Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-36475

ASAN errors in ha_innobase::can_be_renamed_to_backup

Details

    Description

      The test case is non-deterministic, run with --repeat=N. It usually fails within a few attempts for me, but it can vary on different machines and builds. In case it doesn't fail for you, an rr profile will also be provided.

      --send in the test case is important, the failure happens upon shutdown which MTR triggers after the test ends. However, I couldn't convert it into explicit restart_mysqld on some reason.

      --source include/have_sequence.inc
      		 
      --source include/have_innodb.inc
      		 
       
      		 
      CREATE TABLE t ENGINE=InnoDB AS SELECT 1 AS a;
      		 
      --connect (con1,localhost,root,,)
      		 
      --send
      		 
        CREATE OR REPLACE TABLE t ENGINE=InnoDB AS SELECT * FROM seq_1_to_10000;

      bb-main-monty efaa497684bcaf6d389447ce64f0c3cf1979b788

      		 
      ==3835053==ERROR: AddressSanitizer: use-after-poison on address 0x65724ad8fcb8 at pc 0x55e554722d4b bp 0x776540e48760 sp 0x776540e48750
      		 
      WRITE of size 8 at 0x65724ad8fcb8 thread T11
      		 
      2025-04-03 21:25:25 0 [Note] /data/for_monty/bb-main-monty/sql/mariadbd (initiated by: unknown): Normal shutdown
      		 
          #0 0x55e554722d4a in ha_innobase::can_be_renamed_to_backup() const /data/for_monty/bb-main-monty/storage/innobase/handler/ha_innodb.cc:15879
      		 
          #1 0x55e553bbf5b2 in ha_can_be_renamed_to_backup /data/for_monty/bb-main-monty/sql/handler.cc:6922
      		 
          #2 0x55e553bbf9b2 in ha_check_if_table_can_be_renamed_to_backup(THD*, handlerton*, TABLE_LIST*) /data/for_monty/bb-main-monty/sql/handler.cc:6953
      		 
          #3 0x55e5534b685d in create_table_impl /data/for_monty/bb-main-monty/sql/sql_table.cc:5045
      		 
          #4 0x55e5534b9197 in mysql_create_table_no_lock(THD*, st_ddl_log_state*, st_ddl_log_state*, Table_specification_st*, Alter_info*, bool*, int, TABLE_LIST*) /data/for_monty/bb-main-monty/sql/sql_table.cc:5383
      		 
          #5 0x55e5530ef886 in select_create::create_table_from_items(THD*, List<Item>*, st_mysql_lock**) /data/for_monty/bb-main-monty/sql/sql_insert.cc:4830
      		 
          #6 0x55e5530f0ee1 in select_create::prepare(List<Item>&, st_select_lex_unit*) /data/for_monty/bb-main-monty/sql/sql_insert.cc:5013
      		 
          #7 0x55e5532a9dda in JOIN::prepare(TABLE_LIST*, Item*, unsigned int, st_order*, bool, st_order*, Item*, st_order*, st_select_lex*, st_select_lex_unit*) /data/for_monty/bb-main-monty/sql/sql_select.cc:1858
      		 
          #8 0x55e5532ceca6 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/for_monty/bb-main-monty/sql/sql_select.cc:5351
      		 
          #9 0x55e55329cae0 in handle_select(THD*, LEX*, select_result*, unsigned long long) /data/for_monty/bb-main-monty/sql/sql_select.cc:634
      		 
          #10 0x55e5534faa4b in Sql_cmd_create_table_like::execute(THD*) /data/for_monty/bb-main-monty/sql/sql_table.cc:13879
      		 
          #11 0x55e5531b39ea in mysql_execute_command(THD*, bool) /data/for_monty/bb-main-monty/sql/sql_parse.cc:5887
      		 
          #12 0x55e5531c111b in mysql_parse(THD*, char*, unsigned int, Parser_state*) /data/for_monty/bb-main-monty/sql/sql_parse.cc:7917
      		 
          #13 0x55e553197949 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /data/for_monty/bb-main-monty/sql/sql_parse.cc:1903
      		 
          #14 0x55e5531945fc in do_command(THD*, bool) /data/for_monty/bb-main-monty/sql/sql_parse.cc:1416
      		 
          #15 0x55e5536b44dd in do_handle_one_connection(CONNECT*, bool) /data/for_monty/bb-main-monty/sql/sql_connect.cc:1415
      		 
          #16 0x55e5536b4030 in handle_one_connection /data/for_monty/bb-main-monty/sql/sql_connect.cc:1327
      		 
          #17 0x55e55449d773 in pfs_spawn_thread /data/for_monty/bb-main-monty/storage/perfschema/pfs.cc:2198
      		 
          #18 0x561e3e3edac2 in start_thread nptl/pthread_create.c:442
      		 
          #19 0x561e3e47ea03 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x125a03)
      		 
       
      		 
      0x65724ad8fcb8 is located 5304 bytes inside of 4194304-byte region [0x65724ad8e800,0x65724b18e800)
      		 
      allocated by thread T0 here:
      		 
          #0 0x7f203db500d7 in __interceptor_memalign ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:178
      		 
          #1 0x55e5539b77f5 in aligned_malloc(unsigned long, unsigned long) /data/for_monty/bb-main-monty/include/aligned.h:26
      		 
          #2 0x55e554d2d69a in Pool<trx_t, TrxFactory, TrxPoolLock>::Pool(unsigned long) /data/for_monty/bb-main-monty/storage/innobase/include/ut0pool.h:68
      		 
          #3 0x55e554d2a9ec in PoolManager<Pool<trx_t, TrxFactory, TrxPoolLock>, TrxPoolManagerLock>::add_pool(unsigned long) /data/for_monty/bb-main-monty/storage/innobase/include/ut0pool.h:313
      		 
          #4 0x55e554d2a16c in PoolManager<Pool<trx_t, TrxFactory, TrxPoolLock>, TrxPoolManagerLock>::create() /data/for_monty/bb-main-monty/storage/innobase/include/ut0pool.h:338
      		 
          #5 0x55e554d27c3a in PoolManager<Pool<trx_t, TrxFactory, TrxPoolLock>, TrxPoolManagerLock>::PoolManager(unsigned long) /data/for_monty/bb-main-monty/storage/innobase/include/ut0pool.h:224
      		 
          #6 0x55e554d11191 in trx_pool_init() /data/for_monty/bb-main-monty/storage/innobase/trx/trx0trx.cc:313
      		 
          #7 0x55e554c78e9f in srv_boot() /data/for_monty/bb-main-monty/storage/innobase/srv/srv0srv.cc:611
      		 
          #8 0x55e554c8cac8 in srv_start(bool) /data/for_monty/bb-main-monty/storage/innobase/srv/srv0start.cc:1294
      		 
          #9 0x55e5546d6816 in innodb_init /data/for_monty/bb-main-monty/storage/innobase/handler/ha_innodb.cc:4327
      		 
          #10 0x55e553b8b551 in ha_initialize_handlerton(void*) /data/for_monty/bb-main-monty/sql/handler.cc:737
      		 
          #11 0x55e553222185 in plugin_do_initialize /data/for_monty/bb-main-monty/sql/sql_plugin.cc:1455
      		 
          #12 0x55e553222b4a in plugin_initialize /data/for_monty/bb-main-monty/sql/sql_plugin.cc:1509
      		 
          #13 0x55e5532245b5 in plugin_init(int*, char**, int) /data/for_monty/bb-main-monty/sql/sql_plugin.cc:1751
      		 
          #14 0x55e552d9a2e8 in init_server_components /data/for_monty/bb-main-monty/sql/mysqld.cc:5313
      		 
          #15 0x55e552d9c8f1 in mysqld_main(int, char**) /data/for_monty/bb-main-monty/sql/mysqld.cc:6009
      		 
          #16 0x55e552d8338c in main /data/for_monty/bb-main-monty/sql/main.cc:34
      		 
          #17 0x561e3e382d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
      		 
       
      		 
      Thread T11 created by T0 here:
      		 
