[MDEV-37781] UBSAN build crashes when executing long query after setting low thread stack - Jira

Details

Type: Bug
Status: Open (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: 10.6, 10.11, 11.4, 11.8, 12.1, 12.2
Fix Version/s: 10.6, 10.11, 11.4, 11.8, 12.1
Component/s: None
Labels:
- UBSAN

Description

--let $restart_parameters=--thread-stack=131072

--source include/restart_mysqld.inc

SELECT 1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1;

Leads to:

N/A

Setup:

CS 12.2.0 e7bb12f5f04c4315e67aa59cddd9d46fb7fc6d2d (Optimized, UBASAN, Clang 18.1.3-11) Build 01/10/2025
Core was generated by `/test/UBASAN_MD011025-mariadb-12.2.0-linux-x86_64-opt/bin/mariadbd --no-default'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x000061d2140bf09e in Item_func::fix_fields (this=<optimized out>, thd=<optimized out>, ref=<optimized out>) at /test/12.2_opt_san/sql/item_func.cc:362
#1 0x000061d2140bf31b in Item_func::fix_fields (this=0x52d000100c80, thd=<optimized out>, ref=<optimized out>) at /test/12.2_opt_san/sql/item_func.cc:394
#2 0x000061d2140bf31b in Item_func::fix_fields (this=0x52d000100df8, thd=<optimized out>, ref=<optimized out>) at /test/12.2_opt_san/sql/item_func.cc:394
#3 0x000061d2140bf31b in Item_func::fix_fields (this=0x52d000100f70, thd=<optimized out>, ref=<optimized out>) at /test/12.2_opt_san/sql/item_func.cc:394
#4 0x000061d2140bf31b in Item_func::fix_fields (this=0x52d0001010e8, thd=<optimized out>, ref=<optimized out>) at /test/12.2_opt_san/sql/item_func.cc:394
#5 0x000061d2140bf31b in Item_func::fix_fields (this=0x52d000101260, thd=<optimized out>, ref=<optimized out>) at /test/12.2_opt_san/sql/item_func.cc:394
#6 0x000061d2140bf31b in Item_func::fix_fields (this=0x52d0001013d8, thd=<optimized out>, ref=<optimized out>) at /test/12.2_opt_san/sql/item_func.cc:394
#7 0x000061d2140bf31b in Item_func::fix_fields (this=0x52d000101550, thd=<optimized out>, ref=<optimized out>) at /test/12.2_opt_san/sql/item_func.cc:394
[..]
#360 0x000061d2140747c8 in Item::fix_fields_if_needed_for_scalar (this=0x53100001bf30, thd=0x52d000100b08, ref=0xf8f8f8f8f8f8f8f8) at /test/12.2_opt_san/sql/item.h:1152
#361 0x000061d214a020d9 in setup_fields (thd=0x52b00007e218, ref_pointer_array=..., fields=..., column_usage=column_usage@entry=MARK_COLUMNS_READ, sum_func_list=sum_func_list@entry=0x53100001ce28, pre_fix=0x52d0000e6f80, allow_sum_func=<optimized out>, where=THD_WHERE::DEFAULT_WHERE) at /test/12.2_opt_san/sql/sql_base.cc:8188
#362 0x000061d214fe3baf in JOIN::prepare (this=0x53100001ca88, tables_init=<optimized out>, conds_init=<optimized out>, og_num=<optimized out>, order_init=<optimized out>, skip_order_by=<optimized out>, group_init=<optimized out>, having_init=<optimized out>, proc_param_init=<optimized out>, select_lex_arg=<optimized out>, unit_arg=<optimized out>) at /test/12.2_opt_san/sql/sql_select.cc:1601
#363 0x000061d214fd651d in mysql_select (thd=0x52b00007e218, tables=tables@entry=0x0, fields=..., conds=<optimized out>, og_num=og_num@entry=0, order=<optimized out>, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x53100001ca58, unit=0x52b000082440, select_lex=0x52d0000e6cb0) at /test/12.2_opt_san/sql/sql_select.cc:5377
#364 0x000061d214fd5561 in handle_select (thd=thd@entry=0x52b00007e218, lex=lex@entry=0x52b000082360, result=result@entry=0x53100001ca58, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/12.2_opt_san/sql/sql_select.cc:634
#365 0x000061d214eb2c48 in execute_sqlcom_select (thd=0x52b00007e218, all_tables=<optimized out>) at /test/12.2_opt_san/sql/sql_parse.cc:6167
#366 0x000061d214e93aa1 in mysql_execute_command (thd=0x52b00007e218, is_called_from_prepared_stmt=<optimized out>) at /test/12.2_opt_san/sql/sql_parse.cc:3950
#367 0x000061d214e75ad1 in mysql_parse (thd=0x52b00007e218, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/12.2_opt_san/sql/sql_parse.cc:7883
#368 0x000061d214e6ce25 in dispatch_command (command=<optimized out>, thd=0x52b00007e218, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/12.2_opt_san/sql/sql_parse.cc:1878
#369 0x000061d214e77d97 in do_command (thd=thd@entry=0x52b00007e218, blocking=<optimized out>) at /test/12.2_opt_san/sql/sql_parse.cc:1417
#370 0x000061d2155d004d in do_handle_one_connection (connect=<optimized out>, connect@entry=0x5080000029b8, put_in_cache=true) at /test/12.2_opt_san/sql/sql_connect.cc:1414
#371 0x000061d2155cf8a7 in handle_one_connection (arg=0x5080000029b8) at /test/12.2_opt_san/sql/sql_connect.cc:1326
#372 0x000061d213d274bd in asan_thread_start(void*) ()
#373 0x00007a6f5349caa4 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:447
#374 0x00007a6f53529c3c in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

Compiled with a recent version of Clang and LLVM. Ubuntu instructions for Clang/LLVM 18:

  # Note: It is strongly recommended to uninstall all old Clang & LLVM packages (ref  dpkg --list | grep -iE 'clang|llvm'  and use  apt purge  and  dpkg --purge  to remove the packages), before installing Clang/LLVM 18

     sudo apt install clang llvm-18 llvm-18-linker-tools llvm-18-runtime llvm-18-tools llvm-18-dev libstdc++-14-dev llvm-dev lld-18

Compiled with: "-DCMAKE_C_COMPILER=/usr/bin/clang -DCMAKE_CXX_COMPILER=/usr/bin/clang++ -DCMAKE_C{,XX}_FLAGS='-march=native -mtune=native'" and:

SAN Bug Detection Matrix
Rel o/d Build Commit UniqueID observed
CS 10.6 dbg 110825 9ffec4c1f3e73b0d3853edb486e5604604bc7051 SIGSEGV\|Item_func::fix_fields\|Item_func::fix_fields\|Item_func::fix_fields\|Item_func::fix_fields
CS 10.6 opt 110825 9ffec4c1f3e73b0d3853edb486e5604604bc7051 SIGSEGV\|Item_func::fix_fields\|Item_func::fix_fields\|Item_func::fix_fields\|Item_func::fix_fields
CS 10.11 dbg 130825 e46c9a01529687401b0f82b1427855535d38c0c0 SIGSEGV\|Item_func::fix_fields\|Item_func::fix_fields\|Item_func::fix_fields\|Item_func::fix_fields
CS 10.11 opt 130825 e46c9a01529687401b0f82b1427855535d38c0c0 SIGSEGV\|Item_func::fix_fields\|Item_func::fix_fields\|Item_func::fix_fields\|Item_func::fix_fields
CS 11.4 dbg 130825 03b31c0bd99390c1984f19a19f22dd6e77b7692e SIGSEGV\|Item_func::fix_fields\|Item_func::fix_fields\|Item_func::fix_fields\|Item_func::fix_fields
CS 11.4 opt 130825 03b31c0bd99390c1984f19a19f22dd6e77b7692e SIGSEGV\|Item_func::fix_fields\|Item_func::fix_fields\|Item_func::fix_fields\|Item_func::fix_fields
CS 11.8 dbg 130825 1a446ccc48528e88a3cd6cd1d1ec9e7492d342ca SIGSEGV\|Item_func::fix_fields\|Item_func::fix_fields\|Item_func::fix_fields\|Item_func::fix_fields
CS 11.8 opt 130825 1a446ccc48528e88a3cd6cd1d1ec9e7492d342ca SIGSEGV\|Item_func::fix_fields\|Item_func::fix_fields\|Item_func::fix_fields\|Item_func::fix_fields
CS 12.1 dbg 130825 033471a367b4c60b7262e64f43f46b02e95b9d74 SIGSEGV\|Item_func::fix_fields\|Item_func::fix_fields\|Item_func::fix_fields\|Item_func::fix_fields
CS 12.1 opt 130825 033471a367b4c60b7262e64f43f46b02e95b9d74 SIGSEGV\|Item_func::fix_fields\|Item_func::fix_fields\|Item_func::fix_fields\|Item_func::fix_fields
CS 12.2 dbg 011025 e7bb12f5f04c4315e67aa59cddd9d46fb7fc6d2d SIGSEGV\|Item_func::fix_fields\|Item_func::fix_fields\|Item_func::fix_fields\|Item_func::fix_fields
CS 12.2 opt 011025 e7bb12f5f04c4315e67aa59cddd9d46fb7fc6d2d SIGSEGV\|Item_func::fix_fields\|Item_func::fix_fields\|Item_func::fix_fields\|Item_func::fix_fields
ES 10.6 opt 150525 6111fbaf7bdcb6f1170f556ffd05d6e1a4159f62 SIGSEGV\|Item_func::fix_fields\|Item_func::fix_fields\|Item_func::fix_fields\|Item_func::fix_fields
ES 11.4 dbg 150525 9cd12544ebfd0d52d2158af66b5aced58121cf1f SIGSEGV\|Item_func::fix_fields\|Item_func::fix_fields\|Item_func::fix_fields\|Item_func::fix_fields
ES 11.4 opt 150525 9cd12544ebfd0d52d2158af66b5aced58121cf1f SIGSEGV\|Item_func::fix_fields\|Item_func::fix_fields\|Item_func::fix_fields\|Item_func::fix_fields

UBSAN build crashes when executing long query after setting low thread stack

Details

Description

Attachments

Activity

People

Dates

Git Integration