Bug 839597 - qpidd segmentation fault when qmf console client tries to use ssl.
qpidd segmentation fault when qmf console client tries to use ssl.
Status: CLOSED DUPLICATE of bug 840031
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: qpid-cpp (Show other bugs)
2.2
Unspecified Unspecified
high Severity high
: 2.2
: ---
Assigned To: Ted Ross
Leonid Zhaldybin
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-07-12 08:03 EDT by Leonid Zhaldybin
Modified: 2014-11-09 17:38 EST (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-07-26 13:38:13 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
qpidd core dump (636.63 KB, application/x-bzip)
2012-07-12 08:03 EDT, Leonid Zhaldybin
no flags Details
C++ clients (53.61 KB, application/x-bzip)
2012-07-12 08:06 EDT, Leonid Zhaldybin
no flags Details

  None (edit)
Description Leonid Zhaldybin 2012-07-12 08:03:55 EDT
Created attachment 597781 [details]
qpidd core dump

Description of problem:
While running our automated SSL test (see the link to TCMS above) on the newest qpid-cpp build for RHEL5, I've discovered that qpidd sometimes suffers a segmentation fault when a c++ qmf console client tries to connect to it using ssl as a connection protocol. It happens on both i386 and x86_64 architectures.

Backtrace looks like this:
#0  0x00f3d8ad in qpid::sys::ssl::ProtocolTimeoutTask::fire (this=0xa70f420) at qpid/sys/ssl/SslHandler.cpp:59
#1  0x00799725 in qpid::sys::TimerTask::fireTask (this=0xa70f420) at qpid/sys/Timer.cpp:57
#2  0x0079afaa in qpid::sys::Timer::fire (this=0x99abdd8, t=...) at qpid/sys/Timer.cpp:195
#3  0x0079a2a3 in qpid::sys::Timer::run (this=0x99abdd8) at qpid/sys/Timer.cpp:129
#4  0x00699291 in qpid::sys::(anonymous namespace)::runRunnable (p=0x99abdd8) at qpid/sys/posix/Thread.cpp:35
#5  0x00546852 in start_thread () from /lib/libpthread.so.0
#6  0x004b00ae in clone () from /lib/libc.so.6

Version-Release number of selected component (if applicable):
qpid-cpp-client-0.14-18.el5
qpid-cpp-client-devel-0.14-18.el5
qpid-cpp-client-devel-docs-0.14-18.el5
qpid-cpp-client-rdma-0.14-18.el5
qpid-cpp-client-ssl-0.14-18.el5
qpid-cpp-mrg-debuginfo-0.14-18.el5
qpid-cpp-server-0.14-18.el5
qpid-cpp-server-cluster-0.14-18.el5
qpid-cpp-server-devel-0.14-18.el5
qpid-cpp-server-rdma-0.14-18.el5
qpid-cpp-server-ssl-0.14-18.el5
qpid-cpp-server-store-0.14-18.el5
qpid-cpp-server-xml-0.14-18.el5
qpid-dotnet-0.10-2.el5
qpid-java-client-0.14-3.el5
qpid-java-common-0.14-3.el5
qpid-java-example-0.14-3.el5
qpid-jca-0.14-9.el5
qpid-jca-xarecovery-0.14-9.el5
qpid-qmf-0.14-10.el5
qpid-qmf-devel-0.14-10.el5
qpid-tests-0.14-1.el5
qpid-tools-0.14-3.el5

How reproducible:
75%

Steps to Reproduce:
1. Configure qpidd to communicate with clients using SSL. 
2. Run a c++ qmf console client.
3.
  
Actual results:
qpidd broker suffers a segmentation fault.

Expected results:
No segmentation fault.

Additional info:
Comment 1 Leonid Zhaldybin 2012-07-12 08:06:56 EDT
Created attachment 597783 [details]
C++ clients

See the attachement for the sourse code of the c++ qmf console reader (qmf_list_objects) used during testing.
Comment 2 Leonid Zhaldybin 2012-07-16 07:34:53 EDT
The latest RHEL6 build also dumps core under similar conditions. Backtrace:

Core was generated by `/usr/sbin/qpidd --data-dir /mnt/tests/distribution/MRG/Messaging/qpid_ptest_ssl'.
Program terminated with signal 11, Segmentation fault.
#0  0xb3803d08 in ?? ()
(gdb) thread apply all bt

Thread 6 (Thread 0xb45ffb70 (LWP 3720)):
#0  __kernel_vsyscall () at arch/x86/vdso/vdso32/sysenter.S:49
#1  0x00ea8696 in epoll_wait () at ../sysdeps/unix/syscall-template.S:82
#2  0x00a4c33e in qpid::sys::Poller::wait (this=0x90454a8, timeout=...) at qpid/sys/epoll/EpollPoller.cpp:568
#3  0x00a4c9a8 in qpid::sys::Poller::run (this=0x90454a8) at qpid/sys/epoll/EpollPoller.cpp:520
#4  0x00b29865 in qpid::sys::Dispatcher::run (this=0xbff32dc0) at qpid/sys/Dispatcher.cpp:37
#5  0x00a44242 in qpid::sys::(anonymous namespace)::runRunnable (p=0xbff32dc0) at qpid/sys/posix/Thread.cpp:35
#6  0x006a3a49 in start_thread (arg=0xb45ffb70) at pthread_create.c:301
#7  0x00ea7e1e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:133

Thread 5 (Thread 0xb5181b70 (LWP 3719)):
#0  __kernel_vsyscall () at arch/x86/vdso/vdso32/sysenter.S:49
#1  0x00ea8696 in epoll_wait () at ../sysdeps/unix/syscall-template.S:82
#2  0x00a4c33e in qpid::sys::Poller::wait (this=0x90454a8, timeout=...) at qpid/sys/epoll/EpollPoller.cpp:568
#3  0x00a4c9a8 in qpid::sys::Poller::run (this=0x90454a8) at qpid/sys/epoll/EpollPoller.cpp:520
#4  0x00b29865 in qpid::sys::Dispatcher::run (this=0xbff32dc0) at qpid/sys/Dispatcher.cpp:37
#5  0x00a44242 in qpid::sys::(anonymous namespace)::runRunnable (p=0xbff32dc0) at qpid/sys/posix/Thread.cpp:35
#6  0x006a3a49 in start_thread (arg=0xb5181b70) at pthread_create.c:301
#7  0x00ea7e1e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:133

Thread 4 (Thread 0xb7859730 (LWP 3711)):
#0  __kernel_vsyscall () at arch/x86/vdso/vdso32/sysenter.S:49
#1  0x00ea8696 in epoll_wait () at ../sysdeps/unix/syscall-template.S:82
#2  0x00a4c33e in qpid::sys::Poller::wait (this=0x90454a8, timeout=...) at qpid/sys/epoll/EpollPoller.cpp:568
#3  0x00a4c9a8 in qpid::sys::Poller::run (this=0x90454a8) at qpid/sys/epoll/EpollPoller.cpp:520
#4  0x00b29865 in qpid::sys::Dispatcher::run (this=0xbff32dc0) at qpid/sys/Dispatcher.cpp:37
#5  0x0023b2b6 in qpid::broker::Broker::run (this=0x9047350) at qpid/broker/Broker.cpp:398
#6  0x080547dd in QpiddBroker::execute (this=0xbff3313f, options=0x9042450) at posix/QpiddBroker.cpp:195
#7  0x08050d59 in run_broker (argc=21, argv=0xbff33224, hidden=false) at qpidd.cpp:83
#8  0x080541f4 in main (argc=21, argv=0xbff33224) at posix/QpiddBroker.cpp:202

Thread 3 (Thread 0xb6783b70 (LWP 3717)):
#0  __kernel_vsyscall () at arch/x86/vdso/vdso32/sysenter.S:49
#1  0x00ea8696 in epoll_wait () at ../sysdeps/unix/syscall-template.S:82
#2  0x00a4c33e in qpid::sys::Poller::wait (this=0x90454a8, timeout=...) at qpid/sys/epoll/EpollPoller.cpp:568
#3  0x00a4c9a8 in qpid::sys::Poller::run (this=0x90454a8) at qpid/sys/epoll/EpollPoller.cpp:520
#4  0x00b29865 in qpid::sys::Dispatcher::run (this=0xbff32dc0) at qpid/sys/Dispatcher.cpp:37
#5  0x00a44242 in qpid::sys::(anonymous namespace)::runRunnable (p=0xbff32dc0) at qpid/sys/posix/Thread.cpp:35
#6  0x006a3a49 in start_thread (arg=0xb6783b70) at pthread_create.c:301
#7  0x00ea7e1e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:133