          #0 0x7f203daf3685 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:216
      		 
          #1 0x55e554499267 in my_thread_create /data/for_monty/bb-main-monty/storage/perfschema/my_thread.h:38
      		 
          #2 0x55e55449db66 in pfs_spawn_thread_v1 /data/for_monty/bb-main-monty/storage/perfschema/pfs.cc:2249
      		 
          #3 0x55e552d84106 in inline_mysql_thread_create /data/for_monty/bb-main-monty/include/mysql/psi/mysql_thread.h:1139
      		 
          #4 0x55e552d9dae1 in create_thread_to_handle_connection(CONNECT*) /data/for_monty/bb-main-monty/sql/mysqld.cc:6266
      		 
          #5 0x55e552d9e18a in create_new_thread(CONNECT*) /data/for_monty/bb-main-monty/sql/mysqld.cc:6328
      		 
          #6 0x55e552d9e4fc in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/for_monty/bb-main-monty/sql/mysqld.cc:6390
      		 
          #7 0x55e552d9f1d6 in handle_connections_sockets() /data/for_monty/bb-main-monty/sql/mysqld.cc:6502
      		 
          #8 0x55e552d9bbd3 in run_main_loop /data/for_monty/bb-main-monty/sql/mysqld.cc:5744
      		 
          #9 0x55e552d9d31b in mysqld_main(int, char**) /data/for_monty/bb-main-monty/sql/mysqld.cc:6167
      		 
          #10 0x55e552d8338c in main /data/for_monty/bb-main-monty/sql/main.cc:34
      		 
          #11 0x561e3e382d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
      		 
       
      		 
      SUMMARY: AddressSanitizer: use-after-poison /data/for_monty/bb-main-monty/storage/innobase/handler/ha_innodb.cc:15879 in ha_innobase::can_be_renamed_to_backup() const
      		 
      Shadow bytes around the buggy address:
      		 
        0x0caec95a9f40: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
      		 
        0x0caec95a9f50: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
      		 
        0x0caec95a9f60: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
      		 
        0x0caec95a9f70: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
      		 
        0x0caec95a9f80: f7 f7 f7 f7 f7 f7 f7 f7 00 00 00 00 00 00 00 00
      		 
      =>0x0caec95a9f90: 00 00 00 00 00 f7 00[f7]00 f7 00 f7 f7 f7 f7 f7
      		 
        0x0caec95a9fa0: f7 04 00 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 00 f7 f7
      		 
        0x0caec95a9fb0: f7 f7 f7 f7 f7 f7 00 f7 f7 04 f7 f7 f7 f7 f7 f7
      		 
        0x0caec95a9fc0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
      		 
        0x0caec95a9fd0: f7 f7 f7 f7 f7 f7 f7 f7 00 00 f7 00 00 00 00 00
      		 
        0x0caec95a9fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      		 
      Shadow byte legend (one shadow byte represents 8 application bytes):
      		 
        Addressable:           00
      		 
        Partially addressable: 01 02 03 04 05 06 07 
        Heap left redzone:       fa
      		 
        Freed heap region:       fd
      		 
        Stack left redzone:      f1
      		 
        Stack mid redzone:       f2
      		 
        Stack right redzone:     f3
      		 
        Stack after return:      f5
      		 
        Stack use after scope:   f8
      		 
        Global redzone:          f9
      		 
        Global init order:       f6
      		 
        Poisoned by user:        f7
      		 
        Container overflow:      fc
      		 
        Array cookie:            ac
      		 
        Intra object redzone:    bb
      		 
        ASan internal:           fe
      		 
        Left alloca redzone:     ca
      		 
        Right alloca redzone:    cb
      		 
        Shadow gap:              cc
      		 
      ==3835053==ABORTING

      Attachments

        Issue Links

          is caused by

          New Feature - A new feature of the product, which has yet to be developed. MDEV-25292 Atomic CREATE OR REPLACE TABLE

          • Critical - Crashes, loss of data, severe memory leak.
          • Stalled

          Activity

            Transition Time In Source Status Execution Times
            Roel Van de Paar made transition -
            Open Confirmed
            		1d 4h 23m 1

            People

              monty Michael Widenius
              elenst Elena Stepanova
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.