Crash after the second attempt to install Tokudb

 10.2 ab1ce2204e959bea596817494e932754ab5cbe88

Server version: 10.2.19-MariaDB-debug Source distribution

MariaDB [(none)]> install plugin tokudb soname 'ha_tokudb.so';

ERROR 1123 (HY000): Can't initialize function 'tokudb'; Plugin initialization function failed.

MariaDB [(none)]> install plugin tokudb soname 'ha_tokudb.so';

ERROR 2013 (HY000): Lost connection to MySQL server during query

2018-10-25  9:36:38 139873428657920 [ERROR] TokuDB is not initialized because jemalloc is not loaded

2018-10-25  9:36:38 139873428657920 [ERROR] Plugin 'TokuDB' init function returned error.

2018-10-25  9:36:38 139873428657920 [ERROR] Plugin 'TokuDB' registration as a STORAGE ENGINE failed.

=================================================================

==5277==ERROR: AddressSanitizer: heap-use-after-free on address 0x621000099918 at pc 0x7f3702e6c20b bp 0x7f36d2070b60 sp 0x7f36d2070308

READ of size 53 at 0x621000099918 thread T31

    #0 0x7f3702e6c20a in __interceptor_strlen (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x7020a)

    #1 0x5631f68a933f in strdup_root /10.2/src/mysys/my_alloc.c:442

    #2 0x5631f5365505 in test_plugin_options /10.2/src/sql/sql_plugin.cc:4136

    #3 0x5631f5352623 in plugin_initialize /10.2/src/sql/sql_plugin.cc:1403

    #4 0x5631f53562ef in finalize_install /10.2/src/sql/sql_plugin.cc:2080

    #5 0x5631f5357133 in mysql_install_plugin(THD*, st_mysql_lex_string const*, st_mysql_lex_string const*) /10.2/src/sql/sql_plugin.cc:2178

    #6 0x5631f532c7ca in mysql_execute_command(THD*) /10.2/src/sql/sql_parse.cc:6135

    #7 0x5631f53378d6 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /10.2/src/sql/sql_parse.cc:8011

    #8 0x5631f5312e25 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /10.2/src/sql/sql_parse.cc:1824

    #9 0x5631f530ffd9 in do_command(THD*) /10.2/src/sql/sql_parse.cc:1378

    #10 0x5631f5635235 in do_handle_one_connection(CONNECT*) /10.2/src/sql/sql_connect.cc:1335

    #11 0x5631f5634c3d in handle_one_connection /10.2/src/sql/sql_connect.cc:1241

    #12 0x7f3701a906b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)

    #13 0x7f3700f2541c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x10741c)

0x62100009994c is located 0 bytes to the right of 4172-byte region [0x621000098900,0x62100009994c)

freed by thread T31 here:

    #0 0x7f3702e942ca in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x982ca)

    #1 0x5631f68f670a in free_memory /10.2/src/mysys/safemalloc.c:279

    #2 0x5631f68f5d94 in sf_free /10.2/src/mysys/safemalloc.c:197

    #3 0x5631f68c688d in my_free /10.2/src/mysys/my_malloc.c:217

    #4 0x5631f68a8cae in free_root /10.2/src/mysys/my_alloc.c:399

    #5 0x5631f535162f in plugin_del /10.2/src/sql/sql_plugin.cc:1254

    #6 0x5631f5351a9e in reap_plugins /10.2/src/sql/sql_plugin.cc:1300

    #7 0x5631f5357274 in mysql_install_plugin(THD*, st_mysql_lex_string const*, st_mysql_lex_string const*) /10.2/src/sql/sql_plugin.cc:2193

    #8 0x5631f532c7ca in mysql_execute_command(THD*) /10.2/src/sql/sql_parse.cc:6135

    #9 0x5631f53378d6 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /10.2/src/sql/sql_parse.cc:8011

    #10 0x5631f5312e25 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /10.2/src/sql/sql_parse.cc:1824

    #11 0x5631f530ffd9 in do_command(THD*) /10.2/src/sql/sql_parse.cc:1378

    #12 0x5631f5635235 in do_handle_one_connection(CONNECT*) /10.2/src/sql/sql_connect.cc:1335

    #13 0x5631f5634c3d in handle_one_connection /10.2/src/sql/sql_connect.cc:1241

    #14 0x7f3701a906b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)

previously allocated by thread T31 here:

    #0 0x7f3702e94602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)

    #1 0x5631f68f5765 in sf_malloc /10.2/src/mysys/safemalloc.c:118

    #2 0x5631f68c604f in my_malloc /10.2/src/mysys/my_malloc.c:101

    #3 0x5631f68a7de0 in alloc_root /10.2/src/mysys/my_alloc.c:242

    #4 0x5631f513f99d in Sql_alloc::operator new(unsigned long, st_mem_root*) /10.2/src/sql/sql_list.h:44

    #5 0x5631f5364d1e in test_plugin_options /10.2/src/sql/sql_plugin.cc:4047

    #6 0x5631f5352623 in plugin_initialize /10.2/src/sql/sql_plugin.cc:1403

    #7 0x5631f53562ef in finalize_install /10.2/src/sql/sql_plugin.cc:2080

    #8 0x5631f535724c in mysql_install_plugin(THD*, st_mysql_lex_string const*, st_mysql_lex_string const*) /10.2/src/sql/sql_plugin.cc:2186

    #9 0x5631f532c7ca in mysql_execute_command(THD*) /10.2/src/sql/sql_parse.cc:6135

    #10 0x5631f53378d6 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /10.2/src/sql/sql_parse.cc:8011

    #11 0x5631f5312e25 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /10.2/src/sql/sql_parse.cc:1824

    #12 0x5631f530ffd9 in do_command(THD*) /10.2/src/sql/sql_parse.cc:1378

    #13 0x5631f5635235 in do_handle_one_connection(CONNECT*) /10.2/src/sql/sql_connect.cc:1335

    #14 0x5631f5634c3d in handle_one_connection /10.2/src/sql/sql_connect.cc:1241

    #15 0x7f3701a906b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)

Thread T31 created by T0 here:

    #0 0x7f3702e32253 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x36253)

    #1 0x5631f691e422 in spawn_thread_noop /10.2/src/mysys/psi_noop.c:187

    #2 0x5631f511f996 in inline_mysql_thread_create /10.2/src/include/mysql/psi/mysql_thread.h:1239

    #3 0x5631f5133bbc in create_thread_to_handle_connection(CONNECT*) /10.2/src/sql/mysqld.cc:6454

    #4 0x5631f51342bc in create_new_thread /10.2/src/sql/mysqld.cc:6524

    #5 0x5631f51352ff in handle_connections_sockets() /10.2/src/sql/mysqld.cc:6799

    #6 0x5631f513310c in mysqld_main(int, char**) /10.2/src/sql/mysqld.cc:6073

    #7 0x5631f511e32f in main /10.2/src/sql/main.cc:25

    #8 0x7f3700e3e82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

SUMMARY: AddressSanitizer: heap-use-after-free ??:0 __interceptor_strlen

Shadow bytes around the buggy address:

  0x0c428000b2d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd

  0x0c428000b2e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd

  0x0c428000b2f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd

  0x0c428000b300: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd

  0x0c428000b310: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd

=>0x0c428000b320: fd fd fd[fd]fd fd fd fd fd fd fa fa fa fa fa fa

  0x0c428000b330: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa

  0x0c428000b340: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa

  0x0c428000b350: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa

  0x0c428000b360: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa

  0x0c428000b370: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa

Shadow byte legend (one shadow byte represents 8 application bytes):

  Addressable:           00

  Partially addressable: 01 02 03 04 05 06 07 

  Heap left redzone:       fa

  Heap right redzone:      fb

  Freed heap region:       fd

  Stack left redzone:      f1

  Stack mid redzone:       f2

  Stack right redzone:     f3

  Stack partial redzone:   f4

  Stack after return:      f5

  Stack use after scope:   f8

  Global redzone:          f9

  Global init order:       f6

  Poisoned by user:        f7

  Container overflow:      fc

  Array cookie:            ac

  Intra object redzone:    bb

  ASan internal:           fe

==5277==ABORTING