Details
-
Bug
-
Status: Closed (View Workflow)
-
Blocker
-
Resolution: Fixed
-
10.3(EOL), 10.4(EOL), 10.5, 10.6
Description
CREATE TABLE t (a VARCHAR(1)) CHARACTER SET utf8mb3; |
EXECUTE IMMEDIATE "SELECT COUNT(*) FROM t WHERE a < (SELECT 'x')"; |
|
# Cleanup
|
DROP TABLE t; |
10.3 7d96cb47 |
==2019086==ERROR: AddressSanitizer: heap-use-after-free on address 0x62b000034838 at pc 0x55df0bfc85dc bp 0x7fe9d0fe33f0 sp 0x7fe9d0fe33e8
|
READ of size 1 at 0x62b000034838 thread T5
|
#0 0x55df0bfc85db in Explain_query::~Explain_query() /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_explain.cc:62
|
#1 0x55df0bfd6570 in delete_explain_query(LEX*) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_explain.cc:2432
|
#2 0x55df0bb911a4 in log_slow_statement(THD*) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_parse.cc:2560
|
#3 0x55df0bb9035d in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_parse.cc:2427
|
#4 0x55df0bb8986b in do_command(THD*) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_parse.cc:1398
|
#5 0x55df0bf4d159 in do_handle_one_connection(CONNECT*) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_connect.cc:1403
|
#6 0x55df0bf4ca55 in handle_one_connection /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_connect.cc:1308
|
#7 0x55df0d4fa1ae in pfs_spawn_thread /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/storage/perfschema/pfs.cc:1869
|
#8 0x7fe9dbd7aea6 in start_thread nptl/pthread_create.c:477
|
#9 0x7fe9dbc9aaee in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xfcaee)
|
|
0x62b000034838 is located 13880 bytes inside of 24608-byte region [0x62b000031200,0x62b000037220)
|
freed by thread T5 here:
|
#0 0x7fe9dc680b6f in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:123
|
#1 0x55df0d60f036 in my_free /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/mysys/my_malloc.c:223
|
#2 0x55df0d5ec411 in free_root /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/mysys/my_alloc.c:430
|
#3 0x55df0bbfe4f1 in Prepared_statement::~Prepared_statement() /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_prepare.cc:4057
|
#4 0x55df0bbfe5f3 in Prepared_statement::~Prepared_statement() /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_prepare.cc:4059
|
#5 0x55df0bbf8335 in mysql_sql_stmt_execute_immediate(THD*) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_prepare.cc:2995
|
#6 0x55df0bb99e56 in mysql_execute_command(THD*) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_parse.cc:3877
|
#7 0x55df0bbb5665 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_parse.cc:7855
|
#8 0x55df0bb8ccb3 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_parse.cc:1852
|
#9 0x55df0bb8986b in do_command(THD*) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_parse.cc:1398
|
#10 0x55df0bf4d159 in do_handle_one_connection(CONNECT*) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_connect.cc:1403
|
#11 0x55df0bf4ca55 in handle_one_connection /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_connect.cc:1308
|
#12 0x55df0d4fa1ae in pfs_spawn_thread /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/storage/perfschema/pfs.cc:1869
|
#13 0x7fe9dbd7aea6 in start_thread nptl/pthread_create.c:477
|
|
previously allocated by thread T5 here:
|
#0 0x7fe9dc680e8f in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145
|
#1 0x55df0d60e4ca in my_malloc /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/mysys/my_malloc.c:101
|
#2 0x55df0d5ea249 in init_alloc_root /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/mysys/my_alloc.c:82
|
#3 0x55df0beb80e0 in init_sql_alloc(st_mem_root*, char const*, unsigned int, unsigned int, unsigned long) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/thr_malloc.cc:65
|
#4 0x55df0bbfdb53 in Prepared_statement::Prepared_statement(THD*) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_prepare.cc:3976
|
#5 0x55df0bbf80c8 in mysql_sql_stmt_execute_immediate(THD*) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_prepare.cc:2963
|
#6 0x55df0bb99e56 in mysql_execute_command(THD*) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_parse.cc:3877
|
#7 0x55df0bbb5665 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_parse.cc:7855
|
#8 0x55df0bb8ccb3 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_parse.cc:1852
|
#9 0x55df0bb8986b in do_command(THD*) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_parse.cc:1398
|
#10 0x55df0bf4d159 in do_handle_one_connection(CONNECT*) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_connect.cc:1403
|
#11 0x55df0bf4ca55 in handle_one_connection /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_connect.cc:1308
|
#12 0x55df0d4fa1ae in pfs_spawn_thread /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/storage/perfschema/pfs.cc:1869
|
#13 0x7fe9dbd7aea6 in start_thread nptl/pthread_create.c:477
|
|
Thread T5 created by T0 here:
|
#0 0x7fe9dc62c2a2 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:214
|
#1 0x55df0d4fa59b in spawn_thread_v1 /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/storage/perfschema/pfs.cc:1919
|
#2 0x55df0b8c1d86 in inline_mysql_thread_create /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/include/mysql/psi/mysql_thread.h:1275
|
#3 0x55df0b8d9f63 in create_thread_to_handle_connection(CONNECT*) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/mysqld.cc:6677
|
#4 0x55df0b8da6c3 in create_new_thread /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/mysqld.cc:6747
|
#5 0x55df0b8db82d in handle_connections_sockets() /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/mysqld.cc:7005
|
#6 0x55df0b8d92e3 in mysqld_main(int, char**) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/mysqld.cc:6299
|
#7 0x55df0b8c0614 in main /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/main.cc:25
|
#8 0x7fe9dbbc1d09 in __libc_start_main ../csu/libc-start.c:308
|
|
SUMMARY: AddressSanitizer: heap-use-after-free /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_explain.cc:62 in Explain_query::~Explain_query()
|
Shadow bytes around the buggy address:
|
0x0c567fffe8b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c567fffe8c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c567fffe8d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c567fffe8e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c567fffe8f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
=>0x0c567fffe900: fd fd fd fd fd fd fd[fd]fd fd fd fd fd fd fd fd
|
0x0c567fffe910: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c567fffe920: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c567fffe930: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c567fffe940: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c567fffe950: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
Addressable: 00
|
Partially addressable: 01 02 03 04 05 06 07
|
Heap left redzone: fa
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack after return: f5
|
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
Container overflow: fc
|
Array cookie: ac
|
Intra object redzone: bb
|
ASan internal: fe
|
Left alloca redzone: ca
|
Right alloca redzone: cb
|
Shadow gap: cc
|
==2019086==ABORTING
|
The failure started happening on 10.3 after this commit:
commit bd9274faa469cc164099c7497c18a0e0a9b1184b
|
Author: Dmitry Shulga
|
Date: Mon Oct 17 15:05:17 2022 +0700
|
|
MDEV-16128: Server crash in Item_func::print_op on 2nd execution of PS
|
|
For some queries that involve tables with different but convertible
|
Attachments
Issue Links
- is caused by
-
MDEV-16128 Server crash in Item_func::print_op on 2nd execution of PS
- Closed