Uploaded image for project: 'WiredTiger'
  1. WiredTiger
  2. WT-3946

Truncate segfault with a NULL start cursor

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: 3.6.3
    • Fix Version/s: 3.6.4, 3.4.14, 3.7.3, WT3.1.0
    • Component/s: None
    • Labels:
      None
    • Sprint:
      Storage Non-NYC 2018-03-12
    • Backport Requested:
      v3.6, v3.4

      Description

      WiredTiger can crash when WT_SESSION::truncate is called with a NULL start cursor if no records are found to truncate.

      Found during Evergreen testing:

      ----- BEGIN BACKTRACE -----
      {"backtrace":[{"b":"7F081FEA4000","o":"21F7871","s":"_ZN5mongo15printStackTraceERSo"},{"b":"7F081FEA4000","o":"21F6A89"},{"b":"7F081FEA4000","o":"21F70F6"},{"b":"7F081E8E3000","o":"10330"},{"b":"7F081FEA4000","o":"AAEBC2","s":"__wt_session_range_truncate"},{"b":"7F081FEA4000","o":"AAF0B5"},{"b":"7F081FEA4000","o":"A4059A","s":"_ZN5mongo21WiredTigerRecordStore12reclaimOplogEPNS_16OperationContextE"},{"b":"7F081FEA4000","o":"A201DA"},{"b":"7F081FEA4000","o":"A20760"},{"b":"7F081FEA4000","o":"20E72F1","s":"_ZN5mongo13BackgroundJob7jobBodyEv"},{"b":"7F081FEA4000","o":"2305060"},{"b":"7F081E8E3000","o":"8184"},{"b":"7F081E51A000","o":"FDFFD","s":"clone"}],"processInfo":{ "mongodbVersion" : "3.6.2-58-g08fe3ab", "gitVersion" : "08fe3aba7e9a5c8fa54426b68a503a852312d004", "compiledModules" : [], "uname" : { "sysname" : "Linux", "release" : "3.13.0-24-generic", "version" : "#46-Ubuntu SMP Thu Apr 10 19:11:08 UTC 2014", "machine" : "x86_64" }, "somap" : [ { "b" : "7F081FEA4000", "elfType" : 3, "buildId" : "342BD5EC23FA508940E8AA9CE1CDB012D797A1F9" }, { "b" : "7FFF618FE000", "elfType" : 3, "buildId" : "6755FAD2CADACDF1667E5B57FF1EDFC28DD1C976" }, { "b" : "7F081FA64000", "path" : "/lib/x86_64-linux-gnu/libresolv.so.2", "elfType" : 3, "buildId" : "798E3309C2EB6B461C3BE463155AE98AF1D6BFAC" }, { "b" : "7F081F805000", "path" : "/lib/x86_64-linux-gnu/libssl.so.1.0.0", "elfType" : 3, "buildId" : "1287BAA0C3440FDF4F9A5AB267445129A9DBD14E" }, { "b" : "7F081F429000", "path" : "/lib/x86_64-linux-gnu/libcrypto.so.1.0.0", "elfType" : 3, "buildId" : "3F882E7949FA0CB52422985A88CDD7E6182CBD70" }, { "b" : "7F081F221000", "path" : "/lib/x86_64-linux-gnu/librt.so.1", "elfType" : 3, "buildId" : "AC72654C6338205F30190061C0D781CB0039B793" }, { "b" : "7F081F01D000", "path" : "/lib/x86_64-linux-gnu/libdl.so.2", "elfType" : 3, "buildId" : "EED41ABB999C74882F001C53979CC820ED15BA82" }, { "b" : "7F081ED17000", "path" : "/lib/x86_64-linux-gnu/libm.so.6", "elfType" : 3, "buildId" : "8F0318B9CC6FD523C2587A15C5447ABBB8CD813D" }, { "b" : "7F081EB01000", "path" : "/lib/x86_64-linux-gnu/libgcc_s.so.1", "elfType" : 3, "buildId" : "36311B4457710AE5578C4BF00791DED7359DBB92" }, { "b" : "7F081E8E3000", "path" : "/lib/x86_64-linux-gnu/libpthread.so.0", "elfType" : 3, "buildId" : "F48E96A1F4A549776CA4167095AD7527720D4B0E" }, { "b" : "7F081E51A000", "path" : "/lib/x86_64-linux-gnu/libc.so.6", "elfType" : 3, "buildId" : "3217CA3A53A930C7BB1E5C83789D09B30B0F3B39" }, { "b" : "7F081FC7F000", "path" : "/lib64/ld-linux-x86-64.so.2", "elfType" : 3, "buildId" : "37AFDBB933B8409476E845DF5FB11BC77CBCEEE6" } ] }}
       mongod(_ZN5mongo15printStackTraceERSo+0x41) [0x7f082209b871]
       mongod(+0x21F6A89) [0x7f082209aa89]
       mongod(+0x21F70F6) [0x7f082209b0f6]
       libpthread.so.0(+0x10330) [0x7f081e8f3330]
       mongod(__wt_session_range_truncate+0x52) [0x7f0820952bc2]
       mongod(+0xAAF0B5) [0x7f08209530b5]
       mongod(_ZN5mongo21WiredTigerRecordStore12reclaimOplogEPNS_16OperationContextE+0x57A) [0x7f08208e459a]
       mongod(+0xA201DA) [0x7f08208c41da]
       mongod(+0xA20760) [0x7f08208c4760]
       mongod(_ZN5mongo13BackgroundJob7jobBodyEv+0x131) [0x7f0821f8b2f1]
       mongod(+0x2305060) [0x7f08221a9060]
       libpthread.so.0(+0x8184) [0x7f081e8eb184]
       libc.so.6(clone+0x6D) [0x7f081e617ffd]
      -----  END BACKTRACE  -----
      

      The relevant source code lines are:

      .../src/third_party/wiredtiger/src/session/session_api.c:1231:0: __wt_session_range_truncate
      .../src/third_party/wiredtiger/src/session/session_api.c:1292:0: __session_truncate
      .../src/mongo/db/storage/wiredtiger/wiredtiger_record_store.cpp:1077:0: mongo::WiredTigerRecordStore::reclaimOplog(mongo::OperationContext*)
      

      The location of the crash is:

      1223 done:
      1224 err:    /*
      1225          * Close any locally-opened start cursor. Reset application cursors,
      1226          * they've possibly moved and the application cannot use them.
      1227          */
      1228         if (local_start)
      1229                 WT_TRET(start->close(start));
      1230         else
      1231                 WT_TRET(start->reset(start));
      1232         if (stop != NULL)
      1233                 WT_TRET(stop->reset(stop));
      

      We usually open a local start cursor if none is supplied, but there are paths to this point that don't, so we need to check for a NULL start cursor here.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                michael.cahill Michael Cahill
                Reporter:
                michael.cahill Michael Cahill
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: