Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
1.18.0
-
None
-
None
Description
While the stack below appears to be a double-free of a qd_message_t it is not (see qd_python_send - the message is not shared with a link). The reason TSAN complains is that the sequence number contained in the memory pool item is not atomic. In the trace below the message was freed to the pool then reclaimed for use by qd_python_send. The fact that the sequence # was not synchronized is causing TSAN pain.
Fix: make the sequence an atomic counter
: WARNING: ThreadSanitizer: data race (pid=1889)
: Write of size 8 at 0x7b400000af00 by thread T2 (mutexes: write M13):
: #0 qd_dealloc /home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/alloc_pool.c:470 (qdrouterd+0x44b652)
: #1 free_qd_message_t /home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/message.c:93 (qdrouterd+0x46e049)
: #2 qd_message_free /home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/message.c:1128 (qdrouterd+0x46e049)
: #3 qd_python_send /home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/python_embedded.c:798 (qdrouterd+0x4830a0)
: #4 method_vectorcall_VARARGS <null> (libpython3.10.so.1.0+0x12ca80)
: #5 qd_router_timer_handler /home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/router_node.c:1622 (qdrouterd+0x4cf2dc)
: #6 qd_timer_visit /home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/timer.c:320 (qdrouterd+0x4dd7cf)
: #7 handle /home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/server.c:1026 (qdrouterd+0x4d8a96)
: #8 thread_run /home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/server.c:1141 (qdrouterd+0x4daeb7)
: #9 _thread_init /home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/posix/threading.c:172 (qdrouterd+0x4812dd)
:
: Previous read of size 8 at 0x7b400000af00 by main thread:
: #0 qd_alloc_sequence /home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/alloc_pool.c:514 (qdrouterd+0x44bef0)
: #1 qd_alloc_deref_safe_ptr /home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/include/qpid/dispatch/alloc_pool.h:102 (qdrouterd+0x45c033)
: #2 cleanup_link /home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/container.c:350 (qdrouterd+0x45c033)
: #3 qd_link_free /home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/container.c:997 (qdrouterd+0x45c1c9)
: #4 qd_link_free /home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/container.c:988 (qdrouterd+0x45dd32)
: #5 AMQP_link_detach_handler /home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/router_node.c:1158 (qdrouterd+0x4d38f1)
: #6 AMQP_link_detach_handler /home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/router_node.c:1107 (qdrouterd+0x4d38f1)
: #7 close_links /home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/container.c:328 (qdrouterd+0x45c2b9)
: #8 qd_container_handle_event /home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/container.c:525 (qdrouterd+0x45f003)
: #9 handle /home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/server.c:1116 (qdrouterd+0x4d8b01)
: #10 thread_run /home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/server.c:1141 (qdrouterd+0x4dadc4)
: #11 qd_server_run /home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/server.c:1535 (qdrouterd+0x4dba1c)
: #12 main_process /home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/router/src/main.c:115 (qdrouterd+0x426e5c)
: #13 main /home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/router/src/main.c:369 (qdrouterd+0x42626c)
:
: Location is heap block of size 256 at 0x7b400000af00 allocated by thread T1:
: #0 posix_memalign <null> (libtsan.so.0+0x32a23)
: #1 qd_alloc /home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/alloc_pool.c:391 (qdrouterd+0x44ad29)
: #2 new_qd_message_t /home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/message.c:93 (qdrouterd+0x470e7d)
: #3 qd_message_copy /home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/message.c:1136 (qdrouterd+0x470e7d)
: #4 qdr_forward_new_delivery_CT /home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/router_core/forwarder.c:153 (qdrouterd+0x4a64d7)
: #5 qdr_forward_multicast_CT /home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/router_core/forwarder.c:497 (qdrouterd+0x4a9155)
: #6 qdr_forward_message_CT /home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/router_core/forwarder.c:1122 (qdrouterd+0x4aab70)
: #7 qdr_in_process_send_to_CT /home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/router_core/transfer.c:924 (qdrouterd+0x4bc7dd)
: #8 qdr_send_to_CT /home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/router_core/transfer.c:899 (qdrouterd+0x4bc943)
: #9 router_core_thread /home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/router_core/router_core_thread.c:236 (qdrouterd+0x4b53fa)
: #10 _thread_init /home/runner/work/qpid-dispatch/qpid-dispatch/qpid-dispatch/src/posix/threading.c:172 (qdrouterd+0x4812dd)
Attachments
Issue Links
- is duplicated by
-
DISPATCH-2203
Alloc_pool_item_t sequence number should be atomic
-
- Open
-