Loading...

XML

Word

Printable

JSON

Type: Task
Resolution: Done
Fix Version/s: None
Affects Version/s: None
Component/s: None
Labels:
None

Sprint:
None
Story Points:
None

After the merge of ~~WT-1304~~ we see this sanitizer failure:

==30813==ERROR: AddressSanitizer: heap-use-after-free on address 0x619000f03828 at pc 0x6d1a5d bp 0x7f0d91e36f50 sp 0x7f0d91e36f48
READ of size 261 at 0x619000f03828 thread T10
    #0 0x6d1a5c in __wt_buf_set /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/include/buf.i:78
    WT-1 0x6d10ab in __wt_session_copy_values /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/session/session_api.c:46
    WT-2 0x73d5e0 in __wt_txn_begin /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/txn/txn.c:284
    WT-3 0xc20c6c in __wt_txn_autocommit_check /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/include/txn.i:192
    WT-4 0xc1c37e in __wt_page_in_func /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/btree/bt_page.c:128:15
    WT-5 0x95e578 in __wt_page_swap_func /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/include/btree.i:995
    WT-6 0x958520 in __wt_row_search /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/btree/row_srch.c:295:17
    WT-7 0xb8d5fd in __cursor_row_search /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/btree/bt_cursor.c:238
    WT-8 0xb8b024 in __wt_btcur_search /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/btree/bt_cursor.c:309
    WT-9 0x9e2d1a in __curfile_search /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/cursor/cur_file.c:166
    WT-10 0x60879d in __wt_metadata_search /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/meta/meta_table.c:200
    WT-11 0xaf4642 in __wt_meta_checkpoint_last_name /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/meta/meta_ckpt.c:72
    WT-12 0x701b31 in __wt_session_get_btree_ckpt /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/session/session_dhandle.c:224
    WT-13 0x9f3f5a in __wt_curfile_open /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/cursor/cur_file.c:460
    WT-14 0x6d3a8c in __wt_open_cursor /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/session/session_api.c:272
    WT-15 0xa8a9a2 in __clsm_open_cursors /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/lsm/lsm_cursor.c:573
    WT-16 0xaaf0c6 in __clsm_enter /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/lsm/lsm_cursor.c:225
    WT-17 0xaa6a8d in __clsm_remove /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/lsm/lsm_cursor.c:1389
    WT-18 0x4c1839 in row_remove /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/test/format/../../../test/format/ops.c:1041
    WT-19 0x4bb9ff in ops /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/test/format/../../../test/format/ops.c:383
    WT-20 0x7f0da3cc1181 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x8181)
    WT-21 0x7f0da32b8fbc (/lib/x86_64-linux-gnu/libc.so.6+0xfafbc)

0x619000f03828 is located 40 bytes inside of 512-byte region [0x619000f03800,0x619000f03a00)
freed by thread T10 here:
    #0 0x48b2f1 in __interceptor_free (/fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/test/format/t+0x48b2f1)
    WT-1 0x61d2cb in __wt_free_int /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/os_posix/os_alloc.c:237
    WT-2 0x573f9b in __wt_buf_free /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/include/buf.i:112
    WT-3 0x573182 in __wt_cursor_close /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/cursor/cur_std.c:450
    WT-4 0x9f180f in __curfile_close /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/cursor/cur_file.c:335
    WT-5 0xaab089 in __clsm_close_cursors /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/lsm/lsm_cursor.c:349
    WT-6 0xa89123 in __clsm_open_cursors /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/lsm/lsm_cursor.c:541
    WT-7 0xaaf0c6 in __clsm_enter /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/lsm/lsm_cursor.c:225
    WT-8 0xaa6a8d in __clsm_remove /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/lsm/lsm_cursor.c:1389
    WT-9 0x4c1839 in row_remove /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/test/format/../../../test/format/ops.c:1041
    WT-10 0x4bb9ff in ops /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/test/format/../../../test/format/ops.c:383
    WT-11 0x7f0da3cc1181 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x8181)

