Created
June 16, 2021 22:43
-
-
Save mdouglass/18514a2667572d742ef2c2d38f45249c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| > server@1.0.0 client | |
| > node client.js | |
| duplexEcho response: { message: 'Hello duplex world!' } | |
| unaryEcho response: { message: 'Hello unary world!' } | |
| duplexEcho error Error: 1 CANCELLED: Cancelled on client | |
| at Object.callErrorFromStatus (/home/matthew/spikes/repro-node-crash/node_modules/@grpc/grpc-js/build/src/call.js:31:26) | |
| at Object.onReceiveStatus (/home/matthew/spikes/repro-node-crash/node_modules/@grpc/grpc-js/build/src/client.js:390:49) | |
| at Object.onReceiveStatus (/home/matthew/spikes/repro-node-crash/node_modules/@grpc/grpc-js/build/src/client-interceptors.js:299:181) | |
| at /home/matthew/spikes/repro-node-crash/node_modules/@grpc/grpc-js/build/src/call-stream.js:145:78 | |
| at processTicksAndRejections (node:internal/process/task_queues:78:11) | |
| duplexEcho status { | |
| code: 1, | |
| details: 'Cancelled on client', | |
| metadata: Metadata { internalRepr: Map(0) {}, options: {} } | |
| } | |
| ================================================================= | |
| ==2805953==ERROR: AddressSanitizer: heap-use-after-free on address 0x6110000b7e74 at pc 0x000006292f8b bp 0x7ffc581e67b0 sp 0x7ffc581e67a8 | |
| READ of size 1 at 0x6110000b7e74 thread T0 | |
| #0 0x6292f8a in nghttp2_session_close_stream ../deps/nghttp2/lib/nghttp2_session.c:1218 | |
| #1 0x6293def in nghttp2_session_close_stream_if_shut_rdwr ../deps/nghttp2/lib/nghttp2_session.c:1442 | |
| #2 0x629b653 in session_end_stream_headers_received ../deps/nghttp2/lib/nghttp2_session.c:3738 | |
| #3 0x629bc7f in session_after_header_block_received ../deps/nghttp2/lib/nghttp2_session.c:3826 | |
| #4 0x62a689e in nghttp2_session_mem_recv ../deps/nghttp2/lib/nghttp2_session.c:6277 | |
| #5 0x140f19d in node::http2::Http2Session::ConsumeHTTP2Data() ../src/node_http2.cc:798 | |
| #6 0x1418f2c in node::http2::Http2Session::OnStreamRead(long, uv_buf_t const&) ../src/node_http2.cc:1883 | |
| #7 0x12375c4 in node::StreamResource::EmitRead(long, uv_buf_t const&) ../src/stream_base-inl.h:104 | |
| #8 0x1720366 in node::LibuvStreamWrap::OnUvRead(long, uv_buf_t const*) ../src/stream_wrap.cc:276 | |
| #9 0x171fb08 in operator() ../src/stream_wrap.cc:198 | |
| #10 0x171fb38 in _FUN ../src/stream_wrap.cc:199 | |
| #11 0x523b8c5 in uv__read ../deps/uv/src/unix/stream.c:1239 | |
| #12 0x523bfa9 in uv__stream_io ../deps/uv/src/unix/stream.c:1306 | |
| #13 0x524e7d7 in uv__io_poll ../deps/uv/src/unix/linux-core.c:462 | |
| #14 0x520c612 in uv_run ../deps/uv/src/unix/core.c:385 | |
| #15 0x107ae80 in node::SpinEventLoop(node::Environment*) ../src/api/embed_helpers.cc:36 | |
| #16 0x14ca670 in node::NodeMainInstance::Run(node::EnvSerializeInfo const*) ../src/node_main_instance.cc:143 | |
| #17 0x12aa567 in node::Start(int, char**) ../src/node.cc:1125 | |
| #18 0x5e68beb in main ../src/node_main.cc:127 | |
| #19 0x7fa6c1feab74 in __libc_start_main (/lib64/libc.so.6+0x27b74) | |
| #20 0x106d18d in _start (/home/matthew/projects/node/out/Debug/node+0x106d18d) | |
| 0x6110000b7e74 is located 244 bytes inside of 248-byte region [0x6110000b7d80,0x6110000b7e78) | |
| freed by thread T0 here: | |
| #0 0x7fa6c25e8647 in free (/lib64/libasan.so.6+0xae647) | |
| #1 0x109046d in char* node::UncheckedRealloc<char>(char*, unsigned long) ../src/util-inl.h:337 | |
| #2 0x1488639 in node::mem::NgLibMemoryManager<node::http2::Http2Session, nghttp2_mem>::ReallocImpl(void*, unsigned long, void*) (/home/matthew/projects/node/out/Debug/node+0x1488639) | |
| #3 0x14884e0 in node::mem::NgLibMemoryManager<node::http2::Http2Session, nghttp2_mem>::FreeImpl(void*, void*) (/home/matthew/projects/node/out/Debug/node+0x14884e0) | |
| #4 0x62cc094 in nghttp2_mem_free ../deps/nghttp2/lib/nghttp2_mem.c:61 | |
| #5 0x629326b in nghttp2_session_destroy_stream ../deps/nghttp2/lib/nghttp2_session.c:1268 | |
| #6 0x62931a2 in nghttp2_session_close_stream ../deps/nghttp2/lib/nghttp2_session.c:1241 | |
| #7 0x6297e53 in session_after_frame_sent1 ../deps/nghttp2/lib/nghttp2_session.c:2712 | |
| #8 0x629975d in nghttp2_session_mem_send ../deps/nghttp2/lib/nghttp2_session.c:3235 | |
| #9 0x1417478 in node::http2::Http2Session::SendPendingData() ../src/node_http2.cc:1687 | |
| #10 0x141d1a1 in node::http2::Http2Stream::SubmitRstStream(unsigned int) ../src/node_http2.cc:2202 | |
| #11 0x14239e1 in node::http2::Http2Stream::RstStream(v8::FunctionCallbackInfo<v8::Value> const&) ../src/node_http2.cc:2687 | |
| #12 0x1d5f547 in v8::internal::FunctionCallbackArguments::Call(v8::internal::CallHandlerInfo) ../deps/v8/src/api/api-arguments-inl.h:158 | |
| #13 0x1d6445b in HandleApiCallHelper<false> ../deps/v8/src/builtins/builtins-api.cc:113 | |
| #14 0x1d73c68 in Builtin_Impl_HandleApiCall ../deps/v8/src/builtins/builtins-api.cc:143 | |
| #15 0x1d75e81 in v8::internal::Builtin_HandleApiCall(int, unsigned long*, v8::internal::Isolate*) ../deps/v8/src/builtins/builtins-api.cc:131 | |
| #16 0x55081df in Builtins_CEntry_Return1_DontSaveFPRegs_ArgvOnStack_BuiltinExit (/home/matthew/projects/node/out/Debug/node+0x55081df) | |
| #17 0x5283b64 in Builtins_InterpreterEntryTrampoline (/home/matthew/projects/node/out/Debug/node+0x5283b64) | |
| #18 0x5283b64 in Builtins_InterpreterEntryTrampoline (/home/matthew/projects/node/out/Debug/node+0x5283b64) | |
| #19 0x5283b64 in Builtins_InterpreterEntryTrampoline (/home/matthew/projects/node/out/Debug/node+0x5283b64) | |
| #20 0x5283b64 in Builtins_InterpreterEntryTrampoline (/home/matthew/projects/node/out/Debug/node+0x5283b64) | |
| #21 0x5283b64 in Builtins_InterpreterEntryTrampoline (/home/matthew/projects/node/out/Debug/node+0x5283b64) | |
| #22 0x5283b64 in Builtins_InterpreterEntryTrampoline (/home/matthew/projects/node/out/Debug/node+0x5283b64) | |
| #23 0x5283b64 in Builtins_InterpreterEntryTrampoline (/home/matthew/projects/node/out/Debug/node+0x5283b64) | |
| #24 0x5283b64 in Builtins_InterpreterEntryTrampoline (/home/matthew/projects/node/out/Debug/node+0x5283b64) | |
| #25 0x5283b64 in Builtins_InterpreterEntryTrampoline (/home/matthew/projects/node/out/Debug/node+0x5283b64) | |
| #26 0x5283b64 in Builtins_InterpreterEntryTrampoline (/home/matthew/projects/node/out/Debug/node+0x5283b64) | |
| #27 0x537acda in Builtins_AsyncFunctionAwaitResolveClosure (/home/matthew/projects/node/out/Debug/node+0x537acda) | |
| #28 0x56b2fc3 in Builtins_PromiseFulfillReactionJob (/home/matthew/projects/node/out/Debug/node+0x56b2fc3) | |
| #29 0x5326cf3 in Builtins_RunMicrotasks (/home/matthew/projects/node/out/Debug/node+0x5326cf3) | |
| previously allocated by thread T0 here: | |
| #0 0x7fa6c25e8cb8 in __interceptor_realloc (/lib64/libasan.so.6+0xaecb8) | |
| #1 0x1090487 in char* node::UncheckedRealloc<char>(char*, unsigned long) ../src/util-inl.h:341 | |
| #2 0x1488639 in node::mem::NgLibMemoryManager<node::http2::Http2Session, nghttp2_mem>::ReallocImpl(void*, unsigned long, void*) (/home/matthew/projects/node/out/Debug/node+0x1488639) | |
| #3 0x14884b2 in node::mem::NgLibMemoryManager<node::http2::Http2Session, nghttp2_mem>::MallocImpl(unsigned long, void*) (/home/matthew/projects/node/out/Debug/node+0x14884b2) | |
| #4 0x62cc021 in nghttp2_mem_malloc ../deps/nghttp2/lib/nghttp2_mem.c:57 | |
| #5 0x6292627 in nghttp2_session_open_stream ../deps/nghttp2/lib/nghttp2_session.c:1051 | |
| #6 0x6295761 in session_prep_frame ../deps/nghttp2/lib/nghttp2_session.c:2101 | |
| #7 0x629887f in nghttp2_session_mem_send_internal ../deps/nghttp2/lib/nghttp2_session.c:2932 | |
| #8 0x6299706 in nghttp2_session_mem_send ../deps/nghttp2/lib/nghttp2_session.c:3225 | |
| #9 0x1417478 in node::http2::Http2Session::SendPendingData() ../src/node_http2.cc:1687 | |
| #10 0x140f573 in node::http2::Http2Session::ConsumeHTTP2Data() ../src/node_http2.cc:827 | |
| #11 0x1418f2c in node::http2::Http2Session::OnStreamRead(long, uv_buf_t const&) ../src/node_http2.cc:1883 | |
| #12 0x12375c4 in node::StreamResource::EmitRead(long, uv_buf_t const&) ../src/stream_base-inl.h:104 | |
| #13 0x1720366 in node::LibuvStreamWrap::OnUvRead(long, uv_buf_t const*) ../src/stream_wrap.cc:276 | |
| #14 0x171fb08 in operator() ../src/stream_wrap.cc:198 | |
| #15 0x171fb38 in _FUN ../src/stream_wrap.cc:199 | |
| #16 0x523b8c5 in uv__read ../deps/uv/src/unix/stream.c:1239 | |
| #17 0x523bfa9 in uv__stream_io ../deps/uv/src/unix/stream.c:1306 | |
| #18 0x524e7d7 in uv__io_poll ../deps/uv/src/unix/linux-core.c:462 | |
| #19 0x520c612 in uv_run ../deps/uv/src/unix/core.c:385 | |
| #20 0x107ae80 in node::SpinEventLoop(node::Environment*) ../src/api/embed_helpers.cc:36 | |
| #21 0x14ca670 in node::NodeMainInstance::Run(node::EnvSerializeInfo const*) ../src/node_main_instance.cc:143 | |
| #22 0x12aa567 in node::Start(int, char**) ../src/node.cc:1125 | |
| #23 0x5e68beb in main ../src/node_main.cc:127 | |
| #24 0x7fa6c1feab74 in __libc_start_main (/lib64/libc.so.6+0x27b74) | |
| SUMMARY: AddressSanitizer: heap-use-after-free ../deps/nghttp2/lib/nghttp2_session.c:1218 in nghttp2_session_close_stream | |
| Shadow bytes around the buggy address: | |
| 0x0c228000ef70: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd | |
| 0x0c228000ef80: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd | |
| 0x0c228000ef90: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd | |
| 0x0c228000efa0: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa | |
| 0x0c228000efb0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd | |
| =>0x0c228000efc0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]fa | |
| 0x0c228000efd0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd | |
| 0x0c228000efe0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd | |
| 0x0c228000eff0: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa | |
| 0x0c228000f000: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd | |
| 0x0c228000f010: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd | |
| Shadow byte legend (one shadow byte represents 8 application bytes): | |
| Addressable: 00 | |
| Partially addressable: 01 02 03 04 05 06 07 | |
| Heap left redzone: fa | |
| Freed heap region: fd | |
| Stack left redzone: f1 | |
| Stack mid redzone: f2 | |
| Stack right redzone: f3 | |
| Stack after return: f5 | |
| Stack use after scope: f8 | |
| Global redzone: f9 | |
| Global init order: f6 | |
| Poisoned by user: f7 | |
| Container overflow: fc | |
| Array cookie: ac | |
| Intra object redzone: bb | |
| ASan internal: fe | |
| Left alloca redzone: ca | |
| Right alloca redzone: cb | |
| Shadow gap: cc | |
| ==2805953==ABORTING |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment