Details
-
Bug
-
Status: Open (View Workflow)
-
Major
-
Resolution: Unresolved
-
10.4, 10.5, 10.6, 10.10, 10.11, 11.0, 11.1
-
None
Description
The test cases differ only in the name of the 2nd table, provided separately for demonstrating slightly different effects.
INSTALL SONAME 'ha_mroonga'; |
|
|
--connect (con1,localhost,root,,)
|
CREATE TEMPORARY TABLE t1 (a INT) ENGINE=Mroonga; |
CREATE TEMPORARY TABLE t_mroonga (b INT) ENGINE=Mroonga; |
--connection default
|
--source include/restart_mysqld.inc
|
|
|
# Cleanup
|
UNINSTALL SONAME 'ha_mroonga'; |
|
10.4 7d7ea799 |
==2560996==ERROR: AddressSanitizer: use-after-poison on address 0x62b0000933c8 at pc 0x7fc5a7b14cc4 bp 0x7fc5a095a580 sp 0x7fc5a095a578
|
READ of size 8 at 0x62b0000933c8 thread T6
|
#0 0x7fc5a7b14cc3 in ha_mroonga::create_share_for_create() const /data/src/10.4/storage/mroonga/ha_mroonga.cpp:3047
|
#1 0x7fc5a7b13061 in ha_mroonga::table_flags() const /data/src/10.4/storage/mroonga/ha_mroonga.cpp:2908
|
#2 0x55594d73b1e1 in handler::init() /data/src/10.4/sql/handler.h:3172
|
#3 0x55594db8f021 in get_new_handler(TABLE_SHARE*, st_mem_root*, handlerton*) /data/src/10.4/sql/handler.cc:317
|
#4 0x55594d9e21ef in THD::rm_temporary_table(handlerton*, char const*) /data/src/10.4/sql/temporary_tables.cc:697
|
#5 0x55594d9e6fdf in THD::free_tmp_table_share(TMP_TABLE_SHARE*, bool) /data/src/10.4/sql/temporary_tables.cc:1465
|
#6 0x55594d9e12e1 in THD::close_temporary_tables() /data/src/10.4/sql/temporary_tables.cc:539
|
#7 0x55594d2c6c65 in THD::cleanup() /data/src/10.4/sql/sql_class.cc:1527
|
#8 0x55594d0f21f3 in unlink_thd(THD*) /data/src/10.4/sql/mysqld.cc:2633
|
#9 0x55594d0f2cf6 in one_thread_per_connection_end(THD*, bool) /data/src/10.4/sql/mysqld.cc:2782
|
#10 0x55594d7db5c4 in do_handle_one_connection(CONNECT*) /data/src/10.4/sql/sql_connect.cc:1431
|
#11 0x55594d7dad12 in handle_one_connection /data/src/10.4/sql/sql_connect.cc:1324
|
#12 0x55594e44be7b in pfs_spawn_thread /data/src/10.4/storage/perfschema/pfs.cc:1869
|
#13 0x7fc5b0dc8fd3 in start_thread nptl/pthread_create.c:442
|
#14 0x7fc5b0e495bb in clone3 ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
|
|
|
0x62b0000933c8 is located 456 bytes inside of 24608-byte region [0x62b000093200,0x62b000099220)
|
allocated by thread T6 here:
|
#0 0x7fc5b14b89cf in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69
|
#1 0x55594ef959b8 in my_malloc /data/src/10.4/mysys/my_malloc.c:101
|
#2 0x55594ef71b54 in reset_root_defaults /data/src/10.4/mysys/my_alloc.c:155
|
#3 0x55594d2c5d9a in THD::init_for_queries() /data/src/10.4/sql/sql_class.cc:1388
|
#4 0x55594d7da62e in prepare_new_connection_state(THD*) /data/src/10.4/sql/sql_connect.cc:1254
|
#5 0x55594d7dad58 in thd_prepare_connection(THD*) /data/src/10.4/sql/sql_connect.cc:1339
|
#6 0x55594d7db35a in do_handle_one_connection(CONNECT*) /data/src/10.4/sql/sql_connect.cc:1410
|
#7 0x55594d7dad12 in handle_one_connection /data/src/10.4/sql/sql_connect.cc:1324
|
#8 0x55594e44be7b in pfs_spawn_thread /data/src/10.4/storage/perfschema/pfs.cc:1869
|
#9 0x7fc5b0dc8fd3 in start_thread nptl/pthread_create.c:442
|
|
|
Thread T6 created by T0 here:
|
#0 0x7fc5b1449726 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:207
|
#1 0x55594e44c268 in spawn_thread_v1 /data/src/10.4/storage/perfschema/pfs.cc:1919
|
#2 0x55594d0e6f89 in inline_mysql_thread_create /data/src/10.4/include/mysql/psi/mysql_thread.h:1275
|
#3 0x55594d0fe690 in create_thread_to_handle_connection(CONNECT*) /data/src/10.4/sql/mysqld.cc:6287
|
#4 0x55594d0feddb in create_new_thread(CONNECT*) /data/src/10.4/sql/mysqld.cc:6357
|
#5 0x55594d0ff2a9 in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/src/10.4/sql/mysqld.cc:6455
|
#6 0x55594d100155 in handle_connections_sockets() /data/src/10.4/sql/mysqld.cc:6613
|
#7 0x55594d0fddf3 in mysqld_main(int, char**) /data/src/10.4/sql/mysqld.cc:5945
|
#8 0x55594d0e50b8 in main /data/src/10.4/sql/main.cc:25
|
#9 0x7fc5b0d67189 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
|
|
|
SUMMARY: AddressSanitizer: use-after-poison /data/src/10.4/storage/mroonga/ha_mroonga.cpp:3047 in ha_mroonga::create_share_for_create() const
|
Shadow bytes around the buggy address:
|
0x0c568000a620: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c568000a630: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c568000a640: 00 00 00 00 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x0c568000a650: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x0c568000a660: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
=>0x0c568000a670: f7 f7 f7 f7 f7 f7 f7 f7 f7[f7]f7 f7 f7 f7 f7 f7
|
0x0c568000a680: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x0c568000a690: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x0c568000a6a0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x0c568000a6b0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x0c568000a6c0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
Addressable: 00
|
Partially addressable: 01 02 03 04 05 06 07
|
Heap left redzone: fa
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack after return: f5
|
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
Container overflow: fc
|
Array cookie: ac
|
Intra object redzone: bb
|
ASan internal: fe
|
Left alloca redzone: ca
|
Right alloca redzone: cb
|
INSTALL SONAME 'ha_mroonga'; |
|
|
--connect (con1,localhost,root,,)
|
CREATE TEMPORARY TABLE t1 (a INT) ENGINE=Mroonga; |
CREATE TEMPORARY TABLE t2 (b INT) ENGINE=Mroonga; |
--connection default
|
--source include/restart_mysqld.inc
|
|
|
# Cleanup
|
UNINSTALL SONAME 'ha_mroonga'; |
==2561422==ERROR: AddressSanitizer: allocator is out of memory trying to allocate 0x4000000050 bytes
|
#0 0x7fedd76b89cf in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69
|
#1 0x55caa7f4e9b8 in my_malloc /data/src/10.4/mysys/my_malloc.c:101
|
#2 0x55caa7f4fa68 in my_strndup /data/src/10.4/mysys/my_malloc.c:256
|
#3 0x7fedcdf14d11 in ha_mroonga::create_share_for_create() const /data/src/10.4/storage/mroonga/ha_mroonga.cpp:3047
|
#4 0x7fedcdf13061 in ha_mroonga::table_flags() const /data/src/10.4/storage/mroonga/ha_mroonga.cpp:2908
|
#5 0x55caa66f41e1 in handler::init() /data/src/10.4/sql/handler.h:3172
|
#6 0x55caa6b48021 in get_new_handler(TABLE_SHARE*, st_mem_root*, handlerton*) /data/src/10.4/sql/handler.cc:317
|
#7 0x55caa699b1ef in THD::rm_temporary_table(handlerton*, char const*) /data/src/10.4/sql/temporary_tables.cc:697
|
#8 0x55caa699ffdf in THD::free_tmp_table_share(TMP_TABLE_SHARE*, bool) /data/src/10.4/sql/temporary_tables.cc:1465
|
#9 0x55caa699a2e1 in THD::close_temporary_tables() /data/src/10.4/sql/temporary_tables.cc:539
|
#10 0x55caa627fc65 in THD::cleanup() /data/src/10.4/sql/sql_class.cc:1527
|
#11 0x55caa60ab1f3 in unlink_thd(THD*) /data/src/10.4/sql/mysqld.cc:2633
|
#12 0x55caa60abcf6 in one_thread_per_connection_end(THD*, bool) /data/src/10.4/sql/mysqld.cc:2782
|
#13 0x55caa67945c4 in do_handle_one_connection(CONNECT*) /data/src/10.4/sql/sql_connect.cc:1431
|
#14 0x55caa6793d12 in handle_one_connection /data/src/10.4/sql/sql_connect.cc:1324
|
#15 0x55caa7404e7b in pfs_spawn_thread /data/src/10.4/storage/perfschema/pfs.cc:1869
|
#16 0x7fedd70a7fd3 in start_thread nptl/pthread_create.c:442
|
|
|
==2561422==HINT: if you don't care about these errors you may set allocator_may_return_null=1
|
SUMMARY: AddressSanitizer: out-of-memory ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69 in __interceptor_malloc
|
Thread T6 created by T0 here:
|
#0 0x7fedd7649726 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:207
|
#1 0x55caa7405268 in spawn_thread_v1 /data/src/10.4/storage/perfschema/pfs.cc:1919
|
#2 0x55caa609ff89 in inline_mysql_thread_create /data/src/10.4/include/mysql/psi/mysql_thread.h:1275
|
#3 0x55caa60b7690 in create_thread_to_handle_connection(CONNECT*) /data/src/10.4/sql/mysqld.cc:6287
|
#4 0x55caa60b7ddb in create_new_thread(CONNECT*) /data/src/10.4/sql/mysqld.cc:6357
|
#5 0x55caa60b82a9 in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/src/10.4/sql/mysqld.cc:6455
|
#6 0x55caa60b9155 in handle_connections_sockets() /data/src/10.4/sql/mysqld.cc:6613
|
#7 0x55caa60b6df3 in mysqld_main(int, char**) /data/src/10.4/sql/mysqld.cc:5945
|
#8 0x55caa609e0b8 in main /data/src/10.4/sql/main.cc:25
|
#9 0x7fedd7046189 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
|