[MDEV-28193] Galera test failure on galera_bf_abort_ps_bind Created: 2022-03-29  Updated: 2023-12-20  Resolved: 2023-12-20

Status: Closed
Project: MariaDB Server
Component/s: Galera, Tests
Affects Version/s: 10.3
Fix Version/s: N/A

Type: Bug Priority: Major
Reporter: Jan Lindström (Inactive) Assignee: Seppo Jaakola
Resolution: Won't Fix Votes: 0
Labels: None


 Description    

CURRENT_TEST: galera.galera_bf_abort_ps_bind
 
munmap_chunk(): invalid pointer
 
mysqltest got signal 6
 
read_command_buf (0x55e92464f588): --PS_close
 
 
 
conn->name (0x55e9246a3d98): node_1
 
 
 
Attempting backtrace...
 
stack_bottom = 0x0 thread_stack 0x3c000
 
/dev/shm/10.4/client//mysqltest(my_print_stacktrace+0x23)[0x55e9235902fc]
 
mysys/stacktrace.c:174(my_print_stacktrace)[0x55e9235515e3]
 
client/mysqltest.cc:9449(dump_backtrace())[0x55e923551615]
 
sigaction.c:0(__restore_rt)[0x7ff727371200]
 
linux/raise.c:50(__GI_raise)[0x7ff726bf48a1]
 
stdlib/abort.c:81(__GI_abort)[0x7ff726bde546]
 
posix/libc_fatal.c:156(__libc_message)[0x7ff726c35eb8]
 
malloc/malloc.c:5629(malloc_printerr)[0x7ff726c3d91a]
 
malloc/malloc.c:2978(munmap_chunk)[0x7ff726c3dd6c]
 
malloc/malloc.c:3312(__GI___libc_free)[0x7ff726c429e3]
 
mysys/my_malloc.c:225(my_free)[0x55e92358d651]
 
client/mysqltest.cc:8867(run_close_stmt(st_connection*, st_command*, char const*, unsigned long, st_dynamic_string*, st_dynamic_string*))[0x55e923552efe]
 
client/mysqltest.cc:7920(run_query_normal(st_connection*, st_command*, int, char const*, unsigned long, st_dynamic_string*, st_dynamic_string*))[0x55e92355fe47]
 
client/mysqltest.cc:9136(run_query(st_connection*, st_command*, int))[0x55e92356040e]
 
client/mysqltest.cc:9957(main)[0x55e923561783]
 
csu/libc-start.c:332(__libc_start_main)[0x7ff726bdf7fd]
 
/dev/shm/10.4/client//mysqltest(_start+0x2a)[0x55e923550e6a]
 
Writing a core file...



 Comments   
Comment by Jan Lindström (Inactive) [ 2022-03-29 ] 

==1543052==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000001168 at pc 0x563514326b23 bp 0x7ffc0761c450 sp 0x7ffc0761c448
 
READ of size 8 at 0x602000001168 thread T0
 
    #0 0x563514326b22 in malloc_size_and_flag /mariadb/10.4/mysys/my_malloc.c:43
 
    #1 0x563514326b22 in my_free /mariadb/10.4/mysys/my_malloc.c:213
 
    #2 0x5635142874c0 in run_close_stmt(st_connection*, st_command*, char const*, unsigned long, st_dynamic_string*, st_dynamic_string*) /mariadb/10.4/client/mysqltest.cc:8866
 
    #3 0x5635142a52c4 in run_query_normal(st_connection*, st_command*, int, char const*, unsigned long, st_dynamic_string*, st_dynamic_string*) /mariadb/10.4/client/mysqltest.cc:7918
 
    #4 0x5635142a5ba8 in run_query(st_connection*, st_command*, int) /mariadb/10.4/client/mysqltest.cc:9136
 
    #5 0x5635142a78c5 in main /mariadb/10.4/client/mysqltest.cc:9956
 
    #6 0x7feb0d9027fc in __libc_start_main ../csu/libc-start.c:332
 
    #7 0x5635142820b9 in _start (/dev/shm/10.4/client/mysqltest+0xfd0b9)
 
 
 
0x602000001168 is located 8 bytes to the left of 6-byte region [0x602000001170,0x602000001176)
 
allocated by thread T0 here:
 
    #0 0x7feb0e2f176b in __interceptor_strdup ../../../../src/libsanitizer/asan/asan_interceptors.cpp:439
 
    #1 0x56351428e2fb in run_bind_stmt(st_connection*, st_command*, char const*, unsigned long, st_dynamic_string*, st_dynamic_string*) /mariadb/10.4/client/mysqltest.cc:8614

Generated at Thu Feb 08 09:58:48 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.