Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 839597

Summary:

qpidd segmentation fault when qmf console client tries to use ssl.

Product:

Red Hat Enterprise MRG

Reporter:

Leonid Zhaldybin <lzhaldyb>

Component:

qpid-cpp

Assignee:

Ted Ross <tross>

Status:

CLOSED DUPLICATE

QA Contact:

Leonid Zhaldybin <lzhaldyb>

Severity:

high

Docs Contact:

Priority:

high

Version:

2.2

CC:

astitcher, esammons, freznice, iboverma, jneedle, jross, sgraf

Target Milestone:

2.2

Target Release:

---

Hardware:

Unspecified

OS:

Unspecified

Whiteboard:

Fixed In Version:

Doc Type:

Bug Fix

Doc Text:

Story Points:

---

Clone Of:

Environment:

Last Closed:

2012-07-26 17:38:13 UTC

Type:

Bug

Regression:

---

Mount Type:

---

Documentation:

---

CRM:

Verified Versions:

Category:

---

oVirt Team:

---

RHEL 7.3 requirements from Atomic Host:

Cloudforms Team:

---

Target Upstream Version:

Embargoed:

Attachments:

Description	Flags
qpidd core dump	none
C++ clients	none

Description Leonid Zhaldybin 2012-07-12 12:03:55 UTC

Created attachment 597781 [details]
qpidd core dump

Description of problem:
While running our automated SSL test (see the link to TCMS above) on the newest qpid-cpp build for RHEL5, I've discovered that qpidd sometimes suffers a segmentation fault when a c++ qmf console client tries to connect to it using ssl as a connection protocol. It happens on both i386 and x86_64 architectures.

Backtrace looks like this:
#0  0x00f3d8ad in qpid::sys::ssl::ProtocolTimeoutTask::fire (this=0xa70f420) at qpid/sys/ssl/SslHandler.cpp:59
#1  0x00799725 in qpid::sys::TimerTask::fireTask (this=0xa70f420) at qpid/sys/Timer.cpp:57
#2  0x0079afaa in qpid::sys::Timer::fire (this=0x99abdd8, t=...) at qpid/sys/Timer.cpp:195
#3  0x0079a2a3 in qpid::sys::Timer::run (this=0x99abdd8) at qpid/sys/Timer.cpp:129
#4  0x00699291 in qpid::sys::(anonymous namespace)::runRunnable (p=0x99abdd8) at qpid/sys/posix/Thread.cpp:35
#5  0x00546852 in start_thread () from /lib/libpthread.so.0
#6  0x004b00ae in clone () from /lib/libc.so.6

Version-Release number of selected component (if applicable):
qpid-cpp-client-0.14-18.el5
qpid-cpp-client-devel-0.14-18.el5
qpid-cpp-client-devel-docs-0.14-18.el5
qpid-cpp-client-rdma-0.14-18.el5
qpid-cpp-client-ssl-0.14-18.el5
qpid-cpp-mrg-debuginfo-0.14-18.el5
qpid-cpp-server-0.14-18.el5
qpid-cpp-server-cluster-0.14-18.el5
qpid-cpp-server-devel-0.14-18.el5
qpid-cpp-server-rdma-0.14-18.el5
qpid-cpp-server-ssl-0.14-18.el5
qpid-cpp-server-store-0.14-18.el5
qpid-cpp-server-xml-0.14-18.el5
qpid-dotnet-0.10-2.el5
qpid-java-client-0.14-3.el5
qpid-java-common-0.14-3.el5
qpid-java-example-0.14-3.el5
qpid-jca-0.14-9.el5
qpid-jca-xarecovery-0.14-9.el5
qpid-qmf-0.14-10.el5
qpid-qmf-devel-0.14-10.el5
qpid-tests-0.14-1.el5
qpid-tools-0.14-3.el5

How reproducible:
75%

Steps to Reproduce:
1. Configure qpidd to communicate with clients using SSL. 
2. Run a c++ qmf console client.
3.
  
Actual results:
qpidd broker suffers a segmentation fault.

Expected results:
No segmentation fault.

Additional info:

Comment 1 Leonid Zhaldybin 2012-07-12 12:06:56 UTC

Created attachment 597783 [details]
C++ clients

See the attachement for the sourse code of the c++ qmf console reader (qmf_list_objects) used during testing.

