[ https://issues.apache.org/jira/browse/IMPALA-6126?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sailesh Mukil resolved IMPALA-6126. ----------------------------------- Resolution: Fixed Commit in: https://github.com/apache/incubator-impala/commit/1b0852c9d65c62b21df7bf7a9b1398052d5a1396 > ASAN detects heap-use-after-free in thrift-server-test > ------------------------------------------------------ > > Key: IMPALA-6126 > URL: https://issues.apache.org/jira/browse/IMPALA-6126 > Project: IMPALA > Issue Type: Bug > Components: Backend > Affects Versions: Impala 2.11.0 > Reporter: Lars Volker > Assignee: Sailesh Mukil > Priority: Blocker > Labels: broken-build > > ASAN detected a heap-use-after-free in thrift-server-test in a private build. > [~sailesh] - You made changes to this test in this change: > https://gerrit.cloudera.org/#/c/7938/ > Can you please have a look? > Please reach out in person if you would like to access the artifacts of the > private build. > {noformat} > 21:53:06 ================================================================= > 21:53:06 ==28490==ERROR: AddressSanitizer: heap-use-after-free on address > 0x60c000013318 at pc 0x00000129c04c bp 0x7fd43db71200 sp 0x7fd43db709b0 > 21:53:06 READ of size 103 at 0x60c000013318 thread T62 > 21:53:06 #0 0x129c04b in strlen > /data/jenkins/workspace/verify-impala-toolchain-package-build/label/ec2-package-centos-6/toolchain/source/llvm/llvm-3.9.1.src/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:227 > 21:53:06 #1 0x337cc0b0a0 in _sasl_strdup > (/usr/lib64/libsasl2.so.2+0x337cc0b0a0) > 21:53:06 #2 0x337cc1135c in sasl_server_new > (/usr/lib64/libsasl2.so.2+0x337cc1135c) > 21:53:06 #3 0x19b07b5 in sasl::TSaslServer::setupSaslContext() > /data/jenkins/workspace/impala-asf-master-core-asan/repos/Impala/be/src/transport/TSasl.cpp:214:16 > 21:53:06 #4 0x19b1fb7 in > apache::thrift::transport::TSaslServerTransport::handleSaslStartMessage() > /data/jenkins/workspace/impala-asf-master-core-asan/repos/Impala/be/src/transport/TSaslServerTransport.cpp:124:10 > 21:53:06 #5 0x19b8299 in > apache::thrift::transport::TSaslTransport::doSaslNegotiation() > /data/jenkins/workspace/impala-asf-master-core-asan/repos/Impala/be/src/transport/TSaslTransport.cpp:81:7 > 21:53:06 #6 0x19b273a in > apache::thrift::transport::TSaslServerTransport::Factory::getTransport(boost::shared_ptr<apache::thrift::transport::TTransport>) > > /data/jenkins/workspace/impala-asf-master-core-asan/repos/Impala/be/src/transport/TSaslServerTransport.cpp:174:24 > 21:53:06 #7 0x163ba86 in > apache::thrift::server::TAcceptQueueServer::SetupConnection(boost::shared_ptr<apache::thrift::transport::TTransport>) > > /data/jenkins/workspace/impala-asf-master-core-asan/repos/Impala/be/src/rpc/TAcceptQueueServer.cpp:146:46 > 21:53:06 #8 0x163dc32 in > apache::thrift::server::TAcceptQueueServer::serve()::$_0::operator()(int, > boost::shared_ptr<apache::thrift::transport::TTransport> const&) const > /data/jenkins/workspace/impala-asf-master-core-asan/repos/Impala/be/src/rpc/TAcceptQueueServer.cpp:220:15 > 21:53:06 #9 0x1645b43 in boost::function2<void, int, > boost::shared_ptr<apache::thrift::transport::TTransport> > const&>::operator()(int, > boost::shared_ptr<apache::thrift::transport::TTransport> const&) const > /data/jenkins/workspace/impala-asf-master-core-asan/Impala-Toolchain/boost-1.57.0-p3/include/boost/function/function_template.hpp:766:14 > 21:53:06 #10 0x1644ba5 in > impala::ThreadPool<boost::shared_ptr<apache::thrift::transport::TTransport> > >::WorkerThread(int) > /data/jenkins/workspace/impala-asf-master-core-asan/repos/Impala/be/src/util/thread-pool.h:152:9 > 21:53:06 #11 0x1645141 in boost::_bi::bind_t<void, boost::_mfi::mf1<void, > impala::ThreadPool<boost::shared_ptr<apache::thrift::transport::TTransport> > >, int>, > boost::_bi::list2<boost::_bi::value<impala::ThreadPool<boost::shared_ptr<apache::thrift::transport::TTransport> > >*>, boost::_bi::value<int> > >::operator()() > /data/jenkins/workspace/impala-asf-master-core-asan/Impala-Toolchain/boost-1.57.0-p3/include/boost/bind/bind_template.hpp:20:16 > 21:53:06 #12 0x15e2622 in boost::function0<void>::operator()() const > /data/jenkins/workspace/impala-asf-master-core-asan/Impala-Toolchain/boost-1.57.0-p3/include/boost/function/function_template.hpp:766:14 > 21:53:06 #13 0x1a89e47 in impala::Thread::SuperviseThread(std::string > const&, std::string const&, boost::function<void ()>, impala::Promise<long>*) > /data/jenkins/workspace/impala-asf-master-core-asan/repos/Impala/be/src/util/thread.cc:352:3 > 21:53:06 #14 0x1a94bb5 in void > boost::_bi::list4<boost::_bi::value<std::string>, > boost::_bi::value<std::string>, boost::_bi::value<boost::function<void ()> >, > boost::_bi::value<impala::Promise<long>*> >::operator()<void (*)(std::string > const&, std::string const&, boost::function<void ()>, > impala::Promise<long>*), boost::_bi::list0>(boost::_bi::type<void>, void > (*&)(std::string const&, std::string const&, boost::function<void ()>, > impala::Promise<long>*), boost::_bi::list0&, int) > /data/jenkins/workspace/impala-asf-master-core-asan/Impala-Toolchain/boost-1.57.0-p3/include/boost/bind/bind.hpp:457:9 > 21:53:06 #15 0x1a94a31 in boost::_bi::bind_t<void, void (*)(std::string > const&, std::string const&, boost::function<void ()>, > impala::Promise<long>*), boost::_bi::list4<boost::_bi::value<std::string>, > boost::_bi::value<std::string>, boost::_bi::value<boost::function<void ()> >, > boost::_bi::value<impala::Promise<long>*> > >::operator()() > /data/jenkins/workspace/impala-asf-master-core-asan/Impala-Toolchain/boost-1.57.0-p3/include/boost/bind/bind_template.hpp:20:16 > 21:53:06 #16 0x2407ba9 in thread_proxy > (/data/jenkins/workspace/impala-asf-master-core-asan/repos/Impala/be/build/debug/rpc/thrift-server-test+0x2407ba9) > 21:53:06 #17 0x3379c07850 in start_thread > (/lib64/libpthread.so.0+0x3379c07850) > 21:53:06 #18 0x33798e894c in clone (/lib64/libc.so.6+0x33798e894c) > 21:53:06 > 21:53:06 0x60c000013318 is located 24 bytes inside of 127-byte region > [0x60c000013300,0x60c00001337f) > 21:53:06 freed by thread T0 here: > 21:53:06 #0 0x13459a0 in operator delete(void*) > /data/jenkins/workspace/verify-impala-toolchain-package-build/label/ec2-package-centos-6/toolchain/source/llvm/llvm-3.9.1.src/projects/compiler-rt/lib/asan/asan_new_delete.cc:110 > 21:53:06 #1 0x135f4d0 in ThriftParamsTest::SetUp() > /data/jenkins/workspace/impala-asf-master-core-asan/repos/Impala/be/src/rpc/thrift-server-test.cc:141:3 > 21:53:06 #2 0x331fec2 in void > testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, > void>(testing::Test*, void (testing::Test::*)(), char const*) > (/data/jenkins/workspace/impala-asf-master-core-asan/repos/Impala/be/build/debug/rpc/thrift-server-test+0x331fec2) > 21:53:06 > 21:53:06 previously allocated by thread T0 here: > 21:53:06 #0 0x1345320 in operator new(unsigned long) > /data/jenkins/workspace/verify-impala-toolchain-package-build/label/ec2-package-centos-6/toolchain/source/llvm/llvm-3.9.1.src/projects/compiler-rt/lib/asan/asan_new_delete.cc:78 > 21:53:06 #1 0x7fd4532e4c48 in > __gnu_cxx::new_allocator<char>::allocate(unsigned