Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
10.3(EOL), 10.4(EOL)
Description
Server crash or ASAN heap-buffer-overflow in heap_scan upon concurrent UPDATE and ALTER with XA and versioning
Note: I'm not sure it's genuinely related to versioning, but it's the only way I was able to reproduce it so far.
Note: Run with --repeat=N if it doesn't fail right away. N=5 has always been enough for me, but it can vary on different machines.
XA BEGIN 'xid'; |
|
|
--connect (con1,localhost,root,,test)
|
|
|
CREATE TABLE t1 (a INT) ENGINE=MEMORY; |
INSERT INTO t1 VALUES (1),(2),(3),(4),(5),(6),(7),(8); |
INSERT INTO t1 SELECT * FROM t1; |
INSERT INTO t1 SELECT * FROM t1; |
INSERT INTO t1 SELECT * FROM t1; |
INSERT INTO t1 SELECT * FROM t1; |
INSERT INTO t1 SELECT * FROM t1; |
INSERT INTO t1 SELECT * FROM t1; |
INSERT INTO t1 SELECT * FROM t1; |
INSERT INTO t1 SELECT * FROM t1; |
INSERT INTO t1 SELECT * FROM t1; |
|
|
--send
|
ALTER TABLE t1 ADD SYSTEM VERSIONING; |
|
|
--connection default
|
|
|
--error ER_XAER_RMFAIL
|
ALTER TABLE t1 ORDER BY a; |
|
|
UPDATE t1 SET a = 6; |
|
|
--connection con1
|
--error 0,ER_LOCK_WAIT_TIMEOUT
|
--reap |
|
10.3 13cd4cf436 ASAN build |
==30594==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x63300016a21b at pc 0x55c495d15e48 bp 0x7eff56905620 sp 0x7eff56905618
|
READ of size 1 at 0x63300016a21b thread T5
|
#0 0x55c495d15e47 in heap_scan /data/src/10.3/storage/heap/hp_scan.c:65
|
#1 0x55c495d00b22 in ha_heap::rnd_next(unsigned char*) /data/src/10.3/storage/heap/ha_heap.cc:348
|
#2 0x55c494d05e17 in handler::ha_rnd_next(unsigned char*) /data/src/10.3/sql/handler.cc:2765
|
#3 0x55c4950b25b5 in rr_sequential(READ_RECORD*) /data/src/10.3/sql/records.cc:481
|
#4 0x55c49448bf63 in READ_RECORD::read_record() /data/src/10.3/sql/records.h:73
|
#5 0x55c494862b60 in mysql_update(THD*, TABLE_LIST*, List<Item>&, List<Item>&, Item*, unsigned int, st_order*, unsigned long long, enum_duplicates, bool, unsigned long long*, unsigned long long*) /data/src/10.3/sql/sql_update.cc:866
|
#6 0x55c4945fbb19 in mysql_execute_command(THD*) /data/src/10.3/sql/sql_parse.cc:4579
|
#7 0x55c494612532 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.3/sql/sql_parse.cc:8090
|
#8 0x55c4945ec65a in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.3/sql/sql_parse.cc:1850
|
#9 0x55c4945e96e2 in do_command(THD*) /data/src/10.3/sql/sql_parse.cc:1395
|
#10 0x55c49495ac76 in do_handle_one_connection(CONNECT*) /data/src/10.3/sql/sql_connect.cc:1402
|
#11 0x55c49495a682 in handle_one_connection /data/src/10.3/sql/sql_connect.cc:1308
|
#12 0x55c495479a7d in pfs_spawn_thread /data/src/10.3/storage/perfschema/pfs.cc:1862
|
#13 0x7eff62ee4493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
|
#14 0x7eff612c293e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e)
|
|
|
0x63300016a21b is located 15 bytes to the right of 104972-byte region [0x633000150800,0x63300016a20c)
|
allocated by thread T6 here:
|
#0 0x7eff6314e73f in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5473f)
|
#1 0x55c495e29e68 in sf_malloc /data/src/10.3/mysys/safemalloc.c:118
|
#2 0x55c495dfa7e5 in my_malloc /data/src/10.3/mysys/my_malloc.c:101
|
#3 0x55c495d1a31f in hp_get_new_block /data/src/10.3/storage/heap/hp_block.c:81
|
#4 0x55c495d186f3 in next_free_record_pos /data/src/10.3/storage/heap/hp_write.c:165
|
#5 0x55c495d1726c in heap_write /data/src/10.3/storage/heap/hp_write.c:45
|
#6 0x55c495cffb22 in ha_heap::write_row(unsigned char*) /data/src/10.3/storage/heap/ha_heap.cc:239
|
#7 0x55c494d1f0cb in handler::ha_write_row(unsigned char*) /data/src/10.3/sql/handler.cc:6237
|
#8 0x55c494824334 in copy_data_between_tables /data/src/10.3/sql/sql_table.cc:10446
|
#9 0x55c494820722 in mysql_alter_table(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, HA_CREATE_INFO*, TABLE_LIST*, Alter_info*, unsigned int, st_order*, bool) /data/src/10.3/sql/sql_table.cc:9883
|
#10 0x55c494969c3f in Sql_cmd_alter_table::execute(THD*) /data/src/10.3/sql/sql_alter.cc:497
|
#11 0x55c494607634 in mysql_execute_command(THD*) /data/src/10.3/sql/sql_parse.cc:6283
|
#12 0x55c494612532 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.3/sql/sql_parse.cc:8090
|
#13 0x55c4945ec65a in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.3/sql/sql_parse.cc:1850
|
#14 0x55c4945e96e2 in do_command(THD*) /data/src/10.3/sql/sql_parse.cc:1395
|
#15 0x55c49495ac76 in do_handle_one_connection(CONNECT*) /data/src/10.3/sql/sql_connect.cc:1402
|
#16 0x55c49495a682 in handle_one_connection /data/src/10.3/sql/sql_connect.cc:1308
|
#17 0x55c495479a7d in pfs_spawn_thread /data/src/10.3/storage/perfschema/pfs.cc:1862
|
#18 0x7eff62ee4493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
|
|
|
Thread T5 created by T0 here:
|
#0 0x7eff6311dbba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)
|
#1 0x55c49547a045 in spawn_thread_v1 /data/src/10.3/storage/perfschema/pfs.cc:1912
|
#2 0x55c494354c18 in inline_mysql_thread_create /data/src/10.3/include/mysql/psi/mysql_thread.h:1268
|
#3 0x55c49436ada5 in create_thread_to_handle_connection(CONNECT*) /data/src/10.3/sql/mysqld.cc:6572
|
#4 0x55c49436b4aa in create_new_thread /data/src/10.3/sql/mysqld.cc:6642
|
#5 0x55c49436c4c1 in handle_connections_sockets() /data/src/10.3/sql/mysqld.cc:6917
|
#6 0x55c49436a262 in mysqld_main(int, char**) /data/src/10.3/sql/mysqld.cc:6194
|
#7 0x55c494352c9f in main /data/src/10.3/sql/main.cc:25
|
#8 0x7eff611fa2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
|
|
|
Thread T6 created by T0 here:
|
#0 0x7eff6311dbba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)
|
#1 0x55c49547a045 in spawn_thread_v1 /data/src/10.3/storage/perfschema/pfs.cc:1912
|
#2 0x55c494354c18 in inline_mysql_thread_create /data/src/10.3/include/mysql/psi/mysql_thread.h:1268
|
#3 0x55c49436ada5 in create_thread_to_handle_connection(CONNECT*) /data/src/10.3/sql/mysqld.cc:6572
|
#4 0x55c49436b4aa in create_new_thread /data/src/10.3/sql/mysqld.cc:6642
|
#5 0x55c49436c4c1 in handle_connections_sockets() /data/src/10.3/sql/mysqld.cc:6917
|
#6 0x55c49436a262 in mysqld_main(int, char**) /data/src/10.3/sql/mysqld.cc:6194
|
#7 0x55c494352c9f in main /data/src/10.3/sql/main.cc:25
|
#8 0x7eff611fa2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
|
|
|
SUMMARY: AddressSanitizer: heap-buffer-overflow /data/src/10.3/storage/heap/hp_scan.c:65 heap_scan
|
Shadow bytes around the buggy address:
|
0x0c66800253f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0c6680025400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0c6680025410: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0c6680025420: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0c6680025430: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
=>0x0c6680025440: 00 04 fa[fa]fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c6680025450: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c6680025460: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c6680025470: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c6680025480: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c6680025490: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
Addressable: 00
|
Partially addressable: 01 02 03 04 05 06 07
|
Heap left redzone: fa
|
Heap right redzone: fb
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack partial redzone: f4
|
Stack after return: f5
|
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
Contiguous container OOB:fc
|
ASan internal: fe
|
==30594==ABORTING
|
----------SERVER LOG END-------------
|
|
10.3 13cd4cf436 non-ASAN |
#3 <signal handler called>
|
#4 0x0000561da4f47316 in heap_scan (info=0x7f1bc0122b20, record=0x7f1bc006f600 '\245' <repeats 16 times>, "h4z\245\245\245\245\245\375\001") at /data/src/10.3/storage/heap/hp_scan.c:65
|
#5 0x0000561da4f41188 in ha_heap::rnd_next (this=0x7f1bc0122628, buf=0x7f1bc006f600 '\245' <repeats 16 times>, "h4z\245\245\245\245\245\375\001") at /data/src/10.3/storage/heap/ha_heap.cc:348
|
#6 0x0000561da47fbaa7 in handler::ha_rnd_next (this=0x7f1bc0122628, buf=0x7f1bc006f600 '\245' <repeats 16 times>, "h4z\245\245\245\245\245\375\001") at /data/src/10.3/sql/handler.cc:2765
|
#7 0x0000561da497cb3b in rr_sequential (info=0x7f1bdc0a4170) at /data/src/10.3/sql/records.cc:481
|
#8 0x0000561da446a63d in READ_RECORD::read_record (this=0x7f1bdc0a4170) at /data/src/10.3/sql/records.h:73
|
#9 0x0000561da45fe6f6 in mysql_update (thd=0x7f1bc0000b00, table_list=0x7f1bc0014db0, fields=..., values=..., conds=0x0, order_num=0, order=0x0, limit=18446744073709551614, handle_duplicates=DUP_ERROR, ignore=false, found_return=0x7f1bdc0a46f0, updated_return=0x7f1bdc0a47b0) at /data/src/10.3/sql/sql_update.cc:866
|
#10 0x0000561da4505f8f in mysql_execute_command (thd=0x7f1bc0000b00) at /data/src/10.3/sql/sql_parse.cc:4579
|
#11 0x0000561da45113ab in mysql_parse (thd=0x7f1bc0000b00, rawbuf=0x7f1bc0014cd8 "UPDATE t1 SET a = 6", length=19, parser_state=0x7f1bdc0a55f0, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:8090
|
#12 0x0000561da44fe571 in dispatch_command (command=COM_QUERY, thd=0x7f1bc0000b00, packet=0x7f1bc000b1e1 "UPDATE t1 SET a = 6", packet_length=19, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:1850
|
#13 0x0000561da44fcf95 in do_command (thd=0x7f1bc0000b00) at /data/src/10.3/sql/sql_parse.cc:1395
|
#14 0x0000561da4664a1c in do_handle_one_connection (connect=0x561da85eaf70) at /data/src/10.3/sql/sql_connect.cc:1402
|
#15 0x0000561da46647a0 in handle_one_connection (arg=0x561da85eaf70) at /data/src/10.3/sql/sql_connect.cc:1308
|
#16 0x0000561da4af98e7 in pfs_spawn_thread (arg=0x561da852f620) at /data/src/10.3/storage/perfschema/pfs.cc:1862
|
#17 0x00007f1be31f5494 in start_thread (arg=0x7f1bdc0a6700) at pthread_create.c:333
|
#18 0x00007f1be15d393f in clone () from /lib/x86_64-linux-gnu/libc.so.6
|
Both debug and non-debug builds crash.
Attachments
Issue Links
- relates to
-
-
- Closed
-
Activity
| Field | Original Value | New Value |
|---|---|---|
| Component/s | Data Definition - Alter Table [ 10114 ] | |
| Component/s | Data Manipulation - Update [ 10805 ] | |
| Component/s | Storage Engine - Memory [ 10300 ] | |
| Component/s | System versioning [ 14303 ] | |
| Component/s | XA [ 12400 ] | |
| Fix Version/s | 10.3 [ 22126 ] | |
| Description |
http://buildbot.askmonty.org/buildbot/builders/qa-win-rel/builds/4740/steps/result_summary/logs/stdio
{noformat:title=bb-10.3-release 4fcc0ccb7a2e3ad28cfa682a089a5433281c58f1} 180226 17:12:57 [ERROR] mysqld got exception 0xc0000005 ; This could be because you hit a bug. It is also possible that this binary or one of the libraries it was linked against is corrupt, improperly built, or misconfigured. This error can also be caused by malfunctioning hardware. To report this bug, see https://mariadb.com/kb/en/reporting-bugs We will try our best to scrape up some info that will hopefully help diagnose the problem, but since we have already crashed, something is definitely wrong and this may fail. Server version: 10.3.6-MariaDB-log key_buffer_size=134217728 read_buffer_size=131072 max_used_connections=7 max_threads=65537 thread_count=14 It is possible that mysqld could use up to key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 136176 K bytes of memory Hope that's ok; if not, decrease some variables in the equation. Thread pointer: 0x605d38b148 Attempting backtrace. You can use the following information to find out where mysqld died. If you see no messages after this, something went terribly wrong... mysqld.exe!heap_scan()[hp_scan.c:65] mysqld.exe!handler::ha_rnd_next()[handler.cc:2759] mysqld.exe!rr_sequential()[records.cc:485] mysqld.exe!mysql_update()[sql_update.cc:862] mysqld.exe!mysql_execute_command()[sql_parse.cc:4565] mysqld.exe!mysql_parse()[sql_parse.cc:8014] mysqld.exe!dispatch_command()[sql_parse.cc:1840] mysqld.exe!do_command()[sql_parse.cc:1382] mysqld.exe!threadpool_process_request()[threadpool_common.cc:358] mysqld.exe!tp_callback()[threadpool_common.cc:186] KERNEL32.DLL!VirtualUnlock() ntdll.dll!RtlGetActiveActivationContext() ntdll.dll!RtlFreeUnicodeString() KERNEL32.DLL!BaseThreadInitThunk() ntdll.dll!RtlUserThreadStart() Trying to get some variables. Some pointers may be invalid and cause the dump to abort. Query (0x605d301ab0): UPDATE a SET `col_int_nokey` = 3 WHERE `col_int_nokey` = 7 /* QNO 8390 CON_ID 16 */ Connection ID (thread ID): 16 Status: NOT_KILLED Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,engine_condition_pushdown=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=off,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on {noformat} {noformat} perl E:\buildbot\rqg/runall-new.pl --no-mask --queries=100M --duration=350 --threads=6 --seed=1519664922 --reporters=Backtrace,ErrorLog --validators=TransformerNoComparator --transformers=ExecuteAsCTE,ExecuteAsDeleteReturning,ExecuteAsExcept,ExecuteAsExecuteImmediate,ExecuteAsInsertSelect,ExecuteAsIntersect,ExecuteAsUnion,ExecuteAsUpdateDelete,ExecuteAsView,ExecuteAsPreparedTwice,ExecuteAsSPTwice --redefine=conf/mariadb/general-workarounds.yy --mysqld=--log_output=FILE --views --vcols --redefine=conf/mariadb/alter_table.yy --redefine=conf/mariadb/bulk_insert.yy --redefine=conf/mariadb/xa.yy --redefine=conf/mariadb/versioning.yy --redefine=conf/mariadb/sequences.yy --mysqld=--log_bin_trust_function_creators=1 --mysqld=--log-bin --mysqld=--loose-max-statement-time=30 --mysqld=--loose-debug_assert_on_not_freed_memory=0 --grammar=conf/partitioning/partitions.yy --engine=InnoDB --mtr-build-thread=140 --basedir1=D:\qa-win-rel\install --vardir1=E:\buildbot\vardirs\qa-win-rel\bb-10.3-release-4740\optim-combo/current1_1 {noformat} Not reproducible right away |
_Note: I'm not sure it's genuinely related to versioning, but it's the only way I was able to reproduce it so far._
_Note: Run with {{--repeat=N}} if it doesn't fail right away. N=5 has always been enough for me, but it can vary on different machines._ {code:sql} XA BEGIN 'xid'; --connect (con1,localhost,root,,test) CREATE TABLE t1 (a INT) ENGINE=MEMORY; INSERT INTO t1 VALUES (1),(2),(3),(4),(5),(6),(7),(8); INSERT INTO t1 SELECT * FROM t1; INSERT INTO t1 SELECT * FROM t1; INSERT INTO t1 SELECT * FROM t1; INSERT INTO t1 SELECT * FROM t1; INSERT INTO t1 SELECT * FROM t1; INSERT INTO t1 SELECT * FROM t1; INSERT INTO t1 SELECT * FROM t1; INSERT INTO t1 SELECT * FROM t1; INSERT INTO t1 SELECT * FROM t1; --send ALTER TABLE t1 ADD SYSTEM VERSIONING; --connection default --error ER_XAER_RMFAIL ALTER TABLE t1 ORDER BY a; UPDATE t1 SET a = 6; --connection con1 --error 0,ER_LOCK_WAIT_TIMEOUT --reap {code} {noformat:title=10.3 13cd4cf436 ASAN build} ==30594==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x63300016a21b at pc 0x55c495d15e48 bp 0x7eff56905620 sp 0x7eff56905618 READ of size 1 at 0x63300016a21b thread T5 #0 0x55c495d15e47 in heap_scan /data/src/10.3/storage/heap/hp_scan.c:65 #1 0x55c495d00b22 in ha_heap::rnd_next(unsigned char*) /data/src/10.3/storage/heap/ha_heap.cc:348 #2 0x55c494d05e17 in handler::ha_rnd_next(unsigned char*) /data/src/10.3/sql/handler.cc:2765 #3 0x55c4950b25b5 in rr_sequential(READ_RECORD*) /data/src/10.3/sql/records.cc:481 #4 0x55c49448bf63 in READ_RECORD::read_record() /data/src/10.3/sql/records.h:73 #5 0x55c494862b60 in mysql_update(THD*, TABLE_LIST*, List<Item>&, List<Item>&, Item*, unsigned int, st_order*, unsigned long long, enum_duplicates, bool, unsigned long long*, unsigned long long*) /data/src/10.3/sql/sql_update.cc:866 #6 0x55c4945fbb19 in mysql_execute_command(THD*) /data/src/10.3/sql/sql_parse.cc:4579 #7 0x55c494612532 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.3/sql/sql_parse.cc:8090 #8 0x55c4945ec65a in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.3/sql/sql_parse.cc:1850 #9 0x55c4945e96e2 in do_command(THD*) /data/src/10.3/sql/sql_parse.cc:1395 #10 0x55c49495ac76 in do_handle_one_connection(CONNECT*) /data/src/10.3/sql/sql_connect.cc:1402 #11 0x55c49495a682 in handle_one_connection /data/src/10.3/sql/sql_connect.cc:1308 #12 0x55c495479a7d in pfs_spawn_thread /data/src/10.3/storage/perfschema/pfs.cc:1862 #13 0x7eff62ee4493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493) #14 0x7eff612c293e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e) 0x63300016a21b is located 15 bytes to the right of 104972-byte region [0x633000150800,0x63300016a20c) allocated by thread T6 here: #0 0x7eff6314e73f in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5473f) #1 0x55c495e29e68 in sf_malloc /data/src/10.3/mysys/safemalloc.c:118 #2 0x55c495dfa7e5 in my_malloc /data/src/10.3/mysys/my_malloc.c:101 #3 0x55c495d1a31f in hp_get_new_block /data/src/10.3/storage/heap/hp_block.c:81 #4 0x55c495d186f3 in next_free_record_pos /data/src/10.3/storage/heap/hp_write.c:165 #5 0x55c495d1726c in heap_write /data/src/10.3/storage/heap/hp_write.c:45 #6 0x55c495cffb22 in ha_heap::write_row(unsigned char*) /data/src/10.3/storage/heap/ha_heap.cc:239 #7 0x55c494d1f0cb in handler::ha_write_row(unsigned char*) /data/src/10.3/sql/handler.cc:6237 #8 0x55c494824334 in copy_data_between_tables /data/src/10.3/sql/sql_table.cc:10446 #9 0x55c494820722 in mysql_alter_table(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, HA_CREATE_INFO*, TABLE_LIST*, Alter_info*, unsigned int, st_order*, bool) /data/src/10.3/sql/sql_table.cc:9883 #10 0x55c494969c3f in Sql_cmd_alter_table::execute(THD*) /data/src/10.3/sql/sql_alter.cc:497 #11 0x55c494607634 in mysql_execute_command(THD*) /data/src/10.3/sql/sql_parse.cc:6283 #12 0x55c494612532 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.3/sql/sql_parse.cc:8090 #13 0x55c4945ec65a in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.3/sql/sql_parse.cc:1850 #14 0x55c4945e96e2 in do_command(THD*) /data/src/10.3/sql/sql_parse.cc:1395 #15 0x55c49495ac76 in do_handle_one_connection(CONNECT*) /data/src/10.3/sql/sql_connect.cc:1402 #16 0x55c49495a682 in handle_one_connection /data/src/10.3/sql/sql_connect.cc:1308 #17 0x55c495479a7d in pfs_spawn_thread /data/src/10.3/storage/perfschema/pfs.cc:1862 #18 0x7eff62ee4493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493) Thread T5 created by T0 here: #0 0x7eff6311dbba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba) #1 0x55c49547a045 in spawn_thread_v1 /data/src/10.3/storage/perfschema/pfs.cc:1912 #2 0x55c494354c18 in inline_mysql_thread_create /data/src/10.3/include/mysql/psi/mysql_thread.h:1268 #3 0x55c49436ada5 in create_thread_to_handle_connection(CONNECT*) /data/src/10.3/sql/mysqld.cc:6572 #4 0x55c49436b4aa in create_new_thread /data/src/10.3/sql/mysqld.cc:6642 #5 0x55c49436c4c1 in handle_connections_sockets() /data/src/10.3/sql/mysqld.cc:6917 #6 0x55c49436a262 in mysqld_main(int, char**) /data/src/10.3/sql/mysqld.cc:6194 #7 0x55c494352c9f in main /data/src/10.3/sql/main.cc:25 #8 0x7eff611fa2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) Thread T6 created by T0 here: #0 0x7eff6311dbba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba) #1 0x55c49547a045 in spawn_thread_v1 /data/src/10.3/storage/perfschema/pfs.cc:1912 #2 0x55c494354c18 in inline_mysql_thread_create /data/src/10.3/include/mysql/psi/mysql_thread.h:1268 #3 0x55c49436ada5 in create_thread_to_handle_connection(CONNECT*) /data/src/10.3/sql/mysqld.cc:6572 #4 0x55c49436b4aa in create_new_thread /data/src/10.3/sql/mysqld.cc:6642 #5 0x55c49436c4c1 in handle_connections_sockets() /data/src/10.3/sql/mysqld.cc:6917 #6 0x55c49436a262 in mysqld_main(int, char**) /data/src/10.3/sql/mysqld.cc:6194 #7 0x55c494352c9f in main /data/src/10.3/sql/main.cc:25 #8 0x7eff611fa2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) SUMMARY: AddressSanitizer: heap-buffer-overflow /data/src/10.3/storage/heap/hp_scan.c:65 heap_scan Shadow bytes around the buggy address: 0x0c66800253f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c6680025400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c6680025410: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c6680025420: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c6680025430: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0c6680025440: 00 04 fa[fa]fa fa fa fa fa fa fa fa fa fa fa fa 0x0c6680025450: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c6680025460: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c6680025470: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c6680025480: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c6680025490: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Contiguous container OOB:fc ASan internal: fe ==30594==ABORTING ----------SERVER LOG END------------- {noformat} {noformat:title=10.3 13cd4cf436 non-ASAN} #3 <signal handler called> #4 0x0000561da4f47316 in heap_scan (info=0x7f1bc0122b20, record=0x7f1bc006f600 '\245' <repeats 16 times>, "h4z\245\245\245\245\245\375\001") at /data/src/10.3/storage/heap/hp_scan.c:65 #5 0x0000561da4f41188 in ha_heap::rnd_next (this=0x7f1bc0122628, buf=0x7f1bc006f600 '\245' <repeats 16 times>, "h4z\245\245\245\245\245\375\001") at /data/src/10.3/storage/heap/ha_heap.cc:348 #6 0x0000561da47fbaa7 in handler::ha_rnd_next (this=0x7f1bc0122628, buf=0x7f1bc006f600 '\245' <repeats 16 times>, "h4z\245\245\245\245\245\375\001") at /data/src/10.3/sql/handler.cc:2765 #7 0x0000561da497cb3b in rr_sequential (info=0x7f1bdc0a4170) at /data/src/10.3/sql/records.cc:481 #8 0x0000561da446a63d in READ_RECORD::read_record (this=0x7f1bdc0a4170) at /data/src/10.3/sql/records.h:73 #9 0x0000561da45fe6f6 in mysql_update (thd=0x7f1bc0000b00, table_list=0x7f1bc0014db0, fields=..., values=..., conds=0x0, order_num=0, order=0x0, limit=18446744073709551614, handle_duplicates=DUP_ERROR, ignore=false, found_return=0x7f1bdc0a46f0, updated_return=0x7f1bdc0a47b0) at /data/src/10.3/sql/sql_update.cc:866 #10 0x0000561da4505f8f in mysql_execute_command (thd=0x7f1bc0000b00) at /data/src/10.3/sql/sql_parse.cc:4579 #11 0x0000561da45113ab in mysql_parse (thd=0x7f1bc0000b00, rawbuf=0x7f1bc0014cd8 "UPDATE t1 SET a = 6", length=19, parser_state=0x7f1bdc0a55f0, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:8090 #12 0x0000561da44fe571 in dispatch_command (command=COM_QUERY, thd=0x7f1bc0000b00, packet=0x7f1bc000b1e1 "UPDATE t1 SET a = 6", packet_length=19, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:1850 #13 0x0000561da44fcf95 in do_command (thd=0x7f1bc0000b00) at /data/src/10.3/sql/sql_parse.cc:1395 #14 0x0000561da4664a1c in do_handle_one_connection (connect=0x561da85eaf70) at /data/src/10.3/sql/sql_connect.cc:1402 #15 0x0000561da46647a0 in handle_one_connection (arg=0x561da85eaf70) at /data/src/10.3/sql/sql_connect.cc:1308 #16 0x0000561da4af98e7 in pfs_spawn_thread (arg=0x561da852f620) at /data/src/10.3/storage/perfschema/pfs.cc:1862 #17 0x00007f1be31f5494 in start_thread (arg=0x7f1bdc0a6700) at pthread_create.c:333 #18 0x00007f1be15d393f in clone () from /lib/x86_64-linux-gnu/libc.so.6 {noformat} Both debug and non-debug builds crash. |
| Summary | [Draft] Server crashes in heap_scan | Server crash or ASAN heap-buffer-overflow in heap_scan upon concurrent UPDATE and ALTER with XA and versioning |
| Comment | [ New occurrence: http://buildbot.askmonty.org/buildbot/builders/qa-win-rel/builds/4980/steps/result_summary/logs/stdio ] |
| Comment | [ New occurrence: https://travis-ci.org/elenst/travis-tests/jobs/423266197 ] |
| Comment | [ New occurrence: http://buildbot.askmonty.org/buildbot/builders/qa-win-rel/builds/5518/steps/result_summary/logs/stdio ] |
| Fix Version/s | 10.4 [ 22408 ] | |
| Affects Version/s | 10.4 [ 22408 ] |
| Assignee | Elena Stepanova [ elenst ] | Alexander Krizhanovsky [ krizhanovsky ] |
| Assignee | Alexander Krizhanovsky [ krizhanovsky ] | Aleksey Midenok [ midenok ] |
| Status | Open [ 1 ] | In Progress [ 3 ] |
| Component/s | XA [ 12400 ] | |
| Summary | Server crash or ASAN heap-buffer-overflow in heap_scan upon concurrent UPDATE and ALTER with XA and versioning | Segfault in heap_scan() upon UPDATE after ADD SYSTEM VERSIONING |
| Description |
_Note: I'm not sure it's genuinely related to versioning, but it's the only way I was able to reproduce it so far._
_Note: Run with {{--repeat=N}} if it doesn't fail right away. N=5 has always been enough for me, but it can vary on different machines._ {code:sql} XA BEGIN 'xid'; --connect (con1,localhost,root,,test) CREATE TABLE t1 (a INT) ENGINE=MEMORY; INSERT INTO t1 VALUES (1),(2),(3),(4),(5),(6),(7),(8); INSERT INTO t1 SELECT * FROM t1; INSERT INTO t1 SELECT * FROM t1; INSERT INTO t1 SELECT * FROM t1; INSERT INTO t1 SELECT * FROM t1; INSERT INTO t1 SELECT * FROM t1; INSERT INTO t1 SELECT * FROM t1; INSERT INTO t1 SELECT * FROM t1; INSERT INTO t1 SELECT * FROM t1; INSERT INTO t1 SELECT * FROM t1; --send ALTER TABLE t1 ADD SYSTEM VERSIONING; --connection default --error ER_XAER_RMFAIL ALTER TABLE t1 ORDER BY a; UPDATE t1 SET a = 6; --connection con1 --error 0,ER_LOCK_WAIT_TIMEOUT --reap {code} {noformat:title=10.3 13cd4cf436 ASAN build} ==30594==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x63300016a21b at pc 0x55c495d15e48 bp 0x7eff56905620 sp 0x7eff56905618 READ of size 1 at 0x63300016a21b thread T5 #0 0x55c495d15e47 in heap_scan /data/src/10.3/storage/heap/hp_scan.c:65 #1 0x55c495d00b22 in ha_heap::rnd_next(unsigned char*) /data/src/10.3/storage/heap/ha_heap.cc:348 #2 0x55c494d05e17 in handler::ha_rnd_next(unsigned char*) /data/src/10.3/sql/handler.cc:2765 #3 0x55c4950b25b5 in rr_sequential(READ_RECORD*) /data/src/10.3/sql/records.cc:481 #4 0x55c49448bf63 in READ_RECORD::read_record() /data/src/10.3/sql/records.h:73 #5 0x55c494862b60 in mysql_update(THD*, TABLE_LIST*, List<Item>&, List<Item>&, Item*, unsigned int, st_order*, unsigned long long, enum_duplicates, bool, unsigned long long*, unsigned long long*) /data/src/10.3/sql/sql_update.cc:866 #6 0x55c4945fbb19 in mysql_execute_command(THD*) /data/src/10.3/sql/sql_parse.cc:4579 #7 0x55c494612532 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.3/sql/sql_parse.cc:8090 #8 0x55c4945ec65a in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.3/sql/sql_parse.cc:1850 #9 0x55c4945e96e2 in do_command(THD*) /data/src/10.3/sql/sql_parse.cc:1395 #10 0x55c49495ac76 in do_handle_one_connection(CONNECT*) /data/src/10.3/sql/sql_connect.cc:1402 #11 0x55c49495a682 in handle_one_connection /data/src/10.3/sql/sql_connect.cc:1308 #12 0x55c495479a7d in pfs_spawn_thread /data/src/10.3/storage/perfschema/pfs.cc:1862 #13 0x7eff62ee4493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493) #14 0x7eff612c293e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e) 0x63300016a21b is located 15 bytes to the right of 104972-byte region [0x633000150800,0x63300016a20c) allocated by thread T6 here: #0 0x7eff6314e73f in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5473f) #1 0x55c495e29e68 in sf_malloc /data/src/10.3/mysys/safemalloc.c:118 #2 0x55c495dfa7e5 in my_malloc /data/src/10.3/mysys/my_malloc.c:101 #3 0x55c495d1a31f in hp_get_new_block /data/src/10.3/storage/heap/hp_block.c:81 #4 0x55c495d186f3 in next_free_record_pos /data/src/10.3/storage/heap/hp_write.c:165 #5 0x55c495d1726c in heap_write /data/src/10.3/storage/heap/hp_write.c:45 #6 0x55c495cffb22 in ha_heap::write_row(unsigned char*) /data/src/10.3/storage/heap/ha_heap.cc:239 #7 0x55c494d1f0cb in handler::ha_write_row(unsigned char*) /data/src/10.3/sql/handler.cc:6237 #8 0x55c494824334 in copy_data_between_tables /data/src/10.3/sql/sql_table.cc:10446 #9 0x55c494820722 in mysql_alter_table(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, HA_CREATE_INFO*, TABLE_LIST*, Alter_info*, unsigned int, st_order*, bool) /data/src/10.3/sql/sql_table.cc:9883 #10 0x55c494969c3f in Sql_cmd_alter_table::execute(THD*) /data/src/10.3/sql/sql_alter.cc:497 #11 0x55c494607634 in mysql_execute_command(THD*) /data/src/10.3/sql/sql_parse.cc:6283 #12 0x55c494612532 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.3/sql/sql_parse.cc:8090 #13 0x55c4945ec65a in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.3/sql/sql_parse.cc:1850 #14 0x55c4945e96e2 in do_command(THD*) /data/src/10.3/sql/sql_parse.cc:1395 #15 0x55c49495ac76 in do_handle_one_connection(CONNECT*) /data/src/10.3/sql/sql_connect.cc:1402 #16 0x55c49495a682 in handle_one_connection /data/src/10.3/sql/sql_connect.cc:1308 #17 0x55c495479a7d in pfs_spawn_thread /data/src/10.3/storage/perfschema/pfs.cc:1862 #18 0x7eff62ee4493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493) Thread T5 created by T0 here: #0 0x7eff6311dbba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba) #1 0x55c49547a045 in spawn_thread_v1 /data/src/10.3/storage/perfschema/pfs.cc:1912 #2 0x55c494354c18 in inline_mysql_thread_create /data/src/10.3/include/mysql/psi/mysql_thread.h:1268 #3 0x55c49436ada5 in create_thread_to_handle_connection(CONNECT*) /data/src/10.3/sql/mysqld.cc:6572 #4 0x55c49436b4aa in create_new_thread /data/src/10.3/sql/mysqld.cc:6642 #5 0x55c49436c4c1 in handle_connections_sockets() /data/src/10.3/sql/mysqld.cc:6917 #6 0x55c49436a262 in mysqld_main(int, char**) /data/src/10.3/sql/mysqld.cc:6194 #7 0x55c494352c9f in main /data/src/10.3/sql/main.cc:25 #8 0x7eff611fa2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) Thread T6 created by T0 here: #0 0x7eff6311dbba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba) #1 0x55c49547a045 in spawn_thread_v1 /data/src/10.3/storage/perfschema/pfs.cc:1912 #2 0x55c494354c18 in inline_mysql_thread_create /data/src/10.3/include/mysql/psi/mysql_thread.h:1268 #3 0x55c49436ada5 in create_thread_to_handle_connection(CONNECT*) /data/src/10.3/sql/mysqld.cc:6572 #4 0x55c49436b4aa in create_new_thread /data/src/10.3/sql/mysqld.cc:6642 #5 0x55c49436c4c1 in handle_connections_sockets() /data/src/10.3/sql/mysqld.cc:6917 #6 0x55c49436a262 in mysqld_main(int, char**) /data/src/10.3/sql/mysqld.cc:6194 #7 0x55c494352c9f in main /data/src/10.3/sql/main.cc:25 #8 0x7eff611fa2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) SUMMARY: AddressSanitizer: heap-buffer-overflow /data/src/10.3/storage/heap/hp_scan.c:65 heap_scan Shadow bytes around the buggy address: 0x0c66800253f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c6680025400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c6680025410: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c6680025420: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c6680025430: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0c6680025440: 00 04 fa[fa]fa fa fa fa fa fa fa fa fa fa fa fa 0x0c6680025450: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c6680025460: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c6680025470: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c6680025480: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c6680025490: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Contiguous container OOB:fc ASan internal: fe ==30594==ABORTING ----------SERVER LOG END------------- {noformat} {noformat:title=10.3 13cd4cf436 non-ASAN} #3 <signal handler called> #4 0x0000561da4f47316 in heap_scan (info=0x7f1bc0122b20, record=0x7f1bc006f600 '\245' <repeats 16 times>, "h4z\245\245\245\245\245\375\001") at /data/src/10.3/storage/heap/hp_scan.c:65 #5 0x0000561da4f41188 in ha_heap::rnd_next (this=0x7f1bc0122628, buf=0x7f1bc006f600 '\245' <repeats 16 times>, "h4z\245\245\245\245\245\375\001") at /data/src/10.3/storage/heap/ha_heap.cc:348 #6 0x0000561da47fbaa7 in handler::ha_rnd_next (this=0x7f1bc0122628, buf=0x7f1bc006f600 '\245' <repeats 16 times>, "h4z\245\245\245\245\245\375\001") at /data/src/10.3/sql/handler.cc:2765 #7 0x0000561da497cb3b in rr_sequential (info=0x7f1bdc0a4170) at /data/src/10.3/sql/records.cc:481 #8 0x0000561da446a63d in READ_RECORD::read_record (this=0x7f1bdc0a4170) at /data/src/10.3/sql/records.h:73 #9 0x0000561da45fe6f6 in mysql_update (thd=0x7f1bc0000b00, table_list=0x7f1bc0014db0, fields=..., values=..., conds=0x0, order_num=0, order=0x0, limit=18446744073709551614, handle_duplicates=DUP_ERROR, ignore=false, found_return=0x7f1bdc0a46f0, updated_return=0x7f1bdc0a47b0) at /data/src/10.3/sql/sql_update.cc:866 #10 0x0000561da4505f8f in mysql_execute_command (thd=0x7f1bc0000b00) at /data/src/10.3/sql/sql_parse.cc:4579 #11 0x0000561da45113ab in mysql_parse (thd=0x7f1bc0000b00, rawbuf=0x7f1bc0014cd8 "UPDATE t1 SET a = 6", length=19, parser_state=0x7f1bdc0a55f0, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:8090 #12 0x0000561da44fe571 in dispatch_command (command=COM_QUERY, thd=0x7f1bc0000b00, packet=0x7f1bc000b1e1 "UPDATE t1 SET a = 6", packet_length=19, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:1850 #13 0x0000561da44fcf95 in do_command (thd=0x7f1bc0000b00) at /data/src/10.3/sql/sql_parse.cc:1395 #14 0x0000561da4664a1c in do_handle_one_connection (connect=0x561da85eaf70) at /data/src/10.3/sql/sql_connect.cc:1402 #15 0x0000561da46647a0 in handle_one_connection (arg=0x561da85eaf70) at /data/src/10.3/sql/sql_connect.cc:1308 #16 0x0000561da4af98e7 in pfs_spawn_thread (arg=0x561da852f620) at /data/src/10.3/storage/perfschema/pfs.cc:1862 #17 0x00007f1be31f5494 in start_thread (arg=0x7f1bdc0a6700) at pthread_create.c:333 #18 0x00007f1be15d393f in clone () from /lib/x86_64-linux-gnu/libc.so.6 {noformat} Both debug and non-debug builds crash. |
