1317484 – Backport PROTON-920 to Satellite / qpid-proton

Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1317484 - Backport PROTON-920 to Satellite / qpid-proton

Summary: Backport PROTON-920 to Satellite / qpid-proton

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	Other
Sub Component:
Version:	6.1.6
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	Unspecified
Assignee:	satellite6-bugs
QA Contact:	Sanket Jagtap
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	1383880 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-03-14 11:35 UTC by Pavel Moravec
Modified:	2021-06-10 11:12 UTC (History)
CC List:	10 users (show)
Fixed In Version:	qpid-proton-0.9-16
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-07-27 11:25:38 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Pavel Moravec 2016-03-14 11:35:42 UTC

Description of problem:
qdrouterd in Satellite has been affected by a segfault fixed by PROTON-920 in upstream. Please either backport PROTON-920 over qpid-proton-c-0.9-12 or rebase qpid-proton to a version fixing this flaw (i.e. to proton >=10).


Version-Release number of selected component (if applicable):
qpid-proton-c-0.9-12.el7sat.x86_64


How reproducible:
n.a. at the moment (I can come up with an artificial reproducer if necessary)


Steps to Reproduce:
n.a., have segfault of qdrouterd with backtrace:

(gdb) bt full
#0  pn_do_transfer (transport=0x237f500, frame_type=<optimized out>, channel=<optimized out>, args=<optimized out>, 
    payload=0x7fd663ed82a0) at /usr/src/debug/qpid-proton-0.9/proton-c/src/transport/transport.c:1309
        handle = 0
        tag = {size = 8, start = 0x23e3510 "E\366*"}
        id_present = true
        id = 644634
        settled = true
        more = false
        has_type = false
        type = 0
        err = <optimized out>
        ssn = 0xc7d74c0
        link = <optimized out>
        delivery = <optimized out>
#1  0x00007fd67068ef7b in pni_dispatch_action (payload=0x7fd663ed82a0, args=0x237f6d0, channel=<optimized out>, frame_type=0 '\000', 
    lcode=<optimized out>, transport=0x237f500) at /usr/src/debug/qpid-proton-0.9/proton-c/src/dispatcher/dispatcher.c:74
        action = <optimized out>
#2  pni_dispatch_frame (args=0x237f6d0, transport=0x237f500, frame=...)
    at /usr/src/debug/qpid-proton-0.9/proton-c/src/dispatcher/dispatcher.c:116
        dsize = 35
        lcode = 20
        scanned = true
        payload = {size = 338, start = 0x2393d9b ""}
        e = <optimized out>
        payload_size = <optimized out>
        frame_type = 0 '\000'
        payload_mem = <optimized out>
#3  pn_dispatcher_input (transport=transport@entry=0x237f500, bytes=0x2393d70 "", available=0, batch=batch@entry=true, 
    halt=halt@entry=0x237f682) at /usr/src/debug/qpid-proton-0.9/proton-c/src/dispatcher/dispatcher.c:135
        frame = {type = 0 '\000', channel = 0, ex_size = 0, extended = 0x2393d78 "", size = 373, payload = 0x2393d78 ""}
        n = <optimized out>
        read = 381
---Type <return> to continue, or q <return> to quit---
#4  0x00007fd670696f7c in pn_input_read_amqp (transport=0x237f500, layer=<optimized out>, bytes=<optimized out>, 
    available=<optimized out>) at /usr/src/debug/qpid-proton-0.9/proton-c/src/transport/transport.c:1672
        n = <optimized out>
#5  0x00007fd6706a49f1 in process_input_ssl (transport=0x237f500, layer=0, 
    input_data=0x2386844 "\241\350K\"\001\\\231\331\306P\353)\t\240Ww\214r\224ڢ\320\366\247\211\030\246t\027\203\264\207\252\360\252\006\321\340\230\270\267K_\030B\200P>i\aL\242\355\323\020@^\016\017\337\063?\221\003\302\200\333tڲ`\271(!ySP\233\257\212\"\232\326K\312a\257~#\005\322\341\210\342\243(6\377*\255\305\027yh\266\t\375^\330\036\333È:L\206>\350\023\270<\275$0\374\333\375]'\321ߒ`A\210R\360\355\233\065\a\214\231\037\234\254\220H\212\321%[\f;\256=;\032>\002\264\376r\357\366'x_\t\033ٚ\346\363\061-\315P\344֒(:\254!\035\246R\017\376=Sh\025)E\374P", <incomplete sequence \326>..., available=0) at /usr/src/debug/qpid-proton-0.9/proton-c/src/ssl/openssl.c:934
        consumed = <optimized out>
        ssl = 0x238e440
        consumed = 484
        work_pending = true
        shutdown_input = false
#6  0x00007fd67069703a in transport_consume (transport=transport@entry=0x237f500)
    at /usr/src/debug/qpid-proton-0.9/proton-c/src/transport/transport.c:1604
        n = <optimized out>
        consumed = 0
#7  0x00007fd670698452 in pn_transport_process (transport=transport@entry=0x237f500, size=<optimized out>)
    at /usr/src/debug/qpid-proton-0.9/proton-c/src/transport/transport.c:2690
        n = <optimized out>
#8  0x00007fd6708dae23 in qdpn_connector_process (c=c@entry=0x237dc10) at /usr/src/debug/qpid-dispatch-0.4/src/posix/driver.c:711
        n = <optimized out>
        capacity = 16384
        transport = 0x237f500
#9  0x00007fd6708e4bbc in process_connector (cxtr=0x237dc10, qd_server=0x2289710) at /usr/src/debug/qpid-dispatch-0.4/src/server.c:328
        ctx = 0x22866b0
        events = 0
        passes = 1
#10 thread_run (arg=<optimized out>) at /usr/src/debug/qpid-dispatch-0.4/src/server.c:626
        work_done = 1
        timer = <optimized out>
---Type <return> to continue, or q <return> to quit---
        thread = <optimized out>
        work = <optimized out>
        cxtr = 0x237dc10
        conn = <optimized out>
        ctx = <optimized out>
        error = <optimized out>
        poll_result = <optimized out>
        qd_server = 0x2289710
#11 0x00007fd670456dc5 in start_thread (arg=0x7fd663ed9700) at pthread_create.c:308
        __res = <optimized out>
        pd = 0x7fd663ed9700
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140558776243968, 7614556874938174065, 0, 140558776244672, 140558776243968, 0, 
                -7637945567322912143, -7637903033427768719}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {
              prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
        pagesize_m1 = <optimized out>
        sp = <optimized out>
        freesize = <optimized out>
#12 0x00007fd66f9b228d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
No locals.


Actual results:
qdrouterd segfaults with above backtrace


Expected results:
no qdrouterd segfault


Additional info:
compare above backtrace to [1] (that is fixed by [2]).

(gdb) p *(transport->remote_channels)
$5 = {map = {key = 0x7fd6708b77c0 <PNI_UINTPTR>, value = 0x7fd6708b7740 <PNI_WEAKREF>, entries = 0x7fd6611f9010, capacity = 131072, 
    addressable = 112721, size = 65536, hashcode = 0x7fd670685230 <pni_identity_hashcode>, equals = 
    0x7fd670685240 <pni_identity_equals>, load_factor = 0.75}}
(gdb) 

I.e. the transport has empty map of remote channels while receiving a transfer frame/performative from the remote peer. This really fixes the PROTON-920 in [2] / [3]

[1] https://www.mail-archive.com/users@qpid.apache.org/msg11883.html
[2] https://issues.apache.org/jira/browse/PROTON-920
[3] https://git-wip-us.apache.org/repos/asf?p=qpid-proton.git;a=blob;f=proton-c/src/transport/transport.c;h=4cf935bdb4f910ebcdbfe27abb3db7be02ae483c;hb=4cf935bdb4f910ebcdbfe27abb3db7be02ae483c#l1398

Comment 3 Corey Welton 2016-06-20 15:56:13 UTC

QE notes:  simply verifiy package version.  

As of snap 16, I see a qpid-proton-c but not a qpid-proton package.

Comment 5 Sanket Jagtap 2016-06-22 14:06:09 UTC

Build : Satellite 6.2 Snap 17.0


[root@sjagtap-sat6 ~]# rpm -qa|grep  qpid-proton
qpid-proton-c-0.9-16.el7.x86_64

Comment 6 Bryan Kearney 2016-07-27 11:25:38 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:1501

Comment 7 Pavel Moravec 2016-10-12 07:35:45 UTC

*** Bug 1383880 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.