Uploaded image for project: 'WiredTiger'
  1. WiredTiger
  2. WT-11579

ASAN sanitizer failure in __wt_lex_compare

    • 2
    • BermudaTriangle- 2023-09-05, TheMoon-StorEng - 2023-09-19

      Summary

      I've got so far two sanitizer failures in __wt_lex_compare in my recent patch builds (in both cases, my changes are unrelated to the failure):

      Details

      Here are the failure details from today's failure:

      Unable to find source-code formatter for language: plain. Available languages are: actionscript, ada, applescript, bash, c, c#, c++, cpp, css, erlang, go, groovy, haskell, html, java, javascript, js, json, lua, none, nyan, objc, perl, php, python, r, rainbow, ruby, scala, sh, sql, swift, visualbasic, xml, yaml
      [2023/08/31 16:26:21.507] ==13215==ERROR: AddressSanitizer: global-buffer-overflow on address 0x0000007f1242 at pc 0x7fc78471dad4 bp 0x7fff4c4efd50 sp 0x7fff4c4efd48
      [2023/08/31 16:26:22.148] READ of size 1 at 0x0000007f1242 thread T0
      [2023/08/31 16:26:22.148]     #0 0x7fc78471dad3 in __wt_lex_compare /data/mci/87ab58475a74eccc05e8e77eddd7e8a9/wiredtiger/src/include/btree_cmp_inline.h:91:13
      [2023/08/31 16:26:22.148]     #1 0x7fc784712f82 in __txn_mod_compare /data/mci/87ab58475a74eccc05e8e77eddd7e8a9/wiredtiger/src/txn/txn.c:1550:13
      [2023/08/31 16:26:22.148]     #2 0x7fc78471c5a8 in __ut_txn_mod_compare /data/mci/87ab58475a74eccc05e8e77eddd7e8a9/wiredtiger/src/txn/txn.c:2728:13
      [2023/08/31 16:26:23.064]     #3 0x7fc783e68780 in msort_with_tmp /build/glibc-SzIz7B/glibc-2.31/stdlib/msort.c:124:9
      [2023/08/31 16:26:23.064]     #4 0x7fc783e686a1 in msort_with_tmp /build/glibc-SzIz7B/glibc-2.31/stdlib/msort.c:45:6
      [2023/08/31 16:26:23.064]     #5 0x7fc783e686a1 in msort_with_tmp /build/glibc-SzIz7B/glibc-2.31/stdlib/msort.c:54:3
      [2023/08/31 16:26:23.064]     #6 0x7fc783e68c9d in msort_with_tmp /build/glibc-SzIz7B/glibc-2.31/stdlib/msort.c:45:6
      [2023/08/31 16:26:23.064]     #7 0x7fc783e68c9d in qsort_r /build/glibc-SzIz7B/glibc-2.31/stdlib/msort.c:254:7
      [2023/08/31 16:26:23.121]     #8 0x4dd705 in qsort /data/mci/cf02dab68c6203199a2c4dcdba60629c/toolchain-builder/tmp/build-llvm-v4.sh-Hnp/llvm-project-llvmorg/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:9917:3
      [2023/08/31 16:26:23.121]     #9 0x69b7e4 in (anonymous namespace)::C_A_T_C_H_T_E_S_T_6() /data/mci/87ab58475a74eccc05e8e77eddd7e8a9/wiredtiger/test/unittest/tests/test_prepare_mod_sort.cpp:270:5
      [2023/08/31 16:26:23.121]     #10 0x558549 in Catch::TestInvokerAsFunction::invoke() const /data/mci/87ab58475a74eccc05e8e77eddd7e8a9/wiredtiger/cmake_build/_deps/catch2-src/single_include/catch2/catch.hpp:14328:9
      [2023/08/31 16:26:23.121]     #11 0x54fa47 in Catch::TestCase::invoke() const /data/mci/87ab58475a74eccc05e8e77eddd7e8a9/wiredtiger/cmake_build/_deps/catch2-src/single_include/catch2/catch.hpp:14167:15
      [2023/08/31 16:26:23.121]     #12 0x54f919 in Catch::RunContext::invokeActiveTestCase() /data/mci/87ab58475a74eccc05e8e77eddd7e8a9/wiredtiger/cmake_build/_deps/catch2-src/single_include/catch2/catch.hpp:13027:27
      [2023/08/31 16:26:23.121]     #13 0x54cf1a in Catch::RunContext::runCurrentTest(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) /data/mci/87ab58475a74eccc05e8e77eddd7e8a9/wiredtiger/cmake_build/_deps/catch2-src/single_include/catch2/catch.hpp:13000:17
      [2023/08/31 16:26:23.121]     #14 0x54bd52 in Catch::RunContext::runTest(Catch::TestCase const&) /data/mci/87ab58475a74eccc05e8e77eddd7e8a9/wiredtiger/cmake_build/_deps/catch2-src/single_include/catch2/catch.hpp:12761:13
      [2023/08/31 16:26:23.121]     #15 0x55393e in Catch::(anonymous namespace)::TestGroup::execute() /data/mci/87ab58475a74eccc05e8e77eddd7e8a9/wiredtiger/cmake_build/_deps/catch2-src/single_include/catch2/catch.hpp:13354:45
      [2023/08/31 16:26:23.121]     #16 0x55286e in Catch::Session::runInternal() /data/mci/87ab58475a74eccc05e8e77eddd7e8a9/wiredtiger/cmake_build/_deps/catch2-src/single_include/catch2/catch.hpp:13560:39
      [2023/08/31 16:26:23.121]     #17 0x5525a3 in Catch::Session::run() /data/mci/87ab58475a74eccc05e8e77eddd7e8a9/wiredtiger/cmake_build/_deps/catch2-src/single_include/catch2/catch.hpp:13516:24
      [2023/08/31 16:26:23.121]     #18 0x59f7be in int Catch::Session::run<char>(int, char const* const*) /data/mci/87ab58475a74eccc05e8e77eddd7e8a9/wiredtiger/cmake_build/_deps/catch2-src/single_include/catch2/catch.hpp:13238:30
      [2023/08/31 16:26:23.121]     #19 0x574da7 in main /data/mci/87ab58475a74eccc05e8e77eddd7e8a9/wiredtiger/test/unittest/tests/main.cpp:20:29
      [2023/08/31 16:26:23.121]     #20 0x7fc783e47082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
      [2023/08/31 16:26:23.121]     #21 0x48297d in _start (/data/mci/87ab58475a74eccc05e8e77eddd7e8a9/wiredtiger/cmake_build/test/unittest/unittests+0x48297d)
      [2023/08/31 16:26:23.121] 0x0000007f1242 is located 62 bytes to the left of global variable '__const._ZN12_GLOBAL__N_118rand_non_keyd_typeEv.types' defined in '/data/mci/87ab58475a74eccc05e8e77eddd7e8a9/wiredtiger/test/unittest/tests/test_prepare_mod_sort.cpp' (0x7f1280) of size 16
      [2023/08/31 16:26:23.121] 0x0000007f1242 is located 0 bytes to the right of global variable '<string literal>' defined in '/data/mci/87ab58475a74eccc05e8e77eddd7e8a9/wiredtiger/test/unittest/tests/test_prepare_mod_sort.cpp:262:23' (0x7f1240) of size 2
      [2023/08/31 16:26:23.121]   '<string literal>' is ascii string '1'
      [2023/08/31 16:26:23.121] SUMMARY: AddressSanitizer: global-buffer-overflow /data/mci/87ab58475a74eccc05e8e77eddd7e8a9/wiredtiger/src/include/btree_cmp_inline.h:91:13 in __wt_lex_compare
      [2023/08/31 16:26:23.121] Shadow bytes around the buggy address:
      [2023/08/31 16:26:23.121]   0x0000800f61f0: f9 f9 f9 f9 07 f9 f9 f9 f9 f9 f9 f9 03 f9 f9 f9
      [2023/08/31 16:26:23.121]   0x0000800f6200: f9 f9 f9 f9 02 f9 f9 f9 f9 f9 f9 f9 03 f9 f9 f9
      [2023/08/31 16:26:23.121]   0x0000800f6210: f9 f9 f9 f9 00 04 f9 f9 f9 f9 f9 f9 00 00 00 00
      [2023/08/31 16:26:23.121]   0x0000800f6220: 00 00 00 00 05 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
      [2023/08/31 16:26:23.121]   0x0000800f6230: 00 00 00 00 00 00 03 f9 f9 f9 f9 f9 00 00 00 00
      [2023/08/31 16:26:23.121] =>0x0000800f6240: 05 f9 f9 f9 f9 f9 f9 f9[02]f9 f9 f9 f9 f9 f9 f9
      [2023/08/31 16:26:23.121]   0x0000800f6250: 00 00 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
      [2023/08/31 16:26:23.121]   0x0000800f6260: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      [2023/08/31 16:26:23.121]   0x0000800f6270: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      [2023/08/31 16:26:23.121]   0x0000800f6280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      [2023/08/31 16:26:23.121]   0x0000800f6290: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      [2023/08/31 16:26:23.121] Shadow byte legend (one shadow byte represents 8 application bytes):
      [2023/08/31 16:26:23.121]   Addressable:           00
      [2023/08/31 16:26:23.121]   Partially addressable: 01 02 03 04 05 06 07
      [2023/08/31 16:26:23.121]   Heap left redzone:       fa
      [2023/08/31 16:26:23.121]   Freed heap region:       fd
      [2023/08/31 16:26:23.121]   Stack left redzone:      f1
      [2023/08/31 16:26:23.121]   Stack mid redzone:       f2
      [2023/08/31 16:26:23.121]   Stack right redzone:     f3
      [2023/08/31 16:26:23.121]   Stack after return:      f5
      [2023/08/31 16:26:23.121]   Stack use after scope:   f8
      [2023/08/31 16:26:23.121]   Global redzone:          f9
      [2023/08/31 16:26:23.121]   Global init order:       f6
      [2023/08/31 16:26:23.121]   Poisoned by user:        f7
      [2023/08/31 16:26:23.121]   Container overflow:      fc
      [2023/08/31 16:26:23.121]   Array cookie:            ac
      [2023/08/31 16:26:23.121]   Intra object redzone:    bb
      [2023/08/31 16:26:23.121]   ASan internal:           fe
      [2023/08/31 16:26:23.121]   Left alloca redzone:     ca
      [2023/08/31 16:26:23.121]   Right alloca redzone:    cb
      [2023/08/31 16:26:23.121]   Shadow gap:              cc
      [2023/08/31 16:26:23.121] ==13215==ABORTING
      

      The failure in the previous patch build is similar, except that the sort function is __wt_qsort_r instead, as that was on a branch that did not have WT-11539 merged.

            Assignee:
            clarisse.cheah@mongodb.com Clarisse Cheah
            Reporter:
            peter.macko@mongodb.com Peter Macko
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: