[MDEV-13232] Assertion `(&(&share->intern_lock)->m_mutex)->count > 0 && pthread_equal(pthread_self(), (&(&share->intern_lock)->m_mutex)->thread)' failed in _ma_state_info_write Created: 2017-07-02  Updated: 2018-04-23  Resolved: 2018-04-23

Status: Closed
Project: MariaDB Server
Component/s: Optimizer, Server, Storage Engine - Aria
Affects Version/s: 10.3
Fix Version/s: 10.3.7

Type: Bug Priority: Critical
Reporter: Elena Stepanova Assignee: Oleksandr Byelkin
Resolution: Fixed Votes: 0
Labels: regression

Issue Links:
Relates
relates to MDEV-15901 CREATE..SELECT with DIV creates colum... Open
relates to MDEV-15924 Wrong field type for CAST(temporal_co... Open
relates to MDEV-15926 MEDIUMINT returns wrong I_S attributes Closed
relates to MDEV-15927 MEDIUMINT returns a wrong length on c... Open
relates to MDEV-15930 Wrong field type for CAST(decimal_col... Open
relates to MDEV-15946 MEDIUMINT(N<8) creates a wrong data t... Closed
relates to MDEV-15957 Unexpected "Data too long" when doing... Closed
relates to MDEV-15960 Wrong data type on CREATE..SELECT cha... Closed
relates to MDEV-15971 Split the code for CHARACTER_OCTET_LE... Closed

 Description   

Reproducible on 10.3 with UNION, INTERSECT, EXCEPT.
Not reproducible with UNION on 10.2.

CREATE TABLE t1 (c1 CHAR(8));
 
INSERT INTO t1 VALUES ('10'),('-10');
 
 
 
CREATE TABLE t2 (c2 CHAR);
 
SET @a= CAST('10' AS CHAR);
 
 
 
SELECT c1 FROM t1 UNION SELECT - @a FROM t2;

10.3 176000a54ceb8dabe8f8b985aff565dfae6fb0df

 
2017-07-02 20:48:12 139766304167680 [ERROR] mysqld: Table '/data/bld/10.3/mysql-test/var/tmp/mysqld.1/#sql_1f02_0' is marked as crashed and should be repaired
 
mysqld: /data/src/10.3/storage/maria/ma_open.c:1369: _ma_state_info_write: Assertion `(&(&share->intern_lock)->m_mutex)->count > 0 && pthread_equal(pthread_self(), (&(&share->intern_lock)->m_mutex)->thread)' failed.
 
170702 20:48:12 [ERROR] mysqld got signal 6 ;
 
 
 
#7  0x00007f1de6bfdee2 in __assert_fail () from /lib/x86_64-linux-gnu/libc.so.6
 
#8  0x0000563e55783d47 in _ma_state_info_write (share=0x7f1dd0062650, pWrite=1) at /data/src/10.3/storage/maria/ma_open.c:1369
 
#9  0x0000563e557c5b6c in maria_close (info=0x7f1dd00636b0) at /data/src/10.3/storage/maria/ma_close.c:146
 
#10 0x0000563e5574221a in ha_maria::close (this=0x7f1dd0041d78) at /data/src/10.3/storage/maria/ha_maria.cc:1274
 
#11 0x0000563e5553e293 in handler::ha_close (this=0x7f1dd0041d78) at /data/src/10.3/sql/handler.cc:2544
 
#12 0x0000563e55746754 in ha_maria::drop_table (this=0x7f1dd0041d78, name=0x7f1dd007f0c8 "/data/bld/10.3/mysql-test/var/tmp/mysqld.1/#sql_1f02_0") at /data/src/10.3/storage/maria/ha_maria.cc:2680
 
#13 0x0000563e55542b68 in handler::ha_drop_table (this=0x7f1dd0041d78, name=0x7f1dd007f0c8 "/data/bld/10.3/mysql-test/var/tmp/mysqld.1/#sql_1f02_0") at /data/src/10.3/sql/handler.cc:4325
 
#14 0x0000563e552f7415 in free_tmp_table (thd=0x7f1dd0000b00, entry=0x7f1dd007de08) at /data/src/10.3/sql/sql_select.cc:17779
 
#15 0x0000563e55371a2f in st_select_lex_unit::cleanup (this=0x7f1dd0004698) at /data/src/10.3/sql/sql_union.cc:1760
 
#16 0x0000563e5536bf8b in mysql_union (thd=0x7f1dd0000b00, lex=0x7f1dd00045d0, result=0x7f1dd0016218, unit=0x7f1dd0004698, setup_tables_done_option=0) at /data/src/10.3/sql/sql_union.cc:42
 
#17 0x0000563e552c76b0 in handle_select (thd=0x7f1dd0000b00, lex=0x7f1dd00045d0, result=0x7f1dd0016218, setup_tables_done_option=0) at /data/src/10.3/sql/sql_select.cc:351
 
#18 0x0000563e552938b5 in execute_sqlcom_select (thd=0x7f1dd0000b00, all_tables=0x7f1dd0014b10) at /data/src/10.3/sql/sql_parse.cc:6476
 
#19 0x0000563e55289c43 in mysql_execute_command (thd=0x7f1dd0000b00) at /data/src/10.3/sql/sql_parse.cc:3590
 
#20 0x0000563e55297306 in mysql_parse (thd=0x7f1dd0000b00, rawbuf=0x7f1dd00148e8 "SELECT c1 FROM t1 UNION SELECT - @a FROM t2", length=43, parser_state=0x7f1de0e94200, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:7932
 
#21 0x0000563e55284f93 in dispatch_command (command=COM_QUERY, thd=0x7f1dd0000b00, packet=0x7f1dd0088521 "", packet_length=43, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:1822
 
#22 0x0000563e5528390d in do_command (thd=0x7f1dd0000b00) at /data/src/10.3/sql/sql_parse.cc:1380
 
#23 0x0000563e553d17e4 in do_handle_one_connection (connect=0x563e58852bb0) at /data/src/10.3/sql/sql_connect.cc:1354
 
#24 0x0000563e553d1571 in handle_one_connection (arg=0x563e58852bb0) at /data/src/10.3/sql/sql_connect.cc:1260
 
#25 0x0000563e5582eb2f in pfs_spawn_thread (arg=0x563e587ada60) at /data/src/10.3/storage/perfschema/pfs.cc:1862
 
#26 0x00007f1de8b42494 in start_thread (arg=0x7f1de0e95700) at pthread_create.c:333
 
#27 0x00007f1de6cba93f in clone () from /lib/x86_64-linux-gnu/libc.so.6



 Comments   
Comment by Oleksandr Byelkin [ 2018-02-21 ] 

CREATE TABLE t1 (c1 CHAR(8));
 
INSERT INTO t1 VALUES ('10'),('-10');
 
 
 
CREATE TABLE t2 (c2 CHAR);
 
SET @a= "10";
 
 
 
SELECT c1 FROM t1 UNION SELECT - @a FROM t2;
 
 
 
drop table t1,t2;

Comment by Oleksandr Byelkin [ 2018-04-12 ]

It is rnd_next failed:

T@6    : | | | | | | | | | | | | >maria_scan
 
T@6    : | | | | | | | | | | | | | >_ma_read_rnd_dynamic_record
 
T@6    : | | | | | | | | | | | | | | >my_seek
 
T@6    : | | | | | | | | | | | | | | | my: fd: 62 Pos: 0  Whence: 0  MyFlags: 0
 
T@6    : | | | | | | | | | | | | | | <my_seek
 
T@6    : | | | | | | | | | | | | | | >my_read
 
T@6    : | | | | | | | | | | | | | | | my: fd: 62  Buffer: 0x7ffff03d0140  Count: 20  MyFlags: 0
 
T@6    : | | | | | | | | | | | | | | <my_read
 
T@6    : | | | | | | | | | | | | | | header: Memory: 0x7ffff03d0140  Bytes: (20)
 
03 00 02 0E 00 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
T@6    : | | | | | | | | | | | | | | >_ma_rec_unpack
 
T@6    : | | | | | | | | | | | | | | | error: error: 127
 
T@6    : | | | | | | | | | | | | | | | error: Marked table crashed
 
T@6    : | | | | | | | | | | | | | | | error: to_end: 0x7fffd8fff098 -> 0x7fffd8fff099  from_end: 0x7fffe00755a0 -> 0x7fffe00755a2
 
T@6    : | | | | | | | | | | | | | | | from: Memory: 0x7fffe00755a0  Bytes: (3)
 
00 FD 00 
T@6    : | | | | | | | | | | | | | | <_ma_rec_unpack
 
T@6    : | | | | | | | | | | | | | <_ma_read_rnd_dynamic_record
 
T@6    : | | | | | | | | | | | | <maria_scan
 
T@6    : | | | | | | | | | | | <handler::ha_rnd_next
 
T@6    : | | | | | | | | | | | >handler::print_error
 
T@6    : | | | | | | | | | | | | enter: error: 127
 
T@6    : | | | | | | | | | | | | >my_error
 
T@6    : | | | | | | | | | | | | | my: nr: 1194  MyFlags: 64  errno: 0
 
T@6    : | | | | | | | | | | | | | >my_message_sql
 
T@6    : | | | | | | | | | | | | | | error: error: 1194  message: 'Table '/home/sanja/maria/git/server/mysql-test/var/tmp/mysqld.1/#sql_726e_0' is marked as crashed and should be repaired'  Flag: 64

Comment by Oleksandr Byelkin [ 2018-04-12 ]

Trigger of the problem is type responce of @a which is max length string and trigger creation of aria table with a blob

Comment by Oleksandr Byelkin [ 2018-04-13 ]

SET @a= CAST('10' AS CHAR);
CREATE TABLE t3 AS SELECT c1 FROM t1 UNION SELECT - @a FROM t2;
main.test [ fail ]
Test ended at 2018-04-13 09:55:17

CURRENT_TEST: main.test
mysqltest: At line 7: query 'CREATE TABLE t3 AS SELECT c1 FROM t1 UNION SELECT - @a FROM t2' failed: 1074: Column length too big for column 'c1' (max = 65532); use BLOB or TEXT instead

So probably temporary table lack check on column length.

Comment by Oleksandr Byelkin [ 2018-04-13 ]

Or it try to create varchar where blob is needed...

Comment by Oleksandr Byelkin [ 2018-04-13 ]

probably arithmetic operations should not let super-long maximum length path throug, because it will be error (or truncation with warning) or it will be converted and then length will not be more then max length for int/double/decimal

Comment by Oleksandr Byelkin [ 2018-04-13 ]

After discussing with bar :
1. length should be limited
2. check all numeric operations

Comment by Oleksandr Byelkin [ 2018-04-16 ]

revision-id: 1a8c82161aa2924c2bf368d376b967212f0d824f (mariadb-10.3.5-144-g1a8c82161aa)
parent(s): 65eefcdc601ef0f57b0779f1722161fc83a571c3
author: Oleksandr Byelkin
committer: Oleksandr Byelkin
timestamp: 2018-04-17 00:13:07 +0200
message:

MDEV-13232: Assertion `(&(&share->intern_lock)>m_mutex)>count > 0 && pthread_equal(pthread_self(), (&(&share->intern_lock)>m_mutex)>thread)' failed in _ma_state_info_write

Length of numegic function results limited by matsimum really possible length.

(Problem was that negation did not limited it and then was not possible to create so long field)

Comment by Oleksandr Byelkin [ 2018-04-23 ]

revision-id: a20e1ce85ec56616fa048e9ba39c25c65b098fce (mariadb-10.3.6-36-ga20e1ce85ec)
parent(s): c6ba758d1d41c11466b8f9b61b4546efc95aa689
author: Oleksandr Byelkin
committer: Oleksandr Byelkin
timestamp: 2018-04-23 10:35:33 +0200
message:

MDEV-13232: Assertion `(&(&share->intern_lock)>m_mutex)>count > 0 && pthread_equal(pthread_self(), (&(&share->intern_lock)>m_mutex)>thread)' failed in _ma_state_info_write

Limit length of result of "negative" operation to something reasonable

Comment by Alexander Barkov [ 2018-04-23 ]

Ok to push:

[Commits] a20e1ce85ec: MDEV-13232: Assertion `(&(&share->intern_lock)>m_mutex)>count > 0 && pthread_equal(pthread_self(), (&(&share->intern_lock)>m_mutex)>thread)' failed in _ma_state_info_write

Generated at Thu Feb 08 08:03:57 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.