[jira] [Resolved] (PROTON-540) [proton-c] Messenger segfault when shutting down

Rafael H. Schloming (JIRA) Wed, 02 Apr 2014 05:18:56 -0700

     [ 
https://issues.apache.org/jira/browse/PROTON-540?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Rafael H. Schloming resolved PROTON-540.
----------------------------------------

    Resolution: Fixed

> [proton-c] Messenger segfault when shutting down
> ------------------------------------------------
>
>                 Key: PROTON-540
>                 URL: https://issues.apache.org/jira/browse/PROTON-540
>             Project: Qpid Proton
>          Issue Type: Bug
>          Components: proton-c
>    Affects Versions: 0.7
>            Reporter: Ken Giusti
>            Assignee: Rafael H. Schloming
>             Fix For: 0.7
>
>
> The 'star_topology' Messenger test are throwing the occasional seg-fault.  
> Here's a valgrind backtrace:
> proton_tests.soak.MessengerTests.test_star_topology_valgrind 
> ......................................................................................................
>  fail
> Error during test:  Traceback (most recent call last):
>     File "./tests/python/proton-test", line 352, in run
>       phase()
>     File 
> "/home/kgiusti/work/proton/0.7/qpid-proton-0.7/tests/python/proton_tests/soak.py",
>  line 348, in test_star_topology_valgrind
>       self._do_star_topology_test( MessengerReceiverValgrind, 
> MessengerSenderValgrind )
>     File 
> "/home/kgiusti/work/proton/0.7/qpid-proton-0.7/tests/python/proton_tests/soak.py",
>  line 280, in _do_star_topology_test
>       self._do_test(iterations)
>     File 
> "/home/kgiusti/work/proton/0.7/qpid-proton-0.7/tests/python/proton_tests/soak.py",
>  line 112, in _do_test
>       R.stderr()))
>   AssertionError: Command '['/usr/bin/valgrind', '--error-exitcode=1', 
> '--quiet', '--trace-children=yes', '--leak-check=full', 
> '--suppressions=/home/kgiusti/work/proton/0.7/qpid-proton-0.7/tests/python/proton_tests/valgrind.supp',
>  'msgr-recv', '-X', 'READY', '-a', 
> 'amqp://~0.0.0.0:62305,amqp://~0.0.0.0:57030,amqp://~0.0.0.0:63714', '-c', 
> '1530', '-t', '60', '-R']' failed status=1: '==16855== Invalid read of size 8
>   ==16855==    at 0x4C258CE: pn_compare (in 
> /home/kgiusti/work/proton/0.7/qpid-proton-0.7/build/proton-c/libqpid-proton.so.2.0.0)
>   ==16855==    by 0x4C25959: pn_equals (in 
> /home/kgiusti/work/proton/0.7/qpid-proton-0.7/build/proton-c/libqpid-proton.so.2.0.0)
>   ==16855==    by 0x4C25D79: pn_list_index (in 
> /home/kgiusti/work/proton/0.7/qpid-proton-0.7/build/proton-c/libqpid-proton.so.2.0.0)
>   ==16855==    by 0x4C25DE8: pn_list_remove (in 
> /home/kgiusti/work/proton/0.7/qpid-proton-0.7/build/proton-c/libqpid-proton.so.2.0.0)
>   ==16855==    by 0x4C445FE: pn_listener_ctx_free (in 
> /home/kgiusti/work/proton/0.7/qpid-proton-0.7/build/proton-c/libqpid-proton.so.2.0.0)
>   ==16855==    by 0x4C442D1: pni_listener_finalize (in 
> /home/kgiusti/work/proton/0.7/qpid-proton-0.7/build/proton-c/libqpid-proton.so.2.0.0)
>   ==16855==    by 0x4C4AC22: pn_selectable_finalize (in 
> /home/kgiusti/work/proton/0.7/qpid-proton-0.7/build/proton-c/libqpid-proton.so.2.0.0)
>   ==16855==    by 0x4C25745: pn_finalize (in 
> /home/kgiusti/work/proton/0.7/qpid-proton-0.7/build/proton-c/libqpid-proton.so.2.0.0)
>   ==16855==    by 0x4C256BE: pn_decref (in 
> /home/kgiusti/work/proton/0.7/qpid-proton-0.7/build/proton-c/libqpid-proton.so.2.0.0)
>   ==16855==    by 0x4C257E0: pn_free (in 
> /home/kgiusti/work/proton/0.7/qpid-proton-0.7/build/proton-c/libqpid-proton.so.2.0.0)
>   ==16855==    by 0x4C4B126: pn_selectable_free (in 
> /home/kgiusti/work/proton/0.7/qpid-proton-0.7/build/proton-c/libqpid-proton.so.2.0.0)
>   ==16855==    by 0x4C46AED: pni_wait (in 
> /home/kgiusti/work/proton/0.7/qpid-proton-0.7/build/proton-c/libqpid-proton.so.2.0.0)
>   ==16855==  Address 0x4ea6bb0 is 16 bytes before a block of size 56 alloc'd
>   ==16855==    at 0x4A06409: malloc (in 
> /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
>   ==16855==    by 0x4C443ED: pn_listener_ctx (in 
> /home/kgiusti/work/proton/0.7/qpid-proton-0.7/build/proton-c/libqpid-proton.so.2.0.0)
>   ==16855==    by 0x4C47928: pn_messenger_subscribe (in 
> /home/kgiusti/work/proton/0.7/qpid-proton-0.7/build/proton-c/libqpid-proton.so.2.0.0)
>   ==16855==    by 0x4021CE: main (in 
> /home/kgiusti/work/proton/0.7/qpid-proton-0.7/build/tests/tools/apps/c/msgr-recv)
>   ==16855== 
> The problem is that the pn_listener_ctx is allocated using malloc: 
>   pn_listener_ctx_t *ctx = (pn_listener_ctx_t *) 
> malloc(sizeof(pn_listener_ctx_t));
>   ctx->messenger = messenger;
> but it is stored on a pn_list (messenger->listeners) - which assumes it is 
> derived from an "object" type.  When messenger tries to clean up a listener, 
> the pn_list attempts to access the non-existing clazz header.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Resolved] (PROTON-540) [proton-c] Messenger segfault when shutting down

Reply via email to