1. 19 Mar, 2024 4 commits
  2. 18 Mar, 2024 2 commits
  3. 15 Mar, 2024 2 commits
    • mariadb-DebarunBanerjee's avatar
      MDEV-31154 Fatal InnoDB error or assertion `!is_v' failure upon multi-update... · d912a636
      mariadb-DebarunBanerjee authored
      MDEV-31154 Fatal InnoDB error or assertion `!is_v' failure upon multi-update with indexed virtual column
      MDEV-33558 Fatal error InnoDB: Clustered record field for column x not found
      
      This is issue is about row ID filtering used with index on virtual
      column(s). We hit debug assert and crash while building the record
      template in Innodb. The primary reason is that we try to force the code
      path to use the ICP path. With ICP, we don't support index with virtual
      column and we validate it while index condition is pushed.
      
      Simplify the code for building template to handle both ICP and Row ID
      filtering by skipping virtual columns.
      d912a636
    • Thirunarayanan Balathandayuthapani's avatar
      MDEV-33214 Table is getting rebuild with ALTER TABLE ADD COLUMN · f5df4482
      Thirunarayanan Balathandayuthapani authored
      Problem:
      ======
      - InnoDB fail to do instant operation while adding the variable
      length column. Problem is that InnoDB wrongly assumes that
      variable character length can never part of externally stored
      page.
      
      Solution:
      ========
      instant_alter_column_possible(): Variable length
      character field can be stored as externally stored page.
      f5df4482
  4. 14 Mar, 2024 3 commits
    • Kristian Nielsen's avatar
      MDEV-10793: MDEV-33292: main.kill_processlist-6619 fails sporadically in buildbot · ef7abc88
      Kristian Nielsen authored
      There were several races in the main.kill_processlist-6619 testcase:
      
       - Lingering connections from a previous test case could be visible in SHOW
         PROCESSLIST and cause .result diff.
       - A sync point "dispatch_command_end" was ineffective, as it was consumed at
         the end of the SET DEBUG command itself.
       - The signal from sync point "before_execute_sql_command" could override an
         earlier signal, causing DEBUG_SYNC timeout and test failure.
       - The final SHOW PROCESSLIST could occasionally see a connection in state
         "Busy" instead of the expected "Sleep".
      Signed-off-by: default avatarKristian Nielsen <knielsen@knielsen-hq.org>
      ef7abc88
    • Monty's avatar
      Fixed random failure in main.kill_processlist-6619 · ae063e4f
      Monty authored
      The problem was that SHOW PROCESSLIST was done before the command of
      the default connection was cleared.
      
      Reviewer: Sergei Golubchik <serg@mariadb.org>
      ae063e4f
    • Dmitry Shulga's avatar
      MDEV-33218: Assertion `active_arena->is_stmt_prepare_or_first_stmt_execute()... · d7758deb
      Dmitry Shulga authored
      MDEV-33218: Assertion `active_arena->is_stmt_prepare_or_first_stmt_execute() || active_arena->state == Query_arena::STMT_SP_QUERY_ARGUMENTS' failed in st_select_lex::fix_prepare_information
      
      In case there is a view that queried from a stored routine or
      a prepared statement and this temporary table is dropped between
      executions of SP/PS, then it leads to hitting an assertion
      at the SELECT_LEX::fix_prepare_information. The fired assertion
       was added by the commit 85f2e4f8
      (MDEV-32466: Potential memory leak on executing of create view statement).
      Firing of this assertion means memory leaking on execution of SP/PS.
      Moreover, if the added assert be commented out, different result sets
      can be produced by the statement SELECT * FROM the hidden table.
      
      Both hitting the assertion and different result sets have the same root
      cause. This cause is usage of temporary table's metadata after the table
      itself has been dropped. To fix the issue, reload the cache of stored
      routines. To do it  cache of stored routines is reset at the end of
      execution of the function dispatch_command(). Next time any stored routine
      be called it will be loaded from the table mysql.proc. This happens inside
      the method Sp_handler::sp_cache_routine where loading of a stored routine
      is performed in case it missed in cache. Loading is performed unconditionally
      while previously it was controlled by the parameter lookup_only. By that
      reason the signature of the method Sroutine_hash_entry::sp_cache_routine
      was changed by removing unused parameter lookup_only.
      
      Clearing of sp caches affects the test main.lock_sync since it forces
      opening and locking the table mysql.proc but the test assumes that each
      statement locks its tables once during its execution. To keep this invariant
      the debug sync points with names "before_lock_tables_takes_lock" and
      "after_lock_tables_takes_lock" are not activated on handling the table
      mysql.proc
      d7758deb
  5. 13 Mar, 2024 3 commits
  6. 12 Mar, 2024 1 commit
    • Dmitry Shulga's avatar
      MDEV-33549: Incorrect handling of UPDATE in PS mode in case a table's colum declared as NOT NULL · 428a6731
      Dmitry Shulga authored
      UPDATE statement that is run in PS mode and uses positional parameter
      handles columns declared with the clause DEFAULT NULL incorrectly in
      case the clause DEFAULT is passed as actual value for the positional
      parameter of the prepared statement. Similar issue happens in case
      an expression specified in the DEFAULT clause of table's column definition.
      
      The reason for incorrect processing of columns declared as DEFAULT NULL
      is that setting of null flag for a field being updated was missed
      in implementation of the method Item_param::assign_default().
      The reason for incorrect handling of an expression in DEFAULT clause is
      also missed saving of a field inside implementation of the method
      Item_param::assign_default().
      428a6731
  7. 11 Mar, 2024 3 commits
  8. 08 Mar, 2024 1 commit
    • Daniele Sciascia's avatar
      MDEV-33540 Avoid writes to TRX_SYS page during mariabackup operations · 648d2da8
      Daniele Sciascia authored
      Fix a scenario where `mariabackup --prepare` fails with assertion
      `!m_modifications || !recv_no_log_write'  in `mtr_t::commit()`. This
      happens if the prepare step of the backup encounters a data directory
      which happens to store wsrep xid position in TRX SYS page (this is no
      longer the case since 10.3.5). And since MDEV-17458,
      `trx_rseg_array_init()` handles this case by copying the xid position
      to rollback segments, before clearing the xid from TRX SYS page.
      However, this step should be avoided when `trx_rseg_array_init()` is
      invoked from mariabackup. The relevant code was surrounded by the
      condition `srv_operation == SRV_OPERATION_NORMAL`. An additional check
      ensures that we are not trying to copy a xid position which has
      already zeroed.
      648d2da8
  9. 06 Mar, 2024 2 commits
  10. 02 Mar, 2024 1 commit
  11. 27 Feb, 2024 3 commits
  12. 26 Feb, 2024 1 commit
  13. 20 Feb, 2024 1 commit
  14. 16 Feb, 2024 4 commits
    • Xiaotong Niu's avatar
      MDEV-28430: Fix memory barrier missing of lf_alloc on Arm64 · 8a505980
      Xiaotong Niu authored
      When testing MariaDB on Arm64, a stall issue will occur, jira link:
      https://jira.mariadb.org/browse/MDEV-28430.
      
      The stall occurs because of an unexpected circular reference in the
      LF_PINS->purgatory list which is traversed in lf_pinbox_real_free().
      
      We found that on Arm64, ABA problem in LF_ALLOCATOR->top list was not
      solved, and various undefined problems will occur, including circular
      reference in LF_PINS->purgatory list.
      
      The following codes are used to solve ABA problem, code copied
      from below link.
      https://github.com/MariaDB/server/blob/cb4c2713553c5f522d2a4ebf186c6505384c748d/mysys/lf_alloc-pin.c#L501-#L505
      
           do
           {
      503     node= allocator->top;
      504     lf_pin(pins, 0, node);
      505  } while (node != allocator->top && LF_BACKOFF());
      
      1. ABA problem on Arm64
      Combine the below steps to analyze how ABA problem occur on Arm64, the
      relevant codes in steps are simplified, code line numbers below are in
      MariaDB v10.4.
      ------------------------------------------------------------------------
      Abnormal case.
      Initial state: pin = 0, top = A, top list: A->B
      
      T1                              T2
                                      step1. write top=B //seq-cst, #L517
                                      step2. write A->next= "any"
                                      step3. read pin==0 //relaxed, #L295
      step1. write pin=A  //seq-cst, #L504
      step2. read old value of top==A  //relaxed, #L505
      step3. next=A->next="any" //#L517
                                      step4. write A->next=B,top=A //#L420-435
      step4. CAS(top,A,next) //#L517
      step5. write pin=0     //#L521
      ------------------------------------------------------------------------
      Above case is due to T1.step2 reading the old value of top, causing
      "T1.step3, T1.step4" and "T2.step4" to occur at the same time, in other
      words, they are not mutually exclusive.
      
      It may happen that T2.step4 is sandwiched between T1.step3 and T1.step4,
      which cause top to be updated to "any", which may be in-use or invalid
      address.
      
      2. Analyze above issue with Dekker's algorithm
      Above problem can be mapped to Dekker's algorithm, link is as below
      https://en.wikipedia.org/wiki/Dekker%27s_algorithm.
      The following extracts the read and write operations on 'top' and 'pin',
      and maps them to Dekker's algorithm to analyze the root cause.
      ------------------------------------------------------------------------
      Initial state: top = A, pin = 0
      T1                                    T2
      store_seq_cst(pin, A) // write pin    store_seq_cst(top, B)  //write top
      rt= load_relaxed(top) // read top     rp= load_relaxed(pin)  //read pin
      
      if (rt == A && rp == 0) printf("oops\n"); // will "oops" be printed?
      ------------------------------------------------------------------------
      How T1 and T2 enter their critical section:
      (1) T1, write pin, if T1 reads that top has not been updated, T1 enter
      its critical section(T1.step3 and T1.step4, try to obtain 'A', #L517),
      otherwise just give up (T1 without priority).
      (2) T2, write top, if T2 reads that pin has not been updated, T2 enter
      critical section(T2.step4, try to add 'A' to top list again, #L420-435),
      otherwise wait until pin!=A (T2 with priority).
      
      In the previous code, due to load 'top' and 'pin' with relaxed semantic,
      on arm and ppc, there is no guarantee that the above critical sections
      are mutually exclusive, in other words, "oops" will be printed.
      
      This bug only happens on arm and ppc, not x86. On current x86
      implementation, load is always seq-cst (relaxed and seq-cst load
      generates same machine code), as shown in https://godbolt.org/z/sEzMvnjd9
      
      3. Fix method
      Add sequential-consistency semantic to read 'top' in #L505(T1.step2),
      Add sequential-consistency semantic to read "el->pin[i]" in #L295
      and #L320.
      
      4. Issue reproduce
      Add "delay" after #L503 in lf_alloc-pin.c, When run unit.lf, can quickly
      get segment fault because "top" point to an invalid address. For detail,
      see comment area of below link.
      https://jira.mariadb.org/browse/MDEV-28430.
      
      5. Futher improvement
      To make this code more robust and safe on all platforms, we recommend
      replacing volatile with C11 atomics and to fix all data races. This will
      also make the code easier to reason.
      Signed-off-by: default avatarXiaotong Niu <xiaotong.niu@arm.com>
      8a505980
    • Kristian Nielsen's avatar
      MDEV-33468: Crash due to missing stack overrun check in two recursive functions · 5707f1ef
      Kristian Nielsen authored
      Thanks to Yury Chaikou for finding this problem (and the fix).
      Reviewed-by: default avatarMonty <monty@mariadb.org>
      Signed-off-by: default avatarKristian Nielsen <knielsen@knielsen-hq.org>
      5707f1ef
    • Kristian Nielsen's avatar
      MDEV-33443: Unsafe use of LOCK_thd_kill in my_malloc_size_cb_func() · fdaa7a96
      Kristian Nielsen authored
      my_malloc_size_cb_func() can be called from contexts where it is not safe to
      wait for LOCK_thd_kill, for example while holding LOCK_plugin. This could
      lead to (probably very unlikely) deadlock of the server.
      
      Fix by skipping the enforcement of --max-session-mem-used in the rare cases
      when LOCK_thd_kill cannot be obtained. The limit will instead be enforced on
      the following memory allocation. This does not significantly degrade the
      behaviour of --max-session-mem-used; that limit is in any case only enforced
      "softly", not taking effect until the next point at which the thread does a
      check_killed().
      Reviewed-by: default avatarMonty <monty@mariadb.org>
      Signed-off-by: default avatarKristian Nielsen <knielsen@knielsen-hq.org>
      fdaa7a96
    • Kristian Nielsen's avatar
      MDEV-33426: Aria temptables wrong thread-specific memory accounting in slave thread · c73c6aea
      Kristian Nielsen authored
      Aria temporary tables account allocated memory as specific to the current
      THD. But this fails for slave threads, where the temporary tables need to be
      detached from any specific THD.
      
      Introduce a new flag to mark temporary tables in replication as "global",
      and use that inside Aria to not account memory allocations as thread
      specific for such tables.
      
      Based on original suggestion by Monty.
      Reviewed-by: default avatarMonty <monty@mariadb.org>
      Signed-off-by: default avatarKristian Nielsen <knielsen@knielsen-hq.org>
      c73c6aea
  15. 13 Feb, 2024 1 commit
  16. 12 Feb, 2024 3 commits
    • Marko Mäkelä's avatar
      MDEV-30528 CREATE FULLTEXT INDEX assertion failure WITH SYSTEM VERSIONING · ca88eac8
      Marko Mäkelä authored
      ha_innobase::check_if_supported_inplace_alter(): Require ALGORITHM=COPY
      when creating a FULLTEXT INDEX on a versioned table.
      
      row_merge_buf_add(), row_merge_read_clustered_index(): Remove the parameter
      or local variable history_fts that had been added in the attempt to fix
      MDEV-25004.
      
      Reviewed by: Thirunarayanan Balathandayuthapani
      Tested by: Matthias Leich
      ca88eac8
    • Yuchen Pei's avatar
      MDEV-33441 Do not deinit plugin variables when retry requested · c37216de
      Yuchen Pei authored
      After MDEV-31400, plugins are allowed to ask for retries when failing
      initialisation. However, such failures also cause plugin system
      variables to be deleted (plugin_variables_deinit()) before retrying
      and are not re-added during retry.
      
      We fix this by checking that if the plugin has requested a retry the
      variables are not deleted. Because plugin_deinitialize() also calls
      plugin_variables_deinit(), if the retry fails, the variables will
      still be deleted.
      
      Alternatives considered:
      
      - remove the plugin_variables_deinit() from plugin_initialize() error
      handling altogether. We decide to take a more conservative approach
      here.
      
      - re-add the system variables during retry. It is more complicated
      than simply iterating over plugin->system_vars and call
      my_hash_insert(). For example we will need to assign values to
      the test_load field and extract more code from test_plugin_options(),
      if that is possible.
      c37216de
    • Oleksandr Byelkin's avatar
  17. 11 Feb, 2024 1 commit
  18. 09 Feb, 2024 1 commit
  19. 08 Feb, 2024 3 commits
    • Dmitry Shulga's avatar
      MDEV-15703: Crash in EXECUTE IMMEDIATE 'CREATE OR REPLACE TABLE t1 (a INT DEFAULT ?)' USING DEFAULT · e48bd474
      Dmitry Shulga authored
      This patch fixes the issue with passing the DEFAULT or IGNORE values to
      positional parameters for some kind of SQL statements to be executed
      as prepared statements.
      
      The main idea of the patch is to associate an actual value being passed
      by the USING clause with the positional parameter represented by
      the Item_param class. Such association must be performed on execution of
      UPDATE statement in PS/SP mode. Other corner cases that results in
      server crash is on handling CREATE TABLE when positional parameter
      placed after the DEFAULT clause or CALL statement and passing either
      the value DEFAULT or IGNORE as an actual value for the positional parameter.
      This case is fixed by checking whether an error is set in diagnostics
      area at the function pack_vcols() on return from the function pack_expression()
      e48bd474
    • Dmitry Shulga's avatar
      MDEV-15703: Crash in EXECUTE IMMEDIATE 'CREATE OR REPLACE TABLE t1 (a INT... · 6b2cd786
      Dmitry Shulga authored
      MDEV-15703: Crash in EXECUTE IMMEDIATE 'CREATE OR REPLACE TABLE t1 (a INT DEFAULT ?)' USING DEFAULT, UBSAN runtime error: member call on null pointer of type 'struct TABLE_LIST' in Item_param::save_in_field
      
      This is the prerequisite patch to refactor the method
        Item_default_value::fix_fields.
      The former implementation of this method was extracted and placed
      into the standalone function make_default_field() and the method
      Item_default_value::tie_field(). The motivation for this modification
      is upcoming changes for core implementation of the task MDEV-15703
      since these functions will be used from several places within
      the source code.
      6b2cd786
    • Marko Mäkelä's avatar
      MDEV-33400 Adaptive hash index corruption after DISCARD TABLESPACE · 85db5347
      Marko Mäkelä authored
      row_discard_tablespace(): Do not invoke dict_index_t::clear_instant_alter()
      because that would corrupt any adaptive hash index entries in the table.
      
      row_import_for_mysql(): Invoke dict_index_t::clear_instant_alter()
      after detaching any adaptive hash index entries.
      85db5347