Details

      Description

      The bug can be seen f.ex in innodb.innodb when ASAN instrumentation is enabled.

      ==10478==ERROR: AddressSanitizer: use-after-poison on address 0x7f8cb02dedf8 at pc 0x0000015fbc6b bp 0x7f8cb02de210 sp 0x7f8cb02de208
      READ of size 4 at 0x7f8cb02dedf8 thread T22
          #0 0x15fbc6a in _db_return_ /work/mariadb/dbug/dbug.c:1166:18
          #1 0x15b5909 in my_free /work/mariadb/mysys/my_malloc.c:218:3
          #2 0x1171344 in pfs_spawn_thread /work/mariadb/storage/perfschema/pfs.cc:1858:3
          #3 0x7f8cc6bf6163 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x8163)
          #4 0x7f8cc5e50dee in clone /build/glibc-B9XfQf/glibc-2.28/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95
       
      Address 0x7f8cb02dedf8 is a wild pointer.
      SUMMARY: AddressSanitizer: use-after-poison /work/mariadb/dbug/dbug.c:1166:18 in _db_return_
      Shadow bytes around the buggy address:
        0x0ff216053d60: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
        0x0ff216053d70: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
        0x0ff216053d80: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
        0x0ff216053d90: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
        0x0ff216053da0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
      =>0x0ff216053db0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7[f7]
        0x0ff216053dc0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
        0x0ff216053dd0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
        0x0ff216053de0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
        0x0ff216053df0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
        0x0ff216053e00: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
      Shadow byte legend (one shadow byte represents 8 application bytes):
        Addressable:           00
        Partially addressable: 01 02 03 04 05 06 07 
        Heap left redzone:       fa
        Freed heap region:       fd
        Stack left redzone:      f1
        Stack mid redzone:       f2
        Stack right redzone:     f3
        Stack after return:      f5
        Stack use after scope:   f8
        Global redzone:          f9
        Global init order:       f6
        Poisoned by user:        f7
        Container overflow:      fc
        Array cookie:            ac
        Intra object redzone:    bb
        ASan internal:           fe
        Left alloca redzone:     ca
        Right alloca redzone:    cb
        Shadow gap:              cc
      Thread T22 created by T0 here:
          #0 0x5afb40 in pthread_create /home/kevg/fun/cpp_projects/llvm_toolchain/llvm/projects/compiler-rt/lib/asan/asan_interceptors.cc:210:3
          #1 0x11741e8 in spawn_thread_v1(unsigned int, unsigned long*, pthread_attr_t const*, void* (*)(void*), void*) /work/mariadb/storage/perfschema/pfs.cc:1911:15
          #2 0x6a6240 in create_thread_to_handle_connection(THD*) /work/mariadb/sql/mysqld.cc:5925:15
          #3 0x6a730a in create_new_thread(THD*) /work/mariadb/sql/mysqld.cc:6018:3
          #4 0x6a5c1f in handle_connections_sockets() /work/mariadb/sql/mysqld.cc:6302:5
          #5 0x6a0398 in mysqld_main(int, char**) /work/mariadb/sql/mysqld.cc:5531:3
          #6 0x7f8cc5d5a09a in __libc_start_main /build/glibc-B9XfQf/glibc-2.28/csu/../csu/libc-start.c:308:16
       
      ==10478==ABORTING
      

      It's impossible to understand what happened here. errno was poisoned, eh?

        Attachments

          Activity

            People

            • Assignee:
              kevg Eugene Kosov
              Reporter:
              kevg Eugene Kosov
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: