NFD

Is this still relevant after #2489?

By confirmed you mean the error still appears or the error no longer reproducible?

The existence of the bug is confirmed.

==27264==ERROR: AddressSanitizer: heap-use-after-free on address 0x62500006e2a0 at pc 0x6b1538 bp 0x7fffa2c80470 sp 0x7fffa2c80460
READ of size 8 at 0x62500006e2a0 thread T0
    #0 0x6b1537 in std::__shared_ptr<boost::asio::basic_stream_socket<boost::asio::local::stream_protocol, boost::asio::stream_socket_service<boost::asio::local::stream_protocol> >, (__gnu_cxx::_Lock_policy)2>::operator->() const /usr/include/c++/4.9/bits/shared_ptr_base.h:1048
    #1 0x6b1537 in nfd::StreamFace<boost::asio::local::stream_protocol, nfd::LocalFace>::processErrorCode(boost::system::error_code const&) ../daemon/face/stream-face.hpp:215
    #2 0x6b6e66 in nfd::StreamFace<boost::asio::local::stream_protocol, nfd::LocalFace>::handleSend(boost::system::error_code const&, unsigned long) ../daemon/face/stream-face.hpp:253
    #3 0x6b89af in operator()<const boost::system::error_code&, long unsigned int const&, void> /usr/include/c++/4.9/functional:569
    #4 0x6b89af in __call<void, const boost::system::error_code&, long unsigned int const&, 0ul, 1ul, 2ul> /usr/include/c++/4.9/functional:1264
    #5 0x6b89af in operator()<const boost::system::error_code&, long unsigned int const&, void> /usr/include/c++/4.9/functional:1323
    #6 0x6b89af in boost::asio::detail::write_op<boost::asio::basic_stream_socket<boost::asio::local::stream_protocol, boost::asio::stream_socket_service<boost::asio::local::stream_protocol> >, boost::asio::const_buffers_1, boost::asio::detail::transfer_all_t, std::_Bind<std::_Mem_fn<void (nfd::StreamFace<boost::asio::local::stream_protocol, nfd::LocalFace>::*)(boost::system::error_code const&, unsigned long)> (nfd::StreamFace<boost::asio::local::stream_protocol, nfd::LocalFace>*, std::_Placeholder<1>, std::_Placeholder<2>)> >::operator()(boost::system::error_code const&, unsigned long, int) /usr/include/boost/asio/impl/write.hpp:345
    #7 0x6b89af in boost::asio::detail::binder2<boost::asio::detail::write_op<boost::asio::basic_stream_socket<boost::asio::local::stream_protocol, boost::asio::stream_socket_service<boost::asio::local::stream_protocol> >, boost::asio::const_buffers_1, boost::asio::detail::transfer_all_t, std::_Bind<std::_Mem_fn<void (nfd::StreamFace<boost::asio::local::stream_protocol, nfd::LocalFace>::*)(boost::system::error_code const&, unsigned long)> (nfd::StreamFace<boost::asio::local::stream_protocol, nfd::LocalFace>*, std::_Placeholder<1>, std::_Placeholder<2>)> >, boost::system::error_code, unsigned long>::operator()() /usr/include/boost/asio/detail/bind_handler.hpp:127
    #8 0x6b89af in asio_handler_invoke<boost::asio::detail::binder2<boost::asio::detail::write_op<boost::asio::basic_stream_socket<boost::asio::local::stream_protocol>, boost::asio::const_buffers_1, boost::asio::detail::transfer_all_t, std::_Bind<std::_Mem_fn<void (nfd::StreamFace<boost::asio::local::stream_protocol, nfd::LocalFace>::*)(const boost::system::error_code&, long unsigned int)>(nfd::StreamFace<boost::asio::local::stream_protocol, nfd::LocalFace>*, std::_Placeholder<1>, std::_Placeholder<2>)> >, boost::system::error_code, long unsigned int> > /usr/include/boost/asio/handler_invoke_hook.hpp:69
    #9 0x6b89af in invoke<boost::asio::detail::binder2<boost::asio::detail::write_op<boost::asio::basic_stream_socket<boost::asio::local::stream_protocol>, boost::asio::const_buffers_1, boost::asio::detail::transfer_all_t, std::_Bind<std::_Mem_fn<void (nfd::StreamFace<boost::asio::local::stream_protocol, nfd::LocalFace>::*)(const boost::system::error_code&, long unsigned int)>(nfd::StreamFace<boost::asio::local::stream_protocol, nfd::LocalFace>*, std::_Placeholder<1>, std::_Placeholder<2>)> >, boost::system::error_code, long unsigned int>, std::_Bind<std::_Mem_fn<void (nfd::StreamFace<boost::asio::local::stream_protocol, nfd::LocalFace>::*)(const boost::system::error_code&, long unsigned int)>(nfd::StreamFace<boost::asio::local::stream_protocol, nfd::LocalFace>*, std::_Placeholder<1>, std::_Placeholder<2>)> > /usr/include/boost/asio/detail/handler_invoke_helpers.hpp:37
    #10 0x6b89af in asio_handler_invoke<boost::asio::detail::binder2<boost::asio::detail::write_op<boost::asio::basic_stream_socket<boost::asio::local::stream_protocol>, boost::asio::const_buffers_1, boost::asio::detail::transfer_all_t, std::_Bind<std::_Mem_fn<void (nfd::StreamFace<boost::asio::local::stream_protocol, nfd::LocalFace>::*)(const boost::system::error_code&, long unsigned int)>(nfd::StreamFace<boost::asio::local::stream_protocol, nfd::LocalFace>*, std::_Placeholder<1>, std::_Placeholder<2>)> >, boost::system::error_code, long unsigned int>, boost::asio::basic_stream_socket<boost::asio::local::stream_protocol>, boost::asio::const_buffers_1, boost::asio::detail::transfer_all_t, std::_Bind<std::_Mem_fn<void (nfd::StreamFace<boost::asio::local::stream_protocol, nfd::LocalFace>::*)(const boost::system::error_code&, long unsigned int)>(nfd::StreamFace<boost::asio::local::stream_protocol, nfd::LocalFace>*, std::_Placeholder<1>, std::_Placeholder<2>)> > /usr/include/boost/asio/impl/write.hpp:565
    #11 0x6b89af in invoke<boost::asio::detail::binder2<boost::asio::detail::write_op<boost::asio::basic_stream_socket<boost::asio::local::stream_protocol>, boost::asio::const_buffers_1, boost::asio::detail::transfer_all_t, std::_Bind<std::_Mem_fn<void (nfd::StreamFace<boost::asio::local::stream_protocol, nfd::LocalFace>::*)(const boost::system::error_code&, long unsigned int)>(nfd::StreamFace<boost::asio::local::stream_protocol, nfd::LocalFace>*, std::_Placeholder<1>, std::_Placeholder<2>)> >, boost::system::error_code, long unsigned int>, boost::asio::detail::write_op<boost::asio::basic_stream_socket<boost::asio::local::stream_protocol>, boost::asio::const_buffers_1, boost::asio::detail::transfer_all_t, std::_Bind<std::_Mem_fn<void (nfd::StreamFace<boost::asio::local::stream_protocol, nfd::LocalFace>::*)(const boost::system::error_code&, long unsigned int)>(nfd::StreamFace<boost::asio::local::stream_protocol, nfd::LocalFace>*, std::_Placeholder<1>, std::_Placeholder<2>)> > > /usr/include/boost/asio/detail/handler_invoke_helpers.hpp:37
    #12 0x6b89af in boost::asio::detail::reactive_socket_send_op<boost::asio::const_buffers_1, boost::asio::detail::write_op<boost::asio::basic_stream_socket<boost::asio::local::stream_protocol, boost::asio::stream_socket_service<boost::asio::local::stream_protocol> >, boost::asio::const_buffers_1, boost::asio::detail::transfer_all_t, std::_Bind<std::_Mem_fn<void (nfd::StreamFace<boost::asio::local::stream_protocol, nfd::LocalFace>::*)(boost::system::error_code const&, unsigned long)> (nfd::StreamFace<boost::asio::local::stream_protocol, nfd::LocalFace>*, std::_Placeholder<1>, std::_Placeholder<2>)> > >::do_complete(boost::asio::detail::task_io_service*, boost::asio::detail::task_io_service_operation*, boost::system::error_code const&, unsigned long) /usr/include/boost/asio/detail/reactive_socket_send_op.hpp:107
    #13 0x45be22 in boost::asio::detail::task_io_service::run(boost::system::error_code&) (/home/davide/NFD/build/bin/nfd+0x45be22)
    #14 0x4614da in nfd::NfdRunner::run() (/home/davide/NFD/build/bin/nfd+0x4614da)
    #15 0x44af2a in main ../daemon/main.cpp:294
    #16 0x7fca5c40eec4 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
    #17 0x44a64b (/home/davide/NFD/build/bin/nfd+0x44a64b)

0x62500006e2a0 is located 416 bytes inside of 9320-byte region [0x62500006e100,0x625000070568)
freed by thread T0 here:
    #0 0x7fca5ee0763f in operator delete(void*) (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5863f)
    #1 0x6a3c3e in __gnu_cxx::new_allocator<std::_Sp_counted_ptr_inplace<nfd::UnixStreamFace, std::allocator<nfd::UnixStreamFace>, (__gnu_cxx::_Lock_policy)2> >::deallocate(std::_Sp_counted_ptr_inplace<nfd::UnixStreamFace, std::allocator<nfd::UnixStreamFace>, (__gnu_cxx::_Lock_policy)2>*, unsigned long) /usr/include/c++/4.9/ext/new_allocator.h:110
    #2 0x6a3c3e in std::allocator_traits<std::allocator<std::_Sp_counted_ptr_inplace<nfd::UnixStreamFace, std::allocator<nfd::UnixStreamFace>, (__gnu_cxx::_Lock_policy)2> > >::deallocate(std::allocator<std::_Sp_counted_ptr_inplace<nfd::UnixStreamFace, std::allocator<nfd::UnixStreamFace>, (__gnu_cxx::_Lock_policy)2> >&, std::_Sp_counted_ptr_inplace<nfd::UnixStreamFace, std::allocator<nfd::UnixStreamFace>, (__gnu_cxx::_Lock_policy)2>*, unsigned long) /usr/include/c++/4.9/bits/alloc_traits.h:383
    #3 0x6a3c3e in std::_Sp_counted_ptr_inplace<nfd::UnixStreamFace, std::allocator<nfd::UnixStreamFace>, (__gnu_cxx::_Lock_policy)2>::_M_destroy() /usr/include/c++/4.9/bits/shared_ptr_base.h:535

