[
https://issues.apache.org/jira/browse/TS-2729?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14314545#comment-14314545
]
Leif Hedstrom commented on TS-2729:
-----------------------------------
I see this as well, fairly frequently. It seems to happen when a connection
goes idle for a long time, maybe we're tripping up over some timeout, and do
something crazy? :)
{code}
==15723==ERROR: AddressSanitizer: heap-use-after-free on address 0x618000019c88
at pc 0x4f32d4 bp 0x2b63674f5840 sp 0x2b63674f5838
READ of size 8 at 0x618000019c88 thread T6 ([ET_NET 5])
#0 0x4f32d3 in Continuation::handleEvent(int, void*)
../iocore/eventsystem/I_Continuation.h:146
#1 0x4f32d3 in FetchSM::InvokePluginExt(int)
/usr/local/src/trafficserver/proxy/FetchSM.cc:256
#2 0x4f4201 in FetchSM::process_fetch_read(int)
/usr/local/src/trafficserver/proxy/FetchSM.cc:452
#3 0x4f5072 in FetchSM::fetch_handler(int, void*)
/usr/local/src/trafficserver/proxy/FetchSM.cc:514
#4 0x59e873 in Continuation::handleEvent(int, void*)
../iocore/eventsystem/I_Continuation.h:146
#5 0x59e873 in PluginVC::process_read_side(bool)
/usr/local/src/trafficserver/proxy/PluginVC.cc:674
#6 0x5a0bdf in PluginVC::process_write_side(bool)
/usr/local/src/trafficserver/proxy/PluginVC.cc:565
#7 0x5aae2d in PluginVC::main_handler(int, void*)
/usr/local/src/trafficserver/proxy/PluginVC.cc:210
#8 0xc8111e in Continuation::handleEvent(int, void*)
/usr/local/src/trafficserver/iocore/eventsystem/I_Continuation.h:146
#9 0xc8111e in EThread::process_event(Event*, int)
/usr/local/src/trafficserver/iocore/eventsystem/UnixEThread.cc:144
#10 0xc82d89 in EThread::execute()
/usr/local/src/trafficserver/iocore/eventsystem/UnixEThread.cc:195
#11 0xc7fd38 in spawn_thread_internal
/usr/local/src/trafficserver/iocore/eventsystem/Thread.cc:88
#12 0x2b63608d4df2 in start_thread (/lib64/libpthread.so.0+0x7df2)
#13 0x2b636213d1ac in clone (/lib64/libc.so.6+0xf61ac)
0x618000019c88 is located 8 bytes inside of 816-byte region
[0x618000019c80,0x618000019fb0)
freed by thread T6 ([ET_NET 5]) here:
#0 0x2b635e4641c7 in __interceptor_free
../../.././libsanitizer/asan/asan_malloc_linux.cc:62
#1 0x7b7722 in Http2ClientSession::do_io_close(int)
/usr/local/src/trafficserver/proxy/http2/Http2ClientSession.cc:194
#2 0x7b7722 in Http2ClientSession::main_event_handler(int, void*)
/usr/local/src/trafficserver/proxy/http2/Http2ClientSession.cc:237
#3 0xc11b6f in Continuation::handleEvent(int, void*)
../../iocore/eventsystem/I_Continuation.h:146
#4 0xc11b6f in read_signal_and_update
/usr/local/src/trafficserver/iocore/net/UnixNetVConnection.cc:140
#5 0xc11b6f in read_signal_done
/usr/local/src/trafficserver/iocore/net/UnixNetVConnection.cc:185
#6 0xc11b6f in read_signal_error
/usr/local/src/trafficserver/iocore/net/UnixNetVConnection.cc:209
#7 0xc11b6f in UnixNetVConnection::readSignalError(NetHandler*, int)
/usr/local/src/trafficserver/iocore/net/UnixNetVConnection.cc:933
#8 0xbb9b41 in SSLNetVConnection::net_read_io(NetHandler*, EThread*)
/usr/local/src/trafficserver/iocore/net/SSLNetVConnection.cc:610
#9 0xbd8fbc in NetHandler::mainNetEvent(int, Event*)
/usr/local/src/trafficserver/iocore/net/UnixNet.cc:513
#10 0xc83fa9 in Continuation::handleEvent(int, void*)
/usr/local/src/trafficserver/iocore/eventsystem/I_Continuation.h:146
#11 0xc83fa9 in EThread::process_event(Event*, int)
/usr/local/src/trafficserver/iocore/eventsystem/UnixEThread.cc:144
#12 0xc83fa9 in EThread::execute()
/usr/local/src/trafficserver/iocore/eventsystem/UnixEThread.cc:268
#13 0xc7fd38 in spawn_thread_internal
/usr/local/src/trafficserver/iocore/eventsystem/Thread.cc:88
#14 0x2b63608d4df2 in start_thread (/lib64/libpthread.so.0+0x7df2)
previously allocated by thread T6 ([ET_NET 5]) here:
#0 0x2b635e46493b in __interceptor_posix_memalign
../../.././libsanitizer/asan/asan_malloc_linux.cc:130
#1 0x2b635f34e2f9 in ats_memalign
/usr/local/src/trafficserver/lib/ts/ink_memory.cc:96
#2 0x7ccee4 in ClassAllocator<Http2ClientSession>::alloc()
../../lib/ts/Allocator.h:124
#3 0x7ccee4 in Http2SessionAccept::accept(NetVConnection*, MIOBuffer*,
IOBufferReader*)
/usr/local/src/trafficserver/proxy/http2/Http2SessionAccept.cc:57
#4 0x7ccaa4 in Http2SessionAccept::mainEvent(int, void*)
/usr/local/src/trafficserver/proxy/http2/Http2SessionAccept.cc:69
#5 0xbc1fbe in SSLNextProtocolTrampoline::ioCompletionEvent(int, void*)
/usr/local/src/trafficserver/iocore/net/SSLNextProtocolAccept.cc:101
#6 0xc1243f in Continuation::handleEvent(int, void*)
../../iocore/eventsystem/I_Continuation.h:146
#7 0xc1243f in read_signal_and_update
/usr/local/src/trafficserver/iocore/net/UnixNetVConnection.cc:140
#8 0xc1243f in read_signal_done
/usr/local/src/trafficserver/iocore/net/UnixNetVConnection.cc:185
#9 0xc1243f in UnixNetVConnection::readSignalDone(int, NetHandler*)
/usr/local/src/trafficserver/iocore/net/UnixNetVConnection.cc:939
#10 0xbbaa69 in SSLNetVConnection::net_read_io(NetHandler*, EThread*)
/usr/local/src/trafficserver/iocore/net/SSLNetVConnection.cc:489
#11 0xbd8fbc in NetHandler::mainNetEvent(int, Event*)
/usr/local/src/trafficserver/iocore/net/UnixNet.cc:513
#12 0xc83fa9 in Continuation::handleEvent(int, void*)
/usr/local/src/trafficserver/iocore/eventsystem/I_Continuation.h:146
#13 0xc83fa9 in EThread::process_event(Event*, int)
/usr/local/src/trafficserver/iocore/eventsystem/UnixEThread.cc:144
#14 0xc83fa9 in EThread::execute()
/usr/local/src/trafficserver/iocore/eventsystem/UnixEThread.cc:268
#15 0xc7fd38 in spawn_thread_internal
/usr/local/src/trafficserver/iocore/eventsystem/Thread.cc:88
#16 0x2b63608d4df2 in start_thread (/lib64/libpthread.so.0+0x7df2)
Thread T6 ([ET_NET 5]) created by T0 ([ET_NET 0]) here:
#0 0x2b635e43386a in __interceptor_pthread_create
../../.././libsanitizer/asan/asan_interceptors.cc:183
#1 0xc809c5 in ink_thread_create ../../lib/ts/ink_thread.h:148
#2 0xc809c5 in Thread::start(char const*, unsigned long, void* (*)(void*),
void*) /usr/local/src/trafficserver/iocore/eventsystem/Thread.cc:103
#3 0xc88f46 in EventProcessor::start(int, unsigned long)
/usr/local/src/trafficserver/iocore/eventsystem/UnixEventProcessor.cc:140
#4 0x498d2b in main /usr/local/src/trafficserver/proxy/Main.cc:1574
#5 0x2b6362068af4 in __libc_start_main (/lib64/libc.so.6+0x21af4)
SUMMARY: AddressSanitizer: heap-use-after-free
../iocore/eventsystem/I_Continuation.h:146 Continuation::handleEvent(int, void*)
Shadow bytes around the buggy address:
{code}
> Add HTTP/2 support to ATS
> -------------------------
>
> Key: TS-2729
> URL: https://issues.apache.org/jira/browse/TS-2729
> Project: Traffic Server
> Issue Type: New Feature
> Components: HTTP/2
> Reporter: Ryo Okubo
> Assignee: James Peach
> Labels: review
> Fix For: 5.3.0
>
> Attachments: 0003-h2-prototype.patch, 0004-h2-prototype.patch,
> h2c_upgrade.patch, hpack.patch, http2-0004.patch, improve-mime.patch
>
>
> h2. Overview
> Support HTTP/2 as a client side L7 protocol. This feature is implemented into
> ATS core.
> Now, it supports the latest HTTP/2 draft version, h2-16.
> https://tools.ietf.org/html/draft-ietf-httpbis-http2-16
> h2. How to test
> # Build ATS codes normally. you need neither any build option nor external
> HTTP/2 library.
> # Configure settings to use https.
> # Add settings to records.config to use http2.
> {noformat}
> CONFIG proxy.config.http2.enabled INT 1
> {noformat}
> # Access to ATS by HTTP/2 client.
> h2. Descriptions of current attached patches.
> * 0003-h2-prototype.patch
> ** For experiment. Please don't merge it. It enables to interpret HTTP/2
> requests and respond for it. But now this code is unsafe and dirty. More
> refactoring is required.
> h2. DONE
> * Fundamental HTTP/2 frame handling
> * Flow control
> * Some error handlings
> h2. TODO
> * Refactoring
> * More debugging
> * Write documents
> * Add test tools for HPACK, HTTP/2 frames
> h2. No plan
> * [Server
> Push|https://tools.ietf.org/html/draft-ietf-httpbis-http2-16#section-8.2]
> This would probably require support for [Link
> preload|http://w3c.github.io/preload/#interoperability-with-http-link-header]?
> * [Stream
> Priority|https://tools.ietf.org/html/draft-ietf-httpbis-http2-16#section-5.3]
> * [Alternative
> Services|https://tools.ietf.org/html/draft-ietf-httpbis-alt-svc-06]
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
