Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-22674

Server crash in compare_bin, ASAN heap-buffer-overflow in _ma_dpointer, Assertion `!info->s->have_versioning || info->s->lock_key_trees' failed in restore_table_state_after_repair

    XMLWordPrintable

Details

    Description

      Note: Despite different representations, I file all these failures in one bug report, because they happen interchangeably (and sometimes simultaneously) by just re-running the same test case. After the analysis, if it reveals essentially different problems, please feel free to split the report into several ones.

      Note: The test case is non-deterministic, run with --repeat=N. It fails almost every time for me, but re-running it even on the same binaries can result in different errors, so please try multiple times on all versions which you are fixing before considering it done.

      --source include/have_innodb.inc
      		 
      --source include/have_sequence.inc
      		 
       
      		 
      CREATE TABLE t1 (id INT, d DATETIME, PRIMARY KEY(d,id),INDEX(d)) ENGINE=Aria;
      		 
      INSERT INTO t1 SELECT seq, NOW() FROM seq_1_to_500;
      		 
       
      		 
      CREATE TABLE t2 (a INT) ENGINE=InnoDB;
      		 
      INSERT INTO t2 VALUES (1);
      		 
       
      		 
      --connect (con1,localhost,root,,test)
      		 
      ALTER TABLE t1 DISABLE KEYS;
      		 
      --send
      		 
        INSERT INTO t1 (id) SELECT b FROM t2;
      		 
       
      		 
      --connection default
      		 
      --error ER_WRONG_VALUE_COUNT_ON_ROW
      		 
      INSERT INTO t1 SELECT a FROM t2;
      		 
       
      		 
      # Cleanup
      		 
      --connection con1
      		 
      --error ER_BAD_FIELD_ERROR
      		 
      --reap
      		 
      --disconnect con1
      		 
       
      		 
      --connection default
      		 
      drop table t1, t2;

      Non-debug crash

      Observed on 10.4, 10.5

      10.4 dc22acfd non-debug

      		 
      #3  <signal handler called>
      		 
      #4  0x000055626cdd658c in compare_bin (a=a@entry=0x7f72d046fac3 <error: Cannot access memory at address 0x7f72d046fac3>, a_length=a_length@entry=5, b=b@entry=0x7f717c0c716d "\231\246m<4", b_length=b_length@entry=5, part_key=part_key@entry=0 '\000', skip_end_space=skip_end_space@entry=0 '\000') at /data/src/10.4/mysys/my_compare.c:43
      		 
      #5  0x000055626cdd6f64 in ha_key_cmp (keyseg=0x7f718001b2c0, a=<optimized out>, a@entry=0x7f72d046fac3 <error: Cannot access memory at address 0x7f72d046fac3>, b=0x7f717c0c716d "\231\246m<4", key_length=14, nextflag=nextflag@entry=131137, diff_pos=diff_pos@entry=0x7f71d046fa78) at /data/src/10.4/mysys/my_compare.c:227
      		 
      #6  0x000055626ccf5e7d in _ma_bin_search (key=0x7f71d0473050, ma_page=<optimized out>, comp_flag=131137, ret_pos=0x7f71d04724a0, buff=<optimized out>, last_key=0x7f71d047249f "\001\345\374F\320q\177") at /data/src/10.4/storage/maria/ma_search.c:303
      		 
      #7  0x000055626cd10c71 in w_search (info=info@entry=0x7f717c0c2a68, comp_flag=comp_flag@entry=131137, key=key@entry=0x7f71d0473050, page_pos=<optimized out>, father_page=father_page@entry=0x0, father_keypos=father_keypos@entry=0x0, insert_last=1 '\001') at /data/src/10.4/storage/maria/ma_write.c:640
      		 
      #8  0x000055626cd1102c in _ma_ck_real_write_btree (info=info@entry=0x7f717c0c2a68, key=key@entry=0x7f71d0473050, root=root@entry=0x7f71d0472a88, comp_flag=comp_flag@entry=131137) at /data/src/10.4/storage/maria/ma_write.c:528
      		 
      #9  0x000055626cd110a7 in _ma_ck_write_btree_with_log (info=info@entry=0x7f717c0c2a68, key=key@entry=0x7f71d0473050, root=0x7f718001b478, comp_flag=131137) at /data/src/10.4/storage/maria/ma_write.c:495
      		 
      #10 0x000055626cd111ee in _ma_ck_write_btree (info=0x7f717c0c2a68, key=0x7f71d0473050) at /data/src/10.4/storage/maria/ma_write.c:453
      		 
      #11 0x000055626cd21f99 in writekeys (sort_param=0x7f71d04731d0) at /data/src/10.4/storage/maria/ma_check.c:2948
      		 
      #12 maria_repair (param=param@entry=0x7f717c11d590, info=0x7f717c0c2a68, name=name@entry=0x7f71d0474410 "./test/t1", rep_quick=<optimized out>) at /data/src/10.4/storage/maria/ma_check.c:2719
      		 
      #13 0x000055626ccce9cd in ha_maria::repair (this=this@entry=0x7f717c089e60, thd=thd@entry=0x7f717c0009a8, param=param@entry=0x7f717c11d590, do_optimize=do_optimize@entry=false) at /data/src/10.4/storage/maria/ha_maria.cc:1668
      		 
      #14 0x000055626cccf8ff in ha_maria::enable_indexes (this=0x7f717c089e60, mode=<optimized out>) at /data/src/10.4/storage/maria/ha_maria.cc:2020
      		 
      #15 0x000055626ccc9db0 in ha_maria::end_bulk_insert (this=0x7f717c089e60) at /data/src/10.4/storage/maria/ha_maria.cc:2244
      		 
      #16 0x000055626c6ec694 in handler::ha_end_bulk_insert (this=<optimized out>) at /data/src/10.4/sql/handler.h:3308
      		 
      #17 select_insert::abort_result_set (this=0x7f717c011aa8) at /data/src/10.4/sql/sql_insert.cc:4163
      		 
      #18 0x000055626c77544a in handle_select (thd=thd@entry=0x7f717c0009a8, lex=lex@entry=0x7f717c004650, result=result@entry=0x7f717c011aa8, setup_tables_done_option=setup_tables_done_option@entry=1073741824) at /data/src/10.4/sql/sql_select.cc:428
      		 
      #19 0x000055626c724670 in mysql_execute_command (thd=thd@entry=0x7f717c0009a8) at /data/src/10.4/sql/sql_parse.cc:4642
      		 
      #20 0x000055626c725ac9 in mysql_parse (thd=thd@entry=0x7f717c0009a8, rawbuf=<optimized out>, length=31, parser_state=parser_state@entry=0x7f71d04765b0, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /data/src/10.4/sql/sql_parse.cc:7900
      		 
      #21 0x000055626c727cbf in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x7f717c0009a8, packet=packet@entry=0x7f717c007a19 "INSERT INTO t1 SELECT a FROM t2", packet_length=packet_length@entry=31, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /data/src/10.4/sql/sql_parse.cc:1842
      		 
      #22 0x000055626c729431 in do_command (thd=0x7f717c0009a8) at /data/src/10.4/sql/sql_parse.cc:1360
      		 
      #23 0x000055626c7f8c04 in do_handle_one_connection (connect=connect@entry=0x55626feb4628) at /data/src/10.4/sql/sql_connect.cc:1412
      		 
      #24 0x000055626c7f8cb4 in handle_one_connection (arg=arg@entry=0x55626feb4628) at /data/src/10.4/sql/sql_connect.cc:1316
      		 
      #25 0x000055626cd9b6a4 in pfs_spawn_thread (arg=0x55626fe751f8) at /data/src/10.4/storage/perfschema/pfs.cc:1869
      		 
      #26 0x00007f71d88584a4 in start_thread (arg=0x7f71d0477700) at pthread_create.c:456
      		 
      #27 0x00007f71d698cd0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97

      Or

      *** Error in `/data/bld/10.5-rel-nightly/bin/mariadbd': realloc(): invalid old size: 0x00007fcc600f9c20 ***
      		 
      ======= Backtrace: =========
      		 
      /lib/x86_64-linux-gnu/libc.so.6(+0x70bfb)[0x7fcc97cc5bfb]
      		 
      /lib/x86_64-linux-gnu/libc.so.6(+0x76fc6)[0x7fcc97ccbfc6]
      		 
      /lib/x86_64-linux-gnu/libc.so.6(+0x7a13c)[0x7fcc97ccf13c]
      		 
      /lib/x86_64-linux-gnu/libc.so.6(realloc+0x159)[0x7fcc97cd0719]
      		 
      /data/bld/10.5-rel-nightly/bin/mariadbd(my_realloc+0x42)[0x55ac1a0a4ac2]
      		 
      /data/bld/10.5-rel-nightly/bin/mariadbd(alloc_dynamic+0x83)[0x55ac1a08c0f3]
      		 
      /data/bld/10.5-rel-nightly/bin/mariadbd(+0xabba77)[0x55ac19d3ca77]
      		 
      /data/bld/10.5-rel-nightly/bin/mariadbd(+0xab8ad8)[0x55ac19d39ad8]
      		 
      /data/bld/10.5-rel-nightly/bin/mariadbd(+0xa61cbd)[0x55ac19ce2cbd]
      		 
      /data/bld/10.5-rel-nightly/bin/mariadbd(+0xa62419)[0x55ac19ce3419]
      		 
      /data/bld/10.5-rel-nightly/bin/mariadbd(+0xa5bf40)[0x55ac19cdcf40]
      		 
      /data/bld/10.5-rel-nightly/bin/mariadbd(_ZN13select_insert16abort_result_setEv+0x2a4)[0x55ac1992d8d4]
      		 
      /data/bld/10.5-rel-nightly/bin/mariadbd(_Z13handle_selectP3THDP3LEXP13select_resultm+0x1da)[0x55ac199ba25a]
      		 
      /data/bld/10.5-rel-nightly/bin/mariadbd(_Z21mysql_execute_commandP3THD+0x58e8)[0x55ac19964f78]
      		 
      /data/bld/10.5-rel-nightly/bin/mariadbd(_Z11mysql_parseP3THDPcjP12Parser_statebb+0x1db)[0x55ac19967c9b]
      		 
      /data/bld/10.5-rel-nightly/bin/mariadbd(_Z16dispatch_command19enum_server_commandP3THDPcjbb+0x16dd)[0x55ac1995d88d]
      		 
      /data/bld/10.5-rel-nightly/bin/mariadbd(_Z10do_commandP3THD+0x101)[0x55ac1995bcf1]
      		 
      /data/bld/10.5-rel-nightly/bin/mariadbd(_Z24do_handle_one_connectionP7CONNECTb+0x21c)[0x55ac19a4370c]
      		 
      /data/bld/10.5-rel-nightly/bin/mariadbd(handle_one_connection+0x33)[0x55ac19a43cf3]
      		 
      /data/bld/10.5-rel-nightly/bin/mariadbd(+0xadc474)[0x55ac19d5d474]
      		 
      /lib/x86_64-linux-gnu/libpthread.so.0(+0x74a4)[0x7fcc99c094a4]
      		 
      /lib/x86_64-linux-gnu/libc.so.6(clone+0x3f)[0x7fcc97d3dd0f]
      		 
      ======= Memory map: ========
      		 
      55ac19281000-55ac1a754000 r-xp 00000000 08:01 33900320                   /data/bld/10.5-rel-nightly/bin/mariadbd
      		 
      55ac1a954000-55ac1aa8f000 r--p 014d3000 08:01 33900320                   /data/bld/10.5-rel-nightly/bin/mariadbd
      		 
      55ac1aa8f000-55ac1ab43000 rw-p 0160e000 08:01 33900320                   /data/bld/10.5-rel-nightly/bin/mariadbd
      		 
      55ac1ab43000-55ac1b42b000 rw-p 00000000 00:00 0 
      55ac1b940000-55ac1c0b8000 rw-p 00000000 00:00 0                          [heap]
      		 
      7fcc54000000-7fcc540b1000 rw-p 00000000 00:00 0 
      7fcc540b1000-7fcc58000000 ---p 00000000 00:00 0 
      7fcc5c000000-7fcc5c021000 rw-p 00000000 00:00 0 
      7fcc5c021000-7fcc60000000 ---p 00000000 00:00 0 
      7fcc60000000-7fcc60b4d000 rw-p 00000000 00:00 0 
      7fcc60b4d000-7fcc64000000 ---p 00000000 00:00 0 
      7fcc64000000-7fcc64021000 rw-p 00000000 00:00 0 
      7fcc64021000-7fcc68000000 ---p 00000000 00:00 0 
      7fcc68000000-7fcc68021000 rw-p 00000000 00:00 0 
      7fcc68021000-7fcc6c000000 ---p 00000000 00:00 0 
      7fcc6c000000-7fcc6c021000 rw-p 00000000 00:00 0 
      7fcc6c021000-7fcc70000000 ---p 00000000 00:00 0 
      7fcc70000000-7fcc70021000 rw-p 00000000 00:00 0 
      7fcc70021000-7fcc74000000 ---p 00000000 00:00 0 
      7fcc74000000-7fcc74021000 rw-p 00000000 00:00 0 
      7fcc74021000-7fcc78000000 ---p 00000000 00:00 0 
      7fcc78000000-7fcc78021000 rw-p 00000000 00:00 0 
      7fcc78021000-7fcc7c000000 ---p 00000000 00:00 0 
      7fcc7c000000-7fcc7c08f000 rw-p 00000000 00:00 0 
      7fcc7c08f000-7fcc80000000 ---p 00000000 00:00 0 
      7fcc80ffa000-7fcc80ffb000 ---p 00000000 00:00 0 
      7fcc80ffb000-7fcc817fb000 rw-p 00000000 00:00 0 
      7fcc817fb000-7fcc817fc000 ---p 00000000 00:00 0 
      7fcc817fc000-7fcc81ffc000 rw-p 00000000 00:00 0 
      7fcc81ffc000-7fcc81ffd000 ---p 00000000 00:00 0 
      7fcc81ffd000-7fcc827fd000 rw-p 00000000 00:00 0 
      7fcc827fd000-7fcc827fe000 ---p 00000000 00:00 0 
      7fcc827fe000-7fcc82ffe000 rw-p 00000000 00:00 0 
      7fcc82ffe000-7fcc82fff000 ---p 00000000 00:00 0 
      7fcc82fff000-7fcc837ff000 rw-p 00000000 00:00 0 
      7fcc837ff000-7fcc83800000 ---p 00000000 00:00 0 
      7fcc83800000-7fcc84000000 rw-p 00000000 00:00 0 
      7fcc84000000-7fcc84021000 rw-p 00000000 00:00 0 
      7fcc84021000-7fcc88000000 ---p 00000000 00:00 0 
      7fcc88000000-7fcc88021000 rw-p 00000000 00:00 0 
      7fcc88021000-7fcc8c000000 ---p 00000000 00:00 0 
      7fcc8c000000-7fcc8c021000 rw-p 00000000 00:00 0 
      7fcc8c021000-7fcc90000000 ---p 00000000 00:00 0 
      7fcc90697000-7fcc9089c000 rw-p 00000000 00:00 0 
      7fcc9089c000-7fcc9089d000 ---p 00000000 00:00 0 
      7fcc9089d000-7fcc9109d000 rw-p 00000000 00:00 0 
      7fcc91171000-7fcc91172000 ---p 00000000 00:00 0 
      7fcc91172000-7fcc911bc000 rw-p 00000000 00:00 0 
      7fcc911bc000-7fcc911bd000 ---p 00000000 00:00 0 
      7fcc911bd000-7fcc91207000 rw-p 00000000 00:00 0 
      7fcc91207000-7fcc91208000 ---p 00000000 00:00 0 
      7fcc91208000-7fcc91252000 rw-p 00000000 00:00 0 
      7fcc91252000-7fcc91253000 ---p 00000000 00:00 0 
      7fcc91253000-7fcc9129d000 rw-p 00000000 00:00 0 
      7fcc9129d000-7fcc91c9d000 rw-p 00000000 00:00 0 
      7fcc91c9d000-7fcc91c9e000 ---p 00000000 00:00 0 
      7fcc91c9e000-7fcc9249e000 rw-p 00000000 00:00 0 
      7fcc9249e000-7fcc924b3000 rw-s 00000000 00:0e 111301777                  /[aio] (deleted)
      		 
      7fcc924b3000-7fcc928b4000 rw-p 00000000 00:00 0 
      7fcc928b4000-7fcc928b5000 ---p 00000000 00:00 0 
      7fcc928b5000-7fcc97c55000 rw-p 00000000 00:00 0 
      7fcc97c55000-7fcc97dea000 r-xp 00000000 103:01 42470447                  /lib/x86_64-linux-gnu/libc-2.24.so
      		 
      7fcc97dea000-7fcc97fea000 ---p 00195000 103:01 42470447                  /lib/x86_64-linux-gnu/libc-2.24.so
      		 
      7fcc97fea000-7fcc97fee000 r--p 00195000 103:01 42470447                  /lib/x86_64-linux-gnu/libc-2.24.so
      		 
      7fcc97fee000-7fcc97ff0000 rw-p 00199000 103:01 42470447                  /lib/x86_64-linux-gnu/libc-2.24.so
      		 
      7fcc97ff0000-7fcc97ff4000 rw-p 00000000 00:00 0 
      7fcc97ff4000-7fcc9800a000 r-xp 00000000 103:01 42467332                  /lib/x86_64-linux-gnu/libgcc_s.so.1
      		 
      7fcc9800a000-7fcc98209000 ---p 00016000 103:01 42467332                  /lib/x86_64-linux-gnu/libgcc_s.so.1
      		 
      7fcc98209000-7fcc9820a000 r--p 00015000 103:01 42467332                  /lib/x86_64-linux-gnu/libgcc_s.so.1
      		 
      7fcc9820a000-7fcc9820b000 rw-p 00016000 103:01 42467332                  /lib/x86_64-linux-gnu/libgcc_s.so.1
      		 
      7fcc9820b000-7fcc9830e000 r-xp 00000000 103:01 42470451                  /lib/x86_64-linux-gnu/libm-2.24.so
      		 
      7fcc9830e000-7fcc9850d000 ---p 00103000 103:01 42470451                  /lib/x86_64-linux-gnu/libm-2.24.so
      		 
      7fcc9850d000-7fcc9850e000 r--p 00102000 103:01 42470451                  /lib/x86_64-linux-gnu/libm-2.24.so
      		 
      7fcc9850e000-7fcc9850f000 rw-p 00103000 103:01 42470451                  /lib/x86_64-linux-gnu/libm-2.24.so
      		 
      7fcc9850f000-7fcc98681000 r-xp 00000000 103:01 11539684                  /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.22
      		 
      7fcc98681000-7fcc98881000 ---p 00172000 103:01 11539684                  /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.22
      		 
      7fcc98881000-7fcc9888b000 r--p 00172000 103:01 11539684                  /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.22
      		 
      7fcc9888b000-7fcc9888d000 rw-p 0017c000 103:01 11539684                  /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.22
      		 
      7fcc9888d000-7fcc98891000 rw-p 00000000 00:00 0 
      7fcc98891000-7fcc98894000 r-xp 00000000 103:01 42470450                  /lib/x86_64-linux-gnu/libdl-2.24.so
      		 
      7fcc98894000-7fcc98a93000 ---p 00003000 103:01 42470450                  /lib/x86_64-linux-gnu/libdl-2.24.so
      		 
      7fcc98a93000-7fcc98a94000 r--p 00002000 103:01 42470450                  /lib/x86_64-linux-gnu/libdl-2.24.so
      		 
      7fcc98a94000-7fcc98a95000 rw-p 00003000 103:01 42470450                  /lib/x86_64-linux-gnu/libdl-2.24.so
      		 
      7fcc98a95000-7fcc98d01000 r-xp 00000000 103:01 11544800                  /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
      		 
      7fcc98d01000-7fcc98f00000 ---p 0026c000 103:01 11544800                  /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
      		 
      7fcc98f00000-7fcc98f1e000 r--p 0026b000 103:01 11544800                  /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
      		 
      7fcc98f1e000-7fcc98f2c000 rw-p 00289000 103:01 11544800                  /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
      		 
      7fcc98f2c000-7fcc98f2f000 rw-p 00000000 00:00 0 
      7fcc98f2f000-7fcc98f92000 r-xp 00000000 103:01 11544804                  /usr/lib/x86_64-linux-gnu/libssl.so.1.1
      		 
      7fcc98f92000-7fcc99191000 ---p 00063000 103:01 11544804                  /usr/lib/x86_64-linux-gnu/libssl.so.1.1
      		 
      7fcc99191000-7fcc99195000 r--p 00062000 103:01 11544804                  /usr/lib/x86_64-linux-gnu/libssl.so.1.1
      		 
      7fcc99195000-7fcc9919b000 rw-p 00066000 103:01 11544804                  /usr/lib/x86_64-linux-gnu/libssl.so.1.1
      		 
      7fcc9919b000-7fcc991b4000 r-xp 00000000 103:01 42467418                  /lib/x86_64-linux-gnu/libz.so.1.2.8
      		 
      7fcc991b4000-7fcc993b3000 ---p 00019000 103:01 42467418                  /lib/x86_64-linux-gnu/libz.so.1.2.8
      		 
      7fcc993b3000-7fcc993b4000 r--p 00018000 103:01 42467418                  /lib/x86_64-linux-gnu/libz.so.1.2.8
      		 
      7fcc993b4000-7fcc993b5000 rw-p 00019000 103:01 42467418                  /lib/x86_64-linux-gnu/libz.so.1.2.8
      		 
      7fcc993b5000-7fcc993bf000 r-xp 00000000 103:01 11544600                  /usr/lib/x86_64-linux-gnu/libnuma.so.1.0.0
      		 
      7fcc993bf000-7fcc995be000 ---p 0000a000 103:01 11544600                  /usr/lib/x86_64-linux-gnu/libnuma.so.1.0.0
      		 
      7fcc995be000-7fcc995bf000 r--p 00009000 103:01 11544600                  /usr/lib/x86_64-linux-gnu/libnuma.so.1.0.0
      		 
      7fcc995bf000-7fcc995c0000 rw-p 0000a000 103:01 11544600                  /usr/lib/x86_64-linux-gnu/libnuma.so.1.0.0
      		 
      7fcc995c0000-7fcc995c1000 r-xp 00000000 103:01 42468160                  /lib/x86_64-linux-gnu/libaio.so.1.0.1
      		 
      7fcc995c1000-7fcc997c0000 ---p 00001000 103:01 42468160                  /lib/x86_64-linux-gnu/libaio.so.1.0.1
      		 
      7fcc997c0000-7fcc997c1000 r--p 00000000 103:01 42468160                  /lib/x86_64-linux-gnu/libaio.so.1.0.1
      		 
      7fcc997c1000-7fcc997c2000 rw-p 00000000 00:00 0 
      7fcc997c2000-7fcc997c9000 r-xp 00000000 103:01 11544581                  /usr/lib/x86_64-linux-gnu/libsnappy.so.1.3.0
      		 
      7fcc997c9000-7fcc999c8000 ---p 00007000 103:01 11544581                  /usr/lib/x86_64-linux-gnu/libsnappy.so.1.3.0
      		 
      7fcc999c8000-7fcc999c9000 r--p 00006000 103:01 11544581                  /usr/lib/x86_64-linux-gnu/libsnappy.so.1.3.0
      		 
      7fcc999c9000-7fcc999ca000 rw-p 00007000 103:01 11544581                  /usr/lib/x86_64-linux-gnu/libsnappy.so.1.3.0
      		 
      7fcc999ca000-7fcc999d2000 r-xp 00000000 103:01 42470449                  /lib/x86_64-linux-gnu/libcrypt-2.24.so
      		 
      7fcc999d2000-7fcc99bd2000 ---p 00008000 103:01 42470449                  /lib/x86_64-linux-gnu/libcrypt-2.24.so
      		 
      7fcc99bd2000-7fcc99bd3000 r--p 00008000 103:01 42470449                  /lib/x86_64-linux-gnu/libcrypt-2.24.so
      		 
      7fcc99bd3000-7fcc99bd4000 rw-p 00009000 103:01 42470449                  /lib/x86_64-linux-gnu/libcrypt-2.24.so
      		 
      7fcc99bd4000-7fcc99c02000 rw-p 00000000 00:00 0 
      7fcc99c02000-7fcc99c1a000 r-xp 00000000 103:01 42470462                  /lib/x86_64-linux-gnu/libpthread-2.24.so
      		 
      7fcc99c1a000-7fcc99e19000 ---p 00018000 103:01 42470462                  /lib/x86_64-linux-gnu/libpthread-2.24.so
      		 
      7fcc99e19000-7fcc99e1a000 r--p 00017000 103:01 42470462                  /lib/x86_64-linux-gnu/libpthread-2.24.so
      		 
      7fcc99e1a000-7fcc99e1b000 rw-p 00018000 103:01 42470462                  /lib/x86_64-linux-gnu/libpthread-2.24.so
      		 
      7fcc99e1b000-7fcc99e1f000 rw-p 00000000 00:00 0 
      7fcc99e1f000-7fcc99e42000 r-xp 00000000 103:01 42470443                  /lib/x86_64-linux-gnu/ld-2.24.so
      		 
      7fcc99e4e000-7fcc9a028000 rw-p 00000000 00:00 0 
      7fcc9a030000-7fcc9a031000 rw-p 00000000 00:00 0 
      7fcc9a031000-7fcc9a032000 ---p 00000000 00:00 0 
      7fcc9a032000-7fcc9a042000 rw-p 00000000 00:00 0 
      7fcc9a042000-7fcc9a043000 r--p 00023000 103:01 42470443                  /lib/x86_64-linux-gnu/ld-2.24.so
      		 
      7fcc9a043000-7fcc9a044000 rw-p 00024000 103:01 42470443                  /lib/x86_64-linux-gnu/ld-2.24.so
      		 
      7fcc9a044000-7fcc9a045000 rw-p 00000000 00:00 0 
      7ffef1ddc000-7ffef1e00000 rw-p 00000000 00:00 0                          [stack]
      		 
      7ffef1e03000-7ffef1e05000 r--p 00000000 00:00 0                          [vvar]
      		 
      7ffef1e05000-7ffef1e07000 r-xp 00000000 00:00 0                          [vdso]
      		 
      ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]

      Weird absence of an expected error on non-debug build

      Observed on 10.1-10.5

      10.1 836d7089 non-debug

      		 
      CREATE TABLE t1 (id INT, d DATETIME, PRIMARY KEY(d,id),INDEX(d)) ENGINE=Aria;
      		 
      INSERT INTO t1 SELECT seq, NOW() FROM seq_1_to_500;
      		 
      CREATE TABLE t2 (a INT) ENGINE=InnoDB;
      		 
      INSERT INTO t2 VALUES (1);
      		 
      ALTER TABLE t1 DISABLE KEYS;
      		 
      INSERT INTO t1 (id) SELECT b FROM t2;
      		 
      INSERT INTO t1 SELECT a FROM t2;
      		 
      ERROR 21S01: Column count doesn't match value count at row 1
      		 
      bug.7623 'innodb_plugin'                 [ fail ]
      		 
              Test ended at 2020-05-22 19:39:46
      		 
       
      		 
      CURRENT_TEST: bug.7623
      		 
      mysqltest: At line 22: query 'reap' succeeded - should have failed with errno 1054...

      which shouldn't be happening, as t2 doesn't have column b.

      ASAN heap-buffer-overflow

      Observed on 10.4

      10.4 dc22acfd asan

      		 
      ==17823==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61400003fbc5 at pc 0x5616c9ac1bec bp 0x7f1704437c70 sp 0x7f1704437c68
      		 
      WRITE of size 1 at 0x61400003fbc5 thread T28
      		 
          #0 0x5616c9ac1beb in _ma_dpointer /data/src/10.4/storage/maria/ma_search.c:881
      		 
          #1 0x5616c9adccdf in _ma_make_key /data/src/10.4/storage/maria/ma_key.c:318
      		 
          #2 0x5616c9b83c3d in sort_key_read /data/src/10.4/storage/maria/ma_check.c:4714
      		 
          #3 0x5616c9b9a816 in find_all_keys /data/src/10.4/storage/maria/ma_sort.c:324
      		 
          #4 0x5616c9b99bd5 in _ma_create_index_by_sort /data/src/10.4/storage/maria/ma_sort.c:231
      		 
          #5 0x5616c9b7dd9d in maria_repair_by_sort /data/src/10.4/storage/maria/ma_check.c:3901
      		 
          #6 0x5616c99f9c9a in ha_maria::repair(THD*, st_handler_check_param*, bool) /data/src/10.4/storage/maria/ha_maria.cc:1653
      		 
          #7 0x5616c99fc079 in ha_maria::enable_indexes(unsigned int) /data/src/10.4/storage/maria/ha_maria.cc:2010
      		 
          #8 0x5616c99fdbe8 in ha_maria::end_bulk_insert() /data/src/10.4/storage/maria/ha_maria.cc:2244
      		 
          #9 0x5616c85365ba in handler::ha_end_bulk_insert() /data/src/10.4/sql/handler.h:3308
      		 
          #10 0x5616c852e911 in select_insert::abort_result_set() /data/src/10.4/sql/sql_insert.cc:4163
      		 
          #11 0x5616c864c49e in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.4/sql/sql_select.cc:428
      		 
          #12 0x5616c85c28b6 in mysql_execute_command(THD*) /data/src/10.4/sql/sql_parse.cc:4642
      		 
          #13 0x5616c85d73bc in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.4/sql/sql_parse.cc:7900
      		 
          #14 0x5616c85b2407 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.4/sql/sql_parse.cc:1842
      		 
          #15 0x5616c85af3e5 in do_command(THD*) /data/src/10.4/sql/sql_parse.cc:1360
      		 
          #16 0x5616c893492f in do_handle_one_connection(CONNECT*) /data/src/10.4/sql/sql_connect.cc:1412
      		 
          #17 0x5616c89342e3 in handle_one_connection /data/src/10.4/sql/sql_connect.cc:1316
      		 
          #18 0x5616c9d92803 in pfs_spawn_thread /data/src/10.4/storage/perfschema/pfs.cc:1869
      		 
          #19 0x7f171c2d64a3 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x74a3)
      		 
          #20 0x7f171a40ad0e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe8d0e)
      		 
       
      		 
      0x61400003fbc5 is located 1 bytes to the right of 388-byte region [0x61400003fa40,0x61400003fbc4)
      		 
      allocated by thread T28 here:
      		 
          #0 0x7f171c5add28 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1d28)
      		 
          #1 0x5616c9ec4b54 in sf_malloc /data/src/10.4/mysys/safemalloc.c:118
      		 
          #2 0x5616c9e96753 in my_malloc /data/src/10.4/mysys/my_malloc.c:101
      		 
          #3 0x5616c9b998e7 in _ma_create_index_by_sort /data/src/10.4/storage/maria/ma_sort.c:196
      		 
          #4 0x5616c9b7dd9d in maria_repair_by_sort /data/src/10.4/storage/maria/ma_check.c:3901
      		 
          #5 0x5616c99f9c9a in ha_maria::repair(THD*, st_handler_check_param*, bool) /data/src/10.4/storage/maria/ha_maria.cc:1653
      		 
          #6 0x5616c99fc079 in ha_maria::enable_indexes(unsigned int) /data/src/10.4/storage/maria/ha_maria.cc:2010
      		 
          #7 0x5616c99fdbe8 in ha_maria::end_bulk_insert() /data/src/10.4/storage/maria/ha_maria.cc:2244
      		 
          #8 0x5616c85365ba in handler::ha_end_bulk_insert() /data/src/10.4/sql/handler.h:3308
      		 
          #9 0x5616c852e911 in select_insert::abort_result_set() /data/src/10.4/sql/sql_insert.cc:4163
      		 
          #10 0x5616c864c49e in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.4/sql/sql_select.cc:428
      		 
          #11 0x5616c85c28b6 in mysql_execute_command(THD*) /data/src/10.4/sql/sql_parse.cc:4642
      		 
          #12 0x5616c85d73bc in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.4/sql/sql_parse.cc:7900
      		 
          #13 0x5616c85b2407 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.4/sql/sql_parse.cc:1842
      		 
          #14 0x5616c85af3e5 in do_command(THD*) /data/src/10.4/sql/sql_parse.cc:1360
      		 
          #15 0x5616c893492f in do_handle_one_connection(CONNECT*) /data/src/10.4/sql/sql_connect.cc:1412
      		 
          #16 0x5616c89342e3 in handle_one_connection /data/src/10.4/sql/sql_connect.cc:1316
      		 
          #17 0x5616c9d92803 in pfs_spawn_thread /data/src/10.4/storage/perfschema/pfs.cc:1869
      		 
          #18 0x7f171c2d64a3 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x74a3)
      		 
       
      		 
      Thread T28 created by T0 here:
      		 
          #0 0x7f171c51cf59 in __interceptor_pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x30f59)
      		 
          #1 0x5616c9d92bf0 in spawn_thread_v1 /data/src/10.4/storage/perfschema/pfs.cc:1919
      		 
          #2 0x5616c83096d8 in inline_mysql_thread_create /data/src/10.4/include/mysql/psi/mysql_thread.h:1275
      		 
          #3 0x5616c831db71 in create_thread_to_handle_connection(CONNECT*) /data/src/10.4/sql/mysqld.cc:6259
      		 
          #4 0x5616c831e254 in create_new_thread(CONNECT*) /data/src/10.4/sql/mysqld.cc:6329
      		 
          #5 0x5616c831e5df in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/src/10.4/sql/mysqld.cc:6427
      		 
          #6 0x5616c831f231 in handle_connections_sockets() /data/src/10.4/sql/mysqld.cc:6585
      		 
          #7 0x5616c831d3d3 in mysqld_main(int, char**) /data/src/10.4/sql/mysqld.cc:5917
      		 
          #8 0x5616c83075bf in main /data/src/10.4/sql/main.cc:25
      		 
          #9 0x7f171a3422e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0)
      		 
       
      		 
