|
A variety of stacks/UniqueID's are seen with this and similar testcases:
SIGABRT|__libc_message|malloc_printerr|unlink_chunk|_int_realloc
|
SIGABRT|__libc_message|malloc_printerr|unlink_chunk|_int_free
|
SIGABRT|__libc_message|malloc_printerr|_int_malloc|__GI___libc_malloc
|
SIGABRT|__libc_message|malloc_printerr|_int_malloc|_int_realloc
|
SIGABRT|__libc_message|malloc_printerr|_int_free|Rows_log_event::~Rows_log_event
|
SIGSEGV|free_root|Warning_info::free_memory|Warning_info::clear|Warning_info::opt_clear
|
(old_top == initial_top (av) && old_size == 0) || ((unsigned long) (old_size) >= MINSIZE && prev_inuse (old_top) && ((unsigned long) old_end & (pagesize - 1)) == 0)|SIGABRT|__malloc_assert|sysmalloc|_int_malloc|__GI___libc_malloc
|
|
|
A set of testcases to test a fix with.
Please test all testcases both with and without the --log-bin --binlog_format=ROW mysqld options as this may make a difference.
SET sql_mode='',max_error_count=1024;
|
CREATE TABLE t (a SET('a','b') NOT NULL) ENGINE=CSV;
|
INSERT INTO t VALUES (1),(2),(3),(4),(5),(6),(7),(8),(9),(10);
|
INSERT INTO t VALUES (1);
|
INSERT INTO t VALUES (1);
|
INSERT INTO t VALUES (1);
|
INSERT INTO t VALUES (1),(2),(3),(4),(5),(6),(7),(8),(9),(10);
|
INSERT INTO t VALUES (1),(2),(3),(4);
|
INSERT INTO t SELECT A.a + 10* (B.a + 10*C.a) FROM t A,t B,t C;
|
INSERT INTO t2 VALUES (0);
|
SELECT * FROM t3;
|
UPDATE t SET a=NULL WHERE a=2;
|
UPDATE t SET a=NULL WHERE a=2; # Repeat as needed #
|
SET sql_mode='';
|
CREATE TABLE t (a SET('foo','bar') NOT NULL) ENGINE=CSV;
|
SET max_error_count=1024;
|
INSERT INTO t VALUES (1),(2),(3),(4),(5),(6),(7),(8),(9),(10),(),('-1e2'),(1),(CONVERT (_ucs2 0x062A1A0632 USING utf8)),(1),(-1),(65),(66);
|
INSERT INTO t SELECT A.a + 10* (B.a + 10*C.a) FROM t A,t B,t C;
|
INSERT INTO at (c,_dat) SELECT CONCAT ('_dat: ',c),JSON_EXTRACT(j,'$') FROM t WHERE c='opaque_mysql_typevb';
|
SELECT * FROM t3;
|
UPDATE t SET a=NULL WHERE a=2;
|
UPDATE t SET a=NULL WHERE a=2; # Repeat as needed #
|
CREATE TABLE t (a SET('foo','bar') NOT NULL) ENGINE=CSV;
|
SET max_error_count=1024;
|
INSERT INTO t VALUES (1),(2),(3),(4),(5),(6),(7),(8),(9),(10);
|
INSERT INTO t VALUES();
|
INSERT INTO t VALUES ('-1e2');
|
INSERT INTO t VALUES (1);
|
INSERT INTO t VALUES (CONVERT (_ucs2 0x062A1A0632 USING utf8));
|
INSERT INTO t VALUES (1),(-1),(65),(66);
|
INSERT INTO t SELECT A.a + 10* (B.a + 10*C.a) FROM t A,t B,t C;
|
INSERT INTO at (c,_dat) SELECT CONCAT ('_dat: ',c),JSON_EXTRACT(j,'$') FROM t WHERE c='opaque_mysql_typevb';
|
SELECT * FROM t3;
|
UPDATE t SET a=NULL WHERE a=2;
|
UPDATE t SET a=NULL WHERE a=2; # Repeat as needed #
|
CREATE TABLE t (a SET('foo','bar') NOT NULL) ENGINE=CSV;
|
INSERT INTO t VALUES (1),(2),(3),(4),(5),(6),(7),(8),(9),(10);
|
INSERT INTO t VALUES();
|
INSERT INTO t VALUES ('-1e2');
|
INSERT INTO t VALUES (1);
|
INSERT INTO t VALUES (CONVERT (_ucs2 0x1A1A1 USING utf8));
|
INSERT INTO t VALUES (1),(-1),(65),(66);
|
INSERT INTO t SELECT A.a + 10* (B.a + 10*C.a) FROM t A,t B,t C;
|
UPDATE t SET a=NULL WHERE a=2;
|
UPDATE t SET a=NULL WHERE a=2; # Repeat as needed #
|
|
|
The issue also exists on optimized, as seen in 10.3 (opt). It is likely that it exists in all optimized versions.
|
|
Whilst the above testcases have no or very low sporadicity, in earlier larger testcases, yet even as small as perhaps 200 lines, this issue proved highly sporadic. It is unclear why. Possibly related to the max_error_count setting.
|
|
Running the original testcase, then looping the last few lines a few times, followed by the full test case a few times, 10.10 optimized also quickly crashed with yet another stack. It is thus clear that there is a (lightly sporadic) memory overwrite/overflow issue or similar.
|
10.10.0 e1caa4bd5e8b4645944b85d4b603bf9fc9ef6ca4 (Optimized)
|
mysqld: malloc.c:2379: sysmalloc: Assertion `(old_top == initial_top (av) && old_size == 0) || ((unsigned long) (old_size) >= MINSIZE && prev_inuse (old_top) && ((unsigned long) old_end & (pagesize - 1)) == 0)' failed.
|
|
10.10.0 e1caa4bd5e8b4645944b85d4b603bf9fc9ef6ca4 (Optimized)
|
Core was generated by `/test/MD290722-mariadb-10.10.0-linux-x86_64-opt/bin/mysqld --no-defaults --core'.
|
Program terminated with signal SIGABRT, Aborted.
|
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
|
[Current thread is 1 (Thread 0x146ed0174700 (LWP 2409431))]
|
(gdb) bt
|
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
|
#1 0x0000146ef4327859 in __GI_abort () at abort.c:79
|
#2 0x0000146ef439a2da in __malloc_assert (assertion=assertion@entry=0x146ef44be8a8 "(old_top == initial_top (av) && old_size == 0) || ((unsigned long) (old_size) >= MINSIZE && prev_inuse (old_top) && ((unsigned long) old_end & (pagesize - 1)) == 0)", file=file@entry=0x146ef44ba3d6 "malloc.c", line=line@entry=2379, function=function@entry=0x146ef44bf030 <__PRETTY_FUNCTION__.13066> "sysmalloc") at malloc.c:298
|
#3 0x0000146ef439c93f in sysmalloc (nb=nb@entry=127024, av=av@entry=0x146e78000020) at malloc.c:2379
|
#4 0x0000146ef439d793 in _int_malloc (av=av@entry=0x146e78000020, bytes=bytes@entry=127016) at malloc.c:4141
|
#5 0x0000146ef439f299 in __GI___libc_malloc (bytes=bytes@entry=127016) at malloc.c:3066
|
#6 0x000055e112cf5df7 in my_malloc (key=<optimized out>, size=<optimized out>, my_flags=65552) at /test/10.10_opt/mysys/my_malloc.c:90
|
#7 0x000055e112ab45b2 in hp_get_new_block (info=info@entry=0x146e7805f228, block=block@entry=0x146e7805f228, alloc_length=alloc_length@entry=0x146ed0172698) at /test/10.10_opt/storage/heap/hp_block.c:81
|
#8 0x000055e112ab3e77 in next_free_record_pos (info=0x146e7805f228) at /test/10.10_opt/storage/heap/hp_write.c:163
|
#9 heap_write (info=0x146e780407d8, record=0x146e78063660 "\377") at /test/10.10_opt/storage/heap/hp_write.c:45
|
#10 0x000055e112aaf060 in ha_heap::write_row (this=0x146e78063940, buf=<optimized out>) at /test/10.10_opt/storage/heap/ha_heap.cc:239
|
#11 0x000055e1126675a8 in handler::ha_write_tmp_row (buf=0x146e78063660 "\377", this=0x146e78063940) at /test/10.10_opt/include/mysql/psi/mysql_thread.h:795
|
#12 end_write (join=0x146e78013450, join_tab=0x146e78062188, end_of_records=<optimized out>) at /test/10.10_opt/sql/sql_select.cc:23233
|
#13 0x000055e11274c2e9 in JOIN_CACHE::generate_full_extensions (rec_ptr=0x146e780660f0 "\034", this=0x146e78014328) at /test/10.10_opt/sql/sql_join_cache.cc:2478
|
#14 JOIN_CACHE::generate_full_extensions (this=0x146e78014328, rec_ptr=0x146e780660f0 "\034") at /test/10.10_opt/sql/sql_join_cache.cc:2461
|
#15 0x000055e11274c6ee in JOIN_CACHE::join_matching_records (this=0x146e78014328, skip_last=false) at /test/10.10_opt/sql/sql_join_cache.cc:2370
|
#16 0x000055e11274bf31 in JOIN_CACHE::join_records (this=0x146e78014328, skip_last=false) at /test/10.10_opt/sql/sql_join_cache.cc:2151
|
#17 0x000055e11274c2e9 in JOIN_CACHE::generate_full_extensions (rec_ptr=0x146e7805ef03 "", this=0x146e780141f8) at /test/10.10_opt/sql/sql_join_cache.cc:2478
|
#18 JOIN_CACHE::generate_full_extensions (this=0x146e780141f8, rec_ptr=0x146e7805ef03 "") at /test/10.10_opt/sql/sql_join_cache.cc:2461
|
#19 0x000055e11274c6ee in JOIN_CACHE::join_matching_records (this=0x146e780141f8, skip_last=false) at /test/10.10_opt/sql/sql_join_cache.cc:2370
|
#20 0x000055e11274becb in JOIN_CACHE::join_records (this=0x146e780141f8, skip_last=false) at /test/10.10_opt/sql/sql_join_cache.cc:2151
|
#21 0x000055e11263c9d3 in evaluate_join_record (join=join@entry=0x146e78013450, join_tab=join_tab@entry=0x146e78061660, error=<optimized out>) at /test/10.10_opt/sql/sql_select.cc:21970
|
#22 0x000055e11264e5fa in sub_select (end_of_records=false, join_tab=0x146e78061660, join=0x146e78013450) at /test/10.10_opt/sql/sql_select.cc:21779
|
#23 sub_select (join=0x146e78013450, join_tab=0x146e78061660, end_of_records=false) at /test/10.10_opt/sql/sql_select.cc:21669
|
#24 0x000055e11267d131 in do_select (procedure=<optimized out>, join=0x146e78013450) at /test/10.10_opt/sql/sql_select.cc:21285
|
#25 JOIN::exec_inner (this=0x146e78013450) at /test/10.10_opt/sql/sql_select.cc:4804
|
#26 0x000055e11267d4f8 in JOIN::exec (this=this@entry=0x146e78013450) at /test/10.10_opt/sql/sql_select.cc:4582
|
#27 0x000055e11267b701 in mysql_select (thd=0x146e78000c58, tables=0x146e78011500, fields=@0x146e780111a8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x146e780114a8, last = 0x146e780114a8, elements = 1}, <No data fields>}, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x146e78013390, unit=0x146e78004cd0, select_lex=0x146e78010f08) at /test/10.10_opt/sql/sql_select.cc:5062
|
#28 0x000055e11267be47 in handle_select (thd=thd@entry=0x146e78000c58, lex=lex@entry=0x146e78004bf8, result=result@entry=0x146e78013390, setup_tables_done_option=setup_tables_done_option@entry=1073741824) at /test/10.10_opt/sql/sql_select.cc:581
|
#29 0x000055e11260c69c in mysql_execute_command (thd=0x146e78000c58, is_called_from_prepared_stmt=<optimized out>) at /test/10.10_opt/sql/sql_parse.cc:4709
|
#30 0x000055e1125f8d85 in mysql_parse (rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, thd=0x146e78000c58) at /test/10.10_opt/sql/sql_parse.cc:8037
|
#31 mysql_parse (thd=0x146e78000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/10.10_opt/sql/sql_parse.cc:7959
|
#32 0x000055e11260489a in dispatch_command (command=COM_QUERY, thd=0x146e78000c58, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/10.10_opt/sql/sql_class.h:1366
|
#33 0x000055e1126067c2 in do_command (thd=0x146e78000c58, blocking=blocking@entry=true) at /test/10.10_opt/sql/sql_parse.cc:1407
|
#34 0x000055e11271e6ef in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55e11604e558, put_in_cache=put_in_cache@entry=true) at /test/10.10_opt/sql/sql_connect.cc:1418
|
#35 0x000055e11271e9cd in handle_one_connection (arg=0x55e11604e558) at /test/10.10_opt/sql/sql_connect.cc:1312
|
#36 0x0000146ef4838609 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
#37 0x0000146ef4424133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
|
|
MDEV-27184 had a similar assert.
|
|
Alternative testcase
SET sql_mode='',max_error_count=1024;
|
CREATE TABLE t (a SET('a','b') NOT NULL) ENGINE=CSV;
|
INSERT INTO t VALUES (1),(2),(3),(4),(5),(6),(7),(8),(9),(10);
|
INSERT INTO t VALUES (1),(2),(3),(4),(5),(6),(7),(8),(9),(10);
|
INSERT INTO t VALUES (1),(2),(3),(4),(5),(6),(7),(8),(9),(10);
|
INSERT INTO t VALUES (1),(2),(3),(4),(5),(6),(7),(8),(9),(10);
|
INSERT INTO t VALUES (1),(2),(3),(4),(5),(6),(7),(8),(9),(10);
|
INSERT INTO t VALUES (1),(2),(3),(4),(5),(6),(7),(8),(9),(10);
|
INSERT INTO t SELECT A.a FROM t A,t B,t C;
|
UPDATE t SET a=NULL;
|
INSERT INTO t SELECT A.a FROM t A,t B,t C;
|
UPDATE t SET a=NULL;
|
INSERT INTO t SELECT A.a FROM t A,t B,t C;
|
UPDATE t SET a=NULL;
|
INSERT INTO t SELECT A.a FROM t A,t B,t C;
|
UPDATE t SET a=NULL;
|
INSERT INTO t SELECT A.a FROM t A,t B,t C;
|
UPDATE t SET a=NULL;
|
|
|
It is lost error case
DBUG_ASSERT(!is_set() || (m_status == DA_OK_BULK && is_bulk_op()));
|
(gdb) p m_status
|
$1 = Diagnostics_area::DA_ERROR
|
error was set here:
0x0000555fd85caf08 in Diagnostics_area::set_error_status (this=0x7f49280067f8,
|
sql_errno=3,
|
message=0x7f493effbc50 "Error writing file './test/t.CSN' (Errcode: 14 \"Bad address\")", sqlstate=0x555fd95928ed "HY000", ucid=..., error_condition=0x0)
|
at /home/sanja/maria/git/10.4/sql/sql_error.cc:468
|
468 m_status= DA_ERROR;
|
(rr) where
|
#0 0x0000555fd85caf08 in Diagnostics_area::set_error_status (
|
this=0x7f49280067f8, sql_errno=3,
|
message=0x7f493effbc50 "Error writing file './test/t.CSN' (Errcode: 14 \"Bad address\")", sqlstate=0x555fd95928ed "HY000", ucid=..., error_condition=0x0)
|
at /home/sanja/maria/git/10.4/sql/sql_error.cc:468
|
#1 0x0000555fd85a14f0 in THD::raise_condition (this=0x7f4928000da0,
|
sql_errno=3, sqlstate=0x555fd95928ed "HY000",
|
level=Sql_state_errno_level::WARN_LEVEL_ERROR, ucid=...,
|
msg=0x7f493effbc50 "Error writing file './test/t.CSN' (Errcode: 14 \"Bad address\")") at /home/sanja/maria/git/10.4/sql/sql_class.cc:1088
|
#2 0x0000555fd84d3035 in THD::raise_condition (this=0x7f4928000da0,
|
sql_errno=3, sqlstate=0x0, level=Sql_state_errno_level::WARN_LEVEL_ERROR,
|
msg=0x7f493effbc50 "Error writing file './test/t.CSN' (Errcode: 14 \"Bad address\")") at /home/sanja/maria/git/10.4/sql/sql_class.h:4511
|
#3 0x0000555fd84c56b3 in my_message_sql (error=3,
|
str=0x7f493effbc50 "Error writing file './test/t.CSN' (Errcode: 14 \"Bad address\")", MyFlags=4) at /home/sanja/maria/git/10.4/sql/mysqld.cc:3382
|
#4 0x0000555fd933cbef in my_error (nr=3, MyFlags=4)
|
at /home/sanja/maria/git/10.4/mysys/my_error.c:125
|
#5 0x0000555fd934ba55 in my_write (Filedes=66,
|
Buffer=0x7f49280d2c3e "\"\"\n\"a\"\n\"b\"\n\"a,b\"\n\"\"\n\"a\"\n\"b\"\n\"a\"\n\"b\"\n\"a,b\"\n\"\"\n\"a\"\n\"b\"\n\"a,b\"\n\"\"\n\"a\"\n\"b\"\n\"a\"\n\"b\"\n\"a,b\"\n\"\"\n\"a\"\n\"b\"\n\"a,b\"\n\"\"\n\"a\"\n\"b\"\n\"a\"\n\"b\"\n\"a,b\"\n\"\"\n\"a\"\n\"b\"\n\"a,b\"\n\"\"\n\"a\"\n\"b\"\n\"a\"\n\"b\"\n\"a,b\"\n\"\"\n\"a\"\n\"b\"\n\"a,b\"\n\"\"\n\"a\"\n\"b\"\n\"a\"\n"...,
|
Count=18446744073709551605, MyFlags=20)
|
at /home/sanja/maria/git/10.4/mysys/my_write.c:110
|
#6 0x0000555fd8ddecce in inline_mysql_file_write (
|
src_file=0x555fd97e6d00 "/home/sanja/maria/git/10.4/storage/csv/ha_tina.cc", src_line=1400, file=66,
|
buffer=0x7f49280d2c3e "\"\"\n\"a\"\n\"b\"\n\"a,b\"\n\"\"\n\"a\"\n\"b\"\n\"a\"\n\"b\"\n\"a,b\"\n\"\"\n\"a\"\n\"b\"\n\"a,b\"\n\"\"\n\"a\"\n\"b\"\n\"a\"\n\"b\"\n\"a,b\"\n\"\"\n\"a\"\n\"b\"\n\"a,b\"\n\"\"\n\"a\"\n\"b\"\n\"a\"\n\"b\"\n\"a,b\"\n\"\"\n\"a\"\n\"b\"\n\"a,b\"\n\"\"\n\"a\"\n\"b\"\n\"a\"\n\"b\"\n\"a,b\"\n\"\"\n\"a\"\n\"b\"\n\"a,b\"\n\"\"\n\"a\"\n\"b\"\n\"a\"\n"...,
|
count=18446744073709551605, flags=20)
|
at /home/sanja/maria/git/10.4/include/mysql/psi/mysql_file.h:1180
|
#7 0x0000555fd8de2abe in ha_tina::rnd_end (this=0x7f4928182c68)
|
at /home/sanja/maria/git/10.4/storage/csv/ha_tina.cc:1400
|
#8 0x0000555fd8564003 in handler::ha_rnd_end (this=0x7f4928182c68)
|
at /home/sanja/maria/git/10.4/sql/handler.h:3229
|
#9 0x0000555fd85d162c in handler::ha_index_or_rnd_end (this=0x7f4928182c68)
|
|