Details
-
Bug
-
Status: Resolved
-
Blocker
-
Resolution: Fixed
-
Impala 2.11.0
-
ghx-label-1
Description
ASAN detected a heap-use-after-free in thrift-server-test in a private build.
sailesh - You made changes to this test in this change: https://gerrit.cloudera.org/#/c/7938/
Can you please have a look?
Please reach out in person if you would like to access the artifacts of the private build.
21:53:06 ================================================================= 21:53:06 ==28490==ERROR: AddressSanitizer: heap-use-after-free on address 0x60c000013318 at pc 0x00000129c04c bp 0x7fd43db71200 sp 0x7fd43db709b0 21:53:06 READ of size 103 at 0x60c000013318 thread T62 21:53:06 #0 0x129c04b in strlen /data/jenkins/workspace/verify-impala-toolchain-package-build/label/ec2-package-centos-6/toolchain/source/llvm/llvm-3.9.1.src/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:227 21:53:06 #1 0x337cc0b0a0 in _sasl_strdup (/usr/lib64/libsasl2.so.2+0x337cc0b0a0) 21:53:06 #2 0x337cc1135c in sasl_server_new (/usr/lib64/libsasl2.so.2+0x337cc1135c) 21:53:06 #3 0x19b07b5 in sasl::TSaslServer::setupSaslContext() /data/jenkins/workspace/impala-asf-master-core-asan/repos/Impala/be/src/transport/TSasl.cpp:214:16 21:53:06 #4 0x19b1fb7 in apache::thrift::transport::TSaslServerTransport::handleSaslStartMessage() /data/jenkins/workspace/impala-asf-master-core-asan/repos/Impala/be/src/transport/TSaslServerTransport.cpp:124:10 21:53:06 #5 0x19b8299 in apache::thrift::transport::TSaslTransport::doSaslNegotiation() /data/jenkins/workspace/impala-asf-master-core-asan/repos/Impala/be/src/transport/TSaslTransport.cpp:81:7 21:53:06 #6 0x19b273a in apache::thrift::transport::TSaslServerTransport::Factory::getTransport(boost::shared_ptr<apache::thrift::transport::TTransport>) /data/jenkins/workspace/impala-asf-master-core-asan/repos/Impala/be/src/transport/TSaslServerTransport.cpp:174:24 21:53:06 #7 0x163ba86 in apache::thrift::server::TAcceptQueueServer::SetupConnection(boost::shared_ptr<apache::thrift::transport::TTransport>) /data/jenkins/workspace/impala-asf-master-core-asan/repos/Impala/be/src/rpc/TAcceptQueueServer.cpp:146:46 21:53:06 #8 0x163dc32 in apache::thrift::server::TAcceptQueueServer::serve()::$_0::operator()(int, boost::shared_ptr<apache::thrift::transport::TTransport> const&) const /data/jenkins/workspace/impala-asf-master-core-asan/repos/Impala/be/src/rpc/TAcceptQueueServer.cpp:220:15 21:53:06 #9 0x1645b43 in boost::function2<void, int, boost::shared_ptr<apache::thrift::transport::TTransport> const&>::operator()(int, boost::shared_ptr<apache::thrift::transport::TTransport> const&) const /data/jenkins/workspace/impala-asf-master-core-asan/Impala-Toolchain/boost-1.57.0-p3/include/boost/function/function_template.hpp:766:14 21:53:06 #10 0x1644ba5 in impala::ThreadPool<boost::shared_ptr<apache::thrift::transport::TTransport> >::WorkerThread(int) /data/jenkins/workspace/impala-asf-master-core-asan/repos/Impala/be/src/util/thread-pool.h:152:9 21:53:06 #11 0x1645141 in boost::_bi::bind_t<void, boost::_mfi::mf1<void, impala::ThreadPool<boost::shared_ptr<apache::thrift::transport::TTransport> >, int>, boost::_bi::list2<boost::_bi::value<impala::ThreadPool<boost::shared_ptr<apache::thrift::transport::TTransport> >*>, boost::_bi::value<int> > >::operator()() /data/jenkins/workspace/impala-asf-master-core-asan/Impala-Toolchain/boost-1.57.0-p3/include/boost/bind/bind_template.hpp:20:16 21:53:06 #12 0x15e2622 in boost::function0<void>::operator()() const /data/jenkins/workspace/impala-asf-master-core-asan/Impala-Toolchain/boost-1.57.0-p3/include/boost/function/function_template.hpp:766:14 21:53:06 #13 0x1a89e47 in impala::Thread::SuperviseThread(std::string const&, std::string const&, boost::function<void ()>, impala::Promise<long>*) /data/jenkins/workspace/impala-asf-master-core-asan/repos/Impala/be/src/util/thread.cc:352:3 21:53:06 #14 0x1a94bb5 in void boost::_bi::list4<boost::_bi::value<std::string>, boost::_bi::value<std::string>, boost::_bi::value<boost::function<void ()> >, boost::_bi::value<impala::Promise<long>*> >::operator()<void (*)(std::string const&, std::string const&, boost::function<void ()>, impala::Promise<long>*), boost::_bi::list0>(boost::_bi::type<void>, void (*&)(std::string const&, std::string const&, boost::function<void ()>, impala::Promise<long>*), boost::_bi::list0&, int) /data/jenkins/workspace/impala-asf-master-core-asan/Impala-Toolchain/boost-1.57.0-p3/include/boost/bind/bind.hpp:457:9 21:53:06 #15 0x1a94a31 in boost::_bi::bind_t<void, void (*)(std::string const&, std::string const&, boost::function<void ()>, impala::Promise<long>*), boost::_bi::list4<boost::_bi::value<std::string>, boost::_bi::value<std::string>, boost::_bi::value<boost::function<void ()> >, boost::_bi::value<impala::Promise<long>*> > >::operator()() /data/jenkins/workspace/impala-asf-master-core-asan/Impala-Toolchain/boost-1.57.0-p3/include/boost/bind/bind_template.hpp:20:16 