Details
-
Bug
-
Status: Closed (View Workflow)
-
Critical
-
Resolution: Fixed
-
10.2(EOL), 10.3(EOL), 10.4(EOL), 10.5
-
None
Description
# mysqld options required for replay: --sql_mode=
|
USE test;
|
SET @@SESSION.sort_buffer_size=200;
|
CREATE TEMPORARY TABLE t1(c1 CHAR(2) PRIMARY KEY,c2 INT ZEROFILL);
|
CREATE TEMPORARY TABLE t2(c1 CHAR(255) PRIMARY KEY,c2 CHAR (255));
|
INSERT INTO t1 VALUES(0,0);
|
INSERT INTO t1 VALUES('aaa',0);
|
INSERT INTO t2 VALUES('aaa',0);
|
INSERT INTO t2 SELECT * FROM t1;
|
DELETE FROM b,c USING t2 AS a JOIN t1 AS b JOIN t2 AS c;
|
Leads to:
|
10.5.3 e8351934b68d6d3ee273292eaa2ece203bb2b846 |
Core was generated by `/data/MD020420-mariadb-10.5.3-linux-x86_64-opt/bin/mysqld --no-defaults --core-'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=11)
|
at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
|
[Current thread is 1 (Thread 0x7fe556220700 (LWP 31020))]
|
(gdb) bt
|
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=11) at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
|
#1 0x000055ad8b1bed47 in my_write_core (sig=sig@entry=11) at /data/10.5_opt/mysys/stacktrace.c:518
|
#2 0x000055ad8ab8087a in handle_fatal_signal (sig=11) at /data/10.5_opt/sql/signal_handler.cc:325
|
#3 <signal handler called>
|
#4 ha_innobase::cmp_ref (this=0x7fe527856830, ref1=0x7fe5278b0810 "0", ' ' <repeats 199 times>..., ref2=0x7fe5278b0216 "0", ' ' <repeats 199 times>...) at /data/10.5_opt/storage/innobase/handler/ha_innodb.cc:17088
|
#5 0x000055ad8b1be84d in queue_insert (queue=queue@entry=0x7fe55621eb40, element=element@entry=0x7fe5278778f8 "\020\b\213'\345\177") at /data/10.5_opt/mysys/queues.c:204
|
#6 0x000055ad8ab7ccfa in merge_buffers (param=param@entry=0x7fe55621ec50, from_file=from_file@entry=0x7fe52784c940, to_file=to_file@entry=0x7fe52784cd28, sort_buffer=..., lastbuff=lastbuff@entry=0x7fe527877818, Fb=0x7fe527877818, Tb=0x7fe527877930, flag=1) at /data/10.5_opt/sql/filesort.cc:1869
|
#7 0x000055ad8ab7da96 in merge_index (param=param@entry=0x7fe55621ec50, sort_buffer=..., buffpek=buffpek@entry=0x7fe527877818, maxbuffer=<optimized out>, tempfile=tempfile@entry=0x7fe52784c940, outfile=0x7fe52784cd28) at /data/10.5_opt/sql/filesort.cc:2082
|
#8 0x000055ad8aa5be19 in Unique::merge (this=this@entry=0x7fe52784c908, table=table@entry=0x7fe5278c1a18, buff=buff@entry=0x7fe5278b0018 "0", ' ' <repeats 199 times>..., buff_size=buff_size@entry=1275, without_last_merge=without_last_merge@entry=false) at /data/10.5_opt/sql/uniques.cc:753
|
#9 0x000055ad8aa5c589 in Unique::get (this=0x7fe52784c908, table=table@entry=0x7fe5278c1a18) at /data/10.5_opt/sql/uniques.cc:810
|
#10 0x000055ad8accee05 in multi_delete::do_deletes (this=0x7fe52784a4b0) at /data/10.5_opt/sql/sql_delete.cc:1448
|
#11 0x000055ad8accef12 in multi_delete::send_eof (this=0x7fe52784a4b0) at /data/10.5_opt/sql/sql_delete.cc:1559
|
#12 0x000055ad8a9e9f9c in do_select (procedure=<optimized out>, join=0x7fe52784a520) at /data/10.5_opt/sql/sql_select.cc:20192
|
#13 JOIN::exec_inner (this=this@entry=0x7fe52784a520) at /data/10.5_opt/sql/sql_select.cc:4463
|
#14 0x000055ad8a9ea257 in JOIN::exec (this=this@entry=0x7fe52784a520) at /data/10.5_opt/sql/sql_select.cc:4244
|
#15 0x000055ad8a9e85a2 in mysql_select (thd=thd@entry=0x7fe527812018, tables=0x7fe527847f78, fields=..., conds=conds@entry=0x0, og_num=og_num@entry=0, order=order@entry=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2202244746112, result=0x7fe52784a4b0, unit=0x7fe527815e60, select_lex=0x7fe527816660) at /data/10.5_opt/sql/sql_select.cc:4668
|
#16 0x000055ad8a98c308 in mysql_execute_command (thd=thd@entry=0x7fe527812018) at /data/10.5_opt/sql/sql_parse.cc:4806
|
#17 0x000055ad8a992a6c in mysql_parse (thd=thd@entry=0x7fe527812018, rawbuf=<optimized out>, length=55, parser_state=parser_state@entry=0x7fe55621f4d0, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /data/10.5_opt/sql/sql_parse.cc:7953
|
#18 0x000055ad8a9878e0 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x7fe527812018, packet=packet@entry=0x7fe52783a019 "DELETE FROM b,c USING t2 AS a JOIN t1 AS b JOIN t2 AS c", packet_length=packet_length@entry=55, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /data/10.5_opt/sql/sql_parse.cc:1839
|
#19 0x000055ad8a985bff in do_command (thd=0x7fe527812018) at /data/10.5_opt/sql/sql_parse.cc:1358
|
#20 0x000055ad8aa7a92e in do_handle_one_connection (connect=<optimized out>, connect@entry=0x7fe553c329b8, put_in_cache=put_in_cache@entry=true) at /data/10.5_opt/sql/sql_connect.cc:1422
|
#21 0x000055ad8aa7aad4 in handle_one_connection (arg=arg@entry=0x7fe553c329b8) at /data/10.5_opt/sql/sql_connect.cc:1319
|
#22 0x000055ad8ade69da in pfs_spawn_thread (arg=0x7fe553c4b018) at /data/10.5_opt/storage/perfschema/pfs.cc:2201
|
#23 0x00007fe5556476db in start_thread (arg=0x7fe556220700) at pthread_create.c:463
|
#24 0x00007fe554a4588f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
Bug confirmed present in:
MariaDB: 10.2.32 (opt), 10.3.23 (opt), 10.4.13 (opt), 10.5.3 (dbg), 10.5.3 (opt)
Bug confirmed not present in:
MariaDB: 10.1.45 (dbg), 10.1.45 (opt), 10.2.32 (dbg), 10.3.23 (dbg), 10.4.13 (dbg)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.47 (dbg), 5.6.47 (opt), 5.7.29 (dbg), 5.7.29 (opt), 8.0.19 (dbg), 8.0.19 (opt)
However;
MariaDB 10.4.13 (dbg), 10.3.23 (dbg), 10.2.32(dbg):
10.4.13>DELETE FROM b,c USING t2 AS a JOIN t1 AS b JOIN t2 AS c;
|
Query OK, 5 rows affected (0.211 sec)
|
|
|
10.3.23>DELETE FROM b,c USING t2 AS a JOIN t1 AS b JOIN t2 AS c;
|
Query OK, 5 rows affected (0.211 sec)
|
|
|
10.2.32>DELETE FROM b,c USING t2 AS a JOIN t1 AS b JOIN t2 AS c;
|
Query OK, 5 rows affected (0.37 sec)
|
And, MariaDB 10.1.45 (opt/dbg):
10.1.45>DELETE FROM b,c USING t2 AS a JOIN t1 AS b JOIN t2 AS c;
|
ERROR 1137 (HY000): Can't reopen table: 'a'
|
Attachments
Issue Links
- relates to
-
-
- Closed
-
Activity
It looks like this bug can lead to data inconsistencies between versions / with replication.
| Field | Original Value | New Value |
|---|---|---|
| Summary | SIGSEGV in ha_innobase::cmp_ref on DELETE with varied outcomes in different MariaDB versions | SIGSEGV in ha_innobase::cmp_ref on DELETE (on optimized builds) with varied outcomes in different MariaDB versions |
Also, on MariaDB 10.5.3 (dbg) this produces an assert and different stack;
mysqld: /data/10.5_dbg/sql/sql_sort.h:98: void Merge_chunk::set_buffer_end(uchar*): Assertion `m_buffer_end == __null || end <= m_buffer_end' failed.
|
Core was generated by `/ram/MD080420-mariadb-10.5.3-linux-x86_64-dbg/bin/mysqld --no-defaults --core-f'.
|
Program terminated with signal SIGABRT, Aborted.
|
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=6)
|
at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
|
[Current thread is 1 (Thread 0x7f3705e20700 (LWP 14319))]
|
(gdb) bt
|
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=6)
|
at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
|
#1 0x000055901df9dd3a in my_write_core (sig=sig@entry=6) at /data/10.5_dbg/mysys/stacktrace.c:518
|
#2 0x000055901d743b1b in handle_fatal_signal (sig=6) at /data/10.5_dbg/sql/signal_handler.cc:329
|
#3 <signal handler called>
|
#4 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
|
#5 0x00007f3704564801 in __GI_abort () at abort.c:79
|
#6 0x00007f370455439a in __assert_fail_base (
|
fmt=0x7f37046db7d8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n",
|
assertion=assertion@entry=0x55901e2a4bb8 "m_buffer_end == __null || end <= m_buffer_end",
|
file=file@entry=0x55901e2a446e "/data/10.5_dbg/sql/sql_sort.h", line=line@entry=98,
|
function=function@entry=0x55901e2a5260 <Merge_chunk::set_buffer_end(unsigned char*)::__PRETTY_FUNCTION__> "void Merge_chunk::set_buffer_end(uchar*)") at assert.c:92
|
#7 0x00007f3704554412 in __GI___assert_fail (
|
assertion=assertion@entry=0x55901e2a4bb8 "m_buffer_end == __null || end <= m_buffer_end",
|
file=file@entry=0x55901e2a446e "/data/10.5_dbg/sql/sql_sort.h", line=line@entry=98,
|
function=function@entry=0x55901e2a5260 <Merge_chunk::set_buffer_end(unsigned char*)::__PRETTY_FUNCTION__> "void Merge_chunk::set_buffer_end(uchar*)") at assert.c:101
|
#8 0x000055901d73ec18 in Merge_chunk::set_buffer_end (end=0x7f36d7907686 '\245' <repeats 200 times>...,
|
this=0x7f36d784dc88) at /data/10.5_dbg/sql/sql_sort.h:98
|
#9 merge_buffers (param=param@entry=0x7f3705e1e840, from_file=from_file@entry=0x7f36d78daf78,
|
to_file=to_file@entry=0x7f36d78db3e0, sort_buffer=..., lastbuff=lastbuff@entry=0x7f36d784dc88,
|
Fb=0x7f36d784dc88, Tb=0x7f36d784dda0, flag=1) at /data/10.5_dbg/sql/filesort.cc:1866
|
#10 0x000055901d73fba5 in merge_index (param=param@entry=0x7f3705e1e840, sort_buffer=...,
|
buffpek=buffpek@entry=0x7f36d784dc88, maxbuffer=5, tempfile=tempfile@entry=0x7f36d78daf78,
|
outfile=0x7f36d78db3e0) at /data/10.5_dbg/sql/filesort.cc:2082
|
#11 0x000055901d5bef32 in Unique::merge (this=this@entry=0x7f36d78daf40,
|
table=table@entry=0x7f36d78d8088, buff=buff@entry=0x7f36d7907488 "0", ' ' <repeats 199 times>...,
|
buff_size=buff_size@entry=1275, without_last_merge=without_last_merge@entry=false)
|
at /data/10.5_dbg/sql/uniques.cc:753
|
#12 0x000055901d5bf77e in Unique::get (this=0x7f36d78daf40, table=table@entry=0x7f36d78d8088)
|
at /data/10.5_dbg/sql/uniques.cc:810
|
#13 0x000055901d90770b in multi_delete::do_deletes (this=this@entry=0x7f36d7877520)
|
at /data/10.5_dbg/sql/sql_delete.cc:1448
|
#14 0x000055901d9077c9 in multi_delete::send_eof (this=0x7f36d7877520)
|
at /data/10.5_dbg/sql/sql_delete.cc:1559
|
#15 0x000055901d5188cb in do_select (procedure=<optimized out>, join=0x7f36d7877590)
|
at /data/10.5_dbg/sql/sql_select.cc:20192
|
#16 JOIN::exec_inner (this=this@entry=0x7f36d7877590) at /data/10.5_dbg/sql/sql_select.cc:4463
|
#17 0x000055901d518afd in JOIN::exec (this=this@entry=0x7f36d7877590)
|
at /data/10.5_dbg/sql/sql_select.cc:4244
|
#18 0x000055901d516e12 in mysql_select (thd=thd@entry=0x7f36d7815088, tables=<optimized out>, fields=...,
|
conds=conds@entry=0x0, og_num=og_num@entry=0, order=order@entry=0x0, group=0x0, having=0x0,
|
proc_param=0x0, select_options=2202244746112, result=0x7f36d7877520, unit=0x7f36d7819090,
|
select_lex=0x7f36d7819890) at /data/10.5_dbg/sql/sql_select.cc:4668
|
#19 0x000055901d49cd48 in mysql_execute_command (thd=thd@entry=0x7f36d7815088)
|
at /data/10.5_dbg/sql/sql_parse.cc:4806
|
#20 0x000055901d4a7851 in mysql_parse (thd=thd@entry=0x7f36d7815088, rawbuf=<optimized out>,
|
length=<optimized out>, parser_state=parser_state@entry=0x7f3705e1f450,
|
is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false)
|
at /data/10.5_dbg/sql/sql_parse.cc:7953
|
#21 0x000055901d493599 in dispatch_command (command=command@entry=COM_QUERY,
|
thd=thd@entry=0x7f36d7815088,
|
packet=packet@entry=0x7f36d7867089 "DELETE FROM b,c USING t2 AS a JOIN t1 AS b JOIN t2 AS c",
|
table=table@entry=0x7f36d78d8088, buff=buff@entry=0x7f36d7907488 "0", ' ' <repeats 199 times>...,
|
buff_size=buff_size@entry=1275, without_last_merge=without_last_merge@entry=false)
|
at /data/10.5_dbg/sql/uniques.cc:753
|
#12 0x000055901d5bf77e in Unique::get (this=0x7f36d78daf40, table=table@entry=0x7f36d78d8088)
|
at /data/10.5_dbg/sql/uniques.cc:810
|
#13 0x000055901d90770b in multi_delete::do_deletes (this=this@entry=0x7f36d7877520)
|
at /data/10.5_dbg/sql/sql_delete.cc:1448
|
#14 0x000055901d9077c9 in multi_delete::send_eof (this=0x7f36d7877520)
|
at /data/10.5_dbg/sql/sql_delete.cc:1559
|
#15 0x000055901d5188cb in do_select (procedure=<optimized out>, join=0x7f36d7877590)
|
at /data/10.5_dbg/sql/sql_select.cc:20192
|
#16 JOIN::exec_inner (this=this@entry=0x7f36d7877590) at /data/10.5_dbg/sql/sql_select.cc:4463
|
#17 0x000055901d518afd in JOIN::exec (this=this@entry=0x7f36d7877590)
|
at /data/10.5_dbg/sql/sql_select.cc:4244
|
#18 0x000055901d516e12 in mysql_select (thd=thd@entry=0x7f36d7815088, tables=<optimized out>, fields=...,
|
conds=conds@entry=0x0, og_num=og_num@entry=0, order=order@entry=0x0, group=0x0, having=0x0,
|
proc_param=0x0, select_options=2202244746112, result=0x7f36d7877520, unit=0x7f36d7819090,
|
select_lex=0x7f36d7819890) at /data/10.5_dbg/sql/sql_select.cc:4668
|
#19 0x000055901d49cd48 in mysql_execute_command (thd=thd@entry=0x7f36d7815088)
|
at /data/10.5_dbg/sql/sql_parse.cc:4806
|
#20 0x000055901d4a7851 in mysql_parse (thd=thd@entry=0x7f36d7815088, rawbuf=<optimized out>,
|
length=<optimized out>, parser_state=parser_state@entry=0x7f3705e1f450,
|
is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false)
|
at /data/10.5_dbg/sql/sql_parse.cc:7953
|
#21 0x000055901d493599 in dispatch_command (command=command@entry=COM_QUERY,
|
thd=thd@entry=0x7f36d7815088,
|
packet=packet@entry=0x7f36d7867089 "DELETE FROM b,c USING t2 AS a JOIN t1 AS b JOIN t2 AS c",
|
packet_length=packet_length@entry=55, is_com_multi=is_com_multi@entry=false,
|
is_next_command=is_next_command@entry=false) at /data/10.5_dbg/sql/sql_parse.cc:1839
|
#22 0x000055901d491def in do_command (thd=0x7f36d7815088) at /data/10.5_dbg/sql/sql_parse.cc:1358
|
#23 0x000055901d5ec8ef in do_handle_one_connection (connect=<optimized out>,
|
connect@entry=0x7f36dd0433a8, put_in_cache=put_in_cache@entry=true)
|
at /data/10.5_dbg/sql/sql_connect.cc:1422
|
#24 0x000055901d5ecc1e in handle_one_connection (arg=arg@entry=0x7f36dd0433a8)
|
at /data/10.5_dbg/sql/sql_connect.cc:1319
|
#25 0x000055901da4ccae in pfs_spawn_thread (arg=0x7f3703845888)
|
at /data/10.5_dbg/storage/perfschema/pfs.cc:2201
|
#26 0x00007f37052476db in start_thread (arg=0x7f3705e20700) at pthread_create.c:463
|
#27 0x00007f370464588f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
| Summary | SIGSEGV in ha_innobase::cmp_ref on DELETE (on optimized builds) with varied outcomes in different MariaDB versions | SIGSEGV in ha_innobase::cmp_ref on DELETE (optimized builds) and SIGABRT in Merge_chunk::set_buffer_end (debug builds) with varied query outcomes in different MariaDB versions |
| Assignee | Roel Van de Paar [ roel ] |
| Assignee | Roel Van de Paar [ roel ] | Sergei Petrunia [ psergey ] |
Another testcase
USE test;
|
SET SQL_MODE='';
|
SET @@SESSION.sort_buffer_size=1024;
|
CREATE TABLE t1(c1 INT PRIMARY KEY) ENGINE=Aria;
|
CREATE TABLE t2(c1 CHAR(255) KEY) ENGINE=InnoDB;
|
INSERT INTO t2 VALUES('');
|
INSERT INTO t2 VALUES('a');
|
INSERT INTO t1 SELECT * FROM t2;
|
INSERT INTO t2 SELECT * FROM t1;
|
DELETE b FROM t2 AS a JOIN t2 AS b;
|
| Assignee | Sergei Petrunia [ psergey ] | Varun Gupta [ varun ] |
| Link |
This issue relates to |
This is fixed in 10.1 after MDEV-22728. Will add the test case to the regression suite.
| Summary | SIGSEGV in ha_innobase::cmp_ref on DELETE (optimized builds) and SIGABRT in Merge_chunk::set_buffer_end (debug builds) with varied query outcomes in different MariaDB versions | SIGSEGV in ha_innobase::cmp_ref on DELETE |
| Component/s | Optimizer [ 10200 ] | |
| Fix Version/s | 10.5.4 [ 24264 ] | |
| Fix Version/s | 10.1.46 [ 24308 ] | |
| Fix Version/s | 10.2.33 [ 24307 ] | |
| Fix Version/s | 10.3.24 [ 24306 ] | |
| Fix Version/s | 10.4.14 [ 24305 ] | |
| Fix Version/s | 10.2 [ 14601 ] | |
| Fix Version/s | 10.3 [ 22126 ] | |
| Fix Version/s | 10.4 [ 22408 ] | |
| Fix Version/s | 10.5 [ 23123 ] | |
| Resolution | Fixed [ 1 ] | |
| Status | Open [ 1 ] | Closed [ 6 ] |
| Fix Version/s | 10.5.5 [ 24423 ] | |
| Fix Version/s | 10.5.4 [ 24264 ] |
| Workflow | MariaDB v3 [ 106862 ] | MariaDB v4 [ 157575 ] |
ha_innobase::cmp_ref also crashes on UPDATE with partitioning, ref
MDEV-18371, perhaps fix at same time?