| Summary: | ASTERISK-25774: Data race on deleting threads | ||
| Reporter: | Badalian Vyacheslav (slavon) | Labels: | |
| Date Opened: | 2016-02-11 22:47:01.000-0600 | Date Closed: | 2016-02-12 13:43:06.000-0600 |
| Priority: | Major | Regression? | |
| Status: | Closed/Complete | Components: | |
| Versions: | 13.7.2 | Frequency of Occurrence | |
| Related Issues: | |||
| Environment: | [root@vm-asterisk04t asterisk]# git branch -v * master a394865 Merge "Resources/res_phoneprov: fix memory leak and heap-use-after-free" | Attachments: | |
| Description: | {code}
*CLI> core stop now Beginning asterisk shutdown.... Asterisk cleanly ending (0). Executing last minute cleanups == Destroying musiconhold processes == Manager unregistered action DBGet == Manager unregistered action DBPut == Manager unregistered action DBDel == Manager unregistered action DBDelTree ================== WARNING: ThreadSanitizer: data race (pid=31057) Read of size 8 at 0x7d0800035040 by thread T4: #0 ast_unregister_thread /root/asterisk/main/asterisk.c:573 (asterisk+0x0000002bdcac) #1 dummy_start /root/asterisk/main/utils.c:1230 (asterisk+0x0000006b6649) #2 listener /root/asterisk/main/asterisk.c:1500 (asterisk+0x0000002c5070) #3 dummy_start /root/asterisk/main/utils.c:1232 (asterisk+0x0000006b6674) #4 <null> <null> (libtsan.so.0+0x000000023659) Previous write of size 8 at 0x7d0800035040 by thread T11 (mutexes: write M52): #0 ast_unregister_thread /root/asterisk/main/asterisk.c:575 (asterisk+0x0000002bdbc5) #1 dummy_start /root/asterisk/main/utils.c:1234 (asterisk+0x0000006b6694) #2 <null> <null> (libtsan.so.0+0x000000023659) Location is heap block of size 32 at 0x7d0800035040 allocated by thread T13: #0 calloc <null> (libtsan.so.0+0x000000025bed) #1 _ast_calloc /root/asterisk/include/asterisk/utils.h:573 (asterisk+0x0000002bc5a0) #2 ast_register_thread /root/asterisk/main/asterisk.c:554 (asterisk+0x0000002bd84f) #3 dummy_start /root/asterisk/main/utils.c:1229 (asterisk+0x0000006b6607) #4 <null> <null> (libtsan.so.0+0x000000023659) Mutex M52 (0x7f0ab18d1bb0) created at: #0 pthread_rwlock_wrlock <null> (libtsan.so.0+0x0000000293ad) #1 __ast_rwlock_wrlock /root/asterisk/main/lock.c:1018 (asterisk+0x00000050420f) #2 ast_register_thread /root/asterisk/main/asterisk.c:563 (asterisk+0x0000002bd953) #3 dummy_start /root/asterisk/main/utils.c:1229 (asterisk+0x0000006b6607) #4 <null> <null> (libtsan.so.0+0x000000023659) Thread T4 (tid=31548, running) created by main thread at: #0 pthread_create <null> (libtsan.so.0+0x000000027b07) #1 ast_pthread_create_stack /root/asterisk/main/utils.c:1285 (asterisk+0x0000006b6abd) #2 ast_makesocket /root/asterisk/main/asterisk.c:1601 (asterisk+0x0000002c6605) #3 asterisk_daemon /root/asterisk/main/asterisk.c:4435 (asterisk+0x0000002d6661) #4 main /root/asterisk/main/asterisk.c:4230 (asterisk+0x0000002d5cfd) Thread T11 (tid=31555, finished) created by main thread at: #0 pthread_create <null> (libtsan.so.0+0x000000027b07) #1 ast_pthread_create_stack /root/asterisk/main/utils.c:1285 (asterisk+0x0000006b6abd) #2 astdb_init /root/asterisk/main/db.c:1022 (asterisk+0x00000044fb3b) #3 asterisk_daemon /root/asterisk/main/asterisk.c:4491 (asterisk+0x0000002d68ab) #4 main /root/asterisk/main/asterisk.c:4230 (asterisk+0x0000002d5cfd) Thread T13 (tid=31557, running) created by main thread at: #0 pthread_create <null> (libtsan.so.0+0x000000027b07) #1 ast_pthread_create_stack /root/asterisk/main/utils.c:1285 (asterisk+0x0000006b6abd) #2 bridge_manager_create /root/asterisk/main/bridge.c:4695 (asterisk+0x0000003134a6) #3 ast_bridging_init /root/asterisk/main/bridge.c:5331 (asterisk+0x00000031708c) #4 asterisk_daemon /root/asterisk/main/asterisk.c:4519 (asterisk+0x0000002d698c) #5 main /root/asterisk/main/asterisk.c:4230 (asterisk+0x0000002d5cfd) SUMMARY: ThreadSanitizer: data race /root/asterisk/main/asterisk.c:573 ast_unregister_thread ================== {code} | ||
| Comments: | By: Asterisk Team (asteriskteam) 2016-02-11 22:47:02.797-0600 Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution. A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report. Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process]. By: Corey Farrell (coreyfarrell) 2016-02-12 10:16:25.395-0600 Your line numbers do not match 13 or 13.7.2. Please tell me the exact revision these backtraces are based on. By: Badalian Vyacheslav (slavon) 2016-02-12 10:47:13.203-0600 [root@vm-asterisk04t asterisk]# git branch -v * master a394865 Merge "Resources/res_phoneprov: fix memory leak and heap-use-after-free" By: Corey Farrell (coreyfarrell) 2016-02-12 13:43:06.962-0600 Both Ctrl+C and {{core stop now}} produce errors/warnings when run through a memory usage checker. This is due to the fact that threads are left running even after we call {{exit}} (by design). {{ast_unregister_thread}} uses a write lock to protect the list. What you saw is the result of your libc causing the thread to exit after your libc freed the rwlock. It is libc that calls the __destructor__ functions, which it decided to do before it closed all threads. If you feel that I've closed this ticket in error feel free to reopen by posting a comment. | ||