Description of problem: subscribing to a priority ring queue on backup broker and disconnecting with some acquired but not consumed messages, the broker segfaults in one scenario - see reproducer below. Version-Release number of selected component (if applicable): qpid-cpp-server-0.34-6.el6.x86_64 qpid-cpp-server-ha-0.34-6.el6.x86_64 How reproducible: 100% Steps to Reproduce: killall qpidd qpid-send qpid-receive qpidd --ha-queue-replication true --auth=no --port 5672 --no-data-dir & qpidd --ha-queue-replication true --auth=no --port 6672 --no-data-dir & qpid-config --broker localhost:5672 add queue q --max-queue-count 5 --limit-policy ring --argument qpid.priorities=9 qpid-config --broker localhost:6672 add queue q --max-queue-count 5 --limit-policy ring --argument qpid.priorities=9 qpid-ha replicate --broker localhost:6672 localhost:5672 q qpid-receive --address q -f --broker localhost:6672 & bckpreceivepid=$! qpid-receive --address q -f --broker localhost:6672 -m2 & qpid-send --address q --priority 4 --content-string m1 qpid-send --address q --priority 3 --content-string m2 qpid-send --address q --priority 2 --content-string m3 qpid-send --address q --priority 1 --content-string m4 qpid-send --address q --priority 4 --content-string m5 qpid-send --address q --priority 4 --content-string m6 kill $bckpreceivepid sleep 1 ps aux | grep qpid Actual results: at the end, just broker listening on port 5672 is running. Broker listening on 6672 segfaulted with backtrace: #0 qpid::broker::PriorityQueue::release (this=0x7faf00014dc0, cursor=<value optimized out>) at /usr/include/c++/4.4.7/bits/stl_vector.h:611 #1 0x00000030b0e30e7a in qpid::broker::Queue::release (this=0x7faf00013d78, position=..., markRedelivered=true) at /usr/src/debug/qpid-cpp-0.34/src/qpid/broker/Queue.cpp:349 #2 0x00000030b0ecbbf4 in operator() (this=0x16406b8) at /usr/include/c++/4.4.7/bits/stl_function.h:569 #3 for_each<std::reverse_iterator<std::_Deque_iterator<qpid::broker::DeliveryRecord, qpid::broker::DeliveryRecord&, qpid::broker::DeliveryRecord*> >, std::mem_fun_ref_t<void, qpid::broker::DeliveryRecord> > (this=0x16406b8) at /usr/include/c++/4.4.7/bits/stl_algo.h:4200 #4 qpid::broker::SemanticState::requeue (this=0x16406b8) at /usr/src/debug/qpid-cpp-0.34/src/qpid/broker/SemanticState.cpp:559 #5 0x00000030b0ed15a8 in qpid::broker::SemanticState::closed (this=0x16406b8) at /usr/src/debug/qpid-cpp-0.34/src/qpid/broker/SemanticState.cpp:106 #6 0x00000030b0ee9211 in qpid::broker::SessionState::~SessionState (this=0x16404f0, __in_chrg=<value optimized out>) at /usr/src/debug/qpid-cpp-0.34/src/qpid/broker/SessionState.cpp:107 #7 0x00000030b0ee97b9 in qpid::broker::SessionState::~SessionState (this=0x16404f0, __in_chrg=<value optimized out>) at /usr/src/debug/qpid-cpp-0.34/src/qpid/broker/SessionState.cpp:110 #8 0x00000030b0eeeb54 in ~auto_ptr (this=0x163bd20) at /usr/include/c++/4.4.7/backward/auto_ptr.h:168 #9 qpid::broker::SessionHandler::handleDetach (this=0x163bd20) at /usr/src/debug/qpid-cpp-0.34/src/qpid/broker/SessionHandler.cpp:110 #10 0x00000030b0e556bc in qpid::broker::amqp_0_10::Connection::closed (this=0x7faef80047c0) at /usr/src/debug/qpid-cpp-0.34/src/qpid/broker/amqp_0_10/Connection.cpp:374 #11 0x00000030affbaced in qpid::sys::AsynchIOHandler::disconnect (this=0x7faef8000f90) at /usr/src/debug/qpid-cpp-0.34/src/qpid/sys/AsynchIOHandler.cpp:201 Expected results: no segfault Additional info:
I can confirm the above reproducer does not cause segfault in 0.34-10.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-2049.html