search

cangwolf / memagent

Automatically exported from code.google.com/p/memagent
0 stars 0 forks source link

signal 6, Aborted in list_free at magent.c:329 #7

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. use ketama algorithm
2. 4 memcached servers 
3.

What is the expected output? What do you see instead?

Memagent v0.6 use ketama algorithm, encountered same kind of crash, three times 
on diffrent servers.

crash info:
Core was generated by `/usr/sbin/magent -l 127.0.0.1 -p 8087 -s 
192.168.103.105:8086 -s 192.168.103.10'.
Program terminated with signal 6, Aborted.
#0  0x00000032b8030265 in raise () from /lib64/libc.so.6
#1  0x00000032b8031d10 in abort () from /lib64/libc.so.6
#2  0x00000032b806a84b in __libc_message () from /lib64/libc.so.6
#3  0x00000032b807230f in _int_free () from /lib64/libc.so.6
#4  0x00000032b807276b in free () from /lib64/libc.so.6
#5  0x0000000000401e30 in list_free (l=0xdb08b20, keep_list=1) at magent.c:329
#6  0x00000000004037fd in process_get_response (fd=<value optimized out>, 
which=<value optimized out>, arg=0xdb09410) at magent.c:1408
#7  drive_memcached_server (fd=<value optimized out>, which=<value optimized 
out>, arg=0xdb09410) at magent.c:1285
#8  0x0000000000407a1a in event_base_loop ()

What version of the product are you using? On what operating system?
v0.6
Linux 2.6.18-194.32.1.el5xen x86_64 (RedHat )

Please provide any additional information below.

Original issue reported on code.google.com by Liny...@gmail.com on 22 Mar 2011 at 2:42

GoogleCodeExporter commented 9 years ago 
maybe a double free problem

Original comment by Liny...@gmail.com on 23 Mar 2011 at 8:59

GoogleCodeExporter commented 9 years ago 
[deleted comment]
GoogleCodeExporter commented 9 years ago 
[deleted comment]
GoogleCodeExporter commented 9 years ago 
发现了崩溃的原因:
(magent.c  r31版本)
函数process_get_response 1351行-1360行

        if (s->valuebytes < 0) {
            /* END\r\n or SERVER_ERROR\r\n
             * just skip this transcation
             */
            put_server_into_pool(s);
            c->srv = NULL;
            if (c->flag.is_last_key) out_string(c, "END");
            do_transcation(c); /* TO Next KEY */
            return;
        }

如果out_string(c, 
"END")中发生错误,c被释放,下一行执行do_transcation(c)将可能��
�生内存错误

Original comment by Liny...@gmail.com on 28 Mar 2011 at 9:04

GoogleCodeExporter commented 9 years ago 
[deleted comment]
GoogleCodeExporter commented 9 years ago 
附件为我在r31版本基础上修改的magent.c
以下为diff:
245c245
< static int out_string(conn *, const char *);
---
> static void out_string(conn *, const char *);
695,698c695
<       if (c->srv) {
<               server_free(c->srv);
<               c->srv = NULL;
<       }
---
>       server_free(c->srv);
805c802
< static int
---
> static void
812c809
<       if (c == NULL || str == NULL || str[0] == '\0') return -1;
---
>       if (c == NULL || str == NULL || str[0] == '\0') return;
817c814
<       if (b == NULL) return -1;
---
>       if (b == NULL) return;
837d833
<               return -1;
839d834
<       return 0;
1179d1173
<               c->srv = NULL;
1352d1345
<                                               return;
1364,1367c1357
<                       if (c->flag.is_last_key) {
<                               if (out_string(c, "END") == -1)
<                                       return;
<                       }
---
>                       if (c->flag.is_last_key) out_string(c, "END");
1620d1609
<       if (b == NULL) return;
1652,1655c1641
<                       if (out_string(c, "SERVER_ERROR OUT OF MEMORY") == -1) {
<                               buffer_free(b);
<                               return;
<                       }
---
>                       out_string(c, "SERVER_ERROR OUT OF MEMORY");
1751,1754c1737
<               if (out_string(c, "memcached agent v" VERSION) == -1) {
<                       buffer_free(b);
<                       return;
<               }
---
>               out_string(c, "memcached agent v" VERSION);
1758,1765c1741
<                       if (out_string(c, tmp) == -1) {
<                               buffer_free(b);
<                               return;
<                       }
<               }
<               if (out_string(c, "END") == -1) {
<                       buffer_free(b);
<                       return;
---
>                       out_string(c, tmp);
1766a1743
>               out_string(c, "END");
1773,1776c1750
<               if (out_string(c, "VERSION memcached agent v" VERSION) == -1) {
<                       buffer_free(b);
<                       return;
<               }
---
>               out_string(c, "VERSION memcached agent v" VERSION);
1779,1782c1753
<               if (out_string(c, "UNSUPPORTED COMMAND") == -1) {
<                       buffer_free(b);
<                       return;
<               }
---
>               out_string(c, "UNSUPPORTED COMMAND");

Original comment by Liny...@gmail.com on 28 Mar 2011 at 9:17

Attachments: