[MDEV-33562] Assertion `(old_flags & 1) == ((my_flags & 0x10000U) ? 1 : 0)' failed in my_realloc from sort_get_next_record on INSERT - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Duplicate
Affects Version/s: 11.4
Fix Version/s: N/A
Component/s: Storage Engine - Aria
Labels:
- regression

Description

Note the required --max_allowed_packet option.

# Test using: ./mtr --mysqld=--max_allowed_packet=33554432 test

SET sql_mode='', aria_repair_threads=2;

CREATE TEMPORARY TABLE t (b TEXT, INDEX s(b(3000))) ROW_FORMAT=DYNAMIC ENGINE=Aria;

INSERT INTO t VALUES (REPEAT ('a',33554428));

CREATE TABLE ti LIKE t;

INSERT INTO ti SELECT * FROM t;

11.4.0 faf48c262fd3f350b91482865b1bc1d8a037502b (Optimized)
mariadbd: /test/knielsen_mdev33426_11.4_dbg/mysys/my_malloc.c:156: my_realloc: Assertion `(old_flags & 1) == ((my_flags & 0x10000U) ? 1 : 0)' failed.

11.4.0 faf48c262fd3f350b91482865b1bc1d8a037502b (Optimized)
Core was generated by `/test/MDEV33426_MD160224-mariadb-11.4.0-linux-x86_64-opt/bin/mariadbd --no-defa'.
Program terminated with signal SIGABRT, Aborted.
#0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=23081625097792)
at ./nptl/pthread_kill.c:44
[Current thread is 1 (LWP 2502992)]
(gdb) bt
#0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=23081625097792) at ./nptl/pthread_kill.c:44
#1 __pthread_kill_internal (signo=6, threadid=23081625097792) at ./nptl/pthread_kill.c:78
#2 __GI___pthread_kill (threadid=23081625097792, signo=signo@entry=6) at ./nptl/pthread_kill.c:89
#3 0x000014fe33e42476 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#4 0x000014fe33e287f3 in __GI_abort () at ./stdlib/abort.c:79
#5 0x000014fe33e2871b in __assert_fail_base (fmt=0x14fe33fdd130 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x558df086f050 "(old_flags & 1) == ((my_flags & 0x10000U) ? 1 : 0)", file=0x558df086ef68 "/test/knielsen_mdev33426_11.4_dbg/mysys/my_malloc.c", line=156, function=<optimized out>) at ./assert/assert.c:92
#6 0x000014fe33e39e96 in __GI___assert_fail (assertion=assertion@entry=0x558df086f050 "(old_flags & 1) == ((my_flags & 0x10000U) ? 1 : 0)", file=file@entry=0x558df086ef68 "/test/knielsen_mdev33426_11.4_dbg/mysys/my_malloc.c", line=line@entry=156, function=function@entry=0x558df086f088 <__PRETTY_FUNCTION__.0> "my_realloc") at ./assert/assert.c:101
#7 0x0000558df03be372 in my_realloc (key=key@entry=0, old_point=0x14fde00a5468, size=size@entry=65635, my_flags=64) at /test/knielsen_mdev33426_11.4_dbg/mysys/my_malloc.c:156
#8 0x0000558defecdf44 in _ma_alloc_buffer (old_addr=old_addr@entry=0x14fde002dac8, old_size=old_size@entry=0x14fde002dd90, new_size=65635, flag=<optimized out>) at /test/knielsen_mdev33426_11.4_dbg/storage/maria/ma_open.c:1257
#9 0x0000558deff0cc51 in sort_get_next_record (sort_param=sort_param@entry=0x14fde002d5e8) at /test/knielsen_mdev33426_11.4_dbg/storage/maria/ma_check.c:5269
#10 0x0000558deff0e784 in sort_key_read (sort_param=0x14fde002d5e8, key=0x14fde4000d70 '\245' <repeats 200 times>...) at /test/knielsen_mdev33426_11.4_dbg/storage/maria/ma_check.c:4831
#11 0x0000558deff115d1 in _ma_thr_find_all_keys_exec (sort_param=0x14fde002d5e8) at /test/knielsen_mdev33426_11.4_dbg/storage/maria/ma_sort.c:491
#12 _ma_thr_find_all_keys (arg=0x14fde002d5e8) at /test/knielsen_mdev33426_11.4_dbg/storage/maria/ma_sort.c:546
#13 0x000014fe33e94ac3 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
#14 0x000014fe33f26850 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

11.4.0 faf48c262fd3f350b91482865b1bc1d8a037502b (Debug)
mariadbd: /test/knielsen_mdev33426_11.4_dbg/mysys/my_malloc.c:156: my_realloc: Assertion `(old_flags & 1) == ((my_flags & 0x10000U) ? 1 : 0)' failed.

11.4.0 faf48c262fd3f350b91482865b1bc1d8a037502b (Debug)
Core was generated by `/test/MDEV33426_MD160224-mariadb-11.4.0-linux-x86_64-dbg/bin/mariadbd --no-defa'.
Program terminated with signal SIGABRT, Aborted.
#0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=22668503918144)
at ./nptl/pthread_kill.c:44
[Current thread is 1 (LWP 3317532)]
(gdb) bt
#0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=22668503918144) at ./nptl/pthread_kill.c:44
#1 __pthread_kill_internal (signo=6, threadid=22668503918144) at ./nptl/pthread_kill.c:78
#2 __GI___pthread_kill (threadid=22668503918144, signo=signo@entry=6) at ./nptl/pthread_kill.c:89
#3 0x0000149e01c42476 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#4 0x0000149e01c287f3 in __GI_abort () at ./stdlib/abort.c:79
#5 0x0000149e01c2871b in __assert_fail_base (fmt=0x149e01ddd130 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x55b57b391050 "(old_flags & 1) == ((my_flags & 0x10000U) ? 1 : 0)", file=0x55b57b390f68 "/test/knielsen_mdev33426_11.4_dbg/mysys/my_malloc.c", line=156, function=<optimized out>) at ./assert/assert.c:92
#6 0x0000149e01c39e96 in __GI___assert_fail (assertion=assertion@entry=0x55b57b391050 "(old_flags & 1) == ((my_flags & 0x10000U) ? 1 : 0)", file=file@entry=0x55b57b390f68 "/test/knielsen_mdev33426_11.4_dbg/mysys/my_malloc.c", line=line@entry=156, function=function@entry=0x55b57b391088 <__PRETTY_FUNCTION__.0> "my_realloc") at ./assert/assert.c:101
#7 0x000055b57aee0372 in my_realloc (key=key@entry=0, old_point=0x149dac0a5468, size=size@entry=65635, my_flags=64) at /test/knielsen_mdev33426_11.4_dbg/mysys/my_malloc.c:156
#8 0x000055b57a9eff44 in _ma_alloc_buffer (old_addr=old_addr@entry=0x149dac02dac8, old_size=old_size@entry=0x149dac02dd90, new_size=65635, flag=<optimized out>) at /test/knielsen_mdev33426_11.4_dbg/storage/maria/ma_open.c:1257
#9 0x000055b57aa2ec51 in sort_get_next_record (sort_param=sort_param@entry=0x149dac02d5e8) at /test/knielsen_mdev33426_11.4_dbg/storage/maria/ma_check.c:5269
#10 0x000055b57aa30784 in sort_key_read (sort_param=0x149dac02d5e8, key=0x149db0000d70 '\245' <repeats 200 times>...) at /test/knielsen_mdev33426_11.4_dbg/storage/maria/ma_check.c:4831
#11 0x000055b57aa335d1 in _ma_thr_find_all_keys_exec (sort_param=0x149dac02d5e8) at /test/knielsen_mdev33426_11.4_dbg/storage/maria/ma_sort.c:491
#12 _ma_thr_find_all_keys (arg=0x149dac02d5e8) at /test/knielsen_mdev33426_11.4_dbg/storage/maria/ma_sort.c:546
#13 0x0000149e01c94ac3 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
#14 0x0000149e01d26850 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

Only occurs in knielsen_mdev33426_11.4 at revision faf48c262fd3f350b91482865b1bc1d8a037502b
When only that revision (i.e. the MDEV-33426 patch) is removed, the crash does not happen, however we see:

11.4.0 4eac842c8f9814ffabf14c8074717d7c4511a72e (Optimized)
2024-02-29 14:48:08 0 [Note] /test/PRE_PATCH_MDEV33426_MD160224-mariadb-11.4.0-linux-x86_64-opt/bin/mariadbd: Shutdown complete

Warning: Memory not freed: 63312

Possibly this is the memory loss seen (and fixed) in MDEV-33426, though the amount differs and is a positive number this time.

Attachments

Issue Links

duplicates

MDEV-25923 Memory not freed or Assertion `old_flags == ((my_flags & 0x10000U) ? 1 : 0)' failed in my_realloc upon ALTER on Aria table with GIS column

Closed

is caused by

MDEV-33426 Assertion `status_var.local_memory_used == 0 || !debug_assert_on_not_freed_memory' failed in THD::~THD from handle_slave_sql on slave upon INSERT to TEMPORARY Aria table, Memory not freed: -50616

In Testing

Activity

Ascending order - Click to sort in descending order

Roel Van de Paar added a comment - 2024-02-29 03:59

If the issue is not clear, possibly more information could be obtained with UBASAN builds. If desired, please let me know and I will build/test.

Roel Van de Paar added a comment - 2024-02-29 03:59 If the issue is not clear, possibly more information could be obtained with UBASAN builds. If desired, please let me know and I will build/test.

Kristian Nielsen added a comment - 2024-02-29 14:48

Strange, I get the same crash without the MDEV-33426 patch, on this revision:

commit 4eac842c8f9814ffabf14c8074717d7c4511a72e (HEAD, origin/bb-11.4-wlad)

Author: Vladislav Vaintroub <vvaintroub@gmail.com>

Date:   Fri Feb 9 02:18:32 2024 +0100

I wonder why we get different results? But not critical I suppose, it's a bug to be fixed in any case...

- Kristian.

Kristian Nielsen added a comment - 2024-02-29 14:48 Strange, I get the same crash without the MDEV-33426 patch, on this revision: commit 4eac842c8f9814ffabf14c8074717d7c4511a72e (HEAD, origin/bb-11.4-wlad) Author: Vladislav Vaintroub <vvaintroub@gmail.com> Date: Fri Feb 9 02:18:32 2024 +0100 I wonder why we get different results? But not critical I suppose, it's a bug to be fixed in any case... - Kristian.

Elena Stepanova added a comment - 2024-02-29 15:29

It looks much like ~~MDEV-25923~~. And the test case from the description fails for me on all 10.6+, too.

Elena Stepanova added a comment - 2024-02-29 15:29 It looks much like MDEV-25923 . And the test case from the description fails for me on all 10.6+, too.

Kristian Nielsen added a comment - 2024-02-29 18:44

I have pushed a fix for this to branch: knielsen_mdev33426_11.4
Roel, feel free to close this as a duplicate of ~~MDEV-25923~~ when done with testing (and it looks good).

Kristian Nielsen added a comment - 2024-02-29 18:44 I have pushed a fix for this to branch: knielsen_mdev33426_11.4 Roel , feel free to close this as a duplicate of MDEV-25923 when done with testing (and it looks good).

Roel Van de Paar added a comment - 2024-02-29 23:05

Strange indeed. Here is what I get on 4eac842c8f9814ffabf14c8074717d7c4511a72e optimized:

11.4.0 4eac842c8f9814ffabf14c8074717d7c4511a72e (Optimized)
/test/PRE_PATCH_MDEV33426_MD160224-mariadb-11.4.0-linux-x86_64-opt$ a --max_allowed_packet=33554432
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 4
Server version: 11.4.0-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

11.4.0-opt>SET sql_mode='', aria_repair_threads=2;
Query OK, 0 rows affected (0.000 sec)

11.4.0-opt>CREATE TEMPORARY TABLE t (b TEXT, INDEX s(b(3000))) ROW_FORMAT=DYNAMIC ENGINE=Aria;
Query OK, 0 rows affected, 1 warning (0.001 sec)

11.4.0-opt>INSERT INTO t VALUES (REPEAT ('a',33554428));
Query OK, 1 row affected, 1 warning (0.245 sec)

11.4.0-opt>CREATE TABLE ti LIKE t;
Query OK, 0 rows affected (0.008 sec)

11.4.0-opt>INSERT INTO ti SELECT * FROM t;
Query OK, 1 row affected (0.002 sec)
Records: 1 Duplicates: 0 Warnings: 0

11.4.0-opt>SYSTEM grep -oP '(?<=source revision )(?s).*(?= as process)' ./log/master.err \| head -n1
4eac842c8f9814ffabf14c8074717d7c4511a72e

Roel Van de Paar added a comment - 2024-02-29 23:05 Strange indeed. Here is what I get on 4eac842c8f9814ffabf14c8074717d7c4511a72e optimized: 11.4.0 4eac842c8f9814ffabf14c8074717d7c4511a72e (Optimized) /test/PRE_PATCH_MDEV33426_MD160224-mariadb-11.4.0-linux-x86_64-opt$ a --max_allowed_packet=33554432 Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 4 Server version: 11.4.0-MariaDB MariaDB Server Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. 11.4.0-opt>SET sql_mode='', aria_repair_threads=2; Query OK, 0 rows affected (0.000 sec) 11.4.0-opt>CREATE TEMPORARY TABLE t (b TEXT, INDEX s(b(3000))) ROW_FORMAT=DYNAMIC ENGINE=Aria; Query OK, 0 rows affected, 1 warning (0.001 sec) 11.4.0-opt>INSERT INTO t VALUES (REPEAT ('a',33554428)); Query OK, 1 row affected, 1 warning (0.245 sec) 11.4.0-opt>CREATE TABLE ti LIKE t; Query OK, 0 rows affected (0.008 sec) 11.4.0-opt>INSERT INTO ti SELECT * FROM t; Query OK, 1 row affected (0.002 sec) Records: 1 Duplicates: 0 Warnings: 0 11.4.0-opt>SYSTEM grep -oP '(?<=source revision )(?s).*(?= as process)' ./log/master.err | head -n1 4eac842c8f9814ffabf14c8074717d7c4511a72e

Roel Van de Paar added a comment - 2024-02-29 23:18 - edited

The testcase from ~~MDEV-25923~~ also does not crash the pre-patch 4eac842c8f9814ffabf14c8074717d7c4511a72e opt build.
The testcase from ~~MDEV-25923~~ does however crash a post-patch faf48c262fd3f350b91482865b1bc1d8a037502b opt build.
The original testcase from this bug also crashes the post-patch faf48c262fd3f350b91482865b1bc1d8a037502b opt build as described.

So it seems that the MDEV-33426 patch somehow brought out a bit worse behavior (in opt builds) for this area.

Roel Van de Paar added a comment - 2024-02-29 23:18 - edited The testcase from MDEV-25923 also does not crash the pre-patch 4eac842c8f9814ffabf14c8074717d7c4511a72e opt build. The testcase from MDEV-25923 does however crash a post-patch faf48c262fd3f350b91482865b1bc1d8a037502b opt build. The original testcase from this bug also crashes the post-patch faf48c262fd3f350b91482865b1bc1d8a037502b opt build as described. So it seems that the MDEV-33426 patch somehow brought out a bit worse behavior (in opt builds) for this area.

Roel Van de Paar added a comment - 2024-02-29 23:31 - edited

Bug confirmed fixed in post-MDEV-33562 patch i.e. knielsen_mdev33426_11.4 @ 3285bb0e35df888155bd3848eb29191c997a4142:
in opt+dbg builds, and in both CLI and MTR.

Roel Van de Paar added a comment - 2024-02-29 23:31 - edited Bug confirmed fixed in post-MDEV-33562 patch i.e. knielsen_mdev33426_11.4 @ 3285bb0e35df888155bd3848eb29191c997a4142 : in opt+dbg builds, and in both CLI and MTR.

Roel Van de Paar added a comment - 2024-03-02 01:04 - edited

The MTR testcase from MDEV-33579 also crashes pre the fix for this (~~MDEV-33562~~) bug, and does not crash post-fix.

Roel Van de Paar added a comment - 2024-03-02 01:04 - edited The MTR testcase from MDEV-33579 also crashes pre the fix for this ( MDEV-33562 ) bug, and does not crash post-fix.

People

Assignee:: Unassigned

Reporter:: Roel Van de Paar

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2024-02-29 03:52

Updated:: 2024-03-15 14:55

Resolved:: 2024-02-29 23:31

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.