You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I saw this while running ATS in docs with ASan enabled and h3 configured via Alt-Svc:
[Apr 8 17:27:16.716] [ET_NET 5] DIAG: <Http3Transaction.cc:438 (~Http3Transaction)> (http3_trans) [] [18] Delete transaction
=================================================================
==1824542==ERROR: AddressSanitizer: heap-use-after-free on address 0x6260000c61a8 at pc 0x5556bb7b13f0 bp 0x7f2e7a86eac0 sp 0x7f2e7a86eab0
READ of size 8 at 0x6260000c61a8 thread T7 ([ET_NET 5])
#0 0x5556bb7b13ef in HQSession::main_event_handler(int, void*) /home/bneradt/src/trafficserver_10/src/proxy/http3/Http3Session.cc:165
#1 0x5556badbc70a in Continuation::handleEvent(int, void*) /home/bneradt/src/trafficserver_10/include/iocore/eventsystem/Continuation.h:228
#2 0x5556bb637026 in QUICNetVConnection::_propagate_event(int) /home/bneradt/src/trafficserver_10/src/iocore/net/QUICNetVConnection.cc:264
#3 0x5556bb6362c4 in QUICNetVConnection::state_established(int, Event*) /home/bneradt/src/trafficserver_10/src/iocore/net/QUICNetVConnection.cc:211
#4 0x5556badbc70a in Continuation::handleEvent(int, void*) /home/bneradt/src/trafficserver_10/include/iocore/eventsystem/Continuation.h:228
#5 0x5556bb7389ce in EThread::process_event(Event*, int) /home/bneradt/src/trafficserver_10/src/iocore/eventsystem/UnixEThread.cc:162
#6 0x5556bb738f22 in EThread::process_queue(Queue<Event, Event::Link_link>*, int*, int*) /home/bneradt/src/trafficserver_10/src/iocore/eventsystem/UnixEThread.cc:197
#7 0x5556bb7396d6 in EThread::execute_regular() /home/bneradt/src/trafficserver_10/src/iocore/eventsystem/UnixEThread.cc:276
#8 0x5556bb739f65 in EThread::execute() /home/bneradt/src/trafficserver_10/src/iocore/eventsystem/UnixEThread.cc:348
#9 0x5556bb736d7b in spawn_thread_internal /home/bneradt/src/trafficserver_10/src/iocore/eventsystem/Thread.cc:68
#10 0x7f2e81bf7608 in start_thread /build/glibc-BHL3KM/glibc-2.31/nptl/pthread_create.c:477
#11 0x7f2e81b1c132 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x11f132)
0x6260000c61a8 is located 168 bytes inside of 10968-byte region [0x6260000c6100,0x6260000c8bd8)
freed by thread T7 ([ET_NET 5]) here:
#0 0x7f2e82a98c65 in operator delete(void*, unsigned long) ../../../../src/libsanitizer/asan/asan_new_delete.cc:177
#1 0x5556bb7b8fa4 in Http3Transaction::~Http3Transaction() /home/bneradt/src/trafficserver_10/src/proxy/http3/Http3Transaction.cc:451
#2 0x5556bb7b82b2 in HQTransaction::_delete_if_possible() /home/bneradt/src/trafficserver_10/src/proxy/http3/Http3Transaction.cc:403
#3 0x5556bb7bb2f7 in Http3Transaction::state_stream_closed(int, Event*) /home/bneradt/src/trafficserver_10/src/proxy/http3/Http3Transaction.cc:547
#4 0x5556badbc70a in Continuation::handleEvent(int, void*) /home/bneradt/src/trafficserver_10/include/iocore/eventsystem/Continuation.h:228
#5 0x5556bb7b13a4 in HQSession::main_event_handler(int, void*) /home/bneradt/src/trafficserver_10/src/proxy/http3/Http3Session.cc:167
#6 0x5556badbc70a in Continuation::handleEvent(int, void*) /home/bneradt/src/trafficserver_10/include/iocore/eventsystem/Continuation.h:228
#7 0x5556bb637026 in QUICNetVConnection::_propagate_event(int) /home/bneradt/src/trafficserver_10/src/iocore/net/QUICNetVConnection.cc:264
#8 0x5556bb6362c4 in QUICNetVConnection::state_established(int, Event*) /home/bneradt/src/trafficserver_10/src/iocore/net/QUICNetVConnection.cc:211
#9 0x5556badbc70a in Continuation::handleEvent(int, void*) /home/bneradt/src/trafficserver_10/include/iocore/eventsystem/Continuation.h:228
#10 0x5556bb7389ce in EThread::process_event(Event*, int) /home/bneradt/src/trafficserver_10/src/iocore/eventsystem/UnixEThread.cc:162
#11 0x5556bb738f22 in EThread::process_queue(Queue<Event, Event::Link_link>*, int*, int*) /home/bneradt/src/trafficserver_10/src/iocore/eventsystem/UnixEThread.cc:197
#12 0x5556bb7396d6 in EThread::execute_regular() /home/bneradt/src/trafficserver_10/src/iocore/eventsystem/UnixEThread.cc:276
#13 0x5556bb739f65 in EThread::execute() /home/bneradt/src/trafficserver_10/src/iocore/eventsystem/UnixEThread.cc:348
#14 0x5556bb736d7b in spawn_thread_internal /home/bneradt/src/trafficserver_10/src/iocore/eventsystem/Thread.cc:68
#15 0x7f2e81bf7608 in start_thread /build/glibc-BHL3KM/glibc-2.31/nptl/pthread_create.c:477
previously allocated by thread T7 ([ET_NET 5]) here:
#0 0x7f2e82a97587 in operator new(unsigned long) ../../../../src/libsanitizer/asan/asan_new_delete.cc:104
#1 0x5556bb7a6c40 in Http3App::_handle_bidi_stream_on_read_ready(int, VIO*) /home/bneradt/src/trafficserver_10/src/proxy/http3/Http3App.cc:305
#2 0x5556bb7a48e5 in Http3App::main_event_handler(int, Event*) /home/bneradt/src/trafficserver_10/src/proxy/http3/Http3App.cc:149
#3 0x5556badbc70a in Continuation::handleEvent(int, void*) /home/bneradt/src/trafficserver_10/include/iocore/eventsystem/Continuation.h:228
#4 0x5556bb7389ce in EThread::process_event(Event*, int) /home/bneradt/src/trafficserver_10/src/iocore/eventsystem/UnixEThread.cc:162
#5 0x5556bb738f22 in EThread::process_queue(Queue<Event, Event::Link_link>*, int*, int*) /home/bneradt/src/trafficserver_10/src/iocore/eventsystem/UnixEThread.cc:197
#6 0x5556bb7394b9 in EThread::execute_regular() /home/bneradt/src/trafficserver_10/src/iocore/eventsystem/UnixEThread.cc:255
#7 0x5556bb739f65 in EThread::execute() /home/bneradt/src/trafficserver_10/src/iocore/eventsystem/UnixEThread.cc:348
#8 0x5556bb736d7b in spawn_thread_internal /home/bneradt/src/trafficserver_10/src/iocore/eventsystem/Thread.cc:68
#9 0x7f2e81bf7608 in start_thread /build/glibc-BHL3KM/glibc-2.31/nptl/pthread_create.c:477
Thread T7 ([ET_NET 5]) created by T0 ([TS_MAIN]) here:
#0 0x7f2e829c2815 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cc:208
#1 0x5556bb73688f in ink_thread_create /home/bneradt/src/trafficserver_10/include/tscore/ink_thread.h:129
#2 0x5556bb736eaf in Thread::start(char const*, void*, unsigned long, std::function<void ()> const&) /home/bneradt/src/trafficserver_10/src/iocore/eventsystem/Thread.cc:85
#3 0x5556bb740853 in EventProcessor::spawn_event_threads(int, int, unsigned long) /home/bneradt/src/trafficserver_10/src/iocore/eventsystem/UnixEventProcessor.cc:467
#4 0x5556bb74119f in EventProcessor::start(int, unsigned long) /home/bneradt/src/trafficserver_10/src/iocore/eventsystem/UnixEventProcessor.cc:548
#5 0x5556baddc981 in main /home/bneradt/src/trafficserver_10/src/traffic_server/traffic_server.cc:2104
#6 0x7f2e81a21082 in __libc_start_main ../csu/libc-start.c:308
SUMMARY: AddressSanitizer: heap-use-after-free /home/bneradt/src/trafficserver_10/src/proxy/http3/Http3Session.cc:165 in HQSession::main_event_handler(int, void*)
Shadow bytes around the buggy address:
0x0c4c80010be0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4c80010bf0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4c80010c00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4c80010c10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4c80010c20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x0c4c80010c30: fd fd fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd
0x0c4c80010c40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4c80010c50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4c80010c60: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4c80010c70: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4c80010c80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==1824542==ABORTING
The text was updated successfully, but these errors were encountered:
I saw this while running ATS in docs with ASan enabled and h3 configured via Alt-Svc:
The text was updated successfully, but these errors were encountered: