Details
-
Bug
-
Status: In Review (View Workflow)
-
Major
-
Resolution: Unresolved
-
10.6, 10.11, 11.4, 12.1(EOL), 11.8
-
None
Description
--source include/have_sequence.inc
|
|
|
CREATE SEQUENCE s; |
CREATE TABLE t1 (i varchar(10) DEFAULT NEXTVAL(s), j TEXT, key(i)); |
INSERT into t1 SET i = (value (j)) ON duplicate KEY UPDATE i = DEFAULT; |
INSERT into t1 SET i = (value (j)) ON duplicate KEY UPDATE i = DEFAULT; |
here likely because of TEXT data type, values(j):
251114 15:09:39 [ERROR] /10.6/bld/sql/mariadbd got signal 11 ;
|
|
|
Server version: 10.6.25-MariaDB-asan-debug-log source revision: cfaaf93ead41a973ca4b8690ae2312d1295bdb9d
|
|
|
sql/signal_handler.cc:230(handle_fatal_signal)[0x64d5524254cb]
|
strings/ctype-simple.c:1218(my_copy_8bit)[0x64d553b5e6f8]
|
sql/sql_string.cc:862(charset_info_st::copy_fix(char*, unsigned long, char const*, unsigned long, unsigned long, MY_STRCOPY_STATUS*) const)[0x64d551dde918]
|
sql/sql_string.cc:1127(String_copier::well_formed_copy(charset_info_st const*, char*, unsigned long, charset_info_st const*, char const*, unsigned long, unsigned long))[0x64d551ddd405]
|
sql/field.h:2238(Field_longstr::well_formed_copy_with_check(char*, unsigned long, charset_info_st const*, char const*, unsigned long, unsigned long, bool, unsigned int*))[0x64d5523f39cc]
|
sql/field.cc:7950(Field_varstring::store(char const*, unsigned long, charset_info_st const*))[0x64d5523cc94b]
|
sql/field.h:773(Field::save_in_field_str(Field*))[0x64d551f9ec16]
|
sql/field.h:2156(Field_str::save_in_field(Field*))[0x64d551fa24c9]
|
sql/field.h:935(Field::store_field(Field*))[0x64d551f9f10b]
|
sql/field_conv.cc:902(field_conv_incompatible(Field*, Field*))[0x64d552406bb3]
|
sql/field_conv.cc:915(field_conv(Field*, Field*))[0x64d552406c54]
|
sql/item.cc:6927(save_field_in_field(Field*, bool*, Field*, bool))[0x64d5524bb9ad]
|
sql/item.cc:6978(Item_field::save_in_field(Field*, bool))[0x64d5524bc168]
|
sql/item.h:7183(Item_insert_value::save_in_field(Field*, bool))[0x64d5524ed912]
|
sql/sql_base.cc:8753(fill_record(THD*, TABLE*, List<Item>&, List<Item>&, bool, bool))[0x64d5519c901f]
|
sql/sql_base.cc:8920(fill_record_n_invoke_before_triggers(THD*, TABLE*, List<Item>&, List<Item>&, bool, trg_event_type))[0x64d5519ca1a9]
|
sql/sql_insert.cc:1084(mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicates, bool, select_result*))[0x64d551a8a7ce]
|
sql/sql_parse.cc:4634(mysql_execute_command(THD*, bool))[0x64d551b5d2dc]
|
sql/sql_parse.cc:8200(mysql_parse(THD*, char*, unsigned int, Parser_state*))[0x64d551b764ca]
|
sql/sql_parse.cc:1910(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool))[0x64d551b4af8d]
|
sql/sql_parse.cc:1421(do_command(THD*, bool))[0x64d551b47c50]
|
sql/sql_connect.cc:1386(do_handle_one_connection(CONNECT*, bool))[0x64d551fe794d]
|
sql/sql_connect.cc:1300(handle_one_connection)[0x64d551fe74a0]
|
perfschema/pfs.cc:2203(pfs_spawn_thread)[0x64d552cc6d32]
|
asan/asan_interceptors.cpp:234(asan_thread_start(void*))[0x709880e5ea42]
|
nptl/pthread_create.c:447(start_thread)[0x70987fe9caa4]
|
x86_64/clone3.S:80(clone3)[0x70987ff29c6c]
|
|
|
Query (0x52d0000aa4a8): INSERT into t1 SET i = (value (j)) ON duplicate KEY UPDATE i = DEFAULT
|
11.8-12.1 crash after the 1.st insert with Myisam, while with InnoDB - on the 2.nd insert:
|
|
251114 15:20:10 [ERROR] /home/alice/am/11.8/bld/sql/mariadbd got signal 11 ;
|
|
|
Server version: 11.8.5-MariaDB-asan-debug-log source revision: 652582ad8c44d02179393f93c74928873e51ae79
|
|
|
sql/signal_handler.cc:230(handle_fatal_signal)[0x58b7a16f01ab]
|
libc_sigaction.c:0(__restore_rt)[0x7a7466045330]
|
strings/ctype-utf8.c:3023(my_charlen_utf8mb4)[0x58b7a2ecd2fa]
|
strings/ctype-mb.inl:187(my_well_formed_char_length_utf8mb4)[0x58b7a2ecd86b]
|
strings/ctype-mb.c:1405(my_ci_well_formed_char_length)[0x58b7a2e409a8]
|
strings/ctype-mb.c:339(my_copy_fix_mb)[0x58b7a2e424dc]
|
sql/sql_string.cc:1071(charset_info_st::copy_fix(char*, unsigned long, char const*, unsigned long, unsigned long, MY_STRCOPY_STATUS*) const)[0x58b7a0ff84b0]
|
sql/sql_string.cc:1123(String_copier::well_formed_copy(charset_info_st const*, char*, unsigned long, charset_info_st const*, char const*, unsigned long, unsigned long))[0x58b7a0ff6f95]
|
sql/field.h:2307(Field_longstr::well_formed_copy_with_check(char*, unsigned long, charset_info_st const*, char const*, unsigned long, unsigned long, bool, unsigned int*))[0x58b7a16bd1b2]
|
sql/field.cc:8107(Field_varstring::store(char const*, unsigned long, charset_info_st const*))[0x58b7a16965eb]
|
sql/field.h:767(Field::save_in_field_str(Field*))[0x58b7a11cb75a]
|
sql/field.h:2223(Field_str::save_in_field(Field*))[0x58b7a11cf427]
|
sql/field.h:939(Field::store_field(Field*))[0x58b7a11cbc53]
|
sql/field_conv.cc:925(field_conv_incompatible(Field*, Field*))[0x58b7a16cffaf]
|
sql/field_conv.cc:938(field_conv(Field*, Field*))[0x58b7a16d0050]
|
sql/item.cc:7043(save_field_in_field(Field*, bool*, Field*, bool))[0x58b7a178d601]
|
sql/item.cc:7094(Item_field::save_in_field(Field*, bool))[0x58b7a178ddbc]
|
sql/item.h:7332(Item_insert_value::save_in_field(Field*, bool))[0x58b7a17c1380]
|
sql/sql_base.cc:9194(fill_record(THD*, TABLE*, List<Item>&, List<Item>&, bool, bool))[0x58b7a0b59d0a]
|
sql/sql_base.cc:9393(fill_record_n_invoke_before_triggers(THD*, TABLE*, List<Item>&, List<Item>&, bool, trg_event_type, bool*))[0x58b7a0b5aed7]
|
sql/sql_insert.cc:1143(mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicates, bool, select_result*))[0x58b7a0c33644]
|
sql/sql_parse.cc:4480(mysql_execute_command(THD*, bool))[0x58b7a0d10cfc]
|
sql/sql_parse.cc:7909(mysql_parse(THD*, char*, unsigned int, Parser_state*))[0x58b7a0d29090]
|
sql/sql_parse.cc:1905(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool))[0x58b7a0cff469]
|
sql/sql_parse.cc:1416(do_command(THD*, bool))[0x58b7a0cfc0bb]
|
sql/sql_connect.cc:1504(do_handle_one_connection(CONNECT*, bool))[0x58b7a121c726]
|
sql/sql_connect.cc:1418(handle_one_connection)[0x58b7a121c279]
|
perfschema/pfs.cc:2200(pfs_spawn_thread)[0x58b7a1f40b14]
|
asan/asan_interceptors.cpp:234(asan_thread_start(void*))[0x7a746705ea42]
|
nptl/pthread_create.c:447(start_thread)[0x7a746609caa4]
|
x86_64/clone3.S:80(clone3)[0x7a7466129c6c]
|
|
|
Query (0x52d000172438): INSERT into t1 SET i = (value (j)) ON duplicate KEY UPDATE i = DEFAULT
|
and if I change TEXT to varchar -> fails like this (with myisam, 10.6-11.8, not 12.1)
--source include/have_sequence.inc
|
|
CREATE SEQUENCE s; |
CREATE TABLE t1 (i varchar(10) DEFAULT NEXTVAL(s), j varchar(10), key(i)) engine=myisam; |
INSERT into t1 SET i = (value (j)) ON duplicate KEY UPDATE i = DEFAULT; |
INSERT into t1 SET i = (value (j)) ON duplicate KEY UPDATE i = DEFAULT; |
Version: '11.8.5-MariaDB-asan-debug-log'
|
=================================================================
|
==790589==ERROR: AddressSanitizer: unknown-crash on address 0x5250002971eb at pc 0x7cce604fb42e bp 0x7cce49112620 sp 0x7cce49111dc8
|
READ of size 130 at 0x5250002971eb thread T10
|
#0 0x7cce604fb42d in memcpy ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors_memintrinsics.inc:115
|
#1 0x58572eaa030a in _mi_rec_pack /11.8/src/storage/myisam/mi_dynrec.c:1060
|
#2 0x58572ea9740c in _mi_write_dynamic_record /11.8/src/storage/myisam/mi_dynrec.c:265
|
#3 0x58572eb0571a in mi_write /11.8/src/storage/myisam/mi_write.c:146
|
#4 0x58572ea3f995 in ha_myisam::write_row(unsigned char const*) /11.8/src/storage/myisam/ha_myisam.cc:964
|
#5 0x58572d58234a in handler::ha_write_row(unsigned char const*) /11.8/src/sql/handler.cc:8234
|
#6 0x58572ca842f9 in Write_record::insert_on_duplicate_update(unsigned long long*, unsigned long long*) /11.8/src/sql/sql_insert.cc:2217
|
#7 0x58572ca867e2 in Write_record::write_record() /11.8/src/sql/sql_insert.cc:2415
|
#8 0x58572ca7be84 in mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicates, bool, select_result*) /11.8/src/sql/sql_insert.cc:1230
|
#9 0x58572cb58cfb in mysql_execute_command(THD*, bool) /11.8/src/sql/sql_parse.cc:4480
|
#10 0x58572cb7108f in mysql_parse(THD*, char*, unsigned int, Parser_state*) /11.8/src/sql/sql_parse.cc:7909
|
#11 0x58572cb47468 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /11.8/src/sql/sql_parse.cc:1903
|
#12 0x58572cb440ba in do_command(THD*, bool) /11.8/src/sql/sql_parse.cc:1416
|
#13 0x58572d064725 in do_handle_one_connection(CONNECT*, bool) /11.8/src/sql/sql_connect.cc:1504
|
#14 0x58572d064278 in handle_one_connection /11.8/src/sql/sql_connect.cc:1416
|
#15 0x58572dd88b13 in pfs_spawn_thread /11.8/src/storage/perfschema/pfs.cc:2198
|
#16 0x7cce6045ea41 in asan_thread_start ../../../../src/libsanitizer/asan/asan_interceptors.cpp:234
|
#17 0x7cce5f49caa3 in start_thread nptl/pthread_create.c:447
|
#18 0x7cce5f529c6b in clone3 ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
|
|
0x5250002971eb is located 2283 bytes inside of 8184-byte region [0x525000296900,0x5250002988f8)
|
allocated by thread T10 here:
|
#0 0x7cce604fd9c7 in malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69
|
#1 0x58572ebdc97b in my_malloc /11.8/src/mysys/my_malloc.c:93
|
#2 0x58572ebadef9 in root_alloc /11.8/src/mysys/my_alloc.c:66
|
#3 0x58572ebae742 in init_alloc_root /11.8/src/mysys/my_alloc.c:178
|
#4 0x58572cfa9184 in init_sql_alloc(unsigned int, st_mem_root*, unsigned int, unsigned int, unsigned long) /11.8/src/sql/thr_malloc.cc:64
|
#5 0x58572cf6b6eb in open_table_from_share(THD*, TABLE_SHARE*, st_mysql_const_lex_string const*, unsigned int, unsigned int, unsigned int, TABLE*, bool, List<String>*) /11.8/src/sql/table.cc:4365
|
#6 0x58572c976e9a in open_table(THD*, TABLE_LIST*, Open_table_context*) /11.8/src/sql/sql_base.cc:2319
|
#7 0x58572c982895 in open_and_process_table /11.8/src/sql/sql_base.cc:4271
|
#8 0x58572c985495 in open_tables(THD*, DDL_options_st const&, TABLE_LIST**, unsigned int*, unsigned int, Prelocking_strategy*) /11.8/src/sql/sql_base.cc:4754
|
#9 0x58572c98aa15 in open_and_lock_tables(THD*, DDL_options_st const&, TABLE_LIST*, bool, unsigned int, Prelocking_strategy*) /11.8/src/sql/sql_base.cc:5795
|
#10 0x58572c9b23a0 in open_and_lock_tables(THD*, TABLE_LIST*, bool, unsigned int) /11.8/src/sql/sql_base.h:537
|
#11 0x58572ca7944a in mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicates, bool, select_result*) /11.8/src/sql/sql_insert.cc:811
|
#12 0x58572cb58cfb in mysql_execute_command(THD*, bool) /11.8/src/sql/sql_parse.cc:4480
|
#13 0x58572cb7108f in mysql_parse(THD*, char*, unsigned int, Parser_state*) /11.8/src/sql/sql_parse.cc:7909
|
#14 0x58572cb47468 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /11.8/src/sql/sql_parse.cc:1903
|
#15 0x58572cb440ba in do_command(THD*, bool) /11.8/src/sql/sql_parse.cc:1416
|
#16 0x58572d064725 in do_handle_one_connection(CONNECT*, bool) /11.8/src/sql/sql_connect.cc:1504
|
#17 0x58572d064278 in handle_one_connection /11.8/src/sql/sql_connect.cc:1416
|
#18 0x58572dd88b13 in pfs_spawn_thread /11.8/src/storage/perfschema/pfs.cc:2198
|
#19 0x7cce6045ea41 in asan_thread_start ../../../../src/libsanitizer/asan/asan_interceptors.cpp:234
|
#20 0x7cce5f49caa3 in start_thread nptl/pthread_create.c:447
|
|
|
Thread T10 created by T0 here:
|
#0 0x7cce604f51f9 in pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:245
|
#1 0x58572dd84737 in my_thread_create /11.8/src/storage/perfschema/my_thread.h:38
|
#2 0x58572dd88f06 in pfs_spawn_thread_v1 /11.8/src/storage/perfschema/pfs.cc:2249
|
#3 0x58572c72c53b in inline_mysql_thread_create /11.8/src/include/mysql/psi/mysql_thread.h:1139
|
#4 0x58572c746160 in create_thread_to_handle_connection(CONNECT*) /11.8/src/sql/mysqld.cc:6265
|
#5 0x58572c7467cb in create_new_thread(CONNECT*) /11.8/src/sql/mysqld.cc:6327
|
#6 0x58572c746af8 in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /11.8/src/sql/mysqld.cc:6389
|
#7 0x58572c747809 in handle_connections_sockets() /11.8/src/sql/mysqld.cc:6501
|
#8 0x58572c74417e in run_main_loop /11.8/src/sql/mysqld.cc:5743
|
#9 0x58572c745996 in mysqld_main(int, char**) /11.8/src/sql/mysqld.cc:6166
|
#10 0x58572c72b7dc in main /11.8/src/sql/main.cc:34
|
#11 0x7cce5f42a1c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
|
#12 0x7cce5f42a28a in __libc_start_main_impl ../csu/libc-start.c:360
|
#13 0x58572c72b6f4 in _start (/11.8-bld/sql/mariadbd+0x1ad06f4) (BuildId: e9ff089dddf9022a1183f444851fb9fe55538b7e)
|
|
|
SUMMARY: AddressSanitizer: unknown-crash ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors_memintrinsics.inc:115 in memcpy
|
Shadow bytes around the buggy address:
|
0x525000296f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x525000296f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x525000297000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x525000297080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x525000297100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
=>0x525000297180: 00 00 f7 00 00 00 00 00 00 00 00 00 00[03]00 00
|
0x525000297200: 00 00 00 00 00 00 00 00 03 f7 00 00 00 f7 00 00
|
0x525000297280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f7 00
|
0x525000297300: f7 f7 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x525000297380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f7 00
|