      SUMMARY: AddressSanitizer: heap-buffer-overflow /data/src/10.4/storage/maria/ma_search.c:881 in _ma_dpointer
      		 
      Shadow bytes around the buggy address:
      		 
        0x0c287fffff20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      		 
        0x0c287fffff30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      		 
        0x0c287fffff40: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
      		 
        0x0c287fffff50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      		 
        0x0c287fffff60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      		 
      =>0x0c287fffff70: 00 00 00 00 00 00 00 00[04]fa fa fa fa fa fa fa
      		 
        0x0c287fffff80: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
      		 
        0x0c287fffff90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      		 
        0x0c287fffffa0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      		 
        0x0c287fffffb0: 00 00 00 00 00 00 00 00 00 04 fa fa fa fa fa fa
      		 
        0x0c287fffffc0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
      		 
      Shadow byte legend (one shadow byte represents 8 application bytes):
      		 
        Addressable:           00
      		 
        Partially addressable: 01 02 03 04 05 06 07 
        Heap left redzone:       fa
      		 
        Heap right redzone:      fb
      		 
        Freed heap region:       fd
      		 
        Stack left redzone:      f1
      		 
        Stack mid redzone:       f2
      		 
        Stack right redzone:     f3
      		 
        Stack partial redzone:   f4
      		 
        Stack after return:      f5
      		 
        Stack use after scope:   f8
      		 
        Global redzone:          f9
      		 
        Global init order:       f6
      		 
        Poisoned by user:        f7
      		 
        Container overflow:      fc
      		 
        Array cookie:            ac
      		 
        Intra object redzone:    bb
      		 
        ASan internal:           fe
      		 
        Left alloca redzone:     ca
      		 
        Right alloca redzone:    cb
      		 
      ==17823==ABORTING

      Debug double assertion failure

      Observed on 10.1-10.5.

      10.1 836d7089 debug

      		 
      mysqld: /data/src/10.1/storage/maria/ma_check.c:2442: restore_table_state_after_repair: Assertion `!info->s->have_versioning || info->s->lock_key_trees' failed.
      		 
      2020-05-22 19:41:12 139632090003200 [Warning] Warning: Enabling keys got errno 0 on test.t1, retrying
      		 
      200522 19:41:12 [ERROR] mysqld got signal 6 ;
      		 
      This could be because you hit a bug. It is also possible that this binary
      		 
      or one of the libraries it was linked against is corrupt, improperly built,
      		 
      or misconfigured. This error can also be caused by malfunctioning hardware.
      		 
       
      		 
      To report this bug, see https://mariadb.com/kb/en/reporting-bugs
      		 
       
      		 
      mysqld: /data/src/10.1/storage/maria/ha_maria.cc:2025: virtual int ha_maria::enable_indexes(uint): Assertion `thd->killed != 0' failed.
      		 
       
      		 
      Thread 12 (Thread 0x7efea1246700 (LWP 16702)):
      		 
      #0  print_with_addr_resolve (addrs=0x3, n=32510) at /data/src/10.1/mysys/stacktrace.c:240
      		 
      #1  0x000055b23ac2bc85 in my_print_stacktrace (stack_bottom=0x7efea1245e30 "p", thread_stack=299008) at /data/src/10.1/mysys/stacktrace.c:271
      		 
      #2  0x000055b23a5da561 in handle_fatal_signal (sig=6) at /data/src/10.1/sql/signal_handler.cc:166
      		 
      #3  <signal handler called>
      		 
      #4  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
      		 
      #5  0x00007efe9f62e42a in __GI_abort () at abort.c:89
      		 
      #6  0x00007efe9f625e67 in __assert_fail_base (fmt=<optimized out>, assertion=assertion@entry=0x55b23ae3c238 "!info->s->have_versioning || info->s->lock_key_trees", file=file@entry=0x55b23ae3aba8 "/data/src/10.1/storage/maria/ma_check.c", line=line@entry=2442, function=function@entry=0x55b23ae3d520 <__PRETTY_FUNCTION__.16496> "restore_table_state_after_repair") at assert.c:92
      		 
      #7  0x00007efe9f625f12 in __GI___assert_fail (assertion=0x55b23ae3c238 "!info->s->have_versioning || info->s->lock_key_trees", file=0x55b23ae3aba8 "/data/src/10.1/storage/maria/ma_check.c", line=2442, function=0x55b23ae3d520 <__PRETTY_FUNCTION__.16496> "restore_table_state_after_repair") at assert.c:101
      		 
      #8  0x000055b23a8296a4 in restore_table_state_after_repair (info=0x7efe8964d070, org_share=0x7efea1243820) at /data/src/10.1/storage/maria/ma_check.c:2442
      		 
      #9  0x000055b23a82e9ea in maria_repair_by_sort (param=0x7efe896b1088, info=0x7efe8964d070, name=0x7efea1244670 "./test/t1", rep_quick=1 '\001') at /data/src/10.1/storage/maria/ma_check.c:4135
      		 
      #10 0x000055b23a79a338 in ha_maria::repair (this=0x7efe894ae888, thd=0x7efe95f60070, param=0x7efe896b1088, do_optimize=false) at /data/src/10.1/storage/maria/ha_maria.cc:1663
      		 
      #11 0x000055b23a79b1b4 in ha_maria::enable_indexes (this=0x7efe894ae888, mode=2) at /data/src/10.1/storage/maria/ha_maria.cc:2019
      		 
      #12 0x000055b23a79b937 in ha_maria::end_bulk_insert (this=0x7efe894ae888) at /data/src/10.1/storage/maria/ha_maria.cc:2220
      		 
      #13 0x000055b23a386657 in handler::ha_end_bulk_insert (this=0x7efe894ae888) at /data/src/10.1/sql/handler.h:2861
      		 
      #14 0x000055b23a384525 in select_insert::abort_result_set (this=0x7efe894f8f50) at /data/src/10.1/sql/sql_insert.cc:3888
      		 
      #15 0x000055b23a3d7be3 in handle_select (thd=0x7efe95f60070, lex=0x7efe95f63af8, result=0x7efe894f8f50, setup_tables_done_option=1073741824) at /data/src/10.1/sql/sql_select.cc:395
      		 
      #16 0x000055b23a3a0769 in mysql_execute_command (thd=0x7efe95f60070) at /data/src/10.1/sql/sql_parse.cc:3782
      		 
      #17 0x000055b23a3ab15c in mysql_parse (thd=0x7efe95f60070, rawbuf=0x7efe894f8088 "INSERT INTO t1 SELECT a FROM t2", length=31, parser_state=0x7efea12455f0) at /data/src/10.1/sql/sql_parse.cc:7208
      		 
      #18 0x000055b23a39a332 in dispatch_command (command=COM_QUERY, thd=0x7efe95f60070, packet=0x7efe95ea3071 "INSERT INTO t1 SELECT a FROM t2", packet_length=31) at /data/src/10.1/sql/sql_parse.cc:1499
      		 
      #19 0x000055b23a399217 in do_command (thd=0x7efe95f60070) at /data/src/10.1/sql/sql_parse.cc:1131
      		 
      #20 0x000055b23a4d642b in do_handle_one_connection (thd_arg=0x7efe95f60070) at /data/src/10.1/sql/sql_connect.cc:1331
      		 
      #21 0x000055b23a4d615c in handle_one_connection (arg=0x7efe95f60070) at /data/src/10.1/sql/sql_connect.cc:1242
      		 
      #22 0x000055b23a8f3d84 in pfs_spawn_thread (arg=0x7efe95e95670) at /data/src/10.1/storage/perfschema/pfs.cc:1868
      		 
      #23 0x00007efea0ed44a4 in start_thread (arg=0x7efea1246700) at pthread_create.c:456
      		 
      #24 0x00007efe9f6e2d0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97
      		 
       
      		 
      Thread 1 (Thread 0x7efea11fb700 (LWP 16703)):
      		 
      #0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
      		 
      #1  0x00007efe9f62e42a in __GI_abort () at abort.c:89
      		 
      #2  0x00007efe9f625e67 in __assert_fail_base (fmt=<optimized out>, assertion=assertion@entry=0x55b23ae26527 "thd->killed != 0", file=file@entry=0x55b23ae25de0 "/data/src/10.1/storage/maria/ha_maria.cc", line=line@entry=2025, function=function@entry=0x55b23ae26ee0 <ha_maria::enable_indexes(unsigned int)::__PRETTY_FUNCTION__> "virtual int ha_maria::enable_indexes(uint)") at assert.c:92
      		 
      #3  0x00007efe9f625f12 in __GI___assert_fail (assertion=0x55b23ae26527 "thd->killed != 0", file=0x55b23ae25de0 "/data/src/10.1/storage/maria/ha_maria.cc", line=2025, function=0x55b23ae26ee0 <ha_maria::enable_indexes(unsigned int)::__PRETTY_FUNCTION__> "virtual int ha_maria::enable_indexes(uint)") at assert.c:101
      		 
      #4  0x000055b23a79b245 in ha_maria::enable_indexes (this=0x7efe894ac888, mode=2) at /data/src/10.1/storage/maria/ha_maria.cc:2025
      		 
      #5  0x000055b23a79b937 in ha_maria::end_bulk_insert (this=0x7efe894ac888) at /data/src/10.1/storage/maria/ha_maria.cc:2220
      		 
      #6  0x000055b23a386657 in handler::ha_end_bulk_insert (this=0x7efe894ac888) at /data/src/10.1/sql/handler.h:2861
      		 
      #7  0x000055b23a384525 in select_insert::abort_result_set (this=0x7efe89822070) at /data/src/10.1/sql/sql_insert.cc:3888
      		 
      #8  0x000055b23a3d7be3 in handle_select (thd=0x7efe95f66070, lex=0x7efe95f69af8, result=0x7efe89822070, setup_tables_done_option=1073741824) at /data/src/10.1/sql/sql_select.cc:395
      		 
      #9  0x000055b23a3a0769 in mysql_execute_command (thd=0x7efe95f66070) at /data/src/10.1/sql/sql_parse.cc:3782
      		 
      #10 0x000055b23a3ab15c in mysql_parse (thd=0x7efe95f66070, rawbuf=0x7efe89821088 "INSERT INTO t1 (id) SELECT b FROM t2", length=36, parser_state=0x7efea11fa5f0) at /data/src/10.1/sql/sql_parse.cc:7208
      		 
      #11 0x000055b23a39a332 in dispatch_command (command=COM_QUERY, thd=0x7efe95f66070, packet=0x7efe95f6c071 "INSERT INTO t1 (id) SELECT b FROM t2", packet_length=36) at /data/src/10.1/sql/sql_parse.cc:1499
      		 
      #12 0x000055b23a399217 in do_command (thd=0x7efe95f66070) at /data/src/10.1/sql/sql_parse.cc:1131
      		 
      #13 0x000055b23a4d642b in do_handle_one_connection (thd_arg=0x7efe95f66070) at /data/src/10.1/sql/sql_connect.cc:1331
      		 
      #14 0x000055b23a4d615c in handle_one_connection (arg=0x7efe95f66070) at /data/src/10.1/sql/sql_connect.cc:1242
      		 
      #15 0x000055b23a8f3d84 in pfs_spawn_thread (arg=0x7efe95e95b70) at /data/src/10.1/storage/perfschema/pfs.cc:1868
      		 
      #16 0x00007efea0ed44a4 in start_thread (arg=0x7efea11fb700) at pthread_create.c:456
      		 
      #17 0x00007efe9f6e2d0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97

      Attachments

        Activity

          People

            monty Michael Widenius
            elenst Elena Stepanova
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.