Bug #33506 crash on stack overrun
Submitted: 25 Dec 2007 10:04 Modified: 9 May 2008 17:59
Reporter: Ingo Strüwing Email Updates:
Status: Duplicate Impact on me:
None 
Category:Tests: Server Severity:S7 (Test Cases)
Version:6.0.5 OS:Linux (Debian x86_64)
Assigned to: Assigned Account CPU Architecture:Any
Tags: crash, overrun, stack

[25 Dec 2007 10:04] Ingo Strüwing 
Description:
mysqld crashes when it tries to report stack overrun.

main.subselect_notembedded     [ fail ]

mysqltest: At line 33: query 'select sum(a),a from t1 where a> (
select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
select sum(a) from t1 
)group by b limit 1)group by b limit 1)group by b limit 1
)group by b limit 1)group by b limit 1)group by b limit 1
)group by b limit 1)group by b limit 1)group by b limit 1
)group by b limit 1)group by b limit 1)group by b limit 1
)group by b limit 1)group by b limit 1)group by b limit 1
)group by b limit 1)group by b limit 1)group by b limit 1
)group by b limit 1)group by b limit 1)group by b limit 1
)group by b limit 1)group by b limit 1)group by b limit 1
)group by b limit 1)group by b limit 1)group by b limit 1
)group by b limit 1)group by b limit 1)group by b limit 1) 
group by a' failed with wrong errno 2013: 'Lost connection to MySQL server during query', instead of 1436...

The result from queries just before the failure was:
< snip >
select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
select sum(a) from t1 where a> ( select sum(a) from t1 where a> (
select sum(a) from t1 
)group by b limit 1)group by b limit 1)group by b limit 1
)group by b limit 1)group by b limit 1)group by b limit 1
)group by b limit 1)group by b limit 1)group by b limit 1
)group by b limit 1)group by b limit 1)group by b limit 1
)group by b limit 1)group by b limit 1)group by b limit 1
)group by b limit 1)group by b limit 1)group by b limit 1
)group by b limit 1)group by b limit 1)group by b limit 1
)group by b limit 1)group by b limit 1)group by b limit 1
)group by b limit 1)group by b limit 1)group by b limit 1
)group by b limit 1)group by b limit 1)group by b limit 1) 
group by a;
ERROR HY000: Lost connection to MySQL server during query

More results from queries before failure can be found in /home2/mydev/testdir-6.0-amain-1/mysql-test/var/log/subselect_notembedded.log

Stopping All Servers

#0  vfprintf () from /lib/libc.so.6
#1  vsprintf () from /lib/libc.so.6
#2  sprintf () from /lib/libc.so.6
#3  check_stack_overrun (thd=0x1eaf5a8, margin=24000, buf=0x0) at sql_parse.cc:5109
#4  SQL_SELECT::test_quick_select (this=0x20fd558, thd=0x1eaf5a8, keys_to_use={map = 3}, prev_tables=0, limit=18446744073709551615, force_quick_range=false, ordered_output=false) at opt_range.cc:2221

Will attach full backtrace as a file.

In check_stack_overrun() we have:
5108     sprintf(errbuff[0],ER(ER_STACK_OVERRUN_NEED_MORE),
5109             stack_used,thread_stack,margin);

stack_used is 256080
thread_stack is 262144
margin is 24000

How to repeat:
gcc (GCC) 4.2.3 20071123 (prerelease) (Debian 4.2.2-4)

bk clone bk-internal.mysql.com:/home/bk/mysql-6.0 mysql-6.0-amain
cd mysql-6.0-amain
BUILD/compile-pentium-debug-max --with-debug=full
cd mysql-test
./mysql-test-run.pl subselect_notembedded
[25 Dec 2007 10:11] Ingo Strüwing 
Full backtrace

Attachment: bug33506.backtrace (application/octet-stream, text), 27.60 KiB.
[14 Jan 2008 13:08] Joerg Bruehe 
Same symptom in test "subselect" in the release build of 5.0.54a,
but specific to the x86_64 build on SLES 9 (for RPMs),

all other builds (including x86_64 on RedHat 4) fail like bug#33266 in this place.
[14 Jan 2008 13:26] MySQL Verification Team 
this test also kills 5.0.54 on Netware..  stack gets overrun
[20 Mar 2008 16:43] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/44301

ChangeSet@1.2607, 2008-03-20 19:42:41+03:00, kaa@kaamos.(none) +1 -0
  Test case for bug31048 crashes the server on some platforms
  (bug #33506). Temporarily disabled subselect_notembedded.
[31 Mar 2008 13:58] Bugs System 
Pushed into 6.0.5-alpha
[9 May 2008 17:59] Sergey Petrunya 
Fixed by fix for BUG#32680. Enabled back the disabled testcase.
[26 Jul 2008 18:44] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/50557

2677 Sergey Petrunia	2008-07-26
      Enable subselect_notembedded.test. It refers Bug#35803, Bug#33506 which have been resolved months ago.
[26 Jul 2008 18:45] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/50558

2677 Sergey Petrunia	2008-07-26
      Enable subselect_notembedded.test. It refers Bug#35803, Bug#33506 which have been resolved months ago.
[26 Jul 2008 22:41] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/50565

2678 Sergey Petrunia	2008-07-27
      Remove junk comment from t/disabled.def
[28 Aug 2008 20:15] Bugs System 
Pushed into 6.0.7-alpha  (revid:cbell@mysql.com-20080822132131-uveo6wiuecy6m2b8) (version source revid:cbell@mysql.com-20080822132131-uveo6wiuecy6m2b8) (pib:3)
[13 Sep 2008 23:40] Bugs System 
Pushed into 6.0.7-alpha  (revid:sergefp@mysql.com-20080726184343-3ppkc70662ly0gv8) (version source revid:john.embretsen@sun.com-20080808091208-ht48kyzsk7rim74g) (pib:3)