Bjoern Petri created CELIX-334: ---------------------------------- Summary: Race Condition in Topology Manager causes spurious segfaults Key: CELIX-334 URL: https://issues.apache.org/jira/browse/CELIX-334 Project: Celix Issue Type: Bug Reporter: Bjoern Petri Assignee: Bjoern Petri
When adding imported/exported Services, the Topology Manager creates a copy of the rsaList. Although a comment mentioned that this is done to prevent threading issues, this is causing a race condition btwn topology manager and the remote service admin: {code} ================================================================= ==6392== ERROR: AddressSanitizer: heap-use-after-free on address 0x601c00009fe8 at pc 0x2ab837b9c59a bp 0x2ab8370384d0 sp 0x2ab8370384c8 READ of size 8 at 0x601c00009fe8 thread T72 #0 0x2ab837b9c599 in remoteServiceAdmin_importService /home/bjoern/Development/celix/git/celix.current.plain/celix/remote_services/remote_service_admin_shm/private/src/remote_service_admin_impl.c:825:0 #1 0x2ab8396f5a61 in topologyManager_addImportedService /home/bjoern/Development/celix/git/celix.current.plain/celix/remote_services/topology_manager/private/src/topology_manager.c:549:0 #2 0x2ab837ffead3 in discovery_informEndpointListeners /home/bjoern/Development/celix/git/celix.current.plain/celix/remote_services/discovery/private/src/discovery.c:173:0 #3 0x2ab837fff0d0 in discovery_addDiscoveredEndpoint /home/bjoern/Development/celix/git/celix.current.plain/celix/remote_services/discovery/private/src/discovery.c:209:0 #4 0x2ab838006cf5 in endpointDiscoveryPoller_poll /home/bjoern/Development/celix/git/celix.current.plain/celix/remote_services/discovery/private/src/endpoint_discovery_poller.c:271:0 #5 0x2ab838005fca in endpointDiscoveryPoller_addDiscoveryEndpoint /home/bjoern/Development/celix/git/celix.current.plain/celix/remote_services/discovery/private/src/endpoint_discovery_poller.c:193:0 #6 0x2ab837ff9c69 in discoveryShmWatcher_syncEndpoints /home/bjoern/Development/celix/git/celix.current.plain/celix/remote_services/discovery_shm/private/src/discovery_shmWatcher.c:119:0 #7 0x2ab837ffa554 in discoveryShmWatcher_run /home/bjoern/Development/celix/git/celix.current.plain/celix/remote_services/discovery_shm/private/src/discovery_shmWatcher.c:168:0 #8 0x2ab82af4db97 in __asan_describe_address ??:? #9 0x2ab82e42f181 in start_thread /build/buildd/eglibc-2.19/nptl/pthread_create.c:312 (discriminator 2) #10 0x2ab82ef5f47c in clone /build/buildd/eglibc-2.19/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:111 0x601c00009fe8 is located 104 bytes inside of 152-byte region [0x601c00009f80,0x601c0000a018) freed by thread T0 here: #0 0x2ab82af4a33a in __interceptor_free ??:? #1 0x2ab837b9339d in remoteServiceAdmin_destroy /home/bjoern/Development/celix/git/celix.current.plain/celix/remote_services/remote_service_admin_shm/private/src/remote_service_admin_impl.c:101:0 #2 0x2ab837b9dff2 in bundleActivator_stop /home/bjoern/Development/celix/git/celix.current.plain/celix/remote_services/remote_service_admin_shm/private/src/remote_service_admin_activator.c:107:0 #3 0x2ab82df1526c in fw_stopBundle /home/bjoern/Development/celix/git/celix.current.plain/celix/framework/private/src/framework.c:875:0 #4 0x2ab82def33d4 in bundle_stopWithOptions /home/bjoern/Development/celix/git/celix.current.plain/celix/framework/private/src/bundle.c:325:0 #5 0x2ab82def3166 in bundle_stop /home/bjoern/Development/celix/git/celix.current.plain/celix/framework/private/src/bundle.c:313:0 #6 0x41b2b3 in stopStartPermutation /home/bjoern/Development/celix/git/celix.current.plain/celix/remote_services/remote_service_admin_shm/private/test/rsa_client_server_tests.cpp:250:0 #7 0x41e3c6 in testImport /home/bjoern/Development/celix/git/celix.current.plain/celix/remote_services/remote_service_admin_shm/private/test/rsa_client_server_tests.cpp:338:0 #8 0x422e4e in _ZN44TEST_RsaShmClientServerTests_TestImport_Test8testBodyEv /home/bjoern/Development/celix/git/celix.current.plain/celix/remote_services/remote_service_admin_shm/private/test/rsa_client_server_tests.cpp:479:0 #9 0x42fe00 in PlatformSpecificSetJmpImplementation /home/bjoern/Progs/cpputest/cpputest-3.7.1/src/Platforms/Gcc/UtestPlatform.cpp:144:0 addr2line: '': No such file #10 0x601000007f9f in previously allocated by thread T0 here: #0 0x2ab82af4a4e5 in calloc ??:? #1 0x2ab837b929db in remoteServiceAdmin_create /home/bjoern/Development/celix/git/celix.current.plain/celix/remote_services/remote_service_admin_shm/private/src/remote_service_admin_impl.c:70 #2 0x2ab837b9d9f2 in bundleActivator_start /home/bjoern/Development/celix/git/celix.current.plain/celix/remote_services/remote_service_admin_shm/private/src/remote_service_admin_activator.c:63 #3 0x2ab82df1317f in fw_startBundle /home/bjoern/Development/celix/git/celix.current.plain/celix/framework/private/src/framework.c:717 (discriminator 1) #4 0x2ab82def2cd2 in bundle_startWithOptions /home/bjoern/Development/celix/git/celix.current.plain/celix/framework/private/src/bundle.c:282 #5 0x2ab82df63556 in celixLauncher_launchWithProperties /home/bjoern/Development/celix/git/celix.current.plain/celix/framework/private/src/celix_launcher.c:130 (discriminator 2) #6 0x2ab82df62b2b in celixLauncher_launchWithStream /home/bjoern/Development/celix/git/celix.current.plain/celix/framework/private/src/celix_launcher.c:67 #7 0x2ab82df62844 in celixLauncher_launch /home/bjoern/Development/celix/git/celix.current.plain/celix/framework/private/src/celix_launcher.c:46 #8 0x4144ee in setupFm /home/bjoern/Development/celix/git/celix.current.plain/celix/remote_services/remote_service_admin_shm/private/test/rsa_client_server_tests.cpp:68 #9 0x42360e in _ZN47TEST_GROUP_CppUTestGroupRsaShmClientServerTests5setupEv /home/bjoern/Development/celix/git/celix.current.plain/celix/remote_services/remote_service_admin_shm/private/test/rsa_client_server_tests.cpp:465 #10 0x42fe00 in PlatformSpecificSetJmpImplementation /home/bjoern/Progs/cpputest/cpputest-3.7.1/src/Platforms/Gcc/UtestPlatform.cpp:144 #11 0x601000007f9f in Thread T72 created by T0 here: #0 0x2ab82af3fb5b in __interceptor_pthread_create ??:? #1 0x2ab82e1fdca8 in celixThread_create /home/bjoern/Development/celix/git/celix.current.plain/celix/utils/private/src/celix_threads.c:34 #2 0x2ab837ffaaed in discoveryShmWatcher_create /home/bjoern/Development/celix/git/celix.current.plain/celix/remote_services/discovery_shm/private/src/discovery_shmWatcher.c:212 #3 0x2ab837ffba80 in discovery_start /home/bjoern/Development/celix/git/celix.current.plain/celix/remote_services/discovery_shm/private/src/discovery_impl.c:122 #4 0x2ab837ffcc18 in bundleActivator_start /home/bjoern/Development/celix/git/celix.current.plain/celix/remote_services/discovery/private/src/discovery_activator.c:125 #5 0x2ab82df1317f in fw_startBundle /home/bjoern/Development/celix/git/celix.current.plain/celix/framework/private/src/framework.c:717 (discriminator 1) #6 0x2ab82def2cd2 in bundle_startWithOptions /home/bjoern/Development/celix/git/celix.current.plain/celix/framework/private/src/bundle.c:282 #7 0x2ab82df63556 in celixLauncher_launchWithProperties /home/bjoern/Development/celix/git/celix.current.plain/celix/framework/private/src/celix_launcher.c:130 (discriminator 2) #8 0x2ab82df62b2b in celixLauncher_launchWithStream /home/bjoern/Development/celix/git/celix.current.plain/celix/framework/private/src/celix_launcher.c:67 #9 0x2ab82df62844 in celixLauncher_launch /home/bjoern/Development/celix/git/celix.current.plain/celix/framework/private/src/celix_launcher.c:46 #10 0x4144ee in setupFm /home/bjoern/Development/celix/git/celix.current.plain/celix/remote_services/remote_service_admin_shm/private/test/rsa_client_server_tests.cpp:68 #11 0x42360e in _ZN47TEST_GROUP_CppUTestGroupRsaShmClientServerTests5setupEv /home/bjoern/Development/celix/git/celix.current.plain/celix/remote_services/remote_service_admin_shm/private/test/rsa_client_server_tests.cpp:465 #12 0x42fe00 in PlatformSpecificSetJmpImplementation /home/bjoern/Progs/cpputest/cpputest-3.7.1/src/Platforms/Gcc/UtestPlatform.cpp:144 #13 0x601000007f9f in Shadow bytes around the buggy address: 0x0c03ffff93a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c03ffff93b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c03ffff93c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c03ffff93d0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd 0x0c03ffff93e0: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa =>0x0c03ffff93f0: fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]fd fd 0x0c03ffff9400: fd fd fd fa fa fa fa fa fa fa fa fa 00 00 00 00 0x0c03ffff9410: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa 0x0c03ffff9420: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd 0x0c03ffff9430: fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa 0x0c03ffff9440: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap righ redzone: fb Freed Heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 ASan internal: fe ==6392== ABORTING {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)