Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-37042

innodb_undo_log_truncate=ON leads to out-of-bounds write

    XMLWordPrintable

Details

    • Can result in hang or crash

    Description

      This issue was found on release build

      # 2025-06-18T13:34:38 [3107821] INFO: basedir[0] : ->/Server_bin/10.11.12_RelWithDebInfo<- GIT_SHOW: HEAD, tag: mariadb-10.11.12, origin/bb-10.11-MDEV-36592 cafd22db7970ce081bafd887359aa0a77cfb769d 2025-04-28T15:58:16+03:00

      Sttacktrace

      		 
      Core was generated by `/Server_bin/10.11.12_RelWithDebInfo/bin/mariadbd --no-defaults --basedir=/Serve'.
      		 
      Program terminated with signal SIGABRT, Aborted.
      		 
      #0  __pthread_kill_implementation (no_tid=0, signo=6, threadid=140315459233344) at ./nptl/pthread_kill.c:44
      		 
      44      ./nptl/pthread_kill.c: No such file or directory.
      		 
      [Current thread is 1 (Thread 0x7f9dbd1aa640 (LWP 3121309))]
      		 
      (gdb) set print addr off
      		 
      (gdb) bt
      		 
      #0  __pthread_kill_implementation (no_tid=0, signo=6, threadid=140315459233344) at ./nptl/pthread_kill.c:44
      		 
      #1  __pthread_kill_internal (signo=6, threadid=140315459233344) at ./nptl/pthread_kill.c:78
      		 
      #2  __GI___pthread_kill (threadid=140315459233344, signo=6) at ./nptl/pthread_kill.c:89
      		 
      #3  handle_fatal_signal (sig=6) at /data/Server/10.11.12/sql/signal_handler.cc:298
      		 
      #4  <signal handler called>
      		 
      #5  __pthread_kill_implementation (no_tid=0, signo=6, threadid=140315459233344) at ./nptl/pthread_kill.c:44
      		 
      #6  __pthread_kill_internal (signo=6, threadid=140315459233344) at ./nptl/pthread_kill.c:78
      		 
      #7  __GI___pthread_kill (threadid=140315459233344, signo=signo@entry=6) at ./nptl/pthread_kill.c:89
      		 
      #8  __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
      		 
      #9  __GI_abort () at ./stdlib/abort.c:79
      		 
      #10 fil_invalid_page_access_msg (is_read=<optimized out>, len=4096, offset=<optimized out>, name=<optimized out>) at /data/Server/10.11.12/storage/innobase/fil/fil0fil.cc:2636
      		 
      #11 fil_space_t::io (this=, type=..., offset=<optimized out>, len=len@entry=4096, buf=buf@entry=, bpage=<optimized out>) at /data/Server/10.11.12/storage/innobase/fil/fil0fil.cc:2712
      		 
      #12 buf_dblwr_t::flush_buffered_writes_completed (this=<optimized out>, request=...) at /data/Server/10.11.12/storage/innobase/buf/buf0dblwr.cc:786
      		 
      #13 IORequest::write_complete (this=this@entry=, io_error=0) at /data/Server/10.11.12/storage/innobase/fil/fil0fil.cc:2779
      		 
      #14 write_io_callback (c=) at /data/Server/10.11.12/storage/innobase/os/os0file.cc:3083
      		 
      #15 tpool::task_group::execute (this=, t=) at /data/Server/10.11.12/tpool/task_group.cc:70
      		 
      #16 tpool::thread_pool_generic::worker_main (this=, thread_var=) at /data/Server/10.11.12/tpool/tpool_generic.cc:573
      		 
      #17 ?? () from /lib/x86_64-linux-gnu/libstdc++.so.6
      		 
      #18 start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
      		 
      #19 clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

      Core dump is present on pluto : /data/results/1750249790/TBR-2291

      Attachments

        Activity

          People

            saahil Saahil Alam
            saahil Saahil Alam
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated: