TSAN issue in lib/dns/qpzone.c (concurrent operations on a database node)
https://gitlab.isc.org/isc-projects/bind9/-/jobs/4212362
Looks like node->nsec is read in subtractrdataset() at the same time
as node->dirty is written in clean_zone_node(). Both nsec and
dirty are bitfields:
struct qpdata {
dns_name_t name;
isc_mem_t *mctx;
isc_refcount_t references;
isc_refcount_t erefs;
uint16_t locknum;
void *data;
unsigned int : 0;
>>> unsigned int nsec : 2; /*%< range is 0..3 */
unsigned int wild : 1;
unsigned int delegating : 1;
>>> unsigned int dirty : 1;
unsigned int : 0;
};Click to expand/collapse TSAN report
WARNING: ThreadSanitizer: data race
Write of size 1 at 0x000000000001 by thread T0001 (mutexes: write M0001):
#0 clean_zone_node lib/dns/qpzone.c:908:15 (BuildId: 94bd22c21bd5a8aadecad3e84632c24debcb9ef8)
#1 decref lib/dns/qpzone.c:985:4
#2 closeversion lib/dns/qpzone.c:1566:3 (BuildId: 94bd22c21bd5a8aadecad3e84632c24debcb9ef8)
#3 dns__db_closeversion lib/dns/db.c:415:2 (BuildId: 94bd22c21bd5a8aadecad3e84632c24debcb9ef8)
#4 xfrout_ctx_destroy lib/ns/xfrout.c:1674:3 (BuildId: 38cf2e6a9f1af32690dc89ee851a26ab81b5a5c8)
#5 xfrout_senddone lib/ns/xfrout.c (BuildId: 38cf2e6a9f1af32690dc89ee851a26ab81b5a5c8)
#6 streamdns_writecb lib/isc/netmgr/streamdns.c:648:2 (BuildId: d4dcf00976ee80e10f33ec2e49a8a904cf1a5446)
#7 isc___nm_sendcb lib/isc/netmgr/netmgr.c:1882:2 (BuildId: d4dcf00976ee80e10f33ec2e49a8a904cf1a5446)
#8 isc__job_cb lib/isc/job.c:78:3 (BuildId: d4dcf00976ee80e10f33ec2e49a8a904cf1a5446)
#9 uv__run_idle /usr/src/libuv-v1.48.0/src/unix/loop-watcher.c:68:1 (BuildId: 7c913c4e0ce5027e1de4e434dcc0b6f749c36e45)
#10 thread_body lib/isc/thread.c:85:8 (BuildId: d4dcf00976ee80e10f33ec2e49a8a904cf1a5446)
#11 thread_run lib/isc/thread.c:100:14
Previous read of size 1 at 0x000000000001 by main thread:
#0 subtractrdataset lib/dns/qpzone.c:4817:2 (BuildId: 94bd22c21bd5a8aadecad3e84632c24debcb9ef8)
#1 dns__db_subtractrdataset lib/dns/db.c:731:11 (BuildId: 94bd22c21bd5a8aadecad3e84632c24debcb9ef8)
#2 diff_apply lib/dns/diff.c:388:14 (BuildId: 94bd22c21bd5a8aadecad3e84632c24debcb9ef8)
#3 dns_diff_apply lib/dns/diff.c:499:10 (BuildId: 94bd22c21bd5a8aadecad3e84632c24debcb9ef8)
#4 do_one_tuple lib/ns/update.c:458:11 (BuildId: 38cf2e6a9f1af32690dc89ee851a26ab81b5a5c8)
#5 update_soa_serial lib/ns/update.c:1583:2 (BuildId: 38cf2e6a9f1af32690dc89ee851a26ab81b5a5c8)
#6 update_action lib/ns/update.c:3342:4 (BuildId: 38cf2e6a9f1af32690dc89ee851a26ab81b5a5c8)
#7 isc__async_cb lib/isc/async.c:111:3 (BuildId: d4dcf00976ee80e10f33ec2e49a8a904cf1a5446)
#8 uv__async_io /usr/src/libuv-v1.48.0/src/unix/async.c:176:5 (BuildId: 7c913c4e0ce5027e1de4e434dcc0b6f749c36e45)
#9 thread_body lib/isc/thread.c:85:8 (BuildId: d4dcf00976ee80e10f33ec2e49a8a904cf1a5446)
#10 isc_thread_main lib/isc/thread.c:116:2
#11 isc_loopmgr_run lib/isc/loop.c:462:2 (BuildId: d4dcf00976ee80e10f33ec2e49a8a904cf1a5446)
#12 main bin/named/main.c:1574:2 (BuildId: ce9af565b1b31dd2ac185c3238c345385d20fe18)
Location is heap block of size 136 at 0x000000000024 allocated by main thread:
#0 malloc <null> (BuildId: ce9af565b1b31dd2ac185c3238c345385d20fe18)
#1 mallocx lib/isc/./jemalloc_shim.h:67:14 (BuildId: d4dcf00976ee80e10f33ec2e49a8a904cf1a5446)
#2 mem_get lib/isc/mem.c:307:8
#3 isc__mem_get lib/isc/mem.c:692:8 (BuildId: d4dcf00976ee80e10f33ec2e49a8a904cf1a5446)
#4 new_qpdata lib/dns/qpzone.c:598:22 (BuildId: 94bd22c21bd5a8aadecad3e84632c24debcb9ef8)
#5 dns__qpzone_create lib/dns/qpzone.c:724:17
#6 dns_db_create lib/dns/db.c:148:13 (BuildId: 94bd22c21bd5a8aadecad3e84632c24debcb9ef8)
#7 zone_load lib/dns/zone.c:2289:11 (BuildId: 94bd22c21bd5a8aadecad3e84632c24debcb9ef8)
#8 zone_asyncload lib/dns/zone.c:2374:11 (BuildId: 94bd22c21bd5a8aadecad3e84632c24debcb9ef8)
#9 isc__async_cb lib/isc/async.c:111:3 (BuildId: d4dcf00976ee80e10f33ec2e49a8a904cf1a5446)
#10 uv__async_io /usr/src/libuv-v1.48.0/src/unix/async.c:176:5 (BuildId: 7c913c4e0ce5027e1de4e434dcc0b6f749c36e45)
#11 thread_body lib/isc/thread.c:85:8 (BuildId: d4dcf00976ee80e10f33ec2e49a8a904cf1a5446)
#12 isc_thread_main lib/isc/thread.c:116:2
#13 isc_loopmgr_run lib/isc/loop.c:462:2 (BuildId: d4dcf00976ee80e10f33ec2e49a8a904cf1a5446)
#14 main bin/named/main.c:1574:2 (BuildId: ce9af565b1b31dd2ac185c3238c345385d20fe18)
Mutex M0001 (0x000000000032) created at:
#0 pthread_rwlock_init <null> (BuildId: ce9af565b1b31dd2ac185c3238c345385d20fe18)
#1 dns__qpzone_create lib/dns/qpzone.c:684:3 (BuildId: 94bd22c21bd5a8aadecad3e84632c24debcb9ef8)
#2 dns_db_create lib/dns/db.c:148:13 (BuildId: 94bd22c21bd5a8aadecad3e84632c24debcb9ef8)
#3 zone_load lib/dns/zone.c:2289:11 (BuildId: 94bd22c21bd5a8aadecad3e84632c24debcb9ef8)
#4 zone_asyncload lib/dns/zone.c:2374:11 (BuildId: 94bd22c21bd5a8aadecad3e84632c24debcb9ef8)
#5 isc__async_cb lib/isc/async.c:111:3 (BuildId: d4dcf00976ee80e10f33ec2e49a8a904cf1a5446)
#6 uv__async_io /usr/src/libuv-v1.48.0/src/unix/async.c:176:5 (BuildId: 7c913c4e0ce5027e1de4e434dcc0b6f749c36e45)
#7 thread_body lib/isc/thread.c:85:8 (BuildId: d4dcf00976ee80e10f33ec2e49a8a904cf1a5446)
#8 isc_thread_main lib/isc/thread.c:116:2
#9 isc_loopmgr_run lib/isc/loop.c:462:2 (BuildId: d4dcf00976ee80e10f33ec2e49a8a904cf1a5446)
#10 main bin/named/main.c:1574:2 (BuildId: ce9af565b1b31dd2ac185c3238c345385d20fe18)
Thread T0001 'isc-loop-0003' (running) created by main thread at:
#0 pthread_create <null> (BuildId: ce9af565b1b31dd2ac185c3238c345385d20fe18)
#1 isc_thread_create lib/isc/thread.c:139:8 (BuildId: d4dcf00976ee80e10f33ec2e49a8a904cf1a5446)
#2 isc_loopmgr_run lib/isc/loop.c:456:3 (BuildId: d4dcf00976ee80e10f33ec2e49a8a904cf1a5446)
#3 main bin/named/main.c:1574:2 (BuildId: ce9af565b1b31dd2ac185c3238c345385d20fe18)
SUMMARY: ThreadSanitizer: data race lib/dns/qpzone.c:908:15 in clean_zone_node