Created
June 16, 2021 22:59
-
-
Save mdouglass/fe9a159b6d9b167ac1da14386bf773a5 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| > server@1.0.0 client | |
| > node client.js | |
| send: reset nghttp2_active_outbound_item | |
| send: aob->item = (nil) | |
| stream: adjusting kept idle streams num_idle_streams=0, max=100 | |
| stream: adjusting kept idle streams num_idle_streams=0, max=100 | |
| send: end transmission of client magic | |
| send: reset nghttp2_active_outbound_item | |
| send: aob->item = (nil) | |
| send: next frame: payloadlen=0, type=4, flags=0x00, stream_id=0 | |
| send: start transmitting frame type=4, length=9 | |
| stream: adjusting kept idle streams num_idle_streams=0, max=100 | |
| send: end transmission of a frame | |
| send: reset nghttp2_active_outbound_item | |
| send: aob->item = 0x60e00002aac8 | |
| stream: dep_add dep_stream(0x61e0000090a8)=0, stream(0x6110000a6808)=1 | |
| deflatehd: deflating :scheme: http | |
| deflatehd: name/value match index=5 | |
| deflatehd: emit indexed index=5, 1 bytes | |
| deflatehd: deflating :path: /EchoService/DuplexEcho | |
| deflatehd: name match index=3 | |
| deflatehd: emit indname index=3, valuelen=23, indexing_mode=1 | |
| deflatehd: emit string str=/EchoService/DuplexEcho, length=23, huffman=1, encoded_length=17 | |
| deflatehd: deflating :method: POST | |
| deflatehd: name/value match index=2 | |
| deflatehd: emit indexed index=2, 1 bytes | |
| deflatehd: deflating :authority: 127.0.0.1:20000 | |
| deflatehd: name match index=0 | |
| deflatehd: emit indname index=0, valuelen=15, indexing_mode=0 | |
| deflatehd: emit string str=127.0.0.1:20000, length=15, huffman=1, encoded_length=11 | |
| deflatehd: deflating grpc-accept-encoding: identity,deflate,gzip | |
| deflatehd: emit newname namelen=20, valuelen=21, indexing_mode=0 | |
| deflatehd: emit string str=grpc-accept-encoding, length=20, huffman=1, encoded_length=14 | |
| deflatehd: emit string str=identity,deflate,gzip, length=21, huffman=1, encoded_length=16 | |
| deflatehd: deflating accept-encoding: identity | |
| deflatehd: name match index=15 | |
| deflatehd: emit indname index=15, valuelen=8, indexing_mode=0 | |
| deflatehd: emit string str=identity, length=8, huffman=1, encoded_length=6 | |
| deflatehd: deflating user-agent: grpc-node-js/1.3.2 | |
| deflatehd: name match index=57 | |
| deflatehd: emit indname index=57, valuelen=18, indexing_mode=0 | |
| deflatehd: emit string str=grpc-node-js/1.3.2, length=18, huffman=1, encoded_length=13 | |
| deflatehd: deflating content-type: application/grpc | |
| deflatehd: name match index=30 | |
| deflatehd: emit indname index=30, valuelen=16, indexing_mode=0 | |
| deflatehd: emit string str=application/grpc, length=16, huffman=1, encoded_length=11 | |
| deflatehd: deflating te: trailers | |
| deflatehd: emit newname namelen=2, valuelen=8, indexing_mode=0 | |
| deflatehd: emit string str=te, length=2, huffman=0, encoded_length=2 | |
| deflatehd: emit string str=trailers, length=8, huffman=1, encoded_length=6 | |
| deflatehd: all input name/value pairs were deflated | |
| send: HEADERS/PUSH_PROMISE, payloadlen=114 | |
| send: before padding, HEADERS serialized in 123 bytes | |
| send: padding selected: payloadlen=114, padlen=0 | |
| send: padlen = 0, nothing to do | |
| send: HEADERS finally serialized in 123 bytes | |
| send: next frame: payloadlen=114, type=1, flags=0x04, stream_id=1 | |
| send: start transmitting frame type=1, length=123 | |
| stream: stream=1 attach item=0x60e00002af28 | |
| stream: stream=1 obq push cycle=0 | |
| stream: push stream 1 to stream 0 | |
| stream: adjusting kept idle streams num_idle_streams=0, max=100 | |
| send: end transmission of a frame | |
| send: reset nghttp2_active_outbound_item | |
| send: aob->item = 0x60e00002ae48 | |
| send: remote windowsize connection=65535, remote maxframsize=16384, stream(id 1)=65535 | |
| send: available window=16384 | |
| send: padlen = 0, nothing to do | |
| stream: stream=1 obq resched cycle=416 | |
| send: next frame: DATA | |
| send: no copy DATA | |
| send: reset nghttp2_active_outbound_item | |
| send: aob->item = (nil) | |
| send: remote windowsize connection=65509, remote maxframsize=16384, stream(id 1)=65509 | |
| send: available window=16384 | |
| send: DATA postponed due to Data transfer deferred | |
| stream: stream=1 defer item=0x60e00002af28 cause=08 | |
| stream: remove stream 1 from stream 0 | |
| send: reset nghttp2_active_outbound_item | |
| send: aob->item = (nil) | |
| send: frame transmission deferred | |
| recv: connection recv_window_size=0, local_window=65535 | |
| stream: adjusting kept idle streams num_idle_streams=0, max=100 | |
| recv: [IB_READ_FIRST_SETTINGS] | |
| recv: [IB_READ_HEAD] | |
| recv: payloadlen=0, type=4, flags=0x00, stream_id=0 | |
| recv: SETTINGS | |
| recv: [IB_READ_SETTINGS] | |
| recv: readlen=0, payloadleft=0 | |
| stream: adjusting kept idle streams num_idle_streams=0, max=100 | |
| send: next frame: payloadlen=0, type=4, flags=0x01, stream_id=0 | |
| send: start transmitting frame type=4, length=9 | |
| stream: adjusting kept idle streams num_idle_streams=0, max=100 | |
| send: end transmission of a frame | |
| send: reset nghttp2_active_outbound_item | |
| send: aob->item = 0x60e00002b008 | |
| recv: connection recv_window_size=0, local_window=65535 | |
| stream: adjusting kept idle streams num_idle_streams=0, max=100 | |
| recv: [IB_READ_HEAD] | |
| recv: payloadlen=0, type=4, flags=0x01, stream_id=0 | |
| recv: SETTINGS | |
| recv: [IB_READ_SETTINGS] | |
| recv: readlen=0, payloadleft=0 | |
| recv: [IB_READ_HEAD] | |
| recv: payloadlen=85, type=1, flags=0x04, stream_id=1 | |
| recv: HEADERS | |
| recv: no padding in payload | |
| recv: call on_begin_headers callback stream_id=1 | |
| recv: [IB_READ_HEADER_BLOCK] | |
| recv: readlen=85, payloadleft=0 | |
| recv: block final=1 | |
| recv: decoding header block 85 bytes | |
| inflatehd: start state=1 | |
| inflatehd: indexed repr | |
| inflatehd: decoded integer is 8 | |
| inflatehd: index=8 | |
| inflatehd: header emission: :status: 200 | |
| recv: proclen=1 | |
| inflatehd: start state=2 | |
| inflatehd: literal header repr - new name | |
| inflatehd: indexing required=1, no_index=0 | |
| inflatehd: huffman encoded=1 | |
| inflatehd: decoded integer is 14 | |
| inflatehd: 14 bytes read | |
| inflatehd: huffman encoded=1 | |
| inflatehd: decoded integer is 6 | |
| inflatehd: valuelen=6 | |
| inflatehd: 6 bytes read | |
| inflatehd: header emission: grpc-accept-encoding: identity | |
| recv: proclen=23 | |
| inflatehd: start state=2 | |
| inflatehd: literal header repr - new name | |
| inflatehd: indexing required=1, no_index=0 | |
| inflatehd: huffman encoded=1 | |
| inflatehd: decoded integer is 10 | |
| inflatehd: 10 bytes read | |
| inflatehd: huffman encoded=1 | |
| inflatehd: decoded integer is 6 | |
| inflatehd: valuelen=6 | |
| inflatehd: 6 bytes read | |
| inflatehd: header emission: grpc-encoding: identity | |
| recv: proclen=19 | |
| inflatehd: start state=2 | |
| inflatehd: literal header repr - indexed name | |
| inflatehd: indexing required=1, no_index=0 | |
| inflatehd: decoded integer is 31 | |
| inflatehd: index=31 | |
| inflatehd: huffman encoded=1 | |
| inflatehd: decoded integer is 16 | |
| inflatehd: valuelen=16 | |
| inflatehd: 16 bytes read | |
| inflatehd: header emission: content-type: application/grpc+proto | |
| recv: proclen=18 | |
| inflatehd: start state=2 | |
| inflatehd: literal header repr - indexed name | |
| inflatehd: indexing required=1, no_index=0 | |
| inflatehd: decoded integer is 33 | |
| inflatehd: index=33 | |
| inflatehd: huffman encoded=1 | |
| inflatehd: decoded integer is 22 | |
| inflatehd: valuelen=22 | |
| inflatehd: 22 bytes read | |
| inflatehd: header emission: date: Wed, 16 Jun 2021 22:59:29 GMT | |
| recv: proclen=24 | |
| inflatehd: start state=2 | |
| inflatehd: all input bytes were processed | |
| inflatehd: in_final set | |
| recv: proclen=0 | |
| recv: [IB_READ_HEAD] | |
| recv: payloadlen=26, type=0, flags=0x00, stream_id=1 | |
| recv: DATA | |
| recv: no padding in payload | |
| recv: [IB_READ_DATA] | |
| recv: readlen=26, payloadleft=0 | |
| recv: data_readlen=26 | |
| duplexEcho response: { message: 'Hello duplex world!' } | |
| stream: adjusting kept idle streams num_idle_streams=0, max=100 | |
| stream: dep_add dep_stream(0x61e0000090a8)=0, stream(0x6110000b7ec8)=3 | |
| deflatehd: deflating :scheme: http | |
| deflatehd: name/value match index=5 | |
| deflatehd: emit indexed index=5, 1 bytes | |
| deflatehd: deflating :path: /EchoService/UnaryEcho | |
| deflatehd: name match index=3 | |
| deflatehd: emit indname index=3, valuelen=22, indexing_mode=1 | |
| deflatehd: emit string str=/EchoService/UnaryEcho, length=22, huffman=1, encoded_length=17 | |
| deflatehd: deflating :method: POST | |
| deflatehd: name/value match index=2 | |
| deflatehd: emit indexed index=2, 1 bytes | |
| deflatehd: deflating :authority: 127.0.0.1:20000 | |
| deflatehd: name/value match index=66 | |
| deflatehd: emit indexed index=66, 1 bytes | |
| deflatehd: deflating grpc-accept-encoding: identity,deflate,gzip | |
| deflatehd: name/value match index=65 | |
| deflatehd: emit indexed index=65, 1 bytes | |
| deflatehd: deflating accept-encoding: identity | |
| deflatehd: name/value match index=64 | |
| deflatehd: emit indexed index=64, 1 bytes | |
| deflatehd: deflating user-agent: grpc-node-js/1.3.2 | |
| deflatehd: name/value match index=63 | |
| deflatehd: emit indexed index=63, 1 bytes | |
| deflatehd: deflating content-type: application/grpc | |
| deflatehd: name/value match index=62 | |
| deflatehd: emit indexed index=62, 1 bytes | |
| deflatehd: deflating te: trailers | |
| deflatehd: name/value match index=61 | |
| deflatehd: emit indexed index=61, 1 bytes | |
| deflatehd: all input name/value pairs were deflated | |
| send: HEADERS/PUSH_PROMISE, payloadlen=27 | |
| send: before padding, HEADERS serialized in 36 bytes | |
| send: padding selected: payloadlen=27, padlen=0 | |
| send: padlen = 0, nothing to do | |
| send: HEADERS finally serialized in 36 bytes | |
| send: next frame: payloadlen=27, type=1, flags=0x04, stream_id=3 | |
| send: start transmitting frame type=1, length=36 | |
| stream: stream=3 attach item=0x60e00002b388 | |
| stream: stream=3 obq push cycle=416 | |
| stream: push stream 3 to stream 0 | |
| stream: adjusting kept idle streams num_idle_streams=0, max=100 | |
| send: end transmission of a frame | |
| send: reset nghttp2_active_outbound_item | |
| send: aob->item = 0x60e00002b2a8 | |
| send: remote windowsize connection=65509, remote maxframsize=16384, stream(id 3)=65535 | |
| send: available window=16384 | |
| send: padlen = 0, nothing to do | |
| stream: stream=3 obq resched cycle=816 | |
| send: next frame: DATA | |
| send: no copy DATA | |
| stream: stream=3 detach item=0x60e00002b388 | |
| stream: remove stream 3 from stream 0 | |
| send: reset nghttp2_active_outbound_item | |
| send: aob->item = 0x60e00002b388 | |
| recv: connection recv_window_size=26, local_window=65535 | |
| stream: adjusting kept idle streams num_idle_streams=0, max=100 | |
| recv: [IB_READ_HEAD] | |
| recv: payloadlen=5, type=1, flags=0x04, stream_id=3 | |
| recv: HEADERS | |
| recv: no padding in payload | |
| recv: call on_begin_headers callback stream_id=3 | |
| recv: [IB_READ_HEADER_BLOCK] | |
| recv: readlen=5, payloadleft=0 | |
| recv: block final=1 | |
| recv: decoding header block 5 bytes | |
| inflatehd: start state=1 | |
| inflatehd: indexed repr | |
| inflatehd: decoded integer is 8 | |
| inflatehd: index=8 | |
| inflatehd: header emission: :status: 200 | |
| recv: proclen=1 | |
| inflatehd: start state=2 | |
| inflatehd: indexed repr | |
| inflatehd: decoded integer is 65 | |
| inflatehd: index=65 | |
| inflatehd: header emission: grpc-accept-encoding: identity | |
| recv: proclen=1 | |
| inflatehd: start state=2 | |
| inflatehd: indexed repr | |
| inflatehd: decoded integer is 64 | |
| inflatehd: index=64 | |
| inflatehd: header emission: grpc-encoding: identity | |
| recv: proclen=1 | |
| inflatehd: start state=2 | |
| inflatehd: indexed repr | |
| inflatehd: decoded integer is 63 | |
| inflatehd: index=63 | |
| inflatehd: header emission: content-type: application/grpc+proto | |
| recv: proclen=1 | |
| inflatehd: start state=2 | |
| inflatehd: indexed repr | |
| inflatehd: decoded integer is 62 | |
| inflatehd: index=62 | |
| inflatehd: header emission: date: Wed, 16 Jun 2021 22:59:29 GMT | |
| recv: proclen=1 | |
| inflatehd: start state=2 | |
| inflatehd: all input bytes were processed | |
| inflatehd: in_final set | |
| recv: proclen=0 | |
| recv: [IB_READ_HEAD] | |
| recv: payloadlen=25, type=0, flags=0x00, stream_id=3 | |
| recv: DATA | |
| recv: no padding in payload | |
| recv: [IB_READ_DATA] | |
| recv: readlen=25, payloadleft=0 | |
| recv: data_readlen=25 | |
| stream: adjusting kept idle streams num_idle_streams=0, max=100 | |
| recv: connection recv_window_size=51, local_window=65535 | |
| stream: adjusting kept idle streams num_idle_streams=0, max=100 | |
| recv: [IB_READ_HEAD] | |
| recv: payloadlen=26, type=1, flags=0x05, stream_id=3 | |
| recv: HEADERS | |
| recv: no padding in payload | |
| recv: call on_begin_headers callback stream_id=3 | |
| recv: [IB_READ_HEADER_BLOCK] | |
| recv: readlen=26, payloadleft=0 | |
| recv: block final=1 | |
| recv: decoding header block 26 bytes | |
| inflatehd: start state=1 | |
| inflatehd: literal header repr - new name | |
| inflatehd: indexing required=1, no_index=0 | |
| inflatehd: huffman encoded=1 | |
| inflatehd: decoded integer is 8 | |
| inflatehd: 8 bytes read | |
| inflatehd: huffman encoded=0 | |
| inflatehd: decoded integer is 1 | |
| inflatehd: valuelen=1 | |
| inflatehd: 1 bytes read | |
| inflatehd: header emission: grpc-status: 0 | |
| recv: proclen=12 | |
| inflatehd: start state=2 | |
| inflatehd: literal header repr - new name | |
| inflatehd: indexing required=1, no_index=0 | |
| inflatehd: huffman encoded=1 | |
| inflatehd: decoded integer is 9 | |
| inflatehd: 9 bytes read | |
| inflatehd: huffman encoded=0 | |
| inflatehd: decoded integer is 2 | |
| inflatehd: valuelen=2 | |
| inflatehd: 2 bytes read | |
| inflatehd: header emission: grpc-message: OK | |
| recv: proclen=14 | |
| inflatehd: start state=2 | |
| inflatehd: all input bytes were processed | |
| inflatehd: in_final set | |
| recv: proclen=0 | |
| stream: adjusting kept idle streams num_idle_streams=0, max=100 | |
| stream: stream(0x6110000b7ec8)=3 close | |
| unaryEcho response: { message: 'Hello unary world!' } | |
| calling stream.cancel | |
| stream: stream=1 resume item=0x60e00002af28 flags=08 | |
| stream: stream=1 obq push cycle=416 | |
| stream: push stream 1 to stream 0 | |
| stream: adjusting kept idle streams num_idle_streams=0, max=100 | |
| send: next frame: payloadlen=4, type=3, flags=0x00, stream_id=3 | |
| send: start transmitting frame type=3, length=13 | |
| stream: stream(0x6110000b7ec8)=3 close | |
| stream: destroy closed stream(0x6110000b7ec8)=3 | |
| stream: dep_remove stream(0x6110000b7ec8)=3 | |
| stream: adjusting kept idle streams num_idle_streams=0, max=100 | |
| send: end transmission of a frame | |
| send: reset nghttp2_active_outbound_item | |
| send: aob->item = 0x60e00002b468 | |
| send: remote windowsize connection=65484, remote maxframsize=16384, stream(id 1)=65509 | |
| send: available window=16384 | |
| send: padlen = 0, nothing to do | |
| stream: stream=1 obq resched cycle=416 | |
| send: next frame: DATA | |
| send: start transmitting frame type=0, length=9 | |
| stream: stream=1 detach item=0x60e00002af28 | |
| stream: remove stream 1 from stream 0 | |
| stream: adjusting kept idle streams num_idle_streams=0, max=100 | |
| send: end transmission of a frame | |
| send: reset nghttp2_active_outbound_item | |
| send: aob->item = 0x60e00002af28 | |
| returned from stream.cancel | |
| calling sleep | |
| duplexEcho error Error: 1 CANCELLED: Cancelled on client | |
| at Object.callErrorFromStatus (/home/matthew/spikes/repro-node-crash/node_modules/@grpc/grpc-js/build/src/call.js:31:26) | |
| at Object.onReceiveStatus (/home/matthew/spikes/repro-node-crash/node_modules/@grpc/grpc-js/build/src/client.js:390:49) | |
| at Object.onReceiveStatus (/home/matthew/spikes/repro-node-crash/node_modules/@grpc/grpc-js/build/src/client-interceptors.js:299:181) | |