long, void const*) > /data/jenkins/workspace/verify-impala-toolchain-package-build/label/ec2-package-centos-6/toolchain/source/gcc/build-4.9.2/x86_64-unknown-linux-gnu/libstdc++-v3/include/ext/new_allocator.h:104 > 21:53:06 #2 0x7fd4532e4c48 in std::string::_Rep::_S_create(unsigned long, > unsigned long, std::allocator<char> const&) > /data/jenkins/workspace/verify-impala-toolchain-package-build/label/ec2-package-centos-6/toolchain/source/gcc/build-4.9.2/x86_64-unknown-linux-gnu/libstdc++-v3/include/bits/basic_string.tcc:607 > 21:53:06 > 21:53:06 Thread T62 created by T61 here: > 21:53:06 #0 0x12679ed in __interceptor_pthread_create > /data/jenkins/workspace/verify-impala-toolchain-package-build/label/ec2-package-centos-6/toolchain/source/llvm/llvm-3.9.1.src/projects/compiler-rt/lib/asan/asan_interceptors.cc:245 > 21:53:06 #1 0x2406f89 in boost::thread::start_thread_noexcept() > (/data/jenkins/workspace/impala-asf-master-core-asan/repos/Impala/be/build/debug/rpc/thrift-server-test+0x2406f89) > 21:53:06 > 21:53:06 Thread T61 created by T0 here: > 21:53:06 #0 0x12679ed in __interceptor_pthread_create > /data/jenkins/workspace/verify-impala-toolchain-package-build/label/ec2-package-centos-6/toolchain/source/llvm/llvm-3.9.1.src/projects/compiler-rt/lib/asan/asan_interceptors.cc:245 > 21:53:06 #1 0x2406f89 in boost::thread::start_thread_noexcept() > (/data/jenkins/workspace/impala-asf-master-core-asan/repos/Impala/be/build/debug/rpc/thrift-server-test+0x2406f89) > 21:53:06 > 21:53:06 SUMMARY: AddressSanitizer: heap-use-after-free > /data/jenkins/workspace/verify-impala-toolchain-package-build/label/ec2-package-centos-6/toolchain/source/llvm/llvm-3.9.1.src/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:227 > in strlen > 21:53:06 Shadow bytes around the buggy address: > 21:53:06 0x0c187fffa610: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00 > 21:53:06 0x0c187fffa620: 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa fa > 21:53:06 0x0c187fffa630: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa > 21:53:06 0x0c187fffa640: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd > 21:53:06 0x0c187fffa650: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa > 21:53:06 =>0x0c187fffa660: fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd > 21:53:06 0x0c187fffa670: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd > 21:53:06 0x0c187fffa680: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa > 21:53:06 0x0c187fffa690: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd > 21:53:06 0x0c187fffa6a0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00 > 21:53:06 0x0c187fffa6b0: 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa fa > 21:53:06 Shadow byte legend (one shadow byte represents 8 application bytes): > 21:53:06 Addressable: 00 > 21:53:06 Partially addressable: 01 02 03 04 05 06 07 > 21:53:06 Heap left redzone: fa > 21:53:06 Heap right redzone: fb > 21:53:06 Freed heap region: fd > 21:53:06 Stack left redzone: f1 > 21:53:06 Stack mid redzone: f2 > 21:53:06 Stack right redzone: f3 > 21:53:06 Stack partial redzone: f4 > 21:53:06 Stack after return: f5 > 21:53:06 Stack use after scope: f8 > 21:53:06 Global redzone: f9 > 21:53:06 Global init order: f6 > 21:53:06 Poisoned by user: f7 > 21:53:06 Container overflow: fc > 21:53:06 Array cookie: ac > 21:53:06 Intra object redzone: bb > 21:53:06 ASan internal: fe > 21:53:06 Left alloca redzone: ca > 21:53:06 Right alloca redzone: cb > 21:53:06 ==28490==ABORTING > {noformat} -- This message was sent by Atlassian JIRA (v6.4.14#64029)