================================================================= ==40187==ERROR: AddressSanitizer: heap-use-after-free on address 0x7d6ff646e2d0 at pc 0x55555a733519 bp 0x7bfff1ffdff0 sp 0x7bfff1ffdfe8 READ of size 8 at 0x7d6ff646e2d0 thread T2 [Detaching after fork from child process 40746] #0 0x55555a733518 in chip::SessionManager::HandleConnectionClosed(chip::Transport::ActiveTCPConnectionState*, chip::ChipError) /home/beom/Desktop/connectedhomeip/out/linux-x64-chip-tool-asan-ubsan-clang/../../examples/chip-tool/third_party/connectedhomeip/src/transport/SessionManager.cpp:740:27 #1 0x555557213d5c in __sanitizer::BufferedStackTrace::UnwindImpl(unsigned long, unsigned long, void*, bool, unsigned int) ../../../../../../llvm-llvm-project/../../../../../../llvm-llvm-project/compiler-rt/lib/asan/asan_stack.cpp #2 0x555557176c76 in Unwind ../../../../../../llvm-llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_stacktrace.h:130:5 #3 0x555557176c76 in __asan::ErrorGeneric::Print() ../../../../../../llvm-llvm-project/../../../../../../llvm-llvm-project/compiler-rt/lib/asan/asan_errors.cpp:602:3 #4 0x55555720d70f in __asan::ScopedInErrorReport::~ScopedInErrorReport() ../../../../../../llvm-llvm-project/../../../../../../llvm-llvm-project/compiler-rt/lib/asan/asan_report.cpp:144:50 #5 0x555557210d46 in __asan::ReportGenericError(unsigned long, unsigned long, unsigned long, unsigned long, bool, unsigned long, unsigned int, bool) ../../../../../../llvm-llvm-project/../../../../../../llvm-llvm-project/compiler-rt/lib/asan/asan_report.cpp:498:1 #6 0x555557211c25 in __asan_report_load8 ../../../../../../llvm-llvm-project/../../../../../../llvm-llvm-project/compiler-rt/lib/asan/asan_rtl.cpp:131:1 0x7d6ff646e2d0 is located 208 bytes inside of 744-byte region [0x7d6ff646e200,0x7d6ff646e4e8) freed by thread T2 here: #0 0x555557208b36 in free ../../../../../../llvm-llvm-project/../../../../../../llvm-llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:51:3 #1 0x5555595e1a1d in chip::Platform::MemoryFree(void*) /home/beom/Desktop/connectedhomeip/out/linux-x64-chip-tool-asan-ubsan-clang/../../examples/chip-tool/third_party/connectedhomeip/src/lib/support/CHIPMem-Malloc.cpp:116:5 #2 0x55555a914ba1 in void chip::Platform::Delete(chip::CASEClient*) /home/beom/Desktop/connectedhomeip/out/linux-x64-chip-tool-asan-ubsan-clang/../../examples/chip-tool/third_party/connectedhomeip/src/lib/support/CHIPMem.h:169:5 #3 0x55555a914828 in chip::HeapObjectPool::ReleaseObject(chip::CASEClient*) /home/beom/Desktop/connectedhomeip/out/linux-x64-chip-tool-asan-ubsan-clang/../../examples/chip-tool/third_party/connectedhomeip/src/lib/support/Pool.h:535:13 #4 0x55555a913be9 in chip::CASEClientPool<16ul>::Release(chip::CASEClient*) /home/beom/Desktop/connectedhomeip/out/linux-x64-chip-tool-asan-ubsan-clang/../../examples/chip-tool/third_party/connectedhomeip/src/app/CASEClientPool.h:43:62 #5 0x55555adfdfa5 in chip::OperationalSessionSetup::CleanupCASEClient() /home/beom/Desktop/connectedhomeip/out/linux-x64-chip-tool-asan-ubsan-clang/../../examples/chip-tool/third_party/connectedhomeip/src/app/OperationalSessionSetup.cpp:535:22 #6 0x55555adfda16 in chip::OperationalSessionSetup::MoveToState(chip::OperationalSessionSetup::State) /home/beom/Desktop/connectedhomeip/out/linux-x64-chip-tool-asan-ubsan-clang/../../examples/chip-tool/third_party/connectedhomeip/src/app/OperationalSessionSetup.cpp:70:13 #7 0x55555ae0ae64 in chip::OperationalSessionSetup::OnSessionEstablished(chip::SessionHandle const&) /home/beom/Desktop/connectedhomeip/out/linux-x64-chip-tool-asan-ubsan-clang/../../examples/chip-tool/third_party/connectedhomeip/src/app/OperationalSessionSetup.cpp:526:5 #8 0x55555a9e5a32 in chip::PairingSession::Finish() /home/beom/Desktop/connectedhomeip/out/linux-x64-chip-tool-asan-ubsan-clang/../../examples/chip-tool/third_party/connectedhomeip/src/protocols/secure_channel/PairingSession.cpp:100:19 #9 0x55555a9808aa in chip::CASESession::HandleSigma2Resume(chip::System::PacketBufferHandle&&) /home/beom/Desktop/connectedhomeip/out/linux-x64-chip-tool-asan-ubsan-clang/../../examples/chip-tool/third_party/connectedhomeip/src/protocols/secure_channel/CASESession.cpp:1322:5 #10 0x55555a9a0b67 in chip::CASESession::OnMessageReceived(chip::Messaging::ExchangeContext*, chip::PayloadHeader const&, chip::System::PacketBufferHandle&&) /home/beom/Desktop/connectedhomeip/out/linux-x64-chip-tool-asan-ubsan-clang/../../examples/chip-tool/third_party/connectedhomeip/src/protocols/secure_channel/CASESession.cpp:2354:19 #11 0x55555a9a3225 in non-virtual thunk to chip::CASESession::OnMessageReceived(chip::Messaging::ExchangeContext*, chip::PayloadHeader const&, chip::System::PacketBufferHandle&&) /home/beom/Desktop/connectedhomeip/out/linux-x64-chip-tool-asan-ubsan-clang/../../examples/chip-tool/third_party/connectedhomeip/src/protocols/secure_channel/CASESession.cpp #12 0x55555a6ca92f in chip::Messaging::ExchangeContext::HandleMessage(unsigned int, chip::PayloadHeader const&, chip::BitFlags, chip::System::PacketBufferHandle&&) /home/beom/Desktop/connectedhomeip/out/linux-x64-chip-tool-asan-ubsan-clang/../../examples/chip-tool/third_party/connectedhomeip/src/messaging/ExchangeContext.cpp:617:31 #13 0x55555a6e1d00 in auto chip::Messaging::ExchangeManager::OnMessageReceived(chip::PacketHeader const&, chip::PayloadHeader const&, chip::SessionHandle const&, chip::SessionMessageDelegate::DuplicateMessage, chip::System::PacketBufferHandle&&)::$_0::operator()(chip::Messaging::ExchangeContext*) const /home/beom/Desktop/connectedhomeip/out/linux-x64-chip-tool-asan-ubsan-clang/../../examples/chip-tool/third_party/connectedhomeip/src/messaging/ExchangeMgr.cpp:273:21 #14 0x55555a6e134c in chip::internal::LambdaProxy::Call(void*, void*) /home/beom/Desktop/connectedhomeip/out/linux-x64-chip-tool-asan-ubsan-clang/../../examples/chip-tool/third_party/connectedhomeip/src/lib/support/Pool.h:132:16 #15 0x55555a198666 in chip::internal::HeapObjectList::ForEachNode(void*, chip::Loop (*)(void*, void*)) /home/beom/Desktop/connectedhomeip/out/linux-x64-chip-tool-asan-ubsan-clang/../../examples/chip-tool/third_party/connectedhomeip/src/lib/support/Pool.cpp:193:17 #16 0x55555a6ddabd in chip::Loop chip::HeapObjectPool::ForEachActiveObject(chip::Messaging::ExchangeManager::OnMessageReceived(chip::PacketHeader const&, chip::PayloadHeader const&, chip::SessionHandle const&, chip::SessionMessageDelegate::DuplicateMessage, chip::System::PacketBufferHandle&&)::$_0&&) /home/beom/Desktop/connectedhomeip/out/linux-x64-chip-tool-asan-ubsan-clang/../../examples/chip-tool/third_party/connectedhomeip/src/lib/support/Pool.h:575:25 #17 0x55555a6da311 in chip::Messaging::ExchangeManager::OnMessageReceived(chip::PacketHeader const&, chip::PayloadHeader const&, chip::SessionHandle const&, chip::SessionMessageDelegate::DuplicateMessage, chip::System::PacketBufferHandle&&) /home/beom/Desktop/connectedhomeip/out/linux-x64-chip-tool-asan-ubsan-clang/../../examples/chip-tool/third_party/connectedhomeip/src/messaging/ExchangeMgr.cpp:266:22 #18 0x55555a73150f in chip::SessionManager::UnauthenticatedMessageDispatch(chip::PacketHeader const&, chip::Transport::PeerAddress const&, chip::System::PacketBufferHandle&&, chip::Transport::MessageTransportContext*) /home/beom/Desktop/connectedhomeip/out/linux-x64-chip-tool-asan-ubsan-clang/../../examples/chip-tool/third_party/connectedhomeip/src/transport/SessionManager.cpp:901:14 #19 0x55555a726f1c in chip::SessionManager::OnMessageReceived(chip::Transport::PeerAddress const&, chip::System::PacketBufferHandle&&, chip::Transport::MessageTransportContext*) /home/beom/Desktop/connectedhomeip/out/linux-x64-chip-tool-asan-ubsan-clang/../../examples/chip-tool/third_party/connectedhomeip/src/transport/SessionManager.cpp:681:9 #20 0x55555a77002a in chip::TransportMgrBase::HandleMessageReceived(chip::Transport::PeerAddress const&, chip::System::PacketBufferHandle&&, chip::Transport::MessageTransportContext*) /home/beom/Desktop/connectedhomeip/out/linux-x64-chip-tool-asan-ubsan-clang/../../examples/chip-tool/third_party/connectedhomeip/src/transport/TransportMgrBase.cpp:91:26 #21 0x55555a9f24fe in chip::Transport::Base::HandleMessageReceived(chip::Transport::PeerAddress const&, chip::System::PacketBufferHandle&&, chip::Transport::MessageTransportContext*) /home/beom/Desktop/connectedhomeip/out/linux-x64-chip-tool-asan-ubsan-clang/../../examples/chip-tool/third_party/connectedhomeip/src/transport/raw/Base.h:137:20 #22 0x55555aa07c7a in chip::Transport::TCPBase::ProcessSingleMessage(chip::Transport::PeerAddress const&, chip::Transport::ActiveTCPConnectionState*, unsigned long) /home/beom/Desktop/connectedhomeip/out/linux-x64-chip-tool-asan-ubsan-clang/../../examples/chip-tool/third_party/connectedhomeip/src/transport/raw/TCP.cpp:386:5 #23 0x55555aa068f1 in chip::Transport::TCPBase::ProcessReceivedBuffer(chip::Inet::TCPEndPoint*, chip::Transport::PeerAddress const&, chip::System::PacketBufferHandle&&) /home/beom/Desktop/connectedhomeip/out/linux-x64-chip-tool-asan-ubsan-clang/../../examples/chip-tool/third_party/connectedhomeip/src/transport/raw/TCP.cpp:347:9 #24 0x55555aa08fd5 in chip::Transport::TCPBase::HandleTCPEndPointDataReceived(chip::Inet::TCPEndPoint*, chip::System::PacketBufferHandle&&) /home/beom/Desktop/connectedhomeip/out/linux-x64-chip-tool-asan-ubsan-clang/../../examples/chip-tool/third_party/connectedhomeip/src/transport/raw/TCP.cpp:447:27 #25 0x55555a4ebb54 in chip::Inet::TCPEndPoint::DriveReceiving() /home/beom/Desktop/connectedhomeip/out/linux-x64-chip-tool-asan-ubsan-clang/../../examples/chip-tool/third_party/connectedhomeip/src/inet/TCPEndPoint.cpp:337:28 #26 0x55555a4e57e1 in chip::Inet::TCPEndPointImplSockets::ReceiveData() /home/beom/Desktop/connectedhomeip/out/linux-x64-chip-tool-asan-ubsan-clang/../../examples/chip-tool/third_party/connectedhomeip/src/inet/TCPEndPointImplSockets.cpp:973:5 #27 0x55555a4e018e in chip::Inet::TCPEndPointImplSockets::HandlePendingIO(chip::BitFlags) /home/beom/Desktop/connectedhomeip/out/linux-x64-chip-tool-asan-ubsan-clang/../../examples/chip-tool/third_party/connectedhomeip/src/inet/TCPEndPointImplSockets.cpp:835:13 #28 0x55555a4d258e in chip::Inet::TCPEndPointImplSockets::HandlePendingIO(chip::BitFlags, long) /home/beom/Desktop/connectedhomeip/out/linux-x64-chip-tool-asan-ubsan-clang/../../examples/chip-tool/third_party/connectedhomeip/src/inet/TCPEndPointImplSockets.cpp:777:55 #29 0x55555a269020 in chip::System::LayerImplSelect::HandleEvents() /home/beom/Desktop/connectedhomeip/out/linux-x64-chip-tool-asan-ubsan-clang/../../examples/chip-tool/third_party/connectedhomeip/src/system/SystemLayerImplSelect.cpp:756:21 previously allocated by thread T2 here: #0 0x555557208dd4 in malloc ../../../../../../llvm-llvm-project/../../../../../../llvm-llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:67:3 #1 0x5555595e1816 in chip::Platform::MemoryAlloc(unsigned long) /home/beom/Desktop/connectedhomeip/out/linux-x64-chip-tool-asan-ubsan-clang/../../examples/chip-tool/third_party/connectedhomeip/src/lib/support/CHIPMem-Malloc.cpp:96:12 #2 0x55555a914377 in chip::CASEClient* chip::Platform::New() /home/beom/Desktop/connectedhomeip/out/linux-x64-chip-tool-asan-ubsan-clang/../../examples/chip-tool/third_party/connectedhomeip/src/lib/support/CHIPMem.h:145:16 #3 0x55555a9140c8 in chip::CASEClient* chip::HeapObjectPool::CreateObject<>() /home/beom/Desktop/connectedhomeip/out/linux-x64-chip-tool-asan-ubsan-clang/../../examples/chip-tool/third_party/connectedhomeip/src/lib/support/Pool.h:498:22 #4 0x55555a913a91 in chip::CASEClientPool<16ul>::Allocate() /home/beom/Desktop/connectedhomeip/out/linux-x64-chip-tool-asan-ubsan-clang/../../examples/chip-tool/third_party/connectedhomeip/src/app/CASEClientPool.h:41:59 #5 0x55555ae03390 in chip::OperationalSessionSetup::EstablishConnection(chip::AddressResolve::ResolveResult const&) /home/beom/Desktop/connectedhomeip/out/linux-x64-chip-tool-asan-ubsan-clang/../../examples/chip-tool/third_party/connectedhomeip/src/app/OperationalSessionSetup.cpp:320:32 #6 0x55555ae020b3 in chip::OperationalSessionSetup::UpdateDeviceData(chip::AddressResolve::ResolveResult const&) /home/beom/Desktop/connectedhomeip/out/linux-x64-chip-tool-asan-ubsan-clang/../../examples/chip-tool/third_party/connectedhomeip/src/app/OperationalSessionSetup.cpp:253:22 #7 0x55555ae0c5bc in chip::OperationalSessionSetup::OnNodeAddressResolved(chip::PeerId