Uploaded image for project: 'WiredTiger'
  1. WiredTiger
  2. WT-7026

Atomically read and set ref->addr in case of race

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: WT10.0.0, 4.9.0, 4.4.4, 4.2.13, 4.0.24
    • Component/s: None
    • Labels:
      None
    • Story Points:
      8
    • Backport Requested:
      v4.4, v4.2, v4.0

      Description

      Running the CONFIG in WT-6568 uncovered a memory leak when run with ASAN. The changes in WT-6568 did not cause the leak, I believe. I think that it just fixed the use-after-free bug that we'd hit much, much sooner. This has only reproduced twice for me, running 5 parallel test/format, and it fails after a few hundred iterations (200-300 iterations of 5 processes for about 1300 successful runs before we hit it). I have not been successful reproducing under valgrind yet.

      The error is:

      ==8843==ERROR: LeakSanitizer: detected memory leaks
       
      Direct leak of 72 byte(s) in 1 object(s) allocated from:
          #0 0x4c767a in calloc (/mnt/data0/sue/wt.6568.mjc/build_posix/test/format/t+0x4c767a)
          #1 0x77992a in __wt_calloc /mnt/data0/sue/wt.6568.mjc/build_posix/../src/os_common/os_alloc.c:50:14
          #2 0xb1d4e5 in __split_ref_move /mnt/data0/sue/wt.6568.mjc/build_posix/../src/btree/bt_split.c:247:9
          #3 0xb1bc68 in __split_internal /mnt/data0/sue/wt.6568.mjc/build_posix/../src/btree/bt_split.c:1019:13
          #4 0xb03859 in __split_parent_climb /mnt/data0/sue/wt.6568.mjc/build_posix/../src/btree/bt_split.c:1332:15
          #5 0xafbf53 in __split_multi_lock /mnt/data0/sue/wt.6568.mjc/build_posix/../src/btree/bt_split.c:2163:13
          #6 0xafbce8 in __wt_split_multi /mnt/data0/sue/wt.6568.mjc/build_posix/../src/btree/bt_split.c:2181:5
          #7 0x6d13f7 in __evict_page_dirty_update /mnt/data0/sue/wt.6568.mjc/build_posix/../src/evict/evict_page.c:394:13
          #8 0x6cb54a in __wt_evict /mnt/data0/sue/wt.6568.mjc/build_posix/../src/evict/evict_page.c:218:9
          #9 0x6ab399 in __evict_page /mnt/data0/sue/wt.6568.mjc/build_posix/../src/evict/evict_lru.c:2278:5
          #10 0x6a78b2 in __wt_cache_eviction_worker /mnt/data0/sue/wt.6568.mjc/build_posix/../src/evict/evict_lru.c:2394:23
          #11 0xa50bf7 in __wt_cache_eviction_check /mnt/data0/sue/wt.6568.mjc/build_posix/../src/include/cache_inline.h:512:13
          #12 0xa50108 in __cursor_enter /mnt/data0/sue/wt.6568.mjc/build_posix/../src/include/cursor_inline.h:164:9
          #13 0xa38a44 in __cursor_func_init /mnt/data0/sue/wt.6568.mjc/build_posix/../src/include/cursor_inline.h:406:13
          #14 0xa36df2 in __wt_btcur_search /mnt/data0/sue/wt.6568.mjc/build_posix/../src/btree/bt_cursor.c:544:9
          #15 0xa40e71 in __wt_btcur_modify /mnt/data0/sue/wt.6568.mjc/build_posix/../src/btree/bt_cursor.c:1442:9
          #16 0x63f3ec in __curfile_modify /mnt/data0/sue/wt.6568.mjc/build_posix/../src/cursor/cur_file.c:335:5
          #17 0x521356 in row_modify /mnt/data0/sue/wt.6568.mjc/build_posix/test/format/../../../test/format/ops.c:1476:16
          #18 0x51798e in ops /mnt/data0/sue/wt.6568.mjc/build_posix/test/format/../../../test/format/ops.c:896:23
          #19 0x7fb51bfa36da in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76da)
       
      Indirect leak of 10 byte(s) in 1 object(s) allocated from:
          #0 0x4c7483 in __interceptor_malloc (/mnt/data0/sue/wt.6568.mjc/build_posix/test/format/t+0x4c7483)
          #1 0x779c3e in __wt_malloc /mnt/data0/sue/wt.6568.mjc/build_posix/../src/os_common/os_alloc.c:81:14
          #2 0x77b2df in __wt_memdup /mnt/data0/sue/wt.6568.mjc/build_posix/../src/os_common/os_alloc.c:239:5
          #3 0xb1d6b1 in __split_ref_move /mnt/data0/sue/wt.6568.mjc/build_posix/../src/btree/bt_split.c:249:9
          #4 0xb1bc68 in __split_internal /mnt/data0/sue/wt.6568.mjc/build_posix/../src/btree/bt_split.c:1019:13
          #5 0xb03859 in __split_parent_climb /mnt/data0/sue/wt.6568.mjc/build_posix/../src/btree/bt_split.c:1332:15
          #6 0xafbf53 in __split_multi_lock /mnt/data0/sue/wt.6568.mjc/build_posix/../src/btree/bt_split.c:2163:13
          #7 0xafbce8 in __wt_split_multi /mnt/data0/sue/wt.6568.mjc/build_posix/../src/btree/bt_split.c:2181:5
          #8 0x6d13f7 in __evict_page_dirty_update /mnt/data0/sue/wt.6568.mjc/build_posix/../src/evict/evict_page.c:394:13
          #9 0x6cb54a in __wt_evict /mnt/data0/sue/wt.6568.mjc/build_posix/../src/evict/evict_page.c:218:9
          #10 0x6ab399 in __evict_page /mnt/data0/sue/wt.6568.mjc/build_posix/../src/evict/evict_lru.c:2278:5
          #11 0x6a78b2 in __wt_cache_eviction_worker /mnt/data0/sue/wt.6568.mjc/build_posix/../src/evict/evict_lru.c:2394:23
          #12 0xa50bf7 in __wt_cache_eviction_check /mnt/data0/sue/wt.6568.mjc/build_posix/../src/include/cache_inline.h:512:13
          #13 0xa50108 in __cursor_enter /mnt/data0/sue/wt.6568.mjc/build_posix/../src/include/cursor_inline.h:164:9
          #14 0xa38a44 in __cursor_func_init /mnt/data0/sue/wt.6568.mjc/build_posix/../src/include/cursor_inline.h:406:13
          #15 0xa36df2 in __wt_btcur_search /mnt/data0/sue/wt.6568.mjc/build_posix/../src/btree/bt_cursor.c:544:9
          #16 0xa40e71 in __wt_btcur_modify /mnt/data0/sue/wt.6568.mjc/build_posix/../src/btree/bt_cursor.c:1442:9
          #17 0x63f3ec in __curfile_modify /mnt/data0/sue/wt.6568.mjc/build_posix/../src/cursor/cur_file.c:335:5
          #18 0x521356 in row_modify /mnt/data0/sue/wt.6568.mjc/build_posix/test/format/../../../test/format/ops.c:1476:16
          #19 0x51798e in ops /mnt/data0/sue/wt.6568.mjc/build_posix/test/format/../../../test/format/ops.c:896:23
          #20 0x7fb51bfa36da in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76da)
       
      SUMMARY: AddressSanitizer: 82 byte(s) leaked in 2 allocation(s).
      

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              sue.loverso Susan LoVerso
              Reporter:
              sue.loverso Susan LoVerso
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: