[MDEV-20014] Assertion failure: thd->mdl_context.is_lock_owner(MDL_key::TABLE - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 10.4(EOL)
Fix Version/s: 10.5.0
Component/s: Locking
Labels:
None
Environment:
revision 70c2bde931246ea4966d82fa56773b8ef1e0074f, debug build on Ubuntu bionic

Description

EDIT: THe problem only shows up with this patch: http://lists.askmonty.org/pipermail/commits/2019-July/013894.html ***
Running a simple sequence of commands causes the server to hit this assertion:

  Thread 36 "mysqld" received signal SIGABRT, Aborted.

  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51

  51	../sysdeps/unix/sysv/linux/raise.c: No such file or directory.

(gdb) wher

  #0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51

  #1  0x00007ffff54d8801 in __GI_abort () at abort.c:79

  #2  0x00007ffff54c839a in __assert_fail_base (fmt=0x7ffff564f7d8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x55555696db10 "thd->mdl_context.is_lock_owner(MDL_key::TABLE, table->s->db.str, table->s->table_name.str, MDL_SHARED)", file=file@entry=0x55555696d738 "/home/psergey/dev-git/10.4/sql/sql_base.cc", line=line@entry=1044, function=function@entry=0x55555696f480 <close_thread_table(THD*, TABLE**)::__PRETTY_FUNCTION__> "void close_thread_table(THD*, TABLE**)") at assert.c:92

  #3  0x00007ffff54c8412 in __GI___assert_fail (assertion=0x55555696db10 "thd->mdl_context.is_lock_owner(MDL_key::TABLE, table->s->db.str, table->s->table_name.str, MDL_SHARED)", file=0x55555696d738 "/home/psergey/dev-git/10.4/sql/sql_base.cc", line=1044, function=0x55555696f480 <close_thread_table(THD*, TABLE**)::__PRETTY_FUNCTION__> "void close_thread_table(THD*, TABLE**)") at assert.c:101

  #4  0x0000555555c9bd00 in close_thread_table (thd=0x7ffe64000cf8, table_ptr=0x7ffe64000de0) at /home/psergey/dev-git/10.4/sql/sql_base.cc:1041

  #5  0x0000555555c9bae4 in close_thread_tables (thd=0x7ffe64000cf8) at /home/psergey/dev-git/10.4/sql/sql_base.cc:1020

  #6  0x0000555555d46fd4 in mysql_execute_command (thd=0x7ffe64000cf8) at /home/psergey/dev-git/10.4/sql/sql_parse.cc:6148

  #7  0x0000555555d4bc5f in mysql_parse (thd=0x7ffe64000cf8, rawbuf=0x7ffe6406b8e0 "explain select * from one_k where a in (select t10.b from t10, t11, t12, t13, t14 where t11.a=t10.b+1 and t12.a=t10.b and t13.a=t10.b and t14.a=t10.b)", length=150, parser_state=0x7ffff0202150, is_com_multi=false, is_next_command=false) at /home/psergey/dev-git/10.4/sql/sql_parse.cc:7892

  #8  0x0000555555d37da2 in dispatch_command (command=COM_QUERY, thd=0x7ffe64000cf8, packet=0x7ffe64007de9 "", packet_length=150, is_com_multi=false, is_next_command=false) at /home/psergey/dev-git/10.4/sql/sql_parse.cc:1826

  #9  0x0000555555d3655f in do_command (thd=0x7ffe64000cf8) at /home/psergey/dev-git/10.4/sql/sql_parse.cc:1359

  #10 0x0000555555eb58e4 in do_handle_one_connection (connect=0x55556522fec8) at /home/psergey/dev-git/10.4/sql/sql_connect.cc:1404

  #11 0x0000555555eb5633 in handle_one_connection (arg=0x55556522fec8) at /home/psergey/dev-git/10.4/sql/sql_connect.cc:1306

  #12 0x000055555683a6f4 in pfs_spawn_thread (arg=0x555565132818) at /home/psergey/dev-git/10.4/storage/perfschema/pfs.cc:1862

  #13 0x00007ffff63d36db in start_thread (arg=0x7ffff0203700) at pthread_create.c:463

  #14 0x00007ffff55b988f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

(gdb) p table->alias

  $19 = {<Charset> = {m_charset = 0x555557435880 <my_charset_bin>}, <Binary_string> = {<Static_binary_string> = {<Sql_alloc> = {dummy_for_valgrind = false}, Ptr = 0x7ffe64097688 "t12", str_length = 3}, Alloced_length = 8, extra_alloc = 0, alloced = true, thread_specific = false}, <No data fields>}

(gdb) p table->s->table_name

  $21 = {str = 0x7ffe64093b15 "t12", length = 3}

The failure doesn't seem to be always reproducible. Starting mysqld on an empty data directory and just running the commands makes the chance to reproduce higher.

create table ten(a int primary key);

insert into ten values (0),(1),(2),(3),(4),(5),(6),(7),(8),(9);

create table one_k(a int primary key);

insert into one_k select A.a + B.a* 10 + C.a * 100 from ten A, ten B, ten C;

create table t10 (a int, b int, key(a));

insert into t10 select a,a from one_k;

create table t11 like t10;

insert into t11 select * from t10;

create table t12 like t10;

create table t13 like t10;

create table t14 like t10;

insert into t12 select * from t10;

insert into t13 select * from t10;

insert into t14 select * from t10;

explain select * from one_k where a in (select t10.b from t10, t11, t12, t13, t14 where t11.a=t10.b+1 and t12.a=t10.b and t13.a=t10.b and t14.a=t10.b);

explain select * from one_k where a in (select t10.b from t10, t11, t12, t13, t14 where t11.a=t10.b+1 and t12.a=t10.b and t13.a=t10.b and t14.a=t10.b);

Attachments

Issue Links

relates to

MDEV-20468 Allocating more space than required for JOIN_TAB array for a query with SJM table

Closed

Activity

Ascending order - Click to sort in descending order

Sergei Petrunia added a comment - 2019-07-10 12:41

Another assert:

(gdb) wher

  #0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51

  #1  0x00007ffff54d8801 in __GI_abort () at abort.c:79

  #2  0x00007ffff5521897 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7ffff564eb9a "%s\n") at ../sysdeps/posix/libc_fatal.c:181

  #3  0x00007ffff552890a in malloc_printerr (str=str@entry=0x7ffff564cd88 "free(): invalid pointer") at malloc.c:5350

  #4  0x00007ffff552fe1c in _int_free (have_lock=0, p=0x7ffe6c0bb8e8, av=0x7ffff5883c40 <main_arena>) at malloc.c:4157

  #5  __GI___libc_free (mem=0x7ffe6c0bb8f8) at malloc.c:3124

  #6  0x00005555568a8469 in my_free (ptr=0x7ffe6c0bb900) at /home/psergey/dev-git/10.4/mysys/my_malloc.c:222

  #7  0x000055555689886d in free_root (root=0x7ffe6c0067f8, MyFlags=1) at /home/psergey/dev-git/10.4/mysys/my_alloc.c:420

  #8  0x0000555555d39f36 in dispatch_command (command=COM_QUERY, thd=0x7ffe6c000cf8, packet=0x7ffe6c007de9 "", packet_length=150, is_com_multi=false, is_next_command=false) at /home/psergey/dev-git/10.4/sql/sql_parse.cc:2461

  #9  0x0000555555d3655f in do_command (thd=0x7ffe6c000cf8) at /home/psergey/dev-git/10.4/sql/sql_parse.cc:1359

  #10 0x0000555555eb58e4 in do_handle_one_connection (connect=0x55556522fd18) at /home/psergey/dev-git/10.4/sql/sql_connect.cc:1404

  #11 0x0000555555eb5633 in handle_one_connection (arg=0x55556522fd18) at /home/psergey/dev-git/10.4/sql/sql_connect.cc:1306

  #12 0x000055555683a6f4 in pfs_spawn_thread (arg=0x555565132818) at /home/psergey/dev-git/10.4/storage/perfschema/pfs.cc:1862

  #13 0x00007ffff63d36db in start_thread (arg=0x7ffff0203700) at pthread_create.c:463

  #14 0x00007ffff55b988f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Sergei Petrunia added a comment - 2019-07-10 12:41 Another assert: (gdb) wher #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51 #1 0x00007ffff54d8801 in __GI_abort () at abort.c:79 #2 0x00007ffff5521897 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7ffff564eb9a "%s\n") at ../sysdeps/posix/libc_fatal.c:181 #3 0x00007ffff552890a in malloc_printerr (str=str@entry=0x7ffff564cd88 "free(): invalid pointer") at malloc.c:5350 #4 0x00007ffff552fe1c in _int_free (have_lock=0, p=0x7ffe6c0bb8e8, av=0x7ffff5883c40 <main_arena>) at malloc.c:4157 #5 __GI___libc_free (mem=0x7ffe6c0bb8f8) at malloc.c:3124 #6 0x00005555568a8469 in my_free (ptr=0x7ffe6c0bb900) at /home/psergey/dev-git/10.4/mysys/my_malloc.c:222 #7 0x000055555689886d in free_root (root=0x7ffe6c0067f8, MyFlags=1) at /home/psergey/dev-git/10.4/mysys/my_alloc.c:420 #8 0x0000555555d39f36 in dispatch_command (command=COM_QUERY, thd=0x7ffe6c000cf8, packet=0x7ffe6c007de9 "", packet_length=150, is_com_multi=false, is_next_command=false) at /home/psergey/dev-git/10.4/sql/sql_parse.cc:2461 #9 0x0000555555d3655f in do_command (thd=0x7ffe6c000cf8) at /home/psergey/dev-git/10.4/sql/sql_parse.cc:1359 #10 0x0000555555eb58e4 in do_handle_one_connection (connect=0x55556522fd18) at /home/psergey/dev-git/10.4/sql/sql_connect.cc:1404 #11 0x0000555555eb5633 in handle_one_connection (arg=0x55556522fd18) at /home/psergey/dev-git/10.4/sql/sql_connect.cc:1306 #12 0x000055555683a6f4 in pfs_spawn_thread (arg=0x555565132818) at /home/psergey/dev-git/10.4/storage/perfschema/pfs.cc:1862 #13 0x00007ffff63d36db in start_thread (arg=0x7ffff0203700) at pthread_create.c:463 #14 0x00007ffff55b988f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Elena Stepanova added a comment - 2019-07-10 12:44

~~MDEV-19198~~, ~~MDEV-17275~~, ~~MDEV-19273~~, ...

Elena Stepanova added a comment - 2019-07-10 12:44 MDEV-19198 , MDEV-17275 , MDEV-19273 , ...

Varun Gupta (Inactive) added a comment - 2019-08-12 17:08

With ASAN I get

==13191==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x629000284250 at pc 0x55b57401c07b bp 0x7f3e8d4e4580 sp 0x7f3e8d4e4570

WRITE of size 1 at 0x629000284250 thread T5

    #0 0x55b57401c07a in remove_const /home/varunraiko/MariaDB/maria-dev2/sql/sql_select.cc:13873

    #1 0x55b573fc1eb9 in JOIN::optimize_stage2() /home/varunraiko/MariaDB/maria-dev2/sql/sql_select.cc:2480

    #2 0x55b573fbefb0 in JOIN::optimize_inner() /home/varunraiko/MariaDB/maria-dev2/sql/sql_select.cc:2219

    #3 0x55b573fb8484 in JOIN::optimize() /home/varunraiko/MariaDB/maria-dev2/sql/sql_select.cc:1563

    #4 0x55b573fd82a6 in mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /home/varunraiko/MariaDB/maria-dev2/sql/sql_select.cc:4591

    #5 0x55b57407bce8 in mysql_explain_union(THD*, st_select_lex_unit*, select_result*) /home/varunraiko/MariaDB/maria-dev2/sql/sql_select.cc:26793

    #6 0x55b573f21261 in execute_sqlcom_select /home/varunraiko/MariaDB/maria-dev2/sql/sql_parse.cc:6258

    #7 0x55b573f0e0f0 in mysql_execute_command(THD*) /home/varunraiko/MariaDB/maria-dev2/sql/sql_parse.cc:3882

    #8 0x55b573f2acdd in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /home/varunraiko/MariaDB/maria-dev2/sql/sql_parse.cc:7868

    #9 0x55b573f00ba2 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /home/varunraiko/MariaDB/maria-dev2/sql/sql_parse.cc:1826

    #10 0x55b573efd342 in do_command(THD*) /home/varunraiko/MariaDB/maria-dev2/sql/sql_parse.cc:1359

    #11 0x55b574301e74 in do_handle_one_connection(CONNECT*, bool) /home/varunraiko/MariaDB/maria-dev2/sql/sql_connect.cc:1413

    #12 0x55b57430171f in handle_one_connection /home/varunraiko/MariaDB/maria-dev2/sql/sql_connect.cc:1309

    #13 0x55b574f6aed2 in pfs_spawn_thread /home/varunraiko/MariaDB/maria-dev2/storage/perfschema/pfs.cc:1862

    #14 0x7f3e972fe6da in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76da)

    #15 0x7f3e964e488e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x12188e)

Varun Gupta (Inactive) added a comment - 2019-08-12 17:08 With ASAN I get ==13191==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x629000284250 at pc 0x55b57401c07b bp 0x7f3e8d4e4580 sp 0x7f3e8d4e4570 WRITE of size 1 at 0x629000284250 thread T5 #0 0x55b57401c07a in remove_const /home/varunraiko/MariaDB/maria-dev2/sql/sql_select.cc:13873 #1 0x55b573fc1eb9 in JOIN::optimize_stage2() /home/varunraiko/MariaDB/maria-dev2/sql/sql_select.cc:2480 #2 0x55b573fbefb0 in JOIN::optimize_inner() /home/varunraiko/MariaDB/maria-dev2/sql/sql_select.cc:2219 #3 0x55b573fb8484 in JOIN::optimize() /home/varunraiko/MariaDB/maria-dev2/sql/sql_select.cc:1563 #4 0x55b573fd82a6 in mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /home/varunraiko/MariaDB/maria-dev2/sql/sql_select.cc:4591 #5 0x55b57407bce8 in mysql_explain_union(THD*, st_select_lex_unit*, select_result*) /home/varunraiko/MariaDB/maria-dev2/sql/sql_select.cc:26793 #6 0x55b573f21261 in execute_sqlcom_select /home/varunraiko/MariaDB/maria-dev2/sql/sql_parse.cc:6258 #7 0x55b573f0e0f0 in mysql_execute_command(THD*) /home/varunraiko/MariaDB/maria-dev2/sql/sql_parse.cc:3882 #8 0x55b573f2acdd in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /home/varunraiko/MariaDB/maria-dev2/sql/sql_parse.cc:7868 #9 0x55b573f00ba2 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /home/varunraiko/MariaDB/maria-dev2/sql/sql_parse.cc:1826 #10 0x55b573efd342 in do_command(THD*) /home/varunraiko/MariaDB/maria-dev2/sql/sql_parse.cc:1359 #11 0x55b574301e74 in do_handle_one_connection(CONNECT*, bool) /home/varunraiko/MariaDB/maria-dev2/sql/sql_connect.cc:1413 #12 0x55b57430171f in handle_one_connection /home/varunraiko/MariaDB/maria-dev2/sql/sql_connect.cc:1309 #13 0x55b574f6aed2 in pfs_spawn_thread /home/varunraiko/MariaDB/maria-dev2/storage/perfschema/pfs.cc:1862 #14 0x7f3e972fe6da in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76da) #15 0x7f3e964e488e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x12188e)

Varun Gupta (Inactive) added a comment - 2019-09-25 07:54

Fixed by ~~MDEV-20468~~

Varun Gupta (Inactive) added a comment - 2019-09-25 07:54 Fixed by MDEV-20468

MariaDB Server

Assertion failure: thd->mdl_context.is_lock_owner(MDL_key::TABLE

Details

Description

Attachments

Issue Links

Activity

People

Dates

Git Integration