GCC 5 and 6 miscompile mach_parse_compressed
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
MySQL Server |
Unknown
|
Unknown
|
||||
Percona Server moved to https://jira.percona.com/projects/PS | Status tracked in 5.7 | |||||
5.5 |
Fix Released
|
Medium
|
Laurynas Biveinis | |||
5.6 |
Fix Released
|
Medium
|
Laurynas Biveinis | |||
5.7 |
Fix Released
|
Medium
|
Laurynas Biveinis |
Bug Description
Copy of http://
[21 Sep 8:57] Laurynas Biveinis
Description:
mach_parse_
The GCC bug is https:/
How to repeat:
This presented as
innodb.
Test ended at 2016-08-03 14:46:26
CURRENT_TEST: innodb.
safe_process[
Server [mysqld.1 - pid: 13470, winpid: 13470, exit: 256] failed during test run
Server log from this test:
----------SERVER LOG START-----------
safe_process[
160803 21:46:25 [Note] /mnt/workspace/
160803 21:46:25 [Warning] setrlimit could not change the size of core files to 'infinity'; We may not be able to generate a core file on signals
160803 21:46:25 [Note] Plugin 'FEDERATED' is disabled.
160803 21:46:25 InnoDB: The InnoDB memory heap is disabled
160803 21:46:25 InnoDB: Mutexes and rw_locks use GCC atomic builtins
160803 21:46:25 InnoDB: Compressed tables use zlib 1.2.8
160803 21:46:25 InnoDB: Using Linux native AIO
160803 21:46:25 InnoDB: Initializing buffer pool, size = 32.0M
160803 21:46:25 InnoDB: Completed initialization of buffer pool
160803 21:46:25 InnoDB: highest supported file format is Barracuda.
InnoDB: Log scan progressed past the checkpoint lsn 31407366
160803 21:46:25 InnoDB: Database was not shut down normally!
InnoDB: Starting crash recovery.
InnoDB: Reading tablespace information from the .ibd files...
InnoDB: Restoring possible half-written data pages from the doublewrite
InnoDB: buffer...
InnoDB: Doing recovery: scanned up to log sequence number 33806487
InnoDB: Transaction DFC was in the XA prepared state.
InnoDB: Transaction DFD was in the XA prepared state.
InnoDB: Transaction DFE was in the XA prepared state.
InnoDB: 3 transaction(s) which must be rolled back or cleaned up
InnoDB: in total 0 row operations to undo
InnoDB: Trx id counter is F00
160803 21:46:26 InnoDB: Starting an apply batch of log records to the database...
InnoDB: Progress in percents: 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 =======
==13471==ERROR: AddressSanitizer: unknown-crash on address 0x61e00000d745 at pc 0x0000011a5269 bp 0x7fc80c25da60 sp 0x7fc80c25da50
READ of size 4 at 0x61e00000d745 thread T4
#0 0x11a5268 in mach_parse_
#1 0x11d45e8 in page_cur_
#2 0x11d5b88 in page_parse_
#3 0x118aa6c in recv_parse_
#4 0x118f63c in recv_recover_
#5 0x103c243 in buf_page_
#6 0x10efc0b in fil_aio_wait /mnt/workspace/
#7 0xf4b53f in io_handler_thread /mnt/workspace/
#8 0x7fc8179fa6f9 in start_thread (/lib/x86_
#9 0x7fc8165a5b5c in clone (/lib/x86_
0x61e00000d748 is located 0 bytes to the right of 2760-byte region [0x61e00000cc80
allocated by thread T0 here:
#0 0x7fc8180c4602 in malloc (/usr/lib/
#1 0x11a897c in mem_area_alloc /mnt/workspace/
#2 0x11a6a86 in mem_heap_
#3 0x11a6a86 in mem_heap_add_block /mnt/workspace/
#4 0x118bfda in mem_heap_alloc /mnt/workspace/
#5 0x118bfda in recv_add_
#6 0x118cf89 in recv_add_
#7 0x118cf89 in recv_parse_log_recs /mnt/workspace/
#8 0x11980aa in recv_scan_log_recs /mnt/workspace/
#9 0x11980aa in recv_group_
#10 0x11980aa in recv_recovery_
#11 0xf503a6 in innobase_
#12 0xe9016b in innobase_init /mnt/workspace/
#13 0x9a8a5b in ha_initialize_
#14 0x6cdd76 in plugin_initialize /mnt/workspace/
#15 0x6dff5e in plugin_init(int*, char**, int) /mnt/workspace/
#16 0x5428d3 in init_server_
#17 0x54d755 in mysqld_main(int, char**) /mnt/workspace/
#18 0x7fc8164bf82f in __libc_start_main (/lib/x86_
Thread T4 created by T0 here:
#0 0x7fc818062253 in pthread_create (/usr/lib/
#1 0x11c8e4a in os_thread_create /mnt/workspace/
#2 0xf4e1d3 in innobase_
#3 0xe9016b in innobase_init /mnt/workspace/
#4 0x9a8a5b in ha_initialize_
#5 0x6cdd76 in plugin_initialize /mnt/workspace/
#6 0x6dff5e in plugin_init(int*, char**, int) /mnt/workspace/
#7 0x5428d3 in init_server_
#8 0x54d755 in mysqld_main(int, char**) /mnt/workspace/
#9 0x7fc8164bf82f in __libc_start_main (/lib/x86_
SUMMARY: AddressSanitizer: unknown-crash /mnt/workspace/
Shadow bytes around the buggy address:
0x0c3c7fff9a90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c3c7fff9aa0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c3c7fff9ab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c3c7fff9ac0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c3c7fff9ad0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c3c7fff9ae0: 00 00 00 00 00 00 00 00[00]fa fa fa fa fa fa fa
0x0c3c7fff9af0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c3c7fff9b00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c3c7fff9b10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c3c7fff9b20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c3c7fff9b30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==13471==ABORTING
safe_process[
----------SERVER LOG END-------------
Suggested fix:
Separating 1st byte < 0x80 case from the rest by "asm volatile("": : :"memory");" appears to be a viable workaround for the affected compilers.
tags: | added: innodb upstream |
https:/ /github. com/percona/ percona- server/ pull/1042 /github. com/percona/ percona- server/ pull/1043 /github. com/percona/ percona- server/ pull/1044
https:/
https:/