[MDEV-24754] Server crash in dict_v_col_t::~dict_v_col_t / ha_partition_inplace_ctx::~ha_partition_inplace_ctx Created: 2021-02-01  Updated: 2021-02-01  Resolved: 2021-02-01

Status: Closed
Project: MariaDB Server
Component/s: Partitioning, Storage Engine - InnoDB
Affects Version/s: N/A
Fix Version/s: 10.5.9

Type: Bug Priority: Blocker
Reporter: Elena Stepanova Assignee: Marko Mäkelä
Resolution: Fixed Votes: 0
Labels: regression

Issue Links:
Problem/Incident
is caused by MDEV-24564 Statistics are lost after ALTER TABLE Closed

 Description    

--source include/have_partition.inc
 
--source include/have_innodb.inc
 
 
 
CREATE TABLE t1 (id INT PRIMARY KEY, a INT, va INT AS (a) VIRTUAL) ENGINE=InnoDB;
 
ALTER TABLE t1 PARTITION BY HASH(id) PARTITIONS 2;
 
ALTER TABLE t1 ADD b INT;
 
 
 
# Cleanup
 
DROP TABLE t1;

10.5 b1241585 ASAN

 
==2243346==ERROR: AddressSanitizer: heap-use-after-free on address 0x61c000036a00 at pc 0x5579621fc4f0 bp 0x7f72a8e74750 sp 0x7f72a8e74740
 
READ of size 8 at 0x61c000036a00 thread T14
 
    #0 0x5579621fc4ef in std::_Fwd_list_base<dict_v_idx_t, ut_allocator<dict_v_idx_t, true> >::_M_erase_after(std::_Fwd_list_node_base*, std::_Fwd_list_node_base*) /usr/include/c++/9/bits/forward_list.tcc:81
 
    #1 0x5579621f92b3 in std::_Fwd_list_base<dict_v_idx_t, ut_allocator<dict_v_idx_t, true> >::~_Fwd_list_base() (/data/bld/10.5-asan-nightly/bin/mariadbd+0x2ec42b3)
 
    #2 0x5579621f872d in std::forward_list<dict_v_idx_t, ut_allocator<dict_v_idx_t, true> >::~forward_list() /usr/include/c++/9/bits/forward_list.h:588
 
    #3 0x5579621e77db in dict_v_col_t::~dict_v_col_t() /data/src/10.5/storage/innobase/include/dict0mem.h:754
 
    #4 0x5579621eab73 in ha_innobase_inplace_ctx::~ha_innobase_inplace_ctx() (/data/bld/10.5-asan-nightly/bin/mariadbd+0x2eb5b73)
 
    #5 0x5579621eac85 in ha_innobase_inplace_ctx::~ha_innobase_inplace_ctx() (/data/bld/10.5-asan-nightly/bin/mariadbd+0x2eb5c85)
 
    #6 0x557961ef6bcf in ha_partition_inplace_ctx::~ha_partition_inplace_ctx() /data/src/10.5/sql/ha_partition.cc:10203
 
    #7 0x557961ef6c03 in ha_partition_inplace_ctx::~ha_partition_inplace_ctx() /data/src/10.5/sql/ha_partition.cc:10205
 
    #8 0x55796107d407 in Alter_inplace_info::~Alter_inplace_info() /data/src/10.5/sql/handler.h:2548
 
    #9 0x557961070804 in mysql_alter_table(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, HA_CREATE_INFO*, TABLE_LIST*, Alter_info*, unsigned int, st_order*, bool, bool) /data/src/10.5/sql/sql_table.cc:10699
 
    #10 0x55796120f8e7 in Sql_cmd_alter_table::execute(THD*) /data/src/10.5/sql/sql_alter.cc:539
 
    #11 0x557960dd0376 in mysql_execute_command(THD*) /data/src/10.5/sql/sql_parse.cc:6023
 
    #12 0x557960ddde1f in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.5/sql/sql_parse.cc:8062
 
    #13 0x557960db410c in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.5/sql/sql_parse.cc:1889
 
    #14 0x557960db0a35 in do_command(THD*) /data/src/10.5/sql/sql_parse.cc:1370
 
    #15 0x5579611f330f in do_handle_one_connection(CONNECT*, bool) /data/src/10.5/sql/sql_connect.cc:1410
 
    #16 0x5579611f2c73 in handle_one_connection /data/src/10.5/sql/sql_connect.cc:1312
 
    #17 0x557961f0101e in pfs_spawn_thread /data/src/10.5/storage/perfschema/pfs.cc:2201
 
    #18 0x7f72b8c00608 in start_thread /build/glibc-ZN95T4/glibc-2.31/nptl/pthread_create.c:477
 
    #19 0x7f72b87d6292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)
 
 
 
0x61c000036a00 is located 384 bytes inside of 1784-byte region [0x61c000036880,0x61c000036f78)
 
freed by thread T14 here:
 
    #0 0x7f72b90ee7cf in __interceptor_free (/lib/x86_64-linux-gnu/libasan.so.5+0x10d7cf)
 
    #1 0x5579621f7419 in ut_allocator<unsigned char, true>::deallocate(unsigned char*, unsigned long) /data/src/10.5/storage/innobase/include/ut0new.h:426
 
    #2 0x557962332577 in mem_heap_block_free(mem_block_info_t*, mem_block_info_t*) /data/src/10.5/storage/innobase/mem/mem0mem.cc:416
 
    #3 0x55796280fd08 in mem_heap_free /data/src/10.5/storage/innobase/include/mem0mem.ic:417
 
    #4 0x557962812f3a in dict_mem_table_free(dict_table_t*) /data/src/10.5/storage/innobase/dict/dict0mem.cc:247
 
    #5 0x5579627d0b37 in dict_sys_t::remove(dict_table_t*, bool, bool) /data/src/10.5/storage/innobase/dict/dict0dict.cc:2007
 
    #6 0x5579621c7a08 in innobase_reload_table /data/src/10.5/storage/innobase/handler/handler0alter.cc:10133
 
    #7 0x5579621cdb32 in ha_innobase::commit_inplace_alter_table(TABLE*, Alter_inplace_info*, bool) /data/src/10.5/storage/innobase/handler/handler0alter.cc:11272
 
    #8 0x5579615e6925 in handler::ha_commit_inplace_alter_table(TABLE*, Alter_inplace_info*, bool) /data/src/10.5/sql/handler.cc:4855
 
    #9 0x557961ee7178 in ha_partition::commit_inplace_alter_table(TABLE*, Alter_inplace_info*, bool) /data/src/10.5/sql/ha_partition.cc:10396
 
    #10 0x5579615e6925 in handler::ha_commit_inplace_alter_table(TABLE*, Alter_inplace_info*, bool) /data/src/10.5/sql/handler.cc:4855
 
    #11 0x55796105d7d2 in mysql_inplace_alter_table /data/src/10.5/sql/sql_table.cc:8137
 
    #12 0x55796107068c in mysql_alter_table(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, HA_CREATE_INFO*, TABLE_LIST*, Alter_info*, unsigned int, st_order*, bool, bool) /data/src/10.5/sql/sql_table.cc:10684
 
    #13 0x55796120f8e7 in Sql_cmd_alter_table::execute(THD*) /data/src/10.5/sql/sql_alter.cc:539
 
    #14 0x557960dd0376 in mysql_execute_command(THD*) /data/src/10.5/sql/sql_parse.cc:6023
 
    #15 0x557960ddde1f in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.5/sql/sql_parse.cc:8062
 
    #16 0x557960db410c in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.5/sql/sql_parse.cc:1889
 
    #17 0x557960db0a35 in do_command(THD*) /data/src/10.5/sql/sql_parse.cc:1370
 
    #18 0x5579611f330f in do_handle_one_connection(CONNECT*, bool) /data/src/10.5/sql/sql_connect.cc:1410
 
    #19 0x5579611f2c73 in handle_one_connection /data/src/10.5/sql/sql_connect.cc:1312
 
    #20 0x557961f0101e in pfs_spawn_thread /data/src/10.5/storage/perfschema/pfs.cc:2201
 
    #21 0x7f72b8c00608 in start_thread /build/glibc-ZN95T4/glibc-2.31/nptl/pthread_create.c:477
 
 
 
previously allocated by thread T14 here:
 
    #0 0x7f72b90eebc8 in malloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10dbc8)
 
    #1 0x55796215adbc in ut_allocator<unsigned char, true>::allocate(unsigned long, unsigned char const*, unsigned int, bool, bool) /data/src/10.5/storage/innobase/include/ut0new.h:377
 
    #2 0x55796233181b in mem_heap_create_block_func(mem_block_info_t*, unsigned long, char const*, unsigned int, unsigned long) /data/src/10.5/storage/innobase/mem/mem0mem.cc:277
 
    #3 0x55796233216b in mem_heap_add_block(mem_block_info_t*, unsigned long) /data/src/10.5/storage/innobase/mem/mem0mem.cc:378
 
    #4 0x55796280f995 in mem_heap_alloc /data/src/10.5/storage/innobase/include/mem0mem.ic:191
 
    #5 0x55796281232a in dict_mem_table_create(char const*, fil_space_t*, unsigned long, unsigned long, unsigned long, unsigned long) /data/src/10.5/storage/innobase/dict/dict0mem.cc:183
 
    #6 0x5579621523a1 in create_table_info_t::create_table_def() (/data/bld/10.5-asan-nightly/bin/mariadbd+0x2e1d3a1)
 
    #7 0x55796211d79c in create_table_info_t::create_table(bool) /data/src/10.5/storage/innobase/handler/ha_innodb.cc:12405
 
    #8 0x55796215764a in ha_innobase::create(char const*, TABLE*, HA_CREATE_INFO*, bool, trx_t*) (/data/bld/10.5-asan-nightly/bin/mariadbd+0x2e2264a)
 
    #9 0x5579621201ed in ha_innobase::create(char const*, TABLE*, HA_CREATE_INFO*) /data/src/10.5/storage/innobase/handler/ha_innodb.cc:13001
 
    #10 0x5579615e813b in handler::ha_create(char const*, TABLE*, HA_CREATE_INFO*) /data/src/10.5/sql/handler.cc:5091
 
    #11 0x557961e9b164 in ha_partition::create(char const*, TABLE*, HA_CREATE_INFO*) /data/src/10.5/sql/ha_partition.cc:833
 
    #12 0x5579615e813b in handler::ha_create(char const*, TABLE*, HA_CREATE_INFO*) /data/src/10.5/sql/handler.cc:5091
 
    #13 0x5579615ec80e in ha_create_table(THD*, char const*, char const*, char const*, HA_CREATE_INFO*, st_mysql_const_unsigned_lex_string*) /data/src/10.5/sql/handler.cc:5555
 
    #14 0x557961070d34 in mysql_alter_table(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, HA_CREATE_INFO*, TABLE_LIST*, Alter_info*, unsigned int, st_order*, bool, bool) /data/src/10.5/sql/sql_table.cc:10744
 
    #15 0x55796120f8e7 in Sql_cmd_alter_table::execute(THD*) /data/src/10.5/sql/sql_alter.cc:539
 
    #16 0x557960dd0376 in mysql_execute_command(THD*) /data/src/10.5/sql/sql_parse.cc:6023
 
    #17 0x557960ddde1f in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.5/sql/sql_parse.cc:8062
 
    #18 0x557960db410c in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.5/sql/sql_parse.cc:1889
 
    #19 0x557960db0a35 in do_command(THD*) /data/src/10.5/sql/sql_parse.cc:1370
 
    #20 0x5579611f330f in do_handle_one_connection(CONNECT*, bool) /data/src/10.5/sql/sql_connect.cc:1410
 
    #21 0x5579611f2c73 in handle_one_connection /data/src/10.5/sql/sql_connect.cc:1312
 
    #22 0x557961f0101e in pfs_spawn_thread /data/src/10.5/storage/perfschema/pfs.cc:2201
 
    #23 0x7f72b8c00608 in start_thread /build/glibc-ZN95T4/glibc-2.31/nptl/pthread_create.c:477
 
 
 
Thread T14 created by T0 here:
 
    #0 0x7f72b901b805 in pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x3a805)
 
    #1 0x557961efbfc2 in my_thread_create /data/src/10.5/storage/perfschema/my_thread.h:38
 
    #2 0x557961f01411 in pfs_spawn_thread_v1 /data/src/10.5/storage/perfschema/pfs.cc:2252
 
    #3 0x557960aa44fe in inline_mysql_thread_create /data/src/10.5/include/mysql/psi/mysql_thread.h:1323
 
    #4 0x557960aba4e0 in create_thread_to_handle_connection(CONNECT*) /data/src/10.5/sql/mysqld.cc:6023
 
    #5 0x557960abab5f in create_new_thread(CONNECT*) /data/src/10.5/sql/mysqld.cc:6082
 
    #6 0x557960abaebc in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/src/10.5/sql/mysqld.cc:6147
 
    #7 0x557960abbadb in handle_connections_sockets() /data/src/10.5/sql/mysqld.cc:6274
 
    #8 0x557960ab9ced in mysqld_main(int, char**) /data/src/10.5/sql/mysqld.cc:5669
 
    #9 0x557960aa2d9c in main /data/src/10.5/sql/main.cc:25
 
    #10 0x7f72b86db0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
 
 
 
SUMMARY: AddressSanitizer: heap-use-after-free /usr/include/c++/9/bits/forward_list.tcc:81 in std::_Fwd_list_base<dict_v_idx_t, ut_allocator<dict_v_idx_t, true> >::_M_erase_after(std::_Fwd_list_node_base*, std::_Fwd_list_node_base*)
 
Shadow bytes around the buggy address:
 
  0x0c387fffecf0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
 
  0x0c387fffed00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
 
  0x0c387fffed10: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
 
  0x0c387fffed20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
 
  0x0c387fffed30: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
 
=>0x0c387fffed40:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
 
  0x0c387fffed50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
 
  0x0c387fffed60: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
 
  0x0c387fffed70: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
 
  0x0c387fffed80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
 
  0x0c387fffed90: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
 
Shadow byte legend (one shadow byte represents 8 application bytes):
 
  Addressable:           00
 
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
 
  Freed heap region:       fd
 
  Stack left redzone:      f1
 
  Stack mid redzone:       f2
 
  Stack right redzone:     f3
 
  Stack after return:      f5
 
  Stack use after scope:   f8
 
  Global redzone:          f9
 
  Global init order:       f6
 
  Poisoned by user:        f7
 
  Container overflow:      fc
 
  Array cookie:            ac
 
  Intra object redzone:    bb
 
  ASan internal:           fe
 
  Left alloca redzone:     ca
 
  Right alloca redzone:    cb
 
  Shadow gap:              cc
 
==2243346==ABORTING
 
210201 18:00:36 [ERROR] mysqld got signal 6 ;
 
This could be because you hit a bug. It is also possible that this binary
 
or one of the libraries it was linked against is corrupt, improperly built,
 
or misconfigured. This error can also be caused by malfunctioning hardware.
 
 
 
To report this bug, see https://mariadb.com/kb/en/reporting-bugs
 
 
 
We will try our best to scrape up some info that will hopefully help
 
diagnose the problem, but since we have already crashed, 
something is definitely wrong and this may fail.
 
 
 
Server version: 10.5.9-MariaDB-debug-log
 
key_buffer_size=1048576
 
read_buffer_size=131072
 
max_used_connections=1
 
max_threads=153
 
thread_count=2
 
It is possible that mysqld could use up to 
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 63744 K  bytes of memory
 
Hope that's ok; if not, decrease some variables in the equation.
 
 
 
Thread pointer: 0x62b00009a288
 
Attempting backtrace. You can use the following information to find out
 
where mysqld died. If you see no messages after this, something went
 
terribly wrong...
 
stack_bottom = 0x7f72a8e79950 thread_stack 0x5fc00
 
??:0(__interceptor_tcgetattr)[0x7f72b904dd30]
 
mysys/stacktrace.c:212(my_print_stacktrace)[0x557962b7ec39]
 
sql/signal_handler.cc:211(handle_fatal_signal)[0x5579615bb100]
 
sigaction.c:0(__restore_rt)[0x7f72b8c0c3c0]
 
??:0(gsignal)[0x7f72b86fa18b]
 
??:0(abort)[0x7f72b86d9859]
 
??:0(__sanitizer_set_report_fd)[0x7f72b910c6a2]
 
??:0(__sanitizer_get_module_and_offset_for_pc)[0x7f72b911724c]
 
??:0(__sanitizer_ptr_cmp)[0x7f72b90f88ec]
 
??:0(__asan_on_error)[0x7f72b90f8363]
 
??:0(__asan_report_load8)[0x7f72b90f91ab]
 
bits/forward_list.tcc:81(std::_Fwd_list_base<dict_v_idx_t, ut_allocator<dict_v_idx_t, true> >::_M_erase_after(std::_Fwd_list_node_base*, std::_Fwd_list_node_base*))[0x5579621fc4f0]
 
bits/forward_list.h:343(std::_Fwd_list_base<dict_v_idx_t, ut_allocator<dict_v_idx_t, true> >::~_Fwd_list_base())[0x5579621f92b4]
 
bits/forward_list.h:588(std::forward_list<dict_v_idx_t, ut_allocator<dict_v_idx_t, true> >::~forward_list())[0x5579621f872e]
 
include/dict0mem.h:754(dict_v_col_t::~dict_v_col_t())[0x5579621e77dc]
 
handler/handler0alter.cc:1010(ha_innobase_inplace_ctx::~ha_innobase_inplace_ctx())[0x5579621eab74]
 
handler/handler0alter.cc:1019(ha_innobase_inplace_ctx::~ha_innobase_inplace_ctx())[0x5579621eac86]
 
sql/ha_partition.cc:10202(ha_partition_inplace_ctx::~ha_partition_inplace_ctx())[0x557961ef6bd0]
 
sql/ha_partition.cc:10205(ha_partition_inplace_ctx::~ha_partition_inplace_ctx())[0x557961ef6c04]
 
sql/handler.h:2547(Alter_inplace_info::~Alter_inplace_info())[0x55796107d408]
 
sql/sql_table.cc:10699(mysql_alter_table(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, HA_CREATE_INFO*, TABLE_LIST*, Alter_info*, unsigned int, st_order*, bool, bool))[0x557961070805]
 
sql/sql_alter.cc:539(Sql_cmd_alter_table::execute(THD*))[0x55796120f8e8]
 
sql/sql_parse.cc:6023(mysql_execute_command(THD*))[0x557960dd0377]
 
sql/sql_parse.cc:8062(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x557960ddde20]
 
sql/sql_parse.cc:1892(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x557960db410d]
 
sql/sql_parse.cc:1370(do_command(THD*))[0x557960db0a36]
 
sql/sql_connect.cc:1410(do_handle_one_connection(CONNECT*, bool))[0x5579611f3310]
 
sql/sql_connect.cc:1314(handle_one_connection)[0x5579611f2c74]
 
perfschema/pfs.cc:2203(pfs_spawn_thread)[0x557961f0101f]
 
nptl/pthread_create.c:478(start_thread)[0x7f72b8c00609]
 
??:0(clone)[0x7f72b87d6293]
 
 
 
Trying to get some variables.
 
Some pointers may be invalid and cause the dump to abort.
 
Query (0x62b0000a12a8): ALTER TABLE t1 ADD b INT
 
 
 
Connection ID (thread ID): 4
 
Status: NOT_KILLED
 
 
 
Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,engine_condition_pushdown=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on,not_null_range_scan=off
 
 
 
The manual page at https://mariadb.com/kb/en/how-to-produce-a-full-stack-trace-for-mysqld/ contains
 
information that should help you find out what is causing the crash.
 
Writing a core file...
 
Working directory at /dev/shm/var_auto_IGZo/mysqld.1/data
 
Resource Limits:
 
Limit                     Soft Limit           Hard Limit           Units     
Max cpu time              unlimited            unlimited            seconds   
Max file size             unlimited            unlimited            bytes     
Max data size             unlimited            unlimited            bytes     
Max stack size            8388608              unlimited            bytes     
Max core file size        0                    0                    bytes     
Max resident set          unlimited            unlimited            bytes     
Max processes             385883               385883               processes 
Max open files            1024                 1024                 files     
Max locked memory         67108864             67108864             bytes     
Max address space         unlimited            unlimited            bytes     
Max file locks            unlimited            unlimited            locks     
Max pending signals       385883               385883               signals   
Max msgqueue size         819200               819200               bytes     
Max nice priority         0                    0                    
Max realtime priority     0                    0                    
Max realtime timeout      unlimited            unlimited            us        
Core pattern: |/usr/share/apport/apport %p %s %c %d %P %E

10.5 b1241585 non-debug

 
#3  <signal handler called>
 
#4  0x00005584ba2f8386 in std::_Fwd_list_base<dict_v_idx_t, ut_allocator<dict_v_idx_t, true> >::_M_erase_after (this=<optimized out>, __pos=<optimized out>, __last=0x0) at /usr/include/c++/9/bits/forward_list.tcc:82
 
#5  std::_Fwd_list_base<dict_v_idx_t, ut_allocator<dict_v_idx_t, true> >::~_Fwd_list_base (this=<optimized out>, __in_chrg=<optimized out>) at /usr/include/c++/9/bits/forward_list.h:343
 
#6  std::forward_list<dict_v_idx_t, ut_allocator<dict_v_idx_t, true> >::~forward_list (this=<optimized out>, __in_chrg=<optimized out>) at /usr/include/c++/9/bits/forward_list.h:588
 
#7  dict_v_col_t::~dict_v_col_t (this=<optimized out>, __in_chrg=<optimized out>) at /data/src/10.5/storage/innobase/include/dict0mem.h:754
 
#8  ha_innobase_inplace_ctx::~ha_innobase_inplace_ctx (this=0x7fc35c013e88, __in_chrg=<optimized out>) at /data/src/10.5/storage/innobase/handler/handler0alter.cc:1011
 
#9  ha_innobase_inplace_ctx::~ha_innobase_inplace_ctx (this=0x7fc35c013e88, __in_chrg=<optimized out>) at /data/src/10.5/storage/innobase/handler/handler0alter.cc:1019
 
#10 0x00005584ba22597e in ha_partition_inplace_ctx::~ha_partition_inplace_ctx (this=<optimized out>, __in_chrg=<optimized out>) at /data/src/10.5/sql/ha_partition.cc:10203
 
#11 ha_partition_inplace_ctx::~ha_partition_inplace_ctx (this=0x7fc35c013cb8, __in_chrg=<optimized out>) at /data/src/10.5/sql/ha_partition.cc:10198
 
#12 0x00005584b9e43109 in Alter_inplace_info::~Alter_inplace_info (this=0x7fc39432c940, __in_chrg=<optimized out>) at /data/src/10.5/sql/handler.h:2548
 
#13 mysql_alter_table (thd=thd@entry=0x7fc35c000c58, new_db=new_db@entry=0x7fc35c0054e8, new_name=new_name@entry=0x7fc35c0058e8, create_info=create_info@entry=0x7fc39432e580, table_list=<optimized out>, table_list@entry=0x7fc35c010588, alter_info=alter_info@entry=0x7fc39432e4b0, order_num=0, order=0x0, ignore=false, if_exists=false) at /data/src/10.5/sql/handler.h:2546
 
#14 0x00005584b9ea39d5 in Sql_cmd_alter_table::execute (this=<optimized out>, thd=0x7fc35c000c58) at /data/src/10.5/sql/structs.h:559
 
#15 0x00005584b9d9bb4e in mysql_execute_command (thd=0x7fc35c000c58) at /data/src/10.5/sql/sql_parse.cc:6023
 
#16 0x00005584b9d8b79f in mysql_parse (thd=0x7fc35c000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /data/src/10.5/sql/sql_parse.cc:8062
 
#17 0x00005584b9d9753f in dispatch_command (command=COM_QUERY, thd=0x7fc35c000c58, packet=<optimized out>, packet_length=<optimized out>, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /data/src/10.5/sql/sql_class.h:1257
 
