Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-36028

ASAN errors in wsrep_before_SE

    XMLWordPrintable

Details

    • Bug
    • Status: Open (View Workflow)
    • Major
    • Resolution: Unresolved
    • 10.6, 10.11, 11.4, 11.8, 10.5(EOL), 11.7(EOL)
    • 10.11, 11.4
    • wsrep
    • None

    Description

      Put the test into the galera suite (under mysql-test/suite/galera/t) to pick up the config file.

      --source include/have_innodb.inc
      		 
       
      		 
      SET SESSION WSREP_OSU_METHOD= RSU;
      		 
       
      		 
      --let $run=10000
      		 
      while ($run)
      		 
      {
      		 
        --echo # $run remained
      		 
        SET GLOBAL WSREP_SST_METHOD= mariabackup;
      		 
        CREATE OR REPLACE PROCEDURE sp() BEGIN END;
      		 
        --dec $run
      		 
      }

      10.11 0e80d3bba8a0ddb0f7241b4df57029d76ee9e989

      		 
      ==3775176==ERROR: AddressSanitizer: heap-use-after-free on address 0x60400039ac28 at pc 0x7f34278a8596 bp 0x7f341bdebe20 sp 0x7f341bdeb5d0
      		 
      READ of size 1 at 0x60400039ac28 thread T6
      		 
          #0 0x7f34278a8595 in __interceptor_strcmp ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:466
      		 
          #1 0x560adb163b40 in wsrep_before_SE() /data/bld/10.11-asan/sql/wsrep_sst.cc:364
      		 
          #2 0x560adb1ac456 in Wsrep_server_service::sst_before_init() const /data/bld/10.11-asan/sql/wsrep_server_service.cc:363
      		 
          #3 0x560adbfb88cf in wsrep::server_state::on_sync() /data/bld/10.11-asan/wsrep-lib/src/server_state.cpp:1063
      		 
          #4 0x560adc013e0b in synced_cb /data/bld/10.11-asan/wsrep-lib/src/wsrep_provider_v26.cpp:531
      		 
          #5 0x7f342046e234  (/usr/lib/galera/libgalera_smm.so+0x6e234)
      		 
          #6 0x7f3420496a7d  (/usr/lib/galera/libgalera_smm.so+0x96a7d)
      		 
          #7 0x7f342046c2c0  (/usr/lib/galera/libgalera_smm.so+0x6c2c0)
      		 
          #8 0x7f3420448d1a  (/usr/lib/galera/libgalera_smm.so+0x48d1a)
      		 
          #9 0x560adc0169f3 in wsrep::wsrep_provider_v26::run_applier(wsrep::high_priority_service*) /data/bld/10.11-asan/wsrep-lib/src/wsrep_provider_v26.cpp:870
      		 
          #10 0x560adb17c7d2 in wsrep_replication_process /data/bld/10.11-asan/sql/wsrep_thd.cc:57
      		 
          #11 0x560adb141c5b in start_wsrep_THD(void*) /data/bld/10.11-asan/sql/wsrep_mysqld.cc:3876
      		 
          #12 0x560adafe8f73 in pfs_spawn_thread /data/bld/10.11-asan/storage/perfschema/pfs.cc:2201
      		 
          #13 0x7f3426ea81c3 in start_thread nptl/pthread_create.c:442
      		 
          #14 0x7f3426f2885b in clone3 ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
      		 
       
      		 
      0x60400039ac28 is located 24 bytes inside of 40-byte region [0x60400039ac10,0x60400039ac38)
      		 
      freed by thread T16 here:
      		 
          #0 0x7f34278b76a8 in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:52
      		 
          #1 0x560adbd9e4f3 in my_free /data/bld/10.11-asan/mysys/my_malloc.c:220
      		 
          #2 0x560ada432d90 in Sys_var_charptr_base::global_update_finish(char*) /data/bld/10.11-asan/sql/sys_vars.inl:584
      		 
          #3 0x560ada432e57 in Sys_var_charptr_base::global_update(THD*, set_var*) /data/bld/10.11-asan/sql/sys_vars.inl:591
      		 
          #4 0x560ad9c2cdd4 in sys_var::update(THD*, set_var*) /data/bld/10.11-asan/sql/set_var.cc:209
      		 
          #5 0x560ad9c31683 in set_var::update(THD*) /data/bld/10.11-asan/sql/set_var.cc:868
      		 
          #6 0x560ad9c30a17 in sql_set_variables(THD*, List<set_var_base>*, bool) /data/bld/10.11-asan/sql/set_var.cc:749
      		 
          #7 0x560ad9f090ba in mysql_execute_command(THD*, bool) /data/bld/10.11-asan/sql/sql_parse.cc:5158
      		 
          #8 0x560ad9f1cdb1 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /data/bld/10.11-asan/sql/sql_parse.cc:8188
      		 
          #9 0x560ad9f1bb33 in wsrep_mysql_parse /data/bld/10.11-asan/sql/sql_parse.cc:7998
      		 
          #10 0x560ad9ef22a0 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /data/bld/10.11-asan/sql/sql_parse.cc:1892
      		 
          #11 0x560ad9eef116 in do_command(THD*, bool) /data/bld/10.11-asan/sql/sql_parse.cc:1418
      		 
          #12 0x560ada3b9f10 in do_handle_one_connection(CONNECT*, bool) /data/bld/10.11-asan/sql/sql_connect.cc:1386
      		 
          #13 0x560ada3b9a6f in handle_one_connection /data/bld/10.11-asan/sql/sql_connect.cc:1298
      		 
          #14 0x560adafe8f73 in pfs_spawn_thread /data/bld/10.11-asan/storage/perfschema/pfs.cc:2201
      		 
          #15 0x7f3426ea81c3 in start_thread nptl/pthread_create.c:442
      		 
       
      		 
      previously allocated by thread T16 here:
      		 
          #0 0x7f34278b89cf in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69
      		 
          #1 0x560adbd9d624 in my_malloc /data/bld/10.11-asan/mysys/my_malloc.c:92
      		 
          #2 0x560adbd9e67a in my_memdup /data/bld/10.11-asan/mysys/my_malloc.c:230
      		 
          #3 0x560ada432c9c in Sys_var_charptr_base::global_update_prepare(THD*, set_var*) /data/bld/10.11-asan/sql/sys_vars.inl:572
      		 
          #4 0x560ada432e40 in Sys_var_charptr_base::global_update(THD*, set_var*) /data/bld/10.11-asan/sql/sys_vars.inl:590
      		 
          #5 0x560ad9c2cdd4 in sys_var::update(THD*, set_var*) /data/bld/10.11-asan/sql/set_var.cc:209
      		 
          #6 0x560ad9c31683 in set_var::update(THD*) /data/bld/10.11-asan/sql/set_var.cc:868
      		 
          #7 0x560ad9c30a17 in sql_set_variables(THD*, List<set_var_base>*, bool) /data/bld/10.11-asan/sql/set_var.cc:749
      		 
          #8 0x560ad9f090ba in mysql_execute_command(THD*, bool) /data/bld/10.11-asan/sql/sql_parse.cc:5158
      		 
          #9 0x560ad9f1cdb1 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /data/bld/10.11-asan/sql/sql_parse.cc:8188
      		 
          #10 0x560ad9f1bb33 in wsrep_mysql_parse /data/bld/10.11-asan/sql/sql_parse.cc:7998
      		 
          #11 0x560ad9ef22a0 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /data/bld/10.11-asan/sql/sql_parse.cc:1892
      		 
          #12 0x560ad9eef116 in do_command(THD*, bool) /data/bld/10.11-asan/sql/sql_parse.cc:1418
      		 
          #13 0x560ada3b9f10 in do_handle_one_connection(CONNECT*, bool) /data/bld/10.11-asan/sql/sql_connect.cc:1386
      		 
          #14 0x560ada3b9a6f in handle_one_connection /data/bld/10.11-asan/sql/sql_connect.cc:1298
      		 
          #15 0x560adafe8f73 in pfs_spawn_thread /data/bld/10.11-asan/storage/perfschema/pfs.cc:2201
      		 
          #16 0x7f3426ea81c3 in start_thread nptl/pthread_create.c:442
      		 
       
      		 
      Thread T6 created by T0 here:
      		 
          #0 0x7f3427849726 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:207
      		 
          #1 0x560adafe4cae in my_thread_create /data/bld/10.11-asan/storage/perfschema/my_thread.h:52
      		 
          #2 0x560adafe9362 in pfs_spawn_thread_v1 /data/bld/10.11-asan/storage/perfschema/pfs.cc:2252
      		 
          #3 0x560adb17c1a5 in inline_mysql_thread_create /data/bld/10.11-asan/include/mysql/psi/mysql_thread.h:1139
      		 
          #4 0x560adb17ce42 in create_wsrep_THD /data/bld/10.11-asan/sql/wsrep_thd.cc:91
      		 
          #5 0x560adb17d13c in wsrep_create_appliers(long, bool) /data/bld/10.11-asan/sql/wsrep_thd.cc:137
      		 
          #6 0x560adb12fb94 in wsrep_init_startup(bool) /data/bld/10.11-asan/sql/wsrep_mysqld.cc:1006
      		 
          #7 0x560ad9b29793 in init_server_components /data/bld/10.11-asan/sql/mysqld.cc:5157
      		 
          #8 0x560ad9b2bfef in mysqld_main(int, char**) /data/bld/10.11-asan/sql/mysqld.cc:5880
      		 
          #9 0x560ad9b14968 in main /data/bld/10.11-asan/sql/main.cc:34
      		 
          #10 0x7f3426e46249 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
      		 
       
      		 
      Thread T16 created by T0 here:
      		 
          #0 0x7f3427849726 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:207
      		 
          #1 0x560adafe4cae in my_thread_create /data/bld/10.11-asan/storage/perfschema/my_thread.h:52
      		 
          #2 0x560adafe9362 in pfs_spawn_thread_v1 /data/bld/10.11-asan/storage/perfschema/pfs.cc:2252
      		 
          #3 0x560ad9b156a0 in inline_mysql_thread_create /data/bld/10.11-asan/include/mysql/psi/mysql_thread.h:1139
      		 
          #4 0x560ad9b2d119 in create_thread_to_handle_connection(CONNECT*) /data/bld/10.11-asan/sql/mysqld.cc:6137
      		 
          #5 0x560ad9b2d72a in create_new_thread(CONNECT*) /data/bld/10.11-asan/sql/mysqld.cc:6196
      		 
          #6 0x560ad9b2da15 in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/bld/10.11-asan/sql/mysqld.cc:6258
      		 
          #7 0x560ad9b2e69d in handle_connections_sockets() /data/bld/10.11-asan/sql/mysqld.cc:6381
      		 
          #8 0x560ad9b2b46a in run_main_loop /data/bld/10.11-asan/sql/mysqld.cc:5637
      		 
          #9 0x560ad9b2c9e8 in mysqld_main(int, char**) /data/bld/10.11-asan/sql/mysqld.cc:6038
      		 
          #10 0x560ad9b14968 in main /data/bld/10.11-asan/sql/main.cc:34
      		 
          #11 0x7f3426e46249 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
      		 
       
      		 
      SUMMARY: AddressSanitizer: heap-use-after-free ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:466 in __interceptor_strcmp
      		 
      Shadow bytes around the buggy address:
      		 
        0x0c088006b530: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
      		 
        0x0c088006b540: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
      		 
        0x0c088006b550: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
      		 
        0x0c088006b560: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
      		 
        0x0c088006b570: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
      		 
      =>0x0c088006b580: fa fa fd fd fd[fd]fd fa fa fa fd fd fd fd fd fa
      		 
        0x0c088006b590: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
      		 
        0x0c088006b5a0: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
      		 
        0x0c088006b5b0: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
      		 
        0x0c088006b5c0: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
      		 
        0x0c088006b5d0: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
      		 
      Shadow byte legend (one shadow byte represents 8 application bytes):
      		 
        Addressable:           00
      		 
        Partially addressable: 01 02 03 04 05 06 07 
        Heap left redzone:       fa
      		 
        Freed heap region:       fd
      		 
        Stack left redzone:      f1
      		 
        Stack mid redzone:       f2
      		 
        Stack right redzone:     f3
      		 
        Stack after return:      f5
      		 
        Stack use after scope:   f8
      		 
        Global redzone:          f9
      		 
        Global init order:       f6
      		 
        Poisoned by user:        f7
      		 
        Container overflow:      fc
      		 
        Array cookie:            ac
      		 
        Intra object redzone:    bb
      		 
        ASan internal:           fe
      		 
        Left alloca redzone:     ca
      		 
        Right alloca redzone:    cb
      		 
      ==3775176==ABORTING

      Attachments

        Activity

          People

            sysprg Julius Goryavsky (Inactive)
            elenst Elena Stepanova
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.