[MDEV-33867] main.query_cache_debug fails with heap-use-after-free - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 10.5, 10.6, 10.11, 11.0, 11.1, 11.2, 11.3, 11.4
Fix Version/s: 10.5.25, 10.6.18, 10.11.8, 11.0.6, 11.1.5, 11.2.4, 11.4.2
Component/s: Query Cache
Labels:
None

Description

main.query_cache_debug                   w11 [ fail ]

        Test ended at 2024-04-08 19:57:23

CURRENT_TEST: main.query_cache_debug

mysqltest: At line 348: query 'reap' failed: 2013: Lost connection to MySQL server during query

The result from queries just before the failure was:

< snip >

`k` int(10) default '0',

PRIMARY KEY (`id`))

ENGINE=MyISAM;

INSERT IGNORE INTO t1 VALUES

(NULL,1),(NULL,8),(NULL,NULL),(NULL,NULL),(NULL,4),(NULL,9),(NULL,7),

(NULL,3),(NULL,NULL),(NULL,2),(NULL,3),(NULL,NULL),(NULL,2),(NULL,7),

(NULL,1),(NULL,2),(NULL,4),(NULL,NULL),(NULL,1),(NULL,1),(NULL,4);

SET GLOBAL query_cache_size= 1024*1024;

SET GLOBAL query_cache_type= 1;

connect  con2,localhost,root,,test;

connect  con1,localhost,root,,test;

set debug_sync="wait_in_query_cache_store_query SIGNAL parked WAIT_FOR go";

SELECT DISTINCT id FROM t1 WHERE id BETWEEN 5603 AND 16218 ORDER BY k;

connection default;

set debug_sync="now WAIT_FOR parked";

connection con2;

SET GLOBAL query_cache_type= 0;;

connection default;

set debug_sync="now SIGNAL go";

connection con1;

More results from queries before failure can be found in /home/buildbot/amd64-ubuntu-2204-clang14-asan/build/mysql-test/var/11/log/query_cache_debug.log

Server [mysqld.1 - pid: 325865, winpid: 325865, exit: 256] failed during test run

Server log from this test:

----------SERVER LOG START-----------

=================================================================

==325870==ERROR: AddressSanitizer: heap-use-after-free on address 0x7fcb30657e28 at pc 0x562ec4ac3714 bp 0x7fcb32552050 sp 0x7fcb32552048

WRITE of size 4 at 0x7fcb30657e28 thread T8

    #0 0x562ec4ac3713 in Query_cache::write_result_data(Query_cache_block**, unsigned long, unsigned char*, Query_cache_block*, Query_cache_block::block_type) /home/buildbot/amd64-ubuntu-2204-clang14-asan/build/sql/sql_cache.cc:3164:19

    #1 0x562ec4ac3713 in Query_cache::append_result_data(Query_cache_block**, unsigned long, unsigned char*, Query_cache_block*) /home/buildbot/amd64-ubuntu-2204-clang14-asan/build/sql/sql_cache.cc:3073:5

    #2 0x562ec4ac2b82 in Query_cache::insert(THD*, Query_cache_tls*, char const*, unsigned long, unsigned int) /home/buildbot/amd64-ubuntu-2204-clang14-asan/build/sql/sql_cache.cc:1109:8

    #3 0x562ec5739726 in net_real_write /home/buildbot/amd64-ubuntu-2204-clang14-asan/build/sql/net_serv.cc:658:3

    #4 0x562ec57394e4 in net_flush /home/buildbot/amd64-ubuntu-2204-clang14-asan/build/sql/net_serv.cc:402:12

    #5 0x562ec495f92c in Protocol::net_send_eof(THD*, unsigned int, unsigned int) /home/buildbot/amd64-ubuntu-2204-clang14-asan/build/sql/protocol.cc:350:14

    #6 0x562ec4960385 in Protocol::end_statement() /home/buildbot/amd64-ubuntu-2204-clang14-asan/build/sql/protocol.cc:602:12

    #7 0x562ec4bf9001 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /home/buildbot/amd64-ubuntu-2204-clang14-asan/build/sql/sql_parse.cc:2478:22

    #8 0x562ec4bfe073 in do_command(THD*) /home/buildbot/amd64-ubuntu-2204-clang14-asan/build/sql/sql_parse.cc:1375:17

    #9 0x562ec4fb2143 in do_handle_one_connection(CONNECT*, bool) /home/buildbot/amd64-ubuntu-2204-clang14-asan/build/sql/sql_connect.cc:1415:11

    #10 0x562ec4fb1c37 in handle_one_connection /home/buildbot/amd64-ubuntu-2204-clang14-asan/build/sql/sql_connect.cc:1317:5

    #11 0x562ec5b332ce in pfs_spawn_thread /home/buildbot/amd64-ubuntu-2204-clang14-asan/build/storage/perfschema/pfs.cc:2201:3

    #12 0x7fcb42b85ac2  (/lib/x86_64-linux-gnu/libc.so.6+0x94ac2) (BuildId: c289da5071a3399de893d2af81d6a30c62646e1e)

    #13 0x7fcb42c16a03 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x125a03) (BuildId: c289da5071a3399de893d2af81d6a30c62646e1e)

0x7fcb30657e28 is located 1576 bytes inside of 1031552-byte region [0x7fcb30657800,0x7fcb30753580)

freed by thread T8 here:

    #0 0x562ec48f8a82 in free (/home/buildbot/amd64-ubuntu-2204-clang14-asan/build/sql/mariadbd+0x1239a82) (BuildId: 766fca634c936cf8496611775a7d6fd50f984d66)

    #1 0x562ec4ac1d99 in Query_cache::free_cache() /home/buildbot/amd64-ubuntu-2204-clang14-asan/build/sql/sql_cache.cc:2840:3

    #2 0x562ec4ac15ce in Query_cache::unlock() /home/buildbot/amd64-ubuntu-2204-clang14-asan/build/sql/sql_cache.cc:764:5

    #3 0x562ec4ac32c8 in Query_cache::write_result_data(Query_cache_block**, unsigned long, unsigned char*, Query_cache_block*, Query_cache_block::block_type) /home/buildbot/amd64-ubuntu-2204-clang14-asan/build/sql/sql_cache.cc:3155:5

    #4 0x562ec4ac32c8 in Query_cache::append_result_data(Query_cache_block**, unsigned long, unsigned char*, Query_cache_block*) /home/buildbot/amd64-ubuntu-2204-clang14-asan/build/sql/sql_cache.cc:3073:5

e.g. https://buildbot.mariadb.org/#/builders/587/builds/6856

Attachments

Issue Links

is part of

MDEV-33073 always green buildbot

In Progress

Activity

People

Assignee:: Sergei Golubchik

Reporter:: Sergei Golubchik

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2024-04-09 11:06

Updated:: 2024-04-16 15:22

Resolved:: 2024-04-09 11:14

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.