previously allocated by thread T0 here:
    #0 0x7fca5ee0713f in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5813f)
    #1 0x69e60d in __gnu_cxx::new_allocator<std::_Sp_counted_ptr_inplace<nfd::UnixStreamFace, std::allocator<nfd::UnixStreamFace>, (__gnu_cxx::_Lock_policy)2> >::allocate(unsigned long, void const*) /usr/include/c++/4.9/ext/new_allocator.h:104
    #2 0x69e60d in std::allocator_traits<std::allocator<std::_Sp_counted_ptr_inplace<nfd::UnixStreamFace, std::allocator<nfd::UnixStreamFace>, (__gnu_cxx::_Lock_policy)2> > >::allocate(std::allocator<std::_Sp_counted_ptr_inplace<nfd::UnixStreamFace, std::allocator<nfd::UnixStreamFace>, (__gnu_cxx::_Lock_policy)2> >&, unsigned long) /usr/include/c++/4.9/bits/alloc_traits.h:357
    #3 0x69e60d in __shared_count<nfd::UnixStreamFace, std::allocator<nfd::UnixStreamFace>, const std::shared_ptr<boost::asio::basic_stream_socket<boost::asio::local::stream_protocol, boost::asio::stream_socket_service<boost::asio::local::stream_protocol> > >&> /usr/include/c++/4.9/bits/shared_ptr_base.h:616
    #4 0x69e60d in __shared_ptr<std::allocator<nfd::UnixStreamFace>, const std::shared_ptr<boost::asio::basic_stream_socket<boost::asio::local::stream_protocol, boost::asio::stream_socket_service<boost::asio::local::stream_protocol> > >&> /usr/include/c++/4.9/bits/shared_ptr_base.h:1090
    #5 0x69e60d in shared_ptr<std::allocator<nfd::UnixStreamFace>, const std::shared_ptr<boost::asio::basic_stream_socket<boost::asio::local::stream_protocol, boost::asio::stream_socket_service<boost::asio::local::stream_protocol> > >&> /usr/include/c++/4.9/bits/shared_ptr.h:316
    #6 0x69e60d in allocate_shared<nfd::UnixStreamFace, std::allocator<nfd::UnixStreamFace>, const std::shared_ptr<boost::asio::basic_stream_socket<boost::asio::local::stream_protocol, boost::asio::stream_socket_service<boost::asio::local::stream_protocol> > >&> /usr/include/c++/4.9/bits/shared_ptr.h:588
    #7 0x69e60d in make_shared<nfd::UnixStreamFace, const std::shared_ptr<boost::asio::basic_stream_socket<boost::asio::local::stream_protocol, boost::asio::stream_socket_service<boost::asio::local::stream_protocol> > >&> /usr/include/c++/4.9/bits/shared_ptr.h:604
    #8 0x69e60d in nfd::UnixStreamChannel::handleSuccessfulAccept(boost::system::error_code const&, std::shared_ptr<boost::asio::basic_stream_socket<boost::asio::local::stream_protocol, boost::asio::stream_socket_service<boost::asio::local::stream_protocol> > > const&, std::function<void (std::shared_ptr<nfd::Face> const&)> const&, std::function<void (std::string const&)> const&) ../daemon/face/unix-stream-channel.cpp:145
    #9 0x6aa401 in boost::_mfi::mf4<void, nfd::UnixStreamChannel, boost::system::error_code const&, std::shared_ptr<boost::asio::basic_stream_socket<boost::asio::local::stream_protocol, boost::asio::stream_socket_service<boost::asio::local::stream_protocol> > > const&, std::function<void (std::shared_ptr<nfd::Face> const&)> const&, std::function<void (std::string const&)> const&>::operator()(nfd::UnixStreamChannel*, boost::system::error_code const&, std::shared_ptr<boost::asio::basic_stream_socket<boost::asio::local::stream_protocol, boost::asio::stream_socket_service<boost::asio::local::stream_protocol> > > const&, std::function<void (std::shared_ptr<nfd::Face> const&)> const&, std::function<void (std::string const&)> const&) const /usr/include/boost/bind/mem_fn_template.hpp:506
    #10 0x6aa401 in operator()<boost::_mfi::mf4<void, nfd::UnixStreamChannel, const boost::system::error_code&, const std::shared_ptr<boost::asio::basic_stream_socket<boost::asio::local::stream_protocol> >&, const std::function<void(const std::shared_ptr<nfd::Face>&)>&, const std::function<void(const std::basic_string<char>&)>&>, boost::_bi::list1<const boost::system::error_code&> > /usr/include/boost/bind/bind.hpp:525
    #11 0x6aa401 in operator()<boost::system::error_code> /usr/include/boost/bind/bind_template.hpp:47
