Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Duplicate
-
10.3(EOL)
-
None
Description
10.3 ASAN cb16bc95ff9a7b |
=================================================================
|
==5740==ERROR: AddressSanitizer: use-after-poison on address 0x7f151454e9c8 at pc 0x562f4e8d8194 bp 0x7f14f45c5fc0 sp 0x7f14f45c5fb8
|
READ of size 8 at 0x7f151454e9c8 thread T34
|
#0 0x562f4e8d8193 in row_sel /data/src/10.3/storage/innobase/row/row0sel.cc:1798
|
#1 0x562f4e8da065 in row_sel_step(que_thr_t*) /data/src/10.3/storage/innobase/row/row0sel.cc:2328
|
#2 0x562f4e7cf78f in que_thr_step /data/src/10.3/storage/innobase/que/que0que.cc:1022
|
#3 0x562f4e7cfe2a in que_run_threads_low /data/src/10.3/storage/innobase/que/que0que.cc:1108
|
#4 0x562f4e7d0181 in que_run_threads(que_thr_t*) /data/src/10.3/storage/innobase/que/que0que.cc:1148
|
#5 0x562f4e7d074c in que_eval_sql(pars_info_t*, char const*, unsigned long, trx_t*) /data/src/10.3/storage/innobase/que/que0que.cc:1225
|
#6 0x562f4eb91734 in dict_stats_exec_sql /data/src/10.3/storage/innobase/dict/dict0stats.cc:312
|
#7 0x562f4eb9e67a in dict_stats_delete_from_table_stats /data/src/10.3/storage/innobase/dict/dict0stats.cc:3493
|
#8 0x562f4eb9ead9 in dict_stats_drop_table(char const*, char*, unsigned long) /data/src/10.3/storage/innobase/dict/dict0stats.cc:3571
|
#9 0x562f4e87cdae in row_drop_table_for_mysql(char const*, trx_t*, bool, unsigned long, bool) /data/src/10.3/storage/innobase/row/row0mysql.cc:3563
|
#10 0x562f4e85b40d in row_merge_drop_table(trx_t*, dict_table_t*) /data/src/10.3/storage/innobase/row/row0merge.cc:4519
|
#11 0x562f4eb38f71 in dict_table_close_and_drop(trx_t*, dict_table_t*) /data/src/10.3/storage/innobase/dict/dict0dict.cc:566
|
#12 0x562f4e681f47 in rollback_inplace_alter_table(Alter_inplace_info*, TABLE const*, row_prebuilt_t*) (/data/bld/10.3-asan/bin/mysqld+0x1d8cf47)
|
#13 0x562f4e67600c in ha_innobase::commit_inplace_alter_table(TABLE*, Alter_inplace_info*, bool) /data/src/10.3/storage/innobase/handler/handler0alter.cc:9107
|
#14 0x562f4de3b5a5 in handler::ha_commit_inplace_alter_table(TABLE*, Alter_inplace_info*, bool) /data/src/10.3/sql/handler.cc:4406
|
#15 0x562f4d9533fc in mysql_inplace_alter_table /data/src/10.3/sql/sql_table.cc:7626
|
#16 0x562f4d95fe7f in mysql_alter_table(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, HA_CREATE_INFO*, TABLE_LIST*, Alter_info*, unsigned int, st_order*, bool) /data/src/10.3/sql/sql_table.cc:9670
|
#17 0x562f4daa4e4f in Sql_cmd_alter_table::execute(THD*) /data/src/10.3/sql/sql_alter.cc:334
|
#18 0x562f4d74b957 in mysql_execute_command(THD*) /data/src/10.3/sql/sql_parse.cc:6282
|
#19 0x562f4d755ec6 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.3/sql/sql_parse.cc:8001
|
#20 0x562f4d73076c in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.3/sql/sql_parse.cc:1846
|
#21 0x562f4d72d803 in do_command(THD*) /data/src/10.3/sql/sql_parse.cc:1391
|
#22 0x562f4da96590 in do_handle_one_connection(CONNECT*) /data/src/10.3/sql/sql_connect.cc:1402
|
#23 0x562f4da95fa5 in handle_one_connection /data/src/10.3/sql/sql_connect.cc:1308
|
#24 0x7f152a766493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
|
#25 0x7f1528b4c93e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e)
|
 |
0x7f151454e9c8 is located 531042696 bytes to the rightASAN:SIGSEGV
|
==5740==AddressSanitizer: while reporting a bug found another one.Ignoring.
|
Unfortunately this is the end of the report.
Similar problem on one of previous builds:
==26413==ERROR: AddressSanitizer: use-after-poison on address 0x7fbb7597bdd0 at pc 0x5559f417c27c bp 0x7fbb5588fc80 sp 0x7fbb5588fc78
|
READ of size 4 at 0x7fbb7597bdd0 thread T37
|
#0 0x5559f417c27b in que_thr_step /data/src/10.3/storage/innobase/que/que0que.cc:1070
|
#1 0x5559f417c516 in que_run_threads_low /data/src/10.3/storage/innobase/que/que0que.cc:1108
|
#2 0x5559f417c86d in que_run_threads(que_thr_t*) /data/src/10.3/storage/innobase/que/que0que.cc:1148
|
#3 0x5559f417ce38 in que_eval_sql(pars_info_t*, char const*, unsigned long, trx_t*) /data/src/10.3/storage/innobase/que/que0que.cc:1225
|
#4 0x5559f4541233 in dict_stats_exec_sql /data/src/10.3/storage/innobase/dict/dict0stats.cc:312
|
#5 0x5559f454e20e in dict_stats_delete_from_table_stats /data/src/10.3/storage/innobase/dict/dict0stats.cc:3494
|
#6 0x5559f454e66d in dict_stats_drop_table(char const*, char*, unsigned long) /data/src/10.3/storage/innobase/dict/dict0stats.cc:3572
|
#7 0x5559f42299ed in row_drop_table_for_mysql(char const*, trx_t*, bool, unsigned long, bool) /data/src/10.3/storage/innobase/row/row0mysql.cc:3563
|
#8 0x5559f3fa98d1 in ha_innobase::delete_table(char const*) /data/src/10.3/storage/innobase/handler/ha_innodb.cc:12952
|
#9 0x5559f37e5c70 in handler::ha_delete_table(char const*) /data/src/10.3/sql/handler.cc:4510
|
#10 0x5559f37d5d67 in ha_delete_table(THD*, handlerton*, char const*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, bool) /data/src/10.3/sql/handler.cc:2528
|
#11 0x5559f32dbf3d in mysql_rm_table_no_locks(THD*, TABLE_LIST*, bool, bool, bool, bool, bool, bool) /data/src/10.3/sql/sql_table.cc:2513
|
#12 0x5559f32da296 in mysql_rm_table(THD*, TABLE_LIST*, bool, bool, bool) /data/src/10.3/sql/sql_table.cc:2127
|
#13 0x5559f30ebe32 in mysql_execute_command(THD*) /data/src/10.3/sql/sql_parse.cc:5050
|
#14 0x5559f30fe702 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.3/sql/sql_parse.cc:8001
|
#15 0x5559f30d8fa8 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.3/sql/sql_parse.cc:1846
|
#16 0x5559f30d603f in do_command(THD*) /data/src/10.3/sql/sql_parse.cc:1391
|
#17 0x5559f343f10c in do_handle_one_connection(CONNECT*) /data/src/10.3/sql/sql_connect.cc:1402
|
#18 0x5559f343eb21 in handle_one_connection /data/src/10.3/sql/sql_connect.cc:1308
|
#19 0x7fbb8bb93493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
|
#20 0x7fbb89f7993e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e)
|
Both tests were run as
experimental 745dc5101b2c4e98 |
ASAN_OPTIONS=abort_on_error=1 perl ./runall-trials.pl --trials=10 --duration=350 --threads=6 --seed=1524795148 --validators=TransformerNoComparator --transformers=ConvertSubqueriesToViews,ConvertTablesToDerived,Count,DisableOptimizations,Distinct,EnableOptimizations,ExecuteAsCTE,ExecuteAsDeleteReturning,ExecuteAsDerived,ExecuteAsExcept,ExecuteAsExecuteImmediate,ExecuteAsInsertSelect,ExecuteAsIntersect,ExecuteAsSelectItem,ExecuteAsUnion,ExecuteAsUpdateDelete,ExecuteAsView,ExecuteAsWhereSubquery,Having,InlineSubqueries,LimitRowsExamined,OrderBy,StraightJoin,ExecuteAsPreparedTwice,ExecuteAsTrigger,ExecuteAsSPTwice,ExecuteAsFunctionTwice --mysqld=--log_output=FILE --mysqld=--max-statement-time=2 --mysqld=--lock-wait-timeout=5 --mysqld=--innodb-lock-wait-timeout=3 --mysqld=--loose-debug_assert_on_not_freed_memory=0 --views --basedir=/data/bld/10.3-asan --grammar=conf/runtime/alter_online.yy --gendata=conf/runtime/alter_online.zz --engine=InnoDB --vardir=/dev/shm/vardir2
|
It takes multiple trials to reproduce.
Attachments
Issue Links
- blocks
-
MDEV-16136 Various ASAN failures when testing 10.2/10.3
- Closed
- relates to
-
MDEV-16119 InnoDB lock->index refers to a freed object after failed ADD INDEX
- Closed
-
MDEV-16781 InnoDB: AddressSanitizer: use-after-poison during DDL
- Closed