Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
0.8.0
-
None
-
None
Description
(1) start two connected routers
(2) connect to one and open a sending link to the managament agent on the other
(3) kill that other router
(4) wait for some time until the killed router is removed from the first router
(5) detach the management link
You now get a double delete of an address hash with something like the following:
==1== Thread 2: ==1== Invalid free() / delete / delete[] / realloc() ==1== at 0x4C2ED4A: free (vg_replace_malloc.c:530) ==1== by 0x4E616A8: qd_hash_remove_by_handle (hash.c:328) ==1== by 0x4E7938E: qdr_core_remove_address (router_core.c:323) ==1== by 0x4E759E0: qdr_link_inbound_detach_CT (connections.c:1711) ==1== by 0x4E79C24: router_core_thread (router_core_thread.c:83) ==1== by 0x54EA739: start_thread (in /usr/lib64/libpthread-2.24.so) ==1== by 0x6055E7E: clone (in /usr/lib64/libc-2.24.so) ==1== Address 0x9c4ba10 is 0 bytes inside a block of size 41 free'd ==1== at 0x4C2ED4A: free (vg_replace_malloc.c:530) ==1== by 0x4E616A8: qd_hash_remove_by_handle (hash.c:328) ==1== by 0x4E7938E: qdr_core_remove_address (router_core.c:323) ==1== by 0x4E79CCF: router_core_thread (router_core_thread.c:83) ==1== by 0x54EA739: start_thread (in /usr/lib64/libpthread-2.24.so) ==1== by 0x6055E7E: clone (in /usr/lib64/libc-2.24.so) ==1== Block was alloc'd at ==1== at 0x4C2DB9D: malloc (vg_replace_malloc.c:299) ==1== by 0x4E6292B: qd_iterator_copy (iterator.c:737) ==1== by 0x4E61423: qd_hash_internal_insert (hash.c:146) ==1== by 0x4E61423: qd_hash_insert_const (hash.c:187) ==1== by 0x4E7A259: qdr_add_router_CT (route_tables.c:288) ==1== by 0x4E79CCF: router_core_thread (router_core_thread.c:83) ==1== by 0x54EA739: start_thread (in /usr/lib64/libpthread-2.24.so) ==1== by 0x6055E7E: clone (in /usr/lib64/libc-2.24.so) ==1==