    #12 0x6aa401 in boost::asio::detail::binder1<boost::_bi::bind_t<void, boost::_mfi::mf4<void, nfd::UnixStreamChannel, boost::system::error_code const&, std::shared_ptr<boost::asio::basic_stream_socket<boost::asio::local::stream_protocol, boost::asio::stream_socket_service<boost::asio::local::stream_protocol> > > const&, std::function<void (std::shared_ptr<nfd::Face> const&)> const&, std::function<void (std::string const&)> const&>, boost::_bi::list5<boost::_bi::value<nfd::UnixStreamChannel*>, boost::arg<1> (*)(), boost::_bi::value<std::shared_ptr<boost::asio::basic_stream_socket<boost::asio::local::stream_protocol, boost::asio::stream_socket_service<boost::asio::local::stream_protocol> > > >, boost::_bi::value<std::function<void (std::shared_ptr<nfd::Face> const&)> >, boost::_bi::value<std::function<void (std::string const&)> > > >, boost::system::error_code>::operator()() /usr/include/boost/asio/detail/bind_handler.hpp:47
    #13 0x6aa401 in asio_handler_invoke<boost::asio::detail::binder1<boost::_bi::bind_t<void, boost::_mfi::mf4<void, nfd::UnixStreamChannel, const boost::system::error_code&, const std::shared_ptr<boost::asio::basic_stream_socket<boost::asio::local::stream_protocol> >&, const std::function<void(const std::shared_ptr<nfd::Face>&)>&, const std::function<void(const std::basic_string<char>&)>&>, boost::_bi::list5<boost::_bi::value<nfd::UnixStreamChannel*>, boost::arg<1> (*)(), boost::_bi::value<std::shared_ptr<boost::asio::basic_stream_socket<boost::asio::local::stream_protocol> > >, boost::_bi::value<std::function<void(const std::shared_ptr<nfd::Face>&)> >, boost::_bi::value<std::function<void(const std::basic_string<char>&)> > > >, boost::system::error_code> > /usr/include/boost/asio/handler_invoke_hook.hpp:69
    #14 0x6aa401 in invoke<boost::asio::detail::binder1<boost::_bi::bind_t<void, boost::_mfi::mf4<void, nfd::UnixStreamChannel, const boost::system::error_code&, const std::shared_ptr<boost::asio::basic_stream_socket<boost::asio::local::stream_protocol> >&, const std::function<void(const std::shared_ptr<nfd::Face>&)>&, const std::function<void(const std::basic_string<char>&)>&>, boost::_bi::list5<boost::_bi::value<nfd::UnixStreamChannel*>, boost::arg<1> (*)(), boost::_bi::value<std::shared_ptr<boost::asio::basic_stream_socket<boost::asio::local::stream_protocol> > >, boost::_bi::value<std::function<void(const std::shared_ptr<nfd::Face>&)> >, boost::_bi::value<std::function<void(const std::basic_string<char>&)> > > >, boost::system::error_code>, boost::_bi::bind_t<void, boost::_mfi::mf4<void, nfd::UnixStreamChannel, const boost::system::error_code&, const std::shared_ptr<boost::asio::basic_stream_socket<boost::asio::local::stream_protocol> >&, const std::function<void(const std::shared_ptr<nfd::Face>&)>&, const std::function<void(const std::basic_string<char>&)>&>, boost::_bi::list5<boost::_bi::value<nfd::UnixStreamChannel*>, boost::arg<1> (*)(), boost::_bi::value<std::shared_ptr<boost::asio::basic_stream_socket<boost::asio::local::stream_protocol> > >, boost::_bi::value<std::function<void(const std::shared_ptr<nfd::Face>&)> >, boost::_bi::value<std::function<void(const std::basic_string<char>&)> > > > > /usr/include/boost/asio/detail/handler_invoke_helpers.hpp:37
    #15 0x6aa401 in boost::asio::detail::reactive_socket_accept_op<boost::asio::basic_socket<boost::asio::local::stream_protocol, boost::asio::stream_socket_service<boost::asio::local::stream_protocol> >, boost::asio::local::stream_protocol, boost::_bi::bind_t<void, boost::_mfi::mf4<void, nfd::UnixStreamChannel, boost::system::error_code const&, std::shared_ptr<boost::asio::basic_stream_socket<boost::asio::local::stream_protocol, boost::asio::stream_socket_service<boost::asio::local::stream_protocol> > > const&, std::function<void (std::shared_ptr<nfd::Face> const&)> const&, std::function<void (std::string const&)> const&>, boost::_bi::list5<boost::_bi::value<nfd::UnixStreamChannel*>, boost::arg<1> (*)(), boost::_bi::value<std::shared_ptr<boost::asio::basic_stream_socket<boost::asio::local::stream_protocol, boost::asio::stream_socket_service<boost::asio::local::stream_protocol> > > >, boost::_bi::value<std::function<void (std::shared_ptr<nfd::Face> const&)> >, boost::_bi::value<std::function<void (std::string const&)> > > > >::do_complete(boost::asio::detail::task_io_service*, boost::asio::detail::task_io_service_operation*, boost::system::error_code const&, unsigned long) /usr/include/boost/asio/detail/reactive_socket_accept_op.hpp:123

SUMMARY: AddressSanitizer: heap-use-after-free /usr/include/c++/4.9/bits/shared_ptr_base.h:1048 std::__shared_ptr<boost::asio::basic_stream_socket<boost::asio::local::stream_protocol, boost::asio::stream_socket_service<boost::asio::local::stream_protocol> >, (__gnu_cxx::_Lock_policy)2>::operator->() const
Shadow bytes around the buggy address:
  0x0c4a80005c00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c4a80005c10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c4a80005c20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c4a80005c30: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c4a80005c40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x0c4a80005c50: fd fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd
  0x0c4a80005c60: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c4a80005c70: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c4a80005c80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c4a80005c90: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c4a80005ca0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Contiguous container OOB:fc
  ASan internal:           fe
==27264==ABORTING

In processErrors() method of StreamFace, we now have three error conditions that do not cause call to face->fail():

if (error == boost::asio::error::broken_pipe ||         // socket closed or shut down
    error == boost::asio::error::operation_aborted ||   // when cancel() is called
    error == boost::asio::error::shut_down)             // after shutdown() is called
  return;

if (!m_socket->is_open())
  {
    this->fail("Connection closed");
    return;
  }

Are these three codes are comprehensive? Is there a reason why "fail" should not be called on them? Are there negative consequences of calling fail twice?

Calling fail() twice is harmless. The second invocation is effectively a no-op.

As I said in gerrit, the error handling and the closing of faces would benefit from an overhaul, as it is quite fragile right now.

Change 1798 is abandoned. Is there another solution?

UnixStreamFace is deleted in #3165 and replaced by UnixStreamTransport. I'll verify whether the same bug exists in UnixStreamTransport.

My suggestion in note-7 still applies... Any send attempt while the face is not in the UP state should be suppressed.

Any send attempt while the face is not in the UP state should be suppressed.

No. When a Transport is DOWN, BFD feature must be able to transmit in order to detect when it's UP again.

Ok. When it is not UP or DOWN then... The point was that the transmission shouldn't happen while the transport is being closed.