Uploaded image for project: 'WiredTiger'
  1. WiredTiger
  2. WT-1306

LSM heap-use-after-free test/format

    XMLWordPrintableJSON

Details

    • Task
    • Status: Closed
    • Resolution: Fixed
    • None
    • None
    • None
    • None

    Description

      After the merge of WT-1304 we see this sanitizer failure:

      ==30813==ERROR: AddressSanitizer: heap-use-after-free on address 0x619000f03828 at pc 0x6d1a5d bp 0x7f0d91e36f50 sp 0x7f0d91e36f48
      		 
      READ of size 261 at 0x619000f03828 thread T10
      		 
          #0 0x6d1a5c in __wt_buf_set /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/include/buf.i:78
      		 
          WT-1 0x6d10ab in __wt_session_copy_values /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/session/session_api.c:46
      		 
          WT-2 0x73d5e0 in __wt_txn_begin /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/txn/txn.c:284
      		 
          WT-3 0xc20c6c in __wt_txn_autocommit_check /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/include/txn.i:192
      		 
          WT-4 0xc1c37e in __wt_page_in_func /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/btree/bt_page.c:128:15
      		 
          WT-5 0x95e578 in __wt_page_swap_func /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/include/btree.i:995
      		 
          WT-6 0x958520 in __wt_row_search /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/btree/row_srch.c:295:17
      		 
          WT-7 0xb8d5fd in __cursor_row_search /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/btree/bt_cursor.c:238
      		 
          WT-8 0xb8b024 in __wt_btcur_search /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/btree/bt_cursor.c:309
      		 
          WT-9 0x9e2d1a in __curfile_search /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/cursor/cur_file.c:166
      		 
          WT-10 0x60879d in __wt_metadata_search /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/meta/meta_table.c:200
      		 
          WT-11 0xaf4642 in __wt_meta_checkpoint_last_name /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/meta/meta_ckpt.c:72
      		 
          WT-12 0x701b31 in __wt_session_get_btree_ckpt /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/session/session_dhandle.c:224
      		 
          WT-13 0x9f3f5a in __wt_curfile_open /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/cursor/cur_file.c:460
      		 
          WT-14 0x6d3a8c in __wt_open_cursor /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/session/session_api.c:272
      		 
          WT-15 0xa8a9a2 in __clsm_open_cursors /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/lsm/lsm_cursor.c:573
      		 
          WT-16 0xaaf0c6 in __clsm_enter /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/lsm/lsm_cursor.c:225
      		 
          WT-17 0xaa6a8d in __clsm_remove /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/lsm/lsm_cursor.c:1389
      		 
          WT-18 0x4c1839 in row_remove /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/test/format/../../../test/format/ops.c:1041
      		 
          WT-19 0x4bb9ff in ops /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/test/format/../../../test/format/ops.c:383
      		 
          WT-20 0x7f0da3cc1181 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x8181)
      		 
          WT-21 0x7f0da32b8fbc (/lib/x86_64-linux-gnu/libc.so.6+0xfafbc)
      		 
       
      		 
      0x619000f03828 is located 40 bytes inside of 512-byte region [0x619000f03800,0x619000f03a00)
      		 
      freed by thread T10 here:
      		 
          #0 0x48b2f1 in __interceptor_free (/fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/test/format/t+0x48b2f1)
      		 
          WT-1 0x61d2cb in __wt_free_int /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/os_posix/os_alloc.c:237
      		 
          WT-2 0x573f9b in __wt_buf_free /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/include/buf.i:112
      		 
          WT-3 0x573182 in __wt_cursor_close /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/cursor/cur_std.c:450
      		 
          WT-4 0x9f180f in __curfile_close /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/cursor/cur_file.c:335
      		 
          WT-5 0xaab089 in __clsm_close_cursors /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/lsm/lsm_cursor.c:349
      		 
          WT-6 0xa89123 in __clsm_open_cursors /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/lsm/lsm_cursor.c:541
      		 
          WT-7 0xaaf0c6 in __clsm_enter /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/lsm/lsm_cursor.c:225
      		 
          WT-8 0xaa6a8d in __clsm_remove /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/lsm/lsm_cursor.c:1389
      		 
          WT-9 0x4c1839 in row_remove /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/test/format/../../../test/format/ops.c:1041
      		 
          WT-10 0x4bb9ff in ops /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/test/format/../../../test/format/ops.c:383
      		 
          WT-11 0x7f0da3cc1181 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x8181)
      		 
       
      		 
      previously allocated by thread T10 here:
      		 
          #0 0x48bbbc in __interceptor_posix_memalign (/fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/test/format/t+0x48bbbc)
      		 
          WT-1 0x61c338 in __wt_realloc_aligned /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/os_posix/os_alloc.c:139
      		 
          WT-2 0x725227 in __wt_buf_grow_worker /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/support/scratch.c:44
      		 
          WT-3 0xca78c2 in __wt_buf_grow /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/include/buf.i:17
      		 
          WT-4 0xca6e22 in __wt_buf_init /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/include/buf.i:46
      		 
          WT-5 0xca2578 in __wt_block_read_off /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/block/block_read.c:190
      		 
          WT-6 0xca51cd in __wt_bm_read /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/block/block_read.c:102
      		 
          WT-7 0xbff2cf in __wt_bt_read /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/btree/bt_io.c:34
      		 
          WT-8 0xc11209 in __ovfl_read /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/btree/bt_ovfl.c:30
      		 
