[jira] [Resolved] (QPID-8319) QMF requests rerouted to QMF exchange may crash with invalid connection

Gordon Sim (JIRA) Mon, 10 Jun 2019 13:23:09 -0700


     [ 
https://issues.apache.org/jira/browse/QPID-8319?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Gordon Sim resolved QPID-8319.
------------------------------
    Resolution: Fixed
      Assignee: Gordon Sim

> QMF requests rerouted to QMF exchange may crash with invalid connection
> -----------------------------------------------------------------------
>
>                 Key: QPID-8319
>                 URL: https://issues.apache.org/jira/browse/QPID-8319
>             Project: Qpid
>          Issue Type: Improvement
>          Components: C++ Broker
>    Affects Versions: qpid-cpp-1.39.0
>            Reporter: Chuck Rolke
>            Assignee: Gordon Sim
>            Priority: Major
>
> Reported by Pavel in [https://bugzilla.redhat.com/show_bug.cgi?id=1713560]
>  Description of problem:
> User story: when running concurrently 2 times a program that:
>  1) Creates a queue on the broker "HelloQueue"
>  2) Creates a second queue called "HelloQueue.AutoDelete" with auto-delete 
> set and alternate exchange set to "qmf.default.direct" and hold open the 
> Receiver that is subscribed to it.
>  3) Puts a QMF message into the "HelloQueue.AutoDelete" queue that will 
> delete the "HelloQueue" queue when it is processed.
>  4) Waits 10 seconds.
>  5) Closes the receiver, triggering the auto-delete of 
> "HelloQueue.AutoDelete".
> Then the QMF message will be sent to "qmf.default.direct" because of the 
> alternate exchange, resulting in the deletion of "HelloQueue" regardless of 
> whether or not there are other subscribers connected to it. And with some 
> high probability, the 2nd QMF request from just dropped connection will 
> attempt to be processed, but causes segfault.
> Version-Release number of selected component (if applicable):
>  qpid-cpp 1.36.0-15 (or -21 or -21+hf2), I expect any
> How reproducible:
>  75% in my case
> Steps to Reproduce:
>  1. Compile attached program.
>  2. qpidd &
>  3. ./QmfBrokerCrashRepro localhost:5672 & ./QmfBrokerCrashRepro 
> localhost:5672 &
> Actual results:
>  client program aborts every time (unhandled exception, no deal), but very 
> often qpidd segfaults as well, with backtrace:
> {code:java}
> (gdb) bt
> #0  0x0000000000000000 in ?? ()
> #1  0x00007f9b5cdca752 in qpid::management::(anonymous 
> namespace)::ScopedManagementContext::getUserId (this=<value optimized out>)
>     at 
> /usr/src/debug/qpid-cpp-1.36.0/src/qpid/management/ManagementAgent.cpp:105
> #2  0x00007f9b5cde8055 in 
> qpid::management::ManagementAgent::dispatchAgentCommand (this=0x1680930, 
> msg=..., viaLocal=true)
>     at 
> /usr/src/debug/qpid-cpp-1.36.0/src/qpid/management/ManagementAgent.cpp:2347
> #3  0x00007f9b5cde8958 in qpid::management::ManagementAgent::dispatchCommand 
> (this=0x1680930, deliverable=<value optimized out>, routingKey="broker", 
> topic=false, qmfVersion=2)
>     at 
> /usr/src/debug/qpid-cpp-1.36.0/src/qpid/management/ManagementAgent.cpp:1255
> #4  0x00007f9b5cdfb219 in qpid::broker::ManagementDirectExchange::route 
> (this=0x168b6f0, msg=...) at 
> /usr/src/debug/qpid-cpp-1.36.0/src/qpid/management/ManagementDirectExchange.cpp:48
> #5  0x00007f9b5cccfa2a in qpid::broker::Exchange::routeWithAlternate 
> (this=0x168b768, msg=...) at 
> /usr/src/debug/qpid-cpp-1.36.0/src/qpid/broker/Exchange.cpp:410
> #6  0x00007f9b5ccfddb5 in qpid::broker::Queue::reroute (e=<value optimized 
> out>, m=<value optimized out>) at 
> /usr/src/debug/qpid-cpp-1.36.0/src/qpid/broker/Queue.cpp:1761
> #7  0x00007f9b5ccfe006 in qpid::broker::Queue::abandoned (this=0x16ba740, 
> message=<value optimized out>) at 
> /usr/src/debug/qpid-cpp-1.36.0/src/qpid/broker/Queue.cpp:1156
> #8  0x00007f9b5ccf16cd in operator() (this=0x16ba740, maxCount=0, p=..., 
> f=..., type=<value optimized out>, triggerAutoDelete=false, maxTests=0)
