Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-23363

Crashes and corruption in get_field_default_value with multiple myisam_repair_threads

    XMLWordPrintable

Details

    Description

      Even though there is no user-level concurrency, the test case is extremely non-deterministic, run with very high value of --repeat (hundreds, thousands – the test is quick, so it won't be very long). I'm not creating an rr profile just yet, because given the nature of the problem, I don't expect it will be worked on any time soon, so the profile will expire anyway.
      It's easier to catch all failures if you record the result file before running the test, as some problems represent as corrupt output from SHOW COLUMNS and don't make MTR fail if the test is run without the result file to compare to.

      --source include/have_sequence.inc
       
      CREATE TABLE t1 (a INT, b TEXT, c VARBINARY(1024), UNIQUE(c), KEY(b(128)), KEY(a)) ENGINE=MyISAM;
      INSERT INTO t1 SELECT seq, CONCAT('seq',seq), CONCAT('seq',seq) FROM seq_1_to_1000;
      SELECT * INTO OUTFILE 'load_t1' FROM t1;
      TRUNCATE t1;
      SET myisam_repair_threads= 4;
      LOAD DATA INFILE 'load_t1' INTO TABLE t1;
      SHOW COLUMNS FROM t1 IN test;
       
      #  Cleanup
      DROP TABLE t1;
      --let $datadir= `select @@datadir`
      --remove_file $datadir/test/load_t1
      

      All output below are from the same test running on the same revision of 10.4, different builds (debug, non-debug, ASAN).

      10.4 4db4b773

      #3  <signal handler called>
      #4  0x000055723523cb7e in my_convert (to=0x7f17f825ee80 "", to_length=127215, to_cs=0x557235f8d6e0 <my_charset_utf8_general_ci>, from=0xa5a5a5a5a5a5a5a5 <error: Cannot access memory at address 0xa5a5a5a5a5a5a5a5>, from_length=42405, from_cs=0x557235e874a0 <my_charset_latin1>, errors=0x7f181422c2f8) at /data/src/10.4/strings/ctype.c:1109
      #5  0x00005572344c71a4 in copy_and_convert (to=0x7f17f825ee80 "", to_length=127215, to_cs=0x557235f8d6e0 <my_charset_utf8_general_ci>, from=0xa5a5a5a5a5a5a5a5 <error: Cannot access memory at address 0xa5a5a5a5a5a5a5a5>, from_length=42405, from_cs=0x557235e874a0 <my_charset_latin1>, errors=0x7f181422c2f8) at /data/src/10.4/sql/sql_string.h:44
      #6  0x00005572346c05f3 in String::copy (this=0x7f181422c620, str=0xa5a5a5a5a5a5a5a5 <error: Cannot access memory at address 0xa5a5a5a5a5a5a5a5>, arg_length=42405, from_cs=0x557235e874a0 <my_charset_latin1>, to_cs=0x557235f8d6e0 <my_charset_utf8_general_ci>, errors=0x7f181422c2f8) at /data/src/10.4/sql/sql_string.cc:445
      #7  0x0000557234693cb0 in get_field_default_value (thd=0x7f17f8000af0, field=0x7f17f8214ad0, def_value=0x7f181422ca20, quoted=false) at /data/src/10.4/sql/sql_show.cc:1845
      #8  0x00005572346a221d in get_schema_column_record (thd=0x7f17f8000af0, tables=0x7f17f81ed758, table=0x7f17f823e7d8, res=false, db_name=0x7f17f80136f8, table_name=0x7f17f8013708) at /data/src/10.4/sql/sql_show.cc:6030
      #9  0x000055723469ce7e in fill_schema_table_by_open (thd=0x7f17f8000af0, mem_root=0x7f17f8006490, is_show_fields_or_keys=true, table=0x7f17f823e7d8, schema_table=0x557235db3400 <schema_tables+384>, orig_db_name=0x7f17f80136f8, orig_table_name=0x7f17f8013708, open_tables_state_backup=0x7f181422ecc0, can_deadlock=false) at /data/src/10.4/sql/sql_show.cc:4697
      #10 0x000055723469dfff in get_all_tables (thd=0x7f17f8000af0, tables=0x7f17f80144e0, cond=0x0) at /data/src/10.4/sql/sql_show.cc:5186
      #11 0x00005572346afabe in get_schema_tables_result (join=0x7f17f8016680, executed_place=PROCESSED_BY_JOIN_EXEC) at /data/src/10.4/sql/sql_show.cc:8936
      #12 0x0000557234640158 in JOIN::exec_inner (this=0x7f17f8016680) at /data/src/10.4/sql/sql_select.cc:4430
      #13 0x000055723463f574 in JOIN::exec (this=0x7f17f8016680) at /data/src/10.4/sql/sql_select.cc:4255
      #14 0x0000557234640c89 in mysql_select (thd=0x7f17f8000af0, tables=0x7f17f80144e0, wild_num=0, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2684619520, result=0x7f17f8016658, unit=0x7f17f8004a18, select_lex=0x7f17f8005210) at /data/src/10.4/sql/sql_select.cc:4687
      #15 0x000055723463075c in handle_select (thd=0x7f17f8000af0, lex=0x7f17f8004958, result=0x7f17f8016658, setup_tables_done_option=0) at /data/src/10.4/sql/sql_select.cc:422
      #16 0x00005572345f6f86 in execute_sqlcom_select (thd=0x7f17f8000af0, all_tables=0x7f17f80144e0) at /data/src/10.4/sql/sql_parse.cc:6355
      #17 0x00005572345ed5bd in mysql_execute_command (thd=0x7f17f8000af0) at /data/src/10.4/sql/sql_parse.cc:3889
      #18 0x00005572345faf33 in mysql_parse (thd=0x7f17f8000af0, rawbuf=0x7f17f8013198 "SHOW COLUMNS FROM t1 IN test", length=28, parser_state=0x7f1814230570, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:7896
      #19 0x00005572345e7468 in dispatch_command (command=COM_QUERY, thd=0x7f17f8000af0, packet=0x7f17f81364b1 "SHOW COLUMNS FROM t1 IN test", packet_length=28, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:1835
      #20 0x00005572345e5c0a in do_command (thd=0x7f17f8000af0) at /data/src/10.4/sql/sql_parse.cc:1353
      #21 0x000055723476efa0 in do_handle_one_connection (connect=0x5572384adba0) at /data/src/10.4/sql/sql_connect.cc:1412
      #22 0x000055723476ecef in handle_one_connection (arg=0x5572384adba0) at /data/src/10.4/sql/sql_connect.cc:1316
      #23 0x0000557235171031 in pfs_spawn_thread (arg=0x5572384c9720) at /data/src/10.4/storage/perfschema/pfs.cc:1869
      #24 0x00007f181b0694a4 in start_thread (arg=0x7f1814231700) at pthread_create.c:456
      #25 0x00007f181919dd0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97
      

      SHOW COLUMNS FROM t1 IN test;
      Field	Type	Null	Key	Default	Extra
      a	int(11)	YES	MUL	NULL	
      b	text	YES	MUL	NULL	
      _4rU3?_4rU8?R#??65rU??65rU???Th4z?????????B?X??5rU??5rU ?4rU??i4rU;?i4rU??j4rUXd4rUt?c4rU?????R#?????_??????P??mysqlinnodb_table_stats?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????65rU??65rU0?N??)8rU????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????h4z?????????????????#?X??5rU??5rU ?4rU??i4rU;?i4rU??j4rUXd4rUt?c4rU?????R#???????????0m?ysqltransaction_registry???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????65rU??65rU0@????)8rU????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????h4z????????????UP?
      ??R????5rU??5rU?5rU?Y5rU?f5rUOv5rU?4rU?4rU?????R#????????S??@n_5rU?M?5rU?????[??@n_5rU?M?5rUh4zrU???@ ?8_?5rU?5rU&5rU>5rU,?
                            5rU?r?4rUp??4rUo??4rU8rU?R#rU?g5rU?k5rU ??v5h4z?????????????????0????m?5rU?`5rUu?5rU?5rU???4rU??4rU??T4rUA?T4rU?????R#???????????????5rU????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????h4z?????L?P??m?5rU?`5rUu?5rU?5rU???4rU??4rU??T4rUA?T4rU?????R#???????????????5rU????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????h4z?????`A?0	?X??5rU??5rU ?4rU??i4rU;?i4rU??j4rUXd4rUt?c4rU?????R#???????????p??ysqltransaction_registry???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????65rU??65rU0@???)8rU????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????h4z????????????U????X????5rU??5rU?5rU???4rU??4rU??T4rUA?T4rU??T4rU?????R#????????0Y??@n_5rU?M?5rU????????@n_5rU?M?5rUh4zrU????????R#????????????????????????????AP>????????????????x?x???0???X??5rU??5rU ?4rU??T4rUA?T4rU??T4rU|?o4rU?p4rU?????R#?????7N8rU???-????@??mtrtest_suppressions???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????65rU??65rU????X??????)8rU????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????h4z???????????????????>???X??5rU??5rU ?4rU??T4rUA?T4rU??T4rU|?o4rU?p4rU?????R#?????7N8rU???-??????mtrtest_suppressions???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????65rU??65rU?]p??????w???)8rU????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????h4z??????????????+!? }?X??5rU??5rU ?4rU??T4rUA?T4rU??T4rU?T4rU?P4rU?????R#??????U8rU?Ffl????P,!?testt1????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????65rU??65rU???}??}?@????)8rU????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????h4z??????????????
                                 ??????????????????????????????????????????????????????????????????????????????????????????????????0O?`x"?X??5rU??5rU ?4rU??i4rU;?i4rU??j4rUXd4rUt?c4rU?????R#?????_???????O?mysqlinnodb_table_stats????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????	
      

      ==19677==ERROR: AddressSanitizer: SEGV on unknown address 0x614fffe68127 (pc 0x561a1f7f2902 bp 0x7faa35a02820 sp 0x7faa35a02810 T5)
          #0 0x561a1f7f2901 in Field::is_null(long long) const /data/src/10.4/sql/field.h:1178
          #1 0x561a1fbef5a1 in get_field_default_value /data/src/10.4/sql/sql_show.cc:1823
          #2 0x561a1fc10e3b in get_schema_column_record /data/src/10.4/sql/sql_show.cc:6030
          #3 0x561a1fc03d98 in fill_schema_table_by_open /data/src/10.4/sql/sql_show.cc:4697
          #4 0x561a1fc06229 in get_all_tables(THD*, TABLE_LIST*, Item*) /data/src/10.4/sql/sql_show.cc:5186
          #5 0x561a1fc36d16 in get_schema_tables_result(JOIN*, enum_schema_table_state) /data/src/10.4/sql/sql_show.cc:8936
          #6 0x561a1fb208ae in JOIN::exec_inner() /data/src/10.4/sql/sql_select.cc:4430
          #7 0x561a1fb1e98d in JOIN::exec() /data/src/10.4/sql/sql_select.cc:4255
          #8 0x561a1fb22443 in mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/10.4/sql/sql_select.cc:4687
          #9 0x561a1faf7b51 in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.4/sql/sql_select.cc:422
          #10 0x561a1fa79dc1 in execute_sqlcom_select /data/src/10.4/sql/sql_parse.cc:6355
          #11 0x561a1fa692a2 in mysql_execute_command(THD*) /data/src/10.4/sql/sql_parse.cc:3889
          #12 0x561a1fa82202 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.4/sql/sql_parse.cc:7896
          #13 0x561a1fa5d195 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.4/sql/sql_parse.cc:1835
          #14 0x561a1fa5a173 in do_command(THD*) /data/src/10.4/sql/sql_parse.cc:1353
          #15 0x561a1fde467d in do_handle_one_connection(CONNECT*) /data/src/10.4/sql/sql_connect.cc:1412
          #16 0x561a1fde4031 in handle_one_connection /data/src/10.4/sql/sql_connect.cc:1316
          #17 0x561a2124b545 in pfs_spawn_thread /data/src/10.4/storage/perfschema/pfs.cc:1869
          #18 0x7faa406654a3 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x74a3)
          #19 0x7faa3e799d0e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe8d0e)
       
      AddressSanitizer can not provide additional info.
      SUMMARY: AddressSanitizer: SEGV /data/src/10.4/sql/field.h:1178 in Field::is_null(long long) const
      Thread T5 created by T0 here:
          #0 0x7faa408abf59 in __interceptor_pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x30f59)
          #1 0x561a2124b932 in spawn_thread_v1 /data/src/10.4/storage/perfschema/pfs.cc:1919
          #2 0x561a1f7b2628 in inline_mysql_thread_create /data/src/10.4/include/mysql/psi/mysql_thread.h:1275
          #3 0x561a1f7c6b2f in create_thread_to_handle_connection(CONNECT*) /data/src/10.4/sql/mysqld.cc:6262
          #4 0x561a1f7c7212 in create_new_thread(CONNECT*) /data/src/10.4/sql/mysqld.cc:6332
          #5 0x561a1f7c759d in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/src/10.4/sql/mysqld.cc:6430
          #6 0x561a1f7c81ef in handle_connections_sockets() /data/src/10.4/sql/mysqld.cc:6588
          #7 0x561a1f7c6391 in mysqld_main(int, char**) /data/src/10.4/sql/mysqld.cc:5920
          #8 0x561a1f7b050f in main /data/src/10.4/sql/main.cc:25
          #9 0x7faa3e6d12e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0)
       
      ==19677==ABORTING
      

      --- /data/bld/10.4-debug-nightly/mysql-test/suite/bug/length1.result	2020-08-01 21:22:27.931675997 +0300
      +++ /data/bld/10.4-debug-nightly/mysql-test/suite/bug/length1.reject	2020-08-01 21:22:43.807507902 +0300
      @@ -4,6 +4,6 @@
       SHOW COLUMNS FROM t1 IN test;
       Field	Type	Null	Key	Default	Extra
       a	int(11)	YES	MUL	NULL	
      -b	text	YES	MUL	NULL	
      -c	varbinary(1024)	YES	UNI	NULL	
      +b	text	YES	MUL		
      +c	varbinary(1024)	YES	UNI		
       DROP TABLE t1;
      

      This assertion was observed on a similar test case, although I never got it with the test above (may be just the matter of luck):

      10.4 92499ae9

      mysqld: /home/elenst/src/10.4/sql/sql_string.cc:48: bool Binary_string::real_alloc(size_t): Assertion `length < 0xFFFFFFFFL' failed.
      200801  3:13:12 [ERROR] mysqld got signal 6 ;
       
      assert/assert.c:92(__assert_fail_base)[0x2b372962e202]
      /home/elenst/builds/10.4-92499ae9-deb/bin/mysqld(_ZN13Binary_string10real_allocEm+0x18f)[0x55ac57e257b5]
      /home/elenst/builds/10.4-92499ae9-deb/bin/mysqld(+0x7132e3)[0x55ac57c2b2e3]
      sql/sql_string.cc:49(Binary_string::real_alloc(unsigned long))[0x55ac57e265f2]
      sql/sql_string.h:618(Binary_string::alloc(unsigned long))[0x55ac57df9c8c]
      sql/sql_string.cc:443(String::copy(char const*, unsigned long, charset_info_st const*, charset_info_st const*, unsigned int*))[0x55ac57e080d4]
      sql/sql_show.cc:1846(get_field_default_value(THD*, Field*, String*, bool))[0x55ac57e02da6]
      sql/sql_show.cc:6030(get_schema_column_record(THD*, TABLE_LIST*, TABLE*, bool, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*))[0x55ac57e03f1d]
      sql/sql_show.cc:4700(fill_schema_table_by_open(THD*, st_mem_root*, bool, TABLE*, st_schema_table*, st_mysql_const_lex_string*, st_mysql_const_lex_string*, Open_tables_backup*, bool))[0x
      55ac57e158ff]
      sql/sql_show.cc:5191(get_all_tables(THD*, TABLE_LIST*, Item*))[0x55ac57da57c2]
      sql/sql_select.cc:4429(JOIN::exec_inner())[0x55ac57da4bda]
      sql/sql_select.cc:4256(JOIN::exec())[0x55ac57da6330]
      sql/sql_select.cc:4689(mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x55ac57d95d9f]
      sql/sql_select.cc:422(handle_select(THD*, LEX*, select_result*, unsigned long))[0x55ac57d5c2ad]
      sql/sql_parse.cc:6355(execute_sqlcom_select(THD*, TABLE_LIST*))[0x55ac57d52b15]
      sql/sql_parse.cc:3889(mysql_execute_command(THD*))[0x55ac57d602c1]
      sql/sql_parse.cc:7896(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x55ac57d4c975]
      sql/sql_parse.cc:1837(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x55ac57d4b05b]
      sql/sql_parse.cc:1353(do_command(THD*))[0x55ac57ed6476]
      sql/sql_connect.cc:1412(do_handle_one_connection(CONNECT*))[0x55ac57ed61a5]
      /lib64/libpthread.so.0(+0x7e65)[0x2b3728152e65]
      /lib64/libc.so.6(clone+0x6d)[0x2b37296fd88d]
       
      Trying to get some variables.
      Some pointers may be invalid and cause the dump to abort.
      Query (0x2b3788011d88): SHOW /* QNO 14894 CON_ID 15 */ COLUMNS FROM `t9_MyISAM` IN test
      Connection ID (thread ID): 12
      Status: KILL_TIMEOUT
      

      Couldn't reproduce on 10.5, but again, it can be just the matter of luck.
      The test case is not applicable to previous versions due to unique blobs (and I couldn't get rid of unique blobs).
      I'm adding virtual columns to the components, because most of unique blob-related issues turn out to be caused by virtual column flaws.

      Attachments

        Issue Links

          Activity

            People

              sanja Oleksandr Byelkin
              elenst Elena Stepanova
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.