| at /home/matthew/spikes/repro-node-crash/node_modules/@grpc/grpc-js/build/src/call-stream.js:145:78 | |
| at processTicksAndRejections (node:internal/process/task_queues:78:11) | |
| duplexEcho status { | |
| code: 1, | |
| details: 'Cancelled on client', | |
| metadata: Metadata { internalRepr: Map(0) {}, options: {} } | |
| } | |
| ================================================================= | |
| ==2831257==ERROR: AddressSanitizer: heap-use-after-free on address 0x6110000b7fb4 at pc 0x0000062930ed bp 0x7fff2d688f20 sp 0x7fff2d688f18 | |
| READ of size 1 at 0x6110000b7fb4 thread T0 | |
| #0 0x62930ec in nghttp2_session_close_stream ../deps/nghttp2/lib/nghttp2_session.c:1218 | |
| #1 0x629423c in nghttp2_session_close_stream_if_shut_rdwr ../deps/nghttp2/lib/nghttp2_session.c:1442 | |
| #2 0x629c30b in session_end_stream_headers_received ../deps/nghttp2/lib/nghttp2_session.c:3738 | |
| #3 0x629c937 in session_after_header_block_received ../deps/nghttp2/lib/nghttp2_session.c:3826 | |
| #4 0x62a7ad2 in nghttp2_session_mem_recv ../deps/nghttp2/lib/nghttp2_session.c:6277 | |
| #5 0x140f19d in node::http2::Http2Session::ConsumeHTTP2Data() ../src/node_http2.cc:798 | |
| #6 0x1418f2c in node::http2::Http2Session::OnStreamRead(long, uv_buf_t const&) ../src/node_http2.cc:1883 | |
| #7 0x12375c4 in node::StreamResource::EmitRead(long, uv_buf_t const&) ../src/stream_base-inl.h:104 | |
| #8 0x1720366 in node::LibuvStreamWrap::OnUvRead(long, uv_buf_t const*) ../src/stream_wrap.cc:276 | |
| #9 0x171fb08 in operator() ../src/stream_wrap.cc:198 | |
| #10 0x171fb38 in _FUN ../src/stream_wrap.cc:199 | |
| #11 0x523b8c5 in uv__read ../deps/uv/src/unix/stream.c:1239 | |
| #12 0x523bfa9 in uv__stream_io ../deps/uv/src/unix/stream.c:1306 | |
| #13 0x524e7d7 in uv__io_poll ../deps/uv/src/unix/linux-core.c:462 | |
| #14 0x520c612 in uv_run ../deps/uv/src/unix/core.c:385 | |
| #15 0x107ae80 in node::SpinEventLoop(node::Environment*) ../src/api/embed_helpers.cc:36 | |
| #16 0x14ca670 in node::NodeMainInstance::Run(node::EnvSerializeInfo const*) ../src/node_main_instance.cc:143 | |
| #17 0x12aa567 in node::Start(int, char**) ../src/node.cc:1125 | |
| #18 0x5e68beb in main ../src/node_main.cc:127 | |
| #19 0x7f2dbc7abb74 in __libc_start_main (/lib64/libc.so.6+0x27b74) | |
| #20 0x106d18d in _start (/home/matthew/projects/node/out/Debug/node+0x106d18d) | |
| 0x6110000b7fb4 is located 244 bytes inside of 248-byte region [0x6110000b7ec0,0x6110000b7fb8) | |
| freed by thread T0 here: | |
| #0 0x7f2dbcda9647 in free (/lib64/libasan.so.6+0xae647) | |
| #1 0x109046d in char* node::UncheckedRealloc<char>(char*, unsigned long) ../src/util-inl.h:337 | |
| #2 0x1488639 in node::mem::NgLibMemoryManager<node::http2::Http2Session, nghttp2_mem>::ReallocImpl(void*, unsigned long, void*) (/home/matthew/projects/node/out/Debug/node+0x1488639) | |
| #3 0x14884e0 in node::mem::NgLibMemoryManager<node::http2::Http2Session, nghttp2_mem>::FreeImpl(void*, void*) (/home/matthew/projects/node/out/Debug/node+0x14884e0) | |
| #4 0x62ced75 in nghttp2_mem_free ../deps/nghttp2/lib/nghttp2_mem.c:61 | |
| #5 0x6293422 in nghttp2_session_destroy_stream ../deps/nghttp2/lib/nghttp2_session.c:1268 | |
| #6 0x6293304 in nghttp2_session_close_stream ../deps/nghttp2/lib/nghttp2_session.c:1241 | |
