On Tue, Apr 6, 2021 at 3:28 PM Ganesh Murthy <gmur...@redhat.com> wrote:
> On Tue, Apr 6, 2021 at 2:57 PM Ted Ross <t...@nethopper.io> wrote: > > > Hi Ganesh, > > > > Yes, multiple links can share the same owning_addr. It looks, from a > > reading of the backtrace, that it might not be the address that's double > > freed, but it might be the outstanding_deliveries field of the address > > that's being freed here. > > > It does look like the crash occurs due to the double freeing of > outstanding_deliveries but grep-ing for outstanding_deliveries, it is freed > only > in that code and nowhere else. That is what leads me to think that the > address itself is being double-freed. > > If multiple link->owning_addr(s) can point to the same addr, should we use > the qdr_address_t's ref_count field to avoid such crashes? Increase the > ref_count when an addr is assigned to a link->owning_addr and decrease > the ref_count when the link->owning_addr is set to zero ? This ref_count is > already used when deleting qdr_address_t objects. > qdr_check_addr_CT already looks at the number of rlinks and inlinks for the address. I believe that every link that claims the address as it's owning_addr should be listed in one of those two lists. That should protect against address-double-frees on link detach. > > Thanks. > > > > > -Ted > > > > On Tue, Apr 6, 2021 at 12:16 PM Ganesh Murthy <gmur...@redhat.com> > wrote: > > > > > I have a quick question about qdr_link_t's owning_addr field ( > > > > > > > > > https://github.com/apache/qpid-dispatch/blob/1.15.0/src/router_core/router_core_private.h#L437 > > > ) > > > > > > Can the owning_addr on many links point to the same address ? > > > > > > For example, can the following be true? > > > > > > link1->owning_addr = my_addr > > > link2->owning_addr = my_addr > > > > > > The reason I ask is because of the ASAN crash seen here - > > > > > > > > > https://issues.apache.org/jira/browse/DISPATCH-2019?focusedCommentId=17314238&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-17314238 > > > (you will have to "git checkout > ead503c94926f732fba7ddd5ee0826aa3bcd2c79" > > > for the line numbers on the backtrace to match up). > > > > > > Looking at that backtrace, it *seems* like two links got detaches and > > both > > > links point to the same owning_addr. The first detach call to the core > > > frees the owning_addr object while the second detach on a different > link > > > with the same owning_addr causes a double free to happen. > > > The reason I ask is because I have been unable to reproduce this crash > > so I > > > am left to guess that this might be the reason for the crash. > > > > > > Thanks. > > > > > >