Details
-
Bug
-
Status: Closed (View Workflow)
-
Critical
-
Resolution: Fixed
-
10.6, 10.11, 11.1(EOL), 11.2(EOL), 11.4, 11.5(EOL), 11.6(EOL)
Description
INSTALL PLUGIN Spider SONAME 'ha_spider.so'; |
CREATE SERVER srv FOREIGN DATA WRAPPER MYSQL OPTIONS (SOCKET '../socket.sock',DATABASE'',USER'',PASSWORD''); |
CREATE TABLE t1 (c1 TIME) ENGINE=Spider PARTITION BY HASH(EXTRACT(HOUR_SECOND FROM c1)); |
CREATE TABLE t2 (c1 INT) ENGINE=MyISAM; |
CREATE TABLE t3 (c1 INT,c2 INT) ENGINE=Spider COMMENT='WRAPPER "mysql",SRV "srv",TABLE "t1"'; |
INSERT INTO t2 SELECT * FROM t3; |
SELECT * FROM t3; |
ALTER TABLE t1 CHANGE COLUMN c1 d1 INT; |
Leads to:
|
11.2.5 03807c8449cdccbf5b8afc0dddabb1d8ec7ba85a (Debug) |
Core was generated by `/test/MD200724-mariadb-11.2.5-linux-x86_64-dbg/bin/mariadbd --no-defaults --max'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 ha_spider::update_create_info (this=0x153fe403ab30, create_info=0x1540280e3630)at /test/11.2_dbg/storage/spider/ha_spider.cc:8610
|
Downloading source file /test/11.2_dbg/storage/spider/ha_spider.cc...
|
[Current thread is 1 (LWP 1347742)]
|
(gdb) bt
|
#0 ha_spider::update_create_info (this=0x153fe403ab30, create_info=0x1540280e3630)at /test/11.2_dbg/storage/spider/ha_spider.cc:8610
|
#1 0x000055e0629d05d8 in ha_partition::update_create_info (this=0x153fe403a250, create_info=<optimized out>)at /test/11.2_dbg/sql/ha_partition.cc:2372
|
#2 0x000055e062504368 in mysql_prepare_alter_table (thd=thd@entry=0x153fe8000d58, table=table@entry=0x153fe40399e8, create_info=create_info@entry=0x1540280e6340, alter_info=alter_info@entry=0x1540280e61d0, alter_ctx=alter_ctx@entry=0x1540280e54b0)at /test/11.2_dbg/sql/sql_table.cc:9237
|
#3 0x000055e062512cec in mysql_alter_table (thd=thd@entry=0x153fe8000d58, new_db=<optimized out>, new_name=new_name@entry=0x153fe8005fd8, create_info=create_info@entry=0x1540280e6340, table_list=<optimized out>, table_list@entry=0x153fe8013738, recreate_info=recreate_info@entry=0x1540280e6190, alter_info=<optimized out>, order_num=<optimized out>, order=<optimized out>, ignore=<optimized out>, if_exists=<optimized out>)at /test/11.2_dbg/sql/sql_table.cc:10878
|
#4 0x000055e06259b609 in Sql_cmd_alter_table::execute (this=<optimized out>, thd=0x153fe8000d58) at /test/11.2_dbg/sql/sql_alter.cc:701
|
#5 0x000055e062425db3 in mysql_execute_command (thd=thd@entry=0x153fe8000d58, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false)at /test/11.2_dbg/sql/sql_parse.cc:5876
|
#6 0x000055e062427753 in mysql_parse (thd=thd@entry=0x153fe8000d58, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x1540280e72e0)at /test/11.2_dbg/sql/sql_parse.cc:7920
|
#7 0x000055e062429ada in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x153fe8000d58, packet=packet@entry=0x153fe800b309 "ALTER TABLE t1 CHANGE COLUMN c1 d1 INT", packet_length=packet_length@entry=38, blocking=blocking@entry=true)at /test/11.2_dbg/sql/sql_class.h:247
|
#8 0x000055e06242bdff in do_command (thd=0x153fe8000d58, blocking=blocking@entry=true) at /test/11.2_dbg/sql/sql_parse.cc:1407
|
#9 0x000055e062592e61 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55e064df09a8, put_in_cache=put_in_cache@entry=true)at /test/11.2_dbg/sql/sql_connect.cc:1439
|
#10 0x000055e062593156 in handle_one_connection (arg=arg@entry=0x55e064df09a8)at /test/11.2_dbg/sql/sql_connect.cc:1341
|
#11 0x000055e0629e4192 in pfs_spawn_thread (arg=0x55e064dbfb68)at /test/11.2_dbg/storage/perfschema/pfs.cc:2201
|
#12 0x0000154031c97ada in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:444
|
#13 0x0000154031d2847c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
Bug confirmed present in:
MariaDB: 10.6.19 (dbg), 10.6.19 (opt), 10.11.9 (dbg), 10.11.9 (opt), 11.1.6 (dbg), 11.1.6 (opt), 11.2.5 (dbg), 11.2.5 (opt), 11.4.3 (dbg), 11.4.3 (opt), 11.5.2 (dbg), 11.5.2 (opt), 11.6.0 (dbg), 11.6.0 (opt)
Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.5.26 (dbg), 10.5.26 (opt)
Attachments
Issue Links
- duplicates
-
-
- Closed
-
- relates to
-
-
- Closed
-
Activity
Confirmed to be present in 10.6 dbg @ 216fdb155683e960297b089e024c439593bbe6a8 (build today) which contains the recent 10.5 pushed fixes inc MDEV-32492.
ASAN sees a heap-use-after-free:
|
11.6.0 d83742622dd1bece3f6a3a11ac0be64de0f3ff84 (Optimized) |
==1477612==ERROR: AddressSanitizer: heap-use-after-free on address 0x62d000276448 at pc 0x1490198e8be7 bp 0x14901ade6440 sp 0x14901ade6430
|
READ of size 8 at 0x62d000276448 thread T12
|
#0 0x1490198e8be6 in ha_spider::update_create_info(HA_CREATE_INFO*) /test/11.6_opt_san/storage/spider/ha_spider.cc:8609
|
#1 0x557142503df0 in ha_partition::update_create_info(HA_CREATE_INFO*) /test/11.6_opt_san/sql/ha_partition.cc:2397
|
#2 0x55714008cc2b in mysql_prepare_alter_table(THD*, TABLE*, Table_specification_st*, Alter_info*, Alter_table_ctx*) /test/11.6_opt_san/sql/sql_table.cc:9194
|
#3 0x5571400bacc7 in mysql_alter_table(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, Table_specification_st*, TABLE_LIST*, Recreate_info*, Alter_info*, unsigned int, st_order*, bool, bool) /test/11.6_opt_san/sql/sql_table.cc:10820
|
#4 0x557140400622 in Sql_cmd_alter_table::execute(THD*) /test/11.6_opt_san/sql/sql_alter.cc:701
|
#5 0x55713fa109a4 in mysql_execute_command(THD*, bool) /test/11.6_opt_san/sql/sql_parse.cc:5842
|
#6 0x55713fa30652 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.6_opt_san/sql/sql_parse.cc:7867
|
#7 0x55713fa3cb4e in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.6_opt_san/sql/sql_parse.cc:1892
|
#8 0x55713fa48a28 in do_command(THD*, bool) /test/11.6_opt_san/sql/sql_parse.cc:1405
|
#9 0x5571403d60cc in do_handle_one_connection(CONNECT*, bool) /test/11.6_opt_san/sql/sql_connect.cc:1448
|
#10 0x5571403d86d4 in handle_one_connection /test/11.6_opt_san/sql/sql_connect.cc:1350
|
#11 0x14903e897ad9 in start_thread nptl/pthread_create.c:444
|
#12 0x14903e92847b in clone3 ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
|
|
0x62d000276448 is located 72 bytes inside of 34560-byte region [0x62d000276400,0x62d00027eb00)
|
freed by thread T15 here:
|
#0 0x55713f1396b7 in free (/test/UBASAN_MD200724-mariadb-11.6.0-linux-x86_64-opt/bin/mariadbd+0x7ff66b7)
|
#1 0x1490197eca27 in spider_free_mem(st_spider_transaction*, void*, unsigned long) /test/11.6_opt_san/storage/spider/spd_malloc.cc:183
|
#2 0x14901964437b in spider_free_trx(st_spider_transaction*, bool, bool) /test/11.6_opt_san/storage/spider/spd_trx.cc:1420
|
#3 0x14901972c26d in spider_close_connection(handlerton*, THD*) /test/11.6_opt_san/storage/spider/spd_table.cc:6285
|
#4 0x557141098bb5 in ha_close_connection(THD*) /test/11.6_opt_san/sql/handler.cc:958
|
#5 0x55713f6b1125 in THD::free_connection() /test/11.6_opt_san/sql/sql_class.cc:1678
|
#6 0x5571403d5292 in do_handle_one_connection(CONNECT*, bool) /test/11.6_opt_san/sql/sql_connect.cc:1459
|
#7 0x5571403d86d4 in handle_one_connection /test/11.6_opt_san/sql/sql_connect.cc:1350
|
#8 0x14903e897ad9 in start_thread nptl/pthread_create.c:444
|
|
|
previously allocated by thread T15 here:
|
#0 0x55713f139a07 in malloc (/test/UBASAN_MD200724-mariadb-11.6.0-linux-x86_64-opt/bin/mariadbd+0x7ff6a07)
|
#1 0x5571437be2e4 in my_malloc /test/11.6_opt_san/mysys/my_malloc.c:93
|
#2 0x1490197ecebb in spider_bulk_alloc_mem(st_spider_transaction*, unsigned int, char const*, char const*, unsigned long, unsigned long, ...) /test/11.6_opt_san/storage/spider/spd_malloc.cc:231
|
#3 0x149019644682 in spider_get_trx(THD*, bool, int*) /test/11.6_opt_san/storage/spider/spd_trx.cc:1145
|
#4 0x1490197a47d6 in spider_init_share(char const*, TABLE*, THD*, ha_spider*, int*, st_spider_share*, TABLE_SHARE*, bool) /test/11.6_opt_san/storage/spider/spd_table.cc:5467
|
#5 0x1490197a6f8b in spider_get_share(char const*, TABLE*, THD*, ha_spider*, int*) /test/11.6_opt_san/storage/spider/spd_table.cc:5634
|
#6 0x14901989c49c in ha_spider::open(char const*, int, unsigned int) /test/11.6_opt_san/storage/spider/ha_spider.cc:312
|
#7 0x5571410b0d10 in handler::ha_open(TABLE*, char const*, int, unsigned int, st_mem_root*, List<String>*) /test/11.6_opt_san/sql/handler.cc:3578
|
#8 0x55714254df02 in ha_partition::open_read_partitions(char*, unsigned long) /test/11.6_opt_san/sql/ha_partition.cc:8970
|
#9 0x5571425523eb in ha_partition::open(char const*, int, unsigned int) /test/11.6_opt_san/sql/ha_partition.cc:3929
|
#10 0x5571410b0d10 in handler::ha_open(TABLE*, char const*, int, unsigned int, st_mem_root*, List<String>*) /test/11.6_opt_san/sql/handler.cc:3578
|
#11 0x557140247a77 in open_table_from_share(THD*, TABLE_SHARE*, st_mysql_const_lex_string const*, unsigned int, unsigned int, unsigned int, TABLE*, bool, List<String>*) /test/11.6_opt_san/sql/table.cc:4599
|
#12 0x55713f5df4be in open_table(THD*, TABLE_LIST*, Open_table_context*) /test/11.6_opt_san/sql/sql_base.cc:2240
|
#13 0x55713f5f6289 in open_and_process_table /test/11.6_opt_san/sql/sql_base.cc:4174
|
#14 0x55713f5f6289 in open_tables(THD*, DDL_options_st const&, TABLE_LIST**, unsigned int*, unsigned int, Prelocking_strategy*) /test/11.6_opt_san/sql/sql_base.cc:4660
|
#15 0x55713f5fb5b4 in open_tables /test/11.6_opt_san/sql/sql_base.h:273
|
#16 0x55713f5fb5b4 in open_normal_and_derived_tables(THD*, TABLE_LIST*, unsigned int, unsigned int) /test/11.6_opt_san/sql/sql_base.cc:5699
|
#17 0x55713f5fbd94 in open_tables_only_view_structure(THD*, TABLE_LIST*, bool) /test/11.6_opt_san/sql/sql_base.cc:5750
|
#18 0x55713fea4520 in fill_schema_table_by_open /test/11.6_opt_san/sql/sql_show.cc:4808
|
#19 0x55713ff5b505 in get_all_tables(THD*, TABLE_LIST*, Item*) /test/11.6_opt_san/sql/sql_show.cc:5608
|
#20 0x55713ff69ba8 in get_schema_tables_result(JOIN*, enum_schema_table_state) /test/11.6_opt_san/sql/sql_show.cc:9456
|
#21 0x55713fe6192c in JOIN::exec_inner() /test/11.6_opt_san/sql/sql_select.cc:4982
|
#22 0x55713fe68783 in JOIN::exec() /test/11.6_opt_san/sql/sql_select.cc:4804
|
#23 0x55713fe55c8d in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/11.6_opt_san/sql/sql_select.cc:5337
|
#24 0x55713fe59890 in handle_select(THD*, LEX*, select_result*, unsigned long long) /test/11.6_opt_san/sql/sql_select.cc:628
|
#25 0x55713f9bdb90 in execute_sqlcom_select /test/11.6_opt_san/sql/sql_parse.cc:6147
|
#26 0x55713fa21282 in mysql_execute_command(THD*, bool) /test/11.6_opt_san/sql/sql_parse.cc:3953
|
#27 0x55713fa30652 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.6_opt_san/sql/sql_parse.cc:7867
|
#28 0x55713fa3cb4e in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.6_opt_san/sql/sql_parse.cc:1892
|
#29 0x55713fa48a28 in do_command(THD*, bool) /test/11.6_opt_san/sql/sql_parse.cc:1405
|
#30 0x5571403d60cc in do_handle_one_connection(CONNECT*, bool) /test/11.6_opt_san/sql/sql_connect.cc:1448
|
#31 0x5571403d86d4 in handle_one_connection /test/11.6_opt_san/sql/sql_connect.cc:1350
|
|
|
Thread T12 created by T0 here:
|
#0 0x55713f0dd825 in __interceptor_pthread_create (/test/UBASAN_MD200724-mariadb-11.6.0-linux-x86_64-opt/bin/mariadbd+0x7f9a825)
|
#1 0x55713f1929ce in create_thread_to_handle_connection(CONNECT*) /test/11.6_opt_san/sql/mysqld.cc:6239
|
#2 0x55713f1a6a4f in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /test/11.6_opt_san/sql/mysqld.cc:6363
|
#3 0x55713f1a7b37 in handle_connections_sockets() /test/11.6_opt_san/sql/mysqld.cc:6476
|
#4 0x55713f1aac0c in mysqld_main(int, char**) /test/11.6_opt_san/sql/mysqld.cc:6134
|
#5 0x14903e8280cf in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
|
|
|
Thread T15 created by T0 here:
|
#0 0x55713f0dd825 in __interceptor_pthread_create (/test/UBASAN_MD200724-mariadb-11.6.0-linux-x86_64-opt/bin/mariadbd+0x7f9a825)
|
#1 0x55713f1929ce in create_thread_to_handle_connection(CONNECT*) /test/11.6_opt_san/sql/mysqld.cc:6239
|
#2 0x55713f1a6a4f in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /test/11.6_opt_san/sql/mysqld.cc:6363
|
#3 0x55713f1a7b37 in handle_connections_sockets() /test/11.6_opt_san/sql/mysqld.cc:6476
|
#4 0x55713f1aac0c in mysqld_main(int, char**) /test/11.6_opt_san/sql/mysqld.cc:6134
|
#5 0x14903e8280cf in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
|
|
|
SUMMARY: AddressSanitizer: heap-use-after-free /test/11.6_opt_san/storage/spider/ha_spider.cc:8609 in ha_spider::update_create_info(HA_CREATE_INFO*)
|
Shadow bytes around the buggy address:
|
0x0c5a80046c30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c5a80046c40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c5a80046c50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c5a80046c60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c5a80046c70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
=>0x0c5a80046c80: fd fd fd fd fd fd fd fd fd[fd]fd fd fd fd fd fd
|
0x0c5a80046c90: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c5a80046ca0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c5a80046cb0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c5a80046cc0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c5a80046cd0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
Addressable: 00
|
Partially addressable: 01 02 03 04 05 06 07
|
Heap left redzone: fa
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack after return: f5
|
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
Container overflow: fc
|
Array cookie: ac
|
Intra object redzone: bb
|
ASan internal: fe
|
Left alloca redzone: ca
|
Right alloca redzone: cb
|
Shadow gap: cc
|
==1477612==ABORTING
|
240723 9:36:11 [ERROR] mysqld got signal 6 ;
|
MTR Testcase
--source plugin/spider/spider/include/init_spider.inc
|
--source include/have_partition.inc
|
SET spider_same_server_link=on; |
eval CREATE SERVER srv FOREIGN DATA WRAPPER MYSQL OPTIONS (HOST "127.0.0.1", DATABASE "test", USER "root", PORT $MASTER_MYPORT); |
CREATE TABLE t1 (c1 TIME) ENGINE=Spider PARTITION BY HASH(EXTRACT(HOUR_SECOND FROM c1)); |
CREATE TABLE t2 (c1 INT) ENGINE=MyISAM; |
CREATE TABLE t3 (c1 INT,c2 INT) ENGINE=Spider COMMENT='WRAPPER "mysql",SRV "srv",TABLE "t1"'; |
--error ER_WRONG_VALUE_COUNT_ON_ROW
|
INSERT INTO t2 SELECT * FROM t3; |
--error ER_CONNECT_TO_FOREIGN_DATA_SOURCE
|
SELECT * FROM t3; |
ALTER TABLE t1 CHANGE COLUMN c1 d1 INT; |
# Cleanup
|
DROP TABLE t1,t2,t3; |
--source plugin/spider/spider/include/deinit_spider.inc |
This is not a recent regression, as it fails at mariadb-10.6.18 887bb3f73555ff8a50138a580ca8308b9b5c069c too.
The use-after-free object is a SPIDER_TRX. It was allocated and freed in INSERT INTO t2 SELECT * FROM t3;. The use-after-free happens in ALTER TABLE t1 CHANGE COLUMN c1 d1 INT; when being accessed from an ha_spider:
SPIDER_TRX *trx = wide_handler->trx;
|
The bug is not present in 10.5 because there spider reset the trx in a call to ha_spider::extra() with flags reserved for the MERGE engine:
case HA_EXTRA_ATTACH_CHILDREN: |
DBUG_PRINT("info",("spider HA_EXTRA_ATTACH_CHILDREN")); |
if (!(wide_handler->trx = spider_get_trx(ha_thd(), TRUE, &error_num))) |
DBUG_RETURN(error_num);
|
break; |
case HA_EXTRA_ADD_CHILDREN_LIST: |
DBUG_PRINT("info",("spider HA_EXTRA_ADD_CHILDREN_LIST")); |
if (!(wide_handler->trx = spider_get_trx(ha_thd(), TRUE, &error_num))) |
DBUG_RETURN(error_num);
|
break; |
In 10.6 such calls are skipped for non-MERGE engines in the caller in an MDEV-33502 change. Given that spider is not meant to do anything when called with these flags, we could say that this bug was hidden in 10.5, and likely the fix should be applied to 10.5. A natural idea is to move the trx reset statement wide_handler->trx = spider_get_trx(ha_thd(), TRUE, &error_num) somewhere else. The question is where. For example, this reset happens spider_get_share() which is typically called in ha_spider::open(), but the handler open method is skipped whenever the table is acquired from the table cache in open_table(), which happens in our case.
Also, as a side note, the asan use-after-free in 10.6 looks similar to the 11.6 one in the previous comment, and I suspect the fix for 10.6 will fix all versions.
This issue actually could be the same problem as the assertion failure in MDEV-34588. The following is based on 10.6 216fdb155683e960297b089e024c439593bbe6a8.
