Skip to content

Data race in nrmac_stats_thread in gNB

This is a data race was detected by thread sanitizer.

WARNING: ThreadSanitizer: data race (pid=172700)
  Write of size 8 at 0x7b9800001408 by main thread:
    #0 memset ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:799 (libtsan.so.0+0x614cb)
    #1 memset ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:797 (libtsan.so.0+0x614cb)
    #2 memset /usr/include/x86_64-linux-gnu/bits/string_fortified.h:59 (nr-softmodem+0xf84055)
    #3 mac_top_init_gNB /home/ubuntu/bpodrygajlo/openairinterface5g/openair2/LAYER2/NR_MAC_gNB/main.c:317 (nr-softmodem+0xf84055)
    #4 RCconfig_nr_macrlc /home/ubuntu/bpodrygajlo/openairinterface5g/openair2/GNB_APP/gnb_config.c:1324 (nr-softmodem+0xf56907)
    #5 create_gNB_tasks /home/ubuntu/bpodrygajlo/openairinterface5g/executables/nr-softmodem.c:291 (nr-softmodem+0xa653f0)
    #6 main /home/ubuntu/bpodrygajlo/openairinterface5g/executables/nr-softmodem.c:661 (nr-softmodem+0xa653f0)

  Previous read of size 8 at 0x7b9800001408 by thread T1 (mutexes: write M154, write M155):
    #0 dump_mac_stats /home/ubuntu/bpodrygajlo/openairinterface5g/openair2/LAYER2/NR_MAC_gNB/main.c:96 (nr-softmodem+0xf82103)
    #1 nrmac_stats_thread /home/ubuntu/bpodrygajlo/openairinterface5g/openair2/LAYER2/NR_MAC_gNB/main.c:62 (nr-softmodem+0xf82f35)

  Location is heap block of size 11592 at 0x7b9800000000 allocated by main thread:
    #0 memalign ../../../../src/libsanitizer/tsan/tsan_interceptors_posix.cpp:791 (libtsan.so.0+0x3119f)
    #1 mac_top_init_gNB /home/ubuntu/bpodrygajlo/openairinterface5g/openair2/LAYER2/NR_MAC_gNB/main.c:237 (nr-softmodem+0xf8355c)
    #2 RCconfig_nr_macrlc /home/ubuntu/bpodrygajlo/openairinterface5g/openair2/GNB_APP/gnb_config.c:1324 (nr-softmodem+0xf56907)
    #3 create_gNB_tasks /home/ubuntu/bpodrygajlo/openairinterface5g/executables/nr-softmodem.c:291 (nr-softmodem+0xa653f0)
    #4 main /home/ubuntu/bpodrygajlo/openairinterface5g/executables/nr-softmodem.c:661 (nr-softmodem+0xa653f0)

  Mutex M154 (0x7b9800002d00) created at:
    #0 pthread_mutex_init ../../../../src/libsanitizer/tsan/tsan_interceptors_posix.cpp:1227 (libtsan.so.0+0x4bee1)
    #1 mac_top_init_gNB /home/ubuntu/bpodrygajlo/openairinterface5g/openair2/LAYER2/NR_MAC_gNB/main.c:265 (nr-softmodem+0xf83891)
    #2 RCconfig_nr_macrlc /home/ubuntu/bpodrygajlo/openairinterface5g/openair2/GNB_APP/gnb_config.c:1324 (nr-softmodem+0xf56907)
    #3 create_gNB_tasks /home/ubuntu/bpodrygajlo/openairinterface5g/executables/nr-softmodem.c:291 (nr-softmodem+0xa653f0)
    #4 main /home/ubuntu/bpodrygajlo/openairinterface5g/executables/nr-softmodem.c:661 (nr-softmodem+0xa653f0)

  Mutex M155 (0x7b98000013e0) created at:
    #0 pthread_mutex_init ../../../../src/libsanitizer/tsan/tsan_interceptors_posix.cpp:1227 (libtsan.so.0+0x4bee1)
    #1 mac_top_init_gNB /home/ubuntu/bpodrygajlo/openairinterface5g/openair2/LAYER2/NR_MAC_gNB/main.c:267 (nr-softmodem+0xf838c4)
    #2 RCconfig_nr_macrlc /home/ubuntu/bpodrygajlo/openairinterface5g/openair2/GNB_APP/gnb_config.c:1324 (nr-softmodem+0xf56907)
    #3 create_gNB_tasks /home/ubuntu/bpodrygajlo/openairinterface5g/executables/nr-softmodem.c:291 (nr-softmodem+0xa653f0)
    #4 main /home/ubuntu/bpodrygajlo/openairinterface5g/executables/nr-softmodem.c:661 (nr-softmodem+0xa653f0)

  Thread T1 'MAC_STATS' (tid=172715, running) created by main thread at:
    #0 pthread_create ../../../../src/libsanitizer/tsan/tsan_interceptors_posix.cpp:969 (libtsan.so.0+0x605b8)
    #1 threadCreate /home/ubuntu/bpodrygajlo/openairinterface5g/common/utils/system.c:283 (nr-softmodem+0x14b44fb)
    #2 mac_top_init_gNB /home/ubuntu/bpodrygajlo/openairinterface5g/openair2/LAYER2/NR_MAC_gNB/main.c:278 (nr-softmodem+0xf83d2a)
    #3 RCconfig_nr_macrlc /home/ubuntu/bpodrygajlo/openairinterface5g/openair2/GNB_APP/gnb_config.c:1324 (nr-softmodem+0xf56907)
    #4 create_gNB_tasks /home/ubuntu/bpodrygajlo/openairinterface5g/executables/nr-softmodem.c:291 (nr-softmodem+0xa653f0)
    #5 main /home/ubuntu/bpodrygajlo/openairinterface5g/executables/nr-softmodem.c:661 (nr-softmodem+0xa653f0)

SUMMARY: ThreadSanitizer: data race /usr/include/x86_64-linux-gnu/bits/string_fortified.h:59 in memset

This data race happens when reading list of UEs in dump_mac_stats. The list might be uninitialized at this point, this could cause a segfault if uninitialized pointer is dereferenced.