Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-25663

SIGSEGV in ilist<trx_t, void>::erase

    XMLWordPrintable

Details

    Description

      The crash is happening only if we have FULLTEXT KEY in column b. PFA ASAN log asan.err

      CREATE TABLE t1 (a INT, b CHAR(12), FULLTEXT KEY(b)) engine=InnoDB;
      SET DEBUG_DBUG='+d,ib_create_table_fail_too_many_trx';
      TRUNCATE t1;
      

      Leads to:

      10.6.0 8dd35a2507f8d63ca8df9335d2c6072d5c0e3b86 (Debug)

      Core was generated by `/test/MD160321-mariadb-10.6.0-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
      Program terminated with signal SIGSEGV, Segmentation fault.
      #0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=11)
          at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
      [Current thread is 1 (Thread 0x150ac8ec0700 (LWP 833727))]
      (gdb)
      #0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=11) at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
      #1  0x000055babb5c0d0b in my_write_core (sig=sig@entry=11) at /test/10.6_dbg/mysys/stacktrace.c:424
      #2  0x000055babad58313 in handle_fatal_signal (sig=11) at /test/10.6_dbg/sql/signal_handler.cc:331
      #3  <signal handler called>
      #4  0x000055babb38f472 in ilist<trx_t, void>::erase (pos=..., this=<optimized out>) at /test/10.6_dbg/include/ilist.h:207
      #5  ilist<trx_t, void>::remove (value=..., this=<optimized out>) at /test/10.6_dbg/include/ilist.h:207
      #6  thread_safe_trx_ilist_t::remove (trx=..., this=<optimized out>) at /test/10.6_dbg/storage/innobase/include/trx0sys.h:823
      #7  trx_sys_t::deregister_trx (trx=0x14e74d20a2a0, this=<optimized out>) at /test/10.6_dbg/storage/innobase/include/trx0sys.h:1123
      #8  trx_t::free (this=this@entry=0x14e74d20a2a0) at /test/10.6_dbg/storage/innobase/trx/trx0trx.cc:385
      #9  0x000055babb16a8fb in ha_innobase::truncate (this=0x14e70004e720) at /test/10.6_dbg/storage/innobase/handler/ha_innodb.cc:13375
      #10 0x000055babad660ba in handler::ha_truncate (this=0x14e70004e720) at /test/10.6_dbg/sql/handler.cc:4706
      #11 0x000055babac23717 in Sql_cmd_truncate_table::handler_truncate (this=this@entry=0x14e700014328, thd=thd@entry=0x14e700000db8,
          table_ref=table_ref@entry=0x14e700013c50, is_tmp_table=is_tmp_table@entry=false) at /test/10.6_dbg/sql/sql_truncate.cc:238
      #12 0x000055babac240c6 in Sql_cmd_truncate_table::truncate_table (this=this@entry=0x14e700014328, thd=thd@entry=0x14e700000db8,
          table_ref=table_ref@entry=0x14e700013c50) at /test/10.6_dbg/sql/sql_truncate.cc:478
      #13 0x000055babac242a8 in Sql_cmd_truncate_table::execute (this=0x14e700014328, thd=0x14e700000db8) at /test/10.6_dbg/sql/sql_truncate.cc:543
      #14 0x000055babaaa087b in mysql_execute_command (thd=thd@entry=0x14e700000db8) at /test/10.6_dbg/sql/sql_parse.cc:5972
      #15 0x000055babaa87876 in mysql_parse (thd=thd@entry=0x14e700000db8, rawbuf=<optimized out>, length=<optimized out>,
          parser_state=parser_state@entry=0x14e74cf4e410) at /test/10.6_dbg/sql/sql_parse.cc:7998
      #16 0x000055babaa961e7 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14e700000db8,
          packet=packet@entry=0x14e70000b359 "TRUNCATE t1", packet_length=packet_length@entry=11, blocking=blocking@entry=true)
          at /test/10.6_dbg/sql/sql_class.h:1318
      #17 0x000055babaa995c1 in do_command (thd=0x14e700000db8, blocking=blocking@entry=true) at /test/10.6_dbg/sql/sql_parse.cc:1397
      #18 0x000055bababf1178 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55babe0525e8,
          put_in_cache=put_in_cache@entry=true) at /test/10.6_dbg/sql/sql_connect.cc:1410
      #19 0x000055bababf177d in handle_one_connection (arg=arg@entry=0x55babe0525e8) at /test/10.6_dbg/sql/sql_connect.cc:1312
      #20 0x000055babb09ca5b in pfs_spawn_thread (arg=0x55babdf9ae78) at /test/10.6_dbg/storage/perfschema/pfs.cc:2201
      #21 0x000014e75000a609 in start_thread (arg=<optimized out>) at pthread_create.c:477
      #22 0x000014e74fbf9293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
      (gdb)
      

      TRUNCATE t1 does not crash 10.3 and 10.4, but it crashes with different assertions after adding DROP TABLE t1 in above testcase.

      CREATE TABLE t1 (a INT, b CHAR(12), FULLTEXT KEY(b)) engine=InnoDB;
      SET DEBUG_DBUG='+d,ib_create_table_fail_too_many_trx';
      TRUNCATE t1;
      DROP TABLE t1;
      

      10.4.19 1ea6ac3c953f847da033254d5df67f57987a1884 (Debug)

      mysqld: /test/10.4_dbg/storage/innobase/include/trx0trx.h:1121: void trx_t::assert_freed() const: Assertion `state == TRX_STATE_NOT_STARTED' failed.
      

      10.4.19 1ea6ac3c953f847da033254d5df67f57987a1884 (Debug)

      Core was generated by `/test/MD160321-mariadb-10.4.19-linux-x86_64-dbg/bin/mysqld --no-defaults --core'.
      Program terminated with signal SIGABRT, Aborted.
      #0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=6)
          at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
      [Current thread is 1 (Thread 0x146d4009e700 (LWP 836983))]
      (gdb) bt
      #0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=6) at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
      #1  0x000056025051eb25 in my_write_core (sig=sig@entry=6) at /test/10.4_dbg/mysys/stacktrace.c:386
      #2  0x000056024fc1f2e6 in handle_fatal_signal (sig=6) at /test/10.4_dbg/sql/signal_handler.cc:344
      #3  <signal handler called>
      #4  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
      #5  0x0000146d4107e859 in __GI_abort () at abort.c:79
      #6  0x0000146d4107e729 in __assert_fail_base (fmt=0x146d41214588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x56025081f318 "state == TRX_STATE_NOT_STARTED", file=0x5602507b6470 "/test/10.4_dbg/storage/innobase/include/trx0trx.h", line=1121, function=<optimized out>) at assert.c:92
      #7  0x0000146d4108ff36 in __GI___assert_fail (assertion=assertion@entry=0x56025081f318 "state == TRX_STATE_NOT_STARTED", file=file@entry=0x5602507b6470 "/test/10.4_dbg/storage/innobase/include/trx0trx.h", line=line@entry=1121, function=function@entry=0x56025081f338 "void trx_t::assert_freed() const") at assert.c:101
      #8  0x0000560250101ada in trx_t::assert_freed (this=this@entry=0x146d2c185228) at /test/10.4_dbg/storage/innobase/include/trx0trx.h:1121
      #9  0x00005602500fec3c in trx_create () at /test/10.4_dbg/storage/innobase/trx/trx0trx.cc:352
      #10 0x000056025022f1d9 in dict_stats_exec_sql (pinfo=pinfo@entry=0x146cd805c920, sql=sql@entry=0x56025083d770 "PROCEDURE DELETE_FROM_TABLE_STATS () IS\nBEGIN\nDELETE FROM \"mysql/innodb_table_stats\" WHERE\ndatabase_name = :database_name AND\ntable_name = :table_name;\nEND;\n", trx=trx@entry=0x0) at /test/10.4_dbg/storage/innobase/dict/dict0stats.cc:295
      #11 0x000056025022fe11 in dict_stats_delete_from_table_stats (table_name=0x146d40098f20 "t1", database_name=0x146d40098e50 "test") at /test/10.4_dbg/storage/innobase/dict/dict0stats.cc:3504
      #12 dict_stats_drop_table (db_and_table=<optimized out>, db_and_table@entry=0x146d40099910 "test/t1", errstr=errstr@entry=0x146d40099220 "", errstr_sz=errstr_sz@entry=1024) at /test/10.4_dbg/storage/innobase/dict/dict0stats.cc:3587
      #13 0x0000560250034c67 in row_drop_table_for_mysql (name=name@entry=0x146d40099910 "test/t1", trx=trx@entry=0x146d2c185228, sqlcom=sqlcom@entry=SQLCOM_DROP_TABLE, create_failed=create_failed@entry=false, nonatomic=<optimized out>, nonatomic@entry=true) at /test/10.4_dbg/storage/innobase/row/row0mysql.cc:3469
      #14 0x000056024feaafea in ha_innobase::delete_table (this=this@entry=0x146cd8013bd0, name=<optimized out>, name@entry=0x146d4009b830 "./test/t1", sqlcom=sqlcom@entry=SQLCOM_DROP_TABLE) at /test/10.4_dbg/storage/innobase/handler/ha_innodb.cc:13166
      #15 0x000056024fea1178 in ha_innobase::delete_table (this=0x146cd8013bd0, name=0x146d4009b830 "./test/t1") at /test/10.4_dbg/storage/innobase/handler/ha_innodb.cc:13291
      #16 0x000056024fc2d89d in handler::ha_delete_table (this=this@entry=0x146cd8013bd0, name=name@entry=0x146d4009b830 "./test/t1") at /test/10.4_dbg/sql/handler.cc:4754
      #17 0x000056024fc2da40 in ha_delete_table (thd=thd@entry=0x146cd8000d90, table_type=<optimized out>, path=path@entry=0x146d4009b830 "./test/t1", db=db@entry=0x146d4009b440, alias=alias@entry=0x146cd8013300, generate_warning=generate_warning@entry=true) at /test/10.4_dbg/sql/handler.cc:2625
      #18 0x000056024fa0a13d in mysql_rm_table_no_locks (thd=thd@entry=0x146cd8000d90, tables=tables@entry=0x146cd80132d8, if_exists=if_exists@entry=false, drop_temporary=drop_temporary@entry=false, drop_view=drop_view@entry=false, drop_sequence=drop_sequence@entry=false, dont_log_query=false, dont_free_locks=false) at /test/10.4_dbg/sql/sql_table.cc:2515
      #19 0x000056024fa0b688 in mysql_rm_table (thd=thd@entry=0x146cd8000d90, tables=tables@entry=0x146cd80132d8, if_exists=<optimized out>, drop_temporary=<optimized out>, drop_sequence=<optimized out>) at /test/10.4_dbg/sql/sql_table.cc:2120
      #20 0x000056024f950329 in mysql_execute_command (thd=thd@entry=0x146cd8000d90) at /test/10.4_dbg/sql/structs.h:558
      #21 0x000056024f956ebb in mysql_parse (thd=thd@entry=0x146cd8000d90, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x146d4009d490, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.4_dbg/sql/sql_parse.cc:7985
      #22 0x000056024f959719 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x146cd8000d90, packet=packet@entry=0x146cd801a351 "DROP TABLE t1", packet_length=packet_length@entry=13, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.4_dbg/sql/sql_class.h:1170
      #23 0x000056024f95cf4e in do_command (thd=0x146cd8000d90) at /test/10.4_dbg/sql/sql_parse.cc:1373
      #24 0x000056024fa95726 in do_handle_one_connection (connect=connect@entry=0x560252a7b260) at /test/10.4_dbg/sql/sql_connect.cc:1412
      #25 0x000056024fa95845 in handle_one_connection (arg=0x560252a7b260) at /test/10.4_dbg/sql/sql_connect.cc:1316
      #26 0x0000146d4163b609 in start_thread (arg=<optimized out>) at pthread_create.c:477
      #27 0x0000146d4117b293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
      

      10.3.29 eb7c5530eccb7d6782077e5562f5a471d2ccbc01 (Debug)

      mysqld: /test/10.3_dbg/storage/innobase/trx/trx0trx.cc:348: trx_t* trx_create(): Assertion `trx_state_eq((trx), TRX_STATE_NOT_STARTED)' failed.
      

      10.3.29 eb7c5530eccb7d6782077e5562f5a471d2ccbc01 (Debug)

      Core was generated by `/test/MD160321-mariadb-10.3.29-linux-x86_64-dbg/bin/mysqld --no-defaults --core'.
      Program terminated with signal SIGABRT, Aborted.
      #0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=6)
          at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
      [Current thread is 1 (Thread 0x1465f8071700 (LWP 836822))]
      (gdb) bt
      #0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=6) at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
      #1  0x00005621cf7b4b86 in my_write_core (sig=sig@entry=6) at /test/10.3_dbg/mysys/stacktrace.c:386
      #2  0x00005621cef5fb91 in handle_fatal_signal (sig=6) at /test/10.3_dbg/sql/signal_handler.cc:343
      #3  <signal handler called>
      #4  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
      #5  0x000014660fb20859 in __GI_abort () at abort.c:79
      #6  0x000014660fb20729 in __assert_fail_base (fmt=0x14660fcb6588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x5621cfa63c10 "trx_state_eq((trx), TRX_STATE_NOT_STARTED)", file=0x5621cfa62c30 "/test/10.3_dbg/storage/innobase/trx/trx0trx.cc", line=348, function=<optimized out>) at assert.c:92
      #7  0x000014660fb31f36 in __GI___assert_fail (assertion=assertion@entry=0x5621cfa63c10 "trx_state_eq((trx), TRX_STATE_NOT_STARTED)", file=file@entry=0x5621cfa62c30 "/test/10.3_dbg/storage/innobase/trx/trx0trx.cc", line=line@entry=348, function=function@entry=0x5621cfa64542 "trx_t* trx_create()") at assert.c:101
      #8  0x00005621cf4042ed in trx_create () at /test/10.3_dbg/storage/innobase/trx/trx0trx.cc:348
      #9  0x00005621cf5336d3 in dict_stats_exec_sql (pinfo=pinfo@entry=0x1465b00203e0, sql=sql@entry=0x5621cfa829a0 "PROCEDURE DELETE_FROM_TABLE_STATS () IS\nBEGIN\nDELETE FROM \"mysql/innodb_table_stats\" WHERE\ndatabase_name = :database_name AND\ntable_name = :table_name;\nEND;\n", trx=trx@entry=0x0) at /test/10.3_dbg/storage/innobase/dict/dict0stats.cc:296
      #10 0x00005621cf5338ce in dict_stats_delete_from_table_stats (database_name=database_name@entry=0x1465f806c290 "test", table_name=table_name@entry=0x1465f806c360 "t1") at /test/10.3_dbg/storage/innobase/dict/dict0stats.cc:3519
      #11 0x00005621cf533c93 in dict_stats_drop_table (db_and_table=<optimized out>, db_and_table@entry=0x1465f806cd50 "test/t1", errstr=errstr@entry=0x1465f806c660 "L\017\256\317!V", errstr_sz=errstr_sz@entry=1024) at /test/10.3_dbg/storage/innobase/dict/dict0stats.cc:3604
      #12 0x00005621cf3281a5 in row_drop_table_for_mysql (name=name@entry=0x1465f806cd50 "test/t1", trx=trx@entry=0x14660d0a1188, sqlcom=sqlcom@entry=SQLCOM_DROP_TABLE, create_failed=create_failed@entry=false, nonatomic=<optimized out>, nonatomic@entry=true) at /test/10.3_dbg/storage/innobase/row/row0mysql.cc:3476
      #13 0x00005621cf1b36fa in ha_innobase::delete_table (this=this@entry=0x1465b0011ec8, name=<optimized out>, name@entry=0x1465f806ea00 "./test/t1", sqlcom=sqlcom@entry=SQLCOM_DROP_TABLE) at /test/10.3_dbg/storage/innobase/handler/ha_innodb.cc:13153
      #14 0x00005621cf1a909e in ha_innobase::delete_table (this=0x1465b0011ec8, name=0x1465f806ea00 "./test/t1") at /test/10.3_dbg/storage/innobase/handler/ha_innodb.cc:13278
      #15 0x00005621cef6d30d in handler::ha_delete_table (this=this@entry=0x1465b0011ec8, name=name@entry=0x1465f806ea00 "./test/t1") at /test/10.3_dbg/sql/handler.cc:4708
      #16 0x00005621cef6d464 in ha_delete_table (thd=thd@entry=0x1465b0000d90, table_type=<optimized out>, path=path@entry=0x1465f806ea00 "./test/t1", db=db@entry=0x1465f806e610, alias=alias@entry=0x1465b0011660, generate_warning=generate_warning@entry=true) at /test/10.3_dbg/sql/handler.cc:2613
      #17 0x00005621ced84b30 in mysql_rm_table_no_locks (thd=thd@entry=0x1465b0000d90, tables=tables@entry=0x1465b0011638, if_exists=if_exists@entry=false, drop_temporary=drop_temporary@entry=false, drop_view=drop_view@entry=false, drop_sequence=drop_sequence@entry=false, dont_log_query=false, dont_free_locks=false) at /test/10.3_dbg/sql/sql_table.cc:2526
      #18 0x00005621ced8607b in mysql_rm_table (thd=thd@entry=0x1465b0000d90, tables=tables@entry=0x1465b0011638, if_exists=<optimized out>, drop_temporary=<optimized out>, drop_sequence=<optimized out>) at /test/10.3_dbg/sql/sql_table.cc:2130
      #19 0x00005621cecd7246 in mysql_execute_command (thd=thd@entry=0x1465b0000d90) at /test/10.3_dbg/sql/structs.h:542
      #20 0x00005621cecdd4c4 in mysql_parse (thd=thd@entry=0x1465b0000d90, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x1465f8070540, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.3_dbg/sql/sql_parse.cc:7867
      #21 0x00005621cecdfc32 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x1465b0000d90, packet=packet@entry=0x1465b00198f1 "DROP TABLE t1", packet_length=packet_length@entry=13, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.3_dbg/sql/sql_class.h:1139
      #22 0x00005621cece2ddf in do_command (thd=0x1465b0000d90) at /test/10.3_dbg/sql/sql_parse.cc:1398
      #23 0x00005621cee087db in do_handle_one_connection (connect=connect@entry=0x5621d16a0c70) at /test/10.3_dbg/sql/sql_connect.cc:1403
      #24 0x00005621cee08a12 in handle_one_connection (arg=0x5621d16a0c70) at /test/10.3_dbg/sql/sql_connect.cc:1308
      #25 0x0000146610026609 in start_thread (arg=<optimized out>) at pthread_create.c:477
      #26 0x000014660fc1d293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
      

      Attachments

        1. asan.err
          12 kB
          Ramesh Sivaraman

        Activity

          People

            thiru Thirunarayanan Balathandayuthapani
            ramesh Ramesh Sivaraman
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.