[MDEV-22161] ASAN use-after-poison in create_tmp_table upon SELECT DISTINCT .. GROUP BY .. ROLLUP with BIT column Created: 2020-04-06  Updated: 2021-02-21  Resolved: 2021-02-21

Status: Closed
Project: MariaDB Server
Component/s: Optimizer
Affects Version/s: 10.3, 10.4, 10.5
Fix Version/s: 10.3.24, 10.4.14, 10.5.5

Type: Bug Priority: Major
Reporter: Elena Stepanova Assignee: Unassigned
Resolution: Fixed Votes: 0
Labels: None


 Description    

CREATE TABLE t1 (a INT, b BIT(1), PRIMARY KEY(b,a)) ENGINE=MyISAM;
 
INSERT INTO t1 VALUES (1,b'1'),(2,b'0');
 
SELECT DISTINCT b FROM t1 GROUP BY b WITH ROLLUP;
 
 
 
# Cleanup
 
DROP TABLE t1;

10.3 21b87437

 
==26591==ERROR: AddressSanitizer: use-after-poison on address 0x619000089555 at pc 0x7f97a372931e bp 0x7f9798cb6140 sp 0x7f9798cb58f0
 
READ of size 1 at 0x619000089555 thread T5
 
    #0 0x7f97a372931d  (/lib/x86_64-linux-gnu/libasan.so.5+0x3f31d)
 
    #1 0x559691369288 in create_tmp_table(THD*, TMP_TABLE_PARAM*, List<Item>&, st_order*, bool, bool, unsigned long long, unsigned long long, st_mysql_const_lex_string const*, bool, bool) /data/src/10.3/sql/sql_select.cc:17943
 
    #2 0x5596912ff349 in JOIN::create_postjoin_aggr_table(st_join_table*, List<Item>*, st_order*, bool, bool, bool) /data/src/10.3/sql/sql_select.cc:3410
 
    #3 0x5596912fae5f in JOIN::make_aggr_tables_info() /data/src/10.3/sql/sql_select.cc:3010
 
    #4 0x5596912f6abf in JOIN::optimize_stage2() /data/src/10.3/sql/sql_select.cc:2657
 
    #5 0x5596912ef894 in JOIN::optimize_inner() /data/src/10.3/sql/sql_select.cc:1968
 
    #6 0x5596912eaab9 in JOIN::optimize() /data/src/10.3/sql/sql_select.cc:1488
 
    #7 0x559691307ba0 in mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/10.3/sql/sql_select.cc:4287
 
    #8 0x5596912deb41 in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.3/sql/sql_select.cc:370
 
    #9 0x55969124bba0 in execute_sqlcom_select /data/src/10.3/sql/sql_parse.cc:6293
 
    #10 0x559691239888 in mysql_execute_command(THD*) /data/src/10.3/sql/sql_parse.cc:3820
 
    #11 0x559691255c3e in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.3/sql/sql_parse.cc:7817
 
    #12 0x55969122c81e in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.3/sql/sql_parse.cc:1855
 
    #13 0x559691228fbe in do_command(THD*) /data/src/10.3/sql/sql_parse.cc:1401
 
    #14 0x5596916120bb in do_handle_one_connection(CONNECT*) /data/src/10.3/sql/sql_connect.cc:1403
 
    #15 0x559691611973 in handle_one_connection /data/src/10.3/sql/sql_connect.cc:1308
 
    #16 0x559692d5e17a in pfs_spawn_thread /data/src/10.3/storage/perfschema/pfs.cc:1869
 
    #17 0x7f97a36d0fa2 in start_thread /build/glibc-vjB4T1/glibc-2.28/nptl/pthread_create.c:486
 
    #18 0x7f97a2f1f4ce in clone (/lib/x86_64-linux-gnu/libc.so.6+0xf94ce)
 
 
 
0x619000089555 is located 469 bytes inside of 1100-byte region [0x619000089380,0x6190000897cc)
 
allocated by thread T5 here:
 
    #0 0x7f97a37d3330 in __interceptor_malloc (/lib/x86_64-linux-gnu/libasan.so.5+0xe9330)
 
