Details
Major Description
--source include/master-slave.inc
|
|
--connection master
|
RESET MASTER;
|
SET @@GLOBAL.rpl_semi_sync_master_enabled = 1; |
GRANT REPLICATION SLAVE ON *.* TO u1@localhost IDENTIFIED BY 'p'; |
|
--sync_slave_with_master
|
source include/stop_slave.inc;
|
SET @@GLOBAL.rpl_semi_sync_slave_enabled = 1; |
|
|
--connection slave
|
CHANGE MASTER TO master_user='u1', master_host='localhost', master_password='p'; |
--source include/start_slave.inc
|
|
|
--connection master
|
DROP USER u1@localhost; |
FLUSH PRIVILEGES; |
--sync_slave_with_master
|
|
|
--source include/stop_slave.inc
|
START SLAVE;
|
--source include/wait_for_slave_io_to_stop.inc |
|
10.3 e928fdbff1369036 |
2022-02-15 11:03:22 18 [ERROR] Slave I/O: error connecting to master 'u1@localhost:16000' - retry-time: 1 maximum-retries: 10 message: Access denied for user 'u1'@'localhost' (using password: YES), Internal MariaDB error code: 1045
|
2022-02-15 11:03:31 18 [Note] Slave I/O thread killed while connecting to master
|
2022-02-15 11:03:31 18 [Note] Slave I/O thread exiting, read up to log 'master-bin.000001', position 774
|
2022-02-15 11:03:31 18 [Note] master was localhost:16000
|
=================================================================
|
==1014350==ERROR: AddressSanitizer: heap-use-after-free on address 0x61100008e288 at pc 0x55de56f1b784 bp 0x7f2d157e4ed0 sp 0x7f2d157e4ec0
|
READ of size 1 at 0x61100008e288 thread T36
|
#0 0x55de56f1b783 in mysql_real_connect /10.3/src/sql-common/client.c:2938
|
#1 0x55de56d6a162 in Repl_semi_sync_slave::kill_connection(st_mysql*) /10.3/src/sql/semisync_slave.cc:141
|
#2 0x55de56d69ec8 in Repl_semi_sync_slave::slave_stop(Master_info*) /10.3/src/sql/semisync_slave.cc:120
|
#3 0x55de5661fca3 in handle_slave_io /10.3/src/sql/slave.cc:4898
|
#4 0x55de5825ff0c in pfs_spawn_thread /10.3/src/storage/perfschema/pfs.cc:1869
|
#5 0x7f2d2c29e608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477
|
#6 0x7f2d2c1c3292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)
|
|
|
0x61100008e288 is located 136 bytes inside of 204-byte region [0x61100008e200,0x61100008e2cc)
|
freed by thread T36 here:
|
#0 0x7f2d2cb7a7cf in __interceptor_free (/lib/x86_64-linux-gnu/libasan.so.5+0x10d7cf)
|
#1 0x55de583acbd1 in free_memory /10.3/src/mysys/safemalloc.c:279
|
#2 0x55de583ac18d in sf_free /10.3/src/mysys/safemalloc.c:197
|
#3 0x55de5837a4b8 in my_free /10.3/src/mysys/my_malloc.c:223
|
#4 0x55de56f206e9 in mysql_close_free /10.3/src/sql-common/client.c:3644
|
#5 0x55de56f1e71d in mysql_real_connect /10.3/src/sql-common/client.c:3451
|
#6 0x55de5662f817 in connect_to_master /10.3/src/sql/slave.cc:7130
|
#7 0x55de5662ed4f in safe_connect /10.3/src/sql/slave.cc:7042
|
#8 0x55de5661db86 in handle_slave_io /10.3/src/sql/slave.cc:4580
|
#9 0x55de5825ff0c in pfs_spawn_thread /10.3/src/storage/perfschema/pfs.cc:1869
|
#10 0x7f2d2c29e608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477
|
|
|
previously allocated by thread T36 here:
|
#0 0x7f2d2cb7abc8 in malloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10dbc8)
|
#1 0x55de583abb41 in sf_malloc /10.3/src/mysys/safemalloc.c:118
|
#2 0x55de583799c1 in my_malloc /10.3/src/mysys/my_malloc.c:101
|
#3 0x55de58353678 in my_multi_malloc /10.3/src/mysys/mulalloc.c:51
|
#4 0x55de56f1dd36 in mysql_real_connect /10.3/src/sql-common/client.c:3313
|
#5 0x55de5662f817 in connect_to_master /10.3/src/sql/slave.cc:7130
|
#6 0x55de5662ed4f in safe_connect /10.3/src/sql/slave.cc:7042
|
#7 0x55de5661db86 in handle_slave_io /10.3/src/sql/slave.cc:4580
|
#8 0x55de5825ff0c in pfs_spawn_thread /10.3/src/storage/perfschema/pfs.cc:1869
|
