[#MDEV-10694] SIGFPE and/or huge memory allocation in maria

Version: '10.2.1-MariaDB'  socket: ''  port: 3306  mariadb.org binary distribution

[ERROR] mysqld got exception 0xc0000005 ;

mysqld.exe!maria_create()[ma_create.c:163]

mysqld.exe!create_internal_tmp_table()[sql_select.cc:17280]

mysqld.exe!create_internal_tmp_table_from_heap()[sql_select.cc:17511]

mysqld.exe!JOIN::rollup_write_data()[sql_select.cc:23765]

mysqld.exe!end_write_group()[sql_select.cc:19930]

mysqld.exe!AGGR_OP::end_send()[sql_select.cc:26133]

mysqld.exe!sub_select_postjoin_aggr()[sql_select.cc:18016]

mysqld.exe!do_select()[sql_select.cc:17845]

mysqld.exe!JOIN::exec_inner()[sql_select.cc:3343]

mysqld.exe!JOIN::exec()[sql_select.cc:3154]

mysqld.exe!mysql_select()[sql_select.cc:3539]

mysqld.exe!handle_select()[sql_select.cc:377]

mysqld.exe!execute_sqlcom_select()[sql_parse.cc:6309]

mysqld.exe!mysql_execute_command()[sql_parse.cc:3352]

mysqld.exe!mysql_parse()[sql_parse.cc:7746]

mysqld.exe!dispatch_command()[sql_parse.cc:1793]

mysqld.exe!do_command()[sql_parse.cc:1353]

mysqld.exe!threadpool_process_request()[threadpool_common.cc:252]

mysqld.exe!io_completion_callback()[threadpool_win.cc:462]

drop table if exists t;

create table t (a int,b int) engine=innodb;

insert into t values(-126,7),(1,1),(0,0),(-1,1),(351,65534);

select distinct 1 from t group by a,b with rollup limit 1;

==2460==    at 0xB435A5: maria_create (ma_create.c:162)

==2460==    by 0x5EAF3E: create_internal_tmp_table(TABLE*, st_key*, st_maria_columndef*, st_maria_columndef**, unsigned long long) (sql_select.cc:17273)

==2460==    by 0x6174E4: create_internal_tmp_table_from_heap(THD*, TABLE*, st_maria_columndef*, st_maria_columndef**, int, bool, bool*) (sql_select.cc:17508)

....

mysqld.exe!maria_create()[ma_create.c:388]

mysqld.exe!create_internal_tmp_table()[sql_select.cc:17318]

mysqld.exe!create_internal_tmp_table_from_heap()[sql_select.cc:17549]

mysqld.exe!JOIN::rollup_write_data()[sql_select.cc:23800]

mysqld.exe!end_write_group()[sql_select.cc:19965]

mysqld.exe!AGGR_OP::put_record()[sql_select.cc:26159]

mysqld.exe!AGGR_OP::put_record()[sql_select.h:971]

mysqld.exe!sub_select_postjoin_aggr()[sql_select.cc:18058]

mysqld.exe!evaluate_join_record()[sql_select.cc:18562]

mysqld.exe!AGGR_OP::end_send()[sql_select.cc:26231]

mysqld.exe!sub_select_postjoin_aggr()[sql_select.cc:18052]

mysqld.exe!sub_select()[sql_select.cc:18288]

mysqld.exe!do_select()[sql_select.cc:17883]

mysqld.exe!JOIN::exec_inner()[sql_select.cc:3371]

mysqld.exe!JOIN::exec()[sql_select.cc:3183]

mysqld.exe!mysql_select()[sql_select.cc:3569]

mysqld.exe!handle_select()[sql_select.cc:373]

mysqld.exe!execute_sqlcom_select()[sql_parse.cc:6347]

mysqld.exe!mysql_execute_command()[sql_parse.cc:3376]

mysqld.exe!mysql_parse()[sql_parse.cc:7790]

mysqld.exe!dispatch_command()[sql_parse.cc:1808]

mysqld.exe!do_command()[sql_parse.cc:1365]

mysqld.exe!threadpool_process_request()[threadpool_common.cc:319]

mysqld.exe!tp_callback()[threadpool_common.cc:158]

mysqld.exe!tp_callback()[threadpool_win.cc:378]

mysqld.exe!work_callback()[threadpool_win.cc:452]

ntdll.dll!RtlFreeUnicodeString()

ntdll.dll!RtlFreeUnicodeString()

KERNEL32.DLL!BaseThreadInitThunk()

ntdll.dll!RtlUserThreadStart()

#0  0x0000000100c6ee5d in maria_create (name=0x118e6f480 "/Users/varun/MariaDB/10.2/10.2/mysql-test/var/tmp/mysqld.1/#sql1597e_7_1",

    datafile_type=STATIC_RECORD, keys=0, keydefs=0x700000d437e8, columns=0, columndef=0x0, uniques=0, uniquedefs=0x700000d43798, ci=0x700000d43748,

    flags=260) at /Users/varun/MariaDB/10.2/10.2/storage/maria/ma_create.c:385

#1  0x0000000100435d33 in create_internal_tmp_table (table=0x700000d43a98, keyinfo=0x0, start_recinfo=0x0, recinfo=0x118e8de78, options=2147748609)

    at /Users/varun/MariaDB/10.2/10.2/sql/sql_select.cc:17327

#2  0x000000010042b5be in create_internal_tmp_table_from_heap (thd=0x118e1ee88, table=0x118e6e020, start_recinfo=0x0, recinfo=0x118e8de78, error=135,

    ignore_last_dupp_key_error=false, is_duplicate=0x0) at /Users/varun/MariaDB/10.2/10.2/sql/sql_select.cc:17562

#3  0x000000010043b148 in JOIN::rollup_write_data (this=0x118e8dc20, idx=0, table_arg=0x118e6e020) at /Users/varun/MariaDB/10.2/10.2/sql/sql_select.cc:23806

#4  0x0000000100436a10 in end_write_group (join=0x118e8dc20, join_tab=0x118eaa7d0, end_of_records=true)

    at /Users/varun/MariaDB/10.2/10.2/sql/sql_select.cc:19974

#5  0x0000000100445725 in AGGR_OP::put_record (this=0x118e3b8e0, end_of_records=true) at /Users/varun/MariaDB/10.2/10.2/sql/sql_select.cc:26167

#6  0x0000000100437996 in AGGR_OP::end_send (this=0x118e3b8e0) at /Users/varun/MariaDB/10.2/10.2/sql/sql_select.cc:26189

#7  0x000000010041a56a in sub_select_postjoin_aggr (join=0x118e8dc20, join_tab=0x118eaa7d0, end_of_records=true)

    at /Users/varun/MariaDB/10.2/10.2/sql/sql_select.cc:18068

#8  0x0000000100437da2 in sub_select (join=0x118e8dc20, join_tab=0x118eaa420, end_of_records=true) at /Users/varun/MariaDB/10.2/10.2/sql/sql_select.cc:18304

#9  0x0000000100420d2e in do_select (join=0x118e8dc20, procedure=0x0) at /Users/varun/MariaDB/10.2/10.2/sql/sql_select.cc:17899

#10 0x000000010041fb9c in JOIN::exec_inner (this=0x118e8dc20) at /Users/varun/MariaDB/10.2/10.2/sql/sql_select.cc:3388

#11 0x000000010041edee in JOIN::exec (this=0x118e8dc20) at /Users/varun/MariaDB/10.2/10.2/sql/sql_select.cc:3199

#12 0x00000001003fcebc in mysql_select (thd=0x118e1ee88, tables=0x118e64020, wild_num=0, fields=..., conds=0x0, og_num=2, order=0x0, group=0x118e3d220,

    having=0x0, proc_param=0x0, select_options=2147748609, result=0x118e3f160, unit=0x118e22960, select_lex=0x118e230b0)

    at /Users/varun/MariaDB/10.2/10.2/sql/sql_select.cc:3584

#13 0x00000001003fc6ef in handle_select (thd=0x118e1ee88, lex=0x118e22898, result=0x118e3f160, setup_tables_done_option=0)

    at /Users/varun/MariaDB/10.2/10.2/sql/sql_select.cc:361

#14 0x00000001003a52a8 in execute_sqlcom_select (thd=0x118e1ee88, all_tables=0x118e64020) at /Users/varun/MariaDB/10.2/10.2/sql/sql_parse.cc:6399

#15 0x0000000100396604 in mysql_execute_command (thd=0x118e1ee88) at /Users/varun/MariaDB/10.2/10.2/sql/sql_parse.cc:3423

#16 0x0000000100392093 in mysql_parse (thd=0x118e1ee88, rawbuf=0x118e5e020 "select distinct 1 from t group by a,b with rollup limit 1", length=57,

    parser_state=0x700000d49e20, is_com_multi=false, is_next_command=false) at /Users/varun/MariaDB/10.2/10.2/sql/sql_parse.cc:7842

#17 0x000000010038c717 in dispatch_command (command=COM_QUERY, thd=0x118e1ee88, packet=0x118e49349 "", packet_length=57, is_com_multi=false,

    is_next_command=false) at /Users/varun/MariaDB/10.2/10.2/sql/sql_parse.cc:1798

#18 0x00000001003905a7 in do_command (thd=0x118e1ee88) at /Users/varun/MariaDB/10.2/10.2/sql/sql_parse.cc:1358

#19 0x000000010055af91 in do_handle_one_connection (connect=0x10402e268) at /Users/varun/MariaDB/10.2/10.2/sql/sql_connect.cc:1354

#20 0x000000010055ad6a in handle_one_connection (arg=0x10402e268) at /Users/varun/MariaDB/10.2/10.2/sql/sql_connect.cc:1260

#21 0x0000000100d7ad85 in pfs_spawn_thread (arg=0x10b7ff808) at /Users/varun/MariaDB/10.2/10.2/storage/perfschema/pfs.cc:1862

#22 0x00007fff9754e99d in _pthread_body () from /usr/lib/system/libsystem_pthread.dylib

#23 0x00007fff9754e91a in _pthread_start () from /usr/lib/system/libsystem_pthread.dylib

#24 0x00007fff9754c351 in thread_start () from /usr/lib/system/libsystem_pthread.dylib

Breakpoint 5, create_internal_tmp_table_from_heap (thd=0x10c64ff70, table=0x10ca4a088, start_recinfo=0x10ca4b2d8, recinfo=0x10ca34608, error=135, ignore_last_dupp_key_error=false, is_duplicate=0x0) at /Users/varun/MariaDB/10.1/10.1/sql/sql_select.cc:17600

maria_create (name=0x10ca4b508 "/Users/varun/MariaDB/10.1/10.1/mysql-test/var/tmp/mysqld.1/#sql16983_2_1",

    datafile_type=STATIC_RECORD, keys=0, keydefs=0x700000ab5480, columns=3, columndef=0x10ca4b2d8, uniques=0, uniquedefs=0x700000ab5430, ci=0x700000ab53e0,

    flags=260) at /Users/varun/MariaDB/10.1/10.1/storage/maria/ma_create.c:47

Breakpoint 2, create_internal_tmp_table_from_heap (thd=0x118e19e88, table=0x118e66020, start_recinfo=0x0, recinfo=0x118e85e78, error=135, ignore_last_dupp_key_error=false, is_duplicate=0x0) at /Users/varun/MariaDB/10.2/10.2/sql/sql_select.cc:17526

Breakpoint 1, maria_create (name=0x118e67480 "/Users/varun/MariaDB/10.2/10.2/mysql-test/var/tmp/mysqld.1/#sql169da_7_1",

    datafile_type=STATIC_RECORD, keys=0, keydefs=0x700000d437e8, columns=0, columndef=0x0, uniques=0, uniquedefs=0x700000d43798, ci=0x700000d43748, flags=260) at /Users/varun/MariaDB/10.2/10.2/storage/maria/ma_create.c:47

(gdb) p tmp_table_param->recinfo

$1 = (MARIA_COLUMNDEF *) 0x0

(gdb) p tmp_table_param->start_recinfo

$2 = (MARIA_COLUMNDEF *) 0x0

(gdb) p tab->tmp_table_param->recinfo

$3 = (MARIA_COLUMNDEF *) 0x118e672f8

(gdb) p tab->tmp_table_param->start_recinfo

$4 = (MARIA_COLUMNDEF *) 0x118e67250

if (create_internal_tmp_table_from_heap(thd, table_arg,

                                                tmp_table_param.start_recinfo,

                                                &tmp_table_param.recinfo,

                                                write_error, 0, NULL))

Thread 2 hit Breakpoint 4, create_internal_tmp_table_from_heap (thd=0x118e19e88, table=0x118e66020, start_recinfo=0x0, recinfo=0x118e85e78, error=135,

    ignore_last_dupp_key_error=false, is_duplicate=0x0) at /Users/varun/MariaDB/10.2/10.2/sql/sql_select.cc:17527

17527	  TABLE new_table;

(gdb) p *recinfo

$6 = (MARIA_COLUMNDEF *) 0x0

 (gdb) p start_recinfo

$7 = (MARIA_COLUMNDEF *) 0x0

if ((error= maria_create(share->table_name.str,

                             file_type,

                             share->keys, &keydef,

                             (uint) (*recinfo-start_recinfo),

                             start_recinfo,

                             share->uniques, &uniquedef,

                             &create_info,

                             create_flags)))

TABLE* table= create_tmp_table(thd, tab->tmp_table_param, *table_fields,

                                 table_group, distinct,

                                 save_sum_fields, select_options, table_rows_limit,

                                 "", true, keep_row_order);

  tab->tmp_table_param= new TMP_TABLE_PARAM(tmp_table_param);

  TABLE* table= create_tmp_table(thd, tab->tmp_table_param, *table_fields,

                                 table_group, distinct,

...

	if (create_internal_tmp_table_from_heap(thd, table_arg,

                                                tmp_table_param.start_recinfo,

                                                &tmp_table_param.recinfo,

          int error= table->file->ha_write_tmp_row(table->record[0]);

          if (error &&

              create_internal_tmp_table_from_heap(join->thd, table,

                                          join_tab->tmp_table_param->start_recinfo,

                                          &join_tab->tmp_table_param->recinfo,

                                                   error, 0, NULL))

	    DBUG_RETURN(NESTED_LOOP_ERROR);

        if (join->rollup.state != ROLLUP::STATE_NONE)

	  if (join->rollup_write_data((uint) (idx+1), table))

	    DBUG_RETURN(NESTED_LOOP_ERROR);

[MDEV-10694] SIGFPE and/or huge memory allocation in maria_create with distinct/group by/ rollup Created: 2016-08-28 Updated: 2019-06-03 Resolved: 2017-02-15
Status:	Closed
Project:	MariaDB Server
Component/s:	Optimizer
Affects Version/s:	10.2.1
Fix Version/s:	10.2.4

[MDEV-10694] SIGFPE and/or huge memory allocation in maria_create with distinct/group by/ rollup Created: 2016-08-28 Updated: 2019-06-03 Resolved: 2017-02-15