Skip to content

Racing ExecutionCreate and RegistrationOpen could delete the internal MsQuicLib.WorkerPool #5686

New issue
New issue
Open
Bug
Open
Racing ExecutionCreate and RegistrationOpen could delete the internal MsQuicLib.WorkerPool#5686
Bug
Assignees
anrossi
Labels
Area: API
@anrossi

Description

@anrossi
anrossi
opened on Dec 18, 2025

The first RegistrationOpen will run QuicLibraryLazyInitialize which allocates the worker pool. Parallel invocations of QuicLibraryLazyInitialize are serialized by a lock, and the first one to complete sets a flag indicating initialization is done before dropping the lock (library.c L938)
However, ExecutionCreate is not serialized against this same lock, and an incorrect program could race RegistrationOpen and ExecutionCreate so that ExecutionCreate runs just after the worker pool is allocated, but before the lazy initialization complete flag is set, and delete that worker pool (and mess up the source ref count tracking).

There are two solutions:

  • This limitation needs to be documented so applications don't make this mistake.
  • This needs to be prevented by waiting on the same lock before checking the flag.

I recommend the second option.

Metadata

Metadata

Assignees

Labels

Area: API

Type

Bug

Projects

DPT Iteration Tracker

Status

No status

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions