Details
-
Bug
-
Status: Closed (View Workflow)
-
Critical
-
Resolution: Duplicate
-
N/A
-
Not for Release Notes
Description
CREATE GLOBAL TEMPORARY TABLE t (c INT) ENGINE=MyISAM; |
INSERT DELAYED INTO t VALUES (1); |
SELECT SLEEP(2); # Shows server is gone |
Leads to:
|
MDEV-35915 CS 12.0.1 21489191d3683c5655afa170533480c86843ecba (Optimized, Clang) Build 04/08/2025 |
Core was generated by `/test/MDEV-35915_MD040825-mariadb-12.0.1-linux-x86_64-opt/bin/mariadbd --no-def'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 thr_upgrade_write_delay_lock (data=0x0, new_lock_type=TL_WRITE, lock_wait_timeout=31536000)at /test/bb-12.0-nikita-global-tmp_opt/mysys/thr_lock.c:1395
|
1395 THR_LOCK *lock=data->lock;
|
[Current thread is 1 (LWP 117898)]
|
(gdb) bt
|
#0 thr_upgrade_write_delay_lock (data=0x0, new_lock_type=TL_WRITE, lock_wait_timeout=31536000)at /test/bb-12.0-nikita-global-tmp_opt/mysys/thr_lock.c:1395
|
#1 0x00005d93898a1431 in Delayed_insert::handle_inserts (this=this@entry=0x7c07340216d8)at /test/bb-12.0-nikita-global-tmp_opt/sql/sql_insert.cc:3788
|
#2 0x00005d93898a0c38 in handle_delayed_insert (arg=arg@entry=0x7c07340216d8)at /test/bb-12.0-nikita-global-tmp_opt/sql/sql_insert.cc:3649
|
#3 0x00005d9389be9039 in pfs_spawn_thread (arg=0x5d938b725558)at /test/bb-12.0-nikita-global-tmp_opt/storage/perfschema/pfs.cc:2198
|
#4 0x00007c086269ca94 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447
|
#5 0x00007c0862729c3c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
|
MDEV-35915 CS 12.0.1 21489191d3683c5655afa170533480c86843ecba (Debug, Clang) Build 04/08/2025 |
Core was generated by `/test/MDEV-35915_MD040825-mariadb-12.0.1-linux-x86_64-dbg/bin/mariadbd --no-def'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 0x000061b8137159a7 in thr_upgrade_write_delay_lock (data=0x8f8f8f8f8f8f8f8f, new_lock_type=TL_WRITE, lock_wait_timeout=31536000)at /test/bb-12.0-nikita-global-tmp_dbg/mysys/thr_lock.c:1395
|
1395 THR_LOCK *lock=data->lock;
|
[Current thread is 1 (LWP 117448)]
|
(gdb) bt
|
#0 0x000061b8137159a7 in thr_upgrade_write_delay_lock (data=0x8f8f8f8f8f8f8f8f, new_lock_type=TL_WRITE, lock_wait_timeout=31536000)at /test/bb-12.0-nikita-global-tmp_dbg/mysys/thr_lock.c:1395
|
#1 0x000061b812c19849 in Delayed_insert::handle_inserts (this=0x70a34802aa78)at /test/bb-12.0-nikita-global-tmp_dbg/sql/sql_insert.cc:3788
|
#2 0x000061b812c19219 in handle_delayed_insert (arg=0x70a34802aa78)at /test/bb-12.0-nikita-global-tmp_dbg/sql/sql_insert.cc:3649
|
#3 0x000070a496a9ca94 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447
|
#4 0x000070a496b29c3c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
|
MDEV-35915 CS 12.0.1 21489191d3683c5655afa170533480c86843ecba (Optimized, UBASAN, Clang) Build 04/08/2025 |
==108281==ERROR: AddressSanitizer: use-after-poison on address 0x519000060220 at pc 0x60431a96b3c1 bp 0x767f8b500900 sp 0x767f8b5008f8
|
READ of size 8 at 0x519000060220 thread T13
|
#0 0x60431a96b3c0 in Delayed_insert::handle_inserts() /test/bb-12.0-nikita-global-tmp_opt_san/sql/sql_insert.cc:3788:36
|
#1 0x60431a962827 in handle_delayed_insert /test/bb-12.0-nikita-global-tmp_opt_san/sql/sql_insert.cc:3649:17
|
#2 0x60431997ac0c in asan_thread_start(void*) crtstuff.c
|
#3 0x76807a69ca93 in start_thread nptl/pthread_create.c:447:8
|
#4 0x76807a729c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
|
|
0x519000060220 is located 672 bytes inside of 1016-byte region [0x51900005ff80,0x519000060378)
|
allocated by thread T13 here:
|
#0 0x60431997d123 in malloc (/test/MDEV-35915_UBASAN_MD040825-mariadb-12.0.1-linux-x86_64-opt/bin/mariadbd+0x2850123) (BuildId: aa0e62209f3572e8)
|
#1 0x60431c57e872 in my_malloc /test/bb-12.0-nikita-global-tmp_opt_san/mysys/my_malloc.c:93:29
|
#2 0x60431c55ab8e in root_alloc /test/bb-12.0-nikita-global-tmp_opt_san/mysys/my_alloc.c:66:10
|
#3 0x60431c55ab8e in alloc_root /test/bb-12.0-nikita-global-tmp_opt_san/mysys/my_alloc.c:336:29
|
#4 0x60431af219da in ha_field_option_struct** Query_arena::calloc<ha_field_option_struct*>(unsigned long) const /test/bb-12.0-nikita-global-tmp_opt_san/sql/sql_class.h:1327:16
|
#5 0x60431af219da in mysql_prepare_alter_table(THD*, TABLE*, Table_specification_st*, Alter_info*, Alter_table_ctx*) /test/bb-12.0-nikita-global-tmp_opt_san/sql/sql_table.cc:8787:15
|
#6 0x60431af1f999 in open_global_temporary_table(THD*, TABLE_SHARE*, TABLE_LIST*, MDL_ticket*) /test/bb-12.0-nikita-global-tmp_opt_san/sql/sql_table.cc:6183:9
|
#7 0x60431a616fc0 in open_table(THD*, TABLE_LIST*, Open_table_context*) /test/bb-12.0-nikita-global-tmp_opt_san/sql/sql_base.cc:2330:22
|
#8 0x60431a623caf in open_and_process_table(THD*, TABLE_LIST*, unsigned int*, unsigned int, Prelocking_strategy*, bool, Open_table_context*) /test/bb-12.0-nikita-global-tmp_opt_san/sql/sql_base.cc:4285:14
|
#9 0x60431a623caf in open_tables(THD*, DDL_options_st const&, TABLE_LIST**, unsigned int*, unsigned int, Prelocking_strategy*) /test/bb-12.0-nikita-global-tmp_opt_san/sql/sql_base.cc:4771:14
|
#10 0x60431a62de28 in open_and_lock_tables(THD*, DDL_options_st const&, TABLE_LIST*, bool, unsigned int, Prelocking_strategy*) /test/bb-12.0-nikita-global-tmp_opt_san/sql/sql_base.cc:5759:7
|
#11 0x60431a62cb3c in open_and_lock_tables(THD*, TABLE_LIST*, bool, unsigned int, Prelocking_strategy*) /test/bb-12.0-nikita-global-tmp_opt_san/sql/sql_base.h:295:10
|
#12 0x60431a62cb3c in open_n_lock_single_table(THD*, TABLE_LIST*, thr_lock_type, unsigned int, Prelocking_strategy*) /test/bb-12.0-nikita-global-tmp_opt_san/sql/sql_base.cc:5604:7
|
#13 0x60431a95ea7a in Delayed_insert::open_and_lock_table() /test/bb-12.0-nikita-global-tmp_opt_san/sql/sql_insert.cc:3388:16
|
#14 0x60431a960303 in handle_delayed_insert /test/bb-12.0-nikita-global-tmp_opt_san/sql/sql_insert.cc:3497:13
|
#15 0x60431997ac0c in asan_thread_start(void*) crtstuff.c
|
|
|
Thread T13 created by T12 here:
|
#0 0x604319962a95 in pthread_create (/test/MDEV-35915_UBASAN_MD040825-mariadb-12.0.1-linux-x86_64-opt/bin/mariadbd+0x2835a95) (BuildId: aa0e62209f3572e8)
|
#1 0x60431a93949d in delayed_get_table(THD*, MDL_request*, TABLE_LIST*) /test/bb-12.0-nikita-global-tmp_opt_san/sql/sql_insert.cc:2823:19
|
#2 0x60431a93949d in open_and_lock_for_insert_delayed(THD*, TABLE_LIST*) /test/bb-12.0-nikita-global-tmp_opt_san/sql/sql_insert.cc:600:7
|
#3 0x60431a93949d in mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item>>&, List<Item>&, List<Item>&, enum_duplicates, bool, select_result*) /test/bb-12.0-nikita-global-tmp_opt_san/sql/sql_insert.cc:784:9
|
#4 0x60431aad4e78 in mysql_execute_command(THD*, bool) /test/bb-12.0-nikita-global-tmp_opt_san/sql/sql_parse.cc:4463:10
|
#5 0x60431aaa3180 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/bb-12.0-nikita-global-tmp_opt_san/sql/sql_parse.cc:7893:18
|
#6 0x60431aa9a4d6 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/bb-12.0-nikita-global-tmp_opt_san/sql/sql_parse.cc:1881:7
|
#7 0x60431aaa5446 in do_command(THD*, bool) /test/bb-12.0-nikita-global-tmp_opt_san/sql/sql_parse.cc:1420:17
|
#8 0x60431b1fd17c in do_handle_one_connection(CONNECT*, bool) /test/bb-12.0-nikita-global-tmp_opt_san/sql/sql_connect.cc:1414:11
|
#9 0x60431b1fc9d6 in handle_one_connection /test/bb-12.0-nikita-global-tmp_opt_san/sql/sql_connect.cc:1326:5
|
#10 0x60431997ac0c in asan_thread_start(void*) crtstuff.c
|
|
|
Thread T12 created by T0 here:
|
#0 0x604319962a95 in pthread_create (/test/MDEV-35915_UBASAN_MD040825-mariadb-12.0.1-linux-x86_64-opt/bin/mariadbd+0x2835a95) (BuildId: aa0e62209f3572e8)
|
#1 0x6043199cdd01 in create_thread_to_handle_connection(CONNECT*) /test/bb-12.0-nikita-global-tmp_opt_san/sql/mysqld.cc:6272:19
|
#2 0x6043199ceeea in handle_connections_sockets() /test/bb-12.0-nikita-global-tmp_opt_san/sql/mysqld.cc:6508:9
|
#3 0x6043199cd050 in run_main_loop() /test/bb-12.0-nikita-global-tmp_opt_san/sql/mysqld.cc:5750:3
|
#4 0x6043199c442b in mysqld_main(int, char**) /test/bb-12.0-nikita-global-tmp_opt_san/sql/mysqld.cc:6173:3
|
#5 0x76807a62a1c9 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
|
#6 0x76807a62a28a in __libc_start_main csu/../csu/libc-start.c:360:3
|
#7 0x6043198e22d4 in _start (/test/MDEV-35915_UBASAN_MD040825-mariadb-12.0.1-linux-x86_64-opt/bin/mariadbd+0x27b52d4) (BuildId: aa0e62209f3572e8)
|
|
|
SUMMARY: AddressSanitizer: use-after-poison /test/bb-12.0-nikita-global-tmp_opt_san/sql/sql_insert.cc:3788:36 in Delayed_insert::handle_inserts()
|
Shadow bytes around the buggy address:
|
0x51900005ff80: 00 00 00 00 00 00 f7 00 f7 f7 00 00 00 00 00 00
|
0x519000060000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x519000060080: 00 00 00 00 00 00 00 00 00 00 f7 00 00 f7 f7 f7
|
0x519000060100: 00 00 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x519000060180: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 00 f7
|
=>0x519000060200: 00 00 00 00[f7]f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x519000060280: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x519000060300: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 fa
|
0x519000060380: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x519000060400: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x519000060480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
Addressable: 00
|
Partially addressable: 01 02 03 04 05 06 07
|
Heap left redzone: fa
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack after return: f5
|
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
Container overflow: fc
|
Array cookie: ac
|
Intra object redzone: bb
|
ASan internal: fe
|
Left alloca redzone: ca
|
Right alloca redzone: cb
|
==108281==ABORTING
|
250805 9:16:08 [ERROR] /test/MDEV-35915_UBASAN_MD040825-mariadb-12.0.1-linux-x86_64-opt/bin/mariadbd got signal 6 ;
|
Attachments
Issue Links
- is caused by
-
MDEV-35915 Implement Global temporary tables
-
- In Testing
-
- is duplicated by
-
-
- Open
-