[MDEV-21830] Server crash in ha_maria::implicit_commit or Assertion `share->in_trans == 0' failed in maria_close - Jira

XML

Word

Printable

Details

Type: Bug
Status: Confirmed (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: 10.1(EOL), 10.2(EOL), 10.3(EOL), 10.4(EOL)
Fix Version/s: 10.4(EOL)
Component/s: Locking, Storage Engine - Aria
Labels:
None

Description

CREATE TABLE t1 (a INT) ENGINE=Aria;

CREATE TABLE t2 (b INT) ENGINE=Aria;

LOCK TABLE t2 WRITE, t1 WRITE;

CREATE TRIGGER tr BEFORE DELETE ON t1 FOR EACH ROW SET @a= 1;

# Cleanup

UNLOCK TABLES;

DROP TABLE t1, t2;

The test case causes debug assertion failure on 10.1-10.5 and non-debug crash on 10.3.

10.3 non-debug a662cb9b
#3 <signal handler called>
#4 0x00005653061caa61 in maria_create_trn_for_mysql (info=0x7fdb640a1ef8) at /data/src/10.3/storage/maria/ha_maria.cc:928
#5 0x00005653061bff6d in _ma_setup_live_state (info=0x7fdb640a1ef8) at /data/src/10.3/storage/maria/ma_state.c:65
#6 0x00005653061cf8a3 in ha_maria::implicit_commit (thd=thd@entry=0x7fdb640009a8, new_trn=new_trn@entry=true) at /data/src/10.3/storage/maria/ha_maria.cc:2893
#7 0x0000565305e2a679 in ha_commit_trans (thd=thd@entry=0x7fdb640009a8, all=all@entry=true) at /data/src/10.3/sql/handler.cc:1387
#8 0x0000565305d3ceaa in trans_commit_implicit (thd=thd@entry=0x7fdb640009a8) at /data/src/10.3/sql/transaction.cc:361
#9 0x0000565305c5efbd in mysql_execute_command (thd=thd@entry=0x7fdb640009a8) at /data/src/10.3/sql/sql_parse.cc:6151
#10 0x0000565305c662f9 in mysql_parse (thd=thd@entry=0x7fdb640009a8, rawbuf=<optimized out>, length=60, parser_state=parser_state@entry=0x7fdbb3365640, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /data/src/10.3/sql/sql_parse.cc:7817
#11 0x0000565305c68b0d in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x7fdb640009a8, packet=packet@entry=0x7fdb640070c9 "CREATE TRIGGER tr BEFORE DELETE ON t1 FOR EACH ROW SET @a= 1", packet_length=packet_length@entry=60, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /data/src/10.3/sql/sql_parse.cc:1856
#12 0x0000565305c69786 in do_command (thd=0x7fdb640009a8) at /data/src/10.3/sql/sql_parse.cc:1401
#13 0x0000565305d30b94 in do_handle_one_connection (connect=connect@entry=0x565308cd6918) at /data/src/10.3/sql/sql_connect.cc:1403
#14 0x0000565305d30c44 in handle_one_connection (arg=0x565308cd6918) at /data/src/10.3/sql/sql_connect.cc:1308
#15 0x00007fdbc33654a4 in start_thread (arg=0x7fdbb3366700) at pthread_create.c:456
#16 0x00007fdbc1499d0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97

10.4 debug 1ad8693a
mysqld: /data/src/10.4/storage/maria/ma_close.c:97: maria_close: Assertion `share->in_trans == 0' failed.
200304 14:06:57 [ERROR] mysqld got signal 6 ;

#7 0x00007f1cd3eeaf12 in __GI___assert_fail (assertion=0x55d8a4671ba9 "share->in_trans == 0", file=0x55d8a4671ae8 "/data/src/10.4/storage/maria/ma_close.c", line=97, function=0x55d8a4671e58 <__PRETTY_FUNCTION__.15359> "maria_close") at assert.c:101
#8 0x000055d8a409329f in maria_close (info=0x7f1c78038420) at /data/src/10.4/storage/maria/ma_close.c:97
#9 0x000055d8a4001e87 in ha_maria::close (this=0x7f1c78195e38) at /data/src/10.4/storage/maria/ha_maria.cc:1236
#10 0x000055d8a39550b8 in handler::ha_close (this=0x7f1c78195e38) at /data/src/10.4/sql/handler.cc:2813
#11 0x000055d8a371d5f3 in closefrm (table=0x7f1c78194fd0) at /data/src/10.4/sql/table.cc:4053
#12 0x000055d8a38786ef in intern_close_table (table=0x7f1c78194fd0) at /data/src/10.4/sql/table_cache.cc:222
#13 0x000055d8a3878887 in tc_remove_table (table=0x7f1c78194fd0) at /data/src/10.4/sql/table_cache.cc:260
#14 0x000055d8a387940f in tc_release_table (table=0x7f1c78194fd0) at /data/src/10.4/sql/table_cache.cc:474
#15 0x000055d8a3547dc2 in close_thread_table (thd=0x7f1c78000af0, table_ptr=0x7f1c78000bd0) at /data/src/10.4/sql/sql_base.cc:1078
#16 0x000055d8a3547523 in close_all_tables_for_name (thd=0x7f1c78000af0, share=0x7f1c78148778, extra=HA_EXTRA_NOT_USED, skip_table=0x0) at /data/src/10.4/sql/sql_base.cc:842
#17 0x000055d8a36ec2e3 in mysql_create_or_drop_trigger (thd=0x7f1c78000af0, tables=0x7f1c780130e8, create=true) at /data/src/10.4/sql/sql_trigger.cc:591
#18 0x000055d8a35f7c6b in mysql_execute_command (thd=0x7f1c78000af0) at /data/src/10.4/sql/sql_parse.cc:5937
#19 0x000055d8a35fde57 in mysql_parse (thd=0x7f1c78000af0, rawbuf=0x7f1c78012f88 "CREATE TRIGGER tr BEFORE DELETE ON t1 FOR EACH ROW SET @a= 1", length=60, parser_state=0x7f1cd07391b0, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:7900
#20 0x000055d8a35e903a in dispatch_command (command=COM_QUERY, thd=0x7f1c78000af0, packet=0x7f1c7812e551 "CREATE TRIGGER tr BEFORE DELETE ON t1 FOR EACH ROW SET @a= 1", packet_length=60, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:1842
#21 0x000055d8a35e76c7 in do_command (thd=0x7f1c78000af0) at /data/src/10.4/sql/sql_parse.cc:1360
#22 0x000055d8a3770933 in do_handle_one_connection (connect=0x55d8a7117ba0) at /data/src/10.4/sql/sql_connect.cc:1412
#23 0x000055d8a3770682 in handle_one_connection (arg=0x55d8a7117ba0) at /data/src/10.4/sql/sql_connect.cc:1316
#24 0x00007f1cd5e734a4 in start_thread (arg=0x7f1cd073a700) at pthread_create.c:456
#25 0x00007f1cd3fa7d0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97

After fixing, please also check the slightly more complicated test case which involves partitioning:

--source include/have_partition.inc

CREATE TABLE t1 (a INT) ENGINE=Aria PARTITION BY RANGE(a) (PARTITION p1 VALUES LESS THAN (10));

CREATE TABLE t2 (a INT) ENGINE=Aria;

LOCK TABLE t1 WRITE, t2 READ;

ALTER TABLE t1 ADD PARTITION (PARTITION p2 VALUES LESS THAN (20));

# Cleanup

UNLOCK TABLES;

DROP TABLE t1, t2;

This test case causes a debug assertion on 10.1-10.5 and a non-debug crash on 10.2-10.3.

10.3 non-debug a662cb9b
#3 <signal handler called>
#4 ha_maria::implicit_commit (thd=thd@entry=0x7f217c0009a8, new_trn=new_trn@entry=true) at /data/src/10.3/storage/maria/ha_maria.cc:2890
#5 0x000055c9896c7679 in ha_commit_trans (thd=thd@entry=0x7f217c0009a8, all=all@entry=true) at /data/src/10.3/sql/handler.cc:1387
#6 0x000055c9895d9eaa in trans_commit_implicit (thd=thd@entry=0x7f217c0009a8) at /data/src/10.3/sql/transaction.cc:361
#7 0x000055c9894fbfbd in mysql_execute_command (thd=thd@entry=0x7f217c0009a8) at /data/src/10.3/sql/sql_parse.cc:6151
#8 0x000055c9895032f9 in mysql_parse (thd=thd@entry=0x7f217c0009a8, rawbuf=<optimized out>, length=65, parser_state=parser_state@entry=0x7f218eb89620, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /data/src/10.3/sql/sql_parse.cc:7817
#9 0x000055c989505b0d in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x7f217c0009a8, packet=packet@entry=0x7f217c0070c9 "ALTER TABLE t1 ADD PARTITION (PARTITION p2 VALUES LESS THAN (20))", packet_length=packet_length@entry=65, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /data/src/10.3/sql/sql_parse.cc:1856
#10 0x000055c989506786 in do_command (thd=0x7f217c0009a8) at /data/src/10.3/sql/sql_parse.cc:1401
#11 0x000055c9895cdb94 in do_handle_one_connection (connect=connect@entry=0x55c98b6f7bf8) at /data/src/10.3/sql/sql_connect.cc:1403
#12 0x000055c9895cdc44 in handle_one_connection (arg=arg@entry=0x55c98b6f7bf8) at /data/src/10.3/sql/sql_connect.cc:1308
#13 0x000055c989b3bb44 in pfs_spawn_thread (arg=0x55c98b691e08) at /data/src/10.3/storage/perfschema/pfs.cc:1869
#14 0x00007f21969154a4 in start_thread (arg=0x7f218eb8a700) at pthread_create.c:456
#15 0x00007f2194a49d0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97

10.4 debug a17a327f
mysqld: /data/src/10.4/storage/maria/ma_close.c:97: maria_close: Assertion `share->in_trans == 0' failed.
200227 14:33:05 [ERROR] mysqld got signal 6 ;

#7 0x00007f3e1bffbf12 in __GI___assert_fail (assertion=0x55b93aed3a09 "share->in_trans == 0", file=0x55b93aed3948 "/data/src/10.4/storage/maria/ma_close.c", line=97, function=0x55b93aed3cb8 <__PRETTY_FUNCTION__.15359> "maria_close") at assert.c:101
#8 0x000055b93a8f52a9 in maria_close (info=0x7f3e0413dd20) at /data/src/10.4/storage/maria/ma_close.c:97
#9 0x000055b93a863e91 in ha_maria::close (this=0x7f3e0412c268) at /data/src/10.4/storage/maria/ha_maria.cc:1236
#10 0x000055b93a1b70c8 in handler::ha_close (this=0x7f3e0412c268) at /data/src/10.4/sql/handler.cc:2813
#11 0x000055b93a9fdbab in ha_partition::close (this=0x7f3e0412b9d8) at /data/src/10.4/sql/ha_partition.cc:3847
#12 0x000055b93a1b70c8 in handler::ha_close (this=0x7f3e0412b9d8) at /data/src/10.4/sql/handler.cc:2813
#13 0x000055b93a392c91 in alter_close_table (lpt=0x7f3e161a1570) at /data/src/10.4/sql/sql_partition.cc:6902
#14 0x000055b93a393d44 in fast_alter_partition_table (thd=0x7f3e04000af0, table=0x7f3e0412a710, alter_info=0x7f3e161a3c30, create_info=0x7f3e161a3cf0, table_list=0x7f3e040132c8, db=0x7f3e161a3110, table_name=0x7f3e161a3120) at /data/src/10.4/sql/sql_partition.cc:7365
#15 0x000055b939f43671 in mysql_alter_table (thd=0x7f3e04000af0, new_db=0x7f3e040052b0, new_name=0x7f3e040056b8, create_info=0x7f3e161a3cf0, table_list=0x7f3e040132c8, alter_info=0x7f3e161a3c30, order_num=0, order=0x0, ignore=false) at /data/src/10.4/sql/sql_table.cc:9856
#16 0x000055b939fdc033 in Sql_cmd_alter_table::execute (this=0x7f3e04014158, thd=0x7f3e04000af0) at /data/src/10.4/sql/sql_alter.cc:508
#17 0x000055b939e5a7a5 in mysql_execute_command (thd=0x7f3e04000af0) at /data/src/10.4/sql/sql_parse.cc:6101
#18 0x000055b939e5fe67 in mysql_parse (thd=0x7f3e04000af0, rawbuf=0x7f3e04013198 "ALTER TABLE t1 ADD PARTITION (PARTITION p2 VALUES LESS THAN (20))", length=65, parser_state=0x7f3e161a5160, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:7900
#19 0x000055b939e4b04a in dispatch_command (command=COM_QUERY, thd=0x7f3e04000af0, packet=0x7f3e041361f1 "ALTER TABLE t1 ADD PARTITION (PARTITION p2 VALUES LESS THAN (20))", packet_length=65, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:1842
#20 0x000055b939e496d7 in do_command (thd=0x7f3e04000af0) at /data/src/10.4/sql/sql_parse.cc:1360
#21 0x000055b939fd2943 in do_handle_one_connection (connect=0x55b93dc71620) at /data/src/10.4/sql/sql_connect.cc:1412
#22 0x000055b939fd2692 in handle_one_connection (arg=0x55b93dc71620) at /data/src/10.4/sql/sql_connect.cc:1316
#23 0x000055b93a9d9585 in pfs_spawn_thread (arg=0x55b93db85880) at /data/src/10.4/storage/perfschema/pfs.cc:1869
#24 0x00007f3e1df844a4 in start_thread (arg=0x7f3e161a6700) at pthread_create.c:456
#25 0x00007f3e1c0b8d0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97

I've found several JIRA items which look similar, but they don't fit in one or another way.
~~MDEV-10748~~ has been already closed.
~~MDEV-18088~~ is not reproducible with the test case provided there on the current 10.2-10.4 trees (was fixed by ~~MDEV-10748~~ commit), besides it was said not to be reproducible on 10.1 even at the time of its creation.
~~MDEV-21066~~, on the contrary, is said to only affect 10.1.

Attachments

Issue Links

relates to

MDEV-10748 Server crashes in ha_maria::implicit_commit upon ALTER TABLE

Closed

MDEV-18088 Assertion `share->in_trans == 0' failed in maria_close upon double ALTER under lock

Closed

MDEV-21066 AddressSanitizer: heap-use-after-free in ha_maria::implicit_commit upon ALTER under lock

Closed

Activity

People

Assignee:: Michael Widenius

Reporter:: Elena Stepanova

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2020-02-27 13:44

Updated:: 2023-04-27 14:03

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.