[MDEV-32606] Server crash when querying InnoDB table - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Duplicate
Affects Version/s: 10.4(EOL), 10.5, 10.6, 10.9(EOL), 10.10(EOL), 10.11, 11.0(EOL), 11.1(EOL), 11.2(EOL)
Fix Version/s: N/A
Component/s: Storage Engine - InnoDB
Labels:
None

Description

CREATE TABLE v0 ( v1 NUMERIC NOT NULL PRIMARY KEY , v2 TINYTEXT ) Engine = InnoDB ;

INSERT INTO v0 VALUES ( 88 , 50 ) ;

UPDATE v0 SET v1 = 63 WHERE v1 = 255 ;

UPDATE v0 SET v2 = 39 WHERE v1 = NULL ;

UPDATE v0 SET v1 = 0 WHERE v1 = 0 OR v1 = 16 ;

UPDATE v0 SET v1 = 18 WHERE v2 = 50 ;

SELECT * FROM v0 ORDER BY - v1 , v2 DESC , ( SELECT v1 AS v3 GROUP BY v2 LIMIT 8 OFFSET 24 ) ASC ;

SELECT * FROM v0 ORDER BY v1 ;

SELECT v2 , v2 , v1 FROM v0 JOIN v0 ON v1 = v2 ORDER BY v1 ;

DROP TABLE v0 ; , t2 , t3

When replace the engine with MYISAM, the crash will not happen.

Stack Trace:
Attempting backtrace. You can use the following information to find out
where mysqld died. If you see no messages after this, something went
terribly wrong...
stack_bottom = 0x7f7b05b34880 thread_stack 0x5fc00
/usr/local/mysql/bin/mariadbd(__interceptor_backtrace+0x5b)[0x781b5b]
mysys/stacktrace.c:215(my_print_stacktrace)[0x228cfae]
sql/signal_handler.cc:0(handle_fatal_signal)[0x12bd0d2]
sigaction.c:0(__restore_rt)[0x7f7b298cb420]
addr2line: DWARF error: section .debug_info is larger than its filesize! (0x93ef57 vs 0x530f28)
/lib/x86_64-linux-gnu/libc.so.6(memcpy+0x1b)[0x7f7b29573aeb]
/usr/local/mysql/bin/mariadbd(__asan_memcpy+0x2a8)[0x7c27b8]
sql/my_decimal.h:134(my_decimal::operator=(my_decimal const&))[0x16fda2f]
/usr/local/mysql/bin/mariadbd(_ZNK27Type_handler_decimal_result25make_packed_sort_key_partEPhP4ItemPK15SORT_FIELD_ATTRP6String+0x213)[0x12b9e83]
sql/filesort.cc:3012(make_packed_sortkey(Sort_param*, unsigned char*))[0x12b15cd]
sql/sql_sort.h:706(Sort_param::is_packed_format() const)[0x12ae16b]
sql/sql_select.cc:26909(create_sort_index(THD*, JOIN*, st_join_table*, Filesort*))[0xca6c82]
/usr/local/mysql/bin/mariadbd(_Z21join_init_read_recordP13st_join_table+0x2d5)[0xc41765]
sql/sql_select.cc:23501(sub_select(JOIN*, st_join_table*, bool))[0xbe6b87]
/usr/local/mysql/bin/mariadbd(_ZN4JOIN10exec_innerEv+0x2681)[0xc48751]
sql/sql_select.cc:4721(JOIN::exec())[0xc45f19]
sql/sql_select.cc:5251(mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0xbe89b8]
sql/sql_select.cc:628(handle_select(THD*, LEX*, select_result*, unsigned long long))[0xbe7e59]
sql/sql_parse.cc:6041(execute_sqlcom_select(THD*, TABLE_LIST*))[0xb41bc6]
/usr/local/mysql/bin/mariadbd(_Z21mysql_execute_commandP3THDb+0x18b7)[0xb319a7]
sql/sql_class.h:2830(THD::enter_stage(PSI_stage_info_v1 const*, char const*, char const*, unsigned int))[0xb24c79]
/usr/local/mysql/bin/mariadbd(_Z16dispatch_command19enum_server_commandP3THDPcjb+0x2cf8)[0xb1e648]
sql/sql_parse.cc:1407(do_command(THD*, bool))[0xb25971]
sql/sql_connect.cc:1416(do_handle_one_connection(CONNECT*, bool))[0xf0d066]
sql/sql_connect.cc:1322(handle_one_connection)[0xf0caa9]
perfschema/pfs.cc:2203(pfs_spawn_thread)[0x19d710b]
nptl/pthread_create.c:478(start_thread)[0x7f7b298bf609]
addr2line: DWARF error: section .debug_info is larger than its filesize! (0x93ef57 vs 0x530f28)
/lib/x86_64-linux-gnu/libc.so.6(clone+0x43)[0x7f7b295d7133]

Attachments

Issue Links

duplicates

MDEV-32324 Server crashes inside filesort at my_decimal::to_binary

Closed

Activity

Alice Sherepa added a comment - 2023-10-31 14:29 - edited

Thanks! I repeated on 10.4-11.2, both with InnoDB and Myisam:
non-debug

Version: '10.4.31-MariaDB'

231031 15:02:51 [ERROR] mysqld got signal 11 ;

Server version: 10.4.31-MariaDB source revision: 2aea9387497cecb5668ef605b8f80886f9de812c

sql/signal_handler.cc:238(handle_fatal_signal)[0x5655256fd627]

sigaction.c:0(__restore_rt)[0x7fc36838c420]

sql/my_decimal.h:128(my_decimal::operator=(my_decimal const&))[0x5655258102b0]

sql/filesort.cc:1161(Type_handler_decimal_result::make_sort_key(unsigned char*, Item*, SORT_FIELD_ATTR const*, String*) const)[0x5655256fa39b]

sql/filesort.cc:1207(make_sortkey(Sort_param*, unsigned char*, unsigned char*))[0x5655256f98e9]

sql/filesort.cc:844(filesort(THD*, TABLE*, Filesort*, Filesort_tracker*, JOIN*, unsigned long long))[0x5655256fc812]

sql/sql_select.cc:24202(create_sort_index(THD*, JOIN*, st_join_table*, Filesort*))[0x56552553faa7]

sql/sql_select.cc:21878(st_join_table::sort_table())[0x56552553fdc6]

sql/sql_select.cc:21815(join_init_read_record(st_join_table*))[0x56552553fe41]

sql/sql_select.cc:20887(sub_select(JOIN*, st_join_table*, bool))[0x565525533b89]

sql/sql_select.cc:20413(JOIN::exec_inner())[0x565525563687]

sql/sql_select.cc:4388(JOIN::exec())[0x565525563953]

sql/sql_select.cc:4828(mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x5655255619f6]

sql/sql_select.cc:454(handle_select(THD*, LEX*, select_result*, unsigned long))[0x565525562577]

sql/sql_parse.cc:6474(execute_sqlcom_select(THD*, TABLE_LIST*))[0x5655253e5fa3]

sql/sql_parse.cc:3976(mysql_execute_command(THD*))[0x56552550545b]

sql/sql_parse.cc:8010(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x565525509e72]

sql/sql_parse.cc:1919(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x56552550cac2]

sql/sql_parse.cc:1379(do_command(THD*))[0x56552550dbe2]

sql/sql_connect.cc:1420(do_handle_one_connection(CONNECT*))[0x5655255f2602]

sql/sql_connect.cc:1326(handle_one_connection)[0x5655255f26ed]

nptl/pthread_create.c:478(start_thread)[0x7fc368380609]

Query (0x7fc2f8010300): SELECT * FROM v0 ORDER BY - v1 , v2 DESC , ( SELECT v1 AS v3 GROUP BY v2 LIMIT 8 OFFSET 24 ) ASC

CREATE TABLE t1 ( a decimal(10,0) NOT NULL PRIMARY KEY) ;

INSERT INTO t1 VALUES (1),(2),(3);

SELECT * FROM t1 ORDER BY  ( SELECT a LIMIT 8 OFFSET 24 ) ;

231031 15:24:45 [ERROR] mysqld got signal 11 ;

Server version: 10.5.23-MariaDB-debug-log source revision: b06ac9a8cd2146e89270cc2150d306d8ed1b33fb

sql/signal_handler.cc:241(handle_fatal_signal)[0x556690fa1dd8]

sigaction.c:0(__restore_rt)[0x7f8503bb4420]

sql/my_decimal.h:128(my_decimal::operator=(my_decimal const&))[0x556690d77a0f]

sql/my_decimal.h:342(my_decimal2decimal(my_decimal const*, my_decimal*))[0x556690d77c95]

sql/my_decimal.cc:206(my_decimal::to_binary(unsigned char*, int, int, unsigned int) const)[0x55669138dd1e]

sql/filesort.cc:1317(Type_handler_decimal_result::make_sort_key_part(unsigned char*, Item*, SORT_FIELD_ATTR const*, String*) const)[0x556690f90ff7]

sql/filesort.cc:3033(make_sortkey(Sort_param*, unsigned char*))[0x556690f9cc2b]

sql/filesort.cc:1348(make_sortkey(Sort_param*, unsigned char*, unsigned char*, bool))[0x556690f912c5]

sql/filesort.cc:966(find_all_keys(THD*, Sort_param*, SQL_SELECT*, SORT_INFO*, st_io_cache*, st_io_cache*, Bounded_queue<unsigned char, unsigned char>*, unsigned long long*))[0x556690f8e554]

sql/filesort.cc:352(filesort(THD*, TABLE*, Filesort*, Filesort_tracker*, JOIN*, unsigned long long))[0x556690f8990f]

sql/sql_select.cc:24502(create_sort_index(THD*, JOIN*, st_join_table*, Filesort*))[0x5566908e01f1]

sql/sql_select.cc:22180(st_join_table::sort_table())[0x5566908ce90b]

sql/sql_select.cc:22119(join_init_read_record(st_join_table*))[0x5566908cde0c]

sql/sql_select.cc:21174(sub_select(JOIN*, st_join_table*, bool))[0x5566908c7436]

sql/sql_select.cc:20696(do_select(JOIN*, Procedure*))[0x5566908c5366]

sql/sql_select.cc:4602(JOIN::exec_inner())[0x55669084f9ba]

sql/sql_select.cc:4383(JOIN::exec())[0x55669084cfc4]

sql/sql_select.cc:4861(mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x556690851409]

sql/sql_select.cc:450(handle_select(THD*, LEX*, select_result*, unsigned long))[0x5566908220bb]

sql/sql_parse.cc:6343(execute_sqlcom_select(THD*, TABLE_LIST*))[0x55669078764d]

sql/sql_parse.cc:4020(mysql_execute_command(THD*))[0x5566907763b2]

sql/sql_parse.cc:8120(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x5566907929bf]

sql/sql_parse.cc:1894(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x5566907683ed]

sql/sql_parse.cc:1375(do_command(THD*))[0x556690764d55]

sql/sql_connect.cc:1416(do_handle_one_connection(CONNECT*, bool))[0x556690bc39a3]

sql/sql_connect.cc:1320(handle_one_connection)[0x556690bc3307]

perfschema/pfs.cc:2203(pfs_spawn_thread)[0x55669184fb02]

nptl/pthread_create.c:478(start_thread)[0x7f8503ba8609]

Query (0x62b0000852a8): SELECT * FROM t1 ORDER BY  ( SELECT a LIMIT 8 OFFSET 24 )

fixed by 208ed0d8c6 commit (~~MDEV-32324~~)

Alice Sherepa added a comment - 2023-10-31 14:29 - edited Thanks! I repeated on 10.4-11.2, both with InnoDB and Myisam: non-debug Version: '10.4.31-MariaDB' 231031 15:02:51 [ERROR] mysqld got signal 11 ; Server version: 10.4.31-MariaDB source revision: 2aea9387497cecb5668ef605b8f80886f9de812c sql/signal_handler.cc:238(handle_fatal_signal)[0x5655256fd627] sigaction.c:0(__restore_rt)[0x7fc36838c420] sql/my_decimal.h:128(my_decimal::operator=(my_decimal const&))[0x5655258102b0] sql/filesort.cc:1161(Type_handler_decimal_result::make_sort_key(unsigned char*, Item*, SORT_FIELD_ATTR const*, String*) const)[0x5655256fa39b] sql/filesort.cc:1207(make_sortkey(Sort_param*, unsigned char*, unsigned char*))[0x5655256f98e9] sql/filesort.cc:844(filesort(THD*, TABLE*, Filesort*, Filesort_tracker*, JOIN*, unsigned long long))[0x5655256fc812] sql/sql_select.cc:24202(create_sort_index(THD*, JOIN*, st_join_table*, Filesort*))[0x56552553faa7] sql/sql_select.cc:21878(st_join_table::sort_table())[0x56552553fdc6] sql/sql_select.cc:21815(join_init_read_record(st_join_table*))[0x56552553fe41] sql/sql_select.cc:20887(sub_select(JOIN*, st_join_table*, bool))[0x565525533b89] sql/sql_select.cc:20413(JOIN::exec_inner())[0x565525563687] sql/sql_select.cc:4388(JOIN::exec())[0x565525563953] sql/sql_select.cc:4828(mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x5655255619f6] sql/sql_select.cc:454(handle_select(THD*, LEX*, select_result*, unsigned long))[0x565525562577] sql/sql_parse.cc:6474(execute_sqlcom_select(THD*, TABLE_LIST*))[0x5655253e5fa3] sql/sql_parse.cc:3976(mysql_execute_command(THD*))[0x56552550545b] sql/sql_parse.cc:8010(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x565525509e72] sql/sql_parse.cc:1919(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x56552550cac2] sql/sql_parse.cc:1379(do_command(THD*))[0x56552550dbe2] sql/sql_connect.cc:1420(do_handle_one_connection(CONNECT*))[0x5655255f2602] sql/sql_connect.cc:1326(handle_one_connection)[0x5655255f26ed] nptl/pthread_create.c:478(start_thread)[0x7fc368380609] Query (0x7fc2f8010300): SELECT * FROM v0 ORDER BY - v1 , v2 DESC , ( SELECT v1 AS v3 GROUP BY v2 LIMIT 8 OFFSET 24 ) ASC CREATE TABLE t1 ( a decimal (10,0) NOT NULL PRIMARY KEY ) ; INSERT INTO t1 VALUES (1),(2),(3); SELECT * FROM t1 ORDER BY ( SELECT a LIMIT 8 OFFSET 24 ) ; 231031 15:24:45 [ERROR] mysqld got signal 11 ; Server version: 10.5.23-MariaDB-debug-log source revision: b06ac9a8cd2146e89270cc2150d306d8ed1b33fb sql/signal_handler.cc:241(handle_fatal_signal)[0x556690fa1dd8] sigaction.c:0(__restore_rt)[0x7f8503bb4420] sql/my_decimal.h:128(my_decimal::operator=(my_decimal const&))[0x556690d77a0f] sql/my_decimal.h:342(my_decimal2decimal(my_decimal const*, my_decimal*))[0x556690d77c95] sql/my_decimal.cc:206(my_decimal::to_binary(unsigned char*, int, int, unsigned int) const)[0x55669138dd1e] sql/filesort.cc:1317(Type_handler_decimal_result::make_sort_key_part(unsigned char*, Item*, SORT_FIELD_ATTR const*, String*) const)[0x556690f90ff7] sql/filesort.cc:3033(make_sortkey(Sort_param*, unsigned char*))[0x556690f9cc2b] sql/filesort.cc:1348(make_sortkey(Sort_param*, unsigned char*, unsigned char*, bool))[0x556690f912c5] sql/filesort.cc:966(find_all_keys(THD*, Sort_param*, SQL_SELECT*, SORT_INFO*, st_io_cache*, st_io_cache*, Bounded_queue<unsigned char, unsigned char>*, unsigned long long*))[0x556690f8e554] sql/filesort.cc:352(filesort(THD*, TABLE*, Filesort*, Filesort_tracker*, JOIN*, unsigned long long))[0x556690f8990f] sql/sql_select.cc:24502(create_sort_index(THD*, JOIN*, st_join_table*, Filesort*))[0x5566908e01f1] sql/sql_select.cc:22180(st_join_table::sort_table())[0x5566908ce90b] sql/sql_select.cc:22119(join_init_read_record(st_join_table*))[0x5566908cde0c] sql/sql_select.cc:21174(sub_select(JOIN*, st_join_table*, bool))[0x5566908c7436] sql/sql_select.cc:20696(do_select(JOIN*, Procedure*))[0x5566908c5366] sql/sql_select.cc:4602(JOIN::exec_inner())[0x55669084f9ba] sql/sql_select.cc:4383(JOIN::exec())[0x55669084cfc4] sql/sql_select.cc:4861(mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x556690851409] sql/sql_select.cc:450(handle_select(THD*, LEX*, select_result*, unsigned long))[0x5566908220bb] sql/sql_parse.cc:6343(execute_sqlcom_select(THD*, TABLE_LIST*))[0x55669078764d] sql/sql_parse.cc:4020(mysql_execute_command(THD*))[0x5566907763b2] sql/sql_parse.cc:8120(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x5566907929bf] sql/sql_parse.cc:1894(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x5566907683ed] sql/sql_parse.cc:1375(do_command(THD*))[0x556690764d55] sql/sql_connect.cc:1416(do_handle_one_connection(CONNECT*, bool))[0x556690bc39a3] sql/sql_connect.cc:1320(handle_one_connection)[0x556690bc3307] perfschema/pfs.cc:2203(pfs_spawn_thread)[0x55669184fb02] nptl/pthread_create.c:478(start_thread)[0x7f8503ba8609] Query (0x62b0000852a8): SELECT * FROM t1 ORDER BY ( SELECT a LIMIT 8 OFFSET 24 ) fixed by 208ed0d8c6 commit ( MDEV-32324 )

MariaDB Server

Server crash when querying InnoDB table

Details

Description

Attachments

Issue Links

Activity

People

Dates

Git Integration