Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-15793

Server crash in PlugCloseFile (Connect engine) with sql_mode='';

Details

    Description

      test case:

      SET sql_mode='';
      		 
      SET default_storage_engine = 'Connect';
      		 
       
      		 
      CREATE  TABLE tmp AS SELECT 1654509913105235968 - '1994-09-26' FROM dual;
      		 
      CREATE or replace TABLE tmp AS SELECT 1654509913105235968 - '1994-09-26' FROM dual;


       10.0 c631060713a2af2890284f
      		 
      Thread 1 (Thread 0x7fbe67d4e700 (LWP 2931)):
      		 
      #0  __pthread_kill (threadid=<optimized out>, signo=11) at ../sysdeps/unix/sysv/linux/pthread_kill.c:62
      		 
      #1  0x0000000000ea8d92 in my_write_core (sig=11) at /git/10.0/mysys/stacktrace.c:478
      		 
      #2  0x0000000000865a87 in handle_fatal_signal (sig=11) at /git/10.0/sql/signal_handler.cc:285
      		 
      #3  <signal handler called>
      		 
      #4  0x00007fbe5f50b42d in PlugCloseFile (g=0x7fbe5c75e000, fp=0x3030303030303030, all=true) at /git/10.0/storage/connect/plgdbutl.cpp:873
      		 
      #5  0x00007fbe5f50b6d4 in PlugCleanup (g=0x7fbe5c75e000, dofree=true) at /git/10.0/storage/connect/plgdbutl.cpp:972
      		 
      #6  0x00007fbe5f4b3b7b in PopUser (xp=0x7fbe5c41a0e0) at /git/10.0/storage/connect/ha_connect.cc:941
      		 
      #7  0x00007fbe5f4b39fd in ha_connect::~ha_connect (this=0x7fbe5c77d888, __in_chrg=<optimized out>) at /git/10.0/storage/connect/ha_connect.cc:910
      		 
      #8  0x00007fbe5f4b3a82 in ha_connect::~ha_connect (this=0x7fbe5c77d888, __in_chrg=<optimized out>) at /git/10.0/storage/connect/ha_connect.cc:911
      		 
      #9  0x0000000000748587 in closefrm (table=0x7fbe5c49e470, free_share=true) at /git/10.0/sql/table.cc:2975
      		 
      #10 0x00000000005ed4d2 in intern_close_table (table=0x7fbe5c49e470) at /git/10.0/sql/sql_base.cc:337
      		 
      #11 0x00000000007f4464 in tdc_remove_table (thd=0x7fbe603fa070, remove_type=TDC_RT_REMOVE_ALL, db=0x7fbe5c5a27c0 "test", table_name=0x7fbe5c5a21a8 "tmp", kill_delayed_threads=false) at /git/10.0/sql/table_cache.cc:1029
      		 
      #12 0x00000000005f0a3a in drop_open_table (thd=0x7fbe603fa070, table=0x7fbe5c49e470, db_name=0x7fbe5c5a27c0 "test", table_name=0x7fbe5c5a21a8 "tmp") at /git/10.0/sql/sql_base.cc:1882
      		 
      #13 0x00000000006430be in select_create::abort_result_set (this=0x7fbe5c5a2c38) at /git/10.0/sql/sql_insert.cc:4378
      		 
      #14 0x000000000068fe15 in handle_select (thd=0x7fbe603fa070, lex=0x7fbe603fd940, result=0x7fbe5c5a2c38, setup_tables_done_option=0) at /git/10.0/sql/sql_select.cc:383
      		 
      #15 0x0000000000659b7b in mysql_execute_command (thd=0x7fbe603fa070) at /git/10.0/sql/sql_parse.cc:3012
      		 
      #16 0x0000000000663bc8 in mysql_parse (thd=0x7fbe603fa070, rawbuf=0x7fbe5c5a2088 "CREATE or replace TABLE tmp AS SELECT 1654509913105235968 - '1994-09-26' FROM dual", length=82, parser_state=0x7fbe67d4d670) at /git/10.0/sql/sql_parse.cc:6637
      		 
      #17 0x0000000000655a92 in dispatch_command (command=COM_QUERY, thd=0x7fbe603fa070, packet=0x7fbe617e5071 "CREATE or replace TABLE tmp AS SELECT 1654509913105235968 - '1994-09-26' FROM dual", packet_length=82) at /git/10.0/sql/sql_parse.cc:1300
      		 
      #18 0x0000000000654d05 in do_command (thd=0x7fbe603fa070) at /git/10.0/sql/sql_parse.cc:1003
      		 
      #19 0x000000000078ab06 in do_handle_one_connection (thd_arg=0x7fbe603fa070) at /git/10.0/sql/sql_connect.cc:1377
      		 
      #20 0x000000000078a854 in handle_one_connection (arg=0x7fbe603fa070) at /git/10.0/sql/sql_connect.cc:1292
      		 
      #21 0x0000000000e49508 in pfs_spawn_thread (arg=0x7fbe6037c0f0) at /git/10.0/storage/perfschema/pfs.cc:1861
      		 
      #22 0x00007fbe66ef76ba in start_thread (arg=0x7fbe67d4e700) at pthread_create.c:333
      		 
      #23 0x00007fbe665a241d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. MDEV-12553 [Draft] Server crashes in PlugCleanup / PopUser / ha_connect::~ha_connect

          • Major - Major loss of function.
          • Closed

          Activity

            Ascending order - Click to sort in descending order
            alice Alice Sherepa created issue -
            alice Alice Sherepa made changes -
            Field Original Value New Value
            Attachment 1stwe.test [ 45443 ]
            alice Alice Sherepa made changes -
            Attachment 1stq.test [ 45444 ]
            alice Alice Sherepa made changes -
            Description overuse memory, crash without coredump, nothing in error log
            {noformat}
            ASAN:SIGSEGV
            =================================================================
            ==4068==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x56341588d8e7 bp 0x7f9fb57ee490 sp 0x7f9fb57ee460 T33)
                #0 0x56341588d8e6 in PlugCloseFile(_global*, _fblock*, bool) /git/10.3/storage/connect/plgdbutl.cpp:873
                #1 0x56341588e14a in PlugCleanup(_global*, bool) /git/10.3/storage/connect/plgdbutl.cpp:972
                #2 0x56341582590d in PopUser /git/10.3/storage/connect/ha_connect.cc:935
                #3 0x5634158255cc in ha_connect::~ha_connect() /git/10.3/storage/connect/ha_connect.cc:904
                #4 0x563415825651 in ha_connect::~ha_connect() /git/10.3/storage/connect/ha_connect.cc:905
                #5 0x5634144c9d17 in closefrm(TABLE*) /git/10.3/sql/table.cc:3570
                #6 0x56341471741a in intern_close_table /git/10.3/sql/table_cache.cc:222
                #7 0x56341471d86b in tdc_remove_table(THD*, enum_tdc_remove_table_type, char const*, char const*, bool) /git/10.3/sql/table_cache.cc:1151
                #8 0x5634140ea98a in drop_open_table(THD*, TABLE*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*) /git/10.3/sql/sql_base.cc:1287
                #9 0x5634141c67dc in select_create::abort_result_set() /git/10.3/sql/sql_insert.cc:4736
                #10 0x5634142c5a44 in handle_select(THD*, LEX*, select_result*, unsigned long) /git/10.3/sql/sql_select.cc:388
                #11 0x56341423bb8b in mysql_execute_command(THD*) /git/10.3/sql/sql_parse.cc:4236
                #12 0x563414253dd1 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /git/10.3/sql/sql_parse.cc:8073
                #13 0x56341422eab8 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /git/10.3/sql/sql_parse.cc:1847
                #14 0x56341422bc50 in do_command(THD*) /git/10.3/sql/sql_parse.cc:1392
                #15 0x56341457b0b5 in do_handle_one_connection(CONNECT*) /git/10.3/sql/sql_connect.cc:1402
                #16 0x56341457aa92 in handle_one_connection /git/10.3/sql/sql_connect.cc:1308
                #17 0x7f9fe68906b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
                #18 0x7f9fe5d2541c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x10741c)

