[ https://issues.apache.org/jira/browse/ZOOKEEPER-897?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Mahadev konar updated ZOOKEEPER-897: ------------------------------------ Status: Open (was: Patch Available) jared, The patch that you provided leaks memory for the zookeeper client. We have to clean up the tosend and to process buffers on close and free them. Did you observe the problem with which release? I had tried to fix all the issues with zookeeper_close() in ZOOKEEPER-591. Also, michi has fixed a couple other issues in ZOOKEEPER-804. what version of code are you running? Also, can you provide some test case which causes this issue? (I know its hard to reproduce but even a test that reproduces it once in 10-20 times is good enough). > C Client seg faults during close > -------------------------------- > > Key: ZOOKEEPER-897 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-897 > Project: Zookeeper > Issue Type: Bug > Components: c client > Reporter: Jared Cantwell > Assignee: Jared Cantwell > Fix For: 3.3.2, 3.4.0 > > Attachments: ZOOKEEEPER-897.diff, ZOOKEEPER-897.patch > > > We observed a crash while closing our c client. It was in the do_io() thread > that was processing as during the close() call. > #0 queue_buffer (list=0x6bd4f8, b=0x0, add_to_front=0) at src/zookeeper.c:969 > #1 0x000000000046234e in check_events (zh=0x6bd480, events=<value optimized > out>) at src/zookeeper.c:1687 > #2 0x0000000000462d74 in zookeeper_process (zh=0x6bd480, events=2) at > src/zookeeper.c:1971 > #3 0x0000000000469c34 in do_io (v=0x6bd480) at src/mt_adaptor.c:311 > #4 0x00007ffff7bc59ca in start_thread () from /lib/libpthread.so.0 > #5 0x00007ffff6f706fd in clone () from /lib/libc.so.6 > #6 0x0000000000000000 in ?? () > We tracked down the sequence of events, and the cause is that input_buffer is > being freed from a thread other than the do_io thread that relies on it: > 1. do_io() call check_events() > 2. if(events&ZOOKEEPER_READ) branch executes > 3. if (rc > 0) branch executes > 4. if (zh->input_buffer != &zh->primer_buffer) branch executes > .....in the meantime...... > 5. zookeeper_close() called > 6. if (inc_ref_counter(zh,0)!=0) branch executes > 7. cleanup_bufs() is called > 8. input_buffer is freed at the end > ..... back to check_events()......... > 9. queue_events() is called on a NULL buffer. > I believe the patch is to only call free_completions() in zookeeper_close() > and not cleanup_bufs(). The original reason cleanup_bufs() was added was to > call any outstanding synhcronous completions, so only free_completions (which > is guarded) is needed. I will submit a patch for review with this change. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.