There is more here. With the following testcase:
SET innodb_default_encryption_key_id=99; |
PREPARE stm FROM 'CREATE TABLE test.t (i INT) ENGINE=InnoDB ENCRYPTION="N"'; |
SET NAMES ujis; |
EXECUTE stm; |
SET NAMES latin1; |
SELECT * FROM ((t1 LEFT JOIN (t2 JOIN t1 ON t2.c2=t3.a3) ON t1.pk=t2.d2) LEFT JOIN t1 ON t1.a1=t4.a4) LEFT JOIN t1 ON t3.a3=t5.a5; |
EXECUTE stm; |
We see a new set of stacks:
|
10.9.0 0b14dbd45b5a1c02616d611876158d44b92b77bf (Optimized) |
Core was generated by `/test/MD030522-mariadb-10.9.0-linux-x86_64-opt/bin/mysqld --no-defaults --core-'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 0x0000557ff0f48c87 in my_strcoll_ascii_4bytes_found (be=0x154220011229 "",
|
b=<optimized out>, ae=0x557ff122f43a "", a=<optimized out>)
|
at /test/10.9_opt/strings/ctype-ascii.h:110
|
110 return a + 4 <= ae && b + 4 <= be &&
|
[Current thread is 1 (Thread 0x154261a7f700 (LWP 16824))]
|
(gdb) bt
|
#0 0x0000557ff0f48c87 in my_strcoll_ascii_4bytes_found (be=0x154220011229 "", b=<optimized out>, ae=0x557ff122f43a "", a=<optimized out>) at /test/10.9_opt/strings/ctype-ascii.h:110
|
#1 my_strnncoll_utf8mb3_general_ci (cs=<optimized out>, a=<optimized out>, a_length=<optimized out>, b=<optimized out>, b_length=<optimized out>, b_is_prefix=0 '\000') at /test/10.9_opt/strings/strcoll.inl:226
|
#2 0x0000557ff09553e4 in charset_info_st::strnncoll (b_is_prefix=0 '\000', blen=<optimized out>, b=<optimized out>, alen=<optimized out>, a=<optimized out>, this=<optimized out>) at /test/10.9_opt/include/m_ctype.h:851
|
#3 engine_option_value::link (this=this@entry=0x154220011220, start=start@entry=0x154261a7d700, end=end@entry=0x154261a7c438) at /test/10.9_opt/sql/create_options.cc:48
|
#4 0x0000557ff0955746 in parse_option_list (thd=0x154220000c58, hton=0x557ff3ebddb8, option_struct_arg=option_struct_arg@entry=0x154261a7d718, option_list=option_list@entry=0x154261a7d700, rules=rules@entry=0x557ff17ee640 <innodb_table_option_list>, suppress_warning=suppress_warning@entry=false, root=0x1542200067c8) at /test/10.9_opt/sql/create_options.cc:347
|
#5 0x0000557ff08b632d in mysql_prepare_create_table (thd=<optimized out>, create_info=<optimized out>, alter_info=<optimized out>, db_options=<optimized out>, file=<optimized out>, key_info_buffer=<optimized out>, key_count=<optimized out>, create_table_mode=<optimized out>, db=<optimized out>, table_name=<optimized out>) at /test/10.9_opt/sql/sql_table.cc:3811
|
#6 0x0000557ff08b7299 in mysql_create_frm_image (thd=0x154220000c58, db=@0x15422001c988: {str = 0x15422001c930 "test", length = 4}, table_name=@0x15422001c998: {str = 0x15422001c938 "t", length = 1}, create_info=0x154261a7d5f0, alter_info=0x154261a7d500, create_table_mode=0, key_info=0x154261a7d0d8, key_count=0x154261a7d0d4, frm=0x154261a7d0f0) at /test/10.9_opt/sql/sql_table.cc:4291
|
#7 0x0000557ff08bf55a in create_table_impl (thd=thd@entry=0x154220000c58, ddl_log_state_create=ddl_log_state_create@entry=0x154261a7d3a0, ddl_log_state_rm=<optimized out>, orig_db=@0x15422001c988: {str = 0x15422001c930 "test", length = 4}, orig_table_name=@0x15422001c998: {str = 0x15422001c938 "t", length = 1}, db=@0x15422001c988: {str = 0x15422001c930 "test", length = 4}, table_name=@0x15422001c998: {str = 0x15422001c938 "t", length = 1}, path=@0x154261a7d0e0: {str = 0x154261a7d100 "./test/t", length = 8}, options={m_options = DDL_options_st::OPT_NONE}, create_info=0x154261a7d5f0, alter_info=0x154261a7d500, create_table_mode=0, is_trans=0x154261a7d39f, key_info=0x154261a7d0d8, key_count=0x154261a7d0d4, frm=0x154261a7d0f0) at /test/10.9_opt/sql/sql_table.cc:4603
|
#8 0x0000557ff08bfe68 in mysql_create_table_no_lock (thd=thd@entry=0x154220000c58, ddl_log_state_create=ddl_log_state_create@entry=0x154261a7d3a0, ddl_log_state_rm=ddl_log_state_rm@entry=0x154261a7d3c0, db=db@entry=0x15422001c988, table_name=table_name@entry=0x15422001c998, create_info=create_info@entry=0x154261a7d5f0, alter_info=0x154261a7d500, is_trans=0x154261a7d39f, create_table_mode=0, table_list=0x15422001c970) at /test/10.9_opt/sql/sql_table.cc:4726
|
#9 0x0000557ff08c0254 in mysql_create_table (thd=thd@entry=0x154220000c58, create_table=create_table@entry=0x15422001c970, create_info=create_info@entry=0x154261a7d5f0, alter_info=alter_info@entry=0x154261a7d500) at /test/10.9_opt/sql/sql_table.cc:4838
|
#10 0x0000557ff08c1af9 in Sql_cmd_create_table_like::execute (this=<optimized out>, thd=0x154220000c58) at /test/10.9_opt/sql/sql_table.cc:12342
|
#11 0x0000557ff0811256 in mysql_execute_command (thd=0x154220000c58, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=true) at /test/10.9_opt/sql/sql_parse.cc:6006
|
#12 0x0000557ff08329aa in Prepared_statement::execute (this=0x154220017058, expanded_query=<optimized out>, open_cursor=false) at /test/10.9_opt/sql/sql_prepare.cc:5221
|
#13 0x0000557ff0832bd1 in Prepared_statement::execute_loop (packet=<optimized out>, packet_end=<optimized out>, open_cursor=<optimized out>, expanded_query=0x154261a7dee0, this=0x154220017058) at /test/10.9_opt/sql/sql_prepare.cc:4644
|
#14 Prepared_statement::execute_loop (this=0x154220017058, expanded_query=0x154261a7dee0, open_cursor=<optimized out>, packet=<optimized out>, packet_end=<optimized out>) at /test/10.9_opt/sql/sql_prepare.cc:4593
|
#15 0x0000557ff0832efb in mysql_sql_stmt_execute (thd=thd@entry=0x154220000c58) at /test/10.9_opt/sql/sql_prepare.cc:3688
|
#16 0x0000557ff0812a4d in mysql_execute_command (thd=0x154220000c58, is_called_from_prepared_stmt=<optimized out>) at /test/10.9_opt/sql/sql_parse.cc:3977
|
#17 0x0000557ff0801a55 in mysql_parse (rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, thd=0x154220000c58) at /test/10.9_opt/sql/sql_parse.cc:8046
|
#18 mysql_parse (thd=0x154220000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/10.9_opt/sql/sql_parse.cc:7968
|
#19 0x0000557ff080d71a in dispatch_command (command=COM_QUERY, thd=0x154220000c58, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/10.9_opt/sql/sql_class.h:1364
|
#20 0x0000557ff080f642 in do_command (thd=0x154220000c58, blocking=blocking@entry=true) at /test/10.9_opt/sql/sql_parse.cc:1408
|
#21 0x0000557ff09245bf in do_handle_one_connection (connect=<optimized out>, connect@entry=0x557ff41aa6e8, put_in_cache=put_in_cache@entry=true) at /test/10.9_opt/sql/sql_connect.cc:1418
|
#22 0x0000557ff092489d in handle_one_connection (arg=0x557ff41aa6e8) at /test/10.9_opt/sql/sql_connect.cc:1312
|
#23 0x000015427aac4609 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
#24 0x000015427a6b0163 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
|
10.6.8 b2c81e06b042025663ea01fa98dac0ff536c7706 (Optimized) |
Core was generated by `/test/MD160322-mariadb-10.6.8-linux-x86_64-opt/bin/mysqld --no-defaults --core-'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 my_scan_weight_utf8mb3_general_ci (end=0x14e7340113a9 "",
|
str=0x11 <error: Cannot access memory at address 0x11>,
|
weight=<synthetic pointer>) at /test/10.6_opt/strings/strcoll.inl:99
|
[Current thread is 1 (Thread 0x14e76a1c0700 (LWP 16810))]
|
(gdb) bt
|
#0 my_scan_weight_utf8mb3_general_ci (end=0x14e7340113a9 "", str=0x11 <error: Cannot access memory at address 0x11>, weight=<synthetic pointer>) at /test/10.6_opt/strings/strcoll.inl:99
|
#1 my_scan_weight_utf8mb3_general_ci (end=0x14e7340113a9 "", str=0x11 <error: Cannot access memory at address 0x11>, weight=<synthetic pointer>) at /test/10.6_opt/strings/strcoll.inl:90
|
#2 my_strnncoll_utf8mb3_general_ci (cs=<optimized out>, a=0x56479462ac5a "ENCRYPTION_KEY_ID", a_length=<optimized out>, b=0x11 <error: Cannot access memory at address 0x11>, b_length=<optimized out>, b_is_prefix=0 '\000') at /test/10.6_opt/strings/strcoll.inl:185
|
#3 0x0000564793c6bbe4 in charset_info_st::strnncoll (b_is_prefix=0 '\000', blen=<optimized out>, b=<optimized out>, alen=<optimized out>, a=<optimized out>, this=<optimized out>) at /test/10.6_opt/include/m_ctype.h:851
|
#4 engine_option_value::link (this=this@entry=0x14e7340113a0, start=start@entry=0x14e76a1be6d0, end=end@entry=0x14e76a1bd3b8) at /test/10.6_opt/sql/create_options.cc:47
|
#5 0x0000564793c6bf48 in engine_option_value::engine_option_value (end=0x14e76a1bd3b8, start=0x14e76a1be6d0, quoted=<optimized out>, value_arg=@0x14e76a1bd3c0: {str = 0x14e734011398 "99", length = 2}, name_arg=<synthetic pointer>: <optimized out>, this=0x14e7340113a0) at /test/10.6_opt/sql/create_options.h:51
|
#6 parse_option_list (thd=0x14e734000c58, hton=0x564795ce97a8, option_struct_arg=option_struct_arg@entry=0x14e76a1be6e8, option_list=option_list@entry=0x14e76a1be6d0, rules=rules@entry=0x564794c0c340 <innodb_table_option_list>, suppress_warning=suppress_warning@entry=false, root=0x14e7340068d0) at /test/10.6_opt/sql/create_options.cc:343
|
#7 0x0000564793bc5e7d in mysql_prepare_create_table (thd=<optimized out>, create_info=<optimized out>, alter_info=<optimized out>, db_options=<optimized out>, file=<optimized out>, key_info_buffer=<optimized out>, key_count=<optimized out>, create_table_mode=<optimized out>, db=<optimized out>, table_name=<optimized out>) at /test/10.6_opt/sql/sql_table.cc:3653
|
#8 0x0000564793bc6be9 in mysql_create_frm_image (thd=0x14e734000c58, db=@0x14e73401dab8: {str = 0x14e73401da60 "test", length = 4}, table_name=@0x14e73401dac8: {str = 0x14e73401da68 "t", length = 1}, create_info=0x14e76a1be5c0, alter_info=0x14e76a1be4d0, create_table_mode=0, key_info=0x14e76a1be0a8, key_count=0x14e76a1be0a4, frm=0x14e76a1be0c0) at /test/10.6_opt/sql/sql_table.cc:4134
|
#9 0x0000564793bcf3ce in create_table_impl (thd=thd@entry=0x14e734000c58, ddl_log_state_create=ddl_log_state_create@entry=0x14e76a1be370, ddl_log_state_rm=<optimized out>, orig_db=@0x14e73401dab8: {str = 0x14e73401da60 "test", length = 4}, orig_table_name=@0x14e73401dac8: {str = 0x14e73401da68 "t", length = 1}, db=@0x14e73401dab8: {str = 0x14e73401da60 "test", length = 4}, table_name=@0x14e73401dac8: {str = 0x14e73401da68 "t", length = 1}, path=@0x14e76a1be0b0: {str = 0x14e76a1be0d0 "./test/t", length = 8}, options={m_options = DDL_options_st::OPT_NONE}, create_info=0x14e76a1be5c0, alter_info=0x14e76a1be4d0, create_table_mode=0, is_trans=0x14e76a1be36f, key_info=0x14e76a1be0a8, key_count=0x14e76a1be0a4, frm=0x14e76a1be0c0) at /test/10.6_opt/sql/sql_table.cc:4447
|
#10 0x0000564793bcfde8 in mysql_create_table_no_lock (thd=thd@entry=0x14e734000c58, ddl_log_state_create=ddl_log_state_create@entry=0x14e76a1be370, ddl_log_state_rm=ddl_log_state_rm@entry=0x14e76a1be390, db=db@entry=0x14e73401dab8, table_name=table_name@entry=0x14e73401dac8, create_info=create_info@entry=0x14e76a1be5c0, alter_info=0x14e76a1be4d0, is_trans=0x14e76a1be36f, create_table_mode=0, table_list=0x14e73401daa0) at /test/10.6_opt/sql/sql_table.cc:4570
|
#11 0x0000564793bd01d4 in mysql_create_table (thd=thd@entry=0x14e734000c58, create_table=create_table@entry=0x14e73401daa0, create_info=create_info@entry=0x14e76a1be5c0, alter_info=alter_info@entry=0x14e76a1be4d0) at /test/10.6_opt/sql/sql_table.cc:4682
|
#12 0x0000564793bd1a79 in Sql_cmd_create_table_like::execute (this=<optimized out>, thd=0x14e734000c58) at /test/10.6_opt/sql/sql_table.cc:11855
|
#13 0x0000564793b2c146 in mysql_execute_command (thd=0x14e734000c58, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=true) at /test/10.6_opt/sql/sql_parse.cc:5996
|
#14 0x0000564793b3feba in Prepared_statement::execute (this=0x14e7340181b8, expanded_query=<optimized out>, open_cursor=false) at /test/10.6_opt/sql/sql_prepare.cc:5195
|
#15 0x0000564793b400c9 in Prepared_statement::execute_loop (packet=<optimized out>, packet_end=<optimized out>, open_cursor=<optimized out>, expanded_query=0x14e76a1beeb0, this=0x14e7340181b8) at /test/10.6_opt/sql/sql_prepare.cc:4623
|
#16 Prepared_statement::execute_loop (this=0x14e7340181b8, expanded_query=0x14e76a1beeb0, open_cursor=<optimized out>, packet=<optimized out>, packet_end=<optimized out>) at /test/10.6_opt/sql/sql_prepare.cc:4578
|
#17 0x0000564793b403c3 in mysql_sql_stmt_execute (thd=thd@entry=0x14e734000c58) at /test/10.6_opt/sql/sql_prepare.cc:3682
|
#18 0x0000564793b2da24 in mysql_execute_command (thd=0x14e734000c58, is_called_from_prepared_stmt=<optimized out>) at /test/10.6_opt/sql/sql_parse.cc:3961
|
#19 0x0000564793b1c0a6 in mysql_parse (thd=0x14e734000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/10.6_opt/sql/sql_parse.cc:8029
|
#20 0x0000564793b28265 in dispatch_command (command=COM_QUERY, thd=0x14e734000c58, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/10.6_opt/sql/sql_class.h:1358
|
#21 0x0000564793b2a457 in do_command (thd=0x14e734000c58, blocking=blocking@entry=true) at /test/10.6_opt/sql/sql_parse.cc:1404
|
#22 0x0000564793c3a267 in do_handle_one_connection (connect=<optimized out>, put_in_cache=true) at /test/10.6_opt/sql/sql_connect.cc:1418
|
#23 0x0000564793c3a5ad in handle_one_connection (arg=arg@entry=0x564796143208) at /test/10.6_opt/sql/sql_connect.cc:1312
|
#24 0x0000564793fcb401 in pfs_spawn_thread (arg=0x5647960c7898) at /test/10.6_opt/storage/perfschema/pfs.cc:2201
|
#25 0x000014e789337609 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
#26 0x000014e788f23163 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
|
10.4.25 9c6135e81f29b3e3286d6b864c0fdafc2fea16ce (Optimized) |
