[MDEV-29556] Server crash in my_checksum or garbage results upon using CRC32 function Created: 2022-09-16  Updated: 2023-11-28

Status: Open
Project: MariaDB Server
Component/s: Server, Virtual Columns
Affects Version/s: 10.3, 10.4, 10.5, 10.6, 10.7, 10.8, 10.9, 10.10
Fix Version/s: 10.4, 10.5, 10.6

Type: Bug Priority: Major
Reporter: Elena Stepanova Assignee: Oleksandr Byelkin
Resolution: Unresolved Votes: 0
Labels: None


 Description   

Important: For the crash part, it is sometimes a plain SIGSEGV, not an ASAN error, but it only happens for me on an ASAN build (with or without debug). I don't know whether it makes it a bogus issue.
The non-crash part applies to any build type, but it's quite random (some builds appear to behave).

--source include/have_innodb.inc
 
--source include/have_sequence.inc
 
 
 
SET @stats= @@innodb_stats_persistent;
 
 
 
SET GLOBAL innodb_stats_persistent= ON;
 
 
 
CREATE TABLE t (id BIGINT PRIMARY KEY, a VARBINARY(400), b VARCHAR(4000) AS (a) VIRTUAL, c CHAR(255), d TIMESTAMP(6), e DATE) ENGINE=InnoDB CHARACTER SET utf8;
 
INSERT INTO t (id, a) SELECT seq, '' FROM seq_1_to_803;
 
SELECT GROUP_CONCAT(CRC32(b)) FROM t GROUP BY IF(id, 1, '');
 
 
 
# Cleanup
 
DROP TABLE t;
 
SET GLOBAL innodb_stats_persistent= @stats;

10.4 3e3cfa89 ASAN build

 
#3  <signal handler called>
 
#4  0x00007fe2b39a4fe9 in crc32_z () from /lib/x86_64-linux-gnu/libz.so.1
 
#5  0x00000000031ac987 in my_checksum (crc=0, pos=0x62b0000d9734 '\276' <repeats 200 times>..., length=48830) at /data/src/10.4/mysys/checksum.c:38
 
#6  0x00000000019933cd in Item_func_crc32::val_int (this=0x62b0000a1980) at /data/src/10.4/sql/item_strfunc.cc:4240
 
#7  0x00000000017a181e in Item::save_int_in_field (this=0x62b0000a1980, field=0x6190000f8810, no_conversions=true) at /data/src/10.4/sql/item.cc:6704
 
#8  0x00000000013bec4f in Type_handler_int_result::Item_save_in_field (this=0x475a540 <type_handler_long>, item=0x62b0000a1980, field=0x6190000f8810, no_conversions=true) at /data/src/10.4/sql/sql_type.cc:3842
 
#9  0x00000000017a1ac7 in Item::save_in_field (this=0x62b0000a1980, field=0x6190000f8810, no_conversions=true) at /data/src/10.4/sql/item.cc:6714
 
#10 0x0000000000a906be in Item_result_field::save_in_result_field (this=0x62b0000a1980, no_conversions=true) at /data/src/10.4/sql/item.h:3265
 
#11 0x0000000000e54cb9 in copy_funcs (func_ptr=0x62200002cd30, thd=0x62b00009a270) at /data/src/10.4/sql/sql_select.cc:25806
 
#12 0x0000000001a50056 in Item_func_group_concat::add (this=0x62b0000a1ac8) at /data/src/10.4/sql/item_sum.cc:3993
 
#13 0x0000000001a597bf in Aggregator_simple::add (this=0x62b0000a59b8) at /data/src/10.4/sql/item_sum.h:716
 
#14 0x0000000000eb3d8f in Item_sum::aggregator_add (this=0x62b0000a1ac8) at /data/src/10.4/sql/item_sum.h:558
 
#15 0x0000000000eb3ce5 in Item_sum::reset_and_add (this=0x62b0000a1ac8) at /data/src/10.4/sql/item_sum.h:443
 
#16 0x0000000000e53e1f in init_sum_functions (func_ptr=0x62b0000a3b48, end_ptr=0x62b0000a3b50) at /data/src/10.4/sql/sql_select.cc:25758
 
#17 0x0000000000e471c4 in end_send_group (join=0x62b0000a3418, join_tab=0x62b0000a4d20, end_of_records=false) at /data/src/10.4/sql/sql_select.cc:22084
 
#18 0x0000000000e4c0f8 in evaluate_join_record (join=0x62b0000a3418, join_tab=0x62b0000a4978, error=0) at /data/src/10.4/sql/sql_select.cc:20911
 
#19 0x0000000000e49608 in sub_select (join=0x62b0000a3418, join_tab=0x62b0000a4978, end_of_records=false) at /data/src/10.4/sql/sql_select.cc:20684
 
#20 0x0000000000df62c2 in do_select (join=0x62b0000a3418, procedure=0x0) at /data/src/10.4/sql/sql_select.cc:20220
 
#21 0x0000000000df2322 in JOIN::exec_inner (this=0x62b0000a3418) at /data/src/10.4/sql/sql_select.cc:4565
 
#22 0x0000000000dee8cf in JOIN::exec (this=0x62b0000a3418) at /data/src/10.4/sql/sql_select.cc:4347
 
#23 0x0000000000d5818b in mysql_select (thd=0x62b00009a270, tables=0x62b0000a2010, wild_num=0, fields=..., conds=0x0, og_num=1, order=0x0, group=0x62b0000a2a70, having=0x0, proc_param=0x0, select_options=2147748608, result=0x62b0000a33e8, unit=0x62b00009e1a0, select_lex=0x62b0000a1378) at /data/src/10.4/sql/sql_select.cc:4786
 
#24 0x0000000000d56a11 in handle_select (thd=0x62b00009a270, lex=0x62b00009e0e0, result=0x62b0000a33e8, setup_tables_done_option=0) at /data/src/10.4/sql/sql_select.cc:436
 
#25 0x0000000000c903b9 in execute_sqlcom_select (thd=0x62b00009a270, all_tables=0x62b0000a2010) at /data/src/10.4/sql/sql_parse.cc:6450
 
#26 0x0000000000c73064 in mysql_execute_command (thd=0x62b00009a270) at /data/src/10.4/sql/sql_parse.cc:3964
 
#27 0x0000000000c5a0d7 in mysql_parse (thd=0x62b00009a270, rawbuf=0x62b0000a1290 "SELECT GROUP_CONCAT(CRC32(b)) FROM t GROUP BY IF(id, 1, '')", length=59, parser_state=0x7fe29ca9e740, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:7996
 
#28 0x0000000000c523d8 in dispatch_command (command=COM_QUERY, thd=0x62b00009a270, packet=0x62900029e271 "", packet_length=59, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:1857
 
#29 0x0000000000c5c924 in do_command (thd=0x62b00009a270) at /data/src/10.4/sql/sql_parse.cc:1378
 
#30 0x00000000011d9a7a in do_handle_one_connection (connect=0x611000043db0) at /data/src/10.4/sql/sql_connect.cc:1420
 
#31 0x00000000011d9164 in handle_one_connection (arg=0x611000043db0) at /data/src/10.4/sql/sql_connect.cc:1324
 
#32 0x0000000002300332 in pfs_spawn_thread (arg=0x6160000402f0) at /data/src/10.4/storage/perfschema/pfs.cc:1869
 
#33 0x00007fe2b34baea7 in start_thread (arg=<optimized out>) at pthread_create.c:477
 
#34 0x00007fe2b31f2def in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

10.10 5deccac4

 
==3849289==ERROR: AddressSanitizer: unknown-crash on address 0x62b0001ae62c at pc 0x000003638b3b bp 0x7f1ffbfeebb0 sp 0x7f1ffbfeeba8
 
READ of size 16 at 0x62b0001ae62c thread T20
 
    #0 0x3638b3a in crcr32_calc_pclmulqdq /data/src/10.10/mysys/crc32/crc32_x86.c:267:11
 
    #1 0x3638200 in crc32_pclmul /data/src/10.10/mysys/crc32/crc32_x86.c:333:11
 
    #2 0x3634bca in my_checksum /data/src/10.10/mysys/crc32ieee.cc:60:10
 
    #3 0x1d05c0e in Item_func_crc32::val_int() /data/src/10.10/sql/item_strfunc.cc:4501:16
 
    #4 0x1b0461d in Item::save_int_in_field(Field*, bool) /data/src/10.10/sql/item.cc:6842:16
 
    #5 0x16edc0e in Type_handler_int_result::Item_save_in_field(Item*, Field*, bool) const /data/src/10.10/sql/sql_type.cc:4350:16
 
    #6 0x1b048c6 in Item::save_in_field(Field*, bool) /data/src/10.10/sql/item.cc:6852:30
 
    #7 0xa2242d in Item_result_field::save_in_result_field(bool) /data/src/10.10/sql/item.h:3451:5
 
    #8 0x10b041f in copy_funcs(Item**, THD const*) /data/src/10.10/sql/sql_select.cc:26977:11
 
    #9 0x1e7f64d in Item_func_group_concat::add(bool) /data/src/10.10/sql/item_sum.cc:4163:7
 
    #10 0x1653681 in Item_func_group_concat::add() /data/src/10.10/sql/item_sum.h:2043:12
 
    #11 0x1e886ee in Aggregator_simple::add() /data/src/10.10/sql/item_sum.h:720:33
 
    #12 0xa324de in Item_sum::aggregator_add() /data/src/10.10/sql/item_sum.h:564:47
 
    #13 0xa21504 in Item_sum::reset_and_add() /data/src/10.10/sql/item_sum.h:445:12
 
    #14 0x10af5be in init_sum_functions(Item_sum**, Item_sum**) /data/src/10.10/sql/sql_select.cc:26929:22
 
    #15 0x10a4714 in end_send_group(JOIN*, st_join_table*, bool) /data/src/10.10/sql/sql_select.cc:23219:11
 
    #16 0x10a7b57 in evaluate_join_record(JOIN*, st_join_table*, int) /data/src/10.10/sql/sql_select.cc:21993:11
 
    #17 0xfaa826 in sub_select(JOIN*, st_join_table*, bool) /data/src/10.10/sql/sql_select.cc:21763:9
 
    #18 0x103c435 in do_select(JOIN*, Procedure*) /data/src/10.10/sql/sql_select.cc:21308:14
 
    #19 0x10388fe in JOIN::exec_inner() /data/src/10.10/sql/sql_select.cc:4812:50
 
    #20 0x1034cd6 in JOIN::exec() /data/src/10.10/sql/sql_select.cc:4590:3
 
    #21 0xfacec9 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/10.10/sql/sql_select.cc:5070:9
 
    #22 0xfabac2 in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.10/sql/sql_select.cc:581:10
 
    #23 0xe7d397 in execute_sqlcom_select(THD*, TABLE_LIST*) /data/src/10.10/sql/sql_parse.cc:6261:12
 
    #24 0xe60e5d in mysql_execute_command(THD*, bool) /data/src/10.10/sql/sql_parse.cc:3945:12
 
    #25 0xe47c42 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /data/src/10.10/sql/sql_parse.cc:8035:18
 
    #26 0xe409b7 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /data/src/10.10/sql/sql_parse.cc:1894:7
 
    #27 0xe4aa0f in do_command(THD*, bool) /data/src/10.10/sql/sql_parse.cc:1407:17
 
    #28 0x14859d6 in do_handle_one_connection(CONNECT*, bool) /data/src/10.10/sql/sql_connect.cc:1416:11
 
    #29 0x1485113 in handle_one_connection /data/src/10.10/sql/sql_connect.cc:1318:5
 
    #30 0x2584577 in pfs_spawn_thread /data/src/10.10/storage/perfschema/pfs.cc:2201:3
 
    #31 0x7f200f6bdea6 in start_thread nptl/pthread_create.c:477:8
 
    #32 0x7f200f3f3dee in clone misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95
 
 
 
0x62b0001ae62c is located 13356 bytes inside of 26556-byte region [0x62b0001ab200,0x62b0001b19bc)
 
allocated by thread T20 here:
 
    #0 0x8e3dfd in malloc (/mnt8t/bld/10.10-asan-nightly/bin/mariadbd+0x8e3dfd)
 
    #1 0x35d4a6b in sf_malloc /data/src/10.10/mysys/safemalloc.c:126:34
 
    #2 0x358c971 in my_malloc /data/src/10.10/mysys/my_malloc.c:90:29
 
    #3 0x35589d4 in root_alloc /data/src/10.10/mysys/my_alloc.c:66:10
 
    #4 0x355a103 in alloc_root /data/src/10.10/mysys/my_alloc.c:332:29
 
    #5 0x134aaa8 in open_table_from_share(THD*, TABLE_SHARE*, st_mysql_const_lex_string const*, unsigned int, unsigned int, unsigned int, TABLE*, bool, List<String>*) /data/src/10.10/sql/table.cc:4178:28
 
    #6 0xc028c4 in open_table(THD*, TABLE_LIST*, Open_table_context*) /data/src/10.10/sql/sql_base.cc:2177:12
 
    #7 0xc14d5b in open_and_process_table(THD*, TABLE_LIST*, unsigned int*, unsigned int, Prelocking_strategy*, bool, Open_table_context*) /data/src/10.10/sql/sql_base.cc:4106:14
 
    #8 0xc10a97 in open_tables(THD*, DDL_options_st const&, TABLE_LIST**, unsigned int*, unsigned int, Prelocking_strategy*) /data/src/10.10/sql/sql_base.cc:4593:14
 
    #9 0xc1cfe8 in open_and_lock_tables(THD*, DDL_options_st const&, TABLE_LIST*, bool, unsigned int, Prelocking_strategy*) /data/src/10.10/sql/sql_base.cc:5567:7
 
    #10 0xb2b3a3 in open_and_lock_tables(THD*, TABLE_LIST*, bool, unsigned int) /data/src/10.10/sql/sql_base.h:510:10
 
    #11 0xe681a5 in mysql_execute_command(THD*, bool) /data/src/10.10/sql/sql_parse.cc:4647:15
 
    #12 0xe47c42 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /data/src/10.10/sql/sql_parse.cc:8035:18
 
    #13 0xe409b7 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /data/src/10.10/sql/sql_parse.cc:1894:7
 
    #14 0xe4aa0f in do_command(THD*, bool) /data/src/10.10/sql/sql_parse.cc:1407:17
 
    #15 0x14859d6 in do_handle_one_connection(CONNECT*, bool) /data/src/10.10/sql/sql_connect.cc:1416:11
 
    #16 0x1485113 in handle_one_connection /data/src/10.10/sql/sql_connect.cc:1318:5
 
    #17 0x2584577 in pfs_spawn_thread /data/src/10.10/storage/perfschema/pfs.cc:2201:3
 
    #18 0x7f200f6bdea6 in start_thread nptl/pthread_create.c:477:8
 
 
 
Thread T20 created by T0 here:
 
    #0 0x8ce82a in pthread_create (/mnt8t/bld/10.10-asan-nightly/bin/mariadbd+0x8ce82a)
 
    #1 0x2584bcc in my_thread_create(unsigned long*, pthread_attr_t const*, void* (*)(void*), void*) /data/src/10.10/storage/perfschema/my_thread.h:52:10
 
    #2 0x2584b56 in pfs_spawn_thread_v1 /data/src/10.10/storage/perfschema/pfs.cc:2252:15
 
    #3 0x91d482 in inline_mysql_thread_create(unsigned int, unsigned long*, pthread_attr_t const*, void* (*)(void*), void*) /data/src/10.10/include/mysql/psi/mysql_thread.h:1139:11
 
    #4 0x92dcaf in create_thread_to_handle_connection(CONNECT*) /data/src/10.10/sql/mysqld.cc:6029:19
 
    #5 0x92e5de in create_new_thread(CONNECT*) /data/src/10.10/sql/mysqld.cc:6088:3
 
    #6 0x92ece6 in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/src/10.10/sql/mysqld.cc:6150:5
 
    #7 0x92c6ef in handle_connections_sockets() /data/src/10.10/sql/mysqld.cc:6274:9
 
    #8 0x9212e8 in mysqld_main(int, char**) /data/src/10.10/sql/mysqld.cc:5924:3
 
    #9 0x9163a1 in main /data/src/10.10/sql/main.cc:34:10
 
    #10 0x7f200f31cd09 in __libc_start_main csu/../csu/libc-start.c:308:16
 
 
 
SUMMARY: AddressSanitizer: unknown-crash /data/src/10.10/mysys/crc32/crc32_x86.c:267:11 in crcr32_calc_pclmulqdq
 
Shadow bytes around the buggy address:
 
  0x0c568002dc70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 
  0x0c568002dc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 
  0x0c568002dc90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 
  0x0c568002dca0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 
  0x0c568002dcb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 
=>0x0c568002dcc0: 00 00 00 00 00[04]00 00 00 00 00 00 00 00 00 00
 
  0x0c568002dcd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 
  0x0c568002dce0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 
  0x0c568002dcf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 
  0x0c568002dd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 
  0x0c568002dd10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 
Shadow byte legend (one shadow byte represents 8 application bytes):
 
  Addressable:           00
 
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
 
  Freed heap region:       fd
 
  Stack left redzone:      f1
 
  Stack mid redzone:       f2
 
  Stack right redzone:     f3
 
  Stack after return:      f5
 
  Stack use after scope:   f8
 
  Global redzone:          f9
 
  Global init order:       f6
 
  Poisoned by user:        f7
 
  Container overflow:      fc
 
  Array cookie:            ac
 
  Intra object redzone:    bb
 
  ASan internal:           fe
 
  Left alloca redzone:     ca
 
  Right alloca redzone:    cb
 
  Shadow gap:              cc
 
==3849289==ABORTING
 
220916 16:49:06 [ERROR] mysqld got signal 6 ;
 
This could be because you hit a bug. It is also possible that this binary
 
or one of the libraries it was linked against is corrupt, improperly built,
 
or misconfigured. This error can also be caused by malfunctioning hardware.
 
 
 
To report this bug, see https://mariadb.com/kb/en/reporting-bugs
 
 
 
We will try our best to scrape up some info that will hopefully help
 
diagnose the problem, but since we have already crashed, 
something is definitely wrong and this may fail.
 
 
 
Server version: 10.10.2-MariaDB-debug-log
 
key_buffer_size=1048576
 
read_buffer_size=131072
 
max_used_connections=1
 
max_threads=153
 
thread_count=1
 
It is possible that mysqld could use up to 
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 63910 K  bytes of memory
 
Hope that's ok; if not, decrease some variables in the equation.
 
 
 
Thread pointer: 0x62b00017a288
 
Attempting backtrace. You can use the following information to find out
 
where mysqld died. If you see no messages after this, something went
 
terribly wrong...
 
stack_bottom = 0x7f1ffbff99a0 thread_stack 0x100000
 
mysys/my_addr_resolve.c:299(my_addr_resolve)[0x8a0e8b]
 
/mnt8t/bld/10.10-asan-nightly/bin/mariadbd(my_print_stacktrace+0x139)[0x35a3699]
 
fil/fil0crypt.cc:969(fil_crypt_start_encrypting_space(fil_space_t*))[0x1a3fe89]
 
sigaction.c:0(__restore_rt)[0x7f200f6c9140]
 
linux/raise.c:51(__GI_raise)[0x7f200f331ce1]
 
stdlib/abort.c:81(__GI_abort)[0x7f200f31b537]
 
:0(__sanitizer::Abort())[0x901af7]
 
:0(__sanitizer::Die())[0x900471]
 
:0(__asan::ScopedInErrorReport::~ScopedInErrorReport())[0x8e7e64]
 
:0(__asan::ReportGenericError(unsigned long, unsigned long, unsigned long, unsigned long, bool, unsigned long, unsigned int, bool))[0x8e991e]
 
??:0(__asan_report_load_n)[0x8ea6e5]
 
crc32_x86.c:0(crcr32_calc_pclmulqdq)[0x3638b3b]
 
crc32/crc32_x86.c:333(crc32_pclmul)[0x3638201]
 
mysys/crc32ieee.cc:60(my_checksum)[0x3634bcb]
 
addr2line: DWARF error: could not find variable specification at offset cc24
 
sql/item_strfunc.cc:4501(Item_func_crc32::val_int())[0x1d05c0f]
 
sql/item.cc:6842(Item::save_int_in_field(Field*, bool))[0x1b0461e]
 
addr2line: DWARF error: could not find variable specification at offset 281d5
 
sql/sql_type.cc:4350(Type_handler_int_result::Item_save_in_field(Item*, Field*, bool) const)[0x16edc0f]
 
sql/item.cc:6852(Item::save_in_field(Field*, bool))[0x1b048c7]
 
addr2line: DWARF error: could not find variable specification at offset 16a4c
 
addr2line: DWARF error: could not find variable specification at offset 16b6e
 
addr2line: DWARF error: could not find variable specification at offset 16bf8
 
addr2line: DWARF error: could not find variable specification at offset 16cb1
 
addr2line: DWARF error: could not find variable specification at offset 16d3b
 
addr2line: DWARF error: could not find variable specification at offset 16dc5
 
addr2line: DWARF error: could not find variable specification at offset 16e4f
 
addr2line: DWARF error: could not find variable specification at offset 16f08
 
addr2line: DWARF error: could not find variable specification at offset 16f92
 
addr2line: DWARF error: could not find variable specification at offset 17021
 
addr2line: DWARF error: could not find variable specification at offset 170ab
 
addr2line: DWARF error: could not find variable specification at offset 1713a
 
addr2line: DWARF error: could not find variable specification at offset 171c9
 
addr2line: DWARF error: could not find variable specification at offset 17253
 
addr2line: DWARF error: could not find variable specification at offset 172e2
 
addr2line: DWARF error: could not find variable specification at offset 17371
 
addr2line: DWARF error: could not find variable specification at offset 17400
 
addr2line: DWARF error: could not find variable specification at offset 1748a
 
addr2line: DWARF error: could not find variable specification at offset 17514
 
addr2line: DWARF error: could not find variable specification at offset 175a3
 
addr2line: DWARF error: could not find variable specification at offset 1762d
 
addr2line: DWARF error: could not find variable specification at offset 176bc
 
addr2line: DWARF error: could not find variable specification at offset 1774b
 
addr2line: DWARF error: could not find variable specification at offset 177da
 
addr2line: DWARF error: could not find variable specification at offset 17869
 
addr2line: DWARF error: could not find variable specification at offset 178f3
 
addr2line: DWARF error: could not find variable specification at offset 1797d
 
addr2line: DWARF error: could not find variable specification at offset 17a0c
 
addr2line: DWARF error: could not find variable specification at offset 17a9b
 
addr2line: DWARF error: could not find variable specification at offset 17b2a
 
addr2line: DWARF error: could not find variable specification at offset 17bb4
 
addr2line: DWARF error: could not find variable specification at offset 17c3e
 
addr2line: DWARF error: could not find variable specification at offset 17cc8
 
addr2line: DWARF error: could not find variable specification at offset 17d52
 
addr2line: DWARF error: could not find variable specification at offset 17de1
 
addr2line: DWARF error: could not find variable specification at offset 17e70
 
addr2line: DWARF error: could not find variable specification at offset 17eff
 
addr2line: DWARF error: could not find variable specification at offset 17f8e
 
addr2line: DWARF error: could not find variable specification at offset 1801d
 
addr2line: DWARF error: could not find variable specification at offset 180ac
 
addr2line: DWARF error: could not find variable specification at offset 18136
 
addr2line: DWARF error: could not find variable specification at offset 181c0
 
addr2line: DWARF error: could not find variable specification at offset 1824a
 
addr2line: DWARF error: could not find variable specification at offset 182d9
 
addr2line: DWARF error: could not find variable specification at offset 18368
 
addr2line: DWARF error: could not find variable specification at offset 183f2
 
addr2line: DWARF error: could not find variable specification at offset 184b0
 
addr2line: DWARF error: could not find variable specification at offset 1853a
 
addr2line: DWARF error: could not find variable specification at offset 185c4
 
addr2line: DWARF error: could not find variable specification at offset 18653
 
addr2line: DWARF error: could not find variable specification at offset 186e2
 
addr2line: DWARF error: could not find variable specification at offset 18771
 
addr2line: DWARF error: could not find variable specification at offset 18800
 
addr2line: DWARF error: could not find variable specification at offset 1888a
 
addr2line: DWARF error: could not find variable specification at offset 2b84b
 
addr2line: DWARF error: could not find variable specification at offset 11a7
 
addr2line: DWARF error: could not find variable specification at offset 3867
 
addr2line: DWARF error: could not find variable specification at offset 399d
 
addr2line: DWARF error: could not find variable specification at offset 3ab5
 
addr2line: DWARF error: could not find variable specification at offset 3b3a
 
addr2line: DWARF error: could not find variable specification at offset 3c5c
 
addr2line: DWARF error: could not find variable specification at offset 3ce6
 
addr2line: DWARF error: could not find variable specification at offset 3d70
 
addr2line: DWARF error: could not find variable specification at offset 3df5
 
addr2line: DWARF error: could not find variable specification at offset 3f17
 
addr2line: DWARF error: could not find variable specification at offset 3fa1
 
addr2line: DWARF error: could not find variable specification at offset 4026
 
addr2line: DWARF error: could not find variable specification at offset 40b0
 
addr2line: DWARF error: could not find variable specification at offset 4135
 
addr2line: DWARF error: could not find variable specification at offset 41bd
 
addr2line: DWARF error: could not find variable specification at offset 4247
 
addr2line: DWARF error: could not find variable specification at offset 42d1
 
addr2line: DWARF error: could not find variable specification at offset 435b
 
addr2line: DWARF error: could not find variable specification at offset 43e5
 
addr2line: DWARF error: could not find variable specification at offset 446f
 
addr2line: DWARF error: could not find variable specification at offset 44fe
 
addr2line: DWARF error: could not find variable specification at offset 4588
 
addr2line: DWARF error: could not find variable specification at offset 4612
 
addr2line: DWARF error: could not find variable specification at offset 46a1
 
addr2line: DWARF error: could not find variable specification at offset 4730
 
addr2line: DWARF error: could not find variable specification at offset 47bf
 
addr2line: DWARF error: could not find variable specification at offset 484e
 
addr2line: DWARF error: could not find variable specification at offset 48dd
 
addr2line: DWARF error: could not find variable specification at offset 4967
 
addr2line: DWARF error: could not find variable specification at offset 4a7a
 
addr2line: DWARF error: could not find variable specification at offset 4bab
 
addr2line: DWARF error: could not find variable specification at offset 4c3f
 
addr2line: DWARF error: could not find variable specification at offset 4cd3
 
addr2line: DWARF error: could not find variable specification at offset 4d5d
 
addr2line: DWARF error: could not find variable specification at offset 4de7
 
addr2line: DWARF error: could not find variable specification at offset 4e76
 
addr2line: DWARF error: could not find variable specification at offset 4f05
 
addr2line: DWARF error: could not find variable specification at offset 4f94
 
addr2line: DWARF error: could not find variable specification at offset 501e
 
addr2line: DWARF error: could not find variable specification at offset 50a8
 
addr2line: DWARF error: could not find variable specification at offset 5132
 
addr2line: DWARF error: could not find variable specification at offset 51bc
 
addr2line: DWARF error: could not find variable specification at offset 5246
 
addr2line: DWARF error: could not find variable specification at offset 52d5
 
addr2line: DWARF error: could not find variable specification at offset 5364
 
addr2line: DWARF error: could not find variable specification at offset 53f3
 
addr2line: DWARF error: could not find variable specification at offset 5482
 
addr2line: DWARF error: could not find variable specification at offset 5511
 
addr2line: DWARF error: could not find variable specification at offset 559b
 
addr2line: DWARF error: could not find variable specification at offset 562a
 
addr2line: DWARF error: could not find variable specification at offset 56b9
 
addr2line: DWARF error: could not find variable specification at offset 5748
 
addr2line: DWARF error: could not find variable specification at offset 57d2
 
addr2line: DWARF error: could not find variable specification at offset 5861
 
addr2line: DWARF error: could not find variable specification at offset 58eb
 
addr2line: DWARF error: could not find variable specification at offset 5970
 
addr2line: DWARF error: could not find variable specification at offset 59fa
 
addr2line: DWARF error: could not find variable specification at offset 5a89
 
addr2line: DWARF error: could not find variable specification at offset 5b18
 
addr2line: DWARF error: could not find variable specification at offset 5ba7
 
addr2line: DWARF error: could not find variable specification at offset 5c31
 
addr2line: DWARF error: could not find variable specification at offset 5cc0
 
addr2line: DWARF error: could not find variable specification at offset 5d4f
 
addr2line: DWARF error: could not find variable specification at offset 5dd9
 
addr2line: DWARF error: could not find variable specification at offset 5e63
 
addr2line: DWARF error: could not find variable specification at offset 5eed
 
addr2line: DWARF error: could not find variable specification at offset 5f77
 
addr2line: DWARF error: could not find variable specification at offset 6006
 
addr2line: DWARF error: could not find variable specification at offset 6095
 
addr2line: DWARF error: could not find variable specification at offset 6124
 
addr2line: DWARF error: could not find variable specification at offset 61ae
 
addr2line: DWARF error: could not find variable specification at offset 6238
 
addr2line: DWARF error: could not find variable specification at offset 62c2
 
addr2line: DWARF error: could not find variable specification at offset 634c
 
addr2line: DWARF error: could not find variable specification at offset 63d6
 
addr2line: DWARF error: could not find variable specification at offset 6465
 
addr2line: DWARF error: could not find variable specification at offset 64f4
 
addr2line: DWARF error: could not find variable specification at offset 657e
 
addr2line: DWARF error: could not find variable specification at offset 6608
 
addr2line: DWARF error: could not find variable specification at offset 6692
 
addr2line: DWARF error: could not find variable specification at offset 6721
 
addr2line: DWARF error: could not find variable specification at offset 67b0
 
addr2line: DWARF error: could not find variable specification at offset 683f
 
addr2line: DWARF error: could not find variable specification at offset 68ce
 
addr2line: DWARF error: could not find variable specification at offset 695d
 
addr2line: DWARF error: could not find variable specification at offset 69ec
 
addr2line: DWARF error: could not find variable specification at offset 6a7b
 
addr2line: DWARF error: could not find variable specification at offset 6b0a
 
addr2line: DWARF error: could not find variable specification at offset 6b99
 
addr2line: DWARF error: could not find variable specification at offset 6c28
 
addr2line: DWARF error: could not find variable specification at offset 6cb7
 
addr2line: DWARF error: could not find variable specification at offset 6d46
 
addr2line: DWARF error: could not find variable specification at offset 6dd5
 
addr2line: DWARF error: could not find variable specification at offset 6e64
 
addr2line: DWARF error: could not find variable specification at offset 6ef3
 
addr2line: DWARF error: could not find variable specification at offset 6f82
 
addr2line: DWARF error: could not find variable specification at offset 7011
 
addr2line: DWARF error: could not find variable specification at offset 70a0
 
addr2line: DWARF error: could not find variable specification at offset 712a
 
addr2line: DWARF error: could not find variable specification at offset 71b9
 
addr2line: DWARF error: could not find variable specification at offset 7243
 
addr2line: DWARF error: could not find variable specification at offset 72cd
 
addr2line: DWARF error: could not find variable specification at offset 735c
 
addr2line: DWARF error: could not find variable specification at offset 73eb
 
addr2line: DWARF error: could not find variable specification at offset 7475
 
addr2line: DWARF error: could not find variable specification at offset 74ff
 
addr2line: DWARF error: could not find variable specification at offset 758e
 
addr2line: DWARF error: could not find variable specification at offset 761d
 
addr2line: DWARF error: could not find variable specification at offset 76a7
 
addr2line: DWARF error: could not find variable specification at offset 7731
 
addr2line: DWARF error: could not find variable specification at offset 780c
 
addr2line: DWARF error: could not find variable specification at offset 7895
 
addr2line: DWARF error: could not find variable specification at offset 791f
 
addr2line: DWARF error: could not find variable specification at offset 79a9
 
addr2line: DWARF error: could not find variable specification at offset 7a38
 
addr2line: DWARF error: could not find variable specification at offset 7acc
 
addr2line: DWARF error: could not find variable specification at offset 7b5b
 
addr2line: DWARF error: could not find variable specification at offset 7bea
 
addr2line: DWARF error: could not find variable specification at offset 7c79
 
addr2line: DWARF error: could not find variable specification at offset 7d03
 
addr2line: DWARF error: could not find variable specification at offset 7d8d
 
addr2line: DWARF error: could not find variable specification at offset 7e17
 
addr2line: DWARF error: could not find variable specification at offset 7ea6
 
addr2line: DWARF error: could not find variable specification at offset 7f35
 
addr2line: DWARF error: could not find variable specification at offset 7fbf
 
addr2line: DWARF error: could not find variable specification at offset 8049
 
addr2line: DWARF error: could not find variable specification at offset 80d8
 
addr2line: DWARF error: could not find variable specification at offset 8167
 
addr2line: DWARF error: could not find variable specification at offset 81ec
 
addr2line: DWARF error: could not find variable specification at offset 827b
 
addr2line: DWARF error: could not find variable specification at offset 8305
 
addr2line: DWARF error: could not find variable specification at offset 8394
 
addr2line: DWARF error: could not find variable specification at offset 8428
 
addr2line: DWARF error: could not find variable specification at offset 84b7
 
addr2line: DWARF error: could not find variable specification at offset 8541
 
addr2line: DWARF error: could not find variable specification at offset 85d0
 
addr2line: DWARF error: could not find variable specification at offset 865a
 
addr2line: DWARF error: could not find variable specification at offset 86d9
 
addr2line: DWARF error: could not find variable specification at offset 8763
 
addr2line: DWARF error: could not find variable specification at offset 87f7
 
addr2line: DWARF error: could not find variable specification at offset 8881
 
addr2line: DWARF error: could not find variable specification at offset 8910
 
addr2line: DWARF error: could not find variable specification at offset 89eb
 
addr2line: DWARF error: could not find variable specification at offset 8a74
 
addr2line: DWARF error: could not find variable specification at offset 8afe
 
addr2line: DWARF error: could not find variable specification at offset 8b88
 
addr2line: DWARF error: could not find variable specification at offset 8c12
 
addr2line: DWARF error: could not find variable specification at offset 8ca1
 
addr2line: DWARF error: could not find variable specification at offset 8d2b
 
addr2line: DWARF error: could not find variable specification at offset 8dba
 
addr2line: DWARF error: could not find variable specification at offset 8e44
 
addr2line: DWARF error: could not find variable specification at offset 8ece
 
addr2line: DWARF error: could not find variable specification at offset 8f58
 
addr2line: DWARF error: could not find variable specification at offset 8fe2
 
addr2line: DWARF error: could not find variable specification at offset 906c
 
addr2line: DWARF error: could not find variable specification at offset 90f6
 
addr2line: DWARF error: could not find variable specification at offset 9185
 
addr2line: DWARF error: could not find variable specification at offset 9214
 
addr2line: DWARF error: could not find variable specification at offset 92a8
 
addr2line: DWARF error: could not find variable specification at offset 9337
 
addr2line: DWARF error: could not find variable specification at offset 93c6
 
addr2line: DWARF error: could not find variable specification at offset 9450
 
addr2line: DWARF error: could not find variable specification at offset 94df
 
addr2line: DWARF error: could not find variable specification at offset 9569
 
addr2line: DWARF error: could not find variable specification at offset 95f8
 
addr2line: DWARF error: could not find variable specification at offset 9682
 
addr2line: DWARF error: could not find variable specification at offset 9711
 
addr2line: DWARF error: could not find variable specification at offset 979b
 
addr2line: DWARF error: could not find variable specification at offset 9825
 
addr2line: DWARF error: could not find variable specification at offset 98af
 
addr2line: DWARF error: could not find variable specification at offset 9939
 
addr2line: DWARF error: could not find variable specification at offset 99c3
 
addr2line: DWARF error: could not find variable specification at offset 9a4d
 
addr2line: DWARF error: could not find variable specification at offset 9adc
 
addr2line: DWARF error: could not find variable specification at offset 9b61
 
addr2line: DWARF error: could not find variable specification at offset 9cbb
 
addr2line: DWARF error: could not find variable specification at offset 9d45
 
addr2line: DWARF error: could not find variable specification at offset 9dcf
 
addr2line: DWARF error: could not find variable specification at offset 9e54
 
addr2line: DWARF error: could not find variable specification at offset 9ed9
 
addr2line: DWARF error: could not find variable specification at offset 9f68
 
addr2line: DWARF error: could not find variable specification at offset 9ff7
 
addr2line: DWARF error: could not find variable specification at offset a08b
 
addr2line: DWARF error: could not find variable specification at offset 5d09
 
addr2line: DWARF error: could not find variable specification at offset 1401
 
addr2line: DWARF error: could not find variable specification at offset e3a9
 
sql/item.h:3452(Item_result_field::save_in_result_field(bool))[0xa2242e]
 
sql/sql_select.cc:26984(copy_funcs(Item**, THD const*))[0x10b0420]
 
sql/item_sum.cc:4163(Item_func_group_concat::add(bool))[0x1e7f64e]
 
sql/item_sum.h:2043(Item_func_group_concat::add())[0x1653682]
 
sql/item_sum.h:720(Aggregator_simple::add())[0x1e886ef]
 
sql/item_sum.h:564(Item_sum::aggregator_add())[0xa324df]
 
sql/item_sum.h:445(Item_sum::reset_and_add())[0xa21505]
 
sql/sql_select.cc:26929(init_sum_functions(Item_sum**, Item_sum**))[0x10af5bf]
 
sql/sql_select.cc:23219(end_send_group(JOIN*, st_join_table*, bool))[0x10a4715]
 
sql/sql_select.cc:21993(evaluate_join_record(JOIN*, st_join_table*, int))[0x10a7b58]
 
sql/sql_select.cc:21763(sub_select(JOIN*, st_join_table*, bool))[0xfaa827]
 
sql/sql_select.cc:21308(do_select(JOIN*, Procedure*))[0x103c436]
 
sql/sql_select.cc:4812(JOIN::exec_inner())[0x10388ff]
 
sql/sql_select.cc:4590(JOIN::exec())[0x1034cd7]
 
sql/sql_select.cc:5070(mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0xfaceca]
 
sql/sql_select.cc:581(handle_select(THD*, LEX*, select_result*, unsigned long))[0xfabac3]
 
sql/sql_parse.cc:6261(execute_sqlcom_select(THD*, TABLE_LIST*))[0xe7d398]
 
sql/sql_parse.cc:3945(mysql_execute_command(THD*, bool))[0xe60e5e]
 
sql/sql_parse.cc:8035(mysql_parse(THD*, char*, unsigned int, Parser_state*))[0xe47c43]
 
sql/sql_parse.cc:1894(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool))[0xe409b8]
 
sql/sql_parse.cc:1407(do_command(THD*, bool))[0xe4aa10]
 
sql/sql_connect.cc:1416(do_handle_one_connection(CONNECT*, bool))[0x14859d7]
 
sql/sql_connect.cc:1320(handle_one_connection)[0x1485114]
 
perfschema/pfs.cc:2201(pfs_spawn_thread)[0x2584578]
 
nptl/pthread_create.c:478(start_thread)[0x7f200f6bdea7]
 
x86_64/clone.S:97(__GI___clone)[0x7f200f3f3def]
 
 
 
Trying to get some variables.
 
Some pointers may be invalid and cause the dump to abort.
 
Query (0x6290001092a8): SELECT GROUP_CONCAT(CRC32(b)) FROM t GROUP BY IF(id, 1, '')
 
 
 
Connection ID (thread ID): 4
 
Status: NOT_KILLED
 
 
 
Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,engine_condition_pushdown=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on,not_null_range_scan=off
 
 
 
The manual page at https://mariadb.com/kb/en/how-to-produce-a-full-stack-trace-for-mysqld/ contains
 
information that should help you find out what is causing the crash.
 
Writing a core file...
 
Working directory at /dev/shm/var_auto_tm2H/mysqld.1/data
 
Resource Limits:
 
Limit                     Soft Limit           Hard Limit           Units     
Max cpu time              unlimited            unlimited            seconds   
Max file size             unlimited            unlimited            bytes     
Max data size             unlimited            unlimited            bytes     
Max stack size            8388608              unlimited            bytes     
Max core file size        unlimited            unlimited            bytes     
Max resident set          unlimited            unlimited            bytes     
Max processes             385885               385885               processes 
Max open files            1024                 1024                 files     
Max locked memory         12659514368          12659514368          bytes     
Max address space         unlimited            unlimited            bytes     
Max file locks            unlimited            unlimited            locks     
Max pending signals       385885               385885               signals   
Max msgqueue size         819200               819200               bytes     
Max nice priority         0                    0                    
Max realtime priority     0                    0                    
Max realtime timeout      unlimited            unlimited            us        
Core pattern: core
 
 
 
Kernel version: Linux version 5.10.0-14-amd64 (debian-kernel@lists.debian.org) (gcc-10 (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2) #1 SMP Debian 5.10.113-1 (2022-04-29)

10.3 32bab2ce debug

 
GROUP_CONCAT(CRC32(b))
 
4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234,4098726234...

10.3 32bab2ce non-debug

 
GROUP_CONCAT(CRC32(b))
 
0,0,0,0,3468525685,0,0,2761715016,0,0,0,0,2307472468,0,0,0,0,0,0,0,0,0,0,3468525685,0,0,2761715016,0,0,0,0,2307472468,0,0,0,0,0,0,0,0,0,0,3468525685,0,0,2761715016,0,0,0,0,2307472468,0,0,0,0,0,0,0,0,0,3468525685,0,0,2761715016,0,0,0,0,2307472468,0,0,0,0,0,0,0,0,0,3468525685,0,0,2761715016,0,0,0,0,2307472468,0,0,0,0,0,0,0,0,0,0,3468525685,0,0,2761715016,0,0,0,0,2307472468,0,0,0,0,0,0,0,0,0,0,3468525685,0,0,2761715016,0,0,0,0,2307472468,0,0,0,0,0,0,0,0,0,0,3468525685,0,0,2761715016,0,0,0,0,2307472468,0,0,0,0,0,0,0,0,0,3468525685,0,0,2761715016,0,0,0,0,2307472468,0,0,0,0,0,0,0,0,0,0,3468525685,0,0,2761715016,0,0,0,0,2307472468,0,0,0,0,0,0,0,0,0,3468525685,0,0,2761715016,0,0,0,0,2307472468,0,0,0,0,0,0,0,0,0,3468525685,0,0,2761715016,0,0,0,0,2307472468,0,0,0,0,0,0,0,0,0,0,3468525685,0,0,2761715016,0,0,0,0,2307472468,0,0,0,0,0,0,0,0,0,3468525685,0,0,2761715016,0,0,0,0,2307472468,0,0,0,0,0,0,0,0,0,0,3468525685,0,0,2761715016,0,0,0,0,2307472468,0,0,0,0,0,0,0,0,0,3468525685,0,0,2761715016,0,0,0,0,2307472468,0,0,0,0,0,0,0,0,0,0,3468525685,0,0,2761715016,0,0,0,0,2307472468,0,0,0,0,0,0,0,0,0,0,3468525685,0,0,2761715016,0,0,0,0,2307472468,0,0,0,0,0,0,0,0,0,3468525685,0,0,2761715016,0,0,0,0,2307472468,0,0,0,0,0,0,0,0,0,0,3468525685,0,0,2761715016,0,0,0,0,2307472468,0,0,0,0,0,0,0,0,0,3468525685,0,0,2761715016,0,0,0,0,2307472468,0,0,0,0,0,0,0,0,0,0,3468525685,0,0,2761715016,0,0,0,0,2307472468,0,0,0,0,0,0,0,0,0,3468525685,0,0,2761715016,0,0,0,0,2307472468,0,0,0,0,0,0,0,0,0,3468525685,0,0,2761715016,0,0,0,0,2307472468,0,0,0,0,0,0,0,0,0,0,3468525685,0,0,2761715016,0,0,0,0,2307472468,0,0,0,0,0,0,0,0,0,3468525685,0,0,2761715016,0,0,0,0,2307472468,0,0,0,0,0,0,0,0,0,0,3468525685,0,0,2761715016,0,0,0,0,2307472468,0,0,0,0,0,0,0,0,0,3468525685,0,0,2761715016,0,0,0,0,2307472468,0,0,0,0,0,0,0,0,0,0,3468525685,0,0,2761715016,0,0,0,0,2307472468,0,0,0,0,0,0,0,0,0,0,3468525685,0,0,2761715016,0,0,0,0,2307472468,0,0,0,0,0,0,0,0,0,3468525685,0,0,2761715016,0,0,0,0,2307472468,0,0,0,0,0,0,0,0,0,0,3468525685,0,0,2761715016,0,0,0,0,2307472468,0,0,0,0,0,0,0,0,0,3468525685,0,0,2761715016,0,0,0,0,2307472468,0,0,0,0,0,0,0,0,0,0,3468525685,0,0,2761715016,0,0,0,0,2307472468,0,0,0,0,0,0,0,0,0,3468525685,0,0,2761715016,0,0,0,0,2307472468,0,0,0,0,0,0,0,0,0,3468525685,0,0,2761715016,0,0,0,0,2307472468,0,0,0,0,0,0,0,0,0,0,3468525685,0,0,2761715016,0,0,0,0,2307472468,0,0,0,0,0,0,0,0,0,3468525685,0,0,2761715016,0,0,0,0,2307472468,0,0,0,0,0,0,0,0,0,0,3468525685,0,0,2761715016,0,0,0,0,2307472468,0,0,0,0,0,0,0,0,0,3468525685,0,0,2761715016,0,0,0,0,2307472468,0,0,0,0,0,0,0,0,0,0,3468525685,0,0,2761715016,0,0,0,0,2307472468,0,0,0,0,0,0,0,0,0,0,3468525685,0,0,2761715016,0,0,0,0,2307472468,0,0,0,0,0,0,0,0,0,3468525685

10.4 e4043152

 
GROUP_CONCAT(CRC32(b))
 
393098520,393098520,393098520,393098520,393098520,393098520,393098520,393098520,393098520,393098520,393098520,393098520,393098520,393098520,393098520,393098520,393098520,393098520,393098520,3229668992,3229668992,3229668992,3229668992,3229668992,3229668992,3229668992,3229668992,3229668992,3229668992,3229668992,3229668992,3229668992,3229668992,3229668992,3229668992,3229668992,3229668992,3229668992,1592976495,1592976495,1592976495,1592976495,1592976495,1592976495,1592976495,1592976495,1592976495,1592976495,1592976495,1592976495,1592976495,1592976495,1592976495,1592976495,1592976495,1592976495,1592976495,3022788593,3022788593,3022788593,3022788593,3022788593,3022788593,3022788593,3022788593,3022788593,3022788593,3022788593,3022788593,3022788593,3022788593,3022788593,3022788593,3022788593,3022788593,4177364470,4177364470,4177364470,4177364470,4177364470,4177364470,4177364470,4177364470,4177364470,4177364470,4177364470,4177364470,4177364470,4177364470,4177364470,4177364470,4177364470,4177364470,1361388031,1361388031,1361388031,1361388031,1361388031,1361388031,1361388031,1361388031,1361388031,1361388031,1361388031,1361388031,1361388031,1361388031,1361388031,1361388031,1361388031,1361388031,1361388031,173927337,173927337,173927337,173927337,173927337,173927337,173927337,173927337,173927337,173927337,173927337,173927337,173927337,173927337,173927337,173927337,173927337,173927337,173927337,2486163782,2486163782,2486163782,2486163782,2486163782,2486163782,2486163782,2486163782,2486163782,2486163782,2486163782,2486163782,2486163782,2486163782,2486163782,2486163782,2486163782,2486163782,2486163782,2480040041,2480040041,2480040041,2480040041,2480040041,2480040041,2480040041,2480040041,2480040041,2480040041,2480040041,2480040041,2480040041,2480040041,2480040041,2480040041,2480040041,2480040041,2880387871,2880387871,2880387871,2880387871,2880387871,2880387871,2880387871,2880387871,2880387871,2880387871,2880387871,2880387871,2880387871,2880387871,2880387871,2880387871,2880387871,2880387871,2880387871,2278614666,2278614666,2278614666,2278614666,2278614666,2278614666,2278614666,2278614666,2278614666,2278614666,2278614666,2278614666,2278614666,2278614666,2278614666,2278614666,2278614666,2278614666,2944395015,2944395015,2944395015,2944395015,2944395015,2944395015,2944395015,2944395015,2944395015,2944395015,2944395015,2944395015,2944395015,2944395015,2944395015,2944395015,2944395015,2944395015,3031084148,3031084148,3031084148,3031084148,3031084148,3031084148,3031084148,3031084148,3031084148,3031084148,3031084148,3031084148,3031084148,3031084148,3031084148,3031084148,3031084148,3031084148,3031084148,2564125153,2564125153,2564125153,2564125153,2564125153,2564125153,2564125153,2564125153,2564125153,2564125153,2564125153,2564125153,2564125153,2564125153,2564125153,2564125153,2564125153,2564125153,1089230825,1089230825,1089230825,1089230825,1089230825,1089230825,1089230825,1089230825,1089230825,1089230825,1089230825,1089230825,1089230825,1089230825,1089230825,1089230825,1089230825,1089230825,1089230825,2807403448,2807403448,2807403448,2807403448,2807403448,2807403448,2807403448,2807403448,2807403448,2807403448,2807403448,2807403448,2807403448,2807403448,2807403448,2807403448,2807403448,2807403448,2001125647,2001125647,2001125647,2001125647,2001125647,2001125647,2001125647,2001125647,2001125647,2001125647,2001125647,2001125647,2001125647,2001125647,2001125647,2001125647,2001125647,2001125647,2001125647,2871623834,2871623834,2871623834,2871623834,2871623834,2871623834,2871623834,2871623834,2871623834,2871623834,2871623834,2871623834,2871623834,2871623834,2871623834,2871623834,2871623834,2871623834,2871623834,1284523211,1284523211,1284523211,1284523211,1284523211,1284523211,1284523211,1284523211,1284523211,1284523211,1284523211,1284523211,1284523211,1284523211,1284523211,1284523211,1284523211,1284523211,3207270009,3207270009,3207270009,3207270009,3207270009,3207270009,3207270009,3207270009,3207270009,3207270009,3207270009,3207270009,3207270009,3207270009,3207270009,3207270009,3207270009,3207270009,3207270009,3101081430,3101081430,3101081430,3101081430,3101081430,3101081430,3101081430,3101081430,3101081430,3101081430,3101081430,3101081430,3101081430,3101081430,3101081430,3101081430,3101081430,3101081430,2734945317,2734945317,2734945317,2734945317,2734945317,2734945317,2734945317,2734945317,2734945317,2734945317,2734945317,2734945317,2734945317,2734945317,2734945317,2734945317,2734945317,2734945317,2734945317,236838867,236838867,236838867,236838867,236838867,236838867,236838867,236838867,236838867,236838867,236838867,236838867,236838867,236838867,236838867,236838867,236838867,236838867,2502078028,2502078028,2502078028,2502078028,2502078028,2502078028,2502078028,2502078028,2502078028,2502078028,2502078028,2502078028,2502078028,2502078028,2502078028,2502078028,2502078028,2502078028,2908749114,2908749114,2908749114,2908749114,2908749114,2908749114,2908749114,2908749114,2908749114,2908749114,2908749114,2908749114,2908749114,2908749114,2908749114,2908749114,2908749114,2908749114,2908749114,2166366383,2166366383,2166366383,2166366383,2166366383,2166366383,2166366383,2166366383,2166366383,2166366383,2166366383,2166366383,2166366383,2166366383,2166366383,2166366383,2166366383,2166366383,2058428066,2058428066,2058428066,2058428066,2058428066,2058428066,2058428066,2058428066,2058428066,2058428066,2058428066,2058428066,2058428066,2058428066,2058428066,2058428066,2058428066,2058428066,2058428066,3663260409,3663260409,3663260409,3663260409,3663260409,3663260409,3663260409,3663260409,3663260409,3663260409,3663260409,3663260409,3663260409,3663260409,3663260409,3663260409,3663260409,3663260409,349417549,349417549,349417549,349417549,349417549,349417549,349417549,349417549,349417549,349417549,349417549,349417549,349417549,349417549,349417549,349417549,349417549,349417549,349417549,3000816084,3000816084,3000816084,3000816084,3000816084,3000816084,3000816084,3000816084,3000816084,3000816084,3000816084,3000816084,3000816084,3000816084,3000816084,3000816084,3000816084,3000816084,3000816084,1432688005,1432688005,1432688005,1432688005,1432688005,1432688005,1432688005,1432688005,1432688005,1432688005,1432688005,1432688005,1432688005,1432688005,1432688005,1432688005,1432688005,1432688005,2239121202,2239121202,2239121202,2239121202,2239121202,2239121202,2239121202,2239121202,2239121202,2239121202,2239121202,2239121202,2239121202,2239121202,2239121202,2239121202,2239121202,2239121202,2239121202,823887375,823887375,823887375,823887375,823887375,823887375,823887375,823887375,823887375,823887375,823887375,823887375,823887375,823887375,823887375,823887375,823887375,823887375,878101887,878101887,878101887,878101887,878101887,878101887,878101887,878101887,878101887,878101887,878101887,878101887,878101887,878101887,878101887,878101887,878101887,878101887,878101887,622397676,622397676,622397676,622397676,622397676,622397676,622397676,622397676,622397676,622397676,622397676,622397676,622397676,622397676,622397676,622397676,622397676,622397676,3190192499,3190192499,3190192499,3190192499,3190192499,3190192499,3190192499,3190192499,3190192499,3190192499,3190192499,3190192499,3190192499,3190192499,3190192499,3190192499,3190192499,3190192499,2784178688,2784178688,2784178688,2784178688,2784178688,2784178688,2784178688,2784178688,2784178688,2784178688,2784178688,2784178688,2784178688,2784178688,2784178688,2784178688,2784178688,2784178688,2784178688,3470581663,3470581663,3470581663,3470581663,3470581663,3470581663,3470581663,3470581663,3470581663,3470581663,3470581663,3470581663,3470581663,3470581663,3470581663,3470581663,3470581663,3470581663,735439249,735439249,735439249,735439249,735439249,735439249,735439249,735439249,735439249,735439249,735439249,735439249,735439249,735439249,735439249,735439249,735439249,735439249,735439249,4049354182,4049354182,4049354182,4049354182,4049354182,4049354182,4049354182,4049354182,4049354182,4049354182,4049354182,4049354182,4049354182,4049354182,4049354182,4049354182,4049354182,4049354182,558854001,558854001,558854001,558854001,558854001,558854001,558854001,558854001,558854001,558854001,558854001,558854001,558854001,558854001,558854001,558854001,558854001,558854001,558854001,3127910126,3127910126,3127910126,3127910126,3127910126,3127910126,3127910126,3127910126,3127910126,3127910126,3127910126,3127910126,3127910126,3127910126,3127910126,3127910126,3127910126,3127910126,3127910126,1071081330,1071081330,1071081330,1071081330

The crash is reproducible on 10.4+ (maybe it's just the matter of luck that it doesn't happen elsewhere).
The garbage results can be observed even on 10.2.

Without innodb persistent stats, or with MyISAM/Aria, there is no crash, and any build produces a list of zeros as expected.

 Comments   
Comment by Marko Mäkelä [ 2022-09-16 ]

I was suspecting a potential alignment issue, but I see that crc32_pclmul() is invoking _mm_loadu_si128() on the data (u for unaligned). This should be easy to debug with ./mtr --rr, setting a watchpoint on the ASAN shadow byte, and reverse-continue to see what is going on.

Comment by Marko Mäkelä [ 2022-09-16 ]

By the way, I think that you could have created the table with explicit STATS_PERSISTENT=1 to enable the persistent statistics even when it is globally disabled in mtr.

I debugged this with

./mtr --rr name_of_test
 
rr replay var/log/mysqld.1.rr/latest-trace


continue
 
watch -l *(char*)0x0c56800146b7
 
reverse-continue
 
continue

In my case, the relevant ASAN shadow byte address was 0x0c56800146b7. Here are stack traces of some of the last operations on the shadow byte. All are on the same (crashing) thread.

10.6 5e270ca28d05acb72c6aec9f1d37f9610fc11a0e

 
(rr) continue
 
Continuing.
 
 
 
Thread 2 hit Hardware watchpoint 1: -location *(char*)0x0c56800146b7
 
 
 
Old value = -9 '\367'
 
New value = 0 '\000'
 
__memset_avx2_unaligned_erms () at ../sysdeps/x86_64/multiarch/memset-vec-unaligned-erms.S:336
 
336	in ../sysdeps/x86_64/multiarch/memset-vec-unaligned-erms.S
 
(rr) bt
 
#0  __memset_avx2_unaligned_erms () at ../sysdeps/x86_64/multiarch/memset-vec-unaligned-erms.S:336
 
#1  0x00007ffadeabbdf5 in __asan_unpoison_memory_region (addr=<optimized out>, size=<optimized out>) at ../../../../src/libsanitizer/asan/asan_poisoning.cpp:165
 
#2  0x0000557cb478d091 in alloc_root (mem_root=0x6190000ae988, length=26392) at /mariadb/10.5/mysys/my_alloc.c:271
 
#3  0x0000557cb2f9d45b in open_table_from_share (thd=0x62b0000af218, share=0x61b0000395b8, alias=0x62b0000b63c0, db_stat=33, prgflag=8, ha_open_flags=16, outparam=0x6190000ae698, is_create_table=false, 
    partitions_to_open=0x0) at /mariadb/10.5/sql/table.cc:4163
 
#4  0x0000557cb2aa05f4 in open_table (thd=0x62b0000af218, table_list=0x62b0000b6378, ot_ctx=0x7ffad41d1b60) at /mariadb/10.5/sql/sql_base.cc:2035
 
#5  0x0000557cb2aa9e2e in open_and_process_table (thd=0x62b0000af218, tables=0x62b0000b6378, counter=0x7ffad41d1c70, flags=0, prelocking_strategy=0x7ffad41d1d80, has_prelocking_list=false, 
    ot_ctx=0x7ffad41d1b60) at /mariadb/10.5/sql/sql_base.cc:3845
 
#6  0x0000557cb2aac96d in open_tables (thd=0x62b0000af218, options=..., start=0x7ffad41d1c80, counter=0x7ffad41d1c70, flags=0, prelocking_strategy=0x7ffad41d1d80) at /mariadb/10.5/sql/sql_base.cc:4328
 
#7  0x0000557cb2ab1ab1 in open_and_lock_tables (thd=0x62b0000af218, options=..., tables=0x62b0000b6378, derived=true, flags=0, prelocking_strategy=0x7ffad41d1d80) at /mariadb/10.5/sql/sql_base.cc:5301
 
#8  0x0000557cb2a0b5e5 in open_and_lock_tables (thd=0x62b0000af218, tables=0x62b0000b6378, derived=true, flags=0) at /mariadb/10.5/sql/sql_base.h:509
 
#9  0x0000557cb2c42018 in mysql_execute_command (thd=0x62b0000af218, is_called_from_prepared_stmt=false) at /mariadb/10.5/sql/sql_parse.cc:4649
 
#10 0x0000557cb2c59118 in mysql_parse (thd=0x62b0000af218, rawbuf=0x62b0000b6238 "INSERT INTO t (id, a) SELECT seq, '' FROM seq_1_to_803", length=54, parser_state=0x7ffad41d2a70)
 
    at /mariadb/10.5/sql/sql_parse.cc:8030
 
(rr) continue
 
Continuing.
 
 
 
Thread 2 hit Hardware watchpoint 1: -location *(char*)0x0c56800146b7
 
 
 
Old value = 0 '\000'
 
New value = 4 '\004'
 
__asan_poison_memory_region (addr=<optimized out>, size=<optimized out>) at ../../../../src/libsanitizer/asan/asan_poisoning.cpp:134
 
134	../../../../src/libsanitizer/asan/asan_poisoning.cpp: Tiedostoa tai hakemistoa ei ole.
 
(rr) bt
 
#0  __asan_poison_memory_region (addr=<optimized out>, size=<optimized out>) at ../../../../src/libsanitizer/asan/asan_poisoning.cpp:134
 
#1  0x0000557cb2f9d650 in open_table_from_share (thd=0x62b0000af218, share=0x61b0000395b8, alias=0x62b0000b63c0, db_stat=33, prgflag=8, ha_open_flags=16, outparam=0x6190000ae698, is_create_table=false, 
    partitions_to_open=0x0) at /mariadb/10.5/sql/table.cc:4176
 
#2  0x0000557cb2aa05f4 in open_table (thd=0x62b0000af218, table_list=0x62b0000b6378, ot_ctx=0x7ffad41d1b60) at /mariadb/10.5/sql/sql_base.cc:2035
 
#3  0x0000557cb2aa9e2e in open_and_process_table (thd=0x62b0000af218, tables=0x62b0000b6378, counter=0x7ffad41d1c70, flags=0, prelocking_strategy=0x7ffad41d1d80, has_prelocking_list=false, 
    ot_ctx=0x7ffad41d1b60) at /mariadb/10.5/sql/sql_base.cc:3845
 
#4  0x0000557cb2aac96d in open_tables (thd=0x62b0000af218, options=..., start=0x7ffad41d1c80, counter=0x7ffad41d1c70, flags=0, prelocking_strategy=0x7ffad41d1d80) at /mariadb/10.5/sql/sql_base.cc:4328
 
#5  0x0000557cb2ab1ab1 in open_and_lock_tables (thd=0x62b0000af218, options=..., tables=0x62b0000b6378, derived=true, flags=0, prelocking_strategy=0x7ffad41d1d80) at /mariadb/10.5/sql/sql_base.cc:5301
 
#6  0x0000557cb2a0b5e5 in open_and_lock_tables (thd=0x62b0000af218, tables=0x62b0000b6378, derived=true, flags=0) at /mariadb/10.5/sql/sql_base.h:509
 
#7  0x0000557cb2c42018 in mysql_execute_command (thd=0x62b0000af218, is_called_from_prepared_stmt=false) at /mariadb/10.5/sql/sql_parse.cc:4649
 
#8  0x0000557cb2c59118 in mysql_parse (thd=0x62b0000af218, rawbuf=0x62b0000b6238 "INSERT INTO t (id, a) SELECT seq, '' FROM seq_1_to_803", length=54, parser_state=0x7ffad41d2a70)
 
    at /mariadb/10.5/sql/sql_parse.cc:8030
 
(rr) continue
 
Continuing.
 
 
 
Thread 2 hit Breakpoint 2, __asan::__asan_report_load_n (addr=108508054697404, size=16) at ../../../../src/libsanitizer/asan/asan_rtl.cpp:148
 
148	../../../../src/libsanitizer/asan/asan_rtl.cpp: Tiedostoa tai hakemistoa ei ole.
 
(rr) up
 
#1  0x0000557cb4822180 in _mm_loadu_si128 (__P=0x62b0000e35bc) at /usr/lib/gcc/x86_64-linux-gnu/12/include/emmintrin.h:703
 
703	  return *__P;
 
(rr) up
 
#2  crcr32_calc_pclmulqdq (data=0x62b0000e06dc '\276' <repeats 200 times>..., data_len=48830, crc=4294967295, params=0x557cb56f2940 <ether_crc32_clmul>) at /mariadb/10.5/mysys/crc32/crc32_x86.c:267
 
267	    temp= _mm_loadu_si128((__m128i *) &data[n]);
 
(rr) 
#3  0x0000557cb4822652 in crc32_pclmul (crc32=0, buf=0x62b0000e06dc, len=48830) at /mariadb/10.5/mysys/crc32/crc32_x86.c:333
 
333	  return ~crcr32_calc_pclmulqdq(buf, (uint32_t)len, ~crc32, &ether_crc32_clmul);
 
(rr) 
#4  0x0000557cb481ecb2 in my_checksum (crc=0, data=0x62b0000e06dc, len=48830) at /mariadb/10.5/mysys/crc32ieee.cc:60
 
60	  return my_checksum_func(crc, data, len);
 
(rr) 
#5  0x0000557cb36690ad in Item_func_crc32::val_int (this=0x62b0000b6920) at /mariadb/10.5/sql/item_strfunc.cc:4252
 
4252	  return (longlong) my_checksum(0L, (uchar*)res->ptr(), res->length());
 
(rr) p *res
 
$1 = {<Charset> = {m_charset = 0x557cb67b54a0 <my_charset_utf8mb3_general_ci>}, <Binary_string> = {<Sql_alloc> = {<No data fields>}, Ptr = 0x62b0000e06dc '\276' <repeats 200 times>..., str_length = 48830, 
    Alloced_length = 0, extra_alloc = 0, alloced = false, thread_specific = false}, <No data fields>}
 
(rr) watch -l res.Ptr
 
Hardware watchpoint 3: -location res.Ptr
 
(rr) rc
 
Continuing.
 
 
 
Thread 2 hit Hardware watchpoint 3: -location res.Ptr
 
 
 
Old value = 0x62b0000e06dc '\276' <repeats 200 times>...
 
New value = 0x0
 
0x0000557cb299b54f in Binary_string::set (this=0x62b0000b67f8, str=0x62b0000e06dc '\276' <repeats 200 times>..., length=48830) at /mariadb/10.5/sql/sql_string.h:472
 
472	    Ptr= (char*) str;
 
(rr) up
 
#1  0x0000557cb299b60f in String::set (this=0x62b0000b67f0, str=0x62b0000e06dc '\276' <repeats 200 times>..., arg_length=48830, cs=0x557cb67b54a0 <my_charset_utf8mb3_general_ci>)
 
    at /mariadb/10.5/sql/sql_string.h:825
 
825	    Binary_string::set(str, arg_length);
 
(rr) 
#2  0x0000557cb3418b22 in Field_varstring::val_str (this=0x6190000aedf8, val_buffer=0x62b0000b69c8, val_ptr=0x62b0000b67f0) at /mariadb/10.5/sql/field.cc:7883
 
7883	  val_ptr->set((const char*) get_data(), get_length(), field_charset());
 
(rr) 
#3  0x0000557cb34d570b in Item_field::val_str (this=0x62b0000b67c8, str=0x62b0000b69c8) at /mariadb/10.5/sql/item.cc:3336
 
3336	  return field->val_str(str,&str_value);
 
(rr) down
 
#2  0x0000557cb3418b22 in Field_varstring::val_str (this=0x6190000aedf8, val_buffer=0x62b0000b69c8, val_ptr=0x62b0000b67f0) at /mariadb/10.5/sql/field.cc:7883
 
7883	  val_ptr->set((const char*) get_data(), get_length(), field_charset());
 
(rr) 
#1  0x0000557cb299b60f in String::set (this=0x62b0000b67f0, str=0x62b0000e06dc '\276' <repeats 200 times>..., arg_length=48830, cs=0x557cb67b54a0 <my_charset_utf8mb3_general_ci>)
 
    at /mariadb/10.5/sql/sql_string.h:825
 
825	    Binary_string::set(str, arg_length);
 
(rr) p/x *str@48830
 
$2 = {0xbe <repeats 2884 times>, 0x0 <repeats 24032 times>, 0xb9, 0x96, 0x6e, 0xcc, 0xb9, 0x96, 0x6e, 0xcc, 0xf0, 0x71, 0xe, 0x0, 0xb0, 0x62, 0x0 <repeats 482 times>, 0x2, 0x11, 0x0, 0x0, 0x48, 0x67, 0x0, 0x0, 
  0xe5, 0x1d, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0xbe, 0xbe, 0xbe, 0xbe, 0xbe, 0xbe, 0xbe, 0xbe, 0x30, 0x67, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbe, 0xbe, 0xbe, 0xbe, 0x0 <repeats 16 times>, 0x30, 
  0x67, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbe, 0xbe, 0xbe, 0xbe, 0xbe, 0xbe, 0xbe, 0xbe, 0xf, 0x0 <repeats 13191 times>, 0xf, 0x0 <repeats 8153 times>}

To me, this looks like an address that is so much out of bounds that AddressSanitizer does not even recognize which the intended buffer might have been. The contents of the buffer seems to contain some uninitialized garbage. I wonder if the following would help Valgrind or MemorySanitizer complain a bit:

diff --git a/sql/field.cc b/sql/field.cc
 
index 29b9634c877..d19c8a21c9e 100644
 
--- a/sql/field.cc
 
+++ b/sql/field.cc
 
@@ -7926,8 +7926,6 @@ bool Field_varstring::send(Protocol *protocol)
 
 
 void Field_varstring::mark_unused_memory_as_defined()
 
 {
 
-  uint used_length __attribute__((unused)) = get_length();
 
-  MEM_MAKE_DEFINED(get_data() + used_length, field_length - used_length);
 
 }
 
 #endif

Comment by Elena Stepanova [ 2022-09-16 ]

The summary/description has been updated to include a non-crash version of the problem.

Generated at Thu Feb 08 10:09:31 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.