Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-34621

mariadb-slap -i0 results in Floating point exception (core dumped)

Details

    Description

      When running mariadb-slap with the "-i0" parameter (for 0 iterations) the program terminates with a core dump: 

      mariadb-slap -i0 --only-print
      		 
      Floating point exception (core dumped)

      Not sure if important, but I have tested this with a couple of different versions:

      • With 10.6.18 on RHEL7 it just says "Floating point exception" without the "core dumped".
      • With 10.11.8 on FreeBSD I get the full "Floating point exception (core dumped)"
      • With 11.4.0-preview-linux-systemd-x86_64 I also get the full "Floating point exception (core dumped)"

      Attachments

        Activity

          alice Alice Sherepa added a comment -

          Thank you for the report! I repeated on 10.5-11.5:

          =================================================================
          		 
          ==2442917==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60e0000006f8 at pc 0x55b973be3193 bp 0x7ffc64368300 sp 0x7ffc643682f0
          		 
          READ of size 8 at 0x60e0000006f8 thread T0
          		 
              #0 0x55b973be3192 in generate_stats /10.5/src/client/mysqlslap.c:2214
          		 
              #1 0x55b973bda0c8 in concurrency_loop /10.5/src/client/mysqlslap.c:515
          		 
              #2 0x55b973bd9a2c in main /10.5/src/client/mysqlslap.c:391
          		 
              #3 0x7f897fbba082 in __libc_start_main ../csu/libc-start.c:308
          		 
              #4 0x55b973bd8f4d in _start (/home/alice/am/_depot/m-branch/m5-10.5-bld/client/mariadb-slap+0x9df4d)
          		 
           
          		 
          0x60e0000006f8 is located 4 bytes to the right of 148-byte region [0x60e000000660,0x60e0000006f4)
          		 
          allocated by thread T0 here:
          		 
              #0 0x7f8980592808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144
          		 
              #1 0x55b973cb212e in sf_malloc /10.5/src/mysys/safemalloc.c:121
          		 
              #2 0x55b973ca171b in my_malloc /10.5/src/mysys/my_malloc.c:91
          		 
              #3 0x55b973bd9d6e in concurrency_loop /10.5/src/client/mysqlslap.c:439
          		 
              #4 0x55b973bd9a2c in main /10.5/src/client/mysqlslap.c:391
          		 
              #5 0x7f897fbba082 in __libc_start_main ../csu/libc-start.c:308
          		 
           
          		 
          SUMMARY: AddressSanitizer: heap-buffer-overflow /10.5/src/client/mysqlslap.c:2214 in generate_stats
          		 
          Shadow bytes around the buggy address:
          		 
            0x0c1c7fff8080: fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa
          		 
            0x0c1c7fff8090: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
          		 
            0x0c1c7fff80a0: fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa
          		 
            0x0c1c7fff80b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
          		 
            0x0c1c7fff80c0: fd fd fd fa fa fa fa fa fa fa fa fa 00 00 00 00
          		 
          =>0x0c1c7fff80d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04[fa]
          		 
            0x0c1c7fff80e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
          		 
            0x0c1c7fff80f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
          		 
            0x0c1c7fff8100: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
          		 
            0x0c1c7fff8110: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
          		 
            0x0c1c7fff8120: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
          		 
          Shadow byte legend (one shadow byte represents 8 application bytes):
          		 
            Addressable:           00
          		 
            Partially addressable: 01 02 03 04 05 06 07 
            Heap left redzone:       fa
          		 
            Freed heap region:       fd
          		 
            Stack left redzone:      f1
          		 
            Stack mid redzone:       f2
          		 
            Stack right redzone:     f3
          		 
            Stack after return:      f5
          		 
            Stack use after scope:   f8
          		 
            Global redzone:          f9
          		 
            Global init order:       f6
          		 
            Poisoned by user:        f7
          		 
            Container overflow:      fc
          		 
            Array cookie:            ac
          		 
            Intra object redzone:    bb
          		 
            ASan internal:           fe
          		 
            Left alloca redzone:     ca
          		 
            Right alloca redzone:    cb
          		 
            Shadow gap:              cc
          		 
          ==2442917==ABORTING

          also with -i M , -i G , etc. ( Legal suffix characters are: K, M, G, T, P, E)

          alice Alice Sherepa added a comment - Thank you for the report! I repeated on 10.5-11.5: ================================================================= ==2442917==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60e0000006f8 at pc 0x55b973be3193 bp 0x7ffc64368300 sp 0x7ffc643682f0 READ of size 8 at 0x60e0000006f8 thread T0 #0 0x55b973be3192 in generate_stats /10.5/src/client/mysqlslap.c:2214 #1 0x55b973bda0c8 in concurrency_loop /10.5/src/client/mysqlslap.c:515 #2 0x55b973bd9a2c in main /10.5/src/client/mysqlslap.c:391 #3 0x7f897fbba082 in __libc_start_main ../csu/libc-start.c:308 #4 0x55b973bd8f4d in _start (/home/alice/am/_depot/m-branch/m5-10.5-bld/client/mariadb-slap+0x9df4d)   0x60e0000006f8 is located 4 bytes to the right of 148-byte region [0x60e000000660,0x60e0000006f4) allocated by thread T0 here: #0 0x7f8980592808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144 #1 0x55b973cb212e in sf_malloc /10.5/src/mysys/safemalloc.c:121 #2 0x55b973ca171b in my_malloc /10.5/src/mysys/my_malloc.c:91 #3 0x55b973bd9d6e in concurrency_loop /10.5/src/client/mysqlslap.c:439 #4 0x55b973bd9a2c in main /10.5/src/client/mysqlslap.c:391 #5 0x7f897fbba082 in __libc_start_main ../csu/libc-start.c:308   SUMMARY: AddressSanitizer: heap-buffer-overflow /10.5/src/client/mysqlslap.c:2214 in generate_stats Shadow bytes around the buggy address: 0x0c1c7fff8080: fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa 0x0c1c7fff8090: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd 0x0c1c7fff80a0: fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa 0x0c1c7fff80b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c1c7fff80c0: fd fd fd fa fa fa fa fa fa fa fa fa 00 00 00 00 =>0x0c1c7fff80d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04[fa] 0x0c1c7fff80e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c1c7fff80f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c1c7fff8100: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c1c7fff8110: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c1c7fff8120: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==2442917==ABORTING also with -i M , -i G , etc. ( Legal suffix characters are: K, M, G, T, P, E)

          People

            sanja Oleksandr Byelkin
            karll Karl Levik
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.