Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
10.3(EOL), 10.4(EOL), 10.5, 10.6, 10.7(EOL), 10.8(EOL), 10.9(EOL)
Description
The following testcase:
SET sql_mode=''; |
INSERT INTO t1 VALUES (1),(3),(2); |
CREATE TEMPORARY TABLE t1 (a tinyINT,b CHAR(1)) ENGINE=InnoDB ROW_FORMAT=REDUNDANT; |
SET SESSION tmp_table_size=True; |
CREATE TABLE t (c INT, d DATE) ENGINE=InnoDB PARTITION BY RANGE (YEAR (d)) SUBPARTITION BY HASH (TO_DAYS (d)) (PARTITION p0 VALUES LESS THAN (1990) (SUBPARTITION s0, SUBPARTITION s1), PARTITION p1 VALUES LESS THAN MAXVALUE (SUBPARTITION s4, SUBPARTITION s5)); |
SET SESSION aria_sort_buffer_size=CAST(-1 AS UNSIGNED INT); |
INSERT INTO t1 SELECT '', SEQ FROM seq_1_to_258; |
SET SESSION aria_repair_threads=CAST(-1 AS UNSIGNED INT); |
UPDATE t1 SET a=( (SELECT MAX(a) FROM t1)); |
SET GLOBAL innodb_default_ROW_FORMAT=0; |
Shows a number of different outcomes. Executing it via SOURCE in.sql versus CLI copy/paste seems to generate somewhat different outcomes. In any case, it will generally crash at line7 (INSERT) or at line 9 (UPDATE) with a random stack. Likely some memory overwrite happening causing random stacks. For example, I have seen;
|
10.4.25 f5ff7d09c73b5527cb6e0540cd470db9d8a82108 (Debug) |
Error: Freeing overrun buffer 0x1488140380e0 at mysqld: /test/10.4_dbg/storage/innobase/fil/fil0fil.cc:335: fil_space_t* fil_space_get_by_id(ulint): Assertion `space->magic_n == 89472' failed.
|
|
10.4.25 f5ff7d09c73b5527cb6e0540cd470db9d8a82108 (Debug) |
Core was generated by `/test/MD260222-mariadb-10.4.25-linux-x86_64-dbg/bin/mysqld --no-defaults --core'.
|
Program terminated with signal SIGABRT, Aborted.
|
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
|
[Current thread is 1 (Thread 0x14885a9fc700 (LWP 2083163))]
|
(gdb) bt
|
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
|
#1 0x000014887f2ab859 in __GI_abort () at abort.c:79
|
#2 0x000014887f2ab729 in __assert_fail_base (fmt=0x14887f441588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x5610a503add0 "space->magic_n == 89472", file=0x5610a5038550 "/test/10.4_dbg/storage/innobase/fil/fil0fil.cc", line=335, function=<optimized out>) at assert.c:92
|
#3 0x000014887f2bd006 in __GI___assert_fail (assertion=assertion@entry=0x5610a503add0 "space->magic_n == 89472", file=file@entry=0x5610a5038550 "/test/10.4_dbg/storage/innobase/fil/fil0fil.cc", line=line@entry=335, function=function@entry=0x5610a5038a18 "fil_space_t* fil_space_get_by_id(ulint)") at assert.c:101
|
#4 0x00005610a4ad9df9 in fil_space_get_by_id (id=id@entry=8) at /test/10.4_dbg/storage/innobase/fil/fil0fil.cc:333
|
#5 0x00005610a4adccfb in fil_space_acquire_for_io (id=id@entry=8) at /test/10.4_dbg/storage/innobase/fil/fil0fil.cc:1924
|
#6 0x00005610a4a582b0 in buf_flush_try_neighbors (n_to_flush=200, n_flushed=44, flush_type=BUF_FLUSH_LIST, page_id={m_space = 8, m_page_no = 1}) at /test/10.4_dbg/storage/innobase/include/buf0types.h:168
|
#7 buf_flush_page_and_try_neighbors (bpage=bpage@entry=0x14885c02e320, flush_type=flush_type@entry=BUF_FLUSH_LIST, n_to_flush=n_to_flush@entry=200, count=count@entry=0x14885a9fb978) at /test/10.4_dbg/storage/innobase/buf/buf0flu.cc:1499
|
#8 0x00005610a4a5a898 in buf_do_flush_list_batch (lsn_limit=18446744073709551615, min_n=200, buf_pool=0x5610a6ba9b00) at /test/10.4_dbg/storage/innobase/buf/buf0flu.cc:1755
|
#9 buf_flush_batch (buf_pool=buf_pool@entry=0x5610a6ba9b00, flush_type=flush_type@entry=BUF_FLUSH_LIST, min_n=min_n@entry=200, lsn_limit=lsn_limit@entry=18446744073709551615, n=n@entry=0x14885a9fbbd0) at /test/10.4_dbg/storage/innobase/buf/buf0flu.cc:1828
|
#10 0x00005610a4a5ae6c in buf_flush_do_batch (buf_pool=0x5610a6ba9b00, type=type@entry=BUF_FLUSH_LIST, min_n=min_n@entry=200, lsn_limit=lsn_limit@entry=18446744073709551615, n=n@entry=0x14885a9fbbd0) at /test/10.4_dbg/storage/innobase/buf/buf0flu.cc:1986
|
#11 0x00005610a4a5b1c0 in buf_flush_lists (min_n=200, lsn_limit=lsn_limit@entry=18446744073709551615, n_processed=n_processed@entry=0x14885a9fbca8) at /test/10.4_dbg/storage/innobase/buf/buf0flu.cc:2088
|
#12 0x00005610a4a5da6c in buf_flush_page_cleaner_coordinator () at /test/10.4_dbg/storage/innobase/buf/buf0flu.cc:3244
|
#13 0x000014887f7bc609 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
#14 0x000014887f3a8163 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
Note the Error: Freeing overrun buffer. And;
|
10.4.25 f5ff7d09c73b5527cb6e0540cd470db9d8a82108 (Debug) |
Core was generated by `/test/MD260222-mariadb-10.4.25-linux-x86_64-dbg/bin/mysqld --no-defaults --core'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 pfs_os_file_t::operator int (this=0x340210)
|
at /test/10.4_dbg/storage/innobase/include/os0file.h:99
|
[Current thread is 1 (Thread 0x14badd3f9700 (LWP 2064716))]
|
(gdb) bt
|
#0 pfs_os_file_t::operator int (this=0x340210) at /test/10.4_dbg/storage/innobase/include/os0file.h:99
|
#1 fil_node_t::is_open (this=0x340200) at /test/10.4_dbg/storage/innobase/include/fil0fil.h:635
|
#2 Check::operator() (elem=0x340200, this=0x14badd3f8c10) at /test/10.4_dbg/storage/innobase/fil/fil0fil.cc:4507
|
#3 ut_list_map<ut_list_base<fil_node_t, ut_list_node<fil_node_t> fil_node_t::*>, Check> (functor=@0x14badd3f8c10: {size = 432398340785700864, n_open = 1}, list=@0x14ba98037d00: {count = 1, start = 0x14ba98038e50, end = 0x14ba98038e50, node = &fil_node_t::chain, init = 51966}) at /test/10.4_dbg/storage/innobase/include/ut0lst.h:445
|
#4 ut_list_validate<ut_list_base<fil_node_t, ut_list_node<fil_node_t> fil_node_t::*>, Check> (list=@0x14ba98037d00: {count = 1, start = 0x14ba98038e50, end = 0x14ba98038e50, node = &fil_node_t::chain, init = 51966}, functor=@0x14badd3f8c10: {size = 432398340785700864, n_open = 1}) at /test/10.4_dbg/storage/innobase/include/ut0lst.h:476
|
#5 0x00005618f3587200 in Check::validate (space=0x14ba98037ca0) at /test/10.4_dbg/storage/innobase/fil/fil0fil.cc:4519
|
#6 fil_validate () at /test/10.4_dbg/storage/innobase/fil/fil0fil.cc:4554
|
#7 0x00005618f35875b8 in fil_validate_skip () at /test/10.4_dbg/include/my_counter.h:34
|
#8 0x00005618f3590508 in fil_aio_wait (segment=segment@entry=6) at /test/10.4_dbg/storage/innobase/fil/fil0fil.cc:4313
|
#9 0x00005618f33ee1ff in io_handler_thread (arg=<optimized out>) at /test/10.4_dbg/storage/innobase/srv/srv0start.cc:324
|
#10 0x000014bb01954609 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
#11 0x000014bb01540163 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
And:
|
10.4.25 f5ff7d09c73b5527cb6e0540cd470db9d8a82108 (Debug) |
Core was generated by `/test/MD260222-mariadb-10.4.25-linux-x86_64-dbg/bin/mysqld --no-defaults --core'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 0x000014da7a99fbb1 in _int_malloc (av=av@entry=0x14da1c000020,
|
bytes=bytes@entry=24) at malloc.c:3671
|
[Current thread is 1 (Thread 0x14da64071700 (LWP 2099410))]
|
(gdb) bt
|
#0 0x000014da7a99fbb1 in _int_malloc (av=av@entry=0x14da1c000020, bytes=bytes@entry=24) at malloc.c:3671
|
#1 0x000014da7a9a22c9 in __GI___libc_malloc (bytes=24) at malloc.c:3066
|
#2 0x000014da7acf5b39 in operator new(unsigned long) () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
|
#3 0x000055d74b119bf9 in __gnu_cxx::new_allocator<index_field_stats_t>::allocate (__n=1, this=0x14da6406daa0) at /usr/include/c++/9/ext/new_allocator.h:102
|
#4 std::allocator_traits<std::allocator<index_field_stats_t> >::allocate (__n=1, __a=@0x14da6406daa0: {<__gnu_cxx::new_allocator<index_field_stats_t>> = {<No data fields>}, <No data fields>}) at /usr/include/c++/9/bits/alloc_traits.h:444
|
#5 std::_Vector_base<index_field_stats_t, std::allocator<index_field_stats_t> >::_M_allocate (__n=1, this=0x14da6406daa0) at /usr/include/c++/9/bits/stl_vector.h:343
|
#6 std::vector<index_field_stats_t, std::allocator<index_field_stats_t> >::reserve (__n=1, this=0x14da6406daa0) at /usr/include/c++/9/bits/vector.tcc:78
|
#7 btr_estimate_number_of_different_key_vals (index=index@entry=0x14da1c0224d0) at /test/10.4_dbg/storage/innobase/btr/btr0cur.cc:7126
|
#8 0x000055d74b1e4da0 in dict_stats_update_transient_for_index (index=index@entry=0x14da1c0224d0) at /test/10.4_dbg/storage/innobase/dict/dict0stats.cc:882
|
#9 0x000055d74b1ec365 in dict_stats_update_transient (table=0x14da1c021090) at /test/10.4_dbg/storage/innobase/dict/dict0stats.cc:954
|
#10 dict_stats_update (table=table@entry=0x14da1c021090, stats_upd_option=stats_upd_option@entry=DICT_STATS_RECALC_TRANSIENT) at /test/10.4_dbg/storage/innobase/dict/dict0stats.cc:3389
|
#11 0x000055d74b1ee389 in dict_stats_update_if_needed (table=table@entry=0x14da1c021090, trx=Python Exception <class 'AttributeError'> 'NoneType' object has no attribute 'pointer':
|
@0x14da658de120: {n_ref = {m_counter = {<std::__atomic_base<int>> = {static _S_alignment = 4, _M_i = 0}, <No data fields>}}, mutex = {m_impl = {m_lock_word = {<std::__atomic_base<unsigned int>> = {static _S_alignment = 4, _M_i = 0}, <No data fields>}, m_event = 0x55d74dedac90, m_policy = {context = {<latch_t> = {_vptr.latch_t = 0x55d74bbc7600 <vtable for MutexDebug<TTASEventMutex<GenericPolicy> >+16>, m_id = LATCH_ID_TRX, m_rw_lock = false}, m_mutex = 0x0, m_filename = 0x0, m_line = 0, m_thread_id = 18446744073709551615, m_debug_mutex = {m_freed = false, m_mutex = pthread_mutex_t = {
|
Type = Normal,
|
Status = Not acquired,
|
Robust = No,
|
Shared = No,
|
Protocol = None
|
}}}, m_count = {m_spins = 0, m_waits = 0, m_calls = 0, m_enabled = false}, m_id = LATCH_ID_TRX}}, m_ptr = 0x0}, id = 47, no = 18446744073709551615, state = TRX_STATE_ACTIVE, wsrep = false, wsrep_UK_scan = false, read_view = {m_state = {<std::__atomic_base<unsigned int>> = {static _S_alignment = 4, _M_i = 0}, <No data fields>}, m_low_limit_id = 0, m_up_limit_id = 0, m_creator_trx_id = 0, m_ids = std::vector of length 0, capacity 0, m_low_limit_no = 0}, lock = {n_active_thrs = 0, que_state = TRX_QUE_RUNNING, wait_trx = 0x0, wait_lock = 0x0, deadlock_mark = 0, was_chosen_as_deadlock_victim = false, wait_started = 0, wait_thr = 0x0, was_chosen_as_wsrep_victim = false, rec_pool = {{lock = {trx = 0x14da658de120, trx_locks = {prev = 0x0, next = 0x0}, index = 0x14da1801c670, hash = 0x0, requested_time = 0, wait_time = 0, un_member = {tab_lock = {table = 0x300000004, locks = {prev = 0x48, next = 0x0}}, rec_lock = {space = 4, page_no = 3, n_bits = 72}}, type_mode = 34}, pad = "\002", '\000' <repeats 254 times>}, {lock = {trx = 0x0, trx_locks = {prev = 0x0, next = 0x0}, index = 0x0, hash = 0x0, requested_time = 0, wait_time = 0, un_member = {tab_lock = {table = 0x0, locks = {prev = 0x0, next = 0x0}}, rec_lock = {space = 0, page_no = 0, n_bits = 0}}, type_mode = 0}, pad = '\000' <repeats 255 times>}, {lock = {trx = 0x0, trx_locks = {prev = 0x0, next = 0x0}, index = 0x0, hash = 0x0, requested_time = 0, wait_time = 0, un_member = {tab_lock = {table = 0x0, locks = {prev = 0x0, next = 0x0}}, rec_lock = {space = 0, page_no = 0, n_bits = 0}}, type_mode = 0}, pad = '\000' <repeats 255 times>}, {lock = {trx = 0x0, trx_locks = {prev = 0x0, next = 0x0}, index = 0x0, hash = 0x0, requested_time = 0, wait_time = 0, un_member = {tab_lock = {table = 0x0, locks = {prev = 0x0, next = 0x0}}, rec_lock = {space = 0, page_no = 0, n_bits = 0}}, type_mode = 0}, pad = '\000' <repeats 255 times>}, {lock = {trx = 0x0, trx_locks = {prev = 0x0, next = 0x0}, index = 0x0, hash = 0x0, requested_time = 0, wait_time = 0, un_member = {tab_lock = {table = 0x0, locks = {prev = 0x0, next = 0x0}}, rec_lock = {space = 0, page_no = 0, n_bits = 0}}, type_mode = 0}, pad = '\000' <repeats 255 times>}, {lock = {trx = 0x0, trx_locks = {prev = 0x0, next = 0x0}, index = 0x0, hash = 0x0, requested_time = 0, wait_time = 0, un_member = {tab_lock = {table = 0x0, locks = {prev = 0x0, next = 0x0}}, rec_lock = {space = 0, page_no = 0, n_bits = 0}}, type_mode = 0}, pad = '\000' <repeats 255 times>}, {lock = {trx = 0x0, trx_locks = {prev = 0x0, next = 0x0}, index = 0x0, hash = 0x0, requested_time = 0, wait_time = 0, un_member = {tab_lock = {table = 0x0, locks = {prev = 0x0, next = 0x0}}, rec_lock = {space = 0, page_no = 0, n_bits = 0}}, type_mode = 0}, pad = '\000' <repeats 255 times>}, {lock = {trx = 0x0, trx_locks = {prev = 0x0, next = 0x0}, index = 0x0, hash = 0x0, requested_time = 0, wait_time = 0, un_member = {tab_lock = {table = 0x0, locks = {prev = 0x0, next = 0x0}}, rec_lock = {space = 0, page_no = 0, n_bits = 0}}, type_mode = 0}, pad = '\000' <repeats 255 times>}}, table_pool = {{trx = 0x14da658de120, trx_locks = {prev = 0x0, next = 0x0}, index = 0x0, hash = 0x0, requested_time = 0, wait_time = 0, un_member = {tab_lock = {table = 0x14da180132c0, locks = {prev = 0x0, next = 0x0}}, rec_lock = {space = 402731712, page_no = 5338, n_bits = 0}}, type_mode = 16}, {trx = 0x0, trx_locks = {prev = 0x0, next = 0x0}, index = 0x0, hash = 0x0, requested_time = 0, wait_time = 0, un_member = {tab_lock = {table = 0x0, locks = {prev = 0x0, next = 0x0}}, rec_lock = {space = 0, page_no = 0, n_bits = 0}}, type_mode = 0}, {trx = 0x0, trx_locks = {prev = 0x0, next = 0x0}, index = 0x0, hash = 0x0, requested_time = 0, wait_time = 0, un_member = {tab_lock = {table = 0x0, locks = {prev = 0x0, next = 0x0}}, rec_lock = {space = 0, page_no = 0, n_bits = 0}}, type_mode = 0}, {trx = 0x0, trx_locks = {prev = 0x0, next = 0x0}, index = 0x0, hash = 0x0, requested_time = 0, wait_time = 0, un_member = {tab_lock = {table = 0x0, locks = {prev = 0x0, next = 0x0}}, rec_lock = {space = 0, page_no = 0, n_bits = 0}}, type_mode = 0}, {trx = 0x0, trx_locks = {prev = 0x0, next = 0x0}, index = 0x0, hash = 0x0, requested_time = 0, wait_time = 0, un_member = {tab_lock = {table = 0x0, locks = {prev = 0x0, next = 0x0}}, rec_lock = {space = 0, page_no = 0, n_bits = 0}}, type_mode = 0}, {trx = 0x0, trx_locks = {prev = 0x0, next = 0x0}, index = 0x0, hash = 0x0, requested_time = 0, wait_time = 0, un_member = {tab_lock = {table = 0x0, locks = {prev = 0x0, next = 0x0}}, rec_lock = {space = 0, page_no = 0, n_bits = 0}}, type_mode = 0}, {trx = 0x0, trx_locks = {prev = 0x0, next = 0x0}, index = 0x0, hash = 0x0, requested_time = 0, wait_time = 0, un_member = {tab_lock = {table = 0x0, locks = {prev = 0x0, next = 0x0}}, rec_lock = {space = 0, page_no = 0, n_bits = 0}}, type_mode = 0}, {trx = 0x0, trx_locks = {prev = 0x0, next = 0x0}, index = 0x0, hash = 0x0, requested_time = 0, wait_time = 0, un_member = {tab_lock = {table = 0x0, locks = {prev = 0x0, next = 0x0}}, rec_lock = {space = 0, page_no = 0, n_bits = 0}}, type_mode = 0}}, rec_cached = 0, table_cached = 0, lock_heap = 0x55d74deda800, trx_locks = {count = 0, start = 0x0, end = 0x0, node = &ib_lock_t::trx_locks, init = 51966}, table_locks = std::vector of length 0, capacity 1, evicted_tables = {count = 0, start = 0x0, end = 0x0, node = &dict_table_t::table_LRU, init = 51966}, cancel = false, n_rec_locks = 0}, is_recovered = false, op_info = 0x55d74b71bc64 "inserting", isolation_level = 2, check_foreigns = true, is_registered = true, active_commit_ordered = false, check_unique_secondary = true, flush_log_later = false, must_flush_log_later = false, duplicates = 0, dict_operation = TRX_DICT_OP_NONE, declared_to_be_inside_innodb = false, n_tickets_to_enter_innodb = 0, dict_operation_lock_mode = 0, start_time = 1647246349, start_time_micro = 1647246349812808, commit_lsn = 0, table_id = 0, mysql_thd = 0x14da1c000d90, mysql_log_file_name = 0x0, mysql_log_offset = 0, n_mysql_tables_in_use = 1, mysql_n_tables_locked = 1, trx_list = {prev = 0x0, next = 0x14da658dd018}, error_state = DB_SUCCESS, error_info = 0x0, error_key_num = 18446744073709551615, graph = 0x0, trx_savepoints = {count = 0, start = 0x0, end = 0x0, node = &trx_named_savept_t::trx_savepoints, init = 51966}, undo_no = 32, last_sql_stat_start = {least_undo_no = 0}, rsegs = {m_redo = {rseg = 0x55d74ed2c380, undo = 0x0}, m_noredo = {rseg = 0x55d74ea52bc0, undo = 0x14da1c0ea650}}, roll_limit = 0, in_rollback = false, pages_undone = 0, n_autoinc_rows = 0, autoinc_locks = 0x14da1c020de0, read_only = false, auto_commit = false, will_lock = true, fts_trx = 0x0, fts_next_doc_id = 0, flush_tables = 0, ddl = false, internal = false, start_line = 1371, start_file = 0x55d74b71c198 "/test/10.4_dbg/storage/innobase/row/row0mysql.cc", xid = 0x55d74deda650, mod_tables = std::map with 0 elements, detailed_error = 0x55d74deda6f0 "", flush_observer = 0x0, wsrep_event = 0x0, rw_trx_hash_element = 0x14da1c021f40, rw_trx_hash_pins = 0x55d74ed3af88, magic_n = 91118598}) at /test/10.4_dbg/storage/innobase/dict/dict0stats_bg.cc:226
|
#12 0x000055d74afe951b in row_insert_for_mysql (mysql_rec=mysql_rec@entry=0x14da1c079ca0 <incomplete sequence \371>, prebuilt=0x14da1c07bc10, ins_mode=ROW_INS_NORMAL) at /test/10.4_dbg/storage/innobase/row/row0mysql.cc:1499
|
#13 0x000055d74ae49548 in ha_innobase::write_row (this=0x14da1c07b418, record=0x14da1c079ca0 <incomplete sequence \371>) at /test/10.4_dbg/storage/innobase/handler/ha_innodb.cc:8180
|
#14 0x000055d74aa98303 in handler::ha_write_row (this=0x14da1c07b418, buf=0x14da1c079ca0 <incomplete sequence \371>) at /test/10.4_dbg/sql/handler.cc:6774
|
#15 0x000055d74a78aa8b in write_record (thd=0x14da1c000d90, table=0x14da1c07a5b0, info=info@entry=0x14da1c015070) at /test/10.4_dbg/sql/sql_insert.cc:2072
|
#16 0x000055d74a78af79 in select_insert::send_data (this=0x14da1c015028, values=<optimized out>) at /test/10.4_dbg/sql/sql_insert.cc:3973
|
#17 0x000055d74a83a94d in end_send (join=0x14da1c0150d8, join_tab=0x14da1c0166d8, end_of_records=<optimized out>) at /test/10.4_dbg/sql/sql_select.cc:21823
|
#18 0x000055d74a80b6a1 in evaluate_join_record (join=join@entry=0x14da1c0150d8, join_tab=join_tab@entry=0x14da1c016330, error=error@entry=0) at /test/10.4_dbg/sql/sql_select.cc:20855
|
#19 0x000055d74a821835 in sub_select (join=0x14da1c0150d8, join_tab=0x14da1c016330, end_of_records=<optimized out>) at /test/10.4_dbg/sql/sql_select.cc:20667
|
#20 0x000055d74a857df4 in do_select (procedure=0x0, join=0x14da1c0150d8) at /test/10.4_dbg/sql/sql_select.cc:20164
|
#21 JOIN::exec_inner (this=this@entry=0x14da1c0150d8) at /test/10.4_dbg/sql/sql_select.cc:4542
|
#22 0x000055d74a858338 in JOIN::exec (this=this@entry=0x14da1c0150d8) at /test/10.4_dbg/sql/sql_select.cc:4324
|
#23 0x000055d74a856474 in mysql_select (thd=thd@entry=0x14da1c000d90, tables=0x14da1c0140a0, wild_num=0, fields=@0x14da1c013b50: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14da1c013f20, last = 0x14da1c014048, elements = 2}, <No data fields>}, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x14da1c015028, unit=0x14da1c004cc0, select_lex=0x14da1c013a08) at /test/10.4_dbg/sql/sql_select.cc:4763
|
#24 0x000055d74a85679c in handle_select (thd=thd@entry=0x14da1c000d90, lex=lex@entry=0x14da1c004c00, result=result@entry=0x14da1c015028, setup_tables_done_option=setup_tables_done_option@entry=1073741824) at /test/10.4_dbg/sql/sql_select.cc:436
|
#25 0x000055d74a7d249e in mysql_execute_command (thd=thd@entry=0x14da1c000d90) at /test/10.4_dbg/sql/sql_parse.cc:4712
|
#26 0x000055d74a7d9c77 in mysql_parse (thd=thd@entry=0x14da1c000d90, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14da64070490, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.4_dbg/sql/sql_parse.cc:7995
|
#27 0x000055d74a7dc6d3 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14da1c000d90, packet=packet@entry=0x14da1c01a361 "INSERT INTO t1 SELECT '', SEQ FROM seq_1_to_258", packet_length=packet_length@entry=47, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.4_dbg/sql/sql_class.h:1201
|
#28 0x000055d74a7dffc6 in do_command (thd=0x14da1c000d90) at /test/10.4_dbg/sql/sql_parse.cc:1373
|
#29 0x000055d74a91f319 in do_handle_one_connection (connect=connect@entry=0x55d74eb68150) at /test/10.4_dbg/sql/sql_connect.cc:1420
|
#30 0x000055d74a91f438 in handle_one_connection (arg=0x55d74eb68150) at /test/10.4_dbg/sql/sql_connect.cc:1316
|
#31 0x000014da7ae3b609 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
#32 0x000014da7aa27163 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
However, one stack which with some frequency (seemingly especially when CLI copy/paste is used and the testcase is pasted once or twice in succession) and consistency appears is this one:
|
10.4.25 f5ff7d09c73b5527cb6e0540cd470db9d8a82108 (Debug) |
Core was generated by `/test/MD260222-mariadb-10.4.25-linux-x86_64-dbg/bin/mysqld --no-defaults --core'.
|
Program terminated with signal SIGABRT, Aborted.
|
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
|
[Current thread is 1 (Thread 0x14c580101700 (LWP 2115944))]
|
(gdb) bt
|
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
|
#1 0x000014c595dbb859 in __GI_abort () at abort.c:79
|
#2 0x000014c595e2629e in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x14c595f50298 "%s\n") at ../sysdeps/posix/libc_fatal.c:155
|
#3 0x000014c595e2e32c in malloc_printerr (str=str@entry=0x14c595f4e569 "malloc(): corrupted top size") at malloc.c:5347
|
#4 0x000014c595e316ea in _int_malloc (av=av@entry=0x14c52c000020, bytes=bytes@entry=2124) at malloc.c:4107
|
#5 0x000014c595e332c9 in __GI___libc_malloc (bytes=bytes@entry=2124) at malloc.c:3066
|
#6 0x000055de92ae2c80 in sf_malloc (size=size@entry=2008, my_flags=my_flags@entry=69648) at /test/10.4_dbg/mysys/safemalloc.c:118
|
#7 0x000055de92ad3a59 in my_malloc (size=size@entry=2008, my_flags=69648) at /test/10.4_dbg/mysys/my_malloc.c:101
|
#8 0x000055de92ac9b41 in alloc_root (mem_root=mem_root@entry=0x14c52c0069f0, length=length@entry=400) at /test/10.4_dbg/mysys/my_alloc.c:251
|
#9 0x000055de91f2fd8f in Sql_alloc::operator new (mem_root=0x14c52c0069f0, size=400) at /test/10.4_dbg/sql/sql_alloc.h:39
|
#10 Warning_info::push_warning (this=0x14c52c0069f0, thd=thd@entry=0x14c52c000d90, value=value@entry=0x14c5800fa9e0, msg=msg@entry=0x14c5800faaf0 "Error reading file '' (Errcode: 14 \"Bad address\")") at /test/10.4_dbg/sql/sql_error.cc:664
|
#11 0x000055de91f0f412 in Diagnostics_area::push_warning (msg=0x14c5800faaf0 "Error reading file '' (Errcode: 14 \"Bad address\")", ucid=@0x14c5800faa48: {m_user_condition_value = 0x0}, level=<optimized out>, sqlstate=0x55de92c75ab8 "HY000", sql_errno_arg=2, thd=0x14c52c000d90, this=0x14c52c0067b0) at /test/10.4_dbg/sql/sql_plist.h:132
|
#12 THD::raise_condition (this=this@entry=0x14c52c000d90, sql_errno=sql_errno@entry=2, sqlstate=0x55de92c75ab8 "HY000", sqlstate@entry=0x0, level=<optimized out>, ucid=@0x14c5800faa48: {m_user_condition_value = 0x0}, msg=msg@entry=0x14c5800faaf0 "Error reading file '' (Errcode: 14 \"Bad address\")") at /test/10.4_dbg/sql/sql_class.cc:1107
|
#13 0x000055de91e678d0 in THD::raise_condition (msg=0x14c5800faaf0 "Error reading file '' (Errcode: 14 \"Bad address\")", level=<optimized out>, sqlstate=0x0, sql_errno=2, this=0x14c52c000d90) at /test/10.4_dbg/sql/sql_error.h:217
|
#14 my_message_sql (error=2, str=0x14c5800faaf0 "Error reading file '' (Errcode: 14 \"Bad address\")", MyFlags=4) at /test/10.4_dbg/sql/mysqld.cc:3350
|
#15 0x000055de92acd24e in my_error (nr=nr@entry=2, MyFlags=MyFlags@entry=4) at /test/10.4_dbg/mysys/my_error.c:125
|
#16 0x000055de92ad4a80 in my_pread (Filedes=Filedes@entry=52, Buffer=0x14c52c0eb000 <error: Cannot access memory at address 0x14c52c0eb000>, Buffer@entry=0x14c52c0eaff5 "\006", Count=3, Count@entry=14, offset=1981, offset@entry=1970, MyFlags=MyFlags@entry=532) at /test/10.4_dbg/mysys/my_pread.c:100
|
#17 0x000055de92abb457 in inline_mysql_file_pread (flags=532, offset=1970, count=14, buffer=0x14c52c0eaff5 "\006", file=52, src_line=198, src_file=0x55de92f22d18 "/test/10.4_dbg/mysys/mf_iocache2.c") at /test/10.4_dbg/include/mysql/psi/mysql_file.h:1224
|
#18 my_b_pread (info=info@entry=0x14c52c0e8e38, Buffer=Buffer@entry=0x14c52c0eaff5 "\006", Count=14, pos=1970) at /test/10.4_dbg/mysys/mf_iocache2.c:198
|
#19 0x000055de92533a05 in read_to_buffer_varlen (fromfile=0x14c52c0e8e38, buffpek=0x14c530001da0, sort_length=15) at /test/10.4_dbg/storage/maria/ma_sort.c:955
|
#20 0x000055de92533c5e in merge_buffers (info=info@entry=0x14c52c0e8cc0, keys=keys@entry=1229782938247303441, from_file=from_file@entry=0x14c52c0e8e38, to_file=to_file@entry=0x0, sort_keys=sort_keys@entry=0x14c52c0ea8c0, lastbuff=lastbuff@entry=0x14c530001da0, Fb=0x14c530001da0, Tb=0x14c530001dd0) at /test/10.4_dbg/storage/maria/ma_sort.c:1036
|
#21 0x000055de9253441c in merge_index (info=info@entry=0x14c52c0e8cc0, keys=keys@entry=1229782938247303441, sort_keys=sort_keys@entry=0x14c52c0ea8c0, buffpek=0x14c530001da0, maxbuffer=1, tempfile=tempfile@entry=0x14c52c0e8e38) at /test/10.4_dbg/storage/maria/ma_sort.c:1146
|
#22 0x000055de92536078 in _ma_thr_write_keys (sort_param=sort_param@entry=0x14c52c0e8cc0) at /test/10.4_dbg/storage/maria/ma_sort.c:664
|
#23 0x000055de9252b4c0 in maria_repair_parallel (param=param@entry=0x14c52c08fac8, info=0x14c52c0896a0, name=name@entry=0x14c5800fceb0 "/test/MD260222-mariadb-10.4.25-linux-x86_64-dbg/data/#sql_204942_0", rep_quick=1 '\001') at /test/10.4_dbg/storage/maria/ma_check.c:4541
|
#24 0x000055de924b0804 in ha_maria::repair (this=this@entry=0x14c52c087d78, thd=thd@entry=0x14c52c000d90, param=param@entry=0x14c52c08fac8, do_optimize=do_optimize@entry=false) at /test/10.4_dbg/storage/maria/ha_maria.cc:1648
|
#25 0x000055de924b1666 in ha_maria::enable_indexes (this=0x14c52c087d78, mode=<optimized out>) at /test/10.4_dbg/storage/maria/ha_maria.cc:2021
|
#26 0x000055de924aa59d in ha_maria::end_bulk_insert (this=0x14c52c087d78) at /test/10.4_dbg/storage/maria/ha_maria.cc:2259
|
#27 0x000055de9224146a in handler::ha_end_bulk_insert (this=0x14c52c087d78) at /test/10.4_dbg/sql/handler.cc:4444
|
#28 0x000055de91fd93d9 in create_internal_tmp_table_from_heap (thd=0x14c52c000d90, table=table@entry=0x14c52c081f78, start_recinfo=<optimized out>, recinfo=<optimized out>, error=error@entry=135, ignore_last_dupp_key_error=ignore_last_dupp_key_error@entry=true, is_duplicate=0x0) at /test/10.4_dbg/sql/sql_select.cc:19836
|
#29 0x000055de9206f4cb in multi_update::send_data (this=0x14c52c015528, not_used_values=<optimized out>) at /test/10.4_dbg/sql/sql_update.cc:2656
|
#30 0x000055de91fe894d in end_send (join=0x14c52c015638, join_tab=0x14c52c07ed30, end_of_records=<optimized out>) at /test/10.4_dbg/sql/sql_select.cc:21823
|
#31 0x000055de91fb96a1 in evaluate_join_record (join=join@entry=0x14c52c015638, join_tab=join_tab@entry=0x14c52c07e988, error=error@entry=0) at /test/10.4_dbg/sql/sql_select.cc:20855
|
#32 0x000055de91fcf835 in sub_select (join=0x14c52c015638, join_tab=0x14c52c07e988, end_of_records=<optimized out>) at /test/10.4_dbg/sql/sql_select.cc:20667
|
#33 0x000055de92005df4 in do_select (procedure=0x0, join=0x14c52c015638) at /test/10.4_dbg/sql/sql_select.cc:20164
|
#34 JOIN::exec_inner (this=this@entry=0x14c52c015638) at /test/10.4_dbg/sql/sql_select.cc:4542
|
#35 0x000055de92006338 in JOIN::exec (this=this@entry=0x14c52c015638) at /test/10.4_dbg/sql/sql_select.cc:4324
|
#36 0x000055de92004474 in mysql_select (thd=thd@entry=0x14c52c000d90, tables=tables@entry=0x14c52c013338, wild_num=0, fields=@0x14c5800fea60: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x55de93555ca0 <end_of_list>, last = 0x14c5800fea60, elements = 0}, <No data fields>}, conds=conds@entry=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x14c52c015528, unit=0x14c52c004cc0, select_lex=0x14c52c0054c8) at /test/10.4_dbg/sql/sql_select.cc:4763
|
#37 0x000055de92070b2e in mysql_multi_update (thd=thd@entry=0x14c52c000d90, table_list=0x14c52c013338, fields=fields@entry=0x14c52c005610, values=values@entry=0x14c52c005bb8, conds=0x0, options=0, handle_duplicates=DUP_ERROR, ignore=false, unit=0x14c52c004cc0, select_lex=0x14c52c0054c8, result=0x14c5800fecc0) at /test/10.4_dbg/sql/sql_update.cc:1961
|
#38 0x000055de91f7fa66 in mysql_execute_command (thd=thd@entry=0x14c52c000d90) at /test/10.4_dbg/sql/sql_parse.cc:4515
|
#39 0x000055de91f87c77 in mysql_parse (thd=thd@entry=0x14c52c000d90, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14c580100490, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.4_dbg/sql/sql_parse.cc:7995
|
#40 0x000055de91f8a6d3 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14c52c000d90, packet=packet@entry=0x14c52c01a361 "UPDATE t1 SET a=( (SELECT MAX(a) FROM t1))", packet_length=packet_length@entry=42, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.4_dbg/sql/sql_class.h:1201
|
#41 0x000055de91f8dfc6 in do_command (thd=0x14c52c000d90) at /test/10.4_dbg/sql/sql_parse.cc:1373
|
#42 0x000055de920cd319 in do_handle_one_connection (connect=connect@entry=0x55de969a7150) at /test/10.4_dbg/sql/sql_connect.cc:1420
|
#43 0x000055de920cd438 in handle_one_connection (arg=0x55de969a7150) at /test/10.4_dbg/sql/sql_connect.cc:1316
|
#44 0x000014c5962cc609 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
#45 0x000014c595eb8163 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
It likely highlights the memory issue. This testcase was originally discovered in the MDEV-25440 tree. I am trying to simplify the testcase further, however I wanted to include the longer version above as well for future testing.
Attachments
Activity
This issue also affects 10.5 to 10.9, but in a different way. Using the reduced testcase, the UPDATE takes a long time in 'sending data':
|
10.9.0 4a2a9c02cd6611ef36bbb735c2b483dbc83580d4 (Debug) |
10.9.0-dbg>show processlist;
|
+----+------+-----------+------+---------+------+--------------+----------------------------------------+----------+
|
| Id | User | Host | db | Command | Time | State | Info | Progress |
|
+----+------+-----------+------+---------+------+--------------+----------------------------------------+----------+
|
| 4 | root | localhost | test | Query | 13 | Sending data | UPDATE t SET a=((SELECT MAX(a)FROM t)) | 0.000 |
|
| 16 | root | localhost | test | Query | 0 | starting | show processlist | 0.000 |
|
+----+------+-----------+------+---------+------+--------------+----------------------------------------+----------+
|
2 rows in set (0.000 sec)
|
...
|
10.9.0-dbg>show processlist;
|
+----+------+-----------+------+---------+------+---------------------------+----------------------------------------+----------+
|
| Id | User | Host | db | Command | Time | State | Info | Progress |
|
+----+------+-----------+------+---------+------+---------------------------+----------------------------------------+----------+
|
| 4 | root | localhost | test | Query | 14 | Updating reference tables | UPDATE t SET a=((SELECT MAX(a)FROM t)) | 0.000 |
|
| 16 | root | localhost | test | Query | 0 | starting | show processlist | 0.000 |
|
+----+------+-----------+------+---------+------+---------------------------+----------------------------------------+----------+
|
2 rows in set (0.000 sec)
|
This happens for 10.5 to 10.9, on both optimized and debug builds.
It could be that the secondary (10.5-10.9) issue is a different bug/regression altogether.
It could also be that the secondary issue is present in 10.3 to 10.9 but that 10.3 and 10.4 have an additional masking crash.
Given the memory overwrite or similar, as expected, all sorts of stacks, including some InnoDB ones, can be seen.
|
10.3.35 9ba385a50d0cd611fce61462fc3e03e82b1ffee9 (Debug) |
Core was generated by `/test/MD260222-mariadb-10.3.35-linux-x86_64-dbg/bin/mysqld --no-defaults --core'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 0x000055ac8abcc765 in row_sel_store_mysql_rec (
|
mysql_rec=mysql_rec@entry=0x14fa2c027e30 <incomplete sequence \371>,
|
prebuilt=prebuilt@entry=0x14fa2c02ba20, rec=rec@entry=0x14fa684ce0a8 "",
|
vrow=0x0, rec_clust=rec_clust@entry=false,
|
index=index@entry=0x14fa2c029c60, offsets=0x14fa740d3d30)
|
at /test/10.3_dbg/storage/innobase/row/row0sel.cc:3163
|
[Current thread is 1 (Thread 0x14fa740d7700 (LWP 43994))]
|
(gdb) bt
|
#0 0x000055ac8abcc765 in row_sel_store_mysql_rec (mysql_rec=mysql_rec@entry=0x14fa2c027e30 <incomplete sequence \371>, prebuilt=prebuilt@entry=0x14fa2c02ba20, rec=rec@entry=0x14fa684ce0a8 "", vrow=0x0, rec_clust=rec_clust@entry=false, index=index@entry=0x14fa2c029c60, offsets=0x14fa740d3d30) at /test/10.3_dbg/storage/innobase/row/row0sel.cc:3163
|
#1 0x000055ac8abd8b3c in row_search_mvcc (buf=buf@entry=0x14fa2c027e30 <incomplete sequence \371>, mode=<optimized out>, mode@entry=PAGE_CUR_UNSUPP, prebuilt=0x14fa2c02ba20, match_mode=match_mode@entry=0, direction=direction@entry=1) at /test/10.3_dbg/storage/innobase/row/row0sel.cc:5596
|
#2 0x000055ac8a9fa06a in ha_innobase::general_fetch (this=this@entry=0x14fa2c02b278, buf=buf@entry=0x14fa2c027e30 <incomplete sequence \371>, direction=direction@entry=1, match_mode=match_mode@entry=0) at /test/10.3_dbg/storage/innobase/handler/ha_innodb.cc:9696
|
#3 0x000055ac8a9fa57e in ha_innobase::rnd_next (this=0x14fa2c02b278, buf=0x14fa2c027e30 <incomplete sequence \371>) at /test/10.3_dbg/storage/innobase/handler/ha_innodb.cc:9906
|
#4 0x000055ac8a7d27f2 in handler::ha_rnd_next (this=0x14fa2c02b278, buf=0x14fa2c027e30 <incomplete sequence \371>) at /test/10.3_dbg/sql/handler.cc:2847
|
#5 0x000055ac8a96affa in rr_sequential (info=0x14fa2c041b70) at /test/10.3_dbg/sql/records.h:71
|
#6 0x000055ac8a587159 in READ_RECORD::read_record (this=0x14fa2c041b70) at /test/10.3_dbg/sql/records.h:70
|
#7 sub_select (join=0x14fa2c0137d0, join_tab=0x14fa2c041aa8, end_of_records=<optimized out>) at /test/10.3_dbg/sql/sql_select.cc:19900
|
#8 0x000055ac8a5b84b8 in do_select (procedure=<optimized out>, join=0x14fa2c0137d0) at /test/10.3_dbg/sql/sql_select.cc:19419
|
#9 JOIN::exec_inner (this=this@entry=0x14fa2c0137d0) at /test/10.3_dbg/sql/sql_select.cc:4150
|
#10 0x000055ac8a5b88b4 in JOIN::exec (this=this@entry=0x14fa2c0137d0) at /test/10.3_dbg/sql/sql_select.cc:3944
|
#11 0x000055ac8a5b92fc in mysql_select (thd=thd@entry=0x14fa2c000d90, tables=tables@entry=0x14fa2c011668, wild_num=0, fields=@0x14fa740d4c20: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x55ac8b927100 <end_of_list>, last = 0x14fa740d4c20, elements = 0}, <No data fields>}, conds=conds@entry=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=1342177408, result=0x14fa2c0136c0, unit=0x14fa2c004c40, select_lex=0x14fa2c0053d8) at /test/10.3_dbg/sql/sql_select.cc:4353
|
#12 0x000055ac8a61e739 in mysql_multi_update (thd=thd@entry=0x14fa2c000d90, table_list=0x14fa2c011668, fields=fields@entry=0x14fa2c005500, values=values@entry=0x14fa2c005a30, conds=0x0, options=0, handle_duplicates=DUP_ERROR, ignore=false, unit=0x14fa2c004c40, select_lex=0x14fa2c0053d8, result=0x14fa740d4e50) at /test/10.3_dbg/sql/sql_update.cc:1823
|
#13 0x000055ac8a53e18a in mysql_execute_command (thd=thd@entry=0x14fa2c000d90) at /test/10.3_dbg/sql/sql_parse.cc:4419
|
#14 0x000055ac8a545a3c in mysql_parse (thd=thd@entry=0x14fa2c000d90, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14fa740d6530, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.3_dbg/sql/sql_parse.cc:7870
|
#15 0x000055ac8a5481ad in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14fa2c000d90, packet=packet@entry=0x14fa2c0198f1 "UPDATE t SET a=((SELECT MAX(a)FROM t))", packet_length=packet_length@entry=38, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.3_dbg/sql/sql_class.h:1152
|
#16 0x000055ac8a54b33d in do_command (thd=0x14fa2c000d90) at /test/10.3_dbg/sql/sql_parse.cc:1398
|
#17 0x000055ac8a6734f3 in do_handle_one_connection (connect=connect@entry=0x55ac8d6b3770) at /test/10.3_dbg/sql/sql_connect.cc:1403
|
#18 0x000055ac8a67372a in handle_one_connection (arg=0x55ac8d6b3770) at /test/10.3_dbg/sql/sql_connect.cc:1308
|
#19 0x000014fa8b357609 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
#20 0x000014fa8b27c163 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
|
10.3.35 9ba385a50d0cd611fce61462fc3e03e82b1ffee9 (Optimized) |
Core was generated by `/test/MD260222-mariadb-10.3.35-linux-x86_64-opt/bin/mysqld --no-defaults --core'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 ha_innobase::change_active_index (this=0x14ae440252b0, keynr=64)
|
at /test/10.3_opt/storage/innobase/handler/ha_innodb.cc:9585
|
[Current thread is 1 (Thread 0x14aea406f700 (LWP 43589))]
|
(gdb) bt
|
#0 ha_innobase::change_active_index (this=0x14ae440252b0, keynr=64) at /test/10.3_opt/storage/innobase/handler/ha_innodb.cc:9585
|
#1 0x000055b7f4025d8e in ha_innobase::rnd_init (this=0x14ae440252b0, scan=<optimized out>) at /test/10.3_opt/storage/innobase/handler/ha_innodb.cc:9854
|
#2 0x000055b7f3d28298 in handler::ha_rnd_init (scan=false, this=0x14ae440252b0) at /test/10.3_opt/sql/handler.h:3137
|
#3 multi_update::do_updates (this=this@entry=0x14ae440117b8) at /test/10.3_opt/sql/sql_update.cc:2643
|
#4 0x000055b7f3d2902b in multi_update::send_eof (this=0x14ae440117b8) at /test/10.3_opt/sql/sql_update.cc:2935
|
#5 0x000055b7f3cd6dc7 in do_select (procedure=<optimized out>, join=0x14ae440118c8) at /test/10.3_opt/sql/sql_select.cc:19474
|
#6 JOIN::exec_inner (this=0x14ae440118c8) at /test/10.3_opt/sql/sql_select.cc:4150
|
#7 0x000055b7f3cd7086 in JOIN::exec (this=this@entry=0x14ae440118c8) at /test/10.3_opt/sql/sql_select.cc:3944
|
#8 0x000055b7f3cd7222 in mysql_select (thd=thd@entry=0x14ae44000c48, tables=tables@entry=0x14ae4400f760, wild_num=0, fields=@0x14aea406cc90: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x55b7f4bb5d40 <end_of_list>, last = 0x14aea406cc90, elements = 0}, <No data fields>}, conds=conds@entry=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x14ae440117b8, unit=0x14ae44004938, select_lex=0x14ae440050d0) at /test/10.3_opt/sql/sql_select.cc:4353
|
#9 0x000055b7f3d28085 in mysql_multi_update (thd=thd@entry=0x14ae44000c48, table_list=0x14ae4400f760, fields=fields@entry=0x14ae440051f8, values=values@entry=0x14ae44005728, conds=0x0, options=0, handle_duplicates=DUP_ERROR, ignore=false, unit=0x14ae44004938, select_lex=0x14ae440050d0, result=0x14aea406ce60) at /test/10.3_opt/sql/sql_update.cc:1823
|
#10 0x000055b7f3c723ed in mysql_execute_command (thd=<optimized out>) at /test/10.3_opt/sql/sql_parse.cc:4419
|
#11 0x000055b7f3c785c7 in mysql_parse (thd=0x14ae44000c48, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /test/10.3_opt/sql/sql_parse.cc:7870
|
#12 0x000055b7f3c7a965 in dispatch_command (command=COM_QUERY, thd=0x14ae44000c48, packet=<optimized out>, packet_length=<optimized out>, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /test/10.3_opt/sql/sql_class.h:1152
|
#13 0x000055b7f3c7c94d in do_command (thd=0x14ae44000c48) at /test/10.3_opt/sql/sql_parse.cc:1398
|
#14 0x000055b7f3d650e6 in do_handle_one_connection (connect=connect@entry=0x55b7f6153ca8) at /test/10.3_opt/sql/sql_connect.cc:1403
|
#15 0x000055b7f3d652bf in handle_one_connection (arg=0x55b7f6153ca8) at /test/10.3_opt/sql/sql_connect.cc:1308
|
#16 0x000014aea7174609 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
#17 0x000014aea7099163 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
This bug affects testing (time lost for each new occurrence) as new stacks appear as a result of the same issue.
The bug here happens because on sets
SET SESSION aria_sort_buffer_size=CAST(-1 AS UNSIGNED INT);
Which sets it's to 18446744073709551615
You should only do that if you really have that much memory available!
I have a fix for the crash, but still setting a sort buffer to more memory than you have in your machine can always cause a crash as any other thread who want's to allocate memory may not get it!
The cause of the crash was that test was setting
aria_sort_buffer_size to MAX_LONG_LONG, which caused an overflow in
my_malloc() when trying to allocate the buffer + 8 bytes.
Fixed by reducing max size of sort_buffer for Aria and MyISAM
Reduced testcase. May be lightly sporadic. Crash affects 10.3 and 10.4 only. Ref below for other effects on 10.5-10.9
Some UniqueID's seen with this testcase:
SIGABRT|__libc_message|malloc_printerr|_int_malloc|__GI___libc_mallocSIGSEGV|__memset_avx2_erms|memset|sort_insert_key|sort_key_writeSIGSEGV|_int_malloc|__GI___libc_malloc|my_malloc|alloc_root