[#MDEV-14891] [Draft] Error: Freeing overrun buffer and crash in free

https://travis-ci.org/elenst/travis-tests/jobs/326160512

bb-10.3-temporal daf883f95c93860a5b0af0ef47479c115aa30063
Error: Freeing overrun buffer 0x5624e3ce0c9b at 0x5624e38ebd13, 0x5624e38d9275, 0x5624e38cc8c7, 0x5624e328a0ca, 0x5624e328b147, 0x5624e2efd2f1, 0x5624e2d9c203, 0x5624e2ddf5df
Allocated at 0x5624e38cc2a0, 0x5624e2e2626a, 0x5624e2e101ff, 0x5624e328fd97, 0x5624e328a02c, 0x5624e328b147, 0x5624e2efd2f1, 0x5624e2d9c203
Error: ��" unallocated data or underrun buffer 0x5624e3ce0bcd at mysys/safemalloc.c:194, sql/sql_parse.cc:2660, mysys/my_alloc.c:399, 0x5624e2f1a5f2, sql/table.cc:474, sql/table_cache.cc:547, sql/table_cache.cc:994, sql/table_cache.cc:224
180107 22:50:54 [ERROR] mysqld got signal 11 ;

Some pointers may be invalid and cause the dump to abort.
Query (0x7f004c021678): CREATE TRIGGER o BEFORE INSERT ON `B` FOR EACH ROW BEGIN INSERT INTO `BB` SELECT * FROM `view_BB` LIMIT 0 ; END
Connection ID (thread ID): 15
Status: NOT_KILLED

#3  <signal handler called>

#4  0x00005624e38cc856 in free_root (root=0x7f009c4a2e10, MyFlags=0) at /home/travis/src/mysys/my_alloc.c:401

#5  0x00005624e2f1a5f2 in TABLE_SHARE::destroy (this=0x7f00641b2328) at /home/travis/src/sql/table.cc:473

#6  0x00005624e2f1a6a8 in free_table_share (share=0x7f00641b2328) at /home/travis/src/sql/table.cc:489

#7  0x00005624e3037eba in tdc_delete_share_from_hash (element=0x7f005c0a2dc0) at /home/travis/src/sql/table_cache.cc:546

#8  0x00005624e30394e1 in tdc_release_share (share=0x7f00641b2328) at /home/travis/src/sql/table_cache.cc:993

#9  0x00005624e3036db4 in intern_close_table (table=0x7f00542f2300) at /home/travis/src/sql/table_cache.cc:223

#10 0x00005624e3036f44 in tc_remove_table (table=0x7f00542f2300) at /home/travis/src/sql/table_cache.cc:260

#11 0x00005624e30378b1 in tc_release_table (table=0x7f00542f2300) at /home/travis/src/sql/table_cache.cc:472

#12 0x00005624e2d8bbd8 in close_thread_table (thd=0x7f004c00c570, table_ptr=0x7f004c00c638) at /home/travis/src/sql/sql_base.cc:906

#13 0x00005624e2d8b43d in close_all_tables_for_name (thd=0x7f004c00c570, share=0x7f00641b2328, extra=HA_EXTRA_NOT_USED, skip_table=0x0) at /home/travis/src/sql/sql_base.cc:674

#14 0x00005624e2ef8cdd in mysql_create_or_drop_trigger (thd=0x7f004c00c570, tables=0x7f004c021880, create=true) at /home/travis/src/sql/sql_trigger.cc:585

#15 0x00005624e2e1b032 in mysql_execute_command (thd=0x7f004c00c570) at /home/travis/src/sql/sql_parse.cc:6097

#16 0x00005624e2e20425 in mysql_parse (thd=0x7f004c00c570, rawbuf=0x7f004c021678 "CREATE TRIGGER o BEFORE INSERT ON `B` FOR EACH ROW BEGIN INSERT INTO `BB` SELECT * FROM `view_BB` LIMIT 0 ; END ; /* QNO 20622 CON_ID 15 */", length=139, parser_state=0x7f009c4a45b0, is_com_multi=false, is_next_command=false) at /home/travis/src/sql/sql_parse.cc:7991

#17 0x00005624e2e0dbfd in dispatch_command (command=COM_QUERY, thd=0x7f004c00c570, packet=0x7f004c0baca1 "CREATE TRIGGER o BEFORE INSERT ON `B` FOR EACH ROW BEGIN INSERT INTO `BB` SELECT * FROM `view_BB` LIMIT 0 ; END ; /* QNO 20622 CON_ID 15 */ ", packet_length=140, is_com_multi=false, is_next_command=false) at /home/travis/src/sql/sql_parse.cc:1825

#18 0x00005624e2e0c63d in do_command (thd=0x7f004c00c570) at /home/travis/src/sql/sql_parse.cc:1370

#19 0x00005624e2f74f50 in do_handle_one_connection (connect=0x5624e68dc270) at /home/travis/src/sql/sql_connect.cc:1420

#20 0x00005624e2f74cdd in handle_one_connection (arg=0x5624e68dc270) at /home/travis/src/sql/sql_connect.cc:1326

#21 0x00005624e3878d68 in pfs_spawn_thread (arg=0x5624e68dfcf0) at /home/travis/src/storage/perfschema/pfs.cc:1863

#22 0x00007f00b8ed5184 in start_thread (arg=0x7f009c4a5700) at pthread_create.c:312

#23 0x00007f00b83e1ffd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

experimental b930457b481719c35ab1cb13643575a783d7d6e8

perl /home/travis/rqg/runall-new.pl --duration=350 --threads=6 --seed=1515365357 --reporters=Backtrace,ErrorLog,Deadlock --validators=TransformerNoComparator --transformers=ConvertSubqueriesToViews,ConvertTablesToDerived,Count,DisableOptimizations,Distinct,EnableOptimizations,ExecuteAsCTE,ExecuteAsDeleteReturning,ExecuteAsDerived,ExecuteAsExcept,ExecuteAsExecuteImmediate,ExecuteAsInsertSelect,ExecuteAsIntersect,ExecuteAsSelectItem,ExecuteAsUnion,ExecuteAsUpdateDelete,ExecuteAsView,ExecuteAsWhereSubquery,Having,InlineSubqueries,InlineVirtualColumns,LimitRowsExamined,OrderBy,StraightJoin,ExecuteAsPreparedTwice,ExecuteAsTrigger,ExecuteAsSPTwice,ExecuteAsFunctionTwice --redefine=conf/mariadb/general-workarounds.yy --mysqld=--log_output=FILE --mysqld=--log_bin_trust_function_creators=1 --mysqld=--log-bin --mysqld=--max-statement-time=30 --mysqld=--loose-debug_assert_on_not_freed_memory=0 --views --redefine=conf/mariadb/versioning.yy --basedir=/home/travis/server --grammar=conf/runtime/performance_schema.yy --mysqld=--performance-schema --engine=MyISAM --mysqld=--default-storage-engine=MyISAM --vardir=/home/travis/logs/vardir1_3

Not easily reproducible.

[MDEV-14891] [Draft] Error: Freeing overrun buffer and crash in free_root Created: 2018-01-08 Updated: 2022-09-26 Resolved: 2022-09-25
Status:	Closed
Project:	MariaDB Server
Component/s:	OTHER
Affects Version/s:	N/A
Fix Version/s:	N/A

[MDEV-14891] [Draft] Error: Freeing overrun buffer and crash in free_root Created: 2018-01-08 Updated: 2022-09-26 Resolved: 2022-09-25