[MDEV-23127] Server crash in Query_cache::double_linked_list_exclude or Assertion `table_block_data->m_cached_query_count >= 0' failed in Query_cache::unlink_table Created: 2020-07-08  Updated: 2023-11-28

Status: Confirmed
Project: MariaDB Server
Component/s: Partitioning, Query Cache, Views
Affects Version/s: 10.1, 10.2, 10.3, 10.4, 10.5, 10.6, 10.7, 10.8, 10.9, 10.10, 10.11
Fix Version/s: 10.4, 10.5, 10.6

Type: Bug Priority: Major
Reporter: Elena Stepanova Assignee: Oleksandr Byelkin
Resolution: Unresolved Votes: 0
Labels: None

Issue Links:
Relates
relates to MDEV-23256 SIGSEGV's in Query_cache::unlink_tabl... Confirmed
relates to MDEV-10826 Assertion `thd->get_stmt_da()->is_eof... Confirmed
relates to MDEV-23126 Server crashes in Query_cache_block::... Confirmed

 Description   

Note: It must be related to MDEV-23126, but since the failures look quite different, I'm not sure at all that one patch will fix it all.

--source include/have_partition.inc
 
--source include/have_innodb.inc
 
 
 
SET @qcache.save= @@global.query_cache_type;
 
SET GLOBAL query_cache_type= 1;
 
SET query_cache_type= 1;
 
 
 
CREATE TABLE t1 (a INT) ENGINE=InnoDB;
 
SELECT * FROM t1;
 
 
 
CREATE TABLE t2 (b INT) ENGINE=InnoDB
 
  PARTITION BY RANGE(b)
 
  SUBPARTITION BY HASH(b) SUBPARTITIONS 2 (
 
    PARTITION p0 VALUES LESS THAN (1),
 
    PARTITION p1 VALUES LESS THAN (128),
 
    PARTITION p2 VALUES LESS THAN MAXVALUE
 
  );
 
 
 
CREATE VIEW v AS SELECT b FROM t2;
 
 
 
CREATE TABLE yet_another_table (field1 INT, field2 INT, field3 INT) ENGINE=InnoDB;
 
SELECT * FROM yet_another_table;
 
 
 
SELECT a2.b AS field1 FROM v AS a1, t2 AS a2 UNION SELECT a2.b AS field1 FROM v AS a1, t2 AS a2;
 
 
 
INSERT INTO t1 VALUES (1);
 
SELECT * FROM t1;
 
 
 
SELECT tx.field1 AS field1, tx.field2 AS field2, tx.field3 AS field3 FROM yet_another_table AS tx UNION SELECT tx.field1 AS field1, tx.field2 AS field2, tx.field3 AS field3 FROM yet_another_table AS tx;
 
FLUSH QUERY CACHE;
 
INSERT INTO yet_another_table () VALUES ();
 
 
 
DROP VIEW v;
 
 
 
# Cleanup
 
SET GLOBAL query_cache_type= @qcache.save;
 
DROP TABLE t1, t2, yet_another_table;

10.2 non-debug 253aa7bb

 
#3  <signal handler called>
 
#4  Query_cache::double_linked_list_exclude (point=point@entry=0x7fefd9297840, list_pointer=list_pointer@entry=0x55b85517b9c0 <query_cache+224>) at /data/src/10.2/sql/sql_cache.cc:3992
 
#5  0x000055b854109246 in Query_cache::unlink_table (this=this@entry=0x55b85517b8e0 <query_cache>, node=node@entry=0x7ffb5c177b98) at /data/src/10.2/sql/sql_cache.cc:3624
 
#6  0x000055b854109300 in Query_cache::free_query_internal (this=this@entry=0x55b85517b8e0 <query_cache>, query_block=query_block@entry=0x7ffb5c177b20) at /data/src/10.2/sql/sql_cache.cc:2938
 
#7  0x000055b8541094c8 in Query_cache::free_query (this=this@entry=0x55b85517b8e0 <query_cache>, query_block=query_block@entry=0x7ffb5c177b20) at /data/src/10.2/sql/sql_cache.cc:2995
 
#8  0x000055b8541098b3 in Query_cache::invalidate_query_block_list (this=this@entry=0x55b85517b8e0 <query_cache>, thd=thd@entry=0x7ffb5c0009a8, list_root=0x7ffb5c178078) at /data/src/10.2/sql/sql_cache.cc:3346
 
#9  0x000055b854109a0f in Query_cache::invalidate_table_internal (this=this@entry=0x55b85517b8e0 <query_cache>, thd=thd@entry=0x7ffb5c0009a8, key=key@entry=0x7ffb5c00f5e1 "test", key_length=key_length@entry=7) at /data/src/10.2/sql/sql_cache.cc:3322
 
#10 0x000055b854109a53 in Query_cache::invalidate_table (this=this@entry=0x55b85517b8e0 <query_cache>, thd=thd@entry=0x7ffb5c0009a8, key=0x7ffb5c00f5e1 "test", key_length=7) at /data/src/10.2/sql/sql_cache.cc:3300
 
#11 0x000055b854109d8d in Query_cache::invalidate_table (this=0x55b85517b8e0 <query_cache>, thd=0x7ffb5c0009a8, table_list=<optimized out>) at /data/src/10.2/sql/sql_cache.cc:3277
 
#12 0x000055b854109df0 in Query_cache::invalidate (this=0x55b85517b8e0 <query_cache>, thd=thd@entry=0x7ffb5c0009a8, tables_used=tables_used@entry=0x7ffb5c00f168, using_transactions=<optimized out>, using_transactions@entry=0 '\000') at /data/src/10.2/sql/sql_cache.cc:2246
 
#13 0x000055b8541ead5b in mysql_drop_view (thd=thd@entry=0x7ffb5c0009a8, views=views@entry=0x7ffb5c00f168, drop_mode=<optimized out>) at /data/src/10.2/sql/sql_view.cc:1829
 
#14 0x000055b854148525 in mysql_execute_command (thd=thd@entry=0x7ffb5c0009a8) at /data/src/10.2/sql/sql_parse.cc:5797
 
#15 0x000055b85414e63a in mysql_parse (thd=thd@entry=0x7ffb5c0009a8, rawbuf=<optimized out>, length=11, parser_state=parser_state@entry=0x7ffbb0619620, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /data/src/10.2/sql/sql_parse.cc:7733
 
#16 0x000055b854150ec0 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x7ffb5c0009a8, packet=packet@entry=0x7ffb5c006cf9 "DROP VIEW v", packet_length=packet_length@entry=11, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /data/src/10.2/sql/sql_parse.cc:1824
 
#17 0x000055b854151c80 in do_command (thd=0x7ffb5c0009a8) at /data/src/10.2/sql/sql_parse.cc:1377
 
#18 0x000055b85421e4a2 in do_handle_one_connection (connect=connect@entry=0x55b85783d008) at /data/src/10.2/sql/sql_connect.cc:1336
 
#19 0x000055b85421e5fd in handle_one_connection (arg=arg@entry=0x55b85783d008) at /data/src/10.2/sql/sql_connect.cc:1241
 
#20 0x000055b8547e0451 in pfs_spawn_thread (arg=0x55b8577d4a38) at /data/src/10.2/storage/perfschema/pfs.cc:1869
 
#21 0x00007ffbb71ee4a4 in start_thread (arg=0x7ffbb061a700) at pthread_create.c:456
 
#22 0x00007ffbb626cd0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97

10.2 debug 253aa7bb

 
mysqld: /data/src/10.2/sql/sql_cache.cc:3610: void Query_cache::unlink_table(Query_cache_block_table*): Assertion `table_block_data->m_cached_query_count >= 0' failed.
 
200709  2:21:21 [ERROR] mysqld got signal 6 ;
 
 
 
#7  0x00007fed2a911f12 in __GI___assert_fail (assertion=0x56072d27b3d8 "table_block_data->m_cached_query_count >= 0", file=0x56072d27a020 "/data/src/10.2/sql/sql_cache.cc", line=3610, function=0x56072d27c9a0 <Query_cache::unlink_table(Query_cache_block_table*)::__PRETTY_FUNCTION__> "void Query_cache::unlink_table(Query_cache_block_table*)") at assert.c:101
 
#8  0x000056072c7ae67d in Query_cache::unlink_table (this=0x56072dd8bf80 <query_cache>, node=0x7fecd418e578) at /data/src/10.2/sql/sql_cache.cc:3610
 
#9  0x000056072c7accfe in Query_cache::free_query_internal (this=0x56072dd8bf80 <query_cache>, query_block=0x7fecd418e540) at /data/src/10.2/sql/sql_cache.cc:2938
 
#10 0x000056072c7aceae in Query_cache::free_query (this=0x56072dd8bf80 <query_cache>, query_block=0x7fecd418e540) at /data/src/10.2/sql/sql_cache.cc:2995
 
#11 0x000056072c7adbfd in Query_cache::invalidate_query_block_list (this=0x56072dd8bf80 <query_cache>, thd=0x7fecd4000af0, list_root=0x7fecd418ea98) at /data/src/10.2/sql/sql_cache.cc:3346
 
#12 0x000056072c7adb9d in Query_cache::invalidate_table_internal (this=0x56072dd8bf80 <query_cache>, thd=0x7fecd4000af0, key=0x7fecd4012989 "test", key_length=7) at /data/src/10.2/sql/sql_cache.cc:3322
 
#13 0x000056072c7adb23 in Query_cache::invalidate_table (this=0x56072dd8bf80 <query_cache>, thd=0x7fecd4000af0, key=0x7fecd4012989 "test", key_length=7) at /data/src/10.2/sql/sql_cache.cc:3300
 
#14 0x000056072c7ada31 in Query_cache::invalidate_table (this=0x56072dd8bf80 <query_cache>, thd=0x7fecd4000af0, table_list=0x7fecd4012510) at /data/src/10.2/sql/sql_cache.cc:3277
 
#15 0x000056072c7ab09e in Query_cache::invalidate (this=0x56072dd8bf80 <query_cache>, thd=0x7fecd4000af0, tables_used=0x7fecd4012510, using_transactions=0 '\000') at /data/src/10.2/sql/sql_cache.cc:2246
 
#16 0x000056072c8ffde0 in mysql_drop_view (thd=0x7fecd4000af0, views=0x7fecd4012510, drop_mode=DROP_DEFAULT) at /data/src/10.2/sql/sql_view.cc:1829
 
#17 0x000056072c80b4c5 in mysql_execute_command (thd=0x7fecd4000af0) at /data/src/10.2/sql/sql_parse.cc:5797
 
#18 0x000056072c810d53 in mysql_parse (thd=0x7fecd4000af0, rawbuf=0x7fecd4012448 "DROP VIEW v", length=11, parser_state=0x7fed24f5e610, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:7733
 
#19 0x000056072c7ff07f in dispatch_command (command=COM_QUERY, thd=0x7fecd4000af0, packet=0x7fecd40953d1 "DROP VIEW v", packet_length=11, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:1824
 
#20 0x000056072c7fdafa in do_command (thd=0x7fecd4000af0) at /data/src/10.2/sql/sql_parse.cc:1377
 
#21 0x000056072c9539d5 in do_handle_one_connection (connect=0x560730487d40) at /data/src/10.2/sql/sql_connect.cc:1336
 
#22 0x000056072c953740 in handle_one_connection (arg=0x560730487d40) at /data/src/10.2/sql/sql_connect.cc:1241
 
#23 0x000056072d169d8c in pfs_spawn_thread (arg=0x5607303d4d80) at /data/src/10.2/storage/perfschema/pfs.cc:1869
 
#24 0x00007fed2c89a4a4 in start_thread (arg=0x7fed24f5f700) at pthread_create.c:456
 
#25 0x00007fed2a9ced0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97

Reproducible on 10.1-10.5.

Also, both debug and non-debug servers produce this in the crash report:

Trying to get some variables.
 
Some pointers may be invalid and cause the dump to abort.
 
Query (0x7fecd4012448): DROP VIEW v
 
Connection ID (thread ID): 9
 
Status: KILL_CONNECTION

Even though the connection isn't being killed at the time.
Generated at Thu Feb 08 09:20:03 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.