[
https://issues.apache.org/jira/browse/DISPATCH-2188?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17441572#comment-17441572
]
Jiri Daněk commented on DISPATCH-2188:
--------------------------------------
Unmodified main is here. It took running 6 github actions looping on test 27
over night and I only got it once. See the previous comment for the free
stacktrace.
https://github.com/jiridanek/qpid-dispatch/runs/4152256042?check_suite_focus=true#step:9:58167
{noformat}
27: ==18294==ERROR: AddressSanitizer: use-after-poison on address
0x6170000dbf10 at pc 0x562cebdd522e bp 0x7f77ec9080a0 sp 0x7f77ec908090
27: WRITE of size 8 at 0x6170000dbf10 thread T1
27: #0 0x562cebdd522d in qdr_core_unbind_address_link_CT
../src/router_core/router_core.c:725
27: #1 0x562cebe18863 in del_outlink
../src/router_core/modules/edge_router/addr_proxy.c:218
27: #2 0x562cebe1a51a in on_addr_event
../src/router_core/modules/edge_router/addr_proxy.c:434
27: #3 0x562cebd5eaa7 in qdrc_event_addr_raise
../src/router_core/core_events.c:125
27: #4 0x562cebdd5785 in qdr_core_unbind_address_link_CT
../src/router_core/router_core.c:745
27: #5 0x562cebd591c8 in qdr_link_inbound_detach_CT
../src/router_core/connections.c:2113
27: #6 0x562cebde61e1 in router_core_thread
../src/router_core/router_core_thread.c:236
27: #7 0x562cebcf8c7e in _thread_init ../src/posix/threading.c:172
27: #8 0x7f77f2be2608 in start_thread
(/lib/x86_64-linux-gnu/libpthread.so.0+0x9608)
27: #9 0x7f77f1dd8292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)
27:
27: 0x6170000dbf10 is located 272 bytes inside of 704-byte region
[0x6170000dbe00,0x6170000dc0c0)
27: allocated by thread T1 here:
27: #0 0x7f77f31a1aa5 in posix_memalign
(/lib/x86_64-linux-gnu/libasan.so.5+0x10eaa5)
27: #1 0x562cebc35c8d in qd_alloc ../src/alloc_pool.c:391
27: #2 0x562cebdbfbc5 in new_qdr_link_t ../src/router_core/router_core.c:35
27: #3 0x562cebd46466 in qdr_create_link_CT
../src/router_core/connections.c:1158
27: #4 0x562cebe18f45 in on_conn_event
../src/router_core/modules/edge_router/addr_proxy.c:283
27: #5 0x562cebd5e557 in qdrc_event_conn_raise
../src/router_core/core_events.c:101
27: #6 0x562cebe1bd2e in on_conn_event
../src/router_core/modules/edge_router/connection_manager.c:59
27: #7 0x562cebd5e557 in qdrc_event_conn_raise
../src/router_core/core_events.c:101
27: #8 0x562cebd4c2f6 in qdr_connection_opened_CT
../src/router_core/connections.c:1479
27: #9 0x562cebde61e1 in router_core_thread
../src/router_core/router_core_thread.c:236
27: #10 0x562cebcf8c7e in _thread_init ../src/posix/threading.c:172
27: #11 0x7f77f2be2608 in start_thread
(/lib/x86_64-linux-gnu/libpthread.so.0+0x9608)
27:
27: Thread T1 created by T0 here:
27: #0 0x7f77f30cd805 in pthread_create
(/lib/x86_64-linux-gnu/libasan.so.5+0x3a805)
27: #1 0x562cebcf8ded in sys_thread ../src/posix/threading.c:181
27: #2 0x562cebdc1b31 in qdr_core ../src/router_core/router_core.c:124
27: #3 0x562cebe67f76 in qd_router_setup_late ../src/router_node.c:2127
27: #4 0x7f77ed80aff4 (/lib/x86_64-linux-gnu/libffi.so.7+0x6ff4)
27: #5 0x7fff857cd3cf ([stack]+0x213cf)
27:
27: SUMMARY: AddressSanitizer: use-after-poison
../src/router_core/router_core.c:725 in qdr_core_unbind_address_link_CT
27: Shadow bytes around the buggy address:
27: 0x0c2e80013790: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
