Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
5.5.41, 10.0.16
Description
This is http://bugs.mysql.com/75245 - which appears to be a duplicate of a (private) MySQL bug, https://bugs.mysql.com/75095. MariaDB 10.0.16 seems to have inherited this from InnoDB in 5.6.22.
Steps to reproduce are fairly simple (taken from bug 75245):
{ echo -n "CREATE TABLE test.foo ( "; for i in {1..197}; do echo -n "text${i} TEXT"; [[ ${i} -ne 197 ]] && echo -n ","; echo; done; echo ") ENGINE = InnoDB"; } | mysql
|
{ echo -n "INSERT INTO test.foo VALUES ("; for i in {1..197}; do echo -n "'abcdef'"; [[ ${i} -ne 197 ]] && echo -n ", "; done; echo ")"; } | mysql
|
mysql -Bse "DELETE FROM test.foo WHERE text1 = 'abcdef'"
|
service mysqld restart
|
Reviewing the MySQL error log shows:
150127 20:21:47 [Note] InnoDB: Waiting for purge to start
|
150127 20:21:47 [ERROR] mysqld got signal 11 ;
|
This could be because you hit a bug. It is also possible that this binary
|
or one of the libraries it was linked against is corrupt, improperly built,
|
or misconfigured. This error can also be caused by malfunctioning hardware.
|
|
|
To report this bug, see http://kb.askmonty.org/en/reporting-bugs
|
|
|
We will try our best to scrape up some info that will hopefully help
|
diagnose the problem, but since we have already crashed,
|
something is definitely wrong and this may fail.
|
|
|
Server version: 10.0.16-MariaDB-log
|
key_buffer_size=8388608
|
read_buffer_size=131072
|
max_used_connections=0
|
max_threads=66
|
thread_count=0
|
It is possible that mysqld could use up to
|
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 153153 K bytes of memory
|
Hope that's ok; if not, decrease some variables in the equation.
|
|
|
Thread pointer: 0x0x0
|
Attempting backtrace. You can use the following information to find out
|
where mysqld died. If you see no messages after this, something went
|
terribly wrong...
|
stack_bottom = 0x0 thread_stack 0x48000
|
150127 20:21:47 [Note] InnoDB: Percona XtraDB (http://www.percona.com) 5.6.22-71.0 started; log sequence number 1640775
|
2015-01-27 20:21:47 7fb7667fe700 InnoDB: Loading buffer pool(s) from .//ib_buffer_pool
|
2015-01-27 20:21:47 7fb7667fe700 InnoDB: Buffer pool(s) load completed at 150127 20:21:47
|
150127 20:21:47 [Note] Plugin 'FEEDBACK' is disabled.
|
150127 20:21:47 [Warning] 'proxies_priv' entry '@% root@pachyderm' ignored in --skip-name-resolve mode.
|
150127 20:21:47 [Note] Event Scheduler: Loaded 0 events
|
mysys/stacktrace.c:247(my_print_stacktrace)[0xbb258b]
|
sql/signal_handler.cc:153(handle_fatal_signal)[0x71bf28]
|
/lib64/libpthread.so.0(+0xf6d0)[0x7fb77837f6d0]
|
sql/sql_class.cc:1204(THD::raise_condition(unsigned int, char const*, Sql_condition::enum_warning_level, char const*))[0x59a942]
|
sql/sql_class.h:3150(THD::get_stmt_da())[0x5aa804]
|
handler/ha_innodb.cc:18944(ib_warn_row_too_big(dict_table_t const*))[0x877214]
|
dict/dict0dict.cc:2432(dict_index_add_to_cache(dict_table_t*, dict_index_t*, unsigned long, unsigned long))[0x9b93e0]
|
dict/dict0load.cc:2018(dict_load_indexes)[0x9cb9cb]
|
dict/dict0load.cc:2447(dict_load_table(char const*, unsigned long, dict_err_ignore_t))[0x9c89b7]
|
dict/dict0load.cc:2633(dict_load_table_on_id(unsigned long, dict_err_ignore_t))[0x9c9910]
|
dict/dict0dict.cc:900(dict_table_open_on_id(unsigned long, unsigned long, dict_table_op_t))[0x9b8218]
|
row/row0purge.cc:759(row_purge_parse_undo_rec)[0x918eef]
|
que/que0que.cc:1115(que_thr_step)[0x8e471b]
|
trx/trx0purge.cc:1254(trx_purge(unsigned long, unsigned long, bool))[0x940a57]
|
srv/srv0srv.cc:3278(srv_do_purge)[0x931ca8]
|
/lib64/libpthread.so.0(+0x7ee5)[0x7fb778377ee5]
|
/lib64/libc.so.6(clone+0x6d)[0x7fb777a94b8d]
|
The manual page at http://dev.mysql.com/doc/mysql/en/crashing.html contains
|
information that should help you find out what is causing the crash.
|
As a naive fix, adding a check along the lines of
if(thd == null) return;
|
in ib_warn_row_too_big() seems to resolve the immediate cause of the crash.
Attachments
Issue Links
Activity
revno: 4417
committer: Jan Lindström <jplindst@mariadb.org>
branch nick: 5.5
timestamp: Wed 2015-02-04 09:29:54 +0200
message:
MDEV-7513: ib_warn_row_too_big dereferences null thd
Analysis: Purge thread does not have thd and no access to
handlerton.
Fix: If thd does not exists we use sql_print_warning instead
of push_warning_printf.
Also reproducible on MariaDB 5.5.41, but only with InnoDB plugin (not with XtraDB).
Stack trace from 10.0 debug build (to make it more searchable):
#2 0x0000000000868ad9 in handle_fatal_signal (sig=11) at 10.0/sql/signal_handler.cc:262#3 <signal handler called>#4 0x00000000005cb584 in THD::get_stmt_da (this=0x0) at 10.0/sql/sql_class.h:3150#5 0x000000000063edd8 in THD::raise_condition (this=0x0, sql_errno=139, sqlstate=0x0, level=Sql_condition::WARN_LEVEL_WARN, msg=0x7fba107fa250 "Row size too large (> 8126). Changing some columns to TEXT or BLOB or using ROW_FORMAT=DYNAMIC or ROW_FORMAT=COMPRESSED may help. In current row format, BLOB prefix of 768 bytes is stored inline.") at 10.0/sql/sql_class.cc:1200#6 0x0000000000657c20 in push_warning (thd=0x0, level=Sql_condition::WARN_LEVEL_WARN, code=139, msg=0x7fba107fa250 "Row size too large (> 8126). Changing some columns to TEXT or BLOB or using ROW_FORMAT=DYNAMIC or ROW_FORMAT=COMPRESSED may help. In current row format, BLOB prefix of 768 bytes is stored inline.") at 10.0/sql/sql_error.cc:750#7 0x0000000000657dbc in push_warning_printf (thd=0x0, level=Sql_condition::WARN_LEVEL_WARN, code=139, format=0x102b1f0 "Row size too large (> %lu). Changing some columns to TEXT or BLOB %smay help. In current row format, BLOB prefix of %d bytes is stored inline.") at 10.0/sql/sql_error.cc:785#8 0x0000000000a1bed6 in ib_warn_row_too_big (table=0x7fba0f44f678) at 10.0/storage/xtradb/handler/ha_innodb.cc:18943#9 0x0000000000c0ca99 in dict_index_add_to_cache (table=0x7fba0f44f678, index=0x7fba0f46c0f8, page_no=3, strict=0) at 10.0/storage/xtradb/dict/dict0dict.cc:2432#10 0x0000000000c1f576 in dict_load_indexes (table=0x7fba0f44f678, heap=0x7fba0f443000, ignore_err=DICT_ERR_IGNORE_NONE) at 10.0/storage/xtradb/dict/dict0load.cc:2011#11 0x0000000000c2049b in dict_load_table (name=0x7fba0f43d248 "test/foo", cached=1, ignore_err=DICT_ERR_IGNORE_NONE) at 10.0/storage/xtradb/dict/dict0load.cc:2445#12 0x0000000000c20ab4 in dict_load_table_on_id (table_id=18, ignore_err=DICT_ERR_IGNORE_NONE) at 10.0/storage/xtradb/dict/dict0load.cc:2633#13 0x0000000000c07798 in dict_table_open_on_id_low (table_id=18, ignore_err=DICT_ERR_IGNORE_NONE) at 10.0/storage/xtradb/include/dict0priv.ic:92#14 0x0000000000c089a5 in dict_table_open_on_id (table_id=18, dict_locked=0, table_op=DICT_TABLE_OP_NORMAL) at 10.0/storage/xtradb/dict/dict0dict.cc:898#15 0x0000000000b1d1bc in row_purge_parse_undo_rec (node=0x7fba1f2f4078, undo_rec=0x7fba0f43b088 "\001\066\016", updated_extern=0x7fba107fbcae, thr=0x7fba1f0213c0) at 10.0/storage/xtradb/row/row0purge.cc:757#16 0x0000000000b1d601 in row_purge (node=0x7fba1f2f4078, undo_rec=0x7fba0f43b088 "\001\066\016", thr=0x7fba1f0213c0) at 10.0/storage/xtradb/row/row0purge.cc:893#17 0x0000000000b1d858 in row_purge_step (thr=0x7fba1f0213c0) at 10.0/storage/xtradb/row/row0purge.cc:976#18 0x0000000000ac14d5 in que_thr_step (thr=0x7fba1f0213c0) at 10.0/storage/xtradb/que/que0que.cc:1115#19 0x0000000000ac16d6 in que_run_threads_low (thr=0x7fba1f0213c0) at 10.0/storage/xtradb/que/que0que.cc:1177#20 0x0000000000ac1868 in que_run_threads (thr=0x7fba1f0213c0) at 10.0/storage/xtradb/que/que0que.cc:1218#21 0x0000000000b68bdb in trx_purge (n_purge_threads=1, batch_size=300, truncate=false) at 10.0/storage/xtradb/trx/trx0purge.cc:1251#22 0x0000000000b4e568 in srv_do_purge (n_threads=1, n_total_purged=0x7fba107fbe48) at 10.0/storage/xtradb/srv/srv0srv.cc:3278#23 0x0000000000b4ec6b in srv_purge_coordinator_thread (arg=0x0) at 10.0/storage/xtradb/srv/srv0srv.cc:3462#24 0x00007fba2187cb50 in start_thread (arg=<optimized out>) at pthread_create.c:304#25 0x00007fba1fb3270d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112