[MDEV-28054] Various crashes upon INSERT/UPDATE after changing Aria settings - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 10.3(EOL), 10.4(EOL), 10.5, 10.6, 10.7(EOL), 10.8(EOL), 10.9(EOL)
Fix Version/s: 10.4.31, 10.5.22, 10.6.15, 10.9.8, 10.10.6, 10.11.5
Component/s: Partitioning, Server, Storage Engine - Aria, Storage Engine - InnoDB
Labels:

Description

The following testcase:

SET sql_mode='';

INSERT INTO t1 VALUES (1),(3),(2);

CREATE TEMPORARY TABLE t1 (a tinyINT,b CHAR(1)) ENGINE=InnoDB ROW_FORMAT=REDUNDANT;

SET SESSION tmp_table_size=True;

CREATE TABLE t (c INT, d DATE) ENGINE=InnoDB PARTITION BY RANGE (YEAR (d)) SUBPARTITION BY HASH (TO_DAYS (d)) (PARTITION p0 VALUES LESS THAN (1990) (SUBPARTITION s0, SUBPARTITION s1), PARTITION p1 VALUES LESS THAN MAXVALUE (SUBPARTITION s4, SUBPARTITION s5));

SET SESSION aria_sort_buffer_size=CAST(-1 AS UNSIGNED INT);

INSERT INTO t1 SELECT '', SEQ FROM seq_1_to_258;

SET SESSION aria_repair_threads=CAST(-1 AS UNSIGNED INT);

UPDATE t1 SET a=( (SELECT MAX(a) FROM t1));

SET GLOBAL innodb_default_ROW_FORMAT=0;

Shows a number of different outcomes. Executing it via SOURCE in.sql versus CLI copy/paste seems to generate somewhat different outcomes. In any case, it will generally crash at line7 (INSERT) or at line 9 (UPDATE) with a random stack. Likely some memory overwrite happening causing random stacks. For example, I have seen;

10.4.25 f5ff7d09c73b5527cb6e0540cd470db9d8a82108 (Debug)
Error: Freeing overrun buffer 0x1488140380e0 at mysqld: /test/10.4_dbg/storage/innobase/fil/fil0fil.cc:335: fil_space_t* fil_space_get_by_id(ulint): Assertion `space->magic_n == 89472' failed.

10.4.25 f5ff7d09c73b5527cb6e0540cd470db9d8a82108 (Debug)
Core was generated by `/test/MD260222-mariadb-10.4.25-linux-x86_64-dbg/bin/mysqld --no-defaults --core'.
Program terminated with signal SIGABRT, Aborted.
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
[Current thread is 1 (Thread 0x14885a9fc700 (LWP 2083163))]
(gdb) bt
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1 0x000014887f2ab859 in __GI_abort () at abort.c:79
#2 0x000014887f2ab729 in __assert_fail_base (fmt=0x14887f441588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x5610a503add0 "space->magic_n == 89472", file=0x5610a5038550 "/test/10.4_dbg/storage/innobase/fil/fil0fil.cc", line=335, function=<optimized out>) at assert.c:92
#3 0x000014887f2bd006 in __GI___assert_fail (assertion=assertion@entry=0x5610a503add0 "space->magic_n == 89472", file=file@entry=0x5610a5038550 "/test/10.4_dbg/storage/innobase/fil/fil0fil.cc", line=line@entry=335, function=function@entry=0x5610a5038a18 "fil_space_t* fil_space_get_by_id(ulint)") at assert.c:101
#4 0x00005610a4ad9df9 in fil_space_get_by_id (id=id@entry=8) at /test/10.4_dbg/storage/innobase/fil/fil0fil.cc:333
#5 0x00005610a4adccfb in fil_space_acquire_for_io (id=id@entry=8) at /test/10.4_dbg/storage/innobase/fil/fil0fil.cc:1924
#6 0x00005610a4a582b0 in buf_flush_try_neighbors (n_to_flush=200, n_flushed=44, flush_type=BUF_FLUSH_LIST, page_id={m_space = 8, m_page_no = 1}) at /test/10.4_dbg/storage/innobase/include/buf0types.h:168
#7 buf_flush_page_and_try_neighbors (bpage=bpage@entry=0x14885c02e320, flush_type=flush_type@entry=BUF_FLUSH_LIST, n_to_flush=n_to_flush@entry=200, count=count@entry=0x14885a9fb978) at /test/10.4_dbg/storage/innobase/buf/buf0flu.cc:1499
#8 0x00005610a4a5a898 in buf_do_flush_list_batch (lsn_limit=18446744073709551615, min_n=200, buf_pool=0x5610a6ba9b00) at /test/10.4_dbg/storage/innobase/buf/buf0flu.cc:1755
#9 buf_flush_batch (buf_pool=buf_pool@entry=0x5610a6ba9b00, flush_type=flush_type@entry=BUF_FLUSH_LIST, min_n=min_n@entry=200, lsn_limit=lsn_limit@entry=18446744073709551615, n=n@entry=0x14885a9fbbd0) at /test/10.4_dbg/storage/innobase/buf/buf0flu.cc:1828
#10 0x00005610a4a5ae6c in buf_flush_do_batch (buf_pool=0x5610a6ba9b00, type=type@entry=BUF_FLUSH_LIST, min_n=min_n@entry=200, lsn_limit=lsn_limit@entry=18446744073709551615, n=n@entry=0x14885a9fbbd0) at /test/10.4_dbg/storage/innobase/buf/buf0flu.cc:1986
#11 0x00005610a4a5b1c0 in buf_flush_lists (min_n=200, lsn_limit=lsn_limit@entry=18446744073709551615, n_processed=n_processed@entry=0x14885a9fbca8) at /test/10.4_dbg/storage/innobase/buf/buf0flu.cc:2088
#12 0x00005610a4a5da6c in buf_flush_page_cleaner_coordinator () at /test/10.4_dbg/storage/innobase/buf/buf0flu.cc:3244
#13 0x000014887f7bc609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#14 0x000014887f3a8163 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Note the Error: Freeing overrun buffer. And;

10.4.25 f5ff7d09c73b5527cb6e0540cd470db9d8a82108 (Debug)
Core was generated by `/test/MD260222-mariadb-10.4.25-linux-x86_64-dbg/bin/mysqld --no-defaults --core'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 pfs_os_file_t::operator int (this=0x340210)
at /test/10.4_dbg/storage/innobase/include/os0file.h:99
[Current thread is 1 (Thread 0x14badd3f9700 (LWP 2064716))]
(gdb) bt
#0 pfs_os_file_t::operator int (this=0x340210) at /test/10.4_dbg/storage/innobase/include/os0file.h:99
#1 fil_node_t::is_open (this=0x340200) at /test/10.4_dbg/storage/innobase/include/fil0fil.h:635
#2 Check::operator() (elem=0x340200, this=0x14badd3f8c10) at /test/10.4_dbg/storage/innobase/fil/fil0fil.cc:4507
#3 ut_list_map<ut_list_base<fil_node_t, ut_list_node<fil_node_t> fil_node_t::*>, Check> (functor=@0x14badd3f8c10: {size = 432398340785700864, n_open = 1}, list=@0x14ba98037d00: {count = 1, start = 0x14ba98038e50, end = 0x14ba98038e50, node = &fil_node_t::chain, init = 51966}) at /test/10.4_dbg/storage/innobase/include/ut0lst.h:445
#4 ut_list_validate<ut_list_base<fil_node_t, ut_list_node<fil_node_t> fil_node_t::*>, Check> (list=@0x14ba98037d00: {count = 1, start = 0x14ba98038e50, end = 0x14ba98038e50, node = &fil_node_t::chain, init = 51966}, functor=@0x14badd3f8c10: {size = 432398340785700864, n_open = 1}) at /test/10.4_dbg/storage/innobase/include/ut0lst.h:476
#5 0x00005618f3587200 in Check::validate (space=0x14ba98037ca0) at /test/10.4_dbg/storage/innobase/fil/fil0fil.cc:4519
#6 fil_validate () at /test/10.4_dbg/storage/innobase/fil/fil0fil.cc:4554
#7 0x00005618f35875b8 in fil_validate_skip () at /test/10.4_dbg/include/my_counter.h:34
#8 0x00005618f3590508 in fil_aio_wait (segment=segment@entry=6) at /test/10.4_dbg/storage/innobase/fil/fil0fil.cc:4313
#9 0x00005618f33ee1ff in io_handler_thread (arg=<optimized out>) at /test/10.4_dbg/storage/innobase/srv/srv0start.cc:324
#10 0x000014bb01954609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#11 0x000014bb01540163 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

And:

10.4.25 f5ff7d09c73b5527cb6e0540cd470db9d8a82108 (Debug)
Core was generated by `/test/MD260222-mariadb-10.4.25-linux-x86_64-dbg/bin/mysqld --no-defaults --core'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x000014da7a99fbb1 in _int_malloc (av=av@entry=0x14da1c000020,
bytes=bytes@entry=24) at malloc.c:3671
[Current thread is 1 (Thread 0x14da64071700 (LWP 2099410))]
(gdb) bt
#0 0x000014da7a99fbb1 in _int_malloc (av=av@entry=0x14da1c000020, bytes=bytes@entry=24) at malloc.c:3671
#1 0x000014da7a9a22c9 in __GI___libc_malloc (bytes=24) at malloc.c:3066
#2 0x000014da7acf5b39 in operator new(unsigned long) () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#3 0x000055d74b119bf9 in __gnu_cxx::new_allocator<index_field_stats_t>::allocate (__n=1, this=0x14da6406daa0) at /usr/include/c++/9/ext/new_allocator.h:102
#4 std::allocator_traits<std::allocator<index_field_stats_t> >::allocate (__n=1, __a=@0x14da6406daa0: {<__gnu_cxx::new_allocator<index_field_stats_t>> = {<No data fields>}, <No data fields>}) at /usr/include/c++/9/bits/alloc_traits.h:444
#5 std::_Vector_base<index_field_stats_t, std::allocator<index_field_stats_t> >::_M_allocate (__n=1, this=0x14da6406daa0) at /usr/include/c++/9/bits/stl_vector.h:343
#6 std::vector<index_field_stats_t, std::allocator<index_field_stats_t> >::reserve (__n=1, this=0x14da6406daa0) at /usr/include/c++/9/bits/vector.tcc:78
#7 btr_estimate_number_of_different_key_vals (index=index@entry=0x14da1c0224d0) at /test/10.4_dbg/storage/innobase/btr/btr0cur.cc:7126
#8 0x000055d74b1e4da0 in dict_stats_update_transient_for_index (index=index@entry=0x14da1c0224d0) at /test/10.4_dbg/storage/innobase/dict/dict0stats.cc:882
#9 0x000055d74b1ec365 in dict_stats_update_transient (table=0x14da1c021090) at /test/10.4_dbg/storage/innobase/dict/dict0stats.cc:954
#10 dict_stats_update (table=table@entry=0x14da1c021090, stats_upd_option=stats_upd_option@entry=DICT_STATS_RECALC_TRANSIENT) at /test/10.4_dbg/storage/innobase/dict/dict0stats.cc:3389
#11 0x000055d74b1ee389 in dict_stats_update_if_needed (table=table@entry=0x14da1c021090, trx=Python Exception <class 'AttributeError'> 'NoneType' object has no attribute 'pointer':
@0x14da658de120: {n_ref = {m_counter = {<std::__atomic_base<int>> = {static _S_alignment = 4, _M_i = 0}, <No data fields>}}, mutex = {m_impl = {m_lock_word = {<std::__atomic_base<unsigned int>> = {static _S_alignment = 4, _M_i = 0}, <No data fields>}, m_event = 0x55d74dedac90, m_policy = {context = {<latch_t> = {_vptr.latch_t = 0x55d74bbc7600 <vtable for MutexDebug<TTASEventMutex<GenericPolicy> >+16>, m_id = LATCH_ID_TRX, m_rw_lock = false}, m_mutex = 0x0, m_filename = 0x0, m_line = 0, m_thread_id = 18446744073709551615, m_debug_mutex = {m_freed = false, m_mutex = pthread_mutex_t = {
Type = Normal,
Status = Not acquired,
Robust = No,
Shared = No,
Protocol = None
}}}, m_count = {m_spins = 0, m_waits = 0, m_calls = 0, m_enabled = false}, m_id = LATCH_ID_TRX}}, m_ptr = 0x0}, id = 47, no = 18446744073709551615, state = TRX_STATE_ACTIVE, wsrep = false, wsrep_UK_scan = false, read_view = {m_state = {<std::__atomic_base<unsigned int>> = {static _S_alignment = 4, _M_i = 0}, <No data fields>}, m_low_limit_id = 0, m_up_limit_id = 0, m_creator_trx_id = 0, m_ids = std::vector of length 0, capacity 0, m_low_limit_no = 0}, lock = {n_active_thrs = 0, que_state = TRX_QUE_RUNNING, wait_trx = 0x0, wait_lock = 0x0, deadlock_mark = 0, was_chosen_as_deadlock_victim = false, wait_started = 0, wait_thr = 0x0, was_chosen_as_wsrep_victim = false, rec_pool = {{lock = {trx = 0x14da658de120, trx_locks = {prev = 0x0, next = 0x0}, index = 0x14da1801c670, hash = 0x0, requested_time = 0, wait_time = 0, un_member = {tab_lock = {table = 0x300000004, locks = {prev = 0x48, next = 0x0}}, rec_lock = {space = 4, page_no = 3, n_bits = 72}}, type_mode = 34}, pad = "\002", '\000' <repeats 254 times>}, {lock = {trx = 0x0, trx_locks = {prev = 0x0, next = 0x0}, index = 0x0, hash = 0x0, requested_time = 0, wait_time = 0, un_member = {tab_lock = {table = 0x0, locks = {prev = 0x0, next = 0x0}}, rec_lock = {space = 0, page_no = 0, n_bits = 0}}, type_mode = 0}, pad = '\000' <repeats 255 times>}, {lock = {trx = 0x0, trx_locks = {prev = 0x0, next = 0x0}, index = 0x0, hash = 0x0, requested_time = 0, wait_time = 0, un_member = {tab_lock = {table = 0x0, locks = {prev = 0x0, next = 0x0}}, rec_lock = {space = 0, page_no = 0, n_bits = 0}}, type_mode = 0}, pad = '\000' <repeats 255 times>}, {lock = {trx = 0x0, trx_locks = {prev = 0x0, next = 0x0}, index = 0x0, hash = 0x0, requested_time = 0, wait_time = 0, un_member = {tab_lock = {table = 0x0, locks = {prev = 0x0, next = 0x0}}, rec_lock = {space = 0, page_no = 0, n_bits = 0}}, type_mode = 0}, pad = '\000' <repeats 255 times>}, {lock = {trx = 0x0, trx_locks = {prev = 0x0, next = 0x0}, index = 0x0, hash = 0x0, requested_time = 0, wait_time = 0, un_member = {tab_lock = {table = 0x0, locks = {prev = 0x0, next = 0x0}}, rec_lock = {space = 0, page_no = 0, n_bits = 0}}, type_mode = 0}, pad = '\000' <repeats 255 times>}, {lock = {trx = 0x0, trx_locks = {prev = 0x0, next = 0x0}, index = 0x0, hash = 0x0, requested_time = 0, wait_time = 0, un_member = {tab_lock = {table = 0x0, locks = {prev = 0x0, next = 0x0}}, rec_lock = {space = 0, page_no = 0, n_bits = 0}}, type_mode = 0}, pad = '\000' <repeats 255 times>}, {lock = {trx = 0x0, trx_locks = {prev = 0x0, next = 0x0}, index = 0x0, hash = 0x0, requested_time = 0, wait_time = 0, un_member = {tab_lock = {table = 0x0, locks = {prev = 0x0, next = 0x0}}, rec_lock = {space = 0, page_no = 0, n_bits = 0}}, type_mode = 0}, pad = '\000' <repeats 255 times>}, {lock = {trx = 0x0, trx_locks = {prev = 0x0, next = 0x0}, index = 0x0, hash = 0x0, requested_time = 0, wait_time = 0, un_member = {tab_lock = {table = 0x0, locks = {prev = 0x0, next = 0x0}}, rec_lock = {space = 0, page_no = 0, n_bits = 0}}, type_mode = 0}, pad = '\000' <repeats 255 times>}}, table_pool = {{trx = 0x14da658de120, trx_locks = {prev = 0x0, next = 0x0}, index = 0x0, hash = 0x0, requested_time = 0, wait_time = 0, un_member = {tab_lock = {table = 0x14da180132c0, locks = {prev = 0x0, next = 0x0}}, rec_lock = {space = 402731712, page_no = 5338, n_bits = 0}}, type_mode = 16}, {trx = 0x0, trx_locks = {prev = 0x0, next = 0x0}, index = 0x0, hash = 0x0, requested_time = 0, wait_time = 0, un_member = {tab_lock = {table = 0x0, locks = {prev = 0x0, next = 0x0}}, rec_lock = {space = 0, page_no = 0, n_bits = 0}}, type_mode = 0}, {trx = 0x0, trx_locks = {prev = 0x0, next = 0x0}, index = 0x0, hash = 0x0, requested_time = 0, wait_time = 0, un_member = {tab_lock = {table = 0x0, locks = {prev = 0x0, next = 0x0}}, rec_lock = {space = 0, page_no = 0, n_bits = 0}}, type_mode = 0}, {trx = 0x0, trx_locks = {prev = 0x0, next = 0x0}, index = 0x0, hash = 0x0, requested_time = 0, wait_time = 0, un_member = {tab_lock = {table = 0x0, locks = {prev = 0x0, next = 0x0}}, rec_lock = {space = 0, page_no = 0, n_bits = 0}}, type_mode = 0}, {trx = 0x0, trx_locks = {prev = 0x0, next = 0x0}, index = 0x0, hash = 0x0, requested_time = 0, wait_time = 0, un_member = {tab_lock = {table = 0x0, locks = {prev = 0x0, next = 0x0}}, rec_lock = {space = 0, page_no = 0, n_bits = 0}}, type_mode = 0}, {trx = 0x0, trx_locks = {prev = 0x0, next = 0x0}, index = 0x0, hash = 0x0, requested_time = 0, wait_time = 0, un_member = {tab_lock = {table = 0x0, locks = {prev = 0x0, next = 0x0}}, rec_lock = {space = 0, page_no = 0, n_bits = 0}}, type_mode = 0}, {trx = 0x0, trx_locks = {prev = 0x0, next = 0x0}, index = 0x0, hash = 0x0, requested_time = 0, wait_time = 0, un_member = {tab_lock = {table = 0x0, locks = {prev = 0x0, next = 0x0}}, rec_lock = {space = 0, page_no = 0, n_bits = 0}}, type_mode = 0}, {trx = 0x0, trx_locks = {prev = 0x0, next = 0x0}, index = 0x0, hash = 0x0, requested_time = 0, wait_time = 0, un_member = {tab_lock = {table = 0x0, locks = {prev = 0x0, next = 0x0}}, rec_lock = {space = 0, page_no = 0, n_bits = 0}}, type_mode = 0}}, rec_cached = 0, table_cached = 0, lock_heap = 0x55d74deda800, trx_locks = {count = 0, start = 0x0, end = 0x0, node = &ib_lock_t::trx_locks, init = 51966}, table_locks = std::vector of length 0, capacity 1, evicted_tables = {count = 0, start = 0x0, end = 0x0, node = &dict_table_t::table_LRU, init = 51966}, cancel = false, n_rec_locks = 0}, is_recovered = false, op_info = 0x55d74b71bc64 "inserting", isolation_level = 2, check_foreigns = true, is_registered = true, active_commit_ordered = false, check_unique_secondary = true, flush_log_later = false, must_flush_log_later = false, duplicates = 0, dict_operation = TRX_DICT_OP_NONE, declared_to_be_inside_innodb = false, n_tickets_to_enter_innodb = 0, dict_operation_lock_mode = 0, start_time = 1647246349, start_time_micro = 1647246349812808, commit_lsn = 0, table_id = 0, mysql_thd = 0x14da1c000d90, mysql_log_file_name = 0x0, mysql_log_offset = 0, n_mysql_tables_in_use = 1, mysql_n_tables_locked = 1, trx_list = {prev = 0x0, next = 0x14da658dd018}, error_state = DB_SUCCESS, error_info = 0x0, error_key_num = 18446744073709551615, graph = 0x0, trx_savepoints = {count = 0, start = 0x0, end = 0x0, node = &trx_named_savept_t::trx_savepoints, init = 51966}, undo_no = 32, last_sql_stat_start = {least_undo_no = 0}, rsegs = {m_redo = {rseg = 0x55d74ed2c380, undo = 0x0}, m_noredo = {rseg = 0x55d74ea52bc0, undo = 0x14da1c0ea650}}, roll_limit = 0, in_rollback = false, pages_undone = 0, n_autoinc_rows = 0, autoinc_locks = 0x14da1c020de0, read_only = false, auto_commit = false, will_lock = true, fts_trx = 0x0, fts_next_doc_id = 0, flush_tables = 0, ddl = false, internal = false, start_line = 1371, start_file = 0x55d74b71c198 "/test/10.4_dbg/storage/innobase/row/row0mysql.cc", xid = 0x55d74deda650, mod_tables = std::map with 0 elements, detailed_error = 0x55d74deda6f0 "", flush_observer = 0x0, wsrep_event = 0x0, rw_trx_hash_element = 0x14da1c021f40, rw_trx_hash_pins = 0x55d74ed3af88, magic_n = 91118598}) at /test/10.4_dbg/storage/innobase/dict/dict0stats_bg.cc:226
#12 0x000055d74afe951b in row_insert_for_mysql (mysql_rec=mysql_rec@entry=0x14da1c079ca0 <incomplete sequence \371>, prebuilt=0x14da1c07bc10, ins_mode=ROW_INS_NORMAL) at /test/10.4_dbg/storage/innobase/row/row0mysql.cc:1499
#13 0x000055d74ae49548 in ha_innobase::write_row (this=0x14da1c07b418, record=0x14da1c079ca0 <incomplete sequence \371>) at /test/10.4_dbg/storage/innobase/handler/ha_innodb.cc:8180
#14 0x000055d74aa98303 in handler::ha_write_row (this=0x14da1c07b418, buf=0x14da1c079ca0 <incomplete sequence \371>) at /test/10.4_dbg/sql/handler.cc:6774
#15 0x000055d74a78aa8b in write_record (thd=0x14da1c000d90, table=0x14da1c07a5b0, info=info@entry=0x14da1c015070) at /test/10.4_dbg/sql/sql_insert.cc:2072
#16 0x000055d74a78af79 in select_insert::send_data (this=0x14da1c015028, values=<optimized out>) at /test/10.4_dbg/sql/sql_insert.cc:3973
#17 0x000055d74a83a94d in end_send (join=0x14da1c0150d8, join_tab=0x14da1c0166d8, end_of_records=<optimized out>) at /test/10.4_dbg/sql/sql_select.cc:21823
#18 0x000055d74a80b6a1 in evaluate_join_record (join=join@entry=0x14da1c0150d8, join_tab=join_tab@entry=0x14da1c016330, error=error@entry=0) at /test/10.4_dbg/sql/sql_select.cc:20855
#19 0x000055d74a821835 in sub_select (join=0x14da1c0150d8, join_tab=0x14da1c016330, end_of_records=<optimized out>) at /test/10.4_dbg/sql/sql_select.cc:20667
#20 0x000055d74a857df4 in do_select (procedure=0x0, join=0x14da1c0150d8) at /test/10.4_dbg/sql/sql_select.cc:20164
#21 JOIN::exec_inner (this=this@entry=0x14da1c0150d8) at /test/10.4_dbg/sql/sql_select.cc:4542
#22 0x000055d74a858338 in JOIN::exec (this=this@entry=0x14da1c0150d8) at /test/10.4_dbg/sql/sql_select.cc:4324
#23 0x000055d74a856474 in mysql_select (thd=thd@entry=0x14da1c000d90, tables=0x14da1c0140a0, wild_num=0, fields=@0x14da1c013b50: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14da1c013f20, last = 0x14da1c014048, elements = 2}, <No data fields>}, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x14da1c015028, unit=0x14da1c004cc0, select_lex=0x14da1c013a08) at /test/10.4_dbg/sql/sql_select.cc:4763
#24 0x000055d74a85679c in handle_select (thd=thd@entry=0x14da1c000d90, lex=lex@entry=0x14da1c004c00, result=result@entry=0x14da1c015028, setup_tables_done_option=setup_tables_done_option@entry=1073741824) at /test/10.4_dbg/sql/sql_select.cc:436
#25 0x000055d74a7d249e in mysql_execute_command (thd=thd@entry=0x14da1c000d90) at /test/10.4_dbg/sql/sql_parse.cc:4712
#26 0x000055d74a7d9c77 in mysql_parse (thd=thd@entry=0x14da1c000d90, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14da64070490, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.4_dbg/sql/sql_parse.cc:7995
#27 0x000055d74a7dc6d3 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14da1c000d90, packet=packet@entry=0x14da1c01a361 "INSERT INTO t1 SELECT '', SEQ FROM seq_1_to_258", packet_length=packet_length@entry=47, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.4_dbg/sql/sql_class.h:1201
#28 0x000055d74a7dffc6 in do_command (thd=0x14da1c000d90) at /test/10.4_dbg/sql/sql_parse.cc:1373
#29 0x000055d74a91f319 in do_handle_one_connection (connect=connect@entry=0x55d74eb68150) at /test/10.4_dbg/sql/sql_connect.cc:1420
#30 0x000055d74a91f438 in handle_one_connection (arg=0x55d74eb68150) at /test/10.4_dbg/sql/sql_connect.cc:1316
#31 0x000014da7ae3b609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#32 0x000014da7aa27163 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

However, one stack which with some frequency (seemingly especially when CLI copy/paste is used and the testcase is pasted once or twice in succession) and consistency appears is this one:

10.4.25 f5ff7d09c73b5527cb6e0540cd470db9d8a82108 (Debug)
Core was generated by `/test/MD260222-mariadb-10.4.25-linux-x86_64-dbg/bin/mysqld --no-defaults --core'.
Program terminated with signal SIGABRT, Aborted.
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
[Current thread is 1 (Thread 0x14c580101700 (LWP 2115944))]
(gdb) bt
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1 0x000014c595dbb859 in __GI_abort () at abort.c:79
#2 0x000014c595e2629e in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x14c595f50298 "%s\n") at ../sysdeps/posix/libc_fatal.c:155
#3 0x000014c595e2e32c in malloc_printerr (str=str@entry=0x14c595f4e569 "malloc(): corrupted top size") at malloc.c:5347
#4 0x000014c595e316ea in _int_malloc (av=av@entry=0x14c52c000020, bytes=bytes@entry=2124) at malloc.c:4107
#5 0x000014c595e332c9 in __GI___libc_malloc (bytes=bytes@entry=2124) at malloc.c:3066
#6 0x000055de92ae2c80 in sf_malloc (size=size@entry=2008, my_flags=my_flags@entry=69648) at /test/10.4_dbg/mysys/safemalloc.c:118
#7 0x000055de92ad3a59 in my_malloc (size=size@entry=2008, my_flags=69648) at /test/10.4_dbg/mysys/my_malloc.c:101
#8 0x000055de92ac9b41 in alloc_root (mem_root=mem_root@entry=0x14c52c0069f0, length=length@entry=400) at /test/10.4_dbg/mysys/my_alloc.c:251
#9 0x000055de91f2fd8f in Sql_alloc::operator new (mem_root=0x14c52c0069f0, size=400) at /test/10.4_dbg/sql/sql_alloc.h:39
#10 Warning_info::push_warning (this=0x14c52c0069f0, thd=thd@entry=0x14c52c000d90, value=value@entry=0x14c5800fa9e0, msg=msg@entry=0x14c5800faaf0 "Error reading file '' (Errcode: 14 \"Bad address\")") at /test/10.4_dbg/sql/sql_error.cc:664
#11 0x000055de91f0f412 in Diagnostics_area::push_warning (msg=0x14c5800faaf0 "Error reading file '' (Errcode: 14 \"Bad address\")", ucid=@0x14c5800faa48: {m_user_condition_value = 0x0}, level=<optimized out>, sqlstate=0x55de92c75ab8 "HY000", sql_errno_arg=2, thd=0x14c52c000d90, this=0x14c52c0067b0) at /test/10.4_dbg/sql/sql_plist.h:132
#12 THD::raise_condition (this=this@entry=0x14c52c000d90, sql_errno=sql_errno@entry=2, sqlstate=0x55de92c75ab8 "HY000", sqlstate@entry=0x0, level=<optimized out>, ucid=@0x14c5800faa48: {m_user_condition_value = 0x0}, msg=msg@entry=0x14c5800faaf0 "Error reading file '' (Errcode: 14 \"Bad address\")") at /test/10.4_dbg/sql/sql_class.cc:1107
#13 0x000055de91e678d0 in THD::raise_condition (msg=0x14c5800faaf0 "Error reading file '' (Errcode: 14 \"Bad address\")", level=<optimized out>, sqlstate=0x0, sql_errno=2, this=0x14c52c000d90) at /test/10.4_dbg/sql/sql_error.h:217
#14 my_message_sql (error=2, str=0x14c5800faaf0 "Error reading file '' (Errcode: 14 \"Bad address\")", MyFlags=4) at /test/10.4_dbg/sql/mysqld.cc:3350
#15 0x000055de92acd24e in my_error (nr=nr@entry=2, MyFlags=MyFlags@entry=4) at /test/10.4_dbg/mysys/my_error.c:125
#16 0x000055de92ad4a80 in my_pread (Filedes=Filedes@entry=52, Buffer=0x14c52c0eb000 <error: Cannot access memory at address 0x14c52c0eb000>, Buffer@entry=0x14c52c0eaff5 "\006", Count=3, Count@entry=14, offset=1981, offset@entry=1970, MyFlags=MyFlags@entry=532) at /test/10.4_dbg/mysys/my_pread.c:100
#17 0x000055de92abb457 in inline_mysql_file_pread (flags=532, offset=1970, count=14, buffer=0x14c52c0eaff5 "\006", file=52, src_line=198, src_file=0x55de92f22d18 "/test/10.4_dbg/mysys/mf_iocache2.c") at /test/10.4_dbg/include/mysql/psi/mysql_file.h:1224
#18 my_b_pread (info=info@entry=0x14c52c0e8e38, Buffer=Buffer@entry=0x14c52c0eaff5 "\006", Count=14, pos=1970) at /test/10.4_dbg/mysys/mf_iocache2.c:198
#19 0x000055de92533a05 in read_to_buffer_varlen (fromfile=0x14c52c0e8e38, buffpek=0x14c530001da0, sort_length=15) at /test/10.4_dbg/storage/maria/ma_sort.c:955
#20 0x000055de92533c5e in merge_buffers (info=info@entry=0x14c52c0e8cc0, keys=keys@entry=1229782938247303441, from_file=from_file@entry=0x14c52c0e8e38, to_file=to_file@entry=0x0, sort_keys=sort_keys@entry=0x14c52c0ea8c0, lastbuff=lastbuff@entry=0x14c530001da0, Fb=0x14c530001da0, Tb=0x14c530001dd0) at /test/10.4_dbg/storage/maria/ma_sort.c:1036
#21 0x000055de9253441c in merge_index (info=info@entry=0x14c52c0e8cc0, keys=keys@entry=1229782938247303441, sort_keys=sort_keys@entry=0x14c52c0ea8c0, buffpek=0x14c530001da0, maxbuffer=1, tempfile=tempfile@entry=0x14c52c0e8e38) at /test/10.4_dbg/storage/maria/ma_sort.c:1146
#22 0x000055de92536078 in _ma_thr_write_keys (sort_param=sort_param@entry=0x14c52c0e8cc0) at /test/10.4_dbg/storage/maria/ma_sort.c:664
#23 0x000055de9252b4c0 in maria_repair_parallel (param=param@entry=0x14c52c08fac8, info=0x14c52c0896a0, name=name@entry=0x14c5800fceb0 "/test/MD260222-mariadb-10.4.25-linux-x86_64-dbg/data/#sql_204942_0", rep_quick=1 '\001') at /test/10.4_dbg/storage/maria/ma_check.c:4541
#24 0x000055de924b0804 in ha_maria::repair (this=this@entry=0x14c52c087d78, thd=thd@entry=0x14c52c000d90, param=param@entry=0x14c52c08fac8, do_optimize=do_optimize@entry=false) at /test/10.4_dbg/storage/maria/ha_maria.cc:1648
#25 0x000055de924b1666 in ha_maria::enable_indexes (this=0x14c52c087d78, mode=<optimized out>) at /test/10.4_dbg/storage/maria/ha_maria.cc:2021
#26 0x000055de924aa59d in ha_maria::end_bulk_insert (this=0x14c52c087d78) at /test/10.4_dbg/storage/maria/ha_maria.cc:2259
#27 0x000055de9224146a in handler::ha_end_bulk_insert (this=0x14c52c087d78) at /test/10.4_dbg/sql/handler.cc:4444
#28 0x000055de91fd93d9 in create_internal_tmp_table_from_heap (thd=0x14c52c000d90, table=table@entry=0x14c52c081f78, start_recinfo=<optimized out>, recinfo=<optimized out>, error=error@entry=135, ignore_last_dupp_key_error=ignore_last_dupp_key_error@entry=true, is_duplicate=0x0) at /test/10.4_dbg/sql/sql_select.cc:19836
#29 0x000055de9206f4cb in multi_update::send_data (this=0x14c52c015528, not_used_values=<optimized out>) at /test/10.4_dbg/sql/sql_update.cc:2656
#30 0x000055de91fe894d in end_send (join=0x14c52c015638, join_tab=0x14c52c07ed30, end_of_records=<optimized out>) at /test/10.4_dbg/sql/sql_select.cc:21823
#31 0x000055de91fb96a1 in evaluate_join_record (join=join@entry=0x14c52c015638, join_tab=join_tab@entry=0x14c52c07e988, error=error@entry=0) at /test/10.4_dbg/sql/sql_select.cc:20855
#32 0x000055de91fcf835 in sub_select (join=0x14c52c015638, join_tab=0x14c52c07e988, end_of_records=<optimized out>) at /test/10.4_dbg/sql/sql_select.cc:20667
#33 0x000055de92005df4 in do_select (procedure=0x0, join=0x14c52c015638) at /test/10.4_dbg/sql/sql_select.cc:20164
#34 JOIN::exec_inner (this=this@entry=0x14c52c015638) at /test/10.4_dbg/sql/sql_select.cc:4542
#35 0x000055de92006338 in JOIN::exec (this=this@entry=0x14c52c015638) at /test/10.4_dbg/sql/sql_select.cc:4324
#36 0x000055de92004474 in mysql_select (thd=thd@entry=0x14c52c000d90, tables=tables@entry=0x14c52c013338, wild_num=0, fields=@0x14c5800fea60: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x55de93555ca0 <end_of_list>, last = 0x14c5800fea60, elements = 0}, <No data fields>}, conds=conds@entry=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x14c52c015528, unit=0x14c52c004cc0, select_lex=0x14c52c0054c8) at /test/10.4_dbg/sql/sql_select.cc:4763
#37 0x000055de92070b2e in mysql_multi_update (thd=thd@entry=0x14c52c000d90, table_list=0x14c52c013338, fields=fields@entry=0x14c52c005610, values=values@entry=0x14c52c005bb8, conds=0x0, options=0, handle_duplicates=DUP_ERROR, ignore=false, unit=0x14c52c004cc0, select_lex=0x14c52c0054c8, result=0x14c5800fecc0) at /test/10.4_dbg/sql/sql_update.cc:1961
#38 0x000055de91f7fa66 in mysql_execute_command (thd=thd@entry=0x14c52c000d90) at /test/10.4_dbg/sql/sql_parse.cc:4515
#39 0x000055de91f87c77 in mysql_parse (thd=thd@entry=0x14c52c000d90, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14c580100490, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.4_dbg/sql/sql_parse.cc:7995
#40 0x000055de91f8a6d3 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14c52c000d90, packet=packet@entry=0x14c52c01a361 "UPDATE t1 SET a=( (SELECT MAX(a) FROM t1))", packet_length=packet_length@entry=42, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.4_dbg/sql/sql_class.h:1201
#41 0x000055de91f8dfc6 in do_command (thd=0x14c52c000d90) at /test/10.4_dbg/sql/sql_parse.cc:1373
#42 0x000055de920cd319 in do_handle_one_connection (connect=connect@entry=0x55de969a7150) at /test/10.4_dbg/sql/sql_connect.cc:1420
#43 0x000055de920cd438 in handle_one_connection (arg=0x55de969a7150) at /test/10.4_dbg/sql/sql_connect.cc:1316
#44 0x000014c5962cc609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#45 0x000014c595eb8163 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

It likely highlights the memory issue. This testcase was originally discovered in the ~~MDEV-25440~~ tree. I am trying to simplify the testcase further, however I wanted to include the longer version above as well for future testing.

Attachments

Activity

People

Assignee:: Michael Widenius

Reporter:: Roel Van de Paar

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2022-03-14 08:44

Updated:: 2023-08-28 15:19

Resolved:: 2023-05-03 15:13

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.