[MDEV-27007] SIGSEGV in trx_undo_build_roll_ptr - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Duplicate
Affects Version/s: 10.7(EOL)
Fix Version/s: 10.7.2
Component/s: Storage Engine - InnoDB
Labels:
- not-10.2
- not-10.3
- not-10.4
- not-10.5
- not-10.6

Description

SET @@sql_mode='ansi_quotes';

CREATE TABLE articles (id INT PRIMARY KEY, FTS_DOC_ID BIGINT UNSIGNED NOT NULL, title VARCHAR(200), body TEXT) ENGINE=InnoDB;

CREATE TABLE t1 (c1 INT NOT NULL PRIMARY KEY, c2 BIT NULL, c3 BIT NULL);

CREATE TABLE t2 (a INT UNIQUE) SELECT * FROM t1;

SET SESSION unique_checks=0;

SET foreign_key_checks=0;

XA START 'foo';

INSERT INTO articles (title) VALUES ('test'),('test');

SELECT * FROM articles;

INSERT INTO articles (title,body) VALUES ('TEST','TEST');

Leads to:

10.7.1 8bd21167d28748bea8717183534db1103a696755 (Optimized)
Core was generated by `/test/MD091121-mariadb-10.7.1-linux-x86_64-opt/bin/mysqld --no-defaults --core-'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x000055f9b69d3ce0 in trx_undo_build_roll_ptr (offset=<optimized out>,
page_no=<optimized out>, rseg_id=<optimized out>,
is_insert=<optimized out>)
at /test/10.7_opt/storage/innobase/include/trx0undo.ic:45
45 return roll_ptr_t{is_insert} << ROLL_PTR_INSERT_FLAG_POS \|
[Current thread is 1 (Thread 0x145991766700 (LWP 2793481))]
(gdb) bt
#0 0x000055f9b69d3ce0 in trx_undo_build_roll_ptr (offset=<optimized out>, page_no=<optimized out>, rseg_id=<optimized out>, is_insert=<optimized out>) at /test/10.7_opt/storage/innobase/include/trx0undo.ic:45
#1 trx_undo_report_row_operation (thr=thr@entry=0x14595405db90, index=index@entry=0x14595401c410, clust_entry=clust_entry@entry=0x14595401b750, update=update@entry=0x0, cmpl_info=cmpl_info@entry=0, rec=rec@entry=0x0, offsets=<optimized out>, roll_ptr=<optimized out>) at /test/10.7_opt/storage/innobase/trx/trx0rec.cc:2188
#2 0x000055f9b698433c in row_ins_clust_index_entry_low (flags=<optimized out>, mode=<optimized out>, index=0x14595401c410, n_uniq=<optimized out>, entry=0x14595401b750, n_ext=<optimized out>, thr=<optimized out>) at /test/10.7_opt/storage/innobase/row/row0ins.cc:2674
#3 0x000055f9b698446a in row_ins_clust_index_entry (index=0x14595401c410, entry=0x14595401b750, thr=0x14595405db90, n_ext=0) at /test/10.7_opt/storage/innobase/row/row0ins.cc:3246
#4 0x000055f9b6984b98 in row_ins_index_entry (thr=0x14595405db90, entry=<optimized out>, index=<optimized out>) at /test/10.7_opt/storage/innobase/row/row0ins.cc:3380
#5 row_ins_index_entry_step (thr=<optimized out>, node=<optimized out>) at /test/10.7_opt/storage/innobase/row/row0ins.cc:3548
#6 row_ins (thr=0x14595405da88, node=<optimized out>) at /test/10.7_opt/storage/innobase/row/row0ins.cc:3694
#7 row_ins_step (thr=thr@entry=0x14595405db90) at /test/10.7_opt/storage/innobase/row/row0ins.cc:3840
#8 0x000055f9b69959d4 in row_insert_for_mysql (mysql_rec=mysql_rec@entry=0x14595405c290 <incomplete sequence \374>, prebuilt=0x14595405d2f0, ins_mode=ROW_INS_NORMAL) at /test/10.7_opt/storage/innobase/row/row0mysql.cc:1318
#9 0x000055f9b68dd7fa in ha_innobase::write_row (this=0x14595405c6a0, record=0x14595405c290 <incomplete sequence \374>) at /test/10.7_opt/storage/innobase/handler/ha_innodb.cc:7822
#10 0x000055f9b65e8550 in handler::ha_write_row (this=0x14595405c6a0, buf=0x14595405c290 <incomplete sequence \374>) at /test/10.7_opt/sql/handler.cc:7516
#11 0x000055f9b635940d in write_record (thd=thd@entry=0x145954000c58, table=table@entry=0x14595404ca38, info=info@entry=0x145991764c60, sink=sink@entry=0x0) at /test/10.7_opt/sql/sql_insert.cc:2156
#12 0x000055f9b635fd4d in mysql_insert (thd=thd@entry=0x145954000c58, table_list=<optimized out>, fields=@0x145954005d58: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x1459540111e0, last = 0x145954011310, elements = 2}, <No data fields>}, values_list=@0x145954005da0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x1459540118e0, last = 0x1459540118e0, elements = 1}, <No data fields>}, update_fields=@0x145954005d88: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x55f9b7519510 <end_of_list>, last = 0x145954005d88, elements = 0}, <No data fields>}, update_values=@0x145954005d70: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x55f9b7519510 <end_of_list>, last = 0x145954005d70, elements = 0}, <No data fields>}, duplic=<optimized out>, ignore=<optimized out>, result=<optimized out>) at /test/10.7_opt/sql/sql_insert.cc:1127
#13 0x000055f9b639b33b in mysql_execute_command (thd=0x145954000c58, is_called_from_prepared_stmt=<optimized out>) at /test/10.7_opt/sql/sql_parse.cc:4563
#14 0x000055f9b638a936 in mysql_parse (thd=0x145954000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/10.7_opt/sql/sql_parse.cc:8028
#15 0x000055f9b6396c8d in dispatch_command (command=COM_QUERY, thd=0x145954000c58, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/10.7_opt/sql/sql_class.h:1360
#16 0x000055f9b6398ea8 in do_command (thd=0x145954000c58, blocking=blocking@entry=true) at /test/10.7_opt/sql/sql_parse.cc:1402
#17 0x000055f9b64b7b87 in do_handle_one_connection (connect=<optimized out>, put_in_cache=true) at /test/10.7_opt/sql/sql_connect.cc:1418
#18 0x000055f9b64b7ecd in handle_one_connection (arg=arg@entry=0x55f9b9c471a8) at /test/10.7_opt/sql/sql_connect.cc:1312
#19 0x000055f9b6827083 in pfs_spawn_thread (arg=0x55f9b9c47218) at /test/10.7_opt/storage/perfschema/pfs.cc:2201
#20 0x00001459a8b1e609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#21 0x00001459a870d293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

10.7.1 8bd21167d28748bea8717183534db1103a696755 (Debug)
Core was generated by `/test/MD091121-mariadb-10.7.1-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x0000556bda206d6e in trx_undo_build_roll_ptr (offset=<optimized out>,
page_no=<optimized out>, rseg_id=<optimized out>,
is_insert=<optimized out>)
at /test/10.7_dbg/storage/innobase/include/trx0undo.ic:45
45 return roll_ptr_t{is_insert} << ROLL_PTR_INSERT_FLAG_POS \|
[Current thread is 1 (Thread 0x15472d5cb700 (LWP 2787979))]
(gdb) bt
#0 0x0000556bda206d6e in trx_undo_build_roll_ptr (offset=<optimized out>, page_no=<optimized out>, rseg_id=<optimized out>, is_insert=<optimized out>) at /test/10.7_dbg/storage/innobase/include/trx0undo.ic:45
#1 trx_undo_report_row_operation (thr=thr@entry=0x1546ec089a58, index=index@entry=0x1546ec022c98, clust_entry=clust_entry@entry=0x1546ec022338, update=update@entry=0x0, cmpl_info=cmpl_info@entry=0, rec=rec@entry=0x0, offsets=0x0, roll_ptr=0x0) at /test/10.7_dbg/storage/innobase/trx/trx0rec.cc:2188
#2 0x0000556bda144e3a in row_ins_clust_index_entry_low (flags=flags@entry=0, mode=<optimized out>, mode@entry=2, index=index@entry=0x1546ec022c98, n_uniq=n_uniq@entry=1, entry=entry@entry=0x1546ec022338, n_ext=n_ext@entry=0, thr=<optimized out>) at /test/10.7_dbg/storage/innobase/row/row0ins.cc:2674
#3 0x0000556bda146d91 in row_ins_clust_index_entry (index=index@entry=0x1546ec022c98, entry=entry@entry=0x1546ec022338, thr=thr@entry=0x1546ec089a58, n_ext=n_ext@entry=0) at /test/10.7_dbg/storage/innobase/row/row0ins.cc:3246
#4 0x0000556bda14be40 in row_ins_index_entry (thr=0x1546ec089a58, entry=0x1546ec022338, index=0x1546ec022c98) at /test/10.7_dbg/storage/innobase/row/row0ins.cc:3380
#5 row_ins_index_entry_step (thr=0x1546ec089a58, node=0x1546ec089720) at /test/10.7_dbg/storage/innobase/row/row0ins.cc:3548
#6 row_ins (thr=0x1546ec089a58, node=0x1546ec089720) at /test/10.7_dbg/storage/innobase/row/row0ins.cc:3694
#7 row_ins_step (thr=thr@entry=0x1546ec089a58) at /test/10.7_dbg/storage/innobase/row/row0ins.cc:3840
#8 0x0000556bda17062f in row_insert_for_mysql (mysql_rec=mysql_rec@entry=0x1546ec073680 <incomplete sequence \374>, prebuilt=0x1546ec089198, ins_mode=ROW_INS_NORMAL) at /test/10.7_dbg/storage/innobase/row/row0mysql.cc:1318
#9 0x0000556bd9fe48f9 in ha_innobase::write_row (this=0x1546ec0884b0, record=0x1546ec073680 <incomplete sequence \374>) at /test/10.7_dbg/storage/innobase/handler/ha_innodb.cc:7822
#10 0x0000556bd9c308af in handler::ha_write_row (this=0x1546ec0884b0, buf=0x1546ec073680 <incomplete sequence \374>) at /test/10.7_dbg/sql/handler.cc:7516
#11 0x0000556bd98d1b7d in write_record (thd=thd@entry=0x1546ec000db8, table=table@entry=0x1546ec07dec8, info=info@entry=0x15472d5c9ca0, sink=sink@entry=0x0) at /test/10.7_dbg/sql/sql_insert.cc:2156
#12 0x0000556bd98dd85c in mysql_insert (thd=thd@entry=0x1546ec000db8, table_list=0x1546ec013ef8, fields=@0x1546ec006078: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x1546ec014700, last = 0x1546ec014830, elements = 2}, <No data fields>}, values_list=@0x1546ec0060c0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x1546ec014e00, last = 0x1546ec014e00, elements = 1}, <No data fields>}, update_fields=@0x1546ec0060a8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x556bdaf6d940 <end_of_list>, last = 0x1546ec0060a8, elements = 0}, <No data fields>}, update_values=@0x1546ec006090: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x556bdaf6d940 <end_of_list>, last = 0x1546ec006090, elements = 0}, <No data fields>}, duplic=DUP_ERROR, ignore=false, result=0x0) at /test/10.7_dbg/sql/sql_insert.cc:1127
#13 0x0000556bd9924170 in mysql_execute_command (thd=thd@entry=0x1546ec000db8, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.7_dbg/sql/sql_parse.cc:4563
#14 0x0000556bd990eb6c in mysql_parse (thd=thd@entry=0x1546ec000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x15472d5ca400) at /test/10.7_dbg/sql/sql_parse.cc:8028
#15 0x0000556bd991d7f1 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x1546ec000db8, packet=packet@entry=0x1546ec00b879 "INSERT INTO articles (title,body) VALUES ('TEST','TEST')", packet_length=packet_length@entry=56, blocking=blocking@entry=true) at /test/10.7_dbg/sql/sql_class.h:1360
#16 0x0000556bd9920c2e in do_command (thd=0x1546ec000db8, blocking=blocking@entry=true) at /test/10.7_dbg/sql/sql_parse.cc:1402
#17 0x0000556bd9a9a5b0 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x556bdcf7b5b8, put_in_cache=put_in_cache@entry=true) at /test/10.7_dbg/sql/sql_connect.cc:1418
#18 0x0000556bd9a9abb5 in handle_one_connection (arg=arg@entry=0x556bdcf7b5b8) at /test/10.7_dbg/sql/sql_connect.cc:1312
#19 0x0000556bd9f1bcd0 in pfs_spawn_thread (arg=0x556bdce8ece8) at /test/10.7_dbg/storage/perfschema/pfs.cc:2201
#20 0x000015474497e609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#21 0x000015474456d293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Bug confirmed present in:
MariaDB: 10.7.1 (dbg), 10.7.1 (opt)

Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.2.41 (dbg), 10.2.41 (opt), 10.3.32 (dbg), 10.3.32 (opt), 10.4.22 (dbg), 10.4.22 (opt), 10.5.13 (dbg), 10.5.13 (opt), 10.6.5 (dbg), 10.6.5 (opt)

Attachments

Issue Links

is duplicated by

MDEV-26947 UNIQUE column checks fail in InnoDB resulting in table corruption

Closed

relates to

MDEV-27971 SIGSEGV in trx_undo_build_roll_ptr on INSERT with binary logging enabled and using XA

Closed

SIGSEGV in trx_undo_build_roll_ptr

Details

Description

Attachments

Issue Links

Activity

People

Dates

Git Integration