| #7 0x6298457 in session_after_frame_sent1 ../deps/nghttp2/lib/nghttp2_session.c:2712 | |
| #8 0x629a04e in nghttp2_session_mem_send ../deps/nghttp2/lib/nghttp2_session.c:3235 | |
| #9 0x1417478 in node::http2::Http2Session::SendPendingData() ../src/node_http2.cc:1687 | |
| #10 0x141d1a1 in node::http2::Http2Stream::SubmitRstStream(unsigned int) ../src/node_http2.cc:2202 | |
| #11 0x14239e1 in node::http2::Http2Stream::RstStream(v8::FunctionCallbackInfo<v8::Value> const&) ../src/node_http2.cc:2687 | |
| #12 0x1d5f547 in v8::internal::FunctionCallbackArguments::Call(v8::internal::CallHandlerInfo) ../deps/v8/src/api/api-arguments-inl.h:158 | |
| #13 0x1d6445b in HandleApiCallHelper<false> ../deps/v8/src/builtins/builtins-api.cc:113 | |
| #14 0x1d73c68 in Builtin_Impl_HandleApiCall ../deps/v8/src/builtins/builtins-api.cc:143 | |
| #15 0x1d75e81 in v8::internal::Builtin_HandleApiCall(int, unsigned long*, v8::internal::Isolate*) ../deps/v8/src/builtins/builtins-api.cc:131 | |
| #16 0x55081df in Builtins_CEntry_Return1_DontSaveFPRegs_ArgvOnStack_BuiltinExit (/home/matthew/projects/node/out/Debug/node+0x55081df) | |
| #17 0x5283b64 in Builtins_InterpreterEntryTrampoline (/home/matthew/projects/node/out/Debug/node+0x5283b64) | |
| #18 0x5283b64 in Builtins_InterpreterEntryTrampoline (/home/matthew/projects/node/out/Debug/node+0x5283b64) | |
| #19 0x5283b64 in Builtins_InterpreterEntryTrampoline (/home/matthew/projects/node/out/Debug/node+0x5283b64) | |
| #20 0x5283b64 in Builtins_InterpreterEntryTrampoline (/home/matthew/projects/node/out/Debug/node+0x5283b64) | |
| #21 0x5283b64 in Builtins_InterpreterEntryTrampoline (/home/matthew/projects/node/out/Debug/node+0x5283b64) | |
| #22 0x5283b64 in Builtins_InterpreterEntryTrampoline (/home/matthew/projects/node/out/Debug/node+0x5283b64) | |
| #23 0x5283b64 in Builtins_InterpreterEntryTrampoline (/home/matthew/projects/node/out/Debug/node+0x5283b64) | |
| #24 0x5283b64 in Builtins_InterpreterEntryTrampoline (/home/matthew/projects/node/out/Debug/node+0x5283b64) | |
| #25 0x5283b64 in Builtins_InterpreterEntryTrampoline (/home/matthew/projects/node/out/Debug/node+0x5283b64) | |
| #26 0x5283b64 in Builtins_InterpreterEntryTrampoline (/home/matthew/projects/node/out/Debug/node+0x5283b64) | |
| #27 0x537acda in Builtins_AsyncFunctionAwaitResolveClosure (/home/matthew/projects/node/out/Debug/node+0x537acda) | |
| #28 0x56b2fc3 in Builtins_PromiseFulfillReactionJob (/home/matthew/projects/node/out/Debug/node+0x56b2fc3) | |
| #29 0x5326cf3 in Builtins_RunMicrotasks (/home/matthew/projects/node/out/Debug/node+0x5326cf3) | |
| previously allocated by thread T0 here: | |
| #0 0x7f2dbcda9cb8 in __interceptor_realloc (/lib64/libasan.so.6+0xaecb8) | |
| #1 0x1090487 in char* node::UncheckedRealloc<char>(char*, unsigned long) ../src/util-inl.h:341 | |
| #2 0x1488639 in node::mem::NgLibMemoryManager<node::http2::Http2Session, nghttp2_mem>::ReallocImpl(void*, unsigned long, void*) (/home/matthew/projects/node/out/Debug/node+0x1488639) | |
| #3 0x14884b2 in node::mem::NgLibMemoryManager<node::http2::Http2Session, nghttp2_mem>::MallocImpl(unsigned long, void*) (/home/matthew/projects/node/out/Debug/node+0x14884b2) | |
| #4 0x62ced02 in nghttp2_mem_malloc ../deps/nghttp2/lib/nghttp2_mem.c:57 | |
| #5 0x6292734 in nghttp2_session_open_stream ../deps/nghttp2/lib/nghttp2_session.c:1051 | |
