[MDEV-33987] Server crashes at Item_func_as_wkt::val_str_ascii - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 11.3.2, 11.4.1
Fix Version/s: 10.5.28, 10.6.21, 10.11.11, 11.2.7, 11.4.5, 11.6.2
Component/s: GIS
Labels:
None
Environment:
Ubuntu 20.04 x86-64, docker image mariadb:11.4.1-rc

Description

PoC:

SELECT ST_ASTEXT(BOUNDARY(INET6_ATON('255.255.255.255')));

GDB backtrace:

Server version: 11.4.1-MariaDB-1:11.4.1+maria~ubu2204 source revision: fa69b085b10f19a3a8b6e7adab27c104924333ae

key_buffer_size=134217728

read_buffer_size=131072

max_used_connections=1

max_threads=153

thread_count=1

It is possible that mysqld could use up to

key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 468064 K  bytes of memory

Hope that's ok; if not, decrease some variables in the equation.

Thread pointer: 0x7fdbec000c68

Attempting backtrace. You can use the following information to find out

where mysqld died. If you see no messages after this, something went

terribly wrong...

stack_bottom = 0x7fdc3c090c38 thread_stack 0x49000

Printing to addr2line failed

mariadbd(my_print_stacktrace+0x32)[0x55e8a5f0a4f2]

mariadbd(handle_fatal_signal+0x478)[0x55e8a59da1e8]

/lib/x86_64-linux-gnu/libc.so.6(+0x42520)[0x7fdc3efeb520]

mariadbd(_ZN16Item_func_as_wkt13val_str_asciiEP6String+0xa0)[0x55e8a5a6ef70]

mariadbd(_ZN9Item_func26val_str_from_val_str_asciiEP6StringS1_+0x6d)[0x55e8a5a942bd]

mariadbd(_ZNK12Type_handler13Item_send_strEP4ItemP8ProtocolP8st_value+0x28)[0x55e8a5931878]

mariadbd(_ZN8Protocol19send_result_set_rowEP4ListI4ItemE+0xea)[0x55e8a567d2ba]

mariadbd(_ZN11select_send9send_dataER4ListI4ItemE+0x37)[0x55e8a56efde7]

mariadbd(_ZN4JOIN10exec_innerEv+0xc78)[0x55e8a57d6ca8]

mariadbd(_ZN4JOIN4execEv+0x3f)[0x55e8a57d743f]

mariadbd(_Z12mysql_selectP3THDP10TABLE_LISTR4ListI4ItemEPS4_jP8st_orderS9_S7_S9_yP13select_resultP18st_select_lex_unitP13st_select_lex+0x12c)[0x55e8a57d53cc]

mariadbd(_Z13handle_selectP3THDP3LEXP13select_resulty+0x154)[0x55e8a57d5bc4]

mariadbd(+0x84c285)[0x55e8a5748285]

mariadbd(_Z21mysql_execute_commandP3THDb+0x440f)[0x55e8a57574af]

mariadbd(_Z11mysql_parseP3THDPcjP12Parser_state+0x1e7)[0x55e8a5758a17]

mariadbd(_Z16dispatch_command19enum_server_commandP3THDPcjb+0x14cd)[0x55e8a575b20d]

mariadbd(_Z10do_commandP3THDb+0x138)[0x55e8a575d118]

mariadbd(_Z24do_handle_one_connectionP7CONNECTb+0x3bf)[0x55e8a5889f6f]

mariadbd(handle_one_connection+0x5d)[0x55e8a588a2bd]

mariadbd(+0xd10af6)[0x55e8a5c0caf6]

/lib/x86_64-linux-gnu/libc.so.6(+0x94ac3)[0x7fdc3f03dac3]

/lib/x86_64-linux-gnu/libc.so.6(clone+0x44)[0x7fdc3f0cea04]

Trying to get some variables.

Some pointers may be invalid and cause the dump to abort.

Query (0x7fdbec012fa0): SELECT ST_ASTEXT(BOUNDARY(INET6_ATON('255.255.255.255')))

Connection ID (thread ID): 3

Status: NOT_KILLED

Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on,not_null_range_scan=off,hash_join_cardinality=on,cset_narrowing=off,sargable_casefold=on

The manual page at https://mariadb.com/kb/en/how-to-produce-a-full-stack-trace-for-mariadbd/ contains

information that should help you find out what is causing the crash.

Writing a core file...

Working directory at /var/lib/mysql

Resource Limits:

Limit                     Soft Limit           Hard Limit           Units

Max cpu time              unlimited            unlimited            seconds

Max file size             unlimited            unlimited            bytes

Max data size             unlimited            unlimited            bytes

Max stack size            8388608              unlimited            bytes

Max core file size        unlimited            unlimited            bytes

Max resident set          unlimited            unlimited            bytes

Max processes             2062276              2062276              processes

Max open files            524288               524288               files

Max locked memory         8388608              8388608              bytes

Max address space         unlimited            unlimited            bytes

Max file locks            unlimited            unlimited            locks

Max pending signals       2062276              2062276              signals

Max msgqueue size         819200               819200               bytes

Max nice priority         0                    0

Max realtime priority     0                    0

Max realtime timeout      unlimited            unlimited            us

Core pattern: core

Kernel version: Linux version 6.1.10-1-pve (build@proxmox) (gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2) #1 SMP PREEMPT_DYNAMIC PVE 6.1.10-1 (2023-02-07T00:00Z) ()

Attachments

Activity

People

Assignee:: Alexander Barkov

Reporter:: Jingzhou Fu

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2024-04-24 13:08

Updated:: 1 week ago 11:11

Resolved:: 1 week ago 11:11

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.