Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-36595

Query from I_S fails to open table, ASAN errors in get_schema_column_record

    XMLWordPrintable

Details

    • Bug
    • Status: Confirmed (View Workflow)
    • Major
    • Resolution: Unresolved
    • 11.4, 11.8, 12.0(EOL)
    • 11.4, 11.8
    • Information Schema
    • None

    Description

      Can be related to MDEV-36104, however the tentative patch from MDEV-36104 applied to 11.8 doesn't fix it.

      CREATE TABLE t (a TIMESTAMP CHECK (a = '0000-00-00'));
      		 
      ALTER TABLE t ADD KEY (a);
      		 
      SET SQL_MODE= CONCAT(@@sql_mode,',','NO_ZERO_DATE');
      		 
      SELECT * FROM information_schema.COLUMNS WHERE TABLE_NAME = 't';
      		 
       
      		 
      DROP TABLE t;

      11.4 6cff704e578aa54dc8c2dfbeaf1960bf98219463

      		 
      2025-04-14 16:24:53 4 [ERROR] mariadbd: Incorrect information in file: './test/t.frm'
      		 
      =================================================================
      		 
      ==2754733==ERROR: AddressSanitizer: heap-use-after-free on address 0x625000250948 at pc 0x7f58bd648061 bp 0x7f58ad450670 sp 0x7f58ad44fe20
      		 
      WRITE of size 5 at 0x625000250948 thread T5
      		 
          #0 0x7f58bd648060 in __interceptor_memcpy ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:827
      		 
          #1 0x5651047a5d33 in get_schema_column_record /data/bld/11.4-asan/sql/sql_show.cc:6389
      		 
          #2 0x565104798dc7 in fill_schema_table_from_frm /data/bld/11.4-asan/sql/sql_show.cc:5217
      		 
          #3 0x56510479b6e3 in get_all_tables(THD*, TABLE_LIST*, Item*) /data/bld/11.4-asan/sql/sql_show.cc:5570
      		 
          #4 0x5651047d13cb in get_schema_tables_result(JOIN*, enum_schema_table_state) /data/bld/11.4-asan/sql/sql_show.cc:9445
      		 
          #5 0x56510468a5b3 in JOIN::exec_inner() /data/bld/11.4-asan/sql/sql_select.cc:5016
      		 
          #6 0x565104688267 in JOIN::exec() /data/bld/11.4-asan/sql/sql_select.cc:4838
      		 
          #7 0x56510468c920 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/bld/11.4-asan/sql/sql_select.cc:5368
      		 
          #8 0x56510465ad4a in handle_select(THD*, LEX*, select_result*, unsigned long long) /data/bld/11.4-asan/sql/sql_select.cc:642
      		 
          #9 0x56510457cb99 in execute_sqlcom_select /data/bld/11.4-asan/sql/sql_parse.cc:6183
      		 
          #10 0x56510456c979 in mysql_execute_command(THD*, bool) /data/bld/11.4-asan/sql/sql_parse.cc:3975
      		 
          #11 0x565104587611 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /data/bld/11.4-asan/sql/sql_parse.cc:7907
      		 
          #12 0x56510455e675 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /data/bld/11.4-asan/sql/sql_parse.cc:1904
      		 
          #13 0x56510455b3ad in do_command(THD*, bool) /data/bld/11.4-asan/sql/sql_parse.cc:1417
      		 
          #14 0x565104a406d0 in do_handle_one_connection(CONNECT*, bool) /data/bld/11.4-asan/sql/sql_connect.cc:1408
      		 
          #15 0x565104a4022f in handle_one_connection /data/bld/11.4-asan/sql/sql_connect.cc:1320
      		 
          #16 0x5651056c2861 in pfs_spawn_thread /data/bld/11.4-asan/storage/perfschema/pfs.cc:2201
      		 
          #17 0x7f58bcaa81c3 in start_thread nptl/pthread_create.c:442
      		 
          #18 0x7f58bcb2885b in clone3 ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
      		 
       
      		 
      0x625000250948 is located 72 bytes inside of 8184-byte region [0x625000250900,0x6250002528f8)
      		 
      freed by thread T5 here:
      		 
