[MDEV-18381] Server crashes in ha_innobase::store_lock upon concurrent ALTER and TRUNCATE - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 10.2, 10.3, 10.4, 10.5
Fix Version/s: 10.6.5
Component/s: Locking, Storage Engine - InnoDB
Labels:
- race
- statistics

Description

Note: The test case is non-deterministic. Run with --repeat=N, allow big enough N before giving up, as the probability is unclear. Also, try to adjust SELECT SLEEP in the test case one or another way. It currently fails for me within ~5-10 attempts with the SLEEP and within ~20-30 attempts without SLEEP, but I suppose it can vary a lot on different machines and builds.

--source include/have_innodb.inc

SET @stats= @@innodb_stats_persistent;

SET GLOBAL innodb_stats_persistent= ON;

CREATE TABLE t1 (a INT) ENGINE=InnoDB;

--connect (con1,localhost,root,,test)

CREATE TABLE t2 (b INT) ENGINE=InnoDB;

HANDLER t2 OPEN;

--send

  TRUNCATE TABLE t1;

--connection default

SELECT SLEEP(0.00001);

SET lock_wait_timeout= 1;

--error ER_LOCK_WAIT_TIMEOUT

ALTER TABLE t2 ADD COLUMN c INT;

# Cleanup

--connection con1

--reap

--disconnect con1

--connection default

DROP TABLE t1, t2;

SET GLOBAL innodb_stats_persistent= @stats;

10.4 37570e84
#3 <signal handler called>
#4 0x000055c27d6e566a in ha_innobase::store_lock (this=0x7f77d0028328, thd=0x7f77cc000b00, to=0x7f77cc014728, lock_type=TL_IGNORE) at /data/src/10.4/storage/innobase/handler/ha_innodb.cc:16258
#5 0x000055c27d5ca73b in get_lock_data (thd=0x7f77cc000b00, table_ptr=0x7f7828161a30, count=1, flags=2) at /data/src/10.4/sql/lock.cc:789
#6 0x000055c27d5c9ea5 in mysql_lock_abort_for_thread (thd=0x7f77cc000b00, table=0x7f77d00274c0) at /data/src/10.4/sql/lock.cc:613
#7 0x000055c27d0b4041 in THD::notify_shared_lock (this=0x7f77cc000b00, ctx_in_use=0x7f77d0000bd0, needs_thr_lock_abort=true) at /data/src/10.4/sql/sql_class.cc:2053
#8 0x000055c27d2bc019 in MDL_lock::notify_conflicting_locks (this=0x7f77cc1487f0, ctx=0x7f77cc000c20) at /data/src/10.4/sql/mdl.cc:574
#9 0x000055c27d2b91fe in MDL_context::acquire_lock (this=0x7f77cc000c20, mdl_request=0x7f7828161c90, lock_wait_timeout=1) at /data/src/10.4/sql/mdl.cc:2292
#10 0x000055c27d2b9cec in MDL_context::upgrade_shared_lock (this=0x7f77cc000c20, mdl_ticket=0x7f77cc011930, new_type=MDL_EXCLUSIVE, lock_wait_timeout=1) at /data/src/10.4/sql/mdl.cc:2523
#11 0x000055c27d2150b2 in mysql_inplace_alter_table (thd=0x7f77cc000b00, table_list=0x7f77cc013210, table=0x7f77cc150550, altered_table=0x7f7828162820, ha_alter_info=0x7f7828162790, inplace_supported=HA_ALTER_INPLACE_INSTANT, target_mdl_request=0x7f78281635f0, alter_ctx=0x7f7828164120) at /data/src/10.4/sql/sql_table.cc:7625
#12 0x000055c27d21c24a in mysql_alter_table (thd=0x7f77cc000b00, new_db=0x7f77cc0052b8, new_name=0x7f77cc0056c0, create_info=0x7f7828164d10, table_list=0x7f77cc013210, alter_info=0x7f7828164c50, order_num=0, order=0x0, ignore=false) at /data/src/10.4/sql/sql_table.cc:10086
#13 0x000055c27d2b38ab in Sql_cmd_alter_table::execute (this=0x7f77cc0139e8, thd=0x7f77cc000b00) at /data/src/10.4/sql/sql_alter.cc:508
#14 0x000055c27d133b13 in mysql_execute_command (thd=0x7f77cc000b00) at /data/src/10.4/sql/sql_parse.cc:6094
#15 0x000055c27d1391e7 in mysql_parse (thd=0x7f77cc000b00, rawbuf=0x7f77cc013128 "ALTER TABLE t2 ADD COLUMN c INT", length=31, parser_state=0x7f7828166170, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:7912
#16 0x000055c27d12447a in dispatch_command (command=COM_QUERY, thd=0x7f77cc000b00, packet=0x7f77cc19dbb1 "ALTER TABLE t2 ADD COLUMN c INT", packet_length=31, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:1841
#17 0x000055c27d122b07 in do_command (thd=0x7f77cc000b00) at /data/src/10.4/sql/sql_parse.cc:1359
#18 0x000055c27d2aa1bb in do_handle_one_connection (connect=0x55c2810e6820) at /data/src/10.4/sql/sql_connect.cc:1412
#19 0x000055c27d2a9f0a in handle_one_connection (arg=0x55c2810e6820) at /data/src/10.4/sql/sql_connect.cc:1316
#20 0x000055c27dca9209 in pfs_spawn_thread (arg=0x55c281065180) at /data/src/10.4/storage/perfschema/pfs.cc:1862
#21 0x00007f782fd0a4a4 in start_thread (arg=0x7f7828167700) at pthread_create.c:456
#22 0x00007f782e251d0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97

Reproducible on 10.2-10.5, on all of debug, non-debug and ASAN builds.
Couldn't reproduce on 10.1.
Couldn't reproduce without persistent statistics.

ASAN builds also fail with SEGV on the test case above, but earlier heap-use-after-free was also observed during concurrent tests:

10.4 78829a5780d
==24341==ERROR: AddressSanitizer: heap-use-after-free on address 0x621000287a38 at pc 0x55e1dd15574d bp 0x7f67792cce70 sp 0x7f67792cce60
READ of size 8 at 0x621000287a38 thread T40
#0 0x55e1dd15574c in ha_innobase::store_lock(THD, st_thr_lock_data*, thr_lock_type) /home/travis/src/storage/innobase/handler/ha_innodb.cc:16339
#1 0x55e1dcedc804 in get_lock_data(THD, TABLE*, unsigned int, unsigned int) /home/travis/src/sql/lock.cc:794
#2 0x55e1dcedaf2c in mysql_lock_abort_for_thread(THD, TABLE) /home/travis/src/sql/lock.cc:618
#3 0x55e1dc3e4327 in THD::notify_shared_lock(MDL_context_owner*, bool) /home/travis/src/sql/sql_class.cc:2042
#4 0x55e1dc84b65a in MDL_lock::notify_conflicting_locks(MDL_context*) /home/travis/src/sql/mdl.cc:574
#5 0x55e1dc845cee in MDL_context::acquire_lock(MDL_request*, double) /home/travis/src/sql/mdl.cc:2292
#6 0x55e1dc846f28 in MDL_context::upgrade_shared_lock(MDL_ticket*, enum_mdl_type, double) /home/travis/src/sql/mdl.cc:2523
#7 0x55e1dc6eb6b1 in mysql_inplace_alter_table /home/travis/src/sql/sql_table.cc:7454
#8 0x55e1dc6f8ad3 in mysql_alter_table(THD, st_mysql_const_lex_string const, st_mysql_const_lex_string const, HA_CREATE_INFO, TABLE_LIST, Alter_info, unsigned int, st_order*, bool) /home/travis/src/sql/sql_table.cc:9692
#9 0x55e1dc83ae60 in Sql_cmd_alter_table::execute(THD*) /home/travis/src/sql/sql_alter.cc:499
#10 0x55e1dc4f02a1 in mysql_execute_command(THD*) /home/travis/src/sql/sql_parse.cc:6345
#11 0x55e1dc4faae9 in mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool) /home/travis/src/sql/sql_parse.cc:8156
#12 0x55e1dc4d376a in dispatch_command(enum_server_command, THD, char, unsigned int, bool, bool) /home/travis/src/sql/sql_parse.cc:1842
#13 0x55e1dc4d094b in do_command(THD*) /home/travis/src/sql/sql_parse.cc:1395
#14 0x55e1dc82becb in do_handle_one_connection(CONNECT*) /home/travis/src/sql/sql_connect.cc:1398
#15 0x55e1dc82b89f in handle_one_connection /home/travis/src/sql/sql_connect.cc:1301
#16 0x7f681d5106b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
#17 0x7f681c7a141c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x10741c)
ASAN:SIGSEGV

Attachments

Issue Links

is blocked by

MDEV-25919 InnoDB reports misleading lock wait timeout on DDL operations

Closed

relates to

MDEV-15020 Server hangs due to InnoDB persistent statistics or innodb_stats_auto_recalc

Closed

Activity

People

Assignee:: Marko Mäkelä

Reporter:: Elena Stepanova

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2019-01-25 16:34

Updated:: 2022-04-08 05:21

Resolved:: 2022-04-08 05:18

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.