You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2021/05/03 19:12:00 UTC
[jira] [Commented] (DISPATCH-1917) Thread race accessing connector->conn_msg buffer (TSAN)

    [ https://issues.apache.org/jira/browse/DISPATCH-1917?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17338573#comment-17338573 ] 

ASF subversion and git services commented on DISPATCH-1917:
-----------------------------------------------------------

Commit 8545a425cd8ee86beffdc97464fd4d4a20618a05 in qpid-dispatch's branch refs/heads/main from Ken Giusti
[ https://gitbox.apache.org/repos/asf?p=qpid-dispatch.git;h=8545a42 ]

DISPATCH-2046: prevent crash when accessing connector pointer
DISPATCH-1679: fix qd_connector_t leak
DISPATCH-1917: fix race when accessing connector->conn_msg buffer

This closes #1176


> Thread race accessing connector->conn_msg buffer (TSAN)
> -------------------------------------------------------
>
>                 Key: DISPATCH-1917
>                 URL: https://issues.apache.org/jira/browse/DISPATCH-1917
>             Project: Qpid Dispatch
>          Issue Type: Bug
>          Components: Router Node
>    Affects Versions: 1.15.0
>            Reporter: Ken Giusti
>            Assignee: Ken Giusti
>            Priority: Major
>              Labels: race-condition
>             Fix For: 1.17.0
>
>
> qd_connector_t holds a buffer for connection related mgmt messages (conn_msg[300]). 
> One thread can read it buffer content while another thread can write it:
> {noformat}
> 14: WARNING: ThreadSanitizer: data race (pid=63992)
> 14: Read of size 8 at 0x7b4400000140 by main thread (mutexes: write M13, write M312, write M9):
> 14: #0 strlen <null> (libtsan.so.0+0x32c4f)
> 14: #1 PyUnicode_FromString <null> (libpython3.8.so.1.0+0xf8a58)
> 14: #2 qd_entity_refresh_connector /home/kgiusti/work/dispatch/qpid-dispatch/src/connection_manager.c:868 (libqpid-dispatch.so+0x68522)
> 14: #3 ffi_call_unix64 <null> (libffi.so.6+0x6aef)
> 14: #4 qdr_forward_on_message /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/forwarder.c:336 (libqpid-dispatch.so+0xb083c)
> 14: #5 qdr_general_handler /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/router_core.c:887 (libqpid-dispatch.so+0xb9189)
> 14: #6 qd_timer_visit /home/kgiusti/work/dispatch/qpid-dispatch/src/timer.c:201 (libqpid-dispatch.so+0xe60c7)
> 14: #7 handle /home/kgiusti/work/dispatch/qpid-dispatch/src/server.c:1008 (libqpid-dispatch.so+0xe01ae)
> 14: #8 thread_run /home/kgiusti/work/dispatch/qpid-dispatch/src/server.c:1122 (libqpid-dispatch.so+0xe2aa7)
> 14: #9 qd_server_run /home/kgiusti/work/dispatch/qpid-dispatch/src/server.c:1484 (libqpid-dispatch.so+0xe352f)
> 14: #10 main_process /home/kgiusti/work/dispatch/qpid-dispatch/router/src/main.c:113 (qdrouterd+0x40287c)
> 14: #11 main /home/kgiusti/work/dispatch/qpid-dispatch/router/src/main.c:367 (qdrouterd+0x4024fc)
> 14: 
> 14: Previous write of size 8 at 0x7b4400000140 by thread T3:
> 14: #0 strcpy <null> (libtsan.so.0+0x45ac1)
> 14: #1 AMQP_opened_handler /home/kgiusti/work/dispatch/qpid-dispatch/src/router_node.c:1241 (libqpid-dispatch.so+0xdad01)
> 14: #2 AMQP_outbound_opened_handler /home/kgiusti/work/dispatch/qpid-dispatch/src/router_node.c:1402 (libqpid-dispatch.so+0xdba43)
> 14: #3 notify_opened /home/kgiusti/work/dispatch/qpid-dispatch/src/container.c:273 (libqpid-dispatch.so+0x69fa3)
> 14: #4 policy_notify_opened /home/kgiusti/work/dispatch/qpid-dispatch/src/container.c:284 (libqpid-dispatch.so+0x69fa3)
> 14: #5 qd_policy_amqp_open_connector /home/kgiusti/work/dispatch/qpid-dispatch/src/policy.c:1371 (libqpid-dispatch.so+0x881fa)
> 14: #6 qd_container_handle_event /home/kgiusti/work/dispatch/qpid-dispatch/src/container.c:511 (libqpid-dispatch.so+0x6c984)
> 14: #7 handle /home/kgiusti/work/dispatch/qpid-dispatch/src/server.c:1097 (libqpid-dispatch.so+0xe0211)
