Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
10.0(EOL), 10.1(EOL), 10.2(EOL), 10.3(EOL), 10.4(EOL)
-
None
Description
https://travis-ci.org/elenst/travis-tests/jobs/478716599
|
10.4 301bd62b253 |
==6466==ERROR: AddressSanitizer: heap-use-after-free on address 0x60300006a210 at pc 0x7efdda35920b bp 0x7efd21814190 sp 0x7efd21813938
|
READ of size 2 at 0x60300006a210 thread T23
|
#0 0x7efdda35920a in __interceptor_strlen (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x7020a)
|
#1 0x55e020689b86 in fts_get_table_name_prefix(fts_table_t const*) /home/travis/src/storage/innobase/fts/fts0sql.cc:108
|
#2 0x55e020689d96 in fts_get_table_name(fts_table_t const*, char*) /home/travis/src/storage/innobase/fts/fts0sql.cc:146
|
#3 0x55e02064bb93 in fts_write_node(trx_t*, que_fork_t**, fts_table_t*, fts_string_t*, fts_node_t*) /home/travis/src/storage/innobase/fts/fts0fts.cc:3878
|
#4 0x55e02064cd12 in fts_sync_write_words /home/travis/src/storage/innobase/fts/fts0fts.cc:4047
|
#5 0x55e02064d91e in fts_sync_index /home/travis/src/storage/innobase/fts/fts0fts.cc:4128
|
#6 0x55e02064efc6 in fts_sync /home/travis/src/storage/innobase/fts/fts0fts.cc:4373
|
#7 0x55e02064f712 in fts_sync_table(dict_table_t*, bool, bool, bool) /home/travis/src/storage/innobase/fts/fts0fts.cc:4458
|
#8 0x55e02066ff4a in fts_optimize_sync_table(unsigned long) /home/travis/src/storage/innobase/fts/fts0opt.cc:2829
|
#9 0x55e0206705e4 in fts_optimize_thread /home/travis/src/storage/innobase/fts/fts0opt.cc:2942
|
#10 0x7efdd8d9c6b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
|
#11 0x7efdd823141c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x10741c)
|
ASAN:SIGSEGV
|
|
elenst-dev 662a6c5cf9d Toolbox: 72830f51da |
perl ./runall-new.pl --basedir=/home/travis/server --vardir=/home/travis/logs/vardir --duration=350 --threads=6 --seed=1547296526 --short-column-names --reporters=Backtrace,ErrorLog,Deadlock --validators=TransformerNoComparator --transformers=ExecuteAsExecuteImmediate,ExecuteAsInsertSelect,ExecuteAsUpdateDelete --redefine=conf/mariadb/alter_table.yy --redefine=conf/mariadb/instant_add.yy --redefine=conf/mariadb/modules/alter_table_columns.yy --redefine=conf/mariadb/sp.yy --redefine=conf/mariadb/bulk_insert.yy --redefine=conf/mariadb/modules/admin.yy --redefine=conf/mariadb/modules/foreign_keys.yy -redefine=conf/mariadb/modules/locks.yy --redefine=conf/mariadb/modules/sql_mode.yy --redefine=conf/mariadb/redefine_temporary_tables.yy --redefine=conf/mariadb/versioning.yy --redefine=conf/mariadb/sequences.yy --filter=/home/travis/mariadb-toolbox/travis/10.4-combo-filter.ff --mysqld=--log_output=FILE --mysqld=--max-statement-time=15 --mysqld=--lock-wait-timeout=10 --mysqld=--loose-innodb-lock-wait-timeout=5 --mysqld=--loose-debug_assert_on_not_freed_memory=0 --mysqld=--innodb-buffer-pool-size=2G --grammar=conf/engines/innodb/full_text_search.yy --gendata=conf/engines/innodb/full_text_search.zz --mysqld=--innodb-page-size=8K
|
Not reproducible right away, hitting other bugs instead.
Attachments
Issue Links
- relates to
-
-
- Closed
-
Activity
Another occurrence: https://dev.azure.com/elenst/MariaDB%20tests/_build/results?buildId=691 (test025)
On 10.2: https://dev.azure.com/elenst/MariaDB%20tests/_build/results?buildId=2125 Test 025
|
10.2 d315b4ff -DPLUGIN_SPHINX=NO -DPLUGIN_OQGRAPH=NO -DPLUGIN_TOKUDB=NO -DPLUGIN_MROONGA=NO -DPLUGIN_FEDERATED=NO -DPLUGIN_FEDERATEDX=NO -DPLUGIN_CONNECT=NO -DPLUGIN_SPIDER=NO -DPLUGIN_ROCKSDB=NO -DWITH_MARIABACKUP=OFF -DCMAKE_BUILD_TYPE=Debug -DWITH_ASAN=YES -DMYSQL_MAINTAINER_MODE=OFF |
==6679==ERROR: AddressSanitizer: heap-use-after-free on address 0x6030000599e0 at pc 0x7fb34b69b6ae bp 0x7fb32a423fd0 sp 0x7fb32a423778
|
READ of size 2 at 0x6030000599e0 thread T19
|
#0 0x7fb34b69b6ad (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x516ad)
|
#1 0x557fdef3330c in fts_get_table_name_prefix(fts_table_t const*) /home/vsts/src/storage/innobase/fts/fts0sql.cc:108
|
#2 0x557fdef33578 in fts_get_table_name(fts_table_t const*, char*) /home/vsts/src/storage/innobase/fts/fts0sql.cc:145
|
#3 0x557fdeee5657 in fts_write_node(trx_t*, que_fork_t**, fts_table_t*, fts_string_t*, fts_node_t*) /home/vsts/src/storage/innobase/fts/fts0fts.cc:3925
|
#4 0x557fdeee6b53 in fts_sync_write_words /home/vsts/src/storage/innobase/fts/fts0fts.cc:4091
|
#5 0x557fdeee7a62 in fts_sync_index /home/vsts/src/storage/innobase/fts/fts0fts.cc:4175
|
#6 0x557fdeee9422 in fts_sync /home/vsts/src/storage/innobase/fts/fts0fts.cc:4420
|
#7 0x557fdeee9db9 in fts_sync_table(dict_table_t*, bool, bool, bool) /home/vsts/src/storage/innobase/fts/fts0fts.cc:4504
|
#8 0x557fdef1466d in fts_optimize_sync_table(unsigned long) /home/vsts/src/storage/innobase/fts/fts0opt.cc:2830
|
#9 0x557fdef14caf in fts_optimize_thread /home/vsts/src/storage/innobase/fts/fts0opt.cc:2942
|
#10 0x7fb349e3a6b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
|
#11 0x7fb3492c341c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x10741c)
|
0x6030000599e0 is located 0 bytes inside of 18-byte region [0x6030000599e0,0x6030000599f2)
|
freed by thread T38 here:
|
#0 0x7fb34b728f80 in realloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdef80)
|
#1 0x557fdedb8435 in dict_table_rename_in_cache(dict_table_t*, char const*, bool, bool) /home/vsts/src/storage/innobase/dict/dict0dict.cc:1720
|
#2 0x557fdea5c30e in row_rename_table_for_mysql(char const*, char const*, trx_t*, bool, bool) /home/vsts/src/storage/innobase/row/row0mysql.cc:4513
|
#3 0x557fde7a649a in innobase_rename_table(trx_t*, char const*, char const*, bool, bool) (/home/vsts/server/bin/mysqld+0x1a4b49a)
|
#4 0x557fde772f33 in ha_innobase::rename_table(char const*, char const*) /home/vsts/src/storage/innobase/handler/ha_innodb.cc:13655
|
#5 0x557fde1ffc21 in handler::ha_rename_table(char const*, char const*) /home/vsts/src/sql/handler.cc:4394
|
#6 0x557fdddb847c in mysql_rename_table(handlerton*, char const*, char const*, char const*, char const*, unsigned int) /home/vsts/src/sql/sql_table.cc:5312
|
#7 0x557fdddd72c6 in mysql_alter_table(THD*, char*, char*, HA_CREATE_INFO*, TABLE_LIST*, Alter_info*, unsigned int, st_order*, bool) /home/vsts/src/sql/sql_table.cc:9705
|
#8 0x557fddf22fc1 in Sql_cmd_alter_table::execute(THD*) /home/vsts/src/sql/sql_alter.cc:321
|
#9 0x557fddb9cb05 in mysql_execute_command(THD*) /home/vsts/src/sql/sql_parse.cc:6226
|
#10 0x557fddba8d95 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /home/vsts/src/sql/sql_parse.cc:8013
|
#11 0x557fddb7d498 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /home/vsts/src/sql/sql_parse.cc:1831
|
#12 0x557fddb79ba4 in do_command(THD*) /home/vsts/src/sql/sql_parse.cc:1385
|
#13 0x557fddf132df in do_handle_one_connection(CONNECT*) /home/vsts/src/sql/sql_connect.cc:1335
|
#14 0x557fddf12bda in handle_one_connection /home/vsts/src/sql/sql_connect.cc:1241
|
#15 0x7fb349e3a6b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
|
previously allocated by thread T38 here:
|
#0 0x7fb34b728b90 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb90)
|
#1 0x557fdee03520 in mem_strdup /home/vsts/src/storage/innobase/include/mem0mem.ic:468
|
#2 0x557fdee04808 in dict_mem_table_create(char const*, unsigned long, unsigned long, unsigned long, unsigned long, unsigned long) /home/vsts/src/storage/innobase/dict/dict0mem.cc:136
|
#3 0x557fde7a1894 in create_table_info_t::create_table_def() (/home/vsts/server/bin/mysqld+0x1a46894)
|
#4 0x557fde76db1e in create_table_info_t::create_table(bool) /home/vsts/src/storage/innobase/handler/ha_innodb.cc:12572
|
#5 0x557fde7a4c32 in ha_innobase::create(char const*, TABLE*, HA_CREATE_INFO*, bool, trx_t*) (/home/vsts/server/bin/mysqld+0x1a49c32)
|
#6 0x557fde76fd7f in ha_innobase::create(char const*, TABLE*, HA_CREATE_INFO*) /home/vsts/src/storage/innobase/handler/ha_innodb.cc:12963
|
#7 0x557fde1ffe7a in handler::ha_create(char const*, TABLE*, HA_CREATE_INFO*) /home/vsts/src/sql/handler.cc:4442
|
#8 0x557fde202af9 in ha_create_table(THD*, char const*, char const*, char const*, HA_CREATE_INFO*, st_mysql_const_unsigned_lex_string*) /home/vsts/src/sql/handler.cc:4814
|
#9 0x557fdddd5bd1 in mysql_alter_table(THD*, char*, char*, HA_CREATE_INFO*, TABLE_LIST*, Alter_info*, unsigned int, st_order*, bool) /home/vsts/src/sql/sql_table.cc:9500
|
#10 0x557fddf22fc1 in Sql_cmd_alter_table::execute(THD*) /home/vsts/src/sql/sql_alter.cc:321
|
#11 0x557fddb9cb05 in mysql_execute_command(THD*) /home/vsts/src/sql/sql_parse.cc:6226
|
#12 0x557fddba8d95 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /home/vsts/src/sql/sql_parse.cc:8013
|
#13 0x557fddb7d498 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /home/vsts/src/sql/sql_parse.cc:1831
|
#14 0x557fddb79ba4 in do_command(THD*) /home/vsts/src/sql/sql_parse.cc:1385
|
#15 0x557fddf132df in do_handle_one_connection(CONNECT*) /home/vsts/src/sql/sql_connect.cc:1335
|
#16 0x557fddf12bda in handle_one_connection /home/vsts/src/sql/sql_connect.cc:1241
|
#17 0x7fb349e3a6b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
|
Thread T19 created by T0 here:
|
#0 0x7fb34b681d6f in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x37d6f)
|
#1 0x557fde92547a in os_thread_create_func(void* (*)(void*), void*, unsigned long*) /home/vsts/src/storage/innobase/os/os0thread.cc:132
|
#2 0x557fdef15580 in fts_optimize_init() /home/vsts/src/storage/innobase/fts/fts0opt.cc:3045
|
#3 0x557fdeb6335d in innobase_start_or_create_for_mysql() /home/vsts/src/storage/innobase/srv/srv0start.cc:2622
|
#4 0x557fde73f1a7 in innobase_init /home/vsts/src/storage/innobase/handler/ha_innodb.cc:4377
|
#5 0x557fde1e5026 in ha_initialize_handlerton(st_plugin_int*) /home/vsts/src/sql/handler.cc:521
|
#6 0x557fddbc5f95 in plugin_initialize /home/vsts/src/sql/sql_plugin.cc:1416
|
#7 0x557fddbc7c9c in plugin_init(int*, char**, int) /home/vsts/src/sql/sql_plugin.cc:1697
|
#8 0x557fdd958655 in init_server_components /home/vsts/src/sql/mysqld.cc:5311
|
#9 0x557fdd95a83b in mysqld_main(int, char**) /home/vsts/src/sql/mysqld.cc:5907
|
#10 0x557fdd942bb9 in main /home/vsts/src/sql/main.cc:25
|
#11 0x7fb3491dc82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
|
Thread T38 created by T0 here:
|
#0 0x7fb34b681d6f in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x37d6f)
|
#1 0x557fdf4fbccd in spawn_thread_noop /home/vsts/src/mysys/psi_noop.c:187
|
#2 0x557fdd94422c in inline_mysql_thread_create /home/vsts/src/include/mysql/psi/mysql_thread.h:1239
|
#3 0x557fdd95be12 in create_thread_to_handle_connection(CONNECT*) /home/vsts/src/sql/mysqld.cc:6484
|
#4 0x557fdd95c5cb in create_new_thread /home/vsts/src/sql/mysqld.cc:6552
|
#5 0x557fdd95d88d in handle_connections_sockets() /home/vsts/src/sql/mysqld.cc:6827
|
#6 0x557fdd95b216 in mysqld_main(int, char**) /home/vsts/src/sql/mysqld.cc:6101
|
#7 0x557fdd942bb9 in main /home/vsts/src/sql/main.cc:25
|
#8 0x7fb3491dc82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
|
SUMMARY: AddressSanitizer: heap-use-after-free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x516ad)
|
Shadow bytes around the buggy address:
|
0x0c06800032e0: fa fa fd fd fd fa fa fa fd fd fd fd fa fa fd fd
|
0x0c06800032f0: fd fa fa fa fd fd fd fa fa fa fd fd fd fd fa fa
|
0x0c0680003300: fd fd fd fa fa fa fd fd fd fa fa fa fd fd fd fa
|
0x0c0680003310: fa fa fd fd fd fa fa fa fd fd fd fa fa fa fd fd
|
0x0c0680003320: fd fa fa fa fd fd fd fa fa fa fd fd fd fa fa fa
|
=>0x0c0680003330: fd fd fd fa fa fa fd fd fd fa fa fa[fd]fd fd fa
|
0x0c0680003340: fa fa fd fd fd fa fa fa fd fd fd fa fa fa fd fd
|
0x0c0680003350: fd fa fa fa fd fd fd fa fa fa fd fd fd fa fa fa
|
0x0c0680003360: fd fd fd fa fa fa fd fd fd fa fa fa fd fd fd fa
|
0x0c0680003370: fa fa fd fd fd fa fa fa fd fd fd fa fa fa fd fd
|
0x0c0680003380: fd fa fa fa fd fd fd fa fa fa fd fd fd fa fa fa
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
Addressable: 00
|
Partially addressable: 01 02 03 04 05 06 07
|
Heap left redzone: fa
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack after return: f5
|
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
Container overflow: fc
|
Array cookie: ac
|
Intra object redzone: bb
|
ASan internal: fe
|
Left alloca redzone: ca
|
Right alloca redzone: cb
|
==6679==ABORTING
|
|
elenst-dev ec63bb41 master 1e8b2ee0 |
perl ./runall-new.pl --basedir=/home/vsts/server --vardir=/home/vsts/logs/vardir --duration=400 --threads=6 --views --seed=1555823060 --validators=MetadataReload --reporters=Backtrace,ErrorLog,Deadlock --filter=conf/mariadb/10.4-combo-filter.ff --engine=InnoDB --grammar=conf/engines/innodb/full_text_search.yy --gendata=conf/engines/innodb/full_text_search.zz --redefine=conf/mariadb/alter_table.yy --redefine=conf/mariadb/instant_add.yy --redefine=conf/mariadb/modules/alter_table_columns.yy --redefine=conf/mariadb/sp.yy --redefine=conf/mariadb/bulk_insert.yy --redefine=conf/mariadb/modules/admin.yy --redefine=conf/mariadb/modules/userstat.yy --redefine=conf/mariadb/modules/foreign_keys.yy -redefine=conf/mariadb/modules/locks.yy --redefine=conf/mariadb/modules/sql_mode.yy --mysqld=--log_output=FILE --mysqld=--loose-max-statement-time=20 --mysqld=--lock-wait-timeout=10 --mysqld=--loose-innodb-lock-wait-timeout=5 --mysqld=--loose-debug_assert_on_not_freed_memory=0
|
On 10.3: https://dev.azure.com/elenst/MariaDB%20tests/_build/results?buildId=2248 Test 025
|
10.3 4d59f452 -DPLUGIN_SPHINX=NO -DPLUGIN_OQGRAPH=NO -DPLUGIN_TOKUDB=NO -DPLUGIN_MROONGA=NO -DPLUGIN_FEDERATED=NO -DPLUGIN_FEDERATEDX=NO -DPLUGIN_CONNECT=NO -DPLUGIN_SPIDER=NO -DPLUGIN_ROCKSDB=NO -DWITH_MARIABACKUP=OFF -DCMAKE_BUILD_TYPE=Debug -DWITH_ASAN=YES -DMYSQL_MAINTAINER_MODE=OFF |
==6648==ERROR: AddressSanitizer: heap-use-after-free on address 0x60300005c3b0 at pc 0x7f9732b506ae bp 0x7f9709402fd0 sp 0x7f9709402778
|
READ of size 2 at 0x60300005c3b0 thread T19
|
#0 0x7f9732b506ad (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x516ad)
|
#1 0x55a75a568131 in fts_get_table_name_prefix(fts_table_t const*) /home/vsts/src/storage/innobase/fts/fts0sql.cc:108
|
#2 0x55a75a56839d in fts_get_table_name(fts_table_t const*, char*) /home/vsts/src/storage/innobase/fts/fts0sql.cc:146
|
#3 0x55a75a519a1d in fts_write_node(trx_t*, que_fork_t**, fts_table_t*, fts_string_t*, fts_node_t*) /home/vsts/src/storage/innobase/fts/fts0fts.cc:3903
|
#4 0x55a75a51af17 in fts_sync_write_words /home/vsts/src/storage/innobase/fts/fts0fts.cc:4069
|
#5 0x55a75a51be6f in fts_sync_index /home/vsts/src/storage/innobase/fts/fts0fts.cc:4153
|
#6 0x55a75a51dac1 in fts_sync /home/vsts/src/storage/innobase/fts/fts0fts.cc:4398
|
#7 0x55a75a51e4ba in fts_sync_table(dict_table_t*, bool, bool, bool) /home/vsts/src/storage/innobase/fts/fts0fts.cc:4482
|
#8 0x55a75a548c91 in fts_optimize_sync_table(unsigned long) /home/vsts/src/storage/innobase/fts/fts0opt.cc:2830
|
#9 0x55a75a54932e in fts_optimize_thread /home/vsts/src/storage/innobase/fts/fts0opt.cc:2942
|
#10 0x7f97312ef6b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
|
#11 0x7f973077841c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x10741c)
|
0x60300005c3b0 is located 0 bytes inside of 18-byte region [0x60300005c3b0,0x60300005c3c2)
|
freed by thread T33 here:
|
#0 0x7f9732bddf80 in realloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdef80)
|
#1 0x55a75a3e5ed9 in dict_table_rename_in_cache(dict_table_t*, char const*, bool, bool) /home/vsts/src/storage/innobase/dict/dict0dict.cc:1682
|
#2 0x55a75a076556 in row_rename_table_for_mysql(char const*, char const*, trx_t*, bool, bool) /home/vsts/src/storage/innobase/row/row0mysql.cc:4526
|
#3 0x55a759d86010 in innobase_rename_table(trx_t*, char const*, char const*, bool, bool) (/home/vsts/server/bin/mysqld+0x1d76010)
|
#4 0x55a759d53e38 in ha_innobase::rename_table(char const*, char const*) /home/vsts/src/storage/innobase/handler/ha_innodb.cc:13381
|
#5 0x55a7597bb89e in handler::ha_rename_table(char const*, char const*) /home/vsts/src/sql/handler.cc:4640
|
#6 0x55a75927f7f4 in mysql_rename_table(handlerton*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, unsigned int) /home/vsts/src/sql/sql_table.cc:5459
|
#7 0x55a75929f35d in mysql_alter_table(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, HA_CREATE_INFO*, TABLE_LIST*, Alter_info*, unsigned int, st_order*, bool) /home/vsts/src/sql/sql_table.cc:10021
|
#8 0x55a75940ce72 in Sql_cmd_alter_table::execute(THD*) /home/vsts/src/sql/sql_alter.cc:488
|
#9 0x55a75905018f in mysql_execute_command(THD*) /home/vsts/src/sql/sql_parse.cc:6285
|
#10 0x55a75905c558 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /home/vsts/src/sql/sql_parse.cc:8091
|
#11 0x55a759030fcc in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /home/vsts/src/sql/sql_parse.cc:1857
|
#12 0x55a75902d8ca in do_command(THD*) /home/vsts/src/sql/sql_parse.cc:1403
|
#13 0x55a7593fc49c in do_handle_one_connection(CONNECT*) /home/vsts/src/sql/sql_connect.cc:1402
|
#14 0x55a7593fbd8e in handle_one_connection /home/vsts/src/sql/sql_connect.cc:1308
|
#15 0x7f97312ef6b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
|
previously allocated by thread T33 here:
|
#0 0x7f9732bddb90 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb90)
|
#1 0x55a75a433e3a in mem_strdup /home/vsts/src/storage/innobase/include/mem0mem.ic:469
|
#2 0x55a75a4361f6 in dict_mem_table_create(char const*, fil_space_t*, unsigned long, unsigned long, unsigned long, unsigned long) /home/vsts/src/storage/innobase/dict/dict0mem.cc:158
|
#3 0x55a759d80561 in create_table_info_t::create_table_def() (/home/vsts/server/bin/mysqld+0x1d70561)
|
#4 0x55a759d4ec01 in create_table_info_t::create_table(bool) /home/vsts/src/storage/innobase/handler/ha_innodb.cc:12333
|
#5 0x55a759d84459 in ha_innobase::create(char const*, TABLE*, HA_CREATE_INFO*, bool, trx_t*) (/home/vsts/server/bin/mysqld+0x1d74459)
|
#6 0x55a759d50ba5 in ha_innobase::create(char const*, TABLE*, HA_CREATE_INFO*) /home/vsts/src/storage/innobase/handler/ha_innodb.cc:12704
|
#7 0x55a7597bbbab in handler::ha_create(char const*, TABLE*, HA_CREATE_INFO*) /home/vsts/src/sql/handler.cc:4688
|
#8 0x55a7597bed6b in ha_create_table(THD*, char const*, char const*, char const*, HA_CREATE_INFO*, st_mysql_const_unsigned_lex_string*) /home/vsts/src/sql/handler.cc:5062
|
#9 0x55a75929dbfd in mysql_alter_table(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, HA_CREATE_INFO*, TABLE_LIST*, Alter_info*, unsigned int, st_order*, bool) /home/vsts/src/sql/sql_table.cc:9808
|
#10 0x55a75940ce72 in Sql_cmd_alter_table::execute(THD*) /home/vsts/src/sql/sql_alter.cc:488
|
#11 0x55a75905018f in mysql_execute_command(THD*) /home/vsts/src/sql/sql_parse.cc:6285
|
#12 0x55a75905c558 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /home/vsts/src/sql/sql_parse.cc:8091
|
#13 0x55a759030fcc in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /home/vsts/src/sql/sql_parse.cc:1857
|
#14 0x55a75902d8ca in do_command(THD*) /home/vsts/src/sql/sql_parse.cc:1403
|
#15 0x55a7593fc49c in do_handle_one_connection(CONNECT*) /home/vsts/src/sql/sql_connect.cc:1402
|
#16 0x55a7593fbd8e in handle_one_connection /home/vsts/src/sql/sql_connect.cc:1308
|
#17 0x7f97312ef6b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
|
Thread T19 created by T0 here:
|
#0 0x7f9732b36d6f in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x37d6f)
|
#1 0x55a759f29297 in os_thread_create_func(void* (*)(void*), void*, unsigned long*) /home/vsts/src/storage/innobase/os/os0thread.cc:132
|
#2 0x55a75a549c49 in fts_optimize_init() /home/vsts/src/storage/innobase/fts/fts0opt.cc:3045
|
#3 0x55a75a17c7a0 in srv_start(bool) /home/vsts/src/storage/innobase/srv/srv0start.cc:2344
|
#4 0x55a759d20b63 in innodb_init /home/vsts/src/storage/innobase/handler/ha_innodb.cc:4266
|
#5 0x55a75979c9d4 in ha_initialize_handlerton(st_plugin_int*) /home/vsts/src/sql/handler.cc:523
|
#6 0x55a759078489 in plugin_initialize /home/vsts/src/sql/sql_plugin.cc:1432
|
#7 0x55a75907a34e in plugin_init(int*, char**, int) /home/vsts/src/sql/sql_plugin.cc:1714
|
#8 0x55a758d708d7 in init_server_components /home/vsts/src/sql/mysqld.cc:5401
|
#9 0x55a758d72cce in mysqld_main(int, char**) /home/vsts/src/sql/mysqld.cc:6014
|
#10 0x55a758d5a249 in main /home/vsts/src/sql/main.cc:25
|
#11 0x7f973069182f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
|
Thread T33 created by T0 here:
|
#0 0x7f9732b36d6f in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x37d6f)
|
#1 0x55a75ab7856b in spawn_thread_noop /home/vsts/src/mysys/psi_noop.c:187
|
#2 0x55a758d5bb2a in inline_mysql_thread_create /home/vsts/src/include/mysql/psi/mysql_thread.h:1268
|
#3 0x55a758d74257 in create_thread_to_handle_connection(CONNECT*) /home/vsts/src/sql/mysqld.cc:6591
|
#4 0x55a758d74a10 in create_new_thread /home/vsts/src/sql/mysqld.cc:6659
|
#5 0x55a758d75cd2 in handle_connections_sockets() /home/vsts/src/sql/mysqld.cc:6934
|
#6 0x55a758d735d6 in mysqld_main(int, char**) /home/vsts/src/sql/mysqld.cc:6211
|
#7 0x55a758d5a249 in main /home/vsts/src/sql/main.cc:25
|
#8 0x7f973069182f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
|
SUMMARY: AddressSanitizer: heap-use-after-free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x516ad)
|
Shadow bytes around the buggy address:
|
0x0c0680003820: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c0680003830: fa fa fa fa fd fd fd fa fa fa fd fd fd fa fa fa
|
0x0c0680003840: fd fd fd fa fa fa fd fd fd fa fa fa fd fd fd fa
|
0x0c0680003850: fa fa fd fd fd fa fa fa fd fd fd fa fa fa fa fa
|
0x0c0680003860: fa fa fa fa fd fd fd fa fa fa fd fd fd fa fa fa
|
=>0x0c0680003870: fa fa fa fa fa fa[fd]fd fd fa fa fa fa fa fa fa
|
0x0c0680003880: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fd fd
|
0x0c0680003890: fd fa fa fa fd fd fd fa fa fa fd fd fd fa fa fa
|
0x0c06800038a0: fd fd fd fa fa fa fd fd fd fa fa fa fd fd fd fa
|
0x0c06800038b0: fa fa fd fd fd fa fa fa fd fd fd fa fa fa fd fd
|
0x0c06800038c0: fd fa fa fa fd fd fd fa fa fa fd fd fd fa fa fa
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
Addressable: 00
|
Partially addressable: 01 02 03 04 05 06 07
|
Heap left redzone: fa
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack after return: f5
|
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
Container overflow: fc
|
Array cookie: ac
|
Intra object redzone: bb
|
ASan internal: fe
|
Left alloca redzone: ca
|
Right alloca redzone: cb
|
==6648==ABORTING
|
|
elenst-dev ec63bb41 master f79dfa2b |
perl ./runall-new.pl --basedir=/home/vsts/server --vardir=/home/vsts/logs/vardir --duration=400 --threads=6 --views --seed=1556526177 --validators=MetadataReload --reporters=Backtrace,ErrorLog,Deadlock --filter=conf/mariadb/10.4-combo-filter.ff --engine=InnoDB --grammar=conf/engines/innodb/full_text_search.yy --gendata=conf/engines/innodb/full_text_search.zz --redefine=conf/mariadb/alter_table.yy --redefine=conf/mariadb/instant_add.yy --redefine=conf/mariadb/modules/alter_table_columns.yy --redefine=conf/mariadb/sp.yy --redefine=conf/mariadb/bulk_insert.yy --redefine=conf/mariadb/modules/admin.yy --redefine=conf/mariadb/modules/userstat.yy --redefine=conf/mariadb/modules/foreign_keys.yy -redefine=conf/mariadb/modules/locks.yy --redefine=conf/mariadb/modules/sql_mode.yy --redefine=conf/mariadb/versioning.yy --redefine=conf/mariadb/sequences.yy --mysqld=--log_output=FILE --mysqld=--loose-max-statement-time=20 --mysqld=--lock-wait-timeout=10 --mysqld=--loose-innodb-lock-wait-timeout=5 --mysqld=--loose-debug_assert_on_not_freed_memory=0
|
This should be repeatable even with RENAME TABLE on a table that has fulltext indexes. The code did more copying before MariaDB 10.2, and the tests with ALTER TABLE seem to be timing-sensitive (and the table would be dropped soon after the internal renaming at the end of ALTER TABLE). While this was not observed on 10.0 or 10.1, based on reading the code I am pretty sure that those versions are affected, just like MySQL should be.
Another occurrence: https://travis-ci.org/elenst/travis-tests/jobs/478789421