[MDEV-22715] SIGSEGV in radixsort_for_str_ptr and in native_compare/my_qsort2 (optimized builds) - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Critical
Resolution: Fixed
Affects Version/s: 10.1(EOL), 10.2(EOL), 10.3(EOL), 10.4(EOL), 10.5
Fix Version/s: 10.5.4, 10.1.46, 10.2.33, 10.3.24, 10.4.14
Component/s: Optimizer
Labels:
- regression
- sporadic

Description

SOURCE in.sql;

Leads to:

10.5.4 8569dac1ec9f6853a0b2f3ea9bcbda67644ead24 dbg
Core was generated by `/test/MD260520-mariadb-10.5.4-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=11)
at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
[Current thread is 1 (Thread 0x14b6f792e700 (LWP 688652))]
(gdb) bt
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=11) at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
#1 0x0000561fed75fd7a in my_write_core (sig=sig@entry=11) at /test/10.5_dbg/mysys/stacktrace.c:518
#2 0x0000561fecf05385 in handle_fatal_signal (sig=11) at /test/10.5_dbg/sql/signal_handler.cc:330
#3 <signal handler called>
#4 0x0000561fed74ff8a in radixsort_for_str_ptr (base=0x14b6d3d687e0, number_of_elements=number_of_elements@entry=80659, size_of_element=<optimized out>, buffer=buffer@entry=0x14b6d3a46088) at /test/10.5_dbg/mysys/mf_radix.c:45
#5 0x0000561fed1172a9 in Filesort_buffer::sort_buffer (this=this@entry=0x14b6d34dc200, param=param@entry=0x14b6f792bbd0, count=count@entry=80659) at /test/10.5_dbg/sql/filesort_utils.cc:187
#6 0x0000561fecefcbb8 in SORT_INFO::sort_buffer (count=80659, param=0x14b6f792bbd0, this=0x14b6d34dc200) at /test/10.5_dbg/sql/filesort.h:151
#7 write_keys (param=param@entry=0x14b6f792bbd0, fs_info=fs_info@entry=0x14b6d34dc200, count=count@entry=80659, buffpek_pointers=buffpek_pointers@entry=0x14b6f792bde0, tempfile=tempfile@entry=0x14b6f792bc70) at /test/10.5_dbg/sql/filesort.cc:1040
#8 0x0000561fecf033fb in find_all_keys (found_rows=0x14b6d34dc3f0, pq=0x0, tempfile=0x14b6f792bc70, buffpek_pointers=0x14b6f792bde0, fs_info=0x14b6d34dc200, select=0x14b6d3477b98, param=0x14b6f792bbd0, thd=0x14b6d3415088) at /test/10.5_dbg/sql/filesort.cc:945
#9 filesort (thd=thd@entry=0x14b6d3415088, table=table@entry=0x14b6d34d5088, filesort=filesort@entry=0x14b6d3477d68, tracker=0x14b6d3478458, join=join@entry=0x14b6d3475ab0, first_table_bit=<optimized out>) at /test/10.5_dbg/sql/filesort.cc:356
#10 0x0000561feccafe83 in create_sort_index (thd=0x14b6d3415088, join=0x14b6d3475ab0, tab=tab@entry=0x14b6d3477258, fsort=0x14b6d3477d68, fsort@entry=0x0) at /test/10.5_dbg/sql/sql_select.cc:23870
#11 0x0000561feccb01b2 in st_join_table::sort_table (this=this@entry=0x14b6d3477258) at /test/10.5_dbg/sql/sql_select.cc:21599
#12 0x0000561feccb02e6 in join_init_read_record (tab=0x14b6d3477258) at /test/10.5_dbg/sql/sql_select.cc:21538
#13 0x0000561fecca0c11 in sub_select (join=0x14b6d3475ab0, join_tab=0x14b6d3477258, end_of_records=<optimized out>) at /test/10.5_dbg/sql/sql_select.cc:20612
#14 0x0000561feccd8a16 in do_select (procedure=0x0, join=0x14b6d3475ab0) at /test/10.5_dbg/sql/sql_select.cc:20149
#15 JOIN::exec_inner (this=this@entry=0x14b6d3475ab0) at /test/10.5_dbg/sql/sql_select.cc:4464
#16 0x0000561feccd9031 in JOIN::exec (this=this@entry=0x14b6d3475ab0) at /test/10.5_dbg/sql/sql_select.cc:4245
#17 0x0000561feccd7346 in mysql_select (thd=thd@entry=0x14b6d3415088, tables=<optimized out>, fields=..., conds=0x0, og_num=2, order=<optimized out>, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x14b6d3475a88, unit=0x14b6d34190a0, select_lex=0x14b6d3474140) at /test/10.5_dbg/sql/sql_select.cc:4669
#18 0x0000561feccd7675 in handle_select (thd=thd@entry=0x14b6d3415088, lex=lex@entry=0x14b6d3418fd8, result=result@entry=0x14b6d3475a88, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.5_dbg/sql/sql_select.cc:417
#19 0x0000561fecc620bf in execute_sqlcom_select (thd=thd@entry=0x14b6d3415088, all_tables=0x14b6d3474738) at /test/10.5_dbg/sql/sql_parse.cc:6207
#20 0x0000561fecc5b1f4 in mysql_execute_command (thd=thd@entry=0x14b6d3415088) at /test/10.5_dbg/sql/sql_parse.cc:3939
#21 0x0000561fecc6802e in mysql_parse (thd=thd@entry=0x14b6d3415088, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14b6f792d3d0, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_dbg/sql/sql_parse.cc:7991
#22 0x0000561fecc54b42 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14b6d3415088, packet=packet@entry=0x14b6d3467089 "", packet_length=packet_length@entry=31, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_dbg/sql/sql_parse.cc:1874
#23 0x0000561fecc5331c in do_command (thd=0x14b6d3415088) at /test/10.5_dbg/sql/sql_parse.cc:1355
#24 0x0000561fecdad73f in do_handle_one_connection (connect=<optimized out>, connect@entry=0x14b6d70453a8, put_in_cache=put_in_cache@entry=true) at /test/10.5_dbg/sql/sql_connect.cc:1411
#25 0x0000561fecdade5b in handle_one_connection (arg=arg@entry=0x14b6d70453a8) at /test/10.5_dbg/sql/sql_connect.cc:1313
#26 0x0000561fed20d14e in pfs_spawn_thread (arg=0x14b6f5445888) at /test/10.5_dbg/storage/perfschema/pfs.cc:2201
#27 0x000014b6f6d556db in start_thread (arg=0x14b6f792e700) at pthread_create.c:463
#28 0x000014b6f615388f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

10.5.4 8569dac1ec9f6853a0b2f3ea9bcbda67644ead24 opt
Core was generated by `/test/MD260520-mariadb-10.5.4-linux-x86_64-opt/bin/mysqld --no-defaults --core-'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=11)
at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
[Current thread is 1 (Thread 0x145ec5db0700 (LWP 1075820))]
(gdb) bt
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=11)
at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
#1 0x000055f704f29337 in my_write_core (sig=sig@entry=11) at /test/10.5_opt/mysys/stacktrace.c:518
#2 0x000055f7048eb3ca in handle_fatal_signal (sig=11) at /test/10.5_opt/sql/signal_handler.cc:330
#3 <signal handler called>
#4 radixsort_for_str_ptr (base=0x145e8ad68770, number_of_elements=number_of_elements@entry=80659,
size_of_element=<optimized out>, buffer=buffer@entry=0x145e8b006018)
at /test/10.5_opt/mysys/mf_radix.c:45
#5 0x000055f704a74a38 in Filesort_buffer::sort_buffer (this=this@entry=0x145ea08e5180,
param=param@entry=0x145ec5dae540, count=count@entry=80659)
at /test/10.5_opt/sql/filesort_utils.cc:187
#6 0x000055f7048e5643 in SORT_INFO::sort_buffer (count=80659, param=<optimized out>,
this=0x145ea08e5180) at /test/10.5_opt/sql/filesort.h:151
#7 write_keys (param=param@entry=0x145ec5dae540, fs_info=fs_info@entry=0x145ea08e5180,
count=count@entry=80659, buffpek_pointers=buffpek_pointers@entry=0x145ec5dae6d0,
tempfile=tempfile@entry=0x145ec5dae5e0) at /test/10.5_opt/sql/filesort.cc:1040
#8 0x000055f7048e9c77 in find_all_keys (found_rows=0x145ea08e52f0, pq=0x0, tempfile=0x145ec5dae5e0,
buffpek_pointers=0x145ec5dae6d0, fs_info=0x145ea08e5180, select=0x145ea084aaa8,
param=0x145ec5dae540, thd=0x145ea0812018) at /test/10.5_opt/sql/filesort.cc:945
#9 filesort (thd=thd@entry=0x145ea0812018, table=table@entry=0x145ea0898c18,
filesort=filesort@entry=0x145ea084abf8, tracker=0x145ea084b2e0, join=join@entry=0x145ea0848a40,
first_table_bit=<optimized out>) at /test/10.5_opt/sql/filesort.cc:356
#10 0x000055f70473fa15 in create_sort_index (thd=0x145ea0812018, join=0x145ea0848a40,
tab=tab@entry=0x145ea084a1e8, fsort=0x145ea084abf8, fsort@entry=0x0)
at /test/10.5_opt/sql/sql_select.cc:23870
#11 0x000055f70473fcce in st_join_table::sort_table (this=this@entry=0x145ea084a1e8)
at /test/10.5_opt/sql/sql_select.cc:21599
#12 0x000055f70473fd5a in join_init_read_record (tab=0x145ea084a1e8)
at /test/10.5_opt/sql/sql_select.cc:21538
#13 0x000055f704731b57 in sub_select (join=0x145ea0848a40, join_tab=0x145ea084a1e8,
end_of_records=false) at /test/10.5_opt/sql/sql_select.cc:20612
#14 0x000055f70475323e in do_select (procedure=<optimized out>, join=0x145ea0848a40)
at /test/10.5_opt/sql/sql_select.cc:20149
#15 JOIN::exec_inner (this=this@entry=0x145ea0848a40) at /test/10.5_opt/sql/sql_select.cc:4464
#16 0x000055f704753677 in JOIN::exec (this=this@entry=0x145ea0848a40)
at /test/10.5_opt/sql/sql_select.cc:4245
#17 0x000055f7047519c2 in mysql_select (thd=thd@entry=0x145ea0812018, tables=0x145ea08476c8,
fields=..., conds=0x0, og_num=<optimized out>, order=0x145ea0848720, group=0x0, having=0x0,
proc_param=0x0, select_options=2147748608, result=0x145ea0848a18, unit=0x145ea0815e70,
select_lex=0x145ea08470d0) at /test/10.5_opt/sql/sql_select.cc:4669
#18 0x000055f704752381 in handle_select (thd=thd@entry=0x145ea0812018, lex=lex@entry=0x145ea0815da8,
result=result@entry=0x145ea0848a18, setup_tables_done_option=setup_tables_done_option@entry=0)
at /test/10.5_opt/sql/sql_select.cc:417
#19 0x000055f7046f8e91 in execute_sqlcom_select (thd=thd@entry=0x145ea0812018,
all_tables=0x145ea08476c8) at /test/10.5_opt/sql/sql_parse.cc:6207
#20 0x000055f7046f4db2 in mysql_execute_command (thd=thd@entry=0x145ea0812018)
at /test/10.5_opt/sql/sql_parse.cc:3939
#21 0x000055f7046fbfac in mysql_parse (thd=0x145ea0812018, rawbuf=<optimized out>, length=31,
parser_state=0x145ec5daf4b0, is_com_multi=<optimized out>, is_next_command=<optimized out>)
at /test/10.5_opt/sql/sql_parse.cc:7991
#22 0x000055f7046f12b5 in dispatch_command (command=command@entry=COM_QUERY,
thd=thd@entry=0x145ea0812018, packet=packet@entry=0x145ea083a019 "",
packet_length=packet_length@entry=31, is_com_multi=is_com_multi@entry=false,
is_next_command=is_next_command@entry=false) at /test/10.5_opt/sql/sql_parse.cc:1874
#23 0x000055f7046ef6a4 in do_command (thd=0x145ea0812018) at /test/10.5_opt/sql/sql_parse.cc:1355
#24 0x000055f7047e4891 in do_handle_one_connection (connect=<optimized out>,
connect@entry=0x145ec38329b8, put_in_cache=put_in_cache@entry=true)
at /test/10.5_opt/sql/sql_connect.cc:1411
#25 0x000055f7047e4bf4 in handle_one_connection (arg=arg@entry=0x145ec38329b8)
at /test/10.5_opt/sql/sql_connect.cc:1313
#26 0x000055f704b5106a in pfs_spawn_thread (arg=0x145ec384b018)
at /test/10.5_opt/storage/perfschema/pfs.cc:2201
#27 0x0000145ec51d76db in start_thread (arg=0x145ec5db0700) at pthread_create.c:463
#28 0x0000145ec45d588f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Bug confirmed present in:
MariaDB: 10.5.2 (dbg), 10.5.2 (opt), 10.5.4 (dbg), 10.5.4 (opt)

Bug confirmed not present in:
MariaDB: 10.1.46 (dbg), 10.1.46 (opt), 10.2.33 (dbg), 10.2.33 (opt), 10.3.24 (dbg), 10.3.24 (opt), 10.4.14 (dbg), 10.4.14 (opt)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.47 (dbg), 5.6.47 (opt), 5.7.29 (dbg), 5.7.29 (opt), 8.0.19 (dbg), 8.0.19 (opt)

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

in.sql
5 kB
2020-05-26 10:25

Issue Links

duplicates

MDEV-22875 Various SIGSEGV crashes on optimized builds which may be masked, or fixed, by recent changes related to max_sort_length

Closed

relates to

MDEV-22267 Assertion `length == Field_timef::pack_length()' failed in Field_timef::sort_string

Closed

MDEV-22875 Various SIGSEGV crashes on optimized builds which may be masked, or fixed, by recent changes related to max_sort_length

Closed

Activity

Ascending order - Click to sort in descending order

Roel Van de Paar created issue - 2020-05-26 10:20

Roel Van de Paar made changes - 2020-05-26 10:25

Field	Original Value	New Value
Attachment		in.sql [ 51946 ]

Roel Van de Paar added a comment - 2020-05-26 10:26

The attached file in.sql is not the shortest form of the testcase, but it is one which seemingly reproduces ~100% of the time. The issue seems to get highly sporadic when reduced much further.

Roel Van de Paar added a comment - 2020-05-26 10:26 The attached file in.sql is not the shortest form of the testcase, but it is one which seemingly reproduces ~100% of the time. The issue seems to get highly sporadic when reduced much further.

Roel Van de Paar made changes - 2020-05-26 10:27

Priority

Critical [ 2 ]

Blocker [ 1 ]

Roel Van de Paar made changes - 2020-05-26 10:36

Assignee

Varun Gupta [ varun ]

Roel Van de Paar made changes - 2020-05-26 10:37

Description

{noformat}
SOURCE in.sql;
{noformat}

Leads to:

{noformat:title=10.5.4 8569dac1ec9f6853a0b2f3ea9bcbda67644ead24 dbg}
Core was generated by `/test/MD260520-mariadb-10.5.4-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=11)
    at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
[Current thread is 1 (Thread 0x14b6f792e700 (LWP 688652))]
(gdb) bt
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=11) at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
#1 0x0000561fed75fd7a in my_write_core (sig=sig@entry=11) at /test/10.5_dbg/mysys/stacktrace.c:518
#2 0x0000561fecf05385 in handle_fatal_signal (sig=11) at /test/10.5_dbg/sql/signal_handler.cc:330
#3 <signal handler called>
#4 0x0000561fed74ff8a in radixsort_for_str_ptr (base=0x14b6d3d687e0, number_of_elements=number_of_elements@entry=80659, size_of_element=<optimized out>, buffer=buffer@entry=0x14b6d3a46088) at /test/10.5_dbg/mysys/mf_radix.c:45
#5 0x0000561fed1172a9 in Filesort_buffer::sort_buffer (this=this@entry=0x14b6d34dc200, param=param@entry=0x14b6f792bbd0, count=count@entry=80659) at /test/10.5_dbg/sql/filesort_utils.cc:187
#6 0x0000561fecefcbb8 in SORT_INFO::sort_buffer (count=80659, param=0x14b6f792bbd0, this=0x14b6d34dc200) at /test/10.5_dbg/sql/filesort.h:151
#7 write_keys (param=param@entry=0x14b6f792bbd0, fs_info=fs_info@entry=0x14b6d34dc200, count=count@entry=80659, buffpek_pointers=buffpek_pointers@entry=0x14b6f792bde0, tempfile=tempfile@entry=0x14b6f792bc70) at /test/10.5_dbg/sql/filesort.cc:1040
#8 0x0000561fecf033fb in find_all_keys (found_rows=0x14b6d34dc3f0, pq=0x0, tempfile=0x14b6f792bc70, buffpek_pointers=0x14b6f792bde0, fs_info=0x14b6d34dc200, select=0x14b6d3477b98, param=0x14b6f792bbd0, thd=0x14b6d3415088) at /test/10.5_dbg/sql/filesort.cc:945
#9 filesort (thd=thd@entry=0x14b6d3415088, table=table@entry=0x14b6d34d5088, filesort=filesort@entry=0x14b6d3477d68, tracker=0x14b6d3478458, join=join@entry=0x14b6d3475ab0, first_table_bit=<optimized out>) at /test/10.5_dbg/sql/filesort.cc:356
#10 0x0000561feccafe83 in create_sort_index (thd=0x14b6d3415088, join=0x14b6d3475ab0, tab=tab@entry=0x14b6d3477258, fsort=0x14b6d3477d68, fsort@entry=0x0) at /test/10.5_dbg/sql/sql_select.cc:23870
#11 0x0000561feccb01b2 in st_join_table::sort_table (this=this@entry=0x14b6d3477258) at /test/10.5_dbg/sql/sql_select.cc:21599
#12 0x0000561feccb02e6 in join_init_read_record (tab=0x14b6d3477258) at /test/10.5_dbg/sql/sql_select.cc:21538
#13 0x0000561fecca0c11 in sub_select (join=0x14b6d3475ab0, join_tab=0x14b6d3477258, end_of_records=<optimized out>) at /test/10.5_dbg/sql/sql_select.cc:20612
#14 0x0000561feccd8a16 in do_select (procedure=0x0, join=0x14b6d3475ab0) at /test/10.5_dbg/sql/sql_select.cc:20149
#15 JOIN::exec_inner (this=this@entry=0x14b6d3475ab0) at /test/10.5_dbg/sql/sql_select.cc:4464
#16 0x0000561feccd9031 in JOIN::exec (this=this@entry=0x14b6d3475ab0) at /test/10.5_dbg/sql/sql_select.cc:4245
#17 0x0000561feccd7346 in mysql_select (thd=thd@entry=0x14b6d3415088, tables=<optimized out>, fields=..., conds=0x0, og_num=2, order=<optimized out>, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x14b6d3475a88, unit=0x14b6d34190a0, select_lex=0x14b6d3474140) at /test/10.5_dbg/sql/sql_select.cc:4669
#18 0x0000561feccd7675 in handle_select (thd=thd@entry=0x14b6d3415088, lex=lex@entry=0x14b6d3418fd8, result=result@entry=0x14b6d3475a88, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.5_dbg/sql/sql_select.cc:417
#19 0x0000561fecc620bf in execute_sqlcom_select (thd=thd@entry=0x14b6d3415088, all_tables=0x14b6d3474738) at /test/10.5_dbg/sql/sql_parse.cc:6207
#20 0x0000561fecc5b1f4 in mysql_execute_command (thd=thd@entry=0x14b6d3415088) at /test/10.5_dbg/sql/sql_parse.cc:3939
#21 0x0000561fecc6802e in mysql_parse (thd=thd@entry=0x14b6d3415088, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14b6f792d3d0, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_dbg/sql/sql_parse.cc:7991
#22 0x0000561fecc54b42 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14b6d3415088, packet=packet@entry=0x14b6d3467089 "", packet_length=packet_length@entry=31, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_dbg/sql/sql_parse.cc:1874
#23 0x0000561fecc5331c in do_command (thd=0x14b6d3415088) at /test/10.5_dbg/sql/sql_parse.cc:1355
#24 0x0000561fecdad73f in do_handle_one_connection (connect=<optimized out>, connect@entry=0x14b6d70453a8, put_in_cache=put_in_cache@entry=true) at /test/10.5_dbg/sql/sql_connect.cc:1411
#25 0x0000561fecdade5b in handle_one_connection (arg=arg@entry=0x14b6d70453a8) at /test/10.5_dbg/sql/sql_connect.cc:1313
#26 0x0000561fed20d14e in pfs_spawn_thread (arg=0x14b6f5445888) at /test/10.5_dbg/storage/perfschema/pfs.cc:2201
#27 0x000014b6f6d556db in start_thread (arg=0x14b6f792e700) at pthread_create.c:463
#28 0x000014b6f615388f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
{noformat}

{noformat:title=10.5.4 8569dac1ec9f6853a0b2f3ea9bcbda67644ead24 opt}
Core was generated by `/test/MD260520-mariadb-10.5.4-linux-x86_64-opt/bin/mysqld --no-defaults --core-'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=11)
    at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
[Current thread is 1 (Thread 0x145ec5db0700 (LWP 1075820))]
(gdb) bt
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=11)
    at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
#1 0x000055f704f29337 in my_write_core (sig=sig@entry=11) at /test/10.5_opt/mysys/stacktrace.c:518
#2 0x000055f7048eb3ca in handle_fatal_signal (sig=11) at /test/10.5_opt/sql/signal_handler.cc:330
#3 <signal handler called>
#4 radixsort_for_str_ptr (base=0x145e8ad68770, number_of_elements=number_of_elements@entry=80659,
    size_of_element=<optimized out>, buffer=buffer@entry=0x145e8b006018)
    at /test/10.5_opt/mysys/mf_radix.c:45
#5 0x000055f704a74a38 in Filesort_buffer::sort_buffer (this=this@entry=0x145ea08e5180,
    param=param@entry=0x145ec5dae540, count=count@entry=80659)
    at /test/10.5_opt/sql/filesort_utils.cc:187
#6 0x000055f7048e5643 in SORT_INFO::sort_buffer (count=80659, param=<optimized out>,
    this=0x145ea08e5180) at /test/10.5_opt/sql/filesort.h:151
#7 write_keys (param=param@entry=0x145ec5dae540, fs_info=fs_info@entry=0x145ea08e5180,
    count=count@entry=80659, buffpek_pointers=buffpek_pointers@entry=0x145ec5dae6d0,
    tempfile=tempfile@entry=0x145ec5dae5e0) at /test/10.5_opt/sql/filesort.cc:1040
#8 0x000055f7048e9c77 in find_all_keys (found_rows=0x145ea08e52f0, pq=0x0, tempfile=0x145ec5dae5e0,
    buffpek_pointers=0x145ec5dae6d0, fs_info=0x145ea08e5180, select=0x145ea084aaa8,
    param=0x145ec5dae540, thd=0x145ea0812018) at /test/10.5_opt/sql/filesort.cc:945
#9 filesort (thd=thd@entry=0x145ea0812018, table=table@entry=0x145ea0898c18,
    filesort=filesort@entry=0x145ea084abf8, tracker=0x145ea084b2e0, join=join@entry=0x145ea0848a40,
    first_table_bit=<optimized out>) at /test/10.5_opt/sql/filesort.cc:356
#10 0x000055f70473fa15 in create_sort_index (thd=0x145ea0812018, join=0x145ea0848a40,
    tab=tab@entry=0x145ea084a1e8, fsort=0x145ea084abf8, fsort@entry=0x0)
    at /test/10.5_opt/sql/sql_select.cc:23870
#11 0x000055f70473fcce in st_join_table::sort_table (this=this@entry=0x145ea084a1e8)
    at /test/10.5_opt/sql/sql_select.cc:21599
#12 0x000055f70473fd5a in join_init_read_record (tab=0x145ea084a1e8)
    at /test/10.5_opt/sql/sql_select.cc:21538
#13 0x000055f704731b57 in sub_select (join=0x145ea0848a40, join_tab=0x145ea084a1e8,
    end_of_records=false) at /test/10.5_opt/sql/sql_select.cc:20612
#14 0x000055f70475323e in do_select (procedure=<optimized out>, join=0x145ea0848a40)
    at /test/10.5_opt/sql/sql_select.cc:20149
#15 JOIN::exec_inner (this=this@entry=0x145ea0848a40) at /test/10.5_opt/sql/sql_select.cc:4464
#16 0x000055f704753677 in JOIN::exec (this=this@entry=0x145ea0848a40)
    at /test/10.5_opt/sql/sql_select.cc:4245
#17 0x000055f7047519c2 in mysql_select (thd=thd@entry=0x145ea0812018, tables=0x145ea08476c8,
    fields=..., conds=0x0, og_num=<optimized out>, order=0x145ea0848720, group=0x0, having=0x0,
    proc_param=0x0, select_options=2147748608, result=0x145ea0848a18, unit=0x145ea0815e70,
    select_lex=0x145ea08470d0) at /test/10.5_opt/sql/sql_select.cc:4669
#18 0x000055f704752381 in handle_select (thd=thd@entry=0x145ea0812018, lex=lex@entry=0x145ea0815da8,
    result=result@entry=0x145ea0848a18, setup_tables_done_option=setup_tables_done_option@entry=0)
    at /test/10.5_opt/sql/sql_select.cc:417
#19 0x000055f7046f8e91 in execute_sqlcom_select (thd=thd@entry=0x145ea0812018,
    all_tables=0x145ea08476c8) at /test/10.5_opt/sql/sql_parse.cc:6207
#20 0x000055f7046f4db2 in mysql_execute_command (thd=thd@entry=0x145ea0812018)
    at /test/10.5_opt/sql/sql_parse.cc:3939
#21 0x000055f7046fbfac in mysql_parse (thd=0x145ea0812018, rawbuf=<optimized out>, length=31,
    parser_state=0x145ec5daf4b0, is_com_multi=<optimized out>, is_next_command=<optimized out>)
    at /test/10.5_opt/sql/sql_parse.cc:7991
#22 0x000055f7046f12b5 in dispatch_command (command=command@entry=COM_QUERY,
    thd=thd@entry=0x145ea0812018, packet=packet@entry=0x145ea083a019 "",
    packet_length=packet_length@entry=31, is_com_multi=is_com_multi@entry=false,
    is_next_command=is_next_command@entry=false) at /test/10.5_opt/sql/sql_parse.cc:1874
#23 0x000055f7046ef6a4 in do_command (thd=0x145ea0812018) at /test/10.5_opt/sql/sql_parse.cc:1355
#24 0x000055f7047e4891 in do_handle_one_connection (connect=<optimized out>,
    connect@entry=0x145ec38329b8, put_in_cache=put_in_cache@entry=true)
    at /test/10.5_opt/sql/sql_connect.cc:1411
#25 0x000055f7047e4bf4 in handle_one_connection (arg=arg@entry=0x145ec38329b8)
    at /test/10.5_opt/sql/sql_connect.cc:1313
#26 0x000055f704b5106a in pfs_spawn_thread (arg=0x145ec384b018)
    at /test/10.5_opt/storage/perfschema/pfs.cc:2201
#27 0x0000145ec51d76db in start_thread (arg=0x145ec5db0700) at pthread_create.c:463
#28 0x0000145ec45d588f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
{noformat}

Bug confirmed present in:
MariaDB: 10.5.4 (dbg), 10.5.4 (opt)

Bug confirmed not present in:
MariaDB: 10.1.46 (dbg), 10.1.46 (opt), 10.2.33 (dbg), 10.2.33 (opt), 10.3.24 (dbg), 10.3.24 (opt), 10.4.14 (dbg), 10.4.14 (opt)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.47 (dbg), 5.6.47 (opt), 5.7.29 (dbg), 5.7.29 (opt), 8.0.19 (dbg), 8.0.19 (opt)

{noformat}
SOURCE in.sql;
{noformat}

Leads to:

{noformat:title=10.5.4 8569dac1ec9f6853a0b2f3ea9bcbda67644ead24 dbg}
Core was generated by `/test/MD260520-mariadb-10.5.4-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=11)
    at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
[Current thread is 1 (Thread 0x14b6f792e700 (LWP 688652))]
(gdb) bt
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=11) at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
#1 0x0000561fed75fd7a in my_write_core (sig=sig@entry=11) at /test/10.5_dbg/mysys/stacktrace.c:518
#2 0x0000561fecf05385 in handle_fatal_signal (sig=11) at /test/10.5_dbg/sql/signal_handler.cc:330
#3 <signal handler called>
#4 0x0000561fed74ff8a in radixsort_for_str_ptr (base=0x14b6d3d687e0, number_of_elements=number_of_elements@entry=80659, size_of_element=<optimized out>, buffer=buffer@entry=0x14b6d3a46088) at /test/10.5_dbg/mysys/mf_radix.c:45
#5 0x0000561fed1172a9 in Filesort_buffer::sort_buffer (this=this@entry=0x14b6d34dc200, param=param@entry=0x14b6f792bbd0, count=count@entry=80659) at /test/10.5_dbg/sql/filesort_utils.cc:187
#6 0x0000561fecefcbb8 in SORT_INFO::sort_buffer (count=80659, param=0x14b6f792bbd0, this=0x14b6d34dc200) at /test/10.5_dbg/sql/filesort.h:151
#7 write_keys (param=param@entry=0x14b6f792bbd0, fs_info=fs_info@entry=0x14b6d34dc200, count=count@entry=80659, buffpek_pointers=buffpek_pointers@entry=0x14b6f792bde0, tempfile=tempfile@entry=0x14b6f792bc70) at /test/10.5_dbg/sql/filesort.cc:1040
#8 0x0000561fecf033fb in find_all_keys (found_rows=0x14b6d34dc3f0, pq=0x0, tempfile=0x14b6f792bc70, buffpek_pointers=0x14b6f792bde0, fs_info=0x14b6d34dc200, select=0x14b6d3477b98, param=0x14b6f792bbd0, thd=0x14b6d3415088) at /test/10.5_dbg/sql/filesort.cc:945
#9 filesort (thd=thd@entry=0x14b6d3415088, table=table@entry=0x14b6d34d5088, filesort=filesort@entry=0x14b6d3477d68, tracker=0x14b6d3478458, join=join@entry=0x14b6d3475ab0, first_table_bit=<optimized out>) at /test/10.5_dbg/sql/filesort.cc:356
#10 0x0000561feccafe83 in create_sort_index (thd=0x14b6d3415088, join=0x14b6d3475ab0, tab=tab@entry=0x14b6d3477258, fsort=0x14b6d3477d68, fsort@entry=0x0) at /test/10.5_dbg/sql/sql_select.cc:23870
#11 0x0000561feccb01b2 in st_join_table::sort_table (this=this@entry=0x14b6d3477258) at /test/10.5_dbg/sql/sql_select.cc:21599
#12 0x0000561feccb02e6 in join_init_read_record (tab=0x14b6d3477258) at /test/10.5_dbg/sql/sql_select.cc:21538
#13 0x0000561fecca0c11 in sub_select (join=0x14b6d3475ab0, join_tab=0x14b6d3477258, end_of_records=<optimized out>) at /test/10.5_dbg/sql/sql_select.cc:20612
#14 0x0000561feccd8a16 in do_select (procedure=0x0, join=0x14b6d3475ab0) at /test/10.5_dbg/sql/sql_select.cc:20149
#15 JOIN::exec_inner (this=this@entry=0x14b6d3475ab0) at /test/10.5_dbg/sql/sql_select.cc:4464
#16 0x0000561feccd9031 in JOIN::exec (this=this@entry=0x14b6d3475ab0) at /test/10.5_dbg/sql/sql_select.cc:4245
#17 0x0000561feccd7346 in mysql_select (thd=thd@entry=0x14b6d3415088, tables=<optimized out>, fields=..., conds=0x0, og_num=2, order=<optimized out>, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x14b6d3475a88, unit=0x14b6d34190a0, select_lex=0x14b6d3474140) at /test/10.5_dbg/sql/sql_select.cc:4669
#18 0x0000561feccd7675 in handle_select (thd=thd@entry=0x14b6d3415088, lex=lex@entry=0x14b6d3418fd8, result=result@entry=0x14b6d3475a88, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.5_dbg/sql/sql_select.cc:417
#19 0x0000561fecc620bf in execute_sqlcom_select (thd=thd@entry=0x14b6d3415088, all_tables=0x14b6d3474738) at /test/10.5_dbg/sql/sql_parse.cc:6207
#20 0x0000561fecc5b1f4 in mysql_execute_command (thd=thd@entry=0x14b6d3415088) at /test/10.5_dbg/sql/sql_parse.cc:3939
#21 0x0000561fecc6802e in mysql_parse (thd=thd@entry=0x14b6d3415088, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14b6f792d3d0, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_dbg/sql/sql_parse.cc:7991
#22 0x0000561fecc54b42 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14b6d3415088, packet=packet@entry=0x14b6d3467089 "", packet_length=packet_length@entry=31, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_dbg/sql/sql_parse.cc:1874
#23 0x0000561fecc5331c in do_command (thd=0x14b6d3415088) at /test/10.5_dbg/sql/sql_parse.cc:1355
#24 0x0000561fecdad73f in do_handle_one_connection (connect=<optimized out>, connect@entry=0x14b6d70453a8, put_in_cache=put_in_cache@entry=true) at /test/10.5_dbg/sql/sql_connect.cc:1411
#25 0x0000561fecdade5b in handle_one_connection (arg=arg@entry=0x14b6d70453a8) at /test/10.5_dbg/sql/sql_connect.cc:1313
#26 0x0000561fed20d14e in pfs_spawn_thread (arg=0x14b6f5445888) at /test/10.5_dbg/storage/perfschema/pfs.cc:2201
#27 0x000014b6f6d556db in start_thread (arg=0x14b6f792e700) at pthread_create.c:463
#28 0x000014b6f615388f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
{noformat}

{noformat:title=10.5.4 8569dac1ec9f6853a0b2f3ea9bcbda67644ead24 opt}
Core was generated by `/test/MD260520-mariadb-10.5.4-linux-x86_64-opt/bin/mysqld --no-defaults --core-'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=11)
    at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
[Current thread is 1 (Thread 0x145ec5db0700 (LWP 1075820))]
(gdb) bt
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=11)
    at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
#1 0x000055f704f29337 in my_write_core (sig=sig@entry=11) at /test/10.5_opt/mysys/stacktrace.c:518
#2 0x000055f7048eb3ca in handle_fatal_signal (sig=11) at /test/10.5_opt/sql/signal_handler.cc:330
#3 <signal handler called>
#4 radixsort_for_str_ptr (base=0x145e8ad68770, number_of_elements=number_of_elements@entry=80659,
    size_of_element=<optimized out>, buffer=buffer@entry=0x145e8b006018)
    at /test/10.5_opt/mysys/mf_radix.c:45
#5 0x000055f704a74a38 in Filesort_buffer::sort_buffer (this=this@entry=0x145ea08e5180,
    param=param@entry=0x145ec5dae540, count=count@entry=80659)
    at /test/10.5_opt/sql/filesort_utils.cc:187
#6 0x000055f7048e5643 in SORT_INFO::sort_buffer (count=80659, param=<optimized out>,
    this=0x145ea08e5180) at /test/10.5_opt/sql/filesort.h:151
#7 write_keys (param=param@entry=0x145ec5dae540, fs_info=fs_info@entry=0x145ea08e5180,
    count=count@entry=80659, buffpek_pointers=buffpek_pointers@entry=0x145ec5dae6d0,
    tempfile=tempfile@entry=0x145ec5dae5e0) at /test/10.5_opt/sql/filesort.cc:1040
#8 0x000055f7048e9c77 in find_all_keys (found_rows=0x145ea08e52f0, pq=0x0, tempfile=0x145ec5dae5e0,
    buffpek_pointers=0x145ec5dae6d0, fs_info=0x145ea08e5180, select=0x145ea084aaa8,
    param=0x145ec5dae540, thd=0x145ea0812018) at /test/10.5_opt/sql/filesort.cc:945
#9 filesort (thd=thd@entry=0x145ea0812018, table=table@entry=0x145ea0898c18,
    filesort=filesort@entry=0x145ea084abf8, tracker=0x145ea084b2e0, join=join@entry=0x145ea0848a40,
    first_table_bit=<optimized out>) at /test/10.5_opt/sql/filesort.cc:356
#10 0x000055f70473fa15 in create_sort_index (thd=0x145ea0812018, join=0x145ea0848a40,
    tab=tab@entry=0x145ea084a1e8, fsort=0x145ea084abf8, fsort@entry=0x0)
    at /test/10.5_opt/sql/sql_select.cc:23870
#11 0x000055f70473fcce in st_join_table::sort_table (this=this@entry=0x145ea084a1e8)
    at /test/10.5_opt/sql/sql_select.cc:21599
#12 0x000055f70473fd5a in join_init_read_record (tab=0x145ea084a1e8)
    at /test/10.5_opt/sql/sql_select.cc:21538
#13 0x000055f704731b57 in sub_select (join=0x145ea0848a40, join_tab=0x145ea084a1e8,
    end_of_records=false) at /test/10.5_opt/sql/sql_select.cc:20612
#14 0x000055f70475323e in do_select (procedure=<optimized out>, join=0x145ea0848a40)
    at /test/10.5_opt/sql/sql_select.cc:20149
#15 JOIN::exec_inner (this=this@entry=0x145ea0848a40) at /test/10.5_opt/sql/sql_select.cc:4464
#16 0x000055f704753677 in JOIN::exec (this=this@entry=0x145ea0848a40)
    at /test/10.5_opt/sql/sql_select.cc:4245
#17 0x000055f7047519c2 in mysql_select (thd=thd@entry=0x145ea0812018, tables=0x145ea08476c8,
    fields=..., conds=0x0, og_num=<optimized out>, order=0x145ea0848720, group=0x0, having=0x0,
    proc_param=0x0, select_options=2147748608, result=0x145ea0848a18, unit=0x145ea0815e70,
    select_lex=0x145ea08470d0) at /test/10.5_opt/sql/sql_select.cc:4669
#18 0x000055f704752381 in handle_select (thd=thd@entry=0x145ea0812018, lex=lex@entry=0x145ea0815da8,
    result=result@entry=0x145ea0848a18, setup_tables_done_option=setup_tables_done_option@entry=0)
    at /test/10.5_opt/sql/sql_select.cc:417
#19 0x000055f7046f8e91 in execute_sqlcom_select (thd=thd@entry=0x145ea0812018,
    all_tables=0x145ea08476c8) at /test/10.5_opt/sql/sql_parse.cc:6207
#20 0x000055f7046f4db2 in mysql_execute_command (thd=thd@entry=0x145ea0812018)
    at /test/10.5_opt/sql/sql_parse.cc:3939
#21 0x000055f7046fbfac in mysql_parse (thd=0x145ea0812018, rawbuf=<optimized out>, length=31,
    parser_state=0x145ec5daf4b0, is_com_multi=<optimized out>, is_next_command=<optimized out>)
    at /test/10.5_opt/sql/sql_parse.cc:7991
#22 0x000055f7046f12b5 in dispatch_command (command=command@entry=COM_QUERY,
    thd=thd@entry=0x145ea0812018, packet=packet@entry=0x145ea083a019 "",
    packet_length=packet_length@entry=31, is_com_multi=is_com_multi@entry=false,
    is_next_command=is_next_command@entry=false) at /test/10.5_opt/sql/sql_parse.cc:1874
#23 0x000055f7046ef6a4 in do_command (thd=0x145ea0812018) at /test/10.5_opt/sql/sql_parse.cc:1355
#24 0x000055f7047e4891 in do_handle_one_connection (connect=<optimized out>,
    connect@entry=0x145ec38329b8, put_in_cache=put_in_cache@entry=true)
    at /test/10.5_opt/sql/sql_connect.cc:1411
#25 0x000055f7047e4bf4 in handle_one_connection (arg=arg@entry=0x145ec38329b8)
    at /test/10.5_opt/sql/sql_connect.cc:1313
#26 0x000055f704b5106a in pfs_spawn_thread (arg=0x145ec384b018)
    at /test/10.5_opt/storage/perfschema/pfs.cc:2201
#27 0x0000145ec51d76db in start_thread (arg=0x145ec5db0700) at pthread_create.c:463
#28 0x0000145ec45d588f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
{noformat}

Bug confirmed present in:
MariaDB: 10.5.2 (dbg), 10.5.2 (opt), 10.5.4 (dbg), 10.5.4 (opt)

Bug confirmed not present in:
MariaDB: 10.1.46 (dbg), 10.1.46 (opt), 10.2.33 (dbg), 10.2.33 (opt), 10.3.24 (dbg), 10.3.24 (opt), 10.4.14 (dbg), 10.4.14 (opt)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.47 (dbg), 5.6.47 (opt), 5.7.29 (dbg), 5.7.29 (opt), 8.0.19 (dbg), 8.0.19 (opt)

Roel Van de Paar made changes - 2020-05-26 10:38

Affects Version/s

10.5.2 [ 24030 ]

Varun Gupta (Inactive) added a comment - 2020-05-26 15:02

I can see while debugging the query

(lldb) p param.using_addon_fields()

(bool) $3 = false

(lldb) p param.using_packed_sortkeys()

(bool) $4 = false

So this has nothing do with packing addon fields or packing sortkeys

Varun Gupta (Inactive) added a comment - 2020-05-26 15:02 I can see while debugging the query (lldb) p param.using_addon_fields() ( bool ) $3 = false (lldb) p param.using_packed_sortkeys() ( bool ) $4 = false So this has nothing do with packing addon fields or packing sortkeys

Varun Gupta (Inactive) added a comment - 2020-05-26 15:03

A simple test case, that crashes for me

--source include/have_sequence.inc

set sort_buffer_size=20971;

SET max_sort_length=4;

CREATE TEMPORARY TABLE t1(c1 DECIMAL(65) UNSIGNED ,c2 DECIMAL(10,0) UNSIGNED,c3 DECIMAL(1))ENGINE=MEMORY;

INSERT INTO t1 SELECT 0, 0, 0 from seq_1_to_10000;

SELECT * FROM t1 ORDER BY c1,c2;

Varun Gupta (Inactive) added a comment - 2020-05-26 15:03 A simple test case, that crashes for me --source include/have_sequence.inc set sort_buffer_size=20971; SET max_sort_length=4; CREATE TEMPORARY TABLE t1(c1 DECIMAL (65) UNSIGNED ,c2 DECIMAL (10,0) UNSIGNED,c3 DECIMAL (1))ENGINE=MEMORY; INSERT INTO t1 SELECT 0, 0, 0 from seq_1_to_10000; SELECT * FROM t1 ORDER BY c1,c2;

Varun Gupta (Inactive) added a comment - 2020-05-26 15:04

On 10.5 I see

(lldb) bt

* thread #2, stop reason = EXC_BAD_ACCESS (code=1, address=0x0)

  * frame #0: 0x00007fff73120300 libsystem_platform.dylib`_platform_memcmp + 288

    frame #1: 0x0000000107c1f7de libclang_rt.asan_osx_dynamic.dylib`wrap_memcmp + 2110

    frame #2: 0x000000010341c8ee mysqld`native_compare(length=0x000070000c7142c0, a=0x000062a00004d460, b=0x000062a00004ce20) at ptr_cmp.c:49:10

    frame #3: 0x00000001033c73e2 mysqld`my_qsort2(base_ptr=0x000062a00004bb38, count=806, size=8, cmp=(mysqld`native_compare at ptr_cmp.c:48), cmp_argument=0x000070000c7142c0) at mf_qsort.c:146:7

    frame #4: 0x0000000100108c87 mysqld`Filesort_buffer::sort_buffer(this=0x0000616000118280, param=0x000070000c715ab0, count=806) at filesort_utils.cc:192:3

    frame #5: 0x0000000100133983 mysqld`SORT_INFO::sort_buffer(this=0x0000616000118280, param=0x000070000c715ab0, count=806) at filesort.h:151:21

    frame #6: 0x0000000100132d29 mysqld`write_keys(param=0x000070000c715ab0, fs_info=0x0000616000118280, count=806, buffpek_pointers=0x000070000c7158d0, tempfile=0x000070000c7156f0) at filesort.cc:1040:12

    frame #7: 0x0000000100118c47 mysqld`find_all_keys(thd=0x000062b00005b288, param=0x000070000c715ab0, select=0x000062b000065f98, fs_info=0x0000616000118280, buffpek_pointers=0x000070000c7158d0, tempfile=0x000070000c7156f0, pq=0x0000000000000000, found_rows=0x00006160001184a0) at filesort.cc:945:15

Also this test case fails for earlier versions too for me.

Varun Gupta (Inactive) added a comment - 2020-05-26 15:04 On 10.5 I see (lldb) bt * thread #2, stop reason = EXC_BAD_ACCESS (code=1, address=0x0) * frame #0: 0x00007fff73120300 libsystem_platform.dylib`_platform_memcmp + 288 frame #1: 0x0000000107c1f7de libclang_rt.asan_osx_dynamic.dylib`wrap_memcmp + 2110 frame #2: 0x000000010341c8ee mysqld`native_compare(length=0x000070000c7142c0, a=0x000062a00004d460, b=0x000062a00004ce20) at ptr_cmp.c:49:10 frame #3: 0x00000001033c73e2 mysqld`my_qsort2(base_ptr=0x000062a00004bb38, count=806, size=8, cmp=(mysqld`native_compare at ptr_cmp.c:48), cmp_argument=0x000070000c7142c0) at mf_qsort.c:146:7 frame #4: 0x0000000100108c87 mysqld`Filesort_buffer::sort_buffer(this=0x0000616000118280, param=0x000070000c715ab0, count=806) at filesort_utils.cc:192:3 frame #5: 0x0000000100133983 mysqld`SORT_INFO::sort_buffer(this=0x0000616000118280, param=0x000070000c715ab0, count=806) at filesort.h:151:21 frame #6: 0x0000000100132d29 mysqld`write_keys(param=0x000070000c715ab0, fs_info=0x0000616000118280, count=806, buffpek_pointers=0x000070000c7158d0, tempfile=0x000070000c7156f0) at filesort.cc:1040:12 frame #7: 0x0000000100118c47 mysqld`find_all_keys(thd=0x000062b00005b288, param=0x000070000c715ab0, select=0x000062b000065f98, fs_info=0x0000616000118280, buffpek_pointers=0x000070000c7158d0, tempfile=0x000070000c7156f0, pq=0x0000000000000000, found_rows=0x00006160001184a0) at filesort.cc:945:15 Also this test case fails for earlier versions too for me.

Varun Gupta (Inactive) made changes - 2020-05-26 15:04

Affects Version/s		10.1 [ 16100 ]
Affects Version/s		10.2 [ 14601 ]
Affects Version/s		10.3 [ 22126 ]
Affects Version/s		10.4 [ 22408 ]
Affects Version/s		10.5 [ 23123 ]
Affects Version/s	10.5.2 [ 24030 ]
Affects Version/s	10.5.4 [ 24264 ]

Varun Gupta (Inactive) made changes - 2020-05-26 15:04

Fix Version/s		10.1 [ 16100 ]
Fix Version/s		10.2 [ 14601 ]
Fix Version/s		10.3 [ 22126 ]
Fix Version/s		10.4 [ 22408 ]

Varun Gupta (Inactive) added a comment - 2020-05-26 15:07

On 10.1 the crash is like

Thread 1 (Thread 0x7fc8b77b4700 (LWP 20418)):

#0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=6) at ../sysdeps/unix/sysv/linux/pthread_kill.c:62

#1  0x000055df97823f7a in my_write_core (sig=sig@entry=6) at /home/varun/MariaDB/10.1/mysys/stacktrace.c:477

#2  0x000055df97410f59 in handle_fatal_signal (sig=6) at /home/varun/MariaDB/10.1/sql/signal_handler.cc:296

#3  <signal handler called>

#4  0x00007fc8c15d8428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54

#5  0x00007fc8c15da02a in __GI_abort () at abort.c:89

#6  0x00007fc8c161a7ea in __libc_message (do_abort=do_abort@entry=2, fmt=fmt@entry=0x7fc8c1733ed8 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175

#7  0x00007fc8c162337a in malloc_printerr (ar_ptr=<optimized out>, ptr=<optimized out>, str=0x7fc8c1730caf "free(): invalid pointer", action=3) at malloc.c:5006

#8  _int_free (av=<optimized out>, p=<optimized out>, have_lock=0) at malloc.c:3867

#9  0x00007fc8c162753c in __GI___libc_free (mem=<optimized out>) at malloc.c:2968

#10 0x000055df97820750 in my_free (ptr=<optimized out>) at /home/varun/MariaDB/10.1/mysys/my_malloc.c:218

#11 0x000055df978103a9 in end_io_cache (info=info@entry=0x7fc8b77b17a0) at /home/varun/MariaDB/10.1/mysys/mf_iocache.c:1910

#12 0x000055df9780d2cd in close_cached_file (cache=cache@entry=0x7fc8b77b17a0) at /home/varun/MariaDB/10.1/mysys/mf_cache.c:111

#13 0x000055df974108bd in filesort (thd=thd@entry=0x55df99423b88, table=table@entry=0x7fc8a00609e8, sortorder=<optimized out>, s_length=<optimized out>, select=select@entry=0x7fc8a0007180, max_rows=max_rows@entry=18446744073709551615, sort_positions=false, examined_rows=0x7fc8b77b1930, found_rows=0x7fc8b77b1938, tracker=0x7fc8a0007e18) at /home/varun/MariaDB/10.1/sql/filesort.cc:330

#14 0x000055df972e9674 in create_sort_index (thd=0x55df99423b88, join=join@entry=0x7fc8a0005890, order=<optimized out>, filesort_limit=18446744073709551615, select_limit=<optimized out>, is_order_by=<optimized out>) at /home/varun/MariaDB/10.1/sql/sql_select.cc:21825

Varun Gupta (Inactive) added a comment - 2020-05-26 15:07 On 10.1 the crash is like Thread 1 (Thread 0x7fc8b77b4700 (LWP 20418)): #0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=6) at ../sysdeps/unix/sysv/linux/pthread_kill.c:62 #1 0x000055df97823f7a in my_write_core (sig=sig@entry=6) at /home/varun/MariaDB/10.1/mysys/stacktrace.c:477 #2 0x000055df97410f59 in handle_fatal_signal (sig=6) at /home/varun/MariaDB/10.1/sql/signal_handler.cc:296 #3 <signal handler called> #4 0x00007fc8c15d8428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54 #5 0x00007fc8c15da02a in __GI_abort () at abort.c:89 #6 0x00007fc8c161a7ea in __libc_message (do_abort=do_abort@entry=2, fmt=fmt@entry=0x7fc8c1733ed8 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175 #7 0x00007fc8c162337a in malloc_printerr (ar_ptr=<optimized out>, ptr=<optimized out>, str=0x7fc8c1730caf "free(): invalid pointer", action=3) at malloc.c:5006 #8 _int_free (av=<optimized out>, p=<optimized out>, have_lock=0) at malloc.c:3867 #9 0x00007fc8c162753c in __GI___libc_free (mem=<optimized out>) at malloc.c:2968 #10 0x000055df97820750 in my_free (ptr=<optimized out>) at /home/varun/MariaDB/10.1/mysys/my_malloc.c:218 #11 0x000055df978103a9 in end_io_cache (info=info@entry=0x7fc8b77b17a0) at /home/varun/MariaDB/10.1/mysys/mf_iocache.c:1910 #12 0x000055df9780d2cd in close_cached_file (cache=cache@entry=0x7fc8b77b17a0) at /home/varun/MariaDB/10.1/mysys/mf_cache.c:111 #13 0x000055df974108bd in filesort (thd=thd@entry=0x55df99423b88, table=table@entry=0x7fc8a00609e8, sortorder=<optimized out>, s_length=<optimized out>, select=select@entry=0x7fc8a0007180, max_rows=max_rows@entry=18446744073709551615, sort_positions=false, examined_rows=0x7fc8b77b1930, found_rows=0x7fc8b77b1938, tracker=0x7fc8a0007e18) at /home/varun/MariaDB/10.1/sql/filesort.cc:330 #14 0x000055df972e9674 in create_sort_index (thd=0x55df99423b88, join=join@entry=0x7fc8a0005890, order=<optimized out>, filesort_limit=18446744073709551615, select_limit=<optimized out>, is_order_by=<optimized out>) at /home/varun/MariaDB/10.1/sql/sql_select.cc:21825

Varun Gupta (Inactive) made changes - 2020-05-26 15:08

Priority

Blocker [ 1 ]

Critical [ 2 ]

Varun Gupta (Inactive) made changes - 2020-05-26 15:19

Status

Open [ 1 ]

In Progress [ 3 ]

Varun Gupta (Inactive) made changes - 2020-05-26 18:25

Link

This issue relates to ~~MDEV-22267~~ [ ~~MDEV-22267~~ ]

Roel Van de Paar added a comment - 2020-05-27 00:06

Thank you for the additional testcase varun. It crashes for me also, and it generates another SIGSEGV which I had observed in the runs, but had as yet to reduce (was planned for today ). Is it the same bug?

10.5.4 8569dac1ec9f6853a0b2f3ea9bcbda67644ead24
Core was generated by `/test/MD260520-mariadb-10.5.4-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=11)
at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
[Current thread is 1 (Thread 0x14ae075fb700 (LWP 1653680))]
(gdb) bt
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=11)
at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
#1 0x000055e53dbc7d7a in my_write_core (sig=sig@entry=11) at /test/10.5_dbg/mysys/stacktrace.c:518
#2 0x000055e53d36d385 in handle_fatal_signal (sig=11) at /test/10.5_dbg/sql/signal_handler.cc:330
#3 <signal handler called>
#4 __memcmp_avx2_movbe () at ../sysdeps/x86_64/multiarch/memcmp-avx2-movbe.S:265
#5 0x000055e53dbc72fa in native_compare (length=<optimized out>, a=<optimized out>,
b=<optimized out>) at /test/10.5_dbg/mysys/ptr_cmp.c:49
#6 0x000055e53dbb74dd in my_qsort2 (base_ptr=<optimized out>, count=count@entry=806,
size=size@entry=8, cmp=0x55e53dbc72e2 <native_compare>,
cmp_argument=cmp_argument@entry=0x14ae075f88b8) at /test/10.5_dbg/mysys/mf_qsort.c:146
#7 0x000055e53d57f411 in Filesort_buffer::sort_buffer (this=this@entry=0x14ade5115400,
param=param@entry=0x14ae075f8bd0, count=count@entry=806)
at /test/10.5_dbg/sql/filesort_utils.cc:192
#8 0x000055e53d364bb8 in SORT_INFO::sort_buffer (count=806, param=0x14ae075f8bd0,
this=0x14ade5115400) at /test/10.5_dbg/sql/filesort.h:151
#9 write_keys (param=param@entry=0x14ae075f8bd0, fs_info=fs_info@entry=0x14ade5115400,
count=count@entry=806, buffpek_pointers=buffpek_pointers@entry=0x14ae075f8de0,
tempfile=tempfile@entry=0x14ae075f8c70) at /test/10.5_dbg/sql/filesort.cc:1040
#10 0x000055e53d36b3fb in find_all_keys (found_rows=0x14ade51155f0, pq=0x0, tempfile=0x14ae075f8c70,
buffpek_pointers=0x14ae075f8de0, fs_info=0x14ade5115400, select=0x14ade5077b98,
param=0x14ae075f8bd0, thd=0x14ade5015088) at /test/10.5_dbg/sql/filesort.cc:945
#11 filesort (thd=thd@entry=0x14ade5015088, table=table@entry=0x14ade50b4088,
filesort=filesort@entry=0x14ade5077d68, tracker=0x14ade5078458, join=join@entry=0x14ade5075ab0,
first_table_bit=<optimized out>) at /test/10.5_dbg/sql/filesort.cc:356
#12 0x000055e53d117e83 in create_sort_index (thd=0x14ade5015088, join=0x14ade5075ab0,
tab=tab@entry=0x14ade5077258, fsort=0x14ade5077d68, fsort@entry=0x0)
at /test/10.5_dbg/sql/sql_select.cc:23870
#13 0x000055e53d1181b2 in st_join_table::sort_table (this=this@entry=0x14ade5077258)
at /test/10.5_dbg/sql/sql_select.cc:21599
#14 0x000055e53d1182e6 in join_init_read_record (tab=0x14ade5077258)
at /test/10.5_dbg/sql/sql_select.cc:21538
#15 0x000055e53d108c11 in sub_select (join=0x14ade5075ab0, join_tab=0x14ade5077258,
end_of_records=<optimized out>) at /test/10.5_dbg/sql/sql_select.cc:20612
#16 0x000055e53d140a16 in do_select (procedure=0x0, join=0x14ade5075ab0)
at /test/10.5_dbg/sql/sql_select.cc:20149
#17 JOIN::exec_inner (this=this@entry=0x14ade5075ab0) at /test/10.5_dbg/sql/sql_select.cc:4464
#18 0x000055e53d141031 in JOIN::exec (this=this@entry=0x14ade5075ab0)
at /test/10.5_dbg/sql/sql_select.cc:4245
#19 0x000055e53d13f346 in mysql_select (thd=thd@entry=0x14ade5015088, tables=<optimized out>,
fields=..., conds=0x0, og_num=2, order=<optimized out>, group=0x0, having=0x0, proc_param=0x0,
select_options=2147748608, result=0x14ade5075a88, unit=0x14ade50190a0, select_lex=0x14ade5074140)
at /test/10.5_dbg/sql/sql_select.cc:4669
#20 0x000055e53d13f675 in handle_select (thd=thd@entry=0x14ade5015088, lex=lex@entry=0x14ade5018fd8,
result=result@entry=0x14ade5075a88, setup_tables_done_option=setup_tables_done_option@entry=0)
at /test/10.5_dbg/sql/sql_select.cc:417
#21 0x000055e53d0ca0bf in execute_sqlcom_select (thd=thd@entry=0x14ade5015088,
all_tables=0x14ade5074738) at /test/10.5_dbg/sql/sql_parse.cc:6207
#22 0x000055e53d0c31f4 in mysql_execute_command (thd=thd@entry=0x14ade5015088)
at /test/10.5_dbg/sql/sql_parse.cc:3939
#23 0x000055e53d0d002e in mysql_parse (thd=thd@entry=0x14ade5015088, rawbuf=<optimized out>,
length=<optimized out>, parser_state=parser_state@entry=0x14ae075fa3d0,
is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false)
at /test/10.5_dbg/sql/sql_parse.cc:7991
#24 0x000055e53d0bcb42 in dispatch_command (command=command@entry=COM_QUERY,
thd=thd@entry=0x14ade5015088, packet=packet@entry=0x14ade5067089 "",
packet_length=packet_length@entry=31, is_com_multi=is_com_multi@entry=false,
is_next_command=is_next_command@entry=false) at /test/10.5_dbg/sql/sql_parse.cc:1874
#25 0x000055e53d0bb31c in do_command (thd=0x14ade5015088) at /test/10.5_dbg/sql/sql_parse.cc:1355
#26 0x000055e53d21573f in do_handle_one_connection (connect=<optimized out>,
connect@entry=0x14ade68453a8, put_in_cache=put_in_cache@entry=true)
at /test/10.5_dbg/sql/sql_connect.cc:1411
#27 0x000055e53d215e5b in handle_one_connection (arg=arg@entry=0x14ade68453a8)
at /test/10.5_dbg/sql/sql_connect.cc:1313
#28 0x000055e53d67514e in pfs_spawn_thread (arg=0x14ae05045888)
at /test/10.5_dbg/storage/perfschema/pfs.cc:2201
#29 0x000014ae06a226db in start_thread (arg=0x14ae075fb700) at pthread_create.c:463
#30 0x000014ae05e2088f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Roel Van de Paar added a comment - 2020-05-27 00:06 Thank you for the additional testcase varun . It crashes for me also, and it generates another SIGSEGV which I had observed in the runs, but had as yet to reduce (was planned for today ). Is it the same bug? 10.5.4 8569dac1ec9f6853a0b2f3ea9bcbda67644ead24 Core was generated by `/test/MD260520-mariadb-10.5.4-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'. Program terminated with signal SIGSEGV, Segmentation fault. #0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=11) at ../sysdeps/unix/sysv/linux/pthread_kill.c:57 [Current thread is 1 (Thread 0x14ae075fb700 (LWP 1653680))] (gdb) bt #0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=11) at ../sysdeps/unix/sysv/linux/pthread_kill.c:57 #1 0x000055e53dbc7d7a in my_write_core (sig=sig@entry=11) at /test/10.5_dbg/mysys/stacktrace.c:518 #2 0x000055e53d36d385 in handle_fatal_signal (sig=11) at /test/10.5_dbg/sql/signal_handler.cc:330 #3 <signal handler called> #4 __memcmp_avx2_movbe () at ../sysdeps/x86_64/multiarch/memcmp-avx2-movbe.S:265 #5 0x000055e53dbc72fa in native_compare (length=<optimized out>, a=<optimized out>, b=<optimized out>) at /test/10.5_dbg/mysys/ptr_cmp.c:49 #6 0x000055e53dbb74dd in my_qsort2 (base_ptr=<optimized out>, count=count@entry=806, size=size@entry=8, cmp=0x55e53dbc72e2 <native_compare>, cmp_argument=cmp_argument@entry=0x14ae075f88b8) at /test/10.5_dbg/mysys/mf_qsort.c:146 #7 0x000055e53d57f411 in Filesort_buffer::sort_buffer (this=this@entry=0x14ade5115400, param=param@entry=0x14ae075f8bd0, count=count@entry=806) at /test/10.5_dbg/sql/filesort_utils.cc:192 #8 0x000055e53d364bb8 in SORT_INFO::sort_buffer (count=806, param=0x14ae075f8bd0, this=0x14ade5115400) at /test/10.5_dbg/sql/filesort.h:151 #9 write_keys (param=param@entry=0x14ae075f8bd0, fs_info=fs_info@entry=0x14ade5115400, count=count@entry=806, buffpek_pointers=buffpek_pointers@entry=0x14ae075f8de0, tempfile=tempfile@entry=0x14ae075f8c70) at /test/10.5_dbg/sql/filesort.cc:1040 #10 0x000055e53d36b3fb in find_all_keys (found_rows=0x14ade51155f0, pq=0x0, tempfile=0x14ae075f8c70, buffpek_pointers=0x14ae075f8de0, fs_info=0x14ade5115400, select=0x14ade5077b98, param=0x14ae075f8bd0, thd=0x14ade5015088) at /test/10.5_dbg/sql/filesort.cc:945 #11 filesort (thd=thd@entry=0x14ade5015088, table=table@entry=0x14ade50b4088, filesort=filesort@entry=0x14ade5077d68, tracker=0x14ade5078458, join=join@entry=0x14ade5075ab0, first_table_bit=<optimized out>) at /test/10.5_dbg/sql/filesort.cc:356 #12 0x000055e53d117e83 in create_sort_index (thd=0x14ade5015088, join=0x14ade5075ab0, tab=tab@entry=0x14ade5077258, fsort=0x14ade5077d68, fsort@entry=0x0) at /test/10.5_dbg/sql/sql_select.cc:23870 #13 0x000055e53d1181b2 in st_join_table::sort_table (this=this@entry=0x14ade5077258) at /test/10.5_dbg/sql/sql_select.cc:21599 #14 0x000055e53d1182e6 in join_init_read_record (tab=0x14ade5077258) at /test/10.5_dbg/sql/sql_select.cc:21538 #15 0x000055e53d108c11 in sub_select (join=0x14ade5075ab0, join_tab=0x14ade5077258, end_of_records=<optimized out>) at /test/10.5_dbg/sql/sql_select.cc:20612 #16 0x000055e53d140a16 in do_select (procedure=0x0, join=0x14ade5075ab0) at /test/10.5_dbg/sql/sql_select.cc:20149 #17 JOIN::exec_inner (this=this@entry=0x14ade5075ab0) at /test/10.5_dbg/sql/sql_select.cc:4464 #18 0x000055e53d141031 in JOIN::exec (this=this@entry=0x14ade5075ab0) at /test/10.5_dbg/sql/sql_select.cc:4245 #19 0x000055e53d13f346 in mysql_select (thd=thd@entry=0x14ade5015088, tables=<optimized out>, fields=..., conds=0x0, og_num=2, order=<optimized out>, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x14ade5075a88, unit=0x14ade50190a0, select_lex=0x14ade5074140) at /test/10.5_dbg/sql/sql_select.cc:4669 #20 0x000055e53d13f675 in handle_select (thd=thd@entry=0x14ade5015088, lex=lex@entry=0x14ade5018fd8, result=result@entry=0x14ade5075a88, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.5_dbg/sql/sql_select.cc:417 #21 0x000055e53d0ca0bf in execute_sqlcom_select (thd=thd@entry=0x14ade5015088, all_tables=0x14ade5074738) at /test/10.5_dbg/sql/sql_parse.cc:6207 #22 0x000055e53d0c31f4 in mysql_execute_command (thd=thd@entry=0x14ade5015088) at /test/10.5_dbg/sql/sql_parse.cc:3939 #23 0x000055e53d0d002e in mysql_parse (thd=thd@entry=0x14ade5015088, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14ae075fa3d0, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_dbg/sql/sql_parse.cc:7991 #24 0x000055e53d0bcb42 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14ade5015088, packet=packet@entry=0x14ade5067089 "", packet_length=packet_length@entry=31, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_dbg/sql/sql_parse.cc:1874 #25 0x000055e53d0bb31c in do_command (thd=0x14ade5015088) at /test/10.5_dbg/sql/sql_parse.cc:1355 #26 0x000055e53d21573f in do_handle_one_connection (connect=<optimized out>, connect@entry=0x14ade68453a8, put_in_cache=put_in_cache@entry=true) at /test/10.5_dbg/sql/sql_connect.cc:1411 #27 0x000055e53d215e5b in handle_one_connection (arg=arg@entry=0x14ade68453a8) at /test/10.5_dbg/sql/sql_connect.cc:1313 #28 0x000055e53d67514e in pfs_spawn_thread (arg=0x14ae05045888) at /test/10.5_dbg/storage/perfschema/pfs.cc:2201 #29 0x000014ae06a226db in start_thread (arg=0x14ae075fb700) at pthread_create.c:463 #30 0x000014ae05e2088f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Roel Van de Paar made changes - 2020-05-27 00:08

Summary

SIGSEGV in radixsort_for_str_ptr (optimized builds)

SIGSEGV in radixsort_for_str_ptr and in native_compare/my_qsort2 (optimized builds)

Roel Van de Paar made changes - 2020-05-27 00:08

Labels

not-10.1 not-10.2 not-10.3 not-10.4 regression sporadic

regression sporadic

Roel Van de Paar added a comment - 2020-05-27 00:09

One more testcase which leads to the same SIGSEGV

10.5.4 8569dac1ec9f6853a0b2f3ea9bcbda67644ead24
SET @start_global_value =@@global.low_priority_updates;
SET @@global.sort_buffer_size =@start_global_value;
SET SESSION sort_buffer_size =DEFAULT;
SET @@SESSION.max_sort_length=0;
USE test;
CREATE TEMPORARY TABLE t1(c1 NUMERIC(65)UNSIGNED ZEROFILL,c2 DECIMAL(0,0) UNSIGNED,c3 NUMERIC(1)) ENGINE=MEMORY;
INSERT INTO t1 VALUES(0,0,0),(0,0,0),(0,0,0),(0,0,0),(0,0,0),(0,0,0),(0,0,0),(0,0,0),(0,0,0),(0,0,0),(0,0,0),(0,0,0),(0,0,0),(0,0,0),(0,0,0);
INSERT INTO t1 VALUES(0,0,0),(0,0,0),(0,0,0),(0,0,0),(0,0,0),(0,0,0);
INSERT INTO t1 SELECT * FROM t1;
SELECT * FROM t1 ORDER BY c1,c2;

Roel Van de Paar added a comment - 2020-05-27 00:09 One more testcase which leads to the same SIGSEGV 10.5.4 8569dac1ec9f6853a0b2f3ea9bcbda67644ead24 SET @start_global_value =@@global.low_priority_updates; SET @@global.sort_buffer_size =@start_global_value; SET SESSION sort_buffer_size =DEFAULT; SET @@SESSION.max_sort_length=0; USE test; CREATE TEMPORARY TABLE t1(c1 NUMERIC(65)UNSIGNED ZEROFILL,c2 DECIMAL(0,0) UNSIGNED,c3 NUMERIC(1)) ENGINE=MEMORY; INSERT INTO t1 VALUES(0,0,0),(0,0,0),(0,0,0),(0,0,0),(0,0,0),(0,0,0),(0,0,0),(0,0,0),(0,0,0),(0,0,0),(0,0,0),(0,0,0),(0,0,0),(0,0,0),(0,0,0); INSERT INTO t1 VALUES(0,0,0),(0,0,0),(0,0,0),(0,0,0),(0,0,0),(0,0,0); INSERT INTO t1 SELECT * FROM t1; SELECT * FROM t1 ORDER BY c1,c2;

Roel Van de Paar added a comment - 2020-05-27 00:15

varun There seem to be issues which affect 10.5 that do not affect 10.4. For example, that last testcase does not crash on 10.4 (dbg+opt) but does on 10.5 (dbg+opt)

Roel Van de Paar added a comment - 2020-05-27 00:15 varun There seem to be issues which affect 10.5 that do not affect 10.4. For example, that last testcase does not crash on 10.4 (dbg+opt) but does on 10.5 (dbg+opt)

Roel Van de Paar added a comment - 2020-05-27 00:20

All unique bug ID's seen so far;

SIGSEGV|radixsort_for_str_ptr|Filesort_buffer::sort_buffer|SORT_INFO::sort_buffer|write_keys  # DBG, 10.5.4, original testcase

SIGSEGV|__memcmp_avx2_movbe|native_compare|my_qsort2|Filesort_buffer::sort_buffer  # DBG, 10.5.4, new testcase(s)

SIGSEGV|__memcmp_avx2_movbe|my_qsort2|Filesort_buffer::sort_buffer|SORT_INFO::sort_buffer  # OPT, 10.5.4, new testcase(s)

Varun Gupta (Inactive) added a comment - 2020-05-28 14:36

After discussion with psergey, it is decided that we can increase the minimum value of max_sort_length to 8.
This would make sure that types like BIGINT and DOUBLE are stored without truncation.
The issue for the crash was that for fixed types like BIGINT and DOUBLE truncation with max_sort_length was not happening.

Keep performance in mind, the easiest solution is to just increase the lower limit of max_sort_length to 8.

Varun Gupta (Inactive) added a comment - 2020-05-28 14:36 After discussion with psergey , it is decided that we can increase the minimum value of max_sort_length to 8. This would make sure that types like BIGINT and DOUBLE are stored without truncation. The issue for the crash was that for fixed types like BIGINT and DOUBLE truncation with max_sort_length was not happening. Keep performance in mind, the easiest solution is to just increase the lower limit of max_sort_length to 8.

Varun Gupta (Inactive) added a comment - 2020-05-29 15:45

Patch
https://github.com/MariaDB/server/commit/e14dcfe0bc743aa6b4ed2b3c4f7e9314aa01d6eb

Varun Gupta (Inactive) added a comment - 2020-05-29 15:45 Patch https://github.com/MariaDB/server/commit/e14dcfe0bc743aa6b4ed2b3c4f7e9314aa01d6eb

Varun Gupta (Inactive) made changes - 2020-05-29 15:46

Assignee	Varun Gupta [ varun ]	Sergei Petrunia [ psergey ]
Status	In Progress [ 3 ]	In Review [ 10002 ]

Sergei Petrunia added a comment - 2020-06-03 19:41

Ok to push after review input is addressed.

Sergei Petrunia added a comment - 2020-06-03 19:41 Ok to push after review input is addressed.

Sergei Petrunia made changes - 2020-06-03 19:41

Assignee	Sergei Petrunia [ psergey ]	Varun Gupta [ varun ]
Status	In Review [ 10002 ]	Stalled [ 10000 ]

Varun Gupta (Inactive) made changes - 2020-06-04 20:01

Component/s		Optimizer [ 10200 ]
Fix Version/s		10.5.4 [ 24264 ]
Fix Version/s		10.1.46 [ 24308 ]
Fix Version/s		10.2.33 [ 24307 ]
Fix Version/s		10.3.24 [ 24306 ]
Fix Version/s		10.4.14 [ 24305 ]
Fix Version/s	10.2 [ 14601 ]
Fix Version/s	10.1 [ 16100 ]
Fix Version/s	10.3 [ 22126 ]
Fix Version/s	10.4 [ 22408 ]
Fix Version/s	10.5 [ 23123 ]
Resolution		Fixed [ 1 ]
Status	Stalled [ 10000 ]	Closed [ 6 ]

Roel Van de Paar added a comment - 2020-06-12 01:03

Filters updated.

Roel Van de Paar added a comment - 2020-06-12 01:03 Filters updated.

Roel Van de Paar made changes - 2020-06-12 02:50

Link

This issue relates to ~~MDEV-22875~~ [ ~~MDEV-22875~~ ]

Varun Gupta (Inactive) made changes - 2020-06-13 06:14

Link

This issue duplicates ~~MDEV-22875~~ [ ~~MDEV-22875~~ ]

Sergei Golubchik made changes - 2021-12-06 21:51

Workflow

MariaDB v3 [ 109159 ]

MariaDB v4 [ 157857 ]

People

Assignee:: Varun Gupta (Inactive)

Reporter:: Roel Van de Paar

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 2020-05-26 10:20

Updated:: 2021-12-29 19:04

Resolved:: 2020-06-04 20:01

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server

Details

Description

Attachments

Attachments

Issue Links

Activity

People

Dates

Git Integration