Details
Description
--source include/have_innodb.inc
|
|
|
CREATE TABLE t1 (pk INT AUTO_INCREMENT PRIMARY KEY, g GEOMETRY, i INT) ENGINE=InnoDB; |
INSERT INTO t1 () VALUES (),(),(),(),(),(),(),(); |
SET SQL_MODE= 'SIMULTANEOUS_ASSIGNMENT'; |
--error ER_CANT_CREATE_GEOMETRY_OBJECT
|
UPDATE t1 SET i = NULL, g = 'foo'; |
SELECT * FROM t1 ORDER BY i; |
|
|
# Cleanup
|
DROP TABLE t1; |
|
10.3 38d62189 |
mysqld: /data/src/10.3/storage/innobase/row/row0sel.cc:3723: void row_sel_dequeue_cached_row_for_mysql(byte*, row_prebuilt_t*): Assertion `prebuilt->mysql_prefix_len <= prebuilt->mysql_row_len' failed.
|
200517 2:00:24 [ERROR] mysqld got signal 6 ;
|
|
|
#7 0x00007f220650df12 in __GI___assert_fail (assertion=0x55a690ffe638 "prebuilt->mysql_prefix_len <= prebuilt->mysql_row_len", file=0x55a690ffd618 "/data/src/10.3/storage/innobase/row/row0sel.cc", line=3723, function=0x55a691001f40 <row_sel_dequeue_cached_row_for_mysql(unsigned char*, row_prebuilt_t*)::__PRETTY_FUNCTION__> "void row_sel_dequeue_cached_row_for_mysql(byte*, row_prebuilt_t*)") at assert.c:101
|
#8 0x000055a690854062 in row_sel_dequeue_cached_row_for_mysql (buf=0x7f21ac1654b0 "\377\005", prebuilt=0x7f21ac0a18e0) at /data/src/10.3/storage/innobase/row/row0sel.cc:3723
|
#9 0x000055a690855dc8 in row_search_mvcc (buf=0x7f21ac1654b0 "\377\005", mode=PAGE_CUR_UNSUPP, prebuilt=0x7f21ac0a18e0, match_mode=0, direction=1) at /data/src/10.3/storage/innobase/row/row0sel.cc:4315
|
#10 0x000055a690677a1e in ha_innobase::general_fetch (this=0x7f21ac0a1138, buf=0x7f21ac1654b0 "\377\005", direction=1, match_mode=0) at /data/src/10.3/storage/innobase/handler/ha_innodb.cc:9529
|
#11 0x000055a690677fa2 in ha_innobase::rnd_next (this=0x7f21ac0a1138, buf=0x7f21ac1654b0 "\377\005") at /data/src/10.3/storage/innobase/handler/ha_innodb.cc:9738
|
#12 0x000055a6904488f4 in handler::ha_rnd_next (this=0x7f21ac0a1138, buf=0x7f21ac1654b0 "\377\005") at /data/src/10.3/sql/handler.cc:2847
|
#13 0x000055a69043bd58 in find_all_keys (thd=0x7f21ac000af0, param=0x7f220010a0b0, select=0x7f21ac0151b0, fs_info=0x7f21ac166ee0, buffpek_pointers=0x7f220010a2b0, tempfile=0x7f220010a140, pq=0x0, found_rows=0x7f21ac1670c0) at /data/src/10.3/sql/filesort.cc:774
|
#14 0x000055a69043a27b in filesort (thd=0x7f21ac000af0, table=0x7f21ac1858e0, filesort=0x7f21ac015380, tracker=0x7f21ac015a20, join=0x7f21ac0132e8, first_table_bit=1) at /data/src/10.3/sql/filesort.cc:268
|
#15 0x000055a6901ab1b5 in create_sort_index (thd=0x7f21ac000af0, join=0x7f21ac0132e8, tab=0x7f21ac0148a0, fsort=0x7f21ac015380) at /data/src/10.3/sql/sql_select.cc:22890
|
#16 0x000055a6901a545c in st_join_table::sort_table (this=0x7f21ac0148a0) at /data/src/10.3/sql/sql_select.cc:20656
|
#17 0x000055a6901a5037 in join_init_read_record (tab=0x7f21ac0148a0) at /data/src/10.3/sql/sql_select.cc:20597
|
#18 0x000055a6901a2dd2 in sub_select (join=0x7f21ac0132e8, join_tab=0x7f21ac0148a0, end_of_records=false) at /data/src/10.3/sql/sql_select.cc:19678
|
#19 0x000055a6901a22be in do_select (join=0x7f21ac0132e8, procedure=0x0) at /data/src/10.3/sql/sql_select.cc:19221
|
#20 0x000055a690179213 in JOIN::exec_inner (this=0x7f21ac0132e8) at /data/src/10.3/sql/sql_select.cc:4102
|
#21 0x000055a6901785e6 in JOIN::exec (this=0x7f21ac0132e8) at /data/src/10.3/sql/sql_select.cc:3896
|
#22 0x000055a6901798f7 in mysql_select (thd=0x7f21ac000af0, tables=0x7f21ac012a20, wild_num=1, fields=..., conds=0x0, og_num=1, order=0x7f21ac0131a8, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7f21ac0132c0, unit=0x7f21ac0049b8, select_lex=0x7f21ac005140) at /data/src/10.3/sql/sql_select.cc:4301
|
#23 0x000055a69016af44 in handle_select (thd=0x7f21ac000af0, lex=0x7f21ac0048f8, result=0x7f21ac0132c0, setup_tables_done_option=0) at /data/src/10.3/sql/sql_select.cc:370
|
#24 0x000055a6901328d6 in execute_sqlcom_select (thd=0x7f21ac000af0, all_tables=0x7f21ac012a20) at /data/src/10.3/sql/sql_parse.cc:6293
|
#25 0x000055a69012904f in mysql_execute_command (thd=0x7f21ac000af0) at /data/src/10.3/sql/sql_parse.cc:3820
|
#26 0x000055a690136be1 in mysql_parse (thd=0x7f21ac000af0, rawbuf=0x7f21ac012818 "SELECT * FROM t1 ORDER BY i", length=27, parser_state=0x7f220010b5e0, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:7817
|
#27 0x000055a69012344f in dispatch_command (command=COM_QUERY, thd=0x7f21ac000af0, packet=0x7f21ac008c71 "", packet_length=27, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:1856
|
#28 0x000055a690121d67 in do_command (thd=0x7f21ac000af0) at /data/src/10.3/sql/sql_parse.cc:1401
|
#29 0x000055a69029a017 in do_handle_one_connection (connect=0x55a693fc0250) at /data/src/10.3/sql/sql_connect.cc:1403
|
#30 0x000055a690299d79 in handle_one_connection (arg=0x55a693fc0250) at /data/src/10.3/sql/sql_connect.cc:1308
|
#31 0x000055a690c4e70c in pfs_spawn_thread (arg=0x55a693fdb200) at /data/src/10.3/storage/perfschema/pfs.cc:1869
|
#32 0x00007f22084964a4 in start_thread (arg=0x7f220010c700) at pthread_create.c:456
|
#33 0x00007f22065cad0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97
|
Reproducible on 10.3-10.5.
The test case is not applicable to 10.2 due to SIMULTANEOUS_ASSIGNMENT.
