Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-38997

Server crashes in MDL_context::upgrade_shared_lock when the underlying sequence is damaged

    XMLWordPrintable

Details

    Description

      If a sequence becomes corrupt, e.g. after server crash recovery, ALTER on a table using it leads to a crash:

      --source include/have_innodb.inc
      		 
       
      		 
      CREATE SEQUENCE s ENGINE=MyISAM;
      		 
      CREATE TABLE t (a INT DEFAULT (NEXTVAL(s))) ENGINE=InnoDB;
      		 
      SELECT NEXTVAL(s);
      		 
      --let $shutdown_timeout= 0
      		 
      --source include/restart_mysqld.inc
      		 
      ALTER TABLE t FORCE;
      		 
       
      		 
      DROP TABLE t;
      		 
      DROP SEQUENCE s;

      10.11 14f96a2e08073e7fa4aee5b182ca0111380089ad

      		 
      Version: '10.11.17-MariaDB-asan-debug-log'  socket: '/share8t/bld/10.11-asan-ubsan/mysql-test/var/tmp/mysqld.1.sock'  port: 19000  Source distribution
      		 
      2026-03-06 19:00:33 3 [ERROR] mariadbd: Table './test/s' is marked as crashed and should be repaired
      		 
      2026-03-06 19:00:33 3 [Warning] Checking table:   './test/s'
      		 
      /data/bld/10.11-asan-ubsan/sql/mdl.cc:2612:45: runtime error: member call on null pointer of type 'struct MDL_ticket'
      		 
      260306 19:00:33 [ERROR] /share8t/bld/10.11-asan-ubsan/sql/mariadbd got signal 11 ;
      		 
       
      		 
      #4  <signal handler called>
      		 
      #5  0x000055994737cb5d in MDL_context::upgrade_shared_lock (this=this@entry=0x62c0001f0378, mdl_ticket=0x0, new_type=new_type@entry=MDL_EXCLUSIVE, lock_wait_timeout=lock_wait_timeout@entry=86400) at /data/bld/10.11-asan-ubsan/sql/mdl.cc:2612
      		 
      #6  0x0000559946fc4521 in mysql_inplace_alter_table (thd=thd@entry=0x62c0001f0218, table_list=<optimized out>, table=table@entry=0x619000081198, altered_table=altered_table@entry=0x777ea8093270, ha_alter_info=ha_alter_info@entry=0x777ea8092700, target_mdl_request=target_mdl_request@entry=0x777ea80927f0, ddl_log_state=<optimized out>, trigger_param=<optimized out>, alter_ctx=<optimized out>, partial_alter=<optimized out>, start_alter_id=<optimized out>, if_exists=<optimized out>) at /data/bld/10.11-asan-ubsan/sql/sql_table.cc:8002
      		 
      #7  0x000055994703dfa9 in mysql_alter_table (thd=thd@entry=0x62c0001f0218, new_db=<optimized out>, new_name=new_name@entry=0x62c0001f5428, create_info=create_info@entry=0x777ea8095240, table_list=table_list@entry=0x62d0000a0548, recreate_info=recreate_info@entry=0x777ea8094fd0, alter_info=<optimized out>, order_num=<optimized out>, order=<optimized out>, ignore=<optimized out>, if_exists=<optimized out>) at /data/bld/10.11-asan-ubsan/sql/sql_table.cc:11412
      		 
      #8  0x0000559947357376 in Sql_cmd_alter_table::execute (this=<optimized out>, thd=0x62c0001f0218) at /data/bld/10.11-asan-ubsan/sql/sql_alter.cc:688
      		 
      #9  0x0000559946b0fb21 in mysql_execute_command (thd=thd@entry=0x62c0001f0218, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /data/bld/10.11-asan-ubsan/sql/sql_parse.cc:6201
      		 
      #10 0x0000559946b1436c in mysql_parse (thd=thd@entry=0x62c0001f0218, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x777ea8096ab0) at /data/bld/10.11-asan-ubsan/sql/sql_parse.cc:8223
      		 
      #11 0x0000559946b1d719 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x62c0001f0218, packet=packet@entry=0x6290000ff219 "ALTER TABLE t FORCE", packet_length=packet_length@entry=19, blocking=blocking@entry=true) at /data/bld/10.11-asan-ubsan/sql/sql_parse.cc:1924
      		 
      #12 0x0000559946b2a41e in do_command (thd=thd@entry=0x62c0001f0218, blocking=blocking@entry=true) at /data/bld/10.11-asan-ubsan/sql/sql_parse.cc:1434
      		 
      #13 0x0000559947326db8 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x60800001d3b8, put_in_cache=put_in_cache@entry=true) at /data/bld/10.11-asan-ubsan/sql/sql_connect.cc:1475
      		 
      #14 0x0000559947327f15 in handle_one_connection (arg=0x60800001d3b8) at /data/bld/10.11-asan-ubsan/sql/sql_connect.cc:1387
      		 
      #15 0x0000559948cad327 in pfs_spawn_thread (arg=0x617000007e98) at /data/bld/10.11-asan-ubsan/storage/perfschema/pfs.cc:2201
      		 
      #16 0x00007f7eb7ea81c4 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
      		 
      #17 0x00007f7eb7f2885c in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

      In the test case above, the table gets crash-recovered fine (in the test case it's InnoDB, but it can also be MyISAM or Aria, the result is the same); but the sequence is MyISAM, it remains corrupt, which apparently causes the problem. Running REPAIR TABLE s before ALTER makes the crash go away.

      I suppose the most realistic use case, without a mix of engines, is when both the sequence and the table is Aria. It still crashes:

      Aria-only test case

      		 
      CREATE SEQUENCE s ENGINE=Aria TRANSACTIONAL=1;
      		 
      CREATE TABLE t (a INT DEFAULT (NEXTVAL(s))) ENGINE=Aria TRANSACTIONAL=1;
      		 
      SELECT NEXTVAL(s);
      		 
      --let $shutdown_timeout= 0
      		 
      --source include/restart_mysqld.inc
      		 
      ALTER TABLE t FORCE;
      		 
       
      		 
      DROP TABLE t;
      		 
      DROP SEQUENCE s;

      It still crashes, although it is related to a separate issue, filed as MDEV-38996.

      #4  <signal handler called>
      		 
      #5  0x000055ca72702985 in thd_get_ha_data (thd=0x0, hton=0x615000002118) at /data/bld/10.11-asan-ubsan/sql/sql_class.cc:466
      		 
      #6  0x000055ca74850080 in maria_create_trn_for_mysql (info=0x62900011d218) at /data/bld/10.11-asan-ubsan/storage/maria/ha_maria.cc:947
      		 
      #7  0x000055ca74816c39 in _ma_setup_live_state (info=info@entry=0x62900011d218) at /data/bld/10.11-asan-ubsan/storage/maria/ma_state.c:66
      		 
      #8  0x000055ca7481add9 in _ma_block_start_trans (param=0x62900011d218) at /data/bld/10.11-asan-ubsan/storage/maria/ma_state.c:667
      		 
      #9  0x000055ca75e86c16 in thr_multi_lock (data=0x607000017d70, count=<optimized out>, owner=0x62c0001e2038, lock_wait_timeout=86400) at /data/bld/10.11-asan-ubsan/mysys/thr_lock.c:1194
      		 
      #10 0x000055ca7456733d in mysql_lock_tables (thd=thd@entry=0x62c0001e0218, sql_lock=sql_lock@entry=0x607000017d48, flags=flags@entry=16384) at /data/bld/10.11-asan-ubsan/sql/lock.cc:352
      		 
      #11 0x000055ca7456af05 in mysql_lock_tables (thd=thd@entry=0x62c0001e0218, tables=tables@entry=0x62d0000a21d8, count=count@entry=1, flags=flags@entry=16384) at /data/bld/10.11-asan-ubsan/sql/lock.cc:304
      		 
      #12 0x000055ca72666c38 in lock_tables (thd=thd@entry=0x62c0001e0218, tables=<optimized out>, count=<optimized out>, flags=flags@entry=16384) at /data/bld/10.11-asan-ubsan/sql/sql_base.cc:5974
      		 
      #13 0x000055ca72f411e8 in mysql_alter_table (thd=thd@entry=0x62c0001e0218, new_db=<optimized out>, new_name=new_name@entry=0x62c0001e5428, create_info=create_info@entry=0x77bcd2087240, table_list=table_list@entry=0x62d0000a0548, recreate_info=recreate_info@entry=0x77bcd2086fd0, alter_info=<optimized out>, order_num=<optimized out>, order=<optimized out>, ignore=<optimized out>, if_exists=<optimized out>) at /data/bld/10.11-asan-ubsan/sql/sql_table.cc:11492
      		 
      #14 0x000055ca73259376 in Sql_cmd_alter_table::execute (this=<optimized out>, thd=0x62c0001e0218) at /data/bld/10.11-asan-ubsan/sql/sql_alter.cc:688
      		 
      #15 0x000055ca72a11b21 in mysql_execute_command (thd=thd@entry=0x62c0001e0218, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /data/bld/10.11-asan-ubsan/sql/sql_parse.cc:6201
      		 
      #16 0x000055ca72a1636c in mysql_parse (thd=thd@entry=0x62c0001e0218, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x77bcd2088ab0) at /data/bld/10.11-asan-ubsan/sql/sql_parse.cc:8223
      		 
      #17 0x000055ca72a1f719 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x62c0001e0218, packet=packet@entry=0x6290000ff219 "", packet_length=packet_length@entry=19, blocking=blocking@entry=true) at /data/bld/10.11-asan-ubsan/sql/sql_parse.cc:1924
      		 
      #18 0x000055ca72a2c41e in do_command (thd=thd@entry=0x62c0001e0218, blocking=blocking@entry=true) at /data/bld/10.11-asan-ubsan/sql/sql_parse.cc:1434
      		 
      #19 0x000055ca73228db8 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x60800000b0b8, put_in_cache=put_in_cache@entry=true) at /data/bld/10.11-asan-ubsan/sql/sql_connect.cc:1475
      		 
      #20 0x000055ca73229f15 in handle_one_connection (arg=0x60800000b0b8) at /data/bld/10.11-asan-ubsan/sql/sql_connect.cc:1387
      		 
      #21 0x000055ca74baf327 in pfs_spawn_thread (arg=0x617000007e98) at /data/bld/10.11-asan-ubsan/storage/perfschema/pfs.cc:2201
      		 
      #22 0x00007fbce1aa81c4 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
      		 
      #23 0x00007fbce1b2885c in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-38996 Aria crash recovery ignores sequences

          • Major - Major loss of function.
          • Open

          Activity

            People

              sanja Oleksandr Byelkin
              elenst Elena Stepanova
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.