Use after free in named
Job #1157683 failed for fe72a28e:
D:shutdown:=================================================================
7574D:shutdown:==26090==ERROR: AddressSanitizer: heap-use-after-free on address 0x616000110688 at pc 0x55d9c564a410 bp 0x7f7b91acdb80 sp 0x7f7b91acdb78
7575D:shutdown:READ of size 8 at 0x616000110688 thread T14
7576D:shutdown:#0 0x55d9c564a40f in conn_cleanup /builds/isc-projects/bind9/bin/named/controlconf.c:285
7577D:shutdown:#1 0x55d9c5653b32 in control_command /builds/isc-projects/bind9/bin/named/controlconf.c:387
7578D:shutdown:#2 0x7f7ba1ede0c9 in dispatch /builds/isc-projects/bind9/lib/isc/task.c:1152
7579D:shutdown:#3 0x7f7ba1ede0c9 in run /builds/isc-projects/bind9/lib/isc/task.c:1344
7580D:shutdown:#4 0x7f7b9f408fa2 in start_thread /build/glibc-vjB4T1/glibc-2.28/nptl/pthread_create.c:486
7581D:shutdown:#5 0x7f7b9e4224ce in clone (/lib/x86_64-linux-gnu/libc.so.6+0xf94ce)
7582D:shutdown:
7583D:shutdown:0x616000110688 is located 520 bytes inside of 569-byte region [0x616000110480,0x6160001106b9)
7584D:shutdown:freed by thread T8 here:
7585D:shutdown:#0 0x7f7ba22a8fb0 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xe8fb0)
7586D:shutdown:#1 0x7f7ba1e8cb67 in default_memfree /builds/isc-projects/bind9/lib/isc/mem.c:742
7587D:shutdown:#2 0x7f7ba1eada0d in mem_put /builds/isc-projects/bind9/lib/isc/mem.c:654
7588D:shutdown:#3 0x7f7ba1eada0d in isc___mem_put /builds/isc-projects/bind9/lib/isc/mem.c:1110
7589D:shutdown:#4 0x7f7ba1ea4d09 in isc__mem_put /builds/isc-projects/bind9/lib/isc/mem.c:2439
7590D:shutdown:#5 0x7f7ba1dbfabc in nmhandle_free netmgr/netmgr.c:1190
7591D:shutdown:#6 0x7f7ba1dcb2f6 in nmsocket_cleanup netmgr/netmgr.c:773
7592D:shutdown:#7 0x7f7ba1dcce04 in nmsocket_maybe_destroy netmgr/netmgr.c:866
7593D:shutdown:#8 0x7f7ba1dcd2d2 in isc__nmsocket_prep_destroy netmgr/netmgr.c:912
7594D:shutdown:#9 0x7f7ba1dd21b3 in tcp_close_cb netmgr/tcp.c:1082
7595D:shutdown:#10 0x7f7b9f43d044 in uv_run (/usr/lib/x86_64-linux-gnu/libuv.so.1+0x11044)
7596D:shutdown:#11 0x7f7b94fdfc9f (<unknown module>)
7597D:shutdown:
7598D:shutdown:previously allocated by thread T8 here:
7599D:shutdown:#0 0x7f7ba22a9330 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xe9330)
7600D:shutdown:#1 0x7f7ba1e8cc24 in default_memalloc /builds/isc-projects/bind9/lib/isc/mem.c:713
7601D:shutdown:#2 0x7f7ba1ea9c56 in mem_get /builds/isc-projects/bind9/lib/isc/mem.c:622
7602D:shutdown:#3 0x7f7ba1ea9c56 in isc___mem_get /builds/isc-projects/bind9/lib/isc/mem.c:1044
7603D:shutdown:#4 0x7f7ba1ea4054 in isc__mem_get /builds/isc-projects/bind9/lib/isc/mem.c:2432
7604D:shutdown:#5 0x7f7ba1dc4eb3 in alloc_handle netmgr/netmgr.c:1063
7605D:shutdown:#6 0x7f7ba1dc4eb3 in isc__nmhandle_get netmgr/netmgr.c:1087
7606D:shutdown:#7 0x7f7ba1dd9758 in isc__nm_async_tcpchildaccept netmgr/tcp.c:491
7607D:shutdown:#8 0x7f7ba1dcf8d4 in process_queue netmgr/netmgr.c:628
7608D:shutdown:#9 0x7f7ba1dd087f in async_cb netmgr/netmgr.c:596
7609D:shutdown:#10 0x7f7b9f43c667 (/usr/lib/x86_64-linux-gnu/libuv.so.1+0x10667)
7610D:shutdown:
7611D:shutdown:Thread T14 created by T0 here:
7612D:shutdown:#0 0x7f7ba2210db0 in __interceptor_pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x50db0)
7613D:shutdown:#1 0x7f7ba1f05c5a in isc_thread_create pthreads/thread.c:73
