[MDEV-27470] SEGV around trx_undo_report_row_operation storage/innobase/trx/trx0rec.cc:2191 Created: 2022-01-11  Updated: 2022-10-31  Resolved: 2022-10-31

Status: Closed
Project: MariaDB Server
Component/s: Storage Engine - InnoDB
Affects Version/s: 10.7.2
Fix Version/s: 10.7.5

Type: Bug Priority: Major
Reporter: Matthias Leich Assignee: Matthias Leich
Resolution: Duplicate Votes: 0
Labels: need_rr

Attachments: File TBR-1316-mini.yy     File TBR-1316.cfg    
Issue Links:
Duplicate
is duplicated by MDEV-28242 Assertion `!check_foreigns' failed in... Closed
Relates
relates to MDEV-27953 Assertion `!check_unique_secondary' f... Closed
relates to MDEV-27971 SIGSEGV in trx_undo_build_roll_ptr on... Closed

 Description    

 
 
origin/10.7 ce663ad4e4bf71d85cb4cd5b04b0b915881c80f2 2022-01-04T15:54:19+02:00
 
 
 
sdp:/data/results/1641893212/TBR-1316/dev/shm/rqg/1641893212/121/1/rr
 
(rr) bt
 
#0  0x00005619495fb5d1 in trx_undo_report_row_operation (thr=0x6210002e8960, index=0x61600230e908, clust_entry=0x6160022fc308, update=0x0, cmpl_info=0, rec=0x0, offsets=0x0, roll_ptr=0x0) at /data/Server/10.7/storage/innobase/trx/trx0rec.cc:2191
 
#1  0x0000561949491aa7 in row_ins_clust_index_entry_low (flags=0, mode=2, index=0x61600230e908, n_uniq=1, entry=0x6160022fc308, n_ext=0, thr=0x6210002e8960) at /data/Server/10.7/storage/innobase/row/row0ins.cc:2675
 
#2  0x0000561949494b44 in row_ins_clust_index_entry (index=0x61600230e908, entry=0x6160022fc308, thr=0x6210002e8960, n_ext=0) at /data/Server/10.7/storage/innobase/row/row0ins.cc:3247
 
#3  0x00005619494955b7 in row_ins_index_entry (index=0x61600230e908, entry=0x6160022fc308, thr=0x6210002e8960) at /data/Server/10.7/storage/innobase/row/row0ins.cc:3384
 
#4  0x0000561949496627 in row_ins_index_entry_step (node=0x6210002e8430, thr=0x6210002e8960) at /data/Server/10.7/storage/innobase/row/row0ins.cc:3552
 
#5  0x0000561949496fe6 in row_ins (node=0x6210002e8430, thr=0x6210002e8960) at /data/Server/10.7/storage/innobase/row/row0ins.cc:3698
 
#6  0x000056194949810e in row_ins_step (thr=0x6210002e8960) at /data/Server/10.7/storage/innobase/row/row0ins.cc:3844
 
#7  0x00005619494db102 in row_insert_for_mysql (mysql_rec=0x61a0001842b8 "\350\212\005", prebuilt=0x6210002e7d88, ins_mode=ROW_INS_NORMAL) at /data/Server/10.7/storage/innobase/row/row0mysql.cc:1318
 
#8  0x000056194914f8c7 in ha_innobase::write_row (this=0x61d0009682b8, record=0x61a0001842b8 "\350\212\005") at /data/Server/10.7/storage/innobase/handler/ha_innodb.cc:7823
 
#9  0x00005619488e0176 in handler::ha_write_row (this=0x61d0009682b8, buf=0x61a0001842b8 "\350\212\005") at /data/Server/10.7/sql/handler.cc:7516
 
#10 0x0000561948001e95 in write_record (thd=0x62b0001ea218, table=0x619000467d98, info=0x7f0b58856ee0, sink=0x0) at /data/Server/10.7/sql/sql_insert.cc:2156
 
#11 0x0000561947ffa61a in mysql_insert (thd=0x62b0001ea218, table_list=0x629000d985c0, fields=..., values_list=..., update_fields=..., update_values=..., duplic=DUP_ERROR, ignore=false, result=0x0) at /data/Server/10.7/sql/sql_insert.cc:1127
 