> 14: #8 thread_run /home/kgiusti/work/dispatch/qpid-dispatch/src/server.c:1122 (libqpid-dispatch.so+0xe2a34)
> 14: #9 _thread_init /home/kgiusti/work/dispatch/qpid-dispatch/src/posix/threading.c:172 (libqpid-dispatch.so+0x8c5f2)
> 14: #10 <null> <null> (libtsan.so.0+0x2d33f)
> 14: 
> 14: Location is heap block of size 300 at 0x7b4400000140 allocated by main thread:
> 14: #0 malloc <null> (libtsan.so.0+0x304d3)
> 14: #1 qd_server_connector /home/kgiusti/work/dispatch/qpid-dispatch/src/server.c:1657 (libqpid-dispatch.so+0xe49d4)
> 14: #2 qd_dispatch_configure_connector /home/kgiusti/work/dispatch/qpid-dispatch/src/connection_manager.c:878 (libqpid-dispatch.so+0x6856d)
> 14: #3 ffi_call_unix64 <null> (libffi.so.6+0x6aef)
> 14: #4 main_process /home/kgiusti/work/dispatch/qpid-dispatch/router/src/main.c:95 (qdrouterd+0x40281c)
> 14: #5 main /home/kgiusti/work/dispatch/qpid-dispatch/router/src/main.c:367 (qdrouterd+0x4024fc)
> 14: 
> 14: Mutex M13 (0x7b1000000340) created at:
> 14: #0 pthread_mutex_init <null> (libtsan.so.0+0x4a7c6)
> 14: #1 sys_mutex /home/kgiusti/work/dispatch/qpid-dispatch/src/posix/threading.c:43 (libqpid-dispatch.so+0x8c64c)
> 14: #2 qd_python_initialize /home/kgiusti/work/dispatch/qpid-dispatch/src/python_embedded.c:56 (libqpid-dispatch.so+0x8ebb3)
> 14: #3 qd_dispatch /home/kgiusti/work/dispatch/qpid-dispatch/src/dispatch.c:108 (libqpid-dispatch.so+0x6e526)
> 14: #4 main_process /home/kgiusti/work/dispatch/qpid-dispatch/router/src/main.c:90 (qdrouterd+0x4027b9)
> 14: #5 main /home/kgiusti/work/dispatch/qpid-dispatch/router/src/main.c:367 (qdrouterd+0x4024fc)
> 14: 
> 14: Mutex M312 (0x7b1000003040) created at:
> 14: #0 pthread_mutex_init <null> (libtsan.so.0+0x4a7c6)
> 14: #1 sys_mutex /home/kgiusti/work/dispatch/qpid-dispatch/src/posix/threading.c:43 (libqpid-dispatch.so+0x8c64c)
> 14: #2 qd_router /home/kgiusti/work/dispatch/qpid-dispatch/src/router_node.c:1484 (libqpid-dispatch.so+0xdbdbf)
> 14: #3 qd_dispatch_prepare /home/kgiusti/work/dispatch/qpid-dispatch/src/dispatch.c:332 (libqpid-dispatch.so+0x6e13f)
> 14: #4 ffi_call_unix64 <null> (libffi.so.6+0x6aef)
> 14: #5 main_process /home/kgiusti/work/dispatch/qpid-dispatch/router/src/main.c:95 (qdrouterd+0x40281c)
> 14: #6 main /home/kgiusti/work/dispatch/qpid-dispatch/router/src/main.c:367 (qdrouterd+0x4024fc)
> 14: 
> 14: Mutex M9 (0x7b1000000240) created at:
> 14: #0 pthread_mutex_init <null> (libtsan.so.0+0x4a7c6)
> 14: #1 sys_mutex /home/kgiusti/work/dispatch/qpid-dispatch/src/posix/threading.c:43 (libqpid-dispatch.so+0x8c64c)
> 14: #2 qd_entity_cache_initialize /home/kgiusti/work/dispatch/qpid-dispatch/src/entity_cache.c:57 (libqpid-dispatch.so+0x6f8b6)
> 14: #3 qd_dispatch /home/kgiusti/work/dispatch/qpid-dispatch/src/dispatch.c:85 (libqpid-dispatch.so+0x6e3db)
> 14: #4 main_process /home/kgiusti/work/dispatch/qpid-dispatch/router/src/main.c:90 (qdrouterd+0x4027b9)
> 14: #5 main /home/kgiusti/work/dispatch/qpid-dispatch/router/src/main.c:367 (qdrouterd+0x4024fc)
> 14: 
> 14: Thread T3 (tid=64002, running) created by main thread at:
> 14: #0 pthread_create <null> (libtsan.so.0+0x5ec29)
> 14: #1 sys_thread /home/kgiusti/work/dispatch/qpid-dispatch/src/posix/threading.c:181 (libqpid-dispatch.so+0x8ca8e)
> 14: #2 qd_server_run /home/kgiusti/work/dispatch/qpid-dispatch/src/server.c:1482 (libqpid-dispatch.so+0xe350a)
> 14: #3 main_process /home/kgiusti/work/dispatch/qpid-dispatch/router/src/main.c:113 (qdrouterd+0x40287c)
> 14: #4 main /home/kgiusti/work/dispatch/qpid-dispatch/router/src/main.c:367 (qdrouterd+0x4024fc)
> 14: 
> 14: SUMMARY: ThreadSanitizer: data race (/lib64/libtsan.so.0+0x32c4f) in strlen
> 14: ==================
> 14: ThreadSanitizer: reported 1 warnings
> {noformat}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org