Description of problem: An auto-delete queue was being created and deleted frequently due to an issue with the client application. However, after several minutes of creating and auto-deleting the same queue, the broker will seg fault while attempting to to delete the queue. Version-Release number of selected component (if applicable): qpid-cpp-server-0.7.946106-28_ptc_hotfix_5_v2.el5 How reproducible: Frequently Steps to Reproduce: 1. Connect to a broker and subscribe to an auto-delete queue 2. Disconnect from the broker 3. Repeat Actual results: Broker seg faults Expected results: Broker does not seg fault and the queue is auto-deleted. Additional info: Backtrace attached.
Created attachment 498768 [details] core backtrace
I wasn't able to reproduce using trivial implementation of the above steps (i.e. while /drain -t 2 'my-queue; {create: always, node:{x-declare:{auto-delete:True}}}'; do true; done). Can you include the backtraces of all threads? Do you have a reproducer you could attach?
Created attachment 498808 [details] full backtrace
I wasn't able to quickly build a reproducer. I have the core dumps available if they would be helpful.
When having a look to random severe BZs, I have a look to this one. Note that the bt of thread 1 suggests something manipulating with exchanges during finding in the ExchangeRegistry map (in order to delete a binding from the exchange to the auto-del queue): Thread 1 (Thread 23683): #0 0x00000036d0d5db15 in _M_begin (this=<value optimized out>, name=Traceback (most recent call last): File "/usr/share/gdb/python/libstdcxx/v6/printers.py", line 469, in to_string return self.val['_M_dataplus']['_M_p'].string (encoding, length = len) RuntimeError: Cannot access memory at address 0xf8 ) at /usr/include/c++/4.1.2/bits/stl_tree.h:466 #1 find (this=<value optimized out>, name=Traceback (most recent call last): File "/usr/share/gdb/python/libstdcxx/v6/printers.py", line 469, in to_string return self.val['_M_dataplus']['_M_p'].string (encoding, length = len) RuntimeError: Cannot access memory at address 0xf8 ) at /usr/include/c++/4.1.2/bits/stl_tree.h:1313 #2 find (this=<value optimized out>, name=Traceback (most recent call last): File "/usr/share/gdb/python/libstdcxx/v6/printers.py", line 469, in to_string return self.val['_M_dataplus']['_M_p'].string (encoding, length = len) RuntimeError: Cannot access memory at address 0xf8 ) at /usr/include/c++/4.1.2/bits/stl_map.h:534 #3 qpid::broker::ExchangeRegistry::get (this=<value optimized out>, name=Traceback (most recent call last): File "/usr/share/gdb/python/libstdcxx/v6/printers.py", line 469, in to_string return self.val['_M_dataplus']['_M_p'].string (encoding, length = len) RuntimeError: Cannot access memory at address 0xf8 ) at qpid/broker/ExchangeRegistry.cpp:90 #4 0x00000036d0da660c in qpid::broker::QueueBindings::unbind (this=0x2aaab40c5028, exchanges=..., queue=...) at qpid/broker/QueueBindings.cpp:39 #5 0x00000036d0d8d33b in qpid::broker::Queue::unbind (this=<value optimized out>, exchanges=..., shared_ref=<value optimized out>) at qpid/broker/Queue.cpp:1079 #6 0x00000036d0d9a960 in tryAutoDeleteImpl (broker=..., queue=...) at qpid/broker/Queue.cpp:1167 #7 0x00000036d0d9af09 in qpid::broker::Queue::tryAutoDelete (broker=..., queue=...) at qpid/broker/Queue.cpp:1198 .. I suppose the bug is not present further, as: 1) I am running a stress test that concurrently performs: - creating new exchanges - deleting an exchange with a binding to an auto-delete queue - unsubscribing the last subscriber from the auto-del queue (thus auto-deleting the queue, to mimic the bt above) So far, after few hours of the test running, no coredump. 2) There were changes in ExchangeRegistry (and also in QueueBindings) relevant to the bt above, that apparently fixed the bug. So if nobody is against it, I will close this BZ as WORKSFORME.
This issue is most likely a duplicate of bz773719. MRG-M v1 was missing a lock within QueueBindings, which could result in corruption / crashes.
*** This bug has been marked as a duplicate of bug 773719 ***