27: 0x0c2e800137a0: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa
27: 0x0c2e800137b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
27: 0x0c2e800137c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
27: 0x0c2e800137d0: 00 00 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
27: =>0x0c2e800137e0: f7 f7[f7]f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
27: 0x0c2e800137f0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
27: 0x0c2e80013800: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
27: 0x0c2e80013810: f7 f7 f7 f7 f7 f7 f7 00 fa fa fa fa fa fa fa fa
27: 0x0c2e80013820: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
27: 0x0c2e80013830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
27: Shadow byte legend (one shadow byte represents 8 application bytes):
27: Addressable: 00
27: Partially addressable: 01 02 03 04 05 06 07
27: Heap left redzone: fa
27: Freed heap region: fd
27: Stack left redzone: f1
27: Stack mid redzone: f2
27: Stack right redzone: f3
27: Stack after return: f5
27: Stack use after scope: f8
27: Global redzone: f9
27: Global init order: f6
27: Poisoned by user: f7
27: Container overflow: fc
27: Array cookie: ac
27: Intra object redzone: bb
27: ASan internal: fe
27: Left alloca redzone: ca
27: Right alloca redzone: cb
27: Shadow gap: cc
27: ==18294==ABORTING
{noformat}
> ASAN use after free from qdr_core_unbind_address_link_CT in
> system_tests_protocol_settings
> ------------------------------------------------------------------------------------------
>
> Key: DISPATCH-2188
> URL: https://issues.apache.org/jira/browse/DISPATCH-2188
> Project: Qpid Dispatch
> Issue Type: Bug
> Affects Versions: 1.17.0
> Reporter: Jiri Daněk
> Priority: Major
> Labels: asan, memory-bug
>
> https://travis-ci.com/github/apache/qpid-dispatch/jobs/519782806#L4771
> {noformat}
> 27: Router EB1 output file:
> 27: >>>>
> 27: =================================================================
> 27: ==15423==ERROR: AddressSanitizer: use-after-poison on address
> 0x6170000dc290 at pc 0x0000006e842a bp 0x7fbe59ae3070 sp 0x7fbe59ae3068
> 27: WRITE of size 8 at 0x6170000dc290 thread T1
> 27: #0 0x6e8429 in qdr_core_unbind_address_link_CT
> /home/travis/build/apache/qpid-dispatch/src/router_core/router_core.c:715:23
> 27: #1 0x722f7f in del_outlink
> /home/travis/build/apache/qpid-dispatch/src/router_core/modules/edge_router/addr_proxy.c:216:9
> 27: #2 0x67a135 in qdrc_event_addr_raise
> /home/travis/build/apache/qpid-dispatch/src/router_core/core_events.c:125:13
> 27: #3 0x6e7f40 in qdr_core_unbind_address_link_CT
> /home/travis/build/apache/qpid-dispatch/src/router_core/router_core.c
> 27: #4 0x666b5c in qdr_link_inbound_detach_CT
> /home/travis/build/apache/qpid-dispatch/src/router_core/connections.c:2064:17
> 27: #5 0x6f2490 in router_core_thread
> /home/travis/build/apache/qpid-dispatch/src/router_core/router_core_thread.c:239:13
> 27: #6 0x7fbe5fdfe608 in start_thread
> (/lib/x86_64-linux-gnu/libpthread.so.0+0x9608)
> 27: #7 0x7fbe5f629292 in clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)
> 27:
> 27: 0x6170000dc290 is located 272 bytes inside of 704-byte region
> [0x6170000dc180,0x6170000dc440)
> 27: allocated by thread T1 here:
> 27: #0 0x4bb5c7 in posix_memalign
> (/home/travis/build/apache/qpid-dispatch/build/router/qdrouterd+0x4bb5c7)
