format heap use after free in __txn_commit_timestamps_assert
http://build.wiredtiger.com:8080/job/wiredtiger-test-format-stress-sanitizer/24549/console
==54435==ERROR: AddressSanitizer: heap-use-after-free on address 0x60b0001d1690 at pc 0x0000007a66b1 bp 0x7f63f49f7830 sp 0x7f63f49f7828
READ of size 8 at 0x60b0001d1690 thread T22
#0 0x7a66b0 in __txn_commit_timestamps_assert /work/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/txn/txn.c:743:32
#1 0x7a3a4d in __wt_txn_commit /work/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/txn/txn.c:867:2
#2 0x71d63f in __session_commit_transaction /work/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/session/session_api.c:1725:9
#3 0x52142f in commit_transaction /work/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/test/format/../../../test/format/ops.c:453:2
#4 0x51f045 in ops /work/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/test/format/../../../test/format/ops.c:1020:4
#5 0x4dde52 in __asan::AsanThread::ThreadStart(unsigned long, __sanitizer::atomic_uintptr_t*) (/work/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/test/format/t+0x4dde52)
#6 0x7f640383536c in start_thread (/lib64/libpthread.so.0+0x736c)
#7 0x7f6402a09b4e in __GI___clone (/lib64/libc.so.6+0x110b4e)
0x60b0001d1690 is located 0 bytes inside of 101-byte region [0x60b0001d1690,0x60b0001d16f5)
freed by thread T22 here:
#0 0x4d01e8 in __interceptor_free.localalias.0 (/work/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/test/format/t+0x4d01e8)
#1 0x654929 in __wt_free_int /work/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/os_common/os_alloc.c:327:2
#2 0x860352 in __wt_free_update_list /work/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/btree/bt_discard.c:444:3
#3 0x861667 in __free_update /work/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/btree/bt_discard.c:426:5
#4 0x85ea9e in __free_page_modify /work/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/btree/bt_discard.c:211:4
#5 0x85cecd in __wt_page_out /work/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/btree/bt_discard.c:112:3
#6 0x85c1e8 in __wt_ref_out /work/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/btree/bt_discard.c:44:2
#7 0x608bd5 in __evict_page_dirty_update /work/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/evict/evict_page.c:442:5
#8 0x6038de in __wt_evict /work/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/evict/evict_page.c:205:3
#9 0x6021b1 in __wt_page_release_evict /work/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/evict/evict_page.c:83:8
#10 0x847f2f in __wt_page_release /work/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/include/btree.i:1533:4
#11 0x8374ab in __cursor_reset /work/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/include/cursor.i:216:8
#12 0x836fd3 in __wt_btcur_reset /work/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/btree/bt_cursor.c:482:10
#13 0xa204e1 in __curfile_reset /work/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/cursor/cur_file.c:172:8
#14 0x5c7e8a in __wt_cursor_cache /work/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/cursor/cur_std.c:599:2
#15 0xa2cf63 in __curfile_cache /work/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/cursor/cur_file.c:552:2
#16 0x5c9e60 in __wt_cursor_cache_release /work/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/cursor/cur_std.c:685:2
#17 0xa2c22d in __curfile_close /work/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/cursor/cur_file.c:495:9
#18 0x7a642c in __txn_commit_timestamps_assert /work/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/txn/txn.c:731:6
#19 0x7a3a4d in __wt_txn_commit /work/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/txn/txn.c:867:2
#20 0x71d63f in __session_commit_transaction /work/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/session/session_api.c:1725:9
#21 0x52142f in commit_transaction /work/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/test/format/../../../test/format/ops.c:453:2
#22 0x51f045 in ops /work/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/test/format/../../../test/format/ops.c:1020:4
#23 0x4dde52 in __asan::AsanThread::ThreadStart(unsigned long, __sanitizer::atomic_uintptr_t*) (/work/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/test/format/t+0x4dde52)
previously allocated by thread T22 here:
#0 0x4d05a8 in calloc (/work/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/test/format/t+0x4d05a8)
#1 0x653170 in __wt_calloc /work/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/os_common/os_alloc.c:52:11
#2 0x9860c1 in __wt_update_alloc /work/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/btree/row_modify.c:292:3
#3 0x8b52c2 in __las_page_instantiate /work/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/btree/bt_read.c:189:3
#4 0x8b7492 in __page_read_lookaside /work/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/btree/bt_read.c:429:2
#5 0x8af477 in __page_read /work/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/btree/bt_read.c:563:3
#6 0x8ac3b6 in __wt_page_in_func /work/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/btree/bt_read.c:687:4
#7 0x997cc7 in __wt_page_swap_func /work/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/include/btree.i:1715:8
#8 0x99375c in __wt_row_search /work/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/btree/row_srch.c:463:14
#9 0x837d01 in __cursor_row_search /work/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/btree/bt_cursor.c:397:2
#10 0x837630 in __wt_btcur_search_uncommitted /work/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/btree/bt_cursor.c:503:2
#11 0x7a635b in __txn_commit_timestamps_assert /work/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/txn/txn.c:728:5
#12 0x7a3a4d in __wt_txn_commit /work/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/txn/txn.c:867:2
#13 0x71d63f in __session_commit_transaction /work/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/session/session_api.c:1725:9
#14 0x52142f in commit_transaction /work/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/test/format/../../../test/format/ops.c:453:2
#15 0x51f045 in ops /work/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/test/format/../../../test/format/ops.c:1020:4
#16 0x4dde52 in __asan::AsanThread::ThreadStart(unsigned long, __sanitizer::atomic_uintptr_t*) (/work/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/test/format/t+0x4dde52)
Thread T22 created by T0 here:
#0 0x433890 in pthread_create (/work/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/test/format/t+0x433890)
#1 0x670d00 in __wt_thread_create /work/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/os_posix/os_thread.c:30:2
#2 0x519857 in wts_ops /work/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/test/format/../../../test/format/ops.c:173:3
#3 0x53428f in main /work/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/test/format/../../../test/format/t.c:221:5
#4 0x7f6402919889 in __libc_start_main (/lib64/libc.so.6+0x20889)
SUMMARY: AddressSanitizer: heap-use-after-free /work/jenkins/workspace/wiredtiger-test-format-stress-sanitizer/build_posix/../src/txn/txn.c:743:32 in __txn_commit_timestamps_assert
############################################ # RUN PARAMETERS ############################################ abort=0 alter=0 assert_commit_timestamp=1 assert_read_timestamp=0 auto_throttle=1 backups=1 bitcnt=4 bloom=1 bloom_bit_count=25 bloom_hash_count=20 bloom_oldest=0 cache=100 cache_minimum=20 checkpoints=on checkpoint_log_size=183 checkpoint_wait=85 checksum=off chunk_size=8 compaction=0 compression=none data_extend=0 data_source=file delete_pct=21 dictionary=0 direct_io=0 encryption=none evict_max=5 file_type=row-store firstfit=0 huffman_key=0 huffman_value=0 independent_thread_rng=0 in_memory=0 insert_pct=0 internal_key_truncation=1 internal_page_max=15 isolation=snapshot key_gap=15 key_max=20 key_min=19 leaf_page_max=9 leak_memory=0 logging=0 logging_archive=0 logging_compression=none logging_file_max=266694 logging_prealloc=1 long_running_txn=0 lsm_worker_threads=4 memory_page_max=2 merge_max=7 mmap=1 modify_pct=70 ops=0 prefix_compression=1 prefix_compression_min=1 prepare=1 quiet=1 read_pct=9 rebalance=1 repeat_data_pct=18 reverse=0 rows=1000000 runs=1 salvage=1 split_pct=88 statistics=0 statistics_server=1 threads=25 timer=4 timing_stress_aggressive_sweep=0 timing_stress_checkpoint=0 timing_stress_lookaside_sweep=0 timing_stress_split_1=0 timing_stress_split_2=0 timing_stress_split_3=0 timing_stress_split_4=0 timing_stress_split_5=0 timing_stress_split_6=0 timing_stress_split_7=0 timing_stress_split_8=0 transaction_timestamps=1 transaction-frequency=100 truncate=1 value_max=2694 value_min=8 verify=1 wiredtiger_config= write_pct=0 ############################################
- is related to
-
WT-4957 Revert part of a change about when pages are queued for urgent eviction
-
- Closed
-