Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-23206

SIGSEGV in btr_search_sys_t::get_part on DROP TABLE with innodb_adaptive_hash_index enabled

    XMLWordPrintable

    Details

      Description

      USE test;
      SET GLOBAL innodb_adaptive_hash_index=ON;
      CREATE TABLE t (c INT) ENGINE=InnoDB;
      ALTER TABLE t DISCARD TABLESPACE;
      DROP TABLE t;
      

      Leads to:

      10.5.5 30e7a0a866dce530d8328c6d614e48d39a264f9b

      Core was generated by `/test/MD140720-mariadb-10.5.5-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
      Program terminated with signal SIGSEGV, Segmentation fault.
      #0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=11)
          at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
      [Current thread is 1 (Thread 0x1489b776c700 (LWP 1577801))]
      (gdb) bt
      #0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=11) at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
      #1  0x00005586510944d7 in my_write_core (sig=sig@entry=11) at /test/10.5_dbg/mysys/stacktrace.c:518
      #2  0x000055865084e9ba in handle_fatal_signal (sig=11) at /test/10.5_dbg/sql/signal_handler.cc:330
      #3  <signal handler called>
      #4  0x0000558650f33e71 in btr_search_sys_t::get_part (index=@0x148993eea698: {static MAX_N_FIELDS = 1023, id = 25, heap = 0x148993c63618, name = {m_name = 0x148993ef4d98 "GEN_CLUST_INDEX"}, table = 0x148993c52598, page = 4294967295, merge_threshold = 50, type = 1, trx_id_offset = 6, n_user_defined_cols = 0, nulls_equal = 0, n_uniq = 1, n_def = 4, n_fields = 4, n_nullable = 1, n_core_fields = 4, n_core_null_bytes = 1, static NO_CORE_NULL_BYTES = 255, static DICT_INDEXES_ID = 3, cached = 1, to_be_dropped = 0, online_status = 0, uncommitted = 0, is_dummy = false, in_instant_init = false, magic_n = 76789786, fields = 0x148993ef4da8, parser = 0x0, has_new_v_col = false, indexes = {prev = 0x0, next = 0x0}, search_info = 0x148993ef4e28, online_log = 0x0, stat_n_diff_key_vals = 0x148993ef4e10, stat_n_sample_sizes = 0x148993ef4e18, stat_n_non_null_key_vals = 0x148993ef4e20, stat_index_size = 1, stat_n_leaf_pages = 1, stats_error_printed = false, stat_defrag_modified_counter = 0, stat_defrag_n_pages_freed = 0, stat_defrag_n_page_split = 0, stat_defrag_data_size_sample = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0}, stat_defrag_sample_next_slot = 0, rtr_ssn = {m = {<std::__atomic_base<unsigned int>> = {static _S_alignment = 4, _M_i = 0}, <No data fields>}}, rtr_track = 0x0, trx_id = 22, zip_pad = {mutex = {m_impl = {m_freed = false, m_locked = false, m_destroy_at_exit = true, m_mutex = {m_freed = false, m_mutex = pthread_mutex_t = {
                      Type = Normal,
                      Status = Not acquired,
                      Robust = No,
                      Shared = No,
                      Protocol = None
                    }}, m_policy = {context = {<latch_t> = {_vptr.latch_t = 0x558651beafa0 <vtable for MutexDebug<OSTrackMutex<GenericPolicy> >+16>, m_id = LATCH_ID_ZIP_PAD_MUTEX, m_rw_lock = false}, m_mutex = 0x0, m_filename = 0x0, m_line = 0, m_thread_id = 18446744073709551615, m_debug_mutex = {m_freed = false, m_mutex = pthread_mutex_t = {
                          Type = Normal,
                          Status = Not acquired,
                          Robust = No,
                          Shared = No,
                          Protocol = None
                        }}}, m_filename = 0x558651548068 "/test/10.5_dbg/storage/innobase/dict/dict0mem.cc", m_line = 807, m_count = {m_spins = 0, m_waits = 0, m_calls = 0, m_enabled = false}, m_id = LATCH_ID_ZIP_PAD_MUTEX}}, m_ptr = 0x0}, pad = {m = {<std::__atomic_base<unsigned long>> = {static _S_alignment = 8, _M_i = 0}, <No data fields>}}, success = 0, failure = 0, n_rounds = 0}, lock = {<latch_t> = {_vptr.latch_t = 0x558651beb510 <vtable for rw_lock_t+16>, m_id = LATCH_ID_INDEX_TREE, m_rw_lock = true}, <ilist_node<void>> = {next = 0x148993c52760, prev = 0x5586526ae520 <rw_lock_list>}, created = true, lock_word = {m = {<std::__atomic_base<int>> = {static _S_alignment = 4, _M_i = 536870912}, <No data fields>}}, waiters = {m = {<std::__atomic_base<unsigned int>> = {static _S_alignment = 4, _M_i = 0}, <No data fields>}}, sx_recursive = 0, writer_is_wait_ex = false, writer_thread = 0, event = 0x148993c61858, wait_ex_event = 0x148993c618f8, cfile_name = 0x5586515404b0 "/test/10.5_dbg/storage/innobase/dict/dict0dict.cc", last_x_file_name = 0x5586514e1c40 "/test/10.5_dbg/storage/innobase/row/row0mysql.cc", cline = 2155, is_block_lock = 0, last_x_line = 3596, count_os_wait = 0, pfs_psi = 0x0, debug_list = {count = 0, start = 0x0, end = 0x0, node = &rw_lock_debug_t::list, init = 51966}, level = SYNC_INDEX_TREE}}, this=<optimized out>) at /test/10.5_dbg/storage/innobase/include/btr0sea.h:308
      #5  dict_index_t::n_ahi_pages (this=0x148993eea698) at /test/10.5_dbg/storage/innobase/include/btr0sea.h:358
      #6  dict_index_remove_from_cache_low (table=table@entry=0x148993c52598, index=0x148993eea698, lru_evict=lru_evict@entry=0) at /test/10.5_dbg/storage/innobase/dict/dict0dict.cc:2217
      #7  0x0000558650f34362 in dict_sys_t::remove (this=0x558651d60800 <dict_sys>, table=0x148993c52598, lru=lru@entry=false, keep=keep@entry=false) at /test/10.5_dbg/storage/innobase/dict/dict0dict.cc:1944
      #8  0x0000558650d90d51 in row_drop_table_from_cache (trx=0x1489a2403578, table=<optimized out>, tablename=0x148993c11218 "test/t") at /test/10.5_dbg/storage/innobase/row/row0mysql.cc:3298
      #9  row_drop_table_for_mysql (name=<optimized out>, name@entry=0x1489b7768da0 "test/t", trx=<optimized out>, sqlcom=sqlcom@entry=SQLCOM_DROP_TABLE, create_failed=create_failed@entry=false, nonatomic=<optimized out>, nonatomic@entry=true) at /test/10.5_dbg/storage/innobase/row/row0mysql.cc:3743
      #10 0x0000558650c31fab in ha_innobase::delete_table (this=this@entry=0x148993c74a70, name=<optimized out>, name@entry=0x1489b776a610 "./test/t", sqlcom=sqlcom@entry=SQLCOM_DROP_TABLE) at /test/10.5_dbg/storage/innobase/handler/ha_innodb.cc:13431
      #11 0x0000558650c263f2 in ha_innobase::delete_table (this=0x148993c74a70, name=0x1489b776a610 "./test/t") at /test/10.5_dbg/storage/innobase/handler/ha_innodb.cc:13558
      #12 0x00005586508559b7 in hton_drop_table (hton=<optimized out>, path=<optimized out>) at /test/10.5_dbg/sql/handler.cc:564
      #13 0x000055865085c785 in ha_delete_table (thd=thd@entry=0x148993c15088, hton=hton@entry=0x1489b4442e08, path=path@entry=0x1489b776a610 "./test/t", db=db@entry=0x1489b776a320, alias=alias@entry=0x1489b776a330, generate_warning=<optimized out>) at /test/10.5_dbg/sql/handler.cc:2761
      #14 0x0000558650665c58 in mysql_rm_table_no_locks (thd=thd@entry=0x148993c15088, tables=tables@entry=0x148993c74158, if_exists=if_exists@entry=false, drop_temporary=drop_temporary@entry=false, drop_view=drop_view@entry=false, drop_sequence=drop_sequence@entry=false, dont_log_query=false, dont_free_locks=false) at /test/10.5_dbg/sql/sql_table.cc:2482
      #15 0x0000558650667a03 in mysql_rm_table (thd=thd@entry=0x148993c15088, tables=tables@entry=0x148993c74158, if_exists=<optimized out>, drop_temporary=<optimized out>, drop_sequence=<optimized out>, dont_log_query=dont_log_query@entry=false) at /test/10.5_dbg/sql/sql_table.cc:2143
      #16 0x00005586505a5307 in mysql_execute_command (thd=thd@entry=0x148993c15088) at /test/10.5_dbg/sql/sql_parse.cc:4921
      #17 0x00005586505af752 in mysql_parse (thd=thd@entry=0x148993c15088, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x1489b776b350, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_dbg/sql/sql_parse.cc:7993
      #18 0x000055865059c204 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x148993c15088, packet=packet@entry=0x148993c67089 "DROP TABLE t", packet_length=packet_length@entry=12, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_dbg/sql/sql_parse.cc:1866
      #19 0x000055865059a9de in do_command (thd=0x148993c15088) at /test/10.5_dbg/sql/sql_parse.cc:1347
      #20 0x00005586506f6c3b in do_handle_one_connection (connect=<optimized out>, connect@entry=0x1489968c7808, put_in_cache=put_in_cache@entry=true) at /test/10.5_dbg/sql/sql_connect.cc:1411
      #21 0x00005586506f7357 in handle_one_connection (arg=arg@entry=0x1489968c7808) at /test/10.5_dbg/sql/sql_connect.cc:1313
      #22 0x0000558650b5aca8 in pfs_spawn_thread (arg=0x1489b4446508) at /test/10.5_dbg/storage/perfschema/pfs.cc:2201
      #23 0x00001489b66e56db in start_thread (arg=0x1489b776c700) at pthread_create.c:463
      #24 0x00001489b5ae3a3f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
      

      Bug confirmed present in:
      MariaDB: 10.5.5 (dbg)

      Bug confirmed not present in:
      MariaDB: 10.1.46 (dbg), 10.1.46 (opt), 10.2.33 (dbg), 10.2.33 (opt), 10.3.24 (dbg), 10.3.24 (opt), 10.4.14 (dbg), 10.4.14 (opt), 10.5.5 (opt)
      MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.47 (dbg), 5.6.47 (opt), 5.7.29 (dbg), 5.7.29 (opt), 8.0.19 (dbg), 8.0.19 (opt)

        Attachments

          Activity

            People

            Assignee:
            marko Marko Mäkelä
            Reporter:
            Roel Roel Van de Paar
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated: