Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-24749

Various corruptions caused by Aria subsystem asking system call to overwrite memory that it does not own

    XMLWordPrintable

Details

    Description

      Looks related to MDEV-20945.

      The attached testcase (MDEV-24749_main_raw.sql - also ref first comment), executed 1-3 times at the CLI, using SOURCE or client redirection (mysql < input.sql), will produce various issues:

      1) SIGSEGV in MDL_key::is_equal in 10.6 optimized. No stack trace possible, ref #2
      2) Hangs in 10.6 optimized, no CLI access possible
      3) double free or corruption (out) in 10.6 optimized, but not in 10.5 optimized (even though that crashes also, in a different way).
      4) Error: Freeing overrun buffer in 10.6 debug and in 10.5 debug
      5) SIGSEGV in lock_get_mode in 10.6 debug
      6) SIGSEGV in std::less in 10.5 optimized

      It seems there is a double regression: 10.6 and 10.5 optimized have different crash stacks, hang (10.6) vs no hang (10.5), and double free/corruption (10.6) vs not (10.5).

      The various stacks and error logs:

      10.5.9 927a882341eb1087e71d64de4e8cd89ab520de89 (Optimized)

      		 
      Core was generated by `/test/MD260121-mariadb-10.5.9-linux-x86_64-opt/bin/mysqld --no-defaults --core-'.
      		 
      Program terminated with signal SIGSEGV, Segmentation fault.
      		 
      #0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=11)
      		 
          at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
      		 
      [Current thread is 1 (Thread 0x14e6bc114700 (LWP 2084271))]
      		 
      (gdb) bt
      		 
      #0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=11) at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
      		 
      #1  0x0000558c1537968f in my_write_core (sig=sig@entry=11) at /data/builds/10.5_opt/mysys/stacktrace.c:424
      		 
      #2  0x0000558c14da8690 in handle_fatal_signal (sig=11) at /data/builds/10.5_opt/sql/signal_handler.cc:330
      		 
      #3  <signal handler called>
      		 
      #4  std::less<dict_table_t*>::operator() (this=0x14e6bd3d01d4, __y=<error reading variable: Cannot access memory at address 0x4002000000000621>, __x=0x14e674053240) at /usr/include/c++/9/bits/stl_function.h:433
      		 
      #5  std::_Rb_tree<dict_table_t*, std::pair<dict_table_t* const, trx_mod_table_time_t>, std::_Select1st<std::pair<dict_table_t* const, trx_mod_table_time_t> >, std::less<dict_table_t*>, ut_allocator<std::pair<dict_table_t* const, trx_mod_table_time_t>, true> >::_M_get_insert_unique_pos (__k=@0x14e6bc110a80: 0x14e674053240, this=0x14e6bd3d01d0) at /usr/include/c++/9/bits/stl_tree.h:2095
      		 
      #6  std::_Rb_tree<dict_table_t*, std::pair<dict_table_t* const, trx_mod_table_time_t>, std::_Select1st<std::pair<dict_table_t* const, trx_mod_table_time_t> >, std::less<dict_table_t*>, ut_allocator<std::pair<dict_table_t* const, trx_mod_table_time_t>, true> >::_M_insert_unique<std::pair<dict_table_t* const, trx_mod_table_time_t> > (this=this@entry=0x14e6bd3d01d0, __v=@0x14e6bc110a80: {
      		 
            first = 0x14e674053240,
      		 
            second = {first = 528, first_versioned = 18446744073709551615, static UNVERSIONED = 18446744073709551615}
      		 
          }) at /usr/include/c++/9/bits/stl_tree.h:2147
      		 
      #7  0x0000558c151e3383 in std::map<dict_table_t*, trx_mod_table_time_t, std::less<dict_table_t*>, ut_allocator<std::pair<dict_table_t* const, trx_mod_table_time_t>, true> >::insert (__x=@0x14e6bc110a80: {
      		 
            first = 0x14e674053240,
      		 
            second = {first = 528, first_versioned = 18446744073709551615, static UNVERSIONED = 18446744073709551615}
      		 
          }, this=0x14e6bd3d01d0) at /usr/include/c++/9/bits/stl_map.h:808
      		 
      #8  trx_undo_report_row_operation (thr=thr@entry=0x14e67408b6e0, index=<optimized out>, clust_entry=clust_entry@entry=0x0, update=update@entry=0x14e674062630, cmpl_info=cmpl_info@entry=1, rec=<optimized out>, offsets=<optimized out>, roll_ptr=<optimized out>) at /data/builds/10.5_opt/storage/innobase/trx/trx0rec.cc:2092
      		 
      #9  0x0000558c1522b16c in btr_cur_upd_lock_and_undo (roll_ptr=0x14e6bc111c28, mtr=0x14e6bc1123c0, thr=0x14e67408b6e0, cmpl_info=1, update=0x14e674062630, offsets=<optimized out>, cursor=0x14e674028be8, flags=2) at /data/builds/10.5_opt/storage/innobase/btr/btr0cur.cc:3863
      		 
      #10 btr_cur_optimistic_update (flags=2, cursor=cursor@entry=0x14e674028be8, offsets=offsets@entry=0x14e6bc111cb8, heap=heap@entry=0x14e6bc111d70, update=0x14e674062630, cmpl_info=1, thr=0x14e67408b6e0, trx_id=67, mtr=0x14e6bc1123c0) at /data/builds/10.5_opt/storage/innobase/btr/btr0cur.cc:4705
      		 
      #11 0x0000558c151b92bf in row_upd_clust_rec (flags=0, node=0x14e674062510, index=0x14e67405f7f0, offsets=<optimized out>, offsets_heap=0x14e6bc111d70, thr=0x14e67408b6e0, mtr=0x14e6bc1123c0) at /data/builds/10.5_opt/storage/innobase/include/que0que.ic:37
      		 
      #12 0x0000558c151bcd39 in row_upd_clust_step (node=0x14e674062510, thr=0x14e67408b6e0) at /data/builds/10.5_opt/storage/innobase/row/row0upd.cc:2888
      		 
      #13 0x0000558c151be37e in row_upd (thr=0x14e67408b6e0, node=0x14e674062510) at /data/builds/10.5_opt/storage/innobase/row/row0upd.cc:2992
      		 
      #14 row_upd_step (thr=thr@entry=0x14e67408b6e0) at /data/builds/10.5_opt/storage/innobase/row/row0upd.cc:3136
      		 
      #15 0x0000558c151980de in row_update_for_mysql (prebuilt=<optimized out>) at /data/builds/10.5_opt/storage/innobase/row/row0mysql.cc:1847
      		 
      #16 0x0000558c150d727b in ha_innobase::update_row (this=0x14e674061200, old_row=0x14e67405c140 "\376\001C\345\064\061\066", new_row=0x14e67405c038 "\376\002\255\345\064\061\066") at /data/builds/10.5_opt/storage/innobase/handler/ha_innodb.cc:8339
      		 
      #17 0x0000558c14db7963 in handler::ha_update_row (this=0x14e674061200, old_data=0x14e67405c140 "\376\001C\345\064\061\066", new_data=0x14e67405c038 "\376\002\255\345\064\061\066") at /data/builds/10.5_opt/sql/handler.cc:7204
      		 
      #18 0x0000558c14c5a5c3 in multi_update::do_updates (this=0x14e674012720) at /data/builds/10.5_opt/sql/sql_update.cc:2877
      		 
      #19 0x0000558c14c5adfb in multi_update::send_eof (this=0x14e674012720) at /data/builds/10.5_opt/sql/sql_update.cc:3037
      		 
      #20 0x0000558c14c0265f in do_select (procedure=<optimized out>, join=0x14e6740127f8) at /data/builds/10.5_opt/sql/sql_select.cc:20220
      		 
      #21 JOIN::exec_inner (this=0x14e6740127f8) at /data/builds/10.5_opt/sql/sql_select.cc:4466
      		 
