Uploaded image for project: 'WiredTiger'
  1. WiredTiger
  2. WT-3179

test bug: clang sanitizer failure in fail_fs

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • WT2.9.2, 3.2.13, 3.4.3, 3.5.4
    • Affects Version/s: 3.5.3
    • Component/s: None
    • None

      clang sanitizer failed with:

      FAIL: test_wt2909_checkpoint_integrity
      ======================================
      
      check_results/127: session->open_cursor(session, "table:subtest", NULL, NULL, &maincur): No such file or directory
      FAIL test_wt2909_checkpoint_integrity (exit status: 1)
      

      This test runs a subprocess that populates a database (while enduring injected write failures), and then examines the resulting database. The subprocess created a stderr.txt file that contains:

      =================================================================
      ==75043==ERROR: AddressSanitizer: heap-use-after-free on address 0x60f00000e688 at pc 0x7f49e8d1148f bp 0x7f49e3ba28e0 sp 0x7f49e3ba28d8
      WRITE of size 8 at 0x60f00000e688 thread T3
          #0 0x7f49e8d1148e in fail_fs_open /work/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/ext/test/fail_fs/../../../../ext/test/fail_fs/fail_fs.c:623:91
          #1 0x550d53 in __wt_open /work/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/../src/os_common/os_fhandle.c:258:19
          #2 0x519b19 in __log_openfile /work/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/../src/log/log.c:768:19
          #3 0x51d868 in __wt_log_allocfile /work/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/../src/log/log.c:1158:19
          #4 0x4e3d7c in __log_prealloc_once /work/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/../src/conn/conn_log.c:308:20
          #5 0x4e3d7c in __log_server /work/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/../src/conn/conn_log.c:815
          #6 0x3e6ce07554 in start_thread (/lib64/libpthread.so.0+0x3e6ce07554)
          #7 0x3e6cb02dec in __clone (/lib64/libc.so.6+0x3e6cb02dec)
      
      0x60f00000e688 is located 152 bytes inside of 168-byte region [0x60f00000e5f0,0x60f00000e698)
      freed by thread T0 here:
          #0 0x49ce2b in free (/work/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/test/csuite/test_wt2909_checkpoint_integrity+0x49ce2b)
          #1 0x7f49e8d11b00 in fail_file_handle_remove /work/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/ext/test/fail_fs/../../../../ext/test/fail_fs/fail_fs.c:193:2
          #2 0x7f49e8d11b00 in fail_file_close /work/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/ext/test/fail_fs/../../../../ext/test/fail_fs/fail_fs.c:173
          #3 0x551b38 in __wt_close /work/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/../src/os_common/os_fhandle.c:326:8
          #4 0x62617a in __wt_block_manager_create /work/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/../src/block/block_open.c:80:32
          #5 0x5ab5d7 in __create_file /work/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/../src/schema/schema_create.c:88:19
          #6 0x5ab5d7 in __wt_schema_create /work/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/../src/schema/schema_create.c:682
          #7 0x5c003a in __wt_session_create /work/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/../src/session/session_api.c:520
          #8 0x6b7859 in __wt_las_create /work/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/../src/cache/cache_las.c:89:32
          #9 0x4e5d70 in __wt_connection_workers /work/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/../src/conn/conn_open.c:252:32
          #10 0x4c7629 in wiredtiger_open /work/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/../src/conn/conn_api.c:2458:19
          #11 0x4baf6a in subtest_main /work/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/test/csuite/../../../test/csuite/wt2909_checkpoint_integrity/main.c:474:28
          #12 0x4babbb in main /work/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/test/csuite/../../../test/csuite/wt2909_checkpoint_integrity/main.c:632:12
          #13 0x3e6ca206ff in __libc_start_main (/lib64/libc.so.6+0x3e6ca206ff)
      
      previously allocated by thread T0 here:
          #0 0x49d200 in calloc (/work/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/test/csuite/test_wt2909_checkpoint_integrity+0x49d200)
          #1 0x7f49e8d11264 in fail_fs_open /work/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/ext/test/fail_fs/../../../../ext/test/fail_fs/fail_fs.c:590:17
          #2 0x550d53 in __wt_open /work/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/../src/os_common/os_fhandle.c:258:19
          #3 0x6259a0 in __wt_block_manager_create /work/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/../src/block/block_open.c:47:14
          #4 0x5ab5d7 in __create_file /work/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/../src/schema/schema_create.c:88:19
          #5 0x5ab5d7 in __wt_schema_create /work/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/../src/schema/schema_create.c:682
          #6 0x5c003a in __wt_session_create /work/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/../src/session/session_api.c:520
          #7 0x6b7859 in __wt_las_create /work/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/../src/cache/cache_las.c:89:32
          #8 0x4e5d70 in __wt_connection_workers /work/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/../src/conn/conn_open.c:252:32
          #9 0x4c7629 in wiredtiger_open /work/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/../src/conn/conn_api.c:2458:19
          #10 0x4baf6a in subtest_main /work/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/test/csuite/../../../test/csuite/wt2909_checkpoint_integrity/main.c:474:28
          #11 0x4babbb in main /work/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/test/csuite/../../../test/csuite/wt2909_checkpoint_integrity/main.c:632:12
          #12 0x3e6ca206ff in __libc_start_main (/lib64/libc.so.6+0x3e6ca206ff)
      
      Thread T3 created by T0 here:
          #0 0x484cdf in __interceptor_pthread_create (/work/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/test/csuite/test_wt2909_checkpoint_integrity+0x484cdf)
          #1 0x55b00f in __wt_thread_create /work/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/../src/os_posix/os_thread.c:22:84
          #2 0x4e1770 in __wt_logmgr_open /work/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/../src/conn/conn_log.c:977:33
          #3 0x4e5d58 in __wt_connection_workers /work/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/../src/conn/conn_open.c:246:32
          #4 0x4c7629 in wiredtiger_open /work/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/../src/conn/conn_api.c:2458:19
          #5 0x4baf6a in subtest_main /work/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/test/csuite/../../../test/csuite/wt2909_checkpoint_integrity/main.c:474:28
          #6 0x4babbb in main /work/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/test/csuite/../../../test/csuite/wt2909_checkpoint_integrity/main.c:632:12
          #7 0x3e6ca206ff in __libc_start_main (/lib64/libc.so.6+0x3e6ca206ff)
      
      SUMMARY: AddressSanitizer: heap-use-after-free /work/jenkins/workspace/wiredtiger-clang-sanitizer/build_posix/ext/test/fail_fs/../../../../ext/test/fail_fs/fail_fs.c:623 fail_fs_open
      Shadow bytes around the buggy address:
        0x0c1e7fff9c80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
        0x0c1e7fff9c90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
        0x0c1e7fff9ca0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
        0x0c1e7fff9cb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fd fd
        0x0c1e7fff9cc0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
      =>0x0c1e7fff9cd0: fd[fd]fd fa fa fa fa fa fa fa fa fa fd fd fd fd
        0x0c1e7fff9ce0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
        0x0c1e7fff9cf0: fd fa fa fa fa fa fa fa fa fa 00 00 00 00 00 00
        0x0c1e7fff9d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa
        0x0c1e7fff9d10: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
        0x0c1e7fff9d20: fd fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa
      Shadow byte legend (one shadow byte represents 8 application bytes):
        Addressable:           00
        Partially addressable: 01 02 03 04 05 06 07 
        Heap left redzone:       fa
        Heap right redzone:      fb
        Freed heap region:       fd
        Stack left redzone:      f1
        Stack mid redzone:       f2
        Stack right redzone:     f3
        Stack partial redzone:   f4
        Stack after return:      f5
        Stack use after scope:   f8
        Global redzone:          f9
        Global init order:       f6
        Poisoned by user:        f7
        Container overflow:      fc
        ASan internal:           fe
      ==75043==ABORTING
      

            Assignee:
            donald.anderson@mongodb.com Donald Anderson
            Reporter:
            donald.anderson@mongodb.com Donald Anderson
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: