Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Duplicate
-
10.6, 10.9(EOL), 10.10(EOL), 10.11, 11.0(EOL), 11.1(EOL), 11.2(EOL)
Description
SET sql_mode=''; |
CREATE TABLE t (a INT GENERATED ALWAYS AS (1) VIRTUAL,KEY(a)) ENGINE=MyISAM; |
INSERT INTO t SELECT * FROM seq_1_to_10; |
CREATE TABLE t1 (a CHAR(1),KEY(a)) ENGINE=InnoDB; |
INSERT INTO t1 VALUES (1); |
INSERT INTO t SELECT * FROM seq_1_to_10; |
Leads to
|
10.6.15 f7b8a2c953e21d7a1c8e7ef3b7107c13a1402967 (Debug) |
mariadbd: /test/10.6_dbg/storage/innobase/include/sux_lock.h:85: void sux_lock<ssux>::free() [with ssux = ssux_lock_impl<true>]: Assertion `r->empty()' failed.
|
|
10.6.15 f7b8a2c953e21d7a1c8e7ef3b7107c13a1402967 (Debug) |
Core was generated by `/test/MD050723-mariadb-10.6.15-linux-x86_64-dbg/bin/mariadbd --no-defaults --co'.
|
Program terminated with signal SIGABRT, Aborted.
|
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
|
[Current thread is 1 (Thread 0x153567da3940 (LWP 1233784))]
|
(gdb) bt
|
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
|
#1 0x0000153567f7c859 in __GI_abort () at abort.c:79
|
#2 0x0000153567f7c729 in __assert_fail_base (fmt=0x153568112588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x56502ba6d5d0 "r->empty()", file=0x56502ba5cd68 "/test/10.6_dbg/storage/innobase/include/sux_lock.h", line=85, function=<optimized out>) at assert.c:92
|
#3 0x0000153567f8dfd6 in __GI___assert_fail (assertion=assertion@entry=0x56502ba6d5d0 "r->empty()", file=file@entry=0x56502ba5cd68 "/test/10.6_dbg/storage/innobase/include/sux_lock.h", line=line@entry=85, function=function@entry=0x56502bac0318 "void sux_lock<ssux>::free() [with ssux = ssux_lock_impl<true>]") at assert.c:101
|
#4 0x000056502b52dd27 in sux_lock<ssux_lock_impl<true> >::free (this=0x1535517687e8) at /usr/include/c++/9/bits/hashtable.h:564
|
#5 buf_pool_t::close (this=<optimized out>) at /test/10.6_dbg/storage/innobase/buf/buf0buf.cc:1152
|
#6 0x000056502b4727ad in innodb_shutdown () at /test/10.6_dbg/storage/innobase/srv/srv0start.cc:2064
|
#7 0x000056502b268acc in innobase_end () at /test/10.6_dbg/storage/innobase/handler/ha_innodb.cc:4370
|
#8 0x000056502af4f70c in ha_finalize_handlerton (plugin=0x56502e517650) at /test/10.6_dbg/sql/handler.cc:595
|
#9 0x000056502ac9bacf in plugin_deinitialize (plugin=0x56502e517650, ref_check=ref_check@entry=true) at /test/10.6_dbg/sql/sql_plugin.cc:1269
|
#10 0x000056502ac9c3d5 in reap_plugins () at /test/10.6_dbg/sql/sql_plugin.cc:1345
|
#11 0x000056502ac9e747 in plugin_shutdown () at /test/10.6_dbg/sql/sql_plugin.cc:2053
|
#12 0x000056502ab9923e in clean_up (print_message=print_message@entry=true) at /test/10.6_dbg/sql/mysqld.cc:1971
|
#13 0x000056502aba4359 in mysqld_main (argc=<optimized out>, argv=<optimized out>) at /test/10.6_dbg/sql/mysqld.cc:5913
|
#14 0x000056502ab98b46 in main (argc=<optimized out>, argv=<optimized out>) at /test/10.6_dbg/sql/main.cc:34
|
Bug confirmed present in:
MariaDB: 10.6.15 (dbg), 10.9.8 (dbg), 10.10.6 (dbg), 10.11.4 (dbg), 11.0.2 (dbg), 11.1.2 (dbg)
Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.4.31 (dbg), 10.4.31 (opt), 10.5.22 (dbg), 10.5.22 (opt), 10.6.15 (opt), 10.9.8 (opt), 10.10.6 (opt), 10.11.4 (opt), 10.11.5 (dbg), 10.11.5 (opt), 11.0.2 (opt), 11.1.2 (opt), 11.2.0 (opt)
Attachments
Issue Links
- duplicates
-
-
- Closed
-
Activity
The test does reproduce something else for me. Maybe InnoDB had become a victim of some MyISAM induced memory corruption?
|
10.6 0d175968d1181a0308ce6caccc2e4fbc972ca6c6 |
==477807==ERROR: AddressSanitizer: heap-use-after-free on address 0x606000067b98 at pc 0x55db422ae949 bp 0x7f75f8024650 sp 0x7f75f8024648
|
READ of size 1 at 0x606000067b98 thread T10
|
#0 0x55db422ae948 in Field::set_notnull(long long) /mariadb/10.6/sql/field.h:1399
|
#1 0x55db422ae948 in save_field_in_field /mariadb/10.6/sql/item.cc:6665
|
#2 0x55db422aeacd in Item_field::save_in_field(Field*, bool) /mariadb/10.6/sql/item.cc:6725
|
#3 0x55db42740576 in fill_record(THD*, TABLE*, Field**, List<Item>&, bool, bool) /mariadb/10.6/sql/sql_base.cc:8961
|
#4 0x55db42740859 in fill_record_n_invoke_before_triggers(THD*, TABLE*, Field**, List<Item>&, bool, trg_event_type) /mariadb/10.6/sql/sql_base.cc:9016
|
#5 0x55db428a4750 in select_insert::store_values(List<Item>&) /mariadb/10.6/sql/sql_insert.cc:4167
|
#6 0x55db428a7fff in select_insert::send_data(List<Item>&) /mariadb/10.6/sql/sql_insert.cc:4099
|
#7 0x55db42a91eeb in select_result_sink::send_data_with_check(List<Item>&, st_select_lex_unit*, unsigned long long) /mariadb/10.6/sql/sql_class.h:5742
|
#8 0x55db42a249ef in end_send /mariadb/10.6/sql/sql_select.cc:22901
|
#9 0x55db429f0228 in evaluate_join_record /mariadb/10.6/sql/sql_select.cc:21895
|
#10 0x55db42a02c6e in sub_select(JOIN*, st_join_table*, bool) /mariadb/10.6/sql/sql_select.cc:21665
|
#11 0x55db42a41ceb in do_select /mariadb/10.6/sql/sql_select.cc:21195
|
#12 0x55db42a8df34 in JOIN::exec_inner() /mariadb/10.6/sql/sql_select.cc:4826
|
#13 0x55db42a8e1bb in JOIN::exec() /mariadb/10.6/sql/sql_select.cc:4604
|
#14 0x55db42a8a686 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /mariadb/10.6/sql/sql_select.cc:5083
|
#15 0x55db42a8af1c in handle_select(THD*, LEX*, select_result*, unsigned long) /mariadb/10.6/sql/sql_select.cc:559
|
#16 0x55db42949997 in mysql_execute_command(THD*, bool) /mariadb/10.6/sql/sql_parse.cc:4719
|
#17 0x55db42952e16 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /mariadb/10.6/sql/sql_parse.cc:8041
|
#18 0x55db42957329 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /mariadb/10.6/sql/sql_parse.cc:1896
|
#19 0x55db4295a4be in do_command(THD*, bool) /mariadb/10.6/sql/sql_parse.cc:1409
|
#20 0x55db42cfa2e9 in do_handle_one_connection(CONNECT*, bool) /mariadb/10.6/sql/sql_connect.cc:1416
|
#21 0x55db42cfa980 in handle_one_connection /mariadb/10.6/sql/sql_connect.cc:1318
|
#22 0x55db430d16ad in pfs_spawn_thread /mariadb/10.6/storage/perfschema/pfs.cc:2201
|
#23 0x7f760e0a63eb in start_thread nptl/pthread_create.c:444
|
#24 0x7f760e12693f in clone ../sysdeps/unix/sysv/linux/x86_64/clone.S:100
|
|
|
0x606000067b98 is located 24 bytes inside of 56-byte region [0x606000067b80,0x606000067bb8)
|
freed by thread T10 here:
|
#0 0x7f760eed7288 in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:52
|
#1 0x55db43a07e43 in my_free /mariadb/10.6/mysys/my_malloc.c:213
|
#2 0x55db43944b6a in mi_repair_by_sort /mariadb/10.6/storage/myisam/mi_check.c:2560
|
#3 0x55db43920de2 in ha_myisam::repair(THD*, st_handler_check_param&, bool) /mariadb/10.6/storage/myisam/ha_myisam.cc:1344
|
#4 0x55db439228d5 in ha_myisam::enable_indexes(unsigned int) /mariadb/10.6/storage/myisam/ha_myisam.cc:1683
|
#5 0x55db43922bf4 in ha_myisam::end_bulk_insert() /mariadb/10.6/storage/myisam/ha_myisam.cc:1878
|
#6 0x55db423aee08 in handler::ha_end_bulk_insert() /mariadb/10.6/sql/handler.cc:5076
|
#7 0x55db428b095f in select_insert::prepare_eof() /mariadb/10.6/sql/sql_insert.cc:4191
|
#8 0x55db428b1a90 in select_insert::send_eof() /mariadb/10.6/sql/sql_insert.cc:4298
|
#9 0x55db42a42070 in do_select /mariadb/10.6/sql/sql_select.cc:21250
|
#10 0x55db42a8df34 in JOIN::exec_inner() /mariadb/10.6/sql/sql_select.cc:4826
|
#11 0x55db42a8e1bb in JOIN::exec() /mariadb/10.6/sql/sql_select.cc:4604
|
#12 0x55db42a8a686 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /mariadb/10.6/sql/sql_select.cc:5083
|
#13 0x55db42a8af1c in handle_select(THD*, LEX*, select_result*, unsigned long) /mariadb/10.6/sql/sql_select.cc:559
|
#14 0x55db42949997 in mysql_execute_command(THD*, bool) /mariadb/10.6/sql/sql_parse.cc:4719
|
#15 0x55db42952e16 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /mariadb/10.6/sql/sql_parse.cc:8041
|
#16 0x55db42957329 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /mariadb/10.6/sql/sql_parse.cc:1896
|
#17 0x55db4295a4be in do_command(THD*, bool) /mariadb/10.6/sql/sql_parse.cc:1409
|
#18 0x55db42cfa2e9 in do_handle_one_connection(CONNECT*, bool) /mariadb/10.6/sql/sql_connect.cc:1416
|
#19 0x55db42cfa980 in handle_one_connection /mariadb/10.6/sql/sql_connect.cc:1318
|
#20 0x55db430d16ad in pfs_spawn_thread /mariadb/10.6/storage/perfschema/pfs.cc:2201
|
#21 0x7f760e0a63eb in start_thread nptl/pthread_create.c:444
|
#22 0x7f760e12693f in clone ../sysdeps/unix/sysv/linux/x86_64/clone.S:100
|
|
|
previously allocated by thread T10 here:
|
#0 0x7f760eed85bf in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69
|
#1 0x55db43a07b21 in my_malloc /mariadb/10.6/mysys/my_malloc.c:91
|
#2 0x55db43a07f77 in my_realloc /mariadb/10.6/mysys/my_malloc.c:143
|
#3 0x55db4396ca2a in mi_alloc_rec_buff /mariadb/10.6/storage/myisam/mi_open.c:763
|
#4 0x55db43942688 in mi_repair_by_sort /mariadb/10.6/storage/myisam/mi_check.c:2241
|
#5 0x55db43920de2 in ha_myisam::repair(THD*, st_handler_check_param&, bool) /mariadb/10.6/storage/myisam/ha_myisam.cc:1344
|
#6 0x55db439228d5 in ha_myisam::enable_indexes(unsigned int) /mariadb/10.6/storage/myisam/ha_myisam.cc:1683
|
#7 0x55db43922bf4 in ha_myisam::end_bulk_insert() /mariadb/10.6/storage/myisam/ha_myisam.cc:1878
|
#8 0x55db423aee08 in handler::ha_end_bulk_insert() /mariadb/10.6/sql/handler.cc:5076
|
#9 0x55db428b095f in select_insert::prepare_eof() /mariadb/10.6/sql/sql_insert.cc:4191
|
#10 0x55db428b1a90 in select_insert::send_eof() /mariadb/10.6/sql/sql_insert.cc:4298
|
#11 0x55db42a42070 in do_select /mariadb/10.6/sql/sql_select.cc:21250
|
#12 0x55db42a8df34 in JOIN::exec_inner() /mariadb/10.6/sql/sql_select.cc:4826
|
#13 0x55db42a8e1bb in JOIN::exec() /mariadb/10.6/sql/sql_select.cc:4604
|
#14 0x55db42a8a686 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /mariadb/10.6/sql/sql_select.cc:5083
|
#15 0x55db42a8af1c in handle_select(THD*, LEX*, select_result*, unsigned long) /mariadb/10.6/sql/sql_select.cc:559
|
#16 0x55db42949997 in mysql_execute_command(THD*, bool) /mariadb/10.6/sql/sql_parse.cc:4719
|
#17 0x55db42952e16 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /mariadb/10.6/sql/sql_parse.cc:8041
|
#18 0x55db42957329 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /mariadb/10.6/sql/sql_parse.cc:1896
|
#19 0x55db4295a4be in do_command(THD*, bool) /mariadb/10.6/sql/sql_parse.cc:1409
|
#20 0x55db42cfa2e9 in do_handle_one_connection(CONNECT*, bool) /mariadb/10.6/sql/sql_connect.cc:1416
|
#21 0x55db42cfa980 in handle_one_connection /mariadb/10.6/sql/sql_connect.cc:1318
|
#22 0x55db430d16ad in pfs_spawn_thread /mariadb/10.6/storage/perfschema/pfs.cc:2201
|
#23 0x7f760e0a63eb in start_thread nptl/pthread_create.c:444
|
#24 0x7f760e12693f in clone ../sysdeps/unix/sysv/linux/x86_64/clone.S:100
|
|
|
Thread T10 created by T0 here:
|
#0 0x7f760ee47c26 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:208
|
#1 0x55db430d1914 in my_thread_create /mariadb/10.6/storage/perfschema/my_thread.h:52
|
#2 0x55db430d1914 in pfs_spawn_thread_v1 /mariadb/10.6/storage/perfschema/pfs.cc:2252
|
I debugged this a little further:
|
10.6 d794d3484b2cbd069d68dc8d017a6f18e9a3090e |
Continuing.
|
|
|
Thread 12 hit Hardware watchpoint 4: -location to->null_ptr
|
|
|
Old value = (uchar *) 0x6190000dedc8 "\375\001"
|
New value = (uchar *) 0x606000067b98 "\375\001"
|
0x000055db4230c6ca in Field::move_field_offset (this=0x6190000dee38, ptr_diff=-1305670545968) at /mariadb/10.6/sql/field.h:1527
|
1527 }
|
(rr) backtrace
|
#0 0x000055db4230c6ca in Field::move_field_offset (this=0x6190000dee38, ptr_diff=-1305670545968) at /mariadb/10.6/sql/field.h:1527
|
#1 0x000055db42c2dd3d in TABLE::move_fields (this=this@entry=0x6190000de898, ptr=ptr@entry=0x6190000dede0, to=to@entry=0x606000067b98 "\375\001", from=<optimized out>) at /mariadb/10.6/sql/table.cc:8031
|
#2 0x000055db4391771b in compute_vcols (info=0x61f000033a98, record=0x606000067b98 "\375\001", keynum=0) at /mariadb/10.6/storage/myisam/ha_myisam.cc:717
|
#3 0x000055db4392d7f7 in sort_get_next_record (sort_param=sort_param@entry=0x7f75f6f0b250) at /mariadb/10.6/storage/myisam/mi_check.c:3672
|
#4 0x000055db43937803 in sort_key_read (sort_param=0x7f75f6f0b250, key=0x615000031970) at /mariadb/10.6/storage/myisam/mi_check.c:3135
|
#5 0x000055db439bdd8d in find_all_keys (info=info@entry=0x7f75f6f0b250, keys=keys@entry=11, sort_keys=sort_keys@entry=0x615000031918, buffpek=buffpek@entry=0x7f75f6c95850,
|
maxbuffer=maxbuffer@entry=0x7f75f6c95830, tempfile=tempfile@entry=0x7f75f6c958a0, tempfile_for_exceptions=0x7f75f6c95a50) at /mariadb/10.6/storage/myisam/sort.c:311
|
#6 0x000055db439c05cc in _create_index_by_sort (info=info@entry=0x7f75f6f0b250, no_messages=<optimized out>, sortbuff_size=<optimized out>) at /mariadb/10.6/storage/myisam/sort.c:227
|
#7 0x000055db439435b5 in mi_repair_by_sort (param=0x7f75f5c95838, info=0x61f000033a98, name=<optimized out>, rep_quick=<optimized out>) at /mariadb/10.6/storage/myisam/mi_check.c:2408
|
#8 0x000055db43920de3 in ha_myisam::repair (this=this@entry=0x61d0002a4eb8, thd=thd@entry=0x62b0000bd218,
|
param=<error reading variable: value of type `HA_CHECK' requires 134672 bytes, which is more than max-value-size>, do_optimize=do_optimize@entry=false) at /mariadb/10.6/storage/myisam/ha_myisam.cc:1344
|
#9 0x000055db439228d6 in ha_myisam::enable_indexes (this=this@entry=0x61d0002a4eb8, mode=mode@entry=2) at /mariadb/10.6/storage/myisam/ha_myisam.cc:1683
|
#10 0x000055db43922bf5 in ha_myisam::end_bulk_insert (this=0x61d0002a4eb8) at /mariadb/10.6/storage/myisam/ha_myisam.cc:1878
|
#11 0x000055db423aee09 in handler::ha_end_bulk_insert (this=0x61d0002a4eb8) at /mariadb/10.6/sql/handler.cc:5076
|
#12 0x000055db428b0960 in select_insert::prepare_eof (this=this@entry=0x62b0000c7360) at /mariadb/10.6/sql/sql_insert.cc:4191
|
#13 0x000055db428b1a91 in select_insert::send_eof (this=0x62b0000c7360) at /mariadb/10.6/sql/sql_insert.cc:4298
|
…
|
(rr) continue
|
Continuing.
|
|
|
Thread 12 hit Breakpoint 5, my_free (ptr=0x606000067bf8) at /mariadb/10.6/mysys/my_malloc.c:196
|
196 if (ptr == NULL)
|
(rr) backtrace
|
#0 my_free (ptr=0x606000067bf8) at /mariadb/10.6/mysys/my_malloc.c:196
|
#1 0x000055db43944ad1 in mi_repair_by_sort (param=0x7f75f5c95838, info=0x61f000033a98, name=<optimized out>, rep_quick=<optimized out>) at /mariadb/10.6/storage/myisam/mi_check.c:2559
|
#2 0x000055db43920de3 in ha_myisam::repair (this=this@entry=0x61d0002a4eb8, thd=thd@entry=0x62b0000bd218,
|
param=<error reading variable: value of type `HA_CHECK' requires 134672 bytes, which is more than max-value-size>, do_optimize=do_optimize@entry=false) at /mariadb/10.6/storage/myisam/ha_myisam.cc:1344
|
#3 0x000055db439228d6 in ha_myisam::enable_indexes (this=this@entry=0x61d0002a4eb8, mode=mode@entry=2) at /mariadb/10.6/storage/myisam/ha_myisam.cc:1683
|
…
|
Continuing.
|
|
|
Thread 12 hit Breakpoint 3, __asan::__asan_report_load1 (addr=105965433551768) at ../../../../src/libsanitizer/asan/asan_rtl.cpp:119
|
119 ../../../../src/libsanitizer/asan/asan_rtl.cpp: Tiedostoa tai hakemistoa ei ole.
|
(rr) bt
|
#0 __asan::__asan_report_load1 (addr=105965433551768) at ../../../../src/libsanitizer/asan/asan_rtl.cpp:119
|
#1 0x000055db422ae949 in Field::set_notnull (row_offset=0, this=<optimized out>) at /mariadb/10.6/sql/field.h:1399
|
#2 save_field_in_field (from=<optimized out>, null_value=<optimized out>, to=<optimized out>, no_conversions=<optimized out>) at /mariadb/10.6/sql/item.cc:6665
|
#3 0x000055db422aeace in Item_field::save_in_field (this=<optimized out>, to=<optimized out>, no_conversions=<optimized out>) at /mariadb/10.6/sql/item.cc:6725
|
#4 0x000055db42740577 in fill_record (thd=thd@entry=0x62b0000bd218, table=table@entry=0x6190000de898, ptr=0x6190000dede8, ptr@entry=0x6190000dede0,
|
values=@0x62b0000c4d30: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x62b0000c5060, last = 0x62b0000c5060, elements = 1}, <No data fields>}, ignore_errors=ignore_errors@entry=true,
|
use_value=use_value@entry=false) at /mariadb/10.6/sql/sql_base.cc:8961
|
#5 0x000055db4274085a in fill_record_n_invoke_before_triggers (thd=0x62b0000bd218, table=0x6190000de898, ptr=0x6190000dede0,
|
values=@0x62b0000c4d30: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x62b0000c5060, last = 0x62b0000c5060, elements = 1}, <No data fields>}, ignore_errors=ignore_errors@entry=true,
|
event=event@entry=TRG_EVENT_INSERT) at /mariadb/10.6/sql/sql_base.cc:9016
|
#6 0x000055db428a4751 in select_insert::store_values (this=0x62b0000c6108,
|
values=@0x62b0000c4d30: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x62b0000c5060, last = 0x62b0000c5060, elements = 1}, <No data fields>}) at /mariadb/10.6/sql/sql_insert.cc:4167
|
#7 0x000055db428a8000 in select_insert::send_data (this=0x62b0000c6108, values=<optimized out>) at /mariadb/10.6/sql/sql_insert.cc:4099
|
#8 0x000055db42a91eec in select_result_sink::send_data_with_check (this=<optimized out>,
|
items=@0x62b0000c4d30: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x62b0000c5060, last = 0x62b0000c5060, elements = 1}, <No data fields>}, u=<optimized out>, sent=<optimized out>)
|
at /mariadb/10.6/sql/sql_class.h:5742
|
#9 0x000055db42a249f0 in end_send (join=0x62b0000c61d0, join_tab=0x62b0000c7a30, end_of_records=false) at /mariadb/10.6/sql/sql_select.cc:22901
|
#10 0x000055db429f0229 in evaluate_join_record (join=join@entry=0x62b0000c61d0, join_tab=join_tab@entry=0x62b0000c7668, error=error@entry=0) at /mariadb/10.6/sql/sql_select.cc:21895
|
#11 0x000055db42a02c6f in sub_select (join=0x62b0000c61d0, join_tab=0x62b0000c7668, end_of_records=false) at /mariadb/10.6/sql/sql_select.cc:21665
|
#12 0x000055db42a41cec in do_select (join=join@entry=0x62b0000c61d0, procedure=<optimized out>) at /mariadb/10.6/sql/sql_select.cc:21195
|
#13 0x000055db42a8df35 in JOIN::exec_inner (this=this@entry=0x62b0000c61d0) at /mariadb/10.6/sql/sql_select.cc:4826
|
The Field::null_ptr that had been reassigned during virtual column evaluation had been freed and is being modified later, potentially causing memory corruption.
One more example of a crash caused by the memory corruption (non-ASAN build):
|
10.6 d794d3484b2cbd069d68dc8d017a6f18e9a3090e |
Thread 1 (Thread 0x7f48e0a83f00 (LWP 2041167)):
|
#0 __pthread_kill_implementation (threadid=<optimized out>, signo=11, no_tid=<optimized out>) at ./nptl/pthread_kill.c:44
|
#1 0x0000557ead8014f3 in handle_fatal_signal (sig=11) at /mariadb/10.6/sql/signal_handler.cc:360
|
#2 <signal handler called>
|
#3 l_find (head=0x7f4868200dd8, cs=0x0, hashnr=0, key=0x7ffcde10c348 "\b\241\023\260~U", keylen=0, pins=0x557eafd918a8, callback=0x557eadba3590 <tc_purge_callback(TDC_element*, I_P_List<TABLE, TABLE_share, I_P_List_null_counter, I_P_List_no_push_back<TABLE> >*)>, cursor=<optimized out>) at /mariadb/10.6/mysys/lf_hash.cc:114
|
#4 lf_hash_iterate (hash=<optimized out>, pins=0x557eafd918a8, action=0x557eadba3590 <tc_purge_callback(TDC_element*, I_P_List<TABLE, TABLE_share, I_P_List_null_counter, I_P_List_no_push_back<TABLE> >*)>, argument=0x7ffcde10c348) at /mariadb/10.6/mysys/lf_hash.cc:531
|
#5 0x0000557eadba33dd in tdc_iterate (thd=0x0, action=0x0, argument=0x7ffcde10c348, no_dups=false) at /mariadb/10.6/sql/table_cache.cc:1186
|
#6 tc_purge () at /mariadb/10.6/sql/table_cache.cc:315
|
#7 0x0000557ead8a789b in purge_tables () at /mariadb/10.6/sql/sql_base.cc:327
|
#8 0x0000557ead678dd1 in clean_up (print_message=true) at /mariadb/10.6/sql/mysqld.cc:1967
|
#9 0x0000557ead67b679 in mysqld_main (argc=<optimized out>, argv=<optimized out>) at /mariadb/10.6/sql/mysqld.cc:5913
|
#10 0x00007f48e00456ca in __libc_start_call_main (main=main@entry=0x557ead677f00 <main(int, char**)>, argc=argc@entry=24, argv=argv@entry=0x7ffcde10c5c8) at ../sysdeps/nptl/libc_start_call_main.h:58
|
#11 0x00007f48e0045785 in __libc_start_main_impl (main=0x557ead677f00 <main(int, char**)>, argc=24, argv=0x7ffcde10c5c8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffcde10c5b8) at ../csu/libc-start.c:360
|
#12 0x0000557ead677e31 in _start ()
|
I accidentally reproduced this as originally reported:
|
10.6 0d175968d1181a0308ce6caccc2e4fbc972ca6c6 |
main.m-MDEV-31782 'innodb' w9 [ fail ] Found warnings/errors in server log file!
|
Test ended at 2023-08-01 14:42:11
|
line
|
mariadbd: /mariadb/10.6/storage/innobase/include/sux_lock.h:85: void sux_lock<ssux_lock_impl<true>>::free() [ssux = ssux_lock_impl<true>]: Assertion `r->empty()' failed.
|
A significant effort was done by marko, so raising the priority for it not have been lost
I can’t reproduce this with the stated revision (from 2023-07-03), no with the currently latest 10.6 which is 28 commits and some 3 weeks newer:
--source include/have_innodb.inc--source include/have_sequence.inc--source include/restart_mysqld.inc./mtr main.name_of_testCan you please provide access to an rr replay trace of the failure?