[zeromq-dev] Crash in zmq::ctx_t::connect_inproc_sockets()

Eric Pederson ericacm at gmail.com
Wed Jun 3 23:32:25 CEST 2020


Hi all - sorry for the crosspost, I also logged this as an issue on Github
<https://github.com/zeromq/libzmq/issues/3947>.

We have been getting a crash with this stack trace in one of our
applications recently. It happens at least a once a week.

public: struct std::_Tree_node<struct std::pair<class
std::basic_string<char,struct std::char_traits<char>,class
std::allocator<char> > const ,struct
zmq::ctx_t::pending_connection_t>,void *> * __thiscall
std::_Tree_buy<struct std::pair<class std::basic_string<char,struct
std::char_traits<char>,class std::allocator<char> > const ,struct
zmq::ctx_t::pending_connection_t>,class std::allocator<struct
std::pair<class std::basic_string<char,struct
std::char_traits<char>,class std::allocator<char> > const ,struct
zmq::ctx_t::pending_connection_t> >
>::_Buynode0(void)+0x3C(0x6fa1bd08,0x72207040,0x72207040,0x6fa18df4)
protected: class std::_Tree_const_iterator<class std::_Tree_val<struct
std::_Tree_simple_types<class zmq::own_t *> > > __thiscall
std::_Tree<class std::_Tset_traits<class zmq::own_t *,struct
std::less<class zmq::own_t *>,class std::allocator<class zmq::own_t
*>,0> >::_Insert_at<class zmq::own_t * const &,struct
std::_Nil>(bool,struct std::_Tree_node<class zmq::own_t *,void *>
*,class zmq::own_t * const &,struct
std::_Nil)+0xE5(0xa339f298,0x822f8b0,0x6f9d9637,0x822f8c0)
private: void __thiscall zmq::ctx_t::connect_inproc_sockets(class
zmq::socket_base_t *,struct zmq::options_t &,struct
zmq::ctx_t::pending_connection_t const &,enum
zmq::ctx_t::side)+0xCA(0x822f8c0,0x822f900,0x6f9e50e1,0x2d)
protected: void __thiscall std::_Tree<class std::_Tmap_traits<class
std::basic_string<char,struct std::char_traits<char>,class
std::allocator<char> >,struct zmq::ctx_t::pending_connection_t,struct
std::less<class std::basic_string<char,struct
std::char_traits<char>,class std::allocator<char> > >,class
std::allocator<struct std::pair<class std::basic_string<char,struct
std::char_traits<char>,class std::allocator<char> > const ,struct
zmq::ctx_t::pending_connection_t> >,1> >::_Copy<struct
std::integral_constant<bool,0> >(class std::_Tree<class
std::_Tmap_traits<class std::basic_string<char,struct
std::char_traits<char>,class std::allocator<char> >,struct
zmq::ctx_t::pending_connection_t,struct std::less<class
std::basic_string<char,struct std::char_traits<char>,class
std::allocator<char> > >,class std::allocator<struct std::pair<class
std::basic_string<char,struct std::char_traits<char>,class
std::allocator<char> > const ,struct zmq::ctx_t::pending_connection_t>
>,1> > const &,struct
std::integral_constant<bool,0>)+0x57(0x2d,0x822f8c0,0x835a3f70,0x6)
private: int __thiscall zmq::curve_client_t::process_ready(unsigned
char const *,unsigned int)+0x51(0x835a3bd8,0x6f9ea0af,0xa0d82290,0x0)
public: void __thiscall zmq::io_object_t::plug(class zmq::io_thread_t
*)+0x82(0x5cc5870,0x5cc5870,0x5cc53e8,0x5cc53e8)
protected: struct std::pair<class std::_Tree_iterator<class
std::_Tree_val<struct std::_Tree_simple_types<struct std::pair<class
std::basic_string<char,struct std::char_traits<char>,class
std::allocator<char> > const ,struct zmq::ctx_t::pending_connection_t>
> > >,class std::_Tree_iterator<class std::_Tree_val<struct
std::_Tree_simple_types<struct std::pair<class
std::basic_string<char,struct std::char_traits<char>,class
std::allocator<char> > const ,struct zmq::ctx_t::pending_connection_t>
> > > > __thiscall std::_Tree<class std::_Tmap_traits<class
std::basic_string<char,struct std::char_traits<char>,class
std::allocator<char> >,struct zmq::ctx_t::pending_connection_t,struct
std::less<class std::basic_string<char,struct
std::char_traits<char>,class std::allocator<char> > >,class
std::allocator<struct std::pair<class std::basic_string<char,struct
std::char_traits<char>,class std::allocator<char> > const ,struct
zmq::ctx_t::pending_connection_t> >,1> >::_Eqrange(class
std::basic_string<char,struct std::char_traits<char>,class
std::allocator<char> > const
&)+0x1CE(0x5cc5870,0x822f970,0x2,0x5cc53e8)
protected: int __thiscall zmq::mechanism_t::parse_metadata(unsigned
char const *,unsigned int,bool)+0xA1(0x4bf144cc,0x2,0x5cc53e8,0x0)
public: virtual __thiscall zmq::plain_server_t::~plain_server_t(void)+0x69()
private: virtual void __thiscall
zmq::session_base_t::process_attach(struct zmq::i_engine
*)+0x26(0x5cc53e8,0xf,0x822fa00,0x822f9f8)
private: void __thiscall
zmq::session_base_t::start_connecting(bool)+0x7C(0x822fc1c,0x5,0xfa,0x822fc1c)
# calls zmq::poll here from cppzmq
falcon::service::common::ZmqLoop::poll+0x6E(0x822fcfc,0x4,0xfa) zmqloop.cpp


   - libzmq version: 4.3.2
   - OS: Windows

Does this stack trace even look legit?

For example:

protected: int __thiscall zmq::mechanism_t::parse_metadata(unsigned
char const *,unsigned int,bool)+0xA1(0x4bf144cc,0x2,0x5cc53e8,0x0)
public: virtual __thiscall zmq::plain_server_t::~plain_server_t(void)+0x69()

Looking at the source for libzmq 4.3.2, it's unclear that you can even
reach zmq::mechanism_t::parse_metadata() from
zmq::plain_server_t::~plain_server_t() because although
zmq::plain_server_t does
indirectly derive from zmq::mechanism_t, there are all of the destructors
in the inheritance chain are empty.


Unfortunately that's all the information I have right now. A number of the
stack trace entries are missing due to inlining.


Thanks,

-- Eric
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20200603/5f5d15ec/attachment.htm>


More information about the zeromq-dev mailing list