0x525000297400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
Addressable: 00
|
Partially addressable: 01 02 03 04 05 06 07
|
Heap left redzone: fa
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack after return: f5
|
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
Container overflow: fc
|
Array cookie: ac
|
Intra object redzone: bb
|
ASan internal: fe
|
Left alloca redzone: ca
|
Right alloca redzone: cb
|
==790589==ABORTING
|
with virtual columns instead of sequences:
CREATE TABLE t1 ( j TEXT default 5, i varchar(10) as (j), key(i)); |
INSERT into t1 SET j = (value (j)) ON duplicate KEY UPDATE i = DEFAULT; |
INSERT into t1 SET j = (value (j)) ON duplicate KEY UPDATE i = DEFAULT; |
251114 15:35:52 [ERROR] /10.6/bld/sql/mariadbd got signal 11 ;
|
|
|
strings/ctype-simple.c:1218(my_copy_8bit)[0x5becf54286f8]
|
sql/sql_string.cc:862(charset_info_st::copy_fix(char*, unsigned long, char const*, unsigned long, unsigned long, MY_STRCOPY_STATUS*) const)[0x5becf36a8918]
|
sql/sql_string.cc:1127(String_copier::well_formed_copy(charset_info_st const*, char*, unsigned long, charset_info_st const*, char const*, unsigned long, unsigned long))[0x5becf36a7405]
|
sql/field.h:2238(Field_longstr::well_formed_copy_with_check(char*, unsigned long, charset_info_st const*, char const*, unsigned long, unsigned long, bool, unsigned int*))[0x5becf3cbd9cc]
|
sql/field.cc:7950(Field_varstring::store(char const*, unsigned long, charset_info_st const*))[0x5becf3c9694b]
|
sql/field.h:773(Field::save_in_field_str(Field*))[0x5becf3868c16]
|
sql/field.h:2156(Field_str::save_in_field(Field*))[0x5becf386c4c9]
|
sql/field.h:935(Field::store_field(Field*))[0x5becf386910b]
|
sql/field_conv.cc:902(field_conv_incompatible(Field*, Field*))[0x5becf3cd0bb3]
|
sql/field_conv.cc:915(field_conv(Field*, Field*))[0x5becf3cd0c54]
|
sql/item.cc:6927(save_field_in_field(Field*, bool*, Field*, bool))[0x5becf3d859ad]
|
sql/item.cc:6978(Item_field::save_in_field(Field*, bool))[0x5becf3d86168]
|
sql/table.cc:9125(TABLE::update_virtual_fields(handler*, enum_vcol_update_mode))[0x5becf37ebe2d]
|
sql/sql_base.cc:8783(fill_record(THD*, TABLE*, List<Item>&, List<Item>&, bool, bool))[0x5becf329340f]
|
sql/sql_base.cc:8920(fill_record_n_invoke_before_triggers(THD*, TABLE*, List<Item>&, List<Item>&, bool, trg_event_type))[0x5becf32941a9]
|
sql/sql_insert.cc:1084(mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicates, bool, select_result*))[0x5becf33547ce]
|
sql/sql_parse.cc:4634(mysql_execute_command(THD*, bool))[0x5becf34272dc]
|
sql/sql_parse.cc:8200(mysql_parse(THD*, char*, unsigned int, Parser_state*))[0x5becf34404ca]
|
sql/sql_parse.cc:1910(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool))[0x5becf3414f8d]
|
sql/sql_parse.cc:1421(do_command(THD*, bool))[0x5becf3411c50]
|
sql/sql_connect.cc:1386(do_handle_one_connection(CONNECT*, bool))[0x5becf38b194d]
|
sql/sql_connect.cc:1300(handle_one_connection)[0x5becf38b14a0]
|
perfschema/pfs.cc:2203(pfs_spawn_thread)[0x5becf4590d32]
|
asan/asan_interceptors.cpp:234(asan_thread_start(void*))[0x7d7bc105ea42]
|
nptl/pthread_create.c:447(start_thread)[0x7d7bc009caa4]
|
x86_64/clone3.S:80(clone3)[0x7d7bc0129c6c]
|
|
|
Query (0x52d0000aa4a8): INSERT into t1 SET j = (value (j)) ON duplicate KEY UPDATE i = DEFAULT
|
Attachments
Issue Links
- relates to
-
-
- Confirmed
-