Details
-
Bug
-
Status: Open (View Workflow)
-
Minor
-
Resolution: Unresolved
-
10.3, 10.4, 10.5
-
None
Description
Set to minor as the test case is remarkably meaningless, and only old versions are affected. But it still has to be filed, so that regression tests could categorize it as a known issue.
CREATE TABLE t (a SET('','Nevada','Florida')); |
INSERT INTO t VALUES (''); |
SELECT SOUNDEX(GREATEST(BINARY 0, a)) FROM t; |
|
|
# Cleanup
|
DROP TABLE t; |
|
10.3 b3f0acf5 |
==1679878==ERROR: AddressSanitizer: heap-use-after-free on address 0x60300003e268 at pc 0x55b96f601dba bp 0x7f2835d70370 sp 0x7f2835d70368
|
READ of size 1 at 0x60300003e268 thread T5
|
#0 0x55b96f601db9 in my_mb_wc_bin /data/src/10.3/strings/ctype-bin.c:245
|
#1 0x55b96e7eaca9 in Item_func_soundex::val_str(String*) /data/src/10.3/sql/item_strfunc.cc:2579
|
#2 0x55b96e3d02db in Type_handler::Item_send_str(Item*, Protocol*, st_value*) const /data/src/10.3/sql/sql_type.cc:5412
|
#3 0x55b96dd3b665 in Protocol::send_result_set_row(List<Item>*) /data/src/10.3/sql/protocol.cc:1000
|
#4 0x55b96de7a2fb in select_send::send_data(List<Item>&) /data/src/10.3/sql/sql_class.cc:3049
|
#5 0x55b96e072e79 in end_send /data/src/10.3/sql/sql_select.cc:21078
|
#6 0x55b96e0b9d81 in do_select /data/src/10.3/sql/sql_select.cc:19370
|
#7 0x55b96e0b9d81 in JOIN::exec_inner() /data/src/10.3/sql/sql_select.cc:4148
|
#8 0x55b96e0bacc9 in JOIN::exec() /data/src/10.3/sql/sql_select.cc:3942
|
#9 0x55b96e0bb0e4 in mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/10.3/sql/sql_select.cc:4351
|
#10 0x55b96e0bd98f in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.3/sql/sql_select.cc:372
|
#11 0x55b96df4e41f in execute_sqlcom_select /data/src/10.3/sql/sql_parse.cc:6339
|
#12 0x55b96df735a8 in mysql_execute_command(THD*) /data/src/10.3/sql/sql_parse.cc:3870
|
#13 0x55b96df7ba57 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.3/sql/sql_parse.cc:7870
|
#14 0x55b96df80599 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.3/sql/sql_parse.cc:1852
|
#15 0x55b96df8633d in do_command(THD*) /data/src/10.3/sql/sql_parse.cc:1398
|
#16 0x55b96e2a3fe6 in do_handle_one_connection(CONNECT*) /data/src/10.3/sql/sql_connect.cc:1403
|
#17 0x55b96e2a484a in handle_one_connection /data/src/10.3/sql/sql_connect.cc:1308
|
#18 0x55b96f4ea6d4 in pfs_spawn_thread /data/src/10.3/storage/perfschema/pfs.cc:1869
|
#19 0x7f2840796ea6 in start_thread nptl/pthread_create.c:477
|
#20 0x7f28406c6dee in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xfddee)
|
|
|
0x60300003e268 is located 8 bytes inside of 32-byte region [0x60300003e260,0x60300003e280)
|
freed by thread T5 here:
|
#0 0x7f2841038b6f in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:123
|
#1 0x55b96e557bfa in String::free() /data/src/10.3/sql/sql_string.h:369
|
#2 0x55b96e557bfa in String::operator=(String const&) /data/src/10.3/sql/sql_string.h:441
|
#3 0x55b96e557bfa in String::operator=(String const&) /data/src/10.3/sql/sql_string.h:432
|
#4 0x55b96e557bfa in Field_set::val_str(String*, String*) /data/src/10.3/sql/field.cc:9497
|
#5 0x55b96e745f18 in Item_func_min_max::val_str_native(String*) /data/src/10.3/sql/item_func.cc:2816
|
#6 0x55b96e7eaa61 in Item_func_soundex::val_str(String*) /data/src/10.3/sql/item_strfunc.cc:2560
|
#7 0x55b96e3d02db in Type_handler::Item_send_str(Item*, Protocol*, st_value*) const /data/src/10.3/sql/sql_type.cc:5412
|
#8 0x55b96dd3b665 in Protocol::send_result_set_row(List<Item>*) /data/src/10.3/sql/protocol.cc:1000
|
#9 0x55b96de7a2fb in select_send::send_data(List<Item>&) /data/src/10.3/sql/sql_class.cc:3049
|
#10 0x55b96e072e79 in end_send /data/src/10.3/sql/sql_select.cc:21078
|
#11 0x55b96e0b9d81 in do_select /data/src/10.3/sql/sql_select.cc:19370
|
#12 0x55b96e0b9d81 in JOIN::exec_inner() /data/src/10.3/sql/sql_select.cc:4148
|
#13 0x55b96e0bacc9 in JOIN::exec() /data/src/10.3/sql/sql_select.cc:3942
|
#14 0x55b96e0bb0e4 in mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/10.3/sql/sql_select.cc:4351
|
#15 0x55b96e0bd98f in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.3/sql/sql_select.cc:372
|
#16 0x55b96df4e41f in execute_sqlcom_select /data/src/10.3/sql/sql_parse.cc:6339
|
#17 0x55b96df735a8 in mysql_execute_command(THD*) /data/src/10.3/sql/sql_parse.cc:3870
|
#18 0x55b96df7ba57 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.3/sql/sql_parse.cc:7870
|
#19 0x55b96df80599 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.3/sql/sql_parse.cc:1852
|
#20 0x55b96df8633d in do_command(THD*) /data/src/10.3/sql/sql_parse.cc:1398
|
#21 0x55b96e2a3fe6 in do_handle_one_connection(CONNECT*) /data/src/10.3/sql/sql_connect.cc:1403
|
#22 0x55b96e2a484a in handle_one_connection /data/src/10.3/sql/sql_connect.cc:1308
|
#23 0x55b96f4ea6d4 in pfs_spawn_thread /data/src/10.3/storage/perfschema/pfs.cc:1869
|
#24 0x7f2840796ea6 in start_thread nptl/pthread_create.c:477
|
|
|
previously allocated by thread T5 here:
|
#0 0x7f2841038e8f in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145
|
#1 0x55b96f5bba42 in my_malloc /data/src/10.3/mysys/my_malloc.c:101
|
#2 0x55b96e138ce3 in String::real_alloc(unsigned long) /data/src/10.3/sql/sql_string.cc:44
|
#3 0x55b96e1391ca in String::alloc(unsigned long) /data/src/10.3/sql/sql_string.h:379
|
#4 0x55b96e1391ca in String::set_int(long long, bool, charset_info_st const*) /data/src/10.3/sql/sql_string.cc:127
|
#5 0x55b96e5ee9f6 in Item_int::val_str(String*) /data/src/10.3/sql/item.cc:3760
|
#6 0x55b96e8e1fba in Item_char_typecast::val_str(String*) /data/src/10.3/sql/item_timefunc.cc:2503
|
#7 0x55b96e745de6 in Item_func_min_max::val_str_native(String*) /data/src/10.3/sql/item_func.cc:2812
|
#8 0x55b96e7eaa61 in Item_func_soundex::val_str(String*) /data/src/10.3/sql/item_strfunc.cc:2560
|
#9 0x55b96e3d02db in Type_handler::Item_send_str(Item*, Protocol*, st_value*) const /data/src/10.3/sql/sql_type.cc:5412
|
#10 0x55b96dd3b665 in Protocol::send_result_set_row(List<Item>*) /data/src/10.3/sql/protocol.cc:1000
|
#11 0x55b96de7a2fb in select_send::send_data(List<Item>&) /data/src/10.3/sql/sql_class.cc:3049
|
#12 0x55b96e072e79 in end_send /data/src/10.3/sql/sql_select.cc:21078
|
#13 0x55b96e0b9d81 in do_select /data/src/10.3/sql/sql_select.cc:19370
|
#14 0x55b96e0b9d81 in JOIN::exec_inner() /data/src/10.3/sql/sql_select.cc:4148
|
#15 0x55b96e0bacc9 in JOIN::exec() /data/src/10.3/sql/sql_select.cc:3942
|
#16 0x55b96e0bb0e4 in mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/10.3/sql/sql_select.cc:4351
|
#17 0x55b96e0bd98f in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.3/sql/sql_select.cc:372
|
#18 0x55b96df4e41f in execute_sqlcom_select /data/src/10.3/sql/sql_parse.cc:6339
|
#19 0x55b96df735a8 in mysql_execute_command(THD*) /data/src/10.3/sql/sql_parse.cc:3870
|
#20 0x55b96df7ba57 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.3/sql/sql_parse.cc:7870
|
#21 0x55b96df80599 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.3/sql/sql_parse.cc:1852
|
#22 0x55b96df8633d in do_command(THD*) /data/src/10.3/sql/sql_parse.cc:1398
|
#23 0x55b96e2a3fe6 in do_handle_one_connection(CONNECT*) /data/src/10.3/sql/sql_connect.cc:1403
|
#24 0x55b96e2a484a in handle_one_connection /data/src/10.3/sql/sql_connect.cc:1308
|
#25 0x55b96f4ea6d4 in pfs_spawn_thread /data/src/10.3/storage/perfschema/pfs.cc:1869
|
#26 0x7f2840796ea6 in start_thread nptl/pthread_create.c:477
|
|
|
Thread T5 created by T0 here:
|
#0 0x7f2840fe42a2 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:214
|
#1 0x55b96f4eed2a in spawn_thread_v1 /data/src/10.3/storage/perfschema/pfs.cc:1919
|
#2 0x55b96dd12f3b in inline_mysql_thread_create /data/src/10.3/include/mysql/psi/mysql_thread.h:1275
|
#3 0x55b96dd12f3b in create_thread_to_handle_connection(CONNECT*) /data/src/10.3/sql/mysqld.cc:6668
|
#4 0x55b96dd2324d in create_new_thread /data/src/10.3/sql/mysqld.cc:6738
|
#5 0x55b96dd2324d in handle_connections_sockets() /data/src/10.3/sql/mysqld.cc:6996
|
#6 0x55b96dd251f5 in mysqld_main(int, char**) /data/src/10.3/sql/mysqld.cc:6290
|
#7 0x7f28405efd09 in __libc_start_main ../csu/libc-start.c:308
|
|
|
SUMMARY: AddressSanitizer: heap-use-after-free /data/src/10.3/strings/ctype-bin.c:245 in my_mb_wc_bin
|
Shadow bytes around the buggy address:
|
0x0c067ffffbf0: fa fa fd fd fd fd fa fa 00 00 00 00 fa fa 00 00
|
0x0c067ffffc00: 00 fa fa fa fd fd fd fd fa fa 00 00 00 00 fa fa
|
0x0c067ffffc10: fd fd fd fd fa fa 00 00 00 fa fa fa 00 00 00 00
|
0x0c067ffffc20: fa fa fd fd fd fd fa fa fd fd fd fd fa fa fd fd
|
0x0c067ffffc30: fd fa fa fa fd fd fd fa fa fa fd fd fd fa fa fa
|
=>0x0c067ffffc40: 00 00 00 fa fa fa 00 00 00 00 fa fa fd[fd]fd fd
|
0x0c067ffffc50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c067ffffc60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c067ffffc70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c067ffffc80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c067ffffc90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
Addressable: 00
|
Partially addressable: 01 02 03 04 05 06 07
|
Heap left redzone: fa
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack after return: f5
|
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
Container overflow: fc
|
Array cookie: ac
|
Intra object redzone: bb
|
ASan internal: fe
|
Left alloca redzone: ca
|
Right alloca redzone: cb
|
Shadow gap: cc
|
==1679878==ABORTING
|
