[MDEV-38062] Various SIGSEGV crashes and ASAN heap-use-after-free issues upon HANDLER ... READ ... FIRST - Jira

XML

Word

Printable

Details

Type: Bug
Status: Open (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: 10.6, 10.11, 11.4, 12.1(EOL), 12.2, 11.8
Fix Version/s: 10.6, 10.11, 11.4, 11.8
Component/s: Locking, Partitioning, Storage Engine - Spider
Labels:

Bug Category:
Can result in hang or crash

Description

Similar to, and likely related to, but different from, MDEV-35375 we have:

INSTALL PLUGIN Spider SONAME 'ha_spider';

CREATE TABLE t (c INT) ENGINE=Spider PARTITION BY HASH (c) PARTITIONS 2;

ALTER TABLE t ADD c4 DECIMAL AFTER c2;

SET SESSION transaction_read_only=1;

HANDLER t OPEN;

HANDLER t READ FIRST LIMIT 2,2;

HANDLER t READ FIRST;

Leads to:

CS 12.2.0 fd15fd2765b53d0c070dd01d86fb231024b8f284 (Debug, Clang 21.1.3-20250923) Build 10/11/2025
Core was generated by `/test/MD101125-mariadb-12.2.0-linux-x86_64-dbg/bin/mariadbd --no-defaults --max'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x0000789d703bf7ae in spider_send_query (spider=0x789ca4413a48, table=0x789ca457f608, link_idx=0, link_ok=0, error_num=0x789d7096cba4)at /test/12.2_dbg/storage/spider/ha_spider.cc:1338

[Current thread is 1 (LWP 3456748)]
(gdb) bt
#0 0x0000789d703bf7ae in spider_send_query (spider=0x789ca4413a48, table=0x789ca457f608, link_idx=0, link_ok=0, error_num=0x789d7096cba4)at /test/12.2_dbg/storage/spider/ha_spider.cc:1338
#1 0x0000789d703c7522 in ha_spider::rnd_next_internal (this=0x789ca4413a48, buf=0x0) at /test/12.2_dbg/storage/spider/ha_spider.cc:4387
#2 0x0000789d703c7969 in ha_spider::pre_rnd_next (this=0x789ca4413a48, use_parallel=true) at /test/12.2_dbg/storage/spider/ha_spider.cc:4426
#3 0x00005ccb409351c6 in ha_partition::handle_pre_scan (this=0x789ca4413148, reverse_order=false, use_parallel=true)at /test/12.2_dbg/sql/ha_partition.cc:7731
#4 0x00005ccb40934e5d in ha_partition::rnd_next (this=0x789ca4413148, buf=0x789ca4414600 "\377") at /test/12.2_dbg/sql/ha_partition.cc:5467
#5 0x00005ccb4004e6fc in handler::ha_rnd_next (this=0x789ca4413148, buf=0x789ca4414600 "\377") at /test/12.2_dbg/sql/handler.cc:3788
#6 0x00005ccb4044e4b9 in mysql_ha_read (thd=0x789ca4000d58, tables=0x789ca401a038, mode=RFIRST, keyname=0x0, key_expr=0x0, ha_rkey_mode=HA_READ_KEY_EXACT, cond=0x0, select_limit_cnt=1, offset_limit_cnt=0) at /test/12.2_dbg/sql/sql_handler.cc:921
#7 0x00005ccb404bb25f in mysql_execute_command (thd=0x789ca4000d58, is_called_from_prepared_stmt=false) at /test/12.2_dbg/sql/sql_parse.cc:5461
#8 0x00005ccb404adcf8 in mysql_parse (thd=0x789ca4000d58, rawbuf=0x789ca4019ee0 "HANDLER t READ FIRST", length=20, parser_state=0x789d7096ea00) at /test/12.2_dbg/sql/sql_parse.cc:7888
#9 0x00005ccb404ab4d9 in dispatch_command (command=COM_QUERY, thd=0x789ca4000d58, packet=0x789ca400b239 "", packet_length=20, blocking=true) at /test/12.2_dbg/sql/sql_parse.cc:1878
#10 0x00005ccb404ae77a in do_command (thd=0x789ca4000d58, blocking=true)at /test/12.2_dbg/sql/sql_parse.cc:1417
#11 0x00005ccb406a1afe in do_handle_one_connection (connect=0x5ccb4410e088, put_in_cache=true) at /test/12.2_dbg/sql/sql_connect.cc:1503
#12 0x00005ccb406a18e1 in handle_one_connection (arg=0x5ccb4404d868)at /test/12.2_dbg/sql/sql_connect.cc:1415
#13 0x0000789d7209ca94 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447
#14 0x0000789d72129c3c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

Bug Detection Matrix
Rel o/d Build Commit UniqueID observed
CS 10.6 dbg 101125 759e3523e3d832b174cf0a612704da38b2557b40 SIGSEGV\|spider_db_open_handler\|ha_spider::rnd_handler_init\|ha_spider::rnd_next_internal\|ha_spider::pre_rnd_next
CS 10.6 opt 101125 759e3523e3d832b174cf0a612704da38b2557b40 SIGABRT\|__libc_message_impl\|__libc_assert_fail\|__GI___pthread_tpp_change_priority\|inline_mysql_mutex_unlock
CS 10.11 dbg 101125 536cd151f0370216d9ba4c15f40c7037060972a5 SIGSEGV\|spider_send_query\|ha_spider::rnd_next_internal\|ha_spider::pre_rnd_next\|ha_partition::handle_pre_scan
CS 10.11 opt 101125 536cd151f0370216d9ba4c15f40c7037060972a5 GOT_ERROR\|Got error 12701\|when reading table
CS 11.4 dbg 101125 a1bb5c94fda453baa99e57e3927eaa7cd3c8bafe SIGSEGV\|spider_send_query\|ha_spider::rnd_next_internal\|ha_spider::pre_rnd_next\|ha_partition::handle_pre_scan
CS 11.4 opt 101125 a1bb5c94fda453baa99e57e3927eaa7cd3c8bafe SIGABRT\|__libc_message_impl\|__libc_assert_fail\|__GI___pthread_tpp_change_priority\|inline_mysql_mutex_unlock
CS 11.8 dbg 101125 e0428264d0095472c015eb58c46be68ca1a320ee SIGSEGV\|spider_send_query\|ha_spider::rnd_next_internal\|ha_spider::pre_rnd_next\|ha_partition::handle_pre_scan
CS 11.8 opt 101125 e0428264d0095472c015eb58c46be68ca1a320ee GOT_ERROR\|Got error 12701\|when reading table
CS 12.1 dbg 101125 ba00960fdaee67a4efff6866e31f446bf486a1c2 SIGSEGV\|spider_send_query\|ha_spider::rnd_next_internal\|ha_spider::pre_rnd_next\|ha_partition::handle_pre_scan
CS 12.1 opt 101125 ba00960fdaee67a4efff6866e31f446bf486a1c2 GOT_ERROR\|Got error 12701\|when reading table
CS 12.2 dbg 101125 fd15fd2765b53d0c070dd01d86fb231024b8f284 SIGSEGV\|spider_send_query\|ha_spider::rnd_next_internal\|ha_spider::pre_rnd_next\|ha_partition::handle_pre_scan
CS 12.2 opt 101125 fd15fd2765b53d0c070dd01d86fb231024b8f284 GOT_ERROR\|Got error 12701\|when reading table
ES 10.6 dbg 101125 f0d4d34fb0314b03fddb71fb9dbde372744a8c13 SIGSEGV\|spider_db_open_handler\|ha_spider::rnd_handler_init\|ha_spider::rnd_next_internal\|ha_spider::pre_rnd_next
ES 10.6 opt 101125 f0d4d34fb0314b03fddb71fb9dbde372744a8c13 SIGSEGV\|spider_db_conn_queue_action\|spider_db_before_query\|spider_db_query\|spider_db_open_handler
ES 11.4 dbg 101125 b81ec4b57a5ddce88b8e2b2d16b64625ffdaa0e6 SIGSEGV\|ha_spider::append_select_sql_part\|spider_db_append_select\|ha_spider::rnd_next_internal\|ha_spider::pre_rnd_next
ES 11.4 opt 101125 b81ec4b57a5ddce88b8e2b2d16b64625ffdaa0e6 SIGSEGV\|ha_spider::append_select_sql_part\|ha_spider::rnd_next_internal\|ha_spider::pre_rnd_next\|ha_partition::handle_pre_scan
ES 11.8 dbg 101125 db36e8fb3bcdae26dd0acdcb2b52f7f4eb014df6 SIGSEGV\|ha_spider::append_select_sql_part\|spider_db_append_select\|ha_spider::rnd_next_internal\|ha_spider::pre_rnd_next
ES 11.8 opt 101125 db36e8fb3bcdae26dd0acdcb2b52f7f4eb014df6 SIGSEGV\|ha_spider::append_select_sql_part\|ha_spider::rnd_next_internal\|ha_spider::pre_rnd_next\|ha_partition::handle_pre_scan

CS 12.2.0 fd15fd2765b53d0c070dd01d86fb231024b8f284 (Debug, UBASAN, Clang 21.1.3-20250923) Build 10/11/2025
==3452151==ERROR: AddressSanitizer: heap-use-after-free on address 0x6f54a2eafb94 at pc 0x6d63b48fae4f bp 0x6d63b68fffa0 sp 0x6d63b68fff98
READ of size 4 at 0x6f54a2eafb94 thread T12
#0 0x6d63b48fae4e in spider_send_query(ha_spider, TABLE, int, int, int*) /test/12.2_dbg_san/storage/spider/ha_spider.cc:1338:62
#1 0x6d63b491b4ad in ha_spider::rnd_next_internal(unsigned char*) /test/12.2_dbg_san/storage/spider/ha_spider.cc:4387:11
#2 0x6d63b491cd53 in ha_spider::pre_rnd_next(bool) /test/12.2_dbg_san/storage/spider/ha_spider.cc:4426:7
#3 0x5937556b3d1d in ha_partition::handle_pre_scan(bool, bool) /test/12.2_dbg_san/sql/ha_partition.cc
#4 0x5937556b3150 in ha_partition::rnd_next(unsigned char*) /test/12.2_dbg_san/sql/ha_partition.cc:5467:12
#5 0x5937535276dd in handler::ha_rnd_next(unsigned char*) /test/12.2_dbg_san/sql/handler.cc:3788:5
#6 0x5937543388f7 in mysql_ha_read(THD, TABLE_LIST, enum_ha_read_modes, char const, List<Item>, ha_rkey_function, Item*, unsigned long long, unsigned long long) /test/12.2_dbg_san/sql/sql_handler.cc
#7 0x5937544b2c10 in mysql_execute_command(THD*, bool) /test/12.2_dbg_san/sql/sql_parse.cc:5461:10
#8 0x5937544941e8 in mysql_parse(THD, char, unsigned int, Parser_state*) /test/12.2_dbg_san/sql/sql_parse.cc:7888:18
#9 0x59375448d9a3 in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /test/12.2_dbg_san/sql/sql_parse.cc:1878:7
#10 0x59375449662a in do_command(THD*, bool) /test/12.2_dbg_san/sql/sql_parse.cc:1417:17
#11 0x593754ca3b3c in do_handle_one_connection(CONNECT*, bool) /test/12.2_dbg_san/sql/sql_connect.cc:1503:11
#12 0x593754ca3645 in handle_one_connection /test/12.2_dbg_san/sql/sql_connect.cc:1415:5
#13 0x5937533f2b4a in asan_thread_start(void*) crtstuff.c
#14 0x7164a409ca93 in start_thread nptl/pthread_create.c:447:8
#15 0x7164a4129c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

0x6f54a2eafb94 is located 788 bytes inside of 3152-byte region [0x6f54a2eaf880,0x6f54a2eb04d0)
freed by thread T12 here:
#0 0x5937533f502a in free (/test/UBASAN_MD101125-mariadb-12.2.0-linux-x86_64-dbg/bin/mariadbd+0x3c9802a) (BuildId: 7b0cb8241b81c77e02045f0095ce4e038036f58e)
#1 0x6d63b48b5a2e in spider_free_mem(st_spider_transaction, void, unsigned long) /test/12.2_dbg_san/storage/spider/spd_malloc.cc:182:3
#2 0x6d63b47696bf in spider_free_conn(st_spider_conn*) /test/12.2_dbg_san/storage/spider/spd_conn.cc:825:3
#3 0x6d63b4688b83 in spider_free_trx_conn(st_spider_transaction*, bool) /test/12.2_dbg_san/storage/spider/spd_trx.cc:119:9
#4 0x6d63b46b05b6 in spider_rollback(THD*, bool) /test/12.2_dbg_san/storage/spider/spd_trx.cc:3023:5
#5 0x59375350d445 in ha_rollback_trans(THD*, bool) /test/12.2_dbg_san/sql/handler.cc:2375:17
#6 0x593754d0d7fc in trans_rollback_stmt(THD*) /test/12.2_dbg_san/sql/transaction.cc:567:5
#7 0x593754336b44 in mysql_ha_read(THD, TABLE_LIST, enum_ha_read_modes, char const, List<Item>, ha_rkey_function, Item*, unsigned long long, unsigned long long) /test/12.2_dbg_san/sql/sql_handler.cc:1019:3
#8 0x5937544b2c10 in mysql_execute_command(THD*, bool) /test/12.2_dbg_san/sql/sql_parse.cc:5461:10
#9 0x5937544941e8 in mysql_parse(THD, char, unsigned int, Parser_state*) /test/12.2_dbg_san/sql/sql_parse.cc:7888:18
#10 0x59375448d9a3 in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /test/12.2_dbg_san/sql/sql_parse.cc:1878:7
#11 0x59375449662a in do_command(THD*, bool) /test/12.2_dbg_san/sql/sql_parse.cc:1417:17
#12 0x593754ca3b3c in do_handle_one_connection(CONNECT*, bool) /test/12.2_dbg_san/sql/sql_connect.cc:1503:11
#13 0x593754ca3645 in handle_one_connection /test/12.2_dbg_san/sql/sql_connect.cc:1415:5
#14 0x5937533f2b4a in asan_thread_start(void*) crtstuff.c

previously allocated by thread T12 here:
#0 0x5937533f52c8 in malloc (/test/UBASAN_MD101125-mariadb-12.2.0-linux-x86_64-dbg/bin/mariadbd+0x3c982c8) (BuildId: 7b0cb8241b81c77e02045f0095ce4e038036f58e)
#1 0x59375665e3a6 in my_malloc /test/12.2_dbg_san/mysys/my_malloc.c:93:29
#2 0x6d63b48b5e5b in spider_bulk_alloc_mem(st_spider_transaction, unsigned int, char const, char const*, unsigned long, unsigned long, ...) /test/12.2_dbg_san/storage/spider/spd_malloc.cc:230:29
#3 0x6d63b476ad6b in spider_create_conn(st_spider_share, ha_spider, int, int, int*) /test/12.2_dbg_san/storage/spider/spd_conn.cc:427:7
#4 0x6d63b47756b6 in spider_get_conn(st_spider_share, int, char, st_spider_transaction, ha_spider, bool, bool, int*) /test/12.2_dbg_san/storage/spider/spd_conn.cc:730:19
#5 0x6d63b46b4840 in spider_trx_get_conn(ha_spider, st_spider_transaction, bool) /test/12.2_dbg_san/storage/spider/spd_trx.cc:3281:16
#6 0x6d63b46b1d16 in spider_check_trx_and_get_conn(THD, ha_spider) /test/12.2_dbg_san/storage/spider/spd_trx.cc:3360:23
#7 0x6d63b48e601e in ha_spider::check_access_kind_for_connection(THD*, bool) /test/12.2_dbg_san/storage/spider/ha_spider.cc:602:19
#8 0x6d63b48f1966 in ha_spider::dml_init() /test/12.2_dbg_san/storage/spider/ha_spider.cc:10306:20
#9 0x6d63b49189c2 in ha_spider::rnd_init(bool) /test/12.2_dbg_san/storage/spider/ha_spider.cc:4146:9
#10 0x593753574149 in handler::ha_rnd_init(bool) /test/12.2_dbg_san/sql/handler.h:3587:22
#11 0x5937556b20c6 in ha_partition::rnd_init(bool) /test/12.2_dbg_san/sql/ha_partition.cc:5355:9
#12 0x593753574149 in handler::ha_rnd_init(bool) /test/12.2_dbg_san/sql/handler.h:3587:22
#13 0x593754338878 in mysql_ha_read(THD, TABLE_LIST, enum_ha_read_modes, char const, List<Item>, ha_rkey_function, Item*, unsigned long long, unsigned long long) /test/12.2_dbg_san/sql/sql_handler.cc:920:6
#14 0x5937544b2c10 in mysql_execute_command(THD*, bool) /test/12.2_dbg_san/sql/sql_parse.cc:5461:10
#15 0x5937544941e8 in mysql_parse(THD, char, unsigned int, Parser_state*) /test/12.2_dbg_san/sql/sql_parse.cc:7888:18
#16 0x59375448d9a3 in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /test/12.2_dbg_san/sql/sql_parse.cc:1878:7
#17 0x59375449662a in do_command(THD*, bool) /test/12.2_dbg_san/sql/sql_parse.cc:1417:17
#18 0x593754ca3b3c in do_handle_one_connection(CONNECT*, bool) /test/12.2_dbg_san/sql/sql_connect.cc:1503:11
#19 0x593754ca3645 in handle_one_connection /test/12.2_dbg_san/sql/sql_connect.cc:1415:5
#20 0x5937533f2b4a in asan_thread_start(void*) crtstuff.c

Thread T12 created by T0 here:
#0 0x5937533d9245 in pthread_create (/test/UBASAN_MD101125-mariadb-12.2.0-linux-x86_64-dbg/bin/mariadbd+0x3c7c245) (BuildId: 7b0cb8241b81c77e02045f0095ce4e038036f58e)
#1 0x59375344cb8c in create_thread_to_handle_connection(CONNECT*) /test/12.2_dbg_san/sql/mysqld.cc:6273:19
#2 0x59375344dc15 in handle_connections_sockets() /test/12.2_dbg_san/sql/mysqld.cc:6509:9
#3 0x59375344c19a in run_main_loop() /test/12.2_dbg_san/sql/mysqld.cc:5751:3
#4 0x593753441b3e in mysqld_main(int, char**) /test/12.2_dbg_san/sql/mysqld.cc:6174:3
#5 0x7164a402a1c9 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#6 0x7164a402a28a in __libc_start_main csu/../csu/libc-start.c:360:3
#7 0x59375334fb54 in _start (/test/UBASAN_MD101125-mariadb-12.2.0-linux-x86_64-dbg/bin/mariadbd+0x3bf2b54) (BuildId: 7b0cb8241b81c77e02045f0095ce4e038036f58e)

SUMMARY: AddressSanitizer: heap-use-after-free /test/12.2_dbg_san/storage/spider/ha_spider.cc:1338:62 in spider_send_query(ha_spider, TABLE, int, int, int*)
Shadow bytes around the buggy address:
0x6f54a2eaf900: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x6f54a2eaf980: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x6f54a2eafa00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x6f54a2eafa80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x6f54a2eafb00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x6f54a2eafb80: fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd
0x6f54a2eafc00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x6f54a2eafc80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x6f54a2eafd00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x6f54a2eafd80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x6f54a2eafe00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==3452151==ABORTING

Setup:

Compiled with a recent version of Clang and LLVM. Ubuntu instructions for Clang/LLVM 18:

  # Note: It is strongly recommended to uninstall all old Clang & LLVM packages (ref  dpkg --list | grep -iE 'clang|llvm'  and use  apt purge  and  dpkg --purge  to remove the packages), before installing Clang/LLVM 18

     sudo apt install clang llvm-18 llvm-18-linker-tools llvm-18-runtime llvm-18-tools llvm-18-dev libstdc++-14-dev llvm-dev lld-18

Compiled with: "-DCMAKE_C_COMPILER=/usr/bin/clang -DCMAKE_CXX_COMPILER=/usr/bin/clang++ -DCMAKE_C{,XX}_FLAGS='-march=native -mtune=native'" and:

    -DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWSREP_LIB_WITH_ASAN=ON

Set before execution:

    export ASAN_OPTIONS=quarantine_size_mb=512:atexit=0:detect_invalid_pointer_pairs=3:dump_instruction_bytes=1:abort_on_error=1:allocator_may_return_null=1

SAN Bug Detection Matrix
Rel o/d Build Commit UniqueID observed
CS 10.6 dbg 101125 759e3523e3d832b174cf0a612704da38b2557b40 ASAN\|heap-use-after-free\|storage/spider/spd_db_conn.cc\|spider_db_open_handler\|ha_spider::rnd_handler_init\|ha_spider::rnd_next_internal\|ha_spider::pre_rnd_next
CS 10.6 opt 101125 759e3523e3d832b174cf0a612704da38b2557b40 ASAN\|heap-use-after-free\|storage/spider/spd_db_conn.cc\|spider_db_open_handler\|ha_spider::rnd_handler_init\|ha_spider::rnd_next_internal\|ha_spider::pre_rnd_next
CS 10.11 dbg 101125 536cd151f0370216d9ba4c15f40c7037060972a5 ASAN\|heap-use-after-free\|storage/spider/ha_spider.cc\|spider_send_query\|ha_spider::rnd_next_internal\|ha_spider::pre_rnd_next\|ha_partition::handle_pre_scan
CS 10.11 opt 101125 536cd151f0370216d9ba4c15f40c7037060972a5 ASAN\|heap-use-after-free\|storage/spider/ha_spider.cc\|spider_send_query\|ha_spider::rnd_next_internal\|ha_spider::pre_rnd_next\|ha_partition::handle_pre_scan
CS 11.4 dbg 101125 a1bb5c94fda453baa99e57e3927eaa7cd3c8bafe ASAN\|heap-use-after-free\|storage/spider/ha_spider.cc\|spider_send_query\|ha_spider::rnd_next_internal\|ha_spider::pre_rnd_next\|ha_partition::handle_pre_scan
CS 11.4 opt 101125 a1bb5c94fda453baa99e57e3927eaa7cd3c8bafe ASAN\|heap-use-after-free\|storage/spider/ha_spider.cc\|spider_send_query\|ha_spider::rnd_next_internal\|ha_spider::pre_rnd_next\|ha_partition::handle_pre_scan
CS 11.8 dbg 101125 e0428264d0095472c015eb58c46be68ca1a320ee ASAN\|heap-use-after-free\|storage/spider/ha_spider.cc\|spider_send_query\|ha_spider::rnd_next_internal\|ha_spider::pre_rnd_next\|ha_partition::handle_pre_scan
CS 11.8 opt 101125 e0428264d0095472c015eb58c46be68ca1a320ee ASAN\|heap-use-after-free\|storage/spider/ha_spider.cc\|spider_send_query\|ha_spider::rnd_next_internal\|ha_spider::pre_rnd_next\|ha_partition::handle_pre_scan
