[MDEV-18243] incorrect ASAN instrumentation - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 5.5(EOL), 10.0(EOL), 10.1(EOL), 10.2(EOL), 10.3(EOL), 10.4(EOL)
Fix Version/s: 10.4.2, 10.1.38, 10.0.38, 10.2.22, 10.3.13
Component/s: Storage Engine - InnoDB, Storage Engine - XtraDB
Labels:
None

Description

The bug can be seen f.ex in innodb.innodb when ASAN instrumentation is enabled.

==10478==ERROR: AddressSanitizer: use-after-poison on address 0x7f8cb02dedf8 at pc 0x0000015fbc6b bp 0x7f8cb02de210 sp 0x7f8cb02de208

READ of size 4 at 0x7f8cb02dedf8 thread T22

    #0 0x15fbc6a in _db_return_ /work/mariadb/dbug/dbug.c:1166:18

    #1 0x15b5909 in my_free /work/mariadb/mysys/my_malloc.c:218:3

    #2 0x1171344 in pfs_spawn_thread /work/mariadb/storage/perfschema/pfs.cc:1858:3

    #3 0x7f8cc6bf6163 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x8163)

    #4 0x7f8cc5e50dee in clone /build/glibc-B9XfQf/glibc-2.28/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Address 0x7f8cb02dedf8 is a wild pointer.

SUMMARY: AddressSanitizer: use-after-poison /work/mariadb/dbug/dbug.c:1166:18 in _db_return_

Shadow bytes around the buggy address:

  0x0ff216053d60: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7

  0x0ff216053d70: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7

  0x0ff216053d80: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7

  0x0ff216053d90: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7

  0x0ff216053da0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7

=>0x0ff216053db0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7[f7]

  0x0ff216053dc0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7

  0x0ff216053dd0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7

  0x0ff216053de0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7

  0x0ff216053df0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7

  0x0ff216053e00: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7

Shadow byte legend (one shadow byte represents 8 application bytes):

  Addressable:           00

  Partially addressable: 01 02 03 04 05 06 07

  Heap left redzone:       fa

  Freed heap region:       fd

  Stack left redzone:      f1

  Stack mid redzone:       f2

  Stack right redzone:     f3

  Stack after return:      f5

  Stack use after scope:   f8

  Global redzone:          f9

  Global init order:       f6

  Poisoned by user:        f7

  Container overflow:      fc

  Array cookie:            ac

  Intra object redzone:    bb

  ASan internal:           fe

  Left alloca redzone:     ca

  Right alloca redzone:    cb

  Shadow gap:              cc

Thread T22 created by T0 here:

    #0 0x5afb40 in pthread_create /home/kevg/fun/cpp_projects/llvm_toolchain/llvm/projects/compiler-rt/lib/asan/asan_interceptors.cc:210:3

    #1 0x11741e8 in spawn_thread_v1(unsigned int, unsigned long*, pthread_attr_t const*, void* (*)(void*), void*) /work/mariadb/storage/perfschema/pfs.cc:1911:15

    #2 0x6a6240 in create_thread_to_handle_connection(THD*) /work/mariadb/sql/mysqld.cc:5925:15

    #3 0x6a730a in create_new_thread(THD*) /work/mariadb/sql/mysqld.cc:6018:3

    #4 0x6a5c1f in handle_connections_sockets() /work/mariadb/sql/mysqld.cc:6302:5

    #5 0x6a0398 in mysqld_main(int, char**) /work/mariadb/sql/mysqld.cc:5531:3

    #6 0x7f8cc5d5a09a in __libc_start_main /build/glibc-B9XfQf/glibc-2.28/csu/../csu/libc-start.c:308:16

==10478==ABORTING

It's impossible to understand what happened here. errno was poisoned, eh?

Attachments

Activity

People

Assignee:: Eugene Kosov (Inactive)

Reporter:: Eugene Kosov (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2019-01-15 11:52

Updated:: 2019-01-15 12:43

Resolved:: 2019-01-15 12:43

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.