          #0 0x7f58bd6b76a8 in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:52
      		 
          #1 0x56510646484d in my_free /data/bld/11.4-asan/mysys/my_malloc.c:221
      		 
          #2 0x565106436b5a in root_free /data/bld/11.4-asan/mysys/my_alloc.c:77
      		 
          #3 0x5651064395c5 in free_root /data/bld/11.4-asan/mysys/my_alloc.c:517
      		 
          #4 0x56510495a53d in open_table_from_share(THD*, TABLE_SHARE*, st_mysql_const_lex_string const*, unsigned int, unsigned int, unsigned int, TABLE*, bool, List<String>*) /data/bld/11.4-asan/sql/table.cc:4694
      		 
          #5 0x565104798bd8 in fill_schema_table_from_frm /data/bld/11.4-asan/sql/sql_show.cc:5203
      		 
          #6 0x56510479b6e3 in get_all_tables(THD*, TABLE_LIST*, Item*) /data/bld/11.4-asan/sql/sql_show.cc:5570
      		 
          #7 0x5651047d13cb in get_schema_tables_result(JOIN*, enum_schema_table_state) /data/bld/11.4-asan/sql/sql_show.cc:9445
      		 
          #8 0x56510468a5b3 in JOIN::exec_inner() /data/bld/11.4-asan/sql/sql_select.cc:5016
      		 
          #9 0x565104688267 in JOIN::exec() /data/bld/11.4-asan/sql/sql_select.cc:4838
      		 
          #10 0x56510468c920 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/bld/11.4-asan/sql/sql_select.cc:5368
      		 
          #11 0x56510465ad4a in handle_select(THD*, LEX*, select_result*, unsigned long long) /data/bld/11.4-asan/sql/sql_select.cc:642
      		 
          #12 0x56510457cb99 in execute_sqlcom_select /data/bld/11.4-asan/sql/sql_parse.cc:6183
      		 
          #13 0x56510456c979 in mysql_execute_command(THD*, bool) /data/bld/11.4-asan/sql/sql_parse.cc:3975
      		 
          #14 0x565104587611 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /data/bld/11.4-asan/sql/sql_parse.cc:7907
      		 
          #15 0x56510455e675 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /data/bld/11.4-asan/sql/sql_parse.cc:1904
      		 
          #16 0x56510455b3ad in do_command(THD*, bool) /data/bld/11.4-asan/sql/sql_parse.cc:1417
      		 
          #17 0x565104a406d0 in do_handle_one_connection(CONNECT*, bool) /data/bld/11.4-asan/sql/sql_connect.cc:1408
      		 
          #18 0x565104a4022f in handle_one_connection /data/bld/11.4-asan/sql/sql_connect.cc:1320
      		 
          #19 0x5651056c2861 in pfs_spawn_thread /data/bld/11.4-asan/storage/perfschema/pfs.cc:2201
      		 
          #20 0x7f58bcaa81c3 in start_thread nptl/pthread_create.c:442
      		 
       
      		 
      previously allocated by thread T5 here:
      		 
          #0 0x7f58bd6b89cf in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69
      		 
          #1 0x56510646397e in my_malloc /data/bld/11.4-asan/mysys/my_malloc.c:93
      		 
          #2 0x565106436ad6 in root_alloc /data/bld/11.4-asan/mysys/my_alloc.c:66
      		 
          #3 0x565106437301 in init_alloc_root /data/bld/11.4-asan/mysys/my_alloc.c:178
      		 
          #4 0x5651049930d8 in init_sql_alloc(unsigned int, st_mem_root*, unsigned int, unsigned int, unsigned long) /data/bld/11.4-asan/sql/thr_malloc.cc:64
      		 
          #5 0x5651049572e7 in open_table_from_share(THD*, TABLE_SHARE*, st_mysql_const_lex_string const*, unsigned int, unsigned int, unsigned int, TABLE*, bool, List<String>*) /data/bld/11.4-asan/sql/table.cc:4312
      		 
          #6 0x565104798bd8 in fill_schema_table_from_frm /data/bld/11.4-asan/sql/sql_show.cc:5203
      		 
          #7 0x56510479b6e3 in get_all_tables(THD*, TABLE_LIST*, Item*) /data/bld/11.4-asan/sql/sql_show.cc:5570
      		 
          #8 0x5651047d13cb in get_schema_tables_result(JOIN*, enum_schema_table_state) /data/bld/11.4-asan/sql/sql_show.cc:9445
      		 
          #9 0x56510468a5b3 in JOIN::exec_inner() /data/bld/11.4-asan/sql/sql_select.cc:5016
      		 
          #10 0x565104688267 in JOIN::exec() /data/bld/11.4-asan/sql/sql_select.cc:4838
      		 
          #11 0x56510468c920 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/bld/11.4-asan/sql/sql_select.cc:5368
      		 
          #12 0x56510465ad4a in handle_select(THD*, LEX*, select_result*, unsigned long long) /data/bld/11.4-asan/sql/sql_select.cc:642
      		 
          #13 0x56510457cb99 in execute_sqlcom_select /data/bld/11.4-asan/sql/sql_parse.cc:6183
      		 
          #14 0x56510456c979 in mysql_execute_command(THD*, bool) /data/bld/11.4-asan/sql/sql_parse.cc:3975
      		 
          #15 0x565104587611 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /data/bld/11.4-asan/sql/sql_parse.cc:7907
      		 
          #16 0x56510455e675 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /data/bld/11.4-asan/sql/sql_parse.cc:1904
      		 
          #17 0x56510455b3ad in do_command(THD*, bool) /data/bld/11.4-asan/sql/sql_parse.cc:1417
      		 
          #18 0x565104a406d0 in do_handle_one_connection(CONNECT*, bool) /data/bld/11.4-asan/sql/sql_connect.cc:1408
      		 
          #19 0x565104a4022f in handle_one_connection /data/bld/11.4-asan/sql/sql_connect.cc:1320
      		 
          #20 0x5651056c2861 in pfs_spawn_thread /data/bld/11.4-asan/storage/perfschema/pfs.cc:2201
      		 
          #21 0x7f58bcaa81c3 in start_thread nptl/pthread_create.c:442
      		 
       
      		 
      Thread T5 created by T0 here:
      		 
          #0 0x7f58bd649726 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:207
      		 
          #1 0x5651056be59c in my_thread_create /data/bld/11.4-asan/storage/perfschema/my_thread.h:52
      		 
          #2 0x5651056c2c50 in pfs_spawn_thread_v1 /data/bld/11.4-asan/storage/perfschema/pfs.cc:2252
      		 
          #3 0x565104187950 in inline_mysql_thread_create /data/bld/11.4-asan/include/mysql/psi/mysql_thread.h:1139
      		 
          #4 0x56510419f70c in create_thread_to_handle_connection(CONNECT*) /data/bld/11.4-asan/sql/mysqld.cc:6168
      		 
          #5 0x56510419fd31 in create_new_thread(CONNECT*) /data/bld/11.4-asan/sql/mysqld.cc:6230
      		 
          #6 0x5651041a001c in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/bld/11.4-asan/sql/mysqld.cc:6292
      		 
          #7 0x5651041a0ca4 in handle_connections_sockets() /data/bld/11.4-asan/sql/mysqld.cc:6404
      		 
          #8 0x56510419d8e8 in run_main_loop /data/bld/11.4-asan/sql/mysqld.cc:5647
      		 
          #9 0x56510419efdb in mysqld_main(int, char**) /data/bld/11.4-asan/sql/mysqld.cc:6069
      		 
          #10 0x565104186c18 in main /data/bld/11.4-asan/sql/main.cc:34
      		 
          #11 0x7f58bca46249 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
      		 
       
      		 
      SUMMARY: AddressSanitizer: heap-use-after-free ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:827 in __interceptor_memcpy
      		 
      Shadow bytes around the buggy address:
      		 
        0x0c4a800420d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      		 
        0x0c4a800420e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      		 
        0x0c4a800420f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      		 
        0x0c4a80042100: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      		 
        0x0c4a80042110: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      		 
      =>0x0c4a80042120: fd fd fd fd fd fd fd fd fd[fd]fd fd fd fd fd fd
      		 
