[jira] [Created] (PROTON-2361) Segmentation fault in pn_class_free called from pn_connection_finalize

Wed, 31 Mar 2021 06:42:05 -0700 

Nicolas Riebesel created PROTON-2361:
----------------------------------------

             Summary: Segmentation fault in pn_class_free called from 
pn_connection_finalize
                 Key: PROTON-2361
                 URL: https://issues.apache.org/jira/browse/PROTON-2361
             Project: Qpid Proton
          Issue Type: Bug
          Components: proton-c
    Affects Versions: proton-c-0.33.0, proton-c-0.32.0
            Reporter: Nicolas Riebesel


Hello everyone,

we are using {{qpid-proton-c}} cpp-bindings together with the
Qpid C++ qpidd broker with AMQP 1.0. Since the upgrade to
{{proton-c}} 0.32 we are experiencing segmentation faults inside
{{pn_class_free}} called from {{pn_connection_finalize}}. It seems that
the reify'ed {{clazz}} is corrupt.

At first we thought that this is related to 
[PROTON-2293|https://issues.apache.org/jira/projects/PROTON/issues/PROTON-2293] 
which was
supposed to be fixed in 0.33 but apparently we are still experiencing
the crash.

This is the stracktrace:
{code:java}
#0  0x00000000 in ?? ()
#1  0xb634ed00 in pn_class_free (clazz=0x1e0490, object=0x1e0910) at 
/usr/src/debug/qpid-proton/0.33.0-r0/qpid-proton-0.33.0/c/src/core/object/object.c:120
#2  0xb634ed54 in pn_free (object=<optimized out>) at 
/usr/src/debug/qpid-proton/0.33.0-r0/qpid-proton-0.33.0/c/src/core/object/object.c:266
#3  0xb634edb8 in pni_free_children (children=0x1e0910, freed=0x1e0978) at 
/usr/src/debug/qpid-proton/0.33.0-r0/qpid-proton-0.33.0/c/src/core/engine.c:476
#4  0xb634f0fc in pn_connection_finalize (object=<optimized out>, 
object=<optimized out>) at 
/usr/src/debug/qpid-proton/0.33.0-r0/qpid-proton-0.33.0/c/src/core/engine.c:495
#5  0xb634e900 in pn_class_decref (clazz=0xb636ee14 <clazz>, object=0x1e0870) 
at 
/usr/src/debug/qpid-proton/0.33.0-r0/qpid-proton-0.33.0/c/src/core/object/object.c:98
#6  0xb634f814 in pn_event_finalize (event=0x1efd60) at 
/usr/src/debug/qpid-proton/0.33.0-r0/qpid-proton-0.33.0/c/src/core/event.c:226
#7  pn_event_finalize_cast (object=0x1efd60) at 
/usr/src/debug/qpid-proton/0.33.0-r0/qpid-proton-0.33.0/c/src/core/event.c:271
#8  0xb634e900 in pn_class_decref (clazz=0xb636ebd8 <pn_event.class>, 
object=0x1efd60) at 
/usr/src/debug/qpid-proton/0.33.0-r0/qpid-proton-0.33.0/c/src/core/object/object.c:98
#9  0xb634ebd4 in pn_decref (object=<optimized out>) at 
/usr/src/debug/qpid-proton/0.33.0-r0/qpid-proton-0.33.0/c/src/core/object/object.c:256
#10 0xb634ec08 in pn_collector_next (collector=0x1efd20) at 
/usr/src/debug/qpid-proton/0.33.0-r0/qpid-proton-0.33.0/c/src/core/event.c:197
#11 0xb6351fd0 in batch_next (d=0x1efc5c) at 
/usr/src/debug/qpid-proton/0.33.0-r0/qpid-proton-0.33.0/c/src/core/connection_driver.c:44
#12 pn_connection_driver_next_event (d=0x1efc5c) at 
/usr/src/debug/qpid-proton/0.33.0-r0/qpid-proton-0.33.0/c/src/core/connection_driver.c:137
#13 0xb6377614 in pconnection_batch_next (batch=0x1efc58) at 
/usr/src/debug/qpid-proton/0.33.0-r0/qpid-proton-0.33.0/c/src/proactor/epoll.c:879
#14 0xb64da328 in proton::container::impl::thread() (this=this@entry=0x1ceb68) 
at 
/usr/src/debug/qpid-proton/0.33.0-r0/qpid-proton-0.33.0/cpp/src/proactor_container_impl.cpp:757
#15 0xb64da930 in proton::container::impl::run(int) (this=0x1ceb68, 
threads=threads@entry=1) at 
/usr/src/debug/qpid-proton/0.33.0-r0/qpid-proton-0.33.0/cpp/src/proactor_container_impl.cpp:805
#16 0xb64cbcec in proton::container::run() (this=<optimized out>) at 
/usr/src/debug/qpid-proton/0.33.0-r0/qpid-proton-0.33.0/cpp/src/container.cpp:92
{code}
This is the {{clazz}} that was reify'ed inside {{frame 1}} ({{pn_class_free}}):
{code:java}
>>> frame 1
#1  0xb634ed00 in pn_class_free (clazz=0x1e0490, object=0x1e0910) at 
/usr/src/debug/qpid-proton/0.33.0-r0/qpid-proton-0.33.0/c/src/core/object/object.c:120
120        int rc = clazz->refcount(object);
>>> p *clazz
$2 = {
  name = 0x48 <error: Cannot access memory at address 0x48>, 
  cid = CID_pn_raw_connection, 
  newinst = 0x1e0428, 
  initialize = 0x0, 
  incref = 0xb636e938 <PN_WEAKREF>, 
  decref = 0x10, 
  refcount = 0x0, 
  finalize = 0x1e04b8, 
  free = 0x0, 
  reify = 0x49, 
  hashcode = 0x1e0448, 
  compare = 0x1e0540, 
  inspect = 0x0
}
{code}
I have a coredump of the crash, so it is quiet easy for me to provide 
additional information.
If you have any idea where I should poke around, please tell me. It takes quite 
a while to
reproduce this bug - we need to run the service for > 12 hours - but if you 
have any other idea where I should look, or what I can trace to get this bug 
fixed, please tell me.

Thank you very much in advance.

Kind regards,
Nicolas Riebesel



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to