Comment 2 Leonid Zhaldybin 2012-07-16 11:34:53 UTC

The latest RHEL6 build also dumps core under similar conditions. Backtrace:

Core was generated by `/usr/sbin/qpidd --data-dir /mnt/tests/distribution/MRG/Messaging/qpid_ptest_ssl'.
Program terminated with signal 11, Segmentation fault.
#0  0xb3803d08 in ?? ()
(gdb) thread apply all bt

Thread 6 (Thread 0xb45ffb70 (LWP 3720)):
#0  __kernel_vsyscall () at arch/x86/vdso/vdso32/sysenter.S:49
#1  0x00ea8696 in epoll_wait () at ../sysdeps/unix/syscall-template.S:82
#2  0x00a4c33e in qpid::sys::Poller::wait (this=0x90454a8, timeout=...) at qpid/sys/epoll/EpollPoller.cpp:568
#3  0x00a4c9a8 in qpid::sys::Poller::run (this=0x90454a8) at qpid/sys/epoll/EpollPoller.cpp:520
#4  0x00b29865 in qpid::sys::Dispatcher::run (this=0xbff32dc0) at qpid/sys/Dispatcher.cpp:37
#5  0x00a44242 in qpid::sys::(anonymous namespace)::runRunnable (p=0xbff32dc0) at qpid/sys/posix/Thread.cpp:35
#6  0x006a3a49 in start_thread (arg=0xb45ffb70) at pthread_create.c:301
#7  0x00ea7e1e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:133

Thread 5 (Thread 0xb5181b70 (LWP 3719)):
#0  __kernel_vsyscall () at arch/x86/vdso/vdso32/sysenter.S:49
#1  0x00ea8696 in epoll_wait () at ../sysdeps/unix/syscall-template.S:82
#2  0x00a4c33e in qpid::sys::Poller::wait (this=0x90454a8, timeout=...) at qpid/sys/epoll/EpollPoller.cpp:568
#3  0x00a4c9a8 in qpid::sys::Poller::run (this=0x90454a8) at qpid/sys/epoll/EpollPoller.cpp:520
#4  0x00b29865 in qpid::sys::Dispatcher::run (this=0xbff32dc0) at qpid/sys/Dispatcher.cpp:37
#5  0x00a44242 in qpid::sys::(anonymous namespace)::runRunnable (p=0xbff32dc0) at qpid/sys/posix/Thread.cpp:35
#6  0x006a3a49 in start_thread (arg=0xb5181b70) at pthread_create.c:301
#7  0x00ea7e1e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:133

Thread 4 (Thread 0xb7859730 (LWP 3711)):
#0  __kernel_vsyscall () at arch/x86/vdso/vdso32/sysenter.S:49
#1  0x00ea8696 in epoll_wait () at ../sysdeps/unix/syscall-template.S:82
#2  0x00a4c33e in qpid::sys::Poller::wait (this=0x90454a8, timeout=...) at qpid/sys/epoll/EpollPoller.cpp:568
#3  0x00a4c9a8 in qpid::sys::Poller::run (this=0x90454a8) at qpid/sys/epoll/EpollPoller.cpp:520
#4  0x00b29865 in qpid::sys::Dispatcher::run (this=0xbff32dc0) at qpid/sys/Dispatcher.cpp:37
#5  0x0023b2b6 in qpid::broker::Broker::run (this=0x9047350) at qpid/broker/Broker.cpp:398
#6  0x080547dd in QpiddBroker::execute (this=0xbff3313f, options=0x9042450) at posix/QpiddBroker.cpp:195
#7  0x08050d59 in run_broker (argc=21, argv=0xbff33224, hidden=false) at qpidd.cpp:83
#8  0x080541f4 in main (argc=21, argv=0xbff33224) at posix/QpiddBroker.cpp:202

Thread 3 (Thread 0xb6783b70 (LWP 3717)):
#0  __kernel_vsyscall () at arch/x86/vdso/vdso32/sysenter.S:49
#1  0x00ea8696 in epoll_wait () at ../sysdeps/unix/syscall-template.S:82
#2  0x00a4c33e in qpid::sys::Poller::wait (this=0x90454a8, timeout=...) at qpid/sys/epoll/EpollPoller.cpp:568
#3  0x00a4c9a8 in qpid::sys::Poller::run (this=0x90454a8) at qpid/sys/epoll/EpollPoller.cpp:520
#4  0x00b29865 in qpid::sys::Dispatcher::run (this=0xbff32dc0) at qpid/sys/Dispatcher.cpp:37
#5  0x00a44242 in qpid::sys::(anonymous namespace)::runRunnable (p=0xbff32dc0) at qpid/sys/posix/Thread.cpp:35
#6  0x006a3a49 in start_thread (arg=0xb6783b70) at pthread_create.c:301
#7  0x00ea7e1e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:133

