Uploaded image for project: 'WiredTiger'
  1. WiredTiger
  2. WT-5770

format-stress-sanitizer-smoke-test failure: heap-buffer-overflow at __bit_test

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Duplicate
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: None
    • Component/s: None

      format-stress-sanitizer-smoke-test failed with heap-buffer-overflow error for fixed-length column-store file_type.

       

      Evergreen failed log link

       

       [2020/03/04 12:11:21.046]     snapshot-isolation: 23317 search: expected {0x06}, found {0x00}
[2020/03/04 12:11:21.046]     t: run FAILED
[2020/03/04 12:11:21.046]     snapshot-isolation error: Dumping page to /data/mci/00c5c3b97f8d738e93e2ecd05541083c/wiredtiger/test/format/RUNDIR.1/pagedump
[2020/03/04 12:11:21.046]     =================================================================
[2020/03/04 12:11:21.046]     ==23839==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x625000075200 at pc 0x00000053d379 bp 0x7f8b7ca55b60 sp 0x7f8b7ca55b58
[2020/03/04 12:11:21.046]     READ of size 1 at 0x625000075200 thread T16
[2020/03/04 12:11:21.046]         #0 0x53d378 in __bit_test /data/mci/00c5c3b97f8d738e93e2ecd05541083c/wiredtiger/build_posix/../src/include/bitstring.i:90:11
[2020/03/04 12:11:21.046]         #1 0x53d1a9 in __bit_getv /data/mci/00c5c3b97f8d738e93e2ecd05541083c/wiredtiger/build_posix/../src/include/bitstring.i:263:7
[2020/03/04 12:11:21.046]         #2 0x546c4e in __debug_page_col_fix /data/mci/00c5c3b97f8d738e93e2ecd05541083c/wiredtiger/build_posix/../src/btree/bt_debug.c:1015:9
[2020/03/04 12:11:21.046]         #3 0x5389d4 in __debug_page /data/mci/00c5c3b97f8d738e93e2ecd05541083c/wiredtiger/build_posix/../src/btree/bt_debug.c:858:13
[2020/03/04 12:11:21.046]         #4 0x5386a8 in __wt_debug_page /data/mci/00c5c3b97f8d738e93e2ecd05541083c/wiredtiger/build_posix/../src/btree/bt_debug.c:684:5
[2020/03/04 12:11:21.046]         #5 0x538eba in __wt_debug_cursor_page /data/mci/00c5c3b97f8d738e93e2ecd05541083c/wiredtiger/build_posix/../src/btree/bt_debug.c:703:13
[2020/03/04 12:11:21.046]         #6 0x519ae3 in snap_verify /data/mci/00c5c3b97f8d738e93e2ecd05541083c/wiredtiger/build_posix/test/format/../../../test/format/snap.c:243:5
[2020/03/04 12:11:21.046]         #7 0x51ab57 in snap_repeat_single /data/mci/00c5c3b97f8d738e93e2ecd05541083c/wiredtiger/build_posix/test/format/../../../test/format/snap.c:508:15
[2020/03/04 12:11:21.046]         #8 0x503880 in ops /data/mci/00c5c3b97f8d738e93e2ecd05541083c/wiredtiger/build_posix/test/format/../../../test/format/ops.c:655:13
[2020/03/04 12:11:21.046]         #9 0x7f8b8aa646da in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76da)
[2020/03/04 12:11:21.046]         #10 0x7f8b89b9688e in clone /build/glibc-OTsEL5/glibc-2.27/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95
[2020/03/04 12:11:21.046]     0x625000075200 is located 0 bytes to the right of 8192-byte region [0x625000073200,0x625000075200)
[2020/03/04 12:11:21.046]     allocated by thread T0 here:
[2020/03/04 12:11:21.046]         #0 0x4c45b9 in posix_memalign /data/mci/6d25660c910a6c7a2027a8b66804ae0f/toolchain-builder/tmp/build-llvm.sh-A40/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:219:3
[2020/03/04 12:11:21.046]         #1 0x7369cb in __wt_realloc_aligned /data/mci/00c5c3b97f8d738e93e2ecd05541083c/wiredtiger/build_posix/../src/os_common/os_alloc.c:202:20
[2020/03/04 12:11:21.046]         #2 0x871344 in __wt_buf_grow_worker /data/mci/00c5c3b97f8d738e93e2ecd05541083c/wiredtiger/build_posix/../src/support/scratch.c:45:13
[2020/03/04 12:11:21.046]         #3 0x96ee7f in __wt_buf_grow /data/mci/00c5c3b97f8d738e93e2ecd05541083c/wiredtiger/build_posix/../src/include/buf.i:17:54
[2020/03/04 12:11:21.046]         #4 0x96eb4c in __wt_buf_init /data/mci/00c5c3b97f8d738e93e2ecd05541083c/wiredtiger/build_posix/../src/include/buf.i:49:13
[2020/03/04 12:11:21.046]         #5 0x96c4e3 in __wt_block_read_off /data/mci/00c5c3b97f8d738e93e2ecd05541083c/wiredtiger/build_posix/../src/block/block_read.c:246:5
[2020/03/04 12:11:21.046]         #6 0x96b62f in __wt_bm_read /data/mci/00c5c3b97f8d738e93e2ecd05541083c/wiredtiger/build_posix/../src/block/block_read.c:99:5
[2020/03/04 12:11:21.046]         #7 0x54ed83 in __wt_bt_read /data/mci/00c5c3b97f8d738e93e2ecd05541083c/wiredtiger/build_posix/../src/btree/bt_io.c:38:9
[2020/03/04 12:11:21.046]         #8 0xa3af1d in __page_read /data/mci/00c5c3b97f8d738e93e2ecd05541083c/wiredtiger/build_posix/../src/btree/bt_read.c:146:5
[2020/03/04 12:11:21.046]         #9 0xa38b89 in __wt_page_in_func /data/mci/00c5c3b97f8d738e93e2ecd05541083c/wiredtiger/build_posix/../src/btree/bt_read.c:266:13
[2020/03/04 12:11:21.046]         #10 0xb0874e in __wt_page_swap_func /data/mci/00c5c3b97f8d738e93e2ecd05541083c/wiredtiger/build_posix/../src/include/btree.i:1685:11
[2020/03/04 12:11:21.046]         #11 0xb061b6 in __wt_col_search /data/mci/00c5c3b97f8d738e93e2ecd05541083c/wiredtiger/build_posix/../src/btree/col_srch.c:187:20
[2020/03/04 12:11:21.046]         #12 0x9cd832 in __cursor_col_search /data/mci/00c5c3b97f8d738e93e2ecd05541083c/wiredtiger/build_posix/../src/btree/bt_cursor.c:367:5
[2020/03/04 12:11:21.046]         #13 0x9ce41e in __wt_btcur_search /data/mci/00c5c3b97f8d738e93e2ecd05541083c/wiredtiger/build_posix/../src/btree/bt_cursor.c:587:9
[2020/03/04 12:11:21.047]         #14 0x612e75 in __curfile_search /data/mci/00c5c3b97f8d738e93e2ecd05541083c/wiredtiger/build_posix/../src/cursor/cur_file.c:200:5
[2020/03/04 12:11:21.047]         #15 0x507fc2 in read_op /data/mci/00c5c3b97f8d738e93e2ecd05541083c/wiredtiger/build_posix/test/format/../../../test/format/format.i:52:23
[2020/03/04 12:11:21.047]         #16 0x50747d in read_row_worker /data/mci/00c5c3b97f8d738e93e2ecd05541083c/wiredtiger/build_posix/test/format/../../../test/format/ops.c:1078:15
[2020/03/04 12:11:21.047]         #17 0x506df0 in wts_read_scan /data/mci/00c5c3b97f8d738e93e2ecd05541083c/wiredtiger/build_posix/test/format/../../../test/format/ops.c:1031:23
[2020/03/04 12:11:21.047]         #18 0x51d6fe in main /data/mci/00c5c3b97f8d738e93e2ecd05541083c/wiredtiger/build_posix/test/format/../../../test/format/t.c:275:9
[2020/03/04 12:11:21.047]         #19 0x7f8b89a96b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
[2020/03/04 12:11:21.047]     Thread T16 created by T0 here:
[2020/03/04 12:11:21.047]         #0 0x4ac1fd in pthread_create /data/mci/6d25660c910a6c7a2027a8b66804ae0f/toolchain-builder/tmp/build-llvm.sh-A40/llvm/projects/compiler-rt/lib/asan/asan_interceptors.cc:210:3
[2020/03/04 12:11:21.047]         #1 0x7557b5 in __wt_thread_create /data/mci/00c5c3b97f8d738e93e2ecd05541083c/wiredtiger/build_posix/../src/os_posix/os_thread.c:28:5
[2020/03/04 12:11:21.047]         #2 0x5013fb in wts_ops /data/mci/00c5c3b97f8d738e93e2ecd05541083c/wiredtiger/build_posix/test/format/../../../test/format/ops.c:188:9
[2020/03/04 12:11:21.047]         #3 0x51d7b6 in main /data/mci/00c5c3b97f8d738e93e2ecd05541083c/wiredtiger/build_posix/test/format/../../../test/format/t.c:280:13
[2020/03/04 12:11:21.047]         #4 0x7f8b89a96b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
[2020/03/04 12:11:21.047]     SUMMARY: AddressSanitizer: heap-buffer-overflow /data/mci/00c5c3b97f8d738e93e2ecd05541083c/wiredtiger/build_posix/../src/include/bitstring.i:90:11 in __bit_test
[2020/03/04 12:11:21.047]     Shadow bytes around the buggy address:
[2020/03/04 12:11:21.047]       0x0c4a800069f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[2020/03/04 12:11:21.047]       0x0c4a80006a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[2020/03/04 12:11:21.047]       0x0c4a80006a10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[2020/03/04 12:11:21.047]       0x0c4a80006a20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[2020/03/04 12:11:21.047]       0x0c4a80006a30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[2020/03/04 12:11:21.047]     =>0x0c4a80006a40:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
[2020/03/04 12:11:21.047]       0x0c4a80006a50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
[2020/03/04 12:11:21.047]       0x0c4a80006a60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
[2020/03/04 12:11:21.047]       0x0c4a80006a70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
[2020/03/04 12:11:21.047]       0x0c4a80006a80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
[2020/03/04 12:11:21.047]       0x0c4a80006a90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
[2020/03/04 12:11:21.047]     Shadow byte legend (one shadow byte represents 8 application bytes):
[2020/03/04 12:11:21.047]       Addressable:           00
[2020/03/04 12:11:21.047]       Partially addressable: 01 02 03 04 05 06 07
[2020/03/04 12:11:21.047]       Heap left redzone:       fa
[2020/03/04 12:11:21.047]       Freed heap region:       fd
[2020/03/04 12:11:21.047]       Stack left redzone:      f1
[2020/03/04 12:11:21.047]       Stack mid redzone:       f2
[2020/03/04 12:11:21.047]       Stack right redzone:     f3
[2020/03/04 12:11:21.047]       Stack after return:      f5
[2020/03/04 12:11:21.047]       Stack use after scope:   f8
[2020/03/04 12:11:21.047]       Global redzone:          f9
[2020/03/04 12:11:21.047]       Global init order:       f6
[2020/03/04 12:11:21.047]       Poisoned by user:        f7
[2020/03/04 12:11:21.047]       Container overflow:      fc
[2020/03/04 12:11:21.047]       Array cookie:            ac
[2020/03/04 12:11:21.047]       Intra object redzone:    bb
[2020/03/04 12:11:21.047]       ASan internal:           fe
[2020/03/04 12:11:21.047]       Left alloca redzone:     ca
[2020/03/04 12:11:21.047]       Right alloca redzone:    cb
[2020/03/04 12:11:21.047]       Shadow gap:              cc

       

       

            Assignee:
            backlog-server-storage-engines [DO NOT USE] Backlog - Storage Engines Team
            Reporter:
            ravi.giri@mongodb.com Ravi Giri
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: