Details
-
Bug
-
Status: Open (View Workflow)
-
Minor
-
Resolution: Unresolved
-
5.5(EOL)
-
None
Description
|
5.5 ASAN 1b797e9e630 |
==25754==ERROR: AddressSanitizer: use-after-poison on address 0x7fc179540018 at pc 0x143577d bp 0x7fc163985e60 sp 0x7fc163985e58
|
READ of size 1 at 0x7fc179540018 thread T24
|
#0 0x143577c in mach_read_from_2 /data/src/5.5/storage/xtradb/include/mach0data.ic:83
|
#1 0x143577c in fil_page_get_type /data/src/5.5/storage/xtradb/fil/fil0fil.c:6052
|
#2 0x11e7244 in i_s_innodb_buffer_pool_pages_fill /data/src/5.5/storage/xtradb/handler/i_s.cc:6500
|
#3 0x7ff04d in get_schema_tables_result(JOIN*, enum_schema_table_state) /data/src/5.5/sql/sql_show.cc:7799
|
#4 0x7aac03 in JOIN::exec() /data/src/5.5/sql/sql_select.cc:2396
|
#5 0x79df4e in mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/5.5/sql/sql_select.cc:3133
|
#6 0x79e5fa in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/5.5/sql/sql_select.cc:323
|
#7 0x690978 in execute_sqlcom_select /data/src/5.5/sql/sql_parse.cc:4678
|
#8 0x6a7721 in mysql_execute_command(THD*) /data/src/5.5/sql/sql_parse.cc:2224
|
#9 0x6bb297 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /data/src/5.5/sql/sql_parse.cc:5923
|
#10 0x6bee12 in dispatch_command(enum_server_command, THD*, char*, unsigned int) /data/src/5.5/sql/sql_parse.cc:1066
|
#11 0x6c305a in do_command(THD*) /data/src/5.5/sql/sql_parse.cc:793
|
#12 0x91c634 in do_handle_one_connection(THD*) /data/src/5.5/sql/sql_connect.cc:1268
|
#13 0x91c8a5 in handle_one_connection /data/src/5.5/sql/sql_connect.cc:1184
|
#14 0x7fc18edbf493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
|
#15 0x7fc18d7d593e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e)
|
|
|
AddressSanitizer can not describe address in more detail (wild memory access suspected).
|
SUMMARY: AddressSanitizer: use-after-poison /data/src/5.5/storage/xtradb/include/mach0data.ic:83 mach_read_from_2
|
Shadow bytes around the buggy address:
|
0x0ff8af29ffb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0ff8af29ffc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0ff8af29ffd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0ff8af29ffe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0ff8af29fff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
=>0x0ff8af2a0000: f7 f7 f7[f7]f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x0ff8af2a0010: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x0ff8af2a0020: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x0ff8af2a0030: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x0ff8af2a0040: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x0ff8af2a0050: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
Addressable: 00
|
Partially addressable: 01 02 03 04 05 06 07
|
Heap left redzone: fa
|
Heap right redzone: fb
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack partial redzone: f4
|
Stack after return: f5
|
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
Contiguous container OOB:fc
|
ASan internal: fe
|
Thread T24 created by T0 here:
|
#0 0x7fc18eff8bba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)
|
#1 0x50ac2b in inline_mysql_thread_create /data/src/5.5/include/mysql/psi/mysql_thread.h:1063
|
#2 0x50ac2b in create_thread_to_handle_connection(THD*) /data/src/5.5/sql/mysqld.cc:5404
|
|
|
==25754==ABORTING
|
To reproduce, run the following in MTR (doesn't happen reliably for me without MTR):
# Run with --mysqld=--innodb-buffer-pool-pages --mysqld=--innodb |
SELECT COUNT(*) FROM INFORMATION_SCHEMA.INNODB_BUFFER_POOL_PAGES; |
Note: It only affects 5.5, and we don't fix non-security 5.5 bugs anymore, so please feel free to close as "won't fix".