Details
-
Bug
-
Status: Stalled (View Workflow)
-
Major
-
Resolution: Unresolved
-
11.3(EOL), 11.4
-
None
Description
Testing process and error messages is as follows.
build on Arm/X86:
$ cmake .. -DCMAKE_BUILD_TYPE=Debug -DCMAKE_C_FLAGS=-fno-omit-frame-pointer -DCMAKE_CXX_FLAGS=-fno-omit-frame-pointer -DWITH_ASAN=YES
|
$ cmake --build . --parallel 80 |
test:
$ ./mysql-test/mtr --parallel=80 --mem --force --max-test-fail=40 |
error:
=================================================================
|
==2585715==ERROR: AddressSanitizer: use-after-poison on address 0xffffad434ee0 at pc 0xaaaacaba47f8 bp 0xffffc870dc40 sp 0xffffc870dc60 |
READ of size 8 at 0xffffad434ee0 thread T0 |
#0 0xaaaacaba47f4 in multi_update::num_found() const /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_class.h:7349 |
#1 0xaaaacab961fc in MYSQL_DML_DONE /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_select.cc:33253 |
#2 0xaaaacab96ecc in Sql_cmd_dml::execute(THD*) /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_select.cc:33427 |
#3 0xaaaaca9a3224 in mysql_execute_command(THD*, bool) /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_parse.cc:4373 |
#4 0xaaaaca9bba00 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_parse.cc:7748 |
#5 0xaaaaca98c774 in bootstrap(st_mysql_file*) /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_parse.cc:1080 |
#6 0xaaaaca5b05d4 in mysqld_main(int, char**) /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/mysqld.cc:5926 |
#7 0xaaaaca595c04 in main /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/main.cc:34 |
#8 0xffffb4909e0c in __libc_start_main ../csu/libc-start.c:308 |
#9 0xaaaaca595b14 (/home/nxt/mariadb/unit-debug/11.4/mariadb-server/build-unit/sql/mariadbd+0x18c5b14) |
|
|
0xffffad434ee0 is located 11488 bytes inside of 16516-byte region [0xffffad432200,0xffffad436284) |
allocated by thread T0 here:
|
#0 0xffffb53e2540 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144 |
#1 0xaaaacc936044 in sf_malloc /home/nxt/mariadb/unit-debug/11.4/mariadb-server/mysys/safemalloc.c:126 |
#2 0xaaaacc8ff6a0 in my_malloc /home/nxt/mariadb/unit-debug/11.4/mariadb-server/mysys/my_malloc.c:93 |
#3 0xaaaacc8d4130 in root_alloc /home/nxt/mariadb/unit-debug/11.4/mariadb-server/mysys/my_alloc.c:71 |
#4 0xaaaacc8d5178 in reset_root_defaults /home/nxt/mariadb/unit-debug/11.4/mariadb-server/mysys/my_alloc.c:253 |
#5 0xaaaaca83dea4 in THD::init_for_queries() /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_class.cc:1390 |
#6 0xaaaaca98bd64 in bootstrap(st_mysql_file*) /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_parse.cc:1006 |
#7 0xaaaaca5b05d4 in mysqld_main(int, char**) /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/mysqld.cc:5926 |
#8 0xaaaaca595c04 in main /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/main.cc:34 |
#9 0xffffb4909e0c in __libc_start_main ../csu/libc-start.c:308 |
#10 0xaaaaca595b14 (/home/nxt/mariadb/unit-debug/11.4/mariadb-server/build-unit/sql/mariadbd+0x18c5b14) |
|
|
SUMMARY: AddressSanitizer: use-after-poison /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_class.h:7349 in multi_update::num_found() const |
Shadow bytes around the buggy address:
|
0x200ff5a86980: 00 f7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
0x200ff5a86990: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
0x200ff5a869a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
0x200ff5a869b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
0x200ff5a869c0: 00 00 00 00 00 00 00 00 f7 00 00 f7 f7 f7 f7 f7 |
=>0x200ff5a869d0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7[f7]f7 f7 f7 |
0x200ff5a869e0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 00 00 f7 00 00 |
0x200ff5a869f0: f7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
0x200ff5a86a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
0x200ff5a86a10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
0x200ff5a86a20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
Shadow byte legend (one shadow byte represents 8 application bytes): |
Addressable: 00 |
Partially addressable: 01 02 03 04 05 06 07 |
Heap left redzone: fa
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack after return: f5 |
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
Container overflow: fc
|
Array cookie: ac
|
Intra object redzone: bb
|
ASan internal: fe
|
Left alloca redzone: ca
|
Right alloca redzone: cb
|
Shadow gap: cc
|
==2585715==ABORTING |
231204 10:30:43 [ERROR] mysqld got signal 6 ; |
This could be because you hit a bug. It is also possible that this binary |
or one of the libraries it was linked against is corrupt, improperly built,
|
or misconfigured. This error can also be caused by malfunctioning hardware.
|
|
|
To report this bug, see https://mariadb.com/kb/en/reporting-bugs |
|
|
We will try our best to scrape up some info that will hopefully help |
diagnose the problem, but since we have already crashed,
|
something is definitely wrong and this may fail. |
|
|
Server version: 11.4.0-MariaDB-debug source revision: 6b2287fff23fbdc362499501c562f01d0d2db52e |
key_buffer_size=134217728 |
read_buffer_size=131072 |
max_used_connections=0 |
max_threads=153 |
thread_count=1 |
It is possible that mysqld could use up to
|
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 468203 K bytes of memory |
Hope that's ok; if not, decrease some variables in the equation. |
|
|
Thread pointer: 0xffff89b28288 |
Attempting backtrace. You can use the following information to find out
|
where mysqld died. If you see no messages after this, something went |
terribly wrong...
|
stack_bottom = 0xffffc870ed20 thread_stack 0x100000 |
sanitizer_common/sanitizer_common_interceptors.inc:4023(__interceptor_backtrace.part.0)[0xffffb535e010] |
mysys/stacktrace.c:215(my_print_stacktrace)[0xaaaacc9134dc] |
sql/signal_handler.cc:241(handle_fatal_signal)[0xaaaacb345db4] |
addr2line: 'linux-vdso.so.1': No such file |
linux-vdso.so.1(__kernel_rt_sigreturn+0x0)[0xffffb5e2b78c] |
addr2line: DWARF error: section .debug_info is larger than its filesize! (0x84c75e vs 0x4a4f78) |
/lib/aarch64-linux-gnu/libc.so.6(gsignal+0xe0)[0xffffb491cd78] |
/lib/aarch64-linux-gnu/libc.so.6(abort+0x114)[0xffffb4909aac] |
sanitizer_common/sanitizer_posix_libcdep.cc:149(__sanitizer::Abort())[0xffffb53fecf0] |
sanitizer_common/sanitizer_termination.cc:58(__sanitizer::Die())[0xffffb54094f0] |
asan/asan_report.cc:175(__asan::ScopedInErrorReport::~ScopedInErrorReport())[0xffffb53ebad4] |
asan/asan_report.cc:462(__asan::ReportGenericError(unsigned long, unsigned long, unsigned long, unsigned long, bool, unsigned long, unsigned int, bool))[0xffffb53eb528] |
asan/asan_rtl.cc:119(__asan_report_load8)[0xffffb53ec4a0] |
sql/sql_class.h:7349(multi_update::num_found() const)[0xaaaacaba47f8] |
sql/sql_select.cc:33253(MYSQL_DML_DONE(THD*, int))[0xaaaacab96200] |
sql/sql_select.cc:33429(Sql_cmd_dml::execute(THD*))[0xaaaacab96ed0] |
sql/sql_parse.cc:4373(mysql_execute_command(THD*, bool))[0xaaaaca9a3228] |
sql/sql_parse.cc:7748(mysql_parse(THD*, char*, unsigned int, Parser_state*))[0xaaaaca9bba04] |
sql/sql_parse.cc:1082(bootstrap(st_mysql_file*))[0xaaaaca98c778] |
sql/mysqld.cc:5926(mysqld_main(int, char**))[0xaaaaca5b05d8] |
sql/main.cc:34(main)[0xaaaaca595c08] |
addr2line: DWARF error: section .debug_info is larger than its filesize! (0x84c75e vs 0x4a4f78) |
/lib/aarch64-linux-gnu/libc.so.6(__libc_start_main+0xe8)[0xffffb4909e10] |
/home/nxt/mariadb/unit-debug/11.4/mariadb-server/build-unit/sql/mariadbd(+0x18c5b18)[0xaaaaca595b18] |
|
|
Trying to get some variables.
|
Some pointers may be invalid and cause the dump to abort.
|
Query (0xffffad4322a8): update help_topic set description = CONCAT(description, '\n| FORCE | Enables the plugin. If the plugin |\n| | cannot be initialized, then the |\n| | server will fail to start with an |\n| | error. |\n+---------------------------------------+------------------------------------+\n| FORCE_PLUS_PERMANENT | Enables the plugin. If the plugin |\n| | cannot be initialized, then the |\n| | server will fail to start with an |\n| | error. In addition, the plugin |\n| | cannot be uninstalled with |\n| | UNINSTALL SONAME or UNINSTALL |\n| | PLUGIN while the server is |\n| | running. |\n+---------------------------------------+------------------------------------+\n\nA plugin\'s status can be found by looking at the PLUGIN_STATUS column of the\ninformation_schema.PLUGINS table.\n\nUninstalling Plugins\n--------------------\n\nPlugins that are found in the mysql.plugin table, that is those that were\ninstalled with INSTALL SONAME, INSTALL PLUGIN or mariadb-plugin can be\nuninstalled in one of two ways:\n\n* The UNINSTALL SONAME or the UNINSTALL PLUGIN statement while the server is\nrunning\n* With mariadb-plugin while the server is offline.\n\nPlugins that were enabled as a --plugin-load option do not need to be\nuninstalled. If --plugin-load is omitted the next time the server starts, or\nthe plugin is not listed as one of the --plugin-load entries, the plugin will\nnot be loaded.\n\nUNINSTALL PLUGIN uninstalls a single installed plugin, while UNINSTALL SONAME\nuninstalls all plugins belonging to a given library.\n\nURL: https://mariadb.com/kb/en/plugin-overview/') WHERE help_topic_id = 79; |
|
|
Connection ID (thread ID): 1 |
Status: NOT_KILLED
|
|
|
Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on,not_null_range_scan=off,hash_join_cardinality=on,sargable_casefold=on |
|
|
The manual page at https://mariadb.com/kb/en/how-to-produce-a-full-stack-trace-for-mysqld/ contains |
information that should help you find out what is causing the crash.
|
Writing a core file...
|
Working directory at /dev/shm/var_auto_2cSs/install.db
|
Resource Limits:
|
Limit Soft Limit Hard Limit Units
|
Max cpu time unlimited unlimited seconds
|
Max file size unlimited unlimited bytes
|
Max data size unlimited unlimited bytes
|
Max stack size 8388608 unlimited bytes |
Max core file size 0 0 bytes |
Max resident set unlimited unlimited bytes
|
Max processes 507520 507520 processes |
Max open files 1024 1024 files |
Max locked memory unlimited unlimited bytes
|
Max address space unlimited unlimited bytes
|
Max file locks unlimited unlimited locks
|
Max pending signals 507520 507520 signals |
Max msgqueue size 819200 819200 bytes |
Max nice priority 0 0 |
Max realtime priority 0 0 |
Max realtime timeout unlimited unlimited us
|
Core pattern: /var/crash/core.%u.%e.%p
|
|
|
Kernel version: Linux version 5.17.0+ (gcc (Ubuntu 9.4.0-1ubuntu1~20.04.1) 9.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34) #9 SMP Wed Sep 20 22:45:49 CST 2023 |
Relevant code that caused the above exception:
- In sql_update.cc#L3102, delete result and did not set result=0.
- In sql_select.cc#L33256, get the above result pointer again and access the memory space that has been freed.
Attachments
Issue Links
- is caused by
-
MDEV-28883
Re-design the upper level of handling UPDATE and DELETE statements
-
- Closed
-
Activity
| Field | Original Value | New Value |
|---|---|---|
| Description |
Testing process and error messages is as follows.
build on Arm/X86: {code:java} $ cmake .. -DCMAKE_BUILD_TYPE=Debug -DCMAKE_C_FLAGS=-fno-omit-frame-pointer -DCMAKE_CXX_FLAGS=-fno-omit-frame-pointer -DWITH_ASAN=YES $ cmake --build . --parallel 80 {code} test: {code:java} $ ./mysql-test/mtr --parallel=80 --mem --force --max-test-fail=40 {code} error: {code:java} ================================================================= ==2585715==ERROR: AddressSanitizer: use-after-poison on address 0xffffad434ee0 at pc 0xaaaacaba47f8 bp 0xffffc870dc40 sp 0xffffc870dc60 READ of size 8 at 0xffffad434ee0 thread T0 #0 0xaaaacaba47f4 in multi_update::num_found() const /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_class.h:7349 #1 0xaaaacab961fc in MYSQL_DML_DONE /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_select.cc:33253 #2 0xaaaacab96ecc in Sql_cmd_dml::execute(THD*) /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_select.cc:33427 #3 0xaaaaca9a3224 in mysql_execute_command(THD*, bool) /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_parse.cc:4373 #4 0xaaaaca9bba00 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_parse.cc:7748 #5 0xaaaaca98c774 in bootstrap(st_mysql_file*) /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_parse.cc:1080 #6 0xaaaaca5b05d4 in mysqld_main(int, char**) /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/mysqld.cc:5926 #7 0xaaaaca595c04 in main /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/main.cc:34 #8 0xffffb4909e0c in __libc_start_main ../csu/libc-start.c:308 #9 0xaaaaca595b14 (/home/nxt/mariadb/unit-debug/11.4/mariadb-server/build-unit/sql/mariadbd+0x18c5b14) 0xffffad434ee0 is located 11488 bytes inside of 16516-byte region [0xffffad432200,0xffffad436284) allocated by thread T0 here: #0 0xffffb53e2540 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144 #1 0xaaaacc936044 in sf_malloc /home/nxt/mariadb/unit-debug/11.4/mariadb-server/mysys/safemalloc.c:126 #2 0xaaaacc8ff6a0 in my_malloc /home/nxt/mariadb/unit-debug/11.4/mariadb-server/mysys/my_malloc.c:93 #3 0xaaaacc8d4130 in root_alloc /home/nxt/mariadb/unit-debug/11.4/mariadb-server/mysys/my_alloc.c:71 #4 0xaaaacc8d5178 in reset_root_defaults /home/nxt/mariadb/unit-debug/11.4/mariadb-server/mysys/my_alloc.c:253 #5 0xaaaaca83dea4 in THD::init_for_queries() /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_class.cc:1390 #6 0xaaaaca98bd64 in bootstrap(st_mysql_file*) /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_parse.cc:1006 #7 0xaaaaca5b05d4 in mysqld_main(int, char**) /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/mysqld.cc:5926 #8 0xaaaaca595c04 in main /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/main.cc:34 #9 0xffffb4909e0c in __libc_start_main ../csu/libc-start.c:308 #10 0xaaaaca595b14 (/home/nxt/mariadb/unit-debug/11.4/mariadb-server/build-unit/sql/mariadbd+0x18c5b14) SUMMARY: AddressSanitizer: use-after-poison /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_class.h:7349 in multi_update::num_found() const Shadow bytes around the buggy address: 0x200ff5a86980: 00 f7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x200ff5a86990: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x200ff5a869a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x200ff5a869b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x200ff5a869c0: 00 00 00 00 00 00 00 00 f7 00 00 f7 f7 f7 f7 f7 =>0x200ff5a869d0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7[f7]f7 f7 f7 0x200ff5a869e0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 00 00 f7 00 00 0x200ff5a869f0: f7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x200ff5a86a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x200ff5a86a10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x200ff5a86a20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==2585715==ABORTING 231204 10:30:43 [ERROR] mysqld got signal 6 ; This could be because you hit a bug. It is also possible that this binary or one of the libraries it was linked against is corrupt, improperly built, or misconfigured. This error can also be caused by malfunctioning hardware. To report this bug, see https://mariadb.com/kb/en/reporting-bugs We will try our best to scrape up some info that will hopefully help diagnose the problem, but since we have already crashed, something is definitely wrong and this may fail. Server version: 11.4.0-MariaDB-debug source revision: 6b2287fff23fbdc362499501c562f01d0d2db52e key_buffer_size=134217728 read_buffer_size=131072 max_used_connections=0 max_threads=153 thread_count=1 It is possible that mysqld could use up to key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 468203 K bytes of memory Hope that's ok; if not, decrease some variables in the equation. Thread pointer: 0xffff89b28288 Attempting backtrace. You can use the following information to find out where mysqld died. If you see no messages after this, something went terribly wrong... stack_bottom = 0xffffc870ed20 thread_stack 0x100000 sanitizer_common/sanitizer_common_interceptors.inc:4023(__interceptor_backtrace.part.0)[0xffffb535e010] mysys/stacktrace.c:215(my_print_stacktrace)[0xaaaacc9134dc] sql/signal_handler.cc:241(handle_fatal_signal)[0xaaaacb345db4] addr2line: 'linux-vdso.so.1': No such file linux-vdso.so.1(__kernel_rt_sigreturn+0x0)[0xffffb5e2b78c] addr2line: DWARF error: section .debug_info is larger than its filesize! (0x84c75e vs 0x4a4f78) /lib/aarch64-linux-gnu/libc.so.6(gsignal+0xe0)[0xffffb491cd78] /lib/aarch64-linux-gnu/libc.so.6(abort+0x114)[0xffffb4909aac] sanitizer_common/sanitizer_posix_libcdep.cc:149(__sanitizer::Abort())[0xffffb53fecf0] sanitizer_common/sanitizer_termination.cc:58(__sanitizer::Die())[0xffffb54094f0] asan/asan_report.cc:175(__asan::ScopedInErrorReport::~ScopedInErrorReport())[0xffffb53ebad4] asan/asan_report.cc:462(__asan::ReportGenericError(unsigned long, unsigned long, unsigned long, unsigned long, bool, unsigned long, unsigned int, bool))[0xffffb53eb528] asan/asan_rtl.cc:119(__asan_report_load8)[0xffffb53ec4a0] sql/sql_class.h:7349(multi_update::num_found() const)[0xaaaacaba47f8] sql/sql_select.cc:33253(MYSQL_DML_DONE(THD*, int))[0xaaaacab96200] sql/sql_select.cc:33429(Sql_cmd_dml::execute(THD*))[0xaaaacab96ed0] sql/sql_parse.cc:4373(mysql_execute_command(THD*, bool))[0xaaaaca9a3228] sql/sql_parse.cc:7748(mysql_parse(THD*, char*, unsigned int, Parser_state*))[0xaaaaca9bba04] sql/sql_parse.cc:1082(bootstrap(st_mysql_file*))[0xaaaaca98c778] sql/mysqld.cc:5926(mysqld_main(int, char**))[0xaaaaca5b05d8] sql/main.cc:34(main)[0xaaaaca595c08] addr2line: DWARF error: section .debug_info is larger than its filesize! (0x84c75e vs 0x4a4f78) /lib/aarch64-linux-gnu/libc.so.6(__libc_start_main+0xe8)[0xffffb4909e10] /home/nxt/mariadb/unit-debug/11.4/mariadb-server/build-unit/sql/mariadbd(+0x18c5b18)[0xaaaaca595b18] Trying to get some variables. Some pointers may be invalid and cause the dump to abort. Query (0xffffad4322a8): update help_topic set description = CONCAT(description, '\n| FORCE | Enables the plugin. If the plugin |\n| | cannot be initialized, then the |\n| | server will fail to start with an |\n| | error. |\n+---------------------------------------+------------------------------------+\n| FORCE_PLUS_PERMANENT | Enables the plugin. If the plugin |\n| | cannot be initialized, then the |\n| | server will fail to start with an |\n| | error. In addition, the plugin |\n| | cannot be uninstalled with |\n| | UNINSTALL SONAME or UNINSTALL |\n| | PLUGIN while the server is |\n| | running. |\n+---------------------------------------+------------------------------------+\n\nA plugin\'s status can be found by looking at the PLUGIN_STATUS column of the\ninformation_schema.PLUGINS table.\n\nUninstalling Plugins\n--------------------\n\nPlugins that are found in the mysql.plugin table, that is those that were\ninstalled with INSTALL SONAME, INSTALL PLUGIN or mariadb-plugin can be\nuninstalled in one of two ways:\n\n* The UNINSTALL SONAME or the UNINSTALL PLUGIN statement while the server is\nrunning\n* With mariadb-plugin while the server is offline.\n\nPlugins that were enabled as a --plugin-load option do not need to be\nuninstalled. If --plugin-load is omitted the next time the server starts, or\nthe plugin is not listed as one of the --plugin-load entries, the plugin will\nnot be loaded.\n\nUNINSTALL PLUGIN uninstalls a single installed plugin, while UNINSTALL SONAME\nuninstalls all plugins belonging to a given library.\n\nURL: https://mariadb.com/kb/en/plugin-overview/') WHERE help_topic_id = 79; Connection ID (thread ID): 1 Status: NOT_KILLED Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on,not_null_range_scan=off,hash_join_cardinality=on,sargable_casefold=on The manual page at https://mariadb.com/kb/en/how-to-produce-a-full-stack-trace-for-mysqld/ contains information that should help you find out what is causing the crash. Writing a core file... Working directory at /dev/shm/var_auto_2cSs/install.db Resource Limits: Limit Soft Limit Hard Limit Units Max cpu time unlimited unlimited seconds Max file size unlimited unlimited bytes Max data size unlimited unlimited bytes Max stack size 8388608 unlimited bytes Max core file size 0 0 bytes Max resident set unlimited unlimited bytes Max processes 507520 507520 processes Max open files 1024 1024 files Max locked memory unlimited unlimited bytes Max address space unlimited unlimited bytes Max file locks unlimited unlimited locks Max pending signals 507520 507520 signals Max msgqueue size 819200 819200 bytes Max nice priority 0 0 Max realtime priority 0 0 Max realtime timeout unlimited unlimited us Core pattern: /var/crash/core.%u.%e.%p Kernel version: Linux version 5.17.0+ (root@wls-arm-amp02) (gcc (Ubuntu 9.4.0-1ubuntu1~20.04.1) 9.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34) #9 SMP Wed Sep 20 22:45:49 CST 2023 {code} h3. *Relevant code that caused the above exception:* * In [sql_update.cc#L3102|https://github.com/MariaDB/server/blob/6b2287fff23fbdc362499501c562f01d0d2db52e/sql/sql_update.cc#L3102], delete result and did not set delete=0. * In [sql_select.cc#L33256|https://github.com/MariaDB/server/blob/6b2287fff23fbdc362499501c562f01d0d2db52e/sql/sql_select.cc#L33256], get the result pointer again and access the memory space that has been freed. |
Testing process and error messages is as follows.
build on Arm/X86: {code:java} $ cmake .. -DCMAKE_BUILD_TYPE=Debug -DCMAKE_C_FLAGS=-fno-omit-frame-pointer -DCMAKE_CXX_FLAGS=-fno-omit-frame-pointer -DWITH_ASAN=YES $ cmake --build . --parallel 80 {code} test: {code:java} $ ./mysql-test/mtr --parallel=80 --mem --force --max-test-fail=40 {code} error: {code:java} ================================================================= ==2585715==ERROR: AddressSanitizer: use-after-poison on address 0xffffad434ee0 at pc 0xaaaacaba47f8 bp 0xffffc870dc40 sp 0xffffc870dc60 READ of size 8 at 0xffffad434ee0 thread T0 #0 0xaaaacaba47f4 in multi_update::num_found() const /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_class.h:7349 #1 0xaaaacab961fc in MYSQL_DML_DONE /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_select.cc:33253 #2 0xaaaacab96ecc in Sql_cmd_dml::execute(THD*) /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_select.cc:33427 #3 0xaaaaca9a3224 in mysql_execute_command(THD*, bool) /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_parse.cc:4373 #4 0xaaaaca9bba00 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_parse.cc:7748 #5 0xaaaaca98c774 in bootstrap(st_mysql_file*) /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_parse.cc:1080 #6 0xaaaaca5b05d4 in mysqld_main(int, char**) /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/mysqld.cc:5926 #7 0xaaaaca595c04 in main /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/main.cc:34 #8 0xffffb4909e0c in __libc_start_main ../csu/libc-start.c:308 #9 0xaaaaca595b14 (/home/nxt/mariadb/unit-debug/11.4/mariadb-server/build-unit/sql/mariadbd+0x18c5b14) 0xffffad434ee0 is located 11488 bytes inside of 16516-byte region [0xffffad432200,0xffffad436284) allocated by thread T0 here: #0 0xffffb53e2540 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144 #1 0xaaaacc936044 in sf_malloc /home/nxt/mariadb/unit-debug/11.4/mariadb-server/mysys/safemalloc.c:126 #2 0xaaaacc8ff6a0 in my_malloc /home/nxt/mariadb/unit-debug/11.4/mariadb-server/mysys/my_malloc.c:93 #3 0xaaaacc8d4130 in root_alloc /home/nxt/mariadb/unit-debug/11.4/mariadb-server/mysys/my_alloc.c:71 #4 0xaaaacc8d5178 in reset_root_defaults /home/nxt/mariadb/unit-debug/11.4/mariadb-server/mysys/my_alloc.c:253 #5 0xaaaaca83dea4 in THD::init_for_queries() /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_class.cc:1390 #6 0xaaaaca98bd64 in bootstrap(st_mysql_file*) /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_parse.cc:1006 #7 0xaaaaca5b05d4 in mysqld_main(int, char**) /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/mysqld.cc:5926 #8 0xaaaaca595c04 in main /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/main.cc:34 #9 0xffffb4909e0c in __libc_start_main ../csu/libc-start.c:308 #10 0xaaaaca595b14 (/home/nxt/mariadb/unit-debug/11.4/mariadb-server/build-unit/sql/mariadbd+0x18c5b14) SUMMARY: AddressSanitizer: use-after-poison /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_class.h:7349 in multi_update::num_found() const Shadow bytes around the buggy address: 0x200ff5a86980: 00 f7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x200ff5a86990: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x200ff5a869a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x200ff5a869b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x200ff5a869c0: 00 00 00 00 00 00 00 00 f7 00 00 f7 f7 f7 f7 f7 =>0x200ff5a869d0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7[f7]f7 f7 f7 0x200ff5a869e0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 00 00 f7 00 00 0x200ff5a869f0: f7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x200ff5a86a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x200ff5a86a10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x200ff5a86a20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==2585715==ABORTING 231204 10:30:43 [ERROR] mysqld got signal 6 ; This could be because you hit a bug. It is also possible that this binary or one of the libraries it was linked against is corrupt, improperly built, or misconfigured. This error can also be caused by malfunctioning hardware. To report this bug, see https://mariadb.com/kb/en/reporting-bugs We will try our best to scrape up some info that will hopefully help diagnose the problem, but since we have already crashed, something is definitely wrong and this may fail. Server version: 11.4.0-MariaDB-debug source revision: 6b2287fff23fbdc362499501c562f01d0d2db52e key_buffer_size=134217728 read_buffer_size=131072 max_used_connections=0 max_threads=153 thread_count=1 It is possible that mysqld could use up to key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 468203 K bytes of memory Hope that's ok; if not, decrease some variables in the equation. Thread pointer: 0xffff89b28288 Attempting backtrace. You can use the following information to find out where mysqld died. If you see no messages after this, something went terribly wrong... stack_bottom = 0xffffc870ed20 thread_stack 0x100000 sanitizer_common/sanitizer_common_interceptors.inc:4023(__interceptor_backtrace.part.0)[0xffffb535e010] mysys/stacktrace.c:215(my_print_stacktrace)[0xaaaacc9134dc] sql/signal_handler.cc:241(handle_fatal_signal)[0xaaaacb345db4] addr2line: 'linux-vdso.so.1': No such file linux-vdso.so.1(__kernel_rt_sigreturn+0x0)[0xffffb5e2b78c] addr2line: DWARF error: section .debug_info is larger than its filesize! (0x84c75e vs 0x4a4f78) /lib/aarch64-linux-gnu/libc.so.6(gsignal+0xe0)[0xffffb491cd78] /lib/aarch64-linux-gnu/libc.so.6(abort+0x114)[0xffffb4909aac] sanitizer_common/sanitizer_posix_libcdep.cc:149(__sanitizer::Abort())[0xffffb53fecf0] sanitizer_common/sanitizer_termination.cc:58(__sanitizer::Die())[0xffffb54094f0] asan/asan_report.cc:175(__asan::ScopedInErrorReport::~ScopedInErrorReport())[0xffffb53ebad4] asan/asan_report.cc:462(__asan::ReportGenericError(unsigned long, unsigned long, unsigned long, unsigned long, bool, unsigned long, unsigned int, bool))[0xffffb53eb528] asan/asan_rtl.cc:119(__asan_report_load8)[0xffffb53ec4a0] sql/sql_class.h:7349(multi_update::num_found() const)[0xaaaacaba47f8] sql/sql_select.cc:33253(MYSQL_DML_DONE(THD*, int))[0xaaaacab96200] sql/sql_select.cc:33429(Sql_cmd_dml::execute(THD*))[0xaaaacab96ed0] sql/sql_parse.cc:4373(mysql_execute_command(THD*, bool))[0xaaaaca9a3228] sql/sql_parse.cc:7748(mysql_parse(THD*, char*, unsigned int, Parser_state*))[0xaaaaca9bba04] sql/sql_parse.cc:1082(bootstrap(st_mysql_file*))[0xaaaaca98c778] sql/mysqld.cc:5926(mysqld_main(int, char**))[0xaaaaca5b05d8] sql/main.cc:34(main)[0xaaaaca595c08] addr2line: DWARF error: section .debug_info is larger than its filesize! (0x84c75e vs 0x4a4f78) /lib/aarch64-linux-gnu/libc.so.6(__libc_start_main+0xe8)[0xffffb4909e10] /home/nxt/mariadb/unit-debug/11.4/mariadb-server/build-unit/sql/mariadbd(+0x18c5b18)[0xaaaaca595b18] Trying to get some variables. Some pointers may be invalid and cause the dump to abort. Query (0xffffad4322a8): update help_topic set description = CONCAT(description, '\n| FORCE | Enables the plugin. If the plugin |\n| | cannot be initialized, then the |\n| | server will fail to start with an |\n| | error. |\n+---------------------------------------+------------------------------------+\n| FORCE_PLUS_PERMANENT | Enables the plugin. If the plugin |\n| | cannot be initialized, then the |\n| | server will fail to start with an |\n| | error. In addition, the plugin |\n| | cannot be uninstalled with |\n| | UNINSTALL SONAME or UNINSTALL |\n| | PLUGIN while the server is |\n| | running. |\n+---------------------------------------+------------------------------------+\n\nA plugin\'s status can be found by looking at the PLUGIN_STATUS column of the\ninformation_schema.PLUGINS table.\n\nUninstalling Plugins\n--------------------\n\nPlugins that are found in the mysql.plugin table, that is those that were\ninstalled with INSTALL SONAME, INSTALL PLUGIN or mariadb-plugin can be\nuninstalled in one of two ways:\n\n* The UNINSTALL SONAME or the UNINSTALL PLUGIN statement while the server is\nrunning\n* With mariadb-plugin while the server is offline.\n\nPlugins that were enabled as a --plugin-load option do not need to be\nuninstalled. If --plugin-load is omitted the next time the server starts, or\nthe plugin is not listed as one of the --plugin-load entries, the plugin will\nnot be loaded.\n\nUNINSTALL PLUGIN uninstalls a single installed plugin, while UNINSTALL SONAME\nuninstalls all plugins belonging to a given library.\n\nURL: https://mariadb.com/kb/en/plugin-overview/') WHERE help_topic_id = 79; Connection ID (thread ID): 1 Status: NOT_KILLED Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on,not_null_range_scan=off,hash_join_cardinality=on,sargable_casefold=on The manual page at https://mariadb.com/kb/en/how-to-produce-a-full-stack-trace-for-mysqld/ contains information that should help you find out what is causing the crash. Writing a core file... Working directory at /dev/shm/var_auto_2cSs/install.db Resource Limits: Limit Soft Limit Hard Limit Units Max cpu time unlimited unlimited seconds Max file size unlimited unlimited bytes Max data size unlimited unlimited bytes Max stack size 8388608 unlimited bytes Max core file size 0 0 bytes Max resident set unlimited unlimited bytes Max processes 507520 507520 processes Max open files 1024 1024 files Max locked memory unlimited unlimited bytes Max address space unlimited unlimited bytes Max file locks unlimited unlimited locks Max pending signals 507520 507520 signals Max msgqueue size 819200 819200 bytes Max nice priority 0 0 Max realtime priority 0 0 Max realtime timeout unlimited unlimited us Core pattern: /var/crash/core.%u.%e.%p Kernel version: Linux version 5.17.0+ (root@wls-arm-amp02) (gcc (Ubuntu 9.4.0-1ubuntu1~20.04.1) 9.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34) #9 SMP Wed Sep 20 22:45:49 CST 2023 {code} h3. *Relevant code that caused the above exception:* * In [sql_update.cc#L3102|https://github.com/MariaDB/server/blob/6b2287fff23fbdc362499501c562f01d0d2db52e/sql/sql_update.cc#L3102], delete result and did not set delete=0. * In [sql_select.cc#L33256|https://github.com/MariaDB/server/blob/6b2287fff23fbdc362499501c562f01d0d2db52e/sql/sql_select.cc#L33256], get the above result pointer again and access the memory space that has been freed. |
| Description |
Testing process and error messages is as follows.
build on Arm/X86: {code:java} $ cmake .. -DCMAKE_BUILD_TYPE=Debug -DCMAKE_C_FLAGS=-fno-omit-frame-pointer -DCMAKE_CXX_FLAGS=-fno-omit-frame-pointer -DWITH_ASAN=YES $ cmake --build . --parallel 80 {code} test: {code:java} $ ./mysql-test/mtr --parallel=80 --mem --force --max-test-fail=40 {code} error: {code:java} ================================================================= ==2585715==ERROR: AddressSanitizer: use-after-poison on address 0xffffad434ee0 at pc 0xaaaacaba47f8 bp 0xffffc870dc40 sp 0xffffc870dc60 READ of size 8 at 0xffffad434ee0 thread T0 #0 0xaaaacaba47f4 in multi_update::num_found() const /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_class.h:7349 #1 0xaaaacab961fc in MYSQL_DML_DONE /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_select.cc:33253 #2 0xaaaacab96ecc in Sql_cmd_dml::execute(THD*) /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_select.cc:33427 #3 0xaaaaca9a3224 in mysql_execute_command(THD*, bool) /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_parse.cc:4373 #4 0xaaaaca9bba00 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_parse.cc:7748 #5 0xaaaaca98c774 in bootstrap(st_mysql_file*) /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_parse.cc:1080 #6 0xaaaaca5b05d4 in mysqld_main(int, char**) /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/mysqld.cc:5926 #7 0xaaaaca595c04 in main /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/main.cc:34 #8 0xffffb4909e0c in __libc_start_main ../csu/libc-start.c:308 #9 0xaaaaca595b14 (/home/nxt/mariadb/unit-debug/11.4/mariadb-server/build-unit/sql/mariadbd+0x18c5b14) 0xffffad434ee0 is located 11488 bytes inside of 16516-byte region [0xffffad432200,0xffffad436284) allocated by thread T0 here: #0 0xffffb53e2540 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144 #1 0xaaaacc936044 in sf_malloc /home/nxt/mariadb/unit-debug/11.4/mariadb-server/mysys/safemalloc.c:126 #2 0xaaaacc8ff6a0 in my_malloc /home/nxt/mariadb/unit-debug/11.4/mariadb-server/mysys/my_malloc.c:93 #3 0xaaaacc8d4130 in root_alloc /home/nxt/mariadb/unit-debug/11.4/mariadb-server/mysys/my_alloc.c:71 #4 0xaaaacc8d5178 in reset_root_defaults /home/nxt/mariadb/unit-debug/11.4/mariadb-server/mysys/my_alloc.c:253 #5 0xaaaaca83dea4 in THD::init_for_queries() /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_class.cc:1390 #6 0xaaaaca98bd64 in bootstrap(st_mysql_file*) /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_parse.cc:1006 #7 0xaaaaca5b05d4 in mysqld_main(int, char**) /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/mysqld.cc:5926 #8 0xaaaaca595c04 in main /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/main.cc:34 #9 0xffffb4909e0c in __libc_start_main ../csu/libc-start.c:308 #10 0xaaaaca595b14 (/home/nxt/mariadb/unit-debug/11.4/mariadb-server/build-unit/sql/mariadbd+0x18c5b14) SUMMARY: AddressSanitizer: use-after-poison /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_class.h:7349 in multi_update::num_found() const Shadow bytes around the buggy address: 0x200ff5a86980: 00 f7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x200ff5a86990: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x200ff5a869a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x200ff5a869b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x200ff5a869c0: 00 00 00 00 00 00 00 00 f7 00 00 f7 f7 f7 f7 f7 =>0x200ff5a869d0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7[f7]f7 f7 f7 0x200ff5a869e0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 00 00 f7 00 00 0x200ff5a869f0: f7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x200ff5a86a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x200ff5a86a10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x200ff5a86a20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==2585715==ABORTING 231204 10:30:43 [ERROR] mysqld got signal 6 ; This could be because you hit a bug. It is also possible that this binary or one of the libraries it was linked against is corrupt, improperly built, or misconfigured. This error can also be caused by malfunctioning hardware. To report this bug, see https://mariadb.com/kb/en/reporting-bugs We will try our best to scrape up some info that will hopefully help diagnose the problem, but since we have already crashed, something is definitely wrong and this may fail. Server version: 11.4.0-MariaDB-debug source revision: 6b2287fff23fbdc362499501c562f01d0d2db52e key_buffer_size=134217728 read_buffer_size=131072 max_used_connections=0 max_threads=153 thread_count=1 It is possible that mysqld could use up to key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 468203 K bytes of memory Hope that's ok; if not, decrease some variables in the equation. Thread pointer: 0xffff89b28288 Attempting backtrace. You can use the following information to find out where mysqld died. If you see no messages after this, something went terribly wrong... stack_bottom = 0xffffc870ed20 thread_stack 0x100000 sanitizer_common/sanitizer_common_interceptors.inc:4023(__interceptor_backtrace.part.0)[0xffffb535e010] mysys/stacktrace.c:215(my_print_stacktrace)[0xaaaacc9134dc] sql/signal_handler.cc:241(handle_fatal_signal)[0xaaaacb345db4] addr2line: 'linux-vdso.so.1': No such file linux-vdso.so.1(__kernel_rt_sigreturn+0x0)[0xffffb5e2b78c] addr2line: DWARF error: section .debug_info is larger than its filesize! (0x84c75e vs 0x4a4f78) /lib/aarch64-linux-gnu/libc.so.6(gsignal+0xe0)[0xffffb491cd78] /lib/aarch64-linux-gnu/libc.so.6(abort+0x114)[0xffffb4909aac] sanitizer_common/sanitizer_posix_libcdep.cc:149(__sanitizer::Abort())[0xffffb53fecf0] sanitizer_common/sanitizer_termination.cc:58(__sanitizer::Die())[0xffffb54094f0] asan/asan_report.cc:175(__asan::ScopedInErrorReport::~ScopedInErrorReport())[0xffffb53ebad4] asan/asan_report.cc:462(__asan::ReportGenericError(unsigned long, unsigned long, unsigned long, unsigned long, bool, unsigned long, unsigned int, bool))[0xffffb53eb528] asan/asan_rtl.cc:119(__asan_report_load8)[0xffffb53ec4a0] sql/sql_class.h:7349(multi_update::num_found() const)[0xaaaacaba47f8] sql/sql_select.cc:33253(MYSQL_DML_DONE(THD*, int))[0xaaaacab96200] sql/sql_select.cc:33429(Sql_cmd_dml::execute(THD*))[0xaaaacab96ed0] sql/sql_parse.cc:4373(mysql_execute_command(THD*, bool))[0xaaaaca9a3228] sql/sql_parse.cc:7748(mysql_parse(THD*, char*, unsigned int, Parser_state*))[0xaaaaca9bba04] sql/sql_parse.cc:1082(bootstrap(st_mysql_file*))[0xaaaaca98c778] sql/mysqld.cc:5926(mysqld_main(int, char**))[0xaaaaca5b05d8] sql/main.cc:34(main)[0xaaaaca595c08] addr2line: DWARF error: section .debug_info is larger than its filesize! (0x84c75e vs 0x4a4f78) /lib/aarch64-linux-gnu/libc.so.6(__libc_start_main+0xe8)[0xffffb4909e10] /home/nxt/mariadb/unit-debug/11.4/mariadb-server/build-unit/sql/mariadbd(+0x18c5b18)[0xaaaaca595b18] Trying to get some variables. Some pointers may be invalid and cause the dump to abort. Query (0xffffad4322a8): update help_topic set description = CONCAT(description, '\n| FORCE | Enables the plugin. If the plugin |\n| | cannot be initialized, then the |\n| | server will fail to start with an |\n| | error. |\n+---------------------------------------+------------------------------------+\n| FORCE_PLUS_PERMANENT | Enables the plugin. If the plugin |\n| | cannot be initialized, then the |\n| | server will fail to start with an |\n| | error. In addition, the plugin |\n| | cannot be uninstalled with |\n| | UNINSTALL SONAME or UNINSTALL |\n| | PLUGIN while the server is |\n| | running. |\n+---------------------------------------+------------------------------------+\n\nA plugin\'s status can be found by looking at the PLUGIN_STATUS column of the\ninformation_schema.PLUGINS table.\n\nUninstalling Plugins\n--------------------\n\nPlugins that are found in the mysql.plugin table, that is those that were\ninstalled with INSTALL SONAME, INSTALL PLUGIN or mariadb-plugin can be\nuninstalled in one of two ways:\n\n* The UNINSTALL SONAME or the UNINSTALL PLUGIN statement while the server is\nrunning\n* With mariadb-plugin while the server is offline.\n\nPlugins that were enabled as a --plugin-load option do not need to be\nuninstalled. If --plugin-load is omitted the next time the server starts, or\nthe plugin is not listed as one of the --plugin-load entries, the plugin will\nnot be loaded.\n\nUNINSTALL PLUGIN uninstalls a single installed plugin, while UNINSTALL SONAME\nuninstalls all plugins belonging to a given library.\n\nURL: https://mariadb.com/kb/en/plugin-overview/') WHERE help_topic_id = 79; Connection ID (thread ID): 1 Status: NOT_KILLED Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on,not_null_range_scan=off,hash_join_cardinality=on,sargable_casefold=on The manual page at https://mariadb.com/kb/en/how-to-produce-a-full-stack-trace-for-mysqld/ contains information that should help you find out what is causing the crash. Writing a core file... Working directory at /dev/shm/var_auto_2cSs/install.db Resource Limits: Limit Soft Limit Hard Limit Units Max cpu time unlimited unlimited seconds Max file size unlimited unlimited bytes Max data size unlimited unlimited bytes Max stack size 8388608 unlimited bytes Max core file size 0 0 bytes Max resident set unlimited unlimited bytes Max processes 507520 507520 processes Max open files 1024 1024 files Max locked memory unlimited unlimited bytes Max address space unlimited unlimited bytes Max file locks unlimited unlimited locks Max pending signals 507520 507520 signals Max msgqueue size 819200 819200 bytes Max nice priority 0 0 Max realtime priority 0 0 Max realtime timeout unlimited unlimited us Core pattern: /var/crash/core.%u.%e.%p Kernel version: Linux version 5.17.0+ (root@wls-arm-amp02) (gcc (Ubuntu 9.4.0-1ubuntu1~20.04.1) 9.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34) #9 SMP Wed Sep 20 22:45:49 CST 2023 {code} h3. *Relevant code that caused the above exception:* * In [sql_update.cc#L3102|https://github.com/MariaDB/server/blob/6b2287fff23fbdc362499501c562f01d0d2db52e/sql/sql_update.cc#L3102], delete result and did not set delete=0. * In [sql_select.cc#L33256|https://github.com/MariaDB/server/blob/6b2287fff23fbdc362499501c562f01d0d2db52e/sql/sql_select.cc#L33256], get the above result pointer again and access the memory space that has been freed. |
Testing process and error messages is as follows.
build on Arm/X86: {code:java} $ cmake .. -DCMAKE_BUILD_TYPE=Debug -DCMAKE_C_FLAGS=-fno-omit-frame-pointer -DCMAKE_CXX_FLAGS=-fno-omit-frame-pointer -DWITH_ASAN=YES $ cmake --build . --parallel 80 {code} test: {code:java} $ ./mysql-test/mtr --parallel=80 --mem --force --max-test-fail=40 {code} error: {code:java} ================================================================= ==2585715==ERROR: AddressSanitizer: use-after-poison on address 0xffffad434ee0 at pc 0xaaaacaba47f8 bp 0xffffc870dc40 sp 0xffffc870dc60 READ of size 8 at 0xffffad434ee0 thread T0 #0 0xaaaacaba47f4 in multi_update::num_found() const /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_class.h:7349 #1 0xaaaacab961fc in MYSQL_DML_DONE /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_select.cc:33253 #2 0xaaaacab96ecc in Sql_cmd_dml::execute(THD*) /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_select.cc:33427 #3 0xaaaaca9a3224 in mysql_execute_command(THD*, bool) /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_parse.cc:4373 #4 0xaaaaca9bba00 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_parse.cc:7748 #5 0xaaaaca98c774 in bootstrap(st_mysql_file*) /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_parse.cc:1080 #6 0xaaaaca5b05d4 in mysqld_main(int, char**) /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/mysqld.cc:5926 #7 0xaaaaca595c04 in main /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/main.cc:34 #8 0xffffb4909e0c in __libc_start_main ../csu/libc-start.c:308 #9 0xaaaaca595b14 (/home/nxt/mariadb/unit-debug/11.4/mariadb-server/build-unit/sql/mariadbd+0x18c5b14) 0xffffad434ee0 is located 11488 bytes inside of 16516-byte region [0xffffad432200,0xffffad436284) allocated by thread T0 here: #0 0xffffb53e2540 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144 #1 0xaaaacc936044 in sf_malloc /home/nxt/mariadb/unit-debug/11.4/mariadb-server/mysys/safemalloc.c:126 #2 0xaaaacc8ff6a0 in my_malloc /home/nxt/mariadb/unit-debug/11.4/mariadb-server/mysys/my_malloc.c:93 #3 0xaaaacc8d4130 in root_alloc /home/nxt/mariadb/unit-debug/11.4/mariadb-server/mysys/my_alloc.c:71 #4 0xaaaacc8d5178 in reset_root_defaults /home/nxt/mariadb/unit-debug/11.4/mariadb-server/mysys/my_alloc.c:253 #5 0xaaaaca83dea4 in THD::init_for_queries() /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_class.cc:1390 #6 0xaaaaca98bd64 in bootstrap(st_mysql_file*) /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_parse.cc:1006 #7 0xaaaaca5b05d4 in mysqld_main(int, char**) /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/mysqld.cc:5926 #8 0xaaaaca595c04 in main /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/main.cc:34 #9 0xffffb4909e0c in __libc_start_main ../csu/libc-start.c:308 #10 0xaaaaca595b14 (/home/nxt/mariadb/unit-debug/11.4/mariadb-server/build-unit/sql/mariadbd+0x18c5b14) SUMMARY: AddressSanitizer: use-after-poison /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_class.h:7349 in multi_update::num_found() const Shadow bytes around the buggy address: 0x200ff5a86980: 00 f7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x200ff5a86990: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x200ff5a869a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x200ff5a869b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x200ff5a869c0: 00 00 00 00 00 00 00 00 f7 00 00 f7 f7 f7 f7 f7 =>0x200ff5a869d0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7[f7]f7 f7 f7 0x200ff5a869e0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 00 00 f7 00 00 0x200ff5a869f0: f7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x200ff5a86a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x200ff5a86a10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x200ff5a86a20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==2585715==ABORTING 231204 10:30:43 [ERROR] mysqld got signal 6 ; This could be because you hit a bug. It is also possible that this binary or one of the libraries it was linked against is corrupt, improperly built, or misconfigured. This error can also be caused by malfunctioning hardware. To report this bug, see https://mariadb.com/kb/en/reporting-bugs We will try our best to scrape up some info that will hopefully help diagnose the problem, but since we have already crashed, something is definitely wrong and this may fail. Server version: 11.4.0-MariaDB-debug source revision: 6b2287fff23fbdc362499501c562f01d0d2db52e key_buffer_size=134217728 read_buffer_size=131072 max_used_connections=0 max_threads=153 thread_count=1 It is possible that mysqld could use up to key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 468203 K bytes of memory Hope that's ok; if not, decrease some variables in the equation. Thread pointer: 0xffff89b28288 Attempting backtrace. You can use the following information to find out where mysqld died. If you see no messages after this, something went terribly wrong... stack_bottom = 0xffffc870ed20 thread_stack 0x100000 sanitizer_common/sanitizer_common_interceptors.inc:4023(__interceptor_backtrace.part.0)[0xffffb535e010] mysys/stacktrace.c:215(my_print_stacktrace)[0xaaaacc9134dc] sql/signal_handler.cc:241(handle_fatal_signal)[0xaaaacb345db4] addr2line: 'linux-vdso.so.1': No such file linux-vdso.so.1(__kernel_rt_sigreturn+0x0)[0xffffb5e2b78c] addr2line: DWARF error: section .debug_info is larger than its filesize! (0x84c75e vs 0x4a4f78) /lib/aarch64-linux-gnu/libc.so.6(gsignal+0xe0)[0xffffb491cd78] /lib/aarch64-linux-gnu/libc.so.6(abort+0x114)[0xffffb4909aac] sanitizer_common/sanitizer_posix_libcdep.cc:149(__sanitizer::Abort())[0xffffb53fecf0] sanitizer_common/sanitizer_termination.cc:58(__sanitizer::Die())[0xffffb54094f0] asan/asan_report.cc:175(__asan::ScopedInErrorReport::~ScopedInErrorReport())[0xffffb53ebad4] asan/asan_report.cc:462(__asan::ReportGenericError(unsigned long, unsigned long, unsigned long, unsigned long, bool, unsigned long, unsigned int, bool))[0xffffb53eb528] asan/asan_rtl.cc:119(__asan_report_load8)[0xffffb53ec4a0] sql/sql_class.h:7349(multi_update::num_found() const)[0xaaaacaba47f8] sql/sql_select.cc:33253(MYSQL_DML_DONE(THD*, int))[0xaaaacab96200] sql/sql_select.cc:33429(Sql_cmd_dml::execute(THD*))[0xaaaacab96ed0] sql/sql_parse.cc:4373(mysql_execute_command(THD*, bool))[0xaaaaca9a3228] sql/sql_parse.cc:7748(mysql_parse(THD*, char*, unsigned int, Parser_state*))[0xaaaaca9bba04] sql/sql_parse.cc:1082(bootstrap(st_mysql_file*))[0xaaaaca98c778] sql/mysqld.cc:5926(mysqld_main(int, char**))[0xaaaaca5b05d8] sql/main.cc:34(main)[0xaaaaca595c08] addr2line: DWARF error: section .debug_info is larger than its filesize! (0x84c75e vs 0x4a4f78) /lib/aarch64-linux-gnu/libc.so.6(__libc_start_main+0xe8)[0xffffb4909e10] /home/nxt/mariadb/unit-debug/11.4/mariadb-server/build-unit/sql/mariadbd(+0x18c5b18)[0xaaaaca595b18] Trying to get some variables. Some pointers may be invalid and cause the dump to abort. Query (0xffffad4322a8): update help_topic set description = CONCAT(description, '\n| FORCE | Enables the plugin. If the plugin |\n| | cannot be initialized, then the |\n| | server will fail to start with an |\n| | error. |\n+---------------------------------------+------------------------------------+\n| FORCE_PLUS_PERMANENT | Enables the plugin. If the plugin |\n| | cannot be initialized, then the |\n| | server will fail to start with an |\n| | error. In addition, the plugin |\n| | cannot be uninstalled with |\n| | UNINSTALL SONAME or UNINSTALL |\n| | PLUGIN while the server is |\n| | running. |\n+---------------------------------------+------------------------------------+\n\nA plugin\'s status can be found by looking at the PLUGIN_STATUS column of the\ninformation_schema.PLUGINS table.\n\nUninstalling Plugins\n--------------------\n\nPlugins that are found in the mysql.plugin table, that is those that were\ninstalled with INSTALL SONAME, INSTALL PLUGIN or mariadb-plugin can be\nuninstalled in one of two ways:\n\n* The UNINSTALL SONAME or the UNINSTALL PLUGIN statement while the server is\nrunning\n* With mariadb-plugin while the server is offline.\n\nPlugins that were enabled as a --plugin-load option do not need to be\nuninstalled. If --plugin-load is omitted the next time the server starts, or\nthe plugin is not listed as one of the --plugin-load entries, the plugin will\nnot be loaded.\n\nUNINSTALL PLUGIN uninstalls a single installed plugin, while UNINSTALL SONAME\nuninstalls all plugins belonging to a given library.\n\nURL: https://mariadb.com/kb/en/plugin-overview/') WHERE help_topic_id = 79; Connection ID (thread ID): 1 Status: NOT_KILLED Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on,not_null_range_scan=off,hash_join_cardinality=on,sargable_casefold=on The manual page at https://mariadb.com/kb/en/how-to-produce-a-full-stack-trace-for-mysqld/ contains information that should help you find out what is causing the crash. Writing a core file... Working directory at /dev/shm/var_auto_2cSs/install.db Resource Limits: Limit Soft Limit Hard Limit Units Max cpu time unlimited unlimited seconds Max file size unlimited unlimited bytes Max data size unlimited unlimited bytes Max stack size 8388608 unlimited bytes Max core file size 0 0 bytes Max resident set unlimited unlimited bytes Max processes 507520 507520 processes Max open files 1024 1024 files Max locked memory unlimited unlimited bytes Max address space unlimited unlimited bytes Max file locks unlimited unlimited locks Max pending signals 507520 507520 signals Max msgqueue size 819200 819200 bytes Max nice priority 0 0 Max realtime priority 0 0 Max realtime timeout unlimited unlimited us Core pattern: /var/crash/core.%u.%e.%p Kernel version: Linux version 5.17.0+ (gcc (Ubuntu 9.4.0-1ubuntu1~20.04.1) 9.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34) #9 SMP Wed Sep 20 22:45:49 CST 2023 {code} h3. *Relevant code that caused the above exception:* * In [sql_update.cc#L3102|https://github.com/MariaDB/server/blob/6b2287fff23fbdc362499501c562f01d0d2db52e/sql/sql_update.cc#L3102], delete result and did not set delete=0. * In [sql_select.cc#L33256|https://github.com/MariaDB/server/blob/6b2287fff23fbdc362499501c562f01d0d2db52e/sql/sql_select.cc#L33256], get the above result pointer again and access the memory space that has been freed. |
| Description |
Testing process and error messages is as follows.
build on Arm/X86: {code:java} $ cmake .. -DCMAKE_BUILD_TYPE=Debug -DCMAKE_C_FLAGS=-fno-omit-frame-pointer -DCMAKE_CXX_FLAGS=-fno-omit-frame-pointer -DWITH_ASAN=YES $ cmake --build . --parallel 80 {code} test: {code:java} $ ./mysql-test/mtr --parallel=80 --mem --force --max-test-fail=40 {code} error: {code:java} ================================================================= ==2585715==ERROR: AddressSanitizer: use-after-poison on address 0xffffad434ee0 at pc 0xaaaacaba47f8 bp 0xffffc870dc40 sp 0xffffc870dc60 READ of size 8 at 0xffffad434ee0 thread T0 #0 0xaaaacaba47f4 in multi_update::num_found() const /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_class.h:7349 #1 0xaaaacab961fc in MYSQL_DML_DONE /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_select.cc:33253 #2 0xaaaacab96ecc in Sql_cmd_dml::execute(THD*) /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_select.cc:33427 #3 0xaaaaca9a3224 in mysql_execute_command(THD*, bool) /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_parse.cc:4373 #4 0xaaaaca9bba00 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_parse.cc:7748 #5 0xaaaaca98c774 in bootstrap(st_mysql_file*) /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_parse.cc:1080 #6 0xaaaaca5b05d4 in mysqld_main(int, char**) /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/mysqld.cc:5926 #7 0xaaaaca595c04 in main /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/main.cc:34 #8 0xffffb4909e0c in __libc_start_main ../csu/libc-start.c:308 #9 0xaaaaca595b14 (/home/nxt/mariadb/unit-debug/11.4/mariadb-server/build-unit/sql/mariadbd+0x18c5b14) 0xffffad434ee0 is located 11488 bytes inside of 16516-byte region [0xffffad432200,0xffffad436284) allocated by thread T0 here: #0 0xffffb53e2540 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144 #1 0xaaaacc936044 in sf_malloc /home/nxt/mariadb/unit-debug/11.4/mariadb-server/mysys/safemalloc.c:126 #2 0xaaaacc8ff6a0 in my_malloc /home/nxt/mariadb/unit-debug/11.4/mariadb-server/mysys/my_malloc.c:93 #3 0xaaaacc8d4130 in root_alloc /home/nxt/mariadb/unit-debug/11.4/mariadb-server/mysys/my_alloc.c:71 #4 0xaaaacc8d5178 in reset_root_defaults /home/nxt/mariadb/unit-debug/11.4/mariadb-server/mysys/my_alloc.c:253 #5 0xaaaaca83dea4 in THD::init_for_queries() /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_class.cc:1390 #6 0xaaaaca98bd64 in bootstrap(st_mysql_file*) /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_parse.cc:1006 #7 0xaaaaca5b05d4 in mysqld_main(int, char**) /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/mysqld.cc:5926 #8 0xaaaaca595c04 in main /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/main.cc:34 #9 0xffffb4909e0c in __libc_start_main ../csu/libc-start.c:308 #10 0xaaaaca595b14 (/home/nxt/mariadb/unit-debug/11.4/mariadb-server/build-unit/sql/mariadbd+0x18c5b14) SUMMARY: AddressSanitizer: use-after-poison /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_class.h:7349 in multi_update::num_found() const Shadow bytes around the buggy address: 0x200ff5a86980: 00 f7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x200ff5a86990: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x200ff5a869a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x200ff5a869b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x200ff5a869c0: 00 00 00 00 00 00 00 00 f7 00 00 f7 f7 f7 f7 f7 =>0x200ff5a869d0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7[f7]f7 f7 f7 0x200ff5a869e0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 00 00 f7 00 00 0x200ff5a869f0: f7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x200ff5a86a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x200ff5a86a10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x200ff5a86a20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==2585715==ABORTING 231204 10:30:43 [ERROR] mysqld got signal 6 ; This could be because you hit a bug. It is also possible that this binary or one of the libraries it was linked against is corrupt, improperly built, or misconfigured. This error can also be caused by malfunctioning hardware. To report this bug, see https://mariadb.com/kb/en/reporting-bugs We will try our best to scrape up some info that will hopefully help diagnose the problem, but since we have already crashed, something is definitely wrong and this may fail. Server version: 11.4.0-MariaDB-debug source revision: 6b2287fff23fbdc362499501c562f01d0d2db52e key_buffer_size=134217728 read_buffer_size=131072 max_used_connections=0 max_threads=153 thread_count=1 It is possible that mysqld could use up to key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 468203 K bytes of memory Hope that's ok; if not, decrease some variables in the equation. Thread pointer: 0xffff89b28288 Attempting backtrace. You can use the following information to find out where mysqld died. If you see no messages after this, something went terribly wrong... stack_bottom = 0xffffc870ed20 thread_stack 0x100000 sanitizer_common/sanitizer_common_interceptors.inc:4023(__interceptor_backtrace.part.0)[0xffffb535e010] mysys/stacktrace.c:215(my_print_stacktrace)[0xaaaacc9134dc] sql/signal_handler.cc:241(handle_fatal_signal)[0xaaaacb345db4] addr2line: 'linux-vdso.so.1': No such file linux-vdso.so.1(__kernel_rt_sigreturn+0x0)[0xffffb5e2b78c] addr2line: DWARF error: section .debug_info is larger than its filesize! (0x84c75e vs 0x4a4f78) /lib/aarch64-linux-gnu/libc.so.6(gsignal+0xe0)[0xffffb491cd78] /lib/aarch64-linux-gnu/libc.so.6(abort+0x114)[0xffffb4909aac] sanitizer_common/sanitizer_posix_libcdep.cc:149(__sanitizer::Abort())[0xffffb53fecf0] sanitizer_common/sanitizer_termination.cc:58(__sanitizer::Die())[0xffffb54094f0] asan/asan_report.cc:175(__asan::ScopedInErrorReport::~ScopedInErrorReport())[0xffffb53ebad4] asan/asan_report.cc:462(__asan::ReportGenericError(unsigned long, unsigned long, unsigned long, unsigned long, bool, unsigned long, unsigned int, bool))[0xffffb53eb528] asan/asan_rtl.cc:119(__asan_report_load8)[0xffffb53ec4a0] sql/sql_class.h:7349(multi_update::num_found() const)[0xaaaacaba47f8] sql/sql_select.cc:33253(MYSQL_DML_DONE(THD*, int))[0xaaaacab96200] sql/sql_select.cc:33429(Sql_cmd_dml::execute(THD*))[0xaaaacab96ed0] sql/sql_parse.cc:4373(mysql_execute_command(THD*, bool))[0xaaaaca9a3228] sql/sql_parse.cc:7748(mysql_parse(THD*, char*, unsigned int, Parser_state*))[0xaaaaca9bba04] sql/sql_parse.cc:1082(bootstrap(st_mysql_file*))[0xaaaaca98c778] sql/mysqld.cc:5926(mysqld_main(int, char**))[0xaaaaca5b05d8] sql/main.cc:34(main)[0xaaaaca595c08] addr2line: DWARF error: section .debug_info is larger than its filesize! (0x84c75e vs 0x4a4f78) /lib/aarch64-linux-gnu/libc.so.6(__libc_start_main+0xe8)[0xffffb4909e10] /home/nxt/mariadb/unit-debug/11.4/mariadb-server/build-unit/sql/mariadbd(+0x18c5b18)[0xaaaaca595b18] Trying to get some variables. Some pointers may be invalid and cause the dump to abort. Query (0xffffad4322a8): update help_topic set description = CONCAT(description, '\n| FORCE | Enables the plugin. If the plugin |\n| | cannot be initialized, then the |\n| | server will fail to start with an |\n| | error. |\n+---------------------------------------+------------------------------------+\n| FORCE_PLUS_PERMANENT | Enables the plugin. If the plugin |\n| | cannot be initialized, then the |\n| | server will fail to start with an |\n| | error. In addition, the plugin |\n| | cannot be uninstalled with |\n| | UNINSTALL SONAME or UNINSTALL |\n| | PLUGIN while the server is |\n| | running. |\n+---------------------------------------+------------------------------------+\n\nA plugin\'s status can be found by looking at the PLUGIN_STATUS column of the\ninformation_schema.PLUGINS table.\n\nUninstalling Plugins\n--------------------\n\nPlugins that are found in the mysql.plugin table, that is those that were\ninstalled with INSTALL SONAME, INSTALL PLUGIN or mariadb-plugin can be\nuninstalled in one of two ways:\n\n* The UNINSTALL SONAME or the UNINSTALL PLUGIN statement while the server is\nrunning\n* With mariadb-plugin while the server is offline.\n\nPlugins that were enabled as a --plugin-load option do not need to be\nuninstalled. If --plugin-load is omitted the next time the server starts, or\nthe plugin is not listed as one of the --plugin-load entries, the plugin will\nnot be loaded.\n\nUNINSTALL PLUGIN uninstalls a single installed plugin, while UNINSTALL SONAME\nuninstalls all plugins belonging to a given library.\n\nURL: https://mariadb.com/kb/en/plugin-overview/') WHERE help_topic_id = 79; Connection ID (thread ID): 1 Status: NOT_KILLED Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on,not_null_range_scan=off,hash_join_cardinality=on,sargable_casefold=on The manual page at https://mariadb.com/kb/en/how-to-produce-a-full-stack-trace-for-mysqld/ contains information that should help you find out what is causing the crash. Writing a core file... Working directory at /dev/shm/var_auto_2cSs/install.db Resource Limits: Limit Soft Limit Hard Limit Units Max cpu time unlimited unlimited seconds Max file size unlimited unlimited bytes Max data size unlimited unlimited bytes Max stack size 8388608 unlimited bytes Max core file size 0 0 bytes Max resident set unlimited unlimited bytes Max processes 507520 507520 processes Max open files 1024 1024 files Max locked memory unlimited unlimited bytes Max address space unlimited unlimited bytes Max file locks unlimited unlimited locks Max pending signals 507520 507520 signals Max msgqueue size 819200 819200 bytes Max nice priority 0 0 Max realtime priority 0 0 Max realtime timeout unlimited unlimited us Core pattern: /var/crash/core.%u.%e.%p Kernel version: Linux version 5.17.0+ (gcc (Ubuntu 9.4.0-1ubuntu1~20.04.1) 9.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34) #9 SMP Wed Sep 20 22:45:49 CST 2023 {code} h3. *Relevant code that caused the above exception:* * In [sql_update.cc#L3102|https://github.com/MariaDB/server/blob/6b2287fff23fbdc362499501c562f01d0d2db52e/sql/sql_update.cc#L3102], delete result and did not set delete=0. * In [sql_select.cc#L33256|https://github.com/MariaDB/server/blob/6b2287fff23fbdc362499501c562f01d0d2db52e/sql/sql_select.cc#L33256], get the above result pointer again and access the memory space that has been freed. |
Testing process and error messages is as follows.
build on Arm/X86: {code:java} $ cmake .. -DCMAKE_BUILD_TYPE=Debug -DCMAKE_C_FLAGS=-fno-omit-frame-pointer -DCMAKE_CXX_FLAGS=-fno-omit-frame-pointer -DWITH_ASAN=YES $ cmake --build . --parallel 80 {code} test: {code:java} $ ./mysql-test/mtr --parallel=80 --mem --force --max-test-fail=40 {code} error: {code:java} ================================================================= ==2585715==ERROR: AddressSanitizer: use-after-poison on address 0xffffad434ee0 at pc 0xaaaacaba47f8 bp 0xffffc870dc40 sp 0xffffc870dc60 READ of size 8 at 0xffffad434ee0 thread T0 #0 0xaaaacaba47f4 in multi_update::num_found() const /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_class.h:7349 #1 0xaaaacab961fc in MYSQL_DML_DONE /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_select.cc:33253 #2 0xaaaacab96ecc in Sql_cmd_dml::execute(THD*) /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_select.cc:33427 #3 0xaaaaca9a3224 in mysql_execute_command(THD*, bool) /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_parse.cc:4373 #4 0xaaaaca9bba00 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_parse.cc:7748 #5 0xaaaaca98c774 in bootstrap(st_mysql_file*) /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_parse.cc:1080 #6 0xaaaaca5b05d4 in mysqld_main(int, char**) /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/mysqld.cc:5926 #7 0xaaaaca595c04 in main /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/main.cc:34 #8 0xffffb4909e0c in __libc_start_main ../csu/libc-start.c:308 #9 0xaaaaca595b14 (/home/nxt/mariadb/unit-debug/11.4/mariadb-server/build-unit/sql/mariadbd+0x18c5b14) 0xffffad434ee0 is located 11488 bytes inside of 16516-byte region [0xffffad432200,0xffffad436284) allocated by thread T0 here: #0 0xffffb53e2540 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144 #1 0xaaaacc936044 in sf_malloc /home/nxt/mariadb/unit-debug/11.4/mariadb-server/mysys/safemalloc.c:126 #2 0xaaaacc8ff6a0 in my_malloc /home/nxt/mariadb/unit-debug/11.4/mariadb-server/mysys/my_malloc.c:93 #3 0xaaaacc8d4130 in root_alloc /home/nxt/mariadb/unit-debug/11.4/mariadb-server/mysys/my_alloc.c:71 #4 0xaaaacc8d5178 in reset_root_defaults /home/nxt/mariadb/unit-debug/11.4/mariadb-server/mysys/my_alloc.c:253 #5 0xaaaaca83dea4 in THD::init_for_queries() /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_class.cc:1390 #6 0xaaaaca98bd64 in bootstrap(st_mysql_file*) /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_parse.cc:1006 #7 0xaaaaca5b05d4 in mysqld_main(int, char**) /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/mysqld.cc:5926 #8 0xaaaaca595c04 in main /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/main.cc:34 #9 0xffffb4909e0c in __libc_start_main ../csu/libc-start.c:308 #10 0xaaaaca595b14 (/home/nxt/mariadb/unit-debug/11.4/mariadb-server/build-unit/sql/mariadbd+0x18c5b14) SUMMARY: AddressSanitizer: use-after-poison /home/nxt/mariadb/unit-debug/11.4/mariadb-server/sql/sql_class.h:7349 in multi_update::num_found() const Shadow bytes around the buggy address: 0x200ff5a86980: 00 f7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x200ff5a86990: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x200ff5a869a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x200ff5a869b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x200ff5a869c0: 00 00 00 00 00 00 00 00 f7 00 00 f7 f7 f7 f7 f7 =>0x200ff5a869d0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7[f7]f7 f7 f7 0x200ff5a869e0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 00 00 f7 00 00 0x200ff5a869f0: f7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x200ff5a86a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x200ff5a86a10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x200ff5a86a20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==2585715==ABORTING 231204 10:30:43 [ERROR] mysqld got signal 6 ; This could be because you hit a bug. It is also possible that this binary or one of the libraries it was linked against is corrupt, improperly built, or misconfigured. This error can also be caused by malfunctioning hardware. To report this bug, see https://mariadb.com/kb/en/reporting-bugs We will try our best to scrape up some info that will hopefully help diagnose the problem, but since we have already crashed, something is definitely wrong and this may fail. Server version: 11.4.0-MariaDB-debug source revision: 6b2287fff23fbdc362499501c562f01d0d2db52e key_buffer_size=134217728 read_buffer_size=131072 max_used_connections=0 max_threads=153 thread_count=1 It is possible that mysqld could use up to key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 468203 K bytes of memory Hope that's ok; if not, decrease some variables in the equation. Thread pointer: 0xffff89b28288 Attempting backtrace. You can use the following information to find out where mysqld died. If you see no messages after this, something went terribly wrong... stack_bottom = 0xffffc870ed20 thread_stack 0x100000 sanitizer_common/sanitizer_common_interceptors.inc:4023(__interceptor_backtrace.part.0)[0xffffb535e010] mysys/stacktrace.c:215(my_print_stacktrace)[0xaaaacc9134dc] sql/signal_handler.cc:241(handle_fatal_signal)[0xaaaacb345db4] addr2line: 'linux-vdso.so.1': No such file linux-vdso.so.1(__kernel_rt_sigreturn+0x0)[0xffffb5e2b78c] addr2line: DWARF error: section .debug_info is larger than its filesize! (0x84c75e vs 0x4a4f78) /lib/aarch64-linux-gnu/libc.so.6(gsignal+0xe0)[0xffffb491cd78] /lib/aarch64-linux-gnu/libc.so.6(abort+0x114)[0xffffb4909aac] sanitizer_common/sanitizer_posix_libcdep.cc:149(__sanitizer::Abort())[0xffffb53fecf0] sanitizer_common/sanitizer_termination.cc:58(__sanitizer::Die())[0xffffb54094f0] asan/asan_report.cc:175(__asan::ScopedInErrorReport::~ScopedInErrorReport())[0xffffb53ebad4] asan/asan_report.cc:462(__asan::ReportGenericError(unsigned long, unsigned long, unsigned long, unsigned long, bool, unsigned long, unsigned int, bool))[0xffffb53eb528] asan/asan_rtl.cc:119(__asan_report_load8)[0xffffb53ec4a0] sql/sql_class.h:7349(multi_update::num_found() const)[0xaaaacaba47f8] sql/sql_select.cc:33253(MYSQL_DML_DONE(THD*, int))[0xaaaacab96200] sql/sql_select.cc:33429(Sql_cmd_dml::execute(THD*))[0xaaaacab96ed0] sql/sql_parse.cc:4373(mysql_execute_command(THD*, bool))[0xaaaaca9a3228] sql/sql_parse.cc:7748(mysql_parse(THD*, char*, unsigned int, Parser_state*))[0xaaaaca9bba04] sql/sql_parse.cc:1082(bootstrap(st_mysql_file*))[0xaaaaca98c778] sql/mysqld.cc:5926(mysqld_main(int, char**))[0xaaaaca5b05d8] sql/main.cc:34(main)[0xaaaaca595c08] addr2line: DWARF error: section .debug_info is larger than its filesize! (0x84c75e vs 0x4a4f78) /lib/aarch64-linux-gnu/libc.so.6(__libc_start_main+0xe8)[0xffffb4909e10] /home/nxt/mariadb/unit-debug/11.4/mariadb-server/build-unit/sql/mariadbd(+0x18c5b18)[0xaaaaca595b18] Trying to get some variables. Some pointers may be invalid and cause the dump to abort. Query (0xffffad4322a8): update help_topic set description = CONCAT(description, '\n| FORCE | Enables the plugin. If the plugin |\n| | cannot be initialized, then the |\n| | server will fail to start with an |\n| | error. |\n+---------------------------------------+------------------------------------+\n| FORCE_PLUS_PERMANENT | Enables the plugin. If the plugin |\n| | cannot be initialized, then the |\n| | server will fail to start with an |\n| | error. In addition, the plugin |\n| | cannot be uninstalled with |\n| | UNINSTALL SONAME or UNINSTALL |\n| | PLUGIN while the server is |\n| | running. |\n+---------------------------------------+------------------------------------+\n\nA plugin\'s status can be found by looking at the PLUGIN_STATUS column of the\ninformation_schema.PLUGINS table.\n\nUninstalling Plugins\n--------------------\n\nPlugins that are found in the mysql.plugin table, that is those that were\ninstalled with INSTALL SONAME, INSTALL PLUGIN or mariadb-plugin can be\nuninstalled in one of two ways:\n\n* The UNINSTALL SONAME or the UNINSTALL PLUGIN statement while the server is\nrunning\n* With mariadb-plugin while the server is offline.\n\nPlugins that were enabled as a --plugin-load option do not need to be\nuninstalled. If --plugin-load is omitted the next time the server starts, or\nthe plugin is not listed as one of the --plugin-load entries, the plugin will\nnot be loaded.\n\nUNINSTALL PLUGIN uninstalls a single installed plugin, while UNINSTALL SONAME\nuninstalls all plugins belonging to a given library.\n\nURL: https://mariadb.com/kb/en/plugin-overview/') WHERE help_topic_id = 79; Connection ID (thread ID): 1 Status: NOT_KILLED Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on,not_null_range_scan=off,hash_join_cardinality=on,sargable_casefold=on The manual page at https://mariadb.com/kb/en/how-to-produce-a-full-stack-trace-for-mysqld/ contains information that should help you find out what is causing the crash. Writing a core file... Working directory at /dev/shm/var_auto_2cSs/install.db Resource Limits: Limit Soft Limit Hard Limit Units Max cpu time unlimited unlimited seconds Max file size unlimited unlimited bytes Max data size unlimited unlimited bytes Max stack size 8388608 unlimited bytes Max core file size 0 0 bytes Max resident set unlimited unlimited bytes Max processes 507520 507520 processes Max open files 1024 1024 files Max locked memory unlimited unlimited bytes Max address space unlimited unlimited bytes Max file locks unlimited unlimited locks Max pending signals 507520 507520 signals Max msgqueue size 819200 819200 bytes Max nice priority 0 0 Max realtime priority 0 0 Max realtime timeout unlimited unlimited us Core pattern: /var/crash/core.%u.%e.%p Kernel version: Linux version 5.17.0+ (gcc (Ubuntu 9.4.0-1ubuntu1~20.04.1) 9.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34) #9 SMP Wed Sep 20 22:45:49 CST 2023 {code} h3. *Relevant code that caused the above exception:* * In [sql_update.cc#L3102|https://github.com/MariaDB/server/blob/6b2287fff23fbdc362499501c562f01d0d2db52e/sql/sql_update.cc#L3102], delete result and did not set result=0. * In [sql_select.cc#L33256|https://github.com/MariaDB/server/blob/6b2287fff23fbdc362499501c562f01d0d2db52e/sql/sql_select.cc#L33256], get the above result pointer again and access the memory space that has been freed. |
| Assignee | Aleksey Midenkov [ midenok ] |
| Link |
This issue is caused by |
| Fix Version/s | 11.1 [ 28549 ] |
| Component/s | Data Manipulation - Update [ 10805 ] |
| Summary | ./mysql-test/mtr fails with ASAN use-after-poison in MYSQL_DML_DONE. | ASAN use-after-poison in MYSQL_DML_DONE() |
| Status | Open [ 1 ] | In Progress [ 3 ] |
| Assignee | Aleksey Midenkov [ midenok ] | Oleksandr Byelkin [ sanja ] |
| Status | In Progress [ 3 ] | In Review [ 10002 ] |
As current solution introduce memory_leak in PS (detected by WITH_PROTECT_STATEMENT_MEMROOT) it should be fixed.
| Assignee | Oleksandr Byelkin [ sanja ] | Aleksey Midenkov [ midenok ] |
| Status | In Review [ 10002 ] | Stalled [ 10000 ] |
| Assignee | Aleksey Midenkov [ midenok ] | Igor Babaev [ igor ] |
Presumably caused by
MDEV-28883