Details
-
Bug
-
Status: Closed (View Workflow)
-
Blocker
-
Resolution: Fixed
-
12.3
-
Can result in data loss
-
-
Q1/2026 Server Development
Description
While this issue has clear similarities with MDEV-22447, here we have a new 12.3-only regression and new ASAN memory corruption (use-after-poison).
killed_for_exceeding_limit_rows was introduced by the MDEV-38019 patch.
--source include/have_innodb.inc
|
SET GLOBAL general_log=ON, GLOBAL log_output='TABLE'; |
CREATE TABLE t (c INT) ENGINE=InnoDB; |
EXPLAIN SELECT * FROM t LIMIT ROWS EXAMINED 1; |
SHUTDOWN;
|
Leads to:
|
CS 12.3.0 4528b8a585c09611d61340b721b3efaf13018f65 (Optimized, Clang 21.1.3-20250923) Build 23/01/2026 |
2026-01-28 16:52:18 0 [Note] /test/MD230126-mariadb-12.3.0-linux-x86_64-opt/bin/mariadbd: ready for connections.
|
Version: '12.3.0-MariaDB' socket: '/test/MD230126-mariadb-12.3.0-linux-x86_64-opt/socket.sock' port: 12315 MariaDB Server
|
pure virtual method called
|
terminate called without an active exception
|
|
CS 12.3.0 4528b8a585c09611d61340b721b3efaf13018f65 (Optimized, Clang 21.1.3-20250923) Build 23/01/2026 |
Core was generated by `/test/MD230126-mariadb-12.3.0-linux-x86_64-opt/bin/mariadbd --no-defaults --max'.
|
Program terminated with signal SIGABRT, Aborted.
|
#0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=<optimized out>)at ./nptl/pthread_kill.c:44
|
 |
[Current thread is 1 (LWP 1514067)]
|
(gdb) bt
|
#0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=<optimized out>)at ./nptl/pthread_kill.c:44
|
#1 __pthread_kill_internal (signo=6, threadid=<optimized out>)at ./nptl/pthread_kill.c:78
|
#2 __GI___pthread_kill (threadid=<optimized out>, signo=signo@entry=6)at ./nptl/pthread_kill.c:89
|
#3 0x000078fa6ca4526e in __GI_raise (sig=sig@entry=6)at ../sysdeps/posix/raise.c:26
|
#4 0x000078fa6ca288ff in __GI_abort () at ./stdlib/abort.c:79
|
#5 0x000078fa6cea5ffe in __gnu_cxx::__verbose_terminate_handler ()at ../../../../src/libstdc++-v3/libsupc++/vterminate.cc:95
|
#6 0x000078fa6cebae9c in __cxxabiv1::__terminate (handler=<optimized out>)at ../../../../src/libstdc++-v3/libsupc++/eh_terminate.cc:48
|
#7 0x000078fa6cea5a49 in std::terminate ()at ../../../../src/libstdc++-v3/libsupc++/eh_terminate.cc:58
|
#8 0x000078fa6cebbc45 in __cxxabiv1::__cxa_pure_virtual ()at ../../../../src/libstdc++-v3/libsupc++/pure.cc:50
|
#9 0x0000640503766554 in Item::val_uint (this=0x17153c)at /test/12.3_opt/sql/item.h:1505
|
#10 THD::killed_for_exceeding_limit_rows (this=0x78f91c000c68)at /test/12.3_opt/sql/sql_class.cc:2382
|
#11 0x0000640503558d65 in THD::check_limit_rows_examined (this=0x17153c)at /test/12.3_opt/sql/sql_class.h:4018
|
#12 handler::increment_statistics (this=0x78f91c02b200, offset=&system_status_var::ha_write_count)at /test/12.3_opt/sql/sql_class.h:7955
|
#13 handler::ha_write_row (this=0x78f91c02b200, buf=0x78f91c029210 "iy\244\024\016P\367\031")at /test/12.3_opt/sql/handler.cc:8273
|
#14 0x000064050352eb1c in Log_to_csv_event_handler::log_general (this=<optimized out>, thd=0x78f91c000c68, event_time=<optimized out>, user_host=0x78fa69948130 "root[root] @ localhost []", user_host_len=25, thread_id_arg=4, command_type=0x640502e3664b "Query", command_type_len=5, sql_text=0x78f91c0176e0 "SHUTDOWN", sql_text_len=8, client_cs=0x6405053f5148) at /test/12.3_opt/sql/log.cc:923
|
#15 0x0000640503531714 in LOGGER::general_log_write (this=0x6405042bf368 <logger>, thd=0x78f91c000c68, command=<optimized out>, query=0x78f91c0176e0 "SHUTDOWN", query_length=8)at /test/12.3_opt/sql/log.cc:1539
|
#16 0x000064050381bda1 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x78f91c000c68, packet=packet@entry=0x78f91c008a39 "SHUTDOWN", packet_length=packet_length@entry=8, blocking=true)at /test/12.3_opt/sql/sql_parse.cc:1868
|
#17 0x000064050381e081 in do_command (thd=thd@entry=0x78f91c000c68, blocking=true) at /test/12.3_opt/sql/sql_parse.cc:1432
|
#18 0x000064050397231d in do_handle_one_connection (connect=<optimized out>, connect@entry=0x640505c4b838, put_in_cache=true)at /test/12.3_opt/sql/sql_connect.cc:1503
|
#19 0x00006405039720df in handle_one_connection (arg=arg@entry=0x640505c4b838)at /test/12.3_opt/sql/sql_connect.cc:1415
|
#20 0x0000640503b36b89 in pfs_spawn_thread (arg=0x640505c9a278)at /test/12.3_opt/storage/perfschema/pfs.cc:2198
|
#21 0x000078fa6ca9ca94 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447
|
#22 0x000078fa6cb29c3c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
|
CS 12.3.0 4528b8a585c09611d61340b721b3efaf13018f65 (Debug, Clang 21.1.3-20250923) Build 23/01/2026 |
Core was generated by `/test/MD230126-mariadb-12.3.0-linux-x86_64-dbg/bin/mariadbd --no-defaults --max'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 0x000059adf7800423 in Item::val_uint (this=0x7d186801b5f8)at /test/12.3_dbg/sql/item.h:1505
|
 |
[Current thread is 1 (LWP 1514313)]
|
(gdb) bt
|
#0 0x000059adf7800423 in Item::val_uint (this=0x7d186801b5f8)at /test/12.3_dbg/sql/item.h:1505
|
#1 0x000059adf7928c65 in THD::killed_for_exceeding_limit_rows (this=0x7d1868000d58) at /test/12.3_dbg/sql/sql_class.cc:2382
|
#2 0x000059adf761363c in THD::check_limit_rows_examined (this=0x7d1868000d58)at /test/12.3_dbg/sql/sql_class.h:4018
|
#3 0x000059adf760e5b1 in handler::increment_statistics (this=0x7d186802fc50, offset=&system_status_var::ha_write_count)at /test/12.3_dbg/sql/sql_class.h:7955
|
#4 0x000059adf7608599 in handler::ha_write_row (this=0x7d186802fc50, buf=0x7d186802dc60 "iy\244\024\016N\001\031")at /test/12.3_dbg/sql/handler.cc:8273
|
#5 0x000059adf75c8781 in Log_to_csv_event_handler::log_general (this=0x59adfac3aaa0, thd=0x7d1868000d58, event_time={val = 1769579540937473}, user_host=0x7d19ac16e410 "root[root] @ localhost []", user_host_len=25, thread_id_arg=4, command_type=0x59adf6e6697f "Query", command_type_len=5, sql_text=0x7d1868019ee0 "SHUTDOWN", sql_text_len=8, client_cs=0x59adfa8deee8) at /test/12.3_dbg/sql/log.cc:923
|
#6 0x000059adf75cc0c9 in LOGGER::general_log_write (this=0x59adf8ae4378 <logger>, thd=0x7d1868000d58, command=COM_QUERY, query=0x7d1868019ee0 "SHUTDOWN", query_length=8)at /test/12.3_dbg/sql/log.cc:1539
|
#7 0x000059adf75dcfb0 in general_log_write (thd=0x7d1868000d58, command=COM_QUERY, query=0x7d1868019ee0 "SHUTDOWN", query_length=8)at /test/12.3_dbg/sql/log.cc:7867
|
#8 0x000059adf7a59318 in dispatch_command (command=COM_QUERY, thd=0x7d1868000d58, packet=0x7d186800b239 "SHUTDOWN", packet_length=8, blocking=true) at /test/12.3_dbg/sql/sql_parse.cc:1868
|
#9 0x000059adf7a5c86a in do_command (thd=0x7d1868000d58, blocking=true)at /test/12.3_dbg/sql/sql_parse.cc:1432
|
#10 0x000059adf7c502be in do_handle_one_connection (connect=0x59adfafc0098, put_in_cache=true) at /test/12.3_dbg/sql/sql_connect.cc:1503
|
#11 0x000059adf7c500a1 in handle_one_connection (arg=0x59adfaeff878)at /test/12.3_dbg/sql/sql_connect.cc:1415
|
#12 0x00007d19b669ca94 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447
|
#13 0x00007d19b6729c3c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
|
Bug Detection Matrix |
Rel o/d Build Commit UniqueID observed
|
CS 10.6 dbg 230126 cd02709a315c9f08965d6b8fb7e75baaae17a4f4 No bug found
|
CS 10.6 opt 230126 cd02709a315c9f08965d6b8fb7e75baaae17a4f4 No bug found
|
CS 10.11 dbg 230126 b061b5ab1f2cd2a6993e53dc24a865304ced14cd No bug found
|
CS 10.11 opt 230126 b061b5ab1f2cd2a6993e53dc24a865304ced14cd No bug found
|
CS 11.4 dbg 260126 b6d0e23d76fe5936b6a29379ab494852e4d493b1 No bug found
|
CS 11.4 opt 260126 b6d0e23d76fe5936b6a29379ab494852e4d493b1 No bug found
|
CS 11.8 dbg 230126 01ff5ae6b677bead4c41d91bf5afb25c593a1d02 No bug found
|
CS 11.8 opt 230126 01ff5ae6b677bead4c41d91bf5afb25c593a1d02 No bug found
|
CS 12.2 dbg 230126 6ca70dd64ce56da40fad3bcd0641493210dd0a4c No bug found
|
CS 12.2 opt 230126 6ca70dd64ce56da40fad3bcd0641493210dd0a4c No bug found
|
CS 12.3 dbg 230126 4528b8a585c09611d61340b721b3efaf13018f65 SIGSEGV|Item::val_uint|THD::killed_for_exceeding_limit_rows|THD::check_limit_rows_examined|handler::increment_statistics
|
CS 12.3 opt 230126 4528b8a585c09611d61340b721b3efaf13018f65 SIGABRT|__gnu_cxx::__verbose_terminate_handler|__cxxabiv1::__terminate|std::terminate|__cxxabiv1::__cxa_pure_virtual
|
ES 10.6 dbg 230126 0fe345fff3a0463224ca714831303d40fb83648b No bug found
|
ES 10.6 opt 230126 0fe345fff3a0463224ca714831303d40fb83648b No bug found
|
ES 11.4 dbg 230126 34f616d5fd2c649d0c79acb4e2423c90b8f10436 No bug found
|
ES 11.4 opt 230126 34f616d5fd2c649d0c79acb4e2423c90b8f10436 No bug found
|
ES 11.8 dbg 230126 405ee76b60c4ab82155f339136ed20d3b7363717 No bug found
|
ES 11.8 opt 230126 405ee76b60c4ab82155f339136ed20d3b7363717 No bug found
|
MS 5.5 dbg 070123 bac287c315b1792e7ae33f91add6a60292f9bae8 No bug found
|
MS 5.5 opt 070123 bac287c315b1792e7ae33f91add6a60292f9bae8 No bug found
|
MS 5.6 dbg 070123 dab95781a1244104d6b87020ac2fc4d190ba2946 No bug found
|
MS 5.6 opt 070123 dab95781a1244104d6b87020ac2fc4d190ba2946 No bug found
|
MS 5.7 dbg 070525 f7680e98b6bbe3500399fbad465d08a6b75d7a5c No bug found
|
MS 5.7 opt 070525 f7680e98b6bbe3500399fbad465d08a6b75d7a5c No bug found
|
MS 8.0 dbg 060224 49ef33f7edadef3ae04665e73d1babd40179a4f1 No bug found
|
MS 8.0 opt 060224 49ef33f7edadef3ae04665e73d1babd40179a4f1 No bug found
|
MS 9.1 dbg 211024 61a3a1d8ef15512396b4c2af46e922a19bf2b174 No bug found
|
MS 9.1 opt 211024 61a3a1d8ef15512396b4c2af46e922a19bf2b174 No bug found
|
Attachments
Issue Links
- is caused by
-
MDEV-38019 Send ok packet to client earlier
-
- Closed
-
- relates to
-
-
- Stalled
-