Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-34735

Hang & Assertion `len > alloc_length' failed in Binary_string::realloc_raw & SIGSEGV in spider_get_select_limit_from_select_lex

    XMLWordPrintable

Details

    Description

      INSTALL PLUGIN Spider SONAME 'ha_spider.so';
      ALTER TABLE mysql.procs_priv ENGINE=Spider COMMENT='';
      CREATE USER a@localhost;
      

      Cause the server to hang for some time, with no new CLI connections possible, followed by this assert:

      11.2.5 03807c8449cdccbf5b8afc0dddabb1d8ec7ba85a (Debug)

      mariadbd: /test/11.2_dbg/sql/sql_string.cc:93: bool Binary_string::realloc_raw(size_t): Assertion `len > alloc_length' failed.
      

      11.2.5 03807c8449cdccbf5b8afc0dddabb1d8ec7ba85a (Debug)

      Core was generated by `/test/MD200724-mariadb-11.2.5-linux-x86_64-dbg/bin/mariadbd --no-defaults --max'.
      Program terminated with signal SIGABRT, Aborted.
      Download failed: Invalid argument.  Continuing without source file ./nptl/./nptl/pthread_kill.c.
      #0  __pthread_kill_implementation (no_tid=0, signo=6, threadid=<optimized out>)at ./nptl/pthread_kill.c:44
       
