Details
Description
The test case is for reproducing purposes only, don't put it into the regression suite! Create a deterministic one instead.
--delimiter $$
|
--connect (con1,localhost,root,,)
|
--let $con1id= `SELECT CONNECTION_ID()`
|
--send
|
LOOP
|
CREATE OR REPLACE VIEW v AS SELECT 'x' AS a; |
END LOOP $$ |
|
--connect (con2,localhost,root,,)
|
--let $con2id= `SELECT CONNECTION_ID()`
|
--send
|
BEGIN NOT ATOMIC |
DECLARE CONTINUE HANDLER FOR SQLEXCEPTION BEGIN END; |
LOOP
|
UPDATE v SET a = 'x'; |
END LOOP; |
END $$ |
|
--connection default
|
--delimiter ;
|
--let $run= 10000
|
while ($run)
|
{
|
SELECT * FROM v; |
--dec $run |
}
|
|
# Cleanup
|
--eval KILL $con1id
|
--eval KILL $con2id
|
DROP VIEW IF EXISTS v; |
10.3 d099bcad |
==3858398==ERROR: AddressSanitizer: use-after-poison on address 0x61900015887b at pc 0x55a948b42569 bp 0x7fd439e0e770 sp 0x7fd439e0e768
|
WRITE of size 1 at 0x61900015887b thread T7
|
#0 0x55a948b42568 in File_parser::parse(unsigned char*, st_mem_root*, File_option*, unsigned int, Unknown_key_hook*) const /data/src/10.3/sql/parse_file.cc:845
|
#1 0x55a94909b7f5 in mariadb_view_version_get(TABLE_SHARE*) /data/src/10.3/sql/sql_view.cc:1186
|
#2 0x55a94909be8d in mysql_make_view(THD*, TABLE_SHARE*, TABLE_LIST*, bool) /data/src/10.3/sql/sql_view.cc:1256
|
#3 0x55a948c660b4 in open_table(THD*, TABLE_LIST*, Open_table_context*) /data/src/10.3/sql/sql_base.cc:1911
|
#4 0x55a948c6f99d in open_and_process_table /data/src/10.3/sql/sql_base.cc:3733
|
#5 0x55a948c71fe1 in open_tables(THD*, DDL_options_st const&, TABLE_LIST**, unsigned int*, unsigned int, Prelocking_strategy*) /data/src/10.3/sql/sql_base.cc:4208
|
#6 0x55a948d31238 in open_tables(THD*, TABLE_LIST**, unsigned int*, unsigned int) /data/src/10.3/sql/sql_base.h:473
|
#7 0x55a94907a98d in mysql_update(THD*, TABLE_LIST*, List<Item>&, List<Item>&, Item*, unsigned int, st_order*, unsigned long long, bool, unsigned long long*, unsigned long long*) /data/src/10.3/sql/sql_update.cc:354
|
#8 0x55a948ddca5b in mysql_execute_command(THD*) /data/src/10.3/sql/sql_parse.cc:4344
|
#9 0x55a948bc76a3 in sp_instr_stmt::exec_core(THD*, unsigned int*) /data/src/10.3/sql/sp_head.cc:3708
|
#10 0x55a948bc5e7e in sp_lex_keeper::reset_lex_and_exec_core(THD*, unsigned int*, bool, sp_instr*) /data/src/10.3/sql/sp_head.cc:3438
|
#11 0x55a948bc6e4c in sp_instr_stmt::execute(THD*, unsigned int*) /data/src/10.3/sql/sp_head.cc:3614
|
#12 0x55a948bb8bd6 in sp_head::execute(THD*, bool) /data/src/10.3/sql/sp_head.cc:1377
|
#13 0x55a948bbea3d in sp_head::execute_procedure(THD*, List<Item>*) /data/src/10.3/sql/sp_head.cc:2404
|
#14 0x55a948dd3960 in do_execute_sp /data/src/10.3/sql/sql_parse.cc:3019
|
#15 0x55a948de6eeb in mysql_execute_command(THD*) /data/src/10.3/sql/sql_parse.cc:5693
|
#16 0x55a948df5607 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.3/sql/sql_parse.cc:7855
|
#17 0x55a948dccc55 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.3/sql/sql_parse.cc:1852
|
#18 0x55a948dc980d in do_command(THD*) /data/src/10.3/sql/sql_parse.cc:1398
|
#19 0x55a94918ca81 in do_handle_one_connection(CONNECT*) /data/src/10.3/sql/sql_connect.cc:1403
|
#20 0x55a94918c37d in handle_one_connection /data/src/10.3/sql/sql_connect.cc:1308
|
#21 0x55a94a737e9e in pfs_spawn_thread /data/src/10.3/storage/perfschema/pfs.cc:1869
|
#22 0x7fd444bcdea6 in start_thread nptl/pthread_create.c:477
|
#23 0x7fd444aedaee in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xfcaee)
|
|
0x61900015887b is located 507 bytes inside of 992-byte region [0x619000158680,0x619000158a60)
|
allocated by thread T7 here:
|
#0 0x7fd445470e8f in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145
|
#1 0x55a94a84c1ba in my_malloc /data/src/10.3/mysys/my_malloc.c:101
|
#2 0x55a94a828f79 in alloc_root /data/src/10.3/mysys/my_alloc.c:251
|
#3 0x55a948b26a45 in Sql_alloc::operator new(unsigned long, st_mem_root*) /data/src/10.3/sql/sql_alloc.h:39
|
#4 0x55a948b402e5 in sql_parse_prepare(st_mysql_const_lex_string const*, st_mem_root*, bool) /data/src/10.3/sql/parse_file.cc:425
|
#5 0x55a9490abd62 in open_table_def(THD*, TABLE_SHARE*, unsigned int) /data/src/10.3/sql/table.cc:632
|
#6 0x55a94936a95a in tdc_acquire_share(THD*, TABLE_LIST*, unsigned int, TABLE**) /data/src/10.3/sql/table_cache.cc:840
|
#7 0x55a948c65d23 in open_table(THD*, TABLE_LIST*, Open_table_context*) /data/src/10.3/sql/sql_base.cc:1859
|
#8 0x55a948c6f99d in open_and_process_table /data/src/10.3/sql/sql_base.cc:3733
|
#9 0x55a948c71fe1 in open_tables(THD*, DDL_options_st const&, TABLE_LIST**, unsigned int*, unsigned int, Prelocking_strategy*) /data/src/10.3/sql/sql_base.cc:4208
|
#10 0x55a948d31238 in open_tables(THD*, TABLE_LIST**, unsigned int*, unsigned int) /data/src/10.3/sql/sql_base.h:473
|
#11 0x55a94907a98d in mysql_update(THD*, TABLE_LIST*, List<Item>&, List<Item>&, Item*, unsigned int, st_order*, unsigned long long, bool, unsigned long long*, unsigned long long*) /data/src/10.3/sql/sql_update.cc:354
|
#12 0x55a948ddca5b in mysql_execute_command(THD*) /data/src/10.3/sql/sql_parse.cc:4344
|
#13 0x55a948bc76a3 in sp_instr_stmt::exec_core(THD*, unsigned int*) /data/src/10.3/sql/sp_head.cc:3708
|
#14 0x55a948bc5e7e in sp_lex_keeper::reset_lex_and_exec_core(THD*, unsigned int*, bool, sp_instr*) /data/src/10.3/sql/sp_head.cc:3438
|
#15 0x55a948bc6e4c in sp_instr_stmt::execute(THD*, unsigned int*) /data/src/10.3/sql/sp_head.cc:3614
|
#16 0x55a948bb8bd6 in sp_head::execute(THD*, bool) /data/src/10.3/sql/sp_head.cc:1377
|
#17 0x55a948bbea3d in sp_head::execute_procedure(THD*, List<Item>*) /data/src/10.3/sql/sp_head.cc:2404
|
#18 0x55a948dd3960 in do_execute_sp /data/src/10.3/sql/sql_parse.cc:3019
|
#19 0x55a948de6eeb in mysql_execute_command(THD*) /data/src/10.3/sql/sql_parse.cc:5693
|
#20 0x55a948df5607 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.3/sql/sql_parse.cc:7855
|
#21 0x55a948dccc55 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.3/sql/sql_parse.cc:1852
