Details
-
Bug
-
Status: Confirmed (View Workflow)
-
Major
-
Resolution: Unresolved
-
10.3(EOL), 10.4(EOL), 10.5, 10.6, 10.11, 11.0(EOL), 11.1(EOL), 11.2(EOL), 11.3(EOL), 11.4, 11.5(EOL)
Description
The following testcase reliably reproduces the issue. However, different similar testcases (including this testcase) lead to a variety of different stacks, indicating that random memory is being overwritten or similar.
SET sql_mode='',max_error_count=1024; |
CREATE TABLE t (a SET('a','b') NOT NULL) ENGINE=CSV; |
INSERT INTO t VALUES (1),(2),(3),(4),(5),(6),(7),(8),(9),(10); |
INSERT INTO t VALUES (1),(2),(3),(4),(5),(6),(7),(8),(9),(10); |
INSERT INTO t VALUES (1),(2),(3),(4),(5),(6),(7),(8),(9),(10); |
INSERT INTO t VALUES (1),(2),(3),(4),(5),(6),(7),(8),(9),(10); |
INSERT INTO t VALUES (1),(2),(3),(4),(5),(6),(7),(8),(9),(10); |
INSERT INTO t VALUES (1),(2),(3),(4),(5),(6),(7),(8),(9),(10); |
INSERT INTO t SELECT A.a FROM t A,t B,t C; |
UPDATE t SET a=NULL; |
UPDATE t SET a=NULL; # Repeat as needed # |
Leads to:
|
10.10.0 e1caa4bd5e8b4645944b85d4b603bf9fc9ef6ca4 (Debug) |
Core was generated by `/test/MD290722-mariadb-10.10.0-linux-x86_64-dbg/bin/mysqld --no-defaults --core'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 0x00005616f2be7d7a in free_root (root=0x14a1d4006db8,
|
MyFlags=MyFlags@entry=0) at /test/10.10_dbg/mysys/my_alloc.c:493
|
493 old=next; next= next->next ;
|
[Current thread is 1 (Thread 0x14a2600b4700 (LWP 4049157))]
|
(gdb) bt
|
#0 0x00005616f2be7d7a in free_root (root=0x14a1d4006db8, MyFlags=MyFlags@entry=0) at /test/10.10_dbg/mysys/my_alloc.c:493
|
#1 0x00005616f217788c in Warning_info::free_memory (this=this@entry=0x14a1d4006db8) at /test/10.10_dbg/sql/sql_error.cc:529
|
#2 0x00005616f2177a9e in Warning_info::clear (this=0x14a1d4006db8, new_id=<optimized out>) at /test/10.10_dbg/sql/sql_error.cc:558
|
#3 0x00005616f21ca61a in Warning_info::opt_clear (query_id=<optimized out>, this=<optimized out>) at /test/10.10_dbg/sql/sql_error.h:623
|
#4 Diagnostics_area::opt_clear_warning_info (query_id=<optimized out>, this=<optimized out>) at /test/10.10_dbg/sql/sql_error.h:1140
|
#5 mysql_execute_command (thd=thd@entry=0x14a1d4000db8, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.10_dbg/sql/sql_parse.cc:3528
|
#6 0x00005616f21b9534 in mysql_parse (thd=thd@entry=0x14a1d4000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14a2600b3330) at /test/10.10_dbg/sql/sql_parse.cc:8037
|
#7 0x00005616f21c6b1c in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14a1d4000db8, packet=packet@entry=0x14a1d400b6e9 "UPDATE t SET a=NULL", packet_length=packet_length@entry=19, blocking=blocking@entry=true) at /test/10.10_dbg/sql/sql_class.h:1366
|
#8 0x00005616f21c9226 in do_command (thd=0x14a1d4000db8, blocking=blocking@entry=true) at /test/10.10_dbg/sql/sql_parse.cc:1407
|
#9 0x00005616f232a744 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x5616f51304c8, put_in_cache=put_in_cache@entry=true) at /test/10.10_dbg/sql/sql_connect.cc:1418
|
#10 0x00005616f232ac4d in handle_one_connection (arg=0x5616f51304c8) at /test/10.10_dbg/sql/sql_connect.cc:1312
|
#11 0x000014a27af43609 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
#12 0x000014a27ab2f133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
Bug confirmed present in:
MariaDB: 10.3.36 (dbg), 10.3.36 (opt), 10.4.26 (dbg), 10.5.17 (dbg), 10.6.9 (dbg), 10.7.5 (dbg), 10.8.4 (dbg), 10.9.2 (dbg), 10.10.0 (dbg)
MySQL: 5.6.51 (dbg), 5.6.51 (opt)
Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.4.26 (opt), 10.5.17 (opt), 10.6.9 (opt), 10.7.5 (opt), 10.8.4 (opt), 10.9.2 (opt), 10.10.0 (opt)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.7.38 (dbg), 5.7.38 (opt), 8.0.29 (dbg), 8.0.29 (opt)