Bug 1039626 - [amqp1.0] calling getTimestampConfig() qmf method leads to broker crash
Summary: [amqp1.0] calling getTimestampConfig() qmf method leads to broker crash
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: qpid-cpp
Version: Development
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: 3.0
: ---
Assignee: Gordon Sim
QA Contact: Petr Matousek
URL:
Whiteboard:
Depends On:
Blocks: 1010399
TreeView+ depends on / blocked
 
Reported: 2013-12-09 16:13 UTC by Petr Matousek
Modified: 2015-01-21 12:56 UTC (History)
5 users (show)

Fixed In Version: qpid-cpp-0.22-30
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-01-21 12:56:59 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
reproducer - qmf2_qpid_ctrl utility (9.82 KB, application/octet-stream)
2013-12-09 16:24 UTC, Petr Matousek 		no flags Details
View All


Links
System ID Private Priority Status Summary Last Updated
Apache JIRA QPID-5416 0 None None None Never

Description Petr Matousek 2013-12-09 16:13:17 UTC 
Description of problem:

Broker crash occurs when calling the 'getTimestampConfig' qmf method via amqp1.0 protocol. Probably caused by broker's getUserId() call.

Version-Release number of selected component (if applicable):
qpid-cpp-*-0.22-29

How reproducible:
100%

Steps to Reproduce:
1. call getTimestampConfig qmf method, use amqp1.0 protocol
2. Broker crash

Actual results:
Broker Segmentation fault on calling getTimestampConfig qmf method via amqp1.0

Expected results:
No crash, proper response obtained

Additional info:

# /var/dtests/node_data/clients/qmf2_qpid_ctrl  --broker 10.34.33.110:5672 --connection-options "{  protocol : 'amqp0-10' }" getTimestampConfig
{'receive': False}
# /var/dtests/node_data/clients/qmf2_qpid_ctrl  --broker 10.34.33.110:5672 --connection-options "{  protocol : 'amqp1.0' }" getTimestampConfig
terminate called after throwing an instance of 'qpid::messaging::TransportFailure'
  what():  Disconnected (reconnect disabled)
Comment 1 Petr Matousek 2013-12-09 16:15:06 UTC 
coredump:

Core was generated by `qpidd'.
Program terminated with signal 11, Segmentation fault.
#0  qpid::broker::Broker::getTimestampConfig (this=0x1fc34d0, receive=@0x7ff3d173d468, context=0x0) at /usr/src/debug/qpid-0.22/cpp/src/qpid/broker/Broker.cpp:1012
1012	    std::string userId = context->getUserId();
(gdb) t a a bt

Thread 4 (Thread 0x7ff3d471b7a0 (LWP 26625)):
#0  0x0000003a326e9163 in epoll_wait () at ../sysdeps/unix/syscall-template.S:82
#1  0x00000035acb4dd0d in qpid::sys::Poller::wait (this=0x1fbf640, timeout=...) at /usr/src/debug/qpid-0.22/cpp/src/qpid/sys/epoll/EpollPoller.cpp:566
#2  0x00000035acb4e3e1 in qpid::sys::Poller::run (this=0x1fbf640) at /usr/src/debug/qpid-0.22/cpp/src/qpid/sys/epoll/EpollPoller.cpp:518
#3  0x00000033f07bc532 in qpid::broker::Broker::run (this=<value optimized out>) at /usr/src/debug/qpid-0.22/cpp/src/qpid/broker/Broker.cpp:433
#4  0x00000000004073b7 in qpid::broker::QpiddBroker::execute (this=<value optimized out>, options=<value optimized out>) at /usr/src/debug/qpid-0.22/cpp/src/posix/QpiddBroker.cpp:206
#5  0x000000000040cb04 in qpid::broker::run_broker (argc=1, argv=0x7fff42377648, hidden=<value optimized out>) at /usr/src/debug/qpid-0.22/cpp/src/qpidd.cpp:108
#6  0x0000003a3261ed1d in __libc_start_main (main=0x406c60 <main(int, char**)>, argc=1, ubp_av=0x7fff42377648, init=<value optimized out>, fini=<value optimized out>, rtld_fini=<value optimized out>, 
    stack_end=0x7fff42377638) at libc-start.c:226
#7  0x0000000000406b99 in _start ()

Thread 3 (Thread 0x7ff3d22c5700 (LWP 26626)):
#0  pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:239
#1  0x00000035acba2a4d in wait (this=0x1fc2e00) at /usr/src/debug/qpid-0.22/cpp/src/qpid/sys/posix/Condition.h:69
#2  wait (this=0x1fc2e00) at /usr/src/debug/qpid-0.22/cpp/src/qpid/sys/Monitor.h:45
#3  qpid::sys::Timer::run (this=0x1fc2e00) at /usr/src/debug/qpid-0.22/cpp/src/qpid/sys/Timer.cpp:186
#4  0x00000035acb438fa in qpid::sys::(anonymous namespace)::runRunnable (p=<value optimized out>) at /usr/src/debug/qpid-0.22/cpp/src/qpid/sys/posix/Thread.cpp:35
#5  0x0000003a32e079d1 in start_thread (arg=0x7ff3d22c5700) at pthread_create.c:301
#6  0x0000003a326e8b6d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115

Thread 2 (Thread 0x7ff3d0d41700 (LWP 26628)):
#0  0x0000003a326e9163 in epoll_wait () at ../sysdeps/unix/syscall-template.S:82
#1  0x00000035acb4dd0d in qpid::sys::Poller::wait (this=0x1fbf640, timeout=...) at /usr/src/debug/qpid-0.22/cpp/src/qpid/sys/epoll/EpollPoller.cpp:566
#2  0x00000035acb4e3e1 in qpid::sys::Poller::run (this=0x1fbf640) at /usr/src/debug/qpid-0.22/cpp/src/qpid/sys/epoll/EpollPoller.cpp:518
#3  0x00000035acb438fa in qpid::sys::(anonymous namespace)::runRunnable (p=<value optimized out>) at /usr/src/debug/qpid-0.22/cpp/src/qpid/sys/posix/Thread.cpp:35
#4  0x0000003a32e079d1 in start_thread (arg=0x7ff3d0d41700) at pthread_create.c:301
#5  0x0000003a326e8b6d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115

Thread 1 (Thread 0x7ff3d1742700 (LWP 26627)):
#0  qpid::broker::Broker::getTimestampConfig (this=0x1fc34d0, receive=@0x7ff3d173d468, context=0x0) at /usr/src/debug/qpid-0.22/cpp/src/qpid/broker/Broker.cpp:1012
#1  0x00000033f07babb0 in qpid::broker::Broker::ManagementMethod (this=0x1fc34d0, methodId=<value optimized out>, args=..., text="") at /usr/src/debug/qpid-0.22/cpp/src/qpid/broker/Broker.cpp:568
#2  0x00000033f06e2157 in qmf::org::apache::qpid::broker::Broker::doMethod (this=0x1fc4950, methodName="getTimestampConfig", inMap=std::map with 0 elements, outMap=std::map with 0 elements, userId="")
    at /usr/src/debug/qpid-0.22/cpp/src/qmf/org/apache/qpid/broker/Broker.cpp:1579
#3  0x00000033f08c98ec in qpid::management::ManagementAgent::handleMethodRequest (this=0x1fc3e80, body=<value optimized out>, rte="qmf.default.topic", rtk="direct.c54d8cf1-a812-4f6d-b533-8441129097b3", cid=
    "1", userId="", viaLocal=true) at /usr/src/debug/qpid-0.22/cpp/src/qpid/management/ManagementAgent.cpp:1447
#4  0x00000033f08d7a65 in qpid::management::ManagementAgent::dispatchAgentCommand (this=0x1fc3e80, msg=..., viaLocal=true) at /usr/src/debug/qpid-0.22/cpp/src/qpid/management/ManagementAgent.cpp:2313
#5  0x00000033f08d82f8 in qpid::management::ManagementAgent::dispatchCommand (this=0x1fc3e80, deliverable=<value optimized out>, routingKey="broker", topic=false, qmfVersion=2)
    at /usr/src/debug/qpid-0.22/cpp/src/qpid/management/ManagementAgent.cpp:1255
#6  0x00000033f08e9039 in qpid::broker::ManagementDirectExchange::route (this=0x1fd3210, msg=...) at /usr/src/debug/qpid-0.22/cpp/src/qpid/management/ManagementDirectExchange.cpp:48
#7  0x00007ff3d4286f3b in qpid::broker::amqp::IncomingToExchange::handle (this=0x7ff3cc0429c0, message=...) at /usr/src/debug/qpid-0.22/cpp/src/qpid/broker/amqp/Session.cpp:673
#8  0x00007ff3d4255990 in qpid::broker::amqp::DecodingIncoming::readable (this=0x7ff3cc0429c0, delivery=0x7ff3cc042f80) at /usr/src/debug/qpid-0.22/cpp/src/qpid/broker/amqp/Incoming.cpp:121
#9  0x00007ff3d42800ef in qpid::broker::amqp::Session::readable (this=0x7ff3cc028610, link=0x7ff3cc036190, delivery=0x7ff3cc042f80) at /usr/src/debug/qpid-0.22/cpp/src/qpid/broker/amqp/Session.cpp:566
#10 0x00007ff3d4244cae in qpid::broker::amqp::Connection::process (this=0x7ff3cc000aa8) at /usr/src/debug/qpid-0.22/cpp/src/qpid/broker/amqp/Connection.cpp:272
#11 0x00007ff3d4242deb in qpid::broker::amqp::Connection::decode (this=0x7ff3cc000aa8, buffer=<value optimized out>, size=<value optimized out>)
    at /usr/src/debug/qpid-0.22/cpp/src/qpid/broker/amqp/Connection.cpp:98
#12 0x00007ff3d4277101 in qpid::broker::amqp::Sasl::decode (this=0x7ff3cc000a50, buffer=<value optimized out>, size=355) at /usr/src/debug/qpid-0.22/cpp/src/qpid/broker/amqp/Sasl.cpp:49
#13 0x00000035acb98da0 in qpid::sys::AsynchIOHandler::readbuff (this=0x7ff3c4000aa0, buff=0x7ff3c4001a00) at /usr/src/debug/qpid-0.22/cpp/src/qpid/sys/AsynchIOHandler.cpp:130
#14 0x00000035acb2bc94 in operator() (this=0x7ff3c40010a0, h=...) at /usr/include/boost/function/function_template.hpp:1013
#15 qpid::sys::posix::AsynchIO::readable (this=0x7ff3c40010a0, h=...) at /usr/src/debug/qpid-0.22/cpp/src/qpid/sys/posix/AsynchIO.cpp:453
#16 0x00000035acb9d453 in boost::function1<void, qpid::sys::DispatchHandle&>::operator() (this=<value optimized out>, a0=<value optimized out>) at /usr/include/boost/function/function_template.hpp:1013
#17 0x00000035acb9c5a1 in qpid::sys::DispatchHandle::processEvent (this=0x7ff3c40010a8, type=qpid::sys::Poller::READABLE) at /usr/src/debug/qpid-0.22/cpp/src/qpid/sys/DispatchHandle.cpp:280
#18 0x00000035acb4e3d2 in process (this=0x1fbf640) at /usr/src/debug/qpid-0.22/cpp/src/qpid/sys/Poller.h:131
#19 qpid::sys::Poller::run (this=0x1fbf640) at /usr/src/debug/qpid-0.22/cpp/src/qpid/sys/epoll/EpollPoller.cpp:522
---Type <return> to continue, or q <return> to quit---
#20 0x00000035acb438fa in qpid::sys::(anonymous namespace)::runRunnable (p=<value optimized out>) at /usr/src/debug/qpid-0.22/cpp/src/qpid/sys/posix/Thread.cpp:35
#21 0x0000003a32e079d1 in start_thread (arg=0x7ff3d1742700) at pthread_create.c:301
#22 0x0000003a326e8b6d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115
Comment 2 Petr Matousek 2013-12-09 16:24:24 UTC 
Created attachment 834387 [details]
reproducer - qmf2_qpid_ctrl utility
Comment 3 Gordon Sim 2013-12-10 22:53:16 UTC 
Fixed upstream: https://svn.apache.org/r1549993
Comment 4 Gordon Sim 2013-12-11 17:12:20 UTC 
Also needs https://svn.apache.org/r1550190 to prevent windows linking failure.
Comment 5 Petr Matousek 2014-01-06 13:24:29 UTC 
This issue has been fixed. Verified on rhel6.5 (x86_64, i386).

packages under test:
qpid-cpp-*-0.22-30

-> VERIFIED
Note You need to log in before you can comment on or make changes to this bug.