[MDEV-23675] Assertion `pos < table->n_def' fails in dict_table_get_nth_col - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 10.4(EOL), 10.5
Fix Version/s: 10.4.16, 10.5.7
Component/s: Storage Engine - InnoDB
Labels:
- regression

Description

--source include/have_innodb.inc

CREATE TABLE t1 (

    pk int,

    a int,

    b int,

    c int,

    PRIMARY KEY (pk),

    KEY (c),

    FOREIGN KEY fx (b) REFERENCES t1 (c)

) ENGINE=InnoDB;

INSERT INTO t1 VALUES (1,0,10,10);

ALTER TABLE t1 DROP a;

SET FOREIGN_KEY_CHECKS= 0;

DROP INDEX fx ON t1;

INSERT INTO t1 VALUES (2,11,11);

# Cleanup

DROP TABLE t1;

10.4 1cda462f
mysqld: /data/src/10.4/storage/innobase/include/dict0dict.ic:370: dict_col_t* dict_table_get_nth_col(const dict_table_t*, ulint): Assertion `pos < table->n_def' failed.
200904 21:44:17 [ERROR] mysqld got signal 6 ;

#7 0x00007fca0237ef12 in __GI___assert_fail (assertion=0x55f086dbbd1f "pos < table->n_def", file=0x55f086dbbc78 "/data/src/10.4/storage/innobase/include/dict0dict.ic", line=370, function=0x55f086dcb340 <dict_table_get_nth_col(dict_table_t const, unsigned long)::__PRETTY_FUNCTION__> "dict_col_t dict_table_get_nth_col(const dict_table_t*, ulint)") at assert.c:101
#8 0x000055f0864448fe in dict_table_get_nth_col (table=0x7fc9a8156e60, pos=1023) at /data/src/10.4/storage/innobase/include/dict0dict.ic:370
#9 0x000055f086474436 in dict_table_get_col_name (table=0x7fc9a8156e60, col_nr=1023) at /data/src/10.4/storage/innobase/include/dict0dict.h:799
#10 0x000055f0865d4652 in row_ins_foreign_index_entry (foreign=0x7fc9a8159160, index=0x7fc9a8159430, entry=0x7fc9a815a500, ref_entry=0x7fc9a806e9b0) at /data/src/10.4/storage/innobase/row/row0ins.cc:1917
#11 0x000055f0865d4976 in row_ins_check_foreign_constraints (table=0x7fc9a8156e60, index=0x7fc9a8159430, pk=true, entry=0x7fc9a815a500, thr=0x7fc9a80703c0) at /data/src/10.4/storage/innobase/row/row0ins.cc:1985
#12 0x000055f0865d86a9 in row_ins_clust_index_entry (index=0x7fc9a8159430, entry=0x7fc9a815a500, thr=0x7fc9a80703c0, n_ext=0) at /data/src/10.4/storage/innobase/row/row0ins.cc:3189
#13 0x000055f0865d8d53 in row_ins_index_entry (index=0x7fc9a8159430, entry=0x7fc9a815a500, thr=0x7fc9a80703c0) at /data/src/10.4/storage/innobase/row/row0ins.cc:3360
#14 0x000055f0865d9602 in row_ins_index_entry_step (node=0x7fc9a8070160, thr=0x7fc9a80703c0) at /data/src/10.4/storage/innobase/row/row0ins.cc:3529
#15 0x000055f0865d9ab9 in row_ins (node=0x7fc9a8070160, thr=0x7fc9a80703c0) at /data/src/10.4/storage/innobase/row/row0ins.cc:3666
#16 0x000055f0865da290 in row_ins_step (thr=0x7fc9a80703c0) at /data/src/10.4/storage/innobase/row/row0ins.cc:3805
#17 0x000055f0865ff83f in row_insert_for_mysql (mysql_rec=0x7fc9a8158cf0 "\371\002", prebuilt=0x7fc9a806fbf0, ins_mode=ROW_INS_NORMAL) at /data/src/10.4/storage/innobase/row/row0mysql.cc:1422
#18 0x000055f086455bb9 in ha_innobase::write_row (this=0x7fc9a8147d08, record=0x7fc9a8158cf0 "\371\002") at /data/src/10.4/storage/innobase/handler/ha_innodb.cc:7973
#19 0x000055f086217a5e in handler::ha_write_row (this=0x7fc9a8147d08, buf=0x7fc9a8158cf0 "\371\002") at /data/src/10.4/sql/handler.cc:6742
#20 0x000055f085e60fb9 in write_record (thd=0x7fc9a8000af0, table=0x7fc9a8146ea0, info=0x7fc9f76fda90) at /data/src/10.4/sql/sql_insert.cc:2058
#21 0x000055f085e5df35 in mysql_insert (thd=0x7fc9a8000af0, table_list=0x7fc9a8013280, fields=..., values_list=..., update_fields=..., update_values=..., duplic=DUP_ERROR, ignore=false) at /data/src/10.4/sql/sql_insert.cc:1078
#22 0x000055f085eab783 in mysql_execute_command (thd=0x7fc9a8000af0) at /data/src/10.4/sql/sql_parse.cc:4519
#23 0x000055f085eb70cd in mysql_parse (thd=0x7fc9a8000af0, rawbuf=0x7fc9a8013198 "INSERT INTO t1 VALUES (2,11,11)", length=31, parser_state=0x7fc9f76fe570, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:7896
#24 0x000055f085ea3601 in dispatch_command (command=COM_QUERY, thd=0x7fc9a8000af0, packet=0x7fc9a80083a1 "INSERT INTO t1 VALUES (2,11,11)", packet_length=31, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:1835
#25 0x000055f085ea1da3 in do_command (thd=0x7fc9a8000af0) at /data/src/10.4/sql/sql_parse.cc:1353
#26 0x000055f08602be3c in do_handle_one_connection (connect=0x55f089d15330) at /data/src/10.4/sql/sql_connect.cc:1412
#27 0x000055f08602bb8b in handle_one_connection (arg=0x55f089d15330) at /data/src/10.4/sql/sql_connect.cc:1316
#28 0x000055f086a312b9 in pfs_spawn_thread (arg=0x55f089c932e0) at /data/src/10.4/storage/perfschema/pfs.cc:1869
#29 0x00007fca043074a4 in start_thread (arg=0x7fc9f76ff700) at pthread_create.c:456
#30 0x00007fca0243bd0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97

It appears to be a recent regression, somewhere between ae33ebe5 and 1cda462f, I didn't look for the exact commit.
Reproducible on 10.4 debug builds.
Not reproducible on 10.3.
No obvious effect on a release build, but non-debug ASAN build throws heap-buffer-overflow:

10.5 34212233
==2648901==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61c00005caa0 at pc 0x563f95fd5ec3 bp 0x7efe2cdb6bc0 sp 0x7efe2cdb6bb0
READ of size 16 at 0x61c00005caa0 thread T13
#0 0x563f95fd5ec2 in dict_col_t::is_virtual() const /data/src/10.5/storage/innobase/include/dict0mem.h:600
#1 0x563f95fd5ec2 in dict_col_t::name(dict_table_t const&) const /data/src/10.5/storage/innobase/dict/dict0dict.cc:445
#2 0x563f95ca68e9 in dict_table_get_col_name(dict_table_t const*, unsigned long) /data/src/10.5/storage/innobase/include/dict0dict.h:816
#3 0x563f95ca68e9 in row_ins_foreign_index_entry /data/src/10.5/storage/innobase/row/row0ins.cc:1915
#4 0x563f95ca68e9 in row_ins_check_foreign_constraints /data/src/10.5/storage/innobase/row/row0ins.cc:1984
#5 0x563f95cb3d8e in row_ins_clust_index_entry(dict_index_t, dtuple_t, que_thr_t*, unsigned long) /data/src/10.5/storage/innobase/row/row0ins.cc:3185
#6 0x563f95cb5290 in row_ins_index_entry /data/src/10.5/storage/innobase/row/row0ins.cc:3357
#7 0x563f95cb5290 in row_ins_index_entry_step /data/src/10.5/storage/innobase/row/row0ins.cc:3526
#8 0x563f95cb5290 in row_ins /data/src/10.5/storage/innobase/row/row0ins.cc:3663
#9 0x563f95cb5290 in row_ins_step(que_thr_t*) /data/src/10.5/storage/innobase/row/row0ins.cc:3802
#10 0x563f95cea26e in row_insert_for_mysql(unsigned char const, row_prebuilt_t, ins_mode_t) /data/src/10.5/storage/innobase/row/row0mysql.cc:1421
#11 0x563f95a580ec in ha_innobase::write_row(unsigned char const*) /data/src/10.5/storage/innobase/handler/ha_innodb.cc:7561
#12 0x563f94fdf7a7 in handler::ha_write_row(unsigned char const*) /data/src/10.5/sql/handler.cc:7137
#13 0x563f947e5ddc in write_record(THD, TABLE, st_copy_info, select_result) /data/src/10.5/sql/sql_insert.cc:2092
#14 0x563f94800728 in mysql_insert(THD, TABLE_LIST, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicates, bool, select_result*) /data/src/10.5/sql/sql_insert.cc:1087
#15 0x563f948d0e1d in mysql_execute_command(THD*) /data/src/10.5/sql/sql_parse.cc:4546
#16 0x563f9489658c in mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool) /data/src/10.5/sql/sql_parse.cc:7994
#17 0x563f948c2750 in dispatch_command(enum_server_command, THD, char, unsigned int, bool, bool) /data/src/10.5/sql/sql_parse.cc:1867
#18 0x563f948c8534 in do_command(THD*) /data/src/10.5/sql/sql_parse.cc:1348
#19 0x563f94c620cc in do_handle_one_connection(CONNECT*, bool) /data/src/10.5/sql/sql_connect.cc:1410
#20 0x563f94c62c4c in handle_one_connection /data/src/10.5/sql/sql_connect.cc:1312
#21 0x563f958411b8 in pfs_spawn_thread /data/src/10.5/storage/perfschema/pfs.cc:2201
#22 0x7efe3be2e608 in start_thread /build/glibc-YYA7BZ/glibc-2.31/nptl/pthread_create.c:477
#23 0x7efe3ba02102 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122102)

Address 0x61c00005caa0 is a wild pointer.
SUMMARY: AddressSanitizer: heap-buffer-overflow /data/src/10.5/storage/innobase/include/dict0mem.h:600 in dict_col_t::is_virtual() const
Shadow bytes around the buggy address:
0x0c3880003900: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c3880003910: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c3880003920: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c3880003930: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c3880003940: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c3880003950: fa fa fa fa[fa]fa fa fa fa fa fa fa fa fa fa fa
0x0c3880003960: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c3880003970: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c3880003980: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c3880003990: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c38800039a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
Thread T13 created by T0 here:
#0 0x7efe3bec2805 in pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x3a805)
#1 0x563f95841456 in my_thread_create /data/src/10.5/storage/perfschema/my_thread.h:38
#2 0x563f95841456 in pfs_spawn_thread_v1 /data/src/10.5/storage/perfschema/pfs.cc:2252
#3 0x563f94623e3e in inline_mysql_thread_create /data/src/10.5/include/mysql/psi/mysql_thread.h:1321
#4 0x563f94623e3e in create_thread_to_handle_connection(CONNECT*) /data/src/10.5/sql/mysqld.cc:6025
#5 0x563f9462f804 in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/src/10.5/sql/mysqld.cc:6149
#6 0x563f94630212 in handle_connections_sockets() /data/src/10.5/sql/mysqld.cc:6276
#7 0x563f94631e43 in mysqld_main(int, char**) /data/src/10.5/sql/mysqld.cc:5671
#8 0x7efe3b9070b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)

==2648901==ABORTING
200910 21:43:25 [ERROR] mysqld got signal 6 ;
This could be because you hit a bug. It is also possible that this binary
or one of the libraries it was linked against is corrupt, improperly built,
or misconfigured. This error can also be caused by malfunctioning hardware.

To report this bug, see https://mariadb.com/kb/en/reporting-bugs

We will try our best to scrape up some info that will hopefully help
diagnose the problem, but since we have already crashed,
something is definitely wrong and this may fail.

Server version: 10.5.6-MariaDB-log
key_buffer_size=1048576
read_buffer_size=131072
max_used_connections=1
max_threads=153
thread_count=2
It is possible that mysqld could use up to
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 63636 K bytes of memory
Hope that's ok; if not, decrease some variables in the equation.

Thread pointer: 0x62b00009a218
Attempting backtrace. You can use the following information to find out
where mysqld died. If you see no messages after this, something went
terribly wrong...
stack_bottom = 0x7efe2cdbb800 thread_stack 0x5fc00
??:0(__interceptor_tcgetattr)[0x7efe3bef4d30]
/data/bld/10.5-rel-asan-nightly/bin/mariadbd(my_print_stacktrace+0xf6)[0x563f96347ee6]
mysys/stacktrace.c:213(my_print_stacktrace)[0x563f94fb4ea4]
sigaction.c:0(__restore_rt)[0x7efe3be3a3c0]
??:0(gsignal)[0x7efe3b92618b]
??:0(abort)[0x7efe3b905859]
??:0(__sanitizer_set_report_fd)[0x7efe3bfb36a2]
??:0(__sanitizer_get_module_and_offset_for_pc)[0x7efe3bfbe24c]
??:0(__sanitizer_ptr_cmp)[0x7efe3bf9f8ec]
??:0(__asan_on_error)[0x7efe3bf9f363]
??:0(__asan_report_load16)[0x7efe3bfa02cb]
/data/bld/10.5-rel-asan-nightly/bin/mariadbd(+0x24ddec3)[0x563f95fd5ec3]
dict/dict0dict.cc:451(dict_col_t::name(dict_table_t const&) const)[0x563f95ca68ea]
include/dict0dict.h:816(dict_table_get_col_name(dict_table_t const*, unsigned long))[0x563f95cb3d8f]
row/row0ins.cc:3187(row_ins_clust_index_entry(dict_index_t, dtuple_t, que_thr_t*, unsigned long))[0x563f95cb5291]
row/row0ins.cc:3357(row_ins_step(que_thr_t*))[0x563f95cea26f]
row/row0mysql.cc:1425(row_insert_for_mysql(unsigned char const, row_prebuilt_t, ins_mode_t))[0x563f95a580ed]
handler/ha_innodb.cc:7561(ha_innobase::write_row(unsigned char const*))[0x563f94fdf7a8]
sql/handler.cc:7137(handler::ha_write_row(unsigned char const*))[0x563f947e5ddd]
sql/sql_insert.cc:2092(write_record(THD, TABLE, st_copy_info, select_result))[0x563f94800729]
sql/sql_insert.cc:1087(mysql_insert(THD, TABLE_LIST, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicates, bool, select_result*))[0x563f948d0e1e]
sql/sql_parse.cc:4546(mysql_execute_command(THD*))[0x563f9489658d]
sql/sql_parse.cc:8011(mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool))[0x563f948c2751]
sql/sql_parse.cc:1870(dispatch_command(enum_server_command, THD, char, unsigned int, bool, bool))[0x563f948c8535]
sql/sql_parse.cc:1348(do_command(THD*))[0x563f94c620cd]
sql/sql_connect.cc:1410(do_handle_one_connection(CONNECT*, bool))[0x563f94c62c4d]
sql/sql_connect.cc:1318(handle_one_connection)[0x563f958411b9]
nptl/pthread_create.c:478(start_thread)[0x7efe3be2e609]
??:0(clone)[0x7efe3ba02103]

Trying to get some variables.
Some pointers may be invalid and cause the dump to abort.
Query (0x62b0000a1238): INSERT INTO t1 VALUES (2,11,11)

Connection ID (thread ID): 4
Status: NOT_KILLED

Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,engine_condition_pushdown=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on,not_null_range_scan=off

The manual page at https://mariadb.com/kb/en/how-to-produce-a-full-stack-trace-for-mysqld/ contains
information that should help you find out what is causing the crash.
Writing a core file...
Working directory at /dev/shm/var_auto_FeKg/mysqld.1/data
Resource Limits:
Limit Soft Limit Hard Limit Units
Max cpu time unlimited unlimited seconds
Max file size unlimited unlimited bytes
Max data size unlimited unlimited bytes
Max stack size 8388608 unlimited bytes
Max core file size 0 0 bytes
Max resident set unlimited unlimited bytes
Max processes 385884 385884 processes
Max open files 1024 1024 files
Max locked memory 67108864 67108864 bytes
Max address space unlimited unlimited bytes
Max file locks unlimited unlimited locks
Max pending signals 385884 385884 signals
Max msgqueue size 819200 819200 bytes
Max nice priority 0 0
Max realtime priority 0 0
Max realtime timeout unlimited unlimited us
Core pattern: \|/usr/share/apport/apport %p %s %c %d %P %E

Attachments

Issue Links

is caused by

MDEV-23470 InnoDB: Failing assertion: cmp < 0 in row_ins_check_foreign_constraint

Closed

Activity

Ascending order - Click to sort in descending order

Elena Stepanova created issue - 2020-09-04 18:46

Elena Stepanova made changes - 2020-09-04 18:47

Field	Original Value	New Value
Description	{code:sql} --source include/have_innodb.inc CREATE TABLE t1 ( pk int, a int, b int, c int, PRIMARY KEY (pk), KEY (c), FOREIGN KEY fx (b) REFERENCES t1 (c) ) ENGINE=InnoDB; INSERT INTO t1 VALUES (1,0,10,10); ALTER TABLE t1 DROP a; SET FOREIGN_KEY_CHECKS= 0; DROP INDEX fx ON t1; INSERT INTO t1 VALUES (2,11,11); # Cleanup DROP TABLE t1; {code} {noformat:title=10.4 1cda462f} mysqld: /data/src/10.4/storage/innobase/include/dict0dict.ic:370: dict_col_t* dict_table_get_nth_col(const dict_table_t, ulint): Assertion `pos < table->n_def' failed. 200904 21:44:17 [ERROR] mysqld got signal 6 ; #7 0x00007fca0237ef12 in __GI___assert_fail (assertion=0x55f086dbbd1f "pos < table->n_def", file=0x55f086dbbc78 "/data/src/10.4/storage/innobase/include/dict0dict.ic", line=370, function=0x55f086dcb340 <dict_table_get_nth_col(dict_table_t const, unsigned long)::__PRETTY_FUNCTION__> "dict_col_t* dict_table_get_nth_col(const dict_table_t*, ulint)") at assert.c:101 #8 0x000055f0864448fe in dict_table_get_nth_col (table=0x7fc9a8156e60, pos=1023) at /data/src/10.4/storage/innobase/include/dict0dict.ic:370 #9 0x000055f086474436 in dict_table_get_col_name (table=0x7fc9a8156e60, col_nr=1023) at /data/src/10.4/storage/innobase/include/dict0dict.h:799 #10 0x000055f0865d4652 in row_ins_foreign_index_entry (foreign=0x7fc9a8159160, index=0x7fc9a8159430, entry=0x7fc9a815a500, ref_entry=0x7fc9a806e9b0) at /data/src/10.4/storage/innobase/row/row0ins.cc:1917 #11 0x000055f0865d4976 in row_ins_check_foreign_constraints (table=0x7fc9a8156e60, index=0x7fc9a8159430, pk=true, entry=0x7fc9a815a500, thr=0x7fc9a80703c0) at /data/src/10.4/storage/innobase/row/row0ins.cc:1985 #12 0x000055f0865d86a9 in row_ins_clust_index_entry (index=0x7fc9a8159430, entry=0x7fc9a815a500, thr=0x7fc9a80703c0, n_ext=0) at /data/src/10.4/storage/innobase/row/row0ins.cc:3189 #13 0x000055f0865d8d53 in row_ins_index_entry (index=0x7fc9a8159430, entry=0x7fc9a815a500, thr=0x7fc9a80703c0) at /data/src/10.4/storage/innobase/row/row0ins.cc:3360 #14 0x000055f0865d9602 in row_ins_index_entry_step (node=0x7fc9a8070160, thr=0x7fc9a80703c0) at /data/src/10.4/storage/innobase/row/row0ins.cc:3529 #15 0x000055f0865d9ab9 in row_ins (node=0x7fc9a8070160, thr=0x7fc9a80703c0) at /data/src/10.4/storage/innobase/row/row0ins.cc:3666 #16 0x000055f0865da290 in row_ins_step (thr=0x7fc9a80703c0) at /data/src/10.4/storage/innobase/row/row0ins.cc:3805 #17 0x000055f0865ff83f in row_insert_for_mysql (mysql_rec=0x7fc9a8158cf0 "\371\002", prebuilt=0x7fc9a806fbf0, ins_mode=ROW_INS_NORMAL) at /data/src/10.4/storage/innobase/row/row0mysql.cc:1422 #18 0x000055f086455bb9 in ha_innobase::write_row (this=0x7fc9a8147d08, record=0x7fc9a8158cf0 "\371\002") at /data/src/10.4/storage/innobase/handler/ha_innodb.cc:7973 #19 0x000055f086217a5e in handler::ha_write_row (this=0x7fc9a8147d08, buf=0x7fc9a8158cf0 "\371\002") at /data/src/10.4/sql/handler.cc:6742 #20 0x000055f085e60fb9 in write_record (thd=0x7fc9a8000af0, table=0x7fc9a8146ea0, info=0x7fc9f76fda90) at /data/src/10.4/sql/sql_insert.cc:2058 #21 0x000055f085e5df35 in mysql_insert (thd=0x7fc9a8000af0, table_list=0x7fc9a8013280, fields=..., values_list=..., update_fields=..., update_values=..., duplic=DUP_ERROR, ignore=false) at /data/src/10.4/sql/sql_insert.cc:1078 #22 0x000055f085eab783 in mysql_execute_command (thd=0x7fc9a8000af0) at /data/src/10.4/sql/sql_parse.cc:4519 #23 0x000055f085eb70cd in mysql_parse (thd=0x7fc9a8000af0, rawbuf=0x7fc9a8013198 "INSERT INTO t1 VALUES (2,11,11)", length=31, parser_state=0x7fc9f76fe570, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:7896 #24 0x000055f085ea3601 in dispatch_command (command=COM_QUERY, thd=0x7fc9a8000af0, packet=0x7fc9a80083a1 "INSERT INTO t1 VALUES (2,11,11)", packet_length=31, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:1835 #25 0x000055f085ea1da3 in do_command (thd=0x7fc9a8000af0) at /data/src/10.4/sql/sql_parse.cc:1353 #26 0x000055f08602be3c in do_handle_one_connection (connect=0x55f089d15330) at /data/src/10.4/sql/sql_connect.cc:1412 #27 0x000055f08602bb8b in handle_one_connection (arg=0x55f089d15330) at /data/src/10.4/sql/sql_connect.cc:1316 #28 0x000055f086a312b9 in pfs_spawn_thread (arg=0x55f089c932e0) at /data/src/10.4/storage/perfschema/pfs.cc:1869 #29 0x00007fca043074a4 in start_thread (arg=0x7fc9f76ff700) at pthread_create.c:456 #30 0x00007fca0243bd0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97 {noformat} It appears to be a recent regression, somewhere between ae33ebe5 and 1cda462f, I didn't look for the exact commit. Reproducible on 10.4 debug builds. No obvious effect on a non-debug build. Not reproducible on 10.3. 10.5 is not affected (yet).	{code:sql} --source include/have_innodb.inc CREATE TABLE t1 ( pk int, a int, b int, c int, PRIMARY KEY (pk), KEY (c), FOREIGN KEY fx (b) REFERENCES t1 (c) ) ENGINE=InnoDB; INSERT INTO t1 VALUES (1,0,10,10); ALTER TABLE t1 DROP a; SET FOREIGN_KEY_CHECKS= 0; DROP INDEX fx ON t1; INSERT INTO t1 VALUES (2,11,11); # Cleanup DROP TABLE t1; {code} {noformat:title=10.4 1cda462f} mysqld: /data/src/10.4/storage/innobase/include/dict0dict.ic:370: dict_col_t* dict_table_get_nth_col(const dict_table_t, ulint): Assertion `pos < table->n_def' failed. 200904 21:44:17 [ERROR] mysqld got signal 6 ; #7 0x00007fca0237ef12 in __GI___assert_fail (assertion=0x55f086dbbd1f "pos < table->n_def", file=0x55f086dbbc78 "/data/src/10.4/storage/innobase/include/dict0dict.ic", line=370, function=0x55f086dcb340 <dict_table_get_nth_col(dict_table_t const, unsigned long)::__PRETTY_FUNCTION__> "dict_col_t* dict_table_get_nth_col(const dict_table_t*, ulint)") at assert.c:101 #8 0x000055f0864448fe in dict_table_get_nth_col (table=0x7fc9a8156e60, pos=1023) at /data/src/10.4/storage/innobase/include/dict0dict.ic:370 #9 0x000055f086474436 in dict_table_get_col_name (table=0x7fc9a8156e60, col_nr=1023) at /data/src/10.4/storage/innobase/include/dict0dict.h:799 #10 0x000055f0865d4652 in row_ins_foreign_index_entry (foreign=0x7fc9a8159160, index=0x7fc9a8159430, entry=0x7fc9a815a500, ref_entry=0x7fc9a806e9b0) at /data/src/10.4/storage/innobase/row/row0ins.cc:1917 #11 0x000055f0865d4976 in row_ins_check_foreign_constraints (table=0x7fc9a8156e60, index=0x7fc9a8159430, pk=true, entry=0x7fc9a815a500, thr=0x7fc9a80703c0) at /data/src/10.4/storage/innobase/row/row0ins.cc:1985 #12 0x000055f0865d86a9 in row_ins_clust_index_entry (index=0x7fc9a8159430, entry=0x7fc9a815a500, thr=0x7fc9a80703c0, n_ext=0) at /data/src/10.4/storage/innobase/row/row0ins.cc:3189 #13 0x000055f0865d8d53 in row_ins_index_entry (index=0x7fc9a8159430, entry=0x7fc9a815a500, thr=0x7fc9a80703c0) at /data/src/10.4/storage/innobase/row/row0ins.cc:3360 #14 0x000055f0865d9602 in row_ins_index_entry_step (node=0x7fc9a8070160, thr=0x7fc9a80703c0) at /data/src/10.4/storage/innobase/row/row0ins.cc:3529 #15 0x000055f0865d9ab9 in row_ins (node=0x7fc9a8070160, thr=0x7fc9a80703c0) at /data/src/10.4/storage/innobase/row/row0ins.cc:3666 #16 0x000055f0865da290 in row_ins_step (thr=0x7fc9a80703c0) at /data/src/10.4/storage/innobase/row/row0ins.cc:3805 #17 0x000055f0865ff83f in row_insert_for_mysql (mysql_rec=0x7fc9a8158cf0 "\371\002", prebuilt=0x7fc9a806fbf0, ins_mode=ROW_INS_NORMAL) at /data/src/10.4/storage/innobase/row/row0mysql.cc:1422 #18 0x000055f086455bb9 in ha_innobase::write_row (this=0x7fc9a8147d08, record=0x7fc9a8158cf0 "\371\002") at /data/src/10.4/storage/innobase/handler/ha_innodb.cc:7973 #19 0x000055f086217a5e in handler::ha_write_row (this=0x7fc9a8147d08, buf=0x7fc9a8158cf0 "\371\002") at /data/src/10.4/sql/handler.cc:6742 #20 0x000055f085e60fb9 in write_record (thd=0x7fc9a8000af0, table=0x7fc9a8146ea0, info=0x7fc9f76fda90) at /data/src/10.4/sql/sql_insert.cc:2058 #21 0x000055f085e5df35 in mysql_insert (thd=0x7fc9a8000af0, table_list=0x7fc9a8013280, fields=..., values_list=..., update_fields=..., update_values=..., duplic=DUP_ERROR, ignore=false) at /data/src/10.4/sql/sql_insert.cc:1078 #22 0x000055f085eab783 in mysql_execute_command (thd=0x7fc9a8000af0) at /data/src/10.4/sql/sql_parse.cc:4519 #23 0x000055f085eb70cd in mysql_parse (thd=0x7fc9a8000af0, rawbuf=0x7fc9a8013198 "INSERT INTO t1 VALUES (2,11,11)", length=31, parser_state=0x7fc9f76fe570, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:7896 #24 0x000055f085ea3601 in dispatch_command (command=COM_QUERY, thd=0x7fc9a8000af0, packet=0x7fc9a80083a1 "INSERT INTO t1 VALUES (2,11,11)", packet_length=31, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:1835 #25 0x000055f085ea1da3 in do_command (thd=0x7fc9a8000af0) at /data/src/10.4/sql/sql_parse.cc:1353 #26 0x000055f08602be3c in do_handle_one_connection (connect=0x55f089d15330) at /data/src/10.4/sql/sql_connect.cc:1412 #27 0x000055f08602bb8b in handle_one_connection (arg=0x55f089d15330) at /data/src/10.4/sql/sql_connect.cc:1316 #28 0x000055f086a312b9 in pfs_spawn_thread (arg=0x55f089c932e0) at /data/src/10.4/storage/perfschema/pfs.cc:1869 #29 0x00007fca043074a4 in start_thread (arg=0x7fc9f76ff700) at pthread_create.c:456 #30 0x00007fca0243bd0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97 {noformat} It appears to be a recent regression, somewhere between ae33ebe5 and 1cda462f, I didn't look for the exact commit. Reproducible on 10.4 debug builds. No obvious effect on a non-debug build. Not reproducible on 10.3. 10.5 is not affected (yet?).

Aleksey Midenkov made changes - 2020-09-07 19:17

Assignee

Marko Mäkelä [ marko ]

Aleksey Midenkov [ midenok ]

Aleksey Midenkov made changes - 2020-09-07 19:17

Status

Open [ 1 ]

In Progress [ 3 ]

Aleksey Midenkov made changes - 2020-09-07 20:45

Link

This issue is blocked by ~~MDEV-23470~~ [ ~~MDEV-23470~~ ]

Aleksey Midenkov made changes - 2020-09-07 20:45

Link

This issue is blocked by ~~MDEV-23470~~ [ ~~MDEV-23470~~ ]

Aleksey Midenkov made changes - 2020-09-07 20:45

Link

This issue is caused by ~~MDEV-23470~~ [ ~~MDEV-23470~~ ]

Aleksey Midenkov made changes - 2020-09-07 20:49

Fix Version/s		10.5 [ 23123 ]
Affects Version/s		10.5 [ 23123 ]

Thirunarayanan Balathandayuthapani made changes - 2020-09-08 10:17

Status

In Progress [ 3 ]

Stalled [ 10000 ]

Thirunarayanan Balathandayuthapani made changes - 2020-09-08 10:18

Assignee

Aleksey Midenkov [ midenok ]

Thirunarayanan Balathandayuthapani [ thiru ]

Thirunarayanan Balathandayuthapani made changes - 2020-09-08 11:25

Status

Stalled [ 10000 ]

In Progress [ 3 ]

Elena Stepanova made changes - 2020-09-10 18:44

Description

{code:sql}
--source include/have_innodb.inc

CREATE TABLE t1 (
    pk int,
    a int,
    b int,
    c int,
    PRIMARY KEY (pk),
    KEY (c),
    FOREIGN KEY fx (b) REFERENCES t1 (c)
) ENGINE=InnoDB;

