AddressSanitizer: heap-use-after-free from Proton proactor in post_event ../c/src/proactor/epoll.c:2303 #1400

jiridanek · 2024-02-06T10:43:12Z

https://github.com/skupperproject/skupper-router/actions/runs/7798062635/job/21266090300#step:10:4048

 ==7399==ERROR: AddressSanitizer: heap-use-after-free on address 0x61b000176684 at pc 0x7fef6213c6cc bp 0x7fef56dcd040 sp 0x7fef56dcd030
62: READ of size 4 at 0x61b000176684 thread T5
62:     #0 0x7fef6213c6cb in post_event ../c/src/proactor/epoll.c:2303
62:     #1 0x7fef621413c8 in poller_do_epoll ../c/src/proactor/epoll.c:2602
62:     #2 0x7fef6213f8bf in next_event_batch ../c/src/proactor/epoll.c:2486
62:     #3 0x7fef62144b5f in pn_proactor_wait ../c/src/proactor/epoll.c:2725
62:     #4 0x55ea885ed7ba in thread_run ../src/server.c:1144
62:     #5 0x55ea88474427 in _thread_init ../src/posix/threading.c:207
62:     #6 0x7fef61094ac2 in start_thread nptl/pthread_create.c:442
62:     #7 0x7fef6112684f  (/lib/x86_64-linux-gnu/libc.so.6+0x12684f) (BuildId: c289da5071a3399de893d2af81d6a30c62646e1e)
62: 
62: 0x61b000176684 is located 1284 bytes inside of 1536-byte region [0x61b000176180,0x61b000176780)
62: freed by thread T3 here:
62:     #0 0x7fef626ddb20 in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:52
62:     #1 0x7fef62149bce in praw_connection_cleanup ../c/src/proactor/epoll_raw_connection.c:166
62:     #2 0x7fef6214cb39 in pni_raw_connection_done ../c/src/proactor/epoll_raw_connection.c:469
62:     #3 0x7fef62144cbb in pn_proactor_done ../c/src/proactor/epoll.c:2747
62:     #4 0x55ea885edad7 in thread_run ../src/server.c:1188
62:     #5 0x55ea88474427 in _thread_init ../src/posix/threading.c:207
62:     #6 0x7fef61094ac2 in start_thread nptl/pthread_create.c:442
62: 
62: previously allocated by thread T5 here:
62:     #0 0x7fef626de997 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:77
62:     #1 0x7fef62149bf0 in pn_raw_connection ../c/src/proactor/epoll_raw_connection.c:172
62:     #2 0x55ea8836ee9f in qdr_tcp_connection_ingress ../src/adaptors/tcp/tcp_adaptor.c:1338
62:     #3 0x55ea883a63ab in _listener_event_handler ../src/adaptors/adaptor_listener.c:153
62:     #4 0x55ea885e8b06 in handle_event_with_context ../src/server.c:813
62:     #5 0x55ea885e8b8c in do_handle_listener ../src/server.c:824
62:     #6 0x55ea885eb9d6 in handle ../src/server.c:1022
62:     #7 0x55ea885ed8c1 in thread_run ../src/server.c:1170
62:     #8 0x55ea88474427 in _thread_init ../src/posix/threading.c:207
62:     #9 0x7fef61094ac2 in start_thread nptl/pthread_create.c:442
62: 
62: Thread T5 created by T0 here:
62:     #0 0x7fef62649175 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:208
62:     #1 0x55ea884748ea in sys_thread ../src/posix/threading.c:229
62:     #2 0x55ea885f3838 in qd_server_run ../src/server.c:1539
62:     #3 0x55ea886002d1 in main_process ../router/src/main.c:111
62:     #4 0x55ea88602446 in main ../router/src/main.c:365
62:     #5 0x7fef61029d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
62: 
62: Thread T3 created by T0 here:
62:     #0 0x7fef62649175 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:208
62:     #1 0x55ea884748ea in sys_thread ../src/posix/threading.c:229
62:     #2 0x55ea885f3838 in qd_server_run ../src/server.c:1539
62:     #3 0x55ea886002d1 in main_process ../router/src/main.c:111
62:     #4 0x55ea88602446 in main ../router/src/main.c:365
62:     #5 0x7fef61029d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
62: 
62: SUMMARY: AddressSanitizer: heap-use-after-free ../c/src/proactor/epoll.c:2303 in post_event
62: Shadow bytes around the buggy address:
62:   0x61b000176400: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
62:   0x61b000176480: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
62:   0x61b000176500: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
62:   0x61b000176580: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
62:   0x61b000176600: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
62: =>0x61b000176680:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
62:   0x61b000176700: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
62:   0x61b000176780: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
62:   0x61b000176800: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
62:   0x61b000176880: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
62:   0x61b000176900: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
62: Shadow byte legend (one shadow byte represents 8 application bytes):
62:   Addressable:           00
62:   Partially addressable: 01 02 03 04 05 06 07 
62:   Heap left redzone:       fa
62:   Freed heap region:       fd
62:   Stack left redzone:      f1
62:   Stack mid redzone:       f2
62:   Stack right redzone:     f3
62:   Stack after return:      f5
62:   Stack use after scope:   f8
62:   Global redzone:          f9
62:   Global init order:       f6
62:   Poisoned by user:        f7
62:   Container overflow:      fc
62:   Array cookie:            ac
62:   Intra object redzone:    bb
62:   ASan internal:           fe
62:   Left alloca redzone:     ca
62:   Right alloca redzone:    cb
62: ==7399==ABORTING

The text was updated successfully, but these errors were encountered:

jiridanek added the bug Something isn't working label Feb 6, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

AddressSanitizer: heap-use-after-free from Proton proactor in post_event ../c/src/proactor/epoll.c:2303 #1400

AddressSanitizer: heap-use-after-free from Proton proactor in post_event ../c/src/proactor/epoll.c:2303 #1400

jiridanek commented Feb 6, 2024

AddressSanitizer: heap-use-after-free from Proton proactor in post_event ../c/src/proactor/epoll.c:2303 #1400

AddressSanitizer: heap-use-after-free from Proton proactor in post_event ../c/src/proactor/epoll.c:2303 #1400

Comments

jiridanek commented Feb 6, 2024