Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-23956

Server crash or ASAN errors in myrocks::ha_rocksdb::index_first / myrocks::ha_rocksdb::inplace_populate_sk / ha_rocksdb::can_use_bloom_filter / rocksdb::DBImpl::NewIterator

    XMLWordPrintable

Details

    Description

      It can be related to MDEV-23952. The test cases are very similar, but the failure is not, so I'm filing it separately.

      10.3 469a249a

      		 
      #3  <signal handler called>
      		 
      #4  myrocks::ha_rocksdb::index_first (this=0x7f18e001ea38, buf=0x7f18e001b6f0 "\377") at /data/src/10.3/storage/rocksdb/ha_rocksdb.cc:9124
      		 
      #5  0x00007f192d503b17 in myrocks::ha_rocksdb::inplace_populate_sk (this=0x7f18e001ea38, new_table_arg=0x7f18e0023cb0, indexes=Python Exception <class 'gdb.error'> No type named std::__detail::_Hash_node<class std::shared_ptr<myrocks::Rdb_key_def>, false>.: 
      std::unordered_set with 1 element) at /data/src/10.3/storage/rocksdb/ha_rocksdb.cc:12746
      		 
      #6  0x00007f192d5035aa in myrocks::ha_rocksdb::inplace_alter_table (this=0x7f18e001ea38, altered_table=0x7f18e0023cb0, ha_alter_info=0x7f192566c1b0) at /data/src/10.3/storage/rocksdb/ha_rocksdb.cc:12634
      		 
      #7  0x0000556431a29a87 in handler::ha_inplace_alter_table (this=0x7f18e001ea38, altered_table=0x7f18e0023cb0, ha_alter_info=0x7f192566c1b0) at /data/src/10.3/sql/handler.h:4207
      		 
      #8  0x0000556431a1de34 in mysql_inplace_alter_table (thd=0x7f18e0000d90, table_list=0x7f18e00117e8, table=0x7f18e001ddf0, altered_table=0x7f18e0023cb0, ha_alter_info=0x7f192566c1b0, inplace_supported=HA_ALTER_INPLACE_COPY_LOCK, target_mdl_request=0x7f192566c330, alter_ctx=0x7f192566c8e0) at /data/src/10.3/sql/sql_table.cc:7654
      		 
      #9  0x0000556431a24b1f in mysql_alter_table (thd=0x7f18e0000d90, new_db=0x7f18e0005478, new_name=0x7f18e0005840, create_info=0x7f192566d4d0, table_list=0x7f18e00117e8, alter_info=0x7f192566d410, order_num=0, order=0x0, ignore=false) at /data/src/10.3/sql/sql_table.cc:9946
      		 
      #10 0x0000556431ab4dac in Sql_cmd_alter_table::execute (this=0x7f18e0011f18, thd=0x7f18e0000d90) at /data/src/10.3/sql/sql_alter.cc:512
      		 
      #11 0x0000556431940a69 in mysql_execute_command (thd=0x7f18e0000d90) at /data/src/10.3/sql/sql_parse.cc:6022
      		 
      #12 0x00005564319462ce in mysql_parse (thd=0x7f18e0000d90, rawbuf=0x7f18e00116f8 "ALTER TABLE t3 ADD INDEX idx (c)", length=32, parser_state=0x7f192566e5c0, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:7810
      		 
      #13 0x0000556431932a8f in dispatch_command (command=COM_QUERY, thd=0x7f18e0000d90, packet=0x7f18e0008f11 "ALTER TABLE t3 ADD INDEX idx (c)", packet_length=32, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:1847
      		 
      #14 0x000055643193142f in do_command (thd=0x7f18e0000d90) at /data/src/10.3/sql/sql_parse.cc:1393
      		 
      #15 0x0000556431aaec44 in do_handle_one_connection (connect=0x556433f529c0) at /data/src/10.3/sql/sql_connect.cc:1403
      		 
      #16 0x0000556431aae9a0 in handle_one_connection (arg=0x556433f529c0) at /data/src/10.3/sql/sql_connect.cc:1308
      		 
      #17 0x0000556432474925 in pfs_spawn_thread (arg=0x5564342e84e0) at /data/src/10.3/storage/perfschema/pfs.cc:1869
      		 
      #18 0x00007f1932fb1609 in start_thread (arg=<optimized out>) at pthread_create.c:477
      		 
      #19 0x00007f1932b8b293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

      or

      #10 <signal handler called>
      		 
      #11 0x00007f7b8d40199e in myrocks::ha_rocksdb::can_use_bloom_filter (this=0x7f7b540c3e58, thd=0x7f7b54000d50, kd=..., eq_cond=..., use_all_keys=false) at /home/mariadb/MDEV-23956/10.3/storage/rocksdb/ha_rocksdb.cc:13825
      		 
      #12 0x00007f7b8d4018cb in myrocks::ha_rocksdb::check_bloom_and_set_bounds (this=0x7f7b540c3e58, thd=0x7f7b54000d50, kd=..., eq_cond=..., use_all_keys=false, bound_len=4, lower_bound=0x7f7b54060970 '\245' <repeats 32 times>, "h4z\025", 
          upper_bound=0x7f7b54070cd0 '\245' <repeats 32 times>, "h4z\025", lower_bound_slice=0x7f7b540c4358, upper_bound_slice=0x7f7b540c4368) at /home/mariadb/MDEV-23956/10.3/storage/rocksdb/ha_rocksdb.cc:13769
      		 
      #13 0x00007f7b8d3f46c1 in myrocks::ha_rocksdb::setup_scan_iterator (this=0x7f7b540c3e58, kd=..., slice=0x7f7b8406b540, use_all_keys=false, eq_cond_len=4) at /home/mariadb/MDEV-23956/10.3/storage/rocksdb/ha_rocksdb.cc:10439
      		 
      #14 0x00007f7b8d3f0bf6 in myrocks::ha_rocksdb::index_last_intern (this=0x7f7b540c3e58, buf=0x7f7b540f0c60 "\377") at /home/mariadb/MDEV-23956/10.3/storage/rocksdb/ha_rocksdb.cc:9299
      		 
      #15 0x00007f7b8d3f05fc in myrocks::ha_rocksdb::index_first (this=0x7f7b540c3e58, buf=0x7f7b540f0c60 "\377") at /home/mariadb/MDEV-23956/10.3/storage/rocksdb/ha_rocksdb.cc:9125
      		 
      #16 0x00007f7b8d3fcd46 in myrocks::ha_rocksdb::inplace_populate_sk (this=0x7f7b540c3e58, new_table_arg=0x7f7b540f3aa0, indexes=std::unordered_set with 1 element = {...})
      		 
          at /home/mariadb/MDEV-23956/10.3/storage/rocksdb/ha_rocksdb.cc:12746
      		 
      #17 0x00007f7b8d3fc7de in myrocks::ha_rocksdb::inplace_alter_table (this=0x7f7b540c3e58, altered_table=0x7f7b540f3aa0, ha_alter_info=0x7f7b8406c190) at /home/mariadb/MDEV-23956/10.3/storage/rocksdb/ha_rocksdb.cc:12634
      		 
      #18 0x0000558665c4382b in handler::ha_inplace_alter_table (this=0x7f7b540c3e58, altered_table=0x7f7b540f3aa0, ha_alter_info=0x7f7b8406c190) at /home/mariadb/MDEV-23956/10.3/sql/handler.h:4207
      		 
      #19 0x0000558665c37f29 in mysql_inplace_alter_table (thd=0x7f7b54000d50, table_list=0x7f7b54012cb0, table=0x7f7b5405f9b0, altered_table=0x7f7b540f3aa0, ha_alter_info=0x7f7b8406c190, inplace_supported=HA_ALTER_INPLACE_COPY_LOCK, 
          target_mdl_request=0x7f7b8406c310, alter_ctx=0x7f7b8406c8c0) at /home/mariadb/MDEV-23956/10.3/sql/sql_table.cc:7654
      		 
      #20 0x0000558665c3e97c in mysql_alter_table (thd=0x7f7b54000d50, new_db=0x7f7b54005438, new_name=0x7f7b54005800, create_info=0x7f7b8406d4b0, table_list=0x7f7b54012cb0, alter_info=0x7f7b8406d3f0, order_num=0, order=0x0, ignore=false)
      		 
          at /home/mariadb/MDEV-23956/10.3/sql/sql_table.cc:9946
      		 
      #21 0x0000558665ccd633 in Sql_cmd_alter_table::execute (this=0x7f7b540133e0, thd=0x7f7b54000d50) at /home/mariadb/MDEV-23956/10.3/sql/sql_alter.cc:512
      		 
      #22 0x0000558665b5d0ed in mysql_execute_command (thd=0x7f7b54000d50) at /home/mariadb/MDEV-23956/10.3/sql/sql_parse.cc:6022
      		 
      #23 0x0000558665b628a2 in mysql_parse (thd=0x7f7b54000d50, rawbuf=0x7f7b54012bc0 "ALTER TABLE t3 ADD INDEX idx (c)", length=32, parser_state=0x7f7b8406e5c0, is_com_multi=false, is_next_command=false)
      		 
          at /home/mariadb/MDEV-23956/10.3/sql/sql_parse.cc:7810
      		 
      #24 0x0000558665b4f0d7 in dispatch_command (command=COM_QUERY, thd=0x7f7b54000d50, packet=0x7f7b54008ed1 "ALTER TABLE t3 ADD INDEX idx (c)", packet_length=32, is_com_multi=false, is_next_command=false)
      		 
          at /home/mariadb/MDEV-23956/10.3/sql/sql_parse.cc:1847
      		 
      #25 0x0000558665b4d9f1 in do_command (thd=0x7f7b54000d50) at /home/mariadb/MDEV-23956/10.3/sql/sql_parse.cc:1393
      		 
      #26 0x0000558665cc763d in do_handle_one_connection (connect=0x558667e72220) at /home/mariadb/MDEV-23956/10.3/sql/sql_connect.cc:1403
      		 
      #27 0x0000558665cc739f in handle_one_connection (arg=0x558667e72220) at /home/mariadb/MDEV-23956/10.3/sql/sql_connect.cc:1308
      		 
      #28 0x000055866667ec05 in pfs_spawn_thread (arg=0x558667ff9970) at /home/mariadb/MDEV-23956/10.3/storage/perfschema/pfs.cc:1869
      		 
      #29 0x00007f7b93a716db in start_thread (arg=0x7f7b8406f700) at pthread_create.c:463
      		 
      #30 0x00007f7b92e5ba3f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

      Reproducible on 10.2-10.5, release and debug builds alike.
      rr profile is available.

