-
Type:
Bug
-
Resolution: Duplicate
-
Priority:
Major - P3
-
None
-
Affects Version/s: None
-
Component/s: None
-
None
The sanitizer picked up a "heap-use-after-free" problem while committing transaction with timestamp, on kodkod-aws.
http://build.wiredtiger.com:8080/job/wiredtiger-test-format-stress-sanitizer/24340/console
+ for i in {1..10}
+ eval nice ./t -1 -c ../../../test/format/CONFIG.stress
++ nice ./t -1 -c ../../../test/format/CONFIG.stress
=================================================================
==18235==ERROR: AddressSanitizer: heap-use-after-free on address 0x6040003f1c10 at pc 0x0000007c6a39 bp 0x7fb3fa7b67b0 sp 0x7fb3fa7b67a8
READ of size 8 at 0x6040003f1c10 thread T32
#0 0x7c6a38 in __txn_commit_timestamps_assert /mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/txn/txn.c:738:32
#1 0x7c3d40 in __wt_txn_commit /mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/txn/txn.c:863:2
#2 0x73b12e in __session_commit_transaction /mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/session/session_api.c:1726:9
#3 0x52b72e in commit_transaction /mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/test/format/../../../test/format/ops.c:462:2
#4 0x5291eb in ops /mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/test/format/../../../test/format/ops.c:1038:4
#5 0x4e8ede in __asan::AsanThread::ThreadStart(unsigned long, __sanitizer::atomic_uintptr_t*) (/mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/test/format/t+0x4e8ede)
#6 0x7fb40b0be6da in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76da)
#7 0x7fb40a1f088e in clone /build/glibc-OTsEL5/glibc-2.27/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95
0x6040003f1c10 is located 0 bytes inside of 38-byte region [0x6040003f1c10,0x6040003f1c36)
freed by thread T32 here:
#0 0x4db0e0 in __interceptor_free.localalias.0 (/mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/test/format/t+0x4db0e0)
#1 0x669fc8 in __wt_free_int /mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/os_common/os_alloc.c:327:2
#2 0x887366 in __wt_free_update_list /mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/btree/bt_discard.c:444:3
#3 0x88869e in __free_update /mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/btree/bt_discard.c:426:5
#4 0x885a1c in __free_page_modify /mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/btree/bt_discard.c:211:4
#5 0x883df0 in __wt_page_out /mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/btree/bt_discard.c:112:3
#6 0x8830e8 in __wt_ref_out /mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/btree/bt_discard.c:44:2
#7 0x61b06c in __evict_page_dirty_update /mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/evict/evict_page.c:439:5
#8 0x6168a1 in __wt_evict /mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/evict/evict_page.c:226:3
#9 0x614578 in __wt_page_release_evict /mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/evict/evict_page.c:93:8
#10 0x86e47f in __wt_page_release /mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/include/btree.i:1530:4
#11 0x85d01c in __cursor_reset /mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/include/cursor.i:214:8
#12 0x85ccf7 in __wt_btcur_reset /mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/btree/bt_cursor.c:482:10
#13 0xa57c67 in __curfile_reset /mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/cursor/cur_file.c:172:8
#14 0x5d890f in __wt_cursor_cache /mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/cursor/cur_std.c:599:2
#15 0xa64ac3 in __curfile_cache /mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/cursor/cur_file.c:552:2
#16 0x5da91f in __wt_cursor_cache_release /mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/cursor/cur_std.c:685:2
#17 0xa63d7a in __curfile_close /mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/cursor/cur_file.c:495:9
#18 0x7c67aa in __txn_commit_timestamps_assert /mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/txn/txn.c:726:6
#19 0x7c3d40 in __wt_txn_commit /mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/txn/txn.c:863:2
#20 0x73b12e in __session_commit_transaction /mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/session/session_api.c:1726:9
#21 0x52b72e in commit_transaction /mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/test/format/../../../test/format/ops.c:462:2
#22 0x5291eb in ops /mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/test/format/../../../test/format/ops.c:1038:4
#23 0x4e8ede in __asan::AsanThread::ThreadStart(unsigned long, __sanitizer::atomic_uintptr_t*) (/mnt/data0/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/test/format/t+0x4e8ede)