Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHBA-2016:1501
Description of problem: qdrouterd in Satellite has been affected by a segfault fixed by PROTON-920 in upstream. Please either backport PROTON-920 over qpid-proton-c-0.9-12 or rebase qpid-proton to a version fixing this flaw (i.e. to proton >=10). Version-Release number of selected component (if applicable): qpid-proton-c-0.9-12.el7sat.x86_64 How reproducible: n.a. at the moment (I can come up with an artificial reproducer if necessary) Steps to Reproduce: n.a., have segfault of qdrouterd with backtrace: (gdb) bt full #0 pn_do_transfer (transport=0x237f500, frame_type=<optimized out>, channel=<optimized out>, args=<optimized out>, payload=0x7fd663ed82a0) at /usr/src/debug/qpid-proton-0.9/proton-c/src/transport/transport.c:1309 handle = 0 tag = {size = 8, start = 0x23e3510 "E\366*"} id_present = true id = 644634 settled = true more = false has_type = false type = 0 err = <optimized out> ssn = 0xc7d74c0 link = <optimized out> delivery = <optimized out> #1 0x00007fd67068ef7b in pni_dispatch_action (payload=0x7fd663ed82a0, args=0x237f6d0, channel=<optimized out>, frame_type=0 '\000', lcode=<optimized out>, transport=0x237f500) at /usr/src/debug/qpid-proton-0.9/proton-c/src/dispatcher/dispatcher.c:74 action = <optimized out> #2 pni_dispatch_frame (args=0x237f6d0, transport=0x237f500, frame=...) at /usr/src/debug/qpid-proton-0.9/proton-c/src/dispatcher/dispatcher.c:116 dsize = 35 lcode = 20 scanned = true payload = {size = 338, start = 0x2393d9b ""} e = <optimized out> payload_size = <optimized out> frame_type = 0 '\000' payload_mem = <optimized out> #3 pn_dispatcher_input (transport=transport@entry=0x237f500, bytes=0x2393d70 "", available=0, batch=batch@entry=true, halt=halt@entry=0x237f682) at /usr/src/debug/qpid-proton-0.9/proton-c/src/dispatcher/dispatcher.c:135 frame = {type = 0 '\000', channel = 0, ex_size = 0, extended = 0x2393d78 "", size = 373, payload = 0x2393d78 ""} n = <optimized out> read = 381 ---Type <return> to continue, or q <return> to quit--- #4 0x00007fd670696f7c in pn_input_read_amqp (transport=0x237f500, layer=<optimized out>, bytes=<optimized out>, available=<optimized out>) at /usr/src/debug/qpid-proton-0.9/proton-c/src/transport/transport.c:1672 n = <optimized out> #5 0x00007fd6706a49f1 in process_input_ssl (transport=0x237f500, layer=0, input_data=0x2386844 "\241\350K\"\001\\\231\331\306P\353)\t\240Ww\214r\224ڢ\320\366\247\211\030\246t\027\203\264\207\252\360\252\006\321\340\230\270\267K_\030B\200P>i\aL\242\355\323\020@^\016\017\337\063?\221\003\302\200\333tڲ`\271(!ySP\233\257\212\"\232\326K\312a\257~#\005\322\341\210\342\243(6\377*\255\305\027yh\266\t\375^\330\036\333È:L\206>\350\023\270<\275$0\374\333\375]'\321ߒ`A\210R\360\355\233\065\a\214\231\037\234\254\220H\212\321%[\f;\256=;\032>\002\264\376r\357\366'x_\t\033ٚ\346\363\061-\315P\344֒(:\254!\035\246R\017\376=Sh\025)E\374P", <incomplete sequence \326>..., available=0) at /usr/src/debug/qpid-proton-0.9/proton-c/src/ssl/openssl.c:934 consumed = <optimized out> ssl = 0x238e440 consumed = 484 work_pending = true shutdown_input = false #6 0x00007fd67069703a in transport_consume (transport=transport@entry=0x237f500) at /usr/src/debug/qpid-proton-0.9/proton-c/src/transport/transport.c:1604 n = <optimized out> consumed = 0 #7 0x00007fd670698452 in pn_transport_process (transport=transport@entry=0x237f500, size=<optimized out>) at /usr/src/debug/qpid-proton-0.9/proton-c/src/transport/transport.c:2690 n = <optimized out> #8 0x00007fd6708dae23 in qdpn_connector_process (c=c@entry=0x237dc10) at /usr/src/debug/qpid-dispatch-0.4/src/posix/driver.c:711 n = <optimized out> capacity = 16384 transport = 0x237f500 #9 0x00007fd6708e4bbc in process_connector (cxtr=0x237dc10, qd_server=0x2289710) at /usr/src/debug/qpid-dispatch-0.4/src/server.c:328 ctx = 0x22866b0 events = 0 passes = 1 #10 thread_run (arg=<optimized out>) at /usr/src/debug/qpid-dispatch-0.4/src/server.c:626 work_done = 1 timer = <optimized out> ---Type <return> to continue, or q <return> to quit--- thread = <optimized out> work = <optimized out> cxtr = 0x237dc10 conn = <optimized out> ctx = <optimized out> error = <optimized out> poll_result = <optimized out> qd_server = 0x2289710 #11 0x00007fd670456dc5 in start_thread (arg=0x7fd663ed9700) at pthread_create.c:308 __res = <optimized out> pd = 0x7fd663ed9700 now = <optimized out> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140558776243968, 7614556874938174065, 0, 140558776244672, 140558776243968, 0, -7637945567322912143, -7637903033427768719}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = { prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = <optimized out> pagesize_m1 = <optimized out> sp = <optimized out> freesize = <optimized out> #12 0x00007fd66f9b228d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113 No locals. Actual results: qdrouterd segfaults with above backtrace Expected results: no qdrouterd segfault Additional info: compare above backtrace to [1] (that is fixed by [2]). (gdb) p *(transport->remote_channels) $5 = {map = {key = 0x7fd6708b77c0 <PNI_UINTPTR>, value = 0x7fd6708b7740 <PNI_WEAKREF>, entries = 0x7fd6611f9010, capacity = 131072, addressable = 112721, size = 65536, hashcode = 0x7fd670685230 <pni_identity_hashcode>, equals = 0x7fd670685240 <pni_identity_equals>, load_factor = 0.75}} (gdb) I.e. the transport has empty map of remote channels while receiving a transfer frame/performative from the remote peer. This really fixes the PROTON-920 in [2] / [3] [1] https://www.mail-archive.com/users@qpid.apache.org/msg11883.html [2] https://issues.apache.org/jira/browse/PROTON-920 [3] https://git-wip-us.apache.org/repos/asf?p=qpid-proton.git;a=blob;f=proton-c/src/transport/transport.c;h=4cf935bdb4f910ebcdbfe27abb3db7be02ae483c;hb=4cf935bdb4f910ebcdbfe27abb3db7be02ae483c#l1398