Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-25775

Corrupt result set or ASAN/valgrind errors in String::copy / Item_cache_str::cache_value

    XMLWordPrintable

    Details

      Description

      Setting to Minor, because only 10.2 is affected and the use case is unlikely to happen in real life

      CREATE TABLE t (g TEXT DEFAULT 'a');
      INSERT INTO t VALUES ('foo');
      SELECT DEFAULT(g) AS f FROM t;
      SELECT MAX(DEFAULT(g)) AS f FROM t;
       
      # Cleanup
      DROP TABLE t;
      

      10.2 5c75ba9c

      ==257141== Invalid read of size 1
      ==257141==    at 0x4842B60: memmove (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
      ==257141==    by 0x7C2B90: String::copy(String const&) (sql_string.cc:179)
      ==257141==    by 0x9C666E: Item_cache_str::cache_value() (item.cc:10116)
      ==257141==    by 0xA799CB: Item_sum_max::add() (item_sum.cc:2218)
      ==257141==    by 0xA7FF75: Aggregator_simple::add() (item_sum.h:708)
      ==257141==    by 0x78C5BA: Item_sum::aggregator_add() (item_sum.h:553)
      ==257141==    by 0x78C48D: Item_sum::reset_and_add() (item_sum.h:440)
      ==257141==    by 0xB0D0AF: opt_sum_query(THD*, List<TABLE_LIST>&, List<Item>&, Item*) (opt_sum.cc:453)
      ==257141==    by 0x7454A5: JOIN::optimize_inner() (sql_select.cc:1510)
      ==257141==    by 0x743E61: JOIN::optimize() (sql_select.cc:1127)
      ==257141==    by 0x74D509: mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3835)
      ==257141==    by 0x74158D: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:361)
      ==257141==    by 0x70B3A9: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:6271)
      ==257141==    by 0x701F1B: mysql_execute_command(THD*) (sql_parse.cc:3582)
      ==257141==    by 0x70F165: mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) (sql_parse.cc:7793)
      ==257141==    by 0x6FD3C0: dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) (sql_parse.cc:1827)
      ==257141==  Address 0xbfd6008 is 8 bytes inside a block of size 16 free'd
      ==257141==    at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
      ==257141==    by 0x113895B: my_free (my_malloc.c:218)
      ==257141==    by 0x6119C1: String::free() (sql_string.h:351)
      ==257141==    by 0x611913: String::~String() (sql_string.h:187)
      ==257141==    by 0x9868B9: Field_blob::~Field_blob() (field.h:3308)
      ==257141==    by 0x9868E5: Field_blob::~Field_blob() (field.h:3308)
      ==257141==    by 0x9C26E0: Item_default_value::cleanup() (item.cc:9007)
      ==257141==    by 0x6C45C6: Item::delete_self() (item.h:1963)
      ==257141==    by 0x6BAFFD: Query_arena::free_items() (sql_class.cc:3555)
      ==257141==    by 0x6B62A6: THD::cleanup_after_query() (sql_class.cc:2098)
      ==257141==    by 0x70F2B6: mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) (sql_parse.cc:7815)
      ==257141==    by 0x6FD3C0: dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) (sql_parse.cc:1827)
      ==257141==    by 0x6FBEBB: do_command(THD*) (sql_parse.cc:1381)
      ==257141==    by 0x85CDF6: do_handle_one_connection(CONNECT*) (sql_connect.cc:1336)
      ==257141==    by 0x85CB5B: handle_one_connection (sql_connect.cc:1241)
      ==257141==    by 0x10D8313: pfs_spawn_thread (pfs.cc:1869)
      ==257141==  Block was alloc'd at
      ==257141==    at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
      ==257141==    by 0x113835C: my_malloc (my_malloc.c:101)
      ==257141==    by 0x7C26B5: String::real_alloc(unsigned long) (sql_string.cc:45)
      ==257141==    by 0x62149E: String::alloc(unsigned long) (sql_string.h:361)
      ==257141==    by 0x979031: Field_blob::store(char const*, unsigned int, charset_info_st const*) (field.cc:8297)
      ==257141==    by 0x9A9B47: Item::save_str_value_in_field(Field*, String*) (item.cc:479)
      ==257141==    by 0x9BAAC9: Item_string::save_in_field(Field*, bool) (item.cc:6449)
      ==257141==    by 0x96294B: Field::set_default() (field.cc:2457)
      ==257141==    by 0x9C27F6: Item_default_value::calculate() (item.cc:9033)
      ==257141==    by 0x9C2959: Item_default_value::send(Protocol*, String*) (item.cc:9069)
      ==257141==    by 0x61F268: Protocol::send_result_set_row(List<Item>*) (protocol.cc:992)
      ==257141==    by 0x6B83B9: select_send::send_data(List<Item>&) (sql_class.cc:2788)
      ==257141==    by 0x776CC1: end_send(JOIN*, st_join_table*, bool) (sql_select.cc:20046)
      ==257141==    by 0x773250: do_select(JOIN*, Procedure*) (sql_select.cc:18375)
      ==257141==    by 0x74CF17: JOIN::exec_inner() (sql_select.cc:3651)
      ==257141==    by 0x74C3BB: JOIN::exec() (sql_select.cc:3446)
      

      10.2 5c75ba9c

      ==257238==ERROR: AddressSanitizer: heap-use-after-free on address 0x60c00001fc70 at pc 0x7f29ed1b2f40 bp 0x7f29e1cfce20 sp 0x7f29e1cfc5c8
      READ of size 1 at 0x60c00001fc70 thread T5
          #0 0x7f29ed1b2f3f in __interceptor_memmove (/lib/x86_64-linux-gnu/libasan.so.5+0xa0f3f)
          #1 0x55830d225a08 in String::copy(String const&) /data/src/10.2/sql/sql_string.cc:179
          #2 0x55830d6f3ed8 in Item_cache_str::cache_value() /data/src/10.2/sql/item.cc:10116
          #3 0x55830d8a46c3 in Item_sum_max::add() /data/src/10.2/sql/item_sum.cc:2218
          #4 0x55830d8b79b7 in Aggregator_simple::add() /data/src/10.2/sql/item_sum.h:708
          #5 0x55830d19821f in Item_sum::aggregator_add() (/mnt-hd8t/bld/10.2-asan-nightly/bin/mysqld+0xfb221f)
          #6 0x55830d197e95 in Item_sum::reset_and_add() /data/src/10.2/sql/item_sum.h:440
          #7 0x55830da20cf1 in opt_sum_query(THD*, List<TABLE_LIST>&, List<Item>&, Item*) /data/src/10.2/sql/opt_sum.cc:453
          #8 0x55830d0d5be4 in JOIN::optimize_inner() /data/src/10.2/sql/sql_select.cc:1510
          #9 0x55830d0d1b81 in JOIN::optimize() /data/src/10.2/sql/sql_select.cc:1127
          #10 0x55830d0ed288 in mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/10.2/sql/sql_select.cc:3835
          #11 0x55830d0c9e4f in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.2/sql/sql_select.cc:361
          #12 0x55830d040cbc in execute_sqlcom_select /data/src/10.2/sql/sql_parse.cc:6271
          #13 0x55830d02e045 in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:3582
          #14 0x55830d04a1d1 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:7793
          #15 0x55830d0233d6 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1827
          #16 0x55830d0201a1 in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1381
          #17 0x55830d3a9ed5 in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1336
          #18 0x55830d3a9798 in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241
          #19 0x55830e74fca9 in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1869
          #20 0x7f29ecba5608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477
          #21 0x7f29ec781292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)
       
      0x60c00001fc70 is located 112 bytes inside of 124-byte region [0x60c00001fc00,0x60c00001fc7c)
      freed by thread T5 here:
          #0 0x7f29ed21f7cf in __interceptor_free (/lib/x86_64-linux-gnu/libasan.so.5+0x10d7cf)
          #1 0x55830e86d8ee in free_memory /data/src/10.2/mysys/safemalloc.c:279
          #2 0x55830e86ce3a in sf_free /data/src/10.2/mysys/safemalloc.c:197
          #3 0x55830e8391a6 in my_free /data/src/10.2/mysys/my_malloc.c:218
          #4 0x55830cde98ef in String::free() /data/src/10.2/sql/sql_string.h:351
          #5 0x55830cde96cf in String::~String() /data/src/10.2/sql/sql_string.h:187
          #6 0x55830d64a166 in Field_blob::~Field_blob() /data/src/10.2/sql/field.h:3308
          #7 0x55830d64a191 in Field_blob::~Field_blob() /data/src/10.2/sql/field.h:3308
          #8 0x55830d6ea610 in Item_default_value::cleanup() /data/src/10.2/sql/item.cc:9007
          #9 0x55830cf92585 in Item::delete_self() /data/src/10.2/sql/item.h:1963
          #10 0x55830cf7b9a5 in Query_arena::free_items() /data/src/10.2/sql/sql_class.cc:3555
          #11 0x55830cf6dbc0 in THD::cleanup_after_query() /data/src/10.2/sql/sql_class.cc:2098
          #12 0x55830d04a4b5 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:7815
          #13 0x55830d0233d6 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1827
          #14 0x55830d0201a1 in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1381
          #15 0x55830d3a9ed5 in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1336
          #16 0x55830d3a9798 in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241
          #17 0x55830e74fca9 in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1869
          #18 0x7f29ecba5608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477
       
      previously allocated by thread T5 here:
          #0 0x7f29ed21fbc8 in malloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10dbc8)
          #1 0x55830e86c7ac in sf_malloc /data/src/10.2/mysys/safemalloc.c:118
          #2 0x55830e838735 in my_malloc /data/src/10.2/mysys/my_malloc.c:101
          #3 0x55830d224db4 in String::real_alloc(unsigned long) /data/src/10.2/sql/sql_string.cc:45
          #4 0x55830ce11cbf in String::alloc(unsigned long) /data/src/10.2/sql/sql_string.h:361
          #5 0x55830d62895e in Field_blob::store(char const*, unsigned int, charset_info_st const*) /data/src/10.2/sql/field.cc:8297
          #6 0x55830d6a47fa in Item::save_str_value_in_field(Field*, String*) /data/src/10.2/sql/item.cc:479
          #7 0x55830d6d2664 in Item_string::save_in_field(Field*, bool) /data/src/10.2/sql/item.cc:6449
          #8 0x55830d5e7e59 in Field::set_default() /data/src/10.2/sql/field.cc:2457
          #9 0x55830d6ea86a in Item_default_value::calculate() /data/src/10.2/sql/item.cc:9033
          #10 0x55830d6eaa5f in Item_default_value::send(Protocol*, String*) /data/src/10.2/sql/item.cc:9069
          #11 0x55830ce0b6ed in Protocol::send_result_set_row(List<Item>*) /data/src/10.2/sql/protocol.cc:992
          #12 0x55830cf7366c in select_send::send_data(List<Item>&) /data/src/10.2/sql/sql_class.cc:2788
          #13 0x55830d15cd04 in end_send /data/src/10.2/sql/sql_select.cc:20046
          #14 0x55830d151c82 in do_select /data/src/10.2/sql/sql_select.cc:18375
          #15 0x55830d0ec0da in JOIN::exec_inner() /data/src/10.2/sql/sql_select.cc:3651
          #16 0x55830d0e9bf1 in JOIN::exec() /data/src/10.2/sql/sql_select.cc:3446
          #17 0x55830d0ed474 in mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/10.2/sql/sql_select.cc:3849
          #18 0x55830d0c9e4f in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.2/sql/sql_select.cc:361
          #19 0x55830d040cbc in execute_sqlcom_select /data/src/10.2/sql/sql_parse.cc:6271
          #20 0x55830d02e045 in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:3582
          #21 0x55830d04a1d1 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:7793
          #22 0x55830d0233d6 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1827
          #23 0x55830d0201a1 in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1381
          #24 0x55830d3a9ed5 in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1336
          #25 0x55830d3a9798 in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241
          #26 0x55830e74fca9 in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1869
          #27 0x7f29ecba5608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477
       
      Thread T5 created by T0 here:
          #0 0x7f29ed14c805 in pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x3a805)
          #1 0x55830e75009a in spawn_thread_v1 /data/src/10.2/storage/perfschema/pfs.cc:1919
          #2 0x55830cdc4243 in inline_mysql_thread_create /data/src/10.2/include/mysql/psi/mysql_thread.h:1246
          #3 0x55830cddc19a in create_thread_to_handle_connection(CONNECT*) /data/src/10.2/sql/mysqld.cc:6573
          #4 0x55830cddc935 in create_new_thread /data/src/10.2/sql/mysqld.cc:6643
          #5 0x55830cdddad8 in handle_connections_sockets() /data/src/10.2/sql/mysqld.cc:6901
          #6 0x55830cddb4eb in mysqld_main(int, char**) /data/src/10.2/sql/mysqld.cc:6192
          #7 0x55830cdc2afc in main /data/src/10.2/sql/main.cc:25
          #8 0x7f29ec6860b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
       
      SUMMARY: AddressSanitizer: heap-use-after-free (/lib/x86_64-linux-gnu/libasan.so.5+0xa0f3f) in __interceptor_memmove
      Shadow bytes around the buggy address:
        0x0c187fffbf30: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
        0x0c187fffbf40: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
        0x0c187fffbf50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04
        0x0c187fffbf60: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
        0x0c187fffbf70: 00 00 00 00 00 00 00 04 fa fa fa fa fa fa fa fa
      =>0x0c187fffbf80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]fd
        0x0c187fffbf90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
        0x0c187fffbfa0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
        0x0c187fffbfb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
        0x0c187fffbfc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
        0x0c187fffbfd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      Shadow byte legend (one shadow byte represents 8 application bytes):
        Addressable:           00
        Partially addressable: 01 02 03 04 05 06 07 
        Heap left redzone:       fa
        Freed heap region:       fd
        Stack left redzone:      f1
        Stack mid redzone:       f2
        Stack right redzone:     f3
        Stack after return:      f5
        Stack use after scope:   f8
        Global redzone:          f9
        Global init order:       f6
        Poisoned by user:        f7
        Container overflow:      fc
        Array cookie:            ac
        Intra object redzone:    bb
        ASan internal:           fe
        Left alloca redzone:     ca
        Right alloca redzone:    cb
        Shadow gap:              cc
      ==257238==ABORTING
      210526  2:19:02 [ERROR] mysqld got signal 6 ;
      This could be because you hit a bug. It is also possible that this binary
      or one of the libraries it was linked against is corrupt, improperly built,
      or misconfigured. This error can also be caused by malfunctioning hardware.
       
      To report this bug, see https://mariadb.com/kb/en/reporting-bugs
       
      We will try our best to scrape up some info that will hopefully help
      diagnose the problem, but since we have already crashed, 
      something is definitely wrong and this may fail.
       
      Server version: 10.2.39-MariaDB-debug-log
      key_buffer_size=1048576
      read_buffer_size=131072
      max_used_connections=1
      max_threads=153
      thread_count=1
      It is possible that mysqld could use up to 
      key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 63106 K  bytes of memory
      Hope that's ok; if not, decrease some variables in the equation.
       
      Thread pointer: 0x62a000060270
      Attempting backtrace. You can use the following information to find out
      where mysqld died. If you see no messages after this, something went
      terribly wrong...
      stack_bottom = 0x7f29e1d00d10 thread_stack 0x5b000
      /lib/x86_64-linux-gnu/libasan.so.5(+0x6cd30)[0x7f29ed17ed30]
      mysys/stacktrace.c:172(my_print_stacktrace)[0x55830e84a163]
      sql/signal_handler.cc:221(handle_fatal_signal)[0x55830d6687a9]
      sigaction.c:0(__restore_rt)[0x7f29ecbb13c0]
      /lib/x86_64-linux-gnu/libc.so.6(gsignal+0xcb)[0x7f29ec6a518b]
      /lib/x86_64-linux-gnu/libc.so.6(abort+0x12b)[0x7f29ec684859]
      /lib/x86_64-linux-gnu/libasan.so.5(+0x12b6a2)[0x7f29ed23d6a2]
      /lib/x86_64-linux-gnu/libasan.so.5(+0x13624c)[0x7f29ed24824c]
      /lib/x86_64-linux-gnu/libasan.so.5(+0x1178ec)[0x7f29ed2298ec]
      /lib/x86_64-linux-gnu/libasan.so.5(+0x117363)[0x7f29ed229363]
      /lib/x86_64-linux-gnu/libasan.so.5(memmove+0x30f)[0x7f29ed1b2f5f]
      sql/sql_string.cc:180(String::copy(String const&))[0x55830d225a09]
      sql/item.cc:10117(Item_cache_str::cache_value())[0x55830d6f3ed9]
      sql/item_sum.cc:2219(Item_sum_max::add())[0x55830d8a46c4]
      sql/item_sum.h:708(Aggregator_simple::add())[0x55830d8b79b8]
      sql/item_sum.h:553(Item_sum::aggregator_add())[0x55830d198220]
      sql/item_sum.h:441(Item_sum::reset_and_add())[0x55830d197e96]
      sql/opt_sum.cc:458(opt_sum_query(THD*, List<TABLE_LIST>&, List<Item>&, Item*))[0x55830da20cf2]
      sql/sql_select.cc:1510(JOIN::optimize_inner())[0x55830d0d5be5]
      sql/sql_select.cc:1127(JOIN::optimize())[0x55830d0d1b82]
      sql/sql_select.cc:3835(mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x55830d0ed289]
      sql/sql_select.cc:361(handle_select(THD*, LEX*, select_result*, unsigned long))[0x55830d0c9e50]
      sql/sql_parse.cc:6271(execute_sqlcom_select(THD*, TABLE_LIST*))[0x55830d040cbd]
      sql/sql_parse.cc:3582(mysql_execute_command(THD*))[0x55830d02e046]
      sql/sql_parse.cc:7793(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x55830d04a1d2]
      sql/sql_parse.cc:1830(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x55830d0233d7]
      sql/sql_parse.cc:1381(do_command(THD*))[0x55830d0201a2]
      sql/sql_connect.cc:1336(do_handle_one_connection(CONNECT*))[0x55830d3a9ed6]
      sql/sql_connect.cc:1242(handle_one_connection)[0x55830d3a9799]
      perfschema/pfs.cc:1871(pfs_spawn_thread)[0x55830e74fcaa]
      nptl/pthread_create.c:478(start_thread)[0x7f29ecba5609]
      /lib/x86_64-linux-gnu/libc.so.6(clone+0x43)[0x7f29ec781293]
       
      Trying to get some variables.
      Some pointers may be invalid and cause the dump to abort.
      Query (0x62b000000290): SELECT MAX(DEFAULT(g)) AS f FROM t
       
      Connection ID (thread ID): 4
      Status: NOT_KILLED
       
      Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,engine_condition_pushdown=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=off,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on
       
      The manual page at https://mariadb.com/kb/en/how-to-produce-a-full-stack-trace-for-mysqld/ contains
      information that should help you find out what is causing the crash.
      Writing a core file...
      Working directory at /dev/shm/var_auto_Rqbg/mysqld.1/data
      Resource Limits:
      Limit                     Soft Limit           Hard Limit           Units     
      Max cpu time              unlimited            unlimited            seconds   
      Max file size             unlimited            unlimited            bytes     
      Max data size             unlimited            unlimited            bytes     
      Max stack size            8388608              unlimited            bytes     
      Max core file size        unlimited            unlimited            bytes     
      Max resident set          unlimited            unlimited            bytes     
      Max processes             385874               385874               processes 
      Max open files            1024                 1024                 files     
      Max locked memory         67108864             67108864             bytes     
      Max address space         unlimited            unlimited            bytes     
      Max file locks            unlimited            unlimited            locks     
      Max pending signals       385874               385874               signals   
      Max msgqueue size         819200               819200               bytes     
      Max nice priority         0                    0                    
      Max realtime priority     0                    0                    
      Max realtime timeout      unlimited            unlimited            us        
      Core pattern: |/usr/share/apport/apport %p %s %c %d %P %E
      

      SELECT DEFAULT(g) AS f FROM t;
      f
      a
      SELECT MAX(DEFAULT(g)) AS f FROM t;
      f

      Not reproducible on 10.3+.

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            elenst Elena Stepanova
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:

                Git Integration