[MDEV-26216] SIGSEGV in MDL_lock::incompatible_granted_types_bitmap on HANDLER OPEN w/ duplicate table creation Created: 2021-07-22  Updated: 2023-06-22  Resolved: 2023-06-22

Status: Closed
Project: MariaDB Server
Component/s: Galera
Affects Version/s: 10.4
Fix Version/s: 10.4.30, 10.5.21

Type: Bug Priority: Major
Reporter: Ramesh Sivaraman Assignee: Jan Lindström
Resolution: Cannot Reproduce Votes: 0
Labels: not-10.2, not-10.3, not-10.5, not-10.6


 Description    

CREATE TABLE t1 (a VARCHAR(10)) ENGINE=InnoDB;
 
SET AUTOCOMMIT=0;
 
CREATE TABLE t3 (f1 INT) ENGINE=InnoDB;
 
ALTER TABLE t1 ADD c2 MEDIUMINT NOT NULL FIRST;
 
SET SESSION wsrep_trx_fragment_size=100;
 
HANDLER t3 OPEN;
 
INSERT INTO t1 VALUES (2,1),(NULL, 8);
 
CREATE TABLE t1 (a INT NOT NULL PRIMARY KEY) ENGINE=InnoDB;

Leads to:

10.4.21 aafb88865796bf5d3aa8f131aba67adbec3694ce (Debug)

 
Core was generated by `/test/GAL_MD220721-mariadb-10.4.21-linux-x86_64-dbg/bin/mysqld --defaults-file='.
 
Program terminated with signal SIGSEGV, Segmentation fault.
 
#0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=11)
 
    at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
 
[Current thread is 1 (Thread 0x152d48131700 (LWP 610257))]
 
(gdb) bt
 
#0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=11) at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
 
#1  0x0000559fbd60063d in my_write_core (sig=sig@entry=11) at /test/10.4_dbg/mysys/stacktrace.c:386
 
#2  0x0000559fbcce3be6 in handle_fatal_signal (sig=11) at /test/10.4_dbg/sql/signal_handler.cc:356
 
#3  <signal handler called>
 
#4  0x0000559fbcb62444 in MDL_lock::incompatible_granted_types_bitmap (this=0x152cd839e170) at /test/10.4_dbg/sql/mdl.cc:569
 
#5  MDL_lock::has_pending_conflicting_lock (this=0x152cd839e170, type=MDL_SHARED_READ) at /test/10.4_dbg/sql/mdl.cc:1879
 
#6  0x0000559fbcb62ce4 in MDL_ticket::has_pending_conflicting_lock (this=<optimized out>) at /test/10.4_dbg/sql/mdl.cc:3029
 
#7  0x0000559fbc9bf967 in mysql_ha_flush (thd=thd@entry=0x152cd8000d90) at /test/10.4_dbg/sql/sql_handler.cc:1175
 
#8  0x0000559fbc9826f8 in open_tables (thd=thd@entry=0x152cd8000d90, options=@0x152d4812ea00: {m_options = DDL_options_st::OPT_NONE}, start=start@entry=0x152d4812e5c8, counter=counter@entry=0x152d4812e5dc, flags=flags@entry=0, prelocking_strategy=prelocking_strategy@entry=0x152d4812e678) at /test/10.4_dbg/sql/sql_base.cc:4297
 
#9  0x0000559fbc98366f in open_and_lock_tables (thd=thd@entry=0x152cd8000d90, options=@0x152d4812ea00: {m_options = DDL_options_st::OPT_NONE}, tables=<optimized out>, tables@entry=0x152cd8013380, derived=derived@entry=false, flags=flags@entry=0, prelocking_strategy=prelocking_strategy@entry=0x152d4812e678) at /test/10.4_dbg/sql/sql_base.cc:5307
 
#10 0x0000559fbcadb34b in open_and_lock_tables (flags=0, derived=false, tables=0x152cd8013380, options=@0x152d4812ea00: {m_options = DDL_options_st::OPT_NONE}, thd=0x152cd8000d90) at /test/10.4_dbg/sql/sql_base.h:495
 
#11 mysql_create_table (thd=thd@entry=0x152cd8000d90, create_table=create_table@entry=0x152cd8013380, create_info=create_info@entry=0x152d4812e810, alter_info=alter_info@entry=0x152d4812e750) at /test/10.4_dbg/sql/sql_table.cc:5301
 
#12 0x0000559fbcadce40 in Sql_cmd_create_table_like::execute (this=0x152cd8013320, thd=0x152cd8000d90) at /test/10.4_dbg/sql/sql_table.cc:11593
 
#13 0x0000559fbca0f71f in mysql_execute_command (thd=thd@entry=0x152cd8000d90) at /test/10.4_dbg/sql/sql_parse.cc:6189
 
#14 0x0000559fbca11cf6 in mysql_parse (thd=thd@entry=0x152cd8000d90, rawbuf=rawbuf@entry=0x152cd8013248 "CREATE TABLE t1 (a INT NOT NULL PRIMARY KEY) ENGINE=InnoDB", length=length@entry=58, parser_state=parser_state@entry=0x152d48130490, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.4_dbg/sql/sql_parse.cc:7992
 
#15 0x0000559fbca12dab in wsrep_mysql_parse (thd=thd@entry=0x152cd8000d90, rawbuf=0x152cd8013248 "CREATE TABLE t1 (a INT NOT NULL PRIMARY KEY) ENGINE=InnoDB", length=58, parser_state=parser_state@entry=0x152d48130490, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.4_dbg/sql/sql_parse.cc:7796
 
#16 0x0000559fbca14714 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x152cd8000d90, packet=packet@entry=0x152cd801b681 "CREATE TABLE t1 (a INT NOT NULL PRIMARY KEY) ENGINE=InnoDB", packet_length=packet_length@entry=58, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.4_dbg/sql/sql_class.h:1184
 
#17 0x0000559fbca17fa4 in do_command (thd=0x152cd8000d90) at /test/10.4_dbg/sql/sql_parse.cc:1373
 
#18 0x0000559fbcb56d83 in do_handle_one_connection (connect=connect@entry=0x559fc14e1a40) at /test/10.4_dbg/sql/sql_connect.cc:1412
 
#19 0x0000559fbcb56ea2 in handle_one_connection (arg=0x559fc14e1a40) at /test/10.4_dbg/sql/sql_connect.cc:1316
 
#20 0x0000152d59986609 in start_thread (arg=<optimized out>) at pthread_create.c:477
 
#21 0x0000152d59575293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Bug confirmed present in:
MariaDB: 10.4.21 (dbg)

Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.2.40 (dbg), 10.3.31 (dbg), 10.5.12 (dbg), 10.6.4 (dbg)

 Comments   
Comment by Ramesh Sivaraman [ 2023-02-01 ]

Similar assertion with a slightly different stack seen in 10.5

CREATE TABLE t1 (a INT) ENGINE = InnoDB;
 
SET SESSION wsrep_trx_fragment_size = 1;
 
INSERT INTO t1 VALUES(1);
 
BACKUP STAGE START;
 
SET SESSION wsrep_trx_fragment_unit='STATEMENTS';
 
SET GLOBAL wsrep_provider_options='repl.max_ws_size=128';
 
SET AUTOCOMMIT = OFF;
 
SAVEPOINT my_sp;
 
SET GLOBAL wsrep_provider_options='gmcast.isolate=1';
 
BACKUP STAGE BLOCK_DDL;

Leads to

10.5.19 81196469bbc6b8424c97a378e5fc5b16d40b43b5 (Debug)

 
Core was generated by `/test/GAL_MD270123-mariadb-10.5.19-linux-x86_64-dbg/bin/mysqld --defaults-file='.
 
Program terminated with signal SIGSEGV, Segmentation fault.
 
#0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=11)
 
    at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
 
[Current thread is 1 (Thread 0x154904081700 (LWP 1348713))]
 
(gdb) bt
 
#0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=11) at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
 
#1  0x000055a2b804d22c in my_write_core (sig=sig@entry=11) at /test/10.5_dbg/mysys/stacktrace.c:424
 
#2  0x000055a2b788d6c5 in handle_fatal_signal (sig=11) at /test/10.5_dbg/sql/signal_handler.cc:356
 
#3  <signal handler called>
 
#4  0x000055a2b7740746 in MDL_lock::incompatible_granted_types_bitmap (this=0x154880029770) at /test/10.5_dbg/sql/mdl.cc:1898
 
#5  MDL_ticket::has_stronger_or_equal_type (this=this@entry=0x154880020c10, type=type@entry=MDL_SHARED) at /test/10.5_dbg/sql/mdl.cc:1899
 
#6  0x000055a2b7742bd8 in MDL_context::upgrade_shared_lock (this=this@entry=0x154880000e90, mdl_ticket=0x154880020c10, new_type=new_type@entry=MDL_SHARED, lock_wait_timeout=86400) at /test/10.5_dbg/sql/mdl.cc:2590
 
#7  0x000055a2b77f73c6 in backup_flush (thd=0x154880000d48) at /test/10.5_dbg/sql/backup.cc:201
 
#8  run_backup_stage (thd=thd@entry=0x154880000d48, stage=BACKUP_WAIT_FOR_FLUSH) at /test/10.5_dbg/sql/backup.cc:113
 
#9  0x000055a2b75ff24d in mysql_execute_command (thd=thd@entry=0x154880000d48) at /test/10.5_dbg/sql/sql_parse.cc:5206
 
#10 0x000055a2b75e9c0b in mysql_parse (thd=thd@entry=0x154880000d48, rawbuf=rawbuf@entry=0x154880012d40 "BACKUP STAGE BLOCK_DDL", length=length@entry=22, parser_state=parser_state@entry=0x154904080310, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_dbg/sql/sql_parse.cc:8089
 
#11 0x000055a2b75e95ec in wsrep_mysql_parse (thd=thd@entry=0x154880000d48, rawbuf=0x154880012d40 "BACKUP STAGE BLOCK_DDL", length=22, parser_state=parser_state@entry=0x154904080310, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_dbg/sql/sql_parse.cc:7890
 
#12 0x000055a2b75f779c in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x154880000d48, packet=packet@entry=0x15488000a9a9 "BACKUP STAGE BLOCK_DDL", packet_length=packet_length@entry=22, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_dbg/sql/sql_class.h:1297
 
#13 0x000055a2b75f9feb in do_command (thd=0x154880000d48) at /test/10.5_dbg/sql/sql_parse.cc:1375
 
#14 0x000055a2b773566b in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55a2bade05a8, put_in_cache=put_in_cache@entry=true) at /test/10.5_dbg/sql/sql_connect.cc:1416
 
#15 0x000055a2b7735b3c in handle_one_connection (arg=0x55a2bade05a8) at /test/10.5_dbg/sql/sql_connect.cc:1318
 
#16 0x00001549176ed609 in start_thread (arg=<optimized out>) at pthread_create.c:477
 
#17 0x00001549172d9133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

10.6.12 81196469bbc6b8424c97a378e5fc5b16d40b43b5 (Optimized)

 
Core was generated by `/test/GAL_MD010223-mariadb-10.6.12-linux-x86_64-opt/bin/mysqld --defaults-file='.
 
Program terminated with signal SIGSEGV, Segmentation fault.
 
#0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=11)
 
    at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
 
[Current thread is 1 (Thread 0x146649bec700 (LWP 316058))]
 
(gdb) bt
 
#0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=11) at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
 
#1  0x000055a1ebd9d84f in my_write_core (sig=sig@entry=11) at /test/10.6_opt/mysys/stacktrace.c:424
 
#2  0x000055a1eb8df950 in handle_fatal_signal (sig=11) at /test/10.6_opt/sql/signal_handler.cc:357
 
#3  <signal handler called>
 
#4  0x000055a1eb7cce85 in MDL_ticket::has_stronger_or_equal_type (this=this@entry=0x1465f001a7b0, type=type@entry=MDL_SHARED) at /test/10.6_opt/sql/mdl.cc:1897
 
#5  0x000055a1eb7ce991 in MDL_context::upgrade_shared_lock (this=this@entry=0x1465f0000db0, mdl_ticket=0x1465f001a7b0, new_type=new_type@entry=MDL_SHARED, lock_wait_timeout=86400) at /test/10.6_opt/sql/mdl.cc:2589
 
#6  0x000055a1eb86b8b1 in backup_flush (thd=0x1465f0000c58) at /test/10.6_opt/sql/backup.cc:226
 
#7  run_backup_stage (thd=thd@entry=0x1465f0000c58, stage=<optimized out>) at /test/10.6_opt/sql/backup.cc:122
 
#8  0x000055a1eb6bfc5a in mysql_execute_command (thd=0x1465f0000c58, is_called_from_prepared_stmt=<optimized out>) at /test/10.6_opt/sql/sql_parse.cc:5147
 
#9  0x000055a1eb6af266 in mysql_parse (rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, thd=0x1465f0000c58) at /test/10.6_opt/sql/sql_parse.cc:8019
 
#10 mysql_parse (thd=0x1465f0000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/10.6_opt/sql/sql_parse.cc:7941
 
#11 0x000055a1eb6aeb11 in wsrep_mysql_parse (thd=0x1465f0000c58, rawbuf=0x1465f0010690 "BACKUP STAGE BLOCK_DDL", length=22, parser_state=0x146649beb410) at /test/10.6_opt/sql/sql_parse.cc:7831
 
#12 0x000055a1eb6bc34d in dispatch_command (command=COM_QUERY, thd=0x1465f0000c58, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/10.6_opt/sql/sql_parse.cc:1979
 
#13 0x000055a1eb6bcfbe in do_command (thd=0x1465f0000c58, blocking=blocking@entry=true) at /test/10.6_opt/sql/sql_parse.cc:1409
 
#14 0x000055a1eb7c4a37 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55a1ef1f4558, put_in_cache=put_in_cache@entry=true) at /test/10.6_opt/sql/sql_connect.cc:1416
 
#15 0x000055a1eb7c4d1d in handle_one_connection (arg=0x55a1ef1f4558) at /test/10.6_opt/sql/sql_connect.cc:1318
 
#16 0x000014666183c609 in start_thread (arg=<optimized out>) at pthread_create.c:477
 
#17 0x0000146661428133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Comment by Jan Lindström [ 2023-06-22 ]

I can't reproduce both of the cases in 10.4 commit f5dceafd and in 10.5 commit 0b61f4e0e

Generated at Thu Feb 08 09:43:37 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.