Details
-
Bug
-
Status: Closed
-
Critical - P2
-
Resolution: Gone away
-
None
-
None
-
None
-
5
Description
While running test_tiered_abort -T 12 -t 10 the child process failed with
double free or corruption (!prev)
|
test_tiered_abort: FAILED: Child process 29144 abnormally exited: Invalid argument
|
The stack of the child shows it was in wt_config_merge:
(gdb) bt
|
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
|
#1 0x00007f06387f58b1 in __GI_abort () at abort.c:79
|
#2 0x00007f063883e907 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7f063896bdfa "%s\n")
|
at ../sysdeps/posix/libc_fatal.c:181
|
#3 0x00007f063884597a in malloc_printerr (str=str@entry=0x7f063896daf0 "double free or corruption (!prev)") at malloc.c:5350
|
#4 0x00007f063884cef4 in _int_free (have_lock=0, p=0x7f061c020810, av=0x7f061c000020) at malloc.c:4281
|
#5 __GI___libc_free (mem=0x7f061c020820) at malloc.c:3124
|
#6 0x0000000000484bfc in __wt_free_int (session=0x28404c0, p_arg=0x7f061c0872e0) at ../src/os_common/os_alloc.c:303
|
#7 0x00000000005a0622 in __wt_config_merge (session=0x28404c0, cfg=0x7f06257f9c78, cfg_strip=0x0, config_ret=0x7f06257f9c58)
|
at ../src/config/config_collapse.c:364
|
#8 0x00000000004e9c45 in __tiered_update_metadata (session=0x28404c0, tiered=0x285b710,
|
orig_config=0x7f061806db3f "access_pattern_hint=none,allocation_size=4KB,app_metadata=,assert=(commit_timestamp=none,durable_timestamp=none,read_timestamp=none,write_timestamp=off),block_allocation=best,block_compressor=,cache_r"...)
|
at ../src/tiered/tiered_handle.c:340
|
#9 0x00000000004e9e67 in __tiered_switch (session=0x28404c0,
|
config=0x7f061806db3f "access_pattern_hint=none,allocation_size=4KB,app_metadata=,assert=(commit_timestamp=none,durable_timestamp=none,read_timestamp=none,write_timestamp=off),block_allocation=best,block_compressor=,cache_r"...)
|
at ../src/tiered/tiered_handle.c:414
|
#10 0x00000000004e9f82 in __wt_tiered_switch (session=0x28404c0,
|
config=0x7f061806db3f "access_pattern_hint=none,allocation_size=4KB,app_metadata=,assert=(commit_timestamp=none,durable_timestamp=none,read_timestamp=none,write_timestamp=off),block_allocation=best,block_compressor=,cache_r"...)
|
at ../src/tiered/tiered_handle.c:438
|
#11 0x0000000000428cbe in __flush_tier_once (session=0x28404c0, flags=4) at ../src/conn/conn_tiered.c:108
|
#12 0x0000000000429e6f in __wt_flush_tier (session=0x28404c0, config=0x0) at ../src/conn/conn_tiered.c:398
|
#13 0x00000000004c7c21 in __session_flush_tier (wt_session=0x28404c0, config=0x0) at ../src/session/session_api.c:1936
|
#14 0x00000000004034a0 in thread_flush_run (arg=0x2814698) at ../../../test/csuite/tiered_abort/main.c:255
|
#15 0x00007f06391ee6db in start_thread (arg=0x7f06257fa700) at pthread_create.c:463
|
#16 0x00007f06388d6a3f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
It is freeing a merge array that was allocated during this function. I.e. at the moment I do not believe it is a problem with the tiered code that called it.
(gdb) frame 7
|
#7 0x00000000005a0622 in __wt_config_merge (session=0x28404c0, cfg=0x7f06257f9c78, cfg_strip=0x0, config_ret=0x7f06257f9c58)
|
at ../src/config/config_collapse.c:364
|
364 __wt_free(session, merge.entries[i].k);
|
(gdb) p i
|
$1 = 42
|
(gdb) list
|
359 /* Convert the array of entries into a string. */
|
360 ret = __config_merge_format(session, &merge, config_ret);
|
361
|
362 err:
|
363 for (i = 0; i < merge.entries_next; ++i) {
|
364 __wt_free(session, merge.entries[i].k);
|
365 __wt_free(session, merge.entries[i].v);
|
366 }
|
367 __wt_free(session, merge.entries);
|
368 return (ret);
|
(gdb) p merge
|
$2 = {entries_allocated = 6400, entries_next = 134, entries = 0x7f061c086da0}
|