Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

segmentation fault from rdkafka_topic.c #4907

Open
3 of 7 tasks
ojktx opened this issue Nov 19, 2024 · 1 comment
Open
3 of 7 tasks

segmentation fault from rdkafka_topic.c #4907

ojktx opened this issue Nov 19, 2024 · 1 comment

Comments

@ojktx
Copy link

ojktx commented Nov 19, 2024

Read the FAQ first: https://github.com/confluentinc/librdkafka/wiki/FAQ

Do NOT create issues for questions, use the discussion forum: https://github.com/confluentinc/librdkafka/discussions

Description

Hello!

I am reporting a segmentation fault.
I will explain briefly because the symptoms and code are clear.
In the rd_kafka_topic_metadata_update() function of rdkafka_topic.c, a NULL reference exception occurs on a variable rktp.

In v2.6.0, the rktp variable is referenced at line 1390.

After analyzing the code for a short time, I found that a null check was missing.

In simple terms,
if (unlikely(!rktp)) {
rd_kafka_dbg(~~~);
return;
}
This code was missing.

I found this problem when I tried to test the problem when the broker was restarted repeatedly.

It is not always the case, but about once in dozens of times, the rktp pointer becomes NULL.
However, since I cannot write an issue at work, I am writing it simply at home without a call stack and screenshots.

Since my company uses librdkafka on at least a thousand servers, I need to fix the issue before I can upgrade the version.

I hope for a quick fix. Thanks.

How to reproduce

With librdkafka producer running,

repeat start-stop of brokers.

An issue occurred in 2.6.0.

Checklist

Please provide the following information:

  • librdkafka version (release number or git tag): v2.6.0
  • Apache Kafka version: 3.6.0
  • librdkafka client configuration: <REPLACE with e.g., message.timeout.ms=123, auto.reset.offset=earliest, ..>
  • Operating system: win10 , ubuntu 22.04
  • Provide logs (with debug=.. as necessary) from librdkafka
  • Provide broker log excerpts
  • Critical issue
@thmic
Copy link

thmic commented Nov 29, 2024

I encountered the same issue. When I stop the Kafka service, delete all Kafka logs, and then restart the service, many applications using Kafka generate core dumps. When debugging the core files, I found that rktp is 0x0.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00000000004a6efb in rd_kafka_topic_metadata_update (rkt=rkt@entry=0x14e474004650, mdt=mdt@entry=0x14e4740041e8, mdit=mdit@entry=0x14e474004208,
ts_age=) at rdkafka_topic.c:1384
1384 rdkafka_topic.c: No such file or directory.
[Current thread is 1 (Thread 0x14e47dd88640 (LWP 50313))]
(gdb) bt
#0 0x00000000004a6efb in rd_kafka_topic_metadata_update (rkt=rkt@entry=0x14e474004650, mdt=mdt@entry=0x14e4740041e8, mdit=mdit@entry=0x14e474004208,
ts_age=) at rdkafka_topic.c:1384
#1 0x00000000004a7ddd in rd_kafka_topic_metadata_update2 (rkb=rkb@entry=0x24272a0, mdt=mdt@entry=0x14e4740041e8, mdit=mdit@entry=0x14e474004208)
at rdkafka_topic.c:1471
#2 0x0000000000539bb4 in rd_kafka_parse_Metadata_update_topic (mdit=, mdt=0x14e4740041e8, rkb=0x24272a0) at rdkafka_metadata.c:379
#3 rd_kafka_parse_Metadata0 (rkb=rkb@entry=0x24272a0, request=request@entry=0x14e47400b140, rkbuf=rkbuf@entry=0x14e4680048a0, mdip=mdip@entry=0x14e47dd83ed8,
request_topics=request_topics@entry=0x0, reason=) at rdkafka_metadata.c:839
#4 0x000000000053efef in rd_kafka_parse_Metadata (rkb=rkb@entry=0x24272a0, request=request@entry=0x14e47400b140, rkbuf=rkbuf@entry=0x14e4680048a0,
mdip=mdip@entry=0x14e47dd83ed8) at rdkafka_metadata.c:1111
#5 0x00000000004cd9b7 in rd_kafka_handle_Metadata (rk=, rkb=0x24272a0, err=, rkbuf=0x14e4680048a0, request=0x14e47400b140,
opaque=0x0) at rdkafka_request.c:2490
#6 0x00000000004b937c in rd_kafka_buf_callback (rk=0x241b280, rkb=0x24272a0, err=RD_KAFKA_RESP_ERR_NO_ERROR, response=0x14e4680048a0, request=0x14e47400b140)
at rdkafka_buf.c:509
#7 0x00000000004c96e3 in rd_kafka_op_handle_std (rk=, rkq=, rko=, cb_type=) at rdkafka_op.c:875
#8 0x00000000004c9778 in rd_kafka_op_handle (rk=0x241b280, rkq=0x14e47dd84130, rko=0x14e4680045a0, cb_type=RD_KAFKA_Q_CB_CALLBACK, opaque=0x241b280,
callback=0x484840 <rd_kafka_poll_cb>) at rdkafka_op.c:915
#9 0x00000000004be324 in rd_kafka_q_serve (rkq=0x241c4c0, timeout_ms=19, max_cnt=max_cnt@entry=0, cb_type=cb_type@entry=RD_KAFKA_Q_CB_CALLBACK,
callback=callback@entry=0x0, opaque=opaque@entry=0x0) at rdkafka_queue.c:578
#10 0x000000000048d08b in rd_kafka_thread_main (arg=0x241b280) at rdkafka.c:2136
#11 0x000014e4a6ac80f1 in ?? () from /usr/lib64/libc.so.6
#12 0x000014e4a6b4acf0 in ?? () from /usr/lib64/libc.so.6
(gdb) p * rktp
Cannot access memory at address 0x0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants