bneradt opened a new issue, #12123:
URL: https://github.com/apache/trafficserver/issues/12123
I put the following 10.1.x release down on docs (the latest commit on the
branch at the time):
```
commit 42f2920bce6df86e0e21a8de85e33a1795e9eff5 (HEAD -> 10.1.x,
origin/10.1.x)
Author: Chris McFarlen <[email protected]>
Date: Tue Mar 11 11:51:42 2025 -0500
Move defaulting install prefix before layout setup (#12085)
Co-authored-by: Chris McFarlen <[email protected]>
(cherry picked from commit 9a1ef119f3b7a017583c9aa5d088b2437101b92a)
```
Docs were stable at first, but the following ASan buffer overrun started
happening which made our ATS docs site inaccessible:
```
=================================================================
==178668==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x616000010188 at pc 0x5632e13fcdb8 bp 0x7f3595672480 sp 0x7f3595672470
READ of size 8 at 0x616000010188 thread T4 ([ET_NET 2])
#0 0x5632e13fcdb7 in StripeSM::evac_range(long, long, int)
/home/bneradt/src/trafficserver_10/src/iocore/cache/StripeSM.cc:1097
#1 0x5632e13f90ce in StripeSM::aggWrite(int, void*)
/home/bneradt/src/trafficserver_10/src/iocore/cache/StripeSM.cc:815
#2 0x5632e13c63b0 in CacheVC::handleWrite(int, Event*)
/home/bneradt/src/trafficserver_10/src/iocore/cache/CacheWrite.cc:264
#3 0x5632e13b60fa in CacheVC::do_write_call()
/home/bneradt/src/trafficserver_10/src/iocore/cache/P_CacheInternal.h:286
#4 0x5632e13c59cc in CacheVC::updateVector(int, Event*)
/home/bneradt/src/trafficserver_10/src/iocore/cache/CacheWrite.cc:195
#5 0x5632e13c97a3 in CacheVC::openWriteClose(int, Event*)
/home/bneradt/src/trafficserver_10/src/iocore/cache/CacheWrite.cc:460
#6 0x5632e1368321 in CacheVC::die()
/home/bneradt/src/trafficserver_10/src/iocore/cache/P_CacheInternal.h:308
#7 0x5632e13b7d6d in CacheVC::do_io_close(int)
/home/bneradt/src/trafficserver_10/src/iocore/cache/CacheVC.cc:232
#8 0x5632e0f8b6a6 in HttpCacheSM::close_write()
/home/bneradt/src/trafficserver_10/include/proxy/http/HttpCacheSM.h:180
#9 0x5632e0f676d1 in HttpSM::issue_cache_update()
/home/bneradt/src/trafficserver_10/src/proxy/http/HttpSM.cc:6517
#10 0x5632e0f77e4c in HttpSM::set_next_state()
/home/bneradt/src/trafficserver_10/src/proxy/http/HttpSM.cc:8137
#11 0x5632e0f754b2 in HttpSM::call_transact_and_set_next_state(void
(*)(HttpTransact::State*))
/home/bneradt/src/trafficserver_10/src/proxy/http/HttpSM.cc:7837
#12 0x5632e0f33db6 in HttpSM::handle_api_return()
/home/bneradt/src/trafficserver_10/src/proxy/http/HttpSM.cc:1578
#13 0x5632e0f33798 in HttpSM::state_api_callout(int, void*)
/home/bneradt/src/trafficserver_10/src/proxy/http/HttpSM.cc:1510
#14 0x5632e0f31e22 in HttpSM::state_api_callback(int, void*)
/home/bneradt/src/trafficserver_10/src/proxy/http/HttpSM.cc:1310
#15 0x7f359d379de9 in TSHttpTxnReenable(tsapi_httptxn*, TSEvent)
/home/bneradt/src/trafficserver_10/src/api/InkAPI.cc:5045
#16 0x7f35913d23e1 in transform_plugin
/home/bneradt/src/trafficserver_10/plugins/compress/compress.cc:959
#17 0x5632e1835def in INKContInternal::handle_event(int, void*)
/home/bneradt/src/trafficserver_10/src/api/InkContInternal.cc:160
#18 0x5632e0dde8f8 in Continuation::handleEvent(int, void*)
/home/bneradt/src/trafficserver_10/include/iocore/eventsystem/Continuation.h:228
#19 0x5632e18384d8 in APIHook::invoke(int, void*) const
/home/bneradt/src/trafficserver_10/src/api/APIHook.cc:60
#20 0x5632e0f32fa5 in HttpSM::state_api_callout(int, void*)
/home/bneradt/src/trafficserver_10/src/proxy/http/HttpSM.cc:1434
#21 0x5632e0f6023c in HttpSM::do_api_callout_internal()
/home/bneradt/src/trafficserver_10/src/proxy/http/HttpSM.cc:5778
#22 0x5632e0f96518 in HttpSM::do_api_callout()
(/opt/ats/bin/traffic_server+0xc9b518)
#23 0x5632e0f38946 in HttpSM::state_read_server_response_header(int,
void*) /home/bneradt/src/trafficserver_10/src/proxy/http/HttpSM.cc:2056
#24 0x5632e0f3f413 in HttpSM::main_handler(int, void*)
/home/bneradt/src/trafficserver_10/src/proxy/http/HttpSM.cc:2650
#25 0x5632e0dde8f8 in Continuation::handleEvent(int, void*)
/home/bneradt/src/trafficserver_10/include/iocore/eventsystem/Continuation.h:228
#26 0x5632e1630fdb in read_signal_and_update
/home/bneradt/src/trafficserver_10/src/iocore/net/UnixNetVConnection.cc:85
#27 0x5632e16359cd in UnixNetVConnection::net_read_io(NetHandler*)
/home/bneradt/src/trafficserver_10/src/iocore/net/UnixNetVConnection.cc:610
#28 0x5632e16bfe48 in NetHandler::process_ready_list()
/home/bneradt/src/trafficserver_10/src/iocore/net/NetHandler.cc:284
#29 0x5632e16c07d6 in NetHandler::waitForActivity(long)
/home/bneradt/src/trafficserver_10/src/iocore/net/NetHandler.cc:375
#30 0x5632e175a1e5 in EThread::execute_regular()
/home/bneradt/src/trafficserver_10/src/iocore/eventsystem/UnixEThread.cc:307
#31 0x5632e175a726 in EThread::execute()
/home/bneradt/src/trafficserver_10/src/iocore/eventsystem/UnixEThread.cc:358
#32 0x5632e17573ac in spawn_thread_internal
/home/bneradt/src/trafficserver_10/src/iocore/eventsystem/Thread.cc:75
#33 0x7f359c614608 in start_thread
/build/glibc-LcI20x/glibc-2.31/nptl/pthread_create.c:477
#34 0x7f359c539352 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x11f352)
0x616000010188 is located 0 bytes to the right of 520-byte region
[0x61600000ff80,0x616000010188)
allocated by thread T9 ([ET_NET 7]) here:
#0 0x7f359d623157 in __interceptor_malloc
../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145
#1 0x5632e0e53656 in ats_malloc(unsigned long)
/home/bneradt/src/trafficserver_10/src/tscore/ink_memory.cc:65
#2 0x5632e13d77f1 in PreservationTable::PreservationTable(int)
/home/bneradt/src/trafficserver_10/src/iocore/cache/PreservationTable.cc:52
#3 0x5632e13f0c6c in StripeSM::StripeSM(CacheDisk*, long, long, int,
int) /home/bneradt/src/trafficserver_10/src/iocore/cache/StripeSM.cc:120
#4 0x5632e135e1c8 in Cache::open(bool, bool)
/home/bneradt/src/trafficserver_10/src/iocore/cache/Cache.cc:276
#5 0x5632e139405d in CacheProcessor::diskInitialized()
/home/bneradt/src/trafficserver_10/src/iocore/cache/CacheProcessor.cc:814
#6 0x5632e137cbdf in CacheDisk::openDone(int, void*)
/home/bneradt/src/trafficserver_10/src/iocore/cache/CacheDisk.cc:218
#7 0x5632e137ca82 in CacheDisk::openStart(int, void*)
/home/bneradt/src/trafficserver_10/src/iocore/cache/CacheDisk.cc:210
#8 0x5632e0dde8f8 in Continuation::handleEvent(int, void*)
/home/bneradt/src/trafficserver_10/include/iocore/eventsystem/Continuation.h:228
#9 0x5632e1418bfa in AIOCallback::io_complete(int, void*)
/home/bneradt/src/trafficserver_10/src/iocore/aio/AIO.cc:100
#10 0x5632e0dde8f8 in Continuation::handleEvent(int, void*)
/home/bneradt/src/trafficserver_10/include/iocore/eventsystem/Continuation.h:228
#11 0x5632e1759170 in EThread::process_event(Event*, int)
/home/bneradt/src/trafficserver_10/src/iocore/eventsystem/UnixEThread.cc:166
#12 0x5632e17596c4 in EThread::process_queue(Queue<Event,
Event::Link_link>*, int*, int*)
/home/bneradt/src/trafficserver_10/src/iocore/eventsystem/UnixEThread.cc:201
#13 0x5632e1759c5b in EThread::execute_regular()
/home/bneradt/src/trafficserver_10/src/iocore/eventsystem/UnixEThread.cc:259
#14 0x5632e175a726 in EThread::execute()
/home/bneradt/src/trafficserver_10/src/iocore/eventsystem/UnixEThread.cc:358
#15 0x5632e17573ac in spawn_thread_internal
/home/bneradt/src/trafficserver_10/src/iocore/eventsystem/Thread.cc:75
#16 0x7f359c614608 in start_thread
/build/glibc-LcI20x/glibc-2.31/nptl/pthread_create.c:477
Thread T4 ([ET_NET 2]) created by T0 ([TS_MAIN]) here:
#0 0x7f359d5caa65 in __interceptor_pthread_create
../../../../src/libsanitizer/asan/asan_interceptors.cpp:216
#1 0x5632e1756e23 in ink_thread_create
/home/bneradt/src/trafficserver_10/include/tscore/ink_thread.h:129
#2 0x5632e17574df in Thread::start(char const*, void*, unsigned long,
std::function<void ()> const&)
/home/bneradt/src/trafficserver_10/src/iocore/eventsystem/Thread.cc:92
#3 0x5632e17615a5 in EventProcessor::spawn_event_threads(int, int,
unsigned long)
/home/bneradt/src/trafficserver_10/src/iocore/eventsystem/UnixEventProcessor.cc:476
#4 0x5632e1761ef1 in EventProcessor::start(int, unsigned long)
/home/bneradt/src/trafficserver_10/src/iocore/eventsystem/UnixEventProcessor.cc:557
#5 0x5632e0dfc56e in main
/home/bneradt/src/trafficserver_10/src/traffic_server/traffic_server.cc:2152
#6 0x7f359c43e082 in __libc_start_main ../csu/libc-start.c:308
Thread T9 ([ET_NET 7]) created by T0 ([TS_MAIN]) here:
#0 0x7f359d5caa65 in __interceptor_pthread_create
../../../../src/libsanitizer/asan/asan_interceptors.cpp:216
#1 0x5632e1756e23 in ink_thread_create
/home/bneradt/src/trafficserver_10/include/tscore/ink_thread.h:129
#2 0x5632e17574df in Thread::start(char const*, void*, unsigned long,
std::function<void ()> const&)
/home/bneradt/src/trafficserver_10/src/iocore/eventsystem/Thread.cc:92
#3 0x5632e17615a5 in EventProcessor::spawn_event_threads(int, int,
unsigned long)
/home/bneradt/src/trafficserver_10/src/iocore/eventsystem/UnixEventProcessor.cc:476
#4 0x5632e1761ef1 in EventProcessor::start(int, unsigned long)
/home/bneradt/src/trafficserver_10/src/iocore/eventsystem/UnixEventProcessor.cc:557
#5 0x5632e0dfc56e in main
/home/bneradt/src/trafficserver_10/src/traffic_server/traffic_server.cc:2152
#6 0x7f359c43e082 in __libc_start_main ../csu/libc-start.c:308
SUMMARY: AddressSanitizer: heap-buffer-overflow
/home/bneradt/src/trafficserver_10/src/iocore/cache/StripeSM.cc:1097 in
StripeSM::evac_range(long, long, int)
Shadow bytes around the buggy address:
0x0c2c7fff9fe0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2c7fff9ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c2c7fffa000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c2c7fffa010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c2c7fffa020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c2c7fffa030: 00[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2c7fffa040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2c7fffa050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2c7fffa060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2c7fffa070: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2c7fffa080: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==178668==ABORTING
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
