[MDEV-26891] Server crashes in Field::register_field_in_read_map upon INSERT DELAYED with virtual columns Created: 2021-10-22  Updated: 2023-11-28

Status: Confirmed
Project: MariaDB Server
Component/s: Virtual Columns
Affects Version/s: 10.4, 10.11.1, 10.5, 10.6, 10.7, 10.8, 10.9, 10.10
Fix Version/s: 10.4, 10.5, 10.6, 10.11

Type: Bug Priority: Major
Reporter: Elena Stepanova Assignee: Nikita Malyavin
Resolution: Unresolved Votes: 0
Labels: None


 Description    

CREATE TABLE t (
 
  id INT AUTO_INCREMENT,
 
  a varchar(16) NOT NULL DEFAULT '',
 
  b varchar(16) GENERATED ALWAYS AS (a) VIRTUAL,
 
  KEY `col_year` (b(8),id)
 
) ENGINE=MyISAM;
 
 
 
INSERT DELAYED INTO t (a) VALUES ('foo'),('bar');
 
 
 
# Cleanup
 
DROP TABLE t;

10.5 f1ba07a0

 
#3  <signal handler called>
 
#4  0x0000565526134adc in Field::register_field_in_read_map (this=0x7f9b50017498) at /data/src/10.5/sql/field.cc:11277
 
#5  0x0000565525f34fb7 in do_mark_index_columns (table=0x7f9b50016c80, index=0, bitmap=0x7f9b50016db0, read=true) at /data/src/10.5/sql/table.cc:7204
 
#6  0x0000565525f3f39a in TABLE::mark_index_columns_for_read (this=0x7f9b50016c80, index=0) at /data/src/10.5/sql/table.cc:7224
 
#7  0x0000565525f35168 in TABLE::mark_auto_increment_column (this=0x7f9b50016c80) at /data/src/10.5/sql/table.cc:7245
 
#8  0x0000565525f357c6 in TABLE::mark_columns_needed_for_insert (this=0x7f9b50016c80) at /data/src/10.5/sql/table.cc:7442
 
#9  0x0000565525d8db39 in mysql_insert (thd=0x7f9b50000db8, table_list=0x7f9b50015408, fields=..., values_list=..., update_fields=..., update_values=..., duplic=DUP_ERROR, ignore=false, result=0x0) at /data/src/10.5/sql/sql_insert.cc:945
 
#10 0x0000565525de23af in mysql_execute_command (thd=0x7f9b50000db8) at /data/src/10.5/sql/sql_parse.cc:4624
 
#11 0x0000565525dedeaa in mysql_parse (thd=0x7f9b50000db8, rawbuf=0x7f9b50015300 "INSERT DELAYED INTO t (a) VALUES ('foo'),('bar')", length=48, parser_state=0x7f9b6078d490, is_com_multi=false, is_next_command=false) at /data/src/10.5/sql/sql_parse.cc:8100
 
#12 0x0000565525dd9e1d in dispatch_command (command=COM_QUERY, thd=0x7f9b50000db8, packet=0x7f9b5000b5b9 "INSERT DELAYED INTO t (a) VALUES ('foo'),('bar')", packet_length=48, is_com_multi=false, is_next_command=false) at /data/src/10.5/sql/sql_parse.cc:1891
 
#13 0x0000565525dd860f in do_command (thd=0x7f9b50000db8) at /data/src/10.5/sql/sql_parse.cc:1370
 
#14 0x0000565525f89b84 in do_handle_one_connection (connect=0x5655290f6168, put_in_cache=true) at /data/src/10.5/sql/sql_connect.cc:1418
 
#15 0x0000565525f89837 in handle_one_connection (arg=0x565528ffcd78) at /data/src/10.5/sql/sql_connect.cc:1312
 
#16 0x00005655264afb19 in pfs_spawn_thread (arg=0x5655290f5b38) at /data/src/10.5/storage/perfschema/pfs.cc:2201
 
#17 0x00007f9b66437609 in start_thread (arg=<optimized out>) at pthread_create.c:477
 
#18 0x00007f9b6600a293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Reproducible on 10.5+, but on some reason not on 10.2-10.4.

The failure has some relation to MDEV-26220, but due to the complicated history of the bugfix I can't find out whether it fixed the problem in 10.2-10.4 but not in 10.5, or introduced the problem in 10.5, or something else happened.

 Comments   
Comment by Daniel Black [ 2021-11-23 ]

https://github.com/MariaDB/server/pull/1943 had a fix, while kind of messy. I've cleaned it up in bb-10.5-danielblack-MDEV-26891-delay-insert-virt-crash-pr1943

I think the fix is currently incomplete. The expr drops off between these two points in the vcol_info.

(gdb) c 
Continuing.
 
[New Thread 0x7ffff1b9b640 (LWP 89140)]
 
[Switching to Thread 0x7ffff1b9b640 (LWP 89140)]
 
 
 
Thread 7 "mariadbd" hit Breakpoint 1, open_table_from_share (thd=0x7fffe0117ad8, share=0x7fffd4001260, alias=0x7fffe011e588, db_stat=33, prgflag=8, ha_open_flags=16, outparam=0x7fffd4004488, is_create_table=false, partitions_to_open=0x0) at /home/dan/repos/mariadb-server-10.5/sql/table.cc:4114
 
4114              kp.field->vcol_info = outparam->field[kp.fieldnr - 1]->vcol_info;
 
(gdb) n
 
4116          }
 
(gdb) p kp.field
 
$4 = (Field_varstring *) 0x7fffd40056d0
 
(gdb) watch  *kp.field->vcol_info
 
Watchpoint 4: *kp.field->vcol_info
 
(gdb) p  *kp.field->vcol_info
 
$5 = {<Sql_alloc> = {<No data fields>}, <Type_handler_hybrid_field_type> = {m_type_handler = 0x22876d0 <type_handler_null>}, vcol_type = VCOL_GENERATED_VIRTUAL, in_partitioning_expr = false, stored_in_db = false, utf8 = true, automatic_name = false, expr = 0x7fffd4005800, name = {<Lex_cstring> = {<st_mysql_const_lex_string> = {str = 0x7fffd4002148 "b", length = 1}, <No data fields>}, <No data fields>}, flags = 1}
 
(gdb) c
 
Continuing.
 
 
 
Thread 7 "mariadbd" hit Breakpoint 2, Field::register_field_in_read_map (this=0x7fffd40056d0) at /home/dan/repos/mariadb-server-10.5/sql/field.cc:11274
 
11274     if (vcol_info && vcol_info->expr)
 
(gdb) p vcol_info
 
$6 = (Virtual_column_info *) 0x7fffd4005940
 
(gdb) p *vcol_info
 
$7 = {<Sql_alloc> = {<No data fields>}, <Type_handler_hybrid_field_type> = {m_type_handler = 0x22876d0 <type_handler_null>}, vcol_type = VCOL_GENERATED_VIRTUAL, in_partitioning_expr = false, stored_in_db = false, utf8 = true, automatic_name = false, expr = 0x7fffd4005800, name = {<Lex_cstring> = {<st_mysql_const_lex_string> = {str = 0x7fffd4002148 "b", length = 1}, <No data fields>}, <No data fields>}, flags = 1}
 
(gdb) bt
 
#0  Field::register_field_in_read_map (this=0x7fffd40056d0) at /home/dan/repos/mariadb-server-10.5/sql/field.cc:11274
 
#1  0x0000000000a67f2b in do_mark_index_columns (table=0x7fffd4004488, index=0, bitmap=0x7fffd40045b8, read=true) at /home/dan/repos/mariadb-server-10.5/sql/table.cc:7209
 
#2  0x0000000000a693b7 in TABLE::mark_index_columns_for_read (this=0x7fffd4004488, index=0) at /home/dan/repos/mariadb-server-10.5/sql/table.cc:7229
 
#3  0x0000000000a5ee55 in TABLE::mark_auto_increment_column (this=0x7fffd4004488) at /home/dan/repos/mariadb-server-10.5/sql/table.cc:7250
 
#4  0x0000000000a5ffb9 in TABLE::mark_columns_needed_for_insert (this=0x7fffd4004488) at /home/dan/repos/mariadb-server-10.5/sql/table.cc:7447
 
#5  0x000000000088b2a9 in handle_delayed_insert (arg=0x7fffe0117ab8) at /home/dan/repos/mariadb-server-10.5/sql/sql_insert.cc:3187
 
#6  0x00000000010781ff in pfs_spawn_thread (arg=0x318c918) at /home/dan/repos/mariadb-server-10.5/storage/perfschema/pfs.cc:2201
 
#7  0x00007ffff78ab299 in start_thread () from /lib64/libpthread.so.0
 
#8  0x00007ffff7590353 in clone () from /lib64/libc.so.6
 
(gdb) p *vcol_info
 
$8 = {<Sql_alloc> = {<No data fields>}, <Type_handler_hybrid_field_type> = {m_type_handler = 0x22876d0 <type_handler_null>}, vcol_type = VCOL_GENERATED_VIRTUAL, in_partitioning_expr = false, stored_in_db = false, utf8 = true, automatic_name = false, expr = 0x7fffd4005800, name = {<Lex_cstring> = {<st_mysql_const_lex_string> = {str = 0x7fffd4002148 "b", length = 1}, <No data fields>}, <No data fields>}, flags = 1}
 
(gdb) c
 
Continuing.
 
 
 
Thread 7 "mariadbd" hit Breakpoint 2, Field::register_field_in_read_map (this=0x7fffd40049b0) at /home/dan/repos/mariadb-server-10.5/sql/field.cc:11274
 
11274     if (vcol_info && vcol_info->expr)
 
(gdb) bt
 
#0  Field::register_field_in_read_map (this=0x7fffd40049b0) at /home/dan/repos/mariadb-server-10.5/sql/field.cc:11274
 
#1  0x0000000000a67f2b in do_mark_index_columns (table=0x7fffd4004488, index=0, bitmap=0x7fffd40045b8, read=true) at /home/dan/repos/mariadb-server-10.5/sql/table.cc:7209
 
#2  0x0000000000a693b7 in TABLE::mark_index_columns_for_read (this=0x7fffd4004488, index=0) at /home/dan/repos/mariadb-server-10.5/sql/table.cc:7229
 
#3  0x0000000000a5ee55 in TABLE::mark_auto_increment_column (this=0x7fffd4004488) at /home/dan/repos/mariadb-server-10.5/sql/table.cc:7250
 
#4  0x0000000000a5ffb9 in TABLE::mark_columns_needed_for_insert (this=0x7fffd4004488) at /home/dan/repos/mariadb-server-10.5/sql/table.cc:7447
 
#5  0x000000000088b2a9 in handle_delayed_insert (arg=0x7fffe0117ab8) at /home/dan/repos/mariadb-server-10.5/sql/sql_insert.cc:3187
 
#6  0x00000000010781ff in pfs_spawn_thread (arg=0x318c918) at /home/dan/repos/mariadb-server-10.5/storage/perfschema/pfs.cc:2201
 
#7  0x00007ffff78ab299 in start_thread () from /lib64/libpthread.so.0
 
#8  0x00007ffff7590353 in clone () from /lib64/libc.so.6
 
(gdb) p *vcol_info
 
Cannot access memory at address 0x0
 
(gdb) c
 
Continuing.
 
[Switching to Thread 0x7ffff1be6640 (LWP 89031)]
 
 
 
Thread 6 "mariadbd" hit Breakpoint 2, Field::register_field_in_read_map (this=0x7fffe0017498) at /home/dan/repos/mariadb-server-10.5/sql/field.cc:11274
 
11274     if (vcol_info && vcol_info->expr)
 
(gdb) p *vcol_info
 
$9 = {<Sql_alloc> = {<No data fields>}, <Type_handler_hybrid_field_type> = {m_type_handler = 0x22876d0 <type_handler_null>}, vcol_type = VCOL_GENERATED_VIRTUAL, in_partitioning_expr = false, stored_in_db = false, utf8 = true, automatic_name = false, expr = 0x0, name = {<Lex_cstring> = {<st_mysql_const_lex_string> = {str = 0x7fffd4002148 "b", length = 1}, <No data fields>}, <No data fields>}, flags = 1}
 
(gdb) p vcol_info
 
$10 = (Virtual_column_info *) 0x7fffe0017368
 
(gdb) bt
 
#0  Field::register_field_in_read_map (this=0x7fffe0017498) at /home/dan/repos/mariadb-server-10.5/sql/field.cc:11274
 
#1  0x0000000000a67f2b in do_mark_index_columns (table=0x7fffe0016c80, index=0, bitmap=0x7fffe0016db0, read=true) at /home/dan/repos/mariadb-server-10.5/sql/table.cc:7209
 
#2  0x0000000000a693b7 in TABLE::mark_index_columns_for_read (this=0x7fffe0016c80, index=0) at /home/dan/repos/mariadb-server-10.5/sql/table.cc:7229
 
#3  0x0000000000a5ee55 in TABLE::mark_auto_increment_column (this=0x7fffe0016c80) at /home/dan/repos/mariadb-server-10.5/sql/table.cc:7250
 
#4  0x0000000000a5ffb9 in TABLE::mark_columns_needed_for_insert (this=0x7fffe0016c80) at /home/dan/repos/mariadb-server-10.5/sql/table.cc:7447
 
#5  0x00000000008839e9 in mysql_insert (thd=0x7fffe0000db8, table_list=0x7fffe0015408, fields=@0x7fffe0005e38: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x7fffe0015c30, last = 0x7fffe0015c30, elements = 1}, <No data fields>}, values_list=@0x7fffe0005e80: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x7fffe0016198, last = 0x7fffe0016278, elements = 2}, <No data fields>}, update_fields=@0x7fffe0005e68: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x2258f08 <end_of_list>, last = 0x7fffe0005e68, elements = 0}, <No data fields>}, update_values=@0x7fffe0005e50: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x2258f08 <end_of_list>, last = 0x7fffe0005e50, elements = 0}, <No data fields>}, duplic=DUP_ERROR, ignore=false, result=0x0) at /home/dan/repos/mariadb-server-10.5/sql/sql_insert.cc:945
 
#6  0x00000000008e8670 in mysql_execute_command (thd=0x7fffe0000db8) at /home/dan/repos/mariadb-server-10.5/sql/sql_parse.cc:4624
 
#7  0x00000000008dc3ff in mysql_parse (thd=0x7fffe0000db8, rawbuf=0x7fffe0015300 "INSERT DELAYED INTO t (a) VALUES ('foo'),('bar')", length=48, parser_state=0x7ffff1be4b38, is_com_multi=false, is_next_command=false) at /home/dan/repos/mariadb-server-10.5/sql/sql_parse.cc:8100
 
#8  0x00000000008d87be in dispatch_command (command=COM_QUERY, thd=0x7fffe0000db8, packet=0x7fffe000b5b9 "INSERT DELAYED INTO t (a) VALUES ('foo'),('bar')", packet_length=48, is_com_multi=false, is_next_command=false) at /home/dan/repos/mariadb-server-10.5/sql/sql_parse.cc:1891
 
#9  0x00000000008dd3c0 in do_command (thd=0x7fffe0000db8) at /home/dan/repos/mariadb-server-10.5/sql/sql_parse.cc:1370
 
#10 0x0000000000abac10 in do_handle_one_connection (connect=0x318cf48, put_in_cache=true) at /home/dan/repos/mariadb-server-10.5/sql/sql_connect.cc:1418
 
#11 0x0000000000aba89a in handle_one_connection (arg=0x309cb78) at /home/dan/repos/mariadb-server-10.5/sql/sql_connect.cc:1312
 
#12 0x00000000010781ff in pfs_spawn_thread (arg=0x318c918) at /home/dan/repos/mariadb-server-10.5/storage/perfschema/pfs.cc:2201
 
#13 0x00007ffff78ab299 in start_thread () from /lib64/libpthread.so.0
 
#14 0x00007ffff7590353 in clone () from /lib64/libc.so.6

Comment by Alice Sherepa [ 2023-05-10 ]

test, that is failing on 10.4 as well: (10.4-11.0)

CREATE TABLE t1 ( id int AUTO_INCREMENT, a binary(3), b varbinary(32), vb varbinary(32) AS (b), KEY (a,id,vb(6))) ENGINE=MyISAM;
 
INSERT  DELAYED INTO t1 () VALUES ();


230510 12:13:01 [ERROR] mysqld got signal 11 ;
 
Server version: 10.4.29-MariaDB-debug-log source revision: 84b9fc25a29b94a37eb9d5ac2e2c0f75c0efafda
 
 
 
sql/signal_handler.cc:238(handle_fatal_signal)[0x55c5b5ad0a9b]
 
sigaction.c:0(__restore_rt)[0x7f1bfb602420]
 
sql/field.cc:11486(Field::register_field_in_read_map())[0x55c5b5a98c2d]
 
sql/table.cc:7119(do_mark_index_columns(TABLE*, unsigned int, st_bitmap*, bool))[0x55c5b565b028]
 
sql/table.cc:7140(TABLE::mark_index_columns_for_read(unsigned int))[0x55c5b5675d4b]
 
sql/table.cc:7161(TABLE::mark_auto_increment_column())[0x55c5b565b51a]
 
sql/table.cc:7358(TABLE::mark_columns_needed_for_insert())[0x55c5b565c983]
 
sql/sql_insert.cc:918(mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicates, bool))[0x55c5b525f902]
 
sql/sql_parse.cc:4603(mysql_execute_command(THD*))[0x55c5b531dd04]
 
sql/sql_parse.cc:7998(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x55c5b5335d6d]
 
sql/sql_parse.cc:1860(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x55c5b530c3ac]
 
sql/sql_parse.cc:1378(do_command(THD*))[0x55c5b5308ee1]
 
sql/sql_connect.cc:1420(do_handle_one_connection(CONNECT*))[0x55c5b5715439]
 
sql/sql_connect.cc:1325(handle_one_connection)[0x55c5b5714cdd]
 
perfschema/pfs.cc:1871(pfs_spawn_thread)[0x55c5b63b873c]
 
nptl/pthread_create.c:478(start_thread)[0x7f1bfb5f6609]
 
/lib/x86_64-linux-gnu/libc.so.6(clone+0x43)[0x7f1bfb1c7133]
 
 
 
Query (0x62b0000b6290): INSERT  DELAYED INTO t1 () VALUES ()

Generated at Thu Feb 08 09:48:44 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.