Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-24349

ASAN use-after-poison in require_quotes or Item::print_item_w_name or Assertion `name.length == strlen(name.str)' failed

    XMLWordPrintable

Details

    • Bug
    • Status: Confirmed (View Workflow)
    • Major
    • Resolution: Unresolved
    • 10.4(EOL), 10.5, 10.6, 10.7(EOL), 10.8(EOL), 10.9(EOL), 10.10(EOL), 10.11, 11.0(EOL), 11.1(EOL), 11.2, 11.3(EOL), 11.4
    • 10.5, 10.6, 10.11, 11.2, 11.4
    • Optimizer

    Description

      Note: There is MDEV-22380 about the assertion failure mentioned below, but the situation seems to be different here. First, the failures described here started happening recently (see details below); and secondly, the test cases from MDEV-22380 don't seem to cause ASAN errors, while the one in this report does.

      CREATE TABLE t (f INT);
      		 
      INSERT INTO t VALUES (1),(2);
      		 
      CREATE VIEW v1 AS SELECT * FROM t WHERE f IS NULL;
      		 
      CREATE VIEW v2 AS SELECT * FROM v1 UNION SELECT * FROM t;
      		 
      PREPARE stmt FROM "SELECT * FROM v2 WHERE f <= 1 OR f > 9";
      		 
      SET optimizer_trace= 'enabled=on';
      		 
      EXECUTE stmt;
      		 
      EXECUTE stmt;
      		 
       
      		 
      # Cleanup
      		 
      DROP VIEW v2;
      		 
      DROP VIEW v1;
      		 
      DROP TABLE t;

      10.4 a50cb486 non-debug ASAN

      		 
      ==2312009==ERROR: AddressSanitizer: use-after-poison on address 0x62b000063a00 at pc 0x5644bc7b5a99 bp 0x7f9d25e52280 sp 0x7f9d25e52270
      		 
      READ of size 1 at 0x62b000063a00 thread T5
      		 
          #0 0x5644bc7b5a98 in require_quotes /data/src/10.4/sql/sql_show.cc:1616
      		 
          #1 0x5644bc7b5a98 in get_quote_char_for_identifier(THD*, char const*, unsigned long) /data/src/10.4/sql/sql_show.cc:1726
      		 
          #2 0x5644bc7b5b74 in append_identifier(THD*, String*, char const*, unsigned long) /data/src/10.4/sql/sql_show.cc:1647
      		 
          #3 0x5644bc776114 in st_select_lex::print(THD*, String*, enum_query_type) /data/src/10.4/sql/sql_select.cc:27501
      		 
          #4 0x5644bcb740d1 in opt_trace_print_expanded_query(THD*, st_select_lex*, Json_writer_object*) /data/src/10.4/sql/opt_trace.cc:115
      		 
          #5 0x5644bc7555d4 in JOIN::prepare(TABLE_LIST*, unsigned int, Item*, unsigned int, st_order*, bool, st_order*, Item*, st_order*, st_select_lex*, st_select_lex_unit*) /data/src/10.4/sql/sql_select.cc:1495
      		 
          #6 0x5644bc8a4cfc in st_select_lex_unit::prepare_join(THD*, st_select_lex*, select_result*, unsigned long, bool) /data/src/10.4/sql/sql_union.cc:655
      		 
          #7 0x5644bc8b2af3 in st_select_lex_unit::prepare(TABLE_LIST*, select_result*, unsigned long) /data/src/10.4/sql/sql_union.cc:1082
      		 
          #8 0x5644bc53c98f in mysql_derived_prepare /data/src/10.4/sql/sql_derived.cc:816
      		 
          #9 0x5644bc538eef in mysql_handle_single_derived(LEX*, TABLE_LIST*, unsigned int) /data/src/10.4/sql/sql_derived.cc:206
      		 
          #10 0x5644bc59f155 in LEX::handle_list_of_derived(TABLE_LIST*, unsigned int) /data/src/10.4/sql/sql_lex.h:4339
      		 
          #11 0x5644bc59f155 in st_select_lex::handle_derived(LEX*, unsigned int) /data/src/10.4/sql/sql_lex.cc:4275
      		 
          #12 0x5644bc7513c6 in JOIN::prepare(TABLE_LIST*, unsigned int, Item*, unsigned int, st_order*, bool, st_order*, Item*, st_order*, st_select_lex*, st_select_lex_unit*) /data/src/10.4/sql/sql_select.cc:1152
      		 
          #13 0x5644bc79966f in mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/10.4/sql/sql_select.cc:4662
      		 
          #14 0x5644bc79a554 in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.4/sql/sql_select.cc:410
      		 
          #15 0x5644bc5f9c12 in execute_sqlcom_select /data/src/10.4/sql/sql_parse.cc:6398
      		 
          #16 0x5644bc62a062 in mysql_execute_command(THD*) /data/src/10.4/sql/sql_parse.cc:3925
      		 
          #17 0x5644bc676818 in Prepared_statement::execute(String*, bool) /data/src/10.4/sql/sql_prepare.cc:4970
      		 
          #18 0x5644bc6770d7 in Prepared_statement::execute_loop(String*, bool, unsigned char*, unsigned char*) /data/src/10.4/sql/sql_prepare.cc:4439
      		 
          #19 0x5644bc677dd6 in mysql_sql_stmt_execute(THD*) /data/src/10.4/sql/sql_prepare.cc:3556
      		 
          #20 0x5644bc61db96 in mysql_execute_command(THD*) /data/src/10.4/sql/sql_parse.cc:3941
      		 
          #21 0x5644bc63460f in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.4/sql/sql_parse.cc:7936
      		 
          #22 0x5644bc63d24f in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.4/sql/sql_parse.cc:1839
      		 
          #23 0x5644bc64306a in do_command(THD*) /data/src/10.4/sql/sql_parse.cc:1357
      		 
          #24 0x5644bc9ab0a6 in do_handle_one_connection(CONNECT*) /data/src/10.4/sql/sql_connect.cc:1412
      		 
          #25 0x5644bc9ab62e in handle_one_connection /data/src/10.4/sql/sql_connect.cc:1316
      		 
          #26 0x5644bde12228 in pfs_spawn_thread /data/src/10.4/storage/perfschema/pfs.cc:1869
      		 
          #27 0x7f9d2fcdd608 in start_thread /build/glibc-ZN95T4/glibc-2.31/nptl/pthread_create.c:477
      		 
          #28 0x7f9d2f546292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)
      		 
       
      		 
      0x62b000063a00 is located 6144 bytes inside of 24608-byte region [0x62b000062200,0x62b000068220)
      		 
      allocated by thread T5 here:
      		 
          #0 0x7f9d2fed3bc8 in malloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10dbc8)
      		 
          #1 0x5644bdee34a6 in my_malloc /data/src/10.4/mysys/my_malloc.c:101
      		 
          #2 0x5644bdecec9c in reset_root_defaults /data/src/10.4/mysys/my_alloc.c:152
      		 
          #3 0x5644bc4fe699 in THD::init_for_queries() /data/src/10.4/sql/sql_class.cc:1392
      		 
          #4 0x5644bc9a95b6 in prepare_new_connection_state(THD*) /data/src/10.4/sql/sql_connect.cc:1247
      		 
          #5 0x5644bc9aa097 in thd_prepare_connection(THD*) /data/src/10.4/sql/sql_connect.cc:1331
      		 
          #6 0x5644bc9aa097 in thd_prepare_connection(THD*) /data/src/10.4/sql/sql_connect.cc:1320
      		 
          #7 0x5644bc9ab056 in do_handle_one_connection(CONNECT*) /data/src/10.4/sql/sql_connect.cc:1402
      		 
          #8 0x5644bc9ab62e in handle_one_connection /data/src/10.4/sql/sql_connect.cc:1316
      		 
          #9 0x5644bde12228 in pfs_spawn_thread /data/src/10.4/storage/perfschema/pfs.cc:1869
      		 
          #10 0x7f9d2fcdd608 in start_thread /build/glibc-ZN95T4/glibc-2.31/nptl/pthread_create.c:477
      		 
       
      		 
      Thread T5 created by T0 here:
      		 
          #0 0x7f9d2fe00805 in pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x3a805)
      		 
          #1 0x5644bde19d7e in spawn_thread_v1 /data/src/10.4/storage/perfschema/pfs.cc:1919
      		 
          #2 0x5644bc3968ae in inline_mysql_thread_create /data/src/10.4/include/mysql/psi/mysql_thread.h:1275
      		 
          #3 0x5644bc3968ae in create_thread_to_handle_connection(CONNECT*) /data/src/10.4/sql/mysqld.cc:6259
      		 
          #4 0x5644bc3a2c82 in create_new_thread(CONNECT*) /data/src/10.4/sql/mysqld.cc:6329
      		 
          #5 0x5644bc3a32a2 in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/src/10.4/sql/mysqld.cc:6427
      		 
          #6 0x5644bc3a43bd in handle_connections_sockets() /data/src/10.4/sql/mysqld.cc:6585
      		 
          #7 0x5644bc3a5e2c in mysqld_main(int, char**) /data/src/10.4/sql/mysqld.cc:5917
      		 
          #8 0x7f9d2f44b0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
      		 
       
      		 
      SUMMARY: AddressSanitizer: use-after-poison /data/src/10.4/sql/sql_show.cc:1616 in require_quotes
      		 
      Shadow bytes around the buggy address:
      		 
        0x0c56800046f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      		 
        0x0c5680004700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      		 
        0x0c5680004710: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      		 
        0x0c5680004720: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      		 
        0x0c5680004730: 00 00 00 00 00 00 00 00 00 00 00 00 f7 00 00 f7
      		 
      =>0x0c5680004740:[f7]f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
      		 
        0x0c5680004750: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
      		 
        0x0c5680004760: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
      		 
        0x0c5680004770: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
      		 
        0x0c5680004780: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
      		 
        0x0c5680004790: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
      		 
      Shadow byte legend (one shadow byte represents 8 application bytes):
      		 
        Addressable:           00
      		 
        Partially addressable: 01 02 03 04 05 06 07 
        Heap left redzone:       fa
      		 
        Freed heap region:       fd
      		 
        Stack left redzone:      f1
      		 
        Stack mid redzone:       f2
      		 
        Stack right redzone:     f3
      		 
        Stack after return:      f5
      		 
        Stack use after scope:   f8
      		 
        Global redzone:          f9
      		 
        Global init order:       f6
      		 
        Poisoned by user:        f7
      		 
        Container overflow:      fc
      		 
        Array cookie:            ac
      		 
        Intra object redzone:    bb
      		 
        ASan internal:           fe
      		 
        Left alloca redzone:     ca
      		 
        Right alloca redzone:    cb
      		 
        Shadow gap:              cc
      		 
      ==2312009==ABORTING

      10.4 a50cb486 debug ASAN

      		 
      ==2312133==ERROR: AddressSanitizer: use-after-poison on address 0x62b000063a68 at pc 0x7faac7326a6d bp 0x7faabd198d30 sp 0x7faabd1984d8
      		 
      READ of size 2 at 0x62b000063a68 thread T5
      		 
          #0 0x7faac7326a6c  (/lib/x86_64-linux-gnu/libasan.so.5+0x67a6c)
      		 
          #1 0x5633155cf97f in Item::print_item_w_name(String*, enum_query_type) /data/src/10.4/sql/item.cc:505
      		 
          #2 0x563314f00684 in st_select_lex::print(THD*, String*, enum_query_type) /data/src/10.4/sql/sql_select.cc:27501
      		 
          #3 0x56331534f666 in opt_trace_print_expanded_query(THD*, st_select_lex*, Json_writer_object*) /data/src/10.4/sql/opt_trace.cc:115
      		 
          #4 0x563314e35b1a in JOIN::prepare(TABLE_LIST*, unsigned int, Item*, unsigned int, st_order*, bool, st_order*, Item*, st_order*, st_select_lex*, st_select_lex_unit*) /data/src/10.4/sql/sql_select.cc:1495
      		 
          #5 0x5633150332eb in st_select_lex_unit::prepare_join(THD*, st_select_lex*, select_result*, unsigned long, bool) /data/src/10.4/sql/sql_union.cc:655
      		 
          #6 0x563315037672 in st_select_lex_unit::prepare(TABLE_LIST*, select_result*, unsigned long) /data/src/10.4/sql/sql_union.cc:1082
      		 
          #7 0x563314cb07fc in mysql_derived_prepare /data/src/10.4/sql/sql_derived.cc:816
      		 
          #8 0x563314caca12 in mysql_handle_single_derived(LEX*, TABLE_LIST*, unsigned int) /data/src/10.4/sql/sql_derived.cc:206
      		 
          #9 0x5633150bea04 in TABLE_LIST::handle_derived(LEX*, unsigned int) /data/src/10.4/sql/table.cc:8844
      		 
          #10 0x563314cf4023 in LEX::handle_list_of_derived(TABLE_LIST*, unsigned int) /data/src/10.4/sql/sql_lex.h:4339
      		 
          #11 0x563314d15a40 in st_select_lex::handle_derived(LEX*, unsigned int) /data/src/10.4/sql/sql_lex.cc:4275
      		 
          #12 0x563314e3143d in JOIN::prepare(TABLE_LIST*, unsigned int, Item*, unsigned int, st_order*, bool, st_order*, Item*, st_order*, st_select_lex*, st_select_lex_unit*) /data/src/10.4/sql/sql_select.cc:1152
      		 
          #13 0x563314e57d53 in mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/10.4/sql/sql_select.cc:4662
      		 
          #14 0x563314e2978b in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.4/sql/sql_select.cc:410
      		 
          #15 0x563314d99307 in execute_sqlcom_select /data/src/10.4/sql/sql_parse.cc:6398
      		 
          #16 0x563314d86b5f in mysql_execute_command(THD*) /data/src/10.4/sql/sql_parse.cc:3925
      		 
          #17 0x563314df5cf6 in Prepared_statement::execute(String*, bool) /data/src/10.4/sql/sql_prepare.cc:4970
      		 
          #18 0x563314df11b6 in Prepared_statement::execute_loop(String*, bool, unsigned char*, unsigned char*) /data/src/10.4/sql/sql_prepare.cc:4439
      		 
          #19 0x563314deb199 in mysql_sql_stmt_execute(THD*) /data/src/10.4/sql/sql_prepare.cc:3556
      		 
          #20 0x563314d86ba4 in mysql_execute_command(THD*) /data/src/10.4/sql/sql_parse.cc:3941
      		 
          #21 0x563314da2758 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.4/sql/sql_parse.cc:7936
      		 
          #22 0x563314d79445 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.4/sql/sql_parse.cc:1839
      		 
          #23 0x563314d75ef4 in do_command(THD*) /data/src/10.4/sql/sql_parse.cc:1357
      		 
          #24 0x5633151674ef in do_handle_one_connection(CONNECT*) /data/src/10.4/sql/sql_connect.cc:1412
      		 
          #25 0x563315166d93 in handle_one_connection /data/src/10.4/sql/sql_connect.cc:1316
      		 
          #26 0x56331681cb6c in pfs_spawn_thread /data/src/10.4/storage/perfschema/pfs.cc:1869
      		 
          #27 0x7faac71d6608 in start_thread /build/glibc-ZN95T4/glibc-2.31/nptl/pthread_create.c:477
      		 
          #28 0x7faac6a3f292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)
      		 
       
      		 
      0x62b000063a68 is located 6248 bytes inside of 24716-byte region [0x62b000062200,0x62b00006828c)
      		 
      allocated by thread T5 here:
      		 
          #0 0x7faac73ccbc8 in malloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10dbc8)
      		 
          #1 0x56331696b256 in sf_malloc /data/src/10.4/mysys/safemalloc.c:118
      		 
          #2 0x563316939096 in my_malloc /data/src/10.4/mysys/my_malloc.c:101
      		 
          #3 0x5633169142b3 in reset_root_defaults /data/src/10.4/mysys/my_alloc.c:152
      		 
          #4 0x563314c60425 in THD::init_for_queries() /data/src/10.4/sql/sql_class.cc:1392
      		 
          #5 0x5633151666fd in prepare_new_connection_state(THD*) /data/src/10.4/sql/sql_connect.cc:1247
      		 
          #6 0x563315166ddd in thd_prepare_connection(THD*) /data/src/10.4/sql/sql_connect.cc:1331
      		 
          #7 0x56331516741a in do_handle_one_connection(CONNECT*) /data/src/10.4/sql/sql_connect.cc:1402
      		 
          #8 0x563315166d93 in handle_one_connection /data/src/10.4/sql/sql_connect.cc:1316
      		 
          #9 0x56331681cb6c in pfs_spawn_thread /data/src/10.4/storage/perfschema/pfs.cc:1869
      		 
          #10 0x7faac71d6608 in start_thread /build/glibc-ZN95T4/glibc-2.31/nptl/pthread_create.c:477
      		 
       
      		 
      Thread T5 created by T0 here:
      		 
          #0 0x7faac72f9805 in pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x3a805)
      		 
          #1 0x56331681cf5d in spawn_thread_v1 /data/src/10.4/storage/perfschema/pfs.cc:1919
      		 
          #2 0x563314a7fc78 in inline_mysql_thread_create /data/src/10.4/include/mysql/psi/mysql_thread.h:1275
      		 
          #3 0x563314a9784c in create_thread_to_handle_connection(CONNECT*) /data/src/10.4/sql/mysqld.cc:6259
      		 
          #4 0x563314a97fe7 in create_new_thread(CONNECT*) /data/src/10.4/sql/mysqld.cc:6329
      		 
          #5 0x563314a984cd in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/src/10.4/sql/mysqld.cc:6427
      		 
          #6 0x563314a99366 in handle_connections_sockets() /data/src/10.4/sql/mysqld.cc:6585
      		 
          #7 0x563314a96f51 in mysqld_main(int, char**) /data/src/10.4/sql/mysqld.cc:5917
      		 
          #8 0x563314a7dbec in main /data/src/10.4/sql/main.cc:25
      		 
          #9 0x7faac69440b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
      		 
       
      		 
      SUMMARY: AddressSanitizer: use-after-poison (/lib/x86_64-linux-gnu/libasan.so.5+0x67a6c) 
      Shadow bytes around the buggy address:
      		 
        0x0c56800046f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      		 
        0x0c5680004700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      		 
        0x0c5680004710: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      		 
        0x0c5680004720: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      		 
        0x0c5680004730: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      		 
      =>0x0c5680004740: 00 00 00 00 00 00 00 00 00 f7 00 00 f7[f7]f7 f7
      		 
        0x0c5680004750: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
      		 
        0x0c5680004760: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
      		 
        0x0c5680004770: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
      		 
        0x0c5680004780: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
      		 
        0x0c5680004790: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
      		 
      Shadow byte legend (one shadow byte represents 8 application bytes):
      		 
        Addressable:           00
      		 
        Partially addressable: 01 02 03 04 05 06 07 
        Heap left redzone:       fa
      		 
        Freed heap region:       fd
      		 
        Stack left redzone:      f1
      		 
        Stack mid redzone:       f2
      		 
        Stack right redzone:     f3
      		 
        Stack after return:      f5
      		 
        Stack use after scope:   f8
      		 
        Global redzone:          f9
      		 
        Global init order:       f6
      		 
        Poisoned by user:        f7
      		 
        Container overflow:      fc
      		 
        Array cookie:            ac
      		 
        Intra object redzone:    bb
      		 
        ASan internal:           fe
      		 
        Left alloca redzone:     ca
      		 
        Right alloca redzone:    cb
      		 
        Shadow gap:              cc
      		 
      ==2312133==ABORTING

      10.4 a50cb486 non-ASAN debug

      		 
      mysqld: /data/src/10.4/sql/item.cc:505: void Item::print_item_w_name(String*, enum_query_type): Assertion `name.length == strlen(name.str)' failed.
      		 
      201204 15:48:04 [ERROR] mysqld got signal 6 ;
      		 
       
      		 
      #7  0x00007f39c058ef36 in __GI___assert_fail (assertion=0x5624fc826dc0 "name.length == strlen(name.str)", file=0x5624fc826d04 "/data/src/10.4/sql/item.cc", line=505, function=0x5624fc826de0 "void Item::print_item_w_name(String*, enum_query_type)") at assert.c:101
      		 
      #8  0x00005624fbd0ad57 in Item::print_item_w_name (this=0x7f39a806b730, str=0x7f39ba55aed0, query_type=1037) at /data/src/10.4/sql/item.cc:505
      		 
      #9  0x00005624fba17140 in st_select_lex::print (this=0x7f39a8061870, thd=0x7f39a8000d90, str=0x7f39ba55aed0, query_type=1037) at /data/src/10.4/sql/sql_select.cc:27501
      		 
      #10 0x00005624fbbdfdbd in opt_trace_print_expanded_query (thd=0x7f39a8000d90, select_lex=0x7f39a8061870, writer=0x7f39ba55b470) at /data/src/10.4/sql/opt_trace.cc:115
      		 
      #11 0x00005624fb9cc365 in JOIN::prepare (this=0x7f39a80145e8, tables_init=0x7f39a8061cc8, wild_num=0, conds_init=0x0, og_num=0, order_init=0x0, skip_order_by=true, group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x7f39a8061870, unit_arg=0x7f39a80695d8) at /data/src/10.4/sql/sql_select.cc:1495
      		 
      #12 0x00005624fba8ee5e in st_select_lex_unit::prepare_join (this=0x7f39a80695d8, thd_arg=0x7f39a8000d90, sl=0x7f39a8061870, tmp_result=0x7f39a8013e10, additional_options=0, is_union_select=true) at /data/src/10.4/sql/sql_union.cc:655
      		 
      #13 0x00005624fba90a7c in st_select_lex_unit::prepare (this=0x7f39a80695d8, derived_arg=0x7f39a8067bc0, sel_result=0x7f39a8013d28, additional_options=0) at /data/src/10.4/sql/sql_union.cc:1082
      		 
      #14 0x00005624fb92979a in mysql_derived_prepare (thd=0x7f39a8000d90, lex=0x7f39a8065a10, derived=0x7f39a8067bc0) at /data/src/10.4/sql/sql_derived.cc:816
      		 
      #15 0x00005624fb927dcc in mysql_handle_single_derived (lex=0x7f39a8065a10, derived=0x7f39a8067bc0, phases=2) at /data/src/10.4/sql/sql_derived.cc:206
      		 
      #16 0x00005624fbac4062 in TABLE_LIST::handle_derived (this=0x7f39a8067bc0, lex=0x7f39a8065a10, phases=2) at /data/src/10.4/sql/table.cc:8844
      		 
      #17 0x00005624fb943898 in LEX::handle_list_of_derived (this=0x7f39a8065a10, table_list=0x7f39a8067bc0, phases=2) at /data/src/10.4/sql/sql_lex.h:4339
      		 
      #18 0x00005624fb950184 in st_select_lex::handle_derived (this=0x7f39a8067600, lex=0x7f39a8065a10, phases=2) at /data/src/10.4/sql/sql_lex.cc:4275
      		 
      #19 0x00005624fb9cab6f in JOIN::prepare (this=0x7f39a80137b8, tables_init=0x7f39a8067bc0, wild_num=0, conds_init=0x7f39a8013590, og_num=0, order_init=0x0, skip_order_by=false, group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x7f39a8067600, unit_arg=0x7f39a8065ad0) at /data/src/10.4/sql/sql_select.cc:1152
      		 
      #20 0x00005624fb9d7ead in mysql_select (thd=0x7f39a8000d90, tables=0x7f39a8067bc0, wild_num=0, fields=..., conds=0x7f39a8013590, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2416184064, result=0x7f39a8069390, unit=0x7f39a8065ad0, select_lex=0x7f39a8067600) at /data/src/10.4/sql/sql_select.cc:4662
      		 
