Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-19660

wsrep_rec_get_foreign_key() is dereferencing a stale pointer to a page that was previously latched

Details

    Description

      In row_ins_foreign_check_on_constraint(), clustered index record is being passed to wsrep_append_foreign_key() after releasing the latch. If a record has been changed by other thread in the meantime then it could lead to a crash when
      wsrep_rec_get_foreign_key () tries to access the record.

      The following is the problematic code :

              btr_pcur_store_position(pcur, mtr); 
       
      		 
              if (index == clust_index) {
      		 
                      btr_pcur_copy_stored_position(cascade->pcur, pcur);
      		 
              } else {
      		 
                      btr_pcur_store_position(cascade->pcur, mtr);
      		 
              }
      		 
       
      		 
              mtr_commit(mtr);
      		 
       
              ut_a(cascade->pcur->rel_pos == BTR_PCUR_ON);
      		 
              
              cascade->state = UPD_NODE_UPDATE_CLUSTERED;
      		 
              
      #ifdef WITH_WSREP
      		 
              err = wsrep_append_foreign_key(
      		 
                                              thr_get_trx(thr),
      		 
                                              foreign,
      		 
                                              clust_rec,
      		 
                                              clust_index,
      		 
                                              FALSE,
      		 
                                              (node) ? TRUE : FALSE);

      Attachments

        Activity

          Ascending order - Click to sort in descending order
          thiru Thirunarayanan Balathandayuthapani created issue -
          thiru Thirunarayanan Balathandayuthapani made changes -
          Field Original Value New Value
          Summary wsrep_rec_get_foreign_key() tries to access de-referencing stale pointer to a page that was previously latched wsrep_rec_get_foreign_key() tries to de-referencing stale pointer to a page that was previously latched
          marko Marko Mäkelä made changes -
          Fix Version/s 10.1 [ 16100 ]
          Fix Version/s 10.2 [ 14601 ]
          Fix Version/s 10.3 [ 22126 ]
          Fix Version/s 10.4 [ 22408 ]
          Fix Version/s 10.5 [ 23123 ]
          Affects Version/s 10.4.0 [ 23115 ]
          Affects Version/s 10.3.0 [ 22127 ]
          Affects Version/s 10.2.0 [ 20700 ]
          Affects Version/s 10.1.6 [ 19401 ]
          Affects Version/s 10.0.19-galera [ 18820 ]
          Affects Version/s 5.5.33a-galera [ 13600 ]
          Affects Version/s 10.2 [ 14601 ]
          Affects Version/s 10.1 [ 16100 ]
          Affects Version/s 10.3 [ 22126 ]
          Affects Version/s 10.4 [ 22408 ]
          Assignee Jan Lindström [ jplindst ]
          Labels corruption foreign-keys race
          marko Marko Mäkelä made changes -
          Status Open [ 1 ] Confirmed [ 10101 ]
          marko Marko Mäkelä made changes -
          Summary wsrep_rec_get_foreign_key() tries to de-referencing stale pointer to a page that was previously latched wsrep_rec_get_foreign_key() is dereferencing a stale pointer to a page that was previously latched
          jplindst Jan Lindström (Inactive) made changes -
          Status Confirmed [ 10101 ] In Progress [ 3 ]
          jplindst Jan Lindström (Inactive) made changes -
          Assignee Jan Lindström [ jplindst ] Thirunarayanan Balathandayuthapani [ thiru ]
          Status In Progress [ 3 ] In Review [ 10002 ]
          marko Marko Mäkelä made changes -
          Assignee Thirunarayanan Balathandayuthapani [ thiru ] Jan Lindström [ jplindst ]
          jplindst Jan Lindström (Inactive) made changes -
          Status In Review [ 10002 ] Stalled [ 10000 ]
          jplindst Jan Lindström (Inactive) made changes -
          Status Stalled [ 10000 ] In Progress [ 3 ]
          jplindst Jan Lindström (Inactive) made changes -
          Assignee Jan Lindström [ jplindst ] Marko Mäkelä [ marko ]
          Status In Progress [ 3 ] In Review [ 10002 ]
          marko Marko Mäkelä made changes -
          Assignee Marko Mäkelä [ marko ] Jan Lindström [ jplindst ]
          Status In Review [ 10002 ] Stalled [ 10000 ]
          jplindst Jan Lindström (Inactive) made changes -
          Status Stalled [ 10000 ] In Progress [ 3 ]
          serg Sergei Golubchik made changes -
          Fix Version/s 10.5 [ 23123 ]
          jplindst Jan Lindström (Inactive) made changes -
          issue.field.resolutiondate 2019-07-09 12:17:10.0 2019-07-09 12:17:10.657
          jplindst Jan Lindström (Inactive) made changes -
          Fix Version/s 10.1.41 [ 23406 ]
          Fix Version/s 10.2.26 [ 23409 ]
          Fix Version/s 10.3.17 [ 23411 ]
          Fix Version/s 10.4.7 [ 23720 ]
          Fix Version/s 10.2 [ 14601 ]
          Fix Version/s 10.1 [ 16100 ]
          Fix Version/s 10.3 [ 22126 ]
          Fix Version/s 10.4 [ 22408 ]
          Resolution Fixed [ 1 ]
          Status In Progress [ 3 ] Closed [ 6 ]
          serg Sergei Golubchik made changes -
          Workflow MariaDB v3 [ 97225 ] MariaDB v4 [ 156301 ]
          mariadb-jira-automation Jira Automation (IT) made changes -
          Zendesk Related Tickets 178572

          People

            jplindst Jan Lindström (Inactive)
            thiru Thirunarayanan Balathandayuthapani
            Votes:
            1 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.