7614D:shutdown:#2 0x7f7ba1ee6a28 in isc_taskmgr_create /builds/isc-projects/bind9/lib/isc/task.c:1434
7615D:shutdown:#3 0x55d9c5661339 in create_managers /builds/isc-projects/bind9/bin/named/main.c:915
7616D:shutdown:#4 0x55d9c5661339 in setup /builds/isc-projects/bind9/bin/named/main.c:1223
7617D:shutdown:#5 0x55d9c5661339 in main /builds/isc-projects/bind9/bin/named/main.c:1523
7618D:shutdown:#6 0x7f7b9e34d09a in __libc_start_main ../csu/libc-start.c:308
7619D:shutdown:
7620D:shutdown:Thread T8 created by T0 here:
7621D:shutdown:#0 0x7f7ba2210db0 in __interceptor_pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x50db0)
7622D:shutdown:#1 0x7f7ba1f05c5a in isc_thread_create pthreads/thread.c:73
7623D:shutdown:#2 0x7f7ba1dc1176 in isc_nm_start netmgr/netmgr.c:223
7624D:shutdown:#3 0x55d9c5661304 in create_managers /builds/isc-projects/bind9/bin/named/main.c:909
7625D:shutdown:#4 0x55d9c5661304 in setup /builds/isc-projects/bind9/bin/named/main.c:1223
7626D:shutdown:#5 0x55d9c5661304 in main /builds/isc-projects/bind9/bin/named/main.c:1523
7627D:shutdown:#6 0x7f7b9e34d09a in __libc_start_main ../csu/libc-start.c:308
7628D:shutdown:
7629D:shutdown:SUMMARY: AddressSanitizer: heap-use-after-free /builds/isc-projects/bind9/bin/named/controlconf.c:285 in conn_cleanupI:shutdown:stopping servers
7705I:shutdown:Core dump(s) found: shutdown/resolver/core.26090
7706D:shutdown:backtrace from shutdown/resolver/core.26090:
7707D:shutdown:--------------------------------------------------------------------------------
7708D:shutdown:Core was generated by `/builds/isc-projects/bind9/bin/named/.libs/named -c /builds/isc-projects/bind9/'.
7709D:shutdown:Program terminated with signal SIGABRT, Aborted.
7710D:shutdown:#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
7711D:shutdown:[Current thread is 1 (Thread 0x7f7b91ace700 (LWP 26117))]
7712D:shutdown:#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
7713D:shutdown:#1 0x00007f7b9e34b535 in __GI_abort () at abort.c:79
7714D:shutdown:#2 0x00007f7ba22c6e6b in ?? () from /usr/lib/x86_64-linux-gnu/libasan.so.5
7715D:shutdown:#3 0x00007f7ba22ceed8 in ?? () from /usr/lib/x86_64-linux-gnu/libasan.so.5
7716D:shutdown:#4 0x00007f7ba22b397d in ?? () from /usr/lib/x86_64-linux-gnu/libasan.so.5
7717D:shutdown:#5 0x00007f7ba22b4308 in __asan_report_load8 () from /usr/lib/x86_64-linux-gnu/libasan.so.5
7718D:shutdown:#6 0x000055d9c564a410 in conn_cleanup (conn=conn@entry=0x6160001105e8) at controlconf.c:290
7719D:shutdown:#7 0x000055d9c5653b33 in control_command (task=<optimized out>, event=<optimized out>) at controlconf.c:387
7720D:shutdown:#8 0x00007f7ba1ede0ca in dispatch (threadid=<optimized out>, manager=<optimized out>) at task.c:1152
7721D:shutdown:#9 run (queuep=<optimized out>) at task.c:1344
7722D:shutdown:#10 0x00007f7b9f408fa3 in start_thread (arg=<optimized out>) at pthread_create.c:486
7723D:shutdown:#11 0x00007f7b9e4224cf in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
7724D:shutdown:--------------------------------------------------------------------------------
7725D:shutdown:full backtrace from shutdown/resolver/core.26090 saved in core.26090-backtrace.txt
7726D:shutdown:core dump shutdown/resolver/core.26090 archived as shutdown/resolver/core.26090.gzEdited by Mark Andrews