Bug #64874 crash in mem_heap_create_block at loading DBT3 database
Submitted: 5 Apr 2012 12:24 Modified: 24 Dec 2012 9:18
Reporter: Axel Schwenke Email Updates:
Status: Duplicate Impact on me:
None 
Category:MySQL Server: InnoDB storage engine Severity:S1 (Critical)
Version:5.6.6 OS:Any
Assigned to: Assigned Account CPU Architecture:Any

[5 Apr 2012 12:24] Axel Schwenke 
Description:
MySQL 5.6.6-m8 from bzr (revision 3827) crashes in InnoDB with the following stack trace on loading the tables (LOAD DATA) from the DBT3 benchmark.

#0  0x00007f343aac45dc in pthread_kill () from /lib64/libpthread.so.0
#1  0x000000000065ec12 in handle_fatal_signal (sig=11)
    at /home/mariadb/bzr/mysql-5.6/sql/signal_handler.cc:248
#2  <signal handler called>
#3  mem_heap_create_block (heap=0x7f31f3fffeb0, n=<value optimized out>, type=0, 
    file_name=0x7f31f3fffeb8 "0ins.cc", line=94)
    at /home/mariadb/bzr/mysql-5.6/storage/innobase/mem/mem0mem.cc:358
#4  0x0000000000993ab4 in mem_heap_add_block (heap=0x7f31f3fffeb0, n=<value optimized out>)
    at /home/mariadb/bzr/mysql-5.6/storage/innobase/mem/mem0mem.cc:448
#5  0x00000000009dd0da in mem_heap_alloc (row=0x7f31f3680830, ext=0x0, index=0xecb7268, 
    heap=<value optimized out>) at /home/mariadb/bzr/mysql-5.6/storage/innobase/include/mem0mem.ic:186
#6  dtuple_create (row=0x7f31f3680830, ext=0x0, index=0xecb7268, heap=<value optimized out>)
    at /home/mariadb/bzr/mysql-5.6/storage/innobase/include/data0data.ic:433
#7  row_build_index_entry_low (row=0x7f31f3680830, ext=0x0, index=0xecb7268, heap=<value optimized out>)
    at /home/mariadb/bzr/mysql-5.6/storage/innobase/row/row0row.cc:73
#8  0x00000000009c8f94 in row_build_index_entry (thr=0x7f31f3680a48)
    at /home/mariadb/bzr/mysql-5.6/storage/innobase/include/row0row.ic:128
#9  row_ins (thr=0x7f31f3680a48) at /home/mariadb/bzr/mysql-5.6/storage/innobase/row/row0ins.cc:2668
#10 row_ins_step (thr=0x7f31f3680a48) at /home/mariadb/bzr/mysql-5.6/storage/innobase/row/row0ins.cc:2793
#11 0x00000000009d2df4 in row_insert_for_mysql (mysql_rec=<value optimized out>, prebuilt=0x7f31f36800e8)
    at /home/mariadb/bzr/mysql-5.6/storage/innobase/row/row0mysql.cc:1277
#12 0x0000000000959608 in ha_innobase::write_row (this=0x7f31f367e5a0, record=0x7f31f3fffad0 "")
    at /home/mariadb/bzr/mysql-5.6/storage/innobase/handler/ha_innodb.cc:6272
#13 0x00000000005a154f in handler::ha_write_row (this=0x7f31f367e5a0, buf=0x7f31f3fffad0 "")
    at /home/mariadb/bzr/mysql-5.6/sql/handler.cc:6232
#14 0x00000000006c805c in write_record (thd=0xebdd4a0, table=0x7f31e7fff420, info=0x7f3216fd5700, update=0x0)
    at /home/mariadb/bzr/mysql-5.6/sql/sql_insert.cc:1749
#15 0x0000000000857ddf in read_sep_field (thd=0xebdd4a0, ex=0xeca78d0, table_list=0xeca7958, 
    fields_vars=..., set_fields=..., set_values=..., handle_duplicates=DUP_ERROR, ignore=false, 
    read_file_from_client=false) at /home/mariadb/bzr/mysql-5.6/sql/sql_load.cc:1106
#16 mysql_load (thd=0xebdd4a0, ex=0xeca78d0, table_list=0xeca7958, fields_vars=..., set_fields=..., 
    set_values=..., handle_duplicates=DUP_ERROR, ignore=false, read_file_from_client=false)
    at /home/mariadb/bzr/mysql-5.6/sql/sql_load.cc:506
#17 0x0000000000700869 in mysql_execute_command (thd=0xebdd4a0)
    at /home/mariadb/bzr/mysql-5.6/sql/sql_parse.cc:3500
#18 0x0000000000702f73 in mysql_parse (thd=0xebdd4a0, rawbuf=<value optimized out>, 
    length=<value optimized out>, parser_state=<value optimized out>)
    at /home/mariadb/bzr/mysql-5.6/sql/sql_parse.cc:5972
#19 0x0000000000703e85 in dispatch_command (command=COM_QUERY, thd=0xebdd4a0, packet=<value optimized out>, 
    packet_length=248149914) at /home/mariadb/bzr/mysql-5.6/sql/sql_parse.cc:1266
#20 0x00000000006b217d in do_handle_one_connection (thd_arg=<value optimized out>)
    at /home/mariadb/bzr/mysql-5.6/sql/sql_connect.cc:942
#21 0x00000000006b21d2 in handle_one_connection (arg=<value optimized out>)
    at /home/mariadb/bzr/mysql-5.6/sql/sql_connect.cc:858
#22 0x00007f343aabea3f in start_thread () from /lib64/libpthread.so.0

How to repeat:
start MySQL server with attached my.cnf. Then load the DBT3 tables for scale factor 10. Smaller scales might work too, I just tried 10 which yields ~10G of raw data to be loaded.

DBT3 instructions:

1. bzr branch lp:~ahel/maria/mariadb-benchmarks
2. cd mariadb-benchmarks/dbt3new
3. ./build.sh       #this will download, patch and build DBT3
4. ./generate.sh 10 #this will generate DBT3 load files
5. cd work 
6. mysql -u root < dbt3_load.sql
[5 Apr 2012 12:53] Vasil Dimov 
Hi,

can you try to repro with this patch, it will make it a bit more clear:

--- cut ---
--- storage/innobase/mem/mem0mem.cc	revid:alfranio.correia@oracle.com-20120404070653-zqvny9ncbho5x1a2
+++ storage/innobase/mem/mem0mem.cc	2012-04-05 12:48:03 +0000
@@ -329,12 +329,13 @@ mem_heap_create_block(
 	if (type == MEM_HEAP_DYNAMIC || len < UNIV_PAGE_SIZE / 2) {
 
 		ut_ad(type == MEM_HEAP_DYNAMIC || n <= MEM_MAX_ALLOC_IN_BUF);
 
 		block = static_cast<mem_block_t*>(
 			mem_area_alloc(&len, mem_comm_pool));
+		ut_a(block != NULL);
 	} else {
 		len = UNIV_PAGE_SIZE;
 
 		if ((type & MEM_HEAP_BTR_SEARCH) && heap) {
 			/* We cannot allocate the block from the
 			buffer pool, but must get the free block from
@@ -349,12 +350,13 @@ mem_heap_create_block(
 			}
 		} else {
 			buf_block = buf_block_alloc(NULL);
 		}
 
 		block = (mem_block_t*) buf_block->frame;
+		ut_a(block != NULL);
 	}
 
 	ut_ad(block);
 	block->buf_block = buf_block;
 	block->free_block = NULL;
 #else /* !UNIV_HOTBACKUP */
--- cut ---

Thanks!
[11 Apr 2012 13:01] Axel Schwenke 
Hi Vasil,

the first assert is triggered. From the error log:

120411 15:59:31 [Note] /home/mariadb/bin/mysql-5.6-trunk/libexec/mysqld: ready for connections.               
Version: '5.6.6-m8'  socket: '/tmp/mysqld.sock.xl'  port: 0  Source distribution                              
120411 16:02:05  InnoDB: Assertion failure in thread 140136747951872 in file mem0mem.cc line 335              
InnoDB: Failing assertion: block != NULL                                                                      
InnoDB: We intentionally generate a memory trap.                                                              
InnoDB: Submit a detailed bug report to http://bugs.mysql.com.
[11 Apr 2012 15:55] Axel Schwenke 
Just for the record: I reproduced the same crash with the lab-April2012 release (using the Linux-x86-64 binary tarball)
[11 Apr 2012 18:45] Vasil Dimov 
Hi Axel,

This means that you have ran out of memory (malloc(3) returning NULL).

Crash even without a proper message is very harsh. This should be fixed.
[24 Dec 2012 9:18] Erlend Dahl 
This is a duplicate of an internally filed bug, which was fixed on the milestone release of 5.6.6.