    #1 0x559692ea9202 in sf_malloc /data/src/10.3/mysys/safemalloc.c:118
 
    #2 0x559692e78488 in my_malloc /data/src/10.3/mysys/my_malloc.c:101
 
    #3 0x559692e55874 in alloc_root /data/src/10.3/mysys/my_alloc.c:250
 
    #4 0x559692e5702b in memdup_root /data/src/10.3/mysys/my_alloc.c:492
 
    #5 0x55969152a60a in TABLE_SHARE::init_from_binary_frm_image(THD*, bool, unsigned char const*, unsigned long) /data/src/10.3/sql/table.cc:1286
 
    #6 0x5596915254c4 in open_table_def(THD*, TABLE_SHARE*, unsigned int) /data/src/10.3/sql/table.cc:677
 
    #7 0x5596917fc743 in tdc_acquire_share(THD*, TABLE_LIST*, unsigned int, TABLE**) /data/src/10.3/sql/table_cache.cc:840
 
    #8 0x5596910b86a9 in open_table(THD*, TABLE_LIST*, Open_table_context*) /data/src/10.3/sql/sql_base.cc:1839
 
    #9 0x5596910c2418 in open_and_process_table /data/src/10.3/sql/sql_base.cc:3675
 
    #10 0x5596910c4ce6 in open_tables(THD*, DDL_options_st const&, TABLE_LIST**, unsigned int*, unsigned int, Prelocking_strategy*) /data/src/10.3/sql/sql_base.cc:4144
 
    #11 0x5596910ca65c in open_and_lock_tables(THD*, DDL_options_st const&, TABLE_LIST*, bool, unsigned int, Prelocking_strategy*) /data/src/10.3/sql/sql_base.cc:5032
 
    #12 0x559691025b9e in open_and_lock_tables(THD*, TABLE_LIST*, bool, unsigned int) /data/src/10.3/sql/sql_base.h:503
 
    #13 0x55969118f4fa in mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicates, bool) /data/src/10.3/sql/sql_insert.cc:760
 
    #14 0x55969123d3e7 in mysql_execute_command(THD*) /data/src/10.3/sql/sql_parse.cc:4454
 
    #15 0x559691255c3e in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.3/sql/sql_parse.cc:7817
 
    #16 0x55969122c81e in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.3/sql/sql_parse.cc:1855
 
    #17 0x559691228fbe in do_command(THD*) /data/src/10.3/sql/sql_parse.cc:1401
 
    #18 0x5596916120bb in do_handle_one_connection(CONNECT*) /data/src/10.3/sql/sql_connect.cc:1403
 
    #19 0x559691611973 in handle_one_connection /data/src/10.3/sql/sql_connect.cc:1308
 
    #20 0x559692d5e17a in pfs_spawn_thread /data/src/10.3/storage/perfschema/pfs.cc:1869
 
    #21 0x7f97a36d0fa2 in start_thread /build/glibc-vjB4T1/glibc-2.28/nptl/pthread_create.c:486
 
 
 
Thread T5 created by T0 here:
 
    #0 0x7f97a373adb0 in __interceptor_pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x50db0)
 
    #1 0x559692d5e5b6 in spawn_thread_v1 /data/src/10.3/storage/perfschema/pfs.cc:1919
 
    #2 0x559690f3fd84 in inline_mysql_thread_create /data/src/10.3/include/mysql/psi/mysql_thread.h:1275
 
    #3 0x559690f59239 in create_thread_to_handle_connection(CONNECT*) /data/src/10.3/sql/mysqld.cc:6608
 
    #4 0x559690f5998e in create_new_thread /data/src/10.3/sql/mysqld.cc:6678
 
    #5 0x559690f5ac36 in handle_connections_sockets() /data/src/10.3/sql/mysqld.cc:6953
 
    #6 0x559690f585a8 in mysqld_main(int, char**) /data/src/10.3/sql/mysqld.cc:6230
 
    #7 0x559690f3e484 in main /data/src/10.3/sql/main.cc:25
 
    #8 0x7f97a2e4a09a in __libc_start_main ../csu/libc-start.c:308
 
 
 
SUMMARY: AddressSanitizer: use-after-poison (/lib/x86_64-linux-gnu/libasan.so.5+0x3f31d) 
Shadow bytes around the buggy address:
 
  0x0c3280009250: fd fd fd fd fd fa fa fa fa fa fa fa fa fa fa fa
 
  0x0c3280009260: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
 
  0x0c3280009270: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 
  0x0c3280009280: 00 f7 00 00 f7 01 f7 00 00 00 00 00 00 00 00 00
 
  0x0c3280009290: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 
=>0x0c32800092a0: 00 00 00 00 00 02 f7 00 00 f7[05]f7 01 f7 00 00
 
  0x0c32800092b0: 00 00 00 00 00 00 00 00 f7 00 00 00 00 00 00 00
 
  0x0c32800092c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 
  0x0c32800092d0: 00 00 00 00 f7 00 00 00 00 00 00 00 00 00 00 00
 
  0x0c32800092e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 
  0x0c32800092f0: 00 00 f7 00 00 f7 04 f7 f7 04 fa fa fa fa fa fa
 
Shadow byte legend (one shadow byte represents 8 application bytes):
 
  Addressable:           00
 
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
 
  Freed heap region:       fd
 
  Stack left redzone:      f1
 
  Stack mid redzone:       f2
 
  Stack right redzone:     f3
 
  Stack after return:      f5
 
  Stack use after scope:   f8
 
  Global redzone:          f9
 
  Global init order:       f6
 
  Poisoned by user:        f7
 
  Container overflow:      fc
 
  Array cookie:            ac
 
  Intra object redzone:    bb
 
  ASan internal:           fe
 
  Left alloca redzone:     ca
 
  Right alloca redzone:    cb
 
==26591==ABORTING

10.5 22811a1c

 
==26739==ERROR: AddressSanitizer: use-after-poison on address 0x619000088b85 at pc 0x7f734078b31e bp 0x7f7337556620 sp 0x7f7337555dd0
 
READ of size 1 at 0x619000088b85 thread T5
 
    #0 0x7f734078b31d  (/lib/x86_64-linux-gnu/libasan.so.5+0x3f31d)
 
    #1 0x55eda8bc7f77 in Create_tmp_table::finalize(THD*, TABLE*, TMP_TABLE_PARAM*, bool, bool) /data/src/10.5/sql/sql_select.cc:18785
 
    #2 0x55eda8bcd55d in create_tmp_table(THD*, TMP_TABLE_PARAM*, List<Item>&, st_order*, bool, bool, unsigned long long, unsigned long long, st_mysql_const_lex_string const*, bool, bool) /data/src/10.5/sql/sql_select.cc:19160
 
    #3 0x55eda8b5b5cd in JOIN::create_postjoin_aggr_table(st_join_table*, List<Item>*, st_order*, bool, bool, bool) /data/src/10.5/sql/sql_select.cc:3752
 
    #4 0x55eda8b57103 in JOIN::make_aggr_tables_info() /data/src/10.5/sql/sql_select.cc:3352
 
    #5 0x55eda8b52ce8 in JOIN::optimize_stage2() /data/src/10.5/sql/sql_select.cc:2995
 
    #6 0x55eda8b4b50f in JOIN::optimize_inner() /data/src/10.5/sql/sql_select.cc:2286
 
    #7 0x55eda8b44246 in JOIN::optimize() /data/src/10.5/sql/sql_select.cc:1606
 
    #8 0x55eda8b64851 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/10.5/sql/sql_select.cc:4654
 
    #9 0x55eda8b36d89 in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.5/sql/sql_select.cc:417
 
    #10 0x55eda8aa90d7 in execute_sqlcom_select /data/src/10.5/sql/sql_parse.cc:6168
 
    #11 0x55eda8a974f9 in mysql_execute_command(THD*) /data/src/10.5/sql/sql_parse.cc:3901
 
    #12 0x55eda8ab4124 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.5/sql/sql_parse.cc:7953
 
    #13 0x55eda8a89f14 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.5/sql/sql_parse.cc:1839
 
    #14 0x55eda8a86949 in do_command(THD*) /data/src/10.5/sql/sql_parse.cc:1358
 
    #15 0x55eda8ea5a26 in do_handle_one_connection(CONNECT*, bool) /data/src/10.5/sql/sql_connect.cc:1422
 
    #16 0x55eda8ea52c1 in handle_one_connection /data/src/10.5/sql/sql_connect.cc:1319
 
    #17 0x55eda9b43b61 in pfs_spawn_thread /data/src/10.5/storage/perfschema/pfs.cc:2201
 
    #18 0x7f7340732fa2 in start_thread /build/glibc-vjB4T1/glibc-2.28/nptl/pthread_create.c:486
 
