Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[YSQL][SQLsmith] AddressSanitizer: heap-use-after-free in yb::pggate::PgMemctx::Clear() #11259

Open
def- opened this issue Jan 27, 2022 · 0 comments
Open

[YSQL][SQLsmith] AddressSanitizer: heap-use-after-free in yb::pggate::PgMemctx::Clear() #11259

def- opened this issue Jan 27, 2022 · 0 comments
Assignees
@m-iancu
Labels
area/ysql Yugabyte SQL (YSQL) kind/bug This issue is a bug kind/failing-test Tests and testing infra priority/medium Medium priority issue qa_automation Bugs identified via itest-system, LST, Stress automation or causing automation failures

Comments

@def-
Copy link
Contributor

def- commented Jan 27, 2022
edited by yugabyte-ci
Loading

Jira Link: DB-1246

Description

SQLsmith with asan build found this. It seems to happen while shutting down due to #11233 Can't reproduce it, but I hope the asan information is more helpful than just the TRAPs:

TRAP: FailedAssertion("!(bms_is_subset(appendrel->lateral_relids, required_outer))", File: "../../../../../../../src/postgres/src/backend/optimizer/util/relnode.c", Line: 1543)
2022-01-27 12:42:06.031 UTC [14009] LOG:  server process (PID 22360) was terminated by signal 6: Aborted
2022-01-27 12:42:06.031 UTC [14009] DETAIL:  Failed process was running: select  
	  subq_4.c2 as c0, 
	  subq_4.c3 as c1, 
	  subq_4.c1 as c2
	from 
	  (select  
	        ref_0.objoid as c0, 
	        ref_0.classoid as c1, 
	        subq_0.c3 as c2, 
	        pg_catalog.circle_contain_pt(
	          cast(cast(null as circle) as circle),
	          cast(pg_catalog.close_ls(
	            cast(cast(null as line) as line),
	            cast(cast(null as lseg) as lseg)) as point)) as c3
	      from 
	        pg_catalog.pg_shdescription as ref_0,
	        lateral (select  
	              ref_1.table_catalog as c0, 
	              ref_1.table_catalog as c1, 
	              ref_1.domain_schema as c2, 
	              51 as c3, 
	              ref_1.domain_name as c4, 
	              ref_1.table_catalog as c5, 
	              ref_0.objoid as c6, 
	              ref_1.domain_catalog as c7, 
	              ref_0.description as c8, 
	              ref_1.table_schema as c9, 
	              ref_1.domain_schema as c10
	            from 
	              information_schema.column_domain_usage as ref_1
	            where ref_0.
2022-01-27 12:42:06.031 UTC [14009] LOG:  terminating any other active server processes
2022-01-27 12:42:06.031 UTC [22359] WARNING:  terminating connection because of crash of another server process
2022-01-27 12:42:06.031 UTC [22359] DETAIL:  The postmaster has commanded this server process to roll back the current transaction and exit, because another server process exited abnormally and possibly corrupted shared memory.
2022-01-27 12:42:06.031 UTC [22359] HINT:  In a moment you should be able to reconnect to the database and repeat your command.
2022-01-27 12:42:06.032 UTC [22362] WARNING:  terminating connection because of crash of another server process
2022-01-27 12:42:06.032 UTC [22362] DETAIL:  The postmaster has commanded this server process to roll back the current transaction and exit, because another server process exited abnormally and possibly corrupted shared memory.
2022-01-27 12:42:06.032 UTC [22362] HINT:  In a moment you should be able to reconnect to the database and repeat your command.
2022-01-27 12:42:06.032 UTC [22368] WARNING:  terminating connection because of crash of another server process
2022-01-27 12:42:06.032 UTC [22368] DETAIL:  The postmaster has commanded this server process to roll back the current transaction and exit, because another server process exited abnormally and possibly corrupted shared memory.
2022-01-27 12:42:06.032 UTC [22368] HINT:  In a moment you should be able to reconnect to the database and repeat your command.
2022-01-27 12:42:06.032 UTC [22358] WARNING:  terminating connection because of crash of another server process
2022-01-27 12:42:06.032 UTC [22358] DETAIL:  The postmaster has commanded this server process to roll back the current transaction and exit, because another server process exited abnormally and possibly corrupted shared memory.
2022-01-27 12:42:06.032 UTC [22358] HINT:  In a moment you should be able to reconnect to the database and repeat your command.
2022-01-27 12:42:06.032 UTC [22357] WARNING:  terminating connection because of crash of another server process
2022-01-27 12:42:06.032 UTC [22357] DETAIL:  The postmaster has commanded this server process to roll back the current transaction and exit, because another server process exited abnormally and possibly corrupted shared memory.
2022-01-27 12:42:06.032 UTC [22357] HINT:  In a moment you should be able to reconnect to the database and repeat your command.
2022-01-27 12:42:06.032 UTC [22363] WARNING:  terminating connection because of crash of another server process
2022-01-27 12:42:06.032 UTC [22363] DETAIL:  The postmaster has commanded this server process to roll back the current transaction and exit, because another server process exited abnormally and possibly corrupted shared memory.
2022-01-27 12:42:06.032 UTC [22363] HINT:  In a moment you should be able to reconnect to the database and repeat your command.
2022-01-27 12:42:06.032 UTC [22361] WARNING:  terminating connection because of crash of another server process
2022-01-27 12:42:06.032 UTC [22361] DETAIL:  The postmaster has commanded this server process to roll back the current transaction and exit, because another server process exited abnormally and possibly corrupted shared memory.
2022-01-27 12:42:06.032 UTC [22361] HINT:  In a moment you should be able to reconnect to the database and repeat your command.
2022-01-27 12:42:06.040 UTC [22369] WARNING:  terminating connection because of crash of another server process
2022-01-27 12:42:06.040 UTC [22369] DETAIL:  The postmaster has commanded this server process to roll back the current transaction and exit, because another server process exited abnormally and possibly corrupted shared memory.
2022-01-27 12:42:06.040 UTC [22369] HINT:  In a moment you should be able to reconnect to the database and repeat your command.
W0127 12:42:06.043427 22423 outbound_call.cc:131] Failed to schedule invoking callback on response for request yb.tserver.TabletServerService.Read to 127.0.0.1: Aborted (yb/rpc/thread_pool.cc:260): Service is shutting down
I0127 12:42:06.043853 22385 poller.cc:66] Poll stopped: Service unavailable (yb/rpc/scheduler.cc:80): Scheduler is shutting down (system error 108)
I0127 12:42:06.044430 22395 poller.cc:66] Poll stopped: Service unavailable (yb/rpc/scheduler.cc:80): Scheduler is shutting down (system error 108)
I0127 12:42:06.038794 22376 poller.cc:66] Poll stopped: Service unavailable (yb/rpc/scheduler.cc:80): Scheduler is shutting down (system error 108)
I0127 12:42:06.046142 22403 poller.cc:66] Poll stopped: Service unavailable (yb/rpc/scheduler.cc:80): Scheduler is shutting down (system error 108)
I0127 12:42:06.045397 22393 poller.cc:66] Poll stopped: Service unavailable (yb/rpc/scheduler.cc:80): Scheduler is shutting down (system error 108)
W0127 12:42:06.052239 22423 rpc.cc:179] Aborted (yb/rpc/rpc.cc:178): Failed to schedule: 0x0000617000209518 -> Read(tablet: 00000000000000000000000000000000, num_ops: 1, num_attempts: 2, txn: 00000000-0000-0000-0000-000000000000, subtxn: [none])
I0127 12:42:06.057706 22405 poller.cc:66] Poll stopped: Service unavailable (yb/rpc/scheduler.cc:80): Scheduler is shutting down (system error 108)
I0127 12:42:06.058403 22408 poller.cc:66] Poll stopped: Service unavailable (yb/rpc/scheduler.cc:80): Scheduler is shutting down (system error 108)
I0127 12:42:06.040781 22367 poller.cc:66] Poll stopped: Service unavailable (yb/rpc/scheduler.cc:80): Scheduler is shutting down (system error 108)
=================================================================
==22369==ERROR: AddressSanitizer: heap-use-after-free on address 0x613000225f48 at pc 0x7fcda426e822 bp 0x7fff966e9280 sp 0x7fff966e9278
READ of size 8 at 0x613000225f48 thread T0
    #0 0x7fcda426e821 in boost::intrusive::list_node_traits<void*>::get_next(boost::intrusive::list_node<void*>* const&) /opt/yb-build/thirdparty/yugabyte-db-thirdparty-v20211222064215-dd4872fe56-centos7-x86_64-clang12/installed/asan/include/boost/intrusive/detail/list_node.hpp:63:17
    #1 0x7fcda426e6cd in boost::intrusive::list_iterator<boost::intrusive::bhtraits<yb::pggate::PgMemctx::Registrable, boost::intrusive::list_node_traits<void*>, (boost::intrusive::link_mode_type)1, boost::intrusive::dft_tag, 1u>, true>::operator++() /opt/yb-build/thirdparty/yugabyte-db-thirdparty-v20211222064215-dd4872fe56-centos7-x86_64-clang12/installed/asan/include/boost/intrusive/detail/list_iterator.hpp:81:20
    #2 0x7fcda426d985 in void boost::intrusive::list_impl<boost::intrusive::bhtraits<yb::pggate::PgMemctx::Registrable, boost::intrusive::list_node_traits<void*>, (boost::intrusive::link_mode_type)1, boost::intrusive::dft_tag, 1u>, unsigned long, true, void>::clear_and_dispose<std::__1::default_delete<yb::pggate::PgMemctx::Registrable> >(std::__1::default_delete<yb::pggate::PgMemctx::Registrable>) /opt/yb-build/thirdparty/yugabyte-db-thirdparty-v20211222064215-dd4872fe56-centos7-x86_64-clang12/installed/asan/include/boost/intrusive/list.hpp:751:10
    #3 0x7fcda426bded in yb::pggate::PgMemctx::Clear() /nfusr/dev-server/dfelsing/code/yugabyte-db/build/asan-clang12-dynamic-ninja/../../src/yb/yql/pggate/pg_memctx.cc:80:23
    #4 0x7fcda426bd7f in yb::pggate::PgMemctx::~PgMemctx() /nfusr/dev-server/dfelsing/code/yugabyte-db/build/asan-clang12-dynamic-ninja/../../src/yb/yql/pggate/pg_memctx.cc:29:3
    #5 0x7fcda4270db5 in std::__1::__shared_ptr_emplace<yb::pggate::PgMemctx, std::__1::allocator<yb::pggate::PgMemctx> >::__on_zero_shared() /opt/yb-build/thirdparty/yugabyte-db-thirdparty-v20211222064215-dd4872fe56-centos7-x86_64-clang12/installed/asan/libcxx/include/c++/v1/memory:2639:24
    #6 0x7fcda4123ce7 in std::__1::__shared_count::__release_shared() /opt/yb-build/thirdparty/yugabyte-db-thirdparty-v20211222064215-dd4872fe56-centos7-x86_64-clang12/installed/asan/libcxx/include/c++/v1/memory:2501:9
    #7 0x7fcda4123c7d in std::__1::__shared_weak_count::__release_shared() /opt/yb-build/thirdparty/yugabyte-db-thirdparty-v20211222064215-dd4872fe56-centos7-x86_64-clang12/installed/asan/libcxx/include/c++/v1/memory:2543:27
    #8 0x7fcda426d074 in std::__1::shared_ptr<yb::pggate::PgMemctx>::~shared_ptr() /opt/yb-build/thirdparty/yugabyte-db-thirdparty-v20211222064215-dd4872fe56-centos7-x86_64-clang12/installed/asan/libcxx/include/c++/v1/memory:3233:19
    #9 0x7fcda42704bc in std::__1::pair<yb::pggate::PgMemctx* const, std::__1::shared_ptr<yb::pggate::PgMemctx> >::~pair() /opt/yb-build/thirdparty/yugabyte-db-thirdparty-v20211222064215-dd4872fe56-centos7-x86_64-clang12/installed/asan/libcxx/include/c++/v1/utility:297:29
    #10 0x7fcda42703f8 in void std::__1::allocator_traits<std::__1::allocator<std::__1::__hash_node<std::__1::__hash_value_type<yb::pggate::PgMemctx*, std::__1::shared_ptr<yb::pggate::PgMemctx> >, void*> > >::destroy<std::__1::pair<yb::pggate::PgMemctx* const, std::__1::shared_ptr<yb::pggate::PgMemctx> >, void, void>(std::__1::allocator<std::__1::__hash_node<std::__1::__hash_value_type<yb::pggate::PgMemctx*, std::__1::shared_ptr<yb::pggate::PgMemctx> >, void*> >&, std::__1::pair<yb::pggate::PgMemctx* const, std::__1::shared_ptr<yb::pggate::PgMemctx> >*) /opt/yb-build/thirdparty/yugabyte-db-thirdparty-v20211222064215-dd4872fe56-centos7-x86_64-clang12/installed/asan/libcxx/include/c++/v1/__memory/allocator_traits.h:317:15
    #11 0x7fcda4270359 in std::__1::__hash_table<std::__1::__hash_value_type<yb::pggate::PgMemctx*, std::__1::shared_ptr<yb::pggate::PgMemctx> >, std::__1::__unordered_map_hasher<yb::pggate::PgMemctx*, std::__1::__hash_value_type<yb::pggate::PgMemctx*, std::__1::shared_ptr<yb::pggate::PgMemctx> >, std::__1::hash<yb::pggate::PgMemctx*>, std::__1::equal_to<yb::pggate::PgMemctx*>, true>, std::__1::__unordered_map_equal<yb::pggate::PgMemctx*, std::__1::__hash_value_type<yb::pggate::PgMemctx*, std::__1::shared_ptr<yb::pggate::PgMemctx> >, std::__1::equal_to<yb::pggate::PgMemctx*>, std::__1::hash<yb::pggate::PgMemctx*>, true>, std::__1::allocator<std::__1::__hash_value_type<yb::pggate::PgMemctx*, std::__1::shared_ptr<yb::pggate::PgMemctx> > > >::__deallocate_node(std::__1::__hash_node_base<std::__1::__hash_node<std::__1::__hash_value_type<yb::pggate::PgMemctx*, std::__1::shared_ptr<yb::pggate::PgMemctx> >, void*>*>*) /opt/yb-build/thirdparty/yugabyte-db-thirdparty-v20211222064215-dd4872fe56-centos7-x86_64-clang12/installed/asan/libcxx/include/c++/v1/__hash_table:1580:9
    #12 0x7fcda427780a in std::__1::__hash_table<std::__1::__hash_value_type<yb::pggate::PgMemctx*, std::__1::shared_ptr<yb::pggate::PgMemctx> >, std::__1::__unordered_map_hasher<yb::pggate::PgMemctx*, std::__1::__hash_value_type<yb::pggate::PgMemctx*, std::__1::shared_ptr<yb::pggate::PgMemctx> >, std::__1::hash<yb::pggate::PgMemctx*>, std::__1::equal_to<yb::pggate::PgMemctx*>, true>, std::__1::__unordered_map_equal<yb::pggate::PgMemctx*, std::__1::__hash_value_type<yb::pggate::PgMemctx*, std::__1::shared_ptr<yb::pggate::PgMemctx> >, std::__1::equal_to<yb::pggate::PgMemctx*>, std::__1::hash<yb::pggate::PgMemctx*>, true>, std::__1::allocator<std::__1::__hash_value_type<yb::pggate::PgMemctx*, std::__1::shared_ptr<yb::pggate::PgMemctx> > > >::clear() /opt/yb-build/thirdparty/yugabyte-db-thirdparty-v20211222064215-dd4872fe56-centos7-x86_64-clang12/installed/asan/libcxx/include/c++/v1/__hash_table:1826:9
    #13 0x7fcda426ded8 in std::__1::unordered_map<yb::pggate::PgMemctx*, std::__1::shared_ptr<yb::pggate::PgMemctx>, std::__1::hash<yb::pggate::PgMemctx*>, std::__1::equal_to<yb::pggate::PgMemctx*>, std::__1::allocator<std::__1::pair<yb::pggate::PgMemctx* const, std::__1::shared_ptr<yb::pggate::PgMemctx> > > >::clear() /opt/yb-build/thirdparty/yugabyte-db-thirdparty-v20211222064215-dd4872fe56-centos7-x86_64-clang12/installed/asan/libcxx/include/c++/v1/unordered_map:1274:42
    #14 0x7fcda426cb47 in yb::pggate::ClearGlobalPgMemctxMap() /nfusr/dev-server/dfelsing/code/yugabyte-db/build/asan-clang12-dynamic-ninja/../../src/yb/yql/pggate/pg_memctx.cc:99:28
    #15 0x7fcda4102b99 in YBCDestroyPgGate /nfusr/dev-server/dfelsing/code/yugabyte-db/build/asan-clang12-dynamic-ninja/../../src/yb/yql/pggate/ybc_pggate.cc:133:5
    #16 0x1437bca in YBOnPostgresBackendShutdown /nfusr/dev-server/dfelsing/code/yugabyte-db/src/postgres/src/backend/utils/misc/../../../../../../../src/postgres/src/backend/utils/misc/pg_yb_utils.c:513:2
    #17 0xfe7712 in quickdie /nfusr/dev-server/dfelsing/code/yugabyte-db/src/postgres/src/backend/tcop/../../../../../../src/postgres/src/backend/tcop/postgres.c:2683:3
    #18 0x7fcda2ec562f in _L_unlock_13 funlockfile.c:?
    #19 0x7fcda2ec1a32 in pthread_cond_wait@@GLIBC_2.3.2 ??:0:0
    #20 0x7fcda753c72a in std::__1::condition_variable::wait(std::__1::unique_lock<std::__1::mutex>&) ??:0:0
    #21 0x7fcda753f81e in std::__1::__assoc_sub_state::__sub_wait(std::__1::unique_lock<std::__1::mutex>&) ??:0:0
    #22 0x7fcda41ca5be in std::__1::__assoc_state<yb::client::FlushStatus>::move() /opt/yb-build/thirdparty/yugabyte-db-thirdparty-v20211222064215-dd4872fe56-centos7-x86_64-clang12/installed/asan/libcxx/include/c++/v1/future:678:11
    #23 0x7fcda41b9ea4 in std::__1::future<yb::client::FlushStatus>::get() /opt/yb-build/thirdparty/yugabyte-db-thirdparty-v20211222064215-dd4872fe56-centos7-x86_64-clang12/installed/asan/libcxx/include/c++/v1/future:1116:17
    #24 0x7fcda41a4090 in yb::pggate::PgSessionAsyncRunResult::GetStatus(yb::pggate::PgSession*) /nfusr/dev-server/dfelsing/code/yugabyte-db/build/asan-clang12-dynamic-ninja/../../src/yb/yql/pggate/pg_session.cc:322:44
    #25 0x7fcda422a3cc in yb::pggate::PgDocOp::~PgDocOp() /nfusr/dev-server/dfelsing/code/yugabyte-db/build/asan-clang12-dynamic-ninja/../../src/yb/yql/pggate/pg_doc_op.cc:154:5
    #26 0x7fcda42391b6 in yb::pggate::PgDocReadOp::~PgDocReadOp() /nfusr/dev-server/dfelsing/code/yugabyte-db/build/asan-clang12-dynamic-ninja/../../src/yb/yql/pggate/pg_doc_op.h:399:7
    #27 0x7fcda4160225 in std::__1::__shared_ptr_emplace<yb::pggate::PgDocReadOp, std::__1::allocator<yb::pggate::PgDocReadOp> >::__on_zero_shared() /opt/yb-build/thirdparty/yugabyte-db-thirdparty-v20211222064215-dd4872fe56-centos7-x86_64-clang12/installed/asan/libcxx/include/c++/v1/memory:2639:24
    #28 0x7fcda4123ce7 in std::__1::__shared_count::__release_shared() /opt/yb-build/thirdparty/yugabyte-db-thirdparty-v20211222064215-dd4872fe56-centos7-x86_64-clang12/installed/asan/libcxx/include/c++/v1/memory:2501:9
    #29 0x7fcda4123c7d in std::__1::__shared_weak_count::__release_shared() /opt/yb-build/thirdparty/yugabyte-db-thirdparty-v20211222064215-dd4872fe56-centos7-x86_64-clang12/installed/asan/libcxx/include/c++/v1/memory:2543:27
    #30 0x7fcda41608f4 in std::__1::shared_ptr<yb::pggate::PgDocOp>::~shared_ptr() /opt/yb-build/thirdparty/yugabyte-db-thirdparty-v20211222064215-dd4872fe56-centos7-x86_64-clang12/installed/asan/libcxx/include/c++/v1/memory:3233:19
    #31 0x7fcda41e6b3e in yb::pggate::PgDml::~PgDml() /nfusr/dev-server/dfelsing/code/yugabyte-db/build/asan-clang12-dynamic-ninja/../../src/yb/yql/pggate/pg_dml.cc:63:1
    #32 0x7fcda41ffad8 in yb::pggate::PgDmlRead::~PgDmlRead() /nfusr/dev-server/dfelsing/code/yugabyte-db/build/asan-clang12-dynamic-ninja/../../src/yb/yql/pggate/pg_dml_read.cc:80:1
    #33 0x7fcda4210d48 in yb::pggate::PgSelect::~PgSelect() /nfusr/dev-server/dfelsing/code/yugabyte-db/build/asan-clang12-dynamic-ninja/../../src/yb/yql/pggate/pg_select.cc:37:1
    #34 0x7fcda4210d5d in yb::pggate::PgSelect::~PgSelect() /nfusr/dev-server/dfelsing/code/yugabyte-db/build/asan-clang12-dynamic-ninja/../../src/yb/yql/pggate/pg_select.cc:36:23
    #35 0x7fcda4274b14 in std::__1::default_delete<yb::pggate::PgMemctx::Registrable>::operator()(yb::pggate::PgMemctx::Registrable*) const /opt/yb-build/thirdparty/yugabyte-db-thirdparty-v20211222064215-dd4872fe56-centos7-x86_64-clang12/installed/asan/libcxx/include/c++/v1/memory:1423:5
    #36 0x7fcda426d9b8 in void boost::intrusive::list_impl<boost::intrusive::bhtraits<yb::pggate::PgMemctx::Registrable, boost::intrusive::list_node_traits<void*>, (boost::intrusive::link_mode_type)1, boost::intrusive::dft_tag, 1u>, unsigned long, true, void>::clear_and_dispose<std::__1::default_delete<yb::pggate::PgMemctx::Registrable> >(std::__1::default_delete<yb::pggate::PgMemctx::Registrable>) /opt/yb-build/thirdparty/yugabyte-db-thirdparty-v20211222064215-dd4872fe56-centos7-x86_64-clang12/installed/asan/include/boost/intrusive/list.hpp:754:10
    #37 0x7fcda426bded in yb::pggate::PgMemctx::Clear() /nfusr/dev-server/dfelsing/code/yugabyte-db/build/asan-clang12-dynamic-ninja/../../src/yb/yql/pggate/pg_memctx.cc:80:23
    #38 0x7fcda426c492 in yb::pggate::PgMemctx::Reset(yb::pggate::PgMemctx*) /nfusr/dev-server/dfelsing/code/yugabyte-db/build/asan-clang12-dynamic-ninja/../../src/yb/yql/pggate/pg_memctx.cc:63:13
    #39 0x7fcda413af35 in yb::pggate::PgApiImpl::ResetMemctx(yb::pggate::PgMemctx*) /nfusr/dev-server/dfelsing/code/yugabyte-db/build/asan-clang12-dynamic-ninja/../../src/yb/yql/pggate/pggate.cc:336:10
    #40 0x7fcda41034fa in YBCPgResetMemctx /nfusr/dev-server/dfelsing/code/yugabyte-db/build/asan-clang12-dynamic-ninja/../../src/yb/yql/pggate/ybc_pggate.cc:169:22
    #41 0x145437f in MemoryContextResetOnly /nfusr/dev-server/dfelsing/code/yugabyte-db/src/postgres/src/backend/utils/mmgr/../../../../../../../src/postgres/src/backend/utils/mmgr/mcxt.c:206:18
    #42 0x1440fed in AllocSetDelete /nfusr/dev-server/dfelsing/code/yugabyte-db/src/postgres/src/backend/utils/mmgr/../../../../../../../src/postgres/src/backend/utils/mmgr/aset.c:652:4
    #43 0x1453fee in MemoryContextDelete /nfusr/dev-server/dfelsing/code/yugabyte-db/src/postgres/src/backend/utils/mmgr/../../../../../../../src/postgres/src/backend/utils/mmgr/mcxt.c:296:2
    #44 0x14542bc in MemoryContextDeleteChildren /nfusr/dev-server/dfelsing/code/yugabyte-db/src/postgres/src/backend/utils/mmgr/../../../../../../../src/postgres/src/backend/utils/mmgr/mcxt.c:323:3
    #45 0x145b439 in AtAbort_Portals /nfusr/dev-server/dfelsing/code/yugabyte-db/src/postgres/src/backend/utils/mmgr/../../../../../../../src/postgres/src/backend/utils/mmgr/portalmem.c:850:4
    #46 0x6e5b70 in AbortTransaction /nfusr/dev-server/dfelsing/code/yugabyte-db/src/postgres/src/backend/access/transam/../../../../../../../src/postgres/src/backend/access/transam/xact.c:2742:2
    #47 0x6e8755 in AbortCurrentTransaction /nfusr/dev-server/dfelsing/code/yugabyte-db/src/postgres/src/backend/access/transam/../../../../../../../src/postgres/src/backend/access/transam/xact.c:3303:4
    #48 0xfebdb4 in PostgresMain /nfusr/dev-server/dfelsing/code/yugabyte-db/src/postgres/src/backend/tcop/../../../../../../src/postgres/src/backend/tcop/postgres.c:4865:3
    #49 0xe38a7c in BackendRun /nfusr/dev-server/dfelsing/code/yugabyte-db/src/postgres/src/backend/postmaster/../../../../../../src/postgres/src/backend/postmaster/postmaster.c:4470:2
    #50 0xe37885 in BackendStartup /nfusr/dev-server/dfelsing/code/yugabyte-db/src/postgres/src/backend/postmaster/../../../../../../src/postgres/src/backend/postmaster/postmaster.c:4136:3
    #51 0xe35645 in ServerLoop /nfusr/dev-server/dfelsing/code/yugabyte-db/src/postgres/src/backend/postmaster/../../../../../../src/postgres/src/backend/postmaster/postmaster.c:1754:7
    #52 0xe31c4a in PostmasterMain /nfusr/dev-server/dfelsing/code/yugabyte-db/src/postgres/src/backend/postmaster/../../../../../../src/postgres/src/backend/postmaster/postmaster.c:1417:11
    #53 0xc224a9 in PostgresServerProcessMain /nfusr/dev-server/dfelsing/code/yugabyte-db/src/postgres/src/backend/main/../../../../../../src/postgres/src/backend/main/main.c:234:3
    #54 0xc22bb1 in main ??:0:0
    #55 0x7fcda2b0a554 in __libc_start_main ??:0:0
    #56 0x488738 in _start ??:0:0

0x613000225f48 is located 8 bytes inside of 368-byte region [0x613000225f40,0x6130002260b0)
freed by thread T0 here:
    #0 0x7fcda78d85ad in operator delete(void*) _asan_rtl_:3
    #1 0x7fcda4210d65 in yb::pggate::PgSelect::~PgSelect() /nfusr/dev-server/dfelsing/code/yugabyte-db/build/asan-clang12-dynamic-ninja/../../src/yb/yql/pggate/pg_select.cc:36:23
    #2 0x7fcda4274b14 in std::__1::default_delete<yb::pggate::PgMemctx::Registrable>::operator()(yb::pggate::PgMemctx::Registrable*) const /opt/yb-build/thirdparty/yugabyte-db-thirdparty-v20211222064215-dd4872fe56-centos7-x86_64-clang12/installed/asan/libcxx/include/c++/v1/memory:1423:5
    #3 0x7fcda426d9b8 in void boost::intrusive::list_impl<boost::intrusive::bhtraits<yb::pggate::PgMemctx::Registrable, boost::intrusive::list_node_traits<void*>, (boost::intrusive::link_mode_type)1, boost::intrusive::dft_tag, 1u>, unsigned long, true, void>::clear_and_dispose<std::__1::default_delete<yb::pggate::PgMemctx::Registrable> >(std::__1::default_delete<yb::pggate::PgMemctx::Registrable>) /opt/yb-build/thirdparty/yugabyte-db-thirdparty-v20211222064215-dd4872fe56-centos7-x86_64-clang12/installed/asan/include/boost/intrusive/list.hpp:754:10
    #4 0x7fcda426bded in yb::pggate::PgMemctx::Clear() /nfusr/dev-server/dfelsing/code/yugabyte-db/build/asan-clang12-dynamic-ninja/../../src/yb/yql/pggate/pg_memctx.cc:80:23
    #5 0x7fcda426c492 in yb::pggate::PgMemctx::Reset(yb::pggate::PgMemctx*) /nfusr/dev-server/dfelsing/code/yugabyte-db/build/asan-clang12-dynamic-ninja/../../src/yb/yql/pggate/pg_memctx.cc:63:13
    #6 0x7fcda413af35 in yb::pggate::PgApiImpl::ResetMemctx(yb::pggate::PgMemctx*) /nfusr/dev-server/dfelsing/code/yugabyte-db/build/asan-clang12-dynamic-ninja/../../src/yb/yql/pggate/pggate.cc:336:10
    #7 0x7fcda41034fa in YBCPgResetMemctx /nfusr/dev-server/dfelsing/code/yugabyte-db/build/asan-clang12-dynamic-ninja/../../src/yb/yql/pggate/ybc_pggate.cc:169:22
    #8 0x145437f in MemoryContextResetOnly /nfusr/dev-server/dfelsing/code/yugabyte-db/src/postgres/src/backend/utils/mmgr/../../../../../../../src/postgres/src/backend/utils/mmgr/mcxt.c:206:18
    #9 0x1440fed in AllocSetDelete /nfusr/dev-server/dfelsing/code/yugabyte-db/src/postgres/src/backend/utils/mmgr/../../../../../../../src/postgres/src/backend/utils/mmgr/aset.c:652:4
    #10 0x1453fee in MemoryContextDelete /nfusr/dev-server/dfelsing/code/yugabyte-db/src/postgres/src/backend/utils/mmgr/../../../../../../../src/postgres/src/backend/utils/mmgr/mcxt.c:296:2
    #11 0x14542bc in MemoryContextDeleteChildren /nfusr/dev-server/dfelsing/code/yugabyte-db/src/postgres/src/backend/utils/mmgr/../../../../../../../src/postgres/src/backend/utils/mmgr/mcxt.c:323:3
    #12 0x145b439 in AtAbort_Portals /nfusr/dev-server/dfelsing/code/yugabyte-db/src/postgres/src/backend/utils/mmgr/../../../../../../../src/postgres/src/backend/utils/mmgr/portalmem.c:850:4
    #13 0x6e5b70 in AbortTransaction /nfusr/dev-server/dfelsing/code/yugabyte-db/src/postgres/src/backend/access/transam/../../../../../../../src/postgres/src/backend/access/transam/xact.c:2742:2
    #14 0x6e8755 in AbortCurrentTransaction /nfusr/dev-server/dfelsing/code/yugabyte-db/src/postgres/src/backend/access/transam/../../../../../../../src/postgres/src/backend/access/transam/xact.c:3303:4
    #15 0xfebdb4 in PostgresMain /nfusr/dev-server/dfelsing/code/yugabyte-db/src/postgres/src/backend/tcop/../../../../../../src/postgres/src/backend/tcop/postgres.c:4865:3
    #16 0xe38a7c in BackendRun /nfusr/dev-server/dfelsing/code/yugabyte-db/src/postgres/src/backend/postmaster/../../../../../../src/postgres/src/backend/postmaster/postmaster.c:4470:2
    #17 0xe37885 in BackendStartup /nfusr/dev-server/dfelsing/code/yugabyte-db/src/postgres/src/backend/postmaster/../../../../../../src/postgres/src/backend/postmaster/postmaster.c:4136:3
    #18 0xe35645 in ServerLoop /nfusr/dev-server/dfelsing/code/yugabyte-db/src/postgres/src/backend/postmaster/../../../../../../src/postgres/src/backend/postmaster/postmaster.c:1754:7
    #19 0xe31c4a in PostmasterMain /nfusr/dev-server/dfelsing/code/yugabyte-db/src/postgres/src/backend/postmaster/../../../../../../src/postgres/src/backend/postmaster/postmaster.c:1417:11
    #20 0xc224a9 in PostgresServerProcessMain /nfusr/dev-server/dfelsing/code/yugabyte-db/src/postgres/src/backend/main/../../../../../../src/postgres/src/backend/main/main.c:234:3
    #21 0xc22bb1 in main ??:0:0
    #22 0x7fcda2b0a554 in __libc_start_main ??:0:0

previously allocated by thread T0 here:
    #0 0x7fcda78d7d4d in operator new(unsigned long) _asan_rtl_:3
    #1 0x7fcda4157df1 in std::__1::__unique_if<yb::pggate::PgSelect>::__unique_single std::__1::make_unique<yb::pggate::PgSelect, scoped_refptr<yb::pggate::PgSession>&, yb::PgObjectId const&, yb::PgObjectId const&, PgPrepareParameters const*&>(scoped_refptr<yb::pggate::PgSession>&, yb::PgObjectId const&, yb::PgObjectId const&, PgPrepareParameters const*&) /opt/yb-build/thirdparty/yugabyte-db-thirdparty-v20211222064215-dd4872fe56-centos7-x86_64-clang12/installed/asan/libcxx/include/c++/v1/memory:2094:28
    #2 0x7fcda41488d7 in yb::pggate::PgApiImpl::NewSelect(yb::PgObjectId const&, yb::PgObjectId const&, PgPrepareParameters const*, yb::pggate::PgStatement**) /nfusr/dev-server/dfelsing/code/yugabyte-db/build/asan-clang12-dynamic-ninja/../../src/yb/yql/pggate/pggate.cc:1228:12
    #3 0x7fcda410ca9f in YBCPgNewSelect /nfusr/dev-server/dfelsing/code/yugabyte-db/build/asan-clang12-dynamic-ninja/../../src/yb/yql/pggate/ybc_pggate.cc:757:29
    #4 0xbd01ee in ybcBeginForeignScan /nfusr/dev-server/dfelsing/code/yugabyte-db/src/postgres/src/backend/executor/../../../../../../src/postgres/src/backend/executor/ybc_fdw.c:277:17
    #5 0xbabc3f in ExecInitForeignScan /nfusr/dev-server/dfelsing/code/yugabyte-db/src/postgres/src/backend/executor/../../../../../../src/postgres/src/backend/executor/nodeForeignscan.c:0:0
    #6 0xb06a35 in ExecInitNode /nfusr/dev-server/dfelsing/code/yugabyte-db/src/postgres/src/backend/executor/../../../../../../src/postgres/src/backend/executor/execProcnode.c:278:27
    #7 0xb6ffb1 in ExecInitLimit /nfusr/dev-server/dfelsing/code/yugabyte-db/src/postgres/src/backend/executor/../../../../../../src/postgres/src/backend/executor/nodeLimit.c:386:31
    #8 0xb067ae in ExecInitNode /nfusr/dev-server/dfelsing/code/yugabyte-db/src/postgres/src/backend/executor/../../../../../../src/postgres/src/backend/executor/execProcnode.c:364:27
    #9 0xaeac6e in InitPlan /nfusr/dev-server/dfelsing/code/yugabyte-db/src/postgres/src/backend/executor/../../../../../../src/postgres/src/backend/executor/execMain.c:1040:18
    #10 0xae97cb in standard_ExecutorStart /nfusr/dev-server/dfelsing/code/yugabyte-db/src/postgres/src/backend/executor/../../../../../../src/postgres/src/backend/executor/execMain.c:265:2
    #11 0x7fcd88099241 in pgss_ExecutorStart /nfusr/dev-server/dfelsing/code/yugabyte-db/src/postgres/contrib/pg_stat_statements/../../../../../src/postgres/contrib/pg_stat_statements/pg_stat_statements.c:909:3
    #12 0x7fcd8807f86a in ybpgm_ExecutorStart /nfusr/dev-server/dfelsing/code/yugabyte-db/src/postgres/contrib/yb_pg_metrics/../../../../../src/postgres/contrib/yb_pg_metrics/yb_pg_metrics.c:470:5
    #13 0x7fcd88068651 in pgaudit_NextExecutorStart_hook /nfusr/dev-server/dfelsing/code/yugabyte-db/src/postgres/contrib/pgaudit/../../../../../src/postgres/contrib/pgaudit/pgaudit.c:1117:5
    #14 0x7fcd88067043 in pgaudit_ExecutorStart_hook /nfusr/dev-server/dfelsing/code/yugabyte-db/src/postgres/contrib/pgaudit/../../../../../src/postgres/contrib/pgaudit/pgaudit.c:1134:5
    #15 0xae9324 in ExecutorStart /nfusr/dev-server/dfelsing/code/yugabyte-db/src/postgres/src/backend/executor/../../../../../../src/postgres/src/backend/executor/execMain.c:146:3
    #16 0xff95f4 in PortalStart /nfusr/dev-server/dfelsing/code/yugabyte-db/src/postgres/src/backend/tcop/../../../../../../src/postgres/src/backend/tcop/pquery.c:531:5
    #17 0xff5495 in exec_simple_query /nfusr/dev-server/dfelsing/code/yugabyte-db/src/postgres/src/backend/tcop/../../../../../../src/postgres/src/backend/tcop/postgres.c:1122:3
    #18 0xff31e8 in yb_exec_simple_query_impl /nfusr/dev-server/dfelsing/code/yugabyte-db/src/postgres/src/backend/tcop/../../../../../../src/postgres/src/backend/tcop/postgres.c:4464:2
    #19 0xff30a2 in yb_exec_query_wrapper /nfusr/dev-server/dfelsing/code/yugabyte-db/src/postgres/src/backend/tcop/../../../../../../src/postgres/src/backend/tcop/postgres.c:4445:4
    #20 0xfed2a1 in yb_exec_simple_query /nfusr/dev-server/dfelsing/code/yugabyte-db/src/postgres/src/backend/tcop/../../../../../../src/postgres/src/backend/tcop/postgres.c:4479:2
    #21 0xfeb552 in PostgresMain /nfusr/dev-server/dfelsing/code/yugabyte-db/src/postgres/src/backend/tcop/../../../../../../src/postgres/src/backend/tcop/postgres.c:5087:23
    #22 0xe38a7c in BackendRun /nfusr/dev-server/dfelsing/code/yugabyte-db/src/postgres/src/backend/postmaster/../../../../../../src/postgres/src/backend/postmaster/postmaster.c:4470:2
    #23 0xe37885 in BackendStartup /nfusr/dev-server/dfelsing/code/yugabyte-db/src/postgres/src/backend/postmaster/../../../../../../src/postgres/src/backend/postmaster/postmaster.c:4136:3
    #24 0xe35645 in ServerLoop /nfusr/dev-server/dfelsing/code/yugabyte-db/src/postgres/src/backend/postmaster/../../../../../../src/postgres/src/backend/postmaster/postmaster.c:1754:7
    #25 0xe31c4a in PostmasterMain /nfusr/dev-server/dfelsing/code/yugabyte-db/src/postgres/src/backend/postmaster/../../../../../../src/postgres/src/backend/postmaster/postmaster.c:1417:11
    #26 0xc224a9 in PostgresServerProcessMain /nfusr/dev-server/dfelsing/code/yugabyte-db/src/postgres/src/backend/main/../../../../../../src/postgres/src/backend/main/main.c:234:3
    #27 0xc22bb1 in main ??:0:0
    #28 0x7fcda2b0a554 in __libc_start_main ??:0:0

SUMMARY: AddressSanitizer: heap-use-after-free (/nfusr/dev-server/dfelsing/code/yugabyte-db/build/asan-clang12-dynamic-ninja/lib/libyb_pggate.so+0x51b821)
Shadow bytes around the buggy address:
  0x0c268003cb90: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c268003cba0: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
  0x0c268003cbb0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c268003cbc0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c268003cbd0: fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa
=>0x0c268003cbe0: fa fa fa fa fa fa fa fa fd[fd]fd fd fd fd fd fd
  0x0c268003cbf0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c268003cc00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c268003cc10: fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa fa
  0x0c268003cc20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c268003cc30: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==22369==ABORTING

I believe this might be the root cause of #11251 and #11250
@def- def- added kind/bug This issue is a bug area/ysql Yugabyte SQL (YSQL) labels Jan 27, 2022
This was referenced Jan 27, 2022
Open
Open
@def- def- changed the title [YSQL] AddressSanitizer: heap-use-after-free in yb::pggate::PgMemctx::Clear() [YSQL][SQLsmith] AddressSanitizer: heap-use-after-free in yb::pggate::PgMemctx::Clear() Feb 3, 2022
@yugabyte-ci yugabyte-ci added the priority/medium Medium priority issue label Jun 8, 2022
@kripasreenivasan kripasreenivasan added the qa_automation Bugs identified via itest-system, LST, Stress automation or causing automation failures label Sep 13, 2022
@yugabyte-ci yugabyte-ci added the kind/failing-test Tests and testing infra label Oct 12, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@m-iancu m-iancu

Labels
area/ysql Yugabyte SQL (YSQL) kind/bug This issue is a bug kind/failing-test Tests and testing infra priority/medium Medium priority issue qa_automation Bugs identified via itest-system, LST, Stress automation or causing automation failures
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@def- @m-iancu @yugabyte-ci @kripasreenivasan