Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-29120

Assertion `prebuilt->sql_stat_start || prebuilt->table->no_rollback()' failed at row0sel.cc:4618

    XMLWordPrintable

Details

    • Bug
    • Status: Confirmed (View Workflow)
    • Major
    • Resolution: Unresolved
    • 10.8.3, 10.3(EOL), 10.4(EOL), 10.5, 10.6, 10.7(EOL), 10.8(EOL), 10.9(EOL)
    • 10.5, 10.6
    • Ubuntu 20.04

    Description

      I used my fuzzing tool to test MariaDB and found a transaction-related bug that make the crashes.

      Mariadb installation
      1) cd mariadb-10.8.3
      2) mkdir build; cd build
      3) cmake .. -DCMAKE_BUILD_TYPE=Debug
      4) make -j12 && sudo make install

      Setup the environment
      1) export ASAN_OPTIONS=detect_leaks=0
      2) /usr/local/mysql/bin/mysqld --basedir=/usr/local/mysql --datadir=/usr/local/mysql/data --plugin-dir=/usr/local/mysql/lib/plugin --user=mysql &
      3) /usr/local/mysql/bin/mysql -uroot -Dtestdb < mysql_bk.sql (attached) # set up the database

      Reproduce bug

      /usr/local/mysql/bin/mysql -uroot -Dtestdb # set up connection conn_0
      /usr/local/mysql/bin/mysql -uroot -Dtestdb # set up connection conn_1

      conn_0> START TRANSACTION;

      conn_1> START TRANSACTION;

      conn_1> insert into t_yynypc (wkey, pkey, c_acfajc) values
      (89, 188000, 40),
      (89, 189000, 5),
      (89, 190000, 49),
      (89, 191000, 39),
      (89, 192000, 50),
      (97, 227000, 86),
      (97, 228000, 19),
      (97, 229000, 3),
      (97, 230000, 9);

      conn_0> delete from t_qrsdpb where
      exists (
      select
      ref_0.c_bkmkf as c2
      from
      t_zefkic as ref_0
      where t_qrsdpb.c_hhsy0b not in (
      select
      ref_3.wkey as c0
      from
      (t_yynypc as ref_2
      left outer join t_zefkic as ref_3
      on (ref_2.wkey = ref_3.wkey ))
      where ref_3.pkey >= ref_2.wkey)); --- this DELETE blocks

      conn_1> update t_zefkic set wkey = 99; --- this UPDATE make the above DELETE crash the maridb server

      conn_0> ROLLBACK;

      conn_1> ROLLBACK;

      I have simplified the content of the test case, and I hope this report can help you reproduce and fix the bug. In addition, I attached the failure report (which has its stack trace).

      Attachments

        Issue Links

          Activity

            People

              sanja Oleksandr Byelkin
              Zuming Jiang Zuming Jiang
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.