Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-16781

InnoDB: AddressSanitizer: use-after-poison during DDL

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Duplicate
    • 10.2.17, 10.3.9, 10.4.0
    • 10.2.18, 10.3.10
    • Storage Engine - InnoDB
    • None
    • Linux Ubuntu 17.10 but most probably unimportant

    Description

      Version: '10.4.0-MariaDB-debug-log' 
      =================================================================
      		 
      ==19602==ERROR: AddressSanitizer: use-after-poison on address 0x7f154d0fd8a8 at pc 0x559823f00927 bp 0x7f15391e1b10 sp 0x7f15391e1b00
      		 
      READ of size 4 at 0x7f154d0fd8a8 thread T20
      		 
      ==19602==AddressSanitizer: while reporting a bug found another one. Ignoring.
      		 
          #0 0x559823f00926 in ReadView::get_state() const /git/10.4/storage/innobase/include/read0types.h:152
      		 
          #1 0x559823fc462a in trx_sys_t::clone_oldest_view() /git/10.4/storage/innobase/read/read0read.cc:289
      		 
          #2 0x55982418f0b2 in trx_purge(unsigned long, bool) /git/10.4/storage/innobase/trx/trx0purge.cc:1549
      		 
          #3 0x55982413b43c in srv_do_purge /git/10.4/storage/innobase/srv/srv0srv.cc:2582
      		 
          #4 0x55982413bc16 in srv_purge_coordinator_thread /git/10.4/storage/innobase/srv/srv0srv.cc:2713
      		 
          #5 0x7f1559e776b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
      		 
          #6 0x7f155930c41c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x10741c)
      		 
       
      		 
      0x7f154d0fd8a8 is located 8360 bytes inside of 4194304-byte region [0x7f154d0fb800,0x7f154d4fb800)
      		 
      allocated by thread T0 here:
      		 
          #0 0x7f155b27b79a in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x9879a)
      		 
          #1 0x5598241db488 in Pool<trx_t, TrxFactory, TrxPoolLock>::Pool(unsigned long) /git/10.4/storage/innobase/include/ut0pool.h:65
      		 
          #2 0x5598241da300 in PoolManager<Pool<trx_t, TrxFactory, TrxPoolLock>, TrxPoolManagerLock>::add_pool(unsigned long) /git/10.4/storage/innobase/include/ut0pool.h:320
      		 
          #3 0x5598241d9c62 in PoolManager<Pool<trx_t, TrxFactory, TrxPoolLock>, TrxPoolManagerLock>::create() /git/10.4/storage/innobase/include/ut0pool.h:348
      		 
          #4 0x5598241d8fc4 in PoolManager<Pool<trx_t, TrxFactory, TrxPoolLock>, TrxPoolManagerLock>::PoolManager(unsigned long) /git/10.4/storage/innobase/include/ut0pool.h:232
      		 
          #5 0x5598241c8ad2 in trx_pool_init() /git/10.4/storage/innobase/trx/trx0trx.cc:375
      		 
          #6 0x559824136076 in srv_boot() /git/10.4/storage/innobase/srv/srv0srv.cc:1125
      		 
          #7 0x559824146864 in srv_start(bool) /git/10.4/storage/innobase/srv/srv0start.cc:1532
      		 
          #8 0x559823dc59c2 in innodb_init /git/10.4/storage/innobase/handler/ha_innodb.cc:4269
      		 
          #9 0x5598235ad09d in ha_initialize_handlerton(st_plugin_int*) /git/10.4/sql/handler.cc:522
      		 
          #10 0x559822f1b407 in plugin_initialize /git/10.4/sql/sql_plugin.cc:1432
      		 
          #11 0x559822f1cc74 in plugin_init(int*, char**, int) /git/10.4/sql/sql_plugin.cc:1714
      		 
          #12 0x559822c6419f in init_server_components /git/10.4/sql/mysqld.cc:5390
      		 
          #13 0x559822c660c8 in mysqld_main(int, char**) /git/10.4/sql/mysqld.cc:5997
      		 
          #14 0x559822c5080f in main /git/10.4/sql/main.cc:25
      		 
          #15 0x7f155922582f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
      		 
       
      		 
      Thread T20 created by T0 here:
      		 
          #0 0x7f155b219253 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x36253)
      		 
          #1 0x559823f6f251 in os_thread_create_func(void* (*)(void*), void*, unsigned long*) /git/10.4/storage/innobase/os/os0thread.cc:137
      		 
          #2 0x55982414a930 in srv_start(bool) /git/10.4/storage/innobase/srv/srv0start.cc:2449
      		 
          #3 0x559823dc59c2 in innodb_init /git/10.4/storage/innobase/handler/ha_innodb.cc:4269
      		 
          #4 0x5598235ad09d in ha_initialize_handlerton(st_plugin_int*) /git/10.4/sql/handler.cc:522
      		 
          #5 0x559822f1b407 in plugin_initialize /git/10.4/sql/sql_plugin.cc:1432
      		 
          #6 0x559822f1cc74 in plugin_init(int*, char**, int) /git/10.4/sql/sql_plugin.cc:1714
      		 
          #7 0x559822c6419f in init_server_components /git/10.4/sql/mysqld.cc:5390
      		 
          #8 0x559822c660c8 in mysqld_main(int, char**) /git/10.4/sql/mysqld.cc:5997
      		 
          #9 0x559822c5080f in main /git/10.4/sql/main.cc:25
      		 
          #10 0x7f155922582f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
      		 
       
      		 
      SUMMARY: AddressSanitizer: use-after-poison /git/10.4/storage/innobase/include/read0types.h:152 ReadView::get_state() const
      		 
      Shadow bytes around the buggy address:
      		 
        0x0fe329a17ac0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      		 
        0x0fe329a17ad0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      		 
        0x0fe329a17ae0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      		 
        0x0fe329a17af0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      		 
        0x0fe329a17b00: 00 00 00 f7 00 00 00 00 00 00 00 00 00 00 00 00
      		 
      =>0x0fe329a17b10: 00 00 f7 f7 f7[f7]f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
      		 
        0x0fe329a17b20: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
      		 
        0x0fe329a17b30: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
      		 
        0x0fe329a17b40: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
      		 
        0x0fe329a17b50: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
      		 
        0x0fe329a17b60: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
      		 
      Shadow byte legend (one shadow byte represents 8 application bytes):
      		 
        Addressable:           00
      		 
        Partially addressable: 01 02 03 04 05 06 07 
        Heap left redzone:       fa
      		 
        Heap right redzone:      fb
      		 
        Freed heap region:       fd
      		 
        Stack left redzone:      f1
      		 
        Stack mid redzone:       f2
      		 
        Stack right redzone:     f3
      		 
        Stack partial redzone:   f4
      		 
        Stack after return:      f5
      		 
        Stack use after scope:   f8
      		 
        Global redzone:          f9
      		 
        Global init order:       f6
      		 
        Poisoned by user:        f7
      		 
        Container overflow:      fc
      		 
        Array cookie:            ac
      		 
        Intra object redzone:    bb
      		 
        ASan internal:           fe
      		 
      ==19602==ABORTING

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-16063 [Draft] ASAN use-after-poison in row_sel / row_sel_step / que_thr_step

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-16136 Various ASAN failures when testing 10.2/10.3

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-16780 [draft] AddressSanitizer: use-after-poison

          • Major - Major loss of function.
          • Open

          Activity

            People

              marko Marko Mäkelä
              alice Alice Sherepa
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.