[MDEV-27240] SIGSEGV in ha_spider::store_lock on LOCK TABLE - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Critical
Resolution: Fixed
Affects Version/s: 10.5, 10.6, 10.7(EOL), 10.8(EOL)
Fix Version/s: 10.5.14, 10.6.6, 10.7.2
Component/s: Locking, Storage Engine - Spider
Labels:
- not-10.2
- not-10.3
- not-10.4
- regression
- spider

Description

Note the different stacks across versions.

INSTALL PLUGIN spider SONAME 'ha_spider.so';

CREATE TABLE t2 (a INT KEY) ENGINE=SPIDER;

SELECT a.z FROM t2 AS a,t2 b WHERE a.z=b.z;

CREATE TABLE t (a INT);

ALTER TABLE t2 CHANGE c c INT;

LOCK TABLE t WRITE,t2 READ;

Leads to:

10.7.2 979b23d5bfb11bb698ea65c9468b374978737ec0 (Debug)
Core was generated by `/test/MD121221-mariadb-10.7.2-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x000014c29c14becf in ha_spider::store_lock (this=0x14c2100c9de0,
thd=<optimized out>, to=0x14c2100b1418, lock_type=TL_READ_NO_INSERT)
at /test/10.7_dbg/storage/spider/ha_spider.cc:1178
1178 if (unlikely((store_error_num =
[Current thread is 1 (Thread 0x14c2a89a5700 (LWP 3053893))]
(gdb) bt
#0 0x000014c29c14becf in ha_spider::store_lock (this=0x14c2100c9de0, thd=<optimized out>, to=0x14c2100b1418, lock_type=TL_READ_NO_INSERT) at /test/10.7_dbg/storage/spider/ha_spider.cc:1178
#1 0x0000558c6a6be05a in get_lock_data (thd=thd@entry=0x14c210000db8, table_ptr=table_ptr@entry=0x14c210014e68, count=count@entry=2, flags=flags@entry=1) at /test/10.7_dbg/sql/lock.cc:809
#2 0x0000558c6a6be618 in mysql_lock_tables (thd=thd@entry=0x14c210000db8, tables=tables@entry=0x14c210014e68, count=count@entry=2, flags=flags@entry=0) at /test/10.7_dbg/sql/lock.cc:298
#3 0x0000558c6a1a66ca in lock_tables (thd=thd@entry=0x14c210000db8, tables=0x14c210013ea0, count=<optimized out>, flags=flags@entry=0) at /test/10.7_dbg/sql/sql_base.cc:5559
#4 0x0000558c6a2357d2 in lock_tables_open_and_lock_tables (thd=thd@entry=0x14c210000db8, tables=<optimized out>) at /test/10.7_dbg/sql/sql_parse.cc:2958
#5 0x0000558c6a241c4a in mysql_execute_command (thd=thd@entry=0x14c210000db8, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.7_dbg/sql/sql_parse.cc:5124
#6 0x0000558c6a22ae0f in mysql_parse (thd=thd@entry=0x14c210000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14c2a89a4400) at /test/10.7_dbg/sql/sql_parse.cc:8028
#7 0x0000558c6a239aab in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14c210000db8, packet=packet@entry=0x14c21000b879 "LOCK TABLE t WRITE,t2 READ", packet_length=packet_length@entry=26, blocking=blocking@entry=true) at /test/10.7_dbg/sql/sql_class.h:1360
#8 0x0000558c6a23ceea in do_command (thd=0x14c210000db8, blocking=blocking@entry=true) at /test/10.7_dbg/sql/sql_parse.cc:1402
#9 0x0000558c6a3b6902 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x558c6c8f4ae8, put_in_cache=put_in_cache@entry=true) at /test/10.7_dbg/sql/sql_connect.cc:1418
#10 0x0000558c6a3b6f07 in handle_one_connection (arg=arg@entry=0x558c6c8f4ae8) at /test/10.7_dbg/sql/sql_connect.cc:1312
#11 0x0000558c6a83733e in pfs_spawn_thread (arg=0x558c6c8084c8) at /test/10.7_dbg/storage/perfschema/pfs.cc:2201
#12 0x000014c2b3118609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#13 0x000014c2b2d06293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

10.5.14 88b339805d7a9ddebc3fd61e9dee83270dbf474d (Optimized)
Core was generated by `/test/MD121221-mariadb-10.5.14-linux-x86_64-opt/bin/mysqld --no-defaults --core'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x000014dcac134f47 in ha_spider::store_lock (lock_type=TL_READ_NO_INSERT,
to=0x14dc100574f8, thd=<optimized out>, this=0x14dc1007ae30)
at /test/10.5_opt/storage/spider/ha_spider.cc:1178
1178 if (unlikely((store_error_num =
[Current thread is 1 (Thread 0x14dcac917700 (LWP 3053217))]
(gdb) bt
#0 0x000014dcac134f47 in ha_spider::store_lock (lock_type=TL_READ_NO_INSERT, to=0x14dc100574f8, thd=<optimized out>, this=0x14dc1007ae30) at /test/10.5_opt/storage/spider/ha_spider.cc:1178
#1 ha_spider::store_lock (this=0x14dc1007ae30, thd=<optimized out>, to=0x14dc100574f8, lock_type=TL_READ_NO_INSERT) at /test/10.5_opt/storage/spider/ha_spider.cc:1042
#2 0x0000563f90a0d532 in get_lock_data (thd=thd@entry=0x14dc10000c58, table_ptr=table_ptr@entry=0x14dc10011488, count=count@entry=2, flags=<optimized out>) at /test/10.5_opt/sql/lock.cc:809
#3 0x0000563f90a0d7f9 in mysql_lock_tables (thd=thd@entry=0x14dc10000c58, tables=0x14dc10011488, count=count@entry=2, flags=flags@entry=0) at /test/10.5_opt/sql/lock.cc:298
#4 0x0000563f90678e5f in lock_tables (thd=thd@entry=0x14dc10000c58, tables=tables@entry=0x14dc100104d0, count=<optimized out>, flags=flags@entry=0) at /test/10.5_opt/sql/sql_base.cc:5512
#5 0x0000563f906df414 in lock_tables_open_and_lock_tables (thd=thd@entry=0x14dc10000c58, tables=<optimized out>) at /test/10.5_opt/sql/sql_parse.cc:3024
#6 0x0000563f906eafab in mysql_execute_command (thd=0x14dc10000c58) at /test/10.5_opt/sql/sql_parse.cc:5185
#7 0x0000563f906d6243 in mysql_parse (thd=0x14dc10000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /test/10.5_opt/sql/sql_parse.cc:8100
#8 0x0000563f906e305d in dispatch_command (command=COM_QUERY, thd=0x14dc10000c58, packet=<optimized out>, packet_length=<optimized out>, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /test/10.5_opt/sql/sql_class.h:1290
#9 0x0000563f906e5832 in do_command (thd=0x14dc10000c58) at /test/10.5_opt/sql/sql_parse.cc:1370
#10 0x0000563f907ed2e1 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x563f92eee4b8, put_in_cache=put_in_cache@entry=true) at /test/10.5_opt/sql/sql_connect.cc:1418
#11 0x0000563f907ed75d in handle_one_connection (arg=arg@entry=0x563f92eee4b8) at /test/10.5_opt/sql/sql_connect.cc:1312
#12 0x0000563f90b7d999 in pfs_spawn_thread (arg=0x563f92e5c908) at /test/10.5_opt/storage/perfschema/pfs.cc:2201
#13 0x000014dcb8272609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#14 0x000014dcb7e60293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

10.8.0 ccdf5711a8fff0cd610a91fdcf37c8ff1182878c (Optimized)
Core was generated by `/test/MD121221-mariadb-10.8.0-linux-x86_64-opt/bin/mysqld --no-defaults --core-'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x0000148c0417026d in ha_spider::lock_tables (this=0x148b94047530)
at /test/10.8_opt/storage/spider/ha_spider.cc:16358
16358 if (!conns[search_link_idx])
[Current thread is 1 (Thread 0x148c0474c700 (LWP 3053251))]
(gdb) bt
#0 0x0000148c0417026d in ha_spider::lock_tables (this=0x148b94047530) at /test/10.8_opt/storage/spider/ha_spider.cc:16358
#1 0x0000148c04170744 in ha_spider::external_lock (this=0x148b9407d830, thd=<optimized out>, lock_type=<optimized out>) at /test/10.8_opt/storage/spider/ha_spider.cc:1342
#2 0x000055accaf51484 in handler::ha_external_lock (this=0x148b9407d830, thd=thd@entry=0x148b94000c58, lock_type=lock_type@entry=0) at /test/10.8_opt/sql/handler.cc:7042
#3 0x000055accb069c69 in lock_external (count=<optimized out>, tables=0x148b94061510, thd=0x148b94000c58) at /test/10.8_opt/sql/lock.cc:393
#4 mysql_lock_tables (thd=0x148b94000c58, sql_lock=0x148b940614d8, flags=<optimized out>) at /test/10.8_opt/sql/lock.cc:338
#5 0x000055accb06a98f in mysql_lock_tables (thd=thd@entry=0x148b94000c58, tables=0x148b94011948, count=count@entry=2, flags=flags@entry=0) at /test/10.8_opt/sql/lock.cc:301
#6 0x000055accac916f3 in lock_tables (thd=thd@entry=0x148b94000c58, tables=tables@entry=0x148b94010980, count=<optimized out>, flags=flags@entry=0) at /test/10.8_opt/sql/sql_base.cc:5559
#7 0x000055accacfc2b4 in lock_tables_open_and_lock_tables (thd=thd@entry=0x148b94000c58, tables=<optimized out>) at /test/10.8_opt/sql/sql_parse.cc:2958
#8 0x000055accad074e7 in mysql_execute_command (thd=0x148b94000c58, is_called_from_prepared_stmt=<optimized out>) at /test/10.8_opt/sql/sql_parse.cc:5124
#9 0x000055accacf3986 in mysql_parse (thd=0x148b94000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/10.8_opt/sql/sql_parse.cc:8028
#10 0x000055accacffb35 in dispatch_command (command=COM_QUERY, thd=0x148b94000c58, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/10.8_opt/sql/sql_class.h:1360
#11 0x000055accad01d27 in do_command (thd=0x148b94000c58, blocking=blocking@entry=true) at /test/10.8_opt/sql/sql_parse.cc:1402
#12 0x000055accae202e7 in do_handle_one_connection (connect=<optimized out>, put_in_cache=true) at /test/10.8_opt/sql/sql_connect.cc:1418
#13 0x000055accae2062d in handle_one_connection (arg=arg@entry=0x55acceae5be8) at /test/10.8_opt/sql/sql_connect.cc:1312
#14 0x000055accb18e5d8 in pfs_spawn_thread (arg=0x55accea9d218) at /test/10.8_opt/storage/perfschema/pfs.cc:2201
#15 0x0000148c0fe85609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#16 0x0000148c0fa73293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Bug confirmed present in:
MariaDB: 10.5.14 (dbg), 10.5.14 (opt), 10.6.6 (dbg), 10.6.6 (opt), 10.7.2 (dbg), 10.7.2 (opt), 10.8.0 (dbg), 10.8.0 (opt)

Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.2.42 (dbg), 10.2.42 (opt), 10.3.33 (dbg), 10.3.33 (opt), 10.4.23 (dbg), 10.4.23 (opt)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.36 (dbg), 5.7.36 (opt), 8.0.27 (dbg), 8.0.27 (opt)

Attachments

Issue Links

duplicates

MDEV-27404 SIGSEGV in rbt_free_node, hang in 'closing tables' state on DROP TABLE

Closed

is caused by

MDEV-19002 Partition performance optimization

Stalled

is duplicated by

MDEV-27171 Spider: SIGSEGV in spider_set_direct_limit_offset on INSERT

Closed

MDEV-27388 SIGSEGV in spider_set_direct_limit_offset on SELECT

Closed

MDEV-27522 SIGSEGV in spider_set_direct_limit_offset on INSERT

Closed

relates to

MDEV-24769 Spider crash when selecting all rows from the partitioned table

Closed

MDEV-27334 Assertion `!is_set() || (m_status == DA_OK_BULK && is_bulk_op())' failed in Diagnostics_area::set_ok_status on CREATE TRIGGER

Closed

MDEV-27526 Spider: SIGSEGV in ha_spider::lock_tables and Assertion `thd->transaction->stmt.ha_list == __null || trans == &thd->transaction->stmt' failed in ha_commit_trans on START TRANSACTION

Closed

MDEV-29963 SIGSEGV in spider_db_mbase::append_lock_tables on LOCK TABLES

Closed

MDEV-24769 Spider crash when selecting all rows from the partitioned table

Closed

MDEV-27369 Renaming Spider table fails due to ERROR 1062 (23000): Duplicate entry '...' for key 'PRIMARY'

Stalled

(6 relates to)

Activity

Ascending order - Click to sort in descending order

View 18 older comments

Roel Van de Paar added a comment - 2022-01-17 02:17

Found another testcase with yet another stack.

INSTALL PLUGIN spider SONAME 'ha_spider.so';

CREATE TABLE t (code CHAR(1),KEY(code)) ENGINE=SPIDER;

EXPLAIN SELECT * FROM t WHERE t2.a IN (SELECT a FROM t);

ALTER TABLE t CHANGE a a ENUM ('','') CHARACTER SET utf32;

CREATE TABLE test (a TEXT,FULLTEXT KEY(a)) ENGINE=InnoDB;

LOCK TABLES t WRITE;

Leads to:

10.8.0 347f6d01e3b570dce49aa1ab42cb83021905a14d (Debug)
Core was generated by `/test/MD150122-mariadb-10.8.0-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 ha_spider::append_lock_tables_list (this=0x8f8f8f8f00000001)
at /test/10.8_dbg/storage/spider/ha_spider.cc:16284
[Current thread is 1 (Thread 0x14e6465fb700 (LWP 3381812))]
(gdb) bt
#0 ha_spider::append_lock_tables_list (this=0x8f8f8f8f00000001) at /test/10.8_dbg/storage/spider/ha_spider.cc:16284
#1 0x000014e646502ed8 in ha_spider::store_lock (this=0x14e5e40c9d30, thd=<optimized out>, to=0x14e5e408c258, lock_type=TL_WRITE) at /test/10.8_dbg/storage/spider/ha_spider.cc:1178
#2 0x000055dd9d63c4c2 in get_lock_data (thd=thd@entry=0x14e5e4000db8, table_ptr=table_ptr@entry=0x14e5e4014738, count=count@entry=1, flags=flags@entry=1) at /test/10.8_dbg/sql/lock.cc:809
#3 0x000055dd9d63ca80 in mysql_lock_tables (thd=thd@entry=0x14e5e4000db8, tables=tables@entry=0x14e5e4014738, count=count@entry=1, flags=flags@entry=0) at /test/10.8_dbg/sql/lock.cc:298
#4 0x000055dd9d1237c0 in lock_tables (thd=thd@entry=0x14e5e4000db8, tables=0x14e5e4013e90, count=<optimized out>, flags=flags@entry=0) at /test/10.8_dbg/sql/sql_base.cc:5561
#5 0x000055dd9d1b28c8 in lock_tables_open_and_lock_tables (thd=thd@entry=0x14e5e4000db8, tables=<optimized out>) at /test/10.8_dbg/sql/sql_parse.cc:2958
#6 0x000055dd9d1bed75 in mysql_execute_command (thd=thd@entry=0x14e5e4000db8, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.8_dbg/sql/sql_parse.cc:5123
#7 0x000055dd9d1a7f05 in mysql_parse (thd=thd@entry=0x14e5e4000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14e6465fa400) at /test/10.8_dbg/sql/sql_parse.cc:8027
#8 0x000055dd9d1b6ba1 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14e5e4000db8, packet=packet@entry=0x14e5e400b879 "LOCK TABLES t WRITE", packet_length=packet_length@entry=19, blocking=blocking@entry=true) at /test/10.8_dbg/sql/sql_class.h:1360
#9 0x000055dd9d1b9fe8 in do_command (thd=0x14e5e4000db8, blocking=blocking@entry=true) at /test/10.8_dbg/sql/sql_parse.cc:1402
#10 0x000055dd9d3339cc in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55dda0313ba8, put_in_cache=put_in_cache@entry=true) at /test/10.8_dbg/sql/sql_connect.cc:1418
#11 0x000055dd9d333fd1 in handle_one_connection (arg=arg@entry=0x55dda0313ba8) at /test/10.8_dbg/sql/sql_connect.cc:1312
#12 0x000055dd9d7b59a2 in pfs_spawn_thread (arg=0x55dda02258d8) at /test/10.8_dbg/storage/perfschema/pfs.cc:2201
#13 0x000014e66577a609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#14 0x000014e665368293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Bug confirmed present in:
MariaDB: 10.5.14 (dbg), 10.6.6 (dbg), 10.6.6 (opt), 10.7.2 (dbg), 10.7.2 (opt), 10.8.0 (dbg), 10.8.0 (opt)

Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.2.42 (dbg), 10.2.42 (opt), 10.3.33 (dbg), 10.3.33 (opt), 10.4.23 (dbg), 10.4.23 (opt), 10.5.14 (opt)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.36 (dbg), 5.7.36 (opt), 8.0.27 (dbg), 8.0.27 (opt)

Roel Van de Paar added a comment - 2022-01-17 02:17 Found another testcase with yet another stack. INSTALL PLUGIN spider SONAME 'ha_spider.so' ; CREATE TABLE t (code CHAR (1), KEY (code)) ENGINE=SPIDER; EXPLAIN SELECT * FROM t WHERE t2.a IN ( SELECT a FROM t); ALTER TABLE t CHANGE a a ENUM ( '' , '' ) CHARACTER SET utf32; CREATE TABLE test (a TEXT,FULLTEXT KEY (a)) ENGINE=InnoDB; LOCK TABLES t WRITE; Leads to: 10.8.0 347f6d01e3b570dce49aa1ab42cb83021905a14d (Debug) Core was generated by `/test/MD150122-mariadb-10.8.0-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'. Program terminated with signal SIGSEGV, Segmentation fault. #0 ha_spider::append_lock_tables_list (this=0x8f8f8f8f00000001) at /test/10.8_dbg/storage/spider/ha_spider.cc:16284 [Current thread is 1 (Thread 0x14e6465fb700 (LWP 3381812))] (gdb) bt #0 ha_spider::append_lock_tables_list (this=0x8f8f8f8f00000001) at /test/10.8_dbg/storage/spider/ha_spider.cc:16284 #1 0x000014e646502ed8 in ha_spider::store_lock (this=0x14e5e40c9d30, thd=<optimized out>, to=0x14e5e408c258, lock_type=TL_WRITE) at /test/10.8_dbg/storage/spider/ha_spider.cc:1178 #2 0x000055dd9d63c4c2 in get_lock_data (thd=thd@entry=0x14e5e4000db8, table_ptr=table_ptr@entry=0x14e5e4014738, count=count@entry=1, flags=flags@entry=1) at /test/10.8_dbg/sql/lock.cc:809 #3 0x000055dd9d63ca80 in mysql_lock_tables (thd=thd@entry=0x14e5e4000db8, tables=tables@entry=0x14e5e4014738, count=count@entry=1, flags=flags@entry=0) at /test/10.8_dbg/sql/lock.cc:298 #4 0x000055dd9d1237c0 in lock_tables (thd=thd@entry=0x14e5e4000db8, tables=0x14e5e4013e90, count=<optimized out>, flags=flags@entry=0) at /test/10.8_dbg/sql/sql_base.cc:5561 #5 0x000055dd9d1b28c8 in lock_tables_open_and_lock_tables (thd=thd@entry=0x14e5e4000db8, tables=<optimized out>) at /test/10.8_dbg/sql/sql_parse.cc:2958 #6 0x000055dd9d1bed75 in mysql_execute_command (thd=thd@entry=0x14e5e4000db8, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.8_dbg/sql/sql_parse.cc:5123 #7 0x000055dd9d1a7f05 in mysql_parse (thd=thd@entry=0x14e5e4000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14e6465fa400) at /test/10.8_dbg/sql/sql_parse.cc:8027 #8 0x000055dd9d1b6ba1 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14e5e4000db8, packet=packet@entry=0x14e5e400b879 "LOCK TABLES t WRITE", packet_length=packet_length@entry=19, blocking=blocking@entry=true) at /test/10.8_dbg/sql/sql_class.h:1360 #9 0x000055dd9d1b9fe8 in do_command (thd=0x14e5e4000db8, blocking=blocking@entry=true) at /test/10.8_dbg/sql/sql_parse.cc:1402 #10 0x000055dd9d3339cc in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55dda0313ba8, put_in_cache=put_in_cache@entry=true) at /test/10.8_dbg/sql/sql_connect.cc:1418 #11 0x000055dd9d333fd1 in handle_one_connection (arg=arg@entry=0x55dda0313ba8) at /test/10.8_dbg/sql/sql_connect.cc:1312 #12 0x000055dd9d7b59a2 in pfs_spawn_thread (arg=0x55dda02258d8) at /test/10.8_dbg/storage/perfschema/pfs.cc:2201 #13 0x000014e66577a609 in start_thread (arg=<optimized out>) at pthread_create.c:477 #14 0x000014e665368293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 Bug confirmed present in: MariaDB: 10.5.14 (dbg), 10.6.6 (dbg), 10.6.6 (opt), 10.7.2 (dbg), 10.7.2 (opt), 10.8.0 (dbg), 10.8.0 (opt) Bug (or feature/syntax) confirmed not present in: MariaDB: 10.2.42 (dbg), 10.2.42 (opt), 10.3.33 (dbg), 10.3.33 (opt), 10.4.23 (dbg), 10.4.23 (opt), 10.5.14 (opt) MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.36 (dbg), 5.7.36 (opt), 8.0.27 (dbg), 8.0.27 (opt)

Roel Van de Paar added a comment - 2022-01-17 03:11 - edited

Confirmed that the last testcase above does not crash in bb-10.5-MDEV-27240 in both debug and optimized builds.

The second last testcase above does crash on the same branch however:

10.5.14 c5b466bcf00fd3eeb1ac9a8664ee3558001f43fb (Debug)
10.5.14-dbg>START TRANSACTION WITH CONSISTENT SNAPSHOT,READ ONLY;
ERROR 2013 (HY000): Lost connection to MySQL server during query

10.5.14 c5b466bcf00fd3eeb1ac9a8664ee3558001f43fb (Debug)
mysqld: /test/bb-10.5-MDEV-27240_dbg/sql/handler.cc:1572: int ha_commit_trans(THD*, bool): Assertion `thd->transaction->stmt.ha_list == __null \|\| trans == &thd->transaction->stmt' failed.

10.5.14 c5b466bcf00fd3eeb1ac9a8664ee3558001f43fb (Debug)
Core was generated by `/test/MDEV-27106-MD170122-mariadb-10.5.14-linux-x86_64-dbg/bin/mysqld --no-defa'.
Program terminated with signal SIGABRT, Aborted.
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
[Current thread is 1 (Thread 0x14d8645d3700 (LWP 3285360))]
(gdb) bt
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1 0x000014d86da59859 in __GI_abort () at abort.c:79
#2 0x000014d86da59729 in __assert_fail_base (fmt=0x14d86dbef588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x55f38fb92298 "thd->transaction->stmt.ha_list == __null \|\| trans == &thd->transaction->stmt", file=0x55f38fb91a30 "/test/bb-10.5-MDEV-27240_dbg/sql/handler.cc", line=1572, function=<optimized out>) at assert.c:92
#3 0x000014d86da6af36 in __GI___assert_fail (assertion=assertion@entry=0x55f38fb92298 "thd->transaction->stmt.ha_list == __null \|\| trans == &thd->transaction->stmt", file=file@entry=0x55f38fb91a30 "/test/bb-10.5-MDEV-27240_dbg/sql/handler.cc", line=line@entry=1572, function=function@entry=0x55f38fb94768 "int ha_commit_trans(THD*, bool)") at assert.c:101
#4 0x000055f38efd12f5 in ha_commit_trans (thd=thd@entry=0x14d7cc000db8, all=all@entry=true) at /test/bb-10.5-MDEV-27240_dbg/sql/handler.cc:1572
#5 0x000055f38ee5fa29 in trans_begin (thd=thd@entry=0x14d7cc000db8, flags=3) at /test/bb-10.5-MDEV-27240_dbg/sql/transaction.cc:127
#6 0x000055f38ecf3078 in mysql_execute_command (thd=thd@entry=0x14d7cc000db8) at /test/bb-10.5-MDEV-27240_dbg/sql/sql_parse.cc:5658
#7 0x000055f38ecd9bce in mysql_parse (thd=thd@entry=0x14d7cc000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14d8645d23d0, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/bb-10.5-MDEV-27240_dbg/sql/sql_parse.cc:8100
#8 0x000055f38ece9421 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14d7cc000db8, packet=packet@entry=0x14d7cc00b4a9 "START TRANSACTION WITH CONSISTENT SNAPSHOT,READ ONLY", packet_length=packet_length@entry=52, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/bb-10.5-MDEV-27240_dbg/sql/sql_class.h:1290
#9 0x000055f38ececc9d in do_command (thd=0x14d7cc000db8) at /test/bb-10.5-MDEV-27240_dbg/sql/sql_parse.cc:1370
#10 0x000055f38ee4a082 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55f39234c638, put_in_cache=put_in_cache@entry=true) at /test/bb-10.5-MDEV-27240_dbg/sql/sql_connect.cc:1418
#11 0x000055f38ee4a785 in handle_one_connection (arg=arg@entry=0x55f39234c638) at /test/bb-10.5-MDEV-27240_dbg/sql/sql_connect.cc:1312
#12 0x000055f38f306f6f in pfs_spawn_thread (arg=0x55f3922961a8) at /test/bb-10.5-MDEV-27240_dbg/storage/perfschema/pfs.cc:2201
#13 0x000014d86df68609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#14 0x000014d86db56293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Roel Van de Paar added a comment - 2022-01-17 03:11 - edited Confirmed that the last testcase above does not crash in bb-10.5- MDEV-27240 in both debug and optimized builds. The second last testcase above does crash on the same branch however: 10.5.14 c5b466bcf00fd3eeb1ac9a8664ee3558001f43fb (Debug) 10.5.14-dbg>START TRANSACTION WITH CONSISTENT SNAPSHOT,READ ONLY; ERROR 2013 (HY000): Lost connection to MySQL server during query 10.5.14 c5b466bcf00fd3eeb1ac9a8664ee3558001f43fb (Debug) mysqld: /test/bb-10.5-MDEV-27240_dbg/sql/handler.cc:1572: int ha_commit_trans(THD*, bool): Assertion `thd->transaction->stmt.ha_list == __null || trans == &thd->transaction->stmt' failed. 10.5.14 c5b466bcf00fd3eeb1ac9a8664ee3558001f43fb (Debug) Core was generated by `/test/MDEV-27106-MD170122-mariadb-10.5.14-linux-x86_64-dbg/bin/mysqld --no-defa'. Program terminated with signal SIGABRT, Aborted. #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 [Current thread is 1 (Thread 0x14d8645d3700 (LWP 3285360))] (gdb) bt #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 #1 0x000014d86da59859 in __GI_abort () at abort.c:79 #2 0x000014d86da59729 in __assert_fail_base (fmt=0x14d86dbef588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x55f38fb92298 "thd->transaction->stmt.ha_list == __null || trans == &thd->transaction->stmt", file=0x55f38fb91a30 "/test/bb-10.5-MDEV-27240_dbg/sql/handler.cc", line=1572, function=<optimized out>) at assert.c:92 #3 0x000014d86da6af36 in __GI___assert_fail (assertion=assertion@entry=0x55f38fb92298 "thd->transaction->stmt.ha_list == __null || trans == &thd->transaction->stmt", file=file@entry=0x55f38fb91a30 "/test/bb-10.5-MDEV-27240_dbg/sql/handler.cc", line=line@entry=1572, function=function@entry=0x55f38fb94768 "int ha_commit_trans(THD*, bool)") at assert.c:101 #4 0x000055f38efd12f5 in ha_commit_trans (thd=thd@entry=0x14d7cc000db8, all=all@entry=true) at /test/bb-10.5-MDEV-27240_dbg/sql/handler.cc:1572 #5 0x000055f38ee5fa29 in trans_begin (thd=thd@entry=0x14d7cc000db8, flags=3) at /test/bb-10.5-MDEV-27240_dbg/sql/transaction.cc:127 #6 0x000055f38ecf3078 in mysql_execute_command (thd=thd@entry=0x14d7cc000db8) at /test/bb-10.5-MDEV-27240_dbg/sql/sql_parse.cc:5658 #7 0x000055f38ecd9bce in mysql_parse (thd=thd@entry=0x14d7cc000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14d8645d23d0, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/bb-10.5-MDEV-27240_dbg/sql/sql_parse.cc:8100 #8 0x000055f38ece9421 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14d7cc000db8, packet=packet@entry=0x14d7cc00b4a9 "START TRANSACTION WITH CONSISTENT SNAPSHOT,READ ONLY", packet_length=packet_length@entry=52, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/bb-10.5-MDEV-27240_dbg/sql/sql_class.h:1290 #9 0x000055f38ececc9d in do_command (thd=0x14d7cc000db8) at /test/bb-10.5-MDEV-27240_dbg/sql/sql_parse.cc:1370 #10 0x000055f38ee4a082 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55f39234c638, put_in_cache=put_in_cache@entry=true) at /test/bb-10.5-MDEV-27240_dbg/sql/sql_connect.cc:1418 #11 0x000055f38ee4a785 in handle_one_connection (arg=arg@entry=0x55f39234c638) at /test/bb-10.5-MDEV-27240_dbg/sql/sql_connect.cc:1312 #12 0x000055f38f306f6f in pfs_spawn_thread (arg=0x55f3922961a8) at /test/bb-10.5-MDEV-27240_dbg/storage/perfschema/pfs.cc:2201 #13 0x000014d86df68609 in start_thread (arg=<optimized out>) at pthread_create.c:477 #14 0x000014d86db56293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Nayuta Yanagisawa (Inactive) added a comment - 2022-01-17 05:01

Thank you for your confirmation. Then, the still crashing test case seems to be due to a different bug. Could you file another bug report, please?

Nayuta Yanagisawa (Inactive) added a comment - 2022-01-17 05:01 Thank you for your confirmation. Then, the still crashing test case seems to be due to a different bug. Could you file another bug report, please?

Roel Van de Paar added a comment - 2022-01-17 10:37

Ack, thank you.

Created ~~MDEV-27526~~ Spider: SIGSEGV in ha_spider::lock_tables and Assertion `thd->transaction->stmt.ha_list == __null || trans == &thd->transaction->stmt' failed in ha_commit_trans on START TRANSACTION

Roel Van de Paar added a comment - 2022-01-17 10:37 Ack, thank you. Created MDEV-27526 Spider: SIGSEGV in ha_spider::lock_tables and Assertion `thd->transaction->stmt.ha_list == __null || trans == &thd->transaction->stmt' failed in ha_commit_trans on START TRANSACTION

Roel Van de Paar added a comment - 2022-01-17 10:57

Another testcase with yet another stack added. Confirmed fixed in patched tree. Just adding for completeness and to add test filter.

INSTALL PLUGIN spider SONAME 'ha_spider.so';

CREATE TABLE t (code CHAR(1),KEY(code)) ENGINE=SPIDER;

EXPLAIN SELECT * FROM t WHERE t2.a IN (SELECT a FROM t);

ALTER TABLE t CHANGE a a ENUM ('','') CHARACTER SET utf32;

CREATE TABLE test (a TEXT,FULLTEXT KEY(a)) ENGINE=InnoDB;

LOCK TABLES t WRITE;

UniqueID's for this testcase:

SIGSEGV|ha_spider::append_lock_tables_list|ha_spider::store_lock|get_lock_data|mysql_lock_tables

SIGSEGV|ha_spider::append_lock_tables_list|ha_spider::store_lock|ha_spider::store_lock|get_lock_data  # new

Roel Van de Paar added a comment - 2022-01-17 10:57 Another testcase with yet another stack added. Confirmed fixed in patched tree. Just adding for completeness and to add test filter. INSTALL PLUGIN spider SONAME 'ha_spider.so' ; CREATE TABLE t (code CHAR (1), KEY (code)) ENGINE=SPIDER; EXPLAIN SELECT * FROM t WHERE t2.a IN ( SELECT a FROM t); ALTER TABLE t CHANGE a a ENUM ( '' , '' ) CHARACTER SET utf32; CREATE TABLE test (a TEXT,FULLTEXT KEY (a)) ENGINE=InnoDB; LOCK TABLES t WRITE; UniqueID's for this testcase: SIGSEGV|ha_spider::append_lock_tables_list|ha_spider::store_lock|get_lock_data|mysql_lock_tables SIGSEGV|ha_spider::append_lock_tables_list|ha_spider::store_lock|ha_spider::store_lock|get_lock_data # new

MariaDB Server

SIGSEGV in ha_spider::store_lock on LOCK TABLE

Details

Description

Attachments

Issue Links

Activity

People

Dates

Git Integration