Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-15485

Server crashes in read_sep_field / write_record / key_copy

    XMLWordPrintable

Details

    Description

      CREATE TABLE t1 (c VARCHAR(3)) ENGINE=RocksDB;
      		 
      INSERT INTO t1 VALUES  ('foo'),('bar');
      		 
       
      		 
      CREATE TABLE t2 (a INT) ENGINE=RocksDB;
      		 
       
      		 
      --connect (con1,localhost,root,,test)
      		 
      BEGIN;
      		 
      --connect (con2,localhost,root,,test)
      		 
      BEGIN;
      		 
       
      		 
      --connection default
      		 
      --send
      		 
        ALTER TABLE t1 FORCE;
      		 
       
      		 
      --connection con1
      		 
      SELECT 1 FROM t2;
      		 
       
      		 
      --connection con2
      		 
      SELECT * FROM t1 INTO OUTFILE 'load.data';
      		 
      --error 0,ER_LOCK_DEADLOCK
      		 
      LOAD DATA INFILE 'load.data' REPLACE INTO TABLE t1;
      		 
       
      		 
      --connection con1
      		 
      SELECT 1 FROM t1;
      		 
       
      		 
      --connection con2
      		 
      LOAD DATA INFILE 'load.data' REPLACE INTO TABLE t1;
      		 
       
      		 
      # Cleanup
      		 
      --disconnect con2
      		 
      --disconnect con1
      		 
      --connection default
      		 
      --reap
      		 
      DROP TABLE t1, t2;

      10.2 ASAN de86997160ea5e02e7fc6eb877d5823e96b64523

      		 
      ==7942==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x562d6ba9a71b sp 0x7f13e85c0fb0 bp 0x7f13e85c1000 T12)
      		 
          #0 0x562d6ba9a71a in key_copy(unsigned char*, unsigned char*, st_key*, unsigned int, bool) /data/src/10.2-bug/sql/key.cc:122
      		 
          #1 0x562d6b20ae17 in write_record(THD*, TABLE*, st_copy_info*) /data/src/10.2-bug/sql/sql_insert.cc:1727
      		 
          #2 0x562d6bc4ac2a in read_sep_field /data/src/10.2-bug/sql/sql_load.cc:1256
      		 
          #3 0x562d6bc46a1e in mysql_load(THD*, sql_exchange*, TABLE_LIST*, List<Item>&, List<Item>&, List<Item>&, enum_duplicates, bool, bool) /data/src/10.2-bug/sql/sql_load.cc:649
      		 
          #4 0x562d6b26c0a7 in mysql_execute_command(THD*) /data/src/10.2-bug/sql/sql_parse.cc:4832
      		 
          #5 0x562d6b27fc64 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2-bug/sql/sql_parse.cc:7940
      		 
          #6 0x562d6b25ac4b in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2-bug/sql/sql_parse.cc:1820
      		 
          #7 0x562d6b257cef in do_command(THD*) /data/src/10.2-bug/sql/sql_parse.cc:1374
      		 
          #8 0x562d6b59446f in do_handle_one_connection(CONNECT*) /data/src/10.2-bug/sql/sql_connect.cc:1335
      		 
          #9 0x562d6b593e84 in handle_one_connection /data/src/10.2-bug/sql/sql_connect.cc:1241
      		 
          #10 0x562d6bfa2b23 in pfs_spawn_thread /data/src/10.2-bug/storage/perfschema/pfs.cc:1862
      		 
          #11 0x7f13fa902493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
      		 
          #12 0x7f13f8ce893e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e)
      		 
       
      		 
      AddressSanitizer can not provide additional info.
      		 
      SUMMARY: AddressSanitizer: SEGV /data/src/10.2-bug/sql/key.cc:122 key_copy(unsigned char*, unsigned char*, st_key*, unsigned int, bool)
      		 
      Thread T12 created by T0 here:
      		 
          #0 0x7f13fab3bbba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)
      		 
          #1 0x562d6bfa30eb in spawn_thread_v1 /data/src/10.2-bug/storage/perfschema/pfs.cc:1912
      		 
          #2 0x562d6b054e2e in inline_mysql_thread_create /data/src/10.2-bug/include/mysql/psi/mysql_thread.h:1239
      		 
          #3 0x562d6b069d0b in create_thread_to_handle_connection(CONNECT*) /data/src/10.2-bug/sql/mysqld.cc:6450
      		 
          #4 0x562d6b06a410 in create_new_thread /data/src/10.2-bug/sql/mysqld.cc:6520
      		 
          #5 0x562d6b06b421 in handle_connections_sockets() /data/src/10.2-bug/sql/mysqld.cc:6795
      		 
          #6 0x562d6b069260 in mysqld_main(int, char**) /data/src/10.2-bug/sql/mysqld.cc:6069
      		 
          #7 0x562d6b0531cf in main /data/src/10.2-bug/sql/main.cc:25
      		 
          #8 0x7f13f8c202b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
      		 
       
      		 
      ==7942==ABORTING

      Variations of the stack trace with the same or slightly different test cases on non-asan debug builds:

      #3  <signal handler called>
      		 
      #4  0x0000562173beda9a in key_copy (to_key=0x7f6fbc100c30 "\360\f\020\274o\177", from_record=0x7f6f2c03c718 "\b\"", key_info=0x0, key_length=0, with_zerofill=false) at /data/src/10.3/sql/key.cc:122
      		 
      #5  0x00005621737bcb97 in write_record (thd=0x7f6f30000b00, table=0x7f6f2c036010, info=0x7f6fbc100f40) at /data/src/10.3/sql/sql_insert.cc:1772
      		 
      #6  0x00005621737ea301 in read_sep_field (thd=0x7f6f30000b00, info=..., table_list=0x7f6f3002a170, fields_vars=..., set_fields=..., set_values=..., read_info=..., enclosed=..., skip_lines=0, ignore_check_option_errors=false) at /data/src/10.3/sql/sql_load.cc:1157
      		 
      #7  0x00005621737e88d8 in mysql_load (thd=0x7f6f30000b00, ex=0x7f6f3002a0e8, table_list=0x7f6f3002a170, fields_vars=..., set_fields=..., set_values=..., handle_duplicates=DUP_REPLACE, ignore=false, read_file_from_client=false) at /data/src/10.3/sql/sql_load.cc:665
      		 
      #8  0x00005621737fd4e3 in mysql_execute_command (thd=0x7f6f30000b00) at /data/src/10.3/sql/sql_parse.cc:5125
      		 
      #9  0x000056217380668d in mysql_parse (thd=0x7f6f30000b00, rawbuf=0x7f6f30029ff8 "LOAD DATA INFILE 'load_pp_k' REPLACE INTO TABLE pp_k", length=52, parser_state=0x7f6fbc102630, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:8019
      		 
      #10 0x00005621737f3acf in dispatch_command (command=COM_QUERY, thd=0x7f6f30000b00, packet=0x7f6f3000b2f1 "LOAD DATA INFILE 'load_pp_k' REPLACE INTO TABLE pp_k", packet_length=52, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:1846
      		 
      #11 0x00005621737f24f3 in do_command (thd=0x7f6f30000b00) at /data/src/10.3/sql/sql_parse.cc:1391
      		 
      #12 0x0000562173957b23 in do_handle_one_connection (connect=0x5621775a9cf0) at /data/src/10.3/sql/sql_connect.cc:1402
      		 
      #13 0x00005621739578a7 in handle_one_connection (arg=0x5621775a9cf0) at /data/src/10.3/sql/sql_connect.cc:1308
      		 
      #14 0x00007f6fbeb81494 in start_thread (arg=0x7f6fbc103700) at pthread_create.c:333
      		 
      #15 0x00007f6fbcf6793f in clone () from /lib/x86_64-linux-gnu/libc.so.6


      #3  <signal handler called>
      		 
      #4  0x00007fb51cdcfc87 in myrocks::Rdb_field_packing::get_field_in_table (this=0x7fb4a0063990, tbl=0x7fb4a40360c0) at /data/src/10.3/storage/rocksdb/rdb_datadic.cc:3343
      		 
      #5  0x00007fb51cdca407 in myrocks::Rdb_key_def::pack_record (this=0x7fb4a0063d60, tbl=0x7fb4a40360c0, pack_buffer=0x7fb4a4043700 '\245' <repeats 24 times>, "h4z\025", record=0x7fb4a403c928 "\b\"", packed_tuple=0x7fb4a4043480 "", unpack_info=0x0, should_store_row_debug_checksums=@0x7fb51881c9ef: false, hidden_pk_id=@0x7fb51881c9f8: 0, n_key_parts=5, n_null_fields=0x0, ttl_pk_offset=0x0, ttl_bytes=0x0) at /data/src/10.3/storage/rocksdb/rdb_datadic.cc:1126
      		 
      #6  0x00007fb51cdc958d in myrocks::Rdb_key_def::pack_index_tuple (this=0x7fb4a0063d60, tbl=0x7fb4a40360c0, pack_buffer=0x7fb4a4043700 '\245' <repeats 24 times>, "h4z\025", packed_tuple=0x7fb4a4043480 "", key_tuple=0x7fb51881cc30 "\360\314\201\030\265\177", keypart_map=@0x7fb51881ca20: 31) at /data/src/10.3/storage/rocksdb/rdb_datadic.cc:780
      		 