      ASAN produces

      10.3 469a249a ASAN debug

      		 
      ==1637204==ERROR: AddressSanitizer: heap-use-after-free on address 0x60400002d298 at pc 0x7f651d19e511 bp 0x7f65172f98b0 sp 0x7f65172f98a0
      		 
      READ of size 8 at 0x60400002d298 thread T31
      		 
          #0 0x7f651d19e510 in std::__shared_ptr<myrocks::Rdb_key_def, (__gnu_cxx::_Lock_policy)2>::get() const /usr/include/c++/9/bits/shared_ptr_base.h:1310
      		 
          #1 0x7f651d183dab in std::__shared_ptr_access<myrocks::Rdb_key_def, (__gnu_cxx::_Lock_policy)2, false, false>::_M_get() const /usr/include/c++/9/bits/shared_ptr_base.h:1021
      		 
          #2 0x7f651d16d5ef in std::__shared_ptr_access<myrocks::Rdb_key_def, (__gnu_cxx::_Lock_policy)2, false, false>::operator->() const /usr/include/c++/9/bits/shared_ptr_base.h:1015
      		 
          #3 0x7f651d0f864c in myrocks::ha_rocksdb::index_first(unsigned char*) /data/src/10.3/storage/rocksdb/ha_rocksdb.cc:9124
      		 
          #4 0x7f651d117e37 in myrocks::ha_rocksdb::inplace_populate_sk(TABLE*, std::unordered_set<std::shared_ptr<myrocks::Rdb_key_def>, std::hash<std::shared_ptr<myrocks::Rdb_key_def> >, std::equal_to<std::shared_ptr<myrocks::Rdb_key_def> >, std::allocator<std::shared_ptr<myrocks::Rdb_key_def> > > const&) /data/src/10.3/storage/rocksdb/ha_rocksdb.cc:12746
      		 
          #5 0x7f651d117156 in myrocks::ha_rocksdb::inplace_alter_table(TABLE*, Alter_inplace_info*) /data/src/10.3/storage/rocksdb/ha_rocksdb.cc:12634
      		 
          #6 0x5625db54acff in handler::ha_inplace_alter_table(TABLE*, Alter_inplace_info*) /data/src/10.3/sql/handler.h:4207
      		 
          #7 0x5625db52e616 in mysql_inplace_alter_table /data/src/10.3/sql/sql_table.cc:7654
      		 
          #8 0x5625db53ee44 in mysql_alter_table(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, HA_CREATE_INFO*, TABLE_LIST*, Alter_info*, unsigned int, st_order*, bool) /data/src/10.3/sql/sql_table.cc:9946
      		 
          #9 0x5625db6aa07c in Sql_cmd_alter_table::execute(THD*) /data/src/10.3/sql/sql_alter.cc:512
      		 
          #10 0x5625db2f10d2 in mysql_execute_command(THD*) /data/src/10.3/sql/sql_parse.cc:6022
      		 
          #11 0x5625db2fd6d1 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.3/sql/sql_parse.cc:7810
      		 
          #12 0x5625db2d4678 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.3/sql/sql_parse.cc:1847
      		 
          #13 0x5625db2d11af in do_command(THD*) /data/src/10.3/sql/sql_parse.cc:1393
      		 
          #14 0x5625db6994f0 in do_handle_one_connection(CONNECT*) /data/src/10.3/sql/sql_connect.cc:1403
      		 
          #15 0x5625db698daa in handle_one_connection /data/src/10.3/sql/sql_connect.cc:1308
      		 
          #16 0x5625dcca4d8a in pfs_spawn_thread /data/src/10.3/storage/perfschema/pfs.cc:1869
      		 
          #17 0x7f6526957608 in start_thread /build/glibc-ZN95T4/glibc-2.31/nptl/pthread_create.c:477
      		 
          #18 0x7f6526533292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)
      		 
       
      		 
      0x60400002d298 is located 8 bytes inside of 40-byte region [0x60400002d290,0x60400002d2b8)
      		 
      freed by thread T28 here:
      		 
          #0 0x7f6526b588df in operator delete(void*) (/lib/x86_64-linux-gnu/libasan.so.5+0x1108df)
      		 
          #1 0x7f651d1a732b in __gnu_cxx::new_allocator<rocksdb::DbPath>::deallocate(rocksdb::DbPath*, unsigned long) /usr/include/c++/9/ext/new_allocator.h:128
      		 
          #2 0x7f651d18d6a5 in std::allocator_traits<std::allocator<rocksdb::DbPath> >::deallocate(std::allocator<rocksdb::DbPath>&, rocksdb::DbPath*, unsigned long) /usr/include/c++/9/bits/alloc_traits.h:470
      		 
          #3 0x7f651d174a43 in std::_Vector_base<rocksdb::DbPath, std::allocator<rocksdb::DbPath> >::_M_deallocate(rocksdb::DbPath*, unsigned long) /usr/include/c++/9/bits/stl_vector.h:351
      		 
          #4 0x7f651d1614fa in std::_Vector_base<rocksdb::DbPath, std::allocator<rocksdb::DbPath> >::~_Vector_base() /usr/include/c++/9/bits/stl_vector.h:332
      		 
          #5 0x7f651d15fdc7 in std::vector<rocksdb::DbPath, std::allocator<rocksdb::DbPath> >::~vector() /usr/include/c++/9/bits/stl_vector.h:680
      		 
          #6 0x7f651d1372d9 in rocksdb::DBOptions::~DBOptions() /data/src/10.3/storage/rocksdb/rocksdb/include/rocksdb/options.h:350
      		 
          #7 0x7f651d31dc42 in rocksdb::DBImpl::GetOptions(rocksdb::ColumnFamilyHandle*) const /data/src/10.3/storage/rocksdb/rocksdb/db/db_impl/db_impl.cc:2779
      		 
          #8 0x7f651db15f9f in rocksdb::StackableDB::GetOptions(rocksdb::ColumnFamilyHandle*) const /data/src/10.3/storage/rocksdb/rocksdb/include/rocksdb/utilities/stackable_db.h:308
      		 
          #9 0x7f651d24591d in myrocks::Rdb_key_def::setup(TABLE const*, myrocks::Rdb_tbl_def const*) /data/src/10.3/storage/rocksdb/rdb_datadic.cc:581
      		 
          #10 0x7f651d0ea1f8 in myrocks::ha_rocksdb::create_key_def(TABLE const*, unsigned int, myrocks::Rdb_tbl_def const*, std::shared_ptr<myrocks::Rdb_key_def>*, myrocks::ha_rocksdb::key_def_cf_info const&, unsigned long long, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) const /data/src/10.3/storage/rocksdb/ha_rocksdb.cc:7516
      		 
          #11 0x7f651d0e5b7b in myrocks::ha_rocksdb::create_key_defs(TABLE const*, myrocks::Rdb_tbl_def*, TABLE const*, myrocks::Rdb_tbl_def const*) const /data/src/10.3/storage/rocksdb/ha_rocksdb.cc:7107
      		 
          #12 0x7f651d0ebb67 in myrocks::ha_rocksdb::create_table(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, TABLE const*, unsigned long long) /data/src/10.3/storage/rocksdb/ha_rocksdb.cc:7694
      		 
          #13 0x7f651d0ecc29 in myrocks::ha_rocksdb::create(char const*, TABLE*, HA_CREATE_INFO*) /data/src/10.3/storage/rocksdb/ha_rocksdb.cc:7840
      		 
          #14 0x5625dba6e7d7 in handler::ha_create(char const*, TABLE*, HA_CREATE_INFO*) /data/src/10.3/sql/handler.cc:4734
      		 
          #15 0x5625dba72ea6 in ha_create_table(THD*, char const*, char const*, char const*, HA_CREATE_INFO*, st_mysql_const_unsigned_lex_string*) /data/src/10.3/sql/handler.cc:5197
      		 
          #16 0x5625db61c193 in rea_create_table(THD*, st_mysql_const_unsigned_lex_string*, char const*, char const*, char const*, HA_CREATE_INFO*, handler*, bool) /data/src/10.3/sql/unireg.cc:515
      		 
          #17 0x5625db51c9a2 in create_table_impl /data/src/10.3/sql/sql_table.cc:5022
      		 
          #18 0x5625db51d6b8 in mysql_create_table_no_lock(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, Table_specification_st*, Alter_info*, bool*, int, TABLE_LIST*) /data/src/10.3/sql/sql_table.cc:5141
      		 
          #19 0x5625db51e17e in mysql_create_table(THD*, TABLE_LIST*, Table_specification_st*, Alter_info*) /data/src/10.3/sql/sql_table.cc:5233
      		 
          #20 0x5625db549924 in Sql_cmd_create_table_like::execute(THD*) /data/src/10.3/sql/sql_table.cc:11276
      		 
          #21 0x5625db2f10d2 in mysql_execute_command(THD*) /data/src/10.3/sql/sql_parse.cc:6022
      		 
          #22 0x5625db2fd6d1 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.3/sql/sql_parse.cc:7810
      		 
          #23 0x5625db2d4678 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.3/sql/sql_parse.cc:1847
      		 
          #24 0x5625db2d11af in do_command(THD*) /data/src/10.3/sql/sql_parse.cc:1393
      		 
          #25 0x5625db6994f0 in do_handle_one_connection(CONNECT*) /data/src/10.3/sql/sql_connect.cc:1403
      		 
          #26 0x5625db698daa in handle_one_connection /data/src/10.3/sql/sql_connect.cc:1308
      		 
          #27 0x5625dcca4d8a in pfs_spawn_thread /data/src/10.3/storage/perfschema/pfs.cc:1869
      		 
          #28 0x7f6526957608 in start_thread /build/glibc-ZN95T4/glibc-2.31/nptl/pthread_create.c:477
      		 
       
      		 
      previously allocated by thread T28 here:
      		 
          #0 0x7f6526b57947 in operator new(unsigned long) (/lib/x86_64-linux-gnu/libasan.so.5+0x10f947)
      		 
          #1 0x7f651d1cecf4 in __gnu_cxx::new_allocator<rocksdb::DbPath>::allocate(unsigned long, void const*) /usr/include/c++/9/ext/new_allocator.h:114
      		 
          #2 0x7f651d1bee2b in std::allocator_traits<std::allocator<rocksdb::DbPath> >::allocate(std::allocator<rocksdb::DbPath>&, unsigned long) /usr/include/c++/9/bits/alloc_traits.h:444
      		 
          #3 0x7f651d1a6705 in std::_Vector_base<rocksdb::DbPath, std::allocator<rocksdb::DbPath> >::_M_allocate(unsigned long) /usr/include/c++/9/bits/stl_vector.h:343
      		 
          #4 0x7f651d2d3e6d in rocksdb::DbPath* std::vector<rocksdb::DbPath, std::allocator<rocksdb::DbPath> >::_M_allocate_and_copy<__gnu_cxx::__normal_iterator<rocksdb::DbPath const*, std::vector<rocksdb::DbPath, std::allocator<rocksdb::DbPath> > > >(unsigned long, __gnu_cxx::__normal_iterator<rocksdb::DbPath const*, std::vector<rocksdb::DbPath, std::allocator<rocksdb::DbPath> > >, __gnu_cxx::__normal_iterator<rocksdb::DbPath const*, std::vector<rocksdb::DbPath, std::allocator<rocksdb::DbPath> > >) /usr/include/c++/9/bits/stl_vector.h:1508
      		 
          #5 0x7f651d2d00db in std::vector<rocksdb::DbPath, std::allocator<rocksdb::DbPath> >::operator=(std::vector<rocksdb::DbPath, std::allocator<rocksdb::DbPath> > const&) /usr/include/c++/9/bits/vector.tcc:226
      		 
          #6 0x7f651d85df9b in rocksdb::BuildDBOptions(rocksdb::ImmutableDBOptions const&, rocksdb::MutableDBOptions const&) /data/src/10.3/storage/rocksdb/rocksdb/options/options_helper.cc:52
      		 
          #7 0x7f651d31dc12 in rocksdb::DBImpl::GetOptions(rocksdb::ColumnFamilyHandle*) const /data/src/10.3/storage/rocksdb/rocksdb/db/db_impl/db_impl.cc:2779
      		 
          #8 0x7f651db15f9f in rocksdb::StackableDB::GetOptions(rocksdb::ColumnFamilyHandle*) const /data/src/10.3/storage/rocksdb/rocksdb/include/rocksdb/utilities/stackable_db.h:308
      		 
          #9 0x7f651d24591d in myrocks::Rdb_key_def::setup(TABLE const*, myrocks::Rdb_tbl_def const*) /data/src/10.3/storage/rocksdb/rdb_datadic.cc:581
      		 
          #10 0x7f651d0ea1f8 in myrocks::ha_rocksdb::create_key_def(TABLE const*, unsigned int, myrocks::Rdb_tbl_def const*, std::shared_ptr<myrocks::Rdb_key_def>*, myrocks::ha_rocksdb::key_def_cf_info const&, unsigned long long, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) const /data/src/10.3/storage/rocksdb/ha_rocksdb.cc:7516
      		 
          #11 0x7f651d0e5b7b in myrocks::ha_rocksdb::create_key_defs(TABLE const*, myrocks::Rdb_tbl_def*, TABLE const*, myrocks::Rdb_tbl_def const*) const /data/src/10.3/storage/rocksdb/ha_rocksdb.cc:7107
      		 
          #12 0x7f651d0ebb67 in myrocks::ha_rocksdb::create_table(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, TABLE const*, unsigned long long) /data/src/10.3/storage/rocksdb/ha_rocksdb.cc:7694
      		 
          #13 0x7f651d0ecc29 in myrocks::ha_rocksdb::create(char const*, TABLE*, HA_CREATE_INFO*) /data/src/10.3/storage/rocksdb/ha_rocksdb.cc:7840
      		 
          #14 0x5625dba6e7d7 in handler::ha_create(char const*, TABLE*, HA_CREATE_INFO*) /data/src/10.3/sql/handler.cc:4734
      		 
          #15 0x5625dba72ea6 in ha_create_table(THD*, char const*, char const*, char const*, HA_CREATE_INFO*, st_mysql_const_unsigned_lex_string*) /data/src/10.3/sql/handler.cc:5197
      		 
          #16 0x5625db61c193 in rea_create_table(THD*, st_mysql_const_unsigned_lex_string*, char const*, char const*, char const*, HA_CREATE_INFO*, handler*, bool) /data/src/10.3/sql/unireg.cc:515
      		 
          #17 0x5625db51c9a2 in create_table_impl /data/src/10.3/sql/sql_table.cc:5022
      		 
          #18 0x5625db51d6b8 in mysql_create_table_no_lock(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, Table_specification_st*, Alter_info*, bool*, int, TABLE_LIST*) /data/src/10.3/sql/sql_table.cc:5141
      		 
          #19 0x5625db51e17e in mysql_create_table(THD*, TABLE_LIST*, Table_specification_st*, Alter_info*) /data/src/10.3/sql/sql_table.cc:5233
      		 
          #20 0x5625db549924 in Sql_cmd_create_table_like::execute(THD*) /data/src/10.3/sql/sql_table.cc:11276
      		 
          #21 0x5625db2f10d2 in mysql_execute_command(THD*) /data/src/10.3/sql/sql_parse.cc:6022
      		 
          #22 0x5625db2fd6d1 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.3/sql/sql_parse.cc:7810
      		 
          #23 0x5625db2d4678 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.3/sql/sql_parse.cc:1847
      		 
          #24 0x5625db2d11af in do_command(THD*) /data/src/10.3/sql/sql_parse.cc:1393
      		 
          #25 0x5625db6994f0 in do_handle_one_connection(CONNECT*) /data/src/10.3/sql/sql_connect.cc:1403
      		 
          #26 0x5625db698daa in handle_one_connection /data/src/10.3/sql/sql_connect.cc:1308
      		 
          #27 0x5625dcca4d8a in pfs_spawn_thread /data/src/10.3/storage/perfschema/pfs.cc:1869
      		 
          #28 0x7f6526957608 in start_thread /build/glibc-ZN95T4/glibc-2.31/nptl/pthread_create.c:477
      		 
       
      		 
      Thread T31 created by T0 here:
      		 
          #0 0x7f6526a82805 in pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x3a805)
      		 
          #1 0x5625dcca517b in spawn_thread_v1 /data/src/10.3/storage/perfschema/pfs.cc:1919
      		 
          #2 0x5625daffd29e in inline_mysql_thread_create /data/src/10.3/include/mysql/psi/mysql_thread.h:1275
      		 
          #3 0x5625db015c6d in create_thread_to_handle_connection(CONNECT*) /data/src/10.3/sql/mysqld.cc:6609
      		 
          #4 0x5625db016408 in create_new_thread /data/src/10.3/sql/mysqld.cc:6679
      		 
          #5 0x5625db01759a in handle_connections_sockets() /data/src/10.3/sql/mysqld.cc:6937
      		 
          #6 0x5625db014f63 in mysqld_main(int, char**) /data/src/10.3/sql/mysqld.cc:6231
      		 
          #7 0x5625daffba9c in main /data/src/10.3/sql/main.cc:25
      		 
          #8 0x7f65264380b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
      		 
       
      		 
      Thread T28 created by T0 here:
      		 
          #0 0x7f6526a82805 in pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x3a805)
      		 
          #1 0x5625dcca517b in spawn_thread_v1 /data/src/10.3/storage/perfschema/pfs.cc:1919
      		 
          #2 0x5625daffd29e in inline_mysql_thread_create /data/src/10.3/include/mysql/psi/mysql_thread.h:1275
      		 
          #3 0x5625db015c6d in create_thread_to_handle_connection(CONNECT*) /data/src/10.3/sql/mysqld.cc:6609
      		 
          #4 0x5625db016408 in create_new_thread /data/src/10.3/sql/mysqld.cc:6679
      		 
          #5 0x5625db01759a in handle_connections_sockets() /data/src/10.3/sql/mysqld.cc:6937
      		 
          #6 0x5625db014f63 in mysqld_main(int, char**) /data/src/10.3/sql/mysqld.cc:6231
      		 
          #7 0x5625daffba9c in main /data/src/10.3/sql/main.cc:25
      		 
          #8 0x7f65264380b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
      		 
       
      		 
      SUMMARY: AddressSanitizer: heap-use-after-free /usr/include/c++/9/bits/shared_ptr_base.h:1310 in std::__shared_ptr<myrocks::Rdb_key_def, (__gnu_cxx::_Lock_policy)2>::get() const
      		 
      Shadow bytes around the buggy address:
      		 
        0x0c087fffda00: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fa
      		 
        0x0c087fffda10: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
      		 
        0x0c087fffda20: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
      		 
        0x0c087fffda30: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
      		 
        0x0c087fffda40: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
      		 
      =>0x0c087fffda50: fa fa fd[fd]fd fd fd fa fa fa fd fd fd fd fd fa
      		 
        0x0c087fffda60: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
      		 
        0x0c087fffda70: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
      		 
        0x0c087fffda80: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
      		 
        0x0c087fffda90: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fa
      		 
        0x0c087fffdaa0: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
      		 
      Shadow byte legend (one shadow byte represents 8 application bytes):
      		 
        Addressable:           00
      		 
        Partially addressable: 01 02 03 04 05 06 07 
        Heap left redzone:       fa
      		 
        Freed heap region:       fd
      		 
        Stack left redzone:      f1
      		 
        Stack mid redzone:       f2
      		 
        Stack right redzone:     f3
      		 
        Stack after return:      f5
      		 
        Stack use after scope:   f8
      		 
        Global redzone:          f9
      		 
        Global init order:       f6
      		 
        Poisoned by user:        f7
      		 
        Container overflow:      fc
      		 
        Array cookie:            ac
      		 
        Intra object redzone:    bb
      		 
        ASan internal:           fe
      		 
        Left alloca redzone:     ca
      		 
        Right alloca redzone:    cb
      		 
        Shadow gap:              cc
      		 
      ==1637204==ABORTING

      or

      10.3 469a249a ASAN non-debug

      		 
      ==1637910==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x604000032318 at pc 0x7f9f574e6fca bp 0x7f9f520659f0 sp 0x7f9f520659e0
      		 
      READ of size 8 at 0x604000032318 thread T31
      		 
          #0 0x7f9f574e6fc9 in std::__shared_ptr_access<myrocks::Rdb_key_def, (__gnu_cxx::_Lock_policy)2, false, false>::_M_get() const /usr/include/c++/9/bits/shared_ptr_base.h:1021
      		 
          #1 0x7f9f574e6fc9 in std::__shared_ptr_access<myrocks::Rdb_key_def, (__gnu_cxx::_Lock_policy)2, false, false>::operator->() const /usr/include/c++/9/bits/shared_ptr_base.h:1015
      		 
          #2 0x7f9f574e6fc9 in myrocks::ha_rocksdb::index_first(unsigned char*) /data/src/10.3/storage/rocksdb/ha_rocksdb.cc:9124
      		 
          #3 0x7f9f57528ad7 in myrocks::ha_rocksdb::inplace_populate_sk(TABLE*, std::unordered_set<std::shared_ptr<myrocks::Rdb_key_def>, std::hash<std::shared_ptr<myrocks::Rdb_key_def> >, std::equal_to<std::shared_ptr<myrocks::Rdb_key_def> >, std::allocator<std::shared_ptr<myrocks::Rdb_key_def> > > const&) /data/src/10.3/storage/rocksdb/ha_rocksdb.cc:12746
      		 
          #4 0x7f9f5752a0de in myrocks::ha_rocksdb::inplace_alter_table(TABLE*, Alter_inplace_info*) /data/src/10.3/storage/rocksdb/ha_rocksdb.cc:12634
      		 
          #5 0x558e50bde9e6 in handler::ha_inplace_alter_table(TABLE*, Alter_inplace_info*) /data/src/10.3/sql/handler.h:4207
      		 
          #6 0x558e50bde9e6 in mysql_inplace_alter_table /data/src/10.3/sql/sql_table.cc:7654
      		 
          #7 0x558e50c095a5 in mysql_alter_table(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, HA_CREATE_INFO*, TABLE_LIST*, Alter_info*, unsigned int, st_order*, bool) /data/src/10.3/sql/sql_table.cc:9946
      		 
          #8 0x558e50d2cc40 in Sql_cmd_alter_table::execute(THD*) /data/src/10.3/sql/sql_alter.cc:512
      		 
          #9 0x558e509c3c86 in mysql_execute_command(THD*) /data/src/10.3/sql/sql_parse.cc:6022
      		 
          #10 0x558e509dc3df in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.3/sql/sql_parse.cc:7810
      		 
          #11 0x558e509e3026 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.3/sql/sql_parse.cc:1847
      		 
          #12 0x558e509e9e0d in do_command(THD*) /data/src/10.3/sql/sql_parse.cc:1393
      		 
          #13 0x558e50d227e6 in do_handle_one_connection(CONNECT*) /data/src/10.3/sql/sql_connect.cc:1403
      		 
          #14 0x558e50d2306e in handle_one_connection /data/src/10.3/sql/sql_connect.cc:1308
      		 
          #15 0x558e5209bc98 in pfs_spawn_thread /data/src/10.3/storage/perfschema/pfs.cc:1869
      		 
          #16 0x7f9f60932608 in start_thread /build/glibc-ZN95T4/glibc-2.31/nptl/pthread_create.c:477
      		 
          #17 0x7f9f6050e292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)
      		 
       
      		 
      Address 0x604000032318 is a wild pointer.
      		 
      SUMMARY: AddressSanitizer: heap-buffer-overflow /usr/include/c++/9/bits/shared_ptr_base.h:1021 in std::__shared_ptr_access<myrocks::Rdb_key_def, (__gnu_cxx::_Lock_policy)2, false, false>::_M_get() const
      		 
      Shadow bytes around the buggy address:
      		 
        0x0c087fffe410: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa
      		 
        0x0c087fffe420: fa fa fd fd fd fd fd fa fa fa 00 00 00 00 00 00
      		 
        0x0c087fffe430: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      		 
        0x0c087fffe440: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      		 
        0x0c087fffe450: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      		 
      =>0x0c087fffe460: fa fa fa[fa]fa fa fa fa fa fa fa fa fa fa fa fa
      		 
        0x0c087fffe470: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      		 
        0x0c087fffe480: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      		 
        0x0c087fffe490: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      		 
        0x0c087fffe4a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      		 
        0x0c087fffe4b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      		 
      Shadow byte legend (one shadow byte represents 8 application bytes):
      		 
        Addressable:           00
      		 
        Partially addressable: 01 02 03 04 05 06 07 
        Heap left redzone:       fa
      		 
        Freed heap region:       fd
      		 
        Stack left redzone:      f1
      		 
        Stack mid redzone:       f2
      		 
        Stack right redzone:     f3
      		 
        Stack after return:      f5
      		 
        Stack use after scope:   f8
      		 
        Global redzone:          f9
      		 
        Global init order:       f6
      		 
        Poisoned by user:        f7
      		 
        Container overflow:      fc
      		 
        Array cookie:            ac
      		 
        Intra object redzone:    bb
      		 
        ASan internal:           fe
      		 
        Left alloca redzone:     ca
      		 
        Right alloca redzone:    cb
      		 
        Shadow gap:              cc
      		 
      Thread T31 created by T0 here:
      		 
          #0 0x7f9f60a5d805 in pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x3a805)
      		 
          #1 0x558e520a37ee in spawn_thread_v1 /data/src/10.3/storage/perfschema/pfs.cc:1919
      		 
          #2 0x558e5075a93e in inline_mysql_thread_create /data/src/10.3/include/mysql/psi/mysql_thread.h:1275
      		 
          #3 0x558e5075a93e in create_thread_to_handle_connection(CONNECT*) /data/src/10.3/sql/mysqld.cc:6609
      		 
          #4 0x558e5076b2d5 in create_new_thread /data/src/10.3/sql/mysqld.cc:6679
      		 
          #5 0x558e5076b2d5 in handle_connections_sockets() /data/src/10.3/sql/mysqld.cc:6937
      		 
          #6 0x558e5076d265 in mysqld_main(int, char**) /data/src/10.3/sql/mysqld.cc:6231
      		 
          #7 0x7f9f604130b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
      		 
       
      		 
      ==1637910==ABORTING

      Here is the non-deterministic MTR test which I use to reproduce the failure. Its efficiency depends a lot on the environment/machine – I get the crash nearly every time on one machine, and only once in dozens of attempts on another, on the same branch with the same build options.

      # Run with --mem  --mysqld=--plugin-load-add=ha_rocksdb --repeat=N
      		 
       
      		 
      CREATE TABLE t1 (a INT) ENGINE=RocksDB;
      		 
      INSERT INTO t1 VALUES (1);
      		 
       
      		 
      CREATE TABLE t2 (b VARCHAR(1024)) ENGINE=RocksDB;
      		 
       
      		 
      CREATE TABLE t3 (pk INT, c INT, d VARCHAR(10), PRIMARY KEY(pk), KEY(d)) ENGINE=RocksDB;
      		 
       
      		 
      --connect (con1,localhost,root,,test)
      		 
      SET max_statement_time= 1;
      		 
      --send
      		 
        ALTER TABLE t2 ADD INDEX idx (b(37));
      		 
       
      		 
      --connect (con2,localhost,root,,test)
      		 
      CREATE PROCEDURE sp() CREATE TABLE tx (f INT);
      		 
      CALL sp;
      		 
       
      		 
      --connect (con3,localhost,root,,test)
      		 
      SET max_statement_time= 1;
      		 
      --send
      		 
        ALTER TABLE t3 ADD INDEX idx (c);
      		 
       
      		 
      --connection con2
      		 
      START TRANSACTION;
      		 
      --error ER_BAD_FIELD_ERROR
      		 
      SELECT x FROM t1 JOIN t2 JOIN t3;
      		 
       
      		 
      --connection con1
      		 
      --error 0,ER_STATEMENT_TIMEOUT
      		 
      --reap
      		 
      --connection con2
      		 
      --error 0,ER_CANT_DROP_FIELD_OR_KEY,ER_STATEMENT_TIMEOUT
      		 
      DROP INDEX idx ON t3;
      		 
       
      		 
      --connection con3
      		 
      --error 0,ER_STATEMENT_TIMEOUT
      		 
      --reap
      		 
       
      		 
      # Cleanup
      		 
      --disconnect con1
      		 
      --disconnect con2
      		 
      --disconnect con3
      		 
      --connection default
      		 
      DROP PROCEDURE sp;
      		 
      DROP TABLE t1, t2, t3, tx;

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-35556 UBSAN: runtime error: applying non-zero offset 32 to null pointer

          • Major - Major loss of function.
          • Open

          Bug - A problem which impairs or prevents the functions of the product. MDEV-21799 Assertion `is_storage_available(tuple - packed_tuple, 0)' failed in myrocks::Rdb_key_def::pack_record upon INSERT into VARBINARY(0) or VARCHAR | heap-buffer-overflow on address from myrocks::Rdb_field_packing::fill_hidden_pk_val

          • Critical - Crashes, loss of data, severe memory leak.
          • Confirmed

          Activity

            People

              psergei Sergei Petrunia
              elenst Elena Stepanova
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.