[ https://issues.apache.org/jira/browse/ZOOKEEPER-897?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Mahadev konar updated ZOOKEEPER-897: ------------------------------------ Status: Patch Available (was: Open) You are right Jared. The patch looks good to me. I am trying to rerun the cpp unit tests a couple of times to reverify that the client close doesnt create any problems. It would be great if you could rerun the cppunit tests couple of times to endorse the fix. > C Client seg faults during close > -------------------------------- > > Key: ZOOKEEPER-897 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-897 > Project: Zookeeper > Issue Type: Bug > Components: c client > Reporter: Jared Cantwell > Assignee: Jared Cantwell > Fix For: 3.3.2, 3.4.0 > > Attachments: ZOOKEEEPER-897.diff, ZOOKEEPER-897.patch > > > We observed a crash while closing our c client. It was in the do_io() thread > that was processing as during the close() call. > #0 queue_buffer (list=0x6bd4f8, b=0x0, add_to_front=0) at src/zookeeper.c:969 > #1 0x000000000046234e in check_events (zh=0x6bd480, events=<value optimized > out>) at src/zookeeper.c:1687 > #2 0x0000000000462d74 in zookeeper_process (zh=0x6bd480, events=2) at > src/zookeeper.c:1971 > #3 0x0000000000469c34 in do_io (v=0x6bd480) at src/mt_adaptor.c:311 > #4 0x00007ffff7bc59ca in start_thread () from /lib/libpthread.so.0 > #5 0x00007ffff6f706fd in clone () from /lib/libc.so.6 > #6 0x0000000000000000 in ?? () > We tracked down the sequence of events, and the cause is that input_buffer is > being freed from a thread other than the do_io thread that relies on it: > 1. do_io() call check_events() > 2. if(events&ZOOKEEPER_READ) branch executes > 3. if (rc > 0) branch executes > 4. if (zh->input_buffer != &zh->primer_buffer) branch executes > .....in the meantime...... > 5. zookeeper_close() called > 6. if (inc_ref_counter(zh,0)!=0) branch executes > 7. cleanup_bufs() is called > 8. input_buffer is freed at the end > ..... back to check_events()......... > 9. queue_events() is called on a NULL buffer. > I believe the patch is to only call free_completions() in zookeeper_close() > and not cleanup_bufs(). The original reason cleanup_bufs() was added was to > call any outstanding synhcronous completions, so only free_completions (which > is guarded) is needed. I will submit a patch for review with this change. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.