You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Jiri Daněk (Jira)" <ji...@apache.org> on 2021/04/15 20:52:00 UTC
[jira] [Commented] (DISPATCH-2054) SEGV in
qdr_link_cleanup_deliveries_CT during system_tests_multi_tenancy
[ https://issues.apache.org/jira/browse/DISPATCH-2054?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17322481#comment-17322481 ]
Jiri Daněk commented on DISPATCH-2054:
--------------------------------------
https://travis-ci.com/github/apache/qpid-dispatch/jobs/498884080#L6303
{noformat}
37: =================================================================
37: ==14098==ERROR: AddressSanitizer: heap-use-after-free on address 0x61500006cc80 at pc 0x7f0802de61f0 bp 0x7ffffdd59bd0 sp 0x7ffffdd59bc0
37: READ of size 4 at 0x61500006cc80 thread T0
37: #0 0x7f0802de61ef in qdr_link_cleanup_deliveries_CT /home/travis/build/apache/qpid-dispatch/src/router_core/connections.c:864
37: #1 0x7f0802e395cb in qdr_core_free /home/travis/build/apache/qpid-dispatch/src/router_core/router_core.c:228
37: #2 0x7f0802e90f1a in qd_router_free /home/travis/build/apache/qpid-dispatch/src/router_node.c:2148
37: #3 0x7f0802d5bb2f in qd_dispatch_free /home/travis/build/apache/qpid-dispatch/src/dispatch.c:371
37: #4 0x402128 in main_process /home/travis/build/apache/qpid-dispatch/router/src/main.c:119
37: #5 0x401d68 in main /home/travis/build/apache/qpid-dispatch/router/src/main.c:369
37: #6 0x7f08016cb82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
37: #7 0x401f78 in _start (/home/travis/build/apache/qpid-dispatch/build/router/qdrouterd+0x401f78)
37:
37: 0x61500006cc80 is located 0 bytes inside of 512-byte region [0x61500006cc80,0x61500006ce80)
37: freed by thread T0 here:
37: #0 0x7f08035222ca in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x982ca)
37: #1 0x7f0802e35833 in qdr_core_remove_address /home/travis/build/apache/qpid-dispatch/src/router_core/router_core.c:618
37: #2 0x7f0802e390df in qdr_core_free /home/travis/build/apache/qpid-dispatch/src/router_core/router_core.c:201
37: #3 0x7f0802e90f1a in qd_router_free /home/travis/build/apache/qpid-dispatch/src/router_node.c:2148
37: #4 0x7f0802d5bb2f in qd_dispatch_free /home/travis/build/apache/qpid-dispatch/src/dispatch.c:371
37: #5 0x402128 in main_process /home/travis/build/apache/qpid-dispatch/router/src/main.c:119
37: #6 0x401d68 in main /home/travis/build/apache/qpid-dispatch/router/src/main.c:369
37: #7 0x7f08016cb82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
37:
37: previously allocated by thread T1 here:
37: #0 0x7f0803522602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
37: #1 0x7f0802e17632 in qd_malloc /home/travis/build/apache/qpid-dispatch/include/qpid/dispatch/ctools.h:229
37: #2 0x7f0802e17632 in qdr_forward_balanced_CT /home/travis/build/apache/qpid-dispatch/src/router_core/forwarder.c:772
37: #3 0x7f0802e54b1e in qdr_link_forward_CT /home/travis/build/apache/qpid-dispatch/src/router_core/transfer.c:574
37: #4 0x7f0802e5814c in qdr_link_deliver_CT /home/travis/build/apache/qpid-dispatch/src/router_core/transfer.c:861
37: #5 0x7f0802e3ebcb in router_core_thread /home/travis/build/apache/qpid-dispatch/src/router_core/router_core_thread.c:240
37: #6 0x7f08027896b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
37:
37: Thread T1 created by T0 here:
37: #0 0x7f08034c0253 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x36253)
37: #1 0x7f0802dad948 in sys_thread /home/travis/build/apache/qpid-dispatch/src/posix/threading.c:183
37: #2 0x7f0802e2cf5f in qdr_core /home/travis/build/apache/qpid-dispatch/src/router_core/router_core.c:122
37: #3 0x7f0802e90adf in qd_router_setup_late /home/travis/build/apache/qpid-dispatch/src/router_node.c:2111
37: #4 0x7f07fb055e3f in ffi_call_unix64 (/usr/lib/x86_64-linux-gnu/libffi.so.6+0x5e3f)
37: #5 0x7ffffdd597ef (<unknown module>)
37:
37: SUMMARY: AddressSanitizer: heap-use-after-free /home/travis/build/apache/qpid-dispatch/src/router_core/connections.c:864 qdr_link_cleanup_deliveries_CT
37: Shadow bytes around the buggy address:
37: 0x0c2a80005940: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
37: 0x0c2a80005950: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
37: 0x0c2a80005960: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
37: 0x0c2a80005970: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
37: 0x0c2a80005980: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
37: =>0x0c2a80005990:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
37: 0x0c2a800059a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
37: 0x0c2a800059b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
37: 0x0c2a800059c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
37: 0x0c2a800059d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
37: 0x0c2a800059e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
37: Shadow byte legend (one shadow byte represents 8 application bytes):
37: Addressable: 00
37: Partially addressable: 01 02 03 04 05 06 07
37: Heap left redzone: fa
37: Heap right redzone: fb
37: Freed heap region: fd
37: Stack left redzone: f1
37: Stack mid redzone: f2
37: Stack right redzone: f3
37: Stack partial redzone: f4
37: Stack after return: f5
37: Stack use after scope: f8
37: Global redzone: f9
37: Global init order: f6
37: Poisoned by user: f7
37: Container overflow: fc
37: Array cookie: ac
37: Intra object redzone: bb
37: ASan internal: fe
37: ==14098==ABORTING
37: <<<<
37:
37: ----------------------------------------------------------------------
37: Ran 36 tests in 14.802s
37:
37: FAILED (errors=1)
37: None
37: None
37: None
37: None
37: None
37: None
37: None
37: None
37/72 Test #37: system_tests_multi_tenancy ........................***Failed 14.87 sec
{noformat}
> SEGV in qdr_link_cleanup_deliveries_CT during system_tests_multi_tenancy
> ------------------------------------------------------------------------
>
> Key: DISPATCH-2054
> URL: https://issues.apache.org/jira/browse/DISPATCH-2054
> Project: Qpid Dispatch
> Issue Type: Bug
> Affects Versions: 1.16.0
> Reporter: Jiri Daněk
> Priority: Major
>
> https://travis-ci.com/github/apache/qpid-dispatch/jobs/498884078#L6273
> {noformat}
> 37: ASAN:SIGSEGV
> 37: =================================================================
> 37: ==14106==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7fd36213a988 bp 0x7fff4d586480 sp 0x7fff4d5862c0 T0)
> 37: #0 0x7fd36213a987 in qdr_link_cleanup_deliveries_CT /home/travis/build/apache/qpid-dispatch/src/router_core/connections.c:864
> 37: #1 0x7fd36219b36e in qdr_core_free /home/travis/build/apache/qpid-dispatch/src/router_core/router_core.c:228
> 37: #2 0x7fd362213008 in qd_router_free /home/travis/build/apache/qpid-dispatch/src/router_node.c:2148
> 37: #3 0x7fd3620a27a1 in qd_dispatch_free /home/travis/build/apache/qpid-dispatch/src/dispatch.c:371
> 37: #4 0x401dd2 in main_process /home/travis/build/apache/qpid-dispatch/router/src/main.c:119
> 37: #5 0x403917 in main /home/travis/build/apache/qpid-dispatch/router/src/main.c:369
> 37: #6 0x7fd360a0a82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
> 37: #7 0x401ac8 in _start (/home/travis/build/apache/qpid-dispatch/build/router/qdrouterd+0x401ac8)
> 37:
> 37: AddressSanitizer can not provide additional info.
> 37: SUMMARY: AddressSanitizer: SEGV /home/travis/build/apache/qpid-dispatch/src/router_core/connections.c:864 qdr_link_cleanup_deliveries_CT
> 37: ==14106==ABORTING
> {noformat}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org