Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-19175

Server crashes in ha_partition::vers_can_native upon INSERT DELAYED into versioned partitioned table

    Details

      Description

      --source include/have_partition.inc
       
      CREATE TABLE t1 (f INT) WITH SYSTEM VERSIONING PARTITION BY HASH(f);
      INSERT DELAYED INTO t1 VALUES (1);
       
      # Cleanup
      DROP TABLE t1;
      

      10.3 532fffb4

      #3  <signal handler called>
      #4  0x000055ff48f7f72d in ha_partition::vers_can_native (this=0x7f77d8002018, thd=0x7f77e416edb0) at /data/src/10.3/sql/ha_partition.h:420
      #5  0x000055ff48625592 in TABLE_SHARE::init_from_binary_frm_image (this=0x7f77d8001188, thd=0x7f77e416edb0, write=false, frm_image=0x7f77d80017e0 "\376\001\n\024%", frm_length=544) at /data/src/10.3/sql/table.cc:1784
      #6  0x000055ff48621cb8 in open_table_def (thd=0x7f77e416edb0, share=0x7f77d8001188, flags=11) at /data/src/10.3/sql/table.cc:677
      #7  0x000055ff487404bb in tdc_acquire_share (thd=0x7f77e416edb0, tl=0x7f77e4174ae8, flags=3, out_table=0x7f77f49af888) at /data/src/10.3/sql/table_cache.cc:840
      #8  0x000055ff484857f3 in open_table (thd=0x7f77e416edb0, table_list=0x7f77e4174ae8, ot_ctx=0x7f77f49afc70) at /data/src/10.3/sql/sql_base.cc:1831
      #9  0x000055ff48488dd8 in open_and_process_table (thd=0x7f77e416edb0, lex=0x7f77e4172bb0, tables=0x7f77e4174ae8, counter=0x7f77f49afd04, flags=65537, prelocking_strategy=0x7f77f49afe10, has_prelocking_list=false, ot_ctx=0x7f77f49afc70) at /data/src/10.3/sql/sql_base.cc:3596
      #10 0x000055ff48489fd5 in open_tables (thd=0x7f77e416edb0, options=..., start=0x7f77f49afce8, counter=0x7f77f49afd04, flags=65537, prelocking_strategy=0x7f77f49afe10) at /data/src/10.3/sql/sql_base.cc:4121
      #11 0x000055ff4848bd43 in open_and_lock_tables (thd=0x7f77e416edb0, options=..., tables=0x7f77e4174ae8, derived=false, flags=65537, prelocking_strategy=0x7f77f49afe10) at /data/src/10.3/sql/sql_base.cc:4996
      #12 0x000055ff48482164 in open_and_lock_tables (thd=0x7f77e416edb0, tables=0x7f77e4174ae8, derived=false, flags=65537, prelocking_strategy=0x7f77f49afe10) at /data/src/10.3/sql/sql_base.h:263
      #13 0x000055ff4848b6a2 in open_n_lock_single_table (thd=0x7f77e416edb0, table_l=0x7f77e4174ae8, lock_type=TL_WRITE_DELAYED, flags=65537, prelocking_strategy=0x7f77f49afe10) at /data/src/10.3/sql/sql_base.cc:4839
      #14 0x000055ff484dcb1f in Delayed_insert::open_and_lock_table (this=0x7f77e416ed90) at /data/src/10.3/sql/sql_insert.cc:2905
      #15 0x000055ff484dce0a in handle_delayed_insert (arg=0x7f77e416ed90) at /data/src/10.3/sql/sql_insert.cc:3004
      #16 0x000055ff48b1555b in pfs_spawn_thread (arg=0x7f77e41765b0) at /data/src/10.3/storage/perfschema/pfs.cc:1862
      #17 0x00007f77fc741494 in start_thread (arg=0x7f77f49b0700) at pthread_create.c:333
      #18 0x00007f77fa90f93f in clone () from /lib/x86_64-linux-gnu/libc.so.6
      

      Same with ASAN:

      10.3 532fffb4 ASAN

      ==26769==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x557dc79dcf57 sp 0x7fcc64d220b0 bp 0x7fcc64d220d0 T6)
          #0 0x557dc79dcf56 in ha_partition::vers_can_native(THD*) /data/src/10.3/sql/ha_partition.h:420
          #1 0x557dc64d53fb in TABLE_SHARE::init_from_binary_frm_image(THD*, bool, unsigned char const*, unsigned long) /data/src/10.3/sql/table.cc:1784
          #2 0x557dc64cc465 in open_table_def(THD*, TABLE_SHARE*, unsigned int) /data/src/10.3/sql/table.cc:677
          #3 0x557dc67506be in tdc_acquire_share(THD*, TABLE_LIST*, unsigned int, TABLE**) /data/src/10.3/sql/table_cache.cc:840
          #4 0x557dc60e0766 in open_table(THD*, TABLE_LIST*, Open_table_context*) /data/src/10.3/sql/sql_base.cc:1831
          #5 0x557dc60e892e in open_and_process_table /data/src/10.3/sql/sql_base.cc:3596
          #6 0x557dc60eb310 in open_tables(THD*, DDL_options_st const&, TABLE_LIST**, unsigned int*, unsigned int, Prelocking_strategy*) /data/src/10.3/sql/sql_base.cc:4121
          #7 0x557dc60efb29 in open_and_lock_tables(THD*, DDL_options_st const&, TABLE_LIST*, bool, unsigned int, Prelocking_strategy*) /data/src/10.3/sql/sql_base.cc:4996
          #8 0x557dc60d8659 in open_and_lock_tables /data/src/10.3/sql/sql_base.h:263
          #9 0x557dc60eec1d in open_n_lock_single_table(THD*, TABLE_LIST*, thr_lock_type, unsigned int, Prelocking_strategy*) /data/src/10.3/sql/sql_base.cc:4839
          #10 0x557dc61b0022 in Delayed_insert::open_and_lock_table() /data/src/10.3/sql/sql_insert.cc:2905
          #11 0x557dc61b07d1 in handle_delayed_insert /data/src/10.3/sql/sql_insert.cc:3004
          #12 0x557dc70d4ef5 in pfs_spawn_thread /data/src/10.3/storage/perfschema/pfs.cc:1862
          #13 0x7fcc71a22493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
          #14 0x7fcc6fbf093e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e)
       
      AddressSanitizer can not provide additional info.
      SUMMARY: AddressSanitizer: SEGV /data/src/10.3/sql/ha_partition.h:420 ha_partition::vers_can_native(THD*)
      Thread T6 created by T5 here:
          #0 0x7fcc71c5bbba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)
          #1 0x557dc70d54bd in spawn_thread_v1 /data/src/10.3/storage/perfschema/pfs.cc:1912
          #2 0x557dc619dcc7 in inline_mysql_thread_create /data/src/10.3/include/mysql/psi/mysql_thread.h:1268
          #3 0x557dc61abca4 in delayed_get_table /data/src/10.3/sql/sql_insert.cc:2381
          #4 0x557dc61a05d9 in open_and_lock_for_insert_delayed /data/src/10.3/sql/sql_insert.cc:569
          #5 0x557dc61a14ba in mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicates, bool) /data/src/10.3/sql/sql_insert.cc:755
          #6 0x557dc623df55 in mysql_execute_command(THD*) /data/src/10.3/sql/sql_parse.cc:4730
          #7 0x557dc6253d49 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.3/sql/sql_parse.cc:8091
          #8 0x557dc622de71 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.3/sql/sql_parse.cc:1857
          #9 0x557dc622aec7 in do_command(THD*) /data/src/10.3/sql/sql_parse.cc:1403
          #10 0x557dc659ec1f in do_handle_one_connection(CONNECT*) /data/src/10.3/sql/sql_connect.cc:1402
          #11 0x557dc659e62b in handle_one_connection /data/src/10.3/sql/sql_connect.cc:1308
          #12 0x557dc70d4ef5 in pfs_spawn_thread /data/src/10.3/storage/perfschema/pfs.cc:1862
          #13 0x7fcc71a22493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
       
      Thread T5 created by T0 here:
          #0 0x7fcc71c5bbba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)
          #1 0x557dc70d54bd in spawn_thread_v1 /data/src/10.3/storage/perfschema/pfs.cc:1912
          #2 0x557dc5f96828 in inline_mysql_thread_create /data/src/10.3/include/mysql/psi/mysql_thread.h:1268
          #3 0x557dc5fac1be in create_thread_to_handle_connection(CONNECT*) /data/src/10.3/sql/mysqld.cc:6589
          #4 0x557dc5fac8c3 in create_new_thread /data/src/10.3/sql/mysqld.cc:6659
          #5 0x557dc5fad8da in handle_connections_sockets() /data/src/10.3/sql/mysqld.cc:6934
          #6 0x557dc5fab67b in mysqld_main(int, char**) /data/src/10.3/sql/mysqld.cc:6211
          #7 0x557dc5f948af in main /data/src/10.3/sql/main.cc:25
          #8 0x7fcc6fb282b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
      

      Not reproducible on my non-debug build, but it might be a matter of luck.

        Attachments

          Activity

            People

            • Assignee:
              midenok Aleksey Midenkov
              Reporter:
              elenst Elena Stepanova
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: