Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-21993

asan failure in encryption.innochecksum

    XMLWordPrintable

Details

    Description

      But appeared after https://github.com/mariadb/server/commit/884d22f28884e1decced1dee9c69ddcb25002ed1

      I wrongly assumed, size argument of buf_is_zeroes() is always a multiply of 4096.

      http://buildbot.askmonty.org/buildbot/builders/kvm-asan/builds/3143/steps/mtr_nm/logs/stdio

      ==19300==ERROR: AddressSanitizer: use-after-poison on address 0x7f29ace29080 at pc 0x7f29b9120720 bp 0x7f29a9063130 sp 0x7f29a90628d8
      READ of size 4096 at 0x7f29ace29080 thread T9
          #0 0x7f29b912071f in memcmp (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x7771f)
          #1 0x1a0ba07 in buf_is_zeroes(st_::span<unsigned char const>) /home/buildbot/buildbot/build/mariadb-10.2.32/storage/innobase/buf/buf0buf.cc:963
          #2 0x1746c38 in page_zip_verify_checksum(unsigned char const*, unsigned long) /home/buildbot/buildbot/build/mariadb-10.2.32/storage/innobase/page/page0zip.cc:5005
          #3 0x1a4851a in buf_flush_write_block_low /home/buildbot/buildbot/build/mariadb-10.2.32/storage/innobase/buf/buf0flu.cc:1075
          #4 0x1a49212 in buf_flush_page(buf_pool_t*, buf_page_t*, buf_flush_t, bool) /home/buildbot/buildbot/build/mariadb-10.2.32/storage/innobase/buf/buf0flu.cc:1259
          #5 0x1a49f2b in buf_flush_try_neighbors /home/buildbot/buildbot/build/mariadb-10.2.32/storage/innobase/buf/buf0flu.cc:1482
          #6 0x1a4a628 in buf_flush_page_and_try_neighbors /home/buildbot/buildbot/build/mariadb-10.2.32/storage/innobase/buf/buf0flu.cc:1555
          #7 0x1a4bd69 in buf_do_flush_list_batch /home/buildbot/buildbot/build/mariadb-10.2.32/storage/innobase/buf/buf0flu.cc:1813
          #8 0x1a4c649 in buf_flush_batch(buf_pool_t*, buf_flush_t, unsigned long, unsigned long, flush_counters_t*) /home/buildbot/buildbot/build/mariadb-10.2.32/storage/innobase/buf/buf0flu.cc:1882
          #9 0x1a4d207 in buf_flush_do_batch(buf_pool_t*, buf_flush_t, unsigned long, unsigned long, flush_counters_t*) /home/buildbot/buildbot/build/mariadb-10.2.32/storage/innobase/buf/buf0flu.cc:2052
          #10 0x1a5292d in pc_flush_slot /home/buildbot/buildbot/build/mariadb-10.2.32/storage/innobase/buf/buf0flu.cc:2860
          #11 0x1a5491d in buf_flush_page_cleaner_coordinator /home/buildbot/buildbot/build/mariadb-10.2.32/storage/innobase/buf/buf0flu.cc:3280
          #12 0x7f29b79636b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
          #13 0x7f29b6df882c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x10682c)
       
      AddressSanitizer can not describe address in more detail (wild memory access suspected).
      SUMMARY: AddressSanitizer: use-after-poison ??:0 memcmp
      Shadow bytes around the buggy address:
        0x0fe5b59bd1c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
        0x0fe5b59bd1d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
        0x0fe5b59bd1e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
        0x0fe5b59bd1f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
        0x0fe5b59bd200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      =>0x0fe5b59bd210:[f7]00 00 00 00 00 00 00 00 00 00 00 00 00 03 f7
        0x0fe5b59bd220: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 f7 00
        0x0fe5b59bd230: 00 00 00 00 00 00 00 00 00 00 00 00 03 f7 00 00
        0x0fe5b59bd240: 00 00 00 00 00 00 00 00 00 00 00 03 f7 00 00 00
        0x0fe5b59bd250: 00 00 00 00 00 00 00 00 00 00 03 f7 00 00 00 00
        0x0fe5b59bd260: 00 00 00 00 00 00 00 00 00 03 f7 00 00 00 00 00
      Shadow byte legend (one shadow byte represents 8 application bytes):
        Addressable:           00
        Partially addressable: 01 02 03 04 05 06 07 
        Heap left redzone:       fa
        Heap right redzone:      fb
        Freed heap region:       fd
        Stack left redzone:      f1
        Stack mid redzone:       f2
        Stack right redzone:     f3
        Stack partial redzone:   f4
        Stack after return:      f5
        Stack use after scope:   f8
        Global redzone:          f9
        Global init order:       f6
        Poisoned by user:        f7
        Container overflow:      fc
        Array cookie:            ac
        Intra object redzone:    bb
        ASan internal:           fe
      

      Attachments

        Activity

          People

            kevg Eugene Kosov (Inactive)
            kevg Eugene Kosov (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.