          WT-9 0xc10801 in __wt_ovfl_read /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/btree/bt_ovfl.c:71
      		 
          WT-10 0xb543dc in __cell_data_ref /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/include/cell.i:748
      		 
          WT-11 0xb533ca in __wt_page_cell_data_ref /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/include/cell.i:789:10
      		 
          WT-12 0xb50702 in __cursor_row_slot_return /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/include/cursor.i:278:10
      		 
          WT-13 0xb4b1fe in __cursor_row_next /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/btree/bt_curnext.c:313:11
      		 
          WT-14 0xb43134 in __wt_btcur_next /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/btree/bt_curnext.c:439:11
      		 
          WT-15 0x9df110 in __curfile_next /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/cursor/cur_file.c:79
      		 
          WT-16 0xa92b95 in __clsm_next /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/lsm/lsm_cursor.c:800
      		 
          WT-17 0x4c8016 in nextprev /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/test/format/../../../test/format/ops.c:652
      		 
          WT-18 0x4bc9d2 in ops /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/test/format/../../../test/format/ops.c:453
      		 
          WT-19 0x7f0da3cc1181 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x8181)
      		 
       
      		 
      Thread T10 created by T0 here:
      		 
          #0 0x4776d5 in __interceptor_pthread_create (/fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/test/format/t+0x4776d5)
      		 
          WT-1 0x4b700e in wts_ops /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/test/format/../../../test/format/ops.c:98
      		 
          WT-2 0x4cddc1 in main /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/test/format/../../../test/format/t.c:190
      		 
          WT-3 0x7f0da31dfec4 (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)

      This is the config:

      ############################################
      		 
      #  RUN PARAMETERS
      		 
      ############################################
      		 
      auto_throttle=1
      		 
      firstfit=0
      		 
      bitcnt=8
      		 
      bloom=1
      		 
      bloom_bit_count=24
      		 
      bloom_hash_count=6
      		 
      bloom_oldest=0
      		 
      cache=240
      		 
      checkpoints=1
      		 
      checksum=uncompressed
      		 
      chunk_size=8
      		 
      compaction=1
      		 
      compression=none
      		 
      data_extend=0
      		 
      data_source=lsm
      		 
      delete_pct=41
      		 
      dictionary=0
      		 
      evict_max=2
      		 
      file_type=row-store
      		 
      backups=0
      		 
      huffman_key=0
      		 
      huffman_value=0
      		 
      insert_pct=85
      		 
      internal_key_truncation=1
      		 
      internal_page_max=9
      		 
      isolation=random
      		 
      key_gap=9
      		 
      key_max=256
      		 
      key_min=256
      		 
      leak_memory=0
      		 
      leaf_page_max=9
      		 
      logging=0
      		 
      lsm_worker_threads=3
      		 
      merge_max=19
      		 
      mmap=1
      		 
      ops=100000
      		 
      prefix_compression=1
      		 
      prefix_compression_min=8
      		 
      repeat_data_pct=2
      		 
      reverse=0
      		 
      rows=100000
      		 
      runs=1
      		 
      split_pct=52
      		 
      statistics=1
      		 
      threads=9
      		 
      value_max=3294
      		 
      value_min=256
      		 
      wiredtiger_config=
      		 
      write_pct=15
      		 
      ############################################

      Attachments

        Issue Links

          related to

          Task - A task that needs to be done. WT-1 placeholder WT-1

          • Closed

          Task - A task that needs to be done. WT-2 What does metadata look like?

          • Closed

          Task - A task that needs to be done. WT-3 What file formats are required?

          • Closed

          Task - A task that needs to be done. WT-4 Flexible cursor traversals

          • Closed

          Task - A task that needs to be done. WT-5 How does pget work: is it necessary?

          • Closed

          Task - A task that needs to be done. WT-6 Complex schema example

          • Closed

          Task - A task that needs to be done. WT-7 Do we need the handle->err/errx methods?

          • Closed

          Task - A task that needs to be done. WT-8 Do we need table load, bulk-load and/or dump methods?

          • Closed

          Task - A task that needs to be done. WT-9 Does adding schema need to be transactional?

          • Closed

          Task - A task that needs to be done. WT-10 Basic "getting started" tutorial

          • Closed

          Task - A task that needs to be done. WT-11 placeholder #11

          • Closed

          Task - A task that needs to be done. WT-12 Write more examples

          • Closed

          Task - A task that needs to be done. WT-13 Define supported platforms

          • Closed

          Task - A task that needs to be done. WT-14 Windows build

          • Closed

          Task - A task that needs to be done. WT-15 Automated build/test infrastructure

          • Closed

          Task - A task that needs to be done. WT-16 Test suite

          • Closed

          Task - A task that needs to be done. WT-17 Multithreaded tests

          • Closed

          Task - A task that needs to be done. WT-18 Coverage tests

          • Closed

          Task - A task that needs to be done. WT-19 Memory access / leak tests

          • Closed

          Task - A task that needs to be done. WT-20 API design

          • Closed

          Task - A task that needs to be done. WT-21 Record numbers in row stores

          • Closed

          Task - A task that needs to be done. WT-1304 Fixup LSM drop:

          • Closed

          Task - A task that needs to be done. WT-1307 LSM read checksum panic

          • Closed

          Activity

            People

              Unassigned Unassigned
              sue.loverso@mongodb.com Susan LoVerso
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: