Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-22652

SIGSEGV in in_vector::find on INSERT in 10.5.3 but not 10.5.4

    XMLWordPrintable

    Details

      Description

      It may be that this bug was fixed somehow in 10.5.4, however that is not sure (it may be masked).

      USE test;
      CREATE TEMPORARY TABLE t(a INT);
      ALTER TABLE t ADD c0 INT;
      ALTER TABLE t ADD CONSTRAINT CHECK(c0 NOT IN (0,0,0));
      ALTER TABLE t ADD c0 BLOB;
      INSERT INTO t VALUES(0,0),(0,0),(0,0),(0,0),(0,0),(0,0),(0,0);
      

      Leads to:

      10.5.3 cfe5ee90c8e4b9dfa98a41fcd299197a59261be7

      Core was generated by `/test/MD110520-mariadb-10.5.3-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
      Program terminated with signal SIGSEGV, Segmentation fault.
      #0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=11)
          at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
      [Current thread is 1 (Thread 0x14c6eff8f700 (LWP 2261309))]
      (gdb) bt
      #0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=11) at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
      #1  0x000055f3c0bdcc11 in my_write_core (sig=sig@entry=11) at /test/10.5_dbg/mysys/stacktrace.c:518
      #2  0x000055f3c0381f8d in handle_fatal_signal (sig=11) at /test/10.5_dbg/sql/signal_handler.cc:329
      #3  <signal handler called>
      #4  0x000055f3c03d771f in in_vector::find (this=0x14c6ccc35938, item=0x14c6ccc539a0) at /test/10.5_dbg/sql/item_cmpfunc.cc:3653
      #5  0x000055f3c03d9a14 in Item_func_in::val_int (this=0x14c6ccc53c10) at /test/10.5_dbg/sql/item_cmpfunc.cc:4690
      #6  0x000055f3c01debe1 in TABLE::verify_constraints (this=0x14c6cccc7088, ignore_failure=ignore_failure@entry=false) at /test/10.5_dbg/sql/table.cc:5965
      #7  0x000055f3c01def87 in TABLE_LIST::view_check_option (this=this@entry=0x14c6ccc741c8, thd=thd@entry=0x14c6ccc15088, ignore_failure=<optimized out>) at /test/10.5_dbg/sql/table.cc:5940
      #8  0x000055f3c00a25ce in mysql_insert (thd=thd@entry=0x14c6ccc15088, table_list=0x14c6ccc741c8, fields=..., values_list=..., update_fields=..., update_values=..., duplic=DUP_ERROR, ignore=false, result=0x0) at /test/10.5_dbg/sql/sql_insert.cc:1068
      #9  0x000055f3c00da1e5 in mysql_execute_command (thd=thd@entry=0x14c6ccc15088) at /test/10.5_dbg/sql/sql_parse.cc:4515
      #10 0x000055f3c00e5804 in mysql_parse (thd=thd@entry=0x14c6ccc15088, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14c6eff8e3e0, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_dbg/sql/sql_parse.cc:7957
      #11 0x000055f3c00d1ffd in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14c6ccc15088, packet=packet@entry=0x14c6ccc67089 "INSERT INTO t VALUES(0,0),(0,0),(0,0),(0,0),(0,0),(0,0),(0,0)", packet_length=packet_length@entry=61, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_dbg/sql/sql_parse.cc:1839
      #12 0x000055f3c00d08cc in do_command (thd=0x14c6ccc15088) at /test/10.5_dbg/sql/sql_parse.cc:1358
      #13 0x000055f3c022a99d in do_handle_one_connection (connect=<optimized out>, connect@entry=0x14c6ce8433a8, put_in_cache=put_in_cache@entry=true) at /test/10.5_dbg/sql/sql_connect.cc:1411
      #14 0x000055f3c022b0b9 in handle_one_connection (arg=arg@entry=0x14c6ce8433a8) at /test/10.5_dbg/sql/sql_connect.cc:1313
      #15 0x000055f3c068910a in pfs_spawn_thread (arg=0x14c6edc45888) at /test/10.5_dbg/storage/perfschema/pfs.cc:2201
      #16 0x000014c6ef3b66db in start_thread (arg=0x14c6eff8f700) at pthread_create.c:463
      #17 0x000014c6ee7b488f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
      

      Bug confirmed present in:
      MariaDB: 10.4.13 (dbg), 10.5.3 (dbg)

      Bug confirmed not present in:
      MariaDB: 10.1.45 (dbg), 10.1.45 (opt), 10.2.32 (dbg), 10.2.32 (opt), 10.3.23 (dbg), 10.3.23 (opt), 10.4.13 (opt), 10.5.2 (dbg), 10.5.2 (opt), 10.5.3 (opt), 10.5.4 (dbg), 10.5.4 (opt)
      MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.47 (dbg), 5.6.47 (opt), 5.7.29 (dbg), 5.7.29 (opt), 8.0.19 (dbg), 8.0.19 (opt)

      MariaDB 10.5.4 (dbg):

      10.5.4 69077dea25f6e7cab4ff8927e4429ad62af9de49

      10.5.4>ALTER TABLE t ADD c0 BLOB;
      ERROR 1060 (42S21): Duplicate column name 'c0'
      10.5.4>INSERT INTO t VALUES(0,0),(0,0),(0,0),(0,0),(0,0),(0,0),(0,0);
      ERROR 4025 (23000): CONSTRAINT `CONSTRAINT_1` failed for `test`.`t`
      

      Also, interestingly, on 10.5.3 (dbg), if the ADD BLOB is removed (even though it just fails), the testcase does not crash anymore, and the same output as 10.5.4 is produced:

      10.5.3 cfe5ee90c8e4b9dfa98a41fcd299197a59261be7

      10.5.3>INSERT INTO t VALUES(0,0),(0,0),(0,0),(0,0),(0,0),(0,0),(0,0);
      ERROR 4025 (23000): CONSTRAINT `CONSTRAINT_1` failed for `test`.`t`
      

        Attachments

          Activity

            People

            Assignee:
            sanja Oleksandr Byelkin
            Reporter:
            Roel Roel Van de Paar
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated: