Details
-
Bug
-
Status: Open (View Workflow)
-
Major
-
Resolution: Unresolved
-
10.3(EOL), 10.4(EOL)
-
None
Description
Reproduce
Apply attached patch and run versioning.y with --repeat=100.
Result
#0 0x1dda430 in id_name_t::operator char const*() const /home/midenok/src/mariadb/10.4/src/storage/innobase/include/dict0mem.h:519:10
|
#1 0x265a50f in operator<<(std::ostream&, id_name_t const&) /home/midenok/src/mariadb/10.4/src/storage/innobase/dict/dict0mem.cc:94:18
|
#2 0x2222733 in row_purge_poss_sec(purge_node_t*, dict_index_t*, dtuple_t const*, btr_pcur_t*, mtr_t*, bool) /home/midenok/src/mariadb/10.4/src/storage/innobase/row/row0purge.cc:330:3
|
#3 0x222ddef in row_purge_remove_sec_if_poss_leaf(purge_node_t*, dict_index_t*, dtuple_t const*) /home/midenok/src/mariadb/10.4/src/storage/innobase/row/row0purge.cc:582:7
|
#4 0x222d163 in row_purge_remove_sec_if_poss(purge_node_t*, dict_index_t*, dtuple_t const*) /home/midenok/src/mariadb/10.4/src/storage/innobase/row/row0purge.cc:695:6
|
#5 0x222a2d2 in row_purge_del_mark(purge_node_t*) /home/midenok/src/mariadb/10.4/src/storage/innobase/row/row0purge.cc:769:4
|
#6 0x22277ef in row_purge_record_func(purge_node_t*, unsigned char*, que_thr_t const*, bool) /home/midenok/src/mariadb/10.4/src/storage/innobase/row/row0purge.cc:1195:12
|
#7 0x2223c2d in row_purge(purge_node_t*, unsigned char*, que_thr_t*) /home/midenok/src/mariadb/10.4/src/storage/innobase/row/row0purge.cc:1262:18
|
#8 0x2223883 in row_purge_step(que_thr_t*) /home/midenok/src/mariadb/10.4/src/storage/innobase/row/row0purge.cc:1321:3
|
#9 0x20baf6e in que_thr_step(que_thr_t*) /home/midenok/src/mariadb/10.4/src/storage/innobase/que/que0que.cc:1042:9
|
#10 0x20b8f68 in que_run_threads_low(que_thr_t*) /home/midenok/src/mariadb/10.4/src/storage/innobase/que/que0que.cc:1104:14
|
#11 0x20b89b7 in que_run_threads(que_thr_t*) /home/midenok/src/mariadb/10.4/src/storage/innobase/que/que0que.cc:1144:2
|
#12 0x23620c2 in trx_purge(unsigned long, bool) /home/midenok/src/mariadb/10.4/src/storage/innobase/trx/trx0purge.cc:1315:2
|
#13 0x22dd185 in srv_do_purge(unsigned long*) /home/midenok/src/mariadb/10.4/src/storage/innobase/srv/srv0srv.cc:2590:20
|
#14 0x22dc5eb in srv_purge_coordinator_thread /home/midenok/src/mariadb/10.4/src/storage/innobase/srv/srv0srv.cc:2716:22
|
#15 0x7f7fa76cd181 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x9181)
|
#16 0x7f7fa6b71b1e in clone /build/glibc-KRRWSm/glibc-2.29/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
|
|
0x618000071518 is located 152 bytes inside of 784-byte region [0x618000071480,0x618000071790)
|
freed by thread T24 here:
|
#0 0x7bd4d8 in __interceptor_free (/home/midenok/src/mariadb/10.4/build/sql/mysqld+0x7bd4d8)
|
#1 0x1ffbeff in mem_heap_block_free(mem_block_info_t*, mem_block_info_t*) /home/midenok/src/mariadb/10.4/src/storage/innobase/mem/mem0mem.cc:415:3
|
#2 0x265cf1d in mem_heap_free(mem_block_info_t*) /home/midenok/src/mariadb/10.4/src/storage/innobase/include/mem0mem.ic:432:3
|
#3 0x266455a in dict_mem_index_free(dict_index_t*) /home/midenok/src/mariadb/10.4/src/storage/innobase/dict/dict0mem.cc:1069:2
|
#4 0x25f3d9b in dict_index_remove_from_cache_low(dict_table_t*, dict_index_t*, unsigned long) /home/midenok/src/mariadb/10.4/src/storage/innobase/dict/dict0dict.cc:2370:2
|
#5 0x25eb980 in dict_sys_t::remove(dict_table_t*, bool, bool) /home/midenok/src/mariadb/10.4/src/storage/innobase/dict/dict0dict.cc:1899:3
|