| #6 0x6295d0e in session_prep_frame ../deps/nghttp2/lib/nghttp2_session.c:2101 | |
| #7 0x6298efd in nghttp2_session_mem_send_internal ../deps/nghttp2/lib/nghttp2_session.c:2932 | |
| #8 0x6299ff7 in nghttp2_session_mem_send ../deps/nghttp2/lib/nghttp2_session.c:3225 | |
| #9 0x1417478 in node::http2::Http2Session::SendPendingData() ../src/node_http2.cc:1687 | |
| #10 0x140f573 in node::http2::Http2Session::ConsumeHTTP2Data() ../src/node_http2.cc:827 | |
| #11 0x1418f2c in node::http2::Http2Session::OnStreamRead(long, uv_buf_t const&) ../src/node_http2.cc:1883 | |
| #12 0x12375c4 in node::StreamResource::EmitRead(long, uv_buf_t const&) ../src/stream_base-inl.h:104 | |
| #13 0x1720366 in node::LibuvStreamWrap::OnUvRead(long, uv_buf_t const*) ../src/stream_wrap.cc:276 | |
| #14 0x171fb08 in operator() ../src/stream_wrap.cc:198 | |
| #15 0x171fb38 in _FUN ../src/stream_wrap.cc:199 | |
| #16 0x523b8c5 in uv__read ../deps/uv/src/unix/stream.c:1239 | |
| #17 0x523bfa9 in uv__stream_io ../deps/uv/src/unix/stream.c:1306 | |
| #18 0x524e7d7 in uv__io_poll ../deps/uv/src/unix/linux-core.c:462 | |
| #19 0x520c612 in uv_run ../deps/uv/src/unix/core.c:385 | |
| #20 0x107ae80 in node::SpinEventLoop(node::Environment*) ../src/api/embed_helpers.cc:36 | |
| #21 0x14ca670 in node::NodeMainInstance::Run(node::EnvSerializeInfo const*) ../src/node_main_instance.cc:143 | |
| #22 0x12aa567 in node::Start(int, char**) ../src/node.cc:1125 | |
| #23 0x5e68beb in main ../src/node_main.cc:127 | |
| #24 0x7f2dbc7abb74 in __libc_start_main (/lib64/libc.so.6+0x27b74) | |
| SUMMARY: AddressSanitizer: heap-use-after-free ../deps/nghttp2/lib/nghttp2_session.c:1218 in nghttp2_session_close_stream | |
| Shadow bytes around the buggy address: | |
| 0x0c228000efa0: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa | |
| 0x0c228000efb0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd | |
| 0x0c228000efc0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd | |
| 0x0c228000efd0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd | |
| 0x0c228000efe0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd | |
| =>0x0c228000eff0: fd fd fd fd fd fd[fd]fa fa fa fa fa fa fa fa fa | |
| 0x0c228000f000: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd | |
| 0x0c228000f010: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd | |
| 0x0c228000f020: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd | |
| 0x0c228000f030: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd | |
| 0x0c228000f040: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa | |
| Shadow byte legend (one shadow byte represents 8 application bytes): | |
| Addressable: 00 | |
| Partially addressable: 01 02 03 04 05 06 07 | |
| Heap left redzone: fa | |
| Freed heap region: fd | |
| Stack left redzone: f1 | |
| Stack mid redzone: f2 | |
| Stack right redzone: f3 | |
| Stack after return: f5 | |
| Stack use after scope: f8 | |
| Global redzone: f9 | |
| Global init order: f6 | |
| Poisoned by user: f7 | |
| Container overflow: fc | |
| Array cookie: ac | |
| Intra object redzone: bb | |
| ASan internal: fe | |
| Left alloca redzone: ca | |
| Right alloca redzone: cb | |
| Shadow gap: cc | |
| ==2831257==ABORTING |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment