Github user shinrich commented on the issue:
https://github.com/apache/trafficserver/issues/1401
Finally get a use-after-free ASAN stack in this area. Anyone else having
problems with ASAN in newer builds?
Looks like it is showing a use after free in the case of the error
bubbling.
{code}
==30868==ERROR: AddressSanitizer: heap-use-after-free on address
0x624001933448 at pc 0x5afa20 bp 0x7fffeaefe7e0 sp 0x7fffeaefe7d8
READ of size 8 at 0x624001933448 thread T17 ([ET_NET 15])
#0 0x5afa1f in Continuation::handleEvent(int, void*)
../../../../trafficserver/iocore/eventsystem/I_Continuation.h:153
#1 0xae0c33 in write_signal_and_update
../../../../trafficserver/iocore/net/UnixNetVConnection.cc:176
#2 0xae10ac in write_signal_done
../../../../trafficserver/iocore/net/UnixNetVConnection.cc:218
#3 0xae11b2 in write_signal_error
../../../../trafficserver/iocore/net/UnixNetVConnection.cc:237
#4 0xae2a1e in write_to_net_io(NetHandler*, UnixNetVConnection*,
EThread*) ../../../../trafficserver/iocore/net/UnixNetVConnection.cc:458
#5 0xae25e5 in write_to_net(NetHandler*, UnixNetVConnection*, EThread*)
../../../../trafficserver/iocore/net/UnixNetVConnection.cc:430
#6 0xace638 in NetHandler::mainNetEvent(int, Event*)
../../../../trafficserver/iocore/net/UnixNet.cc:526
#7 0x5afb30 in Continuation::handleEvent(int, void*)
../../../../trafficserver/iocore/eventsystem/I_Continuation.h:153
#8 0xb32866 in EThread::process_event(Event*, int)
../../../../trafficserver/iocore/eventsystem/UnixEThread.cc:143
#9 0xb33487 in EThread::execute()
../../../../trafficserver/iocore/eventsystem/UnixEThread.cc:270
#10 0xb3101b in spawn_thread_internal
../../../../trafficserver/iocore/eventsystem/Thread.cc:84
#11 0x7ffff568aaa0 in start_thread (/lib64/libpthread.so.0+0x7aa0)
#12 0x7ffff4fbd93c in clone (/lib64/libc.so.6+0xe893c)
0x624001933448 is located 4936 bytes inside of 7728-byte region
[0x624001932100,0x624001933f30)
freed by thread T17 ([ET_NET 15]) here:
#0 0x549cb7 in free (/home/y/bin64/traffic_server+0x549cb7)
#1 0x7ffff7b96c79 in ats_memalign_free
../../../../trafficserver/lib/ts/ink_memory.cc:141
#2 0x7ffff7b989be in malloc_free
../../../../trafficserver/lib/ts/ink_queue.cc:322
#3 0x7ffff7b986e8 in ink_freelist_free
../../../../trafficserver/lib/ts/ink_queue.cc:276
#4 0x75bc20 in ClassAllocator<HttpSM>::free(HttpSM*)
/var/builds/workspace/163866-v3-component/BUILD_CONTAINER/rhel6-gcc5_5/label/DOCKER-HIGH/app_root/_build/asan_build/../../trafficserver/lib/ts/Allocator.h:135
#5 0x708afe in HttpSM::destroy()
../../../../trafficserver/proxy/http/HttpSM.cc:365
#6 0x7459ad in HttpSM::kill_this()
../../../../trafficserver/proxy/http/HttpSM.cc:6951
#7 0x71dcb9 in HttpSM::main_handler(int, void*)
../../../../trafficserver/proxy/http/HttpSM.cc:2678
#8 0x5afb30 in Continuation::handleEvent(int, void*)
../../../../trafficserver/iocore/eventsystem/I_Continuation.h:153
#9 0x7f50f6 in HttpTunnel::main_handler(int, void*)
../../../../trafficserver/proxy/http/HttpTunnel.cc:1662
#10 0x5afb30 in Continuation::handleEvent(int, void*)
../../../../trafficserver/iocore/eventsystem/I_Continuation.h:153
#11 0xae0c33 in write_signal_and_update
../../../../trafficserver/iocore/net/UnixNetVConnection.cc:176
#12 0xae10ac in write_signal_done
../../../../trafficserver/iocore/net/UnixNetVConnection.cc:218
#13 0xae3588 in write_to_net_io(NetHandler*, UnixNetVConnection*,
EThread*) ../../../../trafficserver/iocore/net/UnixNetVConnection.cc:596
#14 0xae25e5 in write_to_net(NetHandler*, UnixNetVConnection*,
EThread*) ../../../../trafficserver/iocore/net/UnixNetVConnection.cc:430
#15 0xace638 in NetHandler::mainNetEvent(int, Event*)
../../../../trafficserver/iocore/net/UnixNet.cc:526
#16 0x5afb30 in Continuation::handleEvent(int, void*)
../../../../trafficserver/iocore/eventsystem/I_Continuation.h:153
#17 0xb32866 in EThread::process_event(Event*, int)
../../../../trafficserver/iocore/eventsystem/UnixEThread.cc:143
#18 0xb33487 in EThread::execute()
../../../../trafficserver/iocore/eventsystem/UnixEThread.cc:270
#19 0xb3101b in spawn_thread_internal
../../../../trafficserver/iocore/eventsystem/Thread.cc:84
#20 0x7ffff568aaa0 in start_thread (/lib64/libpthread.so.0+0x7aa0)
previously allocated by thread T17 ([ET_NET 15]) here:
#0 0x54a42b in posix_memalign (/home/y/bin64/traffic_server+0x54a42b)
#1 0x7ffff7b96afa in ats_memalign
../../../../trafficserver/lib/ts/ink_memory.cc:102
#2 0x7ffff7b984a5 in malloc_new
../../../../trafficserver/lib/ts/ink_queue.cc:260
#3 0x7ffff7b97e57 in ink_freelist_new
../../../../trafficserver/lib/ts/ink_queue.cc:183
#4 0x648f31 in ClassAllocator<HttpSM>::alloc()
/var/builds/workspace/163866-v3-component/BUILD_CONTAINER/rhel6-gcc5_5/label/DOCKER-HIGH/app_root/_build/asan_build/../../trafficserver/lib/ts/Allocator.h:121
#5 0x648ef3 in HttpSM::allocate()
../../../trafficserver/proxy/http/HttpSM.h:580
#6 0x647807 in ProxyClientTransaction::new_transaction()
../../../trafficserver/proxy/ProxyClientTransaction.cc:49
#7 0x6ee5ba in Http1ClientSession::new_transaction()
../../../../trafficserver/proxy/http/Http1ClientSession.cc:494
#8 0x6ed8c5 in Http1ClientSession::state_keep_alive(int, void*)
../../../../trafficserver/proxy/http/Http1ClientSession.cc:403
#9 0x5afb30 in Continuation::handleEvent(int, void*)
../../../../trafficserver/iocore/eventsystem/I_Continuation.h:153
#10 0xae0777 in read_signal_and_update
../../../../trafficserver/iocore/net/UnixNetVConnection.cc:145
#11 0xae22ec in read_from_net
../../../../trafficserver/iocore/net/UnixNetVConnection.cc:398
#12 0xae6bec in UnixNetVConnection::net_read_io(NetHandler*, EThread*)
../../../../trafficserver/iocore/net/UnixNetVConnection.cc:988
#13 0xace345 in NetHandler::mainNetEvent(int, Event*)
../../../../trafficserver/iocore/net/UnixNet.cc:509
#14 0x5afb30 in Continuation::handleEvent(int, void*)
../../../../trafficserver/iocore/eventsystem/I_Continuation.h:153
#15 0xb32866 in EThread::process_event(Event*, int)
../../../../trafficserver/iocore/eventsystem/UnixEThread.cc:143
#16 0xb33487 in EThread::execute()
../../../../trafficserver/iocore/eventsystem/UnixEThread.cc:270
#17 0xb3101b in spawn_thread_internal
../../../../trafficserver/iocore/eventsystem/Thread.cc:84
#18 0x7ffff568aaa0 in start_thread (/lib64/libpthread.so.0+0x7aa0)
Thread T17 ([ET_NET 15]) created by T0 ([TS_MAIN]) here:
#0 0x51934a in pthread_create (/home/y/bin64/traffic_server+0x51934a)
#1 0xb30b70 in ink_thread_create
/var/builds/workspace/163866-v3-component/BUILD_CONTAINER/rhel6-gcc5_5/label/DOCKER-HIGH/app_root/_build/asan_build/../../trafficserver/lib/ts/ink_thread.h:152
#2 0xb311bf in Thread::start(char const*, unsigned long, void*
(*)(void*), void*, void*)
../../../../trafficserver/iocore/eventsystem/Thread.cc:102
#3 0xb36ae4 in EventProcessor::start(int, unsigned long)
../../../../trafficserver/iocore/eventsystem/UnixEventProcessor.cc:240
#4 0x614bd2 in main ../../../trafficserver/proxy/Main.cc:1771
#5 0x7ffff4ef3d5c in __libc_start_main (/lib64/libc.so.6+0x1ed5c)
{code}
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