      #7  0x00007fb51cd436cb in myrocks::ha_rocksdb::index_read_map_impl (this=0x7fb4a4036d08, buf=0x7fb4a403eda0 '\245' <repeats 200 times>..., key=0x7fb51881cc30 "\360\314\201\030\265\177", keypart_map=31, find_flag=HA_READ_KEY_EXACT, end_key=0x0) at /data/src/10.3/storage/rocksdb/ha_rocksdb.cc:8044
      		 
      #8  0x00007fb51cd432db in myrocks::ha_rocksdb::index_read_map (this=0x7fb4a4036d08, buf=0x7fb4a403eda0 '\245' <repeats 200 times>..., key=0x7fb51881cc30 "\360\314\201\030\265\177", keypart_map=31, find_flag=HA_READ_KEY_EXACT) at /data/src/10.3/storage/rocksdb/ha_rocksdb.cc:7964
      		 
      #9  0x0000559f8164c809 in handler::index_read_idx_map (this=0x7fb4a4036d08, buf=0x7fb4a403eda0 '\245' <repeats 200 times>..., index=1, key=0x7fb51881cc30 "\360\314\201\030\265\177", keypart_map=31, find_flag=HA_READ_KEY_EXACT) at /data/src/10.3/sql/handler.cc:5722
      		 
      #10 0x0000559f816451e6 in handler::ha_index_read_idx_map (this=0x7fb4a4036d08, buf=0x7fb4a403eda0 '\245' <repeats 200 times>..., index=1, key=0x7fb51881cc30 "\360\314\201\030\265\177", keypart_map=31, find_flag=HA_READ_KEY_EXACT) at /data/src/10.3/sql/handler.cc:2850
      		 
      #11 0x0000559f81316c08 in write_record (thd=0x7fb498000b00, table=0x7fb4a40360c0, info=0x7fb51881cf40) at /data/src/10.3/sql/sql_insert.cc:1774
      		 
      #12 0x0000559f81344301 in read_sep_field (thd=0x7fb498000b00, info=..., table_list=0x7fb49802a170, fields_vars=..., set_fields=..., set_values=..., read_info=..., enclosed=..., skip_lines=0, ignore_check_option_errors=false) at /data/src/10.3/sql/sql_load.cc:1157
      		 
      #13 0x0000559f813428d8 in mysql_load (thd=0x7fb498000b00, ex=0x7fb49802a0e8, table_list=0x7fb49802a170, fields_vars=..., set_fields=..., set_values=..., handle_duplicates=DUP_REPLACE, ignore=false, read_file_from_client=false) at /data/src/10.3/sql/sql_load.cc:665
      		 
      #14 0x0000559f813574e3 in mysql_execute_command (thd=0x7fb498000b00) at /data/src/10.3/sql/sql_parse.cc:5125
      		 
      #15 0x0000559f8136068d in mysql_parse (thd=0x7fb498000b00, rawbuf=0x7fb498029ff8 "LOAD DATA INFILE 'load_pp_k' REPLACE INTO TABLE pp_k", length=52, parser_state=0x7fb51881e630, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:8019
      		 
      #16 0x0000559f8134dacf in dispatch_command (command=COM_QUERY, thd=0x7fb498000b00, packet=0x7fb49800b2f1 "LOAD DATA INFILE 'load_pp_k' REPLACE INTO TABLE pp_k", packet_length=52, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:1846
      		 
      #17 0x0000559f8134c4f3 in do_command (thd=0x7fb498000b00) at /data/src/10.3/sql/sql_parse.cc:1391
      		 
      #18 0x0000559f814b1b23 in do_handle_one_connection (connect=0x559f84ff0cf0) at /data/src/10.3/sql/sql_connect.cc:1402
      		 
      #19 0x0000559f814b18a7 in handle_one_connection (arg=0x559f84ff0cf0) at /data/src/10.3/sql/sql_connect.cc:1308
      		 
      #20 0x00007fb52bda9494 in start_thread (arg=0x7fb51881f700) at pthread_create.c:333
      		 
      #21 0x00007fb52a18f93f in clone () from /lib/x86_64-linux-gnu/libc.so.6


      #3  <signal handler called>
      		 
      #4  0x0000562d24c6bb5d in calculate_key_len (table=0x7fded80360d0, key=2, buf=0x7fdf4c946c30 "\360l\224L\337\177", keypart_map=31) at /data/src/10.3/sql/table.cc:4001
      		 
      #5  0x00007fdf50dc94d3 in myrocks::Rdb_key_def::pack_index_tuple (this=0x7fded4066960, tbl=0x7fded80360d0, pack_buffer=0x7fded8044170 '\245' <repeats 200 times>..., packed_tuple=0x7fded80435f0 "", key_tuple=0x7fdf4c946c30 "\360l\224L\337\177", keypart_map=@0x7fdf4c946a20: 31) at /data/src/10.3/storage/rocksdb/rdb_datadic.cc:771
      		 
      #6  0x00007fdf50d436cb in myrocks::ha_rocksdb::index_read_map_impl (this=0x7fded8036d18, buf=0x7fded803efa0 '\245' <repeats 200 times>..., key=0x7fdf4c946c30 "\360l\224L\337\177", keypart_map=31, find_flag=HA_READ_KEY_EXACT, end_key=0x0) at /data/src/10.3/storage/rocksdb/ha_rocksdb.cc:8044
      		 
      #7  0x00007fdf50d432db in myrocks::ha_rocksdb::index_read_map (this=0x7fded8036d18, buf=0x7fded803efa0 '\245' <repeats 200 times>..., key=0x7fdf4c946c30 "\360l\224L\337\177", keypart_map=31, find_flag=HA_READ_KEY_EXACT) at /data/src/10.3/storage/rocksdb/ha_rocksdb.cc:7964
      		 
      #8  0x0000562d24e51809 in handler::index_read_idx_map (this=0x7fded8036d18, buf=0x7fded803efa0 '\245' <repeats 200 times>..., index=2, key=0x7fdf4c946c30 "\360l\224L\337\177", keypart_map=31, find_flag=HA_READ_KEY_EXACT) at /data/src/10.3/sql/handler.cc:5722
      		 
      #9  0x0000562d24e4a1e6 in handler::ha_index_read_idx_map (this=0x7fded8036d18, buf=0x7fded803efa0 '\245' <repeats 200 times>..., index=2, key=0x7fdf4c946c30 "\360l\224L\337\177", keypart_map=31, find_flag=HA_READ_KEY_EXACT) at /data/src/10.3/sql/handler.cc:2850
      		 
      #10 0x0000562d24b1bc08 in write_record (thd=0x7fdecc000b00, table=0x7fded80360d0, info=0x7fdf4c946f40) at /data/src/10.3/sql/sql_insert.cc:1774
      		 
      #11 0x0000562d24b49301 in read_sep_field (thd=0x7fdecc000b00, info=..., table_list=0x7fdecc02a170, fields_vars=..., set_fields=..., set_values=..., read_info=..., enclosed=..., skip_lines=0, ignore_check_option_errors=false) at /data/src/10.3/sql/sql_load.cc:1157
      		 
      #12 0x0000562d24b478d8 in mysql_load (thd=0x7fdecc000b00, ex=0x7fdecc02a0e8, table_list=0x7fdecc02a170, fields_vars=..., set_fields=..., set_values=..., handle_duplicates=DUP_REPLACE, ignore=false, read_file_from_client=false) at /data/src/10.3/sql/sql_load.cc:665
      		 
      #13 0x0000562d24b5c4e3 in mysql_execute_command (thd=0x7fdecc000b00) at /data/src/10.3/sql/sql_parse.cc:5125
      		 
      #14 0x0000562d24b6568d in mysql_parse (thd=0x7fdecc000b00, rawbuf=0x7fdecc029ff8 "LOAD DATA INFILE 'load_pp_k' REPLACE INTO TABLE pp_k", length=52, parser_state=0x7fdf4c948630, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:8019
      		 
      #15 0x0000562d24b52acf in dispatch_command (command=COM_QUERY, thd=0x7fdecc000b00, packet=0x7fdecc00b2f1 "LOAD DATA INFILE 'load_pp_k' REPLACE INTO TABLE pp_k", packet_length=52, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:1846
      		 
      #16 0x0000562d24b514f3 in do_command (thd=0x7fdecc000b00) at /data/src/10.3/sql/sql_parse.cc:1391
      		 
      #17 0x0000562d24cb6b23 in do_handle_one_connection (connect=0x562d2863ccf0) at /data/src/10.3/sql/sql_connect.cc:1402
      		 
      #18 0x0000562d24cb68a7 in handle_one_connection (arg=0x562d2863ccf0) at /data/src/10.3/sql/sql_connect.cc:1308
      		 
      #19 0x00007fdf5ff00494 in start_thread (arg=0x7fdf4c949700) at pthread_create.c:333
      		 
      #20 0x00007fdf5e2e693f in clone () from /lib/x86_64-linux-gnu/libc.so.6

      Attachments

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. MDEV-16070 [Draft] Server crashed in calculate_key_len / myrocks::Rdb_key_def::pack_index_tuple

          • Major - Major loss of function.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-15304 Server crash in print_keydup_error / key_unpack or unexpected ER_DUP_KEY

          • Major - Major loss of function.
          • Closed

          Activity

            People

              Unassigned Unassigned
              elenst Elena Stepanova
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.