Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
proton-c-0.32.0, proton-c-0.33.0
-
None
-
None
Description
Hello everyone,
we are using the qpid-proton-c cpp-bindings together with the
Qpid-C++ qpidd broker with AMQP 1.0. Since the upgrade to
proton-c 0.32 we are experiencing segmentation faults inside
pn_class_free called from pn_connection_finalize. It seems that
the reify'ed clazz is corrupt.
At first we thought that this is related to PROTON-2293 which was
supposed to be fixed in 0.33 but apparently we are still experiencing
the crash.
This is the stacktrace:
#0 0x00000000 in ?? () #1 0xb634ed00 in pn_class_free (clazz=0x1e0490, object=0x1e0910) at /usr/src/debug/qpid-proton/0.33.0-r0/qpid-proton-0.33.0/c/src/core/object/object.c:120 #2 0xb634ed54 in pn_free (object=<optimized out>) at /usr/src/debug/qpid-proton/0.33.0-r0/qpid-proton-0.33.0/c/src/core/object/object.c:266 #3 0xb634edb8 in pni_free_children (children=0x1e0910, freed=0x1e0978) at /usr/src/debug/qpid-proton/0.33.0-r0/qpid-proton-0.33.0/c/src/core/engine.c:476 #4 0xb634f0fc in pn_connection_finalize (object=<optimized out>, object=<optimized out>) at /usr/src/debug/qpid-proton/0.33.0-r0/qpid-proton-0.33.0/c/src/core/engine.c:495 #5 0xb634e900 in pn_class_decref (clazz=0xb636ee14 <clazz>, object=0x1e0870) at /usr/src/debug/qpid-proton/0.33.0-r0/qpid-proton-0.33.0/c/src/core/object/object.c:98 #6 0xb634f814 in pn_event_finalize (event=0x1efd60) at /usr/src/debug/qpid-proton/0.33.0-r0/qpid-proton-0.33.0/c/src/core/event.c:226 #7 pn_event_finalize_cast (object=0x1efd60) at /usr/src/debug/qpid-proton/0.33.0-r0/qpid-proton-0.33.0/c/src/core/event.c:271 #8 0xb634e900 in pn_class_decref (clazz=0xb636ebd8 <pn_event.class>, object=0x1efd60) at /usr/src/debug/qpid-proton/0.33.0-r0/qpid-proton-0.33.0/c/src/core/object/object.c:98 #9 0xb634ebd4 in pn_decref (object=<optimized out>) at /usr/src/debug/qpid-proton/0.33.0-r0/qpid-proton-0.33.0/c/src/core/object/object.c:256 #10 0xb634ec08 in pn_collector_next (collector=0x1efd20) at /usr/src/debug/qpid-proton/0.33.0-r0/qpid-proton-0.33.0/c/src/core/event.c:197 #11 0xb6351fd0 in batch_next (d=0x1efc5c) at /usr/src/debug/qpid-proton/0.33.0-r0/qpid-proton-0.33.0/c/src/core/connection_driver.c:44 #12 pn_connection_driver_next_event (d=0x1efc5c) at /usr/src/debug/qpid-proton/0.33.0-r0/qpid-proton-0.33.0/c/src/core/connection_driver.c:137 #13 0xb6377614 in pconnection_batch_next (batch=0x1efc58) at /usr/src/debug/qpid-proton/0.33.0-r0/qpid-proton-0.33.0/c/src/proactor/epoll.c:879 #14 0xb64da328 in proton::container::impl::thread() (this=this@entry=0x1ceb68) at /usr/src/debug/qpid-proton/0.33.0-r0/qpid-proton-0.33.0/cpp/src/proactor_container_impl.cpp:757 #15 0xb64da930 in proton::container::impl::run(int) (this=0x1ceb68, threads=threads@entry=1) at /usr/src/debug/qpid-proton/0.33.0-r0/qpid-proton-0.33.0/cpp/src/proactor_container_impl.cpp:805 #16 0xb64cbcec in proton::container::run() (this=<optimized out>) at /usr/src/debug/qpid-proton/0.33.0-r0/qpid-proton-0.33.0/cpp/src/container.cpp:92
This is the clazz }}that was reify'ed inside frame 1 {{(pn_class_free):
>>> frame 1
#1 0xb634ed00 in pn_class_free (clazz=0x1e0490, object=0x1e0910) at /usr/src/debug/qpid-proton/0.33.0-r0/qpid-proton-0.33.0/c/src/core/object/object.c:120
120 int rc = clazz->refcount(object);
>>> p *clazz
$2 = {
name = 0x48 <error: Cannot access memory at address 0x48>,
cid = CID_pn_raw_connection,
newinst = 0x1e0428,
initialize = 0x0,
incref = 0xb636e938 <PN_WEAKREF>,
decref = 0x10,
refcount = 0x0,
finalize = 0x1e04b8,
free = 0x0,
reify = 0x49,
hashcode = 0x1e0448,
compare = 0x1e0540,
inspect = 0x0
}
I have a coredump of the crash, so it is quiet easy for me, to provide more information, if you have any idea, where I can start. It takes quite a while to get to this bug, normally the bug only surfaces if the service is running > 12 hours. If you have any other idea what I can trace, to get this bug fixed, please tell me.
Thank you very much in advance.