[MDEV-15396] Slave server crash or valgrind uninitialised value in sys_var::val_str_nolock Created: 2018-02-23  Updated: 2019-07-02  Resolved: 2019-07-02

Status: Closed
Project: MariaDB Server
Component/s: Replication, Triggers, Variables
Affects Version/s: 10.1, 10.2, 10.3, 10.4
Fix Version/s: 10.2.24, 10.1.39, 10.3.14, 10.4.4

Type: Bug Priority: Major
Reporter: Elena Stepanova Assignee: Sujatha Sivakumar (Inactive)
Resolution: Duplicate Votes: 0
Labels: None

Issue Links:
Duplicate
is duplicated by MDEV-17617 [draft] Closed

 Description    

--source include/have_binlog_format_mixed.inc
 
--source include/master-slave.inc
 
 
 
CREATE TABLE t1 (f1 INT);
 
CREATE TABLE t2 (f2 VARCHAR(64));
 
CREATE TRIGGER tr1 BEFORE INSERT ON t1 FOR EACH ROW INSERT INTO t2 SELECT VARIABLE_NAME FROM INFORMATION_SCHEMA.SYSTEM_VARIABLES;
 
INSERT INTO t1 VALUES (1);
 
 
 
--sync_slave_with_master
 
 
 
# Cleanup
 
--connection master
 
DROP TABLE t1, t2;
 
--sync_slave_with_master
 
--connection master
 
--source include/rpl_end.inc


==5189== Conditional jump or move depends on uninitialised value(s)
 
==5189==    at 0x4A296B: sys_var::val_str_nolock(String*, THD*, unsigned char const*) (set_var.cc:337)
 
==5189==    by 0x4A2BAD: store_value_ptr(Field*, sys_var*, String*, unsigned char*) (set_var.cc:980)
 
==5189==    by 0x4A38FD: fill_sysvars(THD*, TABLE_LIST*, Item*) (set_var.cc:1029)
 
==5189==    by 0x580FF6: get_schema_tables_result(JOIN*, enum_schema_table_state) (sql_show.cc:8227)
 
==5189==    by 0x56743F: JOIN::exec_inner() (sql_select.cc:2691)
 
==5189==    by 0x5695C3: JOIN::exec() (sql_select.cc:2539)
 
==5189==    by 0x566096: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3476)
 
==5189==    by 0x566ACF: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:388)
 
==5189==    by 0x51BB52: mysql_execute_command(THD*) (sql_parse.cc:4022)
 
==5189==    by 0x774CD3: sp_instr_stmt::exec_core(THD*, unsigned int*) (sp_head.cc:3220)
 
==5189==    by 0x77B770: sp_lex_keeper::reset_lex_and_exec_core(THD*, unsigned int*, bool, sp_instr*) (sp_head.cc:2986)
 
==5189==    by 0x77BD2B: sp_instr_stmt::execute(THD*, unsigned int*) (sp_head.cc:3136)
 
==5189==    by 0x777E56: sp_head::execute(THD*, bool) (sp_head.cc:1316)
 
==5189==    by 0x7782E7: sp_head::execute_trigger(THD*, st_mysql_lex_string const*, st_mysql_lex_string const*, st_grant_info*) (sp_head.cc:1646)
 
==5189==    by 0x5A0870: Table_triggers_list::process_triggers(THD*, trg_event_type, trg_action_time_type, bool) (sql_trigger.cc:2185)
 
==5189==    by 0x4DD547: fill_record_n_invoke_before_triggers(THD*, TABLE*, Field**, List<Item>&, bool, trg_event_type) (sql_base.cc:9021)

10.1 a04e4f531 debug

 
#3  <signal handler called>
 
#4  0x00007f86dbeb7496 in strlen () from /lib/x86_64-linux-gnu/libc.so.6
 
#5  0x0000563be0604eff in sys_var::val_str_nolock (this=0x563be19a97c0 <Sys_exterenal_user>, str=0x7f86dbe31b10, thd=0x7f86c4c60070, value=0xa5a5a5a5a5a5a5a5 <error: Cannot access memory at address 0xa5a5a5a5a5a5a5a5>) at /data/src/10.1/sql/set_var.cc:337
 
#6  0x0000563be0606750 in store_value_ptr (field=0x7f86c4c68a60, var=0x563be19a97c0 <Sys_exterenal_user>, str=0x7f86dbe31b10, value_ptr=0xa5a5a5a5a5a5a5a5 <error: Cannot access memory at address 0xa5a5a5a5a5a5a5a5>) at /data/src/10.1/sql/set_var.cc:980
 
#7  0x0000563be0606817 in store_var (field=0x7f86c4c68a60, var=0x563be19a97c0 <Sys_exterenal_user>, scope=SHOW_OPT_SESSION, str=0x7f86dbe31b10) at /data/src/10.1/sql/set_var.cc:992
 
#8  0x0000563be0606b3e in fill_sysvars (thd=0x7f86c4c60070, tables=0x7f86c4cb06a8, cond=0x0) at /data/src/10.1/sql/set_var.cc:1029
 
#9  0x0000563be0755cde in get_schema_tables_result (join=0x7f86c4cf6248, executed_place=PROCESSED_BY_JOIN_EXEC) at /data/src/10.1/sql/sql_show.cc:8227
 
#10 0x0000563be06f54d0 in JOIN::exec_inner (this=0x7f86c4cf6248) at /data/src/10.1/sql/sql_select.cc:2691
 
#11 0x0000563be06f4b77 in JOIN::exec (this=0x7f86c4cf6248) at /data/src/10.1/sql/sql_select.cc:2539
 
#12 0x0000563be06f810d in mysql_select (thd=0x7f86c4c60070, rref_pointer_array=0x7f86c4ca3af8, tables=0x7f86c4cb06a8, wild_num=0, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=4061137664, result=0x7f86c4cf61a8, unit=0x7f86c4ca3150, select_lex=0x7f86c4ca3850) at /data/src/10.1/sql/sql_select.cc:3476
 
#13 0x0000563be06ed9f0 in handle_select (thd=0x7f86c4c60070, lex=0x7f86c4ca3088, result=0x7f86c4cf61a8, setup_tables_done_option=1073741824) at /data/src/10.1/sql/sql_select.cc:388
 
#14 0x0000563be06b6fd9 in mysql_execute_command (thd=0x7f86c4c60070) at /data/src/10.1/sql/sql_parse.cc:4022
 
#15 0x0000563be0a44b32 in sp_instr_stmt::exec_core (this=0x7f86c4cb0ca8, thd=0x7f86c4c60070, nextp=0x7f86dbe32a5c) at /data/src/10.1/sql/sp_head.cc:3220
 
#16 0x0000563be0a44224 in sp_lex_keeper::reset_lex_and_exec_core (this=0x7f86c4cb0ce8, thd=0x7f86c4c60070, nextp=0x7f86dbe32a5c, open_tables=false, instr=0x7f86c4cb0ca8) at /data/src/10.1/sql/sp_head.cc:2986
 
#17 0x0000563be0a447f8 in sp_instr_stmt::execute (this=0x7f86c4cb0ca8, thd=0x7f86c4c60070, nextp=0x7f86dbe32a5c) at /data/src/10.1/sql/sp_head.cc:3136
 
#18 0x0000563be0a40038 in sp_head::execute (this=0x7f86c4caf088, thd=0x7f86c4c60070, merge_da_on_success=false) at /data/src/10.1/sql/sp_head.cc:1316
 
#19 0x0000563be0a40b9f in sp_head::execute_trigger (this=0x7f86c4caf088, thd=0x7f86c4c60070, db_name=0x7f86c4cbfdb8, table_name=0x7f86c4cbfdc8, grant_info=0x7f86c4cbf548) at /data/src/10.1/sql/sp_head.cc:1646
 
#20 0x0000563be0786945 in Table_triggers_list::process_triggers (this=0x7f86c4cbf488, thd=0x7f86c4c60070, event=TRG_EVENT_INSERT, time_type=TRG_ACTION_BEFORE, old_row_is_record1=true) at /data/src/10.1/sql/sql_trigger.cc:2185
 
#21 0x0000563be0658d02 in fill_record_n_invoke_before_triggers (thd=0x7f86c4c60070, table=0x7f86c4ccfe70, ptr=0x7f86c4c66198, values=..., ignore_errors=false, event=TRG_EVENT_INSERT) at /data/src/10.1/sql/sql_base.cc:9021
 
#22 0x0000563be06920f9 in mysql_insert (thd=0x7f86c4c60070, table_list=0x7f86c4c840f0, fields=..., values_list=..., update_fields=..., update_values=..., duplic=DUP_ERROR, ignore=false) at /data/src/10.1/sql/sql_insert.cc:982
 
#23 0x0000563be06b68f2 in mysql_execute_command (thd=0x7f86c4c60070) at /data/src/10.1/sql/sql_parse.cc:3915
 
#24 0x0000563be06c11c3 in mysql_parse (thd=0x7f86c4c60070, rawbuf=0x7f86c4c96442 "INSERT INTO t1 VALUES (1)", length=25, parser_state=0x7f86dbe33de0) at /data/src/10.1/sql/sql_parse.cc:7352
 
#25 0x0000563be09ea135 in Query_log_event::do_apply_event (this=0x7f86c4ca6230, rgi=0x7f86c4c16800, query_arg=0x7f86c4c96442 "INSERT INTO t1 VALUES (1)", q_len_arg=25) at /data/src/10.1/sql/log_event.cc:4458
 
#26 0x0000563be09e928f in Query_log_event::do_apply_event (this=0x7f86c4ca6230, rgi=0x7f86c4c16800) at /data/src/10.1/sql/log_event.cc:4165
 
#27 0x0000563be061ccad in Log_event::apply_event (this=0x7f86c4ca6230, rgi=0x7f86c4c16800) at /data/src/10.1/sql/log_event.h:1343
 
#28 0x0000563be061256d in apply_event_and_update_pos_apply (ev=0x7f86c4ca6230, thd=0x7f86c4c60070, rgi=0x7f86c4c16800, reason=0) at /data/src/10.1/sql/slave.cc:3479
 
#29 0x0000563be0612a08 in apply_event_and_update_pos (ev=0x7f86c4ca6230, thd=0x7f86c4c60070, rgi=0x7f86c4c16800) at /data/src/10.1/sql/slave.cc:3600
 
#30 0x0000563be061320a in exec_relay_log_event (thd=0x7f86c4c60070, rli=0x7f86d2ecccd0, serial_rgi=0x7f86c4c16800) at /data/src/10.1/sql/slave.cc:3885
 
#31 0x0000563be0616436 in handle_slave_sql (arg=0x7f86d2ecb000) at /data/src/10.1/sql/slave.cc:4981
 
#32 0x0000563be0ba299e in pfs_spawn_thread (arg=0x7f86c61810f0) at /data/src/10.1/storage/perfschema/pfs.cc:1861
 
#33 0x00007f86ddb66494 in start_thread (arg=0x7f86dbe35b00) at pthread_create.c:333
 
#34 0x00007f86dbf1f93f in clone () from /lib/x86_64-linux-gnu/libc.so.6



 Comments   
Comment by Alice Sherepa [ 2019-02-04 ]

nearly the same case, adding just to make it searchable:

--source include/have_binlog_format_mixed.inc
 
--source include/master-slave.inc
 
 
CREATE TABLE t1 (f1 INT);
 
CREATE TABLE t2 (f2 VARCHAR(64));
 
CREATE TRIGGER tr1 BEFORE INSERT ON t1 FOR EACH ROW INSERT INTO t2 SELECT VARIABLE_NAME FROM INFORMATION_SCHEMA.SESSION_VARIABLES;
 
INSERT INTO t1 VALUES (1);
 
 
--sync_slave_with_master
 
 
# Cleanup
 
--connection master
 
DROP TABLE t1, t2;
 
