[MDEV-24754] Server crash in dict_v_col_t::~dict_v_col_t / ha_partition_inplace_ctx::~ha_partition_inplace_ctx - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Blocker
Resolution: Fixed
Affects Version/s: N/A
Fix Version/s: 10.5.9
Component/s: Partitioning, Storage Engine - InnoDB
Labels:
- regression

Description

--source include/have_partition.inc

--source include/have_innodb.inc

CREATE TABLE t1 (id INT PRIMARY KEY, a INT, va INT AS (a) VIRTUAL) ENGINE=InnoDB;

ALTER TABLE t1 PARTITION BY HASH(id) PARTITIONS 2;

ALTER TABLE t1 ADD b INT;

# Cleanup

DROP TABLE t1;

10.5 b1241585 ASAN
==2243346==ERROR: AddressSanitizer: heap-use-after-free on address 0x61c000036a00 at pc 0x5579621fc4f0 bp 0x7f72a8e74750 sp 0x7f72a8e74740
READ of size 8 at 0x61c000036a00 thread T14
#0 0x5579621fc4ef in std::_Fwd_list_base<dict_v_idx_t, ut_allocator<dict_v_idx_t, true> >::_M_erase_after(std::_Fwd_list_node_base, std::_Fwd_list_node_base) /usr/include/c++/9/bits/forward_list.tcc:81
#1 0x5579621f92b3 in std::_Fwd_list_base<dict_v_idx_t, ut_allocator<dict_v_idx_t, true> >::~_Fwd_list_base() (/data/bld/10.5-asan-nightly/bin/mariadbd+0x2ec42b3)
#2 0x5579621f872d in std::forward_list<dict_v_idx_t, ut_allocator<dict_v_idx_t, true> >::~forward_list() /usr/include/c++/9/bits/forward_list.h:588
#3 0x5579621e77db in dict_v_col_t::~dict_v_col_t() /data/src/10.5/storage/innobase/include/dict0mem.h:754
#4 0x5579621eab73 in ha_innobase_inplace_ctx::~ha_innobase_inplace_ctx() (/data/bld/10.5-asan-nightly/bin/mariadbd+0x2eb5b73)
#5 0x5579621eac85 in ha_innobase_inplace_ctx::~ha_innobase_inplace_ctx() (/data/bld/10.5-asan-nightly/bin/mariadbd+0x2eb5c85)
#6 0x557961ef6bcf in ha_partition_inplace_ctx::~ha_partition_inplace_ctx() /data/src/10.5/sql/ha_partition.cc:10203
#7 0x557961ef6c03 in ha_partition_inplace_ctx::~ha_partition_inplace_ctx() /data/src/10.5/sql/ha_partition.cc:10205
#8 0x55796107d407 in Alter_inplace_info::~Alter_inplace_info() /data/src/10.5/sql/handler.h:2548
#9 0x557961070804 in mysql_alter_table(THD, st_mysql_const_lex_string const, st_mysql_const_lex_string const, HA_CREATE_INFO, TABLE_LIST, Alter_info, unsigned int, st_order*, bool, bool) /data/src/10.5/sql/sql_table.cc:10699
#10 0x55796120f8e7 in Sql_cmd_alter_table::execute(THD*) /data/src/10.5/sql/sql_alter.cc:539
#11 0x557960dd0376 in mysql_execute_command(THD*) /data/src/10.5/sql/sql_parse.cc:6023
#12 0x557960ddde1f in mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool) /data/src/10.5/sql/sql_parse.cc:8062
#13 0x557960db410c in dispatch_command(enum_server_command, THD, char, unsigned int, bool, bool) /data/src/10.5/sql/sql_parse.cc:1889
#14 0x557960db0a35 in do_command(THD*) /data/src/10.5/sql/sql_parse.cc:1370
#15 0x5579611f330f in do_handle_one_connection(CONNECT*, bool) /data/src/10.5/sql/sql_connect.cc:1410
#16 0x5579611f2c73 in handle_one_connection /data/src/10.5/sql/sql_connect.cc:1312
#17 0x557961f0101e in pfs_spawn_thread /data/src/10.5/storage/perfschema/pfs.cc:2201
#18 0x7f72b8c00608 in start_thread /build/glibc-ZN95T4/glibc-2.31/nptl/pthread_create.c:477
#19 0x7f72b87d6292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)

0x61c000036a00 is located 384 bytes inside of 1784-byte region [0x61c000036880,0x61c000036f78)
freed by thread T14 here:
#0 0x7f72b90ee7cf in __interceptor_free (/lib/x86_64-linux-gnu/libasan.so.5+0x10d7cf)
#1 0x5579621f7419 in ut_allocator<unsigned char, true>::deallocate(unsigned char*, unsigned long) /data/src/10.5/storage/innobase/include/ut0new.h:426
#2 0x557962332577 in mem_heap_block_free(mem_block_info_t, mem_block_info_t) /data/src/10.5/storage/innobase/mem/mem0mem.cc:416
#3 0x55796280fd08 in mem_heap_free /data/src/10.5/storage/innobase/include/mem0mem.ic:417
#4 0x557962812f3a in dict_mem_table_free(dict_table_t*) /data/src/10.5/storage/innobase/dict/dict0mem.cc:247
#5 0x5579627d0b37 in dict_sys_t::remove(dict_table_t*, bool, bool) /data/src/10.5/storage/innobase/dict/dict0dict.cc:2007
#6 0x5579621c7a08 in innobase_reload_table /data/src/10.5/storage/innobase/handler/handler0alter.cc:10133
#7 0x5579621cdb32 in ha_innobase::commit_inplace_alter_table(TABLE, Alter_inplace_info, bool) /data/src/10.5/storage/innobase/handler/handler0alter.cc:11272
#8 0x5579615e6925 in handler::ha_commit_inplace_alter_table(TABLE, Alter_inplace_info, bool) /data/src/10.5/sql/handler.cc:4855
#9 0x557961ee7178 in ha_partition::commit_inplace_alter_table(TABLE, Alter_inplace_info, bool) /data/src/10.5/sql/ha_partition.cc:10396
#10 0x5579615e6925 in handler::ha_commit_inplace_alter_table(TABLE, Alter_inplace_info, bool) /data/src/10.5/sql/handler.cc:4855
#11 0x55796105d7d2 in mysql_inplace_alter_table /data/src/10.5/sql/sql_table.cc:8137
#12 0x55796107068c in mysql_alter_table(THD, st_mysql_const_lex_string const, st_mysql_const_lex_string const, HA_CREATE_INFO, TABLE_LIST, Alter_info, unsigned int, st_order*, bool, bool) /data/src/10.5/sql/sql_table.cc:10684
#13 0x55796120f8e7 in Sql_cmd_alter_table::execute(THD*) /data/src/10.5/sql/sql_alter.cc:539
#14 0x557960dd0376 in mysql_execute_command(THD*) /data/src/10.5/sql/sql_parse.cc:6023
#15 0x557960ddde1f in mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool) /data/src/10.5/sql/sql_parse.cc:8062
#16 0x557960db410c in dispatch_command(enum_server_command, THD, char, unsigned int, bool, bool) /data/src/10.5/sql/sql_parse.cc:1889
#17 0x557960db0a35 in do_command(THD*) /data/src/10.5/sql/sql_parse.cc:1370
#18 0x5579611f330f in do_handle_one_connection(CONNECT*, bool) /data/src/10.5/sql/sql_connect.cc:1410
#19 0x5579611f2c73 in handle_one_connection /data/src/10.5/sql/sql_connect.cc:1312
#20 0x557961f0101e in pfs_spawn_thread /data/src/10.5/storage/perfschema/pfs.cc:2201
#21 0x7f72b8c00608 in start_thread /build/glibc-ZN95T4/glibc-2.31/nptl/pthread_create.c:477

previously allocated by thread T14 here:
#0 0x7f72b90eebc8 in malloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10dbc8)
#1 0x55796215adbc in ut_allocator<unsigned char, true>::allocate(unsigned long, unsigned char const*, unsigned int, bool, bool) /data/src/10.5/storage/innobase/include/ut0new.h:377
#2 0x55796233181b in mem_heap_create_block_func(mem_block_info_t, unsigned long, char const, unsigned int, unsigned long) /data/src/10.5/storage/innobase/mem/mem0mem.cc:277
#3 0x55796233216b in mem_heap_add_block(mem_block_info_t*, unsigned long) /data/src/10.5/storage/innobase/mem/mem0mem.cc:378
#4 0x55796280f995 in mem_heap_alloc /data/src/10.5/storage/innobase/include/mem0mem.ic:191
#5 0x55796281232a in dict_mem_table_create(char const, fil_space_t, unsigned long, unsigned long, unsigned long, unsigned long) /data/src/10.5/storage/innobase/dict/dict0mem.cc:183
#6 0x5579621523a1 in create_table_info_t::create_table_def() (/data/bld/10.5-asan-nightly/bin/mariadbd+0x2e1d3a1)
#7 0x55796211d79c in create_table_info_t::create_table(bool) /data/src/10.5/storage/innobase/handler/ha_innodb.cc:12405
#8 0x55796215764a in ha_innobase::create(char const, TABLE, HA_CREATE_INFO, bool, trx_t) (/data/bld/10.5-asan-nightly/bin/mariadbd+0x2e2264a)
#9 0x5579621201ed in ha_innobase::create(char const, TABLE, HA_CREATE_INFO*) /data/src/10.5/storage/innobase/handler/ha_innodb.cc:13001
#10 0x5579615e813b in handler::ha_create(char const, TABLE, HA_CREATE_INFO*) /data/src/10.5/sql/handler.cc:5091
#11 0x557961e9b164 in ha_partition::create(char const, TABLE, HA_CREATE_INFO*) /data/src/10.5/sql/ha_partition.cc:833
#12 0x5579615e813b in handler::ha_create(char const, TABLE, HA_CREATE_INFO*) /data/src/10.5/sql/handler.cc:5091
#13 0x5579615ec80e in ha_create_table(THD, char const, char const, char const, HA_CREATE_INFO, st_mysql_const_unsigned_lex_string) /data/src/10.5/sql/handler.cc:5555
#14 0x557961070d34 in mysql_alter_table(THD, st_mysql_const_lex_string const, st_mysql_const_lex_string const, HA_CREATE_INFO, TABLE_LIST, Alter_info, unsigned int, st_order*, bool, bool) /data/src/10.5/sql/sql_table.cc:10744
#15 0x55796120f8e7 in Sql_cmd_alter_table::execute(THD*) /data/src/10.5/sql/sql_alter.cc:539
#16 0x557960dd0376 in mysql_execute_command(THD*) /data/src/10.5/sql/sql_parse.cc:6023
#17 0x557960ddde1f in mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool) /data/src/10.5/sql/sql_parse.cc:8062
#18 0x557960db410c in dispatch_command(enum_server_command, THD, char, unsigned int, bool, bool) /data/src/10.5/sql/sql_parse.cc:1889
#19 0x557960db0a35 in do_command(THD*) /data/src/10.5/sql/sql_parse.cc:1370
#20 0x5579611f330f in do_handle_one_connection(CONNECT*, bool) /data/src/10.5/sql/sql_connect.cc:1410
#21 0x5579611f2c73 in handle_one_connection /data/src/10.5/sql/sql_connect.cc:1312
#22 0x557961f0101e in pfs_spawn_thread /data/src/10.5/storage/perfschema/pfs.cc:2201
#23 0x7f72b8c00608 in start_thread /build/glibc-ZN95T4/glibc-2.31/nptl/pthread_create.c:477

Thread T14 created by T0 here:
#0 0x7f72b901b805 in pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x3a805)
#1 0x557961efbfc2 in my_thread_create /data/src/10.5/storage/perfschema/my_thread.h:38
#2 0x557961f01411 in pfs_spawn_thread_v1 /data/src/10.5/storage/perfschema/pfs.cc:2252
#3 0x557960aa44fe in inline_mysql_thread_create /data/src/10.5/include/mysql/psi/mysql_thread.h:1323
#4 0x557960aba4e0 in create_thread_to_handle_connection(CONNECT*) /data/src/10.5/sql/mysqld.cc:6023
#5 0x557960abab5f in create_new_thread(CONNECT*) /data/src/10.5/sql/mysqld.cc:6082
#6 0x557960abaebc in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/src/10.5/sql/mysqld.cc:6147
#7 0x557960abbadb in handle_connections_sockets() /data/src/10.5/sql/mysqld.cc:6274
#8 0x557960ab9ced in mysqld_main(int, char**) /data/src/10.5/sql/mysqld.cc:5669
#9 0x557960aa2d9c in main /data/src/10.5/sql/main.cc:25
#10 0x7f72b86db0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)

SUMMARY: AddressSanitizer: heap-use-after-free /usr/include/c++/9/bits/forward_list.tcc:81 in std::_Fwd_list_base<dict_v_idx_t, ut_allocator<dict_v_idx_t, true> >::_M_erase_after(std::_Fwd_list_node_base, std::_Fwd_list_node_base)
Shadow bytes around the buggy address:
0x0c387fffecf0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c387fffed00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c387fffed10: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c387fffed20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c387fffed30: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x0c387fffed40:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c387fffed50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c387fffed60: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c387fffed70: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c387fffed80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c387fffed90: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==2243346==ABORTING
210201 18:00:36 [ERROR] mysqld got signal 6 ;
This could be because you hit a bug. It is also possible that this binary
or one of the libraries it was linked against is corrupt, improperly built,
or misconfigured. This error can also be caused by malfunctioning hardware.

To report this bug, see https://mariadb.com/kb/en/reporting-bugs

We will try our best to scrape up some info that will hopefully help
diagnose the problem, but since we have already crashed,
something is definitely wrong and this may fail.

Server version: 10.5.9-MariaDB-debug-log
key_buffer_size=1048576
read_buffer_size=131072
max_used_connections=1
max_threads=153
thread_count=2
It is possible that mysqld could use up to
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 63744 K bytes of memory
Hope that's ok; if not, decrease some variables in the equation.

Thread pointer: 0x62b00009a288
Attempting backtrace. You can use the following information to find out
where mysqld died. If you see no messages after this, something went
terribly wrong...
stack_bottom = 0x7f72a8e79950 thread_stack 0x5fc00
??:0(__interceptor_tcgetattr)[0x7f72b904dd30]
mysys/stacktrace.c:212(my_print_stacktrace)[0x557962b7ec39]
sql/signal_handler.cc:211(handle_fatal_signal)[0x5579615bb100]
sigaction.c:0(__restore_rt)[0x7f72b8c0c3c0]
??:0(gsignal)[0x7f72b86fa18b]
??:0(abort)[0x7f72b86d9859]
??:0(__sanitizer_set_report_fd)[0x7f72b910c6a2]
??:0(__sanitizer_get_module_and_offset_for_pc)[0x7f72b911724c]
??:0(__sanitizer_ptr_cmp)[0x7f72b90f88ec]
??:0(__asan_on_error)[0x7f72b90f8363]
??:0(__asan_report_load8)[0x7f72b90f91ab]
bits/forward_list.tcc:81(std::_Fwd_list_base<dict_v_idx_t, ut_allocator<dict_v_idx_t, true> >::_M_erase_after(std::_Fwd_list_node_base, std::_Fwd_list_node_base))[0x5579621fc4f0]
bits/forward_list.h:343(std::_Fwd_list_base<dict_v_idx_t, ut_allocator<dict_v_idx_t, true> >::~_Fwd_list_base())[0x5579621f92b4]
bits/forward_list.h:588(std::forward_list<dict_v_idx_t, ut_allocator<dict_v_idx_t, true> >::~forward_list())[0x5579621f872e]
include/dict0mem.h:754(dict_v_col_t::~dict_v_col_t())[0x5579621e77dc]
handler/handler0alter.cc:1010(ha_innobase_inplace_ctx::~ha_innobase_inplace_ctx())[0x5579621eab74]
handler/handler0alter.cc:1019(ha_innobase_inplace_ctx::~ha_innobase_inplace_ctx())[0x5579621eac86]
sql/ha_partition.cc:10202(ha_partition_inplace_ctx::~ha_partition_inplace_ctx())[0x557961ef6bd0]
sql/ha_partition.cc:10205(ha_partition_inplace_ctx::~ha_partition_inplace_ctx())[0x557961ef6c04]
sql/handler.h:2547(Alter_inplace_info::~Alter_inplace_info())[0x55796107d408]
sql/sql_table.cc:10699(mysql_alter_table(THD, st_mysql_const_lex_string const, st_mysql_const_lex_string const, HA_CREATE_INFO, TABLE_LIST, Alter_info, unsigned int, st_order*, bool, bool))[0x557961070805]
sql/sql_alter.cc:539(Sql_cmd_alter_table::execute(THD*))[0x55796120f8e8]
sql/sql_parse.cc:6023(mysql_execute_command(THD*))[0x557960dd0377]
sql/sql_parse.cc:8062(mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool))[0x557960ddde20]
sql/sql_parse.cc:1892(dispatch_command(enum_server_command, THD, char, unsigned int, bool, bool))[0x557960db410d]
sql/sql_parse.cc:1370(do_command(THD*))[0x557960db0a36]
sql/sql_connect.cc:1410(do_handle_one_connection(CONNECT*, bool))[0x5579611f3310]
sql/sql_connect.cc:1314(handle_one_connection)[0x5579611f2c74]
perfschema/pfs.cc:2203(pfs_spawn_thread)[0x557961f0101f]
nptl/pthread_create.c:478(start_thread)[0x7f72b8c00609]
??:0(clone)[0x7f72b87d6293]

Trying to get some variables.
Some pointers may be invalid and cause the dump to abort.
Query (0x62b0000a12a8): ALTER TABLE t1 ADD b INT

Connection ID (thread ID): 4
Status: NOT_KILLED

Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,engine_condition_pushdown=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on,not_null_range_scan=off

The manual page at https://mariadb.com/kb/en/how-to-produce-a-full-stack-trace-for-mysqld/ contains
information that should help you find out what is causing the crash.
Writing a core file...
Working directory at /dev/shm/var_auto_IGZo/mysqld.1/data
Resource Limits:
Limit Soft Limit Hard Limit Units
Max cpu time unlimited unlimited seconds
Max file size unlimited unlimited bytes
Max data size unlimited unlimited bytes
Max stack size 8388608 unlimited bytes
Max core file size 0 0 bytes
Max resident set unlimited unlimited bytes
Max processes 385883 385883 processes
Max open files 1024 1024 files
Max locked memory 67108864 67108864 bytes
Max address space unlimited unlimited bytes
Max file locks unlimited unlimited locks
Max pending signals 385883 385883 signals
Max msgqueue size 819200 819200 bytes
Max nice priority 0 0
Max realtime priority 0 0
Max realtime timeout unlimited unlimited us
Core pattern: \|/usr/share/apport/apport %p %s %c %d %P %E

10.5 b1241585 non-debug
#3 <signal handler called>
#4 0x00005584ba2f8386 in std::_Fwd_list_base<dict_v_idx_t, ut_allocator<dict_v_idx_t, true> >::_M_erase_after (this=<optimized out>, __pos=<optimized out>, __last=0x0) at /usr/include/c++/9/bits/forward_list.tcc:82
#5 std::_Fwd_list_base<dict_v_idx_t, ut_allocator<dict_v_idx_t, true> >::~_Fwd_list_base (this=<optimized out>, __in_chrg=<optimized out>) at /usr/include/c++/9/bits/forward_list.h:343
#6 std::forward_list<dict_v_idx_t, ut_allocator<dict_v_idx_t, true> >::~forward_list (this=<optimized out>, __in_chrg=<optimized out>) at /usr/include/c++/9/bits/forward_list.h:588
#7 dict_v_col_t::~dict_v_col_t (this=<optimized out>, __in_chrg=<optimized out>) at /data/src/10.5/storage/innobase/include/dict0mem.h:754
#8 ha_innobase_inplace_ctx::~ha_innobase_inplace_ctx (this=0x7fc35c013e88, __in_chrg=<optimized out>) at /data/src/10.5/storage/innobase/handler/handler0alter.cc:1011
#9 ha_innobase_inplace_ctx::~ha_innobase_inplace_ctx (this=0x7fc35c013e88, __in_chrg=<optimized out>) at /data/src/10.5/storage/innobase/handler/handler0alter.cc:1019
#10 0x00005584ba22597e in ha_partition_inplace_ctx::~ha_partition_inplace_ctx (this=<optimized out>, __in_chrg=<optimized out>) at /data/src/10.5/sql/ha_partition.cc:10203
#11 ha_partition_inplace_ctx::~ha_partition_inplace_ctx (this=0x7fc35c013cb8, __in_chrg=<optimized out>) at /data/src/10.5/sql/ha_partition.cc:10198
#12 0x00005584b9e43109 in Alter_inplace_info::~Alter_inplace_info (this=0x7fc39432c940, __in_chrg=<optimized out>) at /data/src/10.5/sql/handler.h:2548
#13 mysql_alter_table (thd=thd@entry=0x7fc35c000c58, new_db=new_db@entry=0x7fc35c0054e8, new_name=new_name@entry=0x7fc35c0058e8, create_info=create_info@entry=0x7fc39432e580, table_list=<optimized out>, table_list@entry=0x7fc35c010588, alter_info=alter_info@entry=0x7fc39432e4b0, order_num=0, order=0x0, ignore=false, if_exists=false) at /data/src/10.5/sql/handler.h:2546
#14 0x00005584b9ea39d5 in Sql_cmd_alter_table::execute (this=<optimized out>, thd=0x7fc35c000c58) at /data/src/10.5/sql/structs.h:559
#15 0x00005584b9d9bb4e in mysql_execute_command (thd=0x7fc35c000c58) at /data/src/10.5/sql/sql_parse.cc:6023
#16 0x00005584b9d8b79f in mysql_parse (thd=0x7fc35c000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /data/src/10.5/sql/sql_parse.cc:8062
#17 0x00005584b9d9753f in dispatch_command (command=COM_QUERY, thd=0x7fc35c000c58, packet=<optimized out>, packet_length=<optimized out>, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /data/src/10.5/sql/sql_class.h:1257
#18 0x00005584b9d99907 in do_command (thd=0x7fc35c000c58) at /data/src/10.5/sql/sql_parse.cc:1370
#19 0x00005584b9e9edb1 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x5584bc8250c8, put_in_cache=put_in_cache@entry=true) at /data/src/10.5/sql/sql_connect.cc:1410
#20 0x00005584b9e9f22d in handle_one_connection (arg=arg@entry=0x5584bc8250c8) at /data/src/10.5/sql/sql_connect.cc:1312
#21 0x00005584ba227546 in pfs_spawn_thread (arg=0x5584bc7bcb18) at /data/src/10.5/storage/perfschema/pfs.cc:2201
#22 0x00007fc39b49d609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#23 0x00007fc39b08c293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

At least on a non-ASAN debug build, the problem is sporadic – sometimes it fails as below, sometimes crashes with SIGSEGV, and sometimes it doesn't fail at all.

10.5 b1241585 debug
munmap_chunk(): invalid pointer
210201 17:59:39 [ERROR] mysqld got signal 6 ;

#5 0x00007fe00cbc8859 in __GI_abort () at abort.c:79
#6 0x00007fe00cc333ee in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7fe00cd5d285 "%s\n") at ../sysdeps/posix/libc_fatal.c:155
#7 0x00007fe00cc3b47c in malloc_printerr (str=str@entry=0x7fe00cd5f1e0 "munmap_chunk(): invalid pointer") at malloc.c:5347
#8 0x00007fe00cc3b6cc in munmap_chunk (p=<optimized out>) at malloc.c:2830
#9 0x000056471dece6e4 in ut_allocator<std::_Fwd_list_node<dict_v_idx_t>, true>::deallocate (this=0x7fdfb41b9f28, ptr=0x56471d902104 <tc_release_table(TABLE*)+675>, n_elements=1) at /data/src/10.5/storage/innobase/include/ut0new.h:426
#10 0x000056471decd9f2 in std::allocator_traits<ut_allocator<std::_Fwd_list_node<dict_v_idx_t>, true> >::deallocate (__a=..., __p=0x56471d902104 <tc_release_table(TABLE*)+675>, __n=1) at /usr/include/c++/9/bits/alloc_traits.h:333
#11 0x000056471decc08d in std::_Fwd_list_base<dict_v_idx_t, ut_allocator<dict_v_idx_t, true> >::_M_put_node (this=0x7fdfb41b9f28, __p=0x56471d902104 <tc_release_table(TABLE*)+675>) at /usr/include/c++/9/bits/forward_list.h:382
#12 0x000056471decac04 in std::_Fwd_list_base<dict_v_idx_t, ut_allocator<dict_v_idx_t, true> >::_M_erase_after (this=0x7fdfb41b9f28, __pos=0x7fdfb41b9f30, __last=0x0) at /usr/include/c++/9/bits/forward_list.tcc:89
#13 0x000056471dec99fe in std::_Fwd_list_base<dict_v_idx_t, ut_allocator<dict_v_idx_t, true> >::~_Fwd_list_base (this=0x7fdfb41b9f28, __in_chrg=<optimized out>) at /usr/include/c++/9/bits/forward_list.h:343
#14 0x000056471dec95a8 in std::forward_list<dict_v_idx_t, ut_allocator<dict_v_idx_t, true> >::~forward_list (this=0x7fdfb41b9f28, __in_chrg=<optimized out>) at /usr/include/c++/9/bits/forward_list.h:588
#15 0x000056471dec1f6e in dict_v_col_t::~dict_v_col_t (this=0x7fdfb41b9ef8, __in_chrg=<optimized out>) at /data/src/10.5/storage/innobase/include/dict0mem.h:754
#16 0x000056471dec35a7 in ha_innobase_inplace_ctx::~ha_innobase_inplace_ctx (this=0x7fdfb4017918, __in_chrg=<optimized out>) at /data/src/10.5/storage/innobase/handler/handler0alter.cc:1011
#17 0x000056471dec3622 in ha_innobase_inplace_ctx::~ha_innobase_inplace_ctx (this=0x7fdfb4017918, __in_chrg=<optimized out>) at /data/src/10.5/storage/innobase/handler/handler0alter.cc:1019
#18 0x000056471dd72a29 in ha_partition_inplace_ctx::~ha_partition_inplace_ctx (this=0x7fdfb4017748, __in_chrg=<optimized out>) at /data/src/10.5/sql/ha_partition.cc:10203
#19 0x000056471dd72a5a in ha_partition_inplace_ctx::~ha_partition_inplace_ctx (this=0x7fdfb4017748, __in_chrg=<optimized out>) at /data/src/10.5/sql/ha_partition.cc:10205
#20 0x000056471d77f95a in Alter_inplace_info::~Alter_inplace_info (this=0x7fe001f7c850, __in_chrg=<optimized out>) at /data/src/10.5/sql/handler.h:2548
#21 0x000056471d77a318 in mysql_alter_table (thd=0x7fdfb4000db8, new_db=0x7fdfb4005808, new_name=0x7fdfb4005c08, create_info=0x7fe001f7e420, table_list=0x7fdfb4014018, alter_info=0x7fe001f7e350, order_num=0, order=0x0, ignore=false, if_exists=false) at /data/src/10.5/sql/sql_table.cc:10699
#22 0x000056471d822528 in Sql_cmd_alter_table::execute (this=0x7fdfb4014800, thd=0x7fdfb4000db8) at /data/src/10.5/sql/sql_alter.cc:539
#23 0x000056471d678f1c in mysql_execute_command (thd=0x7fdfb4000db8) at /data/src/10.5/sql/sql_parse.cc:6023
#24 0x000056471d67f2f2 in mysql_parse (thd=0x7fdfb4000db8, rawbuf=0x7fdfb4013f40 "ALTER TABLE t1 ADD b INT", length=24, parser_state=0x7fe001f7f510, is_com_multi=false, is_next_command=false) at /data/src/10.5/sql/sql_parse.cc:8062
#25 0x000056471d66b275 in dispatch_command (command=COM_QUERY, thd=0x7fdfb4000db8, packet=0x7fdfb40090b9 "ALTER TABLE t1 ADD b INT", packet_length=24, is_com_multi=false, is_next_command=false) at /data/src/10.5/sql/sql_parse.cc:1889
#26 0x000056471d669a69 in do_command (thd=0x7fdfb4000db8) at /data/src/10.5/sql/sql_parse.cc:1370
#27 0x000056471d8178eb in do_handle_one_connection (connect=0x56472164ec68, put_in_cache=true) at /data/src/10.5/sql/sql_connect.cc:1410
#28 0x000056471d81764e in handle_one_connection (arg=0x5647216613c8) at /data/src/10.5/sql/sql_connect.cc:1312
#29 0x000056471dd77565 in pfs_spawn_thread (arg=0x5647215e37d8) at /data/src/10.5/storage/perfschema/pfs.cc:2201
#30 0x00007fe00d0f1609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#31 0x00007fe00ccc5293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Not reproducible on 10.4.
The failure appeared in 10.5 after this commit:

commit 6d1f1b61b59310027698a92ccf533a3093f1ce04

Author: Marko Mäkelä

Date:   Thu Jan 28 14:15:01 2021 +0200

    MDEV-24564 Statistics are lost after ALTER TABLE

Attachments

Issue Links

is caused by

MDEV-24564 Statistics are lost after ALTER TABLE

Closed

Activity

People

Assignee:: Marko Mäkelä

Reporter:: Elena Stepanova

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2021-02-01 15:58

Updated:: 2021-02-01 16:50

Resolved:: 2021-02-01 16:50

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.