[MDEV-23823] SIGSEGV in Item_func_nextval::update_table (on optimized builds) Created: 2020-09-26  Updated: 2020-10-06  Resolved: 2020-09-28

Status: Closed
Project: MariaDB Server
Component/s: Storage Engine - Sequence, Views
Affects Version/s: 10.3, 10.4, 10.5, 10.6
Fix Version/s: 10.3.26, 10.4.16, 10.5.7

Type: Bug Priority: Critical
Reporter: Roel Van de Paar Assignee: Vladislav Vaintroub
Resolution: Fixed Votes: 0
Labels: not-10.1, not-10.2


 Description   

Sporadic issue. Run the following about 60-120 times at the CLI to reproduce, or try MTR repeat:

DROP DATABASE test;
 
CREATE DATABASE test;
 
USE test;
 
CREATE view v1 AS SELECT 'abcdefghijklmnopqrstuvwxyz' AS col1;
 
LOCK TABLE v1 READ;
 
SELECT NEXT VALUE FOR v1;

Leads to:

10.5.6 2bac9782aa81ad386beaf00eb126ccf2d15031a1 (Optimized)

 
Core was generated by `/test/MD150920-mariadb-10.5.6-linux-x86_64-opt/bin/mysqld --no-defaults --core-'.
 
Program terminated with signal SIGSEGV, Segmentation fault.
 
#0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=11)
 
    at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
 
[Current thread is 1 (Thread 0x151a5c2c1700 (LWP 79953))]
 
(gdb) bt
 
#0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=11) at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
 
#1  0x000055afa6809ae7 in my_write_core (sig=sig@entry=11) at /data/10.5_opt/mysys/stacktrace.c:424
 
#2  0x000055afa61d8fda in handle_fatal_signal (sig=11) at /data/10.5_opt/sql/signal_handler.cc:330
 
#3  <signal handler called>
 
#4  0x000055afa623d883 in Item_func_nextval::update_table (this=0x151a38447c48, this=0x151a38447c48) at /data/10.5_opt/sql/item_func.h:3729
 
#5  Item_func_nextval::val_int (this=0x151a38447c48) at /data/10.5_opt/sql/item_func.cc:6999
 
#6  0x000055afa613d8e9 in Type_handler::Item_send_longlong (this=<optimized out>, item=0x151a38447c48, protocol=0x151a38412558, buf=<optimized out>) at /data/10.5_opt/sql/sql_type.cc:7385
 
#7  0x000055afa5f27238 in Protocol::send_result_set_row (this=this@entry=0x151a38412558, row_items=row_items@entry=0x151a38447218) at /data/10.5_opt/sql/protocol.cc:1083
 
#8  0x000055afa5f94392 in select_send::send_data (this=0x151a3844b588, items=@0x151a38447218: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x151a38447d20, last = 0x151a38447d20, elements = 1}, <No data fields>}) at /data/10.5_opt/sql/sql_class.cc:3024
 
#9  0x000055afa603e1c2 in select_result_sink::send_data_with_check (sent=0, u=<optimized out>, items=<optimized out>, this=<optimized out>) at /data/10.5_opt/sql/sql_class.h:5307
 
#10 JOIN::exec_inner (this=this@entry=0x151a3844b5b0) at /data/10.5_opt/sql/sql_select.cc:4323
 
#11 0x000055afa603e357 in JOIN::exec (this=this@entry=0x151a3844b5b0) at /data/10.5_opt/sql/sql_select.cc:4236
 
#12 0x000055afa603c682 in mysql_select (thd=thd@entry=0x151a38412018, tables=0x0, fields=@0x151a38447218: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x151a38447d20, last = 0x151a38447d20, elements = 1}, <No data fields>}, conds=0x0, og_num=<optimized out>, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2149845760, result=0x151a3844b588, unit=0x151a38415ff0, select_lex=0x151a384470c8) at /data/10.5_opt/sql/sql_select.cc:4663
 
#13 0x000055afa603d041 in handle_select (thd=thd@entry=0x151a38412018, lex=lex@entry=0x151a38415f28, result=result@entry=0x151a3844b588, setup_tables_done_option=setup_tables_done_option@entry=0) at /data/10.5_opt/sql/sql_select.cc:417
 
#14 0x000055afa5fe28f1 in execute_sqlcom_select (thd=thd@entry=0x151a38412018, all_tables=0x151a38447570) at /data/10.5_opt/sql/sql_parse.cc:6210
 
#15 0x000055afa5fdefd1 in mysql_execute_command (thd=thd@entry=0x151a38412018) at /data/10.5_opt/sql/sql_parse.cc:3932
 
#16 0x000055afa5fe5a2c in mysql_parse (thd=0x151a38412018, rawbuf=<optimized out>, length=24, parser_state=0x151a5c2c0430, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /data/10.5_opt/sql/sql_parse.cc:7994
 
#17 0x000055afa5fdacc5 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x151a38412018, packet=packet@entry=0x151a3843a019 "", packet_length=packet_length@entry=24, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /data/10.5_opt/sql/sql_parse.cc:1867
 
#18 0x000055afa5fd8fe4 in do_command (thd=0x151a38412018) at /data/10.5_opt/sql/sql_parse.cc:1348
 
#19 0x000055afa60cfba1 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x151a590338f8, put_in_cache=put_in_cache@entry=true) at /data/10.5_opt/sql/sql_connect.cc:1410
 
#20 0x000055afa60cff14 in handle_one_connection (arg=arg@entry=0x151a590338f8) at /data/10.5_opt/sql/sql_connect.cc:1312
 
#21 0x000055afa6443a4a in pfs_spawn_thread (arg=0x151a5904f018) at /data/10.5_opt/storage/perfschema/pfs.cc:2201
 
#22 0x0000151a5b23a6db in start_thread (arg=0x151a5c2c1700) at pthread_create.c:463
 
#23 0x0000151a5a638a3f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

10.5.6 2bac9782aa81ad386beaf00eb126ccf2d15031a1 (Debug)

 
Core was generated by `/test/MD150920-mariadb-10.5.6-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
 
Program terminated with signal SIGSEGV, Segmentation fault.
 
#0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=11)
 
    at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
 
[Current thread is 1 (Thread 0x152bca5f5700 (LWP 90667))]
 
(gdb) bt
 
#0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=11) at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
 
#1  0x00005630f9f7085a in my_write_core (sig=sig@entry=11) at /test/10.5_dbg/mysys/stacktrace.c:424
 
#2  0x00005630f97373a9 in handle_fatal_signal (sig=11) at /test/10.5_dbg/sql/signal_handler.cc:330
 
#3  <signal handler called>
 
#4  0x00005630f97bf658 in Item_func_nextval::update_table (this=0x152ba6874cb8) at /test/10.5_dbg/sql/item_func.h:3729
 
#5  Item_func_nextval::val_int (this=0x152ba6874cb8) at /test/10.5_dbg/sql/item_func.cc:6999
 
#6  0x00005630f967206f in Type_handler::Item_send_longlong (this=<optimized out>, item=0x152ba6874cb8, protocol=0x152ba6815650, buf=<optimized out>) at /test/10.5_dbg/sql/sql_type.cc:7385
 
#7  0x00005630f967979f in Type_handler_longlong::Item_send (this=<optimized out>, item=<optimized out>, protocol=<optimized out>, buf=<optimized out>) at /test/10.5_dbg/sql/sql_type.h:5636
 
#8  0x00005630f93959f7 in Item::send (this=0x152ba6874cb8, protocol=0x152ba6815650, buffer=0x152bca5f3070) at /test/10.5_dbg/sql/item.h:1060
 
#9  0x00005630f9392d8f in Protocol::send_result_set_row (this=this@entry=0x152ba6815650, row_items=row_items@entry=0x152ba6874288) at /test/10.5_dbg/sql/protocol.cc:1083
 
#10 0x00005630f9425a76 in select_send::send_data (this=0x152ba68785f8, items=@0x152ba6874288: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x152ba6874d90, last = 0x152ba6874d90, elements = 1}, <No data fields>}) at /test/10.5_dbg/sql/sql_class.cc:3024
 
#11 0x00005630f9504cb1 in select_result_sink::send_data_with_check (sent=0, u=<optimized out>, items=<optimized out>, this=<optimized out>) at /test/10.5_dbg/sql/sql_class.h:5310
 
#12 JOIN::exec_inner (this=this@entry=0x152ba6878620) at /test/10.5_dbg/sql/sql_select.cc:4323
 
#13 0x00005630f9505a91 in JOIN::exec (this=this@entry=0x152ba6878620) at /test/10.5_dbg/sql/sql_select.cc:4236
 
#14 0x00005630f9503d8d in mysql_select (thd=thd@entry=0x152ba6815088, tables=<optimized out>, fields=@0x152ba6874288: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x152ba6874d90, last = 0x152ba6874d90, elements = 1}, <No data fields>}, conds=0x0, og_num=0, order=<optimized out>, group=0x0, having=0x0, proc_param=0x0, select_options=2149845760, result=0x152ba68785f8, unit=0x152ba6819220, select_lex=0x152ba6874138) at /test/10.5_dbg/sql/sql_select.cc:4663
 
#15 0x00005630f95040bc in handle_select (thd=thd@entry=0x152ba6815088, lex=lex@entry=0x152ba6819158, result=result@entry=0x152ba68785f8, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.5_dbg/sql/sql_select.cc:417
 
#16 0x00005630f948b348 in execute_sqlcom_select (thd=thd@entry=0x152ba6815088, all_tables=0x152ba68745e0) at /test/10.5_dbg/sql/sql_parse.cc:6210
 
#17 0x00005630f948441c in mysql_execute_command (thd=thd@entry=0x152ba6815088) at /test/10.5_dbg/sql/sql_parse.cc:3932
 
#18 0x00005630f9491324 in mysql_parse (thd=thd@entry=0x152ba6815088, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x152bca5f4350, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_dbg/sql/sql_parse.cc:7994
 
#19 0x00005630f947dd54 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x152ba6815088, packet=packet@entry=0x152ba6867089 "", packet_length=packet_length@entry=24, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_dbg/sql/sql_parse.cc:1867
 
#20 0x00005630f947c53e in do_command (thd=0x152ba6815088) at /test/10.5_dbg/sql/sql_parse.cc:1348
 
#21 0x00005630f95db893 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x152ba94d43a8, put_in_cache=put_in_cache@entry=true) at /test/10.5_dbg/sql/sql_connect.cc:1410
 
#22 0x00005630f95dbfb7 in handle_one_connection (arg=arg@entry=0x152ba94d43a8) at /test/10.5_dbg/sql/sql_connect.cc:1312
 
#23 0x00005630f9a465c2 in pfs_spawn_thread (arg=0x152bc7446508) at /test/10.5_dbg/storage/perfschema/pfs.cc:2201
 
#24 0x0000152bc956e6db in start_thread (arg=0x152bca5f5700) at pthread_create.c:463
 
#25 0x0000152bc896ca3f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Bug confirmed present in:
MariaDB: 10.3.25 (dbg), 10.3.25 (opt), 10.4.15 (dbg), 10.4.15 (opt), 10.5.6 (dbg), 10.5.6 (opt), 10.6.0 (dbg), 10.6.0 (opt)

Bug confirmed not present in:
MariaDB: 10.1.47 (dbg), 10.1.47 (opt), 10.2.34 (dbg), 10.2.34 (opt)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.49 (dbg), 5.6.49 (opt), 5.7.31 (dbg), 5.7.31 (opt), 8.0.21 (dbg), 8.0.21 (opt)

 Comments   
Comment by Roel Van de Paar [ 2020-09-28 ]

Thank you Vladislav for the quick turnaround!

Generated at Thu Feb 08 09:25:19 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.