    #19 0x7f733ff814ce in clone (/lib/x86_64-linux-gnu/libc.so.6+0xf94ce)
 
 
 
0x619000088b85 is located 517 bytes inside of 1124-byte region [0x619000088980,0x619000088de4)
 
allocated by thread T5 here:
 
    #0 0x7f7340835330 in __interceptor_malloc (/lib/x86_64-linux-gnu/libasan.so.5+0xe9330)
 
    #1 0x55edaa7c111b in sf_malloc /data/src/10.5/mysys/safemalloc.c:118
 
    #2 0x55edaa78fae4 in my_malloc /data/src/10.5/mysys/my_malloc.c:88
 
    #3 0x55edaa76ccf0 in alloc_root /data/src/10.5/mysys/my_alloc.c:243
 
    #4 0x55edaa76e355 in memdup_root /data/src/10.5/mysys/my_alloc.c:478
 
    #5 0x55eda8db42ea in TABLE_SHARE::init_from_binary_frm_image(THD*, bool, unsigned char const*, unsigned long) /data/src/10.5/sql/table.cc:1757
 
    #6 0x55eda8daca76 in open_table_def(THD*, TABLE_SHARE*, unsigned int) /data/src/10.5/sql/table.cc:699
 
    #7 0x55eda90ab6c6 in tdc_acquire_share(THD*, TABLE_LIST*, unsigned int, TABLE**) /data/src/10.5/sql/table_cache.cc:831
 
    #8 0x55eda8900efd in open_table(THD*, TABLE_LIST*, Open_table_context*) /data/src/10.5/sql/sql_base.cc:1835
 
    #9 0x55eda890b243 in open_and_process_table /data/src/10.5/sql/sql_base.cc:3743
 
    #10 0x55eda890dd4b in open_tables(THD*, DDL_options_st const&, TABLE_LIST**, unsigned int*, unsigned int, Prelocking_strategy*) /data/src/10.5/sql/sql_base.cc:4215
 
    #11 0x55eda891316f in open_and_lock_tables(THD*, DDL_options_st const&, TABLE_LIST*, bool, unsigned int, Prelocking_strategy*) /data/src/10.5/sql/sql_base.cc:5110
 
    #12 0x55eda886fa68 in open_and_lock_tables(THD*, TABLE_LIST*, bool, unsigned int) /data/src/10.5/sql/sql_base.h:508
 
    #13 0x55eda89d60aa in mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicates, bool, select_result*) /data/src/10.5/sql/sql_insert.cc:756
 
    #14 0x55eda8a9b75c in mysql_execute_command(THD*) /data/src/10.5/sql/sql_parse.cc:4515
 
    #15 0x55eda8ab4124 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.5/sql/sql_parse.cc:7953
 
    #16 0x55eda8a89f14 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.5/sql/sql_parse.cc:1839
 
    #17 0x55eda8a86949 in do_command(THD*) /data/src/10.5/sql/sql_parse.cc:1358
 
    #18 0x55eda8ea5a26 in do_handle_one_connection(CONNECT*, bool) /data/src/10.5/sql/sql_connect.cc:1422
 
    #19 0x55eda8ea52c1 in handle_one_connection /data/src/10.5/sql/sql_connect.cc:1319
 
    #20 0x55eda9b43b61 in pfs_spawn_thread /data/src/10.5/storage/perfschema/pfs.cc:2201
 
    #21 0x7f7340732fa2 in start_thread /build/glibc-vjB4T1/glibc-2.28/nptl/pthread_create.c:486
 
 
 
Thread T5 created by T0 here:
 
    #0 0x7f734079cdb0 in __interceptor_pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x50db0)
 
    #1 0x55eda9b3ea58 in my_thread_create /data/src/10.5/storage/perfschema/my_thread.h:34
 
    #2 0x55eda9b43f50 in pfs_spawn_thread_v1 /data/src/10.5/storage/perfschema/pfs.cc:2252
 
    #3 0x55eda8794eaa in inline_mysql_thread_create /data/src/10.5/include/mysql/psi/mysql_thread.h:1321
 
    #4 0x55eda87aafba in create_thread_to_handle_connection(CONNECT*) /data/src/10.5/sql/mysqld.cc:6054
 
    #5 0x55eda87ab628 in create_new_thread(CONNECT*) /data/src/10.5/sql/mysqld.cc:6113
 
    #6 0x55eda87ab98c in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/src/10.5/sql/mysqld.cc:6178
 
    #7 0x55eda87ac5cb in handle_connections_sockets() /data/src/10.5/sql/mysqld.cc:6305
 
    #8 0x55eda87aa76d in mysqld_main(int, char**) /data/src/10.5/sql/mysqld.cc:5713
 
    #9 0x55eda8793674 in main /data/src/10.5/sql/main.cc:25
 
    #10 0x7f733feac09a in __libc_start_main ../csu/libc-start.c:308
 
 
 
SUMMARY: AddressSanitizer: use-after-poison (/lib/x86_64-linux-gnu/libasan.so.5+0x3f31d) 
Shadow bytes around the buggy address:
 
  0x0c3280009120: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
 
  0x0c3280009130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 
  0x0c3280009140: 00 00 00 00 f7 00 00 f7 01 f7 00 00 00 00 00 00
 
  0x0c3280009150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 
  0x0c3280009160: 00 00 00 00 00 00 00 00 00 00 00 02 f7 00 00 f7
 
=>0x0c3280009170:[05]f7 01 f7 00 00 00 00 00 00 00 00 00 00 f7 00
 
  0x0c3280009180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 
  0x0c3280009190: 00 00 00 00 00 00 00 00 00 00 f7 00 00 00 00 00
 
  0x0c32800091a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 
  0x0c32800091b0: 00 00 00 00 00 00 00 00 f7 00 00 f7 04 fa fa fa
 
  0x0c32800091c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
 
Shadow byte legend (one shadow byte represents 8 application bytes):
 
  Addressable:           00
 
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
 
  Freed heap region:       fd
 
  Stack left redzone:      f1
 
  Stack mid redzone:       f2
 
  Stack right redzone:     f3
 
  Stack after return:      f5
 
  Stack use after scope:   f8
 
  Global redzone:          f9
 
  Global init order:       f6
 
  Poisoned by user:        f7
 
  Container overflow:      fc
 
  Array cookie:            ac
 
  Intra object redzone:    bb
 
  ASan internal:           fe
 
  Left alloca redzone:     ca
 
  Right alloca redzone:    cb
 
==26739==ABORTING
 
200406 14:38:51 [ERROR] mysqld got signal 6 ;
 
This could be because you hit a bug. It is also possible that this binary
 
or one of the libraries it was linked against is corrupt, improperly built,
 
or misconfigured. This error can also be caused by malfunctioning hardware.
 
 
 
To report this bug, see https://mariadb.com/kb/en/reporting-bugs
 
 
 
We will try our best to scrape up some info that will hopefully help
 
diagnose the problem, but since we have already crashed, 
something is definitely wrong and this may fail.
 
 
 
Server version: 10.5.3-MariaDB-debug-log
 
key_buffer_size=1048576
 
read_buffer_size=131072
 
max_used_connections=1
 
max_threads=153
 
thread_count=2
 
It is possible that mysqld could use up to 
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 63700 K  bytes of memory
 
Hope that's ok; if not, decrease some variables in the equation.
 
 
 
Thread pointer: 0x62b000069288
 
Attempting backtrace. You can use the following information to find out
 
where mysqld died. If you see no messages after this, something went
 
terribly wrong...
 
stack_bottom = 0x7f7337559990 thread_stack 0x5fc00
 
??:0(__interceptor_timerfd_gettime)[0x7f73407f85fd]
 
/data/bld/10.5-asan-nightly/bin/mysqld(my_print_stacktrace+0xb5)[0x55edaa79f89d]
 
mysys/stacktrace.c:306(my_print_stacktrace)[0x55eda924d901]
 
??:0(__restore_rt)[0x7f734073d730]
 
linux/raise.c:51(__GI_raise)[0x7f733febf7bb]
 
stdlib/abort.c:81(__GI_abort)[0x7f733feaa535]
 
??:0(__sanitizer_set_report_fd)[0x7f7340852e6b]
 
??:0(__sanitizer_get_module_and_offset_for_pc)[0x7f734085aed8]
 
??:0(__asan_on_error)[0x7f734083f97d]
 
??:0(__interceptor_strpbrk)[0x7f734078b340]
 
/data/bld/10.5-asan-nightly/bin/mysqld(_ZN16Create_tmp_table8finalizeEP3THDP5TABLEP15TMP_TABLE_PARAMbb+0x2436)[0x55eda8bc7f78]
 
sql/sql_select.cc:18791(Create_tmp_table::finalize(THD*, TABLE*, TMP_TABLE_PARAM*, bool, bool))[0x55eda8bcd55e]
 
sql/sql_select.cc:19159(create_tmp_table(THD*, TMP_TABLE_PARAM*, List<Item>&, st_order*, bool, bool, unsigned long long, unsigned long long, st_mysql_const_lex_string const*, bool, bool))[0x55eda8b5b5ce]
 
sql/sql_select.cc:3752(JOIN::create_postjoin_aggr_table(st_join_table*, List<Item>*, st_order*, bool, bool, bool))[0x55eda8b57104]
 
sql/sql_select.cc:3352(JOIN::make_aggr_tables_info())[0x55eda8b52ce9]
 
sql/sql_select.cc:2995(JOIN::optimize_stage2())[0x55eda8b4b510]
 
sql/sql_select.cc:2286(JOIN::optimize_inner())[0x55eda8b44247]
 
sql/sql_select.cc:1606(JOIN::optimize())[0x55eda8b64852]
 
sql/sql_select.cc:4654(mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x55eda8b36d8a]
 
sql/sql_select.cc:417(handle_select(THD*, LEX*, select_result*, unsigned long))[0x55eda8aa90d8]
 
sql/sql_parse.cc:6168(execute_sqlcom_select(THD*, TABLE_LIST*))[0x55eda8a974fa]
 
sql/sql_parse.cc:3901(mysql_execute_command(THD*))[0x55eda8ab4125]
 
sql/sql_parse.cc:7953(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x55eda8a89f15]
 
sql/sql_parse.cc:1842(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x55eda8a8694a]
 
sql/sql_parse.cc:1358(do_command(THD*))[0x55eda8ea5a27]
 
sql/sql_connect.cc:1422(do_handle_one_connection(CONNECT*, bool))[0x55eda8ea52c2]
 
sql/sql_connect.cc:1321(handle_one_connection)[0x55eda9b43b62]
 
nptl/pthread_create.c:487(start_thread)[0x7f7340732fa3]
 
x86_64/clone.S:97(clone)[0x7f733ff814cf]
 
 
 
Trying to get some variables.
 
Some pointers may be invalid and cause the dump to abort.
 
Query (0x62b0000382a8): SELECT DISTINCT b FROM t1 GROUP BY b WITH ROLLUP
 
Connection ID (thread ID): 4
 
Status: NOT_KILLED
 
 
 
Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,engine_condition_pushdown=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on,not_null_range_scan=off
 
 
 
The manual page at http://dev.mysql.com/doc/mysql/en/crashing.html contains
 
information that should help you find out what is causing the crash.
 
Writing a core file...
 
Working directory at /dev/shm/var_auto_DR7j/mysqld.1/data
 
Resource Limits:
 
Limit                     Soft Limit           Hard Limit           Units     
Max cpu time              unlimited            unlimited            seconds   
Max file size             unlimited            unlimited            bytes     
Max data size             unlimited            unlimited            bytes     
Max stack size            8388608              unlimited            bytes     
Max core file size        0                    0                    bytes     
Max resident set          unlimited            unlimited            bytes     
Max processes             63323                63323                processes 
Max open files            1024                 1024                 files     
Max locked memory         67108864             67108864             bytes     
Max address space         unlimited            unlimited            bytes     
Max file locks            unlimited            unlimited            locks     
Max pending signals       63323                63323                signals   
Max msgqueue size         819200               819200               bytes     
Max nice priority         0                    0                    
Max realtime priority     0                    0                    
Max realtime timeout      unlimited            unlimited            us        
Core pattern: core

Reproducible on 10.3-10.5. Not reproducible on 10.2.
Reproducible with MyISAM, Aria. Not reproducible with InnoDB.
No obvious immediate effect on a non-ASAN build.

 Comments   
Comment by Elena Stepanova [ 2021-02-21 ]

The failure stopped happening on 10.3 after this commit:

commit 65f831d17c84900c1faea49164688e2f5ce59563 (HEAD)
 
Author: Monty
 
Date:   Sun Jun 28 20:07:32 2020 +0300
 
 
 
    Fixed bugs found by valgrind

Generated at Thu Feb 08 09:12:39 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.