Thread 2 (Thread 0xb5d82b70 (LWP 3718)):
#0  __kernel_vsyscall () at arch/x86/vdso/vdso32/sysenter.S:49
#1  0x00ea8696 in epoll_wait () at ../sysdeps/unix/syscall-template.S:82
#2  0x00a4c33e in qpid::sys::Poller::wait (this=0x90454a8, timeout=...) at qpid/sys/epoll/EpollPoller.cpp:568
#3  0x00a4c9a8 in qpid::sys::Poller::run (this=0x90454a8) at qpid/sys/epoll/EpollPoller.cpp:520
#4  0x00b29865 in qpid::sys::Dispatcher::run (this=0xbff32dc0) at qpid/sys/Dispatcher.cpp:37
#5  0x00a44242 in qpid::sys::(anonymous namespace)::runRunnable (p=0xbff32dc0) at qpid/sys/posix/Thread.cpp:35
#6  0x006a3a49 in start_thread (arg=0xb5d82b70) at pthread_create.c:301
#7  0x00ea7e1e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:133

Thread 1 (Thread 0xb784fb70 (LWP 3716)):
#0  0xb3803d08 in ?? ()
#1  0x00b2a046 in qpid::sys::TimerTask::fireTask (this=0xb3803cc0) at qpid/sys/Timer.cpp:57
#2  0x00b2a57b in qpid::sys::Timer::fire (this=0x9047378, t=...) at qpid/sys/Timer.cpp:195
#3  0x00b2c2b4 in qpid::sys::Timer::run (this=0x9047378) at qpid/sys/Timer.cpp:129
#4  0x00a44242 in qpid::sys::(anonymous namespace)::runRunnable (p=0x9047378) at qpid/sys/posix/Thread.cpp:35
#5  0x006a3a49 in start_thread (arg=0xb784fb70) at pthread_create.c:301
#6  0x00ea7e1e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:133

Packages used for testing:
qpid-cpp-client-0.14-18.el6_3.i686
qpid-cpp-client-devel-0.14-18.el6_3.i686
qpid-cpp-client-devel-docs-0.14-16.el6.noarch
qpid-cpp-client-rdma-0.14-18.el6_3.i686
qpid-cpp-client-ssl-0.14-18.el6_3.i686
qpid-cpp-debuginfo-0.14-18.el6_3.i686
qpid-cpp-server-0.14-18.el6_3.i686
qpid-cpp-server-cluster-0.14-18.el6_3.i686
qpid-cpp-server-devel-0.14-18.el6_3.i686
qpid-cpp-server-rdma-0.14-18.el6_3.i686
qpid-cpp-server-ssl-0.14-18.el6_3.i686
qpid-cpp-server-store-0.14-18.el6_3.i686
qpid-cpp-server-xml-0.14-18.el6_3.i686
rh-qpid-cpp-tests-0.14-18.el6_3.i686

Comment 5 Andrew Stitcher 2012-07-26 17:37:45 UTC

This is almost certainly another duplicate of Bug 840031.

And should be fixed in 0.14-19 packages.

Comment 6 Andrew Stitcher 2012-07-26 17:38:13 UTC


*** This bug has been marked as a duplicate of bug 840031 ***

Comment 7 Leonid Zhaldybin 2012-07-26 18:15:10 UTC

I can confirm that this issue was fixed in 0.14-19. I tested it on on RHEL5.8 and RHEL6.3. Packages used for testing:

RHEL5.8
qpid-cpp-client-0.14-19.el5
qpid-cpp-client-devel-0.14-19.el5
qpid-cpp-client-devel-docs-0.14-19.el5
qpid-cpp-client-rdma-0.14-19.el5
qpid-cpp-client-ssl-0.14-19.el5
qpid-cpp-server-0.14-19.el5
qpid-cpp-server-cluster-0.14-19.el5
qpid-cpp-server-devel-0.14-19.el5
qpid-cpp-server-rdma-0.14-19.el5
qpid-cpp-server-ssl-0.14-19.el5
qpid-cpp-server-store-0.14-19.el5
qpid-cpp-server-xml-0.14-19.el5
rh-qpid-cpp-tests-0.14-19.el5

RHEL6.3
qpid-cpp-client-0.14-19.el6_3
qpid-cpp-client-devel-0.14-19.el6_3
qpid-cpp-client-devel-docs-0.14-19.el6_3
qpid-cpp-client-rdma-0.14-19.el6_3
qpid-cpp-client-ssl-0.14-19.el6_3
qpid-cpp-debuginfo-0.14-19.el6_3
qpid-cpp-server-0.14-19.el6_3
qpid-cpp-server-cluster-0.14-19.el6_3
qpid-cpp-server-devel-0.14-19.el6_3
qpid-cpp-server-rdma-0.14-19.el6_3
qpid-cpp-server-ssl-0.14-19.el6_3
qpid-cpp-server-store-0.14-19.el6_3
qpid-cpp-server-xml-0.14-19.el6_3
rh-qpid-cpp-tests-0.14-19.el6_3