INSERT INTO t1 VALUES (1,0,10,10);
ALTER TABLE t1 DROP a;
SET FOREIGN_KEY_CHECKS= 0;
DROP INDEX fx ON t1;
INSERT INTO t1 VALUES (2,11,11);

# Cleanup
DROP TABLE t1;
{code}

{noformat:title=10.4 1cda462f}
mysqld: /data/src/10.4/storage/innobase/include/dict0dict.ic:370: dict_col_t* dict_table_get_nth_col(const dict_table_t*, ulint): Assertion `pos < table->n_def' failed.
200904 21:44:17 [ERROR] mysqld got signal 6 ;

#7 0x00007fca0237ef12 in __GI___assert_fail (assertion=0x55f086dbbd1f "pos < table->n_def", file=0x55f086dbbc78 "/data/src/10.4/storage/innobase/include/dict0dict.ic", line=370, function=0x55f086dcb340 <dict_table_get_nth_col(dict_table_t const*, unsigned long)::__PRETTY_FUNCTION__> "dict_col_t* dict_table_get_nth_col(const dict_table_t*, ulint)") at assert.c:101
#8 0x000055f0864448fe in dict_table_get_nth_col (table=0x7fc9a8156e60, pos=1023) at /data/src/10.4/storage/innobase/include/dict0dict.ic:370
#9 0x000055f086474436 in dict_table_get_col_name (table=0x7fc9a8156e60, col_nr=1023) at /data/src/10.4/storage/innobase/include/dict0dict.h:799
#10 0x000055f0865d4652 in row_ins_foreign_index_entry (foreign=0x7fc9a8159160, index=0x7fc9a8159430, entry=0x7fc9a815a500, ref_entry=0x7fc9a806e9b0) at /data/src/10.4/storage/innobase/row/row0ins.cc:1917
#11 0x000055f0865d4976 in row_ins_check_foreign_constraints (table=0x7fc9a8156e60, index=0x7fc9a8159430, pk=true, entry=0x7fc9a815a500, thr=0x7fc9a80703c0) at /data/src/10.4/storage/innobase/row/row0ins.cc:1985
#12 0x000055f0865d86a9 in row_ins_clust_index_entry (index=0x7fc9a8159430, entry=0x7fc9a815a500, thr=0x7fc9a80703c0, n_ext=0) at /data/src/10.4/storage/innobase/row/row0ins.cc:3189
#13 0x000055f0865d8d53 in row_ins_index_entry (index=0x7fc9a8159430, entry=0x7fc9a815a500, thr=0x7fc9a80703c0) at /data/src/10.4/storage/innobase/row/row0ins.cc:3360
#14 0x000055f0865d9602 in row_ins_index_entry_step (node=0x7fc9a8070160, thr=0x7fc9a80703c0) at /data/src/10.4/storage/innobase/row/row0ins.cc:3529
#15 0x000055f0865d9ab9 in row_ins (node=0x7fc9a8070160, thr=0x7fc9a80703c0) at /data/src/10.4/storage/innobase/row/row0ins.cc:3666
#16 0x000055f0865da290 in row_ins_step (thr=0x7fc9a80703c0) at /data/src/10.4/storage/innobase/row/row0ins.cc:3805
#17 0x000055f0865ff83f in row_insert_for_mysql (mysql_rec=0x7fc9a8158cf0 "\371\002", prebuilt=0x7fc9a806fbf0, ins_mode=ROW_INS_NORMAL) at /data/src/10.4/storage/innobase/row/row0mysql.cc:1422
#18 0x000055f086455bb9 in ha_innobase::write_row (this=0x7fc9a8147d08, record=0x7fc9a8158cf0 "\371\002") at /data/src/10.4/storage/innobase/handler/ha_innodb.cc:7973
#19 0x000055f086217a5e in handler::ha_write_row (this=0x7fc9a8147d08, buf=0x7fc9a8158cf0 "\371\002") at /data/src/10.4/sql/handler.cc:6742
#20 0x000055f085e60fb9 in write_record (thd=0x7fc9a8000af0, table=0x7fc9a8146ea0, info=0x7fc9f76fda90) at /data/src/10.4/sql/sql_insert.cc:2058
#21 0x000055f085e5df35 in mysql_insert (thd=0x7fc9a8000af0, table_list=0x7fc9a8013280, fields=..., values_list=..., update_fields=..., update_values=..., duplic=DUP_ERROR, ignore=false) at /data/src/10.4/sql/sql_insert.cc:1078
#22 0x000055f085eab783 in mysql_execute_command (thd=0x7fc9a8000af0) at /data/src/10.4/sql/sql_parse.cc:4519
#23 0x000055f085eb70cd in mysql_parse (thd=0x7fc9a8000af0, rawbuf=0x7fc9a8013198 "INSERT INTO t1 VALUES (2,11,11)", length=31, parser_state=0x7fc9f76fe570, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:7896
#24 0x000055f085ea3601 in dispatch_command (command=COM_QUERY, thd=0x7fc9a8000af0, packet=0x7fc9a80083a1 "INSERT INTO t1 VALUES (2,11,11)", packet_length=31, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:1835
#25 0x000055f085ea1da3 in do_command (thd=0x7fc9a8000af0) at /data/src/10.4/sql/sql_parse.cc:1353
#26 0x000055f08602be3c in do_handle_one_connection (connect=0x55f089d15330) at /data/src/10.4/sql/sql_connect.cc:1412
#27 0x000055f08602bb8b in handle_one_connection (arg=0x55f089d15330) at /data/src/10.4/sql/sql_connect.cc:1316
#28 0x000055f086a312b9 in pfs_spawn_thread (arg=0x55f089c932e0) at /data/src/10.4/storage/perfschema/pfs.cc:1869
#29 0x00007fca043074a4 in start_thread (arg=0x7fc9f76ff700) at pthread_create.c:456
#30 0x00007fca0243bd0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97
{noformat}