      #21 0x00005624fb9c7a0d in handle_select (thd=0x7f39a8000d90, lex=0x7f39a8065a10, result=0x7f39a8069390, setup_tables_done_option=0) at /data/src/10.4/sql/sql_select.cc:410
      		 
      #22 0x00005624fb98cb46 in execute_sqlcom_select (thd=0x7f39a8000d90, all_tables=0x7f39a8067bc0) at /data/src/10.4/sql/sql_parse.cc:6398
      		 
      #23 0x00005624fb983113 in mysql_execute_command (thd=0x7f39a8000d90) at /data/src/10.4/sql/sql_parse.cc:3925
      		 
      #24 0x00005624fb9b1a42 in Prepared_statement::execute (this=0x7f39a8064f20, expanded_query=0x7f39ba55db30, open_cursor=false) at /data/src/10.4/sql/sql_prepare.cc:4970
      		 
      #25 0x00005624fb9afd4d in Prepared_statement::execute_loop (this=0x7f39a8064f20, expanded_query=0x7f39ba55db30, open_cursor=false, packet=0x0, packet_end=0x0) at /data/src/10.4/sql/sql_prepare.cc:4439
      		 
      #26 0x00005624fb9ad760 in mysql_sql_stmt_execute (thd=0x7f39a8000d90) at /data/src/10.4/sql/sql_prepare.cc:3556
      		 
      #27 0x00005624fb983158 in mysql_execute_command (thd=0x7f39a8000d90) at /data/src/10.4/sql/sql_parse.cc:3941
      		 
      #28 0x00005624fb990b51 in mysql_parse (thd=0x7f39a8000d90, rawbuf=0x7f39a8013458 "EXECUTE stmt", length=12, parser_state=0x7f39ba55e550, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:7936
      		 
      #29 0x00005624fb97ced5 in dispatch_command (command=COM_QUERY, thd=0x7f39a8000d90, packet=0x7f39a80087b1 "EXECUTE stmt", packet_length=12, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:1839
      		 
      #30 0x00005624fb97b73d in do_command (thd=0x7f39a8000d90) at /data/src/10.4/sql/sql_parse.cc:1357
      		 
      #31 0x00005624fbb0a631 in do_handle_one_connection (connect=0x5624fdf300b0) at /data/src/10.4/sql/sql_connect.cc:1412
      		 
      #32 0x00005624fbb0a37a in handle_one_connection (arg=0x5624fdf300b0) at /data/src/10.4/sql/sql_connect.cc:1316
      		 
      #33 0x00005624fc529e30 in pfs_spawn_thread (arg=0x5624fde7d8e0) at /data/src/10.4/storage/perfschema/pfs.cc:1869
      		 
      #34 0x00007f39c0e0f609 in start_thread (arg=<optimized out>) at pthread_create.c:477
      		 
      #35 0x00007f39c067a293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

      Reproducible on 10.4+ with at least MyISAM and InnoDB.
      The test case is not applicable to earlier versions due to the use of optimizer trace, and I wasn't able to convert the test case below into a non-optimizer-trace variation the same way as MDEV-22380 suggests. However, the failure started happening in 10.4 after the merge below, so it's possible that the root cause is also present in earlier versions.

      commit 589cf8dbf3accf57673d7e2f7a4435f7eaf33565
      		 
      Merge: a3531775b1e e30a05f4540
      		 
      Author: Marko Mäkelä <marko.makela@mariadb.com>
      		 
      Date:   Tue Dec 1 19:51:14 2020 +0200
      		 
       
      		 
          Merge 10.3 into 10.4

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-25399 Assertion `name.length == strlen(name.str)' failed in Item_func_sp::make_send_field

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-22380 Assertion `name.length == strlen(name.str)' failed in Item::print_item_w_name on SELECT w/ optimizer_trace enabled

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            People

              psergei Sergei Petrunia
              elenst Elena Stepanova
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.