[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#8312) LMDB corruption, perhaps in freelist code

To: openldap-its@OpenLDAP.org
Subject: (ITS#8312) LMDB corruption, perhaps in freelist code
From: martin@bzero.se
Date: Wed, 18 Nov 2015 10:51:35 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Martin Hedenfalk
Version: N/A
OS: centos 7
URL: http://bzero.se/patches/lmdb/
Submission from: (NULL) (62.181.224.2)


Please find linked a test program (replay.c) that consistently fails on
my centos 7 system. It parses captured commands from a text file.  I'm
afraid they are quite large, I haven't been able to reduce them further.

The problem manifests itself in many different ways in my real system,
sometimes I get MDB_CORRUPTED, sometimes MDB_BAD_TXN, sometimes errno EFBIG
(and an unexpectedly large file) and sometimes a NULL pointer crash in
mdb_freelist_save.

Given that valgrind complains about invalid read of size 8 in
mdb_freelist_save/mdb_cursor_put, I'm *guessing* that the freelist code is
put'ing an invalid MDB_val, leading to corruption.

Any help is greatly appreciated.

See the linked backtrace.txt for example runs. There are three captured
replay logs (replay[123].txt) that show different failures.

This was tested with lmdb git master from github:
commit 355f64ad07537a4f21dc6fe4cef66324316aa84b
Author: Howard Chu <hyc@openldap.org>
Date:   Wed Nov 18 10:24:41 2015 +0000

    ITS#8311 add comment


        .martin

Prev by Date: (ITS#8311) Crash in mdb_page_split(): negative cursor index
Next by Date: (ITS#8313) crash in mdb_rebalance(): uninited cursor flags
Index(es):
- Chronological
- Thread