Hide Forgot
Description of problem: qdrouterd in Satellite has been affected by a segfault fixed by PROTON-920 in upstream. Please either backport PROTON-920 over qpid-proton-c-0.9-12 or rebase qpid-proton to a version fixing this flaw (i.e. to proton >=10). Version-Release number of selected component (if applicable): qpid-proton-c-0.9-12.el7sat.x86_64 How reproducible: n.a. at the moment (I can come up with an artificial reproducer if necessary) Steps to Reproduce: n.a., have segfault of qdrouterd with backtrace: (gdb) bt full #0 pn_do_transfer (transport=0x237f500, frame_type=<optimized out>, channel=<optimized out>, args=<optimized out>, payload=0x7fd663ed82a0) at /usr/src/debug/qpid-proton-0.9/proton-c/src/transport/transport.c:1309 handle = 0 tag = {size = 8, start = 0x23e3510 "E\366*"} id_present = true id = 644634 settled = true more = false has_type = false type = 0 err = <optimized out> ssn = 0xc7d74c0 link = <optimized out> delivery = <optimized out> #1 0x00007fd67068ef7b in pni_dispatch_action (payload=0x7fd663ed82a0, args=0x237f6d0, channel=<optimized out>, frame_type=0 '\000', lcode=<optimized out>, transport=0x237f500) at /usr/src/debug/qpid-proton-0.9/proton-c/src/dispatcher/dispatcher.c:74 action = <optimized out> #2 pni_dispatch_frame (args=0x237f6d0, transport=0x237f500, frame=...) at /usr/src/debug/qpid-proton-0.9/proton-c/src/dispatcher/dispatcher.c:116 dsize = 35 lcode = 20 scanned = true payload = {size = 338, start = 0x2393d9b ""} e = <optimized out> payload_size = <optimized out> frame_type = 0 '\000' payload_mem = <optimized out> #3 pn_dispatcher_input (transport=transport@entry=0x237f500, bytes=0x2393d70 "", available=0, batch=batch@entry=true, halt=halt@entry=0x237f682) at /usr/src/debug/qpid-proton-0.9/proton-c/src/dispatcher/dispatcher.c:135 frame = {type = 0 '\000', channel = 0, ex_size = 0, extended = 0x2393d78 "", size = 373, payload = 0x2393d78 ""} n = <optimized out> read = 381 ---Type <return> to continue, or q <return> to quit--- #4 0x00007fd670696f7c in pn_input_read_amqp (transport=0x237f500, layer=<optimized out>, bytes=<optimized out>, available=<optimized out>) at /usr/src/debug/qpid-proton-0.9/proton-c/src/transport/transport.c:1672 n = <optimized out> #5 0x00007fd6706a49f1 in process_input_ssl (transport=0x237f500, layer=0, input_data=0x2386844 "\241\350K\"\001\\\231\331\306P\353)\t\240Ww\214r\224ڢ\320\366\247\211\030\246t\027\203\264\207\252\360\252\006\321\340\230\270\267K_\030B\200P>i\aL\242\355\323\020@^\016\017\337\063?\221\003\302\200\333tڲ`\271(!ySP\233\257\212\"\232\326K\312a\257~#\005\322\341\210\342\243(6\377*\255\305\027yh\266\t\375^\330\036\333È:L\206>\350\023\270<\275$0\374\333\375]'\321ߒ`A\210R\360\355\233\065\a\214\231\037\234\254\220H\212\321%[\f;\256=;\032>\002\264\376r\357\366'x_\t\033ٚ\346\363\061-\315P\344֒(:\254!\035\246R\017\376=Sh\025)E\374P", <incomplete sequence \326>..., available=0) at /usr/src/debug/qpid-proton-0.9/proton-c/src/ssl/openssl.c:934 consumed = <optimized out> ssl = 0x238e440 consumed = 484 work_pending = true shutdown_input = false #6 0x00007fd67069703a in transport_consume (transport=transport@entry=0x237f500) at /usr/src/debug/qpid-proton-0.9/proton-c/src/transport/transport.c:1604 n = <optimized out> consumed = 0 #7 0x00007fd670698452 in pn_transport_process (transport=transport@entry=0x237f500, size=<optimized out>) at /usr/src/debug/qpid-proton-0.9/proton-c/src/transport/transport.c:2690 n = <optimized out> #8 0x00007fd6708dae23 in qdpn_connector_process (c=c@entry=0x237dc10) at /usr/src/debug/qpid-dispatch-0.4/src/posix/driver.c:711 n = <optimized out> capacity = 16384 transport = 0x237f500 #9 0x00007fd6708e4bbc in process_connector (cxtr=0x237dc10, qd_server=0x2289710) at /usr/src/debug/qpid-dispatch-0.4/src/server.c:328 ctx = 0x22866b0 events = 0 passes = 1 #10 thread_run (arg=<optimized out>) at /usr/src/debug/qpid-dispatch-0.4/src/server.c:626 work_done = 1 timer = <optimized out> ---Type <return> to continue, or q <return> to quit--- thread = <optimized out> work = <optimized out> cxtr = 0x237dc10 conn = <optimized out> ctx = <optimized out> error = <optimized out> poll_result = <optimized out> qd_server = 0x2289710 #11 0x00007fd670456dc5 in start_thread (arg=0x7fd663ed9700) at pthread_create.c:308 __res = <optimized out> pd = 0x7fd663ed9700 now = <optimized out> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140558776243968, 7614556874938174065, 0, 140558776244672, 140558776243968, 0, -7637945567322912143, -7637903033427768719}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = { prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = <optimized out> pagesize_m1 = <optimized out> sp = <optimized out> freesize = <optimized out> #12 0x00007fd66f9b228d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113 No locals. Actual results: qdrouterd segfaults with above backtrace Expected results: no qdrouterd segfault Additional info: compare above backtrace to [1] (that is fixed by [2]). (gdb) p *(transport->remote_channels) $5 = {map = {key = 0x7fd6708b77c0 <PNI_UINTPTR>, value = 0x7fd6708b7740 <PNI_WEAKREF>, entries = 0x7fd6611f9010, capacity = 131072, addressable = 112721, size = 65536, hashcode = 0x7fd670685230 <pni_identity_hashcode>, equals = 0x7fd670685240 <pni_identity_equals>, load_factor = 0.75}} (gdb) I.e. the transport has empty map of remote channels while receiving a transfer frame/performative from the remote peer. This really fixes the PROTON-920 in [2] / [3] [1] https://www.mail-archive.com/users@qpid.apache.org/msg11883.html [2] https://issues.apache.org/jira/browse/PROTON-920 [3] https://git-wip-us.apache.org/repos/asf?p=qpid-proton.git;a=blob;f=proton-c/src/transport/transport.c;h=4cf935bdb4f910ebcdbfe27abb3db7be02ae483c;hb=4cf935bdb4f910ebcdbfe27abb3db7be02ae483c#l1398
QE notes: simply verifiy package version. As of snap 16, I see a qpid-proton-c but not a qpid-proton package.
Build : Satellite 6.2 Snap 17.0 [root@sjagtap-sat6 ~]# rpm -qa|grep qpid-proton qpid-proton-c-0.9-16.el7.x86_64
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2016:1501
*** Bug 1383880 has been marked as a duplicate of this bug. ***