[MDEV-28085] MariaDB SEGV issue - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Duplicate
Affects Version/s: 10.9.0, 10.2(EOL), 10.3(EOL), 10.4(EOL), 10.5, 10.6, 10.7(EOL), 10.8(EOL)
Fix Version/s: N/A
Component/s: N/A
Labels:
None
Environment:
Linux jie-2 5.4.143-1-pve #1 SMP PVE 5.4.143-1 (Tue, 28 Sep 2021 09:10:37 +0200) x86_64 x86_64 x86_64 GNU/Linux

Description

PoC:

START TRANSACTION WITH CONSISTENT SNAPSHOT ;

CREATE TABLE v3 ( v5 INT ( 16 ) , v4 INT ) ENGINE = MEMORY ;

SELECT v4 IS NULL FROM v3 WHERE '' = 98 ;

ALTER TABLE v3 ADD ( v6 INT DEFAULT ( ( 'x' IN ( 'x' , 'x' , 'x' , CURRENT_USER , SPACE ( 'x' ) , lower ( 'x' ) ) ) + 91 ) ) ;

LOCK TABLE v3 WRITE ;

ALTER TABLE v3 ADD COLUMN ONE INT DEFAULT ( ( ( 'x' = RIGHT ( 'x' , 16 ) ) ) + v4 | CONVERT ( v4 , CHAR ( 23 ) ) ) ;

report (compiled with ASAN):

Thread pointer: 0x62b00015e218

Attempting backtrace. You can use the following information to find out

where mysqld died. If you see no messages after this, something went

terribly wrong...

I am confused that there is no details in the report. There is also no core dump.

Attachments

Issue Links

duplicates

MDEV-24176 Server crashes after insert in the table with virtual column generated using date_format() and if()

Closed

relates to

MDEV-26407 Server crashes in Item_func_in::cleanup/Item::cleanup_processor

Closed

Activity

Ascending order - Click to sort in descending order

Alice Sherepa added a comment - 2022-03-18 15:58

Thank you for the report!
I reproduced on 10.2-10.8

CREATE TABLE t1 (a int, b int, d int DEFAULT (1 IN ('x' , CURRENT_USER)));

LOCK TABLE t1 WRITE ;

ALTER TABLE t1 ADD COLUMN c int;

10.2 22fd31c5883622b5c745
Version: '10.2.44-MariaDB-debug-log'
220318 16:53:35 [ERROR] mysqld got signal 11 ;

Server version: 10.2.44-MariaDB-debug-log

sigaction.c:0(__restore_rt)[0x7fde6f3863c0]
sql/item_cmpfunc.h:1673(Item_func_in::cleanup())[0x5564a4c4c8cf]
sql/item.h:1965(Item::delete_self())[0x5564a41c568e]
sql/sql_class.cc:3642(Query_arena::free_items())[0x5564a41aea38]
sql/table.cc:3563(closefrm(TABLE*))[0x5564a452a1c1]
sql/table_cache.cc:223(intern_close_table(TABLE*))[0x5564a4761f93]
sql/table_cache.cc:261(tc_remove_table(TABLE*))[0x5564a4762202]
sql/table_cache.cc:470(tc_release_table(TABLE*))[0x5564a47630c9]
sql/sql_base.cc:912(close_thread_table(THD, TABLE*))[0x5564a4131633]
sql/sql_base.cc:685(close_all_tables_for_name(THD, TABLE_SHARE, ha_extra_function, TABLE*))[0x5564a41302fa]
sql/sql_table.cc:9892(mysql_alter_table(THD, char, char, HA_CREATE_INFO, TABLE_LIST, Alter_info, unsigned int, st_order*, bool))[0x5564a44a852c]
sql/sql_alter.cc:333(Sql_cmd_alter_table::execute(THD*))[0x5564a45eff12]
sql/sql_parse.cc:6017(mysql_execute_command(THD*))[0x5564a42724e2]
sql/sql_parse.cc:7793(mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool))[0x5564a427dd04]
sql/sql_parse.cc:1830(dispatch_command(enum_server_command, THD, char, unsigned int, bool, bool))[0x5564a4256f09]
sql/sql_parse.cc:1381(do_command(THD*))[0x5564a4253cd4]
sql/sql_connect.cc:1336(do_handle_one_connection(CONNECT*))[0x5564a45e040a]
sql/sql_connect.cc:1242(handle_one_connection)[0x5564a45dfccd]
perfschema/pfs.cc:1871(pfs_spawn_thread)[0x5564a5980af4]
nptl/pthread_create.c:478(start_thread)[0x7fde6f37a609]
/lib/x86_64-linux-gnu/libc.so.6(clone+0x43)[0x7fde6eae8163]

Query (0x62b000000290): ALTER TABLE t1 ADD COLUMN c int

Alice Sherepa added a comment - 2022-03-18 15:58 Thank you for the report! I reproduced on 10.2-10.8 CREATE TABLE t1 (a int , b int , d int DEFAULT (1 IN ( 'x' , CURRENT_USER ))); LOCK TABLE t1 WRITE ; ALTER TABLE t1 ADD COLUMN c int ; 10.2 22fd31c5883622b5c745 Version: '10.2.44-MariaDB-debug-log' 220318 16:53:35 [ERROR] mysqld got signal 11 ; Server version: 10.2.44-MariaDB-debug-log sigaction.c:0(__restore_rt)[0x7fde6f3863c0] sql/item_cmpfunc.h:1673(Item_func_in::cleanup())[0x5564a4c4c8cf] sql/item.h:1965(Item::delete_self())[0x5564a41c568e] sql/sql_class.cc:3642(Query_arena::free_items())[0x5564a41aea38] sql/table.cc:3563(closefrm(TABLE*))[0x5564a452a1c1] sql/table_cache.cc:223(intern_close_table(TABLE*))[0x5564a4761f93] sql/table_cache.cc:261(tc_remove_table(TABLE*))[0x5564a4762202] sql/table_cache.cc:470(tc_release_table(TABLE*))[0x5564a47630c9] sql/sql_base.cc:912(close_thread_table(THD*, TABLE**))[0x5564a4131633] sql/sql_base.cc:685(close_all_tables_for_name(THD*, TABLE_SHARE*, ha_extra_function, TABLE*))[0x5564a41302fa] sql/sql_table.cc:9892(mysql_alter_table(THD*, char*, char*, HA_CREATE_INFO*, TABLE_LIST*, Alter_info*, unsigned int, st_order*, bool))[0x5564a44a852c] sql/sql_alter.cc:333(Sql_cmd_alter_table::execute(THD*))[0x5564a45eff12] sql/sql_parse.cc:6017(mysql_execute_command(THD*))[0x5564a42724e2] sql/sql_parse.cc:7793(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x5564a427dd04] sql/sql_parse.cc:1830(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x5564a4256f09] sql/sql_parse.cc:1381(do_command(THD*))[0x5564a4253cd4] sql/sql_connect.cc:1336(do_handle_one_connection(CONNECT*))[0x5564a45e040a] sql/sql_connect.cc:1242(handle_one_connection)[0x5564a45dfccd] perfschema/pfs.cc:1871(pfs_spawn_thread)[0x5564a5980af4] nptl/pthread_create.c:478(start_thread)[0x7fde6f37a609] /lib/x86_64-linux-gnu/libc.so.6(clone+0x43)[0x7fde6eae8163] Query (0x62b000000290): ALTER TABLE t1 ADD COLUMN c int

Alice Sherepa added a comment - 2023-10-10 09:01

not reproducible on current 10.4 0c7af6a2a19343cb9d4fedbd7165b8f73bc4cf96-11.2

Alice Sherepa added a comment - 2023-10-10 09:01 not reproducible on current 10.4 0c7af6a2a19343cb9d4fedbd7165b8f73bc4cf96-11.2

People

Assignee:: Sergei Golubchik

Reporter:: Jingzhou Fu

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2022-03-16 09:33

Updated:: 2023-10-10 09:02

Resolved:: 2023-10-10 09:02

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server