On Tue, Apr 6, 2021 at 2:57 PM Ted Ross <[email protected]> wrote: > Hi Ganesh, > > Yes, multiple links can share the same owning_addr. It looks, from a > reading of the backtrace, that it might not be the address that's double > freed, but it might be the outstanding_deliveries field of the address > that's being freed here. > It does look like the crash occurs due to the double freeing of outstanding_deliveries but grep-ing for outstanding_deliveries, it is freed only in that code and nowhere else. That is what leads me to think that the address itself is being double-freed.
If multiple link->owning_addr(s) can point to the same addr, should we use the qdr_address_t's ref_count field to avoid such crashes? Increase the ref_count when an addr is assigned to a link->owning_addr and decrease the ref_count when the link->owning_addr is set to zero ? This ref_count is already used when deleting qdr_address_t objects. Thanks. > > -Ted > > On Tue, Apr 6, 2021 at 12:16 PM Ganesh Murthy <[email protected]> wrote: > > > I have a quick question about qdr_link_t's owning_addr field ( > > > > > https://github.com/apache/qpid-dispatch/blob/1.15.0/src/router_core/router_core_private.h#L437 > > ) > > > > Can the owning_addr on many links point to the same address ? > > > > For example, can the following be true? > > > > link1->owning_addr = my_addr > > link2->owning_addr = my_addr > > > > The reason I ask is because of the ASAN crash seen here - > > > > > https://issues.apache.org/jira/browse/DISPATCH-2019?focusedCommentId=17314238&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-17314238 > > (you will have to "git checkout ead503c94926f732fba7ddd5ee0826aa3bcd2c79" > > for the line numbers on the backtrace to match up). > > > > Looking at that backtrace, it *seems* like two links got detaches and > both > > links point to the same owning_addr. The first detach call to the core > > frees the owning_addr object while the second detach on a different link > > with the same owning_addr causes a double free to happen. > > The reason I ask is because I have been unable to reproduce this crash > so I > > am left to guess that this might be the reason for the crash. > > > > Thanks. > > >
