Uploaded image for project: 'Couchbase C client library libcouchbase'
  1. Couchbase C client library libcouchbase
  2. CCBC-1215

Intermittent segfault using exists

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 3.0.1
    • 3.0.2
    • None
    • None
    • 1

    Description

      The python bindings call lcb_exists, and deep in there, at the end of the callback, we get a segfault when assembling the spans. Here's a stack trace from lldb, plus some relevant info on the frames:

      (lldb) thread backtrace
      		 
      * thread #2, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x1)
      		 
          frame #0: 0x00000001025bdba7 libcouchbase.2.dylib`::lcbtrace_span_add_tag_uint64(lcbtrace_SPAN *, const char *, uint64_t) [inlined] sllist_append(list=0x000000010060d3d8, item=0x000000010060d3d0) at sllist-inl.h:148:26
      		 
          frame #1: 0x00000001025bdb9e libcouchbase.2.dylib`::lcbtrace_span_add_tag_uint64(lcbtrace_SPAN *, const char *, uint64_t) [inlined] lcb::trace::Span::add_tag(this=0x000000010060d390, name="couchbase.context_info", copy=1, value=4404019552) at span.cc:409
      		 
        * frame #2: 0x00000001025bdb6e libcouchbase.2.dylib`::lcbtrace_span_add_tag_uint64(span=0x000000010060d390, name="couchbase.context_info", value=4404019552) at span.cc:99
      		 
          frame #3: 0x00000001024de043 _libcouchbase.cpython-37m-darwin.so`pycbc_propagate_context_info(span=0x00000001023422d0, dest=0x000000010060d390) at ext.c:2581:5
      		 
          frame #4: 0x00000001024de9e7 _libcouchbase.cpython-37m-darwin.so`pycbc_span_report(tracer=0x000000010234b940, span=0x00000001023422d0) at ext.c:2761:5
      		 
          frame #5: 0x00000001025bd826 libcouchbase.2.dylib`::lcbtrace_span_finish(lcbtrace_SPAN *, uint64_t) [inlined] lcb::trace::Span::finish(this=0x00000001023422d0, now=<unavailable>) at span.cc:366:9
      		 
          frame #6: 0x00000001025bd801 libcouchbase.2.dylib`::lcbtrace_span_finish(span=0x00000001023422d0, now=<unavailable>) at span.cc:71
      		 
          frame #7: 0x00000001025772be libcouchbase.2.dylib`::mcreq_dispatch_response(mc_PIPELINE *, mc_PACKET *, lcb::MemcachedResponse *, lcb_STATUS) at handler.cc:481:5
      		 
          frame #8: 0x0000000102577118 libcouchbase.2.dylib`::mcreq_dispatch_response(pipeline=0x0000000100462cd0, req=<unavailable>, res=0x00007ffeefbfdff0, immerr=LCB_SUCCESS) at handler.cc:1201
      		 
          frame #9: 0x00000001025aeaf9 libcouchbase.2.dylib`lcb::Server::try_read(this=0x0000000100462cd0, ctx=<unavailable>, ior=0x00000001021178f8) at mcserver.cc:0
      		 
          frame #10: 0x00000001025b02ae libcouchbase.2.dylib`on_read(ctx=0x00000001021178b0, (null)=<unavailable>) at mcserver.cc:579:26
      		 
          frame #11: 0x0000000102548cf9 libcouchbase.2.dylib`E_handler [inlined] invoke_read_cb(ctx=<unavailable>, nb=47) at ctx.c:255:5
      		 
          frame #12: 0x0000000102548cde libcouchbase.2.dylib`E_handler(sock=<unavailable>, which=2, arg=0x00000001021178b0) at ctx.c:282
      		 
          frame #13: 0x0000000102532122 libcouchbase.2.dylib`run_loop(io=0x00000001023426c0, is_tick=0) at plugin-select.c:309:17
      		 
          frame #14: 0x00000001025bd6dd libcouchbase.2.dylib`::lcb_wait(instance=0x0000000102342c00, flags=<unavailable>) at wait.cc:109:5
      		 
          frame #15: 0x00000001024f1624 _libcouchbase.cpython-37m-darwin.so`pycbc_oputil_wait_common(self=0x0000000104c78d70, context=0x000000010060bf20) at oputil.c:702:5
      		 
          frame #16: 0x00000001024f145c _libcouchbase.cpython-37m-darwin.so`pycbc_common_vars_wait(cv=0x00007ffeefbfe710, self=0x0000000104c78d70, context=0x000000010060bf20) at oputil.c:205:5
      		 
          frame #17: 0x00000001024e4709 _libcouchbase.cpython-37m-darwin.so`get_common(self=0x0000000104c78d70, args=0x0000000104cc8b10, kwargs=0x00000001020b7be0, optype=511, argopts=1, context=0x000000010060bf20) at get.c:420:15
      		 
          frame #18: 0x00000001024e4a8f _libcouchbase.cpython-37m-darwin.so`pycbc_Bucket_exists(self=0x0000000104c78d70, args=0x0000000104cc8b10,
      		 
       
      		 
      (lldb) f 0
      		 
      frame #0: 0x00000001025bdba7 libcouchbase.2.dylib`::lcbtrace_span_add_tag_uint64(lcbtrace_SPAN *, const char *, uint64_t) [inlined] sllist_append(list=0x000000010060d3d8, item=0x000000010060d3d0) at sllist-inl.h:148:26
      		 
         145 	        item->next = NULL;
      		 
         146 	    } else {
      		 
         147 	        slist_sanity_insert(list, item);
      		 
      -> 148 	        list->last->next = item;
      		 
         149 	        list->last = item;
      		 
         150 	    }
      		 
         151 	    item->next = NULL;
      		 
      (lldb) frame variable *list
      		 
      (sllist_root) *list = {
      		 
        first_prev = {
      		 
          next = 0x000000010060d410
      		 
        }
      		 
        last = 0x0000000000000001
      		 
      }

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          Ascending order - Click to sort in descending order
          david.kelly David Kelly added a comment -

          so from the above, the list is definitely broken. We get the span above from a call to lcbtrace_span_get_parent where the span we pass in comes from lcb (we set a callback somewhere).

          So – since I'm pretty sure the spans themselves come from lcb, and we seem to be using them in an opaque fashion (manipulating them via lcb calls only, no direct access), I'm guessing there is a code path that somethings leaves this uninitialized next in the list above.

          david.kelly David Kelly added a comment - so from the above, the list is definitely broken. We get the span above from a call to lcbtrace_span_get_parent where the span we pass in comes from lcb (we set a callback somewhere). So – since I'm pretty sure the spans themselves come from lcb, and we seem to be using them in an opaque fashion (manipulating them via lcb calls only, no direct access), I'm guessing there is a code path that somethings leaves this uninitialized next in the list above.
          build-team Couchbase Build Team added a comment -

          Build couchbase-server-7.0.0-3115 contains libcouchbase commit 7bdc23f with commit message:
          CCBC-1215: Segfault in exists calls

          build-team Couchbase Build Team added a comment - Build couchbase-server-7.0.0-3115 contains libcouchbase commit 7bdc23f with commit message: CCBC-1215 : Segfault in exists calls

          People

            david.kelly David Kelly
            david.kelly David Kelly
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes

                PagerDuty