            {noformat}
            alice Alice Sherepa made changes -
            Affects Version/s 10.3 [ 22126 ]
            alice Alice Sherepa made changes -
            Component/s Storage Engine - Connect [ 10128 ]
            alice Alice Sherepa made changes -
            Affects Version/s 10.0 [ 16000 ]
            Affects Version/s 10.1 [ 16100 ]
            Affects Version/s 10.2 [ 14601 ]
            alice Alice Sherepa made changes -
            Fix Version/s 10.0 [ 16000 ]
            alice Alice Sherepa made changes -
            Description
            {noformat}
            ASAN:SIGSEGV
            =================================================================
            ==4068==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x56341588d8e7 bp 0x7f9fb57ee490 sp 0x7f9fb57ee460 T33)
                #0 0x56341588d8e6 in PlugCloseFile(_global*, _fblock*, bool) /git/10.3/storage/connect/plgdbutl.cpp:873
                #1 0x56341588e14a in PlugCleanup(_global*, bool) /git/10.3/storage/connect/plgdbutl.cpp:972
                #2 0x56341582590d in PopUser /git/10.3/storage/connect/ha_connect.cc:935
                #3 0x5634158255cc in ha_connect::~ha_connect() /git/10.3/storage/connect/ha_connect.cc:904
                #4 0x563415825651 in ha_connect::~ha_connect() /git/10.3/storage/connect/ha_connect.cc:905
                #5 0x5634144c9d17 in closefrm(TABLE*) /git/10.3/sql/table.cc:3570
                #6 0x56341471741a in intern_close_table /git/10.3/sql/table_cache.cc:222
                #7 0x56341471d86b in tdc_remove_table(THD*, enum_tdc_remove_table_type, char const*, char const*, bool) /git/10.3/sql/table_cache.cc:1151
                #8 0x5634140ea98a in drop_open_table(THD*, TABLE*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*) /git/10.3/sql/sql_base.cc:1287
                #9 0x5634141c67dc in select_create::abort_result_set() /git/10.3/sql/sql_insert.cc:4736
                #10 0x5634142c5a44 in handle_select(THD*, LEX*, select_result*, unsigned long) /git/10.3/sql/sql_select.cc:388
                #11 0x56341423bb8b in mysql_execute_command(THD*) /git/10.3/sql/sql_parse.cc:4236
                #12 0x563414253dd1 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /git/10.3/sql/sql_parse.cc:8073
                #13 0x56341422eab8 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /git/10.3/sql/sql_parse.cc:1847
                #14 0x56341422bc50 in do_command(THD*) /git/10.3/sql/sql_parse.cc:1392
                #15 0x56341457b0b5 in do_handle_one_connection(CONNECT*) /git/10.3/sql/sql_connect.cc:1402
                #16 0x56341457aa92 in handle_one_connection /git/10.3/sql/sql_connect.cc:1308
                #17 0x7f9fe68906b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
                #18 0x7f9fe5d2541c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x10741c)

            {noformat}
            		test case:
            {code:sql}
            SET sql_mode='';
            SET default_storage_engine = 'Connect';

            CREATE TABLE tmp AS SELECT 1654509913105235968 - '1994-09-26' FROM dual;
            CREATE or replace TABLE tmp AS SELECT 1654509913105235968 - '1994-09-26' FROM dual;
            {code}

            {noformat} 10.0 c631060713a2af2890284f
            Thread 1 (Thread 0x7fbe67d4e700 (LWP 2931)):
            #0 __pthread_kill (threadid=<optimized out>, signo=11) at ../sysdeps/unix/sysv/linux/pthread_kill.c:62
            #1 0x0000000000ea8d92 in my_write_core (sig=11) at /git/10.0/mysys/stacktrace.c:478
            #2 0x0000000000865a87 in handle_fatal_signal (sig=11) at /git/10.0/sql/signal_handler.cc:285
            #3 <signal handler called>
            #4 0x00007fbe5f50b42d in PlugCloseFile (g=0x7fbe5c75e000, fp=0x3030303030303030, all=true) at /git/10.0/storage/connect/plgdbutl.cpp:873
            #5 0x00007fbe5f50b6d4 in PlugCleanup (g=0x7fbe5c75e000, dofree=true) at /git/10.0/storage/connect/plgdbutl.cpp:972
            #6 0x00007fbe5f4b3b7b in PopUser (xp=0x7fbe5c41a0e0) at /git/10.0/storage/connect/ha_connect.cc:941
            #7 0x00007fbe5f4b39fd in ha_connect::~ha_connect (this=0x7fbe5c77d888, __in_chrg=<optimized out>) at /git/10.0/storage/connect/ha_connect.cc:910
            #8 0x00007fbe5f4b3a82 in ha_connect::~ha_connect (this=0x7fbe5c77d888, __in_chrg=<optimized out>) at /git/10.0/storage/connect/ha_connect.cc:911
            #9 0x0000000000748587 in closefrm (table=0x7fbe5c49e470, free_share=true) at /git/10.0/sql/table.cc:2975
            #10 0x00000000005ed4d2 in intern_close_table (table=0x7fbe5c49e470) at /git/10.0/sql/sql_base.cc:337
            #11 0x00000000007f4464 in tdc_remove_table (thd=0x7fbe603fa070, remove_type=TDC_RT_REMOVE_ALL, db=0x7fbe5c5a27c0 "test", table_name=0x7fbe5c5a21a8 "tmp", kill_delayed_threads=false) at /git/10.0/sql/table_cache.cc:1029
            #12 0x00000000005f0a3a in drop_open_table (thd=0x7fbe603fa070, table=0x7fbe5c49e470, db_name=0x7fbe5c5a27c0 "test", table_name=0x7fbe5c5a21a8 "tmp") at /git/10.0/sql/sql_base.cc:1882
            #13 0x00000000006430be in select_create::abort_result_set (this=0x7fbe5c5a2c38) at /git/10.0/sql/sql_insert.cc:4378
            #14 0x000000000068fe15 in handle_select (thd=0x7fbe603fa070, lex=0x7fbe603fd940, result=0x7fbe5c5a2c38, setup_tables_done_option=0) at /git/10.0/sql/sql_select.cc:383
            #15 0x0000000000659b7b in mysql_execute_command (thd=0x7fbe603fa070) at /git/10.0/sql/sql_parse.cc:3012
            #16 0x0000000000663bc8 in mysql_parse (thd=0x7fbe603fa070, rawbuf=0x7fbe5c5a2088 "CREATE or replace TABLE tmp AS SELECT 1654509913105235968 - '1994-09-26' FROM dual", length=82, parser_state=0x7fbe67d4d670) at /git/10.0/sql/sql_parse.cc:6637
            #17 0x0000000000655a92 in dispatch_command (command=COM_QUERY, thd=0x7fbe603fa070, packet=0x7fbe617e5071 "CREATE or replace TABLE tmp AS SELECT 1654509913105235968 - '1994-09-26' FROM dual", packet_length=82) at /git/10.0/sql/sql_parse.cc:1300
            #18 0x0000000000654d05 in do_command (thd=0x7fbe603fa070) at /git/10.0/sql/sql_parse.cc:1003
            #19 0x000000000078ab06 in do_handle_one_connection (thd_arg=0x7fbe603fa070) at /git/10.0/sql/sql_connect.cc:1377
            #20 0x000000000078a854 in handle_one_connection (arg=0x7fbe603fa070) at /git/10.0/sql/sql_connect.cc:1292
            #21 0x0000000000e49508 in pfs_spawn_thread (arg=0x7fbe6037c0f0) at /git/10.0/storage/perfschema/pfs.cc:1861
            #22 0x00007fbe66ef76ba in start_thread (arg=0x7fbe67d4e700) at pthread_create.c:333
            #23 0x00007fbe665a241d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109
            {noformat}
            alice Alice Sherepa made changes -
            Status Open [ 1 ] Confirmed [ 10101 ]
            alice Alice Sherepa made changes -
            Assignee Alice Sherepa [ alice ] Olivier Bertrand [ bertrandop ]
            alice Alice Sherepa made changes -
            Summary [draft] Server crash in PlugCloseFile (Connect engine) with sql_mode='';
            alice Alice Sherepa made changes -
            Affects Version/s 10.4 [ 22408 ]
            alice Alice Sherepa made changes -
            Fix Version/s 10.1 [ 16100 ]
            Fix Version/s 10.2 [ 14601 ]
            Fix Version/s 10.3 [ 22126 ]
            Fix Version/s 10.4 [ 22408 ]
            bertrandop Olivier Bertrand made changes -
            Status Confirmed [ 10101 ] In Progress [ 3 ]
            bertrandop Olivier Bertrand added a comment -

            This bug is not related to SQL_MODE but to a buffer overflow when getting DOUBLE representation.

            bertrandop Olivier Bertrand added a comment - This bug is not related to SQL_MODE but to a buffer overflow when getting DOUBLE representation.
            bertrandop Olivier Bertrand made changes -
            issue.field.resolutiondate 2019-03-28 09:59:10.0 2019-03-28 09:59:10.004
            bertrandop Olivier Bertrand made changes -
            Fix Version/s 10.1.39 [ 23305 ]
            Fix Version/s 10.2.24 [ 23308 ]
            Fix Version/s 10.3.14 [ 23216 ]
            Fix Version/s 10.4.4 [ 23310 ]
            Fix Version/s 10.2 [ 14601 ]
            Fix Version/s 10.0 [ 16000 ]
            Fix Version/s 10.1 [ 16100 ]
            Fix Version/s 10.3 [ 22126 ]
            Fix Version/s 10.4 [ 22408 ]
            Resolution Fixed [ 1 ]
            Status In Progress [ 3 ] Closed [ 6 ]
            bertrandop Olivier Bertrand made changes -
            Fix Version/s 10.3.15 [ 23309 ]
            Fix Version/s 10.0.38 [ 23211 ]
            Fix Version/s 10.3.14 [ 23216 ]
            bertrandop Olivier Bertrand made changes -
            Fix Version/s 10.4.5 [ 23311 ]
            Fix Version/s 10.4.4 [ 23310 ]
            elenst Elena Stepanova made changes -
            serg Sergei Golubchik made changes -
            Workflow MariaDB v3 [ 86406 ] MariaDB v4 [ 154104 ]

            People

              bertrandop Olivier Bertrand
              alice Alice Sherepa
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.