Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-34051

SIGSEGV in dict_table_t::is_active_ddl during XA ... INSERT IGNORE

Details

    Description

      Testcase (highly sporadic):

      CREATE TABLE t (a1 VARCHAR(1), a2 VARCHAR(1)) ENGINE=InnoDB;
      XA START 'a';
      CREATE TEMPORARY TABLE t (c1 INT) ENGINE=InnoDB;
      INSERT INTO t VALUES (1),(2),(3),(4),(5),(6),(7);
      INSERT IGNORE INTO t VALUES (@inserted_value);
      XA END 'a';
      XA ROLLBACK 'a';
      SET SESSION gtid_domain_id=10;
      

      Leads to:

      10.6.18 0ccdf54b644352f42e1768bc660be7ab50c1e9d2 (Debug, Slave)

      Core was generated by `/test/MD240424-mariadb-10.6.18-linux-x86_64-dbg/bin/mariadbd --no-defaults --ba'.
      Program terminated with signal SIGSEGV, Segmentation fault.
      #0  0x0000560f75725785 in dict_table_t::is_active_ddl (this=<optimized out>)at /test/10.6_dbg/storage/innobase/include/dict0mem.h:2433
      [Current thread is 1 (LWP 103187)]
      (gdb) bt
      #0  0x0000560f75725785 in dict_table_t::is_active_ddl (this=<optimized out>)at /test/10.6_dbg/storage/innobase/include/dict0mem.h:2433
      #1  trx_t::rollback_low (this=this@entry=0x14972d2e5c80, savept=savept@entry=0x14972d2e65c0)at /test/10.6_dbg/storage/innobase/trx/trx0roll.cc:152
      #2  0x0000560f757233ee in trx_t::rollback (this=this@entry=0x14972d2e5c80, savept=savept@entry=0x14972d2e65c0)at /test/10.6_dbg/storage/innobase/trx/trx0roll.cc:176
      #3  0x0000560f7572353f in trx_rollback_last_sql_stat_for_mysql (trx=trx@entry=0x14972d2e5c80)at /test/10.6_dbg/storage/innobase/trx/trx0roll.cc:307
      #4  0x0000560f7551b4b8 in innobase_rollback (hton=<optimized out>, thd=0x1496b0000d58, rollback_trx=<optimized out>)at /test/10.6_dbg/storage/innobase/handler/ha_innodb.cc:4702
      #5  0x0000560f7519ae67 in ha_rollback_trans (thd=thd@entry=0x1496b0000d58, all=all@entry=false) at /test/10.6_dbg/sql/handler.cc:2264
      #6  0x0000560f75041ea1 in trans_rollback_stmt (thd=thd@entry=0x1496b0000d58)at /test/10.6_dbg/sql/transaction.cc:566
      #7  0x0000560f74edffbc in mysql_execute_command (thd=thd@entry=0x1496b0000d58, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false)at /test/10.6_dbg/sql/sql_parse.cc:6176
      #8  0x0000560f74ee10b4 in mysql_parse (thd=0x1496b0000d58, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x1496fb9b08b0)at /test/10.6_dbg/sql/sql_parse.cc:8146
      #9  0x0000560f75305fe2 in Query_log_event::do_apply_event (this=0x1496d4031f28, rgi=0x1496d402ed30, query_arg=0x1496d4032093 "INSERT IGNORE INTO t1 VALUES (@inserted_value)", q_len_arg=<optimized out>) at /test/10.6_dbg/sql/sql_class.h:240
      #10 0x0000560f7530691e in Query_log_event::do_apply_event (this=<optimized out>, rgi=<optimized out>)at /test/10.6_dbg/sql/log_event_server.cc:1609
      #11 0x0000560f74e024e5 in Log_event::apply_event (rgi=0x1496d402ed30, this=0x1496d4031f28) at /test/10.6_dbg/sql/log_event.h:1509
      #12 apply_event_and_update_pos_apply (ev=ev@entry=0x1496d4031f28, thd=thd@entry=0x1496b0000d58, rgi=rgi@entry=0x1496d402ed30, reason=reason@entry=0) at /test/10.6_dbg/sql/slave.cc:3906
      #13 0x0000560f74e0c72c in apply_event_and_update_pos_for_parallel (ev=ev@entry=0x1496d4031f28, thd=thd@entry=0x1496b0000d58, rgi=rgi@entry=0x1496d402ed30) at /test/10.6_dbg/sql/slave.cc:4102
      #14 0x0000560f750ac508 in rpt_handle_event (qev=qev@entry=0x1496d4032148, rpt=rpt@entry=0x1496d400f0b8) at /test/10.6_dbg/sql/rpl_parallel.cc:64
      #15 0x0000560f750b102b in handle_rpl_parallel_thread (arg=arg@entry=0x1496d400f0b8) at /test/10.6_dbg/sql/rpl_parallel.cc:1525
      #16 0x0000560f75476f78 in pfs_spawn_thread (arg=0x1496d40127a8)at /test/10.6_dbg/storage/perfschema/pfs.cc:2201
      #17 0x0000149730c8f18a in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:444
      #18 0x0000149730d1dbd0 in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
      

      It looks like a parallel slave setup is required to reproduce the issue.

      NTS: ~/MDEV-34051 | sc3266128

      Attachments

        Issue Links

          Activity

            Slightly different stack on optimized builds, 10.11 opt example:

            10.11.8 c3460e690431ce94705888737c2b9de6968665a7 (Optimized)

            Core was generated by `/test/MD240424-mariadb-10.11.8-linux-x86_64-opt/bin/mariadbd --defaults-group-s'.
            Program terminated with signal SIGSEGV, Segmentation fault.
            #0  0x0000560a9d646d84 in dict_table_t::is_active_ddl (this=<optimized out>)at /test/10.11_opt/storage/innobase/include/dict0mem.h:2439
             
            warning: Source file is more recent than executable.
            2439	    return UT_LIST_GET_FIRST(indexes)->online_log;
            [Current thread is 1 (LWP 1182368)]
            (gdb) bt
            #0  0x0000560a9d646d84 in dict_table_t::is_active_ddl (this=<optimized out>)at /test/10.11_opt/storage/innobase/include/dict0mem.h:2439
            #1  trx_t::rollback_low (this=this@entry=0x14d9c514e680, savept=savept@entry=0x14d9c514efb8)at /test/10.11_opt/storage/innobase/trx/trx0roll.cc:154
            #2  0x0000560a9d645d70 in trx_t::rollback (savept=0x14d9c514efb8, this=0x14d9c514e680)at /test/10.11_opt/storage/innobase/trx/trx0roll.cc:178
            #3  trx_t::rollback (savept=0x14d9c514efb8, this=0x14d9c514e680)at /test/10.11_opt/storage/innobase/trx/trx0roll.cc:165
            #4  trx_rollback_last_sql_stat_for_mysql (trx=trx@entry=0x14d9c514e680)at /test/10.11_opt/storage/innobase/trx/trx0roll.cc:309
            #5  0x0000560a9d534f10 in innobase_rollback (hton=<optimized out>, thd=0x14d964000c68, rollback_trx=<optimized out>)at /test/10.11_opt/storage/innobase/handler/ha_innodb.cc:4634
            #6  0x0000560a9d233ec8 in ha_rollback_trans (thd=thd@entry=0x14d964000c68, all=all@entry=false) at /test/10.11_opt/sql/handler.cc:2263
            #7  0x0000560a9d1121b3 in trans_rollback_stmt (thd=thd@entry=0x14d964000c68)at /test/10.11_opt/sql/transaction.cc:566
            #8  0x0000560a9cfce96e in mysql_execute_command (thd=thd@entry=0x14d964000c68, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false)at /test/10.11_opt/sql/sql_parse.cc:6177
            #9  0x0000560a9cfd43ae in mysql_parse (thd=0x14d964000c68, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14d9b7021910)at /test/10.11_opt/sql/sql_parse.cc:8126
            #10 0x0000560a9d370fc8 in Query_log_event::do_apply_event (this=0x14d98c0321f8, rgi=0x14d98c030360, query_arg=0x14d98c032363 "INSERT IGNORE INTO t1 VALUES (@inserted_value)", q_len_arg=<optimized out>) at /test/10.11_opt/sql/sql_class.h:244
            #11 0x0000560a9d363481 in Log_event::apply_event (this=this@entry=0x14d98c0321f8, rgi=rgi@entry=0x14d98c030360)at /test/10.11_opt/sql/log_event.cc:4216
            #12 0x0000560a9cf0b74b in apply_event_and_update_pos_apply (reason=0, rgi=0x14d98c030360, thd=0x14d964000c68, ev=0x14d98c0321f8)at /test/10.11_opt/sql/slave.cc:3934
            #13 apply_event_and_update_pos_for_parallel (ev=ev@entry=0x14d98c0321f8, thd=thd@entry=0x14d964000c68, rgi=rgi@entry=0x14d98c030360)at /test/10.11_opt/sql/slave.cc:4141
            #14 0x0000560a9d16cafc in rpt_handle_event (qev=qev@entry=0x14d98c032418, rpt=0x14d98c00b3c8) at /test/10.11_opt/sql/rpl_parallel.cc:64
            #15 0x0000560a9d1710ad in handle_rpl_parallel_thread (arg=arg@entry=0x14d98c00b3c8) at /test/10.11_opt/sql/rpl_parallel.cc:1555
            #16 0x0000560a9d48a9b5 in pfs_spawn_thread (arg=0x14d98c00e218)at /test/10.11_opt/storage/perfschema/pfs.cc:2201
            #17 0x000014d9cae8f18a in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:444
            #18 0x000014d9caf1dbd0 in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
            

