[MDEV-35510] ASAN build crashes during bootstrap - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 11.4, 11.7(EOL), 11.8
Fix Version/s: 11.4.6, 11.8.2
Component/s: Data Manipulation - Update
Labels:
- not-10.11
- not-10.5
Environment:
macOS 15.1.1 with clang 19. Fedora 41 x86_64 with clang 19 and clang 18.

Description

As of git sha a35f744d787b89c8ef8abcad1762e17b910baf2b , ASAN builds crash during the bootstrap step given the environment described in the "Environment" field on this ticket:

=================================================================

==5629==ERROR: AddressSanitizer: use-after-poison on address 0x62900003ef30 at pc 0x000103e47248 bp 0x00016d3949b0 sp 0x00016d3949a8

READ of size 8 at 0x62900003ef30 thread T0

    #0 0x103e47244 in multi_update::num_found() const sql_class.h:7649

    #1 0x103e10e70 in MYSQL_DML_DONE(THD*, int) sql_select.cc:34149

    #2 0x103e108b0 in Sql_cmd_dml::execute(THD*) sql_select.cc:34324

    #3 0x103b3ed94 in mysql_execute_command(THD*, bool) sql_parse.cc:4415

    #4 0x103b1f2d4 in mysql_parse(THD*, char*, unsigned int, Parser_state*) sql_parse.cc:7901

    #5 0x103b1dfcc in bootstrap(st_mysql_file*) sql_parse.cc:1091

    #6 0x1034dddec in mysqld_main(int, char**) mysqld.cc:6104

    #7 0x102a66e3c in main main.cc:34

    #8 0x18a384270  (<unknown module>)

0x62900003ef30 is located 11568 bytes inside of 16516-byte region [0x62900003c200,0x629000040284)

allocated by thread T0 here:

    #0 0x10adc8c04 in malloc+0x94 (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x54c04)

    #1 0x105ec5438 in sf_malloc safemalloc.c:126

    #2 0x105e79480 in my_malloc my_malloc.c:93

    #3 0x105e30880 in root_alloc my_alloc.c:66

    #4 0x105e3109c in reset_root_defaults my_alloc.c:244

    #5 0x103933890 in THD::init_for_queries() sql_class.cc:1509

    #6 0x103b1d458 in bootstrap(st_mysql_file*) sql_parse.cc:1017

    #7 0x1034dddec in mysqld_main(int, char**) mysqld.cc:6104

    #8 0x102a66e3c in main main.cc:34

    #9 0x18a384270  (<unknown module>)

SUMMARY: AddressSanitizer: use-after-poison sql_class.h:7649 in multi_update::num_found() const

Shadow bytes around the buggy address:

  0x62900003ec80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

  0x62900003ed00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

  0x62900003ed80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

  0x62900003ee00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

  0x62900003ee80: 00 00 f7 00 00 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7

=>0x62900003ef00: f7 f7 f7 f7 f7 f7[f7]f7 f7 f7 f7 f7 f7 f7 f7 f7

  0x62900003ef80: f7 f7 f7 f7 f7 00 00 f7 00 00 f7 00 00 00 00 00

  0x62900003f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

  0x62900003f080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

  0x62900003f100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

  0x62900003f180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Shadow byte legend (one shadow byte represents 8 application bytes):

  Addressable:           00

  Partially addressable: 01 02 03 04 05 06 07

  Heap left redzone:       fa

  Freed heap region:       fd

  Stack left redzone:      f1

  Stack mid redzone:       f2

  Stack right redzone:     f3

  Stack after return:      f5

  Stack use after scope:   f8

  Global redzone:          f9

  Global init order:       f6

  Poisoned by user:        f7

  Container overflow:      fc

  Array cookie:            ac

  Intra object redzone:    bb

  ASan internal:           fe

  Left alloca redzone:     ca

  Right alloca redzone:    cb

==5629==ABORTING

241126 10:31:39 [ERROR] mysqld got signal 6 ;

Sorry, we probably made a mistake, and this is a bug.

Your assistance in bug reporting will enable us to fix this for the next release.

To report this bug, see https://mariadb.com/kb/en/reporting-bugs

We will try our best to scrape up some info that will hopefully help

diagnose the problem, but since we have already crashed,

something is definitely wrong and this may fail.

Server version: 11.8.0-MariaDB-debug source revision: a35f744d787b89c8ef8abcad1762e17b910baf2b

key_buffer_size=134217728

read_buffer_size=131072

max_used_connections=0

max_threads=153

thread_count=1

It is possible that mysqld could use up to

key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 468250 K  bytes of memory

Hope that's ok; if not, decrease some variables in the equation.

Thread pointer: 0x62c000120288

Attempting backtrace. You can use the following information to find out

where mysqld died. If you see no messages after this, something went

terribly wrong...

stack_bottom = 0x16d39a180 thread_stack 0xb00000

0   mariadbd                            0x0000000105e9174c my_print_stacktrace + 360

Printing to addr2line failed

0   mariadbd                            0x0000000102d7d440 handle_fatal_signal + 4100

0   libsystem_platform.dylib            0x000000018a73c184 _sigtramp + 56

0   libsystem_pthread.dylib             0x000000018a706f70 pthread_kill + 288

0   libsystem_c.dylib                   0x000000018a613908 abort + 128

0   libclang_rt.asan_osx_dynamic.dylib  0x000000010adef0bc _ZN11__sanitizer6AtexitEPFvvE + 0

0   libclang_rt.asan_osx_dynamic.dylib  0x000000010adee7b4 _ZN11__sanitizer22SetCheckUnwindCallbackEPFvvE + 0

0   libclang_rt.asan_osx_dynamic.dylib  0x000000010add109c _ZN6__asan16ErrorDescription5PrintEv + 0

0   libclang_rt.asan_osx_dynamic.dylib  0x000000010add03d8 _ZN6__asan18ReportGenericErrorEmmmmbmjb + 1456

0   libclang_rt.asan_osx_dynamic.dylib  0x000000010add18b0 __asan_report_load8 + 56

0   mariadbd                            0x0000000103e47248 _ZNK12multi_update9num_foundEv + 76

0   mariadbd                            0x0000000103e10e74 _ZL14MYSQL_DML_DONEP3THDi + 460

0   mariadbd                            0x0000000103e108b4 _ZN11Sql_cmd_dml7executeEP3THD + 1652

0   mariadbd                            0x0000000103b3ed98 _Z21mysql_execute_commandP3THDb + 39300

0   mariadbd                            0x0000000103b1f2d8 _Z11mysql_parseP3THDPcjP12Parser_state + 2692

0   mariadbd                            0x0000000103b1dfd0 _Z9bootstrapP13st_mysql_file + 5076

0   mariadbd                            0x00000001034dddf0 _Z11mysqld_mainiPPc + 6640

0   mariadbd                            0x0000000102a66e40 main + 36

0   dyld                                0x000000018a384274 start + 2840

Trying to get some variables.

Some pointers may be invalid and cause the dump to abort.

Query (0x62900003c2a8): update help_topic set description = CONCAT(description, '\n| FORCE                                 | Enables the plugin. If the plugin  |\n|                                       | cannot be initialized, then the    |\n|                                       | server will fail to start with an  |\n|                                       | error.                             |\n+---------------------------------------+------------------------------------+\n| FORCE_PLUS_PERMANENT                  | Enables the plugin. If the plugin  |\n|                                       | cannot be initialized, then the    |\n|                                       | server will fail to start with an  |\n|                                       | error. In addition, the plugin     |\n|                                       | cannot be uninstalled with         |\n|                                       | UNINSTALL SONAME or UNINSTALL      |\n|                                       | PLUGIN while the server is         |\n|                                       | running.                           |\n+---------------------------------------+------------------------------------+\n\nA plugin\'s status can be found by looking at the PLUGIN_STATUS column of the\ninformation_schema.PLUGINS table.\n\nUninstalling Plugins\n--------------------\n\nPlugins that are found in the mysql.plugin table, that is those that were\ninstalled with INSTALL SONAME, INSTALL PLUGIN or mariadb-plugin can be\nuninstalled in one of two ways:\n\n* The UNINSTALL SONAME or the UNINSTALL PLUGIN statement while the server is\nrunning\n* With mariadb-plugin while the server is offline.\n\nPlugins that were enabled as a --plugin-load option do not need to be\nuninstalled. If --plugin-load is omitted the next time the server starts, or\nthe plugin is not listed as one of the --plugin-load entries, the plugin will\nnot be loaded.\n\nUNINSTALL PLUGIN uninstalls a single installed plugin, while UNINSTALL SONAME\nuninstalls all plugins belonging to a given library.\n\nURL: https://mariadb.com/kb/en/plugin-overview/') WHERE help_topic_id = 79;

Connection ID (thread ID): 1

Status: NOT_KILLED

Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on,not_null_range_scan=off,hash_join_cardinality=on,cset_narrowing=on,sargable_casefold=on

Attachments

Issue Links

is duplicated by

MDEV-32934 ASAN use-after-poison in MYSQL_DML_DONE()

Closed

relates to

MDBF-741 Remove the gcc UBSAN builder to use the clang based UBSAN

In Testing

Activity

People

Assignee:: Dave Gosselin

Reporter:: Dave Gosselin

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 2024-11-26 15:33

Updated:: 2025-04-14 18:01

Resolved:: 2025-04-14 18:01

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server