21:53:06 #16 0x2407ba9 in thread_proxy (/data/jenkins/workspace/impala-asf-master-core-asan/repos/Impala/be/build/debug/rpc/thrift-server-test+0x2407ba9) 21:53:06 #17 0x3379c07850 in start_thread (/lib64/libpthread.so.0+0x3379c07850) 21:53:06 #18 0x33798e894c in clone (/lib64/libc.so.6+0x33798e894c) 21:53:06 21:53:06 0x60c000013318 is located 24 bytes inside of 127-byte region [0x60c000013300,0x60c00001337f) 21:53:06 freed by thread T0 here: 21:53:06 #0 0x13459a0 in operator delete(void*) /data/jenkins/workspace/verify-impala-toolchain-package-build/label/ec2-package-centos-6/toolchain/source/llvm/llvm-3.9.1.src/projects/compiler-rt/lib/asan/asan_new_delete.cc:110 21:53:06 #1 0x135f4d0 in ThriftParamsTest::SetUp() /data/jenkins/workspace/impala-asf-master-core-asan/repos/Impala/be/src/rpc/thrift-server-test.cc:141:3 21:53:06 #2 0x331fec2 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) (/data/jenkins/workspace/impala-asf-master-core-asan/repos/Impala/be/build/debug/rpc/thrift-server-test+0x331fec2) 21:53:06 21:53:06 previously allocated by thread T0 here: 21:53:06 #0 0x1345320 in operator new(unsigned long) /data/jenkins/workspace/verify-impala-toolchain-package-build/label/ec2-package-centos-6/toolchain/source/llvm/llvm-3.9.1.src/projects/compiler-rt/lib/asan/asan_new_delete.cc:78 21:53:06 #1 0x7fd4532e4c48 in __gnu_cxx::new_allocator<char>::allocate(unsigned long, void const*) /data/jenkins/workspace/verify-impala-toolchain-package-build/label/ec2-package-centos-6/toolchain/source/gcc/build-4.9.2/x86_64-unknown-linux-gnu/libstdc++-v3/include/ext/new_allocator.h:104 21:53:06 #2 0x7fd4532e4c48 in std::string::_Rep::_S_create(unsigned long, unsigned long, std::allocator<char> const&) /data/jenkins/workspace/verify-impala-toolchain-package-build/label/ec2-package-centos-6/toolchain/source/gcc/build-4.9.2/x86_64-unknown-linux-gnu/libstdc++-v3/include/bits/basic_string.tcc:607 21:53:06 21:53:06 Thread T62 created by T61 here: 21:53:06 #0 0x12679ed in __interceptor_pthread_create /data/jenkins/workspace/verify-impala-toolchain-package-build/label/ec2-package-centos-6/toolchain/source/llvm/llvm-3.9.1.src/projects/compiler-rt/lib/asan/asan_interceptors.cc:245 21:53:06 #1 0x2406f89 in boost::thread::start_thread_noexcept() (/data/jenkins/workspace/impala-asf-master-core-asan/repos/Impala/be/build/debug/rpc/thrift-server-test+0x2406f89) 21:53:06 21:53:06 Thread T61 created by T0 here: 21:53:06 #0 0x12679ed in __interceptor_pthread_create /data/jenkins/workspace/verify-impala-toolchain-package-build/label/ec2-package-centos-6/toolchain/source/llvm/llvm-3.9.1.src/projects/compiler-rt/lib/asan/asan_interceptors.cc:245 21:53:06 #1 0x2406f89 in boost::thread::start_thread_noexcept() (/data/jenkins/workspace/impala-asf-master-core-asan/repos/Impala/be/build/debug/rpc/thrift-server-test+0x2406f89) 21:53:06 21:53:06 SUMMARY: AddressSanitizer: heap-use-after-free /data/jenkins/workspace/verify-impala-toolchain-package-build/label/ec2-package-centos-6/toolchain/source/llvm/llvm-3.9.1.src/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:227 in strlen 21:53:06 Shadow bytes around the buggy address: 21:53:06 0x0c187fffa610: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00 21:53:06 0x0c187fffa620: 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa fa 21:53:06 0x0c187fffa630: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa 21:53:06 0x0c187fffa640: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd 21:53:06 0x0c187fffa650: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa 21:53:06 =>0x0c187fffa660: fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd 21:53:06 0x0c187fffa670: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd 21:53:06 0x0c187fffa680: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa 21:53:06 0x0c187fffa690: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 21:53:06 0x0c187fffa6a0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00 21:53:06 0x0c187fffa6b0: 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa fa 21:53:06 Shadow byte legend (one shadow byte represents 8 application bytes): 21:53:06 Addressable: 00 21:53:06 Partially addressable: 01 02 03 04 05 06 07 21:53:06 Heap left redzone: fa 21:53:06 Heap right redzone: fb 21:53:06 Freed heap region: fd 21:53:06 Stack left redzone: f1 21:53:06 Stack mid redzone: f2 21:53:06 Stack right redzone: f3 21:53:06 Stack partial redzone: f4 21:53:06 Stack after return: f5 21:53:06 Stack use after scope: f8 21:53:06 Global redzone: f9 21:53:06 Global init order: f6 21:53:06 Poisoned by user: f7 21:53:06 Container overflow: fc 21:53:06 Array cookie: ac 21:53:06 Intra object redzone: bb 21:53:06 ASan internal: fe 21:53:06 Left alloca redzone: ca 21:53:06 Right alloca redzone: cb 21:53:06 ==28490==ABORTING