#12 0x00005619480b6983 in mysql_execute_command (thd=0x62b0001ea218, is_called_from_prepared_stmt=false) at /data/Server/10.7/sql/sql_parse.cc:4562
 
#13 0x00005619480cdc01 in mysql_parse (thd=0x62b0001ea218, 
    rawbuf=0x629000d98238 "INSERT INTO t5 (col1,col2, col_int, col_string, col_text) VALUES /* 1418 */ (1418,1418,1418,REPEAT(SUBSTR(CAST( 1418 AS CHAR),1,1), 10),REPEAT(SUBSTR(CAST( 1418 AS CHAR),1,1), @fill_amount) ), (1418,1"..., length=344, 
    parser_state=0x7f0b58857b20) at /data/Server/10.7/sql/sql_parse.cc:8027
 
#14 0x00005619480a5ff2 in dispatch_command (command=COM_QUERY, thd=0x62b0001ea218, 
    packet=0x629000d8e219 " INSERT INTO t5 (col1,col2, col_int, col_string, col_text) VALUES /* 1418 */ (1418,1418,1418,REPEAT(SUBSTR(CAST( 1418 AS CHAR),1,1), 10),REPEAT(SUBSTR(CAST( 1418 AS CHAR),1,1), @fill_amount) ), (1418,"..., packet_length=346, 
    blocking=true) at /data/Server/10.7/sql/sql_parse.cc:1894
 
#15 0x00005619480a33ca in do_command (thd=0x62b0001ea218, blocking=true) at /data/Server/10.7/sql/sql_parse.cc:1402
 
#16 0x00005619484d6624 in do_handle_one_connection (connect=0x608000006cb8, put_in_cache=true) at /data/Server/10.7/sql/sql_connect.cc:1418
 
#17 0x00005619484d5eb0 in handle_one_connection (arg=0x608000006cb8) at /data/Server/10.7/sql/sql_connect.cc:1312
 
#18 0x00007f0b7892e609 in start_thread (arg=<optimized out>) at pthread_create.c:477
 
#19 0x00007f0b78501293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
 
(rr)
 
 
 
# 2022-01-11T02:40:36 [1721018] | [rr 1725365 42951]Query (0x629000d98238): INSERT INTO t5 (col1,col2, col_int, col_string, col_text) VALUES /* 1418 */ (1418,1418,1418,REPEAT(SUBSTR(CAST( 1418 AS CHAR),1,1), 10),REPEAT(SUBSTR(CAST( 1418 AS CHAR),1,1), @fill_amount) ), (1418,1418,1418,REPEAT(SUBSTR(CAST( 1418 AS CHAR),1,1), 10),REPEAT(SUBSTR(CAST( 1418 AS CHAR),1,1), @fill_amount) )
 
# 2022-01-11T02:40:36 [1721018] | [rr 1725365 43645]Status: KILL_TIMEOUT
 
 
 
RQG
 
-------
 
# git clone https://github.com/mleich1/rqg --branch experimental RQG
 
#
 
# GIT_SHOW: HEAD -> experimental, origin/experimental eeff403b3c0b2930aa335c6da27992ff14db5e6a 2022-01-07T10:39:28+01:00
 
# rqg.pl  : Version 4.0.4 (2021-12)
 
#
 
# $RQG_HOME/rqg.pl \
 
# --grammar=conf/mariadb/table_stress_innodb_nocopy1.yy \
 
# --gendata=conf/mariadb/table_stress.zz \
 
# --gendata_sql=conf/mariadb/table_stress.sql \
 
# --redefine=conf/mariadb/xa.yy \
 
# --redefine=conf/mariadb/redefine_checks_off.yy \
 
# --mysqld=--loose-innodb_lock_schedule_algorithm=fcfs \
 
# --mysqld=--loose-idle_write_transaction_timeout=0 \
 
# --mysqld=--loose-idle_transaction_timeout=0 \
 
# --mysqld=--loose-idle_readonly_transaction_timeout=0 \
 
# --mysqld=--connect_timeout=60 \
 
# --mysqld=--interactive_timeout=28800 \
 
# --mysqld=--slave_net_timeout=60 \
 
# --mysqld=--net_read_timeout=30 \
 
# --mysqld=--net_write_timeout=60 \
 
# --mysqld=--loose-table_lock_wait_timeout=50 \
 
# --mysqld=--wait_timeout=28800 \
 
# --mysqld=--lock-wait-timeout=86400 \
 
# --mysqld=--innodb-lock-wait-timeout=50 \
 
# --no-mask \
 
# --queries=10000000 \
 
# --seed=random \
 
# --reporters=Backtrace \
 
# --reporters=ErrorLog \
 
# --reporters=Deadlock1 \
 
# --validators=None \
 
# --mysqld=--log_output=none \
 
# --mysqld=--log_bin_trust_function_creators=1 \
 
# --mysqld=--loose-debug_assert_on_not_freed_memory=0 \
 
# --engine=InnoDB \
 
# --restart_timeout=240 \
 
# --mysqld=--plugin-load-add=file_key_management.so \
 
# --mysqld=--loose-file-key-management-filename=$RQG_HOME/conf/mariadb/encryption_keys.txt \
 
# --mysqld=--plugin-load-add=provider_lzo.so \
 
# --mysqld=--plugin-load-add=provider_bzip2.so \
 
# --mysqld=--plugin-load-add=provider_lzma \
 
# --mysqld=--plugin-load-add=provider_snappy \
 
# --mysqld=--plugin-load-add=provider_lz4 \
 
# --duration=300 \
 
# --mysqld=--loose-innodb_fatal_semaphore_wait_threshold=300 \
 
# --mysqld=--loose-innodb_read_only_compressed=OFF \
 
# --mysqld=--innodb_stats_persistent=on \
 
# --mysqld=--innodb_adaptive_hash_index=on \
 
# --mysqld=--log-bin \
 
# --mysqld=--sync-binlog=1 \
 
# --mysqld=--loose-innodb_evict_tables_on_commit_debug=off \
 
# --mysqld=--loose-max-statement-time=30 \
 
# --threads=9 \
 
# --mysqld=--innodb-use-native-aio=0 \
 
# --mysqld=--loose-gdb \
 
# --mysqld=--loose-debug-gdb \
 
# --rr=Extended \
 
# --rr_options=--wait \
 
# --mysqld=--innodb_rollback_on_timeout=OFF \
 
# --vardir_type=fast \
 
# --mysqld=--innodb_page_size=4K \
 
# --mysqld=--innodb-buffer-pool-size=5M \
 
# --no_mask \
 
# --batch \
 
# <local settings>



 Comments   
Comment by Marko Mäkelä [ 2022-01-11 ]

This seems to be related to MDEV-515. roll_ptr is being assigned to, even though it is a null pointer:

10.7 ce663ad4e4bf71d85cb4cd5b04b0b915881c80f2

 
Thread 3 received signal SIGSEGV, Segmentation fault.
 
[Switching to Thread 1725365.1729024]
 
0x00005619495fb5d1 in trx_undo_report_row_operation (thr=0x6210002e8960, 
    index=0x61600230e908, clust_entry=0x6160022fc308, update=0x0, cmpl_info=0, 
    rec=0x0, offsets=0x0, roll_ptr=0x0)
 
    at /data/Server/10.7/storage/innobase/trx/trx0rec.cc:2191
 
2191					*roll_ptr = trx_undo_build_roll_ptr(
 
(rr) p thr.graph.trx.check_foreigns 
$1 = false
 
(rr) p thr.graph.trx.check_unique_secondary 
$2 = false
 
(rr) p roll_ptr
 
$3 = (roll_ptr_t *) 0x0

Comment by Thirunarayanan Balathandayuthapani [ 2022-08-02 ]

MDEV-24621 patches has been fixed in recent 10.7 version. Please test it in latest version.

Comment by Matthias Leich [ 2022-09-14 ] 

TBR-1316.cfg the configuration file for the RQG test simplifier.
 
TBR-1316-mini.yy is a simplified version of the RQG grammar.
 
Both replay the bug above quite fast on some old
 
origin/10.7 182bf9b333e397b3b1e3293ff20e38c24b19e4a3 2021-12-04T13:23:14+02:00
 
The attempts to replay the bug on
 
origin/10.7 f3785f099c2f0f251f39632928e822328abe9a02 2022-09-13T08:48:40+03:00
 
were given up after a few thousand RQG tests.

Generated at Thu Feb 08 09:53:09 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.