      #22 0x0000558c14c029c8 in JOIN::exec (this=this@entry=0x14e6740127f8) at /data/builds/10.5_opt/sql/sql_select.cc:4246
      		 
      #23 0x0000558c14c00a48 in mysql_select (thd=thd@entry=0x14e674000c58, tables=tables@entry=0x14e6740104c0, fields=@0x14e6bc112db0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x558c15cdfe50 <end_of_list>, last = 0x14e6bc112db0, elements = 0}, <No data fields>}, conds=conds@entry=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2200096997504, result=0x14e674012720, unit=0x14e674004c38, select_lex=0x14e674005438) at /data/builds/10.5_opt/sql/sql_select.cc:4662
      		 
      #24 0x0000558c14c59d5a in mysql_multi_update (thd=thd@entry=0x14e674000c58, table_list=0x14e6740104c0, fields=fields@entry=0x14e674005588, values=values@entry=0x14e674005af8, conds=0x0, options=0, handle_duplicates=DUP_ERROR, ignore=false, unit=0x14e674004c38, select_lex=0x14e674005438, result=0x14e6bc112fb0) at /data/builds/10.5_opt/sql/sql_update.cc:1950
      		 
      #25 0x0000558c14b9e4ac in mysql_execute_command (thd=0x14e674000c58) at /data/builds/10.5_opt/sql/sql_parse.cc:4520
      		 
      #26 0x0000558c14b8ad63 in mysql_parse (thd=0x14e674000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /data/builds/10.5_opt/sql/sql_parse.cc:8062
      		 
      #27 0x0000558c14b96a60 in dispatch_command (command=COM_QUERY, thd=0x14e674000c58, packet=0x14e674008029 "update t1 set a = ((select max(a) from t1))", packet_length=<optimized out>, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /data/builds/10.5_opt/sql/sql_class.h:1256
      		 
      #28 0x0000558c14b98e2d in do_command (thd=0x14e674000c58) at /data/builds/10.5_opt/sql/sql_parse.cc:1370
      		 
      #29 0x0000558c14c9dcd1 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x558c17114088, put_in_cache=put_in_cache@entry=true) at /data/builds/10.5_opt/sql/sql_connect.cc:1410
      		 
      #30 0x0000558c14c9e14d in handle_one_connection (arg=arg@entry=0x558c17114088) at /data/builds/10.5_opt/sql/sql_connect.cc:1312
      		 
      #31 0x0000558c15028a89 in pfs_spawn_thread (arg=0x558c17083198) at /data/builds/10.5_opt/storage/perfschema/pfs.cc:2201
      		 
      #32 0x000014e6c01a6609 in start_thread (arg=<optimized out>) at pthread_create.c:477
      		 
      #33 0x000014e6bfd95293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

      10.6.0 9118fd360a3da0bba521caf2a35c424968235ac4 (Debug)

      		 
      2021-02-01  8:47:57 0 [Note] /test/MD260121-mariadb-10.6.0-linux-x86_64-dbg/bin/mysqld: ready for connections.
      		 
      Version: '10.6.0-MariaDB-debug'  socket: '/test/MD260121-mariadb-10.6.0-linux-x86_64-dbg/socket.sock'  port: 10503  MariaDB Server
      		 
      Error: Freeing overrun buffer 0x147cb8040430 at 0x556949375cb8, 0x5569493664cc, 0x556948e14bbc, 0x556948e09da6, 0x556948d8d880, mysys/safemalloc.c:194, mysys/my_malloc.c:210, maria/ma_sort.c:719
      		 
      Allocated at maria/ma_check.c:4551, maria/ha_maria.cc:1657, maria/ha_maria.cc:2024, sql/handler.cc:4654, maria/ma_sort.c:631, maria/ha_maria.cc:2263, sql/handler.cc:4654, sql/sql_select.cc:19840
      		 
      Error: Freeing overrun buffer 0x147cb803ffd0 at sql/sql_update.cc:2641, mysys/safemalloc.c:194, mysys/my_malloc.c:210, maria/ma_sort.c:719, maria/ma_check.c:4551, maria/ha_maria.cc:1657, maria/ha_maria.cc:2024, maria/ha_maria.cc:2263
      		 
      Allocated at sql/handler.cc:4654, maria/ma_sort.c:631, maria/ma_check.c:4551, maria/ha_maria.cc:1657, maria/ha_maria.cc:2024, maria/ha_maria.cc:2263, sql/handler.cc:4654, sql/sql_select.cc:19840
      		 
      Error: Freeing overrun buffer 0x147cb800b4a0 at sql/sql_update.cc:2641, mysys/safemalloc.c:194, mysys/my_malloc.c:210, maria/ma_sort.c:719, maria/ma_check.c:4551, maria/ha_maria.cc:1657, maria/ha_maria.cc:2024, maria/ha_maria.cc:2263
      		 
      Allocated at sql/handler.cc:4654, maria/ma_sort.c:631, maria/ma_check.c:4551, maria/ha_maria.cc:1657, maria/ha_maria.cc:2024, maria/ha_maria.cc:2263, sql/handler.cc:4654, sql/sql_select.cc:19840
      		 
      210201  8:48:16 [ERROR] mysqld got signal 11 ;

      10.6.0 9118fd360a3da0bba521caf2a35c424968235ac4 (Debug)

      		 
      Core was generated by `/test/MD010121-mariadb-10.6.0-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
      		 
      Program terminated with signal SIGSEGV, Segmentation fault.
      		 
      #0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=11)
      		 
          at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
      		 
      [Current thread is 1 (Thread 0x14be4c095700 (LWP 2076520))]
      		 
      (gdb) bt
      		 
      #0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=11) at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
      		 
      #1  0x0000563bb2e470d7 in my_write_core (sig=sig@entry=11) at /test/10.6_dbg/mysys/stacktrace.c:424
      		 
      #2  0x0000563bb25dbab1 in handle_fatal_signal (sig=11) at /test/10.6_dbg/sql/signal_handler.cc:330
      		 
      #3  <signal handler called>
      		 
      #4  0x0000563bb247dc51 in MDL_key::is_equal (rhs=0x1102000000000601, this=0x14be4c093b10) at /test/10.6_dbg/sql/mdl.h:449
      		 
      #5  MDL_context::find_ticket (this=this@entry=0x14be08000ee8, mdl_request=mdl_request@entry=0x14be4c093af0, result_duration=result_duration@entry=0x14be4c093aec) at /test/10.6_dbg/sql/mdl.cc:1929
      		 
      #6  0x0000563bb247dda7 in MDL_context::is_lock_owner (this=this@entry=0x14be08000ee8, mdl_namespace=mdl_namespace@entry=MDL_key::TABLE, db=<optimized out>, name=<optimized out>, mdl_type=mdl_type@entry=MDL_SHARED) at /test/10.6_dbg/sql/mdl.cc:2968
      		 
      #7  0x0000563bb227c310 in close_thread_table (thd=thd@entry=0x14be08000db8, table_ptr=table_ptr@entry=0x14be08000ea8) at /test/10.6_dbg/sql/sql_base.cc:940
      		 
      #8  0x0000563bb227c9a6 in close_thread_tables (thd=thd@entry=0x14be08000db8) at /test/10.6_dbg/sql/sql_base.cc:919
      		 
      #9  0x0000563bb231cf35 in mysql_execute_command (thd=thd@entry=0x14be08000db8) at /test/10.6_dbg/sql/sql_parse.cc:5924
      		 
      #10 0x0000563bb2303072 in mysql_parse (thd=thd@entry=0x14be08000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14be4c0943d0) at /test/10.6_dbg/sql/sql_parse.cc:7881
      		 
      #11 0x0000563bb23111ec in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14be08000db8, packet=packet@entry=0x14be08008d39 "update t1 set a = ((select max(a) from t1))", packet_length=packet_length@entry=43) at /test/10.6_dbg/sql/sql_class.h:1293
      		 
      #12 0x0000563bb231452d in do_command (thd=0x14be08000db8) at /test/10.6_dbg/sql/sql_parse.cc:1348
      		 
      #13 0x0000563bb24707fc in do_handle_one_connection (connect=<optimized out>, connect@entry=0x563bb5af69a8, put_in_cache=put_in_cache@entry=true) at /test/10.6_dbg/sql/sql_connect.cc:1410
      		 
      #14 0x0000563bb2470f03 in handle_one_connection (arg=arg@entry=0x563bb5af69a8) at /test/10.6_dbg/sql/sql_connect.cc:1312
      		 
      #15 0x0000563bb292688f in pfs_spawn_thread (arg=0x563bb5a1e898) at /test/10.6_dbg/storage/perfschema/pfs.cc:2201
      		 
      #16 0x000014be4ce0a609 in start_thread (arg=<optimized out>) at pthread_create.c:477
      		 
      #17 0x000014be4c9f9293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

      10.5.9 927a882341eb1087e71d64de4e8cd89ab520de89 (Debug)

      		 
      Version: '10.5.9-MariaDB-debug'  socket: '/test/MD260121-mariadb-10.5.9-linux-x86_64-dbg/socket.sock'  port: 10421  MariaDB Server
      		 
      Error: Freeing overrun buffer 0x1503ec0405b0 at 0x55aec402f0f6, 0x55aec401f90a, 0x55aec3a8ef1a, 0x55aec3a84104, 0x55aec3a07bde, mysys/safemalloc.c:194, mysys/my_malloc.c:210, maria/ma_sort.c:719
      		 
      Allocated at maria/ma_check.c:4551, maria/ha_maria.cc:1657, maria/ha_maria.cc:2024, sql/handler.cc:4654, maria/ma_sort.c:631, maria/ma_check.c:4551, sql/handler.cc:4654, sql/sql_select.cc:19856
      		 
      Error: Freeing overrun buffer 0x1503ec040150 at sql/sql_update.cc:2641, mysys/safemalloc.c:194, mysys/my_malloc.c:210, maria/ma_sort.c:719, maria/ma_check.c:4551, maria/ha_maria.cc:1657, maria/ha_maria.cc:2024, maria/ha_maria.cc:2263
      		 
      Allocated at sql/handler.cc:4654, maria/ma_sort.c:631, maria/ma_check.c:4551, maria/ha_maria.cc:1657, maria/ha_maria.cc:2024, maria/ha_maria.cc:2263, sql/handler.cc:4654, sql/sql_select.cc:19856
      		 
      Error: Freeing overrun buffer 0x1503ec00b650 at sql/sql_update.cc:2641, mysys/safemalloc.c:194, mysys/my_malloc.c:210, maria/ma_sort.c:719, maria/ma_check.c:4551, maria/ha_maria.cc:1657, maria/ha_maria.cc:2024, maria/ha_maria.cc:2263
      		 
      Allocated at sql/handler.cc:4654, maria/ma_sort.c:631, maria/ma_check.c:4551, maria/ha_maria.cc:1657, maria/ha_maria.cc:2024, maria/ha_maria.cc:2263, sql/handler.cc:4654, sql/sql_select.cc:19856
      		 
      210201  8:48:16 [ERROR] mysqld got signal 11 ;

      10.5.9 927a882341eb1087e71d64de4e8cd89ab520de89 (Debug)

      		 
      Core was generated by `/test/MD260121-mariadb-10.5.9-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
      		 
      Program terminated with signal SIGSEGV, Segmentation fault.
      		 
      #0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=11)
      		 
          at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
      		 
      [Current thread is 1 (Thread 0x15044015f700 (LWP 2084671))]
      		 
      (gdb) bt
      		 
      #0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=11) at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
      		 
      #1  0x000055aec402464e in my_write_core (sig=sig@entry=11) at /data/builds/10.5_dbg/mysys/stacktrace.c:424
      		 
      #2  0x000055aec37791a8 in handle_fatal_signal (sig=11) at /data/builds/10.5_dbg/sql/signal_handler.cc:330
      		 
      #3  <signal handler called>
      		 
      #4  0x000055aec361b078 in MDL_key::is_equal (rhs=0x1102000000000601, this=0x15044015dae0) at /data/builds/10.5_dbg/sql/mdl.h:449
      		 
      #5  MDL_context::find_ticket (this=this@entry=0x1503ec000ed8, mdl_request=mdl_request@entry=0x15044015dac0, result_duration=result_duration@entry=0x15044015dabc) at /data/builds/10.5_dbg/sql/mdl.cc:1929
      		 
      #6  0x000055aec361b1cd in MDL_context::is_lock_owner (this=this@entry=0x1503ec000ed8, mdl_namespace=mdl_namespace@entry=MDL_key::TABLE, db=<optimized out>, name=<optimized out>, mdl_type=mdl_type@entry=MDL_SHARED) at /data/builds/10.5_dbg/sql/mdl.cc:2968
      		 
      #7  0x000055aec3419d94 in close_thread_table (thd=thd@entry=0x1503ec000db8, table_ptr=table_ptr@entry=0x1503ec000e98) at /data/builds/10.5_dbg/sql/sql_base.cc:940
      		 
      #8  0x000055aec341a42a in close_thread_tables (thd=thd@entry=0x1503ec000db8) at /data/builds/10.5_dbg/sql/sql_base.cc:919
      		 
      #9  0x000055aec34bad85 in mysql_execute_command (thd=thd@entry=0x1503ec000db8) at /data/builds/10.5_dbg/sql/sql_parse.cc:6089
      		 
      #10 0x000055aec34a08d8 in mysql_parse (thd=thd@entry=0x1503ec000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x15044015e3d0, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /data/builds/10.5_dbg/sql/sql_parse.cc:8062
      		 
      #11 0x000055aec34aebe2 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x1503ec000db8, packet=packet@entry=0x1503ec01ad29 "update t1 set a = ((select max(a) from t1))", packet_length=packet_length@entry=43, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /data/builds/10.5_dbg/sql/sql_class.h:1256
      		 
      #12 0x000055aec34b232f in do_command (thd=0x1503ec000db8) at /data/builds/10.5_dbg/sql/sql_parse.cc:1370
      		 
      #13 0x000055aec360dc83 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55aec6a656f8, put_in_cache=put_in_cache@entry=true) at /data/builds/10.5_dbg/sql/sql_connect.cc:1410
      		 
      #14 0x000055aec360e387 in handle_one_connection (arg=arg@entry=0x55aec6a656f8) at /data/builds/10.5_dbg/sql/sql_connect.cc:1312
      		 
      #15 0x000055aec3ac279d in pfs_spawn_thread (arg=0x55aec699bed8) at /data/builds/10.5_dbg/storage/perfschema/pfs.cc:2201
      		 
      #16 0x000015044422b609 in start_thread (arg=<optimized out>) at pthread_create.c:477
      		 
      #17 0x0000150443e1a293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

      Bug confirmed present (in various expression thereof) in:
      MariaDB: 10.5.9 (dbg), 10.5.9 (opt), 10.6.0 (dbg), 10.6.0 (opt)

      Bug (or feature/syntax) confirmed not present in:
      MariaDB: 10.2.37 (dbg), 10.2.37 (opt), 10.3.28 (dbg), 10.3.28 (opt), 10.4.18 (dbg), 10.4.18 (opt)
      MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.33 (dbg), 5.7.33 (opt), 8.0.23 (dbg), 8.0.23 (opt)

      Attachments

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. MDEV-24750 Various corruptions caused by Aria subsystem asking system call to overwrite memory that it does not own (InnoDB stacks)

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-20945 BACKUP UNLOCK + FTWRL assertion failure | SIGSEGV in I_P_List from MDL_context::release_lock on INSERT w/ BACKUP LOCK (on optimized builds) | Assertion `ticket->m_duration == MDL_EXPLICIT' failed.

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            People

              monty Michael Widenius
              Roel Roel Van de Paar
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.