Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Fixed
Priority: Major - P3
Fix Version/s: WT10.0.1, 5.0.2, 4.4.9, 5.1.0-rc0
Affects Version/s: None
Component/s: None
Labels:
- tiered-storage-misc

Sprint:
None
Story Points:
None

Here's some valgrind output:

==27531== Invalid write of size 4
==27531==    at 0x523703E: pthread_mutex_lock (pthread_mutex_lock.c:157)
==27531==    by 0x82E304F: __wt_spin_lock (mutex_inline.h:170)
==27531==    by 0x82E304F: __wt_conn_dhandle_close (conn_dhandle.c:340)
==27531==    by 0x83DC21A: __wt_session_release_dhandle (session_dhandle.c:263)
==27531==    by 0x837B6EC: __meta_track_unroll (meta_track.c:187)
==27531==    by 0x837B6EC: __wt_meta_track_off (meta_track.c:305)
==27531==    by 0x83BA593: __schema_create (schema_create.c:974)
==27531==    by 0x83BA593: __wt_schema_create (schema_create.c:990)
==27531==    by 0x83D8419: __wt_session_create (session_api.c:710)
==27531==    by 0x83D8619: __session_create (session_api.c:753)
==27531==    by 0x7FF9B31: _wrap_Session_create (wiredtiger_wrap.c:6053)
==27531==    by 0x5667D1: _PyCFunction_FastCallDict (in /home/ubuntu/mongo/py3/bin/python3)
==27531==    by 0x50A5C2: ??? (in /home/ubuntu/mongo/py3/bin/python3)
==27531==    by 0x50BFB3: _PyEval_EvalFrameDefault (in /home/ubuntu/mongo/py3/bin/python3)
==27531==    by 0x509757: ??? (in /home/ubuntu/mongo/py3/bin/python3)
==27531==  Address 0x9fa3478 is 184 bytes inside a block of size 440 free'd
==27531==    at 0x4C30D3B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==27531==    by 0x838031A: __wt_free_int (os_alloc.c:303)
==27531==    by 0x83F277E: __tiered_open (tiered_handle.c:580)
==27531==    by 0x83F277E: __wt_tiered_open (tiered_handle.c:598)
==27531==    by 0x82E3E4C: __wt_conn_dhandle_open (conn_dhandle.c:579)
==27531==    by 0x83DC7D0: __wt_session_get_dhandle (session_dhandle.c:510)
==27531==    by 0x83BD95B: __schema_get_tiered_uri (schema_list.c:24)
==27531==    by 0x83BD95B: __wt_schema_get_tiered_uri (schema_list.c:40)
==27531==    by 0x83BB62B: __create_tiered (schema_create.c:878)
==27531==    by 0x83BB62B: __schema_create (schema_create.c:965)
==27531==    by 0x83BB62B: __wt_schema_create (schema_create.c:990)
==27531==    by 0x83BC0D7: __create_colgroup (schema_create.c:410)
==27531==    by 0x83BB440: __create_table (schema_create.c:779)
==27531==    by 0x83BB440: __schema_create (schema_create.c:961)
==27531==    by 0x83BB440: __wt_schema_create (schema_create.c:990)
==27531==    by 0x83D8419: __wt_session_create (session_api.c:710)
==27531==    by 0x83D8619: __session_create (session_api.c:753)
==27531==    by 0x7FF9B31: _wrap_Session_create (wiredtiger_wrap.c:6053)
==27531==  Block was alloc'd at
==27531==    at 0x4C31B25: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==27531==    by 0x83800DF: __wt_calloc (os_alloc.c:50)
==27531==    by 0x82E2BBD: __wt_conn_dhandle_alloc (conn_dhandle.c:191)
==27531==    by 0x83DC75F: __session_find_shared_dhandle (session_dhandle.c:415)
==27531==    by 0x83DC75F: __session_get_dhandle (session_dhandle.c:445)
==27531==    by 0x83DC75F: __wt_session_get_dhandle (session_dhandle.c:474)
==27531==    by 0x83BAD7D: __create_file (schema_create.c:266)
==27531==    by 0x83BAD7D: __schema_create (schema_create.c:953)
==27531==    by 0x83BAD7D: __wt_schema_create (schema_create.c:990)
==27531==    by 0x83F1F1A: __tiered_create_local (tiered_handle.c:144)
==27531==    by 0x83F1F1A: __tiered_switch (tiered_handle.c:411)
==27531==    by 0x83F1F1A: __wt_tiered_switch (tiered_handle.c:438)
==27531==    by 0x83F29C5: __tiered_open (tiered_handle.c:560)
==27531==    by 0x83F29C5: __wt_tiered_open (tiered_handle.c:598)
==27531==    by 0x82E3E4C: __wt_conn_dhandle_open (conn_dhandle.c:579)
==27531==    by 0x83DC7D0: __wt_session_get_dhandle (session_dhandle.c:510)
==27531==    by 0x83BD95B: __schema_get_tiered_uri (schema_list.c:24)
==27531==    by 0x83BD95B: __wt_schema_get_tiered_uri (schema_list.c:40)
==27531==    by 0x83BB62B: __create_tiered (schema_create.c:878)
==27531==    by 0x83BB62B: __schema_create (schema_create.c:965)
==27531==    by 0x83BB62B: __wt_schema_create (schema_create.c:990)
==27531==    by 0x83BC0D7: __create_colgroup (schema_create.c:410)

This came up when debugging a different problem - this could be reproduced by having local_open() return an error.

Note that __tiered_open (tiered_handle.c:580) is freeing the storage that is later used. This line is:

        __wt_free(session, tiered->tiers);

But tiers is declared as:

 struct __wt_tiered {
   ...
   WT_TIERED_TIERS tiers[WT_TIERED_MAX_TIERS]; /* Tiers array */

i.e. not dynamic storage. Not sure what the free is going to do, but it's probably not good.

Assignee:: Susan LoVerso (Inactive)
Reporter:: Donald Anderson
Votes:: 0 Vote for this issue
Watchers:: 4 Start watching this issue

Created:: Jul 21 2021 04:06:35 PM UTC
Updated:: Oct 29 2023 04:41:28 PM UTC
Resolved:: Jul 21 2021 05:24:24 PM UTC

Details

Description

Attachments

Activity

People

Dates