[MDEV-22016] munmap_chunk(): invalid pointer, crash in alloc_root, ASAN heap-use-after-free in lex_end_stage1 or Assertion `m_thd == __null' failed - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Cannot Reproduce
Affects Version/s: 10.3, 10.4, 10.5, 10.6
Fix Version/s: N/A
Component/s: Stored routines
Labels:
None

Description

Note: The problem might be related to ~~MDEV-21173~~. The test case causes the same assertion failure (although with a non-identical stack trace) on a debug build, and there are some similarities in the test case itself. However, the ASAN stack trace is essentially different, and also the test case in this bug report is applicable to 10.3 and fails there as well.

--delimiter $

--error ER_PARSE_ERROR

BEGIN NOT ATOMIC CREATE SEQUENCE s RESTART WITH 1 ; END $

--delimiter ;

10.5 5d1b8f41 RelWithDebInfo
#3 <signal handler called>
#4 alloc_root (mem_root=mem_root@entry=0x7ff1740f9220, length=8, length@entry=5) at /data/src/10.5/mysys/my_alloc.c:224
#5 0x000055fb0e80a625 in strmake_root (root=root@entry=0x7ff1740f9220, str=0x55fb1128e3c0 "root", len=4) at /data/src/10.5/mysys/my_alloc.c:466
#6 0x000055fb0e80a6d5 in safe_lexcstrdup_root (root=root@entry=0x7ff1740f9220, str=...) at /data/src/10.5/mysys/my_alloc.c:487
#7 0x000055fb0e06b0a7 in ACL_USER::copy (this=this@entry=0x55fb112859a8, root=0x7ff1740f9220) at /data/src/10.5/sql/sql_acl.cc:215
#8 0x000055fb0e060f30 in find_mpvio_user (mpvio=mpvio@entry=0x7ff1843363b0) at /data/src/10.5/sql/sql_acl.cc:13066
#9 0x000055fb0e06160c in parse_client_handshake_packet (mpvio=mpvio@entry=0x7ff1843363b0, buff=buff@entry=0x7ff184335c98, pkt_len=pkt_len@entry=191) at /data/src/10.5/sql/sql_acl.cc:13500
#10 0x000055fb0e061a46 in server_mpvio_read_packet (param=0x7ff1843363b0, buf=0x7ff184335c98) at /data/src/10.5/sql/sql_acl.cc:13697
#11 0x000055fb0e05020a in native_password_authenticate (vio=0x7ff1843363b0, info=0x7ff1843363c8) at /data/src/10.5/sql/sql_acl.cc:14389
#12 0x000055fb0e051b9c in do_auth_once (thd=thd@entry=0x7ff1740009b8, auth_plugin_name=<optimized out>, mpvio=mpvio@entry=0x7ff1843363b0) at /data/src/10.5/sql/sql_acl.cc:13879
#13 0x000055fb0e065922 in acl_authenticate (thd=thd@entry=0x7ff1740009b8, com_change_user_pkt_len=com_change_user_pkt_len@entry=0) at /data/src/10.5/sql/sql_acl.cc:14022
#14 0x000055fb0e1af983 in check_connection (thd=thd@entry=0x7ff1740009b8) at /data/src/10.5/sql/sql_connect.cc:1080
#15 0x000055fb0e1afb62 in login_connection (thd=thd@entry=0x7ff1740009b8) at /data/src/10.5/sql/sql_connect.cc:1148
#16 0x000055fb0e1b038a in thd_prepare_connection (thd=0x7ff1740009b8) at /data/src/10.5/sql/sql_connect.cc:1333
#17 0x000055fb0e1b0995 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55fb11245748, put_in_cache=put_in_cache@entry=true) at /data/src/10.5/sql/sql_connect.cc:1412
#18 0x000055fb0e1b0d03 in handle_one_connection (arg=arg@entry=0x55fb11245748) at /data/src/10.5/sql/sql_connect.cc:1319
#19 0x000055fb0e4c9674 in pfs_spawn_thread (arg=0x55fb112182c8) at /data/src/10.5/storage/perfschema/pfs.cc:2201
#20 0x00007ff18b7254a4 in start_thread (arg=0x7ff184337700) at pthread_create.c:456
#21 0x00007ff189859d0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97

10.4 RelWithDebInfo 81f70001
* Error in `/data/bld/10.4-rel-nightly/bin/mysqld': munmap_chunk(): invalid pointer: 0x00007f2e4c0752d8 *
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x70bfb)[0x7f2e6494bbfb]
/lib/x86_64-linux-gnu/libc.so.6(+0x76fc6)[0x7f2e64951fc6]
/data/bld/10.4-rel-nightly/bin/mysqld(free_root+0xd5)[0x5611229d4225]
/data/bld/10.4-rel-nightly/bin/mysqld(_Z16dispatch_command19enum_server_commandP3THDPcjbb+0x6b4)[0x561122322844]
/data/bld/10.4-rel-nightly/bin/mysqld(_Z10do_commandP3THD+0x119)[0x561122324bc9]
/data/bld/10.4-rel-nightly/bin/mysqld(_Z24do_handle_one_connectionP7CONNECT+0x224)[0x5611223f4864]
/data/bld/10.4-rel-nightly/bin/mysqld(handle_one_connection+0x34)[0x5611223f4914]
/data/bld/10.4-rel-nightly/bin/mysqld(+0xcd0824)[0x56112299e824]
/lib/x86_64-linux-gnu/libpthread.so.0(+0x74a4)[0x7f2e6688f4a4]
/lib/x86_64-linux-gnu/libc.so.6(clone+0x3f)[0x7f2e649c3d0f]
======= Memory map: ========
561121cce000-561123056000 r-xp 00000000 08:01 38836587 /data/bld/10.4-rel-nightly/bin/mysqld
561123255000-561123370000 r--p 01387000 08:01 38836587 /data/bld/10.4-rel-nightly/bin/mysqld
561123370000-56112342a000 rw-p 014a2000 08:01 38836587 /data/bld/10.4-rel-nightly/bin/mysqld
56112342a000-561123cc6000 rw-p 00000000 00:00 0
561125195000-561125487000 rw-p 00000000 00:00 0 [heap]
7f2e48000000-7f2e48021000 rw-p 00000000 00:00 0
7f2e48021000-7f2e4c000000 ---p 00000000 00:00 0
7f2e4c000000-7f2e4c18d000 rw-p 00000000 00:00 0
7f2e4c18d000-7f2e50000000 ---p 00000000 00:00 0
7f2e50000000-7f2e50021000 rw-p 00000000 00:00 0
7f2e50021000-7f2e54000000 ---p 00000000 00:00 0
7f2e54000000-7f2e54021000 rw-p 00000000 00:00 0
7f2e54021000-7f2e58000000 ---p 00000000 00:00 0
7f2e58000000-7f2e58021000 rw-p 00000000 00:00 0
7f2e58021000-7f2e5c000000 ---p 00000000 00:00 0
7f2e5ea65000-7f2e5ea66000 ---p 00000000 00:00 0
7f2e5ea66000-7f2e5eab0000 rw-p 00000000 00:00 0
7f2e5eab0000-7f2e5eab1000 ---p 00000000 00:00 0
7f2e5eab1000-7f2e5eafb000 rw-p 00000000 00:00 0
7f2e5eafb000-7f2e5eafc000 ---p 00000000 00:00 0
7f2e5eafc000-7f2e5eb46000 rw-p 00000000 00:00 0
7f2e5eb46000-7f2e5eb47000 ---p 00000000 00:00 0
7f2e5eb47000-7f2e5feb2000 rw-p 00000000 00:00 0
7f2e5feb2000-7f2e5feb3000 ---p 00000000 00:00 0
7f2e5feb3000-7f2e648db000 rw-p 00000000 00:00 0
7f2e648db000-7f2e64a70000 r-xp 00000000 103:01 42470447 /lib/x86_64-linux-gnu/libc-2.24.so
7f2e64a70000-7f2e64c70000 ---p 00195000 103:01 42470447 /lib/x86_64-linux-gnu/libc-2.24.so
7f2e64c70000-7f2e64c74000 r--p 00195000 103:01 42470447 /lib/x86_64-linux-gnu/libc-2.24.so
7f2e64c74000-7f2e64c76000 rw-p 00199000 103:01 42470447 /lib/x86_64-linux-gnu/libc-2.24.so
7f2e64c76000-7f2e64c7a000 rw-p 00000000 00:00 0
7f2e64c7a000-7f2e64c90000 r-xp 00000000 103:01 42467332 /lib/x86_64-linux-gnu/libgcc_s.so.1
7f2e64c90000-7f2e64e8f000 ---p 00016000 103:01 42467332 /lib/x86_64-linux-gnu/libgcc_s.so.1
7f2e64e8f000-7f2e64e90000 r--p 00015000 103:01 42467332 /lib/x86_64-linux-gnu/libgcc_s.so.1
7f2e64e90000-7f2e64e91000 rw-p 00016000 103:01 42467332 /lib/x86_64-linux-gnu/libgcc_s.so.1
7f2e64e91000-7f2e64f94000 r-xp 00000000 103:01 42470451 /lib/x86_64-linux-gnu/libm-2.24.so
7f2e64f94000-7f2e65193000 ---p 00103000 103:01 42470451 /lib/x86_64-linux-gnu/libm-2.24.so
7f2e65193000-7f2e65194000 r--p 00102000 103:01 42470451 /lib/x86_64-linux-gnu/libm-2.24.so
7f2e65194000-7f2e65195000 rw-p 00103000 103:01 42470451 /lib/x86_64-linux-gnu/libm-2.24.so
7f2e65195000-7f2e65307000 r-xp 00000000 103:01 11539684 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.22
7f2e65307000-7f2e65507000 ---p 00172000 103:01 11539684 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.22
7f2e65507000-7f2e65511000 r--p 00172000 103:01 11539684 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.22
7f2e65511000-7f2e65513000 rw-p 0017c000 103:01 11539684 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.22
7f2e65513000-7f2e65517000 rw-p 00000000 00:00 0
7f2e65517000-7f2e6551a000 r-xp 00000000 103:01 42470450 /lib/x86_64-linux-gnu/libdl-2.24.so
7f2e6551a000-7f2e65719000 ---p 00003000 103:01 42470450 /lib/x86_64-linux-gnu/libdl-2.24.so
7f2e65719000-7f2e6571a000 r--p 00002000 103:01 42470450 /lib/x86_64-linux-gnu/libdl-2.24.so
7f2e6571a000-7f2e6571b000 rw-p 00003000 103:01 42470450 /lib/x86_64-linux-gnu/libdl-2.24.so
7f2e6571b000-7f2e65987000 r-xp 00000000 103:01 11544800 /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
7f2e65987000-7f2e65b86000 ---p 0026c000 103:01 11544800 /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
7f2e65b86000-7f2e65ba4000 r--p 0026b000 103:01 11544800 /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
7f2e65ba4000-7f2e65bb2000 rw-p 00289000 103:01 11544800 /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
7f2e65bb2000-7f2e65bb5000 rw-p 00000000 00:00 0
7f2e65bb5000-7f2e65c18000 r-xp 00000000 103:01 11544804 /usr/lib/x86_64-linux-gnu/libssl.so.1.1
7f2e65c18000-7f2e65e17000 ---p 00063000 103:01 11544804 /usr/lib/x86_64-linux-gnu/libssl.so.1.1
7f2e65e17000-7f2e65e1b000 r--p 00062000 103:01 11544804 /usr/lib/x86_64-linux-gnu/libssl.so.1.1
7f2e65e1b000-7f2e65e21000 rw-p 00066000 103:01 11544804 /usr/lib/x86_64-linux-gnu/libssl.so.1.1
7f2e65e21000-7f2e65e29000 r-xp 00000000 103:01 42470449 /lib/x86_64-linux-gnu/libcrypt-2.24.so
7f2e65e29000-7f2e66029000 ---p 00008000 103:01 42470449 /lib/x86_64-linux-gnu/libcrypt-2.24.so
7f2e66029000-7f2e6602a000 r--p 00008000 103:01 42470449 /lib/x86_64-linux-gnu/libcrypt-2.24.so
7f2e6602a000-7f2e6602b000 rw-p 00009000 103:01 42470449 /lib/x86_64-linux-gnu/libcrypt-2.24.so
7f2e6602b000-7f2e66059000 rw-p 00000000 00:00 0
7f2e66059000-7f2e66072000 r-xp 00000000 103:01 42467418 /lib/x86_64-linux-gnu/libz.so.1.2.8
7f2e66072000-7f2e66271000 ---p 00019000 103:01 42467418 /lib/x86_64-linux-gnu/libz.so.1.2.8
7f2e66271000-7f2e66272000 r--p 00018000 103:01 42467418 /lib/x86_64-linux-gnu/libz.so.1.2.8
7f2e66272000-7f2e66273000 rw-p 00019000 103:01 42467418 /lib/x86_64-linux-gnu/libz.so.1.2.8
7f2e66273000-7f2e6627d000 r-xp 00000000 103:01 11544600 /usr/lib/x86_64-linux-gnu/libnuma.so.1.0.0
7f2e6627d000-7f2e6647c000 ---p 0000a000 103:01 11544600 /usr/lib/x86_64-linux-gnu/libnuma.so.1.0.0
7f2e6647c000-7f2e6647d000 r--p 00009000 103:01 11544600 /usr/lib/x86_64-linux-gnu/libnuma.so.1.0.0
7f2e6647d000-7f2e6647e000 rw-p 0000a000 103:01 11544600 /usr/lib/x86_64-linux-gnu/libnuma.so.1.0.0
7f2e6647e000-7f2e6647f000 r-xp 00000000 103:01 42468160 /lib/x86_64-linux-gnu/libaio.so.1.0.1
7f2e6647f000-7f2e6667e000 ---p 00001000 103:01 42468160 /lib/x86_64-linux-gnu/libaio.so.1.0.1
7f2e6667e000-7f2e6667f000 r--p 00000000 103:01 42468160 /lib/x86_64-linux-gnu/libaio.so.1.0.1
7f2e6667f000-7f2e66680000 rw-p 00000000 00:00 0
7f2e66680000-7f2e66687000 r-xp 00000000 103:01 11544581 /usr/lib/x86_64-linux-gnu/libsnappy.so.1.3.0
7f2e66687000-7f2e66886000 ---p 00007000 103:01 11544581 /usr/lib/x86_64-linux-gnu/libsnappy.so.1.3.0
7f2e66886000-7f2e66887000 r--p 00006000 103:01 11544581 /usr/lib/x86_64-linux-gnu/libsnappy.so.1.3.0
7f2e66887000-7f2e66888000 rw-p 00007000 103:01 11544581 /usr/lib/x86_64-linux-gnu/libsnappy.so.1.3.0
7f2e66888000-7f2e668a0000 r-xp 00000000 103:01 42470462 /lib/x86_64-linux-gnu/libpthread-2.24.so
7f2e668a0000-7f2e66a9f000 ---p 00018000 103:01 42470462 /lib/x86_64-linux-gnu/libpthread-2.24.so
7f2e66a9f000-7f2e66aa0000 r--p 00017000 103:01 42470462 /lib/x86_64-linux-gnu/libpthread-2.24.so
7f2e66aa0000-7f2e66aa1000 rw-p 00018000 103:01 42470462 /lib/x86_64-linux-gnu/libpthread-2.24.so
7f2e66aa1000-7f2e66aa5000 rw-p 00000000 00:00 0
7f2e66aa5000-7f2e66ac8000 r-xp 00000000 103:01 42470443 /lib/x86_64-linux-gnu/ld-2.24.so
7f2e66adb000-7f2e66cae000 rw-p 00000000 00:00 0
7f2e66cc7000-7f2e66cc8000 rw-p 00000000 00:00 0
7f2e66cc8000-7f2e66cc9000 r--p 00023000 103:01 42470443 /lib/x86_64-linux-gnu/ld-2.24.so
7f2e66cc9000-7f2e66cca000 rw-p 00024000 103:01 42470443 /lib/x86_64-linux-gnu/ld-2.24.so
7f2e66cca000-7f2e66ccb000 rw-p 00000000 00:00 0
7ffcda8d1000-7ffcda8f4000 rw-p 00000000 00:00 0 [stack]
7ffcda9c6000-7ffcda9c8000 r--p 00000000 00:00 0 [vvar]
7ffcda9c8000-7ffcda9ca000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]

10.5 RelWithDebInfo ASAN faab0d31
==27877==ERROR: AddressSanitizer: heap-use-after-free on address 0x625000144248 at pc 0x5561d3938927 bp 0x7f73fa55c5c0 sp 0x7f73fa55c5b8
WRITE of size 8 at 0x625000144248 thread T5
#0 0x5561d3938926 in lex_end_stage1(LEX*) /data/src/10.5-bug/sql/sql_lex.cc:1349
#1 0x5561d3938e68 in lex_end(LEX*) /data/src/10.5-bug/sql/sql_lex.cc:1319
#2 0x5561d38cb117 in THD::end_statement() /data/src/10.5-bug/sql/sql_class.cc:3832
#3 0x5561d39bfbdf in mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool) /data/src/10.5-bug/sql/sql_parse.cc:7948
#4 0x5561d39a3230 in dispatch_command(enum_server_command, THD, char, unsigned int, bool, bool) /data/src/10.5-bug/sql/sql_parse.cc:1840
#5 0x5561d399fb3b in do_command(THD*) /data/src/10.5-bug/sql/sql_parse.cc:1359
#6 0x5561d3c4ab97 in do_handle_one_connection(CONNECT*, bool) /data/src/10.5-bug/sql/sql_connect.cc:1422
#7 0x5561d3c4b306 in handle_one_connection /data/src/10.5-bug/sql/sql_connect.cc:1319
#8 0x5561d454c693 in pfs_spawn_thread /data/src/10.5-bug/storage/perfschema/pfs.cc:2201
#9 0x7f74049f44a3 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x74a3)
#10 0x7f7402b28d0e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe8d0e)

0x625000144248 is located 6472 bytes inside of 8176-byte region [0x625000142900,0x6250001448f0)
freed by thread T5 here:
#0 0x7f7404ccba10 in free (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1a10)
#1 0x5561d4e3da73 in free_root /data/src/10.5-bug/mysys/my_alloc.c:416
#2 0x1f (<unknown module>)

previously allocated by thread T5 here:
#0 0x7f7404ccbd28 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1d28)
#1 0x5561d4e4f523 in my_malloc /data/src/10.5-bug/mysys/my_malloc.c:88

Thread T5 created by T0 here:
#0 0x7f7404c3af59 in __interceptor_pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x30f59)
#1 0x5561d454c90a in my_thread_create /data/src/10.5-bug/storage/perfschema/my_thread.h:34
#2 0x5561d454c90a in pfs_spawn_thread_v1 /data/src/10.5-bug/storage/perfschema/pfs.cc:2252

SUMMARY: AddressSanitizer: heap-use-after-free /data/src/10.5-bug/sql/sql_lex.cc:1349 in lex_end_stage1(LEX*)
Shadow bytes around the buggy address:
0x0c4a800207f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a80020800: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a80020810: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a80020820: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a80020830: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x0c4a80020840: fd fd fd fd fd fd fd fd fd[fd]fd fd fd fd fd fd
0x0c4a80020850: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a80020860: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a80020870: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a80020880: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c4a80020890: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==27877==ABORTING
200323 18:57:09 [ERROR] mysqld got signal 6 ;
This could be because you hit a bug. It is also possible that this binary
or one of the libraries it was linked against is corrupt, improperly built,
or misconfigured. This error can also be caused by malfunctioning hardware.

To report this bug, see https://mariadb.com/kb/en/reporting-bugs

We will try our best to scrape up some info that will hopefully help
diagnose the problem, but since we have already crashed,
something is definitely wrong and this may fail.

Server version: 10.5.2-MariaDB-log
key_buffer_size=1048576
read_buffer_size=131072
max_used_connections=1
max_threads=153
thread_count=2
It is possible that mysqld could use up to
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 63593 K bytes of memory
Hope that's ok; if not, decrease some variables in the equation.

Thread pointer: 0x62b000062218
Attempting backtrace. You can use the following information to find out
where mysqld died. If you see no messages after this, something went
terribly wrong...
stack_bottom = 0x7f73fa55d980 thread_stack 0x5fc00
??:0(backtrace)[0x7f7404c57681]
/data/src/10.5-bug/sql/mysqld(my_print_stacktrace+0xb6)[0x5561d4e57986]
/data/src/10.5-bug/sql/mysqld(handle_fatal_signal+0x7e6)[0x5561d3ee6b66]
??:0(__restore_rt)[0x7f74049fe0e0]
/lib/x86_64-linux-gnu/libc.so.6(gsignal+0xcf)[0x7f7402a72fff]
linux/raise.c:51(__GI_raise)[0x7f7402a7442a]
??:0(__sanitizer_cov_trace_switch)[0x7f7404ce5329]
??:0(__asan_print_accumulated_stats)[0x7f7404cda9ab]
??:0(__asan_unpoison_intra_object_redzone)[0x7f7404cd4b57]
??:0(__asan_report_store8)[0x7f7404cd566b]
/data/src/10.5-bug/sql/mysqld(_Z14lex_end_stage1P3LEX+0x117)[0x5561d3938927]
/data/src/10.5-bug/sql/mysqld(_Z7lex_endP3LEX+0x9)[0x5561d3938e69]
/data/src/10.5-bug/sql/mysqld(_ZN3THD13end_statementEv+0x28)[0x5561d38cb118]
sql/sql_lex.cc:1332(lex_end_stage1(LEX*))[0x5561d39bfbe0]
sql/sql_lex.cc:1320(lex_end(LEX*))[0x5561d39a3231]
sql/sql_class.cc:3833(THD::end_statement())[0x5561d399fb3c]
sql/sql_parse.cc:7949(mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool))[0x5561d3c4ab98]
sql/sql_parse.cc:1842(dispatch_command(enum_server_command, THD, char, unsigned int, bool, bool))[0x5561d3c4b307]
sql/sql_parse.cc:1359(do_command(THD*))[0x5561d454c694]
nptl/pthread_create.c:456(start_thread)[0x7f74049f44a4]
/lib/x86_64-linux-gnu/libc.so.6(clone+0x3f)[0x7f7402b28d0f]

Trying to get some variables.
Some pointers may be invalid and cause the dump to abort.
Query (0x62b00005b3d0): BEGIN NOT ATOMIC CREATE SEQUENCE s RESTART WITH 1 ; END
Connection ID (thread ID): 4
Status: NOT_KILLED

Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,engine_condition_pushdown=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on,not_null_range_scan=off

The manual page at http://dev.mysql.com/doc/mysql/en/crashing.html contains
information that should help you find out what is causing the crash.
Writing a core file...
Working directory at /dev/shm/var_t/mysqld.1/data
Resource Limits:
Limit Soft Limit Hard Limit Units
Max cpu time unlimited unlimited seconds
Max file size unlimited unlimited bytes
Max data size unlimited unlimited bytes
Max stack size 8388608 unlimited bytes
Max core file size 0 0 bytes
Max resident set unlimited unlimited bytes
Max processes 128123 128123 processes
Max open files 1024 1024 files
Max locked memory 65536 65536 bytes
Max address space unlimited unlimited bytes
Max file locks unlimited unlimited locks
Max pending signals 128123 128123 signals
Max msgqueue size 819200 819200 bytes
Max nice priority 0 0
Max realtime priority 0 0
Max realtime timeout unlimited unlimited us
Core pattern: core