--sync_slave_with_master
 
--connection master
 
--source include/rpl_end.inc

10.1 955c7b32226c816b24a2

 
ASAN:SIGSEGV
 
    #0 0x55b372c96e2b in strend /10.1/strings/strend.c:45
 
    #1 0x55b371b5280f in show_status_array /10.1/sql/sql_show.cc:3383
 
    #2 0x55b371b5dcb3 in fill_variables(THD*, TABLE_LIST*, Item*) /10.1/sql/sql_show.cc:7305
 
    #3 0x55b371b714cc in get_schema_tables_result(JOIN*, enum_schema_table_state) /10.1/sql/sql_show.cc:8235
 
    #4 0x55b371b1d0f9 in JOIN::exec_inner() /10.1/sql/sql_select.cc:2714
 
    #5 0x55b371b24cf7 in JOIN::exec() /10.1/sql/sql_select.cc:2562
 
    #6 0x55b371b1a14e in mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /10.1/sql/sql_select.cc:3499
 
    #7 0x55b371b1a918 in handle_select(THD*, LEX*, select_result*, unsigned long) /10.1/sql/sql_select.cc:388
 
    #8 0x55b371a1ddd4 in mysql_execute_command(THD*) /10.1/sql/sql_parse.cc:4041
 
    #9 0x55b3721d30a3 in sp_instr_stmt::exec_core(THD*, unsigned int*) /10.1/sql/sp_head.cc:3218
 
    #10 0x55b3721e86bd in sp_lex_keeper::reset_lex_and_exec_core(THD*, unsigned int*, bool, sp_instr*) /10.1/sql/sp_head.cc:2984
 
    #11 0x55b3721e9469 in sp_instr_stmt::execute(THD*, unsigned int*) /10.1/sql/sp_head.cc:3134
 
    #12 0x55b3721db211 in sp_head::execute(THD*, bool) /10.1/sql/sp_head.cc:1315
 
    #13 0x55b3721dc7dd in sp_head::execute_trigger(THD*, st_mysql_lex_string const*, st_mysql_lex_string const*, st_grant_info*) /10.1/sql/sp_head.cc:1644
 
    #14 0x55b371bd60be in Table_triggers_list::process_triggers(THD*, trg_event_type, trg_action_time_type, bool) /10.1/sql/sql_trigger.cc:2193
 
    #15 0x55b37194bf93 in fill_record_n_invoke_before_triggers(THD*, TABLE*, Field**, List<Item>&, bool, trg_event_type) /10.1/sql/sql_base.cc:9164
 
    #16 0x55b3719cee8b in mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicates, bool) /10.1/sql/sql_insert.cc:982
 
    #17 0x55b371a1d398 in mysql_execute_command(THD*) /10.1/sql/sql_parse.cc:3932
 
    #18 0x55b371a2ba24 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /10.1/sql/sql_parse.cc:7468
 
    #19 0x55b37212d0aa in Query_log_event::do_apply_event(rpl_group_info*, char const*, unsigned int) /10.1/sql/log_event.cc:4532
 
    #20 0x55b37212f33d in Query_log_event::do_apply_event(rpl_group_info*) /10.1/sql/log_event.cc:4212
 
    #21 0x55b3718aeced in Log_event::apply_event(rpl_group_info*) /10.1/sql/log_event.h:1343
 
    #22 0x55b3718aeced in apply_event_and_update_pos_apply /10.1/sql/slave.cc:3479
 
    #23 0x55b3718c00ae in apply_event_and_update_pos(Log_event*, THD*, rpl_group_info*) /10.1/sql/slave.cc:3600
 
    #24 0x55b3718c5e5c in exec_relay_log_event /10.1/sql/slave.cc:3885
 
    #25 0x55b3718c966c in handle_slave_sql /10.1/sql/slave.cc:4981
 
    #26 0x55b372ad9ab7 in pfs_spawn_thread /10.1/storage/perfschema/pfs.cc:1861
 
    #27 0x7f0d1879f6b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
 
    #28 0x7f0d17e4a41c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x10741c)

Comment by Sujatha Sivakumar (Inactive) [ 2019-07-02 ]

This issue is a duplicate of MDEV-14784 which is already in fixed state.
Hence closing this issue.

Generated at Thu Feb 08 08:20:58 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.