[MDEV-32476] LeakSanitizer errors in get_quick_select or Assertion `status_var.local_memory_used == 0 || !debug_assert_on_not_freed_memory' failed Created: 2023-10-15  Updated: 2023-10-22  Resolved: 2023-10-22

Status: Closed
Project: MariaDB Server
Component/s: Server
Affects Version/s: 10.6
Fix Version/s: 10.6.16, 10.10.7, 10.11.6, 11.0.4, 11.1.3

Type: Bug Priority: Blocker
Reporter: Elena Stepanova Assignee: Michael Widenius
Resolution: Fixed Votes: 0
Labels: regression


 Description   

Set to "blocker" because it's a recent regression in a to-be-released GA patch, even though the test case is somewhat artificial.

--source include/have_innodb.inc
 
 
 
CREATE TABLE t (pk INT AUTO_INCREMENT, f INT, PRIMARY KEY (pk), KEY(f)) ENGINE=InnoDB;
 
INSERT INTO t VALUES (1,10),(2,20);
 
--error ER_TRUNCATED_WRONG_VALUE
 
INSERT INTO t (f) SELECT t1.f FROM t t1, t t2 WHERE t1.f = 10 AND t2.pk > 'foo';
 
 
 
# Cleanup
 
DROP TABLE t;

10.6 1c554459

 
==3570623==ERROR: LeakSanitizer: detected memory leaks
 
 
 
Direct leak of 328 byte(s) in 1 object(s) allocated from:
 
    #0 0x7fcc4a4b94c8 in operator new(unsigned long) ../../../../src/libsanitizer/asan/asan_new_delete.cpp:95
 
    #1 0x563645eba552 in get_quick_select(PARAM*, unsigned int, SEL_ARG*, unsigned int, unsigned int, st_mem_root*) /data/src/10.6/sql/opt_range.cc:11834
 
    #2 0x563645ee5379 in TRP_RANGE::make_quick(PARAM*, bool, st_mem_root*) /data/src/10.6/sql/opt_range.cc:2280
 
    #3 0x563645e80d3a in SQL_SELECT::test_quick_select(THD*, Bitmap<64u>, unsigned long long, unsigned long long, bool, bool, bool, bool, bool) /data/src/10.6/sql/opt_range.cc:3079
 
    #4 0x5636452f9975 in get_quick_record_count /data/src/10.6/sql/sql_select.cc:5135
 
    #5 0x563645300781 in make_join_statistics /data/src/10.6/sql/sql_select.cc:5862
 
    #6 0x5636452de70c in JOIN::optimize_inner() /data/src/10.6/sql/sql_select.cc:2531
 
    #7 0x5636452d764c in JOIN::optimize() /data/src/10.6/sql/sql_select.cc:1868
 
    #8 0x5636452f90b3 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/10.6/sql/sql_select.cc:5077
 
    #9 0x5636452c8d6f in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.6/sql/sql_select.cc:559
 
    #10 0x563645221376 in mysql_execute_command(THD*, bool) /data/src/10.6/sql/sql_parse.cc:4731
 
    #11 0x5636452383a8 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /data/src/10.6/sql/sql_parse.cc:8050
 
    #12 0x56364520e047 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /data/src/10.6/sql/sql_parse.cc:1896
 
    #13 0x56364520ad7b in do_command(THD*, bool) /data/src/10.6/sql/sql_parse.cc:1409
 
    #14 0x56364567acb1 in do_handle_one_connection(CONNECT*, bool) /data/src/10.6/sql/sql_connect.cc:1416
 
    #15 0x56364567a672 in handle_one_connection /data/src/10.6/sql/sql_connect.cc:1318
 
    #16 0x5636462dc6eb in pfs_spawn_thread /data/src/10.6/storage/perfschema/pfs.cc:2201
 
    #17 0x7fcc49aa7fd3 in start_thread nptl/pthread_create.c:442
 
 
 
Indirect leak of 4080 byte(s) in 1 object(s) allocated from:
 
    #0 0x7fcc4a4b89cf in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69
 
    #1 0x563646ee20db in my_malloc /data/src/10.6/mysys/my_malloc.c:91
 
    #2 0x563646ebe8c4 in alloc_root /data/src/10.6/mysys/my_alloc.c:256
 
    #3 0x563644f1e9e9 in Query_arena::alloc(unsigned long) /data/src/10.6/sql/sql_class.h:1251
 
    #4 0x563645e737ed in QUICK_RANGE_SELECT::QUICK_RANGE_SELECT(THD*, TABLE*, unsigned int, bool, st_mem_root*, bool*) /data/src/10.6/sql/opt_range.cc:1301
 
    #5 0x563645eba65c in get_quick_select(PARAM*, unsigned int, SEL_ARG*, unsigned int, unsigned int, st_mem_root*) /data/src/10.6/sql/opt_range.cc:11834
 
    #6 0x563645ee5379 in TRP_RANGE::make_quick(PARAM*, bool, st_mem_root*) /data/src/10.6/sql/opt_range.cc:2280
 
    #7 0x563645e80d3a in SQL_SELECT::test_quick_select(THD*, Bitmap<64u>, unsigned long long, unsigned long long, bool, bool, bool, bool, bool) /data/src/10.6/sql/opt_range.cc:3079
 
    #8 0x5636452f9975 in get_quick_record_count /data/src/10.6/sql/sql_select.cc:5135
 
    #9 0x563645300781 in make_join_statistics /data/src/10.6/sql/sql_select.cc:5862
 
    #10 0x5636452de70c in JOIN::optimize_inner() /data/src/10.6/sql/sql_select.cc:2531
 
    #11 0x5636452d764c in JOIN::optimize() /data/src/10.6/sql/sql_select.cc:1868
 
    #12 0x5636452f90b3 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/10.6/sql/sql_select.cc:5077
 
    #13 0x5636452c8d6f in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.6/sql/sql_select.cc:559
 
    #14 0x563645221376 in mysql_execute_command(THD*, bool) /data/src/10.6/sql/sql_parse.cc:4731
 
    #15 0x5636452383a8 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /data/src/10.6/sql/sql_parse.cc:8050
 
    #16 0x56364520e047 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /data/src/10.6/sql/sql_parse.cc:1896
 
    #17 0x56364520ad7b in do_command(THD*, bool) /data/src/10.6/sql/sql_parse.cc:1409
 
    #18 0x56364567acb1 in do_handle_one_connection(CONNECT*, bool) /data/src/10.6/sql/sql_connect.cc:1416
 
    #19 0x56364567a672 in handle_one_connection /data/src/10.6/sql/sql_connect.cc:1318
 
    #20 0x5636462dc6eb in pfs_spawn_thread /data/src/10.6/storage/perfschema/pfs.cc:2201
 
    #21 0x7fcc49aa7fd3 in start_thread nptl/pthread_create.c:442
 
 
 
SUMMARY: AddressSanitizer: 4408 byte(s) leaked in 2 allocation(s).

or

mariadbd: /data/src/10.6/sql/sql_class.cc:1770: virtual THD::~THD(): Assertion `status_var.local_memory_used == 0 || !debug_assert_on_not_freed_memory' failed.
 
231015 21:28:42 [ERROR] mysqld got signal 6 ;
 
 
 
sql/signal_handler.cc:241(handle_fatal_signal)[0x55751e876fd3]
 
libc_sigaction.c:0(__restore_rt)[0x7f9d9245af90]
 
nptl/pthread_kill.c:44(__pthread_kill_implementation)[0x7f9d924a9ccc]
 
posix/raise.c:27(__GI_raise)[0x7f9d9245aef2]
 
stdlib/abort.c:81(__GI_abort)[0x7f9d92445472]
 
intl/loadmsgcat.c:1177(_nl_load_domain)[0x7f9d92445395]
 
/lib/x86_64-linux-gnu/libc.so.6(+0x34df2)[0x7f9d92453df2]
 
sql/sql_class.cc:1773(THD::~THD())[0x55751ded6e9b]
 
sql/sql_class.cc:1776(THD::~THD())[0x55751ded721a]
 
sql/sql_connect.cc:1359(do_handle_one_connection(CONNECT*, bool))[0x55751e46d258]
 
sql/sql_connect.cc:1320(handle_one_connection)[0x55751e46c673]
 
perfschema/pfs.cc:2203(pfs_spawn_thread)[0x55751f0ce6ec]
 
nptl/pthread_create.c:442(start_thread)[0x7f9d924a7fd4]
 
x86_64/clone3.S:83(clone3)[0x7f9d925285bc]
 
 
 
Trying to get some variables.
 
Some pointers may be invalid and cause the dump to abort.
 
Query (0x0): (null)
 
Connection ID (thread ID): 7
 
Status: KILL_CONNECTION

The failure started happening after this commit in 10.6:

commit 9ba8dc1413ff0fac018b5e22cdb5f5a8ff912ab2 (HEAD)
 
Author: Michael Widenius <monty@mariadb.org>
 
Date:   Wed Sep 27 17:26:24 2023 +0300
 
 
 
    MDEV-32164 Server crashes in JOIN::cleanup after erroneous query with view



 Comments   
Comment by Michael Widenius [ 2023-10-19 ]

Problem was that JOIN_TAB::cleanup() was not run because
JOIN::top_join_tab_count was not set in case of early errors.

Fixed by setting JOIN::tab_join_tab_count when JOIN_TAB's are allocated

Comment by Michael Widenius [ 2023-10-22 ]

Bug fixed and pushed

Generated at Thu Feb 08 10:31:38 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.