SIGSEGV|__strlen_avx2|my_strdup|Session_sysvars_tracker::init|THD::init

SIGSEGV|__strlen_avx2|my_strdup|Session_sysvars_tracker::init|plugin_thdvar_init

global_system_variables.session_track_system_variables|SIGABRT|Session_sysvars_tracker::init|plugin_thdvar_init|THD::init|THD::THD

SET GLOBAL session_track_system_variables='a';

SET GLOBAL event_scheduler=TRUE;

mysqld: /test/10.8_dbg/sql/session_tracker.cc:334: void Session_sysvars_tracker::init(THD*): Assertion `global_system_variables.session_track_system_variables' failed.

Core was generated by `/test/MD121121-mariadb-10.8.0-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.

Program terminated with signal SIGABRT, Aborted.

#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50

[Current thread is 1 (Thread 0x146ba85ed700 (LWP 2002561))]

(gdb) bt

#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50

#1  0x0000146ba9a72859 in __GI_abort () at abort.c:79

#2  0x0000146ba9a72729 in __assert_fail_base (fmt=0x146ba9c08588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x55cd70de2878 "global_system_variables.session_track_system_variables", file=0x55cd70de25e0 "/test/10.8_dbg/sql/session_tracker.cc", line=334, function=<optimized out>) at assert.c:92

#3  0x0000146ba9a83f36 in __GI___assert_fail (assertion=assertion@entry=0x55cd70de2878 "global_system_variables.session_track_system_variables", file=file@entry=0x55cd70de25e0 "/test/10.8_dbg/sql/session_tracker.cc", line=line@entry=334, function=function@entry=0x55cd70de27e0 "void Session_sysvars_tracker::init(THD*)") at assert.c:101

#4  0x000055cd70034904 in Session_sysvars_tracker::init (this=<optimized out>, thd=0x146b6401c658) at /test/10.8_dbg/sql/session_tracker.cc:334

#5  0x000055cd7015ae89 in plugin_thdvar_init (thd=thd@entry=0x146b6401c658) at /test/10.8_dbg/sql/sql_plugin.cc:3255

#6  0x000055cd700c3222 in THD::init (this=this@entry=0x146b6401c658) at /test/10.8_dbg/sql/sql_class.cc:1234

#7  0x000055cd700cc523 in THD::THD (this=0x146b6401c658, id=<optimized out>, is_wsrep_applier=<optimized out>) at /test/10.8_dbg/sql/sql_class.cc:849

#8  0x000055cd70626ce7 in Event_scheduler::start (this=0x55cd74470170, err_no=err_no@entry=0x146ba85ebd2c) at /test/10.8_dbg/sql/sql_list.h:680

#9  0x000055cd7028dee5 in Events::start (err_no=err_no@entry=0x146ba85ebd2c) at /test/10.8_dbg/sql/events.cc:1133

#10 0x000055cd702cee89 in event_scheduler_update (self=<optimized out>, thd=<optimized out>, type=<optimized out>) at /test/10.8_dbg/sql/sys_vars.cc:1142

#11 0x000055cd700366ce in sys_var::update (this=0x55cd7179b700 <Sys_event_scheduler>, thd=0x146b64000db8, var=0x146b64013f00) at /test/10.8_dbg/sql/set_var.cc:207

#12 0x000055cd70036bdb in set_var::update (this=<optimized out>, thd=<optimized out>) at /test/10.8_dbg/sql/set_var.cc:863

#13 0x000055cd70037f21 in sql_set_variables (thd=thd@entry=0x146b64000db8, var_list=var_list@entry=0x146b640060d8, free=free@entry=true) at /test/10.8_dbg/sql/set_var.cc:745

#14 0x000055cd7013e8f4 in mysql_execute_command (thd=thd@entry=0x146b64000db8, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.8_dbg/sql/sql_parse.cc:5034

#15 0x000055cd70127cad in mysql_parse (thd=thd@entry=0x146b64000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x146ba85ec400) at /test/10.8_dbg/sql/sql_parse.cc:8028

#16 0x000055cd70136949 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x146b64000db8, packet=packet@entry=0x146b6400b879 "SET GLOBAL event_scheduler=TRUE", packet_length=packet_length@entry=31, blocking=blocking@entry=true) at /test/10.8_dbg/sql/sql_class.h:1360

#17 0x000055cd70139d83 in do_command (thd=0x146b64000db8, blocking=blocking@entry=true) at /test/10.8_dbg/sql/sql_parse.cc:1402

#18 0x000055cd702b3e2a in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55cd74468f38, put_in_cache=put_in_cache@entry=true) at /test/10.8_dbg/sql/sql_connect.cc:1418

#19 0x000055cd702b442f in handle_one_connection (arg=arg@entry=0x55cd74468f38) at /test/10.8_dbg/sql/sql_connect.cc:1312

#20 0x000055cd707344ce in pfs_spawn_thread (arg=0x55cd7437d568) at /test/10.8_dbg/storage/perfschema/pfs.cc:2201

#21 0x0000146ba9f81609 in start_thread (arg=<optimized out>) at pthread_create.c:477

#22 0x0000146ba9b6f293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

2021-11-13 18:55:32 23054982145792 [Note] /test/MD121121-mariadb-10.2.42-linux-x86_64-dbg/bin/mysqld: Shutdown complete

Warning: Memory not freed: 8

Warning:    8 bytes lost at 0x14f79c008b80, allocated by T@0 at mysys/my_malloc.c:229, sql/sys_vars.ic:527, sql/set_var.cc:208, sql/set_var.cc:837, sql/set_var.cc:738, sql/sql_parse.cc:4641, sql/sql_parse.cc:7793, sql/sql_parse.cc:1827

Memory lost: 8 bytes in 1 chunks

Warning:    8 bytes lost at 0x14f79c008b80, allocated by T@0 at mysys/my_malloc.c:229, sql/sys_vars.ic:527, sql/set_var.cc:208, sql/set_var.cc:837, sql/set_var.cc:738, sql/sql_parse.cc:4641, sql/sql_parse.cc:7793, sql/sql_parse.cc:1827

Memory lost: 8 bytes in 1 chunks

SET 'a';

SET collation_connection='a';

CHANGE MASTER TO master_host='a';

SET GLOBAL session_track_system_variables='a';

mysqld: /test/10.9_dbg/sql/session_tracker.cc:334: void Session_sysvars_tracker::init(THD*): Assertion `global_system_variables.session_track_system_variables' failed.

Core was generated by `/test/MD050422-mariadb-10.9.0-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.

Program terminated with signal SIGABRT, Aborted.

#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50

[Current thread is 1 (Thread 0x1521c41b3700 (LWP 358034))]

(gdb) bt

#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50

#1  0x00001521dc859859 in __GI_abort () at abort.c:79

#2  0x00001521dc859729 in __assert_fail_base (fmt=0x1521dc9ef588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x559905bfa978 "global_system_variables.session_track_system_variables", file=0x559905bfa6e0 "/test/10.9_dbg/sql/session_tracker.cc", line=334, function=<optimized out>) at assert.c:92

#3  0x00001521dc86b006 in __GI___assert_fail (assertion=assertion@entry=0x559905bfa978 "global_system_variables.session_track_system_variables", file=file@entry=0x559905bfa6e0 "/test/10.9_dbg/sql/session_tracker.cc", line=line@entry=334, function=function@entry=0x559905bfa8e0 "void Session_sysvars_tracker::init(THD*)") at assert.c:101

#4  0x0000559904e35522 in Session_sysvars_tracker::init (this=<optimized out>, thd=0x15218c000db8) at /test/10.9_dbg/sql/session_tracker.cc:334

#5  0x0000559904f5ce41 in plugin_thdvar_init (thd=thd@entry=0x15218c000db8) at /test/10.9_dbg/sql/sql_plugin.cc:3256

#6  0x0000559904ec48e0 in THD::init (this=this@entry=0x15218c000db8) at /test/10.9_dbg/sql/sql_class.cc:1235

#7  0x0000559904ec4ef7 in THD::change_user (this=this@entry=0x15218c000db8) at /test/10.9_dbg/sql/sql_class.cc:1433

#8  0x0000559904ec5109 in THD::reset_for_reuse (this=this@entry=0x15218c000db8) at /test/10.9_dbg/sql/sql_class.cc:1637

#9  0x00005599050b890e in CONNECT::create_thd (this=this@entry=0x559907a0b978, thd=0x15218c000db8) at /test/10.9_dbg/sql/sql_connect.cc:1527

#10 0x00005599050b9075 in do_handle_one_connection (connect=0x559907a0b978, connect@entry=0x5599079c4a58, put_in_cache=put_in_cache@entry=true) at /test/10.9_dbg/sql/sql_connect.cc:1438

#11 0x00005599050b932f in handle_one_connection (arg=arg@entry=0x5599079c4a58) at /test/10.9_dbg/sql/sql_connect.cc:1312

#12 0x00005599055437a5 in pfs_spawn_thread (arg=0x559907904e68) at /test/10.9_dbg/storage/perfschema/pfs.cc:2201

#13 0x00001521dcd6a609 in start_thread (arg=<optimized out>) at pthread_create.c:477

#14 0x00001521dc956163 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

SIGSEGV|__strlen_avx2|my_strdup|Session_sysvars_tracker::init|THD::init

SIGSEGV|__strlen_avx2|my_strdup|Session_sysvars_tracker::init|plugin_thdvar_init

global_system_variables.session_track_system_variables|SIGABRT|Session_sysvars_tracker::init|plugin_thdvar_init|THD::init|THD::change_user

SET 'a';

SET collation_connection='a';

CHANGE MASTER TO master_host='a';

SET GLOBAL session_track_system_variables='a';

/test/10.9_opt_san/mysys/my_malloc.c:230:18: runtime error: null pointer passed as argument 1, which is declared to never be null

    #0 0x555836d65fde in my_strdup /test/10.9_opt_san/mysys/my_malloc.c:230

    #1 0x5558372cd19c in Session_sysvars_tracker::init(THD*) /test/10.9_opt_san/sql/session_tracker.cc:336

    #2 0x5558375f00d3 in THD::init() /test/10.9_opt_san/sql/sql_class.cc:1235

    #3 0x5558375f21a3 in THD::change_user() /test/10.9_opt_san/sql/sql_class.cc:1433

    #4 0x5558375f2c23 in THD::reset_for_reuse() /test/10.9_opt_san/sql/sql_class.cc:1637

    #5 0x5558382210a6 in CONNECT::create_thd(THD*) /test/10.9_opt_san/sql/sql_connect.cc:1527

    #6 0x555838223448 in do_handle_one_connection(CONNECT*, bool) /test/10.9_opt_san/sql/sql_connect.cc:1438

    #7 0x555838226834 in handle_one_connection /test/10.9_opt_san/sql/sql_connect.cc:1312

    #8 0x55583a3241f9 in pfs_spawn_thread /test/10.9_opt_san/storage/perfschema/pfs.cc:2201

    #9 0x14e4465f7608 in start_thread /build/glibc-sMfBJT/glibc-2.31/nptl/pthread_create.c:477

    #10 0x14e44586c162 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x11f162)

Compiled with GCC >=7.5.0 (I use GCC 9.4.0) and:

    -DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWITH_RAPID=OFF -DWSREP_LIB_WITH_ASAN=ON

Set before execution:

    export ASAN_OPTIONS=quarantine_size_mb=512:atexit=1:detect_invalid_pointer_pairs=3:dump_instruction_bytes=1:abort_on_error=1

    export UBSAN_OPTIONS=print_stacktrace=1

Warning: Memory not freed: 16

worker[1] Using MTR_BUILD_THREAD 300, with reserved ports 16000..16019

SET sql_mode='';

SET 'a';

main.test                                [ fail ]

        Test ended at 2022-06-23 12:35:48

CURRENT_TEST: main.test

mysqltest: At line 2: query 'SET 'a'' failed: 1064: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''a'' at line 1

10.10.0-dbg>SET sql_mode='';  # Also try with ONLY_FULL_GROUP_BY

Query OK, 0 rows affected (0.000 sec)

10.10.0-dbg>SET 'a';

ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''a'' at line 1

10.10.0-dbg>SET collation_connection=utf6_unicode_520_ci;

ERROR 1273 (HY000): Unknown collation: 'utf6_unicode_520_ci'

10.10.0-dbg>SET GLOBAL session_track_system_variables='a';

ERROR 1193 (HY000): Unknown system variable 'a'

10.10.0-dbg>SET GLOBAL event_scheduler=1;

ERROR 2013 (HY000): Lost connection to server during query

10.10.0-dbg>

SET GLOBAL session_track_system_variables='a';

SET GLOBAL event_scheduler=TRUE;

SET sql_mode='';

CREATE TABLE t (a INT,b INT,c INT,d INT,e INT,f INT GENERATED ALWAYS AS (a+b) VIRTUAL,g INT,h BLOB,i INT,UNIQUE KEY(d,h)) ENGINE=InnoDB;

INSERT INTO t VALUES (0,0,0,0,0,0,0,0,0);

SET GLOBAL session_track_system_variables='a';

INSERT INTO t SET c=CONCAT (REPEAT (0,0),0,0);

CREATE TABLE t (c INT,KEY(c)) ENGINE=InnoDB;

SET @@autocommit=0;

SET GLOBAL session_track_system_variables='a';

INSERT INTO t (c) VALUES (1);

UBSAN|null pointer passed as argument 1, which is declared to never be null|mysys/my_malloc.c|my_strdup|Session_sysvars_tracker::init|THD::init|THD::THD

230626  9:48:06 [ERROR] mysqld got signal 11 ;

Server version: 10.11.2-MariaDB source revision: cafba8761af55ae16cc69c9b53a341340a845b36

mysys/stacktrace.c:213(my_print_stacktrace)[0x5589a1492bde]

sql/signal_handler.cc:238(handle_fatal_signal)[0x5589a0e72067]

sigaction.c:0(__restore_rt)[0x7fb82fffa420]

??:0(__nss_database_lookup)[0x7fb82fc436e5]

mysys/my_malloc.c:232(my_strdup)[0x5589a148f20c]

sql/session_tracker.cc:338(Session_sysvars_tracker::init(THD*))[0x5589a0b6ee06]

sql/sql_class.cc:1237(THD::init())[0x5589a0bd9cad]

sql/sql_class.cc:1427(THD::change_user())[0x5589a0bda15e]

sql/sql_class.cc:1627(THD::reset_for_reuse())[0x5589a0bda359]

sql/sql_connect.cc:1531(CONNECT::create_thd(THD*))[0x5589a0d3ff66]

sql/sql_connect.cc:1436(do_handle_one_connection(CONNECT*, bool))[0x5589a0d40365]

sql/sql_connect.cc:1324(handle_one_connection)[0x5589a0d40554]

perfschema/pfs.cc:2204(pfs_spawn_thread)[0x5589a10c4b2c]

nptl/pthread_create.c:478(start_thread)[0x7fb82ffee609]

??:0(clone)[0x7fb82fbda133]

==1197614==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 16 byte(s) in 1 object(s) allocated from:

    #0 0x559bcdcd6207 in malloc (/test/UBASAN_MD280623-mariadb-10.4.31-linux-x86_64-dbg/bin/mysqld+0x733f207)

    #1 0x559bd208a4bc in my_malloc /test/10.4_dbg_san/mysys/my_malloc.c:101

    #2 0x559bd208ac5f in my_memdup /test/10.4_dbg_san/mysys/my_malloc.c:233

    #3 0x559bced60624 in Sys_var_charptr_base::global_update_prepare(THD*, set_var*) /test/10.4_dbg_san/sql/sys_vars.inl:535

    #4 0x559bced60624 in Sys_var_sesvartrack::global_update(THD*, set_var*) /test/10.4_dbg_san/sql/sys_vars.inl:618

    #5 0x559bcddbc24d in sys_var::update(THD*, set_var*) /test/10.4_dbg_san/sql/set_var.cc:208

    #6 0x559bcddbf013 in set_var::update(THD*) /test/10.4_dbg_san/sql/set_var.cc:837

    #7 0x559bcddc69ae in sql_set_variables(THD*, List<set_var_base>*, bool) /test/10.4_dbg_san/sql/set_var.cc:740

    #8 0x559bce40add2 in mysql_execute_command(THD*) /test/10.4_dbg_san/sql/sql_parse.cc:5045

    #9 0x559bce431a55 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /test/10.4_dbg_san/sql/sql_parse.cc:8008

    #10 0x559bce4417ae in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /test/10.4_dbg_san/sql/sql_parse.cc:1857

    #11 0x559bce44fb9a in do_command(THD*) /test/10.4_dbg_san/sql/sql_parse.cc:1378

    #12 0x559bcec8a8dc in do_handle_one_connection(CONNECT*) /test/10.4_dbg_san/sql/sql_connect.cc:1420

    #13 0x559bcec8aeac in handle_one_connection /test/10.4_dbg_san/sql/sql_connect.cc:1324

    #14 0x147932694b42 in start_thread nptl/pthread_create.c:442

SUMMARY: AddressSanitizer: 16 byte(s) leaked in 1 allocation(s).

In file included from /test/11.1_dbg/sql/sys_vars.cc:37:

/test/11.1_dbg/sql/sys_vars.inl: In member function ‘virtual bool Sys_var_sesvartrack::global_update(THD*, set_var*)’:

/test/11.1_dbg/sql/sys_vars.inl:75:27: error: invalid conversion from ‘const char*’ to ‘PSI_memory_key’ {aka ‘unsigned int’} [-fpermissive]

   75 | #define global_var(TYPE) (*(TYPE*)global_var_ptr())

      |                          ~^~~~~~~~~~~~~~~~~~~~~~~~~

      |                           |

      |                           const char*

/test/11.1_dbg/sql/sys_vars.inl:670:35: note: in expansion of macro ‘global_var’

  670 |         new_val= (char*)my_strdup(global_var(const char*), MYF(MY_WME));

      |                                   ^~~~~~~~~~

In file included from /test/11.1_dbg/sql/mariadb.h:29,

                 from /test/11.1_dbg/sql/sql_plugin.h:30,

                 from /test/11.1_dbg/sql/sys_vars.cc:34:

/test/11.1_dbg/include/my_global.h:994:25: error: invalid conversion from ‘myf’ {aka ‘long unsigned int’} to ‘const char*’ [-fpermissive]

  994 | #define MYF(v)          (myf) (v)

      |                         ^~~~~~~~~

      |                         |

      |                         myf {aka long unsigned int}

/test/11.1_dbg/sql/sys_vars.inl:670:60: note: in expansion of macro ‘MYF’

  670 |         new_val= (char*)my_strdup(global_var(const char*), MYF(MY_WME));

      |                                                            ^~~

In file included from /test/11.1_dbg/sql/sys_vars.cc:37:

/test/11.1_dbg/sql/sys_vars.inl:670:34: error: too few arguments to function ‘char* my_strdup(PSI_memory_key, const char*, myf)’

  670 |         new_val= (char*)my_strdup(global_var(const char*), MYF(MY_WME));

      |                         ~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

In file included from /test/11.1_dbg/sql/sql_plugin.h:45,

                 from /test/11.1_dbg/sql/sys_vars.cc:34:

/test/11.1_dbg/include/my_sys.h:173:14: note: declared here

  173 | extern char *my_strdup(PSI_memory_key key, const char *from,myf MyFlags);

      |              ^~~~~~~~~

sanja@SanjasLaptop:~/maria/git/10.4/mysql-test$ git log

commit d8e04ef367b7b80104a59634aca9ca101add59db (HEAD -> bb-10.4-MDEV-25237, origin/bb-10.4-MDEV-25237)

Author: Oleksandr Byelkin <sanja@mariadb.com>

Date:   Tue Jun 27 12:10:48 2023 +0200

    MDEV-25237 Assertion `global_system_variables.session_track_system_variables' failed in Session_sysvars_tracker::init | SIGSEGV's in __strlen_avx2 | UBSAN: runtime error: null pointer passed as argument 1, which is declared to never be null in my_strdup

    Restore old value of the variable in case of error

commit 8e9c68b49dd82cfda2ac22949666c9d1adae2db7 (HEAD -> bb-10.4-MDEV-25237, origin/bb-10.4-MDEV-25237)

Author: Oleksandr Byelkin <sanja@mariadb.com>

Date:   Tue Jun 27 12:10:48 2023 +0200

    MDEV-25237 Assertion `global_system_variables.session_track_system_variables' failed in Session_sysvars_tracker::init | SIGSEGV's in __strlen_avx2 | UBSAN: runtime error: null pointer passed as argument 1, which is declared to never be null in my_strdup

    Fix of typo in checking variable list corectness.

    Fix of error handling in case of variable list parse error