Running an ASAN build of test/format uncovered a call to free with a bad pointer value.
=================================================================
==27298==ERROR: AddressSanitizer: attempting free on address which was not malloc()-ed: 0x000006b8e000 in thread T25
#0 0x4c7252 in free (/mnt/data0/smithk/work/wiredtiger/build_posix/test/format/t+0x4c7252)
#1 0x516438 in ops /home/smithk/work/wiredtiger/build_posix/test/format/../../../test/format/ops.c:1013:9
#2 0x7f27fb9d46da in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76da)
#3 0x7f27fa61b88e in clone /build/glibc-OTsEL5/glibc-2.27/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95
Address 0x000006b8e000 is a wild pointer.
SUMMARY: AddressSanitizer: bad-free (/mnt/data0/smithk/work/wiredtiger/build_posix/test/format/t+0x4c7252) in free
Thread T25 created by T0 here:
#0 0x4afbad in pthread_create (/mnt/data0/smithk/work/wiredtiger/build_posix/test/format/t+0x4afbad)
#1 0x700875 in __wt_thread_create /home/smithk/work/wiredtiger/build_posix/../src/os_posix/os_thread.c:28:5
#2 0x51080b in operations /home/smithk/work/wiredtiger/build_posix/test/format/../../../test/format/ops.c:173:9
#3 0x531b1b in main /home/smithk/work/wiredtiger/build_posix/test/format/../../../test/format/t.c:286:13
#4 0x7f27fa51bb96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
==27298==ABORTING
This CONFIG hits the error about 50% of the time for me. I haven't seen any external effects other than the ASAN failure.
############################################ # RUN PARAMETERS: V2 ############################################ assert.commit_timestamp=1 assert.read_timestamp=0 backup=1 backup.incremental=off btree.bitcnt=8 btree.compression=zlib btree.dictionary=0 btree.huffman_key=0 btree.huffman_value=0 btree.internal_key_truncation=1 btree.internal_page_max=12 btree.key_gap=0 btree.key_max=37 btree.key_min=25 btree.leaf_page_max=16 btree.memory_page_max=3 btree.prefix_compression=1 btree.prefix_compression_min=2 btree.repeat_data_pct=89 btree.reverse=0 btree.split_pct=50 btree.value_max=4008 btree.value_min=6 cache=100 cache.evict_max=5 cache.minimum=0 checkpoint=on checkpoint.log_size=148 checkpoint.wait=95 disk.checksum=on disk.data_extend=0 disk.direct_io=0 disk.encryption=none disk.firstfit=0 disk.mmap=0 disk.mmap_all=0 format.abort=0 format.independent_thread_rng=1 format.major_timeout=0 logging=1 logging.archive=1 logging.compression=none logging.file_max=159302 logging.prealloc=1 lsm.auto_throttle=1 lsm.bloom=1 lsm.bloom_bit_count=30 lsm.bloom_hash_count=31 lsm.bloom_oldest=0 lsm.chunk_size=6 lsm.merge_max=6 lsm.worker_threads=3 ops.alter=0 ops.compaction=0 ops.pct.delete=0 ops.pct.insert=28 ops.pct.modify=1 ops.pct.read=26 ops.pct.write=45 ops.prepare=0 ops.random_cursor=0 ops.rebalance=1 ops.salvage=1 ops.truncate=1 ops.verify=1 quiet=1 runs=1 runs.in_memory=0 runs.ops=0 runs.rows=178568 runs.source=table runs.threads=6 runs.timer=5 runs.type=row-store statistics=0 statistics.server=0 stress.aggressive_sweep=0 stress.checkpoint=0 stress.hs_sweep=0 stress.split_1=0 stress.split_2=0 stress.split_3=0 stress.split_4=0 stress.split_5=0 stress.split_6=0 stress.split_7=0 stress.split_8=0 transaction.frequency=100 transaction.isolation=snapshot transaction.timestamps=1 wiredtiger.config= wiredtiger.rwlock=1 wiredtiger.leak_memory=0 ############################################
The bad free occurs at the end of ops(), when we deallocate the memory from the temporary buffer:
key_gen_teardown(tinfo->key);
val_gen_teardown(tinfo->value);
key_gen_teardown(tinfo->lastkey);
--> free(tinfo->tbuf->mem);
tinfo->state = TINFO_COMPLETE;
return (WT_THREAD_RET_VALUE);
}
- causes
-
WT-6355 test/format can configure keys that are too short
-
- Closed
-