#6 0x21d263f in row_drop_table_from_cache(char const*, dict_table_t*, trx_t*) /home/midenok/src/mariadb/10.4/src/storage/innobase/row/row0mysql.cc:3267:11
|
#7 0x21c955b in row_drop_table_for_mysql(char const*, trx_t*, enum_sql_command, bool, bool) /home/midenok/src/mariadb/10.4/src/storage/innobase/row/row0mysql.cc:3741:9
|
#8 0x1de1d21 in ha_innobase::delete_table(char const*, enum_sql_command) /home/midenok/src/mariadb/10.4/src/storage/innobase/handler/ha_innodb.cc:12957:8
|
#9 0x1d93155 in ha_innobase::delete_table(char const*) /home/midenok/src/mariadb/10.4/src/storage/innobase/handler/ha_innodb.cc:13082:9
|
CURRENT_TEST: versioning.y
|
#10 0x160aa09 in handler::ha_delete_table(char const*) /home/midenok/src/mariadb/10.4/src/sql/handler.cc:4702:10
|
#11 0x160a2b7 in ha_delete_table(THD*, handlerton*, char const*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, bool) /home/midenok/src/mariadb/10.4/src/sql/handler.cc:2595:7
|
#12 0xefa885 in mysql_rm_table_no_locks(THD*, TABLE_LIST*, bool, bool, bool, bool, bool, bool) /home/midenok/src/mariadb/10.4/src/sql/sql_table.cc:2503:14
|
#13 0xef7cea in mysql_rm_table(THD*, TABLE_LIST*, bool, bool, bool) /home/midenok/src/mariadb/10.4/src/sql/sql_table.cc:2118:10
|
#14 0xc0393a in mysql_execute_command(THD*) /home/midenok/src/mariadb/10.4/src/sql/sql_parse.cc:4846:10
|
#15 0xbe8b34 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /home/midenok/src/mariadb/10.4/src/sql/sql_parse.cc:7892:18
|
#16 0xbe1834 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /home/midenok/src/mariadb/10.4/src/sql/sql_parse.cc:1826:7
|
#17 0xbea6e2 in do_command(THD*) /home/midenok/src/mariadb/10.4/src/sql/sql_parse.cc:1359:17
|
#18 0x1128ab5 in do_handle_one_connection(CONNECT*) /home/midenok/src/mariadb/10.4/src/sql/sql_connect.cc:1403:11
|
#19 0x11281d1 in handle_one_connection /home/midenok/src/mariadb/10.4/src/sql/sql_connect.cc:1306:3
|
#20 0x2e5d0c4 in pfs_spawn_thread /home/midenok/src/mariadb/10.4/src/storage/perfschema/pfs.cc:1862:3
|
#21 0x7f7fa76cd181 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x9181)
|
|
|
previously allocated by thread T24 here:
|
#0 0x7bd8b7 in __interceptor_malloc (/home/midenok/src/mariadb/10.4/build/sql/mysqld+0x7bd8b7)
|
#1 0x1ffac6e in mem_heap_create_block_func(mem_block_info_t*, unsigned long, char const*, unsigned int, unsigned long) /home/midenok/src/mariadb/10.4/src/storage/innobase/mem/mem0mem.cc:269:37
|
#2 0x1ffbaea in mem_heap_add_block(mem_block_info_t*, unsigned long) /home/midenok/src/mariadb/10.4/src/storage/innobase/mem/mem0mem.cc:374:14
|
#3 0x265c069 in mem_heap_alloc(mem_block_info_t*, unsigned long) /home/midenok/src/mariadb/10.4/src/storage/innobase/include/mem0mem.ic:201:11
|
#4 0x265bcc1 in mem_heap_zalloc(mem_block_info_t*, unsigned long) /home/midenok/src/mariadb/10.4/src/storage/innobase/include/mem0mem.ic:170:16
|
#5 0x2661d12 in dict_mem_index_create(dict_table_t*, char const*, unsigned long, unsigned long) /home/midenok/src/mariadb/10.4/src/storage/innobase/dict/dict0mem.cc:742:3
|
#6 0x25f983e in dict_index_build_internal_non_clust(dict_index_t*) /home/midenok/src/mariadb/10.4/src/storage/innobase/dict/dict0dict.cc:2855:14
|
#7 0x25f4aea in dict_index_add_to_cache(dict_index_t*, unsigned long, bool, dberr_t*, dict_add_v_col_t const*) /home/midenok/src/mariadb/10.4/src/storage/innobase/dict/dict0dict.cc:2201:6
|
#8 0x25cc029 in dict_create_index_step(que_thr_t*) /home/midenok/src/mariadb/10.4/src/storage/innobase/dict/dict0crea.cc:1327:17
|
#9 0x20bafff in que_thr_step(que_thr_t*) /home/midenok/src/mariadb/10.4/src/storage/innobase/que/que0que.cc:1052:9
|
#10 0x20b8f68 in que_run_threads_low(que_thr_t*) /home/midenok/src/mariadb/10.4/src/storage/innobase/que/que0que.cc:1104:14
|
#11 0x20b89b7 in que_run_threads(que_thr_t*) /home/midenok/src/mariadb/10.4/src/storage/innobase/que/que0que.cc:1144:2
|
#12 0x21c2edc in row_create_index_for_mysql(dict_index_t*, trx_t*, unsigned long const*) /home/midenok/src/mariadb/10.4/src/storage/innobase/row/row0mysql.cc:2544:3
|
#13 0x1ddf780 in create_index(trx_t*, TABLE const*, dict_table_t*, unsigned int) /home/midenok/src/mariadb/10.4/src/storage/innobase/handler/ha_innodb.cc:11345:3
|
#14 0x1d8e9a8 in create_table_info_t::create_table(bool) /home/midenok/src/mariadb/10.4/src/storage/innobase/handler/ha_innodb.cc:12456:19
|
#15 0x1de0a5f in ha_innobase::create(char const*, TABLE*, HA_CREATE_INFO*, bool, trx_t*) /home/midenok/src/mariadb/10.4/src/storage/innobase/handler/ha_innodb.cc:12688:20
|
#16 0x1d90982 in ha_innobase::create(char const*, TABLE*, HA_CREATE_INFO*) /home/midenok/src/mariadb/10.4/src/storage/innobase/handler/ha_innodb.cc:12741:9
|
#17 0x16243d1 in handler::ha_create(char const*, TABLE*, HA_CREATE_INFO*) /home/midenok/src/mariadb/10.4/src/sql/handler.cc:4736:14
|
#18 0x162abbe in ha_create_table(THD*, char const*, char const*, char const*, HA_CREATE_INFO*, st_mysql_const_unsigned_lex_string*) /home/midenok/src/mariadb/10.4/src/sql/handler.cc:5200:22
|
#19 0xf0a2be in create_table_impl(THD*, st_mysql_const_lex_string const&, st_mysql_const_lex_string const&, st_mysql_const_lex_string const&, st_mysql_const_lex_string const&, char const*, DDL_options_st, HA_CREATE_INFO*, Alter_info*, int, bool*, st_key**, unsigned int*, st_mysql_const_unsigned_lex_string*) /home/midenok/src/mariadb/10.4/src/sql/sql_table.cc:5048:11
|
#20 0xf07efc in mysql_create_table_no_lock(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, Table_specification_st*, Alter_info*, bool*, int, TABLE_LIST*) /home/midenok/src/mariadb/10.4/src/sql/sql_table.cc:5132:8
|
#21 0xf0b57c in mysql_create_table(THD*, TABLE_LIST*, Table_specification_st*, Alter_info*) /home/midenok/src/mariadb/10.4/src/sql/sql_table.cc:5224:7
|
#22 0xf482d5 in Sql_cmd_create_table_like::execute(THD*) /home/midenok/src/mariadb/10.4/src/sql/sql_table.cc:11348:12
|
#23 0xc0df67 in mysql_execute_command(THD*) /home/midenok/src/mariadb/10.4/src/sql/sql_parse.cc:6082:26
|
#24 0xbe8b34 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /home/midenok/src/mariadb/10.4/src/sql/sql_parse.cc:7892:18
|
#25 0xbe1834 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /home/midenok/src/mariadb/10.4/src/sql/sql_parse.cc:1826:7
|
#26 0xbea6e2 in do_command(THD*) /home/midenok/src/mariadb/10.4/src/sql/sql_parse.cc:1359:17
|
#27 0x1128ab5 in do_handle_one_connection(CONNECT*) /home/midenok/src/mariadb/10.4/src/sql/sql_connect.cc:1403:11
|
#28 0x11281d1 in handle_one_connection /home/midenok/src/mariadb/10.4/src/sql/sql_connect.cc:1306:3
|
#29 0x2e5d0c4 in pfs_spawn_thread /home/midenok/src/mariadb/10.4/src/storage/perfschema/pfs.cc:1862:3
|
|
|
Thread T17 created by T0 here:
|
#0 0x714a80 in pthread_create (/home/midenok/src/mariadb/10.4/build/sql/mysqld+0x714a80)
|
#1 0x2044d8c in os_thread_create_func(void* (*)(void*), void*, unsigned long*) /home/midenok/src/mariadb/10.4/src/storage/innobase/os/os0thread.cc:132:12
|
#2 0x22ef097 in srv_start(bool) /home/midenok/src/mariadb/10.4/src/storage/innobase/srv/srv0start.cc:2298:46
|
#3 0x1daef11 in innodb_init(void*) /home/midenok/src/mariadb/10.4/src/storage/innobase/handler/ha_innodb.cc:4270:8
|
#4 0x15fc294 in ha_initialize_handlerton(st_plugin_int*) /home/midenok/src/mariadb/10.4/src/sql/handler.cc:557:31
|
#5 0xc390c9 in plugin_initialize(st_mem_root*, st_plugin_int*, int*, char**, bool) /home/midenok/src/mariadb/10.4/src/sql/sql_plugin.cc:1437:9
|
#6 0xc37d5a in plugin_init(int*, char**, int) /home/midenok/src/mariadb/10.4/src/sql/sql_plugin.cc:1719:15
|
#7 0x80f43c in init_server_components() /home/midenok/src/mariadb/10.4/src/sql/mysqld.cc:5202:7
|
#8 0x808f92 in mysqld_main(int, char**) /home/midenok/src/mariadb/10.4/src/sql/mysqld.cc:5725:7
|
#9 0x7fcef1 in main /home/midenok/src/mariadb/10.4/src/sql/main.cc:25:10
|
#10 0x7f7fa6a7ab6a in __libc_start_main /build/glibc-KRRWSm/glibc-2.29/csu/../csu/libc-start.c:308:16
|
|
|
Thread T24 created by T0 here:
|
#0 0x714a80 in pthread_create (/home/midenok/src/mariadb/10.4/build/sql/mysqld+0x714a80)
|
#1 0x2e62eab in spawn_thread_v1(unsigned int, unsigned long*, pthread_attr_t const*, void* (*)(void*), void*) /home/midenok/src/mariadb/10.4/src/storage/perfschema/pfs.cc:1912:15
|
#2 0x805a6a in inline_mysql_thread_create(unsigned int, unsigned long*, pthread_attr_t const*, void* (*)(void*), void*) /home/midenok/src/mariadb/10.4/src/include/mysql/psi/mysql_thread.h:1268:11
|
#3 0x816976 in create_thread_to_handle_connection(CONNECT*) /home/midenok/src/mariadb/10.4/src/sql/mysqld.cc:6234:15
|
#4 0x8173d9 in create_new_thread(CONNECT*) /home/midenok/src/mariadb/10.4/src/sql/mysqld.cc:6304:3
|
#5 0x81825e in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /home/midenok/src/mariadb/10.4/src/sql/mysqld.cc:6402:3
|
#6 0x81501b in handle_connections_sockets() /home/midenok/src/mariadb/10.4/src/sql/mysqld.cc:6560:5
|
#7 0x80997a in mysqld_main(int, char**) /home/midenok/src/mariadb/10.4/src/sql/mysqld.cc:5892:3
|
#8 0x7fcef1 in main /home/midenok/src/mariadb/10.4/src/sql/main.cc:25:10
|
#9 0x7f7fa6a7ab6a in __libc_start_main /build/glibc-KRRWSm/glibc-2.29/csu/../csu/libc-start.c:308:16
|
|
|
SUMMARY: AddressSanitizer: heap-use-after-free /home/midenok/src/mariadb/10.4/src/storage/innobase/include/dict0mem.h:519:10 in id_name_t::operator char const*() const
|
Shadow bytes around the buggy address:
|
0x0c3080006250: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c3080006260: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c3080006270: fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa
|
0x0c3080006280: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c3080006290: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
=>0x0c30800062a0: fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c30800062b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c30800062c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c30800062d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c30800062e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c30800062f0: fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
Addressable: 00
|
Partially addressable: 01 02 03 04 05 06 07
|
Heap left redzone: fa
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack after return: f5
|
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
Container overflow: fc
|
Array cookie: ac
|
Intra object redzone: bb
|
ASan internal: fe
|
Left alloca redzone: ca
|
Right alloca redzone: cb
|
Shadow gap: cc
|
==16101==ABORTING
|
Attachments
Issue Links
- duplicates
-
-
- Closed
-
- relates to
-
-
- Closed
-