Details
-
Bug
-
Status: Confirmed (View Workflow)
-
Major
-
Resolution: Unresolved
-
10.8.3, 10.3(EOL), 10.4(EOL), 10.5, 10.6, 10.7(EOL), 10.8(EOL), 10.9(EOL)
-
Ubuntu 20.04
Description
I used my fuzzing tool to test MariaDB and found a transaction-related bug that make the crashes.
Mariadb installation
1) cd mariadb-10.8.3
2) mkdir build; cd build
3) cmake .. -DCMAKE_BUILD_TYPE=Debug
4) make -j12 && sudo make install
Setup the environment
1) export ASAN_OPTIONS=detect_leaks=0
2) /usr/local/mysql/bin/mysqld --basedir=/usr/local/mysql --datadir=/usr/local/mysql/data --plugin-dir=/usr/local/mysql/lib/plugin --user=mysql &
3) /usr/local/mysql/bin/mysql -uroot -Dtestdb < mysql_bk.sql (attached) # set up the database
Reproduce bug
/usr/local/mysql/bin/mysql -uroot -Dtestdb # set up connection conn_0
/usr/local/mysql/bin/mysql -uroot -Dtestdb # set up connection conn_1
conn_0> START TRANSACTION;
conn_1> START TRANSACTION;
conn_1> insert into t_yynypc (wkey, pkey, c_acfajc) values
(89, 188000, 40),
(89, 189000, 5),
(89, 190000, 49),
(89, 191000, 39),
(89, 192000, 50),
(97, 227000, 86),
(97, 228000, 19),
(97, 229000, 3),
(97, 230000, 9);
conn_0> delete from t_qrsdpb where
exists (
select
ref_0.c_bkmkf as c2
from
t_zefkic as ref_0
where t_qrsdpb.c_hhsy0b not in (
select
ref_3.wkey as c0
from
(t_yynypc as ref_2
left outer join t_zefkic as ref_3
on (ref_2.wkey = ref_3.wkey ))
where ref_3.pkey >= ref_2.wkey)); --- this DELETE blocks
conn_1> update t_zefkic set wkey = 99; --- this UPDATE make the above DELETE crash the maridb server
conn_0> ROLLBACK;
conn_1> ROLLBACK;
I have simplified the content of the test case, and I hope this report can help you reproduce and fix the bug. In addition, I attached the failure report (which has its stack trace).
Attachments
Issue Links
- relates to
-
-
- Closed
-
Activity
It looks like a duplicate of MDEV-20666 and its few siblings, but since it has a decent test case, let's keep it open. sanja can always close the ones he doesn't need.
The failure depends on available statistics at the moment of the query execution, which is non-deterministic in the original scenario. It is not reproducible with EITS or with explicitly collected InnoDB persistent statistics. Apparently it requires some intermediate state, when InnoDB persistent statistics is enabled, but accurate numbers have not been collected.
In 10.6+, such disposition may be facilitated by bulk insert, which would explain why the failure is reproducible while loading the dump (which is a proper mysqldump, with UC/FKC OFF), but not when CREATE/INSERT statements are extracted from the dump and run directly (via MTR or otherwise). There is also a timing uncertainty, as it often happens with InnoDB persistent stats – statistics are not recalculated instantly.
Another issue is a concurrency between INSERT and UPDATE. For the failure to happen, DELETE should have enough time to reach some stage (maybe it needs to lock some rows and/or start waiting for locks) before UPDATE in another thread is executed. When the test case is run manually, it is not a problem, but when it's automated, it becomes a race condition.
In the test case below, the DML concurrency is dealt with by wait_condition, and the statistics problem is addressed by adding AUTO_RECALC=0 to table definitions (while still preserving persistent stats). It seems to make the failure deterministic, although I'm never quite sure when InnoDB stats are involved. At least at the moment it fails reliably for me, on all of 10.3-10.10 (10.3-10.5 fail with a different assertion, the one from MDEV-20666).
It also fails on non-debug builds, as described in the previous comment.
Also, the test case inserts less rows than the original dump, it is unrelated to the reproducing issues, I was just removing most obvious redundancies.
|
MTR test case |
--source include/have_innodb.inc
|
|
|
CREATE TABLE `t_qrsdpb` ( |
`wkey` int(11) DEFAULT NULL, |
`pkey` int(11) NOT NULL, |
`c_hhsy0b` int(11) DEFAULT NULL, |
`c_bwdaw` double DEFAULT NULL, |
`c_e5jxgb` double DEFAULT NULL, |
PRIMARY KEY (`pkey`), |
KEY `t_x6dij` (`wkey`,`pkey`,`c_bwdaw`,`c_e5jxgb`) |
) ENGINE=InnoDB DEFAULT CHARSET=latin1 STATS_AUTO_RECALC=0 STATS_PERSISTENT=1; |
|
|
INSERT INTO `t_qrsdpb` VALUES (4,29000,47,27.25,38.21),(4,30000,10,73.14,8.5); |
|
|
CREATE TABLE `t_yynypc` ( |
`wkey` int(11) DEFAULT NULL, |
`pkey` int(11) NOT NULL, |
`c_acfajc` int(11) DEFAULT NULL, |
PRIMARY KEY (`pkey`) |
) ENGINE=InnoDB DEFAULT CHARSET=latin1 STATS_AUTO_RECALC=0 STATS_PERSISTENT=1; |
|
|
INSERT INTO `t_yynypc` VALUES (2,15000,89),(2,16000,17); |
|
|
CREATE TABLE `t_zefkic` ( |
`wkey` int(11) DEFAULT NULL, |
`pkey` int(11) NOT NULL, |
`c_kkpzcd` text DEFAULT NULL, |
`c_gov3_` text DEFAULT NULL, |
`c_bkmkf` text DEFAULT NULL, |
`c_cjydxb` double DEFAULT NULL, |
`c_48luqd` int(11) DEFAULT NULL, |
`c_k0ztk` text DEFAULT NULL, |
`c_so8a2b` double DEFAULT NULL, |
PRIMARY KEY (`pkey`) |
) ENGINE=InnoDB DEFAULT CHARSET=latin1 STATS_AUTO_RECALC=0 STATS_PERSISTENT=1; |
|
|
INSERT INTO `t_zefkic` VALUES |
(7,49000,NULL,'op1wkb','_rfivd',72.37,83,'8bs1lb',NULL), |
(7,50000,'4_lidb','azxxsd','ojpd4b',18.1,93,'36toec',NULL), |
(7,51000,'hypmf','dboevb','dib0',NULL,30,'6nbm6',NULL), |
(7,53000,'emvzed','5hrinc','ke2h9c',30.8,46,NULL,NULL), |
(10,67000,NULL,NULL,'iokrfc',31.35,53,'4alvxc',NULL), |
(10,72000,'cjyied',NULL,'5edq0b',46.1,42,'9o0hed',NULL); |
|
|
FLUSH TABLES;
|
|
|
--connect(con1,localhost,root,,test)
|
START TRANSACTION; |
insert into t_yynypc (wkey, pkey, c_acfajc) values |
(89, 188000, 40),(89, 189000, 5),(89, 190000, 49),(89, 192000, 50),(97, 227000, 86);
|
|
|
--connection default
|
--send
|
DELETE FROM t_qrsdpb WHERE EXISTS ( |
SELECT ref_0.c_bkmkf AS c2 FROM t_zefkic AS ref_0 |
WHERE t_qrsdpb.c_hhsy0b NOT IN ( |
SELECT ref_3.wkey AS c0 FROM ( |
t_yynypc AS ref_2 LEFT OUTER JOIN t_zefkic AS ref_3 ON (ref_2.wkey = ref_3.wkey) |
) WHERE ref_3.pkey >= ref_2.wkey) |
);
|
|
|
--connection con1
|
--let $show_statement= SHOW PROCESSLIST
|
--let $field= State
|
--let $condition= 'Sending data'
|
--source include/wait_show_condition.inc
|
|
|
UPDATE t_zefkic SET wkey = 99; |
|
|
# Cleanup
|
rollback; |
--disconnect con1
|
--connection default
|
--error ER_LOCK_DEADLOCK
|
--reap
|
DROP TABLE t_zefkic, t_yynypc, t_qrsdpb; |
Non-debug failures from the test case provided in the next comment:
|
10.3 b3f0acf5, similar on 10.4-10.5 |
2022-07-19 00:32:08 0x7fefa45ee700 InnoDB: Assertion failure in file /data/src/10.3/storage/innobase/trx/trx0trx.cc line 240
|
InnoDB: Failing assertion: UT_LIST_GET_LEN(trx->lock.trx_locks) == 0
|
|
|
#6 0x00005601796a2096 in ut_dbg_assertion_failed (expr=expr@entry=0x56017a0e7668 "UT_LIST_GET_LEN(trx->lock.trx_locks) == 0", file=file@entry=0x56017a0e7590 "/data/src/10.3/storage/innobase/trx/trx0trx.cc", line=line@entry=240) at /data/src/10.3/storage/innobase/ut/ut0dbg.cc:60
|
#7 0x00005601796a08dd in TrxFactory::destroy (trx=0x7fefa515b068) at /data/src/10.3/storage/innobase/trx/trx0trx.cc:240
|
#8 Pool<trx_t, TrxFactory, TrxPoolLock>::~Pool (this=0x56017c1f27a0, __in_chrg=<optimized out>) at /data/src/10.3/storage/innobase/include/ut0pool.h:90
|
#9 PoolManager<Pool<trx_t, TrxFactory, TrxPoolLock>, TrxPoolManagerLock>::destroy (this=0x56017c1f2650) at /data/src/10.3/storage/innobase/include/ut0pool.h:339
|
#10 PoolManager<Pool<trx_t, TrxFactory, TrxPoolLock>, TrxPoolManagerLock>::~PoolManager (this=0x56017c1f2650, __in_chrg=<optimized out>) at /data/src/10.3/storage/innobase/include/ut0pool.h:216
|
#11 trx_pool_close () at /data/src/10.3/storage/innobase/trx/trx0trx.cc:326
|
#12 0x0000560179c3c882 in innodb_shutdown () at /data/src/10.3/storage/innobase/srv/srv0start.cc:2645
|
#13 0x0000560179b36d43 in innobase_end () at /data/src/10.3/storage/innobase/handler/ha_innodb.cc:4481
|
#14 innobase_end () at /data/src/10.3/storage/innobase/handler/ha_innodb.cc:4453
|
#15 0x000056017999b877 in ha_finalize_handlerton (plugin=0x56017c0f5b88) at /data/src/10.3/sql/handler.cc:488
|
#16 0x00005601797ab9e9 in plugin_deinitialize (plugin=0x56017c0f5b88, ref_check=ref_check@entry=true) at /data/src/10.3/sql/sql_plugin.cc:1238
|
#17 0x00005601797b018e in reap_plugins () at /data/src/10.3/sql/sql_plugin.cc:1314
|
#18 0x00005601797b0e25 in plugin_shutdown () at /data/src/10.3/sql/sql_plugin.cc:1983
|
#19 0x00005601796dc9a9 in clean_up (print_message=true) at /data/src/10.3/sql/mysqld.cc:2245
|
#20 clean_up (print_message=<optimized out>) at /data/src/10.3/sql/mysqld.cc:2208
|
#21 0x00005601796de49e in unireg_end () at /data/src/10.3/sql/mysqld.cc:2116
|
#22 0x00005601796e103c in kill_server (sig_ptr=0x0) at /data/src/10.3/sql/mysqld.cc:2043
|
#23 0x00005601796e163e in kill_server_thread (arg=arg@entry=0x7fefa4719d98) at /data/src/10.3/sql/mysqld.cc:2066
|
#24 0x0000560179e66122 in pfs_spawn_thread (arg=0x56017c1c12f8) at /data/src/10.3/storage/perfschema/pfs.cc:1869
|
#25 0x00007fefab64fea7 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
#26 0x00007fefab57fdef in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
|
10.6 f8240a27, similar on 10.7-10.10 |
2022-07-19 00:34:17 0x7f4639829700 InnoDB: Assertion failure in file /data/src/10.6/storage/innobase/dict/dict0dict.cc line 1845
|
InnoDB: Failing assertion: table->n_rec_locks == 0
|
|
|
#6 0x000055c1c31aee78 in ut_dbg_assertion_failed (expr=expr@entry=0x55c1c3e0025a "table->n_rec_locks == 0", file=file@entry=0x55c1c3e00290 "/data/src/10.6/storage/innobase/dict/dict0dict.cc", line=line@entry=1845) at /data/src/10.6/storage/innobase/ut/ut0dbg.cc:60
|
#7 0x000055c1c31baf5c in dict_sys_t::remove (this=<optimized out>, table=0x7f460803f700, lru=lru@entry=false, keep=keep@entry=false) at /data/src/10.6/storage/innobase/dict/dict0dict.cc:1845
|
#8 0x000055c1c39b4024 in trx_t::commit (this=this@entry=0x7f463aa77680, deleted=std::vector of length 0, capacity 0) at /data/src/10.6/storage/innobase/dict/drop.cc:271
|
#9 0x000055c1c384619b in ha_innobase::delete_table (this=<optimized out>, name=<optimized out>) at /data/src/10.6/storage/innobase/handler/ha_innodb.cc:13745
|
#10 0x000055c1c3526db1 in hton_drop_table (hton=<optimized out>, path=<optimized out>) at /data/src/10.6/sql/handler.cc:576
|
#11 0x000055c1c352d514 in ha_delete_table (thd=thd@entry=0x7f4608000c58, hton=hton@entry=0x55c1c5839358, path=path@entry=0x7f4639827a60 "./test/t_zefkic", db=db@entry=0x7f4639827850, alias=alias@entry=0x7f4639827860, generate_warning=generate_warning@entry=true) at /data/src/10.6/sql/handler.cc:3121
|
#12 0x000055c1c338cc7e in mysql_rm_table_no_locks (thd=0x7f4608000c58, tables=<optimized out>, current_db=<optimized out>, ddl_log_state=<optimized out>, if_exists=<optimized out>, drop_temporary=<optimized out>, drop_view=<optimized out>, drop_sequence=<optimized out>, dont_log_query=<optimized out>, dont_free_locks=<optimized out>) at /data/src/10.6/sql/sql_table.cc:1467
|
#13 0x000055c1c338e226 in mysql_rm_table (thd=thd@entry=0x7f4608000c58, tables=tables@entry=0x7f4608010a30, if_exists=<optimized out>, drop_temporary=<optimized out>, drop_sequence=<optimized out>, dont_log_query=dont_log_query@entry=false) at /data/src/10.6/sql/sql_table.cc:1044
|
#14 0x000055c1c32f35c0 in mysql_execute_command (thd=0x7f4608000c58, is_called_from_prepared_stmt=<optimized out>) at /data/src/10.6/sql/sql_parse.cc:4948
|
#15 0x000055c1c32f7b67 in mysql_parse (thd=0x7f4608000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /data/src/10.6/sql/sql_parse.cc:8029
|
#16 0x000055c1c32fa42d in dispatch_command (command=COM_QUERY, thd=0x7f4608000c58, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /data/src/10.6/sql/sql_class.h:234
|
#17 0x000055c1c32fc0e2 in do_command (thd=0x7f4608000c58, blocking=blocking@entry=true) at /data/src/10.6/sql/sql_parse.cc:1409
|
#18 0x000055c1c3406eef in do_handle_one_connection (connect=<optimized out>, put_in_cache=true) at /data/src/10.6/sql/sql_connect.cc:1418
|
#19 0x000055c1c340723d in handle_one_connection (arg=arg@entry=0x55c1c5d1baa8) at /data/src/10.6/sql/sql_connect.cc:1312
|
#20 0x000055c1c37885e2 in pfs_spawn_thread (arg=0x55c1c5cd12d8) at /data/src/10.6/storage/perfschema/pfs.cc:2201
|
#21 0x00007f4644989ea7 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
#22 0x00007f46445a0def in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
My bad, sorry, my configuration was not as default and the bug was not reproducible on that.
I repeated (thoroughly as described) on MariaDB 10.6-10.10, no assertion on 10.3-10.5.
|
10.6 f8240a2723f0cad948a02fc5381f |
mysqld: /10.6/src/storage/innobase/row/row0sel.cc:4631: dberr_t row_search_mvcc(byte*, page_cur_mode_t, row_prebuilt_t*, ulint, ulint): Assertion `prebuilt->sql_stat_start || prebuilt->table->no_rollback()' failed.
|
220718 18:07:34 [ERROR] mysqld got signal 6 ;
|
|
|
Server version: 10.6.9-MariaDB-debug
|
|
|
??:0(__assert_fail)[0x7eff08145fd6]
|
row/row0sel.cc:4635(row_search_mvcc(unsigned char*, page_cur_mode_t, row_prebuilt_t*, unsigned long, unsigned long))[0x5606c9e1bfce]
|
handler/ha_innodb.cc:9071(ha_innobase::index_read(unsigned char*, unsigned char const*, unsigned int, ha_rkey_function))[0x5606c99e76ee]
|
handler/ha_innodb.cc:9440(ha_innobase::index_first(unsigned char*))[0x5606c99ea98e]
|
handler/ha_innodb.cc:9533(ha_innobase::rnd_next(unsigned char*))[0x5606c99eaf1e]
|
sql/handler.cc:3417(handler::ha_rnd_next(unsigned char*))[0x5606c8f9d9d0]
|
sql/records.cc:519(rr_sequential(READ_RECORD*))[0x5606c93f8479]
|
sql/records.h:81(READ_RECORD::read_record())[0x5606c854fbf2]
|
sql/sql_select.cc:22250(join_init_read_record(st_join_table*))[0x5606c886db2e]
|
sql/sql_select.cc:21253(sub_select(JOIN*, st_join_table*, bool))[0x5606c88669c2]
|
sql/sql_select.cc:20801(do_select(JOIN*, Procedure*))[0x5606c8864b96]
|
sql/sql_select.cc:4764(JOIN::exec_inner())[0x5606c87f0af6]
|
sql/sql_select.cc:4543(JOIN::exec())[0x5606c87edff6]
|
sql/item_subselect.cc:4139(subselect_single_select_engine::exec())[0x5606c91daefa]
|
sql/item_subselect.cc:854(Item_subselect::exec())[0x5606c91b6a79]
|
sql/item_subselect.cc:1833(Item_exists_subselect::val_int())[0x5606c91c0fe7]
|
sql/opt_range.h:1729(SQL_SELECT::skip_record(THD*))[0x5606c8a54b27]
|
sql/sql_delete.cc:221(record_should_be_deleted(THD*, TABLE*, SQL_SELECT*, Explain_delete*, bool))[0x5606c9443203]
|
sql/sql_delete.cc:801(mysql_delete(THD*, TABLE_LIST*, Item*, SQL_I_List<st_order>*, unsigned long long, unsigned long long, select_result*))[0x5606c944864c]
|
sql/sql_parse.cc:4806(mysql_execute_command(THD*, bool))[0x5606c871bfc4]
|
sql/sql_parse.cc:8029(mysql_parse(THD*, char*, unsigned int, Parser_state*))[0x5606c87321e6]
|
sql/sql_parse.cc:1898(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool))[0x5606c870843a]
|
sql/sql_parse.cc:1409(do_command(THD*, bool))[0x5606c87051af]
|
sql/sql_connect.cc:1418(do_handle_one_connection(CONNECT*, bool))[0x5606c8b6f4fa]
|
sql/sql_connect.cc:1314(handle_one_connection)[0x5606c8b6ed86]
|
perfschema/pfs.cc:2203(pfs_spawn_thread)[0x5606c97e70be]
|
nptl/pthread_create.c:478(start_thread)[0x7eff08660609]
|
|
|
Trying to get some variables.
|
Some pointers may be invalid and cause the dump to abort.
|
Query (0x62b0000a12a8): delete from t_qrsdpb where
|
exists (
|
select
|
ref_0.c_bkmkf as c2
|
from
|
t_zefkic as ref_0
|
where t_qrsdpb.c_hhsy0b not in (
|
select
|
ref_3.wkey as c0
|
from
|
(t_yynypc as ref_2
|
left outer join t_zefkic as ref_3
|
on (ref_2.wkey = ref_3.wkey ))
|
where ref_3.pkey >= ref_2.wkey))
|
Hi Alice,
It is quite strange it could not be reproduced. This bug could be stably reproduced in my machine and I have repeated it several times before I submitted the report. Perheps you could check wether your version is debug version?
from the log:
mysqld: /home/mysql/mariadb/storage/innobase/row/row0sel.cc:4614: dberr_t row_search_mvcc(byte*, page_cur_mode_t, row_prebuilt_t*, ulint, ulint): Assertion `prebuilt->sql_stat_start || prebuilt->table->no_rollback()' failed.
|
220718 11:42:22 [ERROR] mysqld got signal 6 ;
|
This could be because you hit a bug. It is also possible that this binary
|
or one of the libraries it was linked against is corrupt, improperly built,
|
or misconfigured. This error can also be caused by malfunctioning hardware.
|
|
|
To report this bug, see https://mariadb.com/kb/en/reporting-bugs
|
|
|
We will try our best to scrape up some info that will hopefully help
|
diagnose the problem, but since we have already crashed,
|
something is definitely wrong and this may fail.
|
|
|
Server version: 10.8.3-MariaDB-debug
|
key_buffer_size=134217728
|
read_buffer_size=131072
|
max_used_connections=2
|
max_threads=153
|
thread_count=2
|
It is possible that mysqld could use up to
|
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 468121 K bytes of memory
|
Hope that's ok; if not, decrease some variables in the equation.
|
|
|
Thread pointer: 0x7f1588000db8
|
Attempting backtrace. You can use the following information to find out
|
where mysqld died. If you see no messages after this, something went
|
terribly wrong...
|
stack_bottom = 0x7f15c00bcd98 thread_stack 0x49000
|
mysys/stacktrace.c:212(my_print_stacktrace)[0x556e764cff7e]
|
sql/signal_handler.cc:226(handle_fatal_signal)[0x556e75c1dbd0]
|
??:0(__restore_rt)[0x7f15d7aeb3c0]
|
??:0(gsignal)[0x7f15d75d403b]
|
??:0(abort)[0x7f15d75b3859]
|
/lib/x86_64-linux-gnu/libc.so.6(+0x22729)[0x7f15d75b3729]
|
??:0(__assert_fail)[0x7f15d75c5006]
|
row/row0sel.cc:4618(row_search_mvcc(unsigned char*, page_cur_mode_t, row_prebuilt_t*, unsigned long, unsigned long))[0x556e76222d68]
|
handler/ha_innodb.cc:8990(ha_innobase::index_read(unsigned char*, unsigned char const*, unsigned int, ha_rkey_function))[0x556e760228be]
|
handler/ha_innodb.cc:9359(ha_innobase::index_first(unsigned char*))[0x556e76023902]
|
handler/ha_innodb.cc:9452(ha_innobase::rnd_next(unsigned char*))[0x556e76023af2]
|
sql/handler.cc:3414(handler::ha_rnd_next(unsigned char*))[0x556e75c293e2]
|
sql/records.cc:519(rr_sequential(READ_RECORD*))[0x556e75721c3b]
|
sql/records.h:81(READ_RECORD::read_record())[0x556e7570c66f]
|
sql/sql_select.cc:22157(join_init_read_record(st_join_table*))[0x556e758fe891]
|
sql/sql_select.cc:21160(sub_select(JOIN*, st_join_table*, bool))[0x556e758fc1f0]
|
sql/sql_select.cc:20708(do_select(JOIN*, Procedure*))[0x556e758fb6dd]
|
sql/sql_select.cc:4759(JOIN::exec_inner())[0x556e758ce836]
|
sql/sql_select.cc:4538(JOIN::exec())[0x556e758cd8a7]
|
sql/item_subselect.cc:4141(subselect_single_select_engine::exec())[0x556e75d3c262]
|
sql/item_subselect.cc:854(Item_subselect::exec())[0x556e75d2ec0f]
|
sql/item_subselect.cc:1832(Item_exists_subselect::val_int())[0x556e75d326be]
|
sql/opt_range.h:1905(SQL_SELECT::skip_record(THD*))[0x556e757f9fbd]
|
sql/sql_delete.cc:221(record_should_be_deleted(THD*, TABLE*, SQL_SELECT*, Explain_delete*, bool))[0x556e757f3f14]
|
sql/sql_delete.cc:805(mysql_delete(THD*, TABLE_LIST*, Item*, SQL_I_List<st_order>*, unsigned long long, unsigned long long, select_result*))[0x556e757f63a7]
|
sql/sql_parse.cc:4804(mysql_execute_command(THD*, bool))[0x556e7585fd8e]
|
sql/sql_parse.cc:8027(mysql_parse(THD*, char*, unsigned int, Parser_state*))[0x556e7586a7c2]
|
sql/sql_parse.cc:1896(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool))[0x556e75856cae]
|
sql/sql_parse.cc:1407(do_command(THD*, bool))[0x556e7585568f]
|
sql/sql_connect.cc:1418(do_handle_one_connection(CONNECT*, bool))[0x556e75a2edf1]
|
sql/sql_connect.cc:1314(handle_one_connection)[0x556e75a2ea81]
|
perfschema/pfs.cc:2203(pfs_spawn_thread)[0x556e75f3f123]
|
??:0(start_thread)[0x7f15d7adf609]
|
??:0(clone)[0x7f15d76b0163]
|
|
|
Trying to get some variables.
|
Some pointers may be invalid and cause the dump to abort.
|
Query (0x7f15880167b0): delete from t_qrsdpb where
|
exists (
|
select
|
ref_0.c_bkmkf as c2
|
from
|
t_zefkic as ref_0
|
where t_qrsdpb.c_hhsy0b not in (
|
select
|
ref_3.wkey as c0
|
from
|
(t_yynypc as ref_2
|
left outer join t_zefkic as ref_3
|
on (ref_2.wkey = ref_3.wkey ))
|
where ref_3.pkey >= ref_2.wkey))
|
it seems to be a duplicate of MDEV-20666, but I was not able to repeat the described scenario.
Please also test the fix with given test case. The test case crashes only on 11.7+ builds
--source include/have_innodb.incLeads to
CS 11.8.0 e021770667851233c8cda34e9360606adfd3ea0c (Debug)
mariadbd: /test/11.8_dbg/storage/innobase/row/row0sel.cc:4658: dberr_t row_search_mvcc(byte*, page_cur_mode_t, row_prebuilt_t*, ulint, ulint): Assertion `prebuilt->sql_stat_start || prebuilt->table->no_rollback()' failed.CS 11.8.0 e021770667851233c8cda34e9360606adfd3ea0c (Debug)
Core was generated by `/test/MD060125-mariadb-11.8.0-linux-x86_64-dbg/bin/mariadbd --no-defaults --max'.Program terminated with signal SIGABRT, Aborted.#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50[Current thread is 1 (Thread 0x14b3d80b0700 (LWP 4130752))](gdb) bt#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50#1 0x000014b3eef5e859 in __GI_abort () at abort.c:79#2 0x000014b3eef5e729 in __assert_fail_base (fmt=0x14b3ef0f4588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x55dcdcc3b858 "prebuilt->sql_stat_start || prebuilt->table->no_rollback()", file=0x55dcdcc39ea0 "/test/11.8_dbg/storage/innobase/row/row0sel.cc", line=4658, function=<optimized