Core was generated by `/test/MD160322-mariadb-10.4.25-linux-x86_64-opt/bin/mysqld --no-defaults --core'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 my_scan_weight_utf8_general_ci (end=0x147f88010af9 "",
|
str=0x11 <error: Cannot access memory at address 0x11>,
|
weight=<synthetic pointer>) at /test/10.4_opt/strings/strcoll.inl:98
|
[Current thread is 1 (Thread 0x147fdc089700 (LWP 17073))]
|
(gdb) bt
|
#0 my_scan_weight_utf8_general_ci (end=0x147f88010af9 "", str=0x11 <error: Cannot access memory at address 0x11>, weight=<synthetic pointer>) at /test/10.4_opt/strings/strcoll.inl:98
|
#1 my_scan_weight_utf8_general_ci (end=0x147f88010af9 "", str=0x11 <error: Cannot access memory at address 0x11>, weight=<synthetic pointer>) at /test/10.4_opt/strings/strcoll.inl:89
|
#2 my_strnncoll_utf8_general_ci (cs=<optimized out>, a=0x5598bdad1f8d "ENCRYPTION_KEY_ID", a_length=<optimized out>, b=0x11 <error: Cannot access memory at address 0x11>, b_length=<optimized out>, b_is_prefix=0 '\000') at /test/10.4_opt/strings/strcoll.inl:184
|
#3 0x00005598bd160884 in engine_option_value::link (this=this@entry=0x147f88010af0, start=start@entry=0x147fdc084f20, end=end@entry=0x147fdc083db8) at /test/10.4_opt/sql/create_options.cc:46
|
#4 0x00005598bd160be8 in engine_option_value::engine_option_value (end=0x147fdc083db8, start=0x147fdc084f20, quoted=<optimized out>, value_arg=@0x147fdc083dc0: {str = 0x147f88010ae8 "99", length = 2}, name_arg=<synthetic pointer>: <optimized out>, this=0x147f88010af0) at /test/10.4_opt/sql/create_options.h:51
|
#5 parse_option_list (thd=0x147f88000c48, hton=0x5598c06358e8, option_struct_arg=option_struct_arg@entry=0x147fdc084f38, option_list=option_list@entry=0x147fdc084f20, rules=rules@entry=0x5598be07cc00 <innodb_table_option_list>, suppress_warning=suppress_warning@entry=false, root=0x147f88006460) at /test/10.4_opt/sql/create_options.cc:358
|
#6 0x00005598bd0cd020 in mysql_prepare_create_table (thd=<optimized out>, create_info=<optimized out>, alter_info=<optimized out>, db_options=<optimized out>, file=<optimized out>, key_info_buffer=<optimized out>, key_count=<optimized out>, create_table_mode=<optimized out>, db=<optimized out>, table_name=<optimized out>) at /test/10.4_opt/sql/sql_table.cc:4449
|
#7 0x00005598bd0cdf97 in mysql_create_frm_image (thd=<optimized out>, db=@0x147f8801b5d8: {str = 0x147f8801b580 "test", length = 4}, table_name=@0x147f8801b5e8: {str = 0x147f8801b588 "t", length = 1}, create_info=0x147fdc084e40, alter_info=0x147fdc084d80, create_table_mode=0, key_info=0x147fdc084a58, key_count=0x147fdc084a54, frm=0x147fdc084a60) at /test/10.4_opt/sql/sql_table.cc:4911
|
#8 0x00005598bd0d654a in create_table_impl (thd=thd@entry=0x147f88000c48, orig_db=@0x147f8801b5d8: {str = 0x147f8801b580 "test", length = 4}, orig_table_name=@0x147f8801b5e8: {str = 0x147f8801b588 "t", length = 1}, db=@0x147f8801b5d8: {str = 0x147f8801b580 "test", length = 4}, table_name=@0x147f8801b5e8: {str = 0x147f8801b588 "t", length = 1}, path=path@entry=0x147fdc084a70 "./test/t", options={m_options = DDL_options_st::OPT_NONE}, create_info=0x147fdc084e40, alter_info=0x147fdc084d80, create_table_mode=0, is_trans=0x147fdc084cf7, key_info=0x147fdc084a58, key_count=0x147fdc084a54, frm=0x147fdc084a60) at /test/10.4_opt/sql/sql_table.cc:5156
|
#9 0x00005598bd0d6b8f in mysql_create_table_no_lock (thd=thd@entry=0x147f88000c48, db=db@entry=0x147f8801b5d8, table_name=table_name@entry=0x147f8801b5e8, create_info=create_info@entry=0x147fdc084e40, alter_info=0x147fdc084d80, is_trans=is_trans@entry=0x147fdc084cf7, create_table_mode=0, table_list=0x147f8801b5c0) at /test/10.4_opt/sql/sql_table.cc:5259
|
#10 0x00005598bd0d6ddb in mysql_create_table (thd=thd@entry=0x147f88000c48, create_table=create_table@entry=0x147f8801b5c0, create_info=create_info@entry=0x147fdc084e40, alter_info=alter_info@entry=0x147fdc084d80) at /test/10.4_opt/sql/sql_table.cc:5354
|
#11 0x00005598bd0d81b4 in Sql_cmd_create_table_like::execute (this=<optimized out>, thd=0x147f88000c48) at /test/10.4_opt/sql/sql_table.cc:11657
|
#12 0x00005598bd02edc0 in mysql_execute_command (thd=0x147f88000c48) at /test/10.4_opt/sql/sql_parse.cc:6192
|
#13 0x00005598bd04beb6 in Prepared_statement::execute (this=0x147f88007268, expanded_query=<optimized out>, open_cursor=false) at /test/10.4_opt/sql/sql_prepare.cc:5014
|
#14 0x00005598bd04c099 in Prepared_statement::execute_loop (packet=<optimized out>, packet_end=<optimized out>, open_cursor=<optimized out>, expanded_query=0x147fdc086ad0, this=0x147f88007268) at /test/10.4_opt/sql/sql_prepare.cc:4483
|
#15 Prepared_statement::execute_loop (this=0x147f88007268, expanded_query=0x147fdc086ad0, open_cursor=<optimized out>, packet=<optimized out>, packet_end=<optimized out>) at /test/10.4_opt/sql/sql_prepare.cc:4438
|
#16 0x00005598bd04c39b in mysql_sql_stmt_execute (thd=thd@entry=0x147f88000c48) at /test/10.4_opt/sql/sql_prepare.cc:3573
|
#17 0x00005598bd02fba4 in mysql_execute_command (thd=0x147f88000c48) at /test/10.4_opt/sql/sql_parse.cc:3979
|
#18 0x00005598bd036257 in mysql_parse (thd=0x147f88000c48, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /test/10.4_opt/sql/sql_parse.cc:7995
|
#19 0x00005598bd0388cd in dispatch_command (command=COM_QUERY, thd=0x147f88000c48, packet=<optimized out>, packet_length=<optimized out>, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /test/10.4_opt/sql/sql_class.h:1201
|
#20 0x00005598bd03af3e in do_command (thd=0x147f88000c48) at /test/10.4_opt/sql/sql_parse.cc:1373
|
#21 0x00005598bd130d3e in do_handle_one_connection (connect=connect@entry=0x5598c0e9dc18) at /test/10.4_opt/sql/sql_connect.cc:1420
|
#22 0x00005598bd130e6f in handle_one_connection (arg=0x5598c0e9dc18) at /test/10.4_opt/sql/sql_connect.cc:1316
|
#23 0x0000147fe5766609 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
#24 0x0000147fe5352163 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
Bug confirmed present in:
MariaDB: 10.2.44 (dbg), 10.3.35 (dbg), 10.3.35 (opt), 10.4.25 (dbg), 10.4.25 (opt), 10.5.16 (dbg), 10.5.16 (opt), 10.6.8 (dbg), 10.6.8 (opt), 10.7.4 (dbg), 10.7.4 (opt), 10.8.3 (dbg), 10.8.3 (opt), 10.9.0 (dbg), 10.9.0 (opt)
Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.2.44 (opt)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.37 (dbg), 5.7.37 (opt), 8.0.28 (dbg), 8.0.28 (opt)
Notes:
- Only MariaDB 10.2 (optimized build) does not crash.
- When changing this last testcase slightly: s/stm/st/ - i.e. just changing the name of the SP, the testcase does not crash on any version
. Also test with stmt (currently also crashes) and s (does not crash).
I do not think that this has anything directly to do with the InnoDB storage engine. I repeated this with the following mtr test:
--source include/have_innodb.inc
|
SET innodb_default_encryption_key_id=99; |
PREPARE s FROM 'CREATE TABLE t (c INT) nonexistingoption="N" ENGINE=InnoDB'; |
--error ER_UNKNOWN_OPTION
|
EXECUTE s; |
EXECUTE s; |
The server crashed on the last statement:
|
10.2 a5dc12eefd4bea1c3f77d02c55d0d459b4ae0566 |
mysqltest: At line 6: query 'EXECUTE s' failed: 2013: Lost connection to MySQL server during query
|
…
|
==32095==ERROR: AddressSanitizer: use-after-poison on address 0x62b000000d90 at pc 0x5645c8d7dbc8 bp 0x7f89873a1380 sp 0x7f89873a1378
|
READ of size 8 at 0x62b000000d90 thread T27
|
#0 0x5645c8d7dbc7 in parse_option_list(THD*, handlerton*, void*, engine_option_value**, st_ha_create_table_option*, bool, st_mem_root*) /mariadb/10.2o/sql/create_options.cc:295
|
#1 0x5645c8bf49b0 in mysql_prepare_create_table /mariadb/10.2o/sql/sql_table.cc:4303
|
#2 0x5645c8bf7606 in mysql_create_frm_image(THD*, char const*, char const*, HA_CREATE_INFO*, Alter_info*, int, st_key**, unsigned int*, st_mysql_const_unsigned_lex_string*) /mariadb/10.2o/sql/sql_table.cc:4747
|
#3 0x5645c8c073df in create_table_impl /mariadb/10.2o/sql/sql_table.cc:4996
|
#4 0x5645c8c07ce9 in mysql_create_table_no_lock(THD*, char const*, char const*, Table_specification_st*, Alter_info*, bool*, int) /mariadb/10.2o/sql/sql_table.cc:5116
|
#5 0x5645c8c0836f in mysql_create_table(THD*, TABLE_LIST*, Table_specification_st*, Alter_info*) /mariadb/10.2o/sql/sql_table.cc:5184
|
#6 0x5645c8c0b3f4 in Sql_cmd_create_table::execute(THD*) /mariadb/10.2o/sql/sql_table.cc:11067
|
#7 0x5645c8a7dc63 in mysql_execute_command(THD*) /mariadb/10.2o/sql/sql_parse.cc:6017
|
#8 0x5645c8ab1227 in Prepared_statement::execute(String*, bool) /mariadb/10.2o/sql/sql_prepare.cc:5057
|
#9 0x5645c8ab1f3b in Prepared_statement::execute_loop(String*, bool, unsigned char*, unsigned char*) /mariadb/10.2o/sql/sql_prepare.cc:4486
|
#10 0x5645c8ab26c4 in mysql_sql_stmt_execute(THD*) /mariadb/10.2o/sql/sql_prepare.cc:3576
|
#11 0x5645c8a70d2d in mysql_execute_command(THD*) /mariadb/10.2o/sql/sql_parse.cc:3598
|
#12 0x5645c8a7fa62 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /mariadb/10.2o/sql/sql_parse.cc:7793
|
#13 0x5645c8a83f0e in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /mariadb/10.2o/sql/sql_parse.cc:1827
|
#14 0x5645c8a871d3 in do_command(THD*) /mariadb/10.2o/sql/sql_parse.cc:1381
|
#15 0x5645c8cf506c in do_handle_one_connection(CONNECT*) /mariadb/10.2o/sql/sql_connect.cc:1336
|
#16 0x5645c8cf54b5 in handle_one_connection /mariadb/10.2o/sql/sql_connect.cc:1241
|
#17 0x5645c9b658e7 in pfs_spawn_thread /mariadb/10.2o/storage/perfschema/pfs.cc:1869
|
#18 0x7f89a177ad7f in start_thread nptl/pthread_create.c:481
|
#19 0x7f89a0d4f76e in clone (/lib/x86_64-linux-gnu/libc.so.6+0xfa76e)
|
|
|
0x62b000000d90 is located 2960 bytes inside of 24608-byte region [0x62b000000200,0x62b000006220)
|
allocated by thread T27 here:
|
#0 0x7f89a185e9cf in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69
|
#1 0x5645c9bf83e3 in my_malloc /mariadb/10.2o/mysys/my_malloc.c:101
|
#2 0x5645c9be4ad5 in reset_root_defaults /mariadb/10.2o/mysys/my_alloc.c:147
|
#3 0x5645c89db99c in THD::init_for_queries() /mariadb/10.2o/sql/sql_class.cc:1313
|
#4 0x5645c8cf405d in prepare_new_connection_state(THD*) /mariadb/10.2o/sql/sql_connect.cc:1172
|
#5 0x5645c8cf458d in thd_prepare_connection(THD*) /mariadb/10.2o/sql/sql_connect.cc:1256
|
#6 0x5645c8cf535b in do_handle_one_connection(CONNECT*) /mariadb/10.2o/sql/sql_connect.cc:1326
|
#7 0x5645c8cf54b5 in handle_one_connection /mariadb/10.2o/sql/sql_connect.cc:1241
|
#8 0x5645c9b658e7 in pfs_spawn_thread /mariadb/10.2o/storage/perfschema/pfs.cc:1869
|
#9 0x7f89a177ad7f in start_thread nptl/pthread_create.c:481
|
#10 0x7f89a0d4f76e in clone (/lib/x86_64-linux-gnu/libc.so.6+0xfa76e)
|
Note: I specified ASAN_OPTIONS=abort_on_error=1:fast_unwind_on_malloc=0 to get a nicer stack trace of the allocation.
I checked an rr replay trace of the crash, and ha_innobase::create() was not invoked during the execution. The only InnoDB function that was invoked by the test ought to be innodb_default_encryption_key_id_update(). It is not directly related to the crash.
With rr, I got a stack trace of the memory poisoning by simply setting a watchpoint on the AddressSanitizer shadow byte and executing reverse-continue:
|
10.2 a5dc12eefd4bea1c3f77d02c55d0d459b4ae0566 |
#1 0x00007f5c147c6a4e in __asan_poison_memory_region (addr=<optimized out>, size=<optimized out>) at ../../../../src/libsanitizer/asan/asan_poisoning.cpp:134
|
#2 0x0000560246d3b745 in free_root (root=0x62a0000bf390, MyFlags=<optimized out>) at /mariadb/10.2o/mysys/my_alloc.c:408
|
#3 0x0000560245bd8ef3 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x62a0000ba208, packet=<optimized out>, packet@entry=0x629000136209 "", packet_length=<optimized out>,
|
packet_length@entry=9, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /mariadb/10.2o/sql/sql_parse.cc:2426
|
#4 0x0000560245bdd1d4 in do_command (thd=0x62a0000ba208) at /mariadb/10.2o/sql/sql_parse.cc:1381
|
#5 0x0000560245e4b06d in do_handle_one_connection (connect=connect@entry=0x6080000010a8) at /mariadb/10.2o/sql/sql_connect.cc:1336
|
#6 0x0000560245e4b4b6 in handle_one_connection (arg=arg@entry=0x6080000010a8) at /mariadb/10.2o/sql/sql_connect.cc:1241
|
#7 0x0000560246cbb8e8 in pfs_spawn_thread (arg=0x615000007388) at /mariadb/10.2o/storage/perfschema/pfs.cc:1869
|
#8 0x00007f5c146dfd80 in start_thread (arg=0x7f5bfa3d2640) at pthread_create.c:481
|
#9 0x00007f5c13cb476f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
Interestingly, the memory poisoning appears to violate the caller’s wish:
(rr) frame 2
|
#2 0x0000560246d3b745 in free_root (root=0x62a0000bf390, MyFlags=<optimized out>) at /mariadb/10.2o/mysys/my_alloc.c:408
|
408 TRASH_MEM(root->pre_alloc);
|
(rr) frame 3
|
#3 0x0000560245bd8ef3 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x62a0000ba208, packet=<optimized out>, packet@entry=0x629000136209 "", packet_length=<optimized out>,
|
packet_length@entry=9, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /mariadb/10.2o/sql/sql_parse.cc:2426
|
2426 free_root(thd->mem_root,MYF(MY_KEEP_PREALLOC));
|
If the idea of MY_KEEP_PREALLOC is to make root->pre_alloc invalid but retain it for future use, then the bug should be that a dangling pointer that is related to the table options is wrongly being reused.