Normal release build doesn't show any problem, but RelWithDebInfo build with ASAN does:
|
10.5 0186b0a0 RelWithDebInfo + ASAN |
==7783==ERROR: AddressSanitizer: use-after-poison on address 0x619000114111 at pc 0x7f067f703f7f bp 0x7f066e2065a0 sp 0x7f066e205d50
|
READ of size 4 at 0x619000114111 thread T15
|
#0 0x7f067f703f7e (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x5cf7e)
|
#1 0x5580e3a6fde8 in row_sel_store_mysql_field /data/src/10.5/storage/innobase/row/row0sel.cc:2966
|
#2 0x5580e3a70343 in row_sel_store_mysql_rec /data/src/10.5/storage/innobase/row/row0sel.cc:3146
|
#3 0x5580e4ccc3a3 in row_search_mvcc(unsigned char*, page_cur_mode_t, row_prebuilt_t*, unsigned long, unsigned long) /data/src/10.5/storage/innobase/row/row0sel.cc:5451
|
#4 0x5580e4a8e57d in ha_innobase::index_read(unsigned char*, unsigned char const*, unsigned int, ha_rkey_function) /data/src/10.5/storage/innobase/handler/ha_innodb.cc:8973
|
#5 0x5580e4a8ed96 in ha_innobase::index_first(unsigned char*) /data/src/10.5/storage/innobase/handler/ha_innodb.cc:9346
|
#6 0x5580e4a8ed96 in ha_innobase::rnd_next(unsigned char*) /data/src/10.5/storage/innobase/handler/ha_innodb.cc:9439
|
#7 0x5580e4281a55 in handler::ha_rnd_next(unsigned char*) /data/src/10.5/sql/handler.cc:2991
|
#8 0x5580e426e821 in find_all_keys /data/src/10.5/sql/filesort.cc:892
|
#9 0x5580e426e821 in filesort(THD*, TABLE*, Filesort*, Filesort_tracker*, JOIN*, unsigned long long) /data/src/10.5/sql/filesort.cc:361
|
#10 0x5580e3dfd5d8 in create_sort_index(THD*, JOIN*, st_join_table*, Filesort*) /data/src/10.5/sql/sql_select.cc:23870
|
#11 0x5580e3dfde38 in st_join_table::sort_table() /data/src/10.5/sql/sql_select.cc:21599
|
#12 0x5580e3dfdffb in join_init_read_record(st_join_table*) /data/src/10.5/sql/sql_select.cc:21538
|
#13 0x5580e3dd1464 in sub_select(JOIN*, st_join_table*, bool) /data/src/10.5/sql/sql_select.cc:20612
|
#14 0x5580e3e4084e in do_select /data/src/10.5/sql/sql_select.cc:20149
|
#15 0x5580e3e4084e in JOIN::exec_inner() /data/src/10.5/sql/sql_select.cc:4464
|
#16 0x5580e3e414bd in JOIN::exec() /data/src/10.5/sql/sql_select.cc:4245
|
#17 0x5580e3e3ac56 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/10.5/sql/sql_select.cc:4669
|
#18 0x5580e3e3d1bb in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.5/sql/sql_select.cc:429
|
#19 0x5580e3a42ece in execute_sqlcom_select /data/src/10.5/sql/sql_parse.cc:6172
|
#20 0x5580e3d336a7 in mysql_execute_command(THD*) /data/src/10.5/sql/sql_parse.cc:3901
|
#21 0x5580e3d46014 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.5/sql/sql_parse.cc:7957
|
#22 0x5580e3d2a706 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.5/sql/sql_parse.cc:1840
|
#23 0x5580e3d26176 in do_command(THD*) /data/src/10.5/sql/sql_parse.cc:1359
|
#24 0x5580e3fd3867 in do_handle_one_connection(CONNECT*, bool) /data/src/10.5/sql/sql_connect.cc:1411
|
#25 0x5580e3fd4576 in handle_one_connection /data/src/10.5/sql/sql_connect.cc:1313
|
#26 0x5580e48d6e33 in pfs_spawn_thread /data/src/10.5/storage/perfschema/pfs.cc:2201
|
#27 0x7f067f4914a3 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x74a3)
|
#28 0x7f067d5c5d0e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe8d0e)
|
|
|
0x619000114111 is located 401 bytes inside of 1008-byte region [0x619000113f80,0x619000114370)
|
allocated by thread T15 here:
|
#0 0x7f067f768d28 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1d28)
|
#1 0x5580e51df153 in my_malloc /data/src/10.5/mysys/my_malloc.c:88
|
|
|
Thread T15 created by T0 here:
|
#0 0x7f067f6d7f59 in __interceptor_pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x30f59)
|
#1 0x5580e48d70aa in my_thread_create /data/src/10.5/storage/perfschema/my_thread.h:34
|
#2 0x5580e48d70aa in pfs_spawn_thread_v1 /data/src/10.5/storage/perfschema/pfs.cc:2252
|
|
|
SUMMARY: AddressSanitizer: use-after-poison (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x5cf7e)
|
Shadow bytes around the buggy address:
|
0x0c328001a7d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c328001a7e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c328001a7f0: 00 00 00 00 00 00 f7 00 00 f7 01 f7 00 00 00 00
|
0x0c328001a800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0c328001a810: 00 00 00 00 00 00 00 00 00 02 f7 00 f7 00 00 05
|
=>0x0c328001a820: f7 01[f7]00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0c328001a830: f7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0c328001a840: 00 00 00 00 00 00 00 00 00 00 00 00 f7 00 00 00
|
0x0c328001a850: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0c328001a860: 00 00 00 00 00 00 00 00 f7 00 00 f7 f7 f7 fa fa
|
0x0c328001a870: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
Addressable: 00
|
Partially addressable: 01 02 03 04 05 06 07
|
Heap left redzone: fa
|
Heap right redzone: fb
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack partial redzone: f4
|
Stack after return: f5
|
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
Container overflow: fc
|
Array cookie: ac
|
Intra object redzone: bb
|
ASan internal: fe
|
Left alloca redzone: ca
|
Right alloca redzone: cb
|
==7783==ABORTING
|
200517 2:03:38 [ERROR] mysqld got signal 6 ;
|
This could be because you hit a bug. It is also possible that this binary
|
or one of the libraries it was linked against is corrupt, improperly built,
|
or misconfigured. This error can also be caused by malfunctioning hardware.
|
|
|
To report this bug, see https://mariadb.com/kb/en/reporting-bugs
|
|
|
We will try our best to scrape up some info that will hopefully help
|
diagnose the problem, but since we have already crashed,
|
something is definitely wrong and this may fail.
|
|
|
Server version: 10.5.4-MariaDB-log
|
key_buffer_size=1048576
|
read_buffer_size=131072
|
max_used_connections=1
|
max_threads=153
|
thread_count=2
|
It is possible that mysqld could use up to
|
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 63597 K bytes of memory
|
Hope that's ok; if not, decrease some variables in the equation.
|
|
|
Thread pointer: 0x62b00007e218
|
Attempting backtrace. You can use the following information to find out
|
where mysqld died. If you see no messages after this, something went
|
terribly wrong...
|
stack_bottom = 0x7f066e20a8e0 thread_stack 0x5fc00
|
??:0(backtrace)[0x7f067f6f4681]
|
mysys/stacktrace.c:307(my_print_stacktrace)[0x5580e51e7ac6]
|
sql/signal_handler.cc:210(handle_fatal_signal)[0x5580e4272df6]
|
??:0(__restore_rt)[0x7f067f49b0e0]
|
linux/raise.c:51(__GI_raise)[0x7f067d50ffff]
|
stdlib/abort.c:91(__GI_abort)[0x7f067d51142a]
|
??:0(__sanitizer_cov_trace_switch)[0x7f067f782329]
|
??:0(__asan_print_accumulated_stats)[0x7f067f7779ab]
|
??:0(__asan_unpoison_intra_object_redzone)[0x7f067f771b57]
|
??:0(__interceptor_if_indextoname)[0x7f067f703f9e]
|
/data/bld/10.5-rel-asan/bin/mariadbd(+0x8c5de9)[0x5580e3a6fde9]
|
row/row0sel.cc:2967(row_sel_store_mysql_field(unsigned char*, row_prebuilt_t*, unsigned char const*, dict_index_t const*, unsigned short const*, unsigned long, mysql_row_templ_t const*))[0x5580e3a70344]
|
row/row0sel.cc:3146(row_sel_store_mysql_rec(unsigned char*, row_prebuilt_t*, unsigned char const*, dtuple_t const*, bool, dict_index_t const*, unsigned short const*))[0x5580e4ccc3a4]
|
row/row0sel.cc:5451(row_search_mvcc(unsigned char*, page_cur_mode_t, row_prebuilt_t*, unsigned long, unsigned long))[0x5580e4a8e57e]
|
handler/ha_innodb.cc:8975(ha_innobase::index_read(unsigned char*, unsigned char const*, unsigned int, ha_rkey_function))[0x5580e4a8ed97]
|
handler/ha_innodb.cc:9351(ha_innobase::index_first(unsigned char*))[0x5580e4281a56]
|
sql/handler.cc:2991(handler::ha_rnd_next(unsigned char*))[0x5580e426e822]
|
sql/filesort.cc:892(find_all_keys)[0x5580e3dfd5d9]
|
sql/sql_select.cc:23872(create_sort_index(THD*, JOIN*, st_join_table*, Filesort*))[0x5580e3dfde39]
|
sql/sql_select.cc:21601(st_join_table::sort_table())[0x5580e3dfdffc]
|
sql/sql_select.cc:21538(join_init_read_record(st_join_table*))[0x5580e3dd1465]
|
sql/sql_select.cc:20613(sub_select(JOIN*, st_join_table*, bool))[0x5580e3e4084f]
|
sql/sql_select.cc:20150(do_select)[0x5580e3e414be]
|
sql/sql_select.cc:4246(JOIN::exec())[0x5580e3e3ac57]
|
sql/sql_select.cc:4671(mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x5580e3e3d1bc]
|
sql/sql_select.cc:429(handle_select(THD*, LEX*, select_result*, unsigned long))[0x5580e3a42ecf]
|
sql/sql_parse.cc:6172(execute_sqlcom_select(THD*, TABLE_LIST*))[0x5580e3d336a8]
|
sql/sql_parse.cc:3901(mysql_execute_command(THD*))[0x5580e3d46015]
|
sql/sql_parse.cc:7974(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x5580e3d2a707]
|
sql/sql_parse.cc:1842(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x5580e3d26177]
|
sql/sql_parse.cc:1359(do_command(THD*))[0x5580e3fd3868]
|
sql/sql_connect.cc:1411(do_handle_one_connection(CONNECT*, bool))[0x5580e3fd4577]
|
sql/sql_connect.cc:1317(handle_one_connection)[0x5580e48d6e34]
|
nptl/pthread_create.c:456(start_thread)[0x7f067f4914a4]
|
x86_64/clone.S:99(clone)[0x7f067d5c5d0f]
|
|
|
Trying to get some variables.
|
Some pointers may be invalid and cause the dump to abort.
|
Query (0x62b000077238): SELECT * FROM t1 ORDER BY i
|
Connection ID (thread ID): 4
|
Status: NOT_KILLED
|
|
|
Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,engine_condition_pushdown=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on,not_null_range_scan=off
|
|
|
The manual page at http://dev.mysql.com/doc/mysql/en/crashing.html contains
|
information that should help you find out what is causing the crash.
|
Writing a core file...
|
Working directory at /dev/shm/var_auto_gAa7/mysqld.1/d...
|
Resource Limits:
|
Limit Soft Limit Hard Limit Units
|
Max cpu time unlimited unlimited seconds
|
Max file size unlimited unlimited bytes
|
Max data size unlimited unlimited bytes
|
Max stack size 8388608 unlimited bytes
|
Max core file size 0 0 bytes
|
Max resident set unlimited unlimited bytes
|
Max processes 128123 128123 processes
|
Max open files 1024 1024 files
|
Max locked memory 65536 65536 bytes
|
Max address space unlimited unlimited bytes
|
Max file locks unlimited unlimited locks
|
Max pending signals 128123 128123 signals
|
Max msgqueue size 819200 819200 bytes
|
Max nice priority 0 0
|
Max realtime priority 0 0
|
Max realtime timeout unlimited unlimited us
|
Core pattern: co...
|
Attachments
Issue Links
- relates to
-
MDEV-22732 AddressSanitizer: use-after-poison upon update after an error with SIMULTANEOUS_ASSIGNMENT
-
- Confirmed
-
-
-
- Closed
-