Details
-
Bug
-
Status: Open (View Workflow)
-
Major
-
Resolution: Unresolved
-
10.6, 10.11, 11.0(EOL), 11.1(EOL), 11.2(EOL), 11.3(EOL), 11.4
-
None
Description
Non-ASAN build backtrace was not generated correctly. Full back trace bt.txt
SET max_statement_time=0.000001; |
SELECT JSON_SET ('[','$[0]',0); |
|
11.3.2 e71aecfd308d6093fd693044253518a872994394 (Optimized) |
Core was generated by `/test/MD010224-mariadb-11.3.2-linux-x86_64-opt/bin/mariadbd --no-defaults --max'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 __memmove_avx_unaligned_erms ()
|
at ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:535
|
[Current thread is 1 (Thread 0x14acb014b700 (LWP 389404))]
|
(gdb) bt
|
#0 __memmove_avx_unaligned_erms () at ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:535
|
#1 0x0014ac60010d1000 in ?? ()
|
#2 0x0000000000000000 in ?? ()
|
ASAN build stack trace
|
11.4.0 b0e77c08e55c433e443a2cfbcb7315dd6f006b3e (Optimized) |
==1697400==ERROR: AddressSanitizer: use-after-poison on address 0x6290000877e2 at pc 0x560fcdd3c040 bp 0x146bfeecfd50 sp 0x146bfeecf4f8
|
READ of size 102 at 0x6290000877e2 thread T12
|
#0 0x560fcdd3c03f in __interceptor_memcpy.part.0 (/test/UBASAN_MD010224-mariadb-11.4.0-linux-x86_64-opt/bin/mariadbd+0x7da003f)
|
#1 0x560fcf26b2a4 in Binary_string::q_append(char const*, unsigned long) /test/11.4_opt_san/sql/sql_string.h:466
|
#2 0x560fcf26b2a4 in append_simple /test/11.4_opt_san/sql/item_jsonfunc.cc:60
|
#3 0x560fcf2a9156 in Item_func_json_insert::val_str(String*) /test/11.4_opt_san/sql/item_jsonfunc.cc:3302
|
#4 0x560fcf52ee9d in Type_handler::Item_send_str(Item*, Protocol*, st_value*) const /test/11.4_opt_san/sql/sql_type.cc:7468
|
#5 0x560fcdfa5f81 in Protocol::send_result_set_row(List<Item>*) /test/11.4_opt_san/sql/protocol.cc:1333
|
#6 0x560fce29ec19 in select_send::send_data(List<Item>&) /test/11.4_opt_san/sql/sql_class.cc:3136
|
#7 0x560fcea4a1b4 in select_result_sink::send_data_with_check(List<Item>&, st_select_lex_unit*, unsigned long long) /test/11.4_opt_san/sql/sql_class.h:5978
|
#8 0x560fcea4a1b4 in select_result_sink::send_data_with_check(List<Item>&, st_select_lex_unit*, unsigned long long) /test/11.4_opt_san/sql/sql_class.h:5968
|
#9 0x560fcea4a1b4 in JOIN::exec_inner() /test/11.4_opt_san/sql/sql_select.cc:4862
|
#10 0x560fcea4e899 in JOIN::exec() /test/11.4_opt_san/sql/sql_select.cc:4774
|
#11 0x560fcea3bd5c in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/11.4_opt_san/sql/sql_select.cc:5304
|
#12 0x560fcea3f9f3 in handle_select(THD*, LEX*, select_result*, unsigned long long) /test/11.4_opt_san/sql/sql_select.cc:630
|
#13 0x560fce60da2f in execute_sqlcom_select /test/11.4_opt_san/sql/sql_parse.cc:6077
|
#14 0x560fce65d355 in mysql_execute_command(THD*, bool) /test/11.4_opt_san/sql/sql_parse.cc:3926
|
#15 0x560fce5dd0a0 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.4_opt_san/sql/sql_parse.cc:7798
|
#16 0x560fce633730 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.4_opt_san/sql/sql_parse.cc:1893
|
#17 0x560fce63eefd in do_command(THD*, bool) /test/11.4_opt_san/sql/sql_parse.cc:1406
|
#18 0x560fcefa007d in do_handle_one_connection(CONNECT*, bool) /test/11.4_opt_san/sql/sql_connect.cc:1417
|
#19 0x560fcefa26ec in handle_one_connection /test/11.4_opt_san/sql/sql_connect.cc:1319
|
#20 0x146c22fbd608 in start_thread /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_create.c:477
|
#21 0x146c22232132 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x11f132)
|
|
|
0x6290000877e2 is located 1506 bytes inside of 16400-byte region [0x629000087200,0x62900008b210)
|
allocated by thread T12 here:
|
#0 0x560fcddae388 in __interceptor_malloc (/test/UBASAN_MD010224-mariadb-11.4.0-linux-x86_64-opt/bin/mariadbd+0x7e12388)
|
#1 0x560fd2349fd4 in my_malloc /test/11.4_opt_san/mysys/my_malloc.c:93
|
#2 0x560fd2324820 in root_alloc /test/11.4_opt_san/mysys/my_alloc.c:66
|
#3 0x560fd2324820 in reset_root_defaults /test/11.4_opt_san/mysys/my_alloc.c:244
|
#4 0x560fce2c1e2c in THD::init_for_queries() /test/11.4_opt_san/sql/sql_class.cc:1394
|
#5 0x560fcef998e3 in prepare_new_connection_state(THD*) /test/11.4_opt_san/sql/sql_connect.cc:1246
|
#6 0x560fcef9bd37 in thd_prepare_connection(THD*) /test/11.4_opt_san/sql/sql_connect.cc:1340
|
#7 0x560fcef9bd37 in thd_prepare_connection(THD*) /test/11.4_opt_san/sql/sql_connect.cc:1329
|
#8 0x560fcef9f0b9 in do_handle_one_connection(CONNECT*, bool) /test/11.4_opt_san/sql/sql_connect.cc:1407
|
#9 0x560fcefa26ec in handle_one_connection /test/11.4_opt_san/sql/sql_connect.cc:1319
|
#10 0x146c22fbd608 in start_thread /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_create.c:477
|
|
|
Thread T12 created by T0 here:
|
#0 0x560fcdcdb3c5 in pthread_create (/test/UBASAN_MD010224-mariadb-11.4.0-linux-x86_64-opt/bin/mariadbd+0x7d3f3c5)
|
#1 0x560fcddff363 in create_thread_to_handle_connection(CONNECT*) /test/11.4_opt_san/sql/mysqld.cc:6116
|
#2 0x560fcde10a0f in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /test/11.4_opt_san/sql/mysqld.cc:6240
|
#3 0x560fcde11a97 in handle_connections_sockets() /test/11.4_opt_san/sql/mysqld.cc:6376
|
#4 0x560fcde14a24 in mysqld_main(int, char**) /test/11.4_opt_san/sql/mysqld.cc:6011
|
#5 0x146c22137082 in __libc_start_main ../csu/libc-start.c:308
|
|
|
SUMMARY: AddressSanitizer: use-after-poison (/test/UBASAN_MD010224-mariadb-11.4.0-linux-x86_64-opt/bin/mariadbd+0x7da003f) in __interceptor_memcpy.part.0
|
Bug confirmed present in:
MariaDB: 10.6.17 (dbg), 10.6.17 (opt),10.11.7 (dbg), 10.11.7 (opt), 11.0.5 (dbg), 11.0.5 (opt), 11.1.4 (dbg), 11.1.4 (opt), 11.2.3 (opt),11.2.3 (dbg), 11.3.2 (dbg), 11.3.2 (opt), 11.4.0 (dbg), 11.4.0 (opt)
Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.4.33 (dbg), 10.4.33 (opt), 10.5.24 (dbg), 10.5.24 (opt)