Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-13457

Server crashes with SIGSEGV in merge_buffers with low value for tmp_table_size and an aggregate function with the distinct clause

Details

    Description

      create table t1 (
      a VARCHAR(1020),
      b int
      );
      insert into t1 values
      ( 0 , 1 ),
      ( 1 , 2 ),
      ( 2 , 3 ),
      ( 3 , 4 ),
      ( 4 , 5 ),
      ( 5 , 6 ),
      ( 6 , 7 ),
      ( 7 , 8 ),
      ( 8 , 9 ),
      ( 9 , 10 ),
      ( 10 , 11 ),
      ( 11 , 12 ),
      ( 12 , 13 ),
      ( 13 , 14 ),
      ( 14 , 15 ),
      ( 15 , 16 ),
      ( 16 , 17 ),
      ( 17 , 18 ),
      ( 18 , 19 ),
      ( 25 , 26 ),
      ( 26 , 27 ),
      ( 9 , 120 ),
      ( 10 , 121 ),
      ( 11 , 122 ),
      ( 12 , 123 ),
      ( 13 , 124 ),
      ( 14 , 125 ),
      ( 15 , 126 ),
      ( 16 , 127 );
      set tmp_table_size=1024;
      select count(distinct a) from t1;
      drop table t1;

      Attachments

        Activity

          Ascending order - Click to sort in descending order
          varun Varun Gupta (Inactive) added a comment -

          The attached stack trace

          #0  __pthread_kill (threadid=<optimized out>, signo=11) at ../sysdeps/unix/sysv/linux/pthread_kill.c:62
          		 
          #1  0x0000000000d13a6b in my_write_core (sig=11) at /home/temporary/Desktop/10.1/mysys/stacktrace.c:457
          		 
          #2  0x00000000007d23ea in handle_fatal_signal (sig=11) at /home/temporary/Desktop/10.1/sql/signal_handler.cc:262
          		 
          #3  <signal handler called>
          		 
          #4  __memcpy_avx_unaligned () at ../sysdeps/x86_64/multiarch/memcpy-avx-unaligned.S:181
          		 
          #5  0x00000000007d0c56 in merge_buffers (param=0x7f0040f7cd60, from_file=0x7f003a50e3c8, to_file=0x7f0040f7cb60, sort_buffer=0x7f003a62c060 "\001", lastbuff=0x7f003a490660, Fb=0x7f003a490660, Tb=0x7f003a490780, flag=0) at /home/temporary/Desktop/10.1/sql/filesort.cc:1473
          		 
          #6  0x00000000007d00f8 in merge_many_buff (param=0x7f0040f7cd60, sort_buffer=0x7f003a62c060 "\001", buffpek=0x7f003a490660, maxbuffer=0x7f0040f7cd44, t_file=0x7f003a50e3c8) at /home/temporary/Desktop/10.1/sql/filesort.cc:1214
          		 
          #7  0x000000000094bd4e in Unique::merge (this=0x7f003a50e3a0, table=0x7f003a532078, buff=0x7f003a62c060 "\001", without_last_merge=true) at /home/temporary/Desktop/10.1/sql/uniques.cc:686
          		 
          #8  0x000000000094ba58 in Unique::walk (this=0x7f003a50e3a0, table=0x7f003a532078, action=0x87df60 <item_sum_distinct_walk_for_count(void*, element_count, void*)>, walk_action_arg=0x7f003a57d018) at /home/temporary/Desktop/10.1/sql/uniques.cc:618
          		 
          #9  0x000000000087f1f7 in Aggregator_distinct::endup (this=0x7f003a57d018) at /home/temporary/Desktop/10.1/sql/item_sum.cc:1117
          		 
          #10 0x0000000000880d91 in Item_sum_count::val_int (this=0x7f003a57b268) at /home/temporary/Desktop/10.1/sql/item_sum.cc:1618
          		 
          #11 0x00000000007f337f in Item::send (this=0x7f003a57b268, protocol=0x7f003b3f0628, buffer=0x7f0040f7cf80) at /home/temporary/Desktop/10.1/sql/item.cc:6658
          		 
          #12 0x0000000000564d31 in Protocol::send_result_set_row (this=0x7f003b3f0628, row_items=0x7f003a57beb0) at /home/temporary/Desktop/10.1/sql/protocol.cc:903
          		 
          #13 0x00000000005ce233 in select_send::send_data (this=0x7f003a57bab0, items=...) at /home/temporary/Desktop/10.1/sql/sql_class.cc:2375
          		 
          #14 0x000000000066afed in end_send_group (join=0x7f003a57bad0, join_tab=0x7f003a57cd80, end_of_records=true) at /home/temporary/Desktop/10.1/sql/sql_select.cc:18298
          		 
          #15 0x0000000000667cbb in sub_select (join=0x7f003a57bad0, join_tab=0x7f003a57ca60, end_of_records=true) at /home/temporary/Desktop/10.1/sql/sql_select.cc:17013
          		 
          #16 0x0000000000667761 in do_select (join=0x7f003a57bad0, fields=0x7f003a57beb0, table=0x0, procedure=0x0) at /home/temporary/Desktop/10.1/sql/sql_select.cc:16724
          		 
          #17 0x00000000006439bc in JOIN::exec (this=0x7f003a57bad0) at /home/temporary/Desktop/10.1/sql/sql_select.cc:2882
          		 
          #18 0x00000000006442a1 in mysql_select (thd=0x7f003b3f0060, rref_pointer_array=0x7f003b3f3cf0, tables=0x7f003a57b428, wild_num=0, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7f003a57bab0, unit=0x7f003b3f3388, select_lex=0x7f003b3f3a68) at /home/temporary/Desktop/10.1/sql/sql_select.cc:3103
          		 
          #19 0x000000000063a3f7 in handle_select (thd=0x7f003b3f0060, lex=0x7f003b3f32d8, result=0x7f003a57bab0, setup_tables_done_option=0) at /home/temporary/Desktop/10.1/sql/sql_select.cc:319
          		 
          #20 0x00000000006108e4 in execute_sqlcom_select (thd=0x7f003b3f0060, all_tables=0x7f003a57b428) at /home/temporary/Desktop/10.1/sql/sql_parse.cc:4685
          		 
          #21 0x0000000000609393 in mysql_execute_command (thd=0x7f003b3f0060) at /home/temporary/Desktop/10.1/sql/sql_parse.cc:2233
          		 
          #22 0x00000000006137fe in mysql_parse (thd=0x7f003b3f0060, rawbuf=0x7f003a57b078 "select count(distinct a) from t1", length=32, parser_state=0x7f0040f7e670) at /home/temporary/Desktop/10.1/sql/sql_parse.cc:5930
          		 
          #23 0x00000000006066fc in dispatch_command (command=COM_QUERY, thd=0x7f003b3f0060, packet=0x7f003b2f0061 "", packet_length=32) at /home/temporary/Desktop/10.1/sql/sql_parse.cc:1075
          		 
          #24 0x0000000000605887 in do_command (thd=0x7f003b3f0060) at /home/temporary/Desktop/10.1/sql/sql_parse.cc:793
          		 
          #25 0x000000000071aea6 in do_handle_one_connection (thd_arg=0x7f003b3f0060) at /home/temporary/Desktop/10.1/sql/sql_connect.cc:1268
          		 
          #26 0x000000000071ac0f in handle_one_connection (arg=0x7f003b3f0060) at /home/temporary/Desktop/10.1/sql/sql_connect.cc:1184
          		 
          #27 0x0000000000cc6969 in pfs_spawn_thread (arg=0x7f003b3ff200) at /home/temporary/Desktop/10.1/storage/perfschema/pfs.cc:1015
          		 
          #28 0x00007f00401216ba in start_thread (arg=0x7f0040f7f700) at pthread_create.c:333
          		 
          #29 0x00007f003f7cc3dd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

          varun Varun Gupta (Inactive) added a comment - The attached stack trace #0 __pthread_kill (threadid=<optimized out>, signo=11) at ../sysdeps/unix/sysv/linux/pthread_kill.c:62 #1 0x0000000000d13a6b in my_write_core (sig=11) at /home/temporary/Desktop/10.1/mysys/stacktrace.c:457 #2 0x00000000007d23ea in handle_fatal_signal (sig=11) at /home/temporary/Desktop/10.1/sql/signal_handler.cc:262 #3 <signal handler called> #4 __memcpy_avx_unaligned () at ../sysdeps/x86_64/multiarch/memcpy-avx-unaligned.S:181 #5 0x00000000007d0c56 in merge_buffers (param=0x7f0040f7cd60, from_file=0x7f003a50e3c8, to_file=0x7f0040f7cb60, sort_buffer=0x7f003a62c060 "\001", lastbuff=0x7f003a490660, Fb=0x7f003a490660, Tb=0x7f003a490780, flag=0) at /home/temporary/Desktop/10.1/sql/filesort.cc:1473 #6 0x00000000007d00f8 in merge_many_buff (param=0x7f0040f7cd60, sort_buffer=0x7f003a62c060 "\001", buffpek=0x7f003a490660, maxbuffer=0x7f0040f7cd44, t_file=0x7f003a50e3c8) at /home/temporary/Desktop/10.1/sql/filesort.cc:1214 #7 0x000000000094bd4e in Unique::merge (this=0x7f003a50e3a0, table=0x7f003a532078, buff=0x7f003a62c060 "\001", without_last_merge=true) at /home/temporary/Desktop/10.1/sql/uniques.cc:686 #8 0x000000000094ba58 in Unique::walk (this=0x7f003a50e3a0, table=0x7f003a532078, action=0x87df60 <item_sum_distinct_walk_for_count(void*, element_count, void*)>, walk_action_arg=0x7f003a57d018) at /home/temporary/Desktop/10.1/sql/uniques.cc:618 #9 0x000000000087f1f7 in Aggregator_distinct::endup (this=0x7f003a57d018) at /home/temporary/Desktop/10.1/sql/item_sum.cc:1117 #10 0x0000000000880d91 in Item_sum_count::val_int (this=0x7f003a57b268) at /home/temporary/Desktop/10.1/sql/item_sum.cc:1618 #11 0x00000000007f337f in Item::send (this=0x7f003a57b268, protocol=0x7f003b3f0628, buffer=0x7f0040f7cf80) at /home/temporary/Desktop/10.1/sql/item.cc:6658 #12 0x0000000000564d31 in Protocol::send_result_set_row (this=0x7f003b3f0628, row_items=0x7f003a57beb0) at /home/temporary/Desktop/10.1/sql/protocol.cc:903 #13 0x00000000005ce233 in select_send::send_data (this=0x7f003a57bab0, items=...) at /home/temporary/Desktop/10.1/sql/sql_class.cc:2375 #14 0x000000000066afed in end_send_group (join=0x7f003a57bad0, join_tab=0x7f003a57cd80, end_of_records=true) at /home/temporary/Desktop/10.1/sql/sql_select.cc:18298 #15 0x0000000000667cbb in sub_select (join=0x7f003a57bad0, join_tab=0x7f003a57ca60, end_of_records=true) at /home/temporary/Desktop/10.1/sql/sql_select.cc:17013 #16 0x0000000000667761 in do_select (join=0x7f003a57bad0, fields=0x7f003a57beb0, table=0x0, procedure=0x0) at /home/temporary/Desktop/10.1/sql/sql_select.cc:16724 #17 0x00000000006439bc in JOIN::exec (this=0x7f003a57bad0) at /home/temporary/Desktop/10.1/sql/sql_select.cc:2882 #18 0x00000000006442a1 in mysql_select (thd=0x7f003b3f0060, rref_pointer_array=0x7f003b3f3cf0, tables=0x7f003a57b428, wild_num=0, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7f003a57bab0, unit=0x7f003b3f3388, select_lex=0x7f003b3f3a68) at /home/temporary/Desktop/10.1/sql/sql_select.cc:3103 #19 0x000000000063a3f7 in handle_select (thd=0x7f003b3f0060, lex=0x7f003b3f32d8, result=0x7f003a57bab0, setup_tables_done_option=0) at /home/temporary/Desktop/10.1/sql/sql_select.cc:319 #20 0x00000000006108e4 in execute_sqlcom_select (thd=0x7f003b3f0060, all_tables=0x7f003a57b428) at /home/temporary/Desktop/10.1/sql/sql_parse.cc:4685 #21 0x0000000000609393 in mysql_execute_command (thd=0x7f003b3f0060) at /home/temporary/Desktop/10.1/sql/sql_parse.cc:2233 #22 0x00000000006137fe in mysql_parse (thd=0x7f003b3f0060, rawbuf=0x7f003a57b078 "select count(distinct a) from t1", length=32, parser_state=0x7f0040f7e670) at /home/temporary/Desktop/10.1/sql/sql_parse.cc:5930 #23 0x00000000006066fc in dispatch_command (command=COM_QUERY, thd=0x7f003b3f0060, packet=0x7f003b2f0061 "", packet_length=32) at /home/temporary/Desktop/10.1/sql/sql_parse.cc:1075 #24 0x0000000000605887 in do_command (thd=0x7f003b3f0060) at /home/temporary/Desktop/10.1/sql/sql_parse.cc:793 #25 0x000000000071aea6 in do_handle_one_connection (thd_arg=0x7f003b3f0060) at /home/temporary/Desktop/10.1/sql/sql_connect.cc:1268 #26 0x000000000071ac0f in handle_one_connection (arg=0x7f003b3f0060) at /home/temporary/Desktop/10.1/sql/sql_connect.cc:1184 #27 0x0000000000cc6969 in pfs_spawn_thread (arg=0x7f003b3ff200) at /home/temporary/Desktop/10.1/storage/perfschema/pfs.cc:1015 #28 0x00007f00401216ba in start_thread (arg=0x7f0040f7f700) at pthread_create.c:333 #29 0x00007f003f7cc3dd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109
          psergei Sergei Petrunia added a comment -

          Review done on slack. Ok to push after the input was addressed.

          psergei Sergei Petrunia added a comment - Review done on slack. Ok to push after the input was addressed.
          varun Varun Gupta (Inactive) added a comment - 

          Pushed to 5.5
          		 
          https://github.com/MariaDB/server/commit/0739179857699d68758ff2e56e9414735546ded6

          varun Varun Gupta (Inactive) added a comment - Pushed to 5.5 https://github.com/MariaDB/server/commit/0739179857699d68758ff2e56e9414735546ded6

          People

            varun Varun Gupta (Inactive)
            varun Varun Gupta (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.