paths: Cannot open file '/home/magnus/.dillo/keysrc': No such file or directory
paths: Cannot open file '/usr/local/etc/dillo/keysrc': No such file or directory
paths: Using internal defaults...
paths: Cannot open file '/home/magnus/.dillo/domainrc': No such file or directory
paths: Cannot open file '/usr/local/etc/dillo/domainrc': No such file or directory
paths: Using internal defaults...
dillo_dns_init: Here we go! (threaded)
TLS library: OpenSSL 3.5.4 30 Sep 2025
Disabling cookies.
paths: Cannot open file '/home/magnus/.dillo/hsts_preload': No such file or directory
paths: Cannot open file '/usr/local/etc/dillo/hsts_preload': No such file or directory
paths: Using internal defaults...
Nav_open_url: new url='file:/home/magnus/crash-dillo/socketdata-uaf.html'
NumPendingStyleSheets=1
Dns_server [0]: detectportal.firefox.com is 34.107.221.82 2600:1901:0:38d7::
Dns_server [1]: ash-speed.hetzner.com is 5.161.7.195 2a01:4ff:ef::fa57:1
>>>> a_Nav_repush <<<<
Nav_open_url: new url='file:/home/magnus/crash-dillo/socketdata-uaf.html'
a_Nav_expect_done: repush!
=================================================================
==21070==ERROR: AddressSanitizer: heap-use-after-free on address 0x50700004cb54 at pc 0x55a615b33714 bp 0x7ffe7f1baaf0 sp 0x7ffe7f1baae0
READ of size 4 at 0x50700004cb54 thread T0
    #0 0x55a615b33713 in Http_socket_free /home/magnus/dillo/src/IO/http.c:303
    #1 0x55a615b37ee2 in a_Http_ccc /home/magnus/dillo/src/IO/http.c:920
    #2 0x55a615a8158d in a_Chain_bcb (/home/magnus/dillo/src/dillo+0x16858d) (BuildId: e0037263c7a2a686e2a3a065c9f3703fa201643b)
    #3 0x55a615a9abf7 in a_Capi_ccc (/home/magnus/dillo/src/dillo+0x181bf7) (BuildId: e0037263c7a2a686e2a3a065c9f3703fa201643b)
    #4 0x55a615a986ea in a_Capi_conn_abort_by_url (/home/magnus/dillo/src/dillo+0x17f6ea) (BuildId: e0037263c7a2a686e2a3a065c9f3703fa201643b)
    #5 0x55a615a9a8bb in a_Capi_stop_client (/home/magnus/dillo/src/dillo+0x1818bb) (BuildId: e0037263c7a2a686e2a3a065c9f3703fa201643b)
    #6 0x55a615a66cb7 in a_Bw_stop_clients (/home/magnus/dillo/src/dillo+0x14dcb7) (BuildId: e0037263c7a2a686e2a3a065c9f3703fa201643b)
    #7 0x55a615a6028d in a_UIcmd_close_bw /home/magnus/dillo/src/uicmd.cc:694
    #8 0x55a615a5d345 in CustTabs::handle(int) /home/magnus/dillo/src/uicmd.cc:248
    #9 0x7f4eb2f6110b in Fl_Group::handle(int) (/usr/lib64/libfltk.so.1.3+0x5910b) (BuildId: f2ecde5004360c1836d560b4542938b912d24c33)
    #10 0x7f4eb2f48832  (/usr/lib64/libfltk.so.1.3+0x40832) (BuildId: f2ecde5004360c1836d560b4542938b912d24c33)
    #11 0x7f4eb2f4a95c in Fl::handle_(int, Fl_Window*) (/usr/lib64/libfltk.so.1.3+0x4295c) (BuildId: f2ecde5004360c1836d560b4542938b912d24c33)
    #12 0x7f4eb2f4a86b in Fl::handle_(int, Fl_Window*) (/usr/lib64/libfltk.so.1.3+0x4286b) (BuildId: f2ecde5004360c1836d560b4542938b912d24c33)
    #13 0x7f4eb2fa90a2 in fl_handle(_XEvent const&) (/usr/lib64/libfltk.so.1.3+0xa10a2) (BuildId: f2ecde5004360c1836d560b4542938b912d24c33)
