Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-24757

Potential null pointer dereference in I_S.thread_pool_queues

Details

    Description

      null pointer access is possible when a new connection is being added to the pool (THD is not created yet), and SELECT * from information_schema.thread_pool_queues runs in parallel.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-26440 Missing connection id value in I_S.thread_pool_queues

          • Major - Major loss of function.
          • Closed

          Activity

            elenst Elena Stepanova added a comment -

            Corresponding stack trace from concurrent tests:

            10.5 927a8823

            		 
            #10 <signal handler called>
            		 
            #11 0x00000000028e9f53 in queues_fill_table (thd=0x62b0000a8288, tables=0x62b0000eeae8) at /home/vsts/src/sql/thread_pool_info.cc:133
            		 
            #12 0x0000000000c73cee in get_schema_tables_result (join=0x62b0000f0280, executed_place=PROCESSED_BY_JOIN_EXEC) at /home/vsts/src/sql/sql_show.cc:8693
            		 
            #13 0x0000000000b44897 in JOIN::exec_inner (this=0x62b0000f0280) at /home/vsts/src/sql/sql_select.cc:4423
            		 
            #14 0x0000000000b42742 in JOIN::exec (this=0x62b0000f0280) at /home/vsts/src/sql/sql_select.cc:4246
            		 
            #15 0x0000000000b46688 in mysql_select (thd=0x62b0000a8288, tables=0x62b0000eeae8, fields=..., conds=0x0, og_num=2, order=0x62b0000efbb0, group=0x0, having=0x0, proc_param=0x0, select_options=2685143552, result=0x62b0000f0250, unit=0x62b0000ac428, select_lex=0x62b0000ee438) at /home/vsts/src/sql/sql_select.cc:4662
            		 
            #16 0x0000000000b183f5 in handle_select (thd=0x62b0000a8288, lex=0x62b0000ac360, result=0x62b0000f0250, setup_tables_done_option=0) at /home/vsts/src/sql/sql_select.cc:417
            		 
            #17 0x0000000000a83088 in execute_sqlcom_select (thd=0x62b0000a8288, all_tables=0x62b0000eeae8) at /home/vsts/src/sql/sql_parse.cc:6281
            		 
            #18 0x0000000000a71f2f in mysql_execute_command (thd=0x62b0000a8288) at /home/vsts/src/sql/sql_parse.cc:3977
            		 
            #19 0x0000000000a8e12f in mysql_parse (thd=0x62b0000a8288, rawbuf=0x62b0000ee2a8 "SELECT /* QNO 3060 CON_ID 11 */ * FROM INFORMATION_SCHEMA.`THREAD_POOL_QUEUES` AS table1 ORDER BY table1.`GROUP_ID`, table1.`PRIORITY` LIMIT 247", length=144, parser_state=0x7f215a4fb760, is_com_multi=false, is_next_command=false) at /home/vsts/src/sql/sql_parse.cc:8062
            		 
            #20 0x0000000000a645f7 in dispatch_command (command=COM_QUERY, thd=0x62b0000a8288, packet=0x6290027ab289 "SELECT /* QNO 3060 CON_ID 11 */ * FROM INFORMATION_SCHEMA.`THREAD_POOL_QUEUES` AS table1 ORDER BY table1.`GROUP_ID`, table1.`PRIORITY` LIMIT 247", packet_length=144, is_com_multi=false, is_next_command=false) at /home/vsts/src/sql/sql_parse.cc:1889
            		 
            #21 0x0000000000a60e6b in do_command (thd=0x62b0000a8288) at /home/vsts/src/sql/sql_parse.cc:1370
            		 
            #22 0x00000000010c3fe1 in threadpool_process_request (thd=0x62b0000a8288) at /home/vsts/src/sql/threadpool_common.cc:363
            		 
            #23 0x00000000010c35f4 in tp_callback (c=0x608000000e20) at /home/vsts/src/sql/threadpool_common.cc:194
            		 
            #24 0x00000000017cd6e4 in worker_main (param=0x630000040648) at /home/vsts/src/sql/threadpool_generic.cc:1562
            		 
            #25 0x0000000001abb3b7 in pfs_spawn_thread (arg=0x6160091b8508) at /home/vsts/src/storage/perfschema/pfs.cc:2201
            		 
            #26 0x00007f21877736ba in start_thread (arg=0x7f215a4fd300) at pthread_create.c:333
            		 
            #27 0x00007f21869a14dd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

            elenst Elena Stepanova added a comment - Corresponding stack trace from concurrent tests: 10.5 927a8823 #10 <signal handler called> #11 0x00000000028e9f53 in queues_fill_table (thd=0x62b0000a8288, tables=0x62b0000eeae8) at /home/vsts/src/sql/thread_pool_info.cc:133 #12 0x0000000000c73cee in get_schema_tables_result (join=0x62b0000f0280, executed_place=PROCESSED_BY_JOIN_EXEC) at /home/vsts/src/sql/sql_show.cc:8693 #13 0x0000000000b44897 in JOIN::exec_inner (this=0x62b0000f0280) at /home/vsts/src/sql/sql_select.cc:4423 #14 0x0000000000b42742 in JOIN::exec (this=0x62b0000f0280) at /home/vsts/src/sql/sql_select.cc:4246 #15 0x0000000000b46688 in mysql_select (thd=0x62b0000a8288, tables=0x62b0000eeae8, fields=..., conds=0x0, og_num=2, order=0x62b0000efbb0, group=0x0, having=0x0, proc_param=0x0, select_options=2685143552, result=0x62b0000f0250, unit=0x62b0000ac428, select_lex=0x62b0000ee438) at /home/vsts/src/sql/sql_select.cc:4662 #16 0x0000000000b183f5 in handle_select (thd=0x62b0000a8288, lex=0x62b0000ac360, result=0x62b0000f0250, setup_tables_done_option=0) at /home/vsts/src/sql/sql_select.cc:417 #17 0x0000000000a83088 in execute_sqlcom_select (thd=0x62b0000a8288, all_tables=0x62b0000eeae8) at /home/vsts/src/sql/sql_parse.cc:6281 #18 0x0000000000a71f2f in mysql_execute_command (thd=0x62b0000a8288) at /home/vsts/src/sql/sql_parse.cc:3977 #19 0x0000000000a8e12f in mysql_parse (thd=0x62b0000a8288, rawbuf=0x62b0000ee2a8 "SELECT /* QNO 3060 CON_ID 11 */ * FROM INFORMATION_SCHEMA.`THREAD_POOL_QUEUES` AS table1 ORDER BY table1.`GROUP_ID`, table1.`PRIORITY` LIMIT 247", length=144, parser_state=0x7f215a4fb760, is_com_multi=false, is_next_command=false) at /home/vsts/src/sql/sql_parse.cc:8062 #20 0x0000000000a645f7 in dispatch_command (command=COM_QUERY, thd=0x62b0000a8288, packet=0x6290027ab289 "SELECT /* QNO 3060 CON_ID 11 */ * FROM INFORMATION_SCHEMA.`THREAD_POOL_QUEUES` AS table1 ORDER BY table1.`GROUP_ID`, table1.`PRIORITY` LIMIT 247", packet_length=144, is_com_multi=false, is_next_command=false) at /home/vsts/src/sql/sql_parse.cc:1889 #21 0x0000000000a60e6b in do_command (thd=0x62b0000a8288) at /home/vsts/src/sql/sql_parse.cc:1370 #22 0x00000000010c3fe1 in threadpool_process_request (thd=0x62b0000a8288) at /home/vsts/src/sql/threadpool_common.cc:363 #23 0x00000000010c35f4 in tp_callback (c=0x608000000e20) at /home/vsts/src/sql/threadpool_common.cc:194 #24 0x00000000017cd6e4 in worker_main (param=0x630000040648) at /home/vsts/src/sql/threadpool_generic.cc:1562 #25 0x0000000001abb3b7 in pfs_spawn_thread (arg=0x6160091b8508) at /home/vsts/src/storage/perfschema/pfs.cc:2201 #26 0x00007f21877736ba in start_thread (arg=0x7f215a4fd300) at pthread_create.c:333 #27 0x00007f21869a14dd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

            People

              wlad Vladislav Vaintroub
              wlad Vladislav Vaintroub
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.