            Roel Roel Van de Paar added a comment - Slightly different stack on optimized builds, 10.11 opt example: 10.11.8 c3460e690431ce94705888737c2b9de6968665a7 (Optimized) Core was generated by `/test/MD240424-mariadb-10.11.8-linux-x86_64-opt/bin/mariadbd --defaults-group-s'. Program terminated with signal SIGSEGV, Segmentation fault. #0 0x0000560a9d646d84 in dict_table_t::is_active_ddl (this=<optimized out>)at /test/10.11_opt/storage/innobase/include/dict0mem.h:2439   warning: Source file is more recent than executable. 2439 return UT_LIST_GET_FIRST(indexes)->online_log; [Current thread is 1 (LWP 1182368)] (gdb) bt #0 0x0000560a9d646d84 in dict_table_t::is_active_ddl (this=<optimized out>)at /test/10.11_opt/storage/innobase/include/dict0mem.h:2439 #1 trx_t::rollback_low (this=this@entry=0x14d9c514e680, savept=savept@entry=0x14d9c514efb8)at /test/10.11_opt/storage/innobase/trx/trx0roll.cc:154 #2 0x0000560a9d645d70 in trx_t::rollback (savept=0x14d9c514efb8, this=0x14d9c514e680)at /test/10.11_opt/storage/innobase/trx/trx0roll.cc:178 #3 trx_t::rollback (savept=0x14d9c514efb8, this=0x14d9c514e680)at /test/10.11_opt/storage/innobase/trx/trx0roll.cc:165 #4 trx_rollback_last_sql_stat_for_mysql (trx=trx@entry=0x14d9c514e680)at /test/10.11_opt/storage/innobase/trx/trx0roll.cc:309 #5 0x0000560a9d534f10 in innobase_rollback (hton=<optimized out>, thd=0x14d964000c68, rollback_trx=<optimized out>)at /test/10.11_opt/storage/innobase/handler/ha_innodb.cc:4634 #6 0x0000560a9d233ec8 in ha_rollback_trans (thd=thd@entry=0x14d964000c68, all=all@entry=false) at /test/10.11_opt/sql/handler.cc:2263 #7 0x0000560a9d1121b3 in trans_rollback_stmt (thd=thd@entry=0x14d964000c68)at /test/10.11_opt/sql/transaction.cc:566 #8 0x0000560a9cfce96e in mysql_execute_command (thd=thd@entry=0x14d964000c68, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false)at /test/10.11_opt/sql/sql_parse.cc:6177 #9 0x0000560a9cfd43ae in mysql_parse (thd=0x14d964000c68, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14d9b7021910)at /test/10.11_opt/sql/sql_parse.cc:8126 #10 0x0000560a9d370fc8 in Query_log_event::do_apply_event (this=0x14d98c0321f8, rgi=0x14d98c030360, query_arg=0x14d98c032363 "INSERT IGNORE INTO t1 VALUES (@inserted_value)", q_len_arg=<optimized out>) at /test/10.11_opt/sql/sql_class.h:244 #11 0x0000560a9d363481 in Log_event::apply_event (this=this@entry=0x14d98c0321f8, rgi=rgi@entry=0x14d98c030360)at /test/10.11_opt/sql/log_event.cc:4216 #12 0x0000560a9cf0b74b in apply_event_and_update_pos_apply (reason=0, rgi=0x14d98c030360, thd=0x14d964000c68, ev=0x14d98c0321f8)at /test/10.11_opt/sql/slave.cc:3934 #13 apply_event_and_update_pos_for_parallel (ev=ev@entry=0x14d98c0321f8, thd=thd@entry=0x14d964000c68, rgi=rgi@entry=0x14d98c030360)at /test/10.11_opt/sql/slave.cc:4141 #14 0x0000560a9d16cafc in rpt_handle_event (qev=qev@entry=0x14d98c032418, rpt=0x14d98c00b3c8) at /test/10.11_opt/sql/rpl_parallel.cc:64 #15 0x0000560a9d1710ad in handle_rpl_parallel_thread (arg=arg@entry=0x14d98c00b3c8) at /test/10.11_opt/sql/rpl_parallel.cc:1555 #16 0x0000560a9d48a9b5 in pfs_spawn_thread (arg=0x14d98c00e218)at /test/10.11_opt/storage/perfschema/pfs.cc:2201 #17 0x000014d9cae8f18a in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:444 #18 0x000014d9caf1dbd0 in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

            Does not look reproducible in 10.5.

            Roel Roel Van de Paar added a comment - Does not look reproducible in 10.5.
            Roel Roel Van de Paar added a comment - - edited

            I also regularly see unfreed memory in the MTR logs (also sporadic):

            11.4.2 24dd78e5834e92993d4bce41dc70647a5f237c12 (Optimized)

            2024-05-09 17:37:26 0 [Note] /test/MD240424-mariadb-11.4.2-linux-x86_64-opt/bin/mariadbd: Shutdown complete
            Warning: Memory not freed: 4464
            

            Use:

            cd var && grep 'Memory not freed' var/[0-9]*/log/mysqld*err
            

            To locate such instances

            Roel Roel Van de Paar added a comment - - edited I also regularly see unfreed memory in the MTR logs (also sporadic): 11.4.2 24dd78e5834e92993d4bce41dc70647a5f237c12 (Optimized) 2024-05-09 17:37:26 0 [Note] /test/MD240424-mariadb-11.4.2-linux-x86_64-opt/bin/mariadbd: Shutdown complete Warning: Memory not freed: 4464 Use: cd var && grep 'Memory not freed' var/[0-9]* /log/mysqld *err To locate such instances

            Note:

            CREATE TABLE t (c INT) ENGINE=InnoDB;
            XA START 'a';
            CREATE TEMPORARY TABLE t (d INT) ENGINE=InnoDB;
            XA END 'a';
            XA ROLLBACK 'a';
            DROP TEMPORARY TABLE t;  # Succeeds
            

            Neither the XA documentation nor the CREATE TABLE documentation say anything on temporary tables inside a XA transaction. Should the table have been dropped by the XA ROLLBACK? Also note that the crash in the related MDEV-34049 is on what looks to be an automated (i.e. not testcase originating) drop of (the same?) temporary table:

            #16 0x000055d305e03fe2 in Query_log_event::do_apply_event (this=0x153be4035d48, rgi=0x153be402ed30, 
                query_arg=0x153be4035eb3 "DROP /*!40005 TEMPORARY */ TABLE IF EXISTS `t1`", q_len_arg=<optimized out>)
                at /test/10.6_dbg/sql/sql_class.h:240
            

            Roel Roel Van de Paar added a comment - Note: CREATE TABLE t (c INT ) ENGINE=InnoDB; XA START 'a' ; CREATE TEMPORARY TABLE t (d INT ) ENGINE=InnoDB; XA END 'a' ; XA ROLLBACK 'a' ; DROP TEMPORARY TABLE t; # Succeeds Neither the XA documentation nor the CREATE TABLE documentation say anything on temporary tables inside a XA transaction. Should the table have been dropped by the XA ROLLBACK ? Also note that the crash in the related MDEV-34049 is on what looks to be an automated (i.e. not testcase originating) drop of (the same?) temporary table: #16 0x000055d305e03fe2 in Query_log_event::do_apply_event (this=0x153be4035d48, rgi=0x153be402ed30, query_arg=0x153be4035eb3 "DROP /*!40005 TEMPORARY */ TABLE IF EXISTS `t1`", q_len_arg=<optimized out>) at /test/10.6_dbg/sql/sql_class.h:240

            An easy fix would be to reject any DDL operations on TEMPORARY TABLE within an XA transaction, like I had recently hinted in MDEV-35046.

            marko Marko Mäkelä added a comment - An easy fix would be to reject any DDL operations on TEMPORARY TABLE within an XA transaction, like I had recently hinted in MDEV-35046 .

            People

              bnestere Brandon Nesterenko
              Roel Roel Van de Paar
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.