[MDEV-22715] SIGSEGV in radixsort_for_str_ptr and in native_compare/my_qsort2 (optimized builds) Created: 2020-05-26  Updated: 2021-12-29  Resolved: 2020-06-04

Status: Closed
Project: MariaDB Server
Component/s: Optimizer
Affects Version/s: 10.1, 10.2, 10.3, 10.4, 10.5
Fix Version/s: 10.5.4, 10.1.46, 10.2.33, 10.3.24, 10.4.14

Type: Bug Priority: Critical
Reporter: Roel Van de Paar Assignee: Varun Gupta (Inactive)
Resolution: Fixed Votes: 0
Labels: regression, sporadic

Attachments: File in.sql    
Issue Links:
Duplicate
duplicates MDEV-22875 Various SIGSEGV crashes on optimized ... Closed
Relates
relates to MDEV-22267 Assertion `length == Field_timef::pac... Closed
relates to MDEV-22875 Various SIGSEGV crashes on optimized ... Closed

 Description    

SOURCE in.sql;

Leads to:

10.5.4 8569dac1ec9f6853a0b2f3ea9bcbda67644ead24 dbg

 
Core was generated by `/test/MD260520-mariadb-10.5.4-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
 
Program terminated with signal SIGSEGV, Segmentation fault.
 
#0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=11)
 
    at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
 
[Current thread is 1 (Thread 0x14b6f792e700 (LWP 688652))]
 
(gdb) bt
 
#0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=11) at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
 
#1  0x0000561fed75fd7a in my_write_core (sig=sig@entry=11) at /test/10.5_dbg/mysys/stacktrace.c:518
 
#2  0x0000561fecf05385 in handle_fatal_signal (sig=11) at /test/10.5_dbg/sql/signal_handler.cc:330
 
#3  <signal handler called>
 
#4  0x0000561fed74ff8a in radixsort_for_str_ptr (base=0x14b6d3d687e0, number_of_elements=number_of_elements@entry=80659, size_of_element=<optimized out>, buffer=buffer@entry=0x14b6d3a46088) at /test/10.5_dbg/mysys/mf_radix.c:45
 
#5  0x0000561fed1172a9 in Filesort_buffer::sort_buffer (this=this@entry=0x14b6d34dc200, param=param@entry=0x14b6f792bbd0, count=count@entry=80659) at /test/10.5_dbg/sql/filesort_utils.cc:187
 
#6  0x0000561fecefcbb8 in SORT_INFO::sort_buffer (count=80659, param=0x14b6f792bbd0, this=0x14b6d34dc200) at /test/10.5_dbg/sql/filesort.h:151
 
#7  write_keys (param=param@entry=0x14b6f792bbd0, fs_info=fs_info@entry=0x14b6d34dc200, count=count@entry=80659, buffpek_pointers=buffpek_pointers@entry=0x14b6f792bde0, tempfile=tempfile@entry=0x14b6f792bc70) at /test/10.5_dbg/sql/filesort.cc:1040
 
#8  0x0000561fecf033fb in find_all_keys (found_rows=0x14b6d34dc3f0, pq=0x0, tempfile=0x14b6f792bc70, buffpek_pointers=0x14b6f792bde0, fs_info=0x14b6d34dc200, select=0x14b6d3477b98, param=0x14b6f792bbd0, thd=0x14b6d3415088) at /test/10.5_dbg/sql/filesort.cc:945
 
#9  filesort (thd=thd@entry=0x14b6d3415088, table=table@entry=0x14b6d34d5088, filesort=filesort@entry=0x14b6d3477d68, tracker=0x14b6d3478458, join=join@entry=0x14b6d3475ab0, first_table_bit=<optimized out>) at /test/10.5_dbg/sql/filesort.cc:356
 
#10 0x0000561feccafe83 in create_sort_index (thd=0x14b6d3415088, join=0x14b6d3475ab0, tab=tab@entry=0x14b6d3477258, fsort=0x14b6d3477d68, fsort@entry=0x0) at /test/10.5_dbg/sql/sql_select.cc:23870
 
#11 0x0000561feccb01b2 in st_join_table::sort_table (this=this@entry=0x14b6d3477258) at /test/10.5_dbg/sql/sql_select.cc:21599
 
#12 0x0000561feccb02e6 in join_init_read_record (tab=0x14b6d3477258) at /test/10.5_dbg/sql/sql_select.cc:21538
 
#13 0x0000561fecca0c11 in sub_select (join=0x14b6d3475ab0, join_tab=0x14b6d3477258, end_of_records=<optimized out>) at /test/10.5_dbg/sql/sql_select.cc:20612
 
#14 0x0000561feccd8a16 in do_select (procedure=0x0, join=0x14b6d3475ab0) at /test/10.5_dbg/sql/sql_select.cc:20149
 
#15 JOIN::exec_inner (this=this@entry=0x14b6d3475ab0) at /test/10.5_dbg/sql/sql_select.cc:4464
 
#16 0x0000561feccd9031 in JOIN::exec (this=this@entry=0x14b6d3475ab0) at /test/10.5_dbg/sql/sql_select.cc:4245
 
#17 0x0000561feccd7346 in mysql_select (thd=thd@entry=0x14b6d3415088, tables=<optimized out>, fields=..., conds=0x0, og_num=2, order=<optimized out>, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x14b6d3475a88, unit=0x14b6d34190a0, select_lex=0x14b6d3474140) at /test/10.5_dbg/sql/sql_select.cc:4669
 
#18 0x0000561feccd7675 in handle_select (thd=thd@entry=0x14b6d3415088, lex=lex@entry=0x14b6d3418fd8, result=result@entry=0x14b6d3475a88, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.5_dbg/sql/sql_select.cc:417
 
#19 0x0000561fecc620bf in execute_sqlcom_select (thd=thd@entry=0x14b6d3415088, all_tables=0x14b6d3474738) at /test/10.5_dbg/sql/sql_parse.cc:6207
 
#20 0x0000561fecc5b1f4 in mysql_execute_command (thd=thd@entry=0x14b6d3415088) at /test/10.5_dbg/sql/sql_parse.cc:3939
 
#21 0x0000561fecc6802e in mysql_parse (thd=thd@entry=0x14b6d3415088, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14b6f792d3d0, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_dbg/sql/sql_parse.cc:7991
 
#22 0x0000561fecc54b42 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14b6d3415088, packet=packet@entry=0x14b6d3467089 "", packet_length=packet_length@entry=31, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_dbg/sql/sql_parse.cc:1874
 
#23 0x0000561fecc5331c in do_command (thd=0x14b6d3415088) at /test/10.5_dbg/sql/sql_parse.cc:1355
 
#24 0x0000561fecdad73f in do_handle_one_connection (connect=<optimized out>, connect@entry=0x14b6d70453a8, put_in_cache=put_in_cache@entry=true) at /test/10.5_dbg/sql/sql_connect.cc:1411
 
#25 0x0000561fecdade5b in handle_one_connection (arg=arg@entry=0x14b6d70453a8) at /test/10.5_dbg/sql/sql_connect.cc:1313
 
#26 0x0000561fed20d14e in pfs_spawn_thread (arg=0x14b6f5445888) at /test/10.5_dbg/storage/perfschema/pfs.cc:2201
 
#27 0x000014b6f6d556db in start_thread (arg=0x14b6f792e700) at pthread_create.c:463
 
#28 0x000014b6f615388f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

10.5.4 8569dac1ec9f6853a0b2f3ea9bcbda67644ead24 opt

 
Core was generated by `/test/MD260520-mariadb-10.5.4-linux-x86_64-opt/bin/mysqld --no-defaults --core-'.
 
Program terminated with signal SIGSEGV, Segmentation fault.
 
#0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=11)
 
    at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
 
[Current thread is 1 (Thread 0x145ec5db0700 (LWP 1075820))]
 
(gdb) bt
 
#0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=11)
 
    at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
 
#1  0x000055f704f29337 in my_write_core (sig=sig@entry=11) at /test/10.5_opt/mysys/stacktrace.c:518
 
#2  0x000055f7048eb3ca in handle_fatal_signal (sig=11) at /test/10.5_opt/sql/signal_handler.cc:330
 
#3  <signal handler called>
 
#4  radixsort_for_str_ptr (base=0x145e8ad68770, number_of_elements=number_of_elements@entry=80659, 
    size_of_element=<optimized out>, buffer=buffer@entry=0x145e8b006018)
 
    at /test/10.5_opt/mysys/mf_radix.c:45
 
#5  0x000055f704a74a38 in Filesort_buffer::sort_buffer (this=this@entry=0x145ea08e5180, 
    param=param@entry=0x145ec5dae540, count=count@entry=80659)
 
    at /test/10.5_opt/sql/filesort_utils.cc:187
 
#6  0x000055f7048e5643 in SORT_INFO::sort_buffer (count=80659, param=<optimized out>, 
    this=0x145ea08e5180) at /test/10.5_opt/sql/filesort.h:151
 
#7  write_keys (param=param@entry=0x145ec5dae540, fs_info=fs_info@entry=0x145ea08e5180, 
    count=count@entry=80659, buffpek_pointers=buffpek_pointers@entry=0x145ec5dae6d0, 
    tempfile=tempfile@entry=0x145ec5dae5e0) at /test/10.5_opt/sql/filesort.cc:1040
 
#8  0x000055f7048e9c77 in find_all_keys (found_rows=0x145ea08e52f0, pq=0x0, tempfile=0x145ec5dae5e0, 
    buffpek_pointers=0x145ec5dae6d0, fs_info=0x145ea08e5180, select=0x145ea084aaa8, 
    param=0x145ec5dae540, thd=0x145ea0812018) at /test/10.5_opt/sql/filesort.cc:945
 
#9  filesort (thd=thd@entry=0x145ea0812018, table=table@entry=0x145ea0898c18, 
    filesort=filesort@entry=0x145ea084abf8, tracker=0x145ea084b2e0, join=join@entry=0x145ea0848a40, 
    first_table_bit=<optimized out>) at /test/10.5_opt/sql/filesort.cc:356
 
#10 0x000055f70473fa15 in create_sort_index (thd=0x145ea0812018, join=0x145ea0848a40, 
    tab=tab@entry=0x145ea084a1e8, fsort=0x145ea084abf8, fsort@entry=0x0)
 
    at /test/10.5_opt/sql/sql_select.cc:23870
 
#11 0x000055f70473fcce in st_join_table::sort_table (this=this@entry=0x145ea084a1e8)
 
    at /test/10.5_opt/sql/sql_select.cc:21599
 
#12 0x000055f70473fd5a in join_init_read_record (tab=0x145ea084a1e8)
 
    at /test/10.5_opt/sql/sql_select.cc:21538
 
#13 0x000055f704731b57 in sub_select (join=0x145ea0848a40, join_tab=0x145ea084a1e8, 
    end_of_records=false) at /test/10.5_opt/sql/sql_select.cc:20612
 
#14 0x000055f70475323e in do_select (procedure=<optimized out>, join=0x145ea0848a40)
 
    at /test/10.5_opt/sql/sql_select.cc:20149
 
#15 JOIN::exec_inner (this=this@entry=0x145ea0848a40) at /test/10.5_opt/sql/sql_select.cc:4464
 
#16 0x000055f704753677 in JOIN::exec (this=this@entry=0x145ea0848a40)
 
    at /test/10.5_opt/sql/sql_select.cc:4245
 
#17 0x000055f7047519c2 in mysql_select (thd=thd@entry=0x145ea0812018, tables=0x145ea08476c8, 
    fields=..., conds=0x0, og_num=<optimized out>, order=0x145ea0848720, group=0x0, having=0x0, 
    proc_param=0x0, select_options=2147748608, result=0x145ea0848a18, unit=0x145ea0815e70, 
    select_lex=0x145ea08470d0) at /test/10.5_opt/sql/sql_select.cc:4669
 
#18 0x000055f704752381 in handle_select (thd=thd@entry=0x145ea0812018, lex=lex@entry=0x145ea0815da8, 
    result=result@entry=0x145ea0848a18, setup_tables_done_option=setup_tables_done_option@entry=0)
 
    at /test/10.5_opt/sql/sql_select.cc:417
 
#19 0x000055f7046f8e91 in execute_sqlcom_select (thd=thd@entry=0x145ea0812018, 
    all_tables=0x145ea08476c8) at /test/10.5_opt/sql/sql_parse.cc:6207
 
#20 0x000055f7046f4db2 in mysql_execute_command (thd=thd@entry=0x145ea0812018)
 
    at /test/10.5_opt/sql/sql_parse.cc:3939
 
#21 0x000055f7046fbfac in mysql_parse (thd=0x145ea0812018, rawbuf=<optimized out>, length=31, 
    parser_state=0x145ec5daf4b0, is_com_multi=<optimized out>, is_next_command=<optimized out>)
 
    at /test/10.5_opt/sql/sql_parse.cc:7991
 
#22 0x000055f7046f12b5 in dispatch_command (command=command@entry=COM_QUERY, 
    thd=thd@entry=0x145ea0812018, packet=packet@entry=0x145ea083a019 "", 
    packet_length=packet_length@entry=31, is_com_multi=is_com_multi@entry=false, 
    is_next_command=is_next_command@entry=false) at /test/10.5_opt/sql/sql_parse.cc:1874
 
#23 0x000055f7046ef6a4 in do_command (thd=0x145ea0812018) at /test/10.5_opt/sql/sql_parse.cc:1355
 
#24 0x000055f7047e4891 in do_handle_one_connection (connect=<optimized out>, 
    connect@entry=0x145ec38329b8, put_in_cache=put_in_cache@entry=true)
 
    at /test/10.5_opt/sql/sql_connect.cc:1411
 
#25 0x000055f7047e4bf4 in handle_one_connection (arg=arg@entry=0x145ec38329b8)
 
    at /test/10.5_opt/sql/sql_connect.cc:1313
 
#26 0x000055f704b5106a in pfs_spawn_thread (arg=0x145ec384b018)
 
    at /test/10.5_opt/storage/perfschema/pfs.cc:2201
 
#27 0x0000145ec51d76db in start_thread (arg=0x145ec5db0700) at pthread_create.c:463
 
#28 0x0000145ec45d588f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Bug confirmed present in:
MariaDB: 10.5.2 (dbg), 10.5.2 (opt), 10.5.4 (dbg), 10.5.4 (opt)

Bug confirmed not present in:
MariaDB: 10.1.46 (dbg), 10.1.46 (opt), 10.2.33 (dbg), 10.2.33 (opt), 10.3.24 (dbg), 10.3.24 (opt), 10.4.14 (dbg), 10.4.14 (opt)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.47 (dbg), 5.6.47 (opt), 5.7.29 (dbg), 5.7.29 (opt), 8.0.19 (dbg), 8.0.19 (opt)

 Comments   
Comment by Roel Van de Paar [ 2020-05-26 ]

The attached file in.sql is not the shortest form of the testcase, but it is one which seemingly reproduces ~100% of the time. The issue seems to get highly sporadic when reduced much further.

Comment by Varun Gupta (Inactive) [ 2020-05-26 ]

I can see while debugging the query

(lldb) p param.using_addon_fields()
 
(bool) $3 = false
 
(lldb) p param.using_packed_sortkeys()
 
(bool) $4 = false

So this has nothing do with packing addon fields or packing sortkeys

Comment by Varun Gupta (Inactive) [ 2020-05-26 ]

A simple test case, that crashes for me

--source include/have_sequence.inc
 
set sort_buffer_size=20971;
 
SET max_sort_length=4;
 
CREATE TEMPORARY TABLE t1(c1 DECIMAL(65) UNSIGNED ,c2 DECIMAL(10,0) UNSIGNED,c3 DECIMAL(1))ENGINE=MEMORY;
 
INSERT INTO t1 SELECT 0, 0, 0 from seq_1_to_10000;
 
SELECT * FROM t1 ORDER BY c1,c2;

Comment by Varun Gupta (Inactive) [ 2020-05-26 ]

On 10.5 I see

(lldb) bt
 
* thread #2, stop reason = EXC_BAD_ACCESS (code=1, address=0x0)
 
  * frame #0: 0x00007fff73120300 libsystem_platform.dylib`_platform_memcmp + 288
 
    frame #1: 0x0000000107c1f7de libclang_rt.asan_osx_dynamic.dylib`wrap_memcmp + 2110
 
    frame #2: 0x000000010341c8ee mysqld`native_compare(length=0x000070000c7142c0, a=0x000062a00004d460, b=0x000062a00004ce20) at ptr_cmp.c:49:10
 
    frame #3: 0x00000001033c73e2 mysqld`my_qsort2(base_ptr=0x000062a00004bb38, count=806, size=8, cmp=(mysqld`native_compare at ptr_cmp.c:48), cmp_argument=0x000070000c7142c0) at mf_qsort.c:146:7
 
    frame #4: 0x0000000100108c87 mysqld`Filesort_buffer::sort_buffer(this=0x0000616000118280, param=0x000070000c715ab0, count=806) at filesort_utils.cc:192:3
 
    frame #5: 0x0000000100133983 mysqld`SORT_INFO::sort_buffer(this=0x0000616000118280, param=0x000070000c715ab0, count=806) at filesort.h:151:21
 
    frame #6: 0x0000000100132d29 mysqld`write_keys(param=0x000070000c715ab0, fs_info=0x0000616000118280, count=806, buffpek_pointers=0x000070000c7158d0, tempfile=0x000070000c7156f0) at filesort.cc:1040:12
 
    frame #7: 0x0000000100118c47 mysqld`find_all_keys(thd=0x000062b00005b288, param=0x000070000c715ab0, select=0x000062b000065f98, fs_info=0x0000616000118280, buffpek_pointers=0x000070000c7158d0, tempfile=0x000070000c7156f0, pq=0x0000000000000000, found_rows=0x00006160001184a0) at filesort.cc:945:15

Also this test case fails for earlier versions too for me.

Comment by Varun Gupta (Inactive) [ 2020-05-26 ]

On 10.1 the crash is like

Thread 1 (Thread 0x7fc8b77b4700 (LWP 20418)):
 
#0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=6) at ../sysdeps/unix/sysv/linux/pthread_kill.c:62
 
#1  0x000055df97823f7a in my_write_core (sig=sig@entry=6) at /home/varun/MariaDB/10.1/mysys/stacktrace.c:477
 
#2  0x000055df97410f59 in handle_fatal_signal (sig=6) at /home/varun/MariaDB/10.1/sql/signal_handler.cc:296
 
#3  <signal handler called>
 
#4  0x00007fc8c15d8428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
 
#5  0x00007fc8c15da02a in __GI_abort () at abort.c:89
 
#6  0x00007fc8c161a7ea in __libc_message (do_abort=do_abort@entry=2, fmt=fmt@entry=0x7fc8c1733ed8 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175
 
#7  0x00007fc8c162337a in malloc_printerr (ar_ptr=<optimized out>, ptr=<optimized out>, str=0x7fc8c1730caf "free(): invalid pointer", action=3) at malloc.c:5006
 
#8  _int_free (av=<optimized out>, p=<optimized out>, have_lock=0) at malloc.c:3867
 
#9  0x00007fc8c162753c in __GI___libc_free (mem=<optimized out>) at malloc.c:2968
 
#10 0x000055df97820750 in my_free (ptr=<optimized out>) at /home/varun/MariaDB/10.1/mysys/my_malloc.c:218
 