out>) at assert.c:92#3 0x000014b3eef6ffd6 in __GI___assert_fail (assertion=assertion@entry=0x55dcdcc3b858 "prebuilt->sql_stat_start || prebuilt->table->no_rollback()", file=file@entry=0x55dcdcc39ea0 "/test/11.8_dbg/storage/innobase/row/row0sel.cc", line=line@entry=4658, function=function@entry=0x55dcdcc3b740 "dberr_t row_search_mvcc(byte*, page_cur_mode_t, row_prebuilt_t*, ulint, ulint)") at assert.c:101#4 0x000055dcdc5304a6 in row_search_mvcc (buf=buf@entry=0x14b3a4029f68 "\377", mode=<optimized out>, prebuilt=<optimized out>, match_mode=1, direction=direction@entry=0) at /test/11.8_dbg/storage/innobase/include/dict0mem.h:1927#5 0x000055dcdc37eaaa in ha_innobase::index_read (this=this@entry=0x14b3a402a380, buf=buf@entry=0x14b3a4029f68 "\377", key_ptr=key_ptr@entry=0x14b3a4042018 "", key_len=6, find_flag=find_flag@entry=HA_READ_KEY_EXACT) at /test/11.8_dbg/storage/innobase/handler/ha_innodb.cc:8981#6 0x000055dcdc37edc4 in ha_innobase::rnd_pos (this=0x14b3a402a380, buf=0x14b3a4029f68 "\377", pos=0x14b3a4042018 "") at /test/11.8_dbg/storage/innobase/handler/ha_innodb.cc:9456#7 0x000055dcdc04c42d in handler::ha_rnd_pos (this=0x14b3a402a380, buf=0x14b3a4029f68 "\377", pos=0x14b3a4042018 "") at /test/11.8_dbg/sql/handler.cc:3778#8 0x000055dcdbc1209e in rr_from_pointers (info=0x14b3d80aeac0) at /test/11.8_dbg/sql/records.h:78#9 0x000055dcdbcb2670 in READ_RECORD::read_record (this=0x14b3d80aeac0) at /test/11.8_dbg/sql/records.h:77#10 Sql_cmd_delete::delete_from_single_table (this=this@entry=0x14b3a401b928, thd=thd@entry=0x14b3a4000d48) at /test/11.8_dbg/sql/sql_delete.cc:863#11 0x000055dcdbcb379d in Sql_cmd_delete::execute_inner (this=0x14b3a401b928, thd=0x14b3a4000d48) at /test/11.8_dbg/sql/sql_delete.cc:1887#12 0x000055dcdbd4fba4 in Sql_cmd_dml::execute (this=0x14b3a401b928, thd=0x14b3a4000d48) at /test/11.8_dbg/sql/sql_select.cc:34324#13 0x000055dcdbd0c887 in mysql_execute_command (thd=thd@entry=0x14b3a4000d48, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/11.8_dbg/sql/sql_parse.cc:4415#14 0x000055dcdbcfbe95 in mysql_parse (thd=thd@entry=0x14b3a4000d48, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14b3d80af2c0) at /test/11.8_dbg/sql/sql_parse.cc:7901#15 0x000055dcdbd133d3 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14b3a4000d48, packet=packet@entry=0x14b3a400b099 "DELETE FROM t FOR PORTION OF tp0 FROM '' TO '1-1-1'", packet_length=packet_length@entry=51, blocking=blocking@entry=true) at /test/11.8_dbg/sql/sql_class.h:1656#16 0x000055dcdbd15c26 in do_command (thd=thd@entry=0x14b3a4000d48, blocking=blocking@entry=true) at /test/11.8_dbg/sql/sql_parse.cc:1416#17 0x000055dcdbe98c2f in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55dcde7dcd38, put_in_cache=put_in_cache@entry=true) at /test/11.8_dbg/sql/sql_connect.cc:1415#18 0x000055dcdbe99109 in handle_one_connection (arg=0x55dcde7dcd38) at /test/11.8_dbg/sql/sql_connect.cc:1327#19 0x000014b3ef48a609 in start_thread (arg=<optimized out>) at pthread_create.c:477#20 0x000014b3ef05b133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95