|
#22 0x55a948dc980d in do_command(THD*) /data/src/10.3/sql/sql_parse.cc:1398
|
#23 0x55a94918ca81 in do_handle_one_connection(CONNECT*) /data/src/10.3/sql/sql_connect.cc:1403
|
#24 0x55a94918c37d in handle_one_connection /data/src/10.3/sql/sql_connect.cc:1308
|
#25 0x55a94a737e9e in pfs_spawn_thread /data/src/10.3/storage/perfschema/pfs.cc:1869
|
#26 0x7fd444bcdea6 in start_thread nptl/pthread_create.c:477
|
|
Thread T7 created by T0 here:
|
#0 0x7fd44541c2a2 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:214
|
#1 0x55a94a73828b in spawn_thread_v1 /data/src/10.3/storage/perfschema/pfs.cc:1919
|
#2 0x55a948b01d76 in inline_mysql_thread_create /data/src/10.3/include/mysql/psi/mysql_thread.h:1275
|
#3 0x55a948b19f39 in create_thread_to_handle_connection(CONNECT*) /data/src/10.3/sql/mysqld.cc:6668
|
#4 0x55a948b1a699 in create_new_thread /data/src/10.3/sql/mysqld.cc:6738
|
#5 0x55a948b1b7f2 in handle_connections_sockets() /data/src/10.3/sql/mysqld.cc:6996
|
#6 0x55a948b192b9 in mysqld_main(int, char**) /data/src/10.3/sql/mysqld.cc:6290
|
#7 0x55a948b00604 in main /data/src/10.3/sql/main.cc:25
|
#8 0x7fd444a14d09 in __libc_start_main ../csu/libc-start.c:308
|
|
SUMMARY: AddressSanitizer: use-after-poison /data/src/10.3/sql/parse_file.cc:845 in File_parser::parse(unsigned char*, st_mem_root*, File_option*, unsigned int, Unknown_key_hook*) const
|
Shadow bytes around the buggy address:
|
0x0c32800230b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c32800230c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c32800230d0: 00 00 00 00 f7 00 00 00 00 00 f7 00 00 00 00 00
|
0x0c32800230e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0c32800230f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
=>0x0c3280023100: 00 00 00 00 00 00 00 04 f7 00 00 04 f7 00 00[03]
|
0x0c3280023110: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x0c3280023120: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x0c3280023130: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x0c3280023140: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 fa fa fa fa
|
0x0c3280023150: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
Addressable: 00
|
Partially addressable: 01 02 03 04 05 06 07
|
Heap left redzone: fa
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack after return: f5
|
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
Container overflow: fc
|
Array cookie: ac
|
Intra object redzone: bb
|
ASan internal: fe
|
Left alloca redzone: ca
|
Right alloca redzone: cb
|
Shadow gap: cc
|
==3858398==ABORTING
|
The failure started happening on 10.3 after this commit:
commit f65ba9aeb7eea75656c74da7c20cb4157cb8d943 98e62e631706f982a6b0e3a63909fa96f98aac5a
|
Author: Oleksandr Byelkin
|
AuthorDate: Wed Apr 17 15:50:59 2019 +0200
|
Commit: Oleksandr Byelkin
|
CommitDate: Fri Sep 30 12:11:37 2022 +0200
|
|
MDEV-17124: mariadb 10.1.34, views and prepared statements: ERROR 1615 (HY000): Prepared statement needs to be re-prepared
|