#18 0x00005584b9d99907 in do_command (thd=0x7fc35c000c58) at /data/src/10.5/sql/sql_parse.cc:1370
 
#19 0x00005584b9e9edb1 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x5584bc8250c8, put_in_cache=put_in_cache@entry=true) at /data/src/10.5/sql/sql_connect.cc:1410
 
#20 0x00005584b9e9f22d in handle_one_connection (arg=arg@entry=0x5584bc8250c8) at /data/src/10.5/sql/sql_connect.cc:1312
 
#21 0x00005584ba227546 in pfs_spawn_thread (arg=0x5584bc7bcb18) at /data/src/10.5/storage/perfschema/pfs.cc:2201
 
#22 0x00007fc39b49d609 in start_thread (arg=<optimized out>) at pthread_create.c:477
 
#23 0x00007fc39b08c293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

At least on a non-ASAN debug build, the problem is sporadic – sometimes it fails as below, sometimes crashes with SIGSEGV, and sometimes it doesn't fail at all.

10.5 b1241585 debug

 
munmap_chunk(): invalid pointer
 
210201 17:59:39 [ERROR] mysqld got signal 6 ;
 
 
 
#5  0x00007fe00cbc8859 in __GI_abort () at abort.c:79
 
#6  0x00007fe00cc333ee in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7fe00cd5d285 "%s\n") at ../sysdeps/posix/libc_fatal.c:155
 
#7  0x00007fe00cc3b47c in malloc_printerr (str=str@entry=0x7fe00cd5f1e0 "munmap_chunk(): invalid pointer") at malloc.c:5347
 
#8  0x00007fe00cc3b6cc in munmap_chunk (p=<optimized out>) at malloc.c:2830
 
#9  0x000056471dece6e4 in ut_allocator<std::_Fwd_list_node<dict_v_idx_t>, true>::deallocate (this=0x7fdfb41b9f28, ptr=0x56471d902104 <tc_release_table(TABLE*)+675>, n_elements=1) at /data/src/10.5/storage/innobase/include/ut0new.h:426
 
#10 0x000056471decd9f2 in std::allocator_traits<ut_allocator<std::_Fwd_list_node<dict_v_idx_t>, true> >::deallocate (__a=..., __p=0x56471d902104 <tc_release_table(TABLE*)+675>, __n=1) at /usr/include/c++/9/bits/alloc_traits.h:333
 
#11 0x000056471decc08d in std::_Fwd_list_base<dict_v_idx_t, ut_allocator<dict_v_idx_t, true> >::_M_put_node (this=0x7fdfb41b9f28, __p=0x56471d902104 <tc_release_table(TABLE*)+675>) at /usr/include/c++/9/bits/forward_list.h:382
 
#12 0x000056471decac04 in std::_Fwd_list_base<dict_v_idx_t, ut_allocator<dict_v_idx_t, true> >::_M_erase_after (this=0x7fdfb41b9f28, __pos=0x7fdfb41b9f30, __last=0x0) at /usr/include/c++/9/bits/forward_list.tcc:89
 
#13 0x000056471dec99fe in std::_Fwd_list_base<dict_v_idx_t, ut_allocator<dict_v_idx_t, true> >::~_Fwd_list_base (this=0x7fdfb41b9f28, __in_chrg=<optimized out>) at /usr/include/c++/9/bits/forward_list.h:343
 
#14 0x000056471dec95a8 in std::forward_list<dict_v_idx_t, ut_allocator<dict_v_idx_t, true> >::~forward_list (this=0x7fdfb41b9f28, __in_chrg=<optimized out>) at /usr/include/c++/9/bits/forward_list.h:588
 
#15 0x000056471dec1f6e in dict_v_col_t::~dict_v_col_t (this=0x7fdfb41b9ef8, __in_chrg=<optimized out>) at /data/src/10.5/storage/innobase/include/dict0mem.h:754
 
#16 0x000056471dec35a7 in ha_innobase_inplace_ctx::~ha_innobase_inplace_ctx (this=0x7fdfb4017918, __in_chrg=<optimized out>) at /data/src/10.5/storage/innobase/handler/handler0alter.cc:1011
 
#17 0x000056471dec3622 in ha_innobase_inplace_ctx::~ha_innobase_inplace_ctx (this=0x7fdfb4017918, __in_chrg=<optimized out>) at /data/src/10.5/storage/innobase/handler/handler0alter.cc:1019
 
#18 0x000056471dd72a29 in ha_partition_inplace_ctx::~ha_partition_inplace_ctx (this=0x7fdfb4017748, __in_chrg=<optimized out>) at /data/src/10.5/sql/ha_partition.cc:10203
 
#19 0x000056471dd72a5a in ha_partition_inplace_ctx::~ha_partition_inplace_ctx (this=0x7fdfb4017748, __in_chrg=<optimized out>) at /data/src/10.5/sql/ha_partition.cc:10205
 
#20 0x000056471d77f95a in Alter_inplace_info::~Alter_inplace_info (this=0x7fe001f7c850, __in_chrg=<optimized out>) at /data/src/10.5/sql/handler.h:2548
 
#21 0x000056471d77a318 in mysql_alter_table (thd=0x7fdfb4000db8, new_db=0x7fdfb4005808, new_name=0x7fdfb4005c08, create_info=0x7fe001f7e420, table_list=0x7fdfb4014018, alter_info=0x7fe001f7e350, order_num=0, order=0x0, ignore=false, if_exists=false) at /data/src/10.5/sql/sql_table.cc:10699
 
#22 0x000056471d822528 in Sql_cmd_alter_table::execute (this=0x7fdfb4014800, thd=0x7fdfb4000db8) at /data/src/10.5/sql/sql_alter.cc:539
 
#23 0x000056471d678f1c in mysql_execute_command (thd=0x7fdfb4000db8) at /data/src/10.5/sql/sql_parse.cc:6023
 
#24 0x000056471d67f2f2 in mysql_parse (thd=0x7fdfb4000db8, rawbuf=0x7fdfb4013f40 "ALTER TABLE t1 ADD b INT", length=24, parser_state=0x7fe001f7f510, is_com_multi=false, is_next_command=false) at /data/src/10.5/sql/sql_parse.cc:8062
 
#25 0x000056471d66b275 in dispatch_command (command=COM_QUERY, thd=0x7fdfb4000db8, packet=0x7fdfb40090b9 "ALTER TABLE t1 ADD b INT", packet_length=24, is_com_multi=false, is_next_command=false) at /data/src/10.5/sql/sql_parse.cc:1889
 
#26 0x000056471d669a69 in do_command (thd=0x7fdfb4000db8) at /data/src/10.5/sql/sql_parse.cc:1370
 
#27 0x000056471d8178eb in do_handle_one_connection (connect=0x56472164ec68, put_in_cache=true) at /data/src/10.5/sql/sql_connect.cc:1410
 
#28 0x000056471d81764e in handle_one_connection (arg=0x5647216613c8) at /data/src/10.5/sql/sql_connect.cc:1312
 
#29 0x000056471dd77565 in pfs_spawn_thread (arg=0x5647215e37d8) at /data/src/10.5/storage/perfschema/pfs.cc:2201
 
#30 0x00007fe00d0f1609 in start_thread (arg=<optimized out>) at pthread_create.c:477
 
#31 0x00007fe00ccc5293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Not reproducible on 10.4.
The failure appeared in 10.5 after this commit:

commit 6d1f1b61b59310027698a92ccf533a3093f1ce04
 
Author: Marko Mäkelä
 
Date:   Thu Jan 28 14:15:01 2021 +0200
 
 
 
    MDEV-24564 Statistics are lost after ALTER TABLE



 Comments   
Comment by Marko Mäkelä [ 2021-02-01 ]

Sorry, my bad, and good catch. This was broken in MDEV-24564 in the 10.5 branch.
Side note: in the 10.2, 10.3, 10.4 branches we would fail to adjust anything else than the first partition, but that should be the subject of another bug report.

Generated at Thu Feb 08 09:32:24 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.