Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

5.7 MTR; ASAN heap-use-after-free error running galera_as_master_gtid_change_master and galera_as_slave_autoinc

Description

This  error is timing-dependent.  Had to run MTR with the --mem flag.

2020-01-10T09:47:04.674427Z 12 [Note] WSREP: Ready state reached 2020-01-10T09:47:04.674440Z 12 [Note] Slave SQL thread for channel '' initialized, starting replication in log 'FIRST' at position 0, relay log './ubuntu-relay-bin.000001' position: 4 2020-01-10T09:47:04.681613Z 11 [Note] Slave I/O thread for channel '': connected to master 'root@127.0.0.1:16000',replication started in log 'FIRST' at position 4 2020-01-10T09:47:05.845221Z 12 [Note] Error reading relay log event for channel '': slave SQL thread was killed 2020-01-10T09:47:05.845233Z 12 [Note] Slave SQL thread for channel '' exiting, replication stopped in log 'mysqld-bin.000001' at position 1930 2020-01-10T09:47:05.845396Z 11 [Note] Slave I/O thread killed while reading event for channel '' 2020-01-10T09:47:05.845403Z 11 [Note] Slave I/O thread exiting for channel '', read up to log 'mysqld-bin.000001', position 1930 ================================================================= ==19092==ERROR: AddressSanitizer: heap-use-after-free on address 0x627000006698 at pc 0x55dba7a746a1 bp 0x7fec116a7c20 sp 0x7fec116a7c10 READ of size 8 at 0x627000006698 thread T34 #0 0x55dba7a746a0 in Relay_log_info::cleanup_after_session() sql/rpl_rli.h:880 #1 0x55dba7a746a0 in THD::~THD() sql/sql_class.cc:2442 #2 0x55dba7a7556a in THD::~THD() sql/sql_class.cc:2452 #3 0x55dba837bb78 in handle_slave_sql sql/rpl_slave.cc:7976 #4 0x55dba848e841 in pfs_spawn_thread storage/perfschema/pfs.cc:2198 #5 0x7fec3519c6da in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76da) #6 0x7fec3458688e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x12188e)0x627000006698 is located 11672 bytes inside of 13048-byte region [0x627000003900,0x627000006bf8) freed by thread T32 here: #0 0x7fec368587b8 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde7b8) #1 0x55dba83a4a20 in Relay_log_info::operator delete(void*) sql/rpl_rli.cc:3188 #2 0x55dba83a79ce in Relay_log_info::~Relay_log_info() sql/rpl_rli.cc:249 #3 0x55dba83d5080 in Multisource_info::delete_mi(char const*) sql/rpl_msr.cc:174 #4 0x55dba835dd45 in reset_slave(THD*, Master_info*, bool) sql/rpl_slave.cc:10883 #5 0x55dba8360a6f in reset_slave(THD*) sql/rpl_slave.cc:10704 #6 0x55dba836274d in reset_slave_cmd(THD*) sql/rpl_slave.cc:10938 #7 0x55dba7c3d952 in reload_acl_and_cache(THD*, unsigned long, TABLE_LIST*, int*) sql/sql_reload.cc:425 #8 0x55dba7b8b735 in mysql_execute_command(THD*, bool) sql/sql_parse.cc:5251 #9 0x55dba7b968ea in mysql_parse(THD*, Parser_state*, bool) sql/sql_parse.cc:6896 #10 0x55dba7b96e50 in wsrep_mysql_parse sql/sql_parse.cc:7891 #11 0x55dba7b9d988 in dispatch_command(THD*, COM_DATA const*, enum_server_command) sql/sql_parse.cc:1864 #12 0x55dba7ba50f0 in do_command(THD*) sql/sql_parse.cc:1193 #13 0x55dba7eba3a2 in handle_connection sql/conn_handler/connection_handler_per_thread.cc:325 #14 0x55dba848e841 in pfs_spawn_thread storage/perfschema/pfs.cc:2198 #15 0x7fec3519c6da in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76da)previously allocated by thread T0 here: #0 0x7fec368597a0 in posix_memalign (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdf7a0) #1 0x55dba83a493d in Relay_log_info::operator new(unsigned long) sql/rpl_rli.cc:3181 #2 0x55dba83ad185 in Rpl_info_factory::create_rli(unsigned int, bool, char const*, bool) sql/rpl_info_factory.cc:236 #3 0x55dba83ad96a in Rpl_info_factory::create_mi_and_rli_objects(unsigned int, unsigned int, char const*, bool, Multisource_info*) sql/rpl_info_factory.cc:1274 #4 0x55dba83b0391 in Rpl_info_factory::create_slave_info_objects(unsigned int, unsigned int, int, Multisource_info*) sql/rpl_info_factory.cc:1209 #5 0x55dba8384c3e in init_slave() sql/rpl_slave.cc:423 #6 0x55dba6675c72 in mysqld_main(int, char**) sql/mysqld.cc:6154 #7 0x55dba6653252 in main sql/main.cc:32 #8 0x7fec34486b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)Thread T34 created by T32 here: #0 0x7fec367b1d2f in __interceptor_pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x37d2f) #1 0x55dba8458bf4 in my_thread_create mysys/my_thread.c:104 #2 0x55dba8496279 in pfs_spawn_thread_v1 storage/perfschema/pfs.cc:2249 #3 0x55dba833e484 in inline_mysql_thread_create include/mysql/psi/mysql_thread.h:1304 #4 0x55dba833e484 in start_slave_thread(unsigned int, void* (*)(void*), st_mysql_mutex*, st_mysql_mutex*, st_mysql_cond*, unsigned int volatile*, unsigned long volatile*, Master_info*) sql/rpl_slave.cc:1990 #5 0x55dba83813e6 in start_slave_threads(bool, bool, Master_info*, int) sql/rpl_slave.cc:2129 #6 0x55dba8381df6 in start_slave(THD*, struct_slave_connection*, st_lex_master_info*, int, Master_info*, bool) sql/rpl_slave.cc:10526 #7 0x55dba8383818 in start_slave(THD*) sql/rpl_slave.cc:561 #8 0x55dba8384372 in start_slave_cmd(THD*) sql/rpl_slave.cc:725 #9 0x55dba7b7d094 in mysql_execute_command(THD*, bool) sql/sql_parse.cc:4207 #10 0x55dba7b968ea in mysql_parse(THD*, Parser_state*, bool) sql/sql_parse.cc:6896 #11 0x55dba7b96e50 in wsrep_mysql_parse sql/sql_parse.cc:7891 #12 0x55dba7b9d988 in dispatch_command(THD*, COM_DATA const*, enum_server_command) sql/sql_parse.cc:1864 #13 0x55dba7ba50f0 in do_command(THD*) sql/sql_parse.cc:1193 #14 0x55dba7eba3a2 in handle_connection sql/conn_handler/connection_handler_per_thread.cc:325 #15 0x55dba848e841 in pfs_spawn_thread storage/perfschema/pfs.cc:2198 #16 0x7fec3519c6da in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76da)Thread T32 created by T0 here: #0 0x7fec367b1d2f in __interceptor_pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x37d2f) #1 0x55dba8458bf4 in my_thread_create mysys/my_thread.c:104 #2 0x55dba8496279 in pfs_spawn_thread_v1 storage/perfschema/pfs.cc:2249 #3 0x55dba7ebbd95 in inline_mysql_thread_create include/mysql/psi/mysql_thread.h:1304 #4 0x55dba7ebbd95 in Per_thread_connection_handler::add_connection(Channel_info*) sql/conn_handler/connection_handler_per_thread.cc:440 #5 0x55dba678a1cc in Connection_handler_manager::process_new_connection(Channel_info*) sql/conn_handler/connection_handler_manager.cc:322 #6 0x55dba6675b55 in Connection_acceptor<Mysqld_socket_listener>::connection_event_loop() sql/conn_handler/connection_acceptor.h:75 #7 0x55dba6675b55 in mysqld_main(int, char**) sql/mysqld.cc:6310 #8 0x55dba6653252 in main sql/main.cc:32 #9 0x7fec34486b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)SUMMARY: AddressSanitizer: heap-use-after-free sql/rpl_rli.h:880 in Relay_log_info::cleanup_after_session() Shadow bytes around the buggy address: 0x0c4e7fff8c80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c4e7fff8c90: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c4e7fff8ca0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c4e7fff8cb0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c4e7fff8cc0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x0c4e7fff8cd0: fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd 0x0c4e7fff8ce0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c4e7fff8cf0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c4e7fff8d00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c4e7fff8d10: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c4e7fff8d20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==19092==ABORTING ----------SERVER LOG END-------------

 

Environment

None

Smart Checklist

Activity

Show:
Percona Bot
updated the AFFECTED USER LEVELMarch 6, 2024 at 9:52 PM
None
Internal
Secure Custom Fields for Jira (Security & Permission)
updated the AFFECTED USER LEVELDecember 20, 2023 at 6:34 AM
None
This field doesn't support this UI
Kamil Holubicki
changed the StatusMarch 1, 2023 at 8:56 AM
Open
Done
Kamil Holubicki
updated the ResolutionMarch 1, 2023 at 8:56 AM
None
Incomplete
Kamil Holubicki
changed the StatusMarch 1, 2023 at 8:56 AM
On Hold
Open
David Bennett
changed the StatusJanuary 28, 2020 at 3:20 AM
Open
On Hold
David Bennett
updated the Linked IssuesJanuary 28, 2020 at 1:59 AM
None
This issue relates to PXC-2951
Jira Bot
changed the StatusJanuary 24, 2020 at 8:09 PM
New
Open
KennT
created the IssueJanuary 14, 2020 at 1:25 AM
Incomplete

Details

Assignee

Reporter

Affects versions

Priority

Smart Checklist

Created January 14, 2020 at 1:25 AM
Updated March 6, 2024 at 9:52 PM
Resolved March 1, 2023 at 8:56 AM
Configure

Flag notifications