[MDEV-25257] SEGV in fts_get_next_doc_id upon some INSERT - Jira

Matthias Leich created issue - 2021-03-25 20:31

Matthias Leich made changes - 2021-03-26 10:44

Field	Original Value	New Value
Description	{noformat} {Thread 2 received signal SIGSEGV, Segmentation fault. [Switching to Thread 2927005.2929242] 0x00005645c40f897b in fts_get_next_doc_id (table=0x618000077d08, doc_id=0x7f00f0051130) at /Server/bb-10.5-~~MDEV-24589~~/storage/innobase/fts/fts0fts.cc:2552 2552 if (cache->first_doc_id == FTS_NULL_DOC_ID) (rr) bt #0 0x00005645c40f897b in fts_get_next_doc_id (table=0x618000077d08, doc_id=0x7f00f0051130) at /Server/bb-10.5-~~MDEV-24589~~/storage/innobase/fts/fts0fts.cc:2552 #1 0x00005645c3cf0e32 in row_mysql_convert_row_to_innobase (row=0x621000260390, prebuilt=0x62100025f988, mysql_rec=0x61a0002532b8 "h\376\300\002", blob_heap=0x7f00f0051270) at /Server/bb-10.5-~~MDEV-24589~~/storage/innobase/row/row0mysql.cc:662 #2 0x00005645c3cf5977 in row_insert_for_mysql (mysql_rec=0x61a0002532b8 "h\376\300\002", prebuilt=0x62100025f988, ins_mode=ROW_INS_NORMAL) at /Server/bb-10.5-~~MDEV-24589~~/storage/innobase/row/row0mysql.cc:1394 #3 0x00005645c397f94c in ha_innobase::write_row (this=0x61d0000e1ab8, record=0x61a0002532b8 "h\376\300\002") at /Server/bb-10.5-~~MDEV-24589~~/storage/innobase/handler/ha_innodb.cc:7673 #4 0x00005645c3086b90 in handler::ha_write_row (this=0x61d0000e1ab8, buf=0x61a0002532b8 "h\376\300\002") at /Server/bb-10.5-~~MDEV-24589~~/sql/handler.cc:7153 #5 0x00005645c2847169 in write_record (thd=0x62b0000af218, table=0x6190000d4d98, info=0x7f00f0051ff0, sink=0x0) at /Server/bb-10.5-~~MDEV-24589~~/sql/sql_insert.cc:2106 #6 0x00005645c283fb45 in mysql_insert (thd=0x62b0000af218, table_list=0x62b0000b64c0, fields=..., values_list=..., update_fields=..., update_values=..., duplic=DUP_ERROR, ignore=false, result=0x0) at /Server/bb-10.5-~~MDEV-24589~~/sql/sql_insert.cc:1099 #7 0x00005645c28f9ed0 in mysql_execute_command (thd=0x62b0000af218) at /Server/bb-10.5-~~MDEV-24589~~/sql/sql_parse.cc:4622 #8 0x00005645c2910b86 in mysql_parse (thd=0x62b0000af218, rawbuf=0x62b0000b6238 "INSERT INTO t4 (col1,col2, col_int, col_string, col_text) VALUES ( 704, 704, 704, REPEAT(SUBSTR(CAST( 704 AS CHAR),1,1), 10), REPEAT(SUBSTR(CAST( 704 AS CHAR),1,1), @fill_amount) ) /* E_R Thread1 QNO "..., length=217, parser_state=0x7f00f0052cc0, is_com_multi=false, is_next_command=false) at /Server/bb-10.5-~~MDEV-24589~~/sql/sql_parse.cc:8093 #9 0x00005645c28e9035 in dispatch_command (command=COM_QUERY, thd=0x62b0000af218, packet=0x629000bdb219 " INSERT INTO t4 (col1,col2, col_int, col_string, col_text) VALUES ( 704, 704, 704, REPEAT(SUBSTR(CAST( 704 AS CHAR),1,1), 10), REPEAT(SUBSTR(CAST( 704 AS CHAR),1,1), @fill_amount) ) /* E_R Thread1 QNO"..., packet_length=219, is_com_multi=false, is_next_command=false) at /Server/bb-10.5-~~MDEV-24589~~/sql/sql_parse.cc:1889 #10 0x00005645c28e60c4 in do_command (thd=0x62b0000af218) at /Server/bb-10.5-~~MDEV-24589~~/sql/sql_parse.cc:1370 #11 0x00005645c2cc56df in do_handle_one_connection (connect=0x608000003db8, put_in_cache=true) at /Server/bb-10.5-~~MDEV-24589~~/sql/sql_connect.cc:1410 #12 0x00005645c2cc5048 in handle_one_connection (arg=0x608000002ab8) at /Server/bb-10.5-~~MDEV-24589~~/sql/sql_connect.cc:1312 #13 0x00007f010f4b8609 in start_thread (arg=<optimized out>) at pthread_create.c:477 #14 0x00007f010f08c293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 (rr) sdp:/home/mleich/RQG_O/storage/1616623399/TBR-965/dev/shm/vardir/1616623399/46/1/rr origin/bb-10.5-~~MDEV-24589~~ e731a283942c3ec2386d79b639317131645caa1e 2021-03-23T16:20:15+02:00 git clone https://github.com/mleich1/rqg --branch experimental RQG perl rqg.pl \ --grammar=conf/mariadb/table_stress_innodb.yy \ --gendata=conf/mariadb/table_stress.zz \ --gendata_sql=conf/mariadb/table_stress.sql \ --reporters=CrashRecovery1 \ --mysqld=--innodb_use_native_aio=1 \ --mysqld=--innodb_lock_schedule_algorithm=fcfs \ --mysqld=--loose-idle_write_transaction_timeout=0 \ --mysqld=--loose-idle_transaction_timeout=0 \ --mysqld=--loose-idle_readonly_transaction_timeout=0 \ --mysqld=--connect_timeout=60 \ --mysqld=--interactive_timeout=28800 \ --mysqld=--slave_net_timeout=60 \ --mysqld=--net_read_timeout=30 \ --mysqld=--net_write_timeout=60 \ --mysqld=--loose-table_lock_wait_timeout=50 \ --mysqld=--wait_timeout=28800 \ --mysqld=--lock-wait-timeout=86400 \ --mysqld=--innodb-lock-wait-timeout=50 \ --no-mask \ --queries=10000000 \ --seed=random \ --reporters=Backtrace \ --reporters=ErrorLog \ --reporters=Deadlock1 \ --validators=None \ --mysqld=--log_output=none \ --mysqld=--log-bin \ --mysqld=--log_bin_trust_function_creators=1 \ --mysqld=--loose-debug_assert_on_not_freed_memory=0 \ --engine=InnoDB \ --restart_timeout=240 \ --mysqld=--plugin-load-add=file_key_management.so \ --mysqld=--loose-file-key-management-filename=$RQG_HOME/conf/mariadb/encryption_keys.txt \ --duration=300 \ --mysqld=--loose-innodb_fatal_semaphore_wait_threshold=300 \ --mysqld=--loose-innodb-sync-debug \ --mysqld=--innodb_stats_persistent=off \ --mysqld=--innodb_adaptive_hash_index=on \ --mysqld=--loose-max-statement-time=30 \ --threads=1 \ --mysqld=--innodb_file_per_table=0 \ --rr=Extended \ --mysqld=--innodb_page_size=32K \ --mysqld=--innodb-buffer-pool-size=24M \ --duration=300 \ --no_mask \ --workdir=<local settings> \ --vardir=<local settings> \ --mtr-build-thread=<local settings> \ --basedir1=<local settings> \ --script_debug=_nix_ {noformat}	{noformat} {Thread 2 received signal SIGSEGV, Segmentation fault. [Switching to Thread 2927005.2929242] 0x00005645c40f897b in fts_get_next_doc_id (table=0x618000077d08, doc_id=0x7f00f0051130) at /Server/bb-10.5-~~MDEV-24589~~/storage/innobase/fts/fts0fts.cc:2552 2552 if (cache->first_doc_id == FTS_NULL_DOC_ID) (rr) bt #0 0x00005645c40f897b in fts_get_next_doc_id (table=0x618000077d08, doc_id=0x7f00f0051130) at /Server/bb-10.5-~~MDEV-24589~~/storage/innobase/fts/fts0fts.cc:2552 #1 0x00005645c3cf0e32 in row_mysql_convert_row_to_innobase (row=0x621000260390, prebuilt=0x62100025f988, mysql_rec=0x61a0002532b8 "h\376\300\002", blob_heap=0x7f00f0051270) at /Server/bb-10.5-~~MDEV-24589~~/storage/innobase/row/row0mysql.cc:662 #2 0x00005645c3cf5977 in row_insert_for_mysql (mysql_rec=0x61a0002532b8 "h\376\300\002", prebuilt=0x62100025f988, ins_mode=ROW_INS_NORMAL) at /Server/bb-10.5-~~MDEV-24589~~/storage/innobase/row/row0mysql.cc:1394 #3 0x00005645c397f94c in ha_innobase::write_row (this=0x61d0000e1ab8, record=0x61a0002532b8 "h\376\300\002") at /Server/bb-10.5-~~MDEV-24589~~/storage/innobase/handler/ha_innodb.cc:7673 #4 0x00005645c3086b90 in handler::ha_write_row (this=0x61d0000e1ab8, buf=0x61a0002532b8 "h\376\300\002") at /Server/bb-10.5-~~MDEV-24589~~/sql/handler.cc:7153 #5 0x00005645c2847169 in write_record (thd=0x62b0000af218, table=0x6190000d4d98, info=0x7f00f0051ff0, sink=0x0) at /Server/bb-10.5-~~MDEV-24589~~/sql/sql_insert.cc:2106 #6 0x00005645c283fb45 in mysql_insert (thd=0x62b0000af218, table_list=0x62b0000b64c0, fields=..., values_list=..., update_fields=..., update_values=..., duplic=DUP_ERROR, ignore=false, result=0x0) at /Server/bb-10.5-~~MDEV-24589~~/sql/sql_insert.cc:1099 #7 0x00005645c28f9ed0 in mysql_execute_command (thd=0x62b0000af218) at /Server/bb-10.5-~~MDEV-24589~~/sql/sql_parse.cc:4622 #8 0x00005645c2910b86 in mysql_parse (thd=0x62b0000af218, rawbuf=0x62b0000b6238 "INSERT INTO t4 (col1,col2, col_int, col_string, col_text) VALUES ( 704, 704, 704, REPEAT(SUBSTR(CAST( 704 AS CHAR),1,1), 10), REPEAT(SUBSTR(CAST( 704 AS CHAR),1,1), @fill_amount) ) /* E_R Thread1 QNO "..., length=217, parser_state=0x7f00f0052cc0, is_com_multi=false, is_next_command=false) at /Server/bb-10.5-~~MDEV-24589~~/sql/sql_parse.cc:8093 #9 0x00005645c28e9035 in dispatch_command (command=COM_QUERY, thd=0x62b0000af218, packet=0x629000bdb219 " INSERT INTO t4 (col1,col2, col_int, col_string, col_text) VALUES ( 704, 704, 704, REPEAT(SUBSTR(CAST( 704 AS CHAR),1,1), 10), REPEAT(SUBSTR(CAST( 704 AS CHAR),1,1), @fill_amount) ) /* E_R Thread1 QNO"..., packet_length=219, is_com_multi=false, is_next_command=false) at /Server/bb-10.5-~~MDEV-24589~~/sql/sql_parse.cc:1889 #10 0x00005645c28e60c4 in do_command (thd=0x62b0000af218) at /Server/bb-10.5-~~MDEV-24589~~/sql/sql_parse.cc:1370 #11 0x00005645c2cc56df in do_handle_one_connection (connect=0x608000003db8, put_in_cache=true) at /Server/bb-10.5-~~MDEV-24589~~/sql/sql_connect.cc:1410 #12 0x00005645c2cc5048 in handle_one_connection (arg=0x608000002ab8) at /Server/bb-10.5-~~MDEV-24589~~/sql/sql_connect.cc:1312 #13 0x00007f010f4b8609 in start_thread (arg=<optimized out>) at pthread_create.c:477 #14 0x00007f010f08c293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 (rr) sdp:/home/mleich/RQG_O/storage/1616623399/TBR-965/dev/shm/vardir/1616623399/46/1/rr origin/bb-10.5-~~MDEV-24589~~ e731a283942c3ec2386d79b639317131645caa1e 2021-03-23T16:20:15+02:00 RQG ------- git clone https://github.com/mleich1/rqg --branch experimental RQG perl rqg.pl \ --grammar=conf/mariadb/table_stress_innodb.yy \ --gendata=conf/mariadb/table_stress.zz \ --gendata_sql=conf/mariadb/table_stress.sql \ --reporters=CrashRecovery1 \ --mysqld=--innodb_use_native_aio=1 \ --mysqld=--innodb_lock_schedule_algorithm=fcfs \ --mysqld=--loose-idle_write_transaction_timeout=0 \ --mysqld=--loose-idle_transaction_timeout=0 \ --mysqld=--loose-idle_readonly_transaction_timeout=0 \ --mysqld=--connect_timeout=60 \ --mysqld=--interactive_timeout=28800 \ --mysqld=--slave_net_timeout=60 \ --mysqld=--net_read_timeout=30 \ --mysqld=--net_write_timeout=60 \ --mysqld=--loose-table_lock_wait_timeout=50 \ --mysqld=--wait_timeout=28800 \ --mysqld=--lock-wait-timeout=86400 \ --mysqld=--innodb-lock-wait-timeout=50 \ --no-mask \ --queries=10000000 \ --seed=random \ --reporters=Backtrace \ --reporters=ErrorLog \ --reporters=Deadlock1 \ --validators=None \ --mysqld=--log_output=none \ --mysqld=--log-bin \ --mysqld=--log_bin_trust_function_creators=1 \ --mysqld=--loose-debug_assert_on_not_freed_memory=0 \ --engine=InnoDB \ --restart_timeout=240 \ --mysqld=--plugin-load-add=file_key_management.so \ --mysqld=--loose-file-key-management-filename=$RQG_HOME/conf/mariadb/encryption_keys.txt \ --duration=300 \ --mysqld=--loose-innodb_fatal_semaphore_wait_threshold=300 \ --mysqld=--loose-innodb-sync-debug \ --mysqld=--innodb_stats_persistent=off \ --mysqld=--innodb_adaptive_hash_index=on \ --mysqld=--loose-max-statement-time=30 \ --threads=1 \ --mysqld=--innodb_file_per_table=0 \ --rr=Extended \ --mysqld=--innodb_page_size=32K \ --mysqld=--innodb-buffer-pool-size=24M \ --duration=300 \ --no_mask \ --workdir=<local settings> \ --vardir=<local settings> \ --mtr-build-thread=<local settings> \ --basedir1=<local settings> \ --script_debug=_nix_ {noformat}

Matthias Leich made changes - 2021-03-26 10:47

Assignee

Matthias Leich [ mleich ]

Thirunarayanan Balathandayuthapani [ thiru ]

Matthias Leich made changes - 2021-03-26 10:48

Summary

Draft: SEGV in fts_get_next_doc_id upon some killed INSERT

SEGV in fts_get_next_doc_id upon some killed INSERT

Sergei Golubchik made changes - 2021-12-06 21:35

Workflow

MariaDB v3 [ 120491 ]

MariaDB v4 [ 142719 ]

Matthias Leich made changes - 2022-05-11 11:54

Description

{noformat}

{Thread 2 received signal SIGSEGV, Segmentation fault.
[Switching to Thread 2927005.2929242]
0x00005645c40f897b in fts_get_next_doc_id (table=0x618000077d08, doc_id=0x7f00f0051130) at /Server/bb-10.5-~~MDEV-24589~~/storage/innobase/fts/fts0fts.cc:2552
2552 if (cache->first_doc_id == FTS_NULL_DOC_ID)

(rr) bt
#0 0x00005645c40f897b in fts_get_next_doc_id (table=0x618000077d08, doc_id=0x7f00f0051130) at /Server/bb-10.5-~~MDEV-24589~~/storage/innobase/fts/fts0fts.cc:2552
#1 0x00005645c3cf0e32 in row_mysql_convert_row_to_innobase (row=0x621000260390, prebuilt=0x62100025f988, mysql_rec=0x61a0002532b8 "h\376\300\002", blob_heap=0x7f00f0051270) at /Server/bb-10.5-~~MDEV-24589~~/storage/innobase/row/row0mysql.cc:662
#2 0x00005645c3cf5977 in row_insert_for_mysql (mysql_rec=0x61a0002532b8 "h\376\300\002", prebuilt=0x62100025f988, ins_mode=ROW_INS_NORMAL) at /Server/bb-10.5-~~MDEV-24589~~/storage/innobase/row/row0mysql.cc:1394
#3 0x00005645c397f94c in ha_innobase::write_row (this=0x61d0000e1ab8, record=0x61a0002532b8 "h\376\300\002") at /Server/bb-10.5-~~MDEV-24589~~/storage/innobase/handler/ha_innodb.cc:7673
#4 0x00005645c3086b90 in handler::ha_write_row (this=0x61d0000e1ab8, buf=0x61a0002532b8 "h\376\300\002") at /Server/bb-10.5-~~MDEV-24589~~/sql/handler.cc:7153
#5 0x00005645c2847169 in write_record (thd=0x62b0000af218, table=0x6190000d4d98, info=0x7f00f0051ff0, sink=0x0) at /Server/bb-10.5-~~MDEV-24589~~/sql/sql_insert.cc:2106
#6 0x00005645c283fb45 in mysql_insert (thd=0x62b0000af218, table_list=0x62b0000b64c0, fields=..., values_list=..., update_fields=..., update_values=..., duplic=DUP_ERROR, ignore=false, result=0x0)
    at /Server/bb-10.5-~~MDEV-24589~~/sql/sql_insert.cc:1099
#7 0x00005645c28f9ed0 in mysql_execute_command (thd=0x62b0000af218) at /Server/bb-10.5-~~MDEV-24589~~/sql/sql_parse.cc:4622
#8 0x00005645c2910b86 in mysql_parse (thd=0x62b0000af218,
    rawbuf=0x62b0000b6238 "INSERT INTO t4 (col1,col2, col_int, col_string, col_text) VALUES ( 704, 704, 704, REPEAT(SUBSTR(CAST( 704 AS CHAR),1,1), 10), REPEAT(SUBSTR(CAST( 704 AS CHAR),1,1), @fill_amount) ) /* E_R Thread1 QNO "..., length=217,
    parser_state=0x7f00f0052cc0, is_com_multi=false, is_next_command=false) at /Server/bb-10.5-~~MDEV-24589~~/sql/sql_parse.cc:8093
#9 0x00005645c28e9035 in dispatch_command (command=COM_QUERY, thd=0x62b0000af218,
    packet=0x629000bdb219 " INSERT INTO t4 (col1,col2, col_int, col_string, col_text) VALUES ( 704, 704, 704, REPEAT(SUBSTR(CAST( 704 AS CHAR),1,1), 10), REPEAT(SUBSTR(CAST( 704 AS CHAR),1,1), @fill_amount) ) /* E_R Thread1 QNO"...,
    packet_length=219, is_com_multi=false, is_next_command=false) at /Server/bb-10.5-~~MDEV-24589~~/sql/sql_parse.cc:1889
#10 0x00005645c28e60c4 in do_command (thd=0x62b0000af218) at /Server/bb-10.5-~~MDEV-24589~~/sql/sql_parse.cc:1370
#11 0x00005645c2cc56df in do_handle_one_connection (connect=0x608000003db8, put_in_cache=true) at /Server/bb-10.5-~~MDEV-24589~~/sql/sql_connect.cc:1410
#12 0x00005645c2cc5048 in handle_one_connection (arg=0x608000002ab8) at /Server/bb-10.5-~~MDEV-24589~~/sql/sql_connect.cc:1312
#13 0x00007f010f4b8609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#14 0x00007f010f08c293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
(rr)
sdp:/home/mleich/RQG_O/storage/1616623399/TBR-965/dev/shm/vardir/1616623399/46/1/rr

origin/bb-10.5-~~MDEV-24589~~ e731a283942c3ec2386d79b639317131645caa1e 2021-03-23T16:20:15+02:00

RQG
-------
git clone https://github.com/mleich1/rqg --branch experimental RQG

perl rqg.pl \
--grammar=conf/mariadb/table_stress_innodb.yy \
--gendata=conf/mariadb/table_stress.zz \
--gendata_sql=conf/mariadb/table_stress.sql \
--reporters=CrashRecovery1 \
--mysqld=--innodb_use_native_aio=1 \
--mysqld=--innodb_lock_schedule_algorithm=fcfs \
--mysqld=--loose-idle_write_transaction_timeout=0 \
--mysqld=--loose-idle_transaction_timeout=0 \
--mysqld=--loose-idle_readonly_transaction_timeout=0 \
--mysqld=--connect_timeout=60 \
--mysqld=--interactive_timeout=28800 \
--mysqld=--slave_net_timeout=60 \
--mysqld=--net_read_timeout=30 \
--mysqld=--net_write_timeout=60 \
--mysqld=--loose-table_lock_wait_timeout=50 \
--mysqld=--wait_timeout=28800 \
--mysqld=--lock-wait-timeout=86400 \
--mysqld=--innodb-lock-wait-timeout=50 \
--no-mask \
--queries=10000000 \
--seed=random \
--reporters=Backtrace \
--reporters=ErrorLog \
--reporters=Deadlock1 \
--validators=None \
--mysqld=--log_output=none \
--mysqld=--log-bin \
--mysqld=--log_bin_trust_function_creators=1 \
--mysqld=--loose-debug_assert_on_not_freed_memory=0 \
--engine=InnoDB \
--restart_timeout=240 \
--mysqld=--plugin-load-add=file_key_management.so \
--mysqld=--loose-file-key-management-filename=$RQG_HOME/conf/mariadb/encryption_keys.txt \
--duration=300 \
--mysqld=--loose-innodb_fatal_semaphore_wait_threshold=300 \
--mysqld=--loose-innodb-sync-debug \
--mysqld=--innodb_stats_persistent=off \
--mysqld=--innodb_adaptive_hash_index=on \
--mysqld=--loose-max-statement-time=30 \
--threads=1 \
--mysqld=--innodb_file_per_table=0 \
--rr=Extended \
--mysqld=--innodb_page_size=32K \
--mysqld=--innodb-buffer-pool-size=24M \
--duration=300 \
--no_mask \
--workdir=<local settings> \
--vardir=<local settings> \
--mtr-build-thread=<local settings> \
--basedir1=<local settings> \
--script_debug=_nix_

{noformat}

{noformat}
Version: '10.3.35-MariaDB-debug-log' socket: '/data/Server_bin/10.3_asan/mysql-test/var/tmp/mysqld.1.sock' port: 16000 Source distribution
AddressSanitizer:DEADLYSIGNAL
=================================================================
==786736==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000240 (pc 0x55d96741dd8c bp 0x7fd49bcc01b0 sp 0x7fd49bcc0190 T27)
==786736==The signal is caused by a READ memory access.
==786736==Hint: address points to the zero page.
    #0 0x55d96741dd8b in fts_get_next_doc_id(dict_table_t const*, unsigned long*) /data/Server/10.3/storage/innobase/fts/fts0fts.cc:2557
    #1 0x55d966f9be33 in row_mysql_convert_row_to_innobase /data/Server/10.3/storage/innobase/row/row0mysql.cc:663
    #2 0x55d966fa08e6 in row_insert_for_mysql(unsigned char const*, row_prebuilt_t*, ins_mode_t) /data/Server/10.3/storage/innobase/row/row0mysql.cc:1395
    #3 0x55d966c7d63d in ha_innobase::write_row(unsigned char*) /data/Server/10.3/storage/innobase/handler/ha_innodb.cc:8146
    #4 0x55d966785a24 in handler::ha_write_row(unsigned char*) /data/Server/10.3/sql/handler.cc:6479
    #5 0x55d965ff48cf in write_record(THD*, TABLE*, st_copy_info*) /data/Server/10.3/sql/sql_insert.cc:2050
    #6 0x55d965feda9f in mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicates, bool) /data/Server/10.3/sql/sql_insert.cc:1072
    #7 0x55d966088a30 in mysql_execute_command(THD*) /data/Server/10.3/sql/sql_parse.cc:4504
    #8 0x55d96609f664 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/Server/10.3/sql/sql_parse.cc:7870
    #9 0x55d966078737 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/Server/10.3/sql/sql_parse.cc:1852
    #10 0x55d966075a3a in do_command(THD*) /data/Server/10.3/sql/sql_parse.cc:1398
    #11 0x55d9663e4d4e in do_handle_one_connection(CONNECT*) /data/Server/10.3/sql/sql_connect.cc:1403
    #12 0x55d9663e4608 in handle_one_connection /data/Server/10.3/sql/sql_connect.cc:1308
    #13 0x7fd4b2d5d608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477
    #14 0x7fd4b2c84292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /data/Server/10.3/storage/innobase/fts/fts0fts.cc:2557 in fts_get_next_doc_id(dict_table_t const*, unsigned long*)
Thread T27 created by T0 here:
    #0 0x7fd4b374d805 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x3a805)
    #1 0x55d965e08d96 in create_thread_to_handle_connection(CONNECT*) /data/Server/10.3/sql/mysqld.cc:6666
    #2 0x55d965e0934a in create_new_thread /data/Server/10.3/sql/mysqld.cc:6736
    #3 0x55d965e0a3a1 in handle_connections_sockets() /data/Server/10.3/sql/mysqld.cc:6994
    #4 0x55d965e0857d in mysqld_main(int, char**) /data/Server/10.3/sql/mysqld.cc:6288
    #5 0x55d965df68cc in main /data/Server/10.3/sql/main.cc:25
    #6 0x7fd4b2b890b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)

GIT_SHOW: HEAD, origin/10.3 86c1bf118a48dd0bab80346f6d65c112ab2e486d 2022-03-07T16:42:05+03:00

--source include/have_innodb.inc
--disable_abort_on_error

SET @save = @@global.innodb_file_per_table;
# innodb_file_per_table = 1 does not show the problem.
SET @@global.innodb_file_per_table = 0;

# Removing col_int_g lets the problem disappear.
CREATE TABLE t1 (
   col_int INTEGER, col_text TEXT, col_int_g INTEGER GENERATED ALWAYS AS (col_int)
) ENGINE = InnoDB ROW_FORMAT = Redundant ;
ALTER TABLE t1 ADD FULLTEXT KEY `ftidx` ( col_text ) ;
ALTER TABLE t1 DROP KEY `ftidx` ;
INSERT INTO t1 (col_int, col_text) VALUES ( 1255, NULL);

DROP TABLE t1;
SET @@global.innodb_file_per_table = @save;
{noformat}

Matthias Leich made changes - 2022-05-11 11:56

Component/s		Virtual Columns [ 10803 ]
Fix Version/s		10.3 [ 22126 ]
Fix Version/s		10.6 [ 24028 ]
Affects Version/s		10.3.35 [ 27512 ]
Labels		affects-tests
Summary	SEGV in fts_get_next_doc_id upon some killed INSERT	SEGV in fts_get_next_doc_id upon some INSERT

Marko Mäkelä made changes - 2022-05-11 13:23

Description

{noformat}
Version: '10.3.35-MariaDB-debug-log' socket: '/data/Server_bin/10.3_asan/mysql-test/var/tmp/mysqld.1.sock' port: 16000 Source distribution
AddressSanitizer:DEADLYSIGNAL
=================================================================
==786736==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000240 (pc 0x55d96741dd8c bp 0x7fd49bcc01b0 sp 0x7fd49bcc0190 T27)
==786736==The signal is caused by a READ memory access.
==786736==Hint: address points to the zero page.
    #0 0x55d96741dd8b in fts_get_next_doc_id(dict_table_t const*, unsigned long*) /data/Server/10.3/storage/innobase/fts/fts0fts.cc:2557
    #1 0x55d966f9be33 in row_mysql_convert_row_to_innobase /data/Server/10.3/storage/innobase/row/row0mysql.cc:663
    #2 0x55d966fa08e6 in row_insert_for_mysql(unsigned char const*, row_prebuilt_t*, ins_mode_t) /data/Server/10.3/storage/innobase/row/row0mysql.cc:1395
    #3 0x55d966c7d63d in ha_innobase::write_row(unsigned char*) /data/Server/10.3/storage/innobase/handler/ha_innodb.cc:8146
    #4 0x55d966785a24 in handler::ha_write_row(unsigned char*) /data/Server/10.3/sql/handler.cc:6479
    #5 0x55d965ff48cf in write_record(THD*, TABLE*, st_copy_info*) /data/Server/10.3/sql/sql_insert.cc:2050
    #6 0x55d965feda9f in mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicates, bool) /data/Server/10.3/sql/sql_insert.cc:1072
    #7 0x55d966088a30 in mysql_execute_command(THD*) /data/Server/10.3/sql/sql_parse.cc:4504
    #8 0x55d96609f664 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/Server/10.3/sql/sql_parse.cc:7870
    #9 0x55d966078737 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/Server/10.3/sql/sql_parse.cc:1852
    #10 0x55d966075a3a in do_command(THD*) /data/Server/10.3/sql/sql_parse.cc:1398
    #11 0x55d9663e4d4e in do_handle_one_connection(CONNECT*) /data/Server/10.3/sql/sql_connect.cc:1403
    #12 0x55d9663e4608 in handle_one_connection /data/Server/10.3/sql/sql_connect.cc:1308
    #13 0x7fd4b2d5d608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477
    #14 0x7fd4b2c84292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /data/Server/10.3/storage/innobase/fts/fts0fts.cc:2557 in fts_get_next_doc_id(dict_table_t const*, unsigned long*)
Thread T27 created by T0 here:
    #0 0x7fd4b374d805 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x3a805)
    #1 0x55d965e08d96 in create_thread_to_handle_connection(CONNECT*) /data/Server/10.3/sql/mysqld.cc:6666
    #2 0x55d965e0934a in create_new_thread /data/Server/10.3/sql/mysqld.cc:6736
    #3 0x55d965e0a3a1 in handle_connections_sockets() /data/Server/10.3/sql/mysqld.cc:6994
    #4 0x55d965e0857d in mysqld_main(int, char**) /data/Server/10.3/sql/mysqld.cc:6288
    #5 0x55d965df68cc in main /data/Server/10.3/sql/main.cc:25
    #6 0x7fd4b2b890b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)

GIT_SHOW: HEAD, origin/10.3 86c1bf118a48dd0bab80346f6d65c112ab2e486d 2022-03-07T16:42:05+03:00

--source include/have_innodb.inc
--disable_abort_on_error

SET @save = @@global.innodb_file_per_table;
# innodb_file_per_table = 1 does not show the problem.
SET @@global.innodb_file_per_table = 0;

# Removing col_int_g lets the problem disappear.
CREATE TABLE t1 (
   col_int INTEGER, col_text TEXT, col_int_g INTEGER GENERATED ALWAYS AS (col_int)
) ENGINE = InnoDB ROW_FORMAT = Redundant ;
ALTER TABLE t1 ADD FULLTEXT KEY `ftidx` ( col_text ) ;
ALTER TABLE t1 DROP KEY `ftidx` ;
INSERT INTO t1 (col_int, col_text) VALUES ( 1255, NULL);

DROP TABLE t1;
SET @@global.innodb_file_per_table = @save;
{noformat}

{noformat}
Version: '10.3.35-MariaDB-debug-log' socket: '/data/Server_bin/10.3_asan/mysql-test/var/tmp/mysqld.1.sock' port: 16000 Source distribution
AddressSanitizer:DEADLYSIGNAL
=================================================================
==786736==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000240 (pc 0x55d96741dd8c bp 0x7fd49bcc01b0 sp 0x7fd49bcc0190 T27)
==786736==The signal is caused by a READ memory access.
==786736==Hint: address points to the zero page.
    #0 0x55d96741dd8b in fts_get_next_doc_id(dict_table_t const*, unsigned long*) /data/Server/10.3/storage/innobase/fts/fts0fts.cc:2557
    #1 0x55d966f9be33 in row_mysql_convert_row_to_innobase /data/Server/10.3/storage/innobase/row/row0mysql.cc:663
    #2 0x55d966fa08e6 in row_insert_for_mysql(unsigned char const*, row_prebuilt_t*, ins_mode_t) /data/Server/10.3/storage/innobase/row/row0mysql.cc:1395
    #3 0x55d966c7d63d in ha_innobase::write_row(unsigned char*) /data/Server/10.3/storage/innobase/handler/ha_innodb.cc:8146
    #4 0x55d966785a24 in handler::ha_write_row(unsigned char*) /data/Server/10.3/sql/handler.cc:6479
    #5 0x55d965ff48cf in write_record(THD*, TABLE*, st_copy_info*) /data/Server/10.3/sql/sql_insert.cc:2050
    #6 0x55d965feda9f in mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicates, bool) /data/Server/10.3/sql/sql_insert.cc:1072
    #7 0x55d966088a30 in mysql_execute_command(THD*) /data/Server/10.3/sql/sql_parse.cc:4504
    #8 0x55d96609f664 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/Server/10.3/sql/sql_parse.cc:7870
    #9 0x55d966078737 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/Server/10.3/sql/sql_parse.cc:1852
    #10 0x55d966075a3a in do_command(THD*) /data/Server/10.3/sql/sql_parse.cc:1398
    #11 0x55d9663e4d4e in do_handle_one_connection(CONNECT*) /data/Server/10.3/sql/sql_connect.cc:1403
    #12 0x55d9663e4608 in handle_one_connection /data/Server/10.3/sql/sql_connect.cc:1308
    #13 0x7fd4b2d5d608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477
    #14 0x7fd4b2c84292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /data/Server/10.3/storage/innobase/fts/fts0fts.cc:2557 in fts_get_next_doc_id(dict_table_t const*, unsigned long*)
Thread T27 created by T0 here:
    #0 0x7fd4b374d805 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x3a805)
    #1 0x55d965e08d96 in create_thread_to_handle_connection(CONNECT*) /data/Server/10.3/sql/mysqld.cc:6666
    #2 0x55d965e0934a in create_new_thread /data/Server/10.3/sql/mysqld.cc:6736
    #3 0x55d965e0a3a1 in handle_connections_sockets() /data/Server/10.3/sql/mysqld.cc:6994
    #4 0x55d965e0857d in mysqld_main(int, char**) /data/Server/10.3/sql/mysqld.cc:6288
    #5 0x55d965df68cc in main /data/Server/10.3/sql/main.cc:25
    #6 0x7fd4b2b890b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
{noformat}
{code:sql}
--source include/have_innodb.inc

SET @save = @@global.innodb_file_per_table;
# innodb_file_per_table = 1 does not show the problem.
SET @@global.innodb_file_per_table = 0;

# Removing col_int_g lets the problem disappear.
CREATE TABLE t1 (
   col_int INTEGER, col_text TEXT, col_int_g INTEGER GENERATED ALWAYS AS (col_int)
) ENGINE = InnoDB ROW_FORMAT = Redundant ;
ALTER TABLE t1 ADD FULLTEXT KEY `ftidx` ( col_text ) ;
ALTER TABLE t1 DROP KEY `ftidx` ;
INSERT INTO t1 (col_int, col_text) VALUES ( 1255, NULL);

DROP TABLE t1;
SET @@global.innodb_file_per_table = @save;
{code}

Thirunarayanan Balathandayuthapani made changes - 2022-05-12 11:56

Status

Open [ 1 ]

In Progress [ 3 ]

Thirunarayanan Balathandayuthapani made changes - 2022-05-12 11:56

Assignee	Thirunarayanan Balathandayuthapani [ thiru ]	Marko Mäkelä [ marko ]
Status	In Progress [ 3 ]	In Review [ 10002 ]

Marko Mäkelä made changes - 2022-05-13 10:10

Assignee	Marko Mäkelä [ marko ]	Thirunarayanan Balathandayuthapani [ thiru ]
Status	In Review [ 10002 ]	Stalled [ 10000 ]

Thirunarayanan Balathandayuthapani made changes - 2022-05-25 10:12

Fix Version/s		10.3.36 [ 27513 ]
Fix Version/s		10.4.26 [ 27511 ]
Fix Version/s		10.5.17 [ 27509 ]
Fix Version/s		10.6.9 [ 27507 ]
Fix Version/s	10.3 [ 22126 ]
Fix Version/s	10.5 [ 23123 ]
Fix Version/s	10.6 [ 24028 ]
Resolution		Fixed [ 1 ]
Status	Stalled [ 10000 ]	Closed [ 6 ]

MariaDB Server

SEGV in fts_get_next_doc_id upon some INSERT

Details

Description

Attachments

Activity

People

Dates

Git Integration