#9 0x7f2d2c29e608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477
|
|
|
Thread T36 created by T32 here:
|
#0 0x7f2d2caa7805 in pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x3a805)
|
#1 0x55de582602fd in spawn_thread_v1 /10.3/src/storage/perfschema/pfs.cc:1919
|
#2 0x55de5660092a in inline_mysql_thread_create /10.3/src/include/mysql/psi/mysql_thread.h:1275
|
#3 0x55de5660811d in start_slave_thread(unsigned int, void* (*)(void*), st_mysql_mutex*, st_mysql_mutex*, st_mysql_cond*, unsigned int volatile*, unsigned long volatile*, Master_info*) /10.3/src/sql/slave.cc:1114
|
#4 0x55de56608bd2 in start_slave_threads(THD*, bool, bool, Master_info*, char const*, char const*, int) /10.3/src/sql/slave.cc:1230
|
#5 0x55de569046c0 in start_slave(THD*, Master_info*, bool) /10.3/src/sql/sql_repl.cc:3208
|
#6 0x55de56872142 in mysql_execute_command(THD*) /10.3/src/sql/sql_parse.cc:4183
|
#7 0x55de5688c621 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /10.3/src/sql/sql_parse.cc:7870
|
#8 0x55de568634fe in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /10.3/src/sql/sql_parse.cc:1852
|
#9 0x55de56860041 in do_command(THD*) /10.3/src/sql/sql_parse.cc:1398
|
#10 0x55de56c31adc in do_handle_one_connection(CONNECT*) /10.3/src/sql/sql_connect.cc:1403
|
#11 0x55de56c31396 in handle_one_connection /10.3/src/sql/sql_connect.cc:1308
|
#12 0x55de5825ff0c in pfs_spawn_thread /10.3/src/storage/perfschema/pfs.cc:1869
|
#13 0x7f2d2c29e608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477
|
|
|
Thread T32 created by T0 here:
|
#0 0x7f2d2caa7805 in pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x3a805)
|
#1 0x55de582602fd in spawn_thread_v1 /10.3/src/storage/perfschema/pfs.cc:1919
|
#2 0x55de5658836e in inline_mysql_thread_create /10.3/src/include/mysql/psi/mysql_thread.h:1275
|
#3 0x55de565a112b in create_thread_to_handle_connection(CONNECT*) /10.3/src/sql/mysqld.cc:6666
|
#4 0x55de565a18c6 in create_new_thread /10.3/src/sql/mysqld.cc:6736
|
#5 0x55de565a2a58 in handle_connections_sockets() /10.3/src/sql/mysqld.cc:6994
|
#6 0x55de565a041c in mysqld_main(int, char**) /10.3/src/sql/mysqld.cc:6288
|
#7 0x55de56586b6c in main /10.3/src/sql/main.cc:25
|
#8 0x7f2d2c0c80b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
|
|
|
SUMMARY: AddressSanitizer: heap-use-after-free /10.3/src/sql-common/client.c:2938 in mysql_real_connect
|
Shadow bytes around the buggy address:
|
0x0c2280009c00: fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa
|
0x0c2280009c10: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
|
0x0c2280009c20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c2280009c30: fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c2280009c40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
=>0x0c2280009c50: fd[fd]fd fd fd fd fd fd fd fd fa fa fa fa fa fa
|
0x0c2280009c60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c2280009c70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c2280009c80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c2280009c90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c2280009ca0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
Addressable: 00
|
Partially addressable: 01 02 03 04 05 06 07
|
Heap left redzone: fa
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack after return: f5
|
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
Container overflow: fc
|
Array cookie: ac
|
Intra object redzone: bb
|
ASan internal: fe
|
Left alloca redzone: ca
|
Right alloca redzone: cb
|
Shadow gap: cc
|
==1014350==ABORTING
|
----------SERVER LOG END-------------
|
Attachments
Issue Links
- relates to
-
MDEV-16812 Semisync slave io thread segfaults at STOP-SLAVE handling
-
- Closed
-