[DISPATCH-2032] router_core/delivery.c:1083:25: runtime error: load of value 153, which is not a valid value for type '_Bool' in system_tests_link_routes - ASF JIRA

Details

Type: Test
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 1.16.0
Fix Version/s: 1.16.0
Component/s: None
Labels:
None

Description

https://travis-ci.com/github/apache/qpid-dispatch/jobs/495867991#L2790

14: /home/travis/build/apache/qpid-dispatch/src/router_core/delivery.c:1083:25: runtime error: load of value 153, which is not a valid value for type '_Bool'
14:     #0 0x7f6c1a7dd9f5 in qdr_delivery_continue_peers_CT /home/travis/build/apache/qpid-dispatch/src/router_core/delivery.c:1083
14:     #1 0x7f6c1a7ddf89 in qdr_delivery_continue_CT /home/travis/build/apache/qpid-dispatch/src/router_core/delivery.c:1126
14:     #2 0x7f6c1a827c15 in router_core_thread /home/travis/build/apache/qpid-dispatch/src/router_core/router_core_thread.c:239
14:     #3 0x7f6c1a7799c7 in _thread_init /home/travis/build/apache/qpid-dispatch/src/posix/threading.c:172
14:     #4 0x7f6c1a13f6b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
14:     #5 0x7f6c1916841c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x10741c)
14: 
14: SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/travis/build/apache/qpid-dispatch/src/router_core/delivery.c:1083

Here's a better trace from the poison PR, https://travis-ci.com/github/apache/qpid-dispatch/jobs/499988015#L3214

14: ==12594==ERROR: AddressSanitizer: use-after-poison on address 0x61200011c979 at pc 0x7feb8270c914 bp 0x7feb7996c230 sp 0x7feb7996c220
14: READ of size 1 at 0x61200011c979 thread T1
14:     #0 0x7feb8270c913 in qdr_delivery_continue_peers_CT /home/travis/build/apache/qpid-dispatch/src/router_core/delivery.c:1084
14:     #1 0x7feb8270cec1 in qdr_delivery_continue_CT /home/travis/build/apache/qpid-dispatch/src/router_core/delivery.c:1127
14:     #2 0x7feb82757524 in router_core_thread /home/travis/build/apache/qpid-dispatch/src/router_core/router_core_thread.c:239
14:     #3 0x7feb826a8423 in _thread_init /home/travis/build/apache/qpid-dispatch/src/posix/threading.c:172
14:     #4 0x7feb8206c6b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
14:     #5 0x7feb8109541c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x10741c)
14: 
14: 0x61200011c979 is located 185 bytes inside of 256-byte region [0x61200011c8c0,0x61200011c9c0)
14: allocated by thread T1 here:
14:     #0 0x7feb82ee3076 in __interceptor_posix_memalign (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99076)
14:     #1 0x7feb82614f7d in qd_alloc /home/travis/build/apache/qpid-dispatch/src/alloc_pool.c:398
14:     #2 0x7feb8273cc79 in new_qdr_link_work_t /home/travis/build/apache/qpid-dispatch/src/router_core/router_core.c:38
14:     #3 0x7feb82724878 in qdr_forward_deliver_CT /home/travis/build/apache/qpid-dispatch/src/router_core/forwarder.c:278
14:     #4 0x7feb8277512b in qdr_link_deliver_CT /home/travis/build/apache/qpid-dispatch/src/router_core/transfer.c:781
14:     #5 0x7feb82757524 in router_core_thread /home/travis/build/apache/qpid-dispatch/src/router_core/router_core_thread.c:239
14:     #6 0x7feb826a8423 in _thread_init /home/travis/build/apache/qpid-dispatch/src/posix/threading.c:172
14:     #7 0x7feb8206c6b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
14: 
14: Thread T1 created by T0 here:
14:     #0 0x7feb82e80253 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x36253)
14:     #1 0x7feb826a8527 in sys_thread /home/travis/build/apache/qpid-dispatch/src/posix/threading.c:181
14:     #2 0x7feb8273db7d in qdr_core /home/travis/build/apache/qpid-dispatch/src/router_core/router_core.c:122
14:     #3 0x7feb827b9094 in qd_router_setup_late /home/travis/build/apache/qpid-dispatch/src/router_node.c:2119
14:     #4 0x7feb7a955e3f in ffi_call_unix64 (/usr/lib/x86_64-linux-gnu/libffi.so.6+0x5e3f)
14:     #5 0x7fffa73c5f6f  (<unknown module>)
14: 
14: SUMMARY: AddressSanitizer: use-after-poison /home/travis/build/apache/qpid-dispatch/src/router_core/delivery.c:1084 qdr_delivery_continue_peers_CT

And here's trace from the free_list == 0 PR, it includes a free() stack https://travis-ci.com/github/apache/qpid-dispatch/jobs/499988186#L3244

14: ==12202==ERROR: AddressSanitizer: heap-use-after-free on address 0x61200012d179 at pc 0x7f578a431fbb bp 0x7f57816c8230 sp 0x7f57816c8220
14: READ of size 1 at 0x61200012d179 thread T1
14:     #0 0x7f578a431fba in qdr_delivery_continue_peers_CT /home/travis/build/apache/qpid-dispatch/src/router_core/delivery.c:1084
14:     #1 0x7f578a432568 in qdr_delivery_continue_CT /home/travis/build/apache/qpid-dispatch/src/router_core/delivery.c:1127
14:     #2 0x7f578a47cbcb in router_core_thread /home/travis/build/apache/qpid-dispatch/src/router_core/router_core_thread.c:239
14:     #3 0x7f578a3cdaca in _thread_init /home/travis/build/apache/qpid-dispatch/src/posix/threading.c:172
14:     #4 0x7f5789d926b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
14:     #5 0x7f5788dbb41c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x10741c)
14: 
14: 0x61200012d179 is located 185 bytes inside of 256-byte region [0x61200012d0c0,0x61200012d1c0)
14: freed by thread T0 here:
14:     #0 0x7f578ac072ca in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x982ca)
14:     #1 0x7f578a33d461 in qd_dealloc /home/travis/build/apache/qpid-dispatch/src/alloc_pool.c:504
14:     #2 0x7f578a462358 in free_qdr_link_work_t /home/travis/build/apache/qpid-dispatch/src/router_core/router_core.c:38
14:     #3 0x7f578a3ffaf9 in qdr_connection_process /home/travis/build/apache/qpid-dispatch/src/router_core/connections.c:446
14:     #4 0x7f578a4d4ae5 in AMQP_writable_conn_handler /home/travis/build/apache/qpid-dispatch/src/router_node.c:296
14:     #5 0x7f578a35f45e in writable_handler /home/travis/build/apache/qpid-dispatch/src/container.c:395
14:     #6 0x7f578a362eac in qd_container_handle_event /home/travis/build/apache/qpid-dispatch/src/container.c:747
14:     #7 0x7f578a4f0339 in handle /home/travis/build/apache/qpid-dispatch/src/server.c:1095
14:     #8 0x7f578a4f0509 in thread_run /home/travis/build/apache/qpid-dispatch/src/server.c:1120
14:     #9 0x7f578a4f5d3b in qd_server_run /home/travis/build/apache/qpid-dispatch/src/server.c:1487
14:     #10 0x401db0 in main_process /home/travis/build/apache/qpid-dispatch/router/src/main.c:115
14:     #11 0x403917 in main /home/travis/build/apache/qpid-dispatch/router/src/main.c:369
14:     #12 0x7f5788cd482f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
14: 
14: previously allocated by thread T1 here:
14:     #0 0x7f578ac08076 in __interceptor_posix_memalign (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x99076)
14:     #1 0x7f578a33a7d6 in qd_alloc /home/travis/build/apache/qpid-dispatch/src/alloc_pool.c:399
14:     #2 0x7f578a462320 in new_qdr_link_work_t /home/travis/build/apache/qpid-dispatch/src/router_core/router_core.c:38
14:     #3 0x7f578a449f1f in qdr_forward_deliver_CT /home/travis/build/apache/qpid-dispatch/src/router_core/forwarder.c:278
14:     #4 0x7f578a49a7d2 in qdr_link_deliver_CT /home/travis/build/apache/qpid-dispatch/src/router_core/transfer.c:781
14:     #5 0x7f578a47cbcb in router_core_thread /home/travis/build/apache/qpid-dispatch/src/router_core/router_core_thread.c:239
14:     #6 0x7f578a3cdaca in _thread_init /home/travis/build/apache/qpid-dispatch/src/posix/threading.c:172
14:     #7 0x7f5789d926b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
14: 
14: Thread T1 created by T0 here:
14:     #0 0x7f578aba5253 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x36253)
14:     #1 0x7f578a3cdbce in sys_thread /home/travis/build/apache/qpid-dispatch/src/posix/threading.c:181
14:     #2 0x7f578a463224 in qdr_core /home/travis/build/apache/qpid-dispatch/src/router_core/router_core.c:122
14:     #3 0x7f578a4de73b in qd_router_setup_late /home/travis/build/apache/qpid-dispatch/src/router_node.c:2119
14:     #4 0x7f5782655e3f in ffi_call_unix64 (/usr/lib/x86_64-linux-gnu/libffi.so.6+0x5e3f)
14:     #5 0x7ffe07eca26f  (<unknown module>)
14: 
14: SUMMARY: AddressSanitizer: heap-use-after-free /home/travis/build/apache/qpid-dispatch/src/router_core/delivery.c:1084 qdr_delivery_continue_peers_CT
14: Shadow bytes around the buggy address:
14:   0x0c248001d9d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
14:   0x0c248001d9e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
14:   0x0c248001d9f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
14:   0x0c248001da00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
14:   0x0c248001da10: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
14: =>0x0c248001da20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]
14:   0x0c248001da30: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
14:   0x0c248001da40: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
14:   0x0c248001da50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
14:   0x0c248001da60: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
14:   0x0c248001da70: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
14: Shadow byte legend (one shadow byte represents 8 application bytes):
14:   Addressable:           00
14:   Partially addressable: 01 02 03 04 05 06 07 
14:   Heap left redzone:       fa
14:   Heap right redzone:      fb
14:   Freed heap region:       fd
14:   Stack left redzone:      f1
14:   Stack mid redzone:       f2
14:   Stack right redzone:     f3
14:   Stack partial redzone:   f4
14:   Stack after return:      f5
14:   Stack use after scope:   f8
14:   Global redzone:          f9
14:   Global init order:       f6
14:   Poisoned by user:        f7
14:   Container overflow:      fc
14:   Array cookie:            ac
14:   Intra object redzone:    bb
14:   ASan internal:           fe
14: ==12202==ABORTING

Attachments

Issue Links

fixes

DISPATCH-1259 delivery->link_work race condition

Resolved

router_core/delivery.c:1083:25: runtime error: load of value 153, which is not a valid value for type '_Bool' in system_tests_link_routes

Details

Description

Attachments

Issue Links

Activity

People

Dates