Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-14391

InnoDB crash, memory corruption

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Cannot Reproduce
    • 10.2(EOL)
    • N/A
    • Virtual Columns
    • None

    Description

      reproducible with --repeat=N
      testcase:

      --source include/have_innodb.inc
      --source include/have_partition.inc
       
      CREATE TABLE t1 (col1 INT PRIMARY KEY, col2 VARCHAR(1), col3 BLOB AS (REPEAT(col2, 500)) VIRTUAL, KEY(col3(100)))
      ENGINE=INNODB
      PARTITION BY HASH(col1) PARTITIONS 2;
       
      CREATE TABLE t2 (col1 INT PRIMARY KEY, col2 VARCHAR(1), col3 BLOB AS (REPEAT(col2, 500)) VIRTUAL, KEY(col3(100)))
      ENGINE=INNODB
      PARTITION BY HASH(col1) PARTITIONS 2;
       
      INSERT INTO t1 (col1, col2) VALUES(1, 'd'), (2, 'c'), (3, 'b'), (4, 'a');
      INSERT INTO t2 (col1, col2) VALUES(1, 'd'), (2, 'c'), (3, 'b'), (4, 'a');
       
      SELECT t1.col1 FROM t1, t2 where t1.col1 = 3 AND t1.col3 = t2.col3 ORDER BY t2.col1 DESC;
       
      DROP TABLE t1;
      DROP TABLE t2;
       
      CREATE TABLE t1 (col1 int, col2 BLOB AS ('a') VIRTUAL, col3 INT,
      PRIMARY KEY(col1), KEY (col3, col2(1), col1))
      ENGINE=INNODB
      PARTITION BY KEY (col1) PARTITIONS 2;
       
      INSERT INTO t1(col1) values (1),(2);
      SELECT 1 FROM t1 WHERE col2 > 'a' GROUP BY col3;
       
      DROP TABLE t1;
      

      Server version: 10.2.12-MariaDB-debug-log
      key_buffer_size=1048576
      read_buffer_size=131072
      max_used_connections=1
      max_threads=153
      thread_count=7
      It is possible that mysqld could use up to 
      key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 63175 K  bytes of memory
      Hope that's ok; if not, decrease some variables in the equation.
       
      Thread pointer: 0x7f9948000a98
      Attempting backtrace. You can use the following information to find out
      where mysqld died. If you see no messages after this, something went
      terribly wrong...
      stack_bottom = 0x7f99982a3e70 thread_stack 0x49000
      /home/alice/git/10.2bis/sql/mysqld(my_print_stacktrace+0x38)[0x5588672d7dd7]
      /home/alice/git/10.2bis/sql/mysqld(handle_fatal_signal+0x3a3)[0x558866b69762]
      /lib/x86_64-linux-gnu/libpthread.so.0(+0x11390)[0x7f99a0287390]
      /lib/x86_64-linux-gnu/libc.so.6(+0x16e420)[0x7f999f779420]
      /home/alice/git/10.2bis/sql/mysqld(+0x10081f6)[0x5588673501f6]
      mysys/stacktrace.c:267(my_print_stacktrace)[0x558867350279]
      sql/signal_handler.cc:168(handle_fatal_signal)[0x558866b50d07]
      sql/field.cc:8106(Field_blob::cmp(unsigned char const*, unsigned int, unsigned char const*, unsigned int))[0x558866b50dba]
      sql/key.cc:612(key_rec_cmp)[0x558866c6366b]
      sql/ha_partition.cc:5428(cmp_key_part_id)[0x5588672a03a6]
      mysys/queues.c:305(_downheap)[0x5588672d75d0]
      mysys/queues.c:353(queue_fix)[0x5588672d7771]
      sql/ha_partition.cc:6239(ha_partition::handle_ordered_index_scan(unsigned char*, bool))[0x5588672a1e79]
      sql/ha_partition.cc:5627(ha_partition::common_first_last(unsigned char*))[0x5588672a0929]
      sql/ha_partition.cc:5574(ha_partition::index_first(unsigned char*))[0x5588672a07d0]
      sql/handler.cc:2717(handler::ha_index_first(unsigned char*))[0x558866b7143b]
      sql/sql_select.cc:19623(join_read_first(st_join_table*))[0x55886696b420]
      sql/sql_select.cc:18635(sub_select(JOIN*, st_join_table*, bool))[0x558866968e92]
      sql/sql_select.cc:18182(do_select(JOIN*, Procedure*))[0x558866968488]
      sql/sql_select.cc:3514(JOIN::exec_inner())[0x558866942f07]
      sql/sql_select.cc:3310(JOIN::exec())[0x5588669423a8]
      sql/sql_select.cc:3711(mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x558866943578]
      sql/sql_select.cc:373(handle_select(THD*, LEX*, select_result*, unsigned long))[0x558866937d69]
      sql/sql_parse.cc:6446(execute_sqlcom_select(THD*, TABLE_LIST*))[0x558866903fb0]
      sql/sql_parse.cc:3462(mysql_execute_command(THD*))[0x5588668f9c8e]
      sql/sql_parse.cc:7887(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x558866907929]
      sql/sql_parse.cc:1807(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x5588668f554e]
      sql/sql_parse.cc:1360(do_command(THD*))[0x5588668f3ea5]
      sql/sql_connect.cc:1354(do_handle_one_connection(CONNECT*))[0x558866a4191a]
      sql/sql_connect.cc:1261(handle_one_connection)[0x558866a4169a]
      perfschema/pfs.cc:1865(pfs_spawn_thread)[0x558866d9e6e0]
      /lib/x86_64-linux-gnu/libpthread.so.0(+0x76ba)[0x7f99a027d6ba]
      /lib/x86_64-linux-gnu/libc.so.6(clone+0x6d)[0x7f999f7123dd]
       
      Trying to get some variables.
      Some pointers may be invalid and cause the dump to abort.
      Query (0x7f994805faa0): SELECT 1 FROM t1 WHERE col2 > 'a' GROUP BY col3
      Connection ID (thread ID): 9
      Status: NOT_KILLED
       
      Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,engine_condition_pushdown=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=off,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on
      

      stacktrace

      [New LWP 23554]
       
      Program terminated with signal SIGSEGV, Segmentation fault.
      Thread 1 (Thread 0x7f0aec19c700 (LWP 24522)):
      #0  __pthread_kill (threadid=<optimized out>, signo=11) at ../sysdeps/unix/sysv/linux/pthread_kill.c:62
      #1  0x00005587605c1ec9 in my_write_core (sig=11) at /home/alice/git/10.2bis/mysys/stacktrace.c:477
      #2  0x000055875fe53b0e in handle_fatal_signal (sig=11) at /home/alice/git/10.2bis/sql/signal_handler.cc:303
      #3  <signal handler called>
      #4  __memcmp_sse4_1 () at ../sysdeps/x86_64/multiarch/memcmp-sse4.S:61
      #5  0x000055876063a1f6 in my_strnncoll_binary (cs=0x558761016560 <my_charset_bin>, s=0x8d30000000000000 <error: Cannot access memory at address 0x8d30000000000000>, slen=1, t=0x400000000000000 <error: Cannot access memory at address 0x400000000000000>, tlen=1, t_is_prefix=0 '\000') at /home/alice/git/10.2bis/strings/ctype-bin.c:85
      #6  0x000055876063a279 in my_strnncollsp_binary (cs=0x558761016560 <my_charset_bin>, s=0x8d30000000000000 <error: Cannot access memory at address 0x8d30000000000000>, slen=1, t=0x400000000000000 <error: Cannot access memory at address 0x400000000000000>, tlen=1) at /home/alice/git/10.2bis/strings/ctype-bin.c:124
      #7  0x000055875fe3ad07 in Field_blob::cmp (this=0x7f0a9c0b68f0, a=0x8d30000000000000 <error: Cannot access memory at address 0x8d30000000000000>, a_length=1, b=0x400000000000000 <error: Cannot access memory at address 0x400000000000000>, b_length=1) at /home/alice/git/10.2bis/sql/field.cc:8105
      #8  0x000055875fe3adba in Field_blob::cmp_max (this=0x7f0a9c0b68f0, a_ptr=0x7f0a9c0fa788 "!", b_ptr=0x7f0a9c0fa773 "", max_length=1) at /home/alice/git/10.2bis/sql/field.cc:8118
      #9  0x000055875ff4d66b in key_rec_cmp (key_p=0x7f0a9c18afe8, first_rec=0x7f0a9c0fa77f "\002\002", second_rec=0x7f0a9c0fa76a "\002\001") at /home/alice/git/10.2bis/sql/key.cc:612
      #10 0x000055876058a3a6 in cmp_key_part_id (key_p=0x7f0a9c18afe8, ref1=0x7f0a9c0fa77d "\001", ref2=0x7f0a9c0fa768 "") at /home/alice/git/10.2bis/sql/ha_partition.cc:5428
      #11 0x00005587605c15d0 in _downheap (queue=0x7f0a9c18b010, start_idx=1, element=0x7f0a9c0fa768 "") at /home/alice/git/10.2bis/mysys/queues.c:305
      #12 0x00005587605c1771 in queue_fix (queue=0x7f0a9c18b010) at /home/alice/git/10.2bis/mysys/queues.c:354
      #13 0x000055876058be79 in ha_partition::handle_ordered_index_scan (this=0x7f0a9c18ab10, buf=0x7f0a9c0b8ee0 "\376", reverse_order=false) at /home/alice/git/10.2bis/sql/ha_partition.cc:6238
      #14 0x000055876058a929 in ha_partition::common_first_last (this=0x7f0a9c18ab10, buf=0x7f0a9c0b8ee0 "\376") at /home/alice/git/10.2bis/sql/ha_partition.cc:5626
      #15 0x000055876058a7d0 in ha_partition::index_first (this=0x7f0a9c18ab10, buf=0x7f0a9c0b8ee0 "\376") at /home/alice/git/10.2bis/sql/ha_partition.cc:5574
      #16 0x000055875fe5b43b in handler::ha_index_first (this=0x7f0a9c18ab10, buf=0x7f0a9c0b8ee0 "\376") at /home/alice/git/10.2bis/sql/handler.cc:2717
      #17 0x000055875fc55420 in join_read_first (tab=0x7f0a9c188120) at /home/alice/git/10.2bis/sql/sql_select.cc:19623
      #18 0x000055875fc52e92 in sub_select (join=0x7f0a9c162370, join_tab=0x7f0a9c188120, end_of_records=false) at /home/alice/git/10.2bis/sql/sql_select.cc:18635
      #19 0x000055875fc52488 in do_select (join=0x7f0a9c162370, procedure=0x0) at /home/alice/git/10.2bis/sql/sql_select.cc:18182
      #20 0x000055875fc2cf07 in JOIN::exec_inner (this=0x7f0a9c162370) at /home/alice/git/10.2bis/sql/sql_select.cc:3514
      #21 0x000055875fc2c3a8 in JOIN::exec (this=0x7f0a9c162370) at /home/alice/git/10.2bis/sql/sql_select.cc:3309
      #22 0x000055875fc2d578 in mysql_select (thd=0x7f0a9c000a98, tables=0x7f0a9c0eafc0, wild_num=0, fields=..., conds=0x7f0a9c032540, og_num=1, order=0x0, group=0x7f0a9c068850, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7f0a9c16f410, unit=0x7f0a9c004638, select_lex=0x7f0a9c004d90) at /home/alice/git/10.2bis/sql/sql_select.cc:3709
      #23 0x000055875fc21d69 in handle_select (thd=0x7f0a9c000a98, lex=0x7f0a9c004570, result=0x7f0a9c16f410, setup_tables_done_option=0) at /home/alice/git/10.2bis/sql/sql_select.cc:373
      #24 0x000055875fbedfb0 in execute_sqlcom_select (thd=0x7f0a9c000a98, all_tables=0x7f0a9c0eafc0) at /home/alice/git/10.2bis/sql/sql_parse.cc:6446
      #25 0x000055875fbe3c8e in mysql_execute_command (thd=0x7f0a9c000a98) at /home/alice/git/10.2bis/sql/sql_parse.cc:3462
      #26 0x000055875fbf1929 in mysql_parse (thd=0x7f0a9c000a98, rawbuf=0x7f0a9c099be0 "SELECT 1 FROM t1 WHERE col2 > 'a' GROUP BY col3", length=47, parser_state=0x7f0aec19b1f0, is_com_multi=false, is_next_command=false) at /home/alice/git/10.2bis/sql/sql_parse.cc:7887
      #27 0x000055875fbdf54e in dispatch_command (command=COM_QUERY, thd=0x7f0a9c000a98, packet=0x7f0a9c007fe9 "", packet_length=47, is_com_multi=false, is_next_command=false) at /home/alice/git/10.2bis/sql/sql_parse.cc:1805
      #28 0x000055875fbddea5 in do_command (thd=0x7f0a9c000a98) at /home/alice/git/10.2bis/sql/sql_parse.cc:1360
      #29 0x000055875fd2b91a in do_handle_one_connection (connect=0x558762a231f8) at /home/alice/git/10.2bis/sql/sql_connect.cc:1354
      #30 0x000055875fd2b69a in handle_one_connection (arg=0x558762a231f8) at /home/alice/git/10.2bis/sql/sql_connect.cc:1260
      #31 0x00005587600886e0 in pfs_spawn_thread (arg=0x558762ea1f98) at /home/alice/git/10.2bis/storage/perfschema/pfs.cc:1863
      #32 0x00007f0af51776ba in start_thread (arg=0x7f0aec19c700) at pthread_create.c:333
      #33 0x00007f0af460c3dd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109
      
      

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              alice Alice Sherepa
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.