----------SERVER LOG END-------------

10.3 debug fd5c36be
mysqld: /data/src/10.3/sql/sp_head.cc:837: virtual sp_head::~sp_head(): Assertion `m_thd == __null' failed.
200323 18:57:41 [ERROR] mysqld got signal 6 ;

#7 0x00007f1b696c3f12 in __GI___assert_fail (assertion=0x561a5b23807a "m_thd == __null", file=0x561a5b237f1c "/data/src/10.3/sql/sp_head.cc", line=837, function=0x561a5b239210 <sp_head::~sp_head()::__PRETTY_FUNCTION__> "virtual sp_head::~sp_head()") at assert.c:101
#8 0x0000561a5a5147da in sp_head::~sp_head (this=0x7f1b48009d88, __in_chrg=<optimized out>) at /data/src/10.3/sql/sp_head.cc:837
#9 0x0000561a5a5149ea in sp_head::~sp_head (this=0x7f1b48009d88, __in_chrg=<optimized out>) at /data/src/10.3/sql/sp_head.cc:866
#10 0x0000561a5a512ecd in sp_head::destroy (sp=0x7f1b48009d88) at /data/src/10.3/sql/sp_head.cc:498
#11 0x0000561a5a5c8ddc in lex_end_stage1 (lex=0x7f1b48093178) at /data/src/10.3/sql/sql_lex.cc:797
#12 0x0000561a5a5c8c68 in lex_end (lex=0x7f1b48093178) at /data/src/10.3/sql/sql_lex.cc:768
#13 0x0000561a5a594798 in THD::end_statement (this=0x7f1b48000af0) at /data/src/10.3/sql/sql_class.cc:3795
#14 0x0000561a5a607231 in mysql_parse (thd=0x7f1b48000af0, rawbuf=0x7f1b48012960 "BEGIN NOT ATOMIC CREATE SEQUENCE s RESTART WITH 1 ; END", length=55, parser_state=0x7f1b640c35e0, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:7839
#15 0x0000561a5a5f3c07 in dispatch_command (command=COM_QUERY, thd=0x7f1b48000af0, packet=0x7f1b48123291 "BEGIN NOT ATOMIC CREATE SEQUENCE s RESTART WITH 1 ; END ", packet_length=56, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:1856
#16 0x0000561a5a5f254f in do_command (thd=0x7f1b48000af0) at /data/src/10.3/sql/sql_parse.cc:1401
#17 0x0000561a5a76a0c8 in do_handle_one_connection (connect=0x561a5d472e20) at /data/src/10.3/sql/sql_connect.cc:1403
#18 0x0000561a5a769e2a in handle_one_connection (arg=0x561a5d472e20) at /data/src/10.3/sql/sql_connect.cc:1308
#19 0x0000561a5b11a368 in pfs_spawn_thread (arg=0x561a5d3b9f40) at /data/src/10.3/storage/perfschema/pfs.cc:1869
#20 0x00007f1b6b64c4a4 in start_thread (arg=0x7f1b640c4700) at pthread_create.c:456
#21 0x00007f1b69780d0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97

Reproducible on 10.3-10.5, debug, non-debug and ASAN builds are affected in a different way, examples above.
The test case is not applicable to 10.2.

Attachments

Issue Links

relates to

MDEV-21173 Assertion `m_thd == __null' failed in sp_head::~sp_head

Closed

Activity

People

Assignee:: Oleksandr Byelkin

Reporter:: Elena Stepanova

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2020-03-23 16:59

Updated:: 2023-07-28 17:07

Resolved:: 2023-07-28 17:07

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.