Details
-
Bug
-
Status: Open (View Workflow)
-
Major
-
Resolution: Unresolved
-
10.3, 10.4, 10.5, 10.6, 10.7, 10.8, 10.9, 10.10
-
None
Description
CREATE TABLE t1 (d varchar(12)) ENGINE=Aria CHARACTER SET utf8; |
INSERT INTO t1 VALUES ('tooth'),('merely'); |
 |
CREATE TABLE t2 (b char(12) CHARACTER SET latin1, fulltext key (b)) ENGINE=Aria CHARACTER SET utf8; |
INSERT t2 VALUES |
('confident'),('kneel'),('season'),('float'),('retire'),('fun'),('announce'), |
('recommend'),('magic'),('investigate'),('sheep'),('shark'),('separate'), |
('benefit'),('hold'),('the'),('makeup'),('opposite'),('wheat'),('white'), |
('weather'),('islamic'),('measure'),('apart'),('apart'); |
INSERT INTO t2 SELECT * FROM t2; |
INSERT INTO t2 SELECT * FROM t2; |
ALTER TABLE t2 MODIFY b CHAR(12); |
 |
CREATE TABLE t3 (a char(12)) ENGINE=Aria CHARACTER SET utf8; |
INSERT INTO t3 VALUES ('combine'),('forget'); |
 |
SELECT t1.* FROM t1 JOIN (SELECT t2.b, COUNT(*) FROM t2 LEFT JOIN t3 ON t3.a = t2.b GROUP BY t2.b) sq ON sq.b = t1.d; |
 |
# Cleanup
|
DROP TABLE t1, t2, t3; |
|
10.3 7d96cb47 |
==2054553==ERROR: AddressSanitizer: use-after-poison on address 0x629000080e50 at pc 0x7f097de78983 bp 0x7f0972852580 sp 0x7f0972851d30
|
READ of size 254 at 0x629000080e50 thread T5
|
#0 0x7f097de78982 in __interceptor_memcpy ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:806
|
#1 0x55a3960bc4c0 in _ma_pack_key /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/storage/maria/ma_key.c:427
|
#2 0x55a396092a98 in maria_rkey /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/storage/maria/ma_rkey.c:72
|
#3 0x55a395fcc3f7 in ha_maria::index_read_map(unsigned char*, unsigned char const*, unsigned long, ha_rkey_function) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/storage/maria/ha_maria.cc:2294
|
#4 0x55a3951b0665 in handler::ha_index_read_map(unsigned char*, unsigned char const*, unsigned long, ha_rkey_function) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/handler.cc:2915
|
#5 0x55a394b7e907 in join_read_always_key /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_select.cc:20696
|
#6 0x55a394b790e8 in sub_select(JOIN*, st_join_table*, bool) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_select.cc:19929
|
#7 0x55a394b772f1 in do_select /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_select.cc:19470
|
#8 0x55a394b0b391 in JOIN::exec_inner() /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_select.cc:4171
|
#9 0x55a394b08d62 in JOIN::exec() /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_select.cc:3965
|
#10 0x55a394b0c6c4 in mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_select.cc:4374
|
#11 0x55a39498ac00 in mysql_derived_fill(THD*, LEX*, TABLE_LIST*) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_derived.cc:1179
|
#12 0x55a394984583 in mysql_handle_single_derived(LEX*, TABLE_LIST*, unsigned int) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_derived.cc:193
|
#13 0x55a394b49d6f in st_join_table::preread_init() /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_select.cc:12962
|
#14 0x55a394b78ce5 in sub_select(JOIN*, st_join_table*, bool) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_select.cc:19900
|
#15 0x55a394b7a95b in evaluate_join_record /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_select.cc:20159
|
#16 0x55a394b792a4 in sub_select(JOIN*, st_join_table*, bool) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_select.cc:19932
|
#17 0x55a394b772f1 in do_select /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_select.cc:19470
|
#18 0x55a394b0b391 in JOIN::exec_inner() /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_select.cc:4171
|
#19 0x55a394b08d62 in JOIN::exec() /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_select.cc:3965
|
#20 0x55a394b0c6c4 in mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_select.cc:4374
|
#21 0x55a394ae2efa in handle_select(THD*, LEX*, select_result*, unsigned long) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_select.cc:372
|
#22 0x55a394a57d68 in execute_sqlcom_select /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_parse.cc:6340
|
#23 0x55a394a45e39 in mysql_execute_command(THD*) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_parse.cc:3871
|
#24 0x55a394a61665 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_parse.cc:7855
|
#25 0x55a394a38cb3 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_parse.cc:1852
|
#26 0x55a394a3586b in do_command(THD*) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_parse.cc:1398
|
#27 0x55a394df9159 in do_handle_one_connection(CONNECT*) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_connect.cc:1403
|
#28 0x55a394df8a55 in handle_one_connection /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_connect.cc:1308
|
#29 0x55a3963a61ae in pfs_spawn_thread /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/storage/perfschema/pfs.cc:1869
|
#30 0x7f097d5e2ea6 in start_thread nptl/pthread_create.c:477
|
#31 0x7f097d502aee in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xfcaee)
|
 |
0x629000080e50 is located 15440 bytes inside of 16352-byte region [0x62900007d200,0x6290000811e0)
|
allocated by thread T5 here:
|
#0 0x7f097dee8e8f in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145
|
#1 0x55a3964ba4ca in my_malloc /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/mysys/my_malloc.c:101
|
#2 0x55a396497289 in alloc_root /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/mysys/my_alloc.c:251
|
#3 0x55a396497a3a in multi_alloc_root /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/mysys/my_alloc.c:325
|
#4 0x55a394b0d9cf in make_join_statistics /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_select.cc:4557
|
#5 0x55a394af3cbe in JOIN::optimize_inner() /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_select.cc:1992
|
#6 0x55a394aef1c0 in JOIN::optimize() /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_select.cc:1534
|
#7 0x55a39498918e in mysql_derived_optimize(THD*, LEX*, TABLE_LIST*) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_derived.cc:962
|
#8 0x55a394984583 in mysql_handle_single_derived(LEX*, TABLE_LIST*, unsigned int) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_derived.cc:193
|
#9 0x55a394af203a in JOIN::optimize_inner() /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_select.cc:1815
|
#10 0x55a394aef1c0 in JOIN::optimize() /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_select.cc:1534
|
#11 0x55a394b0c4d4 in mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_select.cc:4360
|
#12 0x55a394ae2efa in handle_select(THD*, LEX*, select_result*, unsigned long) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_select.cc:372
|
#13 0x55a394a57d68 in execute_sqlcom_select /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_parse.cc:6340
|
#14 0x55a394a45e39 in mysql_execute_command(THD*) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_parse.cc:3871
|
#15 0x55a394a61665 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_parse.cc:7855
|
#16 0x55a394a38cb3 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_parse.cc:1852
|
#17 0x55a394a3586b in do_command(THD*) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_parse.cc:1398
|
#18 0x55a394df9159 in do_handle_one_connection(CONNECT*) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_connect.cc:1403
|
#19 0x55a394df8a55 in handle_one_connection /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_connect.cc:1308
|
#20 0x55a3963a61ae in pfs_spawn_thread /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/storage/perfschema/pfs.cc:1869
|
#21 0x7f097d5e2ea6 in start_thread nptl/pthread_create.c:477
|
 |
Thread T5 created by T0 here:
|
#0 0x7f097de942a2 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:214
|
#1 0x55a3963a659b in spawn_thread_v1 /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/storage/perfschema/pfs.cc:1919
|
#2 0x55a39476dd86 in inline_mysql_thread_create /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/include/mysql/psi/mysql_thread.h:1275
|
#3 0x55a394785f63 in create_thread_to_handle_connection(CONNECT*) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/mysqld.cc:6677
|
#4 0x55a3947866c3 in create_new_thread /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/mysqld.cc:6747
|
#5 0x55a39478782d in handle_connections_sockets() /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/mysqld.cc:7005
|
#6 0x55a3947852e3 in mysqld_main(int, char**) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/mysqld.cc:6299
|
#7 0x55a39476c614 in main /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/main.cc:25
|
#8 0x7f097d429d09 in __libc_start_main ../csu/libc-start.c:308
|
 |
SUMMARY: AddressSanitizer: use-after-poison ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:806 in __interceptor_memcpy
|
Shadow bytes around the buggy address:
|
0x0c5280008170: f7 00 00 00 00 00 00 00 00 00 00 f7 00 00 f7 00
|
0x0c5280008180: f7 00 f7 00 02 f7 00 00 00 00 00 00 00 00 00 00
|
0x0c5280008190: 00 00 00 00 00 00 00 00 00 00 00 f7 00 00 00 00
|
0x0c52800081a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0c52800081b0: 00 00 00 00 00 00 00 00 00 f7 00 00 f7 00 00 f7
|
=>0x0c52800081c0: 00 00 00 00 00 00 00 00 00 00[f7]00 00 f7 00 f7
|
0x0c52800081d0: 00 f7 00 02 f7 00 00 00 00 00 00 00 00 00 00 00
|
0x0c52800081e0: 00 00 00 00 00 00 00 00 00 00 f7 00 00 00 00 00
|
0x0c52800081f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0c5280008200: 00 00 00 00 00 00 00 00 f7 00 00 00 00 00 00 00
|
0x0c5280008210: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
Addressable: 00
|
Partially addressable: 01 02 03 04 05 06 07
|
Heap left redzone: fa
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack after return: f5
|
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
Container overflow: fc
|
Array cookie: ac
|
Intra object redzone: bb
|
ASan internal: fe
|
Left alloca redzone: ca
|
Right alloca redzone: cb
|
Shadow gap: cc
|
==2054553==ABORTING
|
Reproducible on all existing server versions.