[MDEV-33245] SIGSEGV in wsrep_check_sequence | Sql_cmd_alter_sequence::execute - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 10.5, 10.6, 10.11, 11.0(EOL), 11.1(EOL), 11.2(EOL), 11.3(EOL), 11.4
Fix Version/s: 10.5.28, 10.6.21, 10.11.11, 11.4.5, 11.7.2
Component/s: Galera
Labels:
- crash
- segfault

Description

--source include/galera_cluster.inc

--source include/have_innodb.inc

CREATE TABLE t (a INT) ENGINE=InnoDB;

INSERT INTO t VALUES (0);

--ERROR ER_PARSE_ERROR

CREATE TABLE t1 (c VARCHAR) ENGINE=InnoDB;

ALTER SEQUENCE IF EXISTS t MINVALUE=0;

Leads to

11.4.0 be6d48fd53892e6a54d6cbf4dce29be914e78a9d (Optimized)
Core was generated by `/test/GAL_MD150124-mariadb-11.4.0-linux-x86_64-opt/bin/mysqld --defaults-file=/'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=11)
at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
[Current thread is 1 (Thread 0x154de006e700 (LWP 3595570))]
(gdb) bt
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=11) at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
#1 0x000055846c8e45bf in my_write_core (sig=sig@entry=11) at /test/11.4_opt/mysys/stacktrace.c:424
#2 0x000055846c43c5e0 in handle_fatal_signal (sig=11) at /test/11.4_opt/sql/signal_handler.cc:357
#3 <signal handler called>
#4 0x000055846c284344 in wsrep_check_sequence (thd=thd@entry=0x154d78000c58, seq=seq@entry=0x154d780109d8) at /test/11.4_opt/sql/sql_table.cc:4818
#5 0x000055846c3acc8b in Sql_cmd_alter_sequence::execute (this=0x154d78011158, thd=0x154d78000c58) at /test/11.4_opt/sql/sql_sequence.cc:944
#6 0x000055846c1d3116 in mysql_execute_command (thd=0x154d78000c58, is_called_from_prepared_stmt=<optimized out>) at /test/11.4_opt/sql/sql_parse.cc:5786
#7 0x000055846c1c3716 in mysql_parse (rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, thd=0x154d78000c58) at /test/11.4_opt/sql/sql_parse.cc:7798
#8 mysql_parse (thd=0x154d78000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/11.4_opt/sql/sql_parse.cc:7720
#9 0x000055846c1c2f41 in wsrep_mysql_parse (thd=0x154d78000c58, rawbuf=0x154d780108f0 "ALTER SEQUENCE IF EXISTS t MINVALUE=0", length=37, parser_state=0x154de006d3c0) at /test/11.4_opt/sql/sql_parse.cc:7608
#10 0x000055846c1d075d in dispatch_command (command=COM_QUERY, thd=0x154d78000c58, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/11.4_opt/sql/sql_parse.cc:1978
#11 0x000055846c1d142e in do_command (thd=0x154d78000c58, blocking=blocking@entry=true) at /test/11.4_opt/sql/sql_parse.cc:1406
#12 0x000055846c2f5c37 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55846e6aff68, put_in_cache=put_in_cache@entry=true) at /test/11.4_opt/sql/sql_connect.cc:1417
#13 0x000055846c2f5f1d in handle_one_connection (arg=0x55846e6aff68) at /test/11.4_opt/sql/sql_connect.cc:1319
#14 0x0000154de2a5a609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#15 0x0000154de2646133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Attachments

Issue Links

is duplicated by

MDEV-35547 MariaDB crashed upon ALTER SEQUENCE

Closed

links to

user hit problem

Activity

Daniel Black added a comment - 2024-12-06 01:00

(rr) p thd->lex->create_info.db_type

$3 = (handlerton *) 0x0

(rr) list

4871	    DBUG_ASSERT(WSREP(thd));

4873	    if (used_engine)

4874	    {

4875	      db_type= thd->lex->create_info.db_type->db_type;

4876	    }

4877	    else

4878	    {

4879	      const handlerton *hton= ha_default_handlerton(thd);

(rr) p used_engine

$4 = true

used engine is try because of used_engine& HA_CREATE_USED_ENGINE
(rr) watch -l thd->lex->create_info.used_fields
Hardware watchpoint 1: -location thd->lex->create_info.used_fields
(rr) reverse-continue
Continuing.

