Fix elusive memory corruption bug
Summary: A corner case meant that a tracker that was in multiple lists that was ReadyForDestruction(), would get destroyed, and one of the tracker pointers would remain in the other list. Eventually, when that tracker was checked to see if it was ReadyForDestruction() there would be heap-after-use. Solution: Don't allow a ConnectionTracker to live in two lists. Do this by keeping a back-pointer so we can immediately move a tracker when its protocol changes. The invariant is now that a tracker lives only in one list. Test Plan: New fuzz test on ConnTrackersManager that triggers the bug (and is now fixed). Also testing on GKE...so keep fingers crossed. Reviewers: yzhao, jps, #engineering Reviewed By: yzhao, jps, #engineering JIRA Issues: PP-2400 Differential Revision: https://phab.corp.pixielabs.ai/D7247 GitOrigin-RevId: 972520ec7429d058fcb33dec2207513fa778db4d
Showing
+285 -85
Please register or sign in to comment