const&, chip::AddressResolve::ResolveResult const&) /home/beom/Desktop/connectedhomeip/out/linux-x64-chip-tool-asan-ubsan-clang/../../examples/chip-tool/third_party/connectedhomeip/src/app/OperationalSessionSetup.cpp:643:5 #8 0x55555a14b129 in chip::AddressResolve::Impl::Resolver::HandleAction(chip::IntrusiveList >::Iterator&) /home/beom/Desktop/connectedhomeip/out/linux-x64-chip-tool-asan-ubsan-clang/../../examples/chip-tool/third_party/connectedhomeip/src/lib/address_resolve/AddressResolve_DefaultImpl.cpp:353:19 #9 0x55555a14b8a2 in chip::AddressResolve::Impl::Resolver::HandleTimer() /home/beom/Desktop/connectedhomeip/out/linux-x64-chip-tool-asan-ubsan-clang/../../examples/chip-tool/third_party/connectedhomeip/src/lib/address_resolve/AddressResolve_DefaultImpl.cpp:369:9 #10 0x55555a14c765 in chip::AddressResolve::Impl::Resolver::OnResolveTimer(chip::System::Layer*, void*) /home/beom/Desktop/connectedhomeip/out/linux-x64-chip-tool-asan-ubsan-clang/../../examples/chip-tool/third_party/connectedhomeip/src/lib/address_resolve/AddressResolve_DefaultImpl.h:185:107 #11 0x55555a26c309 in chip::System::TimerData::Callback::Invoke() const /home/beom/Desktop/connectedhomeip/out/linux-x64-chip-tool-asan-ubsan-clang/../../examples/chip-tool/third_party/connectedhomeip/src/system/SystemTimer.h:60:31 #12 0x55555a269d99 in chip::System::TimerPool::Invoke(chip::System::TimerList::Node*) /home/beom/Desktop/connectedhomeip/out/linux-x64-chip-tool-asan-ubsan-clang/../../examples/chip-tool/third_party/connectedhomeip/src/system/SystemTimer.h:236:18 #13 0x55555a26872a in chip::System::LayerImplSelect::HandleEvents() /home/beom/Desktop/connectedhomeip/out/linux-x64-chip-tool-asan-ubsan-clang/../../examples/chip-tool/third_party/connectedhomeip/src/system/SystemLayerImplSelect.cpp:743:20 #14 0x55555a5141fd in chip::DeviceLayer::Internal::GenericPlatformManagerImpl_POSIX::_RunEventLoop() /home/beom/Desktop/connectedhomeip/out/linux-x64-chip-tool-asan-ubsan-clang/../../examples/chip-tool/third_party/connectedhomeip/src/include/platform/internal/GenericPlatformManagerImpl_POSIX.ipp:225:34 #15 0x55555a516903 in chip::DeviceLayer::PlatformManager::RunEventLoop() /home/beom/Desktop/connectedhomeip/out/linux-x64-chip-tool-asan-ubsan-clang/../../examples/chip-tool/third_party/connectedhomeip/src/include/platform/PlatformManager.h:407:37 #16 0x55555a5155e6 in chip::DeviceLayer::Internal::GenericPlatformManagerImpl_POSIX::EventLoopTaskMain(void*) /home/beom/Desktop/connectedhomeip/out/linux-x64-chip-tool-asan-ubsan-clang/../../examples/chip-tool/third_party/connectedhomeip/src/include/platform/internal/GenericPlatformManagerImpl_POSIX.ipp:256:78 #17 0x5555572067c6 in asan_thread_start(void*) ../../../../../../llvm-llvm-project/../../../../../../llvm-llvm-project/compiler-rt/lib/asan/asan_interceptors.cpp:239:28 Thread T2 created by T0 here: #0 0x5555571ed571 in pthread_create ../../../../../../llvm-llvm-project/../../../../../../llvm-llvm-project/compiler-rt/lib/asan/asan_interceptors.cpp:250:3 #1 0x55555a51517e in chip::DeviceLayer::Internal::GenericPlatformManagerImpl_POSIX::_StartEventLoopTask() /home/beom/Desktop/connectedhomeip/out/linux-x64-chip-tool-asan-ubsan-clang/../../examples/chip-tool/third_party/connectedhomeip/src/include/platform/internal/GenericPlatformManagerImpl_POSIX.ipp:297:11 #2 0x55555a8f02af in chip::DeviceLayer::PlatformManager::StartEventLoopTask() /home/beom/Desktop/connectedhomeip/out/linux-x64-chip-tool-asan-ubsan-clang/../../examples/chip-tool/third_party/connectedhomeip/src/include/platform/PlatformManager.h:420:44 #3 0x55555a8f0005 in chip::Controller::DeviceControllerFactory::ServiceEvents() /home/beom/Desktop/connectedhomeip/out/linux-x64-chip-tool-asan-ubsan-clang/../../examples/chip-tool/third_party/connectedhomeip/src/controller/CHIPDeviceControllerFactory.cpp:390:5 #4 0x555559fd09d8 in CHIPCommand::StartWaiting(std::__2::chrono::duration >) /home/beom/Desktop/connectedhomeip/out/linux-x64-chip-tool-asan-ubsan-clang/../../examples/chip-tool/commands/common/CHIPCommand.cpp:626:9 #5 0x555559fd0130 in CHIPCommand::Run() /home/beom/Desktop/connectedhomeip/out/linux-x64-chip-tool-asan-ubsan-clang/../../examples/chip-tool/commands/common/CHIPCommand.cpp:271:22 #6 0x55555a06c5f9 in Commands::RunCommand(int, char**, bool, chip::Optional const&, bool) /home/beom/Desktop/connectedhomeip/out/linux-x64-chip-tool-asan-ubsan-clang/../../examples/chip-tool/commands/common/Commands.cpp:331:21 #7 0x55555a06662c in Commands::Run(int, char**) /home/beom/Desktop/connectedhomeip/out/linux-x64-chip-tool-asan-ubsan-clang/../../examples/chip-tool/commands/common/Commands.cpp:178:11 #8 0x55555758c127 in main /home/beom/Desktop/connectedhomeip/out/linux-x64-chip-tool-asan-ubsan-clang/../../examples/chip-tool/main.cpp:54:21 #9 0x7ffff7229d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16 SUMMARY: AddressSanitizer: heap-use-after-free /home/beom/Desktop/connectedhomeip/out/linux-x64-chip-tool-asan-ubsan-clang/../../examples/chip-tool/third_party/connectedhomeip/src/transport/SessionManager.cpp:740:27 in chip::SessionManager::HandleConnectionClosed(chip::Transport::ActiveTCPConnectionState*, chip::ChipError) Shadow bytes around the buggy address: 0x7d6ff646e000: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x7d6ff646e080: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x7d6ff646e100: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x7d6ff646e180: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x7d6ff646e200: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x7d6ff646e280: fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd fd fd 0x7d6ff646e300: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x7d6ff646e380: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x7d6ff646e400: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x7d6ff646e480: fd fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa 0x7d6ff646e500: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==40187==ABORTING [Thread 0x7bfff2000640 (LWP 40189) exited] [Thread 0x7ffff7e47880 (LWP 40187) exited] [Thread 0x7bfff3600640 (LWP 40188) exited] [New process 40187] [Inferior 1 (process 40187) exited with code 01]