Details
Description
I used my fuzzing tool to test MariaDB and found a transaction-related bug that make the crashes. This bug might be similar to the bug MDEV-29233 that I previously reported. But the file location of bug triggering and the stack trace are quite different from MDEV-29233. Based on my experience, it might be a different bug.
Mariadb installation
1) cd mariadb-10.10.1
2) mkdir build; cd build
3) cmake .. -DCMAKE_BUILD_TYPE=Debug -DWITH_ASAN=ON
4) make -j12 && sudo make install
Setup the environment
1) export ASAN_OPTIONS=detect_leaks=0
2) /usr/local/mysql/bin/mysqld --basedir=/usr/local/mysql --datadir=/usr/local/mysql/data --plugin-dir=/usr/local/mysql/lib/plugin --user=mysql &
3) /usr/local/mysql/bin/mysql -uroot -Dtestdb < mysql_bk.sql (attached) # set up the database
Reproduce bug
/usr/local/mysql/bin/mysql -uroot -Dtestdb # set up connection conn_0
/usr/local/mysql/bin/mysql -uroot -Dtestdb # set up connection conn_1
conn_1> START TRANSACTION;
conn_0> START TRANSACTION;
conn_1> update t_yfrkzd set wkey = 80;
conn_1> delete from t_yfrkzd
where
t_yfrkzd.c_n1makd between t_yfrkzd.c_n1makd and t_yfrkzd.wkey;
conn_0> delete from t_ywo4_b
where
t_ywo4_b.c_hlsgr not in (
select
ref_0.pkey as c0
from
(t_yfrkzd as ref_0
inner join (select
ref_1.wkey as c0
from
t_yfrkzd as ref_1
) as subq_0
on (ref_0.wkey = subq_0.c0 ))); --- this DELETE blocks
conn_1> delete from t_yfrkzd
where
(t_yfrkzd.c_aob5e not in (
select
ref_1.c_k4lijb as c0
from
t_ywo4_b as ref_1)); --- this DELETE make the above DELETE crash the maridb server
conn_1> ROLLBACK;
conn_0> ROLLBACK;
I have simplified the content of the test case, and I hope this report can help you reproduce and fix the bug. In addition, I attached the failure report (which has its stack trace).
Attachments
Issue Links
- duplicates
-
MDEV-10087 mysqld_update()/mysql_delete() continues execution even after subquery with JOIN gets error from storage engine
-
- Closed
-
- is duplicated by
-
-
- Closed
-
- relates to
-
-
- Confirmed
-