        0x0c4a80042130: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
      		 
        0x0c4a80042140: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
      		 
        0x0c4a80042150: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
      		 
        0x0c4a80042160: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
      		 
        0x0c4a80042170: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
      		 
      Shadow byte legend (one shadow byte represents 8 application bytes):
      		 
        Addressable:           00
      		 
        Partially addressable: 01 02 03 04 05 06 07 
        Heap left redzone:       fa
      		 
        Freed heap region:       fd
      		 
        Stack left redzone:      f1
      		 
        Stack mid redzone:       f2
      		 
        Stack right redzone:     f3
      		 
        Stack after return:      f5
      		 
        Stack use after scope:   f8
      		 
        Global redzone:          f9
      		 
        Global init order:       f6
      		 
        Poisoned by user:        f7
      		 
        Container overflow:      fc
      		 
        Array cookie:            ac
      		 
        Intra object redzone:    bb
      		 
        ASan internal:           fe
      		 
        Left alloca redzone:     ca
      		 
        Right alloca redzone:    cb
      		 
      ==2754733==ABORTING

      The ASAN failure started happening on 11.4.5, after the merge 

      commit f1a7693bc0798c05ba2c0262fc513ec10d57e3a2
      		 
      Merge: f014d5872b0 4469540d399
      		 
      Author: Sergei Golubchik
      		 
      Date:   Tue Jan 14 23:45:41 2025 +0100
      		 
       
      		 
          Merge branch '10.11' into 11.4

      Before that, there were no ASAN errors, but the table still wasn't open, the query returned an empty resultset and the error about incorrect frm was written in the log (please note that MTR ignores it).

      On 10.11 neither of the problems occurs – no ASAN errors, no .frm error, and the record is returned.

      11.4.4

      		 
      SELECT * FROM information_schema.COLUMNS WHERE TABLE_NAME = 't';
      		 
      TABLE_CATALOG	TABLE_SCHEMA	TABLE_NAME	COLUMN_NAME	ORDINAL_POSITION	COLUMN_DEFAULT	IS_NULLABLE	DATA_TYPE	CHARACTER_MAXIMUM_LENGTH	CHARACTER_OCTET_LENGTH	NUMERIC_PRECISION	NUMERIC_SCALE	DATETIME_PRECISION	CHARACTER_SET_NAME	COLLATION_NAME	COLUMN_TYPE	COLUMN_KEY	EXTRA	PRIVILEGES	COLUMN_COMMENT	IS_GENERATED	GENERATION_EXPRESSION	IS_SYSTEM_TIME_PERIOD_START	IS_SYSTEM_TIME_PERIOD_END
      		 
      DROP TABLE t;


      Version: '11.4.4-MariaDB-debug-log'  socket: '/share8t/bld/11.4.4-asan/mysql-test/var/tmp/mysqld.1.sock'  port: 19000  Source distribution
      		 
      2025-04-14 16:27:00 4 [ERROR] mariadbd: Incorrect information in file: './test/t.frm'
      		 
      2025-04-14 16:27:00 0 [Note] /share8t/bld/11.4.4-asan/sql/mariadbd (initiated by: root[root] @ localhost [127.0.0.1]): Normal shutdown

      Variation of the test case / stack trace (for search purposes):

      CREATE TABLE t (a TIMESTAMP CHECK (a = '0000-00-00'));
      		 
      ALTER TABLE t ADD KEY (a);
      		 
      SET SQL_MODE= CONCAT(@@sql_mode,',','NO_ZERO_DATE');
      		 
      SELECT * FROM information_schema.GEOMETRY_COLUMNS;
      		 
       
      		 
      DROP TABLE t;

      11.4 6cff704e578aa54dc8c2dfbeaf1960bf98219463

      		 
      2025-04-14 16:28:39 4 [ERROR] mariadbd: Incorrect information in file: './test/t.frm'
      		 
      =================================================================
      		 
      ==2755027==ERROR: AddressSanitizer: heap-use-after-free on address 0x625000253148 at pc 0x7f15c8048061 bp 0x7f15b7d3dc20 sp 0x7f15b7d3d3d0
      		 
