Steps to reproduce:
0. build tincd with -fsanitize=address
1. start tincd:
./src/tincd -c . -D
2. capture log output in one tinc client
./src/tinc -c . log
3. this is optional, but seems to flush the bug more often: open another
tinc client and issue the purge/retry commands:
./src/tinc -c .
tinc> purge
tinc> retry
4. stop tincd (using Ctrl+C or the stop command)
Repeat until it fails with a bunch of error messages as below.
------------
==
1715850==ERROR: AddressSanitizer: heap-use-after-free on address 0x60300001d950 at pc 0x55a3fdba1fa5 bp 0x7fffbd250470 sp 0x7fffbd250468
READ of size 8 at 0x60300001d950 thread T0
0 0x55a3fdba1fa4 in real_logger tinc/src/logger.c:101:7
1 0x55a3fdba188b in logger tinc/src/logger.c:140:2
2 0x55a3fdc90c22 in main tinc/src/tincd.c:625:2
3 0x7f826a3eab24 in __libc_start_main (/usr/lib/libc.so.6+0x27b24)
4 0x55a3fda9087d in _start (tinc/src/tincd+0xd487d)
0x60300001d950 is located 0 bytes inside of 32-byte region [0x60300001d950,0x60300001d970)
freed by thread T0 here:
0 0x55a3fdb377c9 in free (tinc/src/tincd+0x17b7c9)
1 0x55a3fdb9e1b4 in list_free tinc/src/list.c:36:2
2 0x55a3fdba0ed3 in list_delete_list tinc/src/list.c:192:2
3 0x55a3fdb8385f in exit_connections tinc/src/connection.c:47:2
4 0x55a3fdbf0427 in close_network_connections tinc/src/net_setup.c:1386:2
5 0x55a3fdc90c0d in main tinc/src/tincd.c:623:2
6 0x7f826a3eab24 in __libc_start_main (/usr/lib/libc.so.6+0x27b24)
previously allocated by thread T0 here:
0 0x55a3fdb37c91 in calloc (tinc/src/tincd+0x17bc91)
1 0x55a3fdb9e157 in xzalloc tinc/src/./xalloc.h:37:12
2 0x55a3fdb9e065 in list_alloc tinc/src/list.c:29:17
3 0x55a3fdb82a43 in init_connections tinc/src/connection.c:40:20
4 0x55a3fdbea58c in setup_network tinc/src/net_setup.c:1304:2
5 0x55a3fdc90535 in main tinc/src/tincd.c:573:6
6 0x7f826a3eab24 in __libc_start_main (/usr/lib/libc.so.6+0x27b24)
projects / tinc / commitdiff