h3. Server crash or ASAN heap-buffer-overflow in heap_scan upon concurrent UPDATE and ALTER with XA and versioning
_Note: I'm not sure it's genuinely related to versioning, but it's the only way I was able to reproduce it so far._ _Note: Run with {{--repeat=N}} if it doesn't fail right away. N=5 has always been enough for me, but it can vary on different machines._ {code:sql} XA BEGIN 'xid'; --connect (con1,localhost,root,,test) CREATE TABLE t1 (a INT) ENGINE=MEMORY; INSERT INTO t1 VALUES (1),(2),(3),(4),(5),(6),(7),(8); INSERT INTO t1 SELECT * FROM t1; INSERT INTO t1 SELECT * FROM t1; INSERT INTO t1 SELECT * FROM t1; INSERT INTO t1 SELECT * FROM t1; INSERT INTO t1 SELECT * FROM t1; INSERT INTO t1 SELECT * FROM t1; INSERT INTO t1 SELECT * FROM t1; INSERT INTO t1 SELECT * FROM t1; INSERT INTO t1 SELECT * FROM t1; --send ALTER TABLE t1 ADD SYSTEM VERSIONING; --connection default --error ER_XAER_RMFAIL ALTER TABLE t1 ORDER BY a; UPDATE t1 SET a = 6; --connection con1 --error 0,ER_LOCK_WAIT_TIMEOUT --reap {code} {noformat:title=10.3 13cd4cf436 ASAN build} ==30594==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x63300016a21b at pc 0x55c495d15e48 bp 0x7eff56905620 sp 0x7eff56905618 READ of size 1 at 0x63300016a21b thread T5 #0 0x55c495d15e47 in heap_scan /data/src/10.3/storage/heap/hp_scan.c:65 #1 0x55c495d00b22 in ha_heap::rnd_next(unsigned char*) /data/src/10.3/storage/heap/ha_heap.cc:348 #2 0x55c494d05e17 in handler::ha_rnd_next(unsigned char*) /data/src/10.3/sql/handler.cc:2765 #3 0x55c4950b25b5 in rr_sequential(READ_RECORD*) /data/src/10.3/sql/records.cc:481 #4 0x55c49448bf63 in READ_RECORD::read_record() /data/src/10.3/sql/records.h:73 #5 0x55c494862b60 in mysql_update(THD*, TABLE_LIST*, List<Item>&, List<Item>&, Item*, unsigned int, st_order*, unsigned long long, enum_duplicates, bool, unsigned long long*, unsigned long long*) /data/src/10.3/sql/sql_update.cc:866 #6 0x55c4945fbb19 in mysql_execute_command(THD*) /data/src/10.3/sql/sql_parse.cc:4579 #7 0x55c494612532 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.3/sql/sql_parse.cc:8090 #8 0x55c4945ec65a in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.3/sql/sql_parse.cc:1850 #9 0x55c4945e96e2 in do_command(THD*) /data/src/10.3/sql/sql_parse.cc:1395 #10 0x55c49495ac76 in do_handle_one_connection(CONNECT*) /data/src/10.3/sql/sql_connect.cc:1402 #11 0x55c49495a682 in handle_one_connection /data/src/10.3/sql/sql_connect.cc:1308 #12 0x55c495479a7d in pfs_spawn_thread /data/src/10.3/storage/perfschema/pfs.cc:1862 #13 0x7eff62ee4493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493) #14 0x7eff612c293e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e) 0x63300016a21b is located 15 bytes to the right of 104972-byte region [0x633000150800,0x63300016a20c) allocated by thread T6 here: #0 0x7eff6314e73f in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5473f) #1 0x55c495e29e68 in sf_malloc /data/src/10.3/mysys/safemalloc.c:118 #2 0x55c495dfa7e5 in my_malloc /data/src/10.3/mysys/my_malloc.c:101 #3 0x55c495d1a31f in hp_get_new_block /data/src/10.3/storage/heap/hp_block.c:81 #4 0x55c495d186f3 in next_free_record_pos /data/src/10.3/storage/heap/hp_write.c:165 #5 0x55c495d1726c in heap_write /data/src/10.3/storage/heap/hp_write.c:45 #6 0x55c495cffb22 in ha_heap::write_row(unsigned char*) /data/src/10.3/storage/heap/ha_heap.cc:239 #7 0x55c494d1f0cb in handler::ha_write_row(unsigned char*) /data/src/10.3/sql/handler.cc:6237 #8 0x55c494824334 in copy_data_between_tables /data/src/10.3/sql/sql_table.cc:10446 #9 0x55c494820722 in mysql_alter_table(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, HA_CREATE_INFO*, TABLE_LIST*, Alter_info*, unsigned int, st_order*, bool) /data/src/10.3/sql/sql_table.cc:9883 #10 0x55c494969c3f in Sql_cmd_alter_table::execute(THD*) /data/src/10.3/sql/sql_alter.cc:497 #11 0x55c494607634 in mysql_execute_command(THD*) /data/src/10.3/sql/sql_parse.cc:6283 #12 0x55c494612532 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.3/sql/sql_parse.cc:8090 #13 0x55c4945ec65a in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.3/sql/sql_parse.cc:1850 #14 0x55c4945e96e2 in do_command(THD*) /data/src/10.3/sql/sql_parse.cc:1395 #15 0x55c49495ac76 in do_handle_one_connection(CONNECT*) /data/src/10.3/sql/sql_connect.cc:1402 #16 0x55c49495a682 in handle_one_connection /data/src/10.3/sql/sql_connect.cc:1308 #17 0x55c495479a7d in pfs_spawn_thread /data/src/10.3/storage/perfschema/pfs.cc:1862 #18 0x7eff62ee4493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493) Thread T5 created by T0 here: #0 0x7eff6311dbba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba) #1 0x55c49547a045 in spawn_thread_v1 /data/src/10.3/storage/perfschema/pfs.cc:1912 #2 0x55c494354c18 in inline_mysql_thread_create /data/src/10.3/include/mysql/psi/mysql_thread.h:1268 #3 0x55c49436ada5 in create_thread_to_handle_connection(CONNECT*) /data/src/10.3/sql/mysqld.cc:6572 #4 0x55c49436b4aa in create_new_thread /data/src/10.3/sql/mysqld.cc:6642 #5 0x55c49436c4c1 in handle_connections_sockets() /data/src/10.3/sql/mysqld.cc:6917 #6 0x55c49436a262 in mysqld_main(int, char**) /data/src/10.3/sql/mysqld.cc:6194 #7 0x55c494352c9f in main /data/src/10.3/sql/main.cc:25 #8 0x7eff611fa2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) Thread T6 created by T0 here: #0 0x7eff6311dbba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba) #1 0x55c49547a045 in spawn_thread_v1 /data/src/10.3/storage/perfschema/pfs.cc:1912 #2 0x55c494354c18 in inline_mysql_thread_create /data/src/10.3/include/mysql/psi/mysql_thread.h:1268 #3 0x55c49436ada5 in create_thread_to_handle_connection(CONNECT*) /data/src/10.3/sql/mysqld.cc:6572 #4 0x55c49436b4aa in create_new_thread /data/src/10.3/sql/mysqld.cc:6642 #5 0x55c49436c4c1 in handle_connections_sockets() /data/src/10.3/sql/mysqld.cc:6917 #6 0x55c49436a262 in mysqld_main(int, char**) /data/src/10.3/sql/mysqld.cc:6194 #7 0x55c494352c9f in main /data/src/10.3/sql/main.cc:25 #8 0x7eff611fa2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) SUMMARY: AddressSanitizer: heap-buffer-overflow /data/src/10.3/storage/heap/hp_scan.c:65 heap_scan Shadow bytes around the buggy address: 0x0c66800253f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c6680025400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c6680025410: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c6680025420: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c6680025430: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0c6680025440: 00 04 fa[fa]fa fa fa fa fa fa fa fa fa fa fa fa 0x0c6680025450: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c6680025460: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c6680025470: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c6680025480: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c6680025490: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Contiguous container OOB:fc ASan internal: fe ==30594==ABORTING ----------SERVER LOG END------------- {noformat} {noformat:title=10.3 13cd4cf436 non-ASAN} #3 <signal handler called> #4 0x0000561da4f47316 in heap_scan (info=0x7f1bc0122b20, record=0x7f1bc006f600 '\245' <repeats 16 times>, "h4z\245\245\245\245\245\375\001") at /data/src/10.3/storage/heap/hp_scan.c:65 #5 0x0000561da4f41188 in ha_heap::rnd_next (this=0x7f1bc0122628, buf=0x7f1bc006f600 '\245' <repeats 16 times>, "h4z\245\245\245\245\245\375\001") at /data/src/10.3/storage/heap/ha_heap.cc:348 #6 0x0000561da47fbaa7 in handler::ha_rnd_next (this=0x7f1bc0122628, buf=0x7f1bc006f600 '\245' <repeats 16 times>, "h4z\245\245\245\245\245\375\001") at /data/src/10.3/sql/handler.cc:2765 #7 0x0000561da497cb3b in rr_sequential (info=0x7f1bdc0a4170) at /data/src/10.3/sql/records.cc:481 #8 0x0000561da446a63d in READ_RECORD::read_record (this=0x7f1bdc0a4170) at /data/src/10.3/sql/records.h:73 #9 0x0000561da45fe6f6 in mysql_update (thd=0x7f1bc0000b00, table_list=0x7f1bc0014db0, fields=..., values=..., conds=0x0, order_num=0, order=0x0, limit=18446744073709551614, handle_duplicates=DUP_ERROR, ignore=false, found_return=0x7f1bdc0a46f0, updated_return=0x7f1bdc0a47b0) at /data/src/10.3/sql/sql_update.cc:866 #10 0x0000561da4505f8f in mysql_execute_command (thd=0x7f1bc0000b00) at /data/src/10.3/sql/sql_parse.cc:4579 #11 0x0000561da45113ab in mysql_parse (thd=0x7f1bc0000b00, rawbuf=0x7f1bc0014cd8 "UPDATE t1 SET a = 6", length=19, parser_state=0x7f1bdc0a55f0, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:8090 #12 0x0000561da44fe571 in dispatch_command (command=COM_QUERY, thd=0x7f1bc0000b00, packet=0x7f1bc000b1e1 "UPDATE t1 SET a = 6", packet_length=19, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:1850 #13 0x0000561da44fcf95 in do_command (thd=0x7f1bc0000b00) at /data/src/10.3/sql/sql_parse.cc:1395 #14 0x0000561da4664a1c in do_handle_one_connection (connect=0x561da85eaf70) at /data/src/10.3/sql/sql_connect.cc:1402 #15 0x0000561da46647a0 in handle_one_connection (arg=0x561da85eaf70) at /data/src/10.3/sql/sql_connect.cc:1308 #16 0x0000561da4af98e7 in pfs_spawn_thread (arg=0x561da852f620) at /data/src/10.3/storage/perfschema/pfs.cc:1862 #17 0x00007f1be31f5494 in start_thread (arg=0x7f1bdc0a6700) at pthread_create.c:333 #18 0x00007f1be15d393f in clone () from /lib/x86_64-linux-gnu/libc.so.6 {noformat} Both debug and non-debug builds crash. |
| Link |
This issue relates to |
| Assignee | Aleksey Midenok [ midenok ] | Sergei Golubchik [ serg ] |
| Status | In Progress [ 3 ] | In Review [ 10002 ] |
| Labels | affects-tests |
| Status | In Review [ 10002 ] | Stalled [ 10000 ] |
| Comment |
[ {{versioning.update-big}} fails in 10.4. Please merge the suggested fix.
{code} versioning.update-big 'heap,innodb' w3 [ fail ] Test ended at 2019-05-31 10:14:59 CURRENT_TEST: versioning.update-big mysqltest: At line 24: query 'update t1 set a= 7 where a = 3' failed: 2013: Lost connection to MySQL server during query Server [mysqld.1 - pid: 15150, winpid: 15150, exit: 256] failed during test run Server log from this test: ----------SERVER LOG START----------- 2019-05-31 10:14:58 0 [Warning] Could not increase number of max_open_files to more than 1024 (request: 4190) 2019-05-31 10:14:58 0 [Warning] Changed limits: max_open_files: 1024 max_connections: 151 (was 151) table_cache: 421 (was 2000) 2019-05-31 10:14:58 0 [Warning] setrlimit could not change the size of core files to 'infinity'; We may not be able to generate a core file on signals 2019-05-31 10:14:58 0 [Warning] Plugin 'test_versioning' is of maturity level experimental while the server is gamma 2019-05-31 10:14:58 0 [Warning] /home/midenok/src/mariadb/10.4/build/sql/mysqld: unknown option '--loose-pam-debug' 2019-05-31 10:14:58 0 [Warning] /home/midenok/src/mariadb/10.4/build/sql/mysqld: unknown option '--loose-aria' 2019-05-31 10:14:58 0 [Note] /home/midenok/src/mariadb/10.4/build/sql/mysqld: ready for connections. Version: '10.4.6-MariaDB-debug-log' socket: '/home/midenok/src/mariadb/10.4/build/mysql-test/var/tmp/3/mysqld.1.sock' port: 16040 Source distribution ================================================================= ==15152==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x63300016a1b3 at pc 0x000001d3ee90 bp 0x7f7389005390 sp 0x7f7389005388 READ of size 1 at 0x63300016a1b3 thread T27 #0 0x1d3ee8f in heap_scan /home/midenok/src/mariadb/10.4/src/storage/heap/hp_scan.c:65:8 #1 0x1d2133b in ha_heap::rnd_next(unsigned char*) /home/midenok/src/mariadb/10.4/src/storage/heap/ha_heap.cc:348:13 #2 0x16091ce in handler::ha_rnd_next(unsigned char*) /home/midenok/src/mariadb/10.4/src/sql/handler.cc:2808:5 #3 0x1b73c40 in rr_sequential(READ_RECORD*) /home/midenok/src/mariadb/10.4/src/sql/records.cc:480:35 #4 0x9d6835 in READ_RECORD::read_record() /home/midenok/src/mariadb/10.4/src/sql/records.h:69:30 #5 0xfa4d41 in mysql_update(THD*, TABLE_LIST*, List<Item>&, List<Item>&, Item*, unsigned int, st_order*, unsigned long long, bool, unsigned long long*, unsigned long long*) /home/midenok/src/mariadb/10.4/src/sql/sql_update.cc:949:23 #6 0xbff3b5 in mysql_execute_command(THD*) /home/midenok/src/mariadb/10.4/src/sql/sql_parse.cc:4634:21 #7 0xbe6fe4 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /home/midenok/src/mariadb/10.4/src/sql/sql_parse.cc:8164:18 #8 0xbdfce4 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /home/midenok/src/mariadb/10.4/src/sql/sql_parse.cc:1828:7 #9 0xbe8b92 in do_command(THD*) /home/midenok/src/mariadb/10.4/src/sql/sql_parse.cc:1361:17 #10 0x11254d5 in do_handle_one_connection(CONNECT*) /home/midenok/src/mariadb/10.4/src/sql/sql_connect.cc:1403:11 #11 0x1124bf1 in handle_one_connection /home/midenok/src/mariadb/10.4/src/sql/sql_connect.cc:1306:3 #12 0x2e54384 in pfs_spawn_thread /home/midenok/src/mariadb/10.4/src/storage/perfschema/pfs.cc:1862:3 #13 0x7f73a0037163 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x8163) #14 0x7f739f6bbdee in clone /build/glibc-B9XfQf/glibc-2.28/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95 0x63300016a1b3 is located 19 bytes to the right of 104864-byte region [0x633000150800,0x63300016a1a0) allocated by thread T28 here: #0 0x7bc527 in __interceptor_malloc (/home/midenok/src/mariadb/10.4/build/sql/mysqld+0x7bc527) #1 0x2fd4475 in my_malloc /home/midenok/src/mariadb/10.4/src/mysys/my_malloc.c:101:10 #2 0x1d44fbd in hp_get_new_block /home/midenok/src/mariadb/10.4/src/storage/heap/hp_block.c:81:25 #3 0x1d4225b in next_free_record_pos /home/midenok/src/mariadb/10.4/src/storage/heap/hp_write.c:163:9 #4 0x1d40bb2 in heap_write /home/midenok/src/mariadb/10.4/src/storage/heap/hp_write.c:45:13 #5 0x1d200f7 in ha_heap::write_row(unsigned char*) /home/midenok/src/mariadb/10.4/src/storage/heap/ha_heap.cc:239:8 #6 0x1632f3d in handler::ha_write_row(unsigned char*) /home/midenok/src/mariadb/10.4/src/sql/handler.cc:6654:3 #7 0xf40b5b in copy_data_between_tables(THD*, TABLE*, TABLE*, List<Create_field>&, bool, unsigned int, st_order*, unsigned long long*, unsigned long long*, Alter_info::enum_enable_or_disable, Alter_table_ctx*) /home/midenok/src/mariadb/10.4/src/sql/sql_table.cc:10697:22 #8 0xf27c5d in mysql_alter_table(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, HA_CREATE_INFO*, TABLE_LIST*, Alter_info*, unsigned int, st_order*, bool) /home/midenok/src/mariadb/10.4/src/sql/sql_table.cc:10119:9 #9 0x11460f2 in Sql_cmd_alter_table::execute(THD*) /home/midenok/src/mariadb/10.4/src/sql/sql_alter.cc:490:11 #10 0xc0e055 in mysql_execute_command(THD*) /home/midenok/src/mariadb/10.4/src/sql/sql_parse.cc:6354:26 #11 0xbe6fe4 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /home/midenok/src/mariadb/10.4/src/sql/sql_parse.cc:8164:18 #12 0xbdfce4 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /home/midenok/src/mariadb/10.4/src/sql/sql_parse.cc:1828:7 #13 0xbe8b92 in do_command(THD*) /home/midenok/src/mariadb/10.4/src/sql/sql_parse.cc:1361:17 #14 0x11254d5 in do_handle_one_connection(CONNECT*) /home/midenok/src/mariadb/10.4/src/sql/sql_connect.cc:1403:11 #15 0x1124bf1 in handle_one_connection /home/midenok/src/mariadb/10.4/src/sql/sql_connect.cc:1306:3 #16 0x2e54384 in pfs_spawn_thread /home/midenok/src/mariadb/10.4/src/storage/perfschema/pfs.cc:1862:3 #17 0x7f73a0037163 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x8163) Thread T27 created by T0 here: #0 0x7136f0 in pthread_create (/home/midenok/src/mariadb/10.4/build/sql/mysqld+0x7136f0) #1 0x2e5a16b in spawn_thread_v1(unsigned int, unsigned long*, pthread_attr_t const*, void* (*)(void*), void*) /home/midenok/src/mariadb/10.4/src/storage/perfschema/pfs.cc:1912:15 #2 0x8046da in inline_mysql_thread_create(unsigned int, unsigned long*, pthread_attr_t const*, void* (*)(void*), void*) /home/midenok/src/mariadb/10.4/src/include/mysql/psi/mysql_thread.h:1268:11 #3 0x8155c6 in create_thread_to_handle_connection(CONNECT*) /home/midenok/src/mariadb/10.4/src/sql/mysqld.cc:6238:15 #4 0x816029 in create_new_thread(CONNECT*) /home/midenok/src/mariadb/10.4/src/sql/mysqld.cc:6308:3 #5 0x816eae in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /home/midenok/src/mariadb/10.4/src/sql/mysqld.cc:6406:3 #6 0x813c6b in handle_connections_sockets() /home/midenok/src/mariadb/10.4/src/sql/mysqld.cc:6564:5 #7 0x8085da in mysqld_main(int, char**) /home/midenok/src/mariadb/10.4/src/sql/mysqld.cc:5896:3 #8 0x7fbb61 in main /home/midenok/src/mariadb/10.4/src/sql/main.cc:25:10 #9 0x7f739f5c509a in __libc_start_main /build/glibc-B9XfQf/glibc-2.28/csu/../csu/libc-start.c:308:16 Thread T28 created by T0 here: #0 0x7136f0 in pthread_create (/home/midenok/src/mariadb/10.4/build/sql/mysqld+0x7136f0) #1 0x2e5a16b in spawn_thread_v1(unsigned int, unsigned long*, pthread_attr_t const*, void* (*)(void*), void*) /home/midenok/src/mariadb/10.4/src/storage/perfschema/pfs.cc:1912:15 #2 0x8046da in inline_mysql_thread_create(unsigned int, unsigned long*, pthread_attr_t const*, void* (*)(void*), void*) /home/midenok/src/mariadb/10.4/src/include/mysql/psi/mysql_thread.h:1268:11 #3 0x8155c6 in create_thread_to_handle_connection(CONNECT*) /home/midenok/src/mariadb/10.4/src/sql/mysqld.cc:6238:15 #4 0x816029 in create_new_thread(CONNECT*) /home/midenok/src/mariadb/10.4/src/sql/mysqld.cc:6308:3 #5 0x816eae in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /home/midenok/src/mariadb/10.4/src/sql/mysqld.cc:6406:3 #6 0x813c6b in handle_connections_sockets() /home/midenok/src/mariadb/10.4/src/sql/mysqld.cc:6564:5 #7 0x8085da in mysqld_main(int, char**) /home/midenok/src/mariadb/10.4/src/sql/mysqld.cc:5896:3 #8 0x7fbb61 in main /home/midenok/src/mariadb/10.4/src/sql/main.cc:25:10 #9 0x7f739f5c509a in __libc_start_main /build/glibc-B9XfQf/glibc-2.28/csu/../csu/libc-start.c:308:16 SUMMARY: AddressSanitizer: heap-buffer-overflow /home/midenok/src/mariadb/10.4/src/storage/heap/hp_scan.c:65:8 in heap_scan Shadow bytes around the buggy address: 0x0c66800253e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c66800253f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c6680025400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c6680025410: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c6680025420: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0c6680025430: 00 00 00 00 fa fa[fa]fa fa fa fa fa fa fa fa fa 0x0c6680025440: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c6680025450: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c6680025460: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c6680025470: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c6680025480: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==15152==ABORTING ----------SERVER LOG END------------- {code} ] |
| Fix Version/s | 10.4.5 [ 23311 ] | |
| Fix Version/s | 10.3.16 [ 23410 ] | |
| Fix Version/s | 10.3 [ 22126 ] | |
| Fix Version/s | 10.4 [ 22408 ] | |
| Assignee | Sergei Golubchik [ serg ] | Aleksey Midenkov [ midenok ] |
| Resolution | Fixed [ 1 ] | |
| Status | Stalled [ 10000 ] | Closed [ 6 ] |
| Assignee | Aleksey Midenkov [ midenok ] | Sergei Golubchik [ serg ] |
| Resolution | Fixed [ 1 ] | |
| Status | Closed [ 6 ] | Stalled [ 10000 ] |
| Assignee | Sergei Golubchik [ serg ] | Aleksey Midenkov [ midenok ] |
| Status | Stalled [ 10000 ] | In Progress [ 3 ] |
| Assignee | Aleksey Midenkov [ midenok ] | Sergei Golubchik [ serg ] |
| Status | In Progress [ 3 ] | In Review [ 10002 ] |
| Fix Version/s | 10.3 [ 22126 ] | |
| Fix Version/s | 10.4 [ 22408 ] | |
| Fix Version/s | 10.4.5 [ 23311 ] | |
| Fix Version/s | 10.3.16 [ 23410 ] |
| Status | In Review [ 10002 ] | Stalled [ 10000 ] |
| Fix Version/s | 10.2.27 [ 23717 ] | |
| Fix Version/s | 10.3.18 [ 23719 ] | |
| Fix Version/s | 10.4.8 [ 23721 ] | |
| Fix Version/s | 10.3 [ 22126 ] | |
| Fix Version/s | 10.4 [ 22408 ] | |
| Resolution | Fixed [ 1 ] | |
| Status | Stalled [ 10000 ] | Closed [ 6 ] |
| Workflow | MariaDB v3 [ 85814 ] | MariaDB v4 [ 153890 ] |