Details
-
Bug
-
Status: Closed (View Workflow)
-
Critical
-
Resolution: Fixed
-
10.11, 11.4, 11.8
-
Not for Release Notes
-
Q3/2025 Maintenance
Description
The failure happens sporadically, run with --repeat=N. Currently on my machine on a build as below it happens within ~10 attempts.
cmake . -DWITH_ASAN=YES -DCMAKE_BUILD_TYPE=Debug -DCMAKE_DISABLE_FIND_PACKAGE_URING=1 -DCMAKE_DISABLE_FIND_PACKAGE_LIBAIO=1
|
make ...
|
|
|
perl ./mtr innodb.log_file_overwrite --repeat=20 --mem
|
|
10.11 b6923420f326ac030e4f3ef89a2acddb45eccb30 |
==2719636==ERROR: AddressSanitizer: use-after-poison on address 0x7ff71ddf4438 at pc 0x5651d4ef3aef bp 0x7ff71ddf1b90 sp 0x7ff71ddf1b88
|
WRITE of size 4 at 0x7ff71ddf4438 thread T12
|
#0 0x5651d4ef3aee in my_read /data/bld/10.11-bug/mysys/my_read.c:47
|
#1 0x5651d342519d in inline_mysql_file_read /data/bld/10.11-bug/include/mysql/psi/mysql_file.h:1136
|
#2 0x5651d3429a2f in open_table_def(THD*, TABLE_SHARE*, unsigned int) /data/bld/10.11-bug/sql/table.cc:673
|
#3 0x5651d37bad64 in tdc_acquire_share(THD*, TABLE_LIST*, unsigned int, TABLE**) /data/bld/10.11-bug/sql/table_cache.cc:855
|
#4 0x5651d2eb805d in open_table(THD*, TABLE_LIST*, Open_table_context*) /data/bld/10.11-bug/sql/sql_base.cc:2081
|
#5 0x5651d2ec41a0 in open_and_process_table /data/bld/10.11-bug/sql/sql_base.cc:4164
|
#6 0x5651d2ec6cf7 in open_tables(THD*, DDL_options_st const&, TABLE_LIST**, unsigned int*, unsigned int, Prelocking_strategy*) /data/bld/10.11-bug/sql/sql_base.cc:4652
|
#7 0x5651d2ecbc37 in open_and_lock_tables(THD*, DDL_options_st const&, TABLE_LIST*, bool, unsigned int, Prelocking_strategy*) /data/bld/10.11-bug/sql/sql_base.cc:5626
|
#8 0x5651d2e20da1 in open_and_lock_tables(THD*, TABLE_LIST*, bool, unsigned int) /data/bld/10.11-bug/sql/sql_base.h:517
|
#9 0x5651d35047d1 in scan_one_gtid_slave_pos_table /data/bld/10.11-bug/sql/rpl_rli.cc:1587
|
#10 0x5651d35068e1 in load_gtid_state_cb /data/bld/10.11-bug/sql/rpl_rli.cc:1864
|
#11 0x5651d3505ced in scan_all_gtid_slave_pos_table /data/bld/10.11-bug/sql/rpl_rli.cc:1733
|
#12 0x5651d3506cfd in rpl_load_gtid_slave_state(THD*) /data/bld/10.11-bug/sql/rpl_rli.cc:1902
|
#13 0x5651d2db21f3 in bg_rpl_load_gtid_slave_state /data/bld/10.11-bug/sql/slave.cc:489
|
#14 0x5651d305a86c in handle_manager /data/bld/10.11-bug/sql/sql_manager.cc:119
|
#15 0x5651d415e7a9 in pfs_spawn_thread /data/bld/10.11-bug/storage/perfschema/pfs.cc:2201
|
#16 0x7ff7260a81c3 in start_thread nptl/pthread_create.c:442
|
#17 0x7ff72612885b in clone3 ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
|
|
|
Address 0x7ff71ddf4438 is a wild pointer inside of access range of size 0x000000000004.
|
SUMMARY: AddressSanitizer: use-after-poison /data/bld/10.11-bug/mysys/my_read.c:47 in my_read
|
Shadow bytes around the buggy address:
|
0x0fff63bb6830: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x0fff63bb6840: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x0fff63bb6850: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x0fff63bb6860: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x0fff63bb6870: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
=>0x0fff63bb6880: f7 f7 f7 f7 f7 f7 f7[f7]f7 f7 f7 f7 f7 f7 f7 f7
|
0x0fff63bb6890: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x0fff63bb68a0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x0fff63bb68b0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x0fff63bb68c0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x0fff63bb68d0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
Addressable: 00
|
Partially addressable: 01 02 03 04 05 06 07
|
Heap left redzone: fa
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack after return: f5
|
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
Container overflow: fc
|
Array cookie: ac
|
Intra object redzone: bb
|
ASan internal: fe
|
Left alloca redzone: ca
|
Right alloca redzone: cb
|
Thread T12 created by T0 here:
|
#0 0x7ff726c49726 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:207
|
#1 0x5651d415a4e4 in my_thread_create /data/bld/10.11-bug/storage/perfschema/my_thread.h:52
|
#2 0x5651d415eb98 in pfs_spawn_thread_v1 /data/bld/10.11-bug/storage/perfschema/pfs.cc:2252
|
#3 0x5651d305a21c in inline_mysql_thread_create /data/bld/10.11-bug/include/mysql/psi/mysql_thread.h:1139
|
#4 0x5651d305acdf in start_handle_manager() /data/bld/10.11-bug/sql/sql_manager.cc:147
|
#5 0x5651d2c9f619 in init_server_components /data/bld/10.11-bug/sql/mysqld.cc:5484
|
#6 0x5651d2ca1095 in mysqld_main(int, char**) /data/bld/10.11-bug/sql/mysqld.cc:5882
|
#7 0x5651d2c898e8 in main /data/bld/10.11-bug/sql/main.cc:34
|
#8 0x7ff726046249 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
|
[noformat}
|
|
|
The failure started happening after this commit in 10.11.12:
|
commit b6923420f326ac030e4f3ef89a2acddb45eccb30 (HEAD)
Author: Marko Mäkelä
Date: Wed Mar 26 17:05:44 2025 +0200
MDEV-29445: Reimplement SET GLOBAL innodb_buffer_pool_size
|
|
Attachments
Issue Links
- is caused by
-
MDEV-29445 reorganise innodb buffer pool (and remove buffer pool chunks)
-
- Closed
-