It appears to be a recent regression, somewhere between ae33ebe5 and 1cda462f, I didn't look for the exact commit.
Reproducible on 10.4 debug builds.
Not reproducible on 10.3.
No obvious effect on a release build, but non-debug ASAN build throws {{heap-buffer-overflow}}:
{noformat:title=10.5 34212233}
==2648901==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61c00005caa0 at pc 0x563f95fd5ec3 bp 0x7efe2cdb6bc0 sp 0x7efe2cdb6bb0
READ of size 16 at 0x61c00005caa0 thread T13
    #0 0x563f95fd5ec2 in dict_col_t::is_virtual() const /data/src/10.5/storage/innobase/include/dict0mem.h:600
    #1 0x563f95fd5ec2 in dict_col_t::name(dict_table_t const&) const /data/src/10.5/storage/innobase/dict/dict0dict.cc:445
    #2 0x563f95ca68e9 in dict_table_get_col_name(dict_table_t const*, unsigned long) /data/src/10.5/storage/innobase/include/dict0dict.h:816
    #3 0x563f95ca68e9 in row_ins_foreign_index_entry /data/src/10.5/storage/innobase/row/row0ins.cc:1915
    #4 0x563f95ca68e9 in row_ins_check_foreign_constraints /data/src/10.5/storage/innobase/row/row0ins.cc:1984
    #5 0x563f95cb3d8e in row_ins_clust_index_entry(dict_index_t*, dtuple_t*, que_thr_t*, unsigned long) /data/src/10.5/storage/innobase/row/row0ins.cc:3185
    #6 0x563f95cb5290 in row_ins_index_entry /data/src/10.5/storage/innobase/row/row0ins.cc:3357
    #7 0x563f95cb5290 in row_ins_index_entry_step /data/src/10.5/storage/innobase/row/row0ins.cc:3526
    #8 0x563f95cb5290 in row_ins /data/src/10.5/storage/innobase/row/row0ins.cc:3663
    #9 0x563f95cb5290 in row_ins_step(que_thr_t*) /data/src/10.5/storage/innobase/row/row0ins.cc:3802
    #10 0x563f95cea26e in row_insert_for_mysql(unsigned char const*, row_prebuilt_t*, ins_mode_t) /data/src/10.5/storage/innobase/row/row0mysql.cc:1421
    #11 0x563f95a580ec in ha_innobase::write_row(unsigned char const*) /data/src/10.5/storage/innobase/handler/ha_innodb.cc:7561
    #12 0x563f94fdf7a7 in handler::ha_write_row(unsigned char const*) /data/src/10.5/sql/handler.cc:7137
    #13 0x563f947e5ddc in write_record(THD*, TABLE*, st_copy_info*, select_result*) /data/src/10.5/sql/sql_insert.cc:2092
    #14 0x563f94800728 in mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicates, bool, select_result*) /data/src/10.5/sql/sql_insert.cc:1087
    #15 0x563f948d0e1d in mysql_execute_command(THD*) /data/src/10.5/sql/sql_parse.cc:4546
    #16 0x563f9489658c in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.5/sql/sql_parse.cc:7994
    #17 0x563f948c2750 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.5/sql/sql_parse.cc:1867
    #18 0x563f948c8534 in do_command(THD*) /data/src/10.5/sql/sql_parse.cc:1348
    #19 0x563f94c620cc in do_handle_one_connection(CONNECT*, bool) /data/src/10.5/sql/sql_connect.cc:1410
    #20 0x563f94c62c4c in handle_one_connection /data/src/10.5/sql/sql_connect.cc:1312
    #21 0x563f958411b8 in pfs_spawn_thread /data/src/10.5/storage/perfschema/pfs.cc:2201
    #22 0x7efe3be2e608 in start_thread /build/glibc-YYA7BZ/glibc-2.31/nptl/pthread_create.c:477
    #23 0x7efe3ba02102 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122102)

Address 0x61c00005caa0 is a wild pointer.
SUMMARY: AddressSanitizer: heap-buffer-overflow /data/src/10.5/storage/innobase/include/dict0mem.h:600 in dict_col_t::is_virtual() const
Shadow bytes around the buggy address:
  0x0c3880003900: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c3880003910: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c3880003920: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c3880003930: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c3880003940: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c3880003950: fa fa fa fa[fa]fa fa fa fa fa fa fa fa fa fa fa
  0x0c3880003960: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c3880003970: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c3880003980: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c3880003990: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c38800039a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable: 00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone: fa
  Freed heap region: fd
  Stack left redzone: f1
  Stack mid redzone: f2
  Stack right redzone: f3
  Stack after return: f5
  Stack use after scope: f8
  Global redzone: f9
  Global init order: f6
  Poisoned by user: f7
  Container overflow: fc
  Array cookie: ac
  Intra object redzone: bb
  ASan internal: fe
  Left alloca redzone: ca
  Right alloca redzone: cb
  Shadow gap: cc
Thread T13 created by T0 here:
    #0 0x7efe3bec2805 in pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x3a805)
    #1 0x563f95841456 in my_thread_create /data/src/10.5/storage/perfschema/my_thread.h:38
    #2 0x563f95841456 in pfs_spawn_thread_v1 /data/src/10.5/storage/perfschema/pfs.cc:2252
    #3 0x563f94623e3e in inline_mysql_thread_create /data/src/10.5/include/mysql/psi/mysql_thread.h:1321
    #4 0x563f94623e3e in create_thread_to_handle_connection(CONNECT*) /data/src/10.5/sql/mysqld.cc:6025
    #5 0x563f9462f804 in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/src/10.5/sql/mysqld.cc:6149
    #6 0x563f94630212 in handle_connections_sockets() /data/src/10.5/sql/mysqld.cc:6276
    #7 0x563f94631e43 in mysqld_main(int, char**) /data/src/10.5/sql/mysqld.cc:5671
    #8 0x7efe3b9070b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)

==2648901==ABORTING
200910 21:43:25 [ERROR] mysqld got signal 6 ;
This could be because you hit a bug. It is also possible that this binary
or one of the libraries it was linked against is corrupt, improperly built,
or misconfigured. This error can also be caused by malfunctioning hardware.

To report this bug, see https://mariadb.com/kb/en/reporting-bugs

We will try our best to scrape up some info that will hopefully help
diagnose the problem, but since we have already crashed,
something is definitely wrong and this may fail.

Server version: 10.5.6-MariaDB-log
key_buffer_size=1048576
read_buffer_size=131072
max_used_connections=1
max_threads=153
thread_count=2
It is possible that mysqld could use up to
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 63636 K bytes of memory
Hope that's ok; if not, decrease some variables in the equation.

Thread pointer: 0x62b00009a218
Attempting backtrace. You can use the following information to find out
where mysqld died. If you see no messages after this, something went
terribly wrong...
stack_bottom = 0x7efe2cdbb800 thread_stack 0x5fc00
??:0(__interceptor_tcgetattr)[0x7efe3bef4d30]
/data/bld/10.5-rel-asan-nightly/bin/mariadbd(my_print_stacktrace+0xf6)[0x563f96347ee6]
mysys/stacktrace.c:213(my_print_stacktrace)[0x563f94fb4ea4]
sigaction.c:0(__restore_rt)[0x7efe3be3a3c0]
??:0(gsignal)[0x7efe3b92618b]
??:0(abort)[0x7efe3b905859]
??:0(__sanitizer_set_report_fd)[0x7efe3bfb36a2]
??:0(__sanitizer_get_module_and_offset_for_pc)[0x7efe3bfbe24c]
??:0(__sanitizer_ptr_cmp)[0x7efe3bf9f8ec]
??:0(__asan_on_error)[0x7efe3bf9f363]
??:0(__asan_report_load16)[0x7efe3bfa02cb]
/data/bld/10.5-rel-asan-nightly/bin/mariadbd(+0x24ddec3)[0x563f95fd5ec3]
dict/dict0dict.cc:451(dict_col_t::name(dict_table_t const&) const)[0x563f95ca68ea]
include/dict0dict.h:816(dict_table_get_col_name(dict_table_t const*, unsigned long))[0x563f95cb3d8f]
row/row0ins.cc:3187(row_ins_clust_index_entry(dict_index_t*, dtuple_t*, que_thr_t*, unsigned long))[0x563f95cb5291]
row/row0ins.cc:3357(row_ins_step(que_thr_t*))[0x563f95cea26f]
row/row0mysql.cc:1425(row_insert_for_mysql(unsigned char const*, row_prebuilt_t*, ins_mode_t))[0x563f95a580ed]
handler/ha_innodb.cc:7561(ha_innobase::write_row(unsigned char const*))[0x563f94fdf7a8]
sql/handler.cc:7137(handler::ha_write_row(unsigned char const*))[0x563f947e5ddd]
sql/sql_insert.cc:2092(write_record(THD*, TABLE*, st_copy_info*, select_result*))[0x563f94800729]
sql/sql_insert.cc:1087(mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicates, bool, select_result*))[0x563f948d0e1e]
sql/sql_parse.cc:4546(mysql_execute_command(THD*))[0x563f9489658d]
sql/sql_parse.cc:8011(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x563f948c2751]
sql/sql_parse.cc:1870(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x563f948c8535]
sql/sql_parse.cc:1348(do_command(THD*))[0x563f94c620cd]
sql/sql_connect.cc:1410(do_handle_one_connection(CONNECT*, bool))[0x563f94c62c4d]
sql/sql_connect.cc:1318(handle_one_connection)[0x563f958411b9]
nptl/pthread_create.c:478(start_thread)[0x7efe3be2e609]
??:0(clone)[0x7efe3ba02103]

Trying to get some variables.
Some pointers may be invalid and cause the dump to abort.
Query (0x62b0000a1238): INSERT INTO t1 VALUES (2,11,11)

Connection ID (thread ID): 4
Status: NOT_KILLED

Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,engine_condition_pushdown=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on,not_null_range_scan=off

The manual page at https://mariadb.com/kb/en/how-to-produce-a-full-stack-trace-for-mysqld/ contains
information that should help you find out what is causing the crash.
Writing a core file...
Working directory at /dev/shm/var_auto_FeKg/mysqld.1/data
Resource Limits:
Limit Soft Limit Hard Limit Units
Max cpu time unlimited unlimited seconds
Max file size unlimited unlimited bytes
Max data size unlimited unlimited bytes
Max stack size 8388608 unlimited bytes
Max core file size 0 0 bytes
Max resident set unlimited unlimited bytes
Max processes 385884 385884 processes
Max open files 1024 1024 files
Max locked memory 67108864 67108864 bytes
Max address space unlimited unlimited bytes
Max file locks unlimited unlimited locks
Max pending signals 385884 385884 signals
Max msgqueue size 819200 819200 bytes
Max nice priority 0 0
Max realtime priority 0 0
Max realtime timeout unlimited unlimited us
Core pattern: |/usr/share/apport/apport %p %s %c %d %P %E
{noformat}

Thirunarayanan Balathandayuthapani made changes - 2020-09-15 06:55

Status

In Progress [ 3 ]

Stalled [ 10000 ]

Thirunarayanan Balathandayuthapani made changes - 2020-09-24 16:59

Status

Stalled [ 10000 ]

In Progress [ 3 ]

Thirunarayanan Balathandayuthapani made changes - 2020-09-24 16:59

Assignee	Thirunarayanan Balathandayuthapani [ thiru ]	Marko Mäkelä [ marko ]
Status	In Progress [ 3 ]	In Review [ 10002 ]

Marko Mäkelä made changes - 2020-09-25 09:57

Assignee	Marko Mäkelä [ marko ]	Thirunarayanan Balathandayuthapani [ thiru ]
Status	In Review [ 10002 ]	Stalled [ 10000 ]

Thirunarayanan Balathandayuthapani made changes - 2020-09-25 16:13

Fix Version/s		10.4.15 [ 24507 ]
Fix Version/s		10.5.6 [ 24508 ]
Fix Version/s	10.4 [ 22408 ]
Fix Version/s	10.5 [ 23123 ]
Resolution		Fixed [ 1 ]
Status	Stalled [ 10000 ]	Closed [ 6 ]

Ralf Gebhardt made changes - 2020-10-06 18:35

Fix Version/s

10.5.7 [ 25019 ]

Ralf Gebhardt made changes - 2020-10-06 18:38

Fix Version/s

10.5.6 [ 24508 ]

Ralf Gebhardt made changes - 2020-10-06 18:40

Fix Version/s

10.4.16 [ 25020 ]

Ralf Gebhardt made changes - 2020-10-06 18:42

Fix Version/s

10.4.15 [ 24507 ]

Sergei Golubchik made changes - 2021-12-06 21:52

Workflow

MariaDB v3 [ 113274 ]

MariaDB v4 [ 158345 ]

People

Assignee:: Thirunarayanan Balathandayuthapani

Reporter:: Elena Stepanova

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2020-09-04 18:46

Updated:: 2020-10-06 18:42

Resolved:: 2020-09-25 16:13

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server

Details

Description

Attachments

Issue Links

Activity

People

Dates

Git Integration