Thread 2 hit Hardware watchpoint 1: -location thd->lex->create_info.used_fields

Old value = 4096
New value = 0
0x0000000000e894a8 in MYSQLparse (thd=0x52b00021b218) at /home/dan/repos/mariadb-server-10.11/sql/sql_yacc.yy:5381
5381 lex->create_info.used_fields\|= HA_CREATE_USED_ENGINE;
(rr) list
5376 }
5377 Storage_engine_name *opt=
5378 lex->m_sql_cmd->option_storage_engine_name();
5379 DBUG_ASSERT(opt); // Expect a proper Sql_cmd
5380 *opt= Storage_engine_name($3);
5381 lex->create_info.used_fields\|= HA_CREATE_USED_ENGINE;
5382 }
5383 \| MAX_ROWS opt_equal ulonglong_num
5384 {
5385 Lex->create_info.max_rows= $3;
(rr) bt
#0 0x0000000000e894a8 in MYSQLparse (thd=0x52b00021b218) at /home/dan/repos/mariadb-server-10.11/sql/sql_yacc.yy:5381
#1 0x0000000000907fc2 in parse_sql (thd=thd@entry=0x52b00021b218, parser_state=parser_state@entry=0x7f32dde9c7c0,
creation_ctx=creation_ctx@entry=0x0, do_pfs_digest=true) at /home/dan/repos/mariadb-server-10.11/sql/sql_parse.cc:10574
#2 0x00000000008e3e56 in mysql_parse (thd=thd@entry=0x52b00021b218,
rawbuf=rawbuf@entry=0x5290002b7238 "CREATE TABLE t1 (c VARCHAR) ENGINE=InnoDB", length=length@entry=41,
parser_state=parser_state@entry=0x7f32dde9c7c0) at /home/dan/repos/mariadb-server-10.11/sql/sql_parse.cc:8131
#3 0x00000000008e7aa9 in wsrep_mysql_parse (thd=thd@entry=0x52b00021b218, rawbuf=0x5290002b7238 "CREATE TABLE t1 (c VARCHAR) ENGINE=InnoDB",
length=41, parser_state=parser_state@entry=0x7f32dde9c7c0) at /home/dan/repos/mariadb-server-10.11/sql/sql_parse.cc:7989
#4 0x00000000008de4ad in dispatch_command (command=<optimized out>, thd=0x52b00021b218, packet=<optimized out>, packet_length=<optimized out>,
blocking=<optimized out>) at /home/dan/repos/mariadb-server-10.11/sql/sql_parse.cc:1894
#5 0x00000000008e505e in do_command (thd=thd@entry=0x52b00021b218, blocking=<optimized out>)
at /home/dan/repos/mariadb-server-10.11/sql/sql_parse.cc:1420
#6 0x0000000000c61e2d in do_handle_one_connection (connect=<optimized out>, connect@entry=0x508000018c38, put_in_cache=<optimized out>)
at /home/dan/repos/mariadb-server-10.11/sql/sql_connect.cc:1386
#7 0x0000000000c6197c in handle_one_connection (arg=arg@entry=0x508000018c38) at /home/dan/repos/mariadb-server-10.11/sql/sql_connect.cc:1298
#8 0x0000000001640830 in pfs_spawn_thread (arg=0x517000032918) at /home/dan/repos/mariadb-server-10.11/storage/perfschema/pfs.cc:2201
#9 0x00000000005be52b in asan_thread_start(void*) ()
#10 0x00007f3302a7ccd7 in start_thread () from /lib64/libc.so.6
#11 0x00007f3302b00a94 in clone () from /lib64/libc.so.6

Which is residual from previous SQL.

Thread 2 hit Breakpoint 6, wsrep_mysql_parse (thd=thd@entry=0x52b00021b218, rawbuf=0x5290002b7238 "ALTER SEQUENCE IF EXISTS t MINVALUE=0",

    length=37, parser_state=parser_state@entry=0x7f32ddea07c0) at /home/dan/repos/mariadb-server-10.11/sql/sql_parse.cc:7983

7983	    !thd->in_multi_stmt_transaction_mode()                  &&

(rr) p thd->lex->create_info.used_fields

$10 = 4096

sysprg can you review https://github.com/MariaDB/server/pull/3684 to correct this please.

Daniel Black added a comment - 2024-12-06 01:00 (rr) p thd->lex->create_info.db_type $3 = (handlerton *) 0x0 (rr) list 4870 4871 DBUG_ASSERT(WSREP(thd)); 4872 4873 if (used_engine) 4874 { 4875 db_type= thd->lex->create_info.db_type->db_type; 4876 } 4877 else 4878 { 4879 const handlerton *hton= ha_default_handlerton(thd); (rr) p used_engine $4 = true used engine is try because of used_engine& HA_CREATE_USED_ENGINE (rr) watch -l thd->lex->create_info.used_fields Hardware watchpoint 1: -location thd->lex->create_info.used_fields (rr) reverse-continue Continuing. Thread 2 hit Hardware watchpoint 1: -location thd->lex->create_info.used_fields Old value = 4096 New value = 0 0x0000000000e894a8 in MYSQLparse (thd=0x52b00021b218) at /home/dan/repos/mariadb-server-10.11/sql/sql_yacc.yy:5381 5381 lex->create_info.used_fields|= HA_CREATE_USED_ENGINE; (rr) list 5376 } 5377 Storage_engine_name *opt= 5378 lex->m_sql_cmd->option_storage_engine_name(); 5379 DBUG_ASSERT(opt); // Expect a proper Sql_cmd 5380 *opt= Storage_engine_name($3); 5381 lex->create_info.used_fields|= HA_CREATE_USED_ENGINE; 5382 } 5383 | MAX_ROWS opt_equal ulonglong_num 5384 { 5385 Lex->create_info.max_rows= $3; (rr) bt #0 0x0000000000e894a8 in MYSQLparse (thd=0x52b00021b218) at /home/dan/repos/mariadb-server-10.11/sql/sql_yacc.yy:5381 #1 0x0000000000907fc2 in parse_sql (thd=thd@entry=0x52b00021b218, parser_state=parser_state@entry=0x7f32dde9c7c0, creation_ctx=creation_ctx@entry=0x0, do_pfs_digest=true) at /home/dan/repos/mariadb-server-10.11/sql/sql_parse.cc:10574 #2 0x00000000008e3e56 in mysql_parse (thd=thd@entry=0x52b00021b218, rawbuf=rawbuf@entry=0x5290002b7238 "CREATE TABLE t1 (c VARCHAR) ENGINE=InnoDB", length=length@entry=41, parser_state=parser_state@entry=0x7f32dde9c7c0) at /home/dan/repos/mariadb-server-10.11/sql/sql_parse.cc:8131 #3 0x00000000008e7aa9 in wsrep_mysql_parse (thd=thd@entry=0x52b00021b218, rawbuf=0x5290002b7238 "CREATE TABLE t1 (c VARCHAR) ENGINE=InnoDB", length=41, parser_state=parser_state@entry=0x7f32dde9c7c0) at /home/dan/repos/mariadb-server-10.11/sql/sql_parse.cc:7989 #4 0x00000000008de4ad in dispatch_command (command=<optimized out>, thd=0x52b00021b218, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /home/dan/repos/mariadb-server-10.11/sql/sql_parse.cc:1894 #5 0x00000000008e505e in do_command (thd=thd@entry=0x52b00021b218, blocking=<optimized out>) at /home/dan/repos/mariadb-server-10.11/sql/sql_parse.cc:1420 #6 0x0000000000c61e2d in do_handle_one_connection (connect=<optimized out>, connect@entry=0x508000018c38, put_in_cache=<optimized out>) at /home/dan/repos/mariadb-server-10.11/sql/sql_connect.cc:1386 #7 0x0000000000c6197c in handle_one_connection (arg=arg@entry=0x508000018c38) at /home/dan/repos/mariadb-server-10.11/sql/sql_connect.cc:1298 #8 0x0000000001640830 in pfs_spawn_thread (arg=0x517000032918) at /home/dan/repos/mariadb-server-10.11/storage/perfschema/pfs.cc:2201 #9 0x00000000005be52b in asan_thread_start(void*) () #10 0x00007f3302a7ccd7 in start_thread () from /lib64/libc.so.6 #11 0x00007f3302b00a94 in clone () from /lib64/libc.so.6 Which is residual from previous SQL. Thread 2 hit Breakpoint 6, wsrep_mysql_parse (thd=thd@entry=0x52b00021b218, rawbuf=0x5290002b7238 "ALTER SEQUENCE IF EXISTS t MINVALUE=0", length=37, parser_state=parser_state@entry=0x7f32ddea07c0) at /home/dan/repos/mariadb-server-10.11/sql/sql_parse.cc:7983 7983 !thd->in_multi_stmt_transaction_mode() && (rr) p thd->lex->create_info.used_fields $10 = 4096 sysprg can you review https://github.com/MariaDB/server/pull/3684 to correct this please.

MariaDB Server

SIGSEGV in wsrep_check_sequence | Sql_cmd_alter_sequence::execute

Details

Description

Attachments

Issue Links

Activity

People

Dates

Git Integration