Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-20214

parts.partition_basic_innodb failed in buildbot with AddressSanitizer: use-after-poison in Table_triggers_list::~Table_triggers_list

    XMLWordPrintable

Details

    Description

      http://buildbot.askmonty.org/buildbot/builders/kvm-fulltest-big/builds/2872

      bb-10.4-release 1c27eb7ebd2c95008ba9b4fdfdee4061

      parts.partition_basic_innodb 'innodb'    w2 [ fail ]
              Test ended at 2019-07-28 15:24:15
       
      CURRENT_TEST: parts.partition_basic_innodb
      mysqltest: In included file "./suite/parts/inc/partition_trigg3.inc": 
      included from ./suite/parts/inc/partition_check.inc at line 1097:
      included from ./suite/parts/inc/partition_methods2.inc at line 225:
      included from ./suite/parts/inc/partition_basic.inc at line 36:
      included from /mnt/buildbot/build/mariadb-10.4.7/mysql-test/suite/parts/t/partition_basic_innodb.test at line 81:
      At line 38: query 'CREATE TRIGGER trg_3 $event ON t1 FOR EACH ROW
      BEGIN
      SET new.f_int1 = @my_max1 + @counter,
      new.f_int2 = @my_min2 - @counter,
      new.f_charbig = '####updated per insert trigger####';
      SET @counter = @counter + 1;
      END' failed: 2013: Lost connection to MySQL server during query
       
      The result from queries just before the failure was:
      < snip >
      SET new.f_int1 = new.f_int1 + @max_row,
      new.f_int2 = new.f_int2 - @max_row,
      new.f_charbig = '####updated per update trigger####';
      END|
      UPDATE t1
      SET f_int1 = f_int1 + @max_row, f_int2 = f_int2 - @max_row,
      f_charbig = '####updated per update statement itself####';
      	
      # check trigger-10 success: 	1
      DROP TRIGGER trg_2;
      UPDATE t1 SET f_int1 = CAST(f_char1 AS SIGNED INT),
      f_int2 = CAST(f_char1 AS SIGNED INT),
      f_charbig = CONCAT('===',f_char1,'===');
      CREATE TRIGGER trg_3 BEFORE INSERT ON t1 FOR EACH ROW
      BEGIN
      SET new.f_int1 = @my_max1 + @counter,
      new.f_int2 = @my_min2 - @counter,
      new.f_charbig = '####updated per insert trigger####';
      SET @counter = @counter + 1;
      END|
       
      More results from queries before failure can be found in /mnt/buildbot/build/mariadb-10.4.7/mysql-test/var/2/log/partition_basic_innodb.log
       
       
      Server [mysqld.1 - pid: 14848, winpid: 14848, exit: 256] failed during test run
      Server log from this test:
      ----------SERVER LOG START-----------
      =================================================================
      ==14849==ERROR: AddressSanitizer: use-after-poison on address 0x620000597aa0 at pc 0x000000a62abb bp 0x7ff8ea0dc720 sp 0x7ff8ea0dc710
      READ of size 8 at 0x620000597aa0 thread T27
          #0 0xa62aba in Table_triggers_list::~Table_triggers_list() /home/buildbot/buildbot/build/mariadb-10.4.7/sql/sql_trigger.cc:1182
          #1 0xd22beb in intern_close_table /home/buildbot/buildbot/build/mariadb-10.4.7/sql/table_cache.cc:220
          #2 0xd22beb in tc_remove_table /home/buildbot/buildbot/build/mariadb-10.4.7/sql/table_cache.cc:260
          #3 0xd23c27 in tc_release_table(TABLE*) /home/buildbot/buildbot/build/mariadb-10.4.7/sql/table_cache.cc:474
          #4 0x75c4ea in close_thread_tables(THD*) /home/buildbot/buildbot/build/mariadb-10.4.7/sql/sql_base.cc:1020
          #5 0x892fca in mysql_execute_command(THD*) /home/buildbot/buildbot/build/mariadb-10.4.7/sql/sql_parse.cc:6164
          #6 0x8aac3a in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /home/buildbot/buildbot/build/mariadb-10.4.7/sql/sql_parse.cc:7908
          #7 0x8afd3d in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /home/buildbot/buildbot/build/mariadb-10.4.7/sql/sql_parse.cc:1843
          #8 0x8b498c in do_command(THD*) /home/buildbot/buildbot/build/mariadb-10.4.7/sql/sql_parse.cc:1360
          #9 0xb46777 in do_handle_one_connection(CONNECT*) /home/buildbot/buildbot/build/mariadb-10.4.7/sql/sql_connect.cc:1404
          #10 0xb46b5a in handle_one_connection /home/buildbot/buildbot/build/mariadb-10.4.7/sql/sql_connect.cc:1306
          #11 0x13ac62b in pfs_spawn_thread /home/buildbot/buildbot/build/mariadb-10.4.7/storage/perfschema/pfs.cc:1862
          #12 0x7ff9016046b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
          #13 0x7ff900aab82c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x10682c)
       