CS 12.1 dbg 101125 ba00960fdaee67a4efff6866e31f446bf486a1c2 ASAN\|heap-use-after-free\|storage/spider/ha_spider.cc\|spider_send_query\|ha_spider::rnd_next_internal\|ha_spider::pre_rnd_next\|ha_partition::handle_pre_scan
CS 12.1 opt 101125 ba00960fdaee67a4efff6866e31f446bf486a1c2 ASAN\|heap-use-after-free\|storage/spider/ha_spider.cc\|spider_send_query\|ha_spider::rnd_next_internal\|ha_spider::pre_rnd_next\|ha_partition::handle_pre_scan
CS 12.2 dbg 101125 fd15fd2765b53d0c070dd01d86fb231024b8f284 ASAN\|heap-use-after-free\|storage/spider/ha_spider.cc\|spider_send_query\|ha_spider::rnd_next_internal\|ha_spider::pre_rnd_next\|ha_partition::handle_pre_scan
CS 12.2 opt 101125 fd15fd2765b53d0c070dd01d86fb231024b8f284 ASAN\|heap-use-after-free\|storage/spider/ha_spider.cc\|spider_send_query\|ha_spider::rnd_next_internal\|ha_spider::pre_rnd_next\|ha_partition::handle_pre_scan
ES 10.6 dbg 101125 f0d4d34fb0314b03fddb71fb9dbde372744a8c13 ASAN\|heap-use-after-free\|storage/spider/spd_db_conn.cc\|spider_db_open_handler\|ha_spider::rnd_handler_init\|ha_spider::rnd_next_internal\|ha_spider::pre_rnd_next
ES 10.6 opt 101125 f0d4d34fb0314b03fddb71fb9dbde372744a8c13 ASAN\|heap-use-after-free\|storage/spider/spd_db_conn.cc\|spider_db_open_handler\|ha_spider::rnd_handler_init\|ha_spider::rnd_next_internal\|ha_spider::pre_rnd_next
ES 11.4 dbg 101125 b81ec4b57a5ddce88b8e2b2d16b64625ffdaa0e6 ASAN\|heap-use-after-free\|storage/spider/ha_spider.cc\|ha_spider::append_select_sql_part\|ha_spider::rnd_next_internal\|ha_spider::pre_rnd_next\|ha_partition::handle_pre_scan
ES 11.4 opt 101125 b81ec4b57a5ddce88b8e2b2d16b64625ffdaa0e6 ASAN\|heap-use-after-free\|storage/spider/ha_spider.cc\|ha_spider::append_select_sql_part\|ha_spider::rnd_next_internal\|ha_spider::pre_rnd_next\|ha_partition::handle_pre_scan
ES 11.8 dbg 101125 db36e8fb3bcdae26dd0acdcb2b52f7f4eb014df6 ASAN\|heap-use-after-free\|storage/spider/ha_spider.cc\|ha_spider::append_select_sql_part\|ha_spider::rnd_next_internal\|ha_spider::pre_rnd_next\|ha_partition::handle_pre_scan
ES 11.8 opt 101125 db36e8fb3bcdae26dd0acdcb2b52f7f4eb014df6 ASAN\|heap-use-after-free\|storage/spider/ha_spider.cc\|ha_spider::append_select_sql_part\|ha_spider::rnd_next_internal\|ha_spider::pre_rnd_next\|ha_partition::handle_pre_scan

Attachments

Issue Links

relates to

MDEV-27902 Spider: Crashes, asserts, hangs, memory corruptions and ASAN heap-use-after-free's

Closed

MDEV-35375 SIGSEGV in spider_send_query when using HANDLER ... READ ... NEXT, thread hang, ASAN: heap-use-after-free in spider_send_query

Open

Activity

People

Assignee:: Yuchen Pei

Reporter:: Roel Van de Paar

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2025-11-11 02:18

Updated:: 2 days ago 09:19

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.