10.5 stack trace contains an extra frame charset_info_st::mb_wc (adding for those lucky ones who search by this frame):
|
10.5 8494758e |
==1679948==ERROR: AddressSanitizer: heap-use-after-free on address 0x604000005168 at pc 0x560b08dd818a bp 0x7f222995ba70 sp 0x7f222995ba68
|
READ of size 1 at 0x604000005168 thread T5
|
#0 0x560b08dd8189 in my_mb_wc_bin /data/src/10.5/strings/ctype-bin.c:269
|
#1 0x560b07e3768a in charset_info_st::mb_wc(unsigned long*, unsigned char const*, unsigned char const*) const /data/src/10.5/include/m_ctype.h:710
|
#2 0x560b07e3768a in Item_func_soundex::val_str(String*) /data/src/10.5/sql/item_strfunc.cc:2560
|
#3 0x560b079ef382 in Type_handler::Item_send_str(Item*, Protocol*, st_value*) const /data/src/10.5/sql/sql_type.cc:7453
|
#4 0x560b072a7e85 in Protocol::send_result_set_row(List<Item>*) /data/src/10.5/sql/protocol.cc:1087
|
#5 0x560b073f4ab9 in select_send::send_data(List<Item>&) /data/src/10.5/sql/sql_class.cc:3124
|
#6 0x560b07630a9e in select_result_sink::send_data_with_check(List<Item>&, st_select_lex_unit*, unsigned long long) /data/src/10.5/sql/sql_class.h:5390
|
#7 0x560b07630a9e in select_result_sink::send_data_with_check(List<Item>&, st_select_lex_unit*, unsigned long long) /data/src/10.5/sql/sql_class.h:5380
|
#8 0x560b07630a9e in end_send /data/src/10.5/sql/sql_select.cc:22142
|
#9 0x560b07682133 in do_select /data/src/10.5/sql/sql_select.cc:20402
|
#10 0x560b07682133 in JOIN::exec_inner() /data/src/10.5/sql/sql_select.cc:4540
|
#11 0x560b07683312 in JOIN::exec() /data/src/10.5/sql/sql_select.cc:4320
|
#12 0x560b0767ae52 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/10.5/sql/sql_select.cc:4797
|
#13 0x560b0767d99d in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.5/sql/sql_select.cc:444
|
#14 0x560b074ef094 in execute_sqlcom_select /data/src/10.5/sql/sql_parse.cc:6314
|
#15 0x560b0751869b in mysql_execute_command(THD*) /data/src/10.5/sql/sql_parse.cc:4005
|
#16 0x560b0751d69b in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.5/sql/sql_parse.cc:8100
|
#17 0x560b075239b4 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.5/sql/sql_parse.cc:1891
|
#18 0x560b075292b2 in do_command(THD*) /data/src/10.5/sql/sql_parse.cc:1375
|
#19 0x560b0788b0be in do_handle_one_connection(CONNECT*, bool) /data/src/10.5/sql/sql_connect.cc:1418
|
#20 0x560b0788b76c in handle_one_connection /data/src/10.5/sql/sql_connect.cc:1312
|
#21 0x560b083d82b4 in pfs_spawn_thread /data/src/10.5/storage/perfschema/pfs.cc:2201
|
#22 0x7f2232d01ea6 in start_thread nptl/pthread_create.c:477
|
#23 0x7f22328fedee in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xfddee)
|
|
|
0x604000005168 is located 24 bytes inside of 48-byte region [0x604000005150,0x604000005180)
|
freed by thread T5 here:
|
#0 0x7f2233295b6f in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:123
|
#1 0x560b072ab016 in Binary_string::free() /data/src/10.5/sql/sql_string.h:630
|
#2 0x560b07b7c3db in Binary_string::set_alloced(char*, unsigned long, unsigned long) /data/src/10.5/sql/sql_string.h:457
|
#3 0x560b07b7c3db in Binary_string::operator=(Binary_string const&) /data/src/10.5/sql/sql_string.h:521
|
#4 0x560b07b7c3db in Binary_string::operator=(Binary_string const&) /data/src/10.5/sql/sql_string.h:512
|
#5 0x560b07b7c3db in String::operator=(String const&) /data/src/10.5/sql/sql_string.h:816
|
#6 0x560b07b7c3db in Field_set::val_str(String*, String*) /data/src/10.5/sql/field.cc:9425
|
#7 0x560b07d5fd88 in Item_func_min_max::val_str_native(String*) /data/src/10.5/sql/item_func.cc:2963
|
#8 0x560b07e3744a in Item_func_soundex::val_str(String*) /data/src/10.5/sql/item_strfunc.cc:2541
|
#9 0x560b079ef382 in Type_handler::Item_send_str(Item*, Protocol*, st_value*) const /data/src/10.5/sql/sql_type.cc:7453
|
#10 0x560b072a7e85 in Protocol::send_result_set_row(List<Item>*) /data/src/10.5/sql/protocol.cc:1087
|
#11 0x560b073f4ab9 in select_send::send_data(List<Item>&) /data/src/10.5/sql/sql_class.cc:3124
|
#12 0x560b07630a9e in select_result_sink::send_data_with_check(List<Item>&, st_select_lex_unit*, unsigned long long) /data/src/10.5/sql/sql_class.h:5390
|
#13 0x560b07630a9e in select_result_sink::send_data_with_check(List<Item>&, st_select_lex_unit*, unsigned long long) /data/src/10.5/sql/sql_class.h:5380
|
#14 0x560b07630a9e in end_send /data/src/10.5/sql/sql_select.cc:22142
|
#15 0x560b07682133 in do_select /data/src/10.5/sql/sql_select.cc:20402
|
#16 0x560b07682133 in JOIN::exec_inner() /data/src/10.5/sql/sql_select.cc:4540
|
#17 0x560b07683312 in JOIN::exec() /data/src/10.5/sql/sql_select.cc:4320
|
#18 0x560b0767ae52 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/10.5/sql/sql_select.cc:4797
|
#19 0x560b0767d99d in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.5/sql/sql_select.cc:444
|
#20 0x560b074ef094 in execute_sqlcom_select /data/src/10.5/sql/sql_parse.cc:6314
|
#21 0x560b0751869b in mysql_execute_command(THD*) /data/src/10.5/sql/sql_parse.cc:4005
|
#22 0x560b0751d69b in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.5/sql/sql_parse.cc:8100
|
#23 0x560b075239b4 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.5/sql/sql_parse.cc:1891
|
#24 0x560b075292b2 in do_command(THD*) /data/src/10.5/sql/sql_parse.cc:1375
|
#25 0x560b0788b0be in do_handle_one_connection(CONNECT*, bool) /data/src/10.5/sql/sql_connect.cc:1418
|
#26 0x560b0788b76c in handle_one_connection /data/src/10.5/sql/sql_connect.cc:1312
|
#27 0x560b083d82b4 in pfs_spawn_thread /data/src/10.5/storage/perfschema/pfs.cc:2201
|
#28 0x7f2232d01ea6 in start_thread nptl/pthread_create.c:477
|
|
|
previously allocated by thread T5 here:
|
#0 0x7f2233295e8f in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145
|
#1 0x560b08d88fb8 in my_malloc /data/src/10.5/mysys/my_malloc.c:90
|
#2 0x560b0770b085 in Binary_string::real_alloc(unsigned long) /data/src/10.5/sql/sql_string.cc:44
|
#3 0x560b0770b55b in Binary_string::alloc(unsigned long) /data/src/10.5/sql/sql_string.h:639
|
#4 0x560b0770b55b in String::set_int(long long, bool, charset_info_st const*) /data/src/10.5/sql/sql_string.cc:126
|
#5 0x560b07c0dd16 in Item_int::val_str(String*) /data/src/10.5/sql/item.cc:3684
|
#6 0x560b07f296da in Item_char_typecast::val_str_generic(String*) /data/src/10.5/sql/item_timefunc.cc:2365
|
#7 0x560b07d5fc56 in Item_func_min_max::val_str_native(String*) /data/src/10.5/sql/item_func.cc:2959
|
#8 0x560b07e3744a in Item_func_soundex::val_str(String*) /data/src/10.5/sql/item_strfunc.cc:2541
|
#9 0x560b079ef382 in Type_handler::Item_send_str(Item*, Protocol*, st_value*) const /data/src/10.5/sql/sql_type.cc:7453
|
#10 0x560b072a7e85 in Protocol::send_result_set_row(List<Item>*) /data/src/10.5/sql/protocol.cc:1087
|
#11 0x560b073f4ab9 in select_send::send_data(List<Item>&) /data/src/10.5/sql/sql_class.cc:3124
|
#12 0x560b07630a9e in select_result_sink::send_data_with_check(List<Item>&, st_select_lex_unit*, unsigned long long) /data/src/10.5/sql/sql_class.h:5390
|
#13 0x560b07630a9e in select_result_sink::send_data_with_check(List<Item>&, st_select_lex_unit*, unsigned long long) /data/src/10.5/sql/sql_class.h:5380
|
#14 0x560b07630a9e in end_send /data/src/10.5/sql/sql_select.cc:22142
|
#15 0x560b07682133 in do_select /data/src/10.5/sql/sql_select.cc:20402
|
#16 0x560b07682133 in JOIN::exec_inner() /data/src/10.5/sql/sql_select.cc:4540
|
#17 0x560b07683312 in JOIN::exec() /data/src/10.5/sql/sql_select.cc:4320
|
#18 0x560b0767ae52 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/10.5/sql/sql_select.cc:4797
|
#19 0x560b0767d99d in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.5/sql/sql_select.cc:444
|
#20 0x560b074ef094 in execute_sqlcom_select /data/src/10.5/sql/sql_parse.cc:6314
|
#21 0x560b0751869b in mysql_execute_command(THD*) /data/src/10.5/sql/sql_parse.cc:4005
|
#22 0x560b0751d69b in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.5/sql/sql_parse.cc:8100
|
#23 0x560b075239b4 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.5/sql/sql_parse.cc:1891
|
#24 0x560b075292b2 in do_command(THD*) /data/src/10.5/sql/sql_parse.cc:1375
|
#25 0x560b0788b0be in do_handle_one_connection(CONNECT*, bool) /data/src/10.5/sql/sql_connect.cc:1418
|
#26 0x560b0788b76c in handle_one_connection /data/src/10.5/sql/sql_connect.cc:1312
|
#27 0x560b083d82b4 in pfs_spawn_thread /data/src/10.5/storage/perfschema/pfs.cc:2201
|
#28 0x7f2232d01ea6 in start_thread nptl/pthread_create.c:477
|
|
|
Thread T5 created by T0 here:
|
#0 0x7f22332412a2 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:214
|
#1 0x560b083d8542 in my_thread_create /data/src/10.5/storage/perfschema/my_thread.h:52
|
#2 0x560b083d8542 in pfs_spawn_thread_v1 /data/src/10.5/storage/perfschema/pfs.cc:2252
|
#3 0x560b0728268b in inline_mysql_thread_create /data/src/10.5/include/mysql/psi/mysql_thread.h:1323
|
#4 0x560b0728268b in create_thread_to_handle_connection(CONNECT*) /data/src/10.5/sql/mysqld.cc:6051
|
#5 0x560b0728df02 in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/src/10.5/sql/mysqld.cc:6175
|
#6 0x560b0728e913 in handle_connections_sockets() /data/src/10.5/sql/mysqld.cc:6302
|
#7 0x560b072905fb in mysqld_main(int, char**) /data/src/10.5/sql/mysqld.cc:5697
|
#8 0x7f2232827d09 in __libc_start_main ../csu/libc-start.c:308
|
|
|
SUMMARY: AddressSanitizer: heap-use-after-free /data/src/10.5/strings/ctype-bin.c:269 in my_mb_wc_bin
|
Shadow bytes around the buggy address:
|
0x0c087fff89d0: fa fa fd fd fd fd fd fa fa fa 00 00 00 00 00 fa
|
0x0c087fff89e0: fa fa 00 00 00 00 00 00 fa fa 00 00 00 00 00 00
|
0x0c087fff89f0: fa fa 00 00 00 00 00 00 fa fa 00 00 00 00 00 fa
|
0x0c087fff8a00: fa fa 00 00 00 00 00 00 fa fa 00 00 00 00 00 fa
|
0x0c087fff8a10: fa fa 00 00 00 00 00 00 fa fa 00 00 00 00 00 00
|
=>0x0c087fff8a20: fa fa 00 00 00 00 00 fa fa fa fd fd fd[fd]fd fd
|
0x0c087fff8a30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c087fff8a40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c087fff8a50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c087fff8a60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c087fff8a70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
Addressable: 00
|
Partially addressable: 01 02 03 04 05 06 07
|
Heap left redzone: fa
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack after return: f5
|
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
Container overflow: fc
|
Array cookie: ac
|
Intra object redzone: bb
|
ASan internal: fe
|
Left alloca redzone: ca
|
Right alloca redzone: cb
|
Shadow gap: cc
|
==1679948==ABORTING
|
220718 15:29:44 [ERROR] mysqld got signal 6 ;
|
This could be because you hit a bug. It is also possible that this binary
|
or one of the libraries it was linked against is corrupt, improperly built,
|
or misconfigured. This error can also be caused by malfunctioning hardware.
|
|
|
To report this bug, see https://mariadb.com/kb/en/reporting-bugs
|
|
|
We will try our best to scrape up some info that will hopefully help
|
diagnose the problem, but since we have already crashed,
|
something is definitely wrong and this may fail.
|
|
|
Server version: 10.5.17-MariaDB-log
|
key_buffer_size=1048576
|
read_buffer_size=131072
|
max_used_connections=1
|
max_threads=153
|
thread_count=1
|
It is possible that mysqld could use up to
|
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 63649 K bytes of memory
|
Hope that's ok; if not, decrease some variables in the equation.
|
|
|
Thread pointer: 0x62b000069218
|
Attempting backtrace. You can use the following information to find out
|
where mysqld died. If you see no messages after this, something went
|
terribly wrong...
|
stack_bottom = 0x7f222995e8f0 thread_stack 0x5fc00
|
sanitizer_common/sanitizer_common_interceptors.inc:4101(__interceptor_backtrace.part.0)[0x7f223322fdf1]
|
mysys/stacktrace.c:213(my_print_stacktrace)[0x560b08d921b6]
|
sql/signal_handler.cc:232(handle_fatal_signal)[0x560b07bc7444]
|
sigaction.c:0(__restore_rt)[0x7f2232d0d140]
|
linux/raise.c:51(__GI_raise)[0x7f223283cce1]
|
stdlib/abort.c:81(__GI_abort)[0x7f2232826537]
|
sanitizer_common/sanitizer_posix_libcdep.cpp:149(__sanitizer::Abort())[0x7f22332b111b]
|
sanitizer_common/sanitizer_termination.cpp:59(__sanitizer::Die())[0x7f22332bbce8]
|
asan/asan_report.cpp:186(__asan::ScopedInErrorReport::~ScopedInErrorReport())[0x7f223329e44c]
|
asan/asan_report.cpp:474(__asan::ReportGenericError(unsigned long, unsigned long, unsigned long, unsigned long, bool, unsigned long, unsigned int, bool))[0x7f223329dd47]
|
asan/asan_rtl.cpp:117(__asan_report_load1)[0x7f223329e788]
|
strings/ctype-bin.c:269(my_mb_wc_bin)[0x560b08dd818a]
|
sql/item_strfunc.cc:2560(Item_func_soundex::val_str(String*))[0x560b07e3768b]
|
sql/sql_type.cc:7453(Type_handler::Item_send_str(Item*, Protocol*, st_value*) const)[0x560b079ef383]
|
sql/protocol.cc:1087(Protocol::send_result_set_row(List<Item>*))[0x560b072a7e86]
|
sql/sql_class.cc:3124(select_send::send_data(List<Item>&))[0x560b073f4aba]
|
sql/sql_select.cc:22142(end_send(JOIN*, st_join_table*, bool))[0x560b07630a9f]
|
sql/sql_select.cc:20402(JOIN::exec_inner())[0x560b07682134]
|
sql/sql_select.cc:4321(JOIN::exec())[0x560b07683313]
|
sql/sql_select.cc:4799(mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x560b0767ae53]
|
sql/sql_select.cc:444(handle_select(THD*, LEX*, select_result*, unsigned long))[0x560b0767d99e]
|
sql/sql_parse.cc:6314(execute_sqlcom_select(THD*, TABLE_LIST*))[0x560b074ef095]
|
sql/sql_parse.cc:4005(mysql_execute_command(THD*))[0x560b0751869c]
|
sql/sql_parse.cc:8117(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x560b0751d69c]
|
sql/sql_parse.cc:1894(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x560b075239b5]
|
sql/sql_parse.cc:1375(do_command(THD*))[0x560b075292b3]
|
sql/sql_connect.cc:1418(do_handle_one_connection(CONNECT*, bool))[0x560b0788b0bf]
|
sql/sql_connect.cc:1312(handle_one_connection)[0x560b0788b76d]
|
perfschema/pfs.cc:2204(pfs_spawn_thread)[0x560b083d82b5]
|
nptl/pthread_create.c:478(start_thread)[0x7f2232d01ea7]
|
x86_64/clone.S:97(__GI___clone)[0x7f22328fedef]
|
|
|
Trying to get some variables.
|
Some pointers may be invalid and cause the dump to abort.
|
Query (0x62b000038238): SELECT SOUNDEX(GREATEST(BINARY 0, a)) FROM t
|
|
|
Connection ID (thread ID): 4
|
Status: NOT_KILLED
|
|
|
Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,engine_condition_pushdown=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on,not_null_range_scan=off
|
|
|
The manual page at https://mariadb.com/kb/en/how-to-produce-a-full-stack-trace-for-mysqld/ contains
|
information that should help you find out what is causing the crash.
|
Writing a core file...
|
Working directory at /dev/shm/var_auto_nx8h/mysqld.1/data
|
Resource Limits:
|
Limit Soft Limit Hard Limit Units
|
Max cpu time unlimited unlimited seconds
|
Max file size unlimited unlimited bytes
|
Max data size unlimited unlimited bytes
|
Max stack size 8388608 unlimited bytes
|
Max core file size unlimited unlimited bytes
|
Max resident set unlimited unlimited bytes
|
Max processes 385885 385885 processes
|
Max open files 1024 1024 files
|
Max locked memory 12659513344 12659513344 bytes
|
Max address space unlimited unlimited bytes
|
Max file locks unlimited unlimited locks
|
Max pending signals 385885 385885 signals
|
Max msgqueue size 819200 819200 bytes
|
Max nice priority 0 0
|
Max realtime priority 0 0
|
Max realtime timeout unlimited unlimited us
|
Core pattern: core
|
|
|
Kernel version: Linux version 5.10.0-14-amd64 (debian-kernel@lists.debian.org) (gcc-10 (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2) #1 SMP Debian 5.10.113-1 (2022-04-29)
|
Reproducible on 10.3-10.5.
Couldn't reproduce on 10.6+.