[MDEV-15099] InnoDB partition tests fail in buildbot with ASAN use-after-poison in THD::rollback_item_tree_changes Created: 2018-01-27  Updated: 2018-01-27  Resolved: 2018-01-27

Status: Closed
Project: MariaDB Server
Component/s: Prepared Statements, Tests
Affects Version/s: 10.0
Fix Version/s: N/A

Type: Bug Priority: Major
Reporter: Elena Stepanova Assignee: Oleksandr Byelkin
Resolution: Duplicate Votes: 0
Labels: None

Issue Links:
Duplicate
is duplicated by MDEV-15012 ASAN: numerous test failures in PS Closed

 Description   

(with ps-protocol)
http://buildbot.askmonty.org/buildbot/builders/kvm-fulltest-big/builds/1532/steps/mtr_ps/logs/stdio

parts.partition_alter1_1_2_innodb 'innodb_plugin' w2 [ fail ]
 
        Test ended at 2018-01-25 05:47:08
 
 
 
CURRENT_TEST: parts.partition_alter1_1_2_innodb
 
mysqltest: In included file "./suite/parts/inc/partition_check_read.inc": 
included from ./suite/parts/inc/partition_check.inc at line 286:
 
included from ./suite/parts/inc/partition_alter_1.inc at line 71:
 
included from ./suite/parts/inc/partition_alter_13.inc at line 59:
 
included from ./suite/parts/inc/partition_alter1_1_2.inc at line 36:
 
included from /mnt/buildbot/build/mariadb-10.0.34/mysql-test/suite/parts/t/partition_alter1_1_2_innodb.test at line 85:
 
At line 49: query 'SELECT COUNT(*) = 1 INTO @aux FROM t1 WHERE $col_to_check = @max_row + $num' failed: 2013: Lost connection to MySQL server during query
 
 
 
The result from queries just before the failure was:
 
< snip >
 
# check COUNT(*) success:    1
 
# check MIN/MAX(f_int1) success:    1
 
# check MIN/MAX(f_int2) success:    1
 
INSERT INTO t1 (f_int1, f_int2, f_char1, f_char2, f_charbig)
 
SELECT f_int1, f_int1, CAST(f_int1 AS CHAR),
 
CAST(f_int1 AS CHAR), 'delete me' FROM t0_template
 
WHERE f_int1 IN (2,3);
 
ERROR 23000: Duplicate entry '2-2' for key 'PRIMARY'
 
# check prerequisites-3 success:    1
 
# INFO: f_int1 AND/OR f_int2 AND/OR (f_int1,f_int2) is UNIQUE
 
INSERT INTO t1 (f_int1, f_int2, f_char1, f_char2, f_charbig)
 
SELECT f_int1, 2 * @max_row + f_int1, CAST((2 * @max_row + f_int1) AS CHAR),
 
CAST((2 * @max_row + f_int1) AS CHAR), 'delete me' FROM t0_template
 
WHERE f_int1 IN (2,3);
 
DELETE FROM t1 WHERE f_charbig = 'delete me';
 
INSERT INTO t1 (f_int1, f_int2, f_char1, f_char2, f_charbig)
 
SELECT 2 * @max_row + f_int1, f_int1, CAST((2 * @max_row + f_int1) AS CHAR),
 
CAST((2 * @max_row + f_int1) AS CHAR), 'delete me' FROM t0_template
 
WHERE f_int1 IN (2,3);
 
DELETE FROM t1 WHERE f_charbig = 'delete me';
 
 
 
More results from queries before failure can be found in /mnt/buildbot/build/mariadb-10.0.34/mysql-test/var/2/log/partition_alter1_1_2_innodb.log
 
 
 
 
 
Server [mysqld.1 - pid: 11274, winpid: 11274, exit: 256] failed during test run
 
Server log from this test:


----------SERVER LOG START-----------
 
=================================================================
 
==11275==ERROR: AddressSanitizer: use-after-poison on address 0x625002511510 at pc 0x000000664414 bp 0x7fa5418664c0 sp 0x7fa5418664b0
 
WRITE of size 8 at 0x625002511510 thread T25
 
    #0 0x664413 in THD::rollback_item_tree_changes() /home/buildbot/buildbot/build/mariadb-10.0.34/sql/sql_class.cc:2462
 
    #1 0x741a9b in Prepared_statement::cleanup_stmt() /home/buildbot/buildbot/build/mariadb-10.0.34/sql/sql_prepare.cc:3274
 
    #2 0x741a9b in Prepared_statement::execute(String*, bool) /home/buildbot/buildbot/build/mariadb-10.0.34/sql/sql_prepare.cc:4001
 
    #3 0x741f52 in Prepared_statement::execute_loop(String*, bool, unsigned char*, unsigned char*) /home/buildbot/buildbot/build/mariadb-10.0.34/sql/sql_prepare.cc:3629
 
    #4 0x742917 in mysqld_stmt_execute(THD*, char*, unsigned int) /home/buildbot/buildbot/build/mariadb-10.0.34/sql/sql_prepare.cc:2724
 
    #5 0x70eaa4 in dispatch_command(enum_server_command, THD*, char*, unsigned int) /home/buildbot/buildbot/build/mariadb-10.0.34/sql/sql_parse.cc:1243
 
    #6 0x9752f1 in do_handle_one_connection(THD*) /home/buildbot/buildbot/build/mariadb-10.0.34/sql/sql_connect.cc:1377
 
    #7 0x975590 in handle_one_connection /home/buildbot/buildbot/build/mariadb-10.0.34/sql/sql_connect.cc:1292
 
    #8 0xfc305b in pfs_spawn_thread /home/buildbot/buildbot/build/mariadb-10.0.34/storage/perfschema/pfs.cc:1861
 
    #9 0x7fa554fb66b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
 
    #10 0x7fa553db082c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x10682c)
 
 
 
0x625002511510 is located 7184 bytes inside of 8224-byte region [0x62500250f900,0x625002511920)
 
allocated by thread T25 here:
 
    #0 0x7fa55569e602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
 
    #1 0x18431ee in my_malloc /home/buildbot/buildbot/build/mariadb-10.0.34/mysys/my_malloc.c:100
 
    #2 0x182ecbb in reset_root_defaults /home/buildbot/buildbot/build/mariadb-10.0.34/mysys/my_alloc.c:144
 
    #3 0x65e6bf in THD::init_for_queries() /home/buildbot/buildbot/build/mariadb-10.0.34/sql/sql_class.cc:1476
 
    #4 0x9742d3 in prepare_new_connection_state(THD*) /home/buildbot/buildbot/build/mariadb-10.0.34/sql/sql_connect.cc:1222
 
    #5 0x974e39 in thd_prepare_connection(THD*) /home/buildbot/buildbot/build/mariadb-10.0.34/sql/sql_connect.cc:1307
 
    #6 0x9752c9 in do_handle_one_connection(THD*) /home/buildbot/buildbot/build/mariadb-10.0.34/sql/sql_connect.cc:1368
 
    #7 0x975590 in handle_one_connection /home/buildbot/buildbot/build/mariadb-10.0.34/sql/sql_connect.cc:1292
 
    #8 0xfc305b in pfs_spawn_thread /home/buildbot/buildbot/build/mariadb-10.0.34/storage/perfschema/pfs.cc:1861
 
    #9 0x7fa554fb66b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
 
 
 
Thread T25 created by T0 here:
 
    #0 0x7fa55563c253 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x36253)
 
    #1 0xfcca33 in spawn_thread_v1 /home/buildbot/buildbot/build/mariadb-10.0.34/storage/perfschema/pfs.cc:1911
 
    #2 0x56347c in inline_mysql_thread_create /home/buildbot/buildbot/build/mariadb-10.0.34/include/mysql/psi/mysql_thread.h:1255
 
    #3 0x56347c in create_thread_to_handle_connection(THD*) /home/buildbot/buildbot/build/mariadb-10.0.34/sql/mysqld.cc:5905
 
    #4 0x564b9c in create_new_thread /home/buildbot/buildbot/build/mariadb-10.0.34/sql/mysqld.cc:5998
 
    #5 0x564b9c in handle_connections_sockets() /home/buildbot/buildbot/build/mariadb-10.0.34/sql/mysqld.cc:6282
 
    #6 0x5717b2 in mysqld_main(int, char**) /home/buildbot/buildbot/build/mariadb-10.0.34/sql/mysqld.cc:5511
 
    #7 0x7fa553cca82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
 
 
 
SUMMARY: AddressSanitizer: use-after-poison /home/buildbot/buildbot/build/mariadb-10.0.34/sql/sql_class.cc:2462 THD::rollback_item_tree_changes()
 
Shadow bytes around the buggy address:
 
  0x0c4a8049a250: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f7 f7
 
  0x0c4a8049a260: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
 
  0x0c4a8049a270: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
 
  0x0c4a8049a280: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
 
  0x0c4a8049a290: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
 
=>0x0c4a8049a2a0: f7 f7[f7]f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
 
  0x0c4a8049a2b0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 00 00 f7 f7
 
  0x0c4a8049a2c0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
 
  0x0c4a8049a2d0: f7 f7 f7 f7 00 00 00 00 00 f7 f7 f7 f7 f7 f7 f7
 
  0x0c4a8049a2e0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
 
  0x0c4a8049a2f0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
 
Shadow byte legend (one shadow byte represents 8 application bytes):
 
  Addressable:           00
 
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
 
  Heap right redzone:      fb
 
  Freed heap region:       fd
 
  Stack left redzone:      f1
 
  Stack mid redzone:       f2
 
  Stack right redzone:     f3
 
  Stack partial redzone:   f4
 
  Stack after return:      f5
 
  Stack use after scope:   f8
 
  Global redzone:          f9
 
  Global init order:       f6
 
  Poisoned by user:        f7
 
  Container overflow:      fc
 
  Array cookie:            ac
 
  Intra object redzone:    bb
 
  ASan internal:           fe
 
==11275==ABORTING
 
----------SERVER LOG END-------------
 
 
 
 
 
 - saving '/mnt/buildbot/build/mariadb-10.0.34/mysql-test/var/2/log/parts.partition_alter1_1_2_innodb-innodb_plugin/' to '/mnt/buildbot/build/mariadb-10.0.34/mysql-test/var/log/parts.partition_alter1_1_2_innodb-innodb_plugin/'
 
worker[2] > Restart  - not started



 Comments   
Comment by Sergei Golubchik [ 2018-01-27 ]

Duplicate of MDEV-15012

Generated at Thu Feb 08 08:18:40 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.