Uploaded image for project: 'WiredTiger'
  1. WiredTiger
  2. WT-3946

Truncate segfault with a NULL start cursor

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 3.6.4, 3.4.14, 3.7.3, WT3.1.0
    • Affects Version/s: 3.6.3
    • Component/s: None
    • Labels:
      None
    • Storage Non-NYC 2018-03-12
    • v3.6, v3.4

      WiredTiger can crash when WT_SESSION::truncate is called with a NULL start cursor if no records are found to truncate.

      Found during Evergreen testing:

      ----- BEGIN BACKTRACE -----
{"backtrace":[{"b":"7F081FEA4000","o":"21F7871","s":"_ZN5mongo15printStackTraceERSo"},{"b":"7F081FEA4000","o":"21F6A89"},{"b":"7F081FEA4000","o":"21F70F6"},{"b":"7F081E8E3000","o":"10330"},{"b":"7F081FEA4000","o":"AAEBC2","s":"__wt_session_range_truncate"},{"b":"7F081FEA4000","o":"AAF0B5"},{"b":"7F081FEA4000","o":"A4059A","s":"_ZN5mongo21WiredTigerRecordStore12reclaimOplogEPNS_16OperationContextE"},{"b":"7F081FEA4000","o":"A201DA"},{"b":"7F081FEA4000","o":"A20760"},{"b":"7F081FEA4000","o":"20E72F1","s":"_ZN5mongo13BackgroundJob7jobBodyEv"},{"b":"7F081FEA4000","o":"2305060"},{"b":"7F081E8E3000","o":"8184"},{"b":"7F081E51A000","o":"FDFFD","s":"clone"}],"processInfo":{ "mongodbVersion" : "3.6.2-58-g08fe3ab", "gitVersion" : "08fe3aba7e9a5c8fa54426b68a503a852312d004", "compiledModules" : [], "uname" : { "sysname" : "Linux", "release" : "3.13.0-24-generic", "version" : "#46-Ubuntu SMP Thu Apr 10 19:11:08 UTC 2014", "machine" : "x86_64" }, "somap" : [ { "b" : "7F081FEA4000", "elfType" : 3, "buildId" : "342BD5EC23FA508940E8AA9CE1CDB012D797A1F9" }, { "b" : "7FFF618FE000", "elfType" : 3, "buildId" : "6755FAD2CADACDF1667E5B57FF1EDFC28DD1C976" }, { "b" : "7F081FA64000", "path" : "/lib/x86_64-linux-gnu/libresolv.so.2", "elfType" : 3, "buildId" : "798E3309C2EB6B461C3BE463155AE98AF1D6BFAC" }, { "b" : "7F081F805000", "path" : "/lib/x86_64-linux-gnu/libssl.so.1.0.0", "elfType" : 3, "buildId" : "1287BAA0C3440FDF4F9A5AB267445129A9DBD14E" }, { "b" : "7F081F429000", "path" : "/lib/x86_64-linux-gnu/libcrypto.so.1.0.0", "elfType" : 3, "buildId" : "3F882E7949FA0CB52422985A88CDD7E6182CBD70" }, { "b" : "7F081F221000", "path" : "/lib/x86_64-linux-gnu/librt.so.1", "elfType" : 3, "buildId" : "AC72654C6338205F30190061C0D781CB0039B793" }, { "b" : "7F081F01D000", "path" : "/lib/x86_64-linux-gnu/libdl.so.2", "elfType" : 3, "buildId" : "EED41ABB999C74882F001C53979CC820ED15BA82" }, { "b" : "7F081ED17000", "path" : "/lib/x86_64-linux-gnu/libm.so.6", "elfType" : 3, "buildId" : "8F0318B9CC6FD523C2587A15C5447ABBB8CD813D" }, { "b" : "7F081EB01000", "path" : "/lib/x86_64-linux-gnu/libgcc_s.so.1", "elfType" : 3, "buildId" : "36311B4457710AE5578C4BF00791DED7359DBB92" }, { "b" : "7F081E8E3000", "path" : "/lib/x86_64-linux-gnu/libpthread.so.0", "elfType" : 3, "buildId" : "F48E96A1F4A549776CA4167095AD7527720D4B0E" }, { "b" : "7F081E51A000", "path" : "/lib/x86_64-linux-gnu/libc.so.6", "elfType" : 3, "buildId" : "3217CA3A53A930C7BB1E5C83789D09B30B0F3B39" }, { "b" : "7F081FC7F000", "path" : "/lib64/ld-linux-x86-64.so.2", "elfType" : 3, "buildId" : "37AFDBB933B8409476E845DF5FB11BC77CBCEEE6" } ] }}
 mongod(_ZN5mongo15printStackTraceERSo+0x41) [0x7f082209b871]
 mongod(+0x21F6A89) [0x7f082209aa89]
 mongod(+0x21F70F6) [0x7f082209b0f6]
 libpthread.so.0(+0x10330) [0x7f081e8f3330]
 mongod(__wt_session_range_truncate+0x52) [0x7f0820952bc2]
 mongod(+0xAAF0B5) [0x7f08209530b5]
 mongod(_ZN5mongo21WiredTigerRecordStore12reclaimOplogEPNS_16OperationContextE+0x57A) [0x7f08208e459a]
 mongod(+0xA201DA) [0x7f08208c41da]
 mongod(+0xA20760) [0x7f08208c4760]
 mongod(_ZN5mongo13BackgroundJob7jobBodyEv+0x131) [0x7f0821f8b2f1]
 mongod(+0x2305060) [0x7f08221a9060]
 libpthread.so.0(+0x8184) [0x7f081e8eb184]
 libc.so.6(clone+0x6D) [0x7f081e617ffd]
-----  END BACKTRACE  -----

      The relevant source code lines are:

      .../src/third_party/wiredtiger/src/session/session_api.c:1231:0: __wt_session_range_truncate
.../src/third_party/wiredtiger/src/session/session_api.c:1292:0: __session_truncate
.../src/mongo/db/storage/wiredtiger/wiredtiger_record_store.cpp:1077:0: mongo::WiredTigerRecordStore::reclaimOplog(mongo::OperationContext*)

      The location of the crash is:

      1223 done:
1224 err:    /*
1225          * Close any locally-opened start cursor. Reset application cursors,
1226          * they've possibly moved and the application cannot use them.
1227          */
1228         if (local_start)
1229                 WT_TRET(start->close(start));
1230         else
1231                 WT_TRET(start->reset(start));
1232         if (stop != NULL)
1233                 WT_TRET(stop->reset(stop));

      We usually open a local start cursor if none is supplied, but there are paths to this point that don't, so we need to check for a NULL start cursor here.

            Assignee:
            michael.cahill@mongodb.com Michael Cahill (Inactive)
            Reporter:
            michael.cahill@mongodb.com Michael Cahill (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: