.asan_osx_dynamic.dylib:x86_64+0x5f3a7)
15: #1 0x10333b5ef in qd_alloc alloc_pool.c:398
15: #2 0x10337c669 in qd_container_handle_event container.c:75
15: #3 0x1035da0b6 in handle server.c:1108
15: #4 0x1035d3773 in thread_run server.c:1133
15: #5 0x7fff781672ea in _pthread_body
(libsystem_pthread.dylib:x86_64+0x32ea)
15: #6 0x7fff7816a248 in _pthread_start
(libsystem_pthread.dylib:x86_64+0x6248)
15: #7 0x7fff7816640c in thread_start
(libsystem_pthread.dylib:x86_64+0x240c)
15:
15: Thread T4 created by T0 here:
15: #0 0x103e67add in wrap_pthread_create
(libclang_rt.asan_osx_dynamic.dylib:x86_64+0x56add)
15: #1 0x10341b7bd in sys_thread threading.c:181
15: #2 0x1035d2eff in qd_server_run server.c:1525
15: #3 0x1032968de in main_process main.c:115
15: #4 0x1032951eb in main main.c:369
15: #5 0x7fff77f733d4 in start (libdyld.dylib:x86_64+0x163d4)
15:
15: SUMMARY: AddressSanitizer: heap-use-after-free container.c:1021 in
qd_link_pn
15: Shadow bytes around the buggy address:
15: 0x1c2600002790: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
15: 0x1c26000027a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
15: 0x1c26000027b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
15: 0x1c26000027c0: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
15: 0x1c26000027d0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
15: =>0x1c26000027e0: fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]fd fd
15: 0x1c26000027f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
15: 0x1c2600002800: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
15: 0x1c2600002810: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
15: 0x1c2600002820: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
15: 0x1c2600002830: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
15: Shadow byte legend (one shadow byte represents 8 application bytes):
15: Addressable: 00
15: Partially addressable: 01 02 03 04 05 06 07
15: Heap left redzone: fa
15: Freed heap region: fd
15: Stack left redzone: f1
15: Stack mid redzone: f2
15: Stack right redzone: f3
15: Stack after return: f5
15: Stack use after scope: f8
15: Global redzone: f9
15: Global init order: f6
15: Poisoned by user: f7
15: Container overflow: fc
15: Array cookie: ac
15: Intra object redzone: bb
15: ASan internal: fe
15: Left alloca redzone: ca
15: Right alloca redzone: cb
15: Shadow gap: cc
15: ==25103==ABORTING
{noformat}
> system_tests_router_mesh: ERROR: AddressSanitizer: use-after-poison in
> qd_link_pn container.c:1029
> --------------------------------------------------------------------------------------------------
>
> Key: DISPATCH-2274
> URL: https://issues.apache.org/jira/browse/DISPATCH-2274
> Project: Qpid Dispatch
> Issue Type: Bug
> Affects Versions: 1.18.0
> Environment: Aarch64 Linux, amd64 macOS
> Reporter: Jiri Daněk
> Assignee: Ken Giusti
> Priority: Major
> Fix For: 1.18.0
>
>
> https://app.travis-ci.com/github/apache/qpid-dispatch/jobs/545969177
> {noformat}
> 66: Create 10 senders each with a different priority. ... ERROR
> 66: ERROR
> 66:
> 66: Router RouterC output file:
> 66: >>>>
> 66: =================================================================
> 66: ==21601==ERROR: AddressSanitizer: use-after-poison on address
> 0x61300007d828 at pc 0x0001064a6469 bp 0x70000843bca0 sp 0x70000843bc98
> 66: READ of size 8 at 0x61300007d828 thread T4
> 66: #0 0x1064a6468 in qd_link_pn container.c:1029
> 66: #1 0x1066d0e37 in CORE_link_push router_node.c:1920
> 66: #2 0x106576df6 in qdr_connection_process connections.c:414
> 66: #3 0x1064956ce in writable_handler container.c:396
> 66: #4 0x1066edb36 in thread_run server.c:1149
> 66: #5 0x7fff5fa152ea in _pthread_body
> (libsystem_pthread.dylib:x86_64+0x32ea)
> 66: #6 0x7fff5fa18248 in _pthread_start
> (libsystem_pthread.dylib:x86_64+0x6248)
> 66: #7 0x7fff5fa1440c in thread_start
> (libsystem_pthread.dylib:x86_64+0x240c)
> 66:
> 66: 0x61300007d828 is located 168 bytes inside of 320-byte region
> [0x61300007d780,0x61300007d8c0)
> 66: allocated by thread T4 here:
> 66: #0 0x106f823a7 in wrap_posix_memalign
> (libclang_rt.asan_osx_dynamic.dylib:x86_64+0x5f3a7)
> 66: #1 0x1064555df in qd_alloc alloc_pool.c:396
> 66: #2 0x10649691a in qd_container_handle_event container.c:75
> 66: #3 0x1066f4366 in handle server.c:1108
> 66: #4 0x1066eda23 in thread_run server.c:1133
> 66: #5 0x7fff5fa152ea in _pthread_body
> (libsystem_pthread.dylib:x86_64+0x32ea)
> 66: #6 0x7fff5fa18248 in _pthread_start
> (libsystem_pthread.dylib:x86_64+0x6248)
> 66: #7 0x7fff5fa1440c in thread_start
> (libsystem_pthread.dylib:x86_64+0x240c)
> 66:
> 66: Thread T4 created by T0 here:
> 66: #0 0x106f79add in wrap_pthread_create
> (libclang_rt.asan_osx_dynamic.dylib:x86_64+0x56add)
> 66: #1 0x106535a6d in sys_thread threading.c:181
> 66: #2 0x1066ed1af in qd_server_run server.c:1525
> 66: #3 0x1063b081e in main_process main.c:115
> 66: #4 0x1063af12b in main main.c:369
> 66: #5 0x7fff5f8213d4 in start (libdyld.dylib:x86_64+0x163d4)
> 66:
> 66: SUMMARY: AddressSanitizer: use-after-poison container.c:1029 in qd_link_pn
> 66: Shadow bytes around the buggy address:
> 66: 0x1c260000fab0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
> 66: 0x1c260000fac0: 00 00 00 00 00 00 00 00 00 00 f7 f7 f7 f7 f7 f7
> 66: 0x1c260000fad0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 00 00 00 00
> 66: 0x1c260000fae0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
> 66: 0x1c260000faf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> 66: =>0x1c260000fb00: 00 00 f7 f7 f7[f7]f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
> 66: 0x1c260000fb10: f7 f7 f7 f7 00 00 00 00 fa fa fa fa fa fa fa fa
> 66: 0x1c260000fb20: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
> 66: 0x1c260000fb30: 00 00 00 00 00 00 00 00 00 00 f7 f7 f7 f7 f7 f7
> 66: 0x1c260000fb40: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 00 00 00 00
> 66: 0x1c260000fb50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
> 66: Shadow byte legend (one shadow byte represents 8 application bytes):
> 66: Addressable: 00
> 66: Partially addressable: 01 02 03 04 05 06 07
> 66: Heap left redzone: fa
> 66: Freed heap region: fd
> 66: Stack left redzone: f1
> 66: Stack mid redzone: f2
> 66: Stack right redzone: f3
> 66: Stack after return: f5
> 66: Stack use after scope: f8
> 66: Global redzone: f9
> 66: Global init order: f6
> 66: Poisoned by user: f7
> 66: Container overflow: fc
> 66: Array cookie: ac
> 66: Intra object redzone: bb
> 66: ASan internal: fe
> 66: Left alloca redzone: ca
> 66: Right alloca redzone: cb
> 66: Shadow gap: cc
> 66: ==21601==ABORTING
> {noformat}
> essentially the same stacktrace in the same job
> {noformat}
> 27: ERROR
> 27: test_90_block_link_route_EB1_INTB
> (system_tests_policy_oversize_compound.MaxMessageSizeLinkRouteOversize) ... ok
> 27:
> 27: ======================================================================
> 27: ERROR: tearDownClass
> (system_tests_policy_oversize_compound.MaxMessageSizeBlockOversize)
> 27: ----------------------------------------------------------------------
> 27: Traceback (most recent call last):
> 27: File "/Users/travis/build/apache/qpid-dispatch/tests/system_test.py",
> line 836, in tearDownClass
> 27: cls.tester.teardown()
> 27: File "/Users/travis/build/apache/qpid-dispatch/tests/system_test.py",
> line 779, in teardown
> 27: raise RuntimeError("Errors during teardown: \n\n%s" %
> "\n\n".join([str(e) for e in errors]))
> 27: RuntimeError: Errors during teardown:
> 27:
> 27: Process 20948 error: exit code -6, expected -1
> 27: qdrouterd -c EB1.conf -I /Users/travis/build/apache/qpid-dispatch/python
> 27:
> /Users/travis/build/apache/qpid-dispatch/build/tests/system_test.dir/system_tests_policy_oversize_compound/MaxMessageSizeBlockOversize/setUpClass/EB1-4.cmd
> 27: >>>>
> 27: =================================================================
> 27: ==20948==ERROR: AddressSanitizer: use-after-poison on address
> 0x61300006e328 at pc 0x00010e5d0469 bp 0x7ffee1727ca0 sp 0x7ffee1727c98
> 27: READ of size 8 at 0x61300006e328 thread T0
> 27: #0 0x10e5d0468 in qd_link_pn container.c:1029
> 27: #1 0x10e7fae37 in CORE_link_push router_node.c:1920
> 27: #2 0x10e6a0df6 in qdr_connection_process connections.c:414
> 27: #3 0x10e5bf6ce in writable_handler container.c:396
> 27: #4 0x10e817b36 in thread_run server.c:1149
> 27: #5 0x10e8171fa in qd_server_run server.c:1527
> 27: #6 0x10e4da81e in main_process main.c:115
> 27: #7 0x10e4d912b in main main.c:369
> 27: #8 0x7fff5f8213d4 in start (libdyld.dylib:x86_64+0x163d4)
> 27:
> 27: 0x61300006e328 is located 168 bytes inside of 320-byte region
> [0x61300006e280,0x61300006e3c0)
> 27: allocated by thread T0 here:
> 27: #0 0x10f0b63a7 in wrap_posix_memalign
> (libclang_rt.asan_osx_dynamic.dylib:x86_64+0x5f3a7)
> 27: #1 0x10e57f5df in qd_alloc alloc_pool.c:396
> 27: #2 0x10e5c091a in qd_container_handle_event container.c:75
> 27: #3 0x10e81e366 in handle server.c:1108
> 27: #4 0x10e817a23 in thread_run server.c:1133
> 27: #5 0x10e8171fa in qd_server_run server.c:1527
> 27: #6 0x10e4da81e in main_process main.c:115
> 27: #7 0x10e4d912b in main main.c:369
> 27: #8 0x7fff5f8213d4 in start (libdyld.dylib:x86_64+0x163d4)
> 27:
> 27: SUMMARY: AddressSanitizer: use-after-poison container.c:1029 in qd_link_pn
> 27: Shadow bytes around the buggy address:
> 27: 0x1c260000dc10: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
> 27: 0x1c260000dc20: 00 00 00 00 00 00 00 00 00 00 f7 f7 f7 f7 f7 f7
> 27: 0x1c260000dc30: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 00 00 00 00
> 27: 0x1c260000dc40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
> 27: 0x1c260000dc50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> 27: =>0x1c260000dc60: 00 00 f7 f7 f7[f7]f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
> 27: 0x1c260000dc70: f7 f7 f7 f7 00 00 00 00 fa fa fa fa fa fa fa fa
> 27: 0x1c260000dc80: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
> 27: 0x1c260000dc90: 00 00 00 00 00 00 00 00 00 00 f7 f7 f7 f7 f7 f7
> 27: 0x1c260000dca0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 00 00 00 00
> 27: 0x1c260000dcb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
> 27: Shadow byte legend (one shadow byte represents 8 application bytes):
> 27: Addressable: 00
> 27: Partially addressable: 01 02 03 04 05 06 07
> 27: Heap left redzone: fa
> 27: Freed heap region: fd
> 27: Stack left redzone: f1
> 27: Stack mid redzone: f2
> 27: Stack right redzone: f3
> 27: Stack after return: f5
> 27: Stack use after scope: f8
> 27: Global redzone: f9
> 27: Global init order: f6
> 27: Poisoned by user: f7
> 27: Container overflow: fc
> 27: Array cookie: ac
> 27: Intra object redzone: bb
> 27: ASan internal: fe
> 27: Left alloca redzone: ca
> 27: Right alloca redzone: cb
> 27: Shadow gap: cc
> 27: ==20948==ABORTING
> {noformat}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