Thread 2 (Thread 0xb5d82b70 (LWP 3718)):
#0  __kernel_vsyscall () at arch/x86/vdso/vdso32/sysenter.S:49
#1  0x00ea8696 in epoll_wait () at ../sysdeps/unix/syscall-template.S:82
#2  0x00a4c33e in qpid::sys::Poller::wait (this=0x90454a8, timeout=...) at qpid/sys/epoll/EpollPoller.cpp:568
#3  0x00a4c9a8 in qpid::sys::Poller::run (this=0x90454a8) at qpid/sys/epoll/EpollPoller.cpp:520
#4  0x00b29865 in qpid::sys::Dispatcher::run (this=0xbff32dc0) at qpid/sys/Dispatcher.cpp:37
#5  0x00a44242 in qpid::sys::(anonymous namespace)::runRunnable (p=0xbff32dc0) at qpid/sys/posix/Thread.cpp:35
#6  0x006a3a49 in start_thread (arg=0xb5d82b70) at pthread_create.c:301
#7  0x00ea7e1e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:133

Thread 1 (Thread 0xb784fb70 (LWP 3716)):
#0  0xb3803d08 in ?? ()
#1  0x00b2a046 in qpid::sys::TimerTask::fireTask (this=0xb3803cc0) at qpid/sys/Timer.cpp:57
#2  0x00b2a57b in qpid::sys::Timer::fire (this=0x9047378, t=...) at qpid/sys/Timer.cpp:195
#3  0x00b2c2b4 in qpid::sys::Timer::run (this=0x9047378) at qpid/sys/Timer.cpp:129
#4  0x00a44242 in qpid::sys::(anonymous namespace)::runRunnable (p=0x9047378) at qpid/sys/posix/Thread.cpp:35
#5  0x006a3a49 in start_thread (arg=0xb784fb70) at pthread_create.c:301
#6  0x00ea7e1e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:133

Packages used for testing:
qpid-cpp-client-0.14-18.el6_3.i686
qpid-cpp-client-devel-0.14-18.el6_3.i686
qpid-cpp-client-devel-docs-0.14-16.el6.noarch
qpid-cpp-client-rdma-0.14-18.el6_3.i686
qpid-cpp-client-ssl-0.14-18.el6_3.i686
qpid-cpp-debuginfo-0.14-18.el6_3.i686
qpid-cpp-server-0.14-18.el6_3.i686
qpid-cpp-server-cluster-0.14-18.el6_3.i686
qpid-cpp-server-devel-0.14-18.el6_3.i686
qpid-cpp-server-rdma-0.14-18.el6_3.i686
qpid-cpp-server-ssl-0.14-18.el6_3.i686
qpid-cpp-server-store-0.14-18.el6_3.i686
qpid-cpp-server-xml-0.14-18.el6_3.i686
rh-qpid-cpp-tests-0.14-18.el6_3.i686
Comment 5 Andrew Stitcher 2012-07-26 13:37:45 EDT
This is almost certainly another duplicate of Bug 840031.

And should be fixed in 0.14-19 packages.
Comment 6 Andrew Stitcher 2012-07-26 13:38:13 EDT

*** This bug has been marked as a duplicate of bug 840031 ***
Comment 7 Leonid Zhaldybin 2012-07-26 14:15:10 EDT
I can confirm that this issue was fixed in 0.14-19. I tested it on on RHEL5.8 and RHEL6.3. Packages used for testing:

RHEL5.8
qpid-cpp-client-0.14-19.el5
qpid-cpp-client-devel-0.14-19.el5
qpid-cpp-client-devel-docs-0.14-19.el5
qpid-cpp-client-rdma-0.14-19.el5
qpid-cpp-client-ssl-0.14-19.el5
qpid-cpp-server-0.14-19.el5
qpid-cpp-server-cluster-0.14-19.el5
qpid-cpp-server-devel-0.14-19.el5
qpid-cpp-server-rdma-0.14-19.el5
qpid-cpp-server-ssl-0.14-19.el5
qpid-cpp-server-store-0.14-19.el5
qpid-cpp-server-xml-0.14-19.el5
rh-qpid-cpp-tests-0.14-19.el5

RHEL6.3
qpid-cpp-client-0.14-19.el6_3
qpid-cpp-client-devel-0.14-19.el6_3
qpid-cpp-client-devel-docs-0.14-19.el6_3
qpid-cpp-client-rdma-0.14-19.el6_3
qpid-cpp-client-ssl-0.14-19.el6_3
qpid-cpp-debuginfo-0.14-19.el6_3
qpid-cpp-server-0.14-19.el6_3
qpid-cpp-server-cluster-0.14-19.el6_3
qpid-cpp-server-devel-0.14-19.el6_3
qpid-cpp-server-rdma-0.14-19.el6_3
qpid-cpp-server-ssl-0.14-19.el6_3
qpid-cpp-server-store-0.14-19.el6_3
qpid-cpp-server-xml-0.14-19.el6_3
rh-qpid-cpp-tests-0.14-19.el6_3

Note You need to log in before you can comment on or make changes to this bug.