Uploaded image for project: 'WiredTiger'
  1. WiredTiger
  2. WT-4849

heap-use-after-free detected by block write during checkpoint

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Duplicate
    • Priority: Icon: Minor - P4 Minor - P4
    • None
    • Affects Version/s: None
    • Component/s: None
    • None
    • 0
    • Storage Engines 2019-06-17

      Right after merging WT-4494, the stress sanitizer job started to failĀ on PPC machine, detecting ASANĀ heap-use-after-free error during a checkpoint triggered block write.

      http://build.wiredtiger.com:8080/job/wiredtiger-test-format-stress-sanitizer-ppc/7707/console

      + for i in '{1..10}'
+ eval nice ./t -1 -c ../../../test/format/CONFIG.stress
++ nice ./t -1 -c ../../../test/format/CONFIG.stress
=================================================================
==9931==ERROR: AddressSanitizer: heap-use-after-free on address 0x0af00081ac6a at pc 0x000010934214 bp 0x3fffc8c16760 sp 0x3fffc8c16780
WRITE of size 1 at 0x0af00081ac6a thread T0
    #0 0x10934210 in __wt_vpack_uint /home/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer-ppc/build_posix/../src/include/intpack.i:212:6
    #1 0x10932198 in __block_write_off /home/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer-ppc/build_posix/../src/block/block_write.c:305:3
    #2 0x10931450 in __wt_block_write_off /home/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer-ppc/build_posix/../src/block/block_write.c:420:8
    #3 0x109d80e0 in __wt_block_extlist_write /home/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer-ppc/build_posix/../src/block/block_ext.c:1312:2
    #4 0x109bb854 in __ckpt_update /home/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer-ppc/build_posix/../src/block/block_ckpt.c:751:2
    #5 0x109ba3f4 in __ckpt_process /home/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer-ppc/build_posix/../src/block/block_ckpt.c:677:10
    #6 0x109b8ba8 in __wt_block_checkpoint /home/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer-ppc/build_posix/../src/block/block_ckpt.c:267:8
    #7 0x1091c004 in __bm_checkpoint /home/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer-ppc/build_posix/../src/block/block_mgr.c:67:10
    #8 0x10565bcc in __wt_bt_write /home/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer-ppc/build_posix/../src/btree/bt_io.c:384:2
    #9 0x103253e4 in __rec_write_wrapup /home/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer-ppc/build_posix/../src/reconcile/rec_write.c:2434:4
    #10 0x1031cb80 in __wt_reconcile /home/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer-ppc/build_posix/../src/reconcile/rec_write.c:179:25
    #11 0x10328a80 in __rec_root_write /home/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer-ppc/build_posix/../src/reconcile/rec_write.c:501:10
    #12 0x1031ea74 in __wt_reconcile /home/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer-ppc/build_posix/../src/reconcile/rec_write.c:250:3
    #13 0x10328a80 in __rec_root_write /home/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer-ppc/build_posix/../src/reconcile/rec_write.c:501:10
    #14 0x1031ea74 in __wt_reconcile /home/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer-ppc/build_posix/../src/reconcile/rec_write.c:250:3
    #15 0x10236444 in __wt_evict_file /home/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer-ppc/build_posix/../src/evict/evict_file.c:76:4
    #16 0x1046cd34 in __checkpoint_tree /home/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer-ppc/build_posix/../src/txn/txn_ckpt.c:1679:3
    #17 0x1046e184 in __wt_checkpoint_close /home/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer-ppc/build_posix/../src/txn/txn_ckpt.c:1931:9
    #18 0x101d5850 in __wt_conn_dhandle_close /home/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer-ppc/build_posix/../src/conn/conn_dhandle.c:336:5
    #19 0x103e2788 in __wt_session_release_dhandle /home/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer-ppc/build_posix/../src/session/session_dhandle.c:290:9
    #20 0x1037a874 in __wt_exclusive_handle_operation /home/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer-ppc/build_posix/../src/schema/schema_worker.c:36:2
    #21 0x1037ad20 in __wt_schema_worker /home/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer-ppc/build_posix/../src/schema/schema_worker.c:75:4
    #22 0x1037b7b8 in __wt_schema_worker /home/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer-ppc/build_posix/../src/schema/schema_worker.c:113:5
    #23 0x103a0dec in __session_rebalance /home/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer-ppc/build_posix/../src/session/session_api.c:913:2
    #24 0x101737cc in wts_rebalance /home/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer-ppc/build_posix/test/format/../../../test/format/rebalance.c:58:2
    #25 0x1017754c in main /home/jenkins/jenkins/workspace/wiredtiger-test-format-stress-sanitizer-ppc/build_posix/test/format/../../../test/format/t.c:260:3
    #26 0x3fff9b96457c in generic_start_main.isra.0 (/lib64/power8/libc.so.6+0x2457c)

      The configuration:

      ############################################
#  RUN PARAMETERS
############################################
abort=0
alter=0
auto_throttle=1
backups=0
bitcnt=1
bloom=1
bloom_bit_count=37
bloom_hash_count=24
bloom_oldest=0
cache=380
cache_minimum=20
checkpoints=on
checkpoint_log_size=146
checkpoint_wait=96
checksum=uncompressed
chunk_size=9
compaction=0
compression=snappy
data_extend=0
data_source=table
delete_pct=44
dictionary=0
direct_io=0
encryption=rotn-7
evict_max=5
file_type=variable-length column-store
firstfit=0
huffman_key=0
huffman_value=0
independent_thread_rng=1
in_memory=0
insert_pct=2
internal_key_truncation=1
internal_page_max=9
isolation=read-committed
key_gap=0
key_max=78
key_min=20
leaf_page_max=13
leak_memory=0
logging=1
logging_archive=0
logging_compression=none
logging_file_max=231653
logging_prealloc=1
long_running_txn=0
lsm_worker_threads=4
memory_page_max=10
merge_max=6
mmap=1
modify_pct=16
ops=0
prefix_compression=1
prefix_compression_min=5
prepare=0
quiet=1
read_pct=6
rebalance=1
repeat_data_pct=71
reverse=0
rows=1000000
runs=1
salvage=1
split_pct=87
statistics=0
statistics_server=0
threads=19
timer=4
timing_stress_aggressive_sweep=0
timing_stress_checkpoint=0
timing_stress_lookaside_sweep=0
timing_stress_split_1=0
timing_stress_split_2=0
timing_stress_split_3=0
timing_stress_split_4=1
timing_stress_split_5=0
timing_stress_split_6=0
timing_stress_split_7=0
timing_stress_split_8=0
transaction_timestamps=0
transaction-frequency=47
truncate=1
value_max=1783
value_min=16
verify=1
wiredtiger_config=
write_pct=32
############################################

            Assignee:
            keith.bostic@mongodb.com Keith Bostic (Inactive)
            Reporter:
            luke.chen@mongodb.com Luke Chen
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: