Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Fixed
Priority: Major - P3
Fix Version/s: WT10.0.0, 4.9.0, 4.4.4, 4.2.13, 4.0.24
Affects Version/s: None
Component/s: None
Labels:
None

Sprint:
None
Story Points:
8

Backport Requested:

v4.4, v4.2, v4.0

Running the CONFIG in ~~WT-6568~~ uncovered a memory leak when run with ASAN. The changes in ~~WT-6568~~ did not cause the leak, I believe. I think that it just fixed the use-after-free bug that we'd hit much, much sooner. This has only reproduced twice for me, running 5 parallel test/format, and it fails after a few hundred iterations (200-300 iterations of 5 processes for about 1300 successful runs before we hit it). I have not been successful reproducing under valgrind yet.

The error is:

==8843==ERROR: LeakSanitizer: detected memory leaks
 
Direct leak of 72 byte(s) in 1 object(s) allocated from:
    #0 0x4c767a in calloc (/mnt/data0/sue/wt.6568.mjc/build_posix/test/format/t+0x4c767a)
    #1 0x77992a in __wt_calloc /mnt/data0/sue/wt.6568.mjc/build_posix/../src/os_common/os_alloc.c:50:14
    #2 0xb1d4e5 in __split_ref_move /mnt/data0/sue/wt.6568.mjc/build_posix/../src/btree/bt_split.c:247:9
    #3 0xb1bc68 in __split_internal /mnt/data0/sue/wt.6568.mjc/build_posix/../src/btree/bt_split.c:1019:13
    #4 0xb03859 in __split_parent_climb /mnt/data0/sue/wt.6568.mjc/build_posix/../src/btree/bt_split.c:1332:15
    #5 0xafbf53 in __split_multi_lock /mnt/data0/sue/wt.6568.mjc/build_posix/../src/btree/bt_split.c:2163:13
    #6 0xafbce8 in __wt_split_multi /mnt/data0/sue/wt.6568.mjc/build_posix/../src/btree/bt_split.c:2181:5
    #7 0x6d13f7 in __evict_page_dirty_update /mnt/data0/sue/wt.6568.mjc/build_posix/../src/evict/evict_page.c:394:13
    #8 0x6cb54a in __wt_evict /mnt/data0/sue/wt.6568.mjc/build_posix/../src/evict/evict_page.c:218:9
    #9 0x6ab399 in __evict_page /mnt/data0/sue/wt.6568.mjc/build_posix/../src/evict/evict_lru.c:2278:5
    #10 0x6a78b2 in __wt_cache_eviction_worker /mnt/data0/sue/wt.6568.mjc/build_posix/../src/evict/evict_lru.c:2394:23
    #11 0xa50bf7 in __wt_cache_eviction_check /mnt/data0/sue/wt.6568.mjc/build_posix/../src/include/cache_inline.h:512:13
    #12 0xa50108 in __cursor_enter /mnt/data0/sue/wt.6568.mjc/build_posix/../src/include/cursor_inline.h:164:9
    #13 0xa38a44 in __cursor_func_init /mnt/data0/sue/wt.6568.mjc/build_posix/../src/include/cursor_inline.h:406:13
    #14 0xa36df2 in __wt_btcur_search /mnt/data0/sue/wt.6568.mjc/build_posix/../src/btree/bt_cursor.c:544:9
    #15 0xa40e71 in __wt_btcur_modify /mnt/data0/sue/wt.6568.mjc/build_posix/../src/btree/bt_cursor.c:1442:9
    #16 0x63f3ec in __curfile_modify /mnt/data0/sue/wt.6568.mjc/build_posix/../src/cursor/cur_file.c:335:5
    #17 0x521356 in row_modify /mnt/data0/sue/wt.6568.mjc/build_posix/test/format/../../../test/format/ops.c:1476:16
    #18 0x51798e in ops /mnt/data0/sue/wt.6568.mjc/build_posix/test/format/../../../test/format/ops.c:896:23
    #19 0x7fb51bfa36da in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76da)
 
Indirect leak of 10 byte(s) in 1 object(s) allocated from:
    #0 0x4c7483 in __interceptor_malloc (/mnt/data0/sue/wt.6568.mjc/build_posix/test/format/t+0x4c7483)
    #1 0x779c3e in __wt_malloc /mnt/data0/sue/wt.6568.mjc/build_posix/../src/os_common/os_alloc.c:81:14
    #2 0x77b2df in __wt_memdup /mnt/data0/sue/wt.6568.mjc/build_posix/../src/os_common/os_alloc.c:239:5
    #3 0xb1d6b1 in __split_ref_move /mnt/data0/sue/wt.6568.mjc/build_posix/../src/btree/bt_split.c:249:9
    #4 0xb1bc68 in __split_internal /mnt/data0/sue/wt.6568.mjc/build_posix/../src/btree/bt_split.c:1019:13
    #5 0xb03859 in __split_parent_climb /mnt/data0/sue/wt.6568.mjc/build_posix/../src/btree/bt_split.c:1332:15
    #6 0xafbf53 in __split_multi_lock /mnt/data0/sue/wt.6568.mjc/build_posix/../src/btree/bt_split.c:2163:13
    #7 0xafbce8 in __wt_split_multi /mnt/data0/sue/wt.6568.mjc/build_posix/../src/btree/bt_split.c:2181:5
    #8 0x6d13f7 in __evict_page_dirty_update /mnt/data0/sue/wt.6568.mjc/build_posix/../src/evict/evict_page.c:394:13
    #9 0x6cb54a in __wt_evict /mnt/data0/sue/wt.6568.mjc/build_posix/../src/evict/evict_page.c:218:9
    #10 0x6ab399 in __evict_page /mnt/data0/sue/wt.6568.mjc/build_posix/../src/evict/evict_lru.c:2278:5
    #11 0x6a78b2 in __wt_cache_eviction_worker /mnt/data0/sue/wt.6568.mjc/build_posix/../src/evict/evict_lru.c:2394:23
    #12 0xa50bf7 in __wt_cache_eviction_check /mnt/data0/sue/wt.6568.mjc/build_posix/../src/include/cache_inline.h:512:13
    #13 0xa50108 in __cursor_enter /mnt/data0/sue/wt.6568.mjc/build_posix/../src/include/cursor_inline.h:164:9
    #14 0xa38a44 in __cursor_func_init /mnt/data0/sue/wt.6568.mjc/build_posix/../src/include/cursor_inline.h:406:13
    #15 0xa36df2 in __wt_btcur_search /mnt/data0/sue/wt.6568.mjc/build_posix/../src/btree/bt_cursor.c:544:9
    #16 0xa40e71 in __wt_btcur_modify /mnt/data0/sue/wt.6568.mjc/build_posix/../src/btree/bt_cursor.c:1442:9
    #17 0x63f3ec in __curfile_modify /mnt/data0/sue/wt.6568.mjc/build_posix/../src/cursor/cur_file.c:335:5
    #18 0x521356 in row_modify /mnt/data0/sue/wt.6568.mjc/build_posix/test/format/../../../test/format/ops.c:1476:16
    #19 0x51798e in ops /mnt/data0/sue/wt.6568.mjc/build_posix/test/format/../../../test/format/ops.c:896:23
    #20 0x7fb51bfa36da in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76da)
 
SUMMARY: AddressSanitizer: 82 byte(s) leaked in 2 allocation(s).

is duplicated by

WT-5065 SegFault while freeing WT_REF address during page eviction

Closed

Assignee:: Susan LoVerso (Inactive)
Reporter:: Susan LoVerso (Inactive)
Votes:: 0 Vote for this issue
Watchers:: 9 Start watching this issue

Created:: Dec 17 2020 04:12:37 PM UTC
Updated:: Oct 29 2023 04:42:37 PM UTC
Resolved:: Jan 15 2021 07:21:13 PM UTC

Details

Description

Attachments

Issue Links

Activity

People

Dates