Ganesh Murthy created DISPATCH-2168:
---------------------------------------
Summary: [http2] qdr_address_t use after free in system_tests_http2
Key: DISPATCH-2168
URL: https://issues.apache.org/jira/browse/DISPATCH-2168
Project: Qpid Dispatch
Issue Type: Test
Components: Protocol Adaptors
Affects Versions: 1.16.0
Reporter: Ganesh Murthy
Assignee: Ganesh Murthy
{noformat}
9:
======================================================================
69: ERROR: test_zzz_http_connector_delete
(system_tests_http2.Http2TestOneInteriorRouter)
69:
----------------------------------------------------------------------
69: Traceback (most recent call last):
69: File
"/home/travis/build/apache/qpid-dispatch/tests/system_test.py", line 1196, in
__call__
69: p.teardown()
69: File
"/home/travis/build/apache/qpid-dispatch/tests/system_test.py", line 311, in
teardown
69: error("exit code %s, expected %s" % (status, self.expect))
69: File
"/home/travis/build/apache/qpid-dispatch/tests/system_test.py", line 299, in
error
69: raise RuntimeError("Process %s error: %s\n%s\n%s\n>>>>\n%s<<<<"
% (
69: RuntimeError: Process 18299 error: exit code 1, expected 0
69: qdmanage QUERY --type=org.apache.qpid.dispatch.httpConnector --bus
amqp://0.0.0.0:28091 --indent=-1 --timeout 300.0
69:
/home/travis/build/apache/qpid-dispatch/build/tests/system_test.dir/system_tests_http2/Http2TestOneInteriorRouter/test_zzz_http_connector_delete/qdmanage-124.cmd
69: >>>>
69: <<<<
69:
69: During handling of the above exception, another exception occurred:
69:
69: Traceback (most recent call last):
69: File
"/home/travis/build/apache/qpid-dispatch/tests/system_test.py", line 924, in
wrap
69: return f(*args, **kwargs)
69: File
"/home/travis/build/apache/qpid-dispatch/tests/system_tests_http2.py", line
450, in test_zzz_http_connector_delete
69:
self.check_connector_delete(client_addr=self.router_qdra.http_addresses[0],
69: File
"/home/travis/build/apache/qpid-dispatch/tests/system_tests_http2.py", line
247, in check_connector_delete
69: http_connectors =
qd_manager.query('org.apache.qpid.dispatch.httpConnector')
69: File
"/home/travis/build/apache/qpid-dispatch/tests/system_test.py", line 1228, in
query
69: return json.loads(self('QUERY --type=%s' % long_type))
69: File
"/home/travis/build/apache/qpid-dispatch/tests/system_test.py", line 1198, in
__call__
69: raise Exception("%s\n%s" % (e, out))
69: Exception: Process 18299 error: exit code 1, expected 0
69: qdmanage QUERY --type=org.apache.qpid.dispatch.httpConnector --bus
amqp://0.0.0.0:28091 --indent=-1 --timeout 300.0
69:
/home/travis/build/apache/qpid-dispatch/build/tests/system_test.dir/system_tests_http2/Http2TestOneInteriorRouter/test_zzz_http_connector_delete/qdmanage-124.cmd
69: >>>>
69: <<<<
69: ConnectionException: Connection amqp://0.0.0.0:28091 disconnected:
Condition('proton.pythonio', 'Connection refused to all addresses')
69:
69:
69:
======================================================================
69: ERROR: tearDownClass (system_tests_http2.Http2TestOneInteriorRouter)
69:
----------------------------------------------------------------------
69: Traceback (most recent call last):
69: File
"/home/travis/build/apache/qpid-dispatch/tests/system_test.py", line 865, in
tearDownClass
69: cls.tester.teardown()
69: File
"/home/travis/build/apache/qpid-dispatch/tests/system_test.py", line 808, in
teardown
69: raise RuntimeError("Errors during teardown: \n\n%s" %
"\n\n".join([str(e) for e in errors]))
69: RuntimeError: Errors during teardown:
69:
69: Process 18274 error: exit code 1, expected -1
69: qdrouterd -c http2-test-router.conf -I
/home/travis/build/apache/qpid-dispatch/python
69:
/home/travis/build/apache/qpid-dispatch/build/tests/system_test.dir/system_tests_http2/Http2TestOneInteriorRouter/setUpClass/http2-test-router-47.cmd
69: >>>>
69: =================================================================
69: ==18274==ERROR: AddressSanitizer: use-after-poison on address
0x6160000db4e8 at pc 0x7fabfdcc70c1 bp 0x7fabf75151d0 sp 0x7fabf75151c8
69: READ of size 4 at 0x6160000db4e8 thread T1
69: #0 0x7fabfdcc70c0 in qdr_link_inbound_detach_CT
/home/travis/build/apache/qpid-dispatch/src/router_core/connections.c:2046:24
69: #1 0x7fabfdd5761f in router_core_thread
/home/travis/build/apache/qpid-dispatch/src/router_core/router_core_thread.c:239:13
69: #2 0x7fabfd833608 in start_thread
(/lib/x86_64-linux-gnu/libpthread.so.0+0x9608)
69: #3 0x7fabfd05e292 in clone
(/lib/x86_64-linux-gnu/libc.so.6+0x122292)
69:
69: 0x6160000db4e8 is located 360 bytes inside of 576-byte region
[0x6160000db380,0x6160000db5c0)
69: allocated by thread T1 here:
69: #0 0x498177 in posix_memalign
(/home/travis/build/apache/qpid-dispatch/build/router/qdrouterd+0x498177)
69: #1 0x7fabfdbc9b7e in qd_alloc
/home/travis/build/apache/qpid-dispatch/src/alloc_pool.c:396:13
69: #2 0x7fabfdd491d8 in new_qdr_address_t
/home/travis/build/apache/qpid-dispatch/src/router_core/router_core.c:31:1
69: #3 0x7fabfdd491d8 in qdr_address_CT
/home/travis/build/apache/qpid-dispatch/src/router_core/router_core.c:469:27
69: #4 0x7fabfdd61133 in qdr_subscribe_CT
/home/travis/build/apache/qpid-dispatch/src/router_core/route_tables.c:643:20
69: #5 0x7fabfdd5761f in router_core_thread
/home/travis/build/apache/qpid-dispatch/src/router_core/router_core_thread.c:239:13
69: #6 0x7fabfd833608 in start_thread
(/lib/x86_64-linux-gnu/libpthread.so.0+0x9608)
69:
69: Thread T1 created by T0 here:
69: #0 0x481a1c in pthread_create
(/home/travis/build/apache/qpid-dispatch/build/router/qdrouterd+0x481a1c)
69: #1 0x7fabfdc817d9 in sys_thread
/home/travis/build/apache/qpid-dispatch/src/posix/threading.c:181:5
69: #2 0x7fabfdd36520 in qdr_core
/home/travis/build/apache/qpid-dispatch/src/router_core/router_core.c:124:20
69: #3 0x7fabfddc5858 in qd_router_setup_late
/home/travis/build/apache/qpid-dispatch/src/router_node.c:2124:31
69: #4 0x7fabf9308ff4 (/lib/x86_64-linux-gnu/libffi.so.7+0x6ff4)
69: LLVMSymbolizer: error reading file: No such file or directory
69: #5 0x7fffd86b144f ([stack]+0x1f44f)
69:
69: SUMMARY: AddressSanitizer: use-after-poison
/home/travis/build/apache/qpid-dispatch/src/router_core/connections.c:2046:24
in qdr_link_inbound_detach_CT
69: Shadow bytes around the buggy address:
69: 0x0c2c80013640: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
69: 0x0c2c80013650: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa
69: 0x0c2c80013660: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
69: 0x0c2c80013670: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
69: 0x0c2c80013680: 00 00 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
69: =>0x0c2c80013690: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7[f7]f7 f7
69: 0x0c2c800136a0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
69: 0x0c2c800136b0: f7 f7 f7 f7 f7 f7 00 00 fa fa fa fa fa fa fa fa
69: 0x0c2c800136c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
69: 0x0c2c800136d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
69: 0x0c2c800136e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
69: Shadow byte legend (one shadow byte represents 8 application bytes):
69: Addressable: 00
69: Partially addressable: 01 02 03 04 05 06 07
69: Heap left redzone: fa
69: Freed heap region: fd
69: Stack left redzone: f1
69: Stack mid redzone: f2
69: Stack right redzone: f3
69: Stack after return: f5
69: Stack use after scope: f8
69: Global redzone: f9
69: Global init order: f6
69: Poisoned by user: f7
69: Container overflow: fc
69: Array cookie: ac
69: Intra object redzone: bb
69: ASan internal: fe
69: Left alloca redzone: ca
69: Right alloca redzone: cb
69: Shadow gap: cc
69: ==18274==ABORTING
69: <<<< {noformat}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