If we remove the implementation of ha_spider::extra() with the MERGE SE specific flags (see the diff block below), we get an assertion failure in spider/bugfix.mdev_29963 and it is the same assertion failure as reported in MDEV-34588. Upon inspection, it happens at the data node when running LOCK TABLES t2 WRITE;, and the data node query is "lock tables `test`.`t` write".
modified storage/spider/ha_spider.cc
|
@@ -1376,7 +1376,6 @@ int ha_spider::reset()
|
int ha_spider::extra(
|
enum ha_extra_function operation
|
) {
|
- int error_num;
|
DBUG_ENTER("ha_spider::extra");
|
DBUG_PRINT("info",("spider this=%p", this));
|
DBUG_PRINT("info",("spider operation=%d", (int) operation));
|
@@ -1428,16 +1427,6 @@ int ha_spider::extra(
|
wide_handler->insert_with_update = TRUE;
|
break;
|
#endif
|
- case HA_EXTRA_ATTACH_CHILDREN:
|
- DBUG_PRINT("info",("spider HA_EXTRA_ATTACH_CHILDREN"));
|
- if (!(wide_handler->trx = spider_get_trx(ha_thd(), TRUE, &error_num)))
|
- DBUG_RETURN(error_num);
|
- break;
|
- case HA_EXTRA_ADD_CHILDREN_LIST:
|
- DBUG_PRINT("info",("spider HA_EXTRA_ADD_CHILDREN_LIST"));
|
- if (!(wide_handler->trx = spider_get_trx(ha_thd(), TRUE, &error_num)))
|
- DBUG_RETURN(error_num);
|
- break;
|
#if defined(HA_EXTRA_HAS_STARTING_ORDERED_INDEX_SCAN) || defined(HA_EXTRA_HAS_HA_EXTRA_USE_CMP_REF)
|
#ifdef HA_EXTRA_HAS_STARTING_ORDERED_INDEX_SCAN
|
case HA_EXTRA_STARTING_ORDERED_INDEX_SCAN:
|
The thd at ha_spider::store_lock is different from that retrieved from spider->wide_handler->trx->thd. Below is the stack trace at the assertion failure:
__GI___assert_fail > thd_get_ha_data > spider_get_trx > spider_check_trx_and_get_conn > ha_spider::append_lock_tables_list > ha_spider::store_lock > get_lock_data > mysql_lock_tables > lock_tables > lock_tables_open_and_lock_tables > mysql_execute_command > ...
|
If we place a breakpoint at ha_spider::extra() and do rc in rr, it is hit in the same query at the data node with a MERGE specific flag. The stack looks like spider was relying on ha_spider::extra() to reset the trx, since ha_spider::open() is not always called from open_table() (called from open_and_process_table()):
ha_spider::extra > open_and_process_table > open_tables > open_tables > lock_tables_open_and_lock_tables > mysql_execute_command > ...
|
The same happens in the MDEV-34588 case. There, the assertion failure happens at the statement LOCK TABLES t2 READ,t1 WRITE.
__GI___assert_fail > thd_get_ha_data > spider_get_trx > spider_check_trx_and_get_conn > ha_spider::append_lock_tables_list > ha_spider::store_lock > ha_partition::store_lock > get_lock_data > mysql_lock_tables > lock_tables > lock_tables_open_and_lock_tables > mysql_execute_command > ...
|
However ha_spider::extra() was not called because the MDEV-33502 change mentioned below decided not to call ha_spider::extra() from ha_partition::extra() with the MERGE-specific flag.
ha_partition::extra > open_and_process_table > open_tables > open_tables > lock_tables_open_and_lock_tables > mysql_execute_command > ...
|
Note the similarities in the stacks too.
Also documenting 10.5 CLI output:
|
10.5.26 b8f92ade57691a78cc97c5d79eae0a27a10cb8f2 (Debug) |
...
|
10.5.26-dbg>INSERT INTO t2 SELECT * FROM t3;
|
ERROR 1136 (21S01): Column count doesn't match value count at row 1
|
10.5.26-dbg>SELECT * FROM t3;
|
ERROR 1429 (HY000): Unable to connect to foreign data source: localhost
|
10.5.26-dbg>ALTER TABLE t1 CHANGE COLUMN c1 d1 INT;
|
ERROR 1486 (HY000): Constant, random or timezone-dependent expressions in (sub)partitioning function are not allowed
|
Hi holyfoot, ptal thanks
eaf360a48b0 upstream/bb-10.5-mdev-34636 MDEV-34636 Spider: reset wide_handler->trx in two occasions
|
a28f4001065 MDEV-34636 Remove implementation of ha-spider::extra() with MERGE flags
|
thanks for the review - pushed the following to 10.5:
42735c557e7 upstream/bb-10.5-mdev-34636 upstream/10.5 MDEV-34636 Spider: reset wide_handler->trx in two occasions
|
f43ea935a12 MDEV-34636 Remove implementation of ha-spider::extra() with MERGE flags
|
In 11.5 and 11.6 this gives a different SIGSEGV in optimized builds:
11.5.2 2f4b0ba328420980c23562da20ab0caa9d69b845 (Optimized)
Core was generated by `/test/MD200724-mariadb-11.5.2-linux-x86_64-opt/bin/mariadbd --no-defaults --max'.Program terminated with signal SIGSEGV, Segmentation fault.#0 my_hash_insert (info=0x15105803fdd8, record=0x15106c0a7878 "")at /test/11.5_opt/mysys/hash.c:520[Current thread is 1 (LWP 1346102)](gdb) bt#0 my_hash_insert (info=0x15105803fdd8, record=0x15106c0a7878 "")at /test/11.5_opt/mysys/hash.c:520#1 0x0000151094ca1479 in spider_create_trx_alter_table (trx=trx@entry=0x15105803fbd8, share=0x15105803c2d8, now_create=now_create@entry=false)at /test/11.5_opt/storage/spider/spd_trx.cc:822#2 0x0000151094d082ca in ha_spider::update_create_info (this=0x151058039c60, create_info=0x151094da87e0)at /test/11.5_opt/storage/spider/ha_spider.cc:8619#3 0x00005609836eebb3 in ha_partition::update_create_info (this=0x151058039350, create_info=<optimized out>)at /test/11.5_opt/sql/ha_partition.cc:2397#4 0x00005609832d5944 in mysql_prepare_alter_table (thd=thd@entry=0x15106c000c68, table=table@entry=0x151058038ae8, create_info=create_info@entry=0x151094dabc20, alter_info=alter_info@entry=0x151094dabab0, alter_ctx=alter_ctx@entry=0x151094daad60)at /test/11.5_opt/sql/sql_table.cc:9194#5 0x00005609832dc677 in mysql_alter_table (thd=thd@entry=0x15106c000c68, new_db=new_db@entry=0x15106c005868, new_name=new_name@entry=0x15106c005cc8, create_info=create_info@entry=0x151094dabc20, table_list=<optimized out>, table_list@entry=0x15106c017fe8, recreate_info=recreate_info@entry=0x151094daba90, alter_info=0x151094dabab0, order_num=0, order=0x0, ignore=false, if_exists=false) at /test/11.5_opt/sql/sql_table.cc:10820#6 0x000056098334fc55 in Sql_cmd_alter_table::execute (this=<optimized out>, thd=0x15106c000c68) at /test/11.5_opt/sql/structs.h:605#7 0x00005609832154a9 in mysql_execute_command (thd=thd@entry=0x15106c000c68, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false)at /test/11.5_opt/sql/sql_parse.cc:5842#8 0x00005609832164f6 in mysql_parse (thd=0x15106c000c68, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/11.5_opt/sql/sql_parse.cc:7867#9 0x0000560983218715 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x15106c000c68, packet=packet@entry=0x15106c008859 "ALTER TABLE t1 CHANGE COLUMN c1 d1 INT", packet_length=packet_length@entry=38, blocking=blocking@entry=true)at /test/11.5_opt/sql/sql_parse.cc:1991#10 0x000056098321ace3 in do_command (thd=0x15106c000c68, blocking=blocking@entry=true) at /test/11.5_opt/sql/sql_parse.cc:1405#11 0x000056098334a9cf in do_handle_one_connection (connect=<optimized out>, connect@entry=0x560986d5bde8, put_in_cache=put_in_cache@entry=true)at /test/11.5_opt/sql/sql_connect.cc:1447#12 0x000056098334ad1d in handle_one_connection (arg=arg@entry=0x560986d5bde8)at /test/11.5_opt/sql/sql_connect.cc:1349#13 0x00005609837028a1 in pfs_spawn_thread (arg=0x560986d826d8)at /test/11.5_opt/storage/perfschema/pfs.cc:2201#14 0x00001510b5697ada in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:444#15 0x00001510b572847c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78