>     at /usr/include/boost/function/function_template.hpp:1013
> #9  qpid::broker::Queue::remove (this=0x16ba740, maxCount=0, p=..., f=..., 
> type=<value optimized out>, triggerAutoDelete=false, maxTests=0)
>     at /usr/src/debug/qpid-cpp-1.36.0/src/qpid/broker/Queue.cpp:795
> #10 0x00007f9b5ccf49d5 in qpid::broker::Queue::destroyed (this=0x16ba740) at 
> /usr/src/debug/qpid-cpp-1.36.0/src/qpid/broker/Queue.cpp:1167
> #11 0x00007f9b5cd73b09 in qpid::broker::QueueRegistry::destroyIfUntouched 
> (this=0x167f2f8, targetQ=<value optimized out>, version=<value optimized 
> out>, connectionId="", userId="")
>     at /usr/src/debug/qpid-cpp-1.36.0/src/qpid/broker/QueueRegistry.cpp:156
> #12 0x00007f9b5ccee336 in qpid::broker::Queue::tryAutoDelete (this=0x16ba740, 
> expectedVersion=1) at 
> /usr/src/debug/qpid-cpp-1.36.0/src/qpid/broker/Queue.cpp:1358
> #13 0x00007f9b5ccee834 in qpid::broker::Queue::scheduleAutoDelete 
> (this=0x16ba740, immediate=false) at 
> /usr/src/debug/qpid-cpp-1.36.0/src/qpid/broker/Queue.cpp:1342
> #14 0x00007f9b5ccef626 in qpid::broker::Queue::cancel (this=0x16ba740, c=..., 
> connectionId="qpid.[::1]:5672-[::1]:54658", userId="anonymous@QPID")
>     at /usr/src/debug/qpid-cpp-1.36.0/src/qpid/broker/Queue.cpp:638
> #15 0x00007f9b5cd90eca in qpid::broker::SemanticState::cancel 
> (this=0x7f9b4c00a078, c=...) at 
> /usr/src/debug/qpid-cpp-1.36.0/src/qpid/broker/SemanticState.cpp:475
> #16 0x00007f9b5cd98775 in qpid::broker::SemanticState::closed 
> (this=0x7f9b4c00a078) at 
> /usr/src/debug/qpid-cpp-1.36.0/src/qpid/broker/SemanticState.cpp:111
> #17 0x00007f9b5cdb0301 in qpid::broker::SessionState::~SessionState 
> (this=0x7f9b4c009eb0, __in_chrg=<value optimized out>)
>     at /usr/src/debug/qpid-cpp-1.36.0/src/qpid/broker/SessionState.cpp:107
> #18 0x00007f9b5cdb08a9 in qpid::broker::SessionState::~SessionState 
> (this=0x7f9b4c009eb0, __in_chrg=<value optimized out>)
>     at /usr/src/debug/qpid-cpp-1.36.0/src/qpid/broker/SessionState.cpp:110
> #19 0x00007f9b5cdb5c44 in ~auto_ptr (this=0x7f9b4c009d00) at 
> /usr/include/c++/4.4.7/backward/auto_ptr.h:168
> #20 qpid::broker::SessionHandler::handleDetach (this=0x7f9b4c009d00) at 
> /usr/src/debug/qpid-cpp-1.36.0/src/qpid/broker/SessionHandler.cpp:110
> #21 0x00007f9b5cd1b564 in qpid::broker::amqp_0_10::Connection::closed 
> (this=0x7f9b4c003e30) at 
> /usr/src/debug/qpid-cpp-1.36.0/src/qpid/broker/amqp_0_10/Connection.cpp:378
> #22 0x00007f9b5c7f374d in qpid::sys::AsynchIOHandler::disconnect 
> (this=0x168f270) at 
> /usr/src/debug/qpid-cpp-1.36.0/src/qpid/sys/AsynchIOHandler.cpp:201
> #23 0x00007f9b5c7f3ca9 in qpid::sys::AsynchIOHandler::eof (this=0x168f270, 
> a=<value optimized out>) at 
> /usr/src/debug/qpid-cpp-1.36.0/src/qpid/sys/AsynchIOHandler.cpp:184
> #24 0x00007f9b5c770e3a in operator() (this=0x168fc90, h=...) at 
> /usr/include/boost/function/function_template.hpp:1013
> #25 qpid::sys::posix::AsynchIO::readable (this=0x168fc90, h=...) at 
> /usr/src/debug/qpid-cpp-1.36.0/src/qpid/sys/posix/AsynchIO.cpp:486
> #26 0x00007f9b5c7f79e3 in boost::function1<void, 
> qpid::sys::DispatchHandle&>::operator() (this=<value optimized out>, 
> a0=<value optimized out>)
>     at /usr/include/boost/function/function_template.hpp:1013
> #27 0x00007f9b5c7f6676 in qpid::sys::DispatchHandle::processEvent 
> (this=0x168fc98, type=qpid::sys::Poller::READABLE) at 
> /usr/src/debug/qpid-cpp-1.36.0/src/qpid/sys/DispatchHandle.cpp:280
> ..
> {code}
> Here, the context (of type qpid::broker::amqp_0_10::Connection) points to the 
> 2nd client connection that was dropped. Qpid trace logs show the connection 
> was already closed and its management object deleted - but a reference still 
> kept due to this QMF method..?
> Expected results:
>  no segfault



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org

[jira] [Resolved] (QPID-8319) QMF requests rerouted to QMF exchange may crash with invalid connection

Reply via email to