    #14 0x7f4eb2faa631  (/usr/lib64/libfltk.so.1.3+0xa2631) (BuildId: f2ecde5004360c1836d560b4542938b912d24c33)
    #15 0x7f4eb2faa989  (/usr/lib64/libfltk.so.1.3+0xa2989) (BuildId: f2ecde5004360c1836d560b4542938b912d24c33)
    #16 0x7f4eb2f4a0b5 in Fl::wait(double) (/usr/lib64/libfltk.so.1.3+0x420b5) (BuildId: f2ecde5004360c1836d560b4542938b912d24c33)
    #17 0x7f4eb2f4a19c in Fl::wait() (/usr/lib64/libfltk.so.1.3+0x4219c) (BuildId: f2ecde5004360c1836d560b4542938b912d24c33)
    #18 0x55a615a4ef2b in main /home/magnus/dillo/src/dillo.cc:621
    #19 0x7f4eb2752bfb in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    #20 0x7f4eb2752cb4 in __libc_start_main_impl ../csu/libc-start.c:360
    #21 0x55a615a4bef0 in _start ../sysdeps/x86_64/start.S:115

0x50700004cb54 is located 4 bytes inside of 72-byte region [0x50700004cb50,0x50700004cb98)
freed by thread T0 here:
    #0 0x7f4eb38f8818  (/usr/lib64/libasan.so.8+0xf8818) (BuildId: 4a8505bee5ce42b81c4c9e1235c2851911c68054)
    #1 0x55a615b2a3ac in dFree (/home/magnus/dillo/src/dillo+0x2113ac) (BuildId: e0037263c7a2a686e2a3a065c9f3703fa201643b)
    #2 0x55a615b3954c in Http_server_remove /home/magnus/dillo/src/IO/http.c:1095
    #3 0x55a615b33693 in Http_connect_queued_sockets /home/magnus/dillo/src/IO/http.c:289
    #4 0x55a615b3700c in Http_dns_cb /home/magnus/dillo/src/IO/http.c:764
    #5 0x55a615aef560 in a_Dns_resolve (/home/magnus/dillo/src/dillo+0x1d6560) (BuildId: e0037263c7a2a686e2a3a065c9f3703fa201643b)
    #6 0x55a615b37673 in Http_get /home/magnus/dillo/src/IO/http.c:817
    #7 0x55a615b37ea7 in a_Http_ccc /home/magnus/dillo/src/IO/http.c:911
    #8 0x55a615a8158d in a_Chain_bcb (/home/magnus/dillo/src/dillo+0x16858d) (BuildId: e0037263c7a2a686e2a3a065c9f3703fa201643b)
    #9 0x55a615a9aa79 in a_Capi_ccc (/home/magnus/dillo/src/dillo+0x181a79) (BuildId: e0037263c7a2a686e2a3a065c9f3703fa201643b)
    #10 0x55a615a9a3a4 in a_Capi_open_url (/home/magnus/dillo/src/dillo+0x1813a4) (BuildId: e0037263c7a2a686e2a3a065c9f3703fa201643b)
    #11 0x55a615aca95a in Html_load_image /home/magnus/dillo/src/html.cc:2213
    #12 0x55a615aca7f4 in a_Html_image_new(DilloHtml*, char const*, int) /home/magnus/dillo/src/html.cc:2186
    #13 0x55a615acb080 in Html_tag_content_img /home/magnus/dillo/src/html.cc:2293
    #14 0x55a615ad5e66 in Html_process_tag /home/magnus/dillo/src/html.cc:4132
    #15 0x55a615ad81b4 in Html_write_raw /home/magnus/dillo/src/html.cc:4438
    #16 0x55a615abf944 in DilloHtml::write(char*, int, int) /home/magnus/dillo/src/html.cc:597
    #17 0x55a615ad7866 in Html_callback /home/magnus/dillo/src/html.cc:4333
    #18 0x55a615a912ff in Cache_process_queue (/home/magnus/dillo/src/dillo+0x1782ff) (BuildId: e0037263c7a2a686e2a3a065c9f3703fa201643b)
    #19 0x55a615a919fe in Cache_delayed_process_queue_callback (/home/magnus/dillo/src/dillo+0x1789fe) (BuildId: e0037263c7a2a686e2a3a065c9f3703fa201643b)
    #20 0x7f4eb2f49fe3 in Fl::wait(double) (/usr/lib64/libfltk.so.1.3+0x41fe3) (BuildId: f2ecde5004360c1836d560b4542938b912d24c33)
    #21 0x7f4eb2752bfb in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58

previously allocated by thread T0 here:
    #0 0x7f4eb38f9cd7 in malloc (/usr/lib64/libasan.so.8+0xf9cd7) (BuildId: 4a8505bee5ce42b81c4c9e1235c2851911c68054)
    #1 0x55a615b2a2fa in dMalloc (/home/magnus/dillo/src/dillo+0x2112fa) (BuildId: e0037263c7a2a686e2a3a065c9f3703fa201643b)
    #2 0x55a615b2a375 in dMalloc0 (/home/magnus/dillo/src/dillo+0x211375) (BuildId: e0037263c7a2a686e2a3a065c9f3703fa201643b)
    #3 0x55a615b32955 in Http_sock_new /home/magnus/dillo/src/IO/http.c:169
    #4 0x55a615b37e18 in a_Http_ccc /home/magnus/dillo/src/IO/http.c:905
    #5 0x55a615a8158d in a_Chain_bcb (/home/magnus/dillo/src/dillo+0x16858d) (BuildId: e0037263c7a2a686e2a3a065c9f3703fa201643b)
    #6 0x55a615a9aa79 in a_Capi_ccc (/home/magnus/dillo/src/dillo+0x181a79) (BuildId: e0037263c7a2a686e2a3a065c9f3703fa201643b)
    #7 0x55a615a9a3a4 in a_Capi_open_url (/home/magnus/dillo/src/dillo+0x1813a4) (BuildId: e0037263c7a2a686e2a3a065c9f3703fa201643b)
    #8 0x55a615aca95a in Html_load_image /home/magnus/dillo/src/html.cc:2213
    #9 0x55a615aca7f4 in a_Html_image_new(DilloHtml*, char const*, int) /home/magnus/dillo/src/html.cc:2186
    #10 0x55a615acb080 in Html_tag_content_img /home/magnus/dillo/src/html.cc:2293
    #11 0x55a615ad5e66 in Html_process_tag /home/magnus/dillo/src/html.cc:4132
    #12 0x55a615ad81b4 in Html_write_raw /home/magnus/dillo/src/html.cc:4438
    #13 0x55a615abf944 in DilloHtml::write(char*, int, int) /home/magnus/dillo/src/html.cc:597
    #14 0x55a615ad7866 in Html_callback /home/magnus/dillo/src/html.cc:4333
    #15 0x55a615a912ff in Cache_process_queue (/home/magnus/dillo/src/dillo+0x1782ff) (BuildId: e0037263c7a2a686e2a3a065c9f3703fa201643b)
    #16 0x55a615a919fe in Cache_delayed_process_queue_callback (/home/magnus/dillo/src/dillo+0x1789fe) (BuildId: e0037263c7a2a686e2a3a065c9f3703fa201643b)
    #17 0x7f4eb2f49fe3 in Fl::wait(double) (/usr/lib64/libfltk.so.1.3+0x41fe3) (BuildId: f2ecde5004360c1836d560b4542938b912d24c33)
    #18 0x7f4eb2752bfb in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58

SUMMARY: AddressSanitizer: heap-use-after-free /home/magnus/dillo/src/IO/http.c:303 in Http_socket_free
Shadow bytes around the buggy address:
  0x50700004c880: fd fa fa fa fa fa 00 00 00 00 00 00 00 00 00 fa
  0x50700004c900: fa fa fa fa fd fd fd fd fd fd fd fd fd fa fa fa
  0x50700004c980: fa fa fd fd fd fd fd fd fd fd fd fd fa fa fa fa
  0x50700004ca00: 00 00 00 00 00 00 00 00 01 fa fa fa fa fa fd fd
  0x50700004ca80: fd fd fd fd fd fd fd fa fa fa fa fa 00 00 00 00
=>0x50700004cb00: 00 00 00 00 00 fa fa fa fa fa[fd]fd fd fd fd fd
  0x50700004cb80: fd fd fd fa fa fa fa fa fd fd fd fd fd fd fd fd
  0x50700004cc00: fd fd fa fa fa fa 00 00 00 00 00 00 00 00 01 fa
  0x50700004cc80: fa fa fa fa fd fd fd fd fd fd fd fd fd fa fa fa
  0x50700004cd00: fa fa fd fd fd fd fd fd fd fd fd fa fa fa fa fa
  0x50700004cd80: 00 00 00 00 00 00 00 00 01 fa fa fa fa fa fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==21070==ABORTING