      0x620000597aa0 is located 2592 bytes inside of 3944-byte region [0x620000597080,0x620000597fe8)
      allocated by thread T27 here:
          #0 0x7ff9025b1602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
          #1 0x1dd1b5e in my_malloc /home/buildbot/buildbot/build/mariadb-10.4.7/mysys/my_malloc.c:101
          #2 0x1dbd995 in alloc_root /home/buildbot/buildbot/build/mariadb-10.4.7/mysys/my_alloc.c:250
          #3 0x881c2f in Query_arena::calloc(unsigned long) /home/buildbot/buildbot/build/mariadb-10.4.7/sql/sql_class.h:1052
          #4 0x881c2f in st_select_lex::add_table_to_list(THD*, Table_ident*, st_mysql_const_lex_string*, unsigned long, thr_lock_type, enum_mdl_type, List<Index_hint>*, List<String>*, st_mysql_lex_string*) /home/buildbot/buildbot/build/mariadb-10.4.7/sql/sql_parse.cc:8095
          #5 0x828ba2 in init_lex_with_single_table(THD*, TABLE*, LEX*) /home/buildbot/buildbot/build/mariadb-10.4.7/sql/sql_lex.cc:197
          #6 0x127817a in fix_fields_part_func /home/buildbot/buildbot/build/mariadb-10.4.7/sql/sql_partition.cc:837
          #7 0x127aefd in fix_partition_func(THD*, TABLE*, bool) /home/buildbot/buildbot/build/mariadb-10.4.7/sql/sql_partition.cc:2016
          #8 0xacc3c3 in open_table_from_share(THD*, TABLE_SHARE*, st_mysql_const_lex_string const*, unsigned int, unsigned int, unsigned int, TABLE*, bool, List<String>*) /home/buildbot/buildbot/build/mariadb-10.4.7/sql/table.cc:3824
          #9 0x761b3b in open_table(THD*, TABLE_LIST*, Open_table_context*) /home/buildbot/buildbot/build/mariadb-10.4.7/sql/sql_base.cc:2086
          #10 0x76ac01 in open_and_process_table /home/buildbot/buildbot/build/mariadb-10.4.7/sql/sql_base.cc:3841
          #11 0x76ac01 in open_tables(THD*, DDL_options_st const&, TABLE_LIST**, unsigned int*, unsigned int, Prelocking_strategy*) /home/buildbot/buildbot/build/mariadb-10.4.7/sql/sql_base.cc:4341
          #12 0x8db6b9 in open_tables(THD*, TABLE_LIST**, unsigned int*, unsigned int) /home/buildbot/buildbot/build/mariadb-10.4.7/sql/sql_base.h:474
          #13 0x8db6b9 in mysql_test_update /home/buildbot/buildbot/build/mariadb-10.4.7/sql/sql_prepare.cc:1365
          #14 0x8db6b9 in check_prepared_statement /home/buildbot/buildbot/build/mariadb-10.4.7/sql/sql_prepare.cc:2330
          #15 0x8db6b9 in Prepared_statement::prepare(char const*, unsigned int) /home/buildbot/buildbot/build/mariadb-10.4.7/sql/sql_prepare.cc:4048
          #16 0x8df468 in mysqld_stmt_prepare(THD*, char const*, unsigned int) /home/buildbot/buildbot/build/mariadb-10.4.7/sql/sql_prepare.cc:2658
          #17 0x8af877 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /home/buildbot/buildbot/build/mariadb-10.4.7/sql/sql_parse.cc:1786
          #18 0x8b498c in do_command(THD*) /home/buildbot/buildbot/build/mariadb-10.4.7/sql/sql_parse.cc:1360
          #19 0xb46777 in do_handle_one_connection(CONNECT*) /home/buildbot/buildbot/build/mariadb-10.4.7/sql/sql_connect.cc:1404
          #20 0xb46b5a in handle_one_connection /home/buildbot/buildbot/build/mariadb-10.4.7/sql/sql_connect.cc:1306
          #21 0x13ac62b in pfs_spawn_thread /home/buildbot/buildbot/build/mariadb-10.4.7/storage/perfschema/pfs.cc:1862
          #22 0x7ff9016046b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
       
      Thread T27 created by T0 here:
          #0 0x7ff90254f253 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x36253)
          #1 0x13b4693 in spawn_thread_v1 /home/buildbot/buildbot/build/mariadb-10.4.7/storage/perfschema/pfs.cc:1912
          #2 0x664686 in inline_mysql_thread_create /home/buildbot/buildbot/build/mariadb-10.4.7/include/mysql/psi/mysql_thread.h:1268
          #3 0x664686 in create_thread_to_handle_connection(CONNECT*) /home/buildbot/buildbot/build/mariadb-10.4.7/sql/mysqld.cc:6238
          #4 0x6708e3 in create_new_thread(CONNECT*) /home/buildbot/buildbot/build/mariadb-10.4.7/sql/mysqld.cc:6308
          #5 0x670d20 in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /home/buildbot/buildbot/build/mariadb-10.4.7/sql/mysqld.cc:6406
          #6 0x671950 in handle_connections_sockets() /home/buildbot/buildbot/build/mariadb-10.4.7/sql/mysqld.cc:6564
          #7 0x673981 in mysqld_main(int, char**) /home/buildbot/buildbot/build/mariadb-10.4.7/sql/mysqld.cc:5896
          #8 0x7ff9009c582f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
       
      SUMMARY: AddressSanitizer: use-after-poison /home/buildbot/buildbot/build/mariadb-10.4.7/sql/sql_trigger.cc:1182 Table_triggers_list::~Table_triggers_list()
      Shadow bytes around the buggy address:
        0x0c40800aaf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
        0x0c40800aaf10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
        0x0c40800aaf20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
        0x0c40800aaf30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
        0x0c40800aaf40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      =>0x0c40800aaf50: 00 f7 f7 f7[f7]f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
        0x0c40800aaf60: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
        0x0c40800aaf70: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
        0x0c40800aaf80: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
        0x0c40800aaf90: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
        0x0c40800aafa0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
      Shadow byte legend (one shadow byte represents 8 application bytes):
        Addressable:           00
        Partially addressable: 01 02 03 04 05 06 07 
        Heap left redzone:       fa
        Heap right redzone:      fb
        Freed heap region:       fd
        Stack left redzone:      f1
        Stack mid redzone:       f2
        Stack right redzone:     f3
        Stack partial redzone:   f4
        Stack after return:      f5
        Stack use after scope:   f8
        Global redzone:          f9
        Global init order:       f6
        Poisoned by user:        f7
        Container overflow:      fc
        Array cookie:            ac
        Intra object redzone:    bb
        ASan internal:           fe
      ==14849==ABORTING
      

      Attachments

        Activity

          People

            sanja Oleksandr Byelkin
            elenst Elena Stepanova
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.