[SERVER-28391] Access free memory in WiredTiger using MongoDB 3.0.14 Created: 19/Mar/17  Updated: 18/Apr/17  Resolved: 24/Mar/17

Status: Closed
Project: Core Server
Component/s: Storage, WiredTiger
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Alexander Gorrod Assignee: Susan LoVerso
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
depends on WT-2321 WT-2321: race between eviction and wo... Closed
Backwards Compatibility: Fully Compatible
Operating System: ALL
Participants:
Case:

 Description   

A user encountered a segfault when running MongoDB 3.0.14 on Windows Server 2012. The stack trace was:

2017-03-18T09:01:37.870-0400 I CONTROL  *** unhandled exception (access violation) at 0x00007FF67BF5B552, terminating
2017-03-18T09:01:37.870-0400 I CONTROL  *** access violation was a write to 0x00000000DEADBFFF
2017-03-18T09:01:37.870-0400 I CONTROL  *** stack trace for unhandled exception:
2017-03-18T09:01:42.959-0400 I CONTROL  mongod.exe    ...\src\third_party\wiredtiger\src\evict\evict_lru.c(1385)  __evict_get_ref+0x152
2017-03-18T09:01:42.959-0400 I CONTROL  mongod.exe    ...\src\third_party\wiredtiger\src\evict\evict_lru.c(1419)  __wt_evict_lru_page+0x1c
2017-03-18T09:01:42.959-0400 I CONTROL  mongod.exe    ...\src\third_party\wiredtiger\src\evict\evict_lru.c(397)   __evict_worker+0x40
2017-03-18T09:01:42.959-0400 I CONTROL  MSVCR120.dll                                                              beginthreadex+0x107
2017-03-18T09:01:42.960-0400 I CONTROL  MSVCR120.dll                                                              endthreadex+0x192
2017-03-18T09:01:42.960-0400 I CONTROL  KERNEL32.DLL                                                              BaseThreadInitThunk+0x22
2017-03-18T09:01:42.960-0400 I -      
2017-03-18T09:01:45.903-0400 I CONTROL  *** immediate exit due to unhandled exception

The line of code that triggered the assertion was:
https://github.com/wiredtiger/wiredtiger/blob/mongodb-3.0/src/evict/evict_lru.c#L1385

It appears as though the application has a valid WT_REF, but the WT_BTREE has been freed. Our first step should be to search for bug fixes that match those characteristics in more recent versions of WiredTiger.



 Comments   
Comment by Alexander Gorrod [ 24/Mar/17 ]

This is looking increasingly likely to have been caused by the same issue that was fixed in WT-2321. That ticket has been scheduled for backport, I'm going to close this one as a duplicate.

Generated at Thu Feb 08 04:18:00 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.