previously allocated by thread T10 here:
    #0 0x48bbbc in __interceptor_posix_memalign (/fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/test/format/t+0x48bbbc)
    WT-1 0x61c338 in __wt_realloc_aligned /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/os_posix/os_alloc.c:139
    WT-2 0x725227 in __wt_buf_grow_worker /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/support/scratch.c:44
    WT-3 0xca78c2 in __wt_buf_grow /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/include/buf.i:17
    WT-4 0xca6e22 in __wt_buf_init /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/include/buf.i:46
    WT-5 0xca2578 in __wt_block_read_off /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/block/block_read.c:190
    WT-6 0xca51cd in __wt_bm_read /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/block/block_read.c:102
    WT-7 0xbff2cf in __wt_bt_read /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/btree/bt_io.c:34
    WT-8 0xc11209 in __ovfl_read /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/btree/bt_ovfl.c:30
    WT-9 0xc10801 in __wt_ovfl_read /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/btree/bt_ovfl.c:71
    WT-10 0xb543dc in __cell_data_ref /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/include/cell.i:748
    WT-11 0xb533ca in __wt_page_cell_data_ref /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/include/cell.i:789:10
    WT-12 0xb50702 in __cursor_row_slot_return /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/include/cursor.i:278:10
    WT-13 0xb4b1fe in __cursor_row_next /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/btree/bt_curnext.c:313:11
    WT-14 0xb43134 in __wt_btcur_next /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/btree/bt_curnext.c:439:11
    WT-15 0x9df110 in __curfile_next /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/cursor/cur_file.c:79
    WT-16 0xa92b95 in __clsm_next /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/lsm/lsm_cursor.c:800
    WT-17 0x4c8016 in nextprev /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/test/format/../../../test/format/ops.c:652
    WT-18 0x4bc9d2 in ops /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/test/format/../../../test/format/ops.c:453
    WT-19 0x7f0da3cc1181 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x8181)

Thread T10 created by T0 here:
    #0 0x4776d5 in __interceptor_pthread_create (/fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/test/format/t+0x4776d5)
    WT-1 0x4b700e in wts_ops /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/test/format/../../../test/format/ops.c:98
    WT-2 0x4cddc1 in main /fast/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/test/format/../../../test/format/t.c:190
    WT-3 0x7f0da31dfec4 (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)

This is the config:

############################################
#  RUN PARAMETERS
############################################
auto_throttle=1
firstfit=0
bitcnt=8
bloom=1
bloom_bit_count=24
bloom_hash_count=6
bloom_oldest=0
cache=240
checkpoints=1
checksum=uncompressed
chunk_size=8
compaction=1
compression=none
data_extend=0
data_source=lsm
delete_pct=41
dictionary=0
evict_max=2
file_type=row-store
backups=0
huffman_key=0
huffman_value=0
insert_pct=85
internal_key_truncation=1
internal_page_max=9
isolation=random
key_gap=9
key_max=256
key_min=256
leak_memory=0
leaf_page_max=9
logging=0
lsm_worker_threads=3
merge_max=19
mmap=1
ops=100000
prefix_compression=1
prefix_compression_min=8
repeat_data_pct=2
reverse=0
rows=100000
runs=1
split_pct=52
statistics=1
threads=9
value_max=3294
value_min=256
wiredtiger_config=
write_pct=15
############################################

related to

WT-1 placeholder WT-1

Closed

WT-2 What does metadata look like?

Closed

WT-3 What file formats are required?

Closed

WT-4 Flexible cursor traversals

Closed

WT-5 How does pget work: is it necessary?

Closed

WT-6 Complex schema example

Closed

WT-7 Do we need the handle->err/errx methods?

Closed

WT-8 Do we need table load, bulk-load and/or dump methods?

Closed

WT-9 Does adding schema need to be transactional?

Closed

WT-10 Basic "getting started" tutorial

Closed

WT-11 placeholder #11

Closed

WT-12 Write more examples

Closed

WT-13 Define supported platforms

Closed

WT-14 Windows build

Closed

WT-15 Automated build/test infrastructure

Closed

WT-16 Test suite

Closed

WT-17 Multithreaded tests

Closed

WT-18 Coverage tests

Closed

WT-19 Memory access / leak tests

Closed

WT-20 API design

Closed

WT-21 Record numbers in row stores

Closed

WT-1304 Fixup LSM drop:

Closed

WT-1307 LSM read checksum panic

Closed

(18 related to)

Assignee:: Unassigned
Reporter:: Susan LoVerso (Inactive)
Votes:: 0 Vote for this issue
Watchers:: 1 Start watching this issue

Created:: Oct 22 2014 02:52:36 PM UTC
Updated:: Apr 16 2015 08:48:33 PM UTC
Resolved:: Apr 09 2015 01:40:43 AM UTC

Details

Description

Attachments

Issue Links

Activity

People

Dates