      WRITE of size 5 at 0x625000253148 thread T5
      		 
          #0 0x7f15c8048060 in __interceptor_memcpy ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:827
      		 
          #1 0x56052cdba96c in get_geometry_column_record /data/bld/11.4-asan/plugin/type_geom/plugin.cc:168
      		 
          #2 0x56052af61dc7 in fill_schema_table_from_frm /data/bld/11.4-asan/sql/sql_show.cc:5217
      		 
          #3 0x56052af646e3 in get_all_tables(THD*, TABLE_LIST*, Item*) /data/bld/11.4-asan/sql/sql_show.cc:5570
      		 
          #4 0x56052af9a3cb in get_schema_tables_result(JOIN*, enum_schema_table_state) /data/bld/11.4-asan/sql/sql_show.cc:9445
      		 
          #5 0x56052ae535b3 in JOIN::exec_inner() /data/bld/11.4-asan/sql/sql_select.cc:5016
      		 
          #6 0x56052ae51267 in JOIN::exec() /data/bld/11.4-asan/sql/sql_select.cc:4838
      		 
          #7 0x56052ae55920 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/bld/11.4-asan/sql/sql_select.cc:5368
      		 
          #8 0x56052ae23d4a in handle_select(THD*, LEX*, select_result*, unsigned long long) /data/bld/11.4-asan/sql/sql_select.cc:642
      		 
          #9 0x56052ad45b99 in execute_sqlcom_select /data/bld/11.4-asan/sql/sql_parse.cc:6183
      		 
          #10 0x56052ad35979 in mysql_execute_command(THD*, bool) /data/bld/11.4-asan/sql/sql_parse.cc:3975
      		 
          #11 0x56052ad50611 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /data/bld/11.4-asan/sql/sql_parse.cc:7907
      		 
          #12 0x56052ad27675 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /data/bld/11.4-asan/sql/sql_parse.cc:1904
      		 
          #13 0x56052ad243ad in do_command(THD*, bool) /data/bld/11.4-asan/sql/sql_parse.cc:1417
      		 
          #14 0x56052b2096d0 in do_handle_one_connection(CONNECT*, bool) /data/bld/11.4-asan/sql/sql_connect.cc:1408
      		 
          #15 0x56052b20922f in handle_one_connection /data/bld/11.4-asan/sql/sql_connect.cc:1320
      		 
          #16 0x56052be8b861 in pfs_spawn_thread /data/bld/11.4-asan/storage/perfschema/pfs.cc:2201
      		 
          #17 0x7f15c76a81c3 in start_thread nptl/pthread_create.c:442
      		 
          #18 0x7f15c772885b in clone3 ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
      		 
       
      		 
      0x625000253148 is located 72 bytes inside of 8184-byte region [0x625000253100,0x6250002550f8)
      		 
      freed by thread T5 here:
      		 
          #0 0x7f15c80b76a8 in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:52
      		 
          #1 0x56052cc2d84d in my_free /data/bld/11.4-asan/mysys/my_malloc.c:221
      		 
          #2 0x56052cbffb5a in root_free /data/bld/11.4-asan/mysys/my_alloc.c:77
      		 
          #3 0x56052cc025c5 in free_root /data/bld/11.4-asan/mysys/my_alloc.c:517
      		 
          #4 0x56052b12353d in open_table_from_share(THD*, TABLE_SHARE*, st_mysql_const_lex_string const*, unsigned int, unsigned int, unsigned int, TABLE*, bool, List<String>*) /data/bld/11.4-asan/sql/table.cc:4694
      		 
          #5 0x56052af61bd8 in fill_schema_table_from_frm /data/bld/11.4-asan/sql/sql_show.cc:5203
      		 
          #6 0x56052af646e3 in get_all_tables(THD*, TABLE_LIST*, Item*) /data/bld/11.4-asan/sql/sql_show.cc:5570
      		 
          #7 0x56052af9a3cb in get_schema_tables_result(JOIN*, enum_schema_table_state) /data/bld/11.4-asan/sql/sql_show.cc:9445
      		 
          #8 0x56052ae535b3 in JOIN::exec_inner() /data/bld/11.4-asan/sql/sql_select.cc:5016
      		 
          #9 0x56052ae51267 in JOIN::exec() /data/bld/11.4-asan/sql/sql_select.cc:4838
      		 
          #10 0x56052ae55920 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/bld/11.4-asan/sql/sql_select.cc:5368
      		 
          #11 0x56052ae23d4a in handle_select(THD*, LEX*, select_result*, unsigned long long) /data/bld/11.4-asan/sql/sql_select.cc:642
      		 
          #12 0x56052ad45b99 in execute_sqlcom_select /data/bld/11.4-asan/sql/sql_parse.cc:6183
      		 
          #13 0x56052ad35979 in mysql_execute_command(THD*, bool) /data/bld/11.4-asan/sql/sql_parse.cc:3975
      		 
          #14 0x56052ad50611 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /data/bld/11.4-asan/sql/sql_parse.cc:7907
      		 
          #15 0x56052ad27675 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /data/bld/11.4-asan/sql/sql_parse.cc:1904
      		 
          #16 0x56052ad243ad in do_command(THD*, bool) /data/bld/11.4-asan/sql/sql_parse.cc:1417
      		 
          #17 0x56052b2096d0 in do_handle_one_connection(CONNECT*, bool) /data/bld/11.4-asan/sql/sql_connect.cc:1408
      		 
          #18 0x56052b20922f in handle_one_connection /data/bld/11.4-asan/sql/sql_connect.cc:1320
      		 
          #19 0x56052be8b861 in pfs_spawn_thread /data/bld/11.4-asan/storage/perfschema/pfs.cc:2201
      		 
          #20 0x7f15c76a81c3 in start_thread nptl/pthread_create.c:442
      		 
       
      		 
      previously allocated by thread T5 here:
      		 
          #0 0x7f15c80b89cf in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69
      		 
          #1 0x56052cc2c97e in my_malloc /data/bld/11.4-asan/mysys/my_malloc.c:93
      		 
          #2 0x56052cbffad6 in root_alloc /data/bld/11.4-asan/mysys/my_alloc.c:66
      		 
          #3 0x56052cc00301 in init_alloc_root /data/bld/11.4-asan/mysys/my_alloc.c:178
      		 
          #4 0x56052b15c0d8 in init_sql_alloc(unsigned int, st_mem_root*, unsigned int, unsigned int, unsigned long) /data/bld/11.4-asan/sql/thr_malloc.cc:64
      		 
          #5 0x56052b1202e7 in open_table_from_share(THD*, TABLE_SHARE*, st_mysql_const_lex_string const*, unsigned int, unsigned int, unsigned int, TABLE*, bool, List<String>*) /data/bld/11.4-asan/sql/table.cc:4312
      		 
          #6 0x56052af61bd8 in fill_schema_table_from_frm /data/bld/11.4-asan/sql/sql_show.cc:5203
      		 
          #7 0x56052af646e3 in get_all_tables(THD*, TABLE_LIST*, Item*) /data/bld/11.4-asan/sql/sql_show.cc:5570
      		 
          #8 0x56052af9a3cb in get_schema_tables_result(JOIN*, enum_schema_table_state) /data/bld/11.4-asan/sql/sql_show.cc:9445
      		 
          #9 0x56052ae535b3 in JOIN::exec_inner() /data/bld/11.4-asan/sql/sql_select.cc:5016
      		 
          #10 0x56052ae51267 in JOIN::exec() /data/bld/11.4-asan/sql/sql_select.cc:4838
      		 
          #11 0x56052ae55920 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/bld/11.4-asan/sql/sql_select.cc:5368
      		 
          #12 0x56052ae23d4a in handle_select(THD*, LEX*, select_result*, unsigned long long) /data/bld/11.4-asan/sql/sql_select.cc:642
      		 
          #13 0x56052ad45b99 in execute_sqlcom_select /data/bld/11.4-asan/sql/sql_parse.cc:6183
      		 
          #14 0x56052ad35979 in mysql_execute_command(THD*, bool) /data/bld/11.4-asan/sql/sql_parse.cc:3975
      		 
          #15 0x56052ad50611 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /data/bld/11.4-asan/sql/sql_parse.cc:7907
      		 
          #16 0x56052ad27675 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /data/bld/11.4-asan/sql/sql_parse.cc:1904
      		 
          #17 0x56052ad243ad in do_command(THD*, bool) /data/bld/11.4-asan/sql/sql_parse.cc:1417
      		 
          #18 0x56052b2096d0 in do_handle_one_connection(CONNECT*, bool) /data/bld/11.4-asan/sql/sql_connect.cc:1408
      		 
          #19 0x56052b20922f in handle_one_connection /data/bld/11.4-asan/sql/sql_connect.cc:1320
      		 
          #20 0x56052be8b861 in pfs_spawn_thread /data/bld/11.4-asan/storage/perfschema/pfs.cc:2201
      		 
          #21 0x7f15c76a81c3 in start_thread nptl/pthread_create.c:442
      		 
       
      		 
      Thread T5 created by T0 here:
      		 
          #0 0x7f15c8049726 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:207
      		 
          #1 0x56052be8759c in my_thread_create /data/bld/11.4-asan/storage/perfschema/my_thread.h:52
      		 
          #2 0x56052be8bc50 in pfs_spawn_thread_v1 /data/bld/11.4-asan/storage/perfschema/pfs.cc:2252
      		 
          #3 0x56052a950950 in inline_mysql_thread_create /data/bld/11.4-asan/include/mysql/psi/mysql_thread.h:1139
      		 
          #4 0x56052a96870c in create_thread_to_handle_connection(CONNECT*) /data/bld/11.4-asan/sql/mysqld.cc:6168
      		 
          #5 0x56052a968d31 in create_new_thread(CONNECT*) /data/bld/11.4-asan/sql/mysqld.cc:6230
      		 
          #6 0x56052a96901c in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/bld/11.4-asan/sql/mysqld.cc:6292
      		 
          #7 0x56052a969ca4 in handle_connections_sockets() /data/bld/11.4-asan/sql/mysqld.cc:6404
      		 
          #8 0x56052a9668e8 in run_main_loop /data/bld/11.4-asan/sql/mysqld.cc:5647
      		 
          #9 0x56052a967fdb in mysqld_main(int, char**) /data/bld/11.4-asan/sql/mysqld.cc:6069
      		 
          #10 0x56052a94fc18 in main /data/bld/11.4-asan/sql/main.cc:34
      		 
          #11 0x7f15c7646249 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
      		 
       
      		 
      SUMMARY: AddressSanitizer: heap-use-after-free ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:827 in __interceptor_memcpy
      		 
      Shadow bytes around the buggy address:
      		 
        0x0c4a800425d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      		 
        0x0c4a800425e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      		 
        0x0c4a800425f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      		 
        0x0c4a80042600: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      		 
        0x0c4a80042610: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      		 
      =>0x0c4a80042620: fd fd fd fd fd fd fd fd fd[fd]fd fd fd fd fd fd
      		 
        0x0c4a80042630: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
      		 
        0x0c4a80042640: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
      		 
        0x0c4a80042650: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
      		 
        0x0c4a80042660: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
      		 
        0x0c4a80042670: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
      		 
      Shadow byte legend (one shadow byte represents 8 application bytes):
      		 
        Addressable:           00
      		 
        Partially addressable: 01 02 03 04 05 06 07 
        Heap left redzone:       fa
      		 
        Freed heap region:       fd
      		 
        Stack left redzone:      f1
      		 
        Stack mid redzone:       f2
      		 
        Stack right redzone:     f3
      		 
        Stack after return:      f5
      		 
        Stack use after scope:   f8
      		 
        Global redzone:          f9
      		 
        Global init order:       f6
      		 
        Poisoned by user:        f7
      		 
        Container overflow:      fc
      		 
        Array cookie:            ac
      		 
        Intra object redzone:    bb
      		 
        ASan internal:           fe
      		 
        Left alloca redzone:     ca
      		 
        Right alloca redzone:    cb
      		 
      ==2755027==ABORTING

      Attachments

        Activity

          People

            serg Sergei Golubchik
            elenst Elena Stepanova
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.