You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Jiri Daněk (Jira)" <ji...@apache.org> on 2021/11/01 11:28:00 UTC
[jira] [Commented] (DISPATCH-2274) system_tests_router_mesh: ERROR:
AddressSanitizer: use-after-poison in qd_link_pn container.c:1029
[ https://issues.apache.org/jira/browse/DISPATCH-2274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17436770#comment-17436770 ]
Jiri Daněk commented on DISPATCH-2274:
--------------------------------------
Again, this time on Arm, with a different stacktrace https://app.travis-ci.com/github/apache/qpid-dispatch/jobs/545967870
{noformat}
27: ==14907==ERROR: AddressSanitizer: use-after-poison on address 0xffff7a425a48 at pc 0x00000078cf64 bp 0xffff768f35b0 sp 0xffff768f35a8
27: READ of size 8 at 0xffff7a425a48 thread T2
27: #0 0x78cf60 in qd_connection_invoke_deferred_impl /home/travis/build/apache/qpid-dispatch/src/server.c:1627:26
27: #1 0x774d44 in qd_link_q2_restart_receive /home/travis/build/apache/qpid-dispatch/src/router_node.c:2205:9
27: #2 0x5dea54 in qd_message_send /home/travis/build/apache/qpid-dispatch/src/message.c:2024:9
27: #3 0x7741c4 in CORE_link_deliver /home/travis/build/apache/qpid-dispatch/src/router_node.c:1994:5
27: #4 0x71ee08 in qdr_link_process_deliveries /home/travis/build/apache/qpid-dispatch/src/router_core/transfer.c:178:32
27: #5 0x6550f4 in qdr_connection_process /home/travis/build/apache/qpid-dispatch/src/router_core/connections.c:414:37
27: #6 0x59a964 in writable_handler /home/travis/build/apache/qpid-dispatch/src/container.c:396:13
27: #7 0x79134c in handle /home/travis/build/apache/qpid-dispatch/src/server.c:1108:9
27: #8 0x78b9dc in thread_run /home/travis/build/apache/qpid-dispatch/src/server.c:1133:23
27: #9 0xffff827174f8 in start_thread (/lib/aarch64-linux-gnu/libpthread.so.0+0x84f8)
27: #10 0xffff81fe1f28 (/lib/aarch64-linux-gnu/libc.so.6+0xd3f28)
27:
27: 0xffff7a425a48 is located 456 bytes inside of 2624-byte region [0xffff7a425880,0xffff7a4262c0)
27: allocated by thread T0 here:
27: #0 0x4b304c in posix_memalign (/home/travis/build/apache/qpid-dispatch/build/router/qdrouterd+0x4b304c)
27: #1 0x565dbc in qd_alloc /home/travis/build/apache/qpid-dispatch/src/alloc_pool.c:396:13
27: #2 0x78f5ec in new_qd_connection_t /home/travis/build/apache/qpid-dispatch/src/server.c:82:1
27: #3 0x78f5ec in try_open_cb /home/travis/build/apache/qpid-dispatch/src/server.c:1339:28
27: #4 0x79d130 in qd_timer_visit /home/travis/build/apache/qpid-dispatch/src/timer.c:316:9
27: #5 0x79152c in handle /home/travis/build/apache/qpid-dispatch/src/server.c:1018:9
27: #6 0x78b900 in thread_run /home/travis/build/apache/qpid-dispatch/src/server.c:1133:23
27: #7 0x78b134 in qd_server_run /home/travis/build/apache/qpid-dispatch/src/server.c:1527:5
27:
27: Thread T2 created by T0 here:
27: #0 0x49d874 in pthread_create (/home/travis/build/apache/qpid-dispatch/build/router/qdrouterd+0x49d874)
27: #1 0x621c20 in sys_thread /home/travis/build/apache/qpid-dispatch/src/posix/threading.c:181:5
27: #2 0x78b0b8 in qd_server_run /home/travis/build/apache/qpid-dispatch/src/server.c:1525:22
27:
27: SUMMARY: AddressSanitizer: use-after-poison /home/travis/build/apache/qpid-dispatch/src/server.c:1627:26 in qd_connection_invoke_deferred_impl
27: Shadow bytes around the buggy address:
27: 0x200fef484af0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
27: 0x200fef484b00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
27: 0x200fef484b10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
27: 0x200fef484b20: 00 00 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
27: 0x200fef484b30: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
27: =>0x200fef484b40: f7 f7 f7 f7 f7 f7 f7 f7 f7[f7]f7 f7 f7 f7 f7 f7
27: 0x200fef484b50: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
27: 0x200fef484b60: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
27: 0x200fef484b70: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
27: 0x200fef484b80: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
27: 0x200fef484b90: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
27: Shadow byte legend (one shadow byte represents 8 application bytes):
27: Addressable: 00
27: Partially addressable: 01 02 03 04 05 06 07
27: Heap left redzone: fa
27: Freed heap region: fd
27: Stack left redzone: f1
27: Stack mid redzone: f2
27: Stack right redzone: f3
27: Stack after return: f5
27: Stack use after scope: f8
27: Global redzone: f9
27: Global init order: f6
27: Poisoned by user: f7
27: Container overflow: fc
27: Array cookie: ac
27: Intra object redzone: bb
27: ASan internal: fe
27: Left alloca redzone: ca
27: Right alloca redzone: cb
27: Shadow gap: cc
27: ==14907==ABORTING
{noformat}
> system_tests_router_mesh: ERROR: AddressSanitizer: use-after-poison in qd_link_pn container.c:1029
> --------------------------------------------------------------------------------------------------
>
> Key: DISPATCH-2274
> URL: https://issues.apache.org/jira/browse/DISPATCH-2274
> Project: Qpid Dispatch
> Issue Type: Bug
> Affects Versions: 1.18.0
> Environment: macOS
> Reporter: Jiri Daněk
> Priority: Major
>
> https://app.travis-ci.com/github/apache/qpid-dispatch/jobs/545969177
> {noformat}
> 66: Create 10 senders each with a different priority. ... ERROR
> 66: ERROR
> 66:
> 66: Router RouterC output file:
> 66: >>>>
> 66: =================================================================
> 66: ==21601==ERROR: AddressSanitizer: use-after-poison on address 0x61300007d828 at pc 0x0001064a6469 bp 0x70000843bca0 sp 0x70000843bc98
> 66: READ of size 8 at 0x61300007d828 thread T4
> 66: #0 0x1064a6468 in qd_link_pn container.c:1029
> 66: #1 0x1066d0e37 in CORE_link_push router_node.c:1920
> 66: #2 0x106576df6 in qdr_connection_process connections.c:414
> 66: #3 0x1064956ce in writable_handler container.c:396
> 66: #4 0x1066edb36 in thread_run server.c:1149
> 66: #5 0x7fff5fa152ea in _pthread_body (libsystem_pthread.dylib:x86_64+0x32ea)
> 66: #6 0x7fff5fa18248 in _pthread_start (libsystem_pthread.dylib:x86_64+0x6248)
> 66: #7 0x7fff5fa1440c in thread_start (libsystem_pthread.dylib:x86_64+0x240c)
> 66:
> 66: 0x61300007d828 is located 168 bytes inside of 320-byte region [0x61300007d780,0x61300007d8c0)
> 66: allocated by thread T4 here:
> 66: #0 0x106f823a7 in wrap_posix_memalign (libclang_rt.asan_osx_dynamic.dylib:x86_64+0x5f3a7)
> 66: #1 0x1064555df in qd_alloc alloc_pool.c:396
> 66: #2 0x10649691a in qd_container_handle_event container.c:75
> 66: #3 0x1066f4366 in handle server.c:1108
> 66: #4 0x1066eda23 in thread_run server.c:1133
> 66: #5 0x7fff5fa152ea in _pthread_body (libsystem_pthread.dylib:x86_64+0x32ea)
> 66: #6 0x7fff5fa18248 in _pthread_start (libsystem_pthread.dylib:x86_64+0x6248)
> 66: #7 0x7fff5fa1440c in thread_start (libsystem_pthread.dylib:x86_64+0x240c)
> 66:
> 66: Thread T4 created by T0 here:
> 66: #0 0x106f79add in wrap_pthread_create (libclang_rt.asan_osx_dynamic.dylib:x86_64+0x56add)
> 66: #1 0x106535a6d in sys_thread threading.c:181
> 66: #2 0x1066ed1af in qd_server_run server.c:1525
> 66: #3 0x1063b081e in main_process main.c:115
> 66: #4 0x1063af12b in main main.c:369
> 66: #5 0x7fff5f8213d4 in start (libdyld.dylib:x86_64+0x163d4)
> 66:
> 66: SUMMARY: AddressSanitizer: use-after-poison container.c:1029 in qd_link_pn
> 66: Shadow bytes around the buggy address:
> 66: 0x1c260000fab0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
> 66: 0x1c260000fac0: 00 00 00 00 00 00 00 00 00 00 f7 f7 f7 f7 f7 f7
> 66: 0x1c260000fad0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 00 00 00 00
> 66: 0x1c260000fae0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
> 66: 0x1c260000faf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> 66: =>0x1c260000fb00: 00 00 f7 f7 f7[f7]f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
> 66: 0x1c260000fb10: f7 f7 f7 f7 00 00 00 00 fa fa fa fa fa fa fa fa
> 66: 0x1c260000fb20: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
> 66: 0x1c260000fb30: 00 00 00 00 00 00 00 00 00 00 f7 f7 f7 f7 f7 f7
> 66: 0x1c260000fb40: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 00 00 00 00
> 66: 0x1c260000fb50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
> 66: Shadow byte legend (one shadow byte represents 8 application bytes):
> 66: Addressable: 00
> 66: Partially addressable: 01 02 03 04 05 06 07
> 66: Heap left redzone: fa
> 66: Freed heap region: fd
> 66: Stack left redzone: f1
> 66: Stack mid redzone: f2
> 66: Stack right redzone: f3
> 66: Stack after return: f5
> 66: Stack use after scope: f8
> 66: Global redzone: f9
> 66: Global init order: f6
> 66: Poisoned by user: f7
> 66: Container overflow: fc
> 66: Array cookie: ac
> 66: Intra object redzone: bb
> 66: ASan internal: fe
> 66: Left alloca redzone: ca
> 66: Right alloca redzone: cb
> 66: Shadow gap: cc
> 66: ==21601==ABORTING
> {noformat}
> essentially the same stacktrace in the same job
> {noformat}
> 27: ERROR
> 27: test_90_block_link_route_EB1_INTB (system_tests_policy_oversize_compound.MaxMessageSizeLinkRouteOversize) ... ok
> 27:
> 27: ======================================================================
> 27: ERROR: tearDownClass (system_tests_policy_oversize_compound.MaxMessageSizeBlockOversize)
> 27: ----------------------------------------------------------------------
> 27: Traceback (most recent call last):
> 27: File "/Users/travis/build/apache/qpid-dispatch/tests/system_test.py", line 836, in tearDownClass
> 27: cls.tester.teardown()
> 27: File "/Users/travis/build/apache/qpid-dispatch/tests/system_test.py", line 779, in teardown
> 27: raise RuntimeError("Errors during teardown: \n\n%s" % "\n\n".join([str(e) for e in errors]))
> 27: RuntimeError: Errors during teardown:
> 27:
> 27: Process 20948 error: exit code -6, expected -1
> 27: qdrouterd -c EB1.conf -I /Users/travis/build/apache/qpid-dispatch/python
> 27: /Users/travis/build/apache/qpid-dispatch/build/tests/system_test.dir/system_tests_policy_oversize_compound/MaxMessageSizeBlockOversize/setUpClass/EB1-4.cmd
> 27: >>>>
> 27: =================================================================
> 27: ==20948==ERROR: AddressSanitizer: use-after-poison on address 0x61300006e328 at pc 0x00010e5d0469 bp 0x7ffee1727ca0 sp 0x7ffee1727c98
> 27: READ of size 8 at 0x61300006e328 thread T0
> 27: #0 0x10e5d0468 in qd_link_pn container.c:1029
> 27: #1 0x10e7fae37 in CORE_link_push router_node.c:1920
> 27: #2 0x10e6a0df6 in qdr_connection_process connections.c:414
> 27: #3 0x10e5bf6ce in writable_handler container.c:396
> 27: #4 0x10e817b36 in thread_run server.c:1149
> 27: #5 0x10e8171fa in qd_server_run server.c:1527
> 27: #6 0x10e4da81e in main_process main.c:115
> 27: #7 0x10e4d912b in main main.c:369
> 27: #8 0x7fff5f8213d4 in start (libdyld.dylib:x86_64+0x163d4)
> 27:
> 27: 0x61300006e328 is located 168 bytes inside of 320-byte region [0x61300006e280,0x61300006e3c0)
> 27: allocated by thread T0 here:
> 27: #0 0x10f0b63a7 in wrap_posix_memalign (libclang_rt.asan_osx_dynamic.dylib:x86_64+0x5f3a7)
> 27: #1 0x10e57f5df in qd_alloc alloc_pool.c:396
> 27: #2 0x10e5c091a in qd_container_handle_event container.c:75
> 27: #3 0x10e81e366 in handle server.c:1108
> 27: #4 0x10e817a23 in thread_run server.c:1133
> 27: #5 0x10e8171fa in qd_server_run server.c:1527
> 27: #6 0x10e4da81e in main_process main.c:115
> 27: #7 0x10e4d912b in main main.c:369
> 27: #8 0x7fff5f8213d4 in start (libdyld.dylib:x86_64+0x163d4)
> 27:
> 27: SUMMARY: AddressSanitizer: use-after-poison container.c:1029 in qd_link_pn
> 27: Shadow bytes around the buggy address:
> 27: 0x1c260000dc10: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
> 27: 0x1c260000dc20: 00 00 00 00 00 00 00 00 00 00 f7 f7 f7 f7 f7 f7
> 27: 0x1c260000dc30: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 00 00 00 00
> 27: 0x1c260000dc40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
> 27: 0x1c260000dc50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> 27: =>0x1c260000dc60: 00 00 f7 f7 f7[f7]f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
> 27: 0x1c260000dc70: f7 f7 f7 f7 00 00 00 00 fa fa fa fa fa fa fa fa
> 27: 0x1c260000dc80: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
> 27: 0x1c260000dc90: 00 00 00 00 00 00 00 00 00 00 f7 f7 f7 f7 f7 f7
> 27: 0x1c260000dca0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 00 00 00 00
> 27: 0x1c260000dcb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
> 27: Shadow byte legend (one shadow byte represents 8 application bytes):
> 27: Addressable: 00
> 27: Partially addressable: 01 02 03 04 05 06 07
> 27: Heap left redzone: fa
> 27: Freed heap region: fd
> 27: Stack left redzone: f1
> 27: Stack mid redzone: f2
> 27: Stack right redzone: f3
> 27: Stack after return: f5
> 27: Stack use after scope: f8
> 27: Global redzone: f9
> 27: Global init order: f6
> 27: Poisoned by user: f7
> 27: Container overflow: fc
> 27: Array cookie: ac
> 27: Intra object redzone: bb
> 27: ASan internal: fe
> 27: Left alloca redzone: ca
> 27: Right alloca redzone: cb
> 27: Shadow gap: cc
> 27: ==20948==ABORTING
> {noformat}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org