Details
Description
Seen in 10.4, possibly present elsewhere, did not check
From
https://buildbot.mariadb.org/#/builders/168/builds/18664/steps/9/logs/stdio
gcol.innodb_virtual_fk_restart 'innodb' w13 [ fail ] Found warnings/errors in server log file!
|
Test ended at 2023-02-08 11:04:48
|
line
|
==213377==ERROR: LeakSanitizer: detected memory leaks
|
SUMMARY: AddressSanitizer: 608 byte(s) leaked in 6 allocation(s).
|
Attempting backtrace. You can use the following information to find out
|
^ Found warnings in /buildbot/amd64-ubuntu-1804-clang10-asan/build/mysql-test/var/13/log/mysqld.1.err
|
ok
|
- found 'core' (0/1)
|
Core generated by '/buildbot/amd64-ubuntu-1804-clang10-asan/build/sql/mysqld'
|
Output from gdb follows. The first stack trace is from the failing thread.
|
The following stack traces are from all threads (so the failing one is
|
duplicated).
|
--------------------------
|
[New LWP 213377]
|
[Thread debugging using libthread_db enabled]
|
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
|
Core was generated by `/buildbot/amd64-ubuntu-1804-clang10-asan/build/sql/mysqld --defaults-group-suff'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 0x00007fd47f54c2a7 in kill () from /lib/x86_64-linux-gnu/libc.so.6
|
#0 0x00007fd47f54c2a7 in kill () from /lib/x86_64-linux-gnu/libc.so.6
|
#1 0x00000000011473b0 in handle_fatal_signal (sig=<optimized out>) at signal_handler.cc:380
|
#2 <signal handler called>
|
#3 0x000000000261acf7 in my_read (Filedes=4, Buffer=0x7fff855daaa0 "Limit", ' ' <repeats 21 times>, "Soft Limit", ' ' <repeats 11 times>, "Hard Limit", ' ' <repeats 11 times>, "Units \nMax cpu time", ' ' <repeats 14 times>, "unlimited", ' ' <repeats 12 times>, "unlimited", ' ' <repeats 12 times>, "seconds \nMax file size", ' ' <repeats 13 times>, "unlimited "..., Count=4096, MyFlags=0) at my_read.c:63
|
#4 0x00000000011472b2 in output_core_info () at signal_handler.cc:73
|
#5 handle_fatal_signal (sig=<optimized out>) at signal_handler.cc:364
|
#6 <signal handler called>
|
#7 0x00007fd47f54bfb7 in raise () from /lib/x86_64-linux-gnu/libc.so.6
|
#8 0x00007fd47f54d921 in abort () from /lib/x86_64-linux-gnu/libc.so.6
|
#9 0x00000000007307f7 in __sanitizer::Abort() () at /home/brian/src/final/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_posix_libcdep.cpp:155
|
#10 0x000000000072f221 in __sanitizer::Die() () at /home/brian/src/final/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_termination.cpp:58
|
#11 0x000000000073c228 in __lsan::HandleLeaks() () at /home/brian/src/final/llvm-project/compiler-rt/lib/lsan/lsan_common_linux.cpp:115
|
#12 0x0000000000739991 in DoLeakCheck () at /home/brian/src/final/llvm-project/compiler-rt/lib/lsan/lsan_common.cpp:614
|
#13 0x00007fd47f550161 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
|
#14 0x00007fd47f55025a in exit () from /lib/x86_64-linux-gnu/libc.so.6
|
#15 0x0000000000748c6c in mysqld_exit (exit_code=0) at mysqld.cc:1964
|
#16 0x0000000000750841 in mysqld_main (argc=<optimized out>, argv=0x646c6975622f0001) at mysqld.cc:5996
|
#17 0x00007fd47f52ebf7 in __libc_start_main () from /lib/x86_64-linux-gnu/libc.so.6
|
#18 0x000000000069a47a in _start ()
|
The problem here is using my_read, which may accesses thread local storage variables and can dereference null pointer, if variables are not initialized
for example, the innocuously looking line
int got_errno= my_errno= errno;
|
in my_read() potentially dereferences null pointer, since my_errno expands to my_thread_var->thr_errno, which in turn does my_pthread_getspecific() to get my_thread_var.
I think the solution might be to abandon "my_" functions in error handler, an replace them with posix. unless one can rewrite the "my_" stuff in a safe manner, rather than assume existence of mysys thread local storage variable.
Attachments
Issue Links
- is duplicated by
-
MDEV-21582 mysqld crash with coredump on start up
-
- Closed
-