#11 0x000055df978103a9 in end_io_cache (info=info@entry=0x7fc8b77b17a0) at /home/varun/MariaDB/10.1/mysys/mf_iocache.c:1910
 
#12 0x000055df9780d2cd in close_cached_file (cache=cache@entry=0x7fc8b77b17a0) at /home/varun/MariaDB/10.1/mysys/mf_cache.c:111
 
#13 0x000055df974108bd in filesort (thd=thd@entry=0x55df99423b88, table=table@entry=0x7fc8a00609e8, sortorder=<optimized out>, s_length=<optimized out>, select=select@entry=0x7fc8a0007180, max_rows=max_rows@entry=18446744073709551615, sort_positions=false, examined_rows=0x7fc8b77b1930, found_rows=0x7fc8b77b1938, tracker=0x7fc8a0007e18) at /home/varun/MariaDB/10.1/sql/filesort.cc:330
 
#14 0x000055df972e9674 in create_sort_index (thd=0x55df99423b88, join=join@entry=0x7fc8a0005890, order=<optimized out>, filesort_limit=18446744073709551615, select_limit=<optimized out>, is_order_by=<optimized out>) at /home/varun/MariaDB/10.1/sql/sql_select.cc:21825

Comment by Roel Van de Paar [ 2020-05-27 ]

Thank you for the additional testcase varun. It crashes for me also, and it generates another SIGSEGV which I had observed in the runs, but had as yet to reduce (was planned for today ). Is it the same bug?

10.5.4 8569dac1ec9f6853a0b2f3ea9bcbda67644ead24

 
Core was generated by `/test/MD260520-mariadb-10.5.4-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
 
Program terminated with signal SIGSEGV, Segmentation fault.
 
#0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=11)
 
    at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
 
[Current thread is 1 (Thread 0x14ae075fb700 (LWP 1653680))]
 
(gdb) bt
 
#0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=11)
 
    at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
 
#1  0x000055e53dbc7d7a in my_write_core (sig=sig@entry=11) at /test/10.5_dbg/mysys/stacktrace.c:518
 
#2  0x000055e53d36d385 in handle_fatal_signal (sig=11) at /test/10.5_dbg/sql/signal_handler.cc:330
 
#3  <signal handler called>
 
#4  __memcmp_avx2_movbe () at ../sysdeps/x86_64/multiarch/memcmp-avx2-movbe.S:265
 
#5  0x000055e53dbc72fa in native_compare (length=<optimized out>, a=<optimized out>, 
    b=<optimized out>) at /test/10.5_dbg/mysys/ptr_cmp.c:49
 
#6  0x000055e53dbb74dd in my_qsort2 (base_ptr=<optimized out>, count=count@entry=806, 
    size=size@entry=8, cmp=0x55e53dbc72e2 <native_compare>, 
    cmp_argument=cmp_argument@entry=0x14ae075f88b8) at /test/10.5_dbg/mysys/mf_qsort.c:146
 
#7  0x000055e53d57f411 in Filesort_buffer::sort_buffer (this=this@entry=0x14ade5115400, 
    param=param@entry=0x14ae075f8bd0, count=count@entry=806)
 
    at /test/10.5_dbg/sql/filesort_utils.cc:192
 
#8  0x000055e53d364bb8 in SORT_INFO::sort_buffer (count=806, param=0x14ae075f8bd0, 
    this=0x14ade5115400) at /test/10.5_dbg/sql/filesort.h:151
 
#9  write_keys (param=param@entry=0x14ae075f8bd0, fs_info=fs_info@entry=0x14ade5115400, 
    count=count@entry=806, buffpek_pointers=buffpek_pointers@entry=0x14ae075f8de0, 
    tempfile=tempfile@entry=0x14ae075f8c70) at /test/10.5_dbg/sql/filesort.cc:1040
 
#10 0x000055e53d36b3fb in find_all_keys (found_rows=0x14ade51155f0, pq=0x0, tempfile=0x14ae075f8c70, 
    buffpek_pointers=0x14ae075f8de0, fs_info=0x14ade5115400, select=0x14ade5077b98, 
    param=0x14ae075f8bd0, thd=0x14ade5015088) at /test/10.5_dbg/sql/filesort.cc:945
 
#11 filesort (thd=thd@entry=0x14ade5015088, table=table@entry=0x14ade50b4088, 
    filesort=filesort@entry=0x14ade5077d68, tracker=0x14ade5078458, join=join@entry=0x14ade5075ab0, 
    first_table_bit=<optimized out>) at /test/10.5_dbg/sql/filesort.cc:356
 
#12 0x000055e53d117e83 in create_sort_index (thd=0x14ade5015088, join=0x14ade5075ab0, 
    tab=tab@entry=0x14ade5077258, fsort=0x14ade5077d68, fsort@entry=0x0)
 
    at /test/10.5_dbg/sql/sql_select.cc:23870
 
#13 0x000055e53d1181b2 in st_join_table::sort_table (this=this@entry=0x14ade5077258)
 
    at /test/10.5_dbg/sql/sql_select.cc:21599
 
#14 0x000055e53d1182e6 in join_init_read_record (tab=0x14ade5077258)
 
    at /test/10.5_dbg/sql/sql_select.cc:21538
 
#15 0x000055e53d108c11 in sub_select (join=0x14ade5075ab0, join_tab=0x14ade5077258, 
    end_of_records=<optimized out>) at /test/10.5_dbg/sql/sql_select.cc:20612
 
#16 0x000055e53d140a16 in do_select (procedure=0x0, join=0x14ade5075ab0)
 
    at /test/10.5_dbg/sql/sql_select.cc:20149
 
#17 JOIN::exec_inner (this=this@entry=0x14ade5075ab0) at /test/10.5_dbg/sql/sql_select.cc:4464
 
#18 0x000055e53d141031 in JOIN::exec (this=this@entry=0x14ade5075ab0)
 
    at /test/10.5_dbg/sql/sql_select.cc:4245
 
#19 0x000055e53d13f346 in mysql_select (thd=thd@entry=0x14ade5015088, tables=<optimized out>, 
    fields=..., conds=0x0, og_num=2, order=<optimized out>, group=0x0, having=0x0, proc_param=0x0, 
    select_options=2147748608, result=0x14ade5075a88, unit=0x14ade50190a0, select_lex=0x14ade5074140)
 
    at /test/10.5_dbg/sql/sql_select.cc:4669
 
#20 0x000055e53d13f675 in handle_select (thd=thd@entry=0x14ade5015088, lex=lex@entry=0x14ade5018fd8, 
    result=result@entry=0x14ade5075a88, setup_tables_done_option=setup_tables_done_option@entry=0)
 
    at /test/10.5_dbg/sql/sql_select.cc:417
 
#21 0x000055e53d0ca0bf in execute_sqlcom_select (thd=thd@entry=0x14ade5015088, 
    all_tables=0x14ade5074738) at /test/10.5_dbg/sql/sql_parse.cc:6207
 
#22 0x000055e53d0c31f4 in mysql_execute_command (thd=thd@entry=0x14ade5015088)
 
    at /test/10.5_dbg/sql/sql_parse.cc:3939
 
#23 0x000055e53d0d002e in mysql_parse (thd=thd@entry=0x14ade5015088, rawbuf=<optimized out>, 
    length=<optimized out>, parser_state=parser_state@entry=0x14ae075fa3d0, 
    is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false)
 
    at /test/10.5_dbg/sql/sql_parse.cc:7991
 
#24 0x000055e53d0bcb42 in dispatch_command (command=command@entry=COM_QUERY, 
    thd=thd@entry=0x14ade5015088, packet=packet@entry=0x14ade5067089 "", 
    packet_length=packet_length@entry=31, is_com_multi=is_com_multi@entry=false, 
    is_next_command=is_next_command@entry=false) at /test/10.5_dbg/sql/sql_parse.cc:1874
 
#25 0x000055e53d0bb31c in do_command (thd=0x14ade5015088) at /test/10.5_dbg/sql/sql_parse.cc:1355
 
#26 0x000055e53d21573f in do_handle_one_connection (connect=<optimized out>, 
    connect@entry=0x14ade68453a8, put_in_cache=put_in_cache@entry=true)
 
    at /test/10.5_dbg/sql/sql_connect.cc:1411
 
#27 0x000055e53d215e5b in handle_one_connection (arg=arg@entry=0x14ade68453a8)
 
    at /test/10.5_dbg/sql/sql_connect.cc:1313
 
#28 0x000055e53d67514e in pfs_spawn_thread (arg=0x14ae05045888)
 
    at /test/10.5_dbg/storage/perfschema/pfs.cc:2201
 
#29 0x000014ae06a226db in start_thread (arg=0x14ae075fb700) at pthread_create.c:463
 
#30 0x000014ae05e2088f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Comment by Roel Van de Paar [ 2020-05-27 ]

One more testcase which leads to the same SIGSEGV

10.5.4 8569dac1ec9f6853a0b2f3ea9bcbda67644ead24

 
SET @start_global_value =@@global.low_priority_updates;
 
SET @@global.sort_buffer_size =@start_global_value;
 
SET SESSION sort_buffer_size =DEFAULT;
 
SET @@SESSION.max_sort_length=0;
 
USE test;
 
CREATE TEMPORARY TABLE t1(c1 NUMERIC(65)UNSIGNED ZEROFILL,c2 DECIMAL(0,0) UNSIGNED,c3 NUMERIC(1)) ENGINE=MEMORY;
 
INSERT INTO t1 VALUES(0,0,0),(0,0,0),(0,0,0),(0,0,0),(0,0,0),(0,0,0),(0,0,0),(0,0,0),(0,0,0),(0,0,0),(0,0,0),(0,0,0),(0,0,0),(0,0,0),(0,0,0);
 
INSERT INTO t1 VALUES(0,0,0),(0,0,0),(0,0,0),(0,0,0),(0,0,0),(0,0,0);
 
INSERT INTO t1 SELECT * FROM t1;
 
SELECT * FROM t1 ORDER BY c1,c2;

Comment by Roel Van de Paar [ 2020-05-27 ]

varun There seem to be issues which affect 10.5 that do not affect 10.4. For example, that last testcase does not crash on 10.4 (dbg+opt) but does on 10.5 (dbg+opt)

Comment by Roel Van de Paar [ 2020-05-27 ]

All unique bug ID's seen so far;

SIGSEGV|radixsort_for_str_ptr|Filesort_buffer::sort_buffer|SORT_INFO::sort_buffer|write_keys  # DBG, 10.5.4, original testcase
 
SIGSEGV|__memcmp_avx2_movbe|native_compare|my_qsort2|Filesort_buffer::sort_buffer  # DBG, 10.5.4, new testcase(s)
 
SIGSEGV|__memcmp_avx2_movbe|my_qsort2|Filesort_buffer::sort_buffer|SORT_INFO::sort_buffer  # OPT, 10.5.4, new testcase(s)

Comment by Varun Gupta (Inactive) [ 2020-05-28 ]

After discussion with psergey, it is decided that we can increase the minimum value of max_sort_length to 8.
This would make sure that types like BIGINT and DOUBLE are stored without truncation.
The issue for the crash was that for fixed types like BIGINT and DOUBLE truncation with max_sort_length was not happening.

Keep performance in mind, the easiest solution is to just increase the lower limit of max_sort_length to 8.

Comment by Varun Gupta (Inactive) [ 2020-05-29 ]

Patch
https://github.com/MariaDB/server/commit/e14dcfe0bc743aa6b4ed2b3c4f7e9314aa01d6eb

Comment by Sergei Petrunia [ 2020-06-03 ]

Ok to push after review input is addressed.

Comment by Roel Van de Paar [ 2020-06-12 ]

Filters updated.

Generated at Thu Feb 08 09:16:54 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.