Details
-
Type:
Bug
-
Status: Resolved
-
Priority:
Major - P3
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: WT2.7.0
-
Labels:None
-
# Replies:3
-
Last comment by Customer:true
-
Sprint:Sharding 9 (09/18/15)
Description
While simulating out-of-memory conditions in __wt_calloc, I triggered a segmentation fault in cur_stat.c.
After a calloc() failure for a statistics cursor in __wt_curstat_open, the function jumps to an error block that calls __curstat_free_config, which attempts to access a field within the NULL cursor.
Backtrace:
=================================================================
|
==118999== ERROR: AddressSanitizer: SEGV on unknown address 0x0000000005e8 (pc 0x000003a3c0ca sp 0x7f12f97c22d0 bp 0x7f12f97c22f0 T71)
|
AddressSanitizer can not provide additional info.
|
#0 0x3a3c0c9 in __curstat_free_config /home/ubuntu/mongo/src/third_party/wiredtiger/src/cursor/cur_stat.c:48
|
#1 0x3a41641 in __wt_curstat_open /home/ubuntu/mongo/src/third_party/wiredtiger/src/cursor/cur_stat.c:603
|
#2 0x3b31689 in __wt_open_cursor /home/ubuntu/mongo/src/third_party/wiredtiger/src/session/session_api.c:296
|
#3 0x3b32301 in __session_open_cursor /home/ubuntu/mongo/src/third_party/wiredtiger/src/session/session_api.c:359
|
#4 0x26e1124 in mongo::WiredTigerUtil::getStatisticsValue(__wt_session*, std::string const&, std::string const&, int) /home/ubuntu/mongo/src/mongo/db/storage/wiredtiger/wiredtiger_util.cpp:267
|
#5 0x26c9fa2 in mongo::StatusWith<long> mongo::WiredTigerUtil::getStatisticsValueAs<long>(__wt_session*, std::string const&, std::string const&, int, long) /home/ubuntu/mongo/src/mongo/db/storage/wiredtiger/wiredtiger_util.h:277
|
#6 0x26c8e54 in mongo::StatusWith<long> mongo::WiredTigerUtil::getStatisticsValueAs<long>(__wt_session*, std::string const&, std::string const&, int) /home/ubuntu/mongo/src/mongo/db/storage/wiredtiger/wiredtiger_util.h:267
|
#7 0x26be9dd in mongo::WiredTigerRecordStore::storageSize(mongo::OperationContext*, mongo::BSONObjBuilder*, int) const /home/ubuntu/mongo/src/mongo/db/storage/wiredtiger/wiredtiger_record_store.cpp:552
|
#8 0x25ae375 in mongo::KVDatabaseCatalogEntry::sizeOnDisk(mongo::OperationContext*) const /home/ubuntu/mongo/src/mongo/db/storage/kv/kv_database_catalog_entry.cpp:143
|
#9 0x1de9942 in mongo::CmdListDatabases::run(mongo::OperationContext*, std::string const&, mongo::BSONObj&, int, std::string&, mongo::BSONObjBuilder&) /home/ubuntu/mongo/src/mongo/db/commands/list_databases.cpp:107
|
#10 0x1e9a963 in mongo::Command::run(mongo::OperationContext*, mongo::rpc::RequestInterface const&, mongo::rpc::ReplyBuilderInterface*) /home/ubuntu/mongo/src/mongo/db/dbcommands.cpp:1353
|
#11 0x1e99911 in mongo::Command::execCommand(mongo::OperationContext*, mongo::Command*, mongo::rpc::RequestInterface const&, mongo::rpc::ReplyBuilderInterface*) /home/ubuntu/mongo/src/mongo/db/dbcommands.cpp:1266
|
#12 0x1da2957 in mongo::runCommands(mongo::OperationContext*, mongo::rpc::RequestInterface const&, mongo::rpc::ReplyBuilderInterface*) /home/ubuntu/mongo/src/mongo/db/commands.cpp:495
|
#13 0x207ad98 in mongo::(anonymous namespace)::receivedRpc(mongo::OperationContext*, mongo::Client&, mongo::DbResponse&, mongo::Message&) /home/ubuntu/mongo/src/mongo/db/instance.cpp:290 #14 0x207c3be in mongo::assembleResponse(mongo::OperationContext*, mongo::Message&, mongo::DbResponse&, mongo::HostAndPort const&) /home/ubuntu/mongo/src/mongo/db/instance.cpp:508
|
#15 0x1b468ea in mongo::MyMessageHandler::process(mongo::Message&, mongo::AbstractMessagingPort*) /home/ubuntu/mongo/src/mongo/db/db.cpp:166
|
#16 0x29f6d15 in mongo::PortMessageServer::handleIncomingMsg(void*) /home/ubuntu/mongo/src/mongo/util/net/message_server_port.cpp:229
|
#17 0x7f1329a81b97 (/usr/lib/x86_64-linux-gnu/libasan.so.0+0x18b97)
|
#18 0x7f1328c27181 in start_thread /build/buildd/eglibc-2.19/nptl/pthread_create.c:312
|
#19 0x7f132895447c in clone /build/buildd/eglibc-2.19/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:111
|
SUMMARY: AddressSanitizer: SEGV /home/ubuntu/mongo/src/third_party/wiredtiger/src/cursor/cur_stat.c:48 __curstat_free_config
|
Thread T71 created by T0 here:
|
#0 0x7f1329a73b5b in __interceptor_pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.0+0xab5b)
|
#1 0x29f6405 in mongo::PortMessageServer::accepted(std::shared_ptr<mongo::Socket>, long long) /home/ubuntu/mongo/src/mongo/util/net/message_server_port.cpp:148
|
#2 0x29ec7c4 in mongo::Listener::initAndListen() /home/ubuntu/mongo/src/mongo/util/net/listen.cpp:351
|
#3 0x29f6725 in mongo::PortMessageServer::run() /home/ubuntu/mongo/src/mongo/util/net/message_server_port.cpp:176
|
#4 0x1b3e368 in mongo::_initAndListen(int) /home/ubuntu/mongo/src/mongo/db/db.cpp:595
|
#5 0x1b3e789 in mongo::initAndListen(int) /home/ubuntu/mongo/src/mongo/db/db.cpp:600
|
#6 0x1b40139 in mongoDbMain(int, char**, char**) /home/ubuntu/mongo/src/mongo/db/db.cpp:840
|
#7 0x1b3eb33 in main /home/ubuntu/mongo/src/mongo/db/db.cpp:645
|
#8 0x7f132887bec4 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287
|
==118999== ABORTING
|
Issue Links
- is depended on by
-
SERVER-20060
WiredTiger changes for MongoDB 3.1.8
-
- Closed
-
- links to
Activity
Author:
{u'username': u'agorrod', u'name': u'Alex Gorrod', u'email': u'alexander.gorrod@mongodb.com'}Message: Merge pull request #2166 from EshaMaharishi/WT-2078
WT-2078 prevent segfault with NULL statistics cursor during OOM conditions
Branch: develop
https://github.com/wiredtiger/wiredtiger/commit/11c0fa04aee3fcfebfb423975bf8cd3183f8ec6d
Author:
{u'username': u'agorrod', u'name': u'Alex Gorrod', u'email': u'alexander.gorrod@mongodb.com'}Message: Merge pull request #2166 from EshaMaharishi/WT-2078
WT-2078 prevent segfault with NULL statistics cursor during OOM conditions
Branch: develop
https://github.com/wiredtiger/wiredtiger/commit/11c0fa04aee3fcfebfb423975bf8cd3183f8ec6d
Author:
{u'username': u'EshaMaharishi', u'name': u'Esha Maharishi', u'email': u'esha.maharishi@10gen.com'}Message:
WT-2078prevent segfault with NULL statistics cursor during OOM conditionsBranch: develop
https://github.com/wiredtiger/wiredtiger/commit/fa382fc157ecbaa9abb0d4bf990b063181797091