heap-use-after-free when commit transaction with timestamp

XMLWordPrintableJSON

    • Type: Bug
    • Resolution: Duplicate
    • Priority: Major - P3
    • None
    • Affects Version/s: None
    • Component/s: None
    • None
    • None
    • None

      The sanitizer picked up a "heap-use-after-free" problem while committing transaction with timestamp, on kodkod-aws.

      http://build.wiredtiger.com:8080/job/wiredtiger-test-format-stress-sanitizer/24340/console

      + for i in {1..10}
+ eval nice ./t -1 -c ../../../test/format/CONFIG.stress
++ nice ./t -1 -c ../../../test/format/CONFIG.stress
=================================================================
==18235==ERROR: AddressSanitizer: heap-use-after-free on address 0x6040003f1c10 at pc 0x0000007c6a39 bp 0x7fb3fa7b67b0 sp 0x7fb3fa7b67a8
READ of size 8 at 0x6040003f1c10 thread T32
    #0 0x7c6a38 in __txn_commit_timestamps_assert /mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/txn/txn.c:738:32
    #1 0x7c3d40 in __wt_txn_commit /mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/txn/txn.c:863:2
    #2 0x73b12e in __session_commit_transaction /mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/session/session_api.c:1726:9
    #3 0x52b72e in commit_transaction /mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/test/format/../../../test/format/ops.c:462:2
    #4 0x5291eb in ops /mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/test/format/../../../test/format/ops.c:1038:4
    #5 0x4e8ede in __asan::AsanThread::ThreadStart(unsigned long, __sanitizer::atomic_uintptr_t*) (/mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/test/format/t+0x4e8ede)
    #6 0x7fb40b0be6da in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76da)
    #7 0x7fb40a1f088e in clone /build/glibc-OTsEL5/glibc-2.27/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95

0x6040003f1c10 is located 0 bytes inside of 38-byte region [0x6040003f1c10,0x6040003f1c36)
freed by thread T32 here:
    #0 0x4db0e0 in __interceptor_free.localalias.0 (/mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/test/format/t+0x4db0e0)
    #1 0x669fc8 in __wt_free_int /mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/os_common/os_alloc.c:327:2
    #2 0x887366 in __wt_free_update_list /mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/btree/bt_discard.c:444:3
    #3 0x88869e in __free_update /mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/btree/bt_discard.c:426:5
    #4 0x885a1c in __free_page_modify /mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/btree/bt_discard.c:211:4
    #5 0x883df0 in __wt_page_out /mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/btree/bt_discard.c:112:3
    #6 0x8830e8 in __wt_ref_out /mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/btree/bt_discard.c:44:2
    #7 0x61b06c in __evict_page_dirty_update /mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/evict/evict_page.c:439:5
    #8 0x6168a1 in __wt_evict /mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/evict/evict_page.c:226:3
    #9 0x614578 in __wt_page_release_evict /mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/evict/evict_page.c:93:8
    #10 0x86e47f in __wt_page_release /mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/include/btree.i:1530:4
    #11 0x85d01c in __cursor_reset /mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/include/cursor.i:214:8
    #12 0x85ccf7 in __wt_btcur_reset /mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/btree/bt_cursor.c:482:10
    #13 0xa57c67 in __curfile_reset /mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/cursor/cur_file.c:172:8
    #14 0x5d890f in __wt_cursor_cache /mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/cursor/cur_std.c:599:2
    #15 0xa64ac3 in __curfile_cache /mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/cursor/cur_file.c:552:2
    #16 0x5da91f in __wt_cursor_cache_release /mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/cursor/cur_std.c:685:2
    #17 0xa63d7a in __curfile_close /mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/cursor/cur_file.c:495:9
    #18 0x7c67aa in __txn_commit_timestamps_assert /mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/txn/txn.c:726:6
    #19 0x7c3d40 in __wt_txn_commit /mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/txn/txn.c:863:2
    #20 0x73b12e in __session_commit_transaction /mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/session/session_api.c:1726:9
    #21 0x52b72e in commit_transaction /mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/test/format/../../../test/format/ops.c:462:2
    #22 0x5291eb in ops /mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/test/format/../../../test/format/ops.c:1038:4
    #23 0x4e8ede in __asan::AsanThread::ThreadStart(unsigned long, __sanitizer::atomic_uintptr_t*) (/mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/test/format/t+0x4e8ede)

            Assignee:
            [DO NOT USE] Backlog - Storage Engines Team
            Reporter:
            Luke Chen
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: