[MDEV-23956] Server crash or ASAN errors in myrocks::ha_rocksdb::index_first / myrocks::ha_rocksdb::inplace_populate_sk / ha_rocksdb::can_use_bloom_filter / rocksdb::DBImpl::NewIterator - Jira

XML

Word

Printable

Details

Type: Bug
Status: Confirmed (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: 10.2, 10.3, 10.4, 10.5, 10.6, 10.7, 10.8, 10.9, 10.10, 10.11, 11.0
Fix Version/s: 10.4, 10.5, 10.6, 10.11, 11.0
Component/s: Storage Engine - RocksDB
Labels:

Description

It can be related to MDEV-23952. The test cases are very similar, but the failure is not, so I'm filing it separately.

10.3 469a249a
#3 <signal handler called>
#4 myrocks::ha_rocksdb::index_first (this=0x7f18e001ea38, buf=0x7f18e001b6f0 "\377") at /data/src/10.3/storage/rocksdb/ha_rocksdb.cc:9124
#5 0x00007f192d503b17 in myrocks::ha_rocksdb::inplace_populate_sk (this=0x7f18e001ea38, new_table_arg=0x7f18e0023cb0, indexes=Python Exception <class 'gdb.error'> No type named std::__detail::_Hash_node<class std::shared_ptr<myrocks::Rdb_key_def>, false>.:
std::unordered_set with 1 element) at /data/src/10.3/storage/rocksdb/ha_rocksdb.cc:12746
#6 0x00007f192d5035aa in myrocks::ha_rocksdb::inplace_alter_table (this=0x7f18e001ea38, altered_table=0x7f18e0023cb0, ha_alter_info=0x7f192566c1b0) at /data/src/10.3/storage/rocksdb/ha_rocksdb.cc:12634
#7 0x0000556431a29a87 in handler::ha_inplace_alter_table (this=0x7f18e001ea38, altered_table=0x7f18e0023cb0, ha_alter_info=0x7f192566c1b0) at /data/src/10.3/sql/handler.h:4207
#8 0x0000556431a1de34 in mysql_inplace_alter_table (thd=0x7f18e0000d90, table_list=0x7f18e00117e8, table=0x7f18e001ddf0, altered_table=0x7f18e0023cb0, ha_alter_info=0x7f192566c1b0, inplace_supported=HA_ALTER_INPLACE_COPY_LOCK, target_mdl_request=0x7f192566c330, alter_ctx=0x7f192566c8e0) at /data/src/10.3/sql/sql_table.cc:7654
#9 0x0000556431a24b1f in mysql_alter_table (thd=0x7f18e0000d90, new_db=0x7f18e0005478, new_name=0x7f18e0005840, create_info=0x7f192566d4d0, table_list=0x7f18e00117e8, alter_info=0x7f192566d410, order_num=0, order=0x0, ignore=false) at /data/src/10.3/sql/sql_table.cc:9946
#10 0x0000556431ab4dac in Sql_cmd_alter_table::execute (this=0x7f18e0011f18, thd=0x7f18e0000d90) at /data/src/10.3/sql/sql_alter.cc:512
#11 0x0000556431940a69 in mysql_execute_command (thd=0x7f18e0000d90) at /data/src/10.3/sql/sql_parse.cc:6022
#12 0x00005564319462ce in mysql_parse (thd=0x7f18e0000d90, rawbuf=0x7f18e00116f8 "ALTER TABLE t3 ADD INDEX idx (c)", length=32, parser_state=0x7f192566e5c0, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:7810
#13 0x0000556431932a8f in dispatch_command (command=COM_QUERY, thd=0x7f18e0000d90, packet=0x7f18e0008f11 "ALTER TABLE t3 ADD INDEX idx (c)", packet_length=32, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:1847
#14 0x000055643193142f in do_command (thd=0x7f18e0000d90) at /data/src/10.3/sql/sql_parse.cc:1393
#15 0x0000556431aaec44 in do_handle_one_connection (connect=0x556433f529c0) at /data/src/10.3/sql/sql_connect.cc:1403
#16 0x0000556431aae9a0 in handle_one_connection (arg=0x556433f529c0) at /data/src/10.3/sql/sql_connect.cc:1308
#17 0x0000556432474925 in pfs_spawn_thread (arg=0x5564342e84e0) at /data/src/10.3/storage/perfschema/pfs.cc:1869
#18 0x00007f1932fb1609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#19 0x00007f1932b8b293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

#10 <signal handler called>

#11 0x00007f7b8d40199e in myrocks::ha_rocksdb::can_use_bloom_filter (this=0x7f7b540c3e58, thd=0x7f7b54000d50, kd=..., eq_cond=..., use_all_keys=false) at /home/mariadb/MDEV-23956/10.3/storage/rocksdb/ha_rocksdb.cc:13825

#12 0x00007f7b8d4018cb in myrocks::ha_rocksdb::check_bloom_and_set_bounds (this=0x7f7b540c3e58, thd=0x7f7b54000d50, kd=..., eq_cond=..., use_all_keys=false, bound_len=4, lower_bound=0x7f7b54060970 '\245' <repeats 32 times>, "h4z\025",

    upper_bound=0x7f7b54070cd0 '\245' <repeats 32 times>, "h4z\025", lower_bound_slice=0x7f7b540c4358, upper_bound_slice=0x7f7b540c4368) at /home/mariadb/MDEV-23956/10.3/storage/rocksdb/ha_rocksdb.cc:13769

#13 0x00007f7b8d3f46c1 in myrocks::ha_rocksdb::setup_scan_iterator (this=0x7f7b540c3e58, kd=..., slice=0x7f7b8406b540, use_all_keys=false, eq_cond_len=4) at /home/mariadb/MDEV-23956/10.3/storage/rocksdb/ha_rocksdb.cc:10439

#14 0x00007f7b8d3f0bf6 in myrocks::ha_rocksdb::index_last_intern (this=0x7f7b540c3e58, buf=0x7f7b540f0c60 "\377") at /home/mariadb/MDEV-23956/10.3/storage/rocksdb/ha_rocksdb.cc:9299

#15 0x00007f7b8d3f05fc in myrocks::ha_rocksdb::index_first (this=0x7f7b540c3e58, buf=0x7f7b540f0c60 "\377") at /home/mariadb/MDEV-23956/10.3/storage/rocksdb/ha_rocksdb.cc:9125

#16 0x00007f7b8d3fcd46 in myrocks::ha_rocksdb::inplace_populate_sk (this=0x7f7b540c3e58, new_table_arg=0x7f7b540f3aa0, indexes=std::unordered_set with 1 element = {...})

    at /home/mariadb/MDEV-23956/10.3/storage/rocksdb/ha_rocksdb.cc:12746

#17 0x00007f7b8d3fc7de in myrocks::ha_rocksdb::inplace_alter_table (this=0x7f7b540c3e58, altered_table=0x7f7b540f3aa0, ha_alter_info=0x7f7b8406c190) at /home/mariadb/MDEV-23956/10.3/storage/rocksdb/ha_rocksdb.cc:12634

#18 0x0000558665c4382b in handler::ha_inplace_alter_table (this=0x7f7b540c3e58, altered_table=0x7f7b540f3aa0, ha_alter_info=0x7f7b8406c190) at /home/mariadb/MDEV-23956/10.3/sql/handler.h:4207

#19 0x0000558665c37f29 in mysql_inplace_alter_table (thd=0x7f7b54000d50, table_list=0x7f7b54012cb0, table=0x7f7b5405f9b0, altered_table=0x7f7b540f3aa0, ha_alter_info=0x7f7b8406c190, inplace_supported=HA_ALTER_INPLACE_COPY_LOCK,

    target_mdl_request=0x7f7b8406c310, alter_ctx=0x7f7b8406c8c0) at /home/mariadb/MDEV-23956/10.3/sql/sql_table.cc:7654

#20 0x0000558665c3e97c in mysql_alter_table (thd=0x7f7b54000d50, new_db=0x7f7b54005438, new_name=0x7f7b54005800, create_info=0x7f7b8406d4b0, table_list=0x7f7b54012cb0, alter_info=0x7f7b8406d3f0, order_num=0, order=0x0, ignore=false)

    at /home/mariadb/MDEV-23956/10.3/sql/sql_table.cc:9946

#21 0x0000558665ccd633 in Sql_cmd_alter_table::execute (this=0x7f7b540133e0, thd=0x7f7b54000d50) at /home/mariadb/MDEV-23956/10.3/sql/sql_alter.cc:512

#22 0x0000558665b5d0ed in mysql_execute_command (thd=0x7f7b54000d50) at /home/mariadb/MDEV-23956/10.3/sql/sql_parse.cc:6022

#23 0x0000558665b628a2 in mysql_parse (thd=0x7f7b54000d50, rawbuf=0x7f7b54012bc0 "ALTER TABLE t3 ADD INDEX idx (c)", length=32, parser_state=0x7f7b8406e5c0, is_com_multi=false, is_next_command=false)

    at /home/mariadb/MDEV-23956/10.3/sql/sql_parse.cc:7810

#24 0x0000558665b4f0d7 in dispatch_command (command=COM_QUERY, thd=0x7f7b54000d50, packet=0x7f7b54008ed1 "ALTER TABLE t3 ADD INDEX idx (c)", packet_length=32, is_com_multi=false, is_next_command=false)

    at /home/mariadb/MDEV-23956/10.3/sql/sql_parse.cc:1847

#25 0x0000558665b4d9f1 in do_command (thd=0x7f7b54000d50) at /home/mariadb/MDEV-23956/10.3/sql/sql_parse.cc:1393

#26 0x0000558665cc763d in do_handle_one_connection (connect=0x558667e72220) at /home/mariadb/MDEV-23956/10.3/sql/sql_connect.cc:1403

#27 0x0000558665cc739f in handle_one_connection (arg=0x558667e72220) at /home/mariadb/MDEV-23956/10.3/sql/sql_connect.cc:1308

#28 0x000055866667ec05 in pfs_spawn_thread (arg=0x558667ff9970) at /home/mariadb/MDEV-23956/10.3/storage/perfschema/pfs.cc:1869

#29 0x00007f7b93a716db in start_thread (arg=0x7f7b8406f700) at pthread_create.c:463

#30 0x00007f7b92e5ba3f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Reproducible on 10.2-10.5, release and debug builds alike.
rr profile is available.

ASAN produces

10.3 469a249a ASAN debug
==1637204==ERROR: AddressSanitizer: heap-use-after-free on address 0x60400002d298 at pc 0x7f651d19e511 bp 0x7f65172f98b0 sp 0x7f65172f98a0
READ of size 8 at 0x60400002d298 thread T31
#0 0x7f651d19e510 in std::__shared_ptr<myrocks::Rdb_key_def, (__gnu_cxx::_Lock_policy)2>::get() const /usr/include/c++/9/bits/shared_ptr_base.h:1310
#1 0x7f651d183dab in std::__shared_ptr_access<myrocks::Rdb_key_def, (__gnu_cxx::_Lock_policy)2, false, false>::_M_get() const /usr/include/c++/9/bits/shared_ptr_base.h:1021
#2 0x7f651d16d5ef in std::__shared_ptr_access<myrocks::Rdb_key_def, (__gnu_cxx::_Lock_policy)2, false, false>::operator->() const /usr/include/c++/9/bits/shared_ptr_base.h:1015
#3 0x7f651d0f864c in myrocks::ha_rocksdb::index_first(unsigned char*) /data/src/10.3/storage/rocksdb/ha_rocksdb.cc:9124
#4 0x7f651d117e37 in myrocks::ha_rocksdb::inplace_populate_sk(TABLE*, std::unordered_set<std::shared_ptr<myrocks::Rdb_key_def>, std::hash<std::shared_ptr<myrocks::Rdb_key_def> >, std::equal_to<std::shared_ptr<myrocks::Rdb_key_def> >, std::allocator<std::shared_ptr<myrocks::Rdb_key_def> > > const&) /data/src/10.3/storage/rocksdb/ha_rocksdb.cc:12746
#5 0x7f651d117156 in myrocks::ha_rocksdb::inplace_alter_table(TABLE, Alter_inplace_info) /data/src/10.3/storage/rocksdb/ha_rocksdb.cc:12634
#6 0x5625db54acff in handler::ha_inplace_alter_table(TABLE, Alter_inplace_info) /data/src/10.3/sql/handler.h:4207
#7 0x5625db52e616 in mysql_inplace_alter_table /data/src/10.3/sql/sql_table.cc:7654
#8 0x5625db53ee44 in mysql_alter_table(THD, st_mysql_const_lex_string const, st_mysql_const_lex_string const, HA_CREATE_INFO, TABLE_LIST, Alter_info, unsigned int, st_order*, bool) /data/src/10.3/sql/sql_table.cc:9946
#9 0x5625db6aa07c in Sql_cmd_alter_table::execute(THD*) /data/src/10.3/sql/sql_alter.cc:512
#10 0x5625db2f10d2 in mysql_execute_command(THD*) /data/src/10.3/sql/sql_parse.cc:6022
#11 0x5625db2fd6d1 in mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool) /data/src/10.3/sql/sql_parse.cc:7810
#12 0x5625db2d4678 in dispatch_command(enum_server_command, THD, char, unsigned int, bool, bool) /data/src/10.3/sql/sql_parse.cc:1847
#13 0x5625db2d11af in do_command(THD*) /data/src/10.3/sql/sql_parse.cc:1393
#14 0x5625db6994f0 in do_handle_one_connection(CONNECT*) /data/src/10.3/sql/sql_connect.cc:1403
#15 0x5625db698daa in handle_one_connection /data/src/10.3/sql/sql_connect.cc:1308
#16 0x5625dcca4d8a in pfs_spawn_thread /data/src/10.3/storage/perfschema/pfs.cc:1869
#17 0x7f6526957608 in start_thread /build/glibc-ZN95T4/glibc-2.31/nptl/pthread_create.c:477
#18 0x7f6526533292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)

0x60400002d298 is located 8 bytes inside of 40-byte region [0x60400002d290,0x60400002d2b8)
freed by thread T28 here:
#0 0x7f6526b588df in operator delete(void*) (/lib/x86_64-linux-gnu/libasan.so.5+0x1108df)
#1 0x7f651d1a732b in __gnu_cxx::new_allocator<rocksdb::DbPath>::deallocate(rocksdb::DbPath*, unsigned long) /usr/include/c++/9/ext/new_allocator.h:128
#2 0x7f651d18d6a5 in std::allocator_traits<std::allocator<rocksdb::DbPath> >::deallocate(std::allocator<rocksdb::DbPath>&, rocksdb::DbPath*, unsigned long) /usr/include/c++/9/bits/alloc_traits.h:470
#3 0x7f651d174a43 in std::_Vector_base<rocksdb::DbPath, std::allocator<rocksdb::DbPath> >::_M_deallocate(rocksdb::DbPath*, unsigned long) /usr/include/c++/9/bits/stl_vector.h:351
#4 0x7f651d1614fa in std::_Vector_base<rocksdb::DbPath, std::allocator<rocksdb::DbPath> >::~_Vector_base() /usr/include/c++/9/bits/stl_vector.h:332
#5 0x7f651d15fdc7 in std::vector<rocksdb::DbPath, std::allocator<rocksdb::DbPath> >::~vector() /usr/include/c++/9/bits/stl_vector.h:680
#6 0x7f651d1372d9 in rocksdb::DBOptions::~DBOptions() /data/src/10.3/storage/rocksdb/rocksdb/include/rocksdb/options.h:350
#7 0x7f651d31dc42 in rocksdb::DBImpl::GetOptions(rocksdb::ColumnFamilyHandle*) const /data/src/10.3/storage/rocksdb/rocksdb/db/db_impl/db_impl.cc:2779
#8 0x7f651db15f9f in rocksdb::StackableDB::GetOptions(rocksdb::ColumnFamilyHandle*) const /data/src/10.3/storage/rocksdb/rocksdb/include/rocksdb/utilities/stackable_db.h:308
#9 0x7f651d24591d in myrocks::Rdb_key_def::setup(TABLE const, myrocks::Rdb_tbl_def const) /data/src/10.3/storage/rocksdb/rdb_datadic.cc:581
#10 0x7f651d0ea1f8 in myrocks::ha_rocksdb::create_key_def(TABLE const, unsigned int, myrocks::Rdb_tbl_def const, std::shared_ptr<myrocks::Rdb_key_def>*, myrocks::ha_rocksdb::key_def_cf_info const&, unsigned long long, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) const /data/src/10.3/storage/rocksdb/ha_rocksdb.cc:7516
#11 0x7f651d0e5b7b in myrocks::ha_rocksdb::create_key_defs(TABLE const, myrocks::Rdb_tbl_def, TABLE const, myrocks::Rdb_tbl_def const) const /data/src/10.3/storage/rocksdb/ha_rocksdb.cc:7107
#12 0x7f651d0ebb67 in myrocks::ha_rocksdb::create_table(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, TABLE const*, unsigned long long) /data/src/10.3/storage/rocksdb/ha_rocksdb.cc:7694
#13 0x7f651d0ecc29 in myrocks::ha_rocksdb::create(char const, TABLE, HA_CREATE_INFO*) /data/src/10.3/storage/rocksdb/ha_rocksdb.cc:7840
#14 0x5625dba6e7d7 in handler::ha_create(char const, TABLE, HA_CREATE_INFO*) /data/src/10.3/sql/handler.cc:4734
#15 0x5625dba72ea6 in ha_create_table(THD, char const, char const, char const, HA_CREATE_INFO, st_mysql_const_unsigned_lex_string) /data/src/10.3/sql/handler.cc:5197
#16 0x5625db61c193 in rea_create_table(THD, st_mysql_const_unsigned_lex_string, char const, char const, char const, HA_CREATE_INFO, handler*, bool) /data/src/10.3/sql/unireg.cc:515
#17 0x5625db51c9a2 in create_table_impl /data/src/10.3/sql/sql_table.cc:5022
#18 0x5625db51d6b8 in mysql_create_table_no_lock(THD, st_mysql_const_lex_string const, st_mysql_const_lex_string const, Table_specification_st, Alter_info, bool, int, TABLE_LIST*) /data/src/10.3/sql/sql_table.cc:5141
#19 0x5625db51e17e in mysql_create_table(THD, TABLE_LIST, Table_specification_st, Alter_info) /data/src/10.3/sql/sql_table.cc:5233
#20 0x5625db549924 in Sql_cmd_create_table_like::execute(THD*) /data/src/10.3/sql/sql_table.cc:11276
#21 0x5625db2f10d2 in mysql_execute_command(THD*) /data/src/10.3/sql/sql_parse.cc:6022
#22 0x5625db2fd6d1 in mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool) /data/src/10.3/sql/sql_parse.cc:7810
#23 0x5625db2d4678 in dispatch_command(enum_server_command, THD, char, unsigned int, bool, bool) /data/src/10.3/sql/sql_parse.cc:1847
#24 0x5625db2d11af in do_command(THD*) /data/src/10.3/sql/sql_parse.cc:1393
#25 0x5625db6994f0 in do_handle_one_connection(CONNECT*) /data/src/10.3/sql/sql_connect.cc:1403
#26 0x5625db698daa in handle_one_connection /data/src/10.3/sql/sql_connect.cc:1308
#27 0x5625dcca4d8a in pfs_spawn_thread /data/src/10.3/storage/perfschema/pfs.cc:1869
#28 0x7f6526957608 in start_thread /build/glibc-ZN95T4/glibc-2.31/nptl/pthread_create.c:477

previously allocated by thread T28 here:
#0 0x7f6526b57947 in operator new(unsigned long) (/lib/x86_64-linux-gnu/libasan.so.5+0x10f947)
#1 0x7f651d1cecf4 in __gnu_cxx::new_allocator<rocksdb::DbPath>::allocate(unsigned long, void const*) /usr/include/c++/9/ext/new_allocator.h:114
#2 0x7f651d1bee2b in std::allocator_traits<std::allocator<rocksdb::DbPath> >::allocate(std::allocator<rocksdb::DbPath>&, unsigned long) /usr/include/c++/9/bits/alloc_traits.h:444
#3 0x7f651d1a6705 in std::_Vector_base<rocksdb::DbPath, std::allocator<rocksdb::DbPath> >::_M_allocate(unsigned long) /usr/include/c++/9/bits/stl_vector.h:343
#4 0x7f651d2d3e6d in rocksdb::DbPath* std::vector<rocksdb::DbPath, std::allocator<rocksdb::DbPath> >::_M_allocate_and_copy<__gnu_cxx::__normal_iterator<rocksdb::DbPath const, std::vector<rocksdb::DbPath, std::allocator<rocksdb::DbPath> > > >(unsigned long, __gnu_cxx::__normal_iterator<rocksdb::DbPath const, std::vector<rocksdb::DbPath, std::allocator<rocksdb::DbPath> > >, __gnu_cxx::__normal_iterator<rocksdb::DbPath const*, std::vector<rocksdb::DbPath, std::allocator<rocksdb::DbPath> > >) /usr/include/c++/9/bits/stl_vector.h:1508
#5 0x7f651d2d00db in std::vector<rocksdb::DbPath, std::allocator<rocksdb::DbPath> >::operator=(std::vector<rocksdb::DbPath, std::allocator<rocksdb::DbPath> > const&) /usr/include/c++/9/bits/vector.tcc:226
#6 0x7f651d85df9b in rocksdb::BuildDBOptions(rocksdb::ImmutableDBOptions const&, rocksdb::MutableDBOptions const&) /data/src/10.3/storage/rocksdb/rocksdb/options/options_helper.cc:52
#7 0x7f651d31dc12 in rocksdb::DBImpl::GetOptions(rocksdb::ColumnFamilyHandle*) const /data/src/10.3/storage/rocksdb/rocksdb/db/db_impl/db_impl.cc:2779
#8 0x7f651db15f9f in rocksdb::StackableDB::GetOptions(rocksdb::ColumnFamilyHandle*) const /data/src/10.3/storage/rocksdb/rocksdb/include/rocksdb/utilities/stackable_db.h:308
#9 0x7f651d24591d in myrocks::Rdb_key_def::setup(TABLE const, myrocks::Rdb_tbl_def const) /data/src/10.3/storage/rocksdb/rdb_datadic.cc:581
#10 0x7f651d0ea1f8 in myrocks::ha_rocksdb::create_key_def(TABLE const, unsigned int, myrocks::Rdb_tbl_def const, std::shared_ptr<myrocks::Rdb_key_def>*, myrocks::ha_rocksdb::key_def_cf_info const&, unsigned long long, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) const /data/src/10.3/storage/rocksdb/ha_rocksdb.cc:7516
#11 0x7f651d0e5b7b in myrocks::ha_rocksdb::create_key_defs(TABLE const, myrocks::Rdb_tbl_def, TABLE const, myrocks::Rdb_tbl_def const) const /data/src/10.3/storage/rocksdb/ha_rocksdb.cc:7107
#12 0x7f651d0ebb67 in myrocks::ha_rocksdb::create_table(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, TABLE const*, unsigned long long) /data/src/10.3/storage/rocksdb/ha_rocksdb.cc:7694
#13 0x7f651d0ecc29 in myrocks::ha_rocksdb::create(char const, TABLE, HA_CREATE_INFO*) /data/src/10.3/storage/rocksdb/ha_rocksdb.cc:7840
#14 0x5625dba6e7d7 in handler::ha_create(char const, TABLE, HA_CREATE_INFO*) /data/src/10.3/sql/handler.cc:4734
#15 0x5625dba72ea6 in ha_create_table(THD, char const, char const, char const, HA_CREATE_INFO, st_mysql_const_unsigned_lex_string) /data/src/10.3/sql/handler.cc:5197
#16 0x5625db61c193 in rea_create_table(THD, st_mysql_const_unsigned_lex_string, char const, char const, char const, HA_CREATE_INFO, handler*, bool) /data/src/10.3/sql/unireg.cc:515
#17 0x5625db51c9a2 in create_table_impl /data/src/10.3/sql/sql_table.cc:5022
#18 0x5625db51d6b8 in mysql_create_table_no_lock(THD, st_mysql_const_lex_string const, st_mysql_const_lex_string const, Table_specification_st, Alter_info, bool, int, TABLE_LIST*) /data/src/10.3/sql/sql_table.cc:5141
#19 0x5625db51e17e in mysql_create_table(THD, TABLE_LIST, Table_specification_st, Alter_info) /data/src/10.3/sql/sql_table.cc:5233
#20 0x5625db549924 in Sql_cmd_create_table_like::execute(THD*) /data/src/10.3/sql/sql_table.cc:11276
#21 0x5625db2f10d2 in mysql_execute_command(THD*) /data/src/10.3/sql/sql_parse.cc:6022
#22 0x5625db2fd6d1 in mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool) /data/src/10.3/sql/sql_parse.cc:7810
#23 0x5625db2d4678 in dispatch_command(enum_server_command, THD, char, unsigned int, bool, bool) /data/src/10.3/sql/sql_parse.cc:1847
#24 0x5625db2d11af in do_command(THD*) /data/src/10.3/sql/sql_parse.cc:1393
#25 0x5625db6994f0 in do_handle_one_connection(CONNECT*) /data/src/10.3/sql/sql_connect.cc:1403
#26 0x5625db698daa in handle_one_connection /data/src/10.3/sql/sql_connect.cc:1308
#27 0x5625dcca4d8a in pfs_spawn_thread /data/src/10.3/storage/perfschema/pfs.cc:1869
#28 0x7f6526957608 in start_thread /build/glibc-ZN95T4/glibc-2.31/nptl/pthread_create.c:477

Thread T31 created by T0 here:
#0 0x7f6526a82805 in pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x3a805)
#1 0x5625dcca517b in spawn_thread_v1 /data/src/10.3/storage/perfschema/pfs.cc:1919
#2 0x5625daffd29e in inline_mysql_thread_create /data/src/10.3/include/mysql/psi/mysql_thread.h:1275
#3 0x5625db015c6d in create_thread_to_handle_connection(CONNECT*) /data/src/10.3/sql/mysqld.cc:6609
#4 0x5625db016408 in create_new_thread /data/src/10.3/sql/mysqld.cc:6679
#5 0x5625db01759a in handle_connections_sockets() /data/src/10.3/sql/mysqld.cc:6937
#6 0x5625db014f63 in mysqld_main(int, char**) /data/src/10.3/sql/mysqld.cc:6231
#7 0x5625daffba9c in main /data/src/10.3/sql/main.cc:25
#8 0x7f65264380b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)

Thread T28 created by T0 here:
#0 0x7f6526a82805 in pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x3a805)
#1 0x5625dcca517b in spawn_thread_v1 /data/src/10.3/storage/perfschema/pfs.cc:1919
#2 0x5625daffd29e in inline_mysql_thread_create /data/src/10.3/include/mysql/psi/mysql_thread.h:1275
#3 0x5625db015c6d in create_thread_to_handle_connection(CONNECT*) /data/src/10.3/sql/mysqld.cc:6609
#4 0x5625db016408 in create_new_thread /data/src/10.3/sql/mysqld.cc:6679
#5 0x5625db01759a in handle_connections_sockets() /data/src/10.3/sql/mysqld.cc:6937
#6 0x5625db014f63 in mysqld_main(int, char**) /data/src/10.3/sql/mysqld.cc:6231
#7 0x5625daffba9c in main /data/src/10.3/sql/main.cc:25
#8 0x7f65264380b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)

SUMMARY: AddressSanitizer: heap-use-after-free /usr/include/c++/9/bits/shared_ptr_base.h:1310 in std::__shared_ptr<myrocks::Rdb_key_def, (__gnu_cxx::_Lock_policy)2>::get() const
Shadow bytes around the buggy address:
0x0c087fffda00: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fa
0x0c087fffda10: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
0x0c087fffda20: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
0x0c087fffda30: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
0x0c087fffda40: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
=>0x0c087fffda50: fa fa fd[fd]fd fd fd fa fa fa fd fd fd fd fd fa
0x0c087fffda60: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
0x0c087fffda70: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
0x0c087fffda80: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
0x0c087fffda90: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fa
0x0c087fffdaa0: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==1637204==ABORTING

10.3 469a249a ASAN non-debug
==1637910==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x604000032318 at pc 0x7f9f574e6fca bp 0x7f9f520659f0 sp 0x7f9f520659e0
READ of size 8 at 0x604000032318 thread T31
#0 0x7f9f574e6fc9 in std::__shared_ptr_access<myrocks::Rdb_key_def, (__gnu_cxx::_Lock_policy)2, false, false>::_M_get() const /usr/include/c++/9/bits/shared_ptr_base.h:1021
#1 0x7f9f574e6fc9 in std::__shared_ptr_access<myrocks::Rdb_key_def, (__gnu_cxx::_Lock_policy)2, false, false>::operator->() const /usr/include/c++/9/bits/shared_ptr_base.h:1015
#2 0x7f9f574e6fc9 in myrocks::ha_rocksdb::index_first(unsigned char*) /data/src/10.3/storage/rocksdb/ha_rocksdb.cc:9124
#3 0x7f9f57528ad7 in myrocks::ha_rocksdb::inplace_populate_sk(TABLE*, std::unordered_set<std::shared_ptr<myrocks::Rdb_key_def>, std::hash<std::shared_ptr<myrocks::Rdb_key_def> >, std::equal_to<std::shared_ptr<myrocks::Rdb_key_def> >, std::allocator<std::shared_ptr<myrocks::Rdb_key_def> > > const&) /data/src/10.3/storage/rocksdb/ha_rocksdb.cc:12746
#4 0x7f9f5752a0de in myrocks::ha_rocksdb::inplace_alter_table(TABLE, Alter_inplace_info) /data/src/10.3/storage/rocksdb/ha_rocksdb.cc:12634
#5 0x558e50bde9e6 in handler::ha_inplace_alter_table(TABLE, Alter_inplace_info) /data/src/10.3/sql/handler.h:4207
#6 0x558e50bde9e6 in mysql_inplace_alter_table /data/src/10.3/sql/sql_table.cc:7654
#7 0x558e50c095a5 in mysql_alter_table(THD, st_mysql_const_lex_string const, st_mysql_const_lex_string const, HA_CREATE_INFO, TABLE_LIST, Alter_info, unsigned int, st_order*, bool) /data/src/10.3/sql/sql_table.cc:9946
#8 0x558e50d2cc40 in Sql_cmd_alter_table::execute(THD*) /data/src/10.3/sql/sql_alter.cc:512
#9 0x558e509c3c86 in mysql_execute_command(THD*) /data/src/10.3/sql/sql_parse.cc:6022
#10 0x558e509dc3df in mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool) /data/src/10.3/sql/sql_parse.cc:7810
#11 0x558e509e3026 in dispatch_command(enum_server_command, THD, char, unsigned int, bool, bool) /data/src/10.3/sql/sql_parse.cc:1847
#12 0x558e509e9e0d in do_command(THD*) /data/src/10.3/sql/sql_parse.cc:1393
#13 0x558e50d227e6 in do_handle_one_connection(CONNECT*) /data/src/10.3/sql/sql_connect.cc:1403
#14 0x558e50d2306e in handle_one_connection /data/src/10.3/sql/sql_connect.cc:1308
#15 0x558e5209bc98 in pfs_spawn_thread /data/src/10.3/storage/perfschema/pfs.cc:1869
#16 0x7f9f60932608 in start_thread /build/glibc-ZN95T4/glibc-2.31/nptl/pthread_create.c:477
#17 0x7f9f6050e292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)

Address 0x604000032318 is a wild pointer.
SUMMARY: AddressSanitizer: heap-buffer-overflow /usr/include/c++/9/bits/shared_ptr_base.h:1021 in std::__shared_ptr_access<myrocks::Rdb_key_def, (__gnu_cxx::_Lock_policy)2, false, false>::_M_get() const
Shadow bytes around the buggy address:
0x0c087fffe410: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
0x0c087fffe420: fa fa fd fd fd fd fd fa fa fa 00 00 00 00 00 00
0x0c087fffe430: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c087fffe440: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c087fffe450: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c087fffe460: fa fa fa[fa]fa fa fa fa fa fa fa fa fa fa fa fa
0x0c087fffe470: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c087fffe480: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c087fffe490: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c087fffe4a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c087fffe4b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
Thread T31 created by T0 here:
#0 0x7f9f60a5d805 in pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x3a805)
#1 0x558e520a37ee in spawn_thread_v1 /data/src/10.3/storage/perfschema/pfs.cc:1919
#2 0x558e5075a93e in inline_mysql_thread_create /data/src/10.3/include/mysql/psi/mysql_thread.h:1275
#3 0x558e5075a93e in create_thread_to_handle_connection(CONNECT*) /data/src/10.3/sql/mysqld.cc:6609
#4 0x558e5076b2d5 in create_new_thread /data/src/10.3/sql/mysqld.cc:6679
#5 0x558e5076b2d5 in handle_connections_sockets() /data/src/10.3/sql/mysqld.cc:6937
#6 0x558e5076d265 in mysqld_main(int, char**) /data/src/10.3/sql/mysqld.cc:6231
#7 0x7f9f604130b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)

==1637910==ABORTING

Here is the non-deterministic MTR test which I use to reproduce the failure. Its efficiency depends a lot on the environment/machine – I get the crash nearly every time on one machine, and only once in dozens of attempts on another, on the same branch with the same build options.

# Run with --mem  --mysqld=--plugin-load-add=ha_rocksdb --repeat=N

CREATE TABLE t1 (a INT) ENGINE=RocksDB;

INSERT INTO t1 VALUES (1);

CREATE TABLE t2 (b VARCHAR(1024)) ENGINE=RocksDB;

CREATE TABLE t3 (pk INT, c INT, d VARCHAR(10), PRIMARY KEY(pk), KEY(d)) ENGINE=RocksDB;

--connect (con1,localhost,root,,test)

SET max_statement_time= 1;

--send

  ALTER TABLE t2 ADD INDEX idx (b(37));

--connect (con2,localhost,root,,test)

CREATE PROCEDURE sp() CREATE TABLE tx (f INT);

CALL sp;

--connect (con3,localhost,root,,test)

SET max_statement_time= 1;

--send

  ALTER TABLE t3 ADD INDEX idx (c);

--connection con2

START TRANSACTION;

--error ER_BAD_FIELD_ERROR

SELECT x FROM t1 JOIN t2 JOIN t3;

--connection con1

--error 0,ER_STATEMENT_TIMEOUT

--reap

--connection con2

--error 0,ER_CANT_DROP_FIELD_OR_KEY,ER_STATEMENT_TIMEOUT

DROP INDEX idx ON t3;

--connection con3

--error 0,ER_STATEMENT_TIMEOUT

--reap

# Cleanup

--disconnect con1

--disconnect con2

--disconnect con3

--connection default

DROP PROCEDURE sp;

DROP TABLE t1, t2, t3, tx;

Attachments

Activity

People

Assignee:: Sergei Petrunia

Reporter:: Elena Stepanova

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2020-10-14 10:57

Updated:: 2023-12-23 02:48

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.