New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[SR-12515] OperationQueue deadlock/UaF on Swift 5.2 Linux #3261
Comments
@swift-ci create |
CC @millenomi/@spevans/@drexin any of you aware of this? |
on 5.2.1 the standalone repro either hangs for me or crashes! Something's definitelyt very wrong
|
yes, heap UaF
|
TSan not adding more but detecting it too
|
This is definitely a 5.2 regression. 5.1.5 seems to always run fine; ASan shows 5.1.5 leaks memory but nothing else; TSan is happy with 5.1.5. Although ASan/TSan is are not super meaningful for Foundation because Foundation isn't instrumented on Linux, nor is it usually inlined (which makes the compiler annotate it). |
To be clear, it does not crash nor hang on 5.1.5, but the dependencies are not respected (it was bug SR-12138). On 5.2 the dependencies are respected, but we have the crash/hang. |
I see, thanks for the clarification @Frizlab. We need to fix this ASAP. 5.2.2's merge window is also open right now so there's opportunity (https://forums.swift.org/t/development-open-for-swift-5-2-2-for-linux/35012). |
|
I did some investigation and it seems like there are multiple issues. I think I tracked down the original use-after-free to this line: The problem is that we are releasing the object without retaining it before. When fixing that, I run into another SIGSEGV here: https://github.com/apple/swift-corelibs-foundation/blob/swift-5.2-branch/Foundation/Operation.swift#L1243 Removing the code that releases the operation object at https://github.com/apple/swift-corelibs-foundation/blob/swift-5.2-branch/Foundation/Operation.swift#L919 fixes that segfault, but leaves us with leaked memory (not surprising, because we are not releasing the operation object at all anymore) and the deadlock. I don't have more time right now, but I hope to get back to it later. |
So I think the problems were introduced in this commit: 2d86bb7 It adds a lot of usages of Unmanaged and this usage for example would cause an unbalanced release: https://github.com/apple/swift-corelibs-foundation/blob/swift-5.2-branch/Foundation/Operation.swift#L125-L129 The naming in the Unmanaged API makes it easy to make this mistake, as it sounds like it would retain the value before returning it, but in reality it consumes an unbalanced retain. So even thought this commit was part of the 5.1 release, I think that the problems have not surfaced before, because the dependencies were broken. So the commit that fixed dependencies was likely the trigger for the problems we are seeing now. |
Thanks so much for this investigation @drexin |
Any updates on this? It seems to still fail on Swift 5.3.1 (hanged for me w/ the official swift:5.3.1 image). |
Still not fixed on 5.3.3
occasionally crashes. |
I cannot reproduce this anymore using the infinite loop in |
I have reproduced the issue in |
Environment
Official Swift Docker image (000366daa6eb)
Additional Detail from JIRA
md5: d9b761cd41e216d23fd95d4d60093f8b
Issue Description:
Adding operations with `addOperations` in an OperationQueue twice will lead to a deadlock (when run via `swift run`) and a crash (when running the file a script) on Linux.
Works fine on macOS.
Test repository: https://gitlab.com/frizlab-demo-projects/test_op_swift
Commands (either of them fails; one crashes, the other just deadlocks):
docker run --rm -it -v "$(pwd):/tmp" swift:5.2 bash -c 'cd /tmp; swift run'
docker run --rm -it -v "$(pwd):/tmp" swift:5.2 /tmp/standalone_test.swift
[EDIT by @weissi]: The standalone repro seems to just be
The text was updated successfully, but these errors were encountered: