Details
-
Bug
-
Status: Closed (View Workflow)
-
Critical
-
Resolution: Fixed
-
10.4(EOL)
Description
INSTALL PLUGIN spider SONAME 'ha_spider.so'; |
CREATE TABLE t (c INT) ENGINE=Spider; |
SELECT * FROM t; |
INSERT INTO t (SELECT 1 FROM t); |
LOCK TABLES t WRITE CONCURRENT;
|
DELETE FROM t; |
Leads to:
|
10.4.25 9c6135e81f29b3e3286d6b864c0fdafc2fea16ce (Optimized) |
Core was generated by `/test/MD160322-mariadb-10.4.25-linux-x86_64-opt/bin/mysqld --no-defaults --core'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 0x0000150c80078923 in spider_db_connect (share=0x150c34058828,
|
conn=conn@entry=0x150c340817c8, link_idx=0)
|
at /test/10.4_opt/storage/spider/spd_db_conn.cc:178
|
[Current thread is 1 (Thread 0x150c8c11f700 (LWP 3880049))]
|
(gdb) bt
|
#0 0x0000150c80078923 in spider_db_connect (share=0x150c34058828, conn=conn@entry=0x150c340817c8, link_idx=0) at /test/10.4_opt/storage/spider/spd_db_conn.cc:178
|
#1 0x0000150c80079508 in spider_db_conn_queue_action (conn=0x150c340817c8) at /test/10.4_opt/storage/spider/spd_db_conn.cc:293
|
#2 0x0000150c8007f830 in spider_db_before_query (conn=0x150c340817c8, need_mon=<optimized out>) at /test/10.4_opt/storage/spider/spd_db_conn.cc:608
|
#3 0x0000150c8007fa42 in spider_db_set_names_internal (trx=0x150c3403c3e8, share=0x150c34058828, conn=conn@entry=0x150c340817c8, all_link_idx=0, need_mon=0x150c3405f328) at /test/10.4_opt/storage/spider/spd_db_conn.cc:909
|
#4 0x0000150c8007fc05 in spider_db_set_names (spider=spider@entry=0x150c34057c50, conn=conn@entry=0x150c340817c8, link_idx=link_idx@entry=0) at /test/10.4_opt/storage/spider/spd_db_conn.cc:955
|
#5 0x0000150c80085eda in spider_db_direct_delete (spider=spider@entry=0x150c34057c50, table=<optimized out>, delete_rows=delete_rows@entry=0x150c8c11c2d8) at /test/10.4_opt/storage/spider/spd_db_conn.cc:8315
|
#6 0x0000150c800d3317 in ha_spider::direct_delete_rows (this=0x150c34057c50, delete_rows=0x150c8c11c2d8) at /test/10.4_opt/storage/spider/ha_spider.cc:11331
|
#7 0x0000564402989df3 in mysql_delete (thd=thd@entry=0x150c34000c48, table_list=0x150c340100b0, conds=<optimized out>, order_list=order_list@entry=0x150c34005458, limit=18446744073709551615, options=0, result=0x0) at /test/10.4_opt/sql/sql_delete.cc:654
|
#8 0x000056440261b0ea in mysql_execute_command (thd=0x150c34000c48) at /test/10.4_opt/sql/sql_parse.cc:4792
|
#9 0x0000564402621257 in mysql_parse (thd=0x150c34000c48, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /test/10.4_opt/sql/sql_parse.cc:7995
|
#10 0x00005644026238cd in dispatch_command (command=COM_QUERY, thd=0x150c34000c48, packet=<optimized out>, packet_length=<optimized out>, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /test/10.4_opt/sql/sql_class.h:1201
|
#11 0x0000564402625f3e in do_command (thd=0x150c34000c48) at /test/10.4_opt/sql/sql_parse.cc:1373
|
#12 0x000056440271bd3e in do_handle_one_connection (connect=connect@entry=0x564406013208) at /test/10.4_opt/sql/sql_connect.cc:1420
|
#13 0x000056440271be6f in handle_one_connection (arg=0x564406013208) at /test/10.4_opt/sql/sql_connect.cc:1316
|
#14 0x0000150c98a1d609 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
#15 0x0000150c98609133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
|
10.4.25 9c6135e81f29b3e3286d6b864c0fdafc2fea16ce (Debug) |
Core was generated by `/test/MD160322-mariadb-10.4.25-linux-x86_64-dbg/bin/mysqld --no-defaults --core'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 0x0000151ba166f1d6 in spider_db_direct_delete (
|
spider=spider@entry=0x151b68083168, table=<optimized out>,
|
delete_rows=delete_rows@entry=0x151ba17e4288)
|
at /test/10.4_dbg/storage/spider/spd_db_conn.cc:8282
|
[Current thread is 1 (Thread 0x151ba17e7700 (LWP 3885425))]
|
(gdb) bt
|
#0 0x0000151ba166f1d6 in spider_db_direct_delete (spider=spider@entry=0x151b68083168, table=<optimized out>, delete_rows=delete_rows@entry=0x151ba17e4288) at /test/10.4_dbg/storage/spider/spd_db_conn.cc:8282
|
#1 0x0000151ba16e20e4 in ha_spider::direct_delete_rows (this=0x151b68083168, delete_rows=0x151ba17e4288) at /test/10.4_dbg/storage/spider/ha_spider.cc:11304
|
#2 0x00005592f9b1f099 in handler::ha_direct_delete_rows (this=0x151b68083168, delete_rows=delete_rows@entry=0x151ba17e4288) at /test/10.4_dbg/sql/handler.cc:6978
|
#3 0x00005592f9cf8405 in mysql_delete (thd=thd@entry=0x151b68000d90, table_list=0x151b680132f8, conds=<optimized out>, order_list=order_list@entry=0x151b68005760, limit=18446744073709551615, options=<optimized out>, result=0x0) at /test/10.4_dbg/sql/sql_delete.cc:654
|
#4 0x00005592f98588af in mysql_execute_command (thd=thd@entry=0x151b68000d90) at /test/10.4_dbg/sql/sql_parse.cc:4797
|
#5 0x00005592f985fd01 in mysql_parse (thd=thd@entry=0x151b68000d90, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x151ba17e6490, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.4_dbg/sql/sql_parse.cc:7995
|
#6 0x00005592f986275d in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x151b68000d90, packet=packet@entry=0x151b6801a361 "DELETE FROM t", packet_length=packet_length@entry=13, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.4_dbg/sql/sql_class.h:1201
|
#7 0x00005592f9866050 in do_command (thd=0x151b68000d90) at /test/10.4_dbg/sql/sql_parse.cc:1373
|
#8 0x00005592f99a5457 in do_handle_one_connection (connect=connect@entry=0x5592fde73120) at /test/10.4_dbg/sql/sql_connect.cc:1420
|
#9 0x00005592f99a5576 in handle_one_connection (arg=0x5592fde73120) at /test/10.4_dbg/sql/sql_connect.cc:1316
|
#10 0x0000151bc7fde609 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
#11 0x0000151bc7bca133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
Bug confirmed present in:
MariaDB: 10.4.25 (dbg), 10.4.25 (opt)
Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.3.35 (dbg), 10.3.35 (opt), 10.5.16 (dbg), 10.5.16 (opt), 10.6.8 (dbg), 10.6.8 (opt), 10.7.4 (dbg), 10.7.4 (opt), 10.8.3 (dbg), 10.8.3 (opt), 10.9.0 (dbg), 10.9.0 (opt), 10.10.0 (dbg), 10.10.0 (opt)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.37 (dbg), 5.7.37 (opt), 8.0.28 (dbg), 8.0.28 (opt)
Attachments
Issue Links
- is blocked by
-
-
- Closed
-
-
-
- Closed
-
- is part of
-
-
- Closed
-
- relates to
-
MDEV-28775 Implement connection manager in Spider
-
- Stalled
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
Activity
Hi holyfoot, ptal thanks
98c9f53b579 upstream/bb-10.4-mdev-28683 MDEV-28683 Spider: create conn on demand when direct delete
The above is based on 10.4. Even though 10.4 is the only affected and fixversion, knowing how the release process works, the change will probably be automatically merged into higher versions too, so I tested 10.5 as well:
0c90c9975b6 upstream/bb-10.5-mdev-28683 MDEV-28683 Spider: create conn on demand when direct delete
Thanks for the review. This ticket is now part of work to find a more general solution to managing SPIDER_TRX and SPIDER_CONN across statements, which is represented by MDEV-29962.
Let's just use the existing solution, as I don't think it is worth the trouble trying to backport dml_init() to 10.4.
Pushed 13896f73dfe7fb206b3ed72e40ae9039e37bea19 to 10.4
mtr case
--echo #--echo # MDEV-28683 Spider: SIGSEGV in spider_db_direct_delete, SIGSEGV in spider_db_connect, ASAN: heap-use-after-free in spider_db_direct_delete--echo #--disable_query_log--disable_result_log--source ../../t/test_init.inc--enable_result_log--enable_query_log--error ER_CONNECT_TO_FOREIGN_DATA_SOURCE--error ER_CONNECT_TO_FOREIGN_DATA_SOURCE,12701LOCK TABLES t WRITE CONCURRENT;--error ER_CONNECT_TO_FOREIGN_DATA_SOURCEUNLOCK TABLES;--disable_query_log--disable_result_log--source ../../t/test_deinit.inc--enable_result_log--enable_query_log--echo #--echo # end of test mdev_28683--echo #