      warning: 44	./nptl/pthread_kill.c: No such file or directory
      [Current thread is 1 (LWP 2604358)]
      (gdb) bt
      #0  __pthread_kill_implementation (no_tid=0, signo=6, threadid=<optimized out>)at ./nptl/pthread_kill.c:44
      #1  __pthread_kill_internal (signo=6, threadid=<optimized out>)at ./nptl/pthread_kill.c:78
      #2  __GI___pthread_kill (threadid=<optimized out>, signo=signo@entry=6)at ./nptl/pthread_kill.c:89
      #3  0x00001467dda4526e in __GI_raise (sig=sig@entry=6)at ../sysdeps/posix/raise.c:26
      #4  0x00001467dda288ff in __GI_abort () at ./stdlib/abort.c:79
      #5  0x00001467dda2881b in __assert_fail_base (fmt=0x1467ddbd01e8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x56350f7bbf87 "len > alloc_length", file=file@entry=0x56350f61bb50 "/test/11.2_dbg/sql/sql_string.cc", line=line@entry=93, function=function@entry=0x56350f61bba0 "bool Binary_string::realloc_raw(size_t)") at ./assert/assert.c:94
      #6  0x00001467dda3b507 in __assert_fail (assertion=0x56350f7bbf87 "len > alloc_length", file=0x56350f61bb50 "/test/11.2_dbg/sql/sql_string.cc", line=93, function=0x56350f61bba0 "bool Binary_string::realloc_raw(size_t)")at ./assert/assert.c:103
      #7  0x000056350e9b1e07 in Binary_string::realloc_raw (this=this@entry=0x1467841c4590, alloc_length=alloc_length@entry=4294967293)at /test/11.2_dbg/sql/sql_string.cc:93
      #8  0x00001467dc97fd8c in Binary_string::realloc (arg_length=4294967292, this=0x1467841c4590) at /test/11.2_dbg/sql/sql_string.h:811
      #9  Binary_string::reserve (space_needed=11, this=0x1467841c4590)at /test/11.2_dbg/sql/sql_string.h:859
      #10 spider_string::reserve (this=this@entry=0x1467841c4580, space_needed=space_needed@entry=11)at /test/11.2_dbg/storage/spider/spd_malloc.cc:1033
      #11 0x00001467dc9b91ec in spider_mbase_handler::append_select_lock (this=<optimized out>, str=0x1467841c4580)at /test/11.2_dbg/storage/spider/spd_db_mysql.cc:11560
      #12 0x00001467dc9b9261 in spider_mbase_handler::append_select_lock_part (this=<optimized out>, sql_type=<optimized out>)at /test/11.2_dbg/storage/spider/spd_db_mysql.cc:11548
      #13 0x00001467dc989ff1 in ha_spider::append_select_lock_sql_part (this=this@entry=0x1467840572e0, sql_type=sql_type@entry=1)at /test/11.2_dbg/storage/spider/ha_spider.cc:11118
      #14 0x00001467dc98e58c in ha_spider::rnd_next_internal (this=this@entry=0x1467840572e0, buf=buf@entry=0x1467840aba70 ' ' <repeats 200 times>...)at /test/11.2_dbg/storage/spider/ha_spider.cc:5578
      #15 0x00001467dc98f122 in ha_spider::rnd_next (this=0x1467840572e0, buf=0x1467840aba70 ' ' <repeats 200 times>...)at /test/11.2_dbg/storage/spider/ha_spider.cc:5828
      #16 0x000056350ebf262d in handler::ha_rnd_next (this=0x1467840572e0, buf=0x1467840aba70 ' ' <repeats 200 times>...)at /test/11.2_dbg/sql/handler.cc:3672
      #17 0x000056350e8320de in handle_grant_table (thd=thd@entry=0x146784000d58, grant_table=@0x1467dcce0c48: {min_columns = 8, start_priv_columns = 0, end_priv_columns = 8, m_table = 0x146784051f18}, which_table=which_table@entry=PROCS_PRIV_TABLE, drop=drop@entry=false, user_from=user_from@entry=0x1467840136e0, user_to=user_to@entry=0x0)at /test/11.2_dbg/sql/sql_acl.cc:10427
      #18 0x000056350e8446dc in handle_grant_data (thd=thd@entry=0x146784000d58, tables=@0x1467dcce0ba0: {p_user_table = 0x1467dcce0ba8, m_user_table_json = {<User_table> = {<Grant_table_base> = {min_columns = 3, start_priv_columns = 0, end_priv_columns = 3, m_table = 0x56351161a218}, _vptr.User_table = 0x56350fea7b50 <vtable for User_table_json+16>}, static JSON_SIZE = 1024}, m_user_table_tabular = {<User_table> = {<Grant_table_base> = {min_columns = 13, start_priv_columns = 0, end_priv_columns = 0, m_table = 0x0}, _vptr.User_table = 0x56350fea7a10 <vtable for User_table_tabular+16>}, <No data fields>}, m_db_table = {<Grant_table_base> = {min_columns = 9, start_priv_columns = 3, end_priv_columns = 23, m_table = 0x5635115d1768}, <No data fields>}, m_tables_priv_table = {<Grant_table_base> = {min_columns = 8, start_priv_columns = 0, end_priv_columns = 8, m_table = 0x563511667bf8}, <No data fields>}, m_columns_priv_table = {<Grant_table_base> = {min_columns = 7, start_priv_columns = 0, end_priv_columns = 7, m_table = 0x563511694d58}, <No data fields>}, m_host_table = {<Grant_table_base> = {min_columns = 8, start_priv_columns = 0, end_priv_columns = 0, m_table = 0x0}, <No data fields>}, m_procs_priv_table = {<Grant_table_base> = {min_columns = 8, start_priv_columns = 0, end_priv_columns = 8, m_table = 0x146784051f18}, <No data fields>}, m_proxies_priv_table = {<Grant_table_base> = {min_columns = 7, start_priv_columns = 0, end_priv_columns = 7, m_table = 0x5635115ed378}, <No data fields>}, m_roles_mapping_table = {<Grant_table_base> = {min_columns = 4, start_priv_columns = 3, end_priv_columns = 4, m_table = 0x563511606b88}, <No data fields>}}, drop=drop@entry=false, user_from=user_from@entry=0x1467840136e0, user_to=user_to@entry=0x0) at /test/11.2_dbg/sql/sql_acl.cc:10910
      #19 0x000056350e8470e7 in mysql_create_user (thd=thd@entry=0x146784000d58, list=@0x1467840061c0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x146784013708, last = 0x146784013708, elements = 1}, <No data fields>}, handle_as_role=false) at /test/11.2_dbg/sql/sql_acl.cc:11126
      #20 0x000056350e8e411b in mysql_execute_command (thd=thd@entry=0x146784000d58, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false)at /test/11.2_dbg/sql/sql_parse.cc:5208
      #21 0x000056350e8e7753 in mysql_parse (thd=thd@entry=0x146784000d58, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x1467dcce1290)at /test/11.2_dbg/sql/sql_parse.cc:7920
      #22 0x000056350e8e9ada in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x146784000d58, packet=packet@entry=0x14678400b309 "CREATE USER a@localhost", packet_length=packet_length@entry=23, blocking=blocking@entry=true)at /test/11.2_dbg/sql/sql_class.h:247
      #23 0x000056350e8ebdff in do_command (thd=0x146784000d58, blocking=blocking@entry=true) at /test/11.2_dbg/sql/sql_parse.cc:1407
      #24 0x000056350ea52e61 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x563511639b38, put_in_cache=put_in_cache@entry=true)at /test/11.2_dbg/sql/sql_connect.cc:1439
      #25 0x000056350ea53156 in handle_one_connection (arg=arg@entry=0x563511639b38)at /test/11.2_dbg/sql/sql_connect.cc:1341
      #26 0x000056350eea4192 in pfs_spawn_thread (arg=0x563511608c88)at /test/11.2_dbg/storage/perfschema/pfs.cc:2201
      #27 0x00001467dda9ca94 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447
      #28 0x00001467ddb29c3c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
      

      Opt and debug builds both hang. Debug builds eventually assert.

      Attachments

        Issue Links

          Activity

            People

              ycp Yuchen Pei
              Roel Roel Van de Paar
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.