Uploaded image for project: 'Qpid Dispatch'
  1. Qpid Dispatch
  2. DISPATCH-1259

delivery->link_work race condition

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 1.5.0
    • 1.16.0
    • Router Node

    Description

      chug hit the following use-after-free error under valgrind:

      kind = InvalidRead  (count=1)
Invalid read of size 1
Stack:
  (qdr_deliver_continue_peers_CT) /home/chug/git/qpid-dispatch/src/router_core/transfer.c:1236
  (qdr_deliver_continue_CT) /home/chug/git/qpid-dispatch/src/router_core/transfer.c:1269
  (router_core_thread) /home/chug/git/qpid-dispatch/src/router_core/router_core_thread.c:148
  (start_thread) /usr/src/debug/glibc-2.28-60-g4d7af7815a/nptl/pthread_create.c:486
  (clone) /usr/src/debug/glibc-2.28-60-g4d7af7815a/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95
Address 0x143aaa79 is 41 bytes inside a block of size 48 free'd:
  (free) /builddir/build/BUILD/valgrind-3.14.0/coregrind/m_replacemalloc/vg_replace_malloc.c:540
  (free_qdr_link_work_t) /home/chug/git/qpid-dispatch/src/router_core/router_core.c:36
  (qdr_connection_process) /home/chug/git/qpid-dispatch/src/router_core/connections.c:341
  (AMQP_writable_conn_handler) /home/chug/git/qpid-dispatch/src/router_node.c:174
  (writable_handler) /home/chug/git/qpid-dispatch/src/container.c:332
  (qd_container_handle_event) /home/chug/git/qpid-dispatch/src/container.c:640
  (handle) /home/chug/git/qpid-dispatch/src/server.c:985
  (thread_run) /home/chug/git/qpid-dispatch/src/server.c:1010
  (qd_server_run) /home/chug/git/qpid-dispatch/src/server.c:1284
  (main_process) /home/chug/git/qpid-dispatch/router/src/main.c:112
  (main) /home/chug/git/qpid-dispatch/router/src/main.c:367
Block was alloc'd at:
  (malloc) /builddir/build/BUILD/valgrind-3.14.0/coregrind/m_replacemalloc/vg_replace_malloc.c:309
  (new_qdr_link_work_t) /home/chug/git/qpid-dispatch/src/router_core/router_core.c:36
  (qdr_forward_deliver_CT) /home/chug/git/qpid-dispatch/src/router_core/forwarder.c:226
  (qdr_forward_multicast_CT) /home/chug/git/qpid-dispatch/src/router_core/forwarder.c:474
  (qdr_forward_message_CT) /home/chug/git/qpid-dispatch/src/router_core/forwarder.c:995
  (qdr_link_forward_CT) /home/chug/git/qpid-dispatch/src/router_core/transfer.c:918
  (qdr_link_deliver_CT) /home/chug/git/qpid-dispatch/src/router_core/transfer.c:1094
  (router_core_thread) /home/chug/git/qpid-dispatch/src/router_core/router_core_thread.c:148
  (start_thread) /usr/src/debug/glibc-2.28-60-g4d7af7815a/nptl/pthread_create.c:486
  (clone) /usr/src/debug/glibc-2.28-60-g4d7af7815a/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95

      The router core thread is accessing a link_work object after it was deleted by the I/O thread.

      Attachments

        Issue Links

          is fixed by

          Test - A new unit, integration or system test. DISPATCH-2032 router_core/delivery.c:1083:25: runtime error: load of value 153, which is not a valid value for type '_Bool' in system_tests_link_routes

          • Major - Major loss of function.
          • Closed

          Activity

            People

              kgiusti Ken Giusti
              kgiusti Ken Giusti
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: