Details
-
Bug
-
Status: Closed (View Workflow)
-
Critical
-
Resolution: Fixed
-
10.5, 10.6, 10.11, 10.7(EOL), 10.8(EOL), 10.9(EOL), 10.10(EOL), 11.0(EOL)
Description
SET sql_mode=''; |
INSTALL PLUGIN Spider SONAME 'ha_spider.so'; |
CREATE USER Spider@localhost IDENTIFIED BY 'PWD0'; |
CREATE SERVER srv FOREIGN DATA WRAPPER MYSQL OPTIONS (SOCKET '../socket.sock',DATABASE 'test',user 'Spider',PASSWORD 'PWD0'); |
CREATE TABLE t (a INT) ENGINE=InnoDB; |
CREATE TABLE t1 (a INT) ENGINE=Spider COMMENT='WRAPPER "mysql",srv "srv",TABLE "t"'; |
INSERT INTO t1 VALUES (1); |
DROP TABLE IF EXISTS t1; |
CREATE TABLE t1 (a INT KEY) ENGINE=Spider COMMENT='WRAPPER "mysql",srv "srv",TABLE "t"'; |
SELECT MAX(a),MAX(COALESCE(a)) FROM t1; |
Leads to:
10.11.0 bc563f1a4b0b38de3b41fd0f0d3d8b7f1aacbd8b (Debug) |
Core was generated by `/test/MD190822-mariadb-10.11.0-linux-x86_64-dbg/bin/mysqld --no-defaults --core'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 __memmove_avx_unaligned_erms ()
|
at ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:383
|
[Current thread is 1 (Thread 0x14b750085700 (LWP 4075535))]
|
(gdb) bt
|
#0 __memmove_avx_unaligned_erms () at ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:383
|
#1 0x000014b73c159ce3 in memcpy (__len=360330344, __src=0xa5a5a5a5a5a50031, __dest=<optimized out>) at /usr/include/x86_64-linux-gnu/bits/string_fortified.h:34
|
#2 Binary_string::q_append (data_len=360330344, data=0xa5a5a5a5a5a50031 <error: Cannot access memory at address 0xa5a5a5a5a5a50031>, this=<optimized out>) at /test/10.11_dbg/sql/sql_string.h:371
|
#3 spider_string::q_append (this=this@entry=0x14b750082e90, data=0xa5a5a5a5a5a50031 <error: Cannot access memory at address 0xa5a5a5a5a5a50031>, data_len=360330344) at /test/10.11_dbg/storage/spider/spd_malloc.cc:1112
|
#4 0x000014b73c17e760 in spider_db_mbase_row::append_to_str (this=0x14b6c802f730, str=0x14b750082e90) at /test/10.11_dbg/storage/spider/spd_db_mysql.cc:443
|
#5 0x000014b73c0f59bd in spider_db_fetch_for_item_sum_func (row=row@entry=0x14b6c802f730, item_sum=0x14b6c80145e0, spider=spider@entry=0x14b6c80a7830) at /test/10.11_dbg/storage/spider/spd_db_conn.cc:2213
|
#6 0x000014b73c0f5b1a in spider_db_fetch_for_item_sum_funcs (row=0x14b6c802f730, spider=spider@entry=0x14b6c80a7830) at /test/10.11_dbg/storage/spider/spd_db_conn.cc:2100
|
#7 0x000014b73c0f63ce in spider_db_fetch_table (spider=spider@entry=0x14b6c80a7830, buf=buf@entry=0x14b6c80f8cb0 "\377", table=0x14b6c80f7c20, result_list=0x14b6c80a7db0) at /test/10.11_dbg/storage/spider/spd_db_conn.cc:2441
|
#8 0x000014b73c0fcc06 in spider_db_fetch (buf=buf@entry=0x14b6c80f8cb0 "\377", spider=0x14b6c80a7830, table=table@entry=0x14b6c80f7c20) at /test/10.11_dbg/storage/spider/spd_db_conn.cc:3940
|
#9 0x000014b73c0fe93c in spider_db_seek_next (buf=0x14b6c80f8cb0 "\377", spider=0x14b6c80a7830, link_idx=0, table=0x14b6c80f7c20) at /test/10.11_dbg/storage/spider/spd_db_conn.cc:4419
|
#10 0x000014b73c1b3b7e in spider_group_by_handler::next_row (this=0x14b6c8096f40) at /test/10.11_dbg/storage/spider/spd_group_by_handler.cc:1575
|
#11 0x0000563a9f5976c8 in Pushdown_query::execute (this=0x14b6c8017770, join=join@entry=0x14b6c80158c8) at /test/10.11_dbg/sql/group_by_handler.cc:64
|
#12 0x0000563a9f56a399 in do_select (procedure=<optimized out>, join=0x14b6c80158c8) at /test/10.11_dbg/sql/sql_select.cc:21206
|
#13 JOIN::exec_inner (this=this@entry=0x14b6c80158c8) at /test/10.11_dbg/sql/sql_select.cc:4812
|
#14 0x0000563a9f56ae28 in JOIN::exec (this=this@entry=0x14b6c80158c8) at /test/10.11_dbg/sql/sql_select.cc:4590
|
#15 0x0000563a9f568bac in mysql_select (thd=thd@entry=0x14b6c8000db8, tables=0x14b6c80147a0, fields=@0x14b6c8013f88: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14b6c80143c0, last = 0x14b6c8014720, elements = 2}, <No data fields>}, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2164525824, result=0x14b6c80158a0, unit=0x14b6c8004ff0, select_lex=0x14b6c8013ce8) at /test/10.11_dbg/sql/sql_select.cc:5070
|
#16 0x0000563a9f5693a2 in handle_select (thd=thd@entry=0x14b6c8000db8, lex=lex@entry=0x14b6c8004f18, result=result@entry=0x14b6c80158a0, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.11_dbg/sql/sql_select.cc:581
|
#17 0x0000563a9f4d35a6 in execute_sqlcom_select (thd=thd@entry=0x14b6c8000db8, all_tables=0x14b6c80147a0) at /test/10.11_dbg/sql/sql_parse.cc:6261
|
#18 0x0000563a9f4df8c7 in mysql_execute_command (thd=thd@entry=0x14b6c8000db8, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.11_dbg/sql/sql_parse.cc:3945
|
#19 0x0000563a9f4cd882 in mysql_parse (thd=thd@entry=0x14b6c8000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14b750084330) at /test/10.11_dbg/sql/sql_parse.cc:8035
|
#20 0x0000563a9f4dae6a in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14b6c8000db8, packet=packet@entry=0x14b6c800b6e9 "", packet_length=packet_length@entry=38, blocking=blocking@entry=true) at /test/10.11_dbg/sql/sql_class.h:1339
|
#21 0x0000563a9f4dd574 in do_command (thd=0x14b6c8000db8, blocking=blocking@entry=true) at /test/10.11_dbg/sql/sql_parse.cc:1407
|
#22 0x0000563a9f63f1da in do_handle_one_connection (connect=<optimized out>, connect@entry=0x563aa2b2af18, put_in_cache=put_in_cache@entry=true) at /test/10.11_dbg/sql/sql_connect.cc:1418
|
#23 0x0000563a9f63f6e3 in handle_one_connection (arg=0x563aa2b2af18) at /test/10.11_dbg/sql/sql_connect.cc:1312
|
#24 0x000014b768cec609 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
#25 0x000014b7688d8133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
10.11.0 bc563f1a4b0b38de3b41fd0f0d3d8b7f1aacbd8b (Optimized) |
Core was generated by `/test/MD190822-mariadb-10.11.0-linux-x86_64-opt/bin/mysqld --no-defaults --core'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 0x0000557d0b4b803c in my_strntoull10rnd_8bit (cs=<optimized out>,
|
str=0x1 <error: Cannot access memory at address 0x1>,
|
length=<optimized out>, unsigned_flag=0, endptr=0x15218ca5d398,
|
error=0x15218ca5d394) at /test/10.11_opt/strings/ctype-simple.c:1644
|
[Current thread is 1 (Thread 0x15218ca5f700 (LWP 4075354))]
|
(gdb) bt
|
#0 0x0000557d0b4b803c in my_strntoull10rnd_8bit (cs=<optimized out>, str=0x1 <error: Cannot access memory at address 0x1>, length=<optimized out>, unsigned_flag=0, endptr=0x15218ca5d398, error=0x15218ca5d394) at /test/10.11_opt/strings/ctype-simple.c:1644
|
#1 0x0000557d0afd3608 in charset_info_st::strntoull10rnd (error=0x15218ca5d394, endptr=0x15218ca5d398, unsigned_fl=<optimized out>, length=965, str=0x1 <error: Cannot access memory at address 0x1>, this=0x557d0be6dd60 <my_charset_latin1>) at /test/10.11_opt/include/m_ctype.h:910
|
#2 Field_longlong::store (this=0x152148063dd0, from=0x1 <error: Cannot access memory at address 0x1>, len=965, cs=0x557d0be6dd60 <my_charset_latin1>) at /test/10.11_opt/sql/field.cc:4561
|
#3 0x000015218c9c0aaf in spider_db_mbase_row::store_to_field (access_charset=0x557d0be6dd60 <my_charset_latin1>, field=0x152148063dd0, this=0x152148082100) at /test/10.11_opt/storage/spider/spd_db_mysql.cc:431
|
#4 spider_db_mbase_row::store_to_field (this=0x152148082100, field=0x152148063dd0, access_charset=0x557d0be6dd60 <my_charset_latin1>) at /test/10.11_opt/storage/spider/spd_db_mysql.cc:395
|
#5 0x000015218c95cc0c in spider_db_fetch_row (share=share@entry=0x1521480646a8, field=0x152148063dd0, row=0x152148082100, ptr_diff=ptr_diff@entry=0) at /test/10.11_opt/storage/spider/spd_db_conn.cc:2364
|
#6 0x000015218c95cd56 in spider_db_fetch_table (spider=spider@entry=0x1521480281f0, buf=<optimized out>, table=0x152148062f90, result_list=result_list@entry=0x152148028770) at /test/10.11_opt/storage/spider/spd_db_conn.cc:2467
|
#7 0x000015218c9608a5 in spider_db_fetch (buf=<optimized out>, spider=0x1521480281f0, table=<optimized out>) at /test/10.11_opt/storage/spider/spd_db_conn.cc:3940
|
#8 0x000015218c960ba9 in spider_db_seek_next (buf=0x1521480281f0 "(e\240\214!\025", spider=<optimized out>, link_idx=<optimized out>, table=0x1521480123a8) at /test/10.11_opt/storage/spider/spd_db_conn.cc:4419
|
#9 0x000015218c9dcdb3 in spider_group_by_handler::next_row (this=0x557d0cf87760) at /test/10.11_opt/storage/spider/spd_group_by_handler.cc:1575
|
#10 spider_group_by_handler::next_row (this=0x557d0cf87760) at /test/10.11_opt/storage/spider/spd_group_by_handler.cc:1508
|
#11 0x0000557d0ae336ca in Pushdown_query::execute (this=0x152148014140, join=join@entry=0x1521480123a8) at /test/10.11_opt/sql/group_by_handler.cc:64
|
#12 0x0000557d0ae155d5 in do_select (procedure=<optimized out>, join=0x1521480123a8) at /test/10.11_opt/sql/sql_select.cc:21206
|
#13 JOIN::exec_inner (this=0x1521480123a8) at /test/10.11_opt/sql/sql_select.cc:4812
|
#14 0x0000557d0ae15f68 in JOIN::exec (this=this@entry=0x1521480123a8) at /test/10.11_opt/sql/sql_select.cc:4590
|
#15 0x0000557d0ae14171 in mysql_select (thd=0x152148000c58, tables=0x152148011280, fields=@0x152148010a68: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x152148010ea0, last = 0x152148011200, elements = 2}, <No data fields>}, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x152148012380, unit=0x152148004cd0, select_lex=0x1521480107c8) at /test/10.11_opt/sql/sql_select.cc:5070
|
#16 0x0000557d0ae148b7 in handle_select (thd=thd@entry=0x152148000c58, lex=lex@entry=0x152148004bf8, result=result@entry=0x152148012380, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.11_opt/sql/sql_select.cc:581
|
#17 0x0000557d0ad965b1 in execute_sqlcom_select (thd=0x152148000c58, all_tables=0x152148011280) at /test/10.11_opt/sql/sql_parse.cc:6261
|
#18 0x0000557d0ada41f8 in mysql_execute_command (thd=0x152148000c58, is_called_from_prepared_stmt=<optimized out>) at /test/10.11_opt/sql/sql_parse.cc:3945
|
#19 0x0000557d0ad917b5 in mysql_parse (rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, thd=0x152148000c58) at /test/10.11_opt/sql/sql_parse.cc:8035
|
#20 mysql_parse (thd=0x152148000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/10.11_opt/sql/sql_parse.cc:7957
|
#21 0x0000557d0ad9d2ca in dispatch_command (command=COM_QUERY, thd=0x152148000c58, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/10.11_opt/sql/sql_class.h:1339
|
#22 0x0000557d0ad9f1f2 in do_command (thd=0x152148000c58, blocking=blocking@entry=true) at /test/10.11_opt/sql/sql_parse.cc:1407
|
#23 0x0000557d0aeb746f in do_handle_one_connection (connect=<optimized out>, connect@entry=0x557d0d26f118, put_in_cache=put_in_cache@entry=true) at /test/10.11_opt/sql/sql_connect.cc:1418
|
#24 0x0000557d0aeb774d in handle_one_connection (arg=0x557d0d26f118) at /test/10.11_opt/sql/sql_connect.cc:1312
|
#25 0x00001521a5ea1609 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
#26 0x00001521a5a8d133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
10.5.18 5fc172fd43375b392a8c8adfb9038c279e578d83 (Debug) |
Core was generated by `/test/MD200822-mariadb-10.5.18-linux-x86_64-dbg/bin/mysqld --no-defaults --core'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 __memmove_avx_unaligned_erms ()
|
at ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:383
|
[Current thread is 1 (Thread 0x14b3eedab700 (LWP 4076735))]
|
(gdb) bt
|
#0 __memmove_avx_unaligned_erms () at ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:383
|
#1 0x000014b3eecb67eb in memcpy (__len=360330344, __src=0xa5a5a5a5a5a50031, __dest=<optimized out>) at /usr/include/x86_64-linux-gnu/bits/string_fortified.h:34
|
#2 Static_binary_string::q_append (data_len=360330344, data=0xa5a5a5a5a5a50031 <error: Cannot access memory at address 0xa5a5a5a5a5a50031>, this=0x14b3eeda9210) at /test/10.5_dbg/sql/sql_string.h:318
|
#3 spider_string::q_append (this=this@entry=0x14b3eeda9200, data=0xa5a5a5a5a5a50031 <error: Cannot access memory at address 0xa5a5a5a5a5a50031>, data_len=360330344) at /test/10.5_dbg/storage/spider/spd_malloc.cc:1132
|
#4 0x000014b3eecdc076 in spider_db_mbase_row::append_to_str (this=0x14b38002c400, str=0x14b3eeda9200) at /test/10.5_dbg/storage/spider/spd_db_mysql.cc:454
|
#5 0x000014b3eec52c0e in spider_db_fetch_for_item_sum_func (row=row@entry=0x14b38002c400, item_sum=0x14b380014540, spider=spider@entry=0x14b380094120) at /test/10.5_dbg/storage/spider/spd_db_conn.cc:2934
|
#6 0x000014b3eec52d6b in spider_db_fetch_for_item_sum_funcs (row=0x14b38002c400, spider=spider@entry=0x14b380094120) at /test/10.5_dbg/storage/spider/spd_db_conn.cc:2803
|
#7 0x000014b3eec536a4 in spider_db_fetch_table (spider=spider@entry=0x14b380094120, buf=buf@entry=0x14b3800f0808 "\377", table=0x14b3800ef750, result_list=0x14b3800946b0) at /test/10.5_dbg/storage/spider/spd_db_conn.cc:3213
|
#8 0x000014b3eec59eee in spider_db_fetch (buf=buf@entry=0x14b3800f0808 "\377", spider=0x14b380094120, table=table@entry=0x14b3800ef750) at /test/10.5_dbg/storage/spider/spd_db_conn.cc:4987
|
#9 0x000014b3eec5bcf0 in spider_db_seek_next (buf=0x14b3800f0808 "\377", spider=0x14b380094120, link_idx=0, table=0x14b3800ef750) at /test/10.5_dbg/storage/spider/spd_db_conn.cc:5505
|
#10 0x000014b3eed12846 in spider_group_by_handler::next_row (this=0x14b3800c9730) at /test/10.5_dbg/storage/spider/spd_group_by_handler.cc:1597
|
#11 0x000055fdee925244 in Pushdown_query::execute (this=0x14b3800180a0, join=join@entry=0x14b380015868) at /test/10.5_dbg/sql/group_by_handler.cc:64
|
#12 0x000055fdee8fa3cf in do_select (procedure=<optimized out>, join=0x14b380015868) at /test/10.5_dbg/sql/sql_select.cc:20396
|
#13 JOIN::exec_inner (this=this@entry=0x14b380015868) at /test/10.5_dbg/sql/sql_select.cc:4560
|
#14 0x000055fdee8fad98 in JOIN::exec (this=this@entry=0x14b380015868) at /test/10.5_dbg/sql/sql_select.cc:4340
|
#15 0x000055fdee8f89fc in mysql_select (thd=thd@entry=0x14b380000db8, tables=0x14b380014720, fields=@0x14b380013cf8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14b3800142d8, last = 0x14b3800146a0, elements = 2}, <No data fields>}, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x14b380015840, unit=0x14b380004d60, select_lex=0x14b380013ba8) at /test/10.5_dbg/sql/sql_select.cc:4817
|
#16 0x000055fdee8f94ec in handle_select (thd=thd@entry=0x14b380000db8, lex=lex@entry=0x14b380004c98, result=result@entry=0x14b380015840, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.5_dbg/sql/sql_select.cc:444
|
#17 0x000055fdee877584 in execute_sqlcom_select (thd=thd@entry=0x14b380000db8, all_tables=0x14b380014720) at /test/10.5_dbg/sql/sql_parse.cc:6315
|
#18 0x000055fdee88401b in mysql_execute_command (thd=thd@entry=0x14b380000db8) at /test/10.5_dbg/sql/sql_parse.cc:4006
|
#19 0x000055fdee8713c0 in mysql_parse (thd=thd@entry=0x14b380000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14b3eedaa340, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_dbg/sql/sql_parse.cc:8101
|
#20 0x000055fdee87f39a in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14b380000db8, packet=packet@entry=0x14b38000b2b9 "", packet_length=packet_length@entry=38, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_dbg/sql/sql_class.h:1290
|
#21 0x000055fdee881eb6 in do_command (thd=0x14b380000db8) at /test/10.5_dbg/sql/sql_parse.cc:1375
|
#22 0x000055fdee9c2133 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55fdf18f9ef8, put_in_cache=put_in_cache@entry=true) at /test/10.5_dbg/sql/sql_connect.cc:1418
|
#23 0x000055fdee9c263b in handle_one_connection (arg=0x55fdf18f9ef8) at /test/10.5_dbg/sql/sql_connect.cc:1312
|
#24 0x000014b40d2ab609 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
#25 0x000014b40ce97133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
Bug confirmed present in:
MariaDB: 10.5.18 (dbg), 10.5.18 (opt), 10.6.10 (dbg), 10.6.10 (opt), 10.7.6 (dbg), 10.7.6 (opt), 10.8.5 (dbg), 10.8.5 (opt), 10.9.2 (dbg), 10.9.2 (opt), 10.10.2 (dbg), 10.10.2 (opt), 10.11.0 (dbg), 10.11.0 (opt)
Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.4.27 (dbg), 10.4.27 (opt)
Attachments
Issue Links
- includes
-
MDEV-31673 Backport cleanup commits from MDEV-29502 to lower versions
- Closed
- relates to
-
MDEV-20502 Queries against spider tables return wrong values for columns following constant declarations.
- Closed
-
MDEV-34659 SIGSEGV in __memcpy_evex_unaligned_erms from [Static_][Bb]inary_string::q_append on SELECT
- Closed
-
MDEV-27676 Assertion `str.alloced_length() >= str.length() + data_len' failed in spider_string::q_append
- Closed