Ken Giusti created DISPATCH-2320:
------------------------------------
Summary: TSAN: alloc sequence is non-atomic
Key: DISPATCH-2320
URL: https://issues.apache.org/jira/browse/DISPATCH-2320
Project: Qpid Dispatch
Issue Type: Bug
Components: Router Node
Affects Versions: 1.18.0
Reporter: Ken Giusti
While the stack below appears to be a double-free of a qd_message_t it is not
(see qd_python_send - the message is not shared with a link). The reason TSAN
complains is that the sequence number contained in the memory pool item is not
atomic. In the trace below the message was freed to the pool then reclaimed
for use by qd_python_send. The fact that the sequence # was not synchronized
is causing TSAN pain.
Fix: make the sequence an atomic counter
: WARNING: ThreadSanitizer: data race (pid=1889)
: Write of size 8 at 0x7b400000af00 by thread T2 (mutexes: write M13):
: #0 qd_dealloc
/home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/alloc_pool.c:470
(qdrouterd+0x44b652)
: #1 free_qd_message_t
/home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/message.c:93
(qdrouterd+0x46e049)
: #2 qd_message_free
/home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/message.c:1128
(qdrouterd+0x46e049)
: #3 qd_python_send
/home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/python_embedded.c:798
(qdrouterd+0x4830a0)
: #4 method_vectorcall_VARARGS <null> (libpython3.10.so.1.0+0x12ca80)
: #5 qd_router_timer_handler
/home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/router_node.c:1622
(qdrouterd+0x4cf2dc)
: #6 qd_timer_visit
/home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/timer.c:320
(qdrouterd+0x4dd7cf)
: #7 handle
/home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/server.c:1026
(qdrouterd+0x4d8a96)
: #8 thread_run
/home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/server.c:1141
(qdrouterd+0x4daeb7)
: #9 _thread_init
/home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/posix/threading.c:172
(qdrouterd+0x4812dd)
:
: Previous read of size 8 at 0x7b400000af00 by main thread:
: #0 qd_alloc_sequence
/home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/alloc_pool.c:514
(qdrouterd+0x44bef0)
: #1 qd_alloc_deref_safe_ptr
/home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/include/qpid/dispatch/alloc_pool.h:102
(qdrouterd+0x45c033)
: #2 cleanup_link
/home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/container.c:350
(qdrouterd+0x45c033)
: #3 qd_link_free
/home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/container.c:997
(qdrouterd+0x45c1c9)
: #4 qd_link_free
/home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/container.c:988
(qdrouterd+0x45dd32)
: #5 AMQP_link_detach_handler
/home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/router_node.c:1158
(qdrouterd+0x4d38f1)
: #6 AMQP_link_detach_handler
/home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/router_node.c:1107
(qdrouterd+0x4d38f1)
: #7 close_links
/home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/container.c:328
(qdrouterd+0x45c2b9)
: #8 qd_container_handle_event
/home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/container.c:525
(qdrouterd+0x45f003)
: #9 handle
/home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/server.c:1116
(qdrouterd+0x4d8b01)
: #10 thread_run
/home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/server.c:1141
(qdrouterd+0x4dadc4)
: #11 qd_server_run
/home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/server.c:1535
(qdrouterd+0x4dba1c)
: #12 main_process
/home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/router/src/main.c:115
(qdrouterd+0x426e5c)
: #13 main
/home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/router/src/main.c:369
(qdrouterd+0x42626c)
:
: Location is heap block of size 256 at 0x7b400000af00 allocated by thread
T1:
: #0 posix_memalign <null> (libtsan.so.0+0x32a23)
: #1 qd_alloc
/home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/alloc_pool.c:391
(qdrouterd+0x44ad29)
: #2 new_qd_message_t
/home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/message.c:93
(qdrouterd+0x470e7d)
: #3 qd_message_copy
/home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/message.c:1136
(qdrouterd+0x470e7d)
: #4 qdr_forward_new_delivery_CT
/home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/router_core/forwarder.c:153
(qdrouterd+0x4a64d7)
: #5 qdr_forward_multicast_CT
/home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/router_core/forwarder.c:497
(qdrouterd+0x4a9155)
: #6 qdr_forward_message_CT
/home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/router_core/forwarder.c:1122
(qdrouterd+0x4aab70)
: #7 qdr_in_process_send_to_CT
/home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/router_core/transfer.c:924
(qdrouterd+0x4bc7dd)
: #8 qdr_send_to_CT
/home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/router_core/transfer.c:899
(qdrouterd+0x4bc943)
: #9 router_core_thread
/home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/router_core/router_core_thread.c:236
(qdrouterd+0x4b53fa)
: #10 _thread_init
/home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/posix/threading.c:172
(qdrouterd+0x4812dd)
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
