[MDEV-20718] Crash on insert with PARTITION clause after TRUNCATE Created: 2019-10-01  Updated: 2019-12-12  Resolved: 2019-10-02

Status: Closed
Project: MariaDB Server
Component/s: Server
Affects Version/s: 10.4.8, 10.4.10
Fix Version/s: N/A

Type: Bug Priority: Major
Reporter: Jacob Williams Assignee: Unassigned
Resolution: Duplicate Votes: 0
Labels: crash
Environment:

AWS Linux from mariadb yum repo
Docker image 10.4 hash 92495405fc36
Docker test is also running in AWS Linux

Attachments: File mariadb-bug-v2.sql     File mariadb-bug.sql    
Issue Links:
Duplicate
duplicates MDEV-18244 Server crashes in ha_innobase::update... Closed

 Description   

Mysqld receives segfault (signal 11) on an insert statement following a truncate partition. It only happens if the insert has a PARTITION clause. If there are any other operations on the table without a PARTITION clause between the truncate and the insert, the crash does not occur.

I tested in 10.4.8-MariaDB-1:10.4.8+maria~bionic-log in docker container, as well as 10.4.8-MariaDB-log on an Amazon Linux server.

The error did not occur in version 10.2 which I was running previously in the Amazon Linux server.

I have attached a sql script which can reproduce the crash on my docker container running 10.4.8 (docker image tagged 10.4 hash 92495405fc36).

When producing the reproduction script I found that the error only occurred when the table had an AUTO_INCREMENT column. Without the AUTO_INCREMENT, no crash occurred.

 Comments   
Comment by Jacob Williams [ 2019-10-01 ]

Adding the log output during the crash:

191001 22:07:02 [ERROR] mysqld got signal 11 ;
 
This could be because you hit a bug. It is also possible that this binary
 
or one of the libraries it was linked against is corrupt, improperly built,
 
or misconfigured. This error can also be caused by malfunctioning hardware.
 
 
 
To report this bug, see https://mariadb.com/kb/en/reporting-bugs
 
 
 
We will try our best to scrape up some info that will hopefully help
 
diagnose the problem, but since we have already crashed, 
something is definitely wrong and this may fail.
 
 
 
Server version: 10.4.8-MariaDB-1:10.4.8+maria~bionic-log
 
key_buffer_size=134217728
 
read_buffer_size=2097152
 
max_used_connections=1
 
max_threads=4002
 
thread_count=11
 
It is possible that mysqld could use up to 
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 24733983 K  bytes of memory
 
Hope that's ok; if not, decrease some variables in the equation.
 
 
 
Thread pointer: 0x7f0c5c0020e8
 
Attempting backtrace. You can use the following information to find out
 
where mysqld died. If you see no messages after this, something went
 
terribly wrong...
 
stack_bottom = 0x7f0c77a27dd8 thread_stack 0x49000
 
mysqld(my_print_stacktrace+0x2e)[0x561aeccc3fae]
 
mysqld(handle_fatal_signal+0x515)[0x561aec739185]
 
/lib/x86_64-linux-gnu/libpthread.so.0(+0x12890)[0x7f0ca8750890]
 
mysqld(+0xa0dd63)[0x561aec8e7d63]
 
mysqld(+0xdae4a3)[0x561aecc884a3]
 
mysqld(+0xdb9778)[0x561aecc93778]
 
mysqld(_ZN7handler12ha_write_rowEPKh+0x1a0)[0x561aec744740]
 
mysqld(_Z12write_recordP3THDP5TABLEP12st_copy_info+0x180)[0x561aec4f4460]
 
mysqld(_Z12mysql_insertP3THDP10TABLE_LISTR4ListI4ItemERS3_IS5_ES6_S6_15enum_duplicatesb+0x1272)[0x561aec4fbb82]
 
mysqld(_Z21mysql_execute_commandP3THD+0x1659)[0x561aec528199]
 
mysqld(_Z11mysql_parseP3THDPcjP12Parser_statebb+0x22a)[0x561aec52f5fa]
 
mysqld(_Z16dispatch_command19enum_server_commandP3THDPcjbb+0x1689)[0x561aec531e29]
 
mysqld(_Z10do_commandP3THD+0x148)[0x561aec533418]
 
mysqld(_Z24do_handle_one_connectionP7CONNECT+0x25e)[0x561aec60ecce]
 
mysqld(handle_one_connection+0x3d)[0x561aec60ed8d]
 
/lib/x86_64-linux-gnu/libpthread.so.0(+0x76db)[0x7f0ca87456db]
 
/lib/x86_64-linux-gnu/libc.so.6(clone+0x3f)[0x7f0ca716788f]
 
 
 
Trying to get some variables.
 
Some pointers may be invalid and cause the dump to abort.
 
Query (0x7f0c5c011760): INSERT INTO testData PARTITION (p1) (groupId, name) VALUES  (1, 'Tamara Smith')
 
Connection ID (thread ID): 13
 
Status: NOT_KILLED
 
 
 
Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,engine_condition_pushdown=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on
 
 
 
The manual page at http://dev.mysql.com/doc/mysql/en/crashing.html contains
 
information that should help you find out what is causing the crash.
 
Writing a core file...
 
Working directory at /var/lib/mysql/data
 
Resource Limits:
 
Limit                     Soft Limit           Hard Limit           Units     
Max cpu time              unlimited            unlimited            seconds   
Max file size             unlimited            unlimited            bytes     
Max data size             unlimited            unlimited            bytes     
Max stack size            8388608              unlimited            bytes     
Max core file size        0                    unlimited            bytes     
Max resident set          unlimited            unlimited            bytes     
Max processes             30649                30649                processes 
Max open files            1024                 4096                 files     
Max locked memory         65536                65536                bytes     
Max address space         unlimited            unlimited            bytes     
Max file locks            unlimited            unlimited            locks     
Max pending signals       30649                30649                signals   
Max msgqueue size         819200               819200               bytes     
Max nice priority         0                    0                    
Max realtime priority     0                    0                    
Max realtime timeout      unlimited            unlimited            us        
Core pattern: core
 
 
 
2019-10-01 22:07:04 0 [Note] mysqld (mysqld 10.4.8-MariaDB-1:10.4.8+maria~bionic-log) starting as process 1 ...

Comment by Alice Sherepa [ 2019-10-02 ]

Thanks a lot!
I reproduced the bug on 10.3, 10.4. It is the same problem as MDEV-18244, I am closing it for now and will add this test case there

10.3 6ac2a355531832db250

 
Version: '10.3.19-MariaDB-debug-log' 
191002 10:46:45 [ERROR] mysqld got signal 11 ;
 
 
 
sql/signal_handler.cc:209(handle_fatal_signal)[0x562938ff4e71]
 
/lib/x86_64-linux-gnu/libpthread.so.0(+0x11390)[0x7f74d9a6a390]
 
handler/ha_innodb.cc:2955(ha_innobase::update_thd(THD*))[0x56293938b37a]
 
handler/ha_innodb.cc:13923(ha_innobase::info_low(unsigned int, bool))[0x56293937a002]
 
handler/ha_innodb.cc:14236(ha_innobase::info(unsigned int))[0x56293937ac4a]
 
sql/ha_partition.cc:8179(ha_partition::info(unsigned int))[0x56293982f8c0]
 
sql/ha_partition.cc:10350(ha_partition::update_next_auto_inc_val())[0x56293983477d]
 
sql/ha_partition.cc:4290(ha_partition::write_row(unsigned char*))[0x5629398245a6]
 
sql/handler.cc:6446(handler::ha_write_row(unsigned char*))[0x562939007d39]
 
sql/sql_insert.cc:2031(write_record(THD*, TABLE*, st_copy_info*))[0x562938c9a387]
 
sql/sql_insert.cc:1072(mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicates, bool))[0x562938c974bd]
 
sql/sql_parse.cc:4450(mysql_execute_command(THD*))[0x562938cdb06d]
 
sql/sql_parse.cc:7829(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x562938ce6956]
 
sql/sql_parse.cc:1857(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x562938cd3529]
 
sql/sql_parse.cc:1401(do_command(THD*))[0x562938cd1e37]
 
sql/sql_connect.cc:1403(do_handle_one_connection(CONNECT*))[0x562938e4991a]
 
sql/sql_connect.cc:1309(handle_one_connection)[0x562938e49656]
 
perfschema/pfs.cc:1864(pfs_spawn_thread)[0x5629397f6c32]
 
/lib/x86_64-linux-gnu/libpthread.so.0(+0x76ba)[0x7f74d9a606ba]
 
x86_64/clone.S:111(clone)[0x7f74d8ef541d]
 
 
 
Trying to get some variables.
 
Some pointers may be invalid and cause the dump to abort.
 
Query (0x7f7488012818): INSERT INTO testData PARTITION (p1) (groupId, name) VALUES (1, 'Tamara Smith')

Comment by Jacob Williams [ 2019-12-12 ]

The fix in 10.4.9 did solve the specific test case that I submitted. But I am still seeing an issue in my application. The difference was that in my application the INSERT statement was using SELECT instead of VALUES. In the case of an INSERT..SELECT FROM table statement I still get an unexpected error, although not a crash as happened before.

If the INSERT..SELECT FROM table directly follows the TRUNCATE PARTITION statement, I get a range error on the auto_increment column, even though the value is nowhere near the limits for the INT datatype.

As before, doing a non-partition-targeted SELECT on the table before doing the insert will fix everything up and the INSERT works fine and has correct values for the auto increment field.

I included a revised test script that uses the INSERT..SELECT version.

mariadb-bug-v2.sql

Comment by Jacob Williams [ 2019-12-12 ]

Since this issue is closed and the symptoms are slightly different, I went ahead and filed MDEV-21310.

Generated at Thu Feb 08 09:01:38 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.