> 27: #1 0x57319e in qd_alloc
> /home/travis/build/apache/qpid-dispatch/src/alloc_pool.c:396:13
> 27: #2 0x66cb80 in qdr_create_link_CT
> /home/travis/build/apache/qpid-dispatch/src/router_core/connections.c:1128:24
> 27: #3 0x71fb5d in on_conn_event
> /home/travis/build/apache/qpid-dispatch/src/router_core/modules/edge_router/addr_proxy.c:281:32
> 27: #4 0x679cb5 in qdrc_event_conn_raise
> /home/travis/build/apache/qpid-dispatch/src/router_core/core_events.c:101:13
> 27: #5 0x679cb5 in qdrc_event_conn_raise
> /home/travis/build/apache/qpid-dispatch/src/router_core/core_events.c:101:13
> 27: #6 0x6524d0 in qdr_connection_opened_CT
> /home/travis/build/apache/qpid-dispatch/src/router_core/connections.c:1440:5
> 27: #7 0x6f2490 in router_core_thread
> /home/travis/build/apache/qpid-dispatch/src/router_core/router_core_thread.c:239:13
> 27: #8 0x7fbe5fdfe608 in start_thread
> (/lib/x86_64-linux-gnu/libpthread.so.0+0x9608)
> 27:
> 27: Thread T1 created by T0 here:
> 27: #0 0x4a520c in pthread_create
> (/home/travis/build/apache/qpid-dispatch/build/router/qdrouterd+0x4a520c)
> 27: #1 0x6245c7 in sys_thread
> /home/travis/build/apache/qpid-dispatch/src/posix/threading.c:181:5
> 27: #2 0x6d287a in qdr_core
> /home/travis/build/apache/qpid-dispatch/src/router_core/router_core.c:124:20
> 27: #3 0x75c06f in qd_router_setup_late
> /home/travis/build/apache/qpid-dispatch/src/router_node.c:2124:31
> 27: #4 0x7fbe5b509ff4 (/lib/x86_64-linux-gnu/libffi.so.7+0x6ff4)
> 27: LLVMSymbolizer: error reading file: No such file or directory
> 27: #5 0x7ffc3aaec1cf ([stack]+0x211cf)
> 27:
> 27: SUMMARY: AddressSanitizer: use-after-poison
> /home/travis/build/apache/qpid-dispatch/src/router_core/router_core.c:715:23
> in qdr_core_unbind_address_link_CT
> 27: Shadow bytes around the buggy address:
> 27: 0x0c2e80013800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> 27: 0x0c2e80013810: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa
> 27: 0x0c2e80013820: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
> 27: 0x0c2e80013830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> 27: 0x0c2e80013840: 00 00 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
> 27: =>0x0c2e80013850: f7 f7[f7]f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
> 27: 0x0c2e80013860: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
> 27: 0x0c2e80013870: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
> 27: 0x0c2e80013880: f7 f7 f7 f7 f7 f7 f7 00 fa fa fa fa fa fa fa fa
> 27: 0x0c2e80013890: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
> 27: 0x0c2e800138a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> 27: Shadow byte legend (one shadow byte represents 8 application bytes):
> 27: Addressable: 00
> 27: Partially addressable: 01 02 03 04 05 06 07
> 27: Heap left redzone: fa
> 27: Freed heap region: fd
> 27: Stack left redzone: f1
> 27: Stack mid redzone: f2
> 27: Stack right redzone: f3
> 27: Stack after return: f5
> 27: Stack use after scope: f8
> 27: Global redzone: f9
> 27: Global init order: f6
> 27: Poisoned by user: f7
> 27: Container overflow: fc
> 27: Array cookie: ac
> 27: Intra object redzone: bb
> 27: ASan internal: fe
> 27: Left alloca redzone: ca
> 27: Right alloca redzone: cb
> 27: Shadow gap: cc
> 27: ==15423==ABORTING
> {noformat}
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
