Hi,
We're using libcouchbase-2.4.7 and during some connection issues we received PROTOCOL_BINARY_RESPONSE_NOT_MY_VBUCKET that is finally causing a segmentation fault in lcbvb_destroy():
Program terminated with signal 11, Segmentation fault.
#0 0x000000363b27b53c in free () from /lib64/libc.so.6
Missing separate debuginfos, use: debuginfo-install bzip2-libs-1.0.5-7.el6_0.x86_64 cyrus-sasl-lib-2.1.23-15.el6_6.2.x86_64 db4-4.7.25-19.el6_6.x86_64 elfutils-libelf-0.158-3.2.el6.x86_64 glibc-2.12-1.149.el6_6.9.x86_64 gmp-4.3.1-7.el6_2.2.x86_64 gnutls-bf-2.12.23-3.el6.x86_64 keyutils-libs-1.4-5.el6.x86_64 krb5-libs-1.10.3-37.el6_6.x86_64 libacl-2.2.49-6.el6.x86_64 libattr-2.4.44-7.el6.x86_64 libcap-2.16-5.5.el6.x86_64 libcom_err-1.41.12-21.el6.x86_64 libcurl-7.29.0-20.el6.x86_64 libgcc-4.4.7-11.el6.x86_64 libgcrypt-1.4.5-11.el6_4.x86_64 libgpg-error-1.7-4.el6.x86_64 libidn-1.18-2.el6.x86_64 libmicrohttpd-0.9.40-1.el6.x86_64 libselinux-2.0.94-5.8.el6.x86_64 libssh2-1.4.2-1.el6_6.1.x86_64 libxml2-2.7.6-17.el6_6.1.x86_64 lksctp-tools-1.0.10-7.el6.x86_64 lm_sensors-libs-3.1.1-17.el6.x86_64 lua-5.1.4-4.1.el6.x86_64 net-snmp-libs-5.5-50.el6_6.1.x86_64 nettle-2.2-1.el6.rf.x86_64 nspr-4.10.8-1.el6_6.x86_64 nss-3.19.1-3.el6_6.x86_64 nss-softokn-freebl-3.14.3-22.el6_6.x86_64 nss-util-3.19.1-1.el6_6.x86_64 openldap-2.4.39-8.el6.x86_64 openssl-1.0.1e-30.el6.11.x86_64 perl-libs-5.10.1-136.el6_6.1.x86_64 popt-1.13-7.el6.x86_64 rpm-libs-4.8.0-38.el6_6.x86_64 tcp_wrappers-libs-7.6-57.el6.x86_64 xz-libs-4.999.9-0.5.beta.20091007git.el6.x86_64 zlib-1.2.3-29.el6.x86_64
(gdb) where
#0 0x000000363b27b53c in free () from /lib64/libc.so.6
#1 0x00000031d800ce62 in lcbvb_destroy (conf=0x7ff83400e850) at /usr/src/debug/libcouchbase-2.4.7/src/vbucket/vbucket.c:669
#2 0x00000031d8023042 in lcb_clconfig_decref (info=0x7ff834097490) at /usr/src/debug/libcouchbase-2.4.7/src/bucketconfig/confmon.c:344
#3 0x00000031d80244de in lcb_cccp_update (provider=0xd4ae00, host=<value optimized out>, data=0x7ff9b35fdb50) at /usr/src/debug/libcouchbase-2.4.7/src/bucketconfig/bc_cccp.c:195
#4 0x00000031d80329eb in handle_nmv (ctx=0x7ff834014570, nb=<value optimized out>) at /usr/src/debug/libcouchbase-2.4.7/src/mcserver/mcserver.c:157
#5 try_read (ctx=0x7ff834014570, nb=<value optimized out>) at /usr/src/debug/libcouchbase-2.4.7/src/mcserver/mcserver.c:243
#6 on_read (ctx=0x7ff834014570, nb=<value optimized out>) at /usr/src/debug/libcouchbase-2.4.7/src/mcserver/mcserver.c:295
#7 0x00000031d80178e8 in invoke_read_cb (sock=<value optimized out>, which=2, arg=0x7ff834014570) at /usr/src/debug/libcouchbase-2.4.7/src/lcbio/ctx.c:273
#8 E_handler (sock=<value optimized out>, which=2, arg=0x7ff834014570) at /usr/src/debug/libcouchbase-2.4.7/src/lcbio/ctx.c:290
#9 0x00007ffa0fb15f8c in event_process_active_single_queue (base=0xd49f50, flags=1) at event.c:1350
#10 event_process_active (base=0xd49f50, flags=1) at event.c:1420
#11 event_base_loop (base=0xd49f50, flags=1) at event.c:1621
(gdb) f 1
#1 0x00000031d800ce62 in lcbvb_destroy (conf=0x7ff83400e850) at /usr/src/debug/libcouchbase-2.4.7/src/vbucket/vbucket.c:669
669 free_service_strs(&srv->svc);
(gdb) print srv->svc
$37 = {data = 11210, mgmt = 8091, views = 8092, ixquery = 0, ixadmin = 0, n1ql = 0, views_base_ = 0x0, query_base_ = 0x400 "\207", hoststrs = {0x7ff83400ea50 "`", <incomplete sequence \352>, 0x0, 0x0, 0x0, 0x0, 0x0}}
I tried to figure out what's causing this fault ('hoststrs' and 'query_base_' doesn't seem right/already freed) but so far without any success (I am not so familiar with this code).
Anyone seen this before?
Regards,
MarcCan you try using the latest version of the library?
Looking at the git log I can’t see anything obvious that was changed in more recent versions, but something like a double free may also be possible.