Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Duplicate
-
10.2.17, 10.3.9, 10.4.0
-
None
-
Linux Ubuntu 17.10 but most probably unimportant
Description
Version: '10.4.0-MariaDB-debug-log'
|
=================================================================
|
==19602==ERROR: AddressSanitizer: use-after-poison on address 0x7f154d0fd8a8 at pc 0x559823f00927 bp 0x7f15391e1b10 sp 0x7f15391e1b00
|
READ of size 4 at 0x7f154d0fd8a8 thread T20
|
==19602==AddressSanitizer: while reporting a bug found another one. Ignoring.
|
#0 0x559823f00926 in ReadView::get_state() const /git/10.4/storage/innobase/include/read0types.h:152
|
#1 0x559823fc462a in trx_sys_t::clone_oldest_view() /git/10.4/storage/innobase/read/read0read.cc:289
|
#2 0x55982418f0b2 in trx_purge(unsigned long, bool) /git/10.4/storage/innobase/trx/trx0purge.cc:1549
|
#3 0x55982413b43c in srv_do_purge /git/10.4/storage/innobase/srv/srv0srv.cc:2582
|
#4 0x55982413bc16 in srv_purge_coordinator_thread /git/10.4/storage/innobase/srv/srv0srv.cc:2713
|
#5 0x7f1559e776b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
|
#6 0x7f155930c41c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x10741c)
|
|
0x7f154d0fd8a8 is located 8360 bytes inside of 4194304-byte region [0x7f154d0fb800,0x7f154d4fb800)
|
allocated by thread T0 here:
|
#0 0x7f155b27b79a in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x9879a)
|
#1 0x5598241db488 in Pool<trx_t, TrxFactory, TrxPoolLock>::Pool(unsigned long) /git/10.4/storage/innobase/include/ut0pool.h:65
|
#2 0x5598241da300 in PoolManager<Pool<trx_t, TrxFactory, TrxPoolLock>, TrxPoolManagerLock>::add_pool(unsigned long) /git/10.4/storage/innobase/include/ut0pool.h:320
|
#3 0x5598241d9c62 in PoolManager<Pool<trx_t, TrxFactory, TrxPoolLock>, TrxPoolManagerLock>::create() /git/10.4/storage/innobase/include/ut0pool.h:348
|
#4 0x5598241d8fc4 in PoolManager<Pool<trx_t, TrxFactory, TrxPoolLock>, TrxPoolManagerLock>::PoolManager(unsigned long) /git/10.4/storage/innobase/include/ut0pool.h:232
|
#5 0x5598241c8ad2 in trx_pool_init() /git/10.4/storage/innobase/trx/trx0trx.cc:375
|
#6 0x559824136076 in srv_boot() /git/10.4/storage/innobase/srv/srv0srv.cc:1125
|
#7 0x559824146864 in srv_start(bool) /git/10.4/storage/innobase/srv/srv0start.cc:1532
|
#8 0x559823dc59c2 in innodb_init /git/10.4/storage/innobase/handler/ha_innodb.cc:4269
|
#9 0x5598235ad09d in ha_initialize_handlerton(st_plugin_int*) /git/10.4/sql/handler.cc:522
|
#10 0x559822f1b407 in plugin_initialize /git/10.4/sql/sql_plugin.cc:1432
|
#11 0x559822f1cc74 in plugin_init(int*, char**, int) /git/10.4/sql/sql_plugin.cc:1714
|
#12 0x559822c6419f in init_server_components /git/10.4/sql/mysqld.cc:5390
|
#13 0x559822c660c8 in mysqld_main(int, char**) /git/10.4/sql/mysqld.cc:5997
|
#14 0x559822c5080f in main /git/10.4/sql/main.cc:25
|
#15 0x7f155922582f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
|
|
Thread T20 created by T0 here:
|
#0 0x7f155b219253 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x36253)
|
#1 0x559823f6f251 in os_thread_create_func(void* (*)(void*), void*, unsigned long*) /git/10.4/storage/innobase/os/os0thread.cc:137
|
#2 0x55982414a930 in srv_start(bool) /git/10.4/storage/innobase/srv/srv0start.cc:2449
|
#3 0x559823dc59c2 in innodb_init /git/10.4/storage/innobase/handler/ha_innodb.cc:4269
|
#4 0x5598235ad09d in ha_initialize_handlerton(st_plugin_int*) /git/10.4/sql/handler.cc:522
|
#5 0x559822f1b407 in plugin_initialize /git/10.4/sql/sql_plugin.cc:1432
|
#6 0x559822f1cc74 in plugin_init(int*, char**, int) /git/10.4/sql/sql_plugin.cc:1714
|
#7 0x559822c6419f in init_server_components /git/10.4/sql/mysqld.cc:5390
|
#8 0x559822c660c8 in mysqld_main(int, char**) /git/10.4/sql/mysqld.cc:5997
|
#9 0x559822c5080f in main /git/10.4/sql/main.cc:25
|
#10 0x7f155922582f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
|
|
SUMMARY: AddressSanitizer: use-after-poison /git/10.4/storage/innobase/include/read0types.h:152 ReadView::get_state() const
|
Shadow bytes around the buggy address:
|
0x0fe329a17ac0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0fe329a17ad0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0fe329a17ae0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0fe329a17af0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0fe329a17b00: 00 00 00 f7 00 00 00 00 00 00 00 00 00 00 00 00
|
=>0x0fe329a17b10: 00 00 f7 f7 f7[f7]f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x0fe329a17b20: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x0fe329a17b30: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x0fe329a17b40: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x0fe329a17b50: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x0fe329a17b60: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
Addressable: 00
|
Partially addressable: 01 02 03 04 05 06 07
|
Heap left redzone: fa
|
Heap right redzone: fb
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack partial redzone: f4
|
Stack after return: f5
|
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
Container overflow: fc
|
Array cookie: ac
|
Intra object redzone: bb
|
ASan internal: fe
|
==19602==ABORTING
|
|
Attachments
Issue Links
- relates to
-
MDEV-16063 [Draft] ASAN use-after-poison in row_sel / row_sel_step / que_thr_step
- Closed
-
MDEV-16136 Various ASAN failures when testing 10.2/10.3
- Closed
-
MDEV-16780 [draft] AddressSanitizer: use-after-poison
- Open