Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-24330

Data race in buf_LRU_get_free_block at buf/buf0lru.cc:408

    XMLWordPrintable

Details

    Description

      Simply starting the server (both optimized and debug) generates this data race, once on startup and once at shutdown:

      10.5.9 1435f35bdabd078f0c4e744ab4bdfd8d4acca3ea (Optimized)

      ... startup ...
      SUMMARY: ThreadSanitizer: data race /test/10.5_opt_san/storage/innobase/buf/buf0lru.cc:408 in buf_LRU_get_free_block(bool)
      ... mysqladmin shutdown ...
      SUMMARY: ThreadSanitizer: data race /test/10.5_opt_san/storage/innobase/buf/buf0lru.cc:408 in buf_LRU_get_free_block(bool)
      

      10.5.9 1435f35bdabd078f0c4e744ab4bdfd8d4acca3ea (Optimized)

      WARNING: ThreadSanitizer: data race (pid=2636492)
        Read of size 8 at 0x55d1d35b7e68 by thread T8:
          #0 buf_LRU_get_free_block(bool) /test/10.5_opt_san/storage/innobase/buf/buf0lru.cc:408 (mariadbd+0x15cf97e)
          #1 buf_page_init_for_read /test/10.5_opt_san/storage/innobase/buf/buf0rea.cc:109 (mariadbd+0x15d0766)
          #2 buf_read_page_low /test/10.5_opt_san/storage/innobase/buf/buf0rea.cc:313 (mariadbd+0x15d208c)
          #3 buf_read_page_background(fil_space_t*, page_id_t, unsigned long, bool) /test/10.5_opt_san/storage/innobase/buf/buf0rea.cc:510 (mariadbd+0x15d208c)
          #4 buf_load /test/10.5_opt_san/storage/innobase/buf/buf0dump.cc:677 (mariadbd+0x15c2622)
          #5 buf_dump_load_func /test/10.5_opt_san/storage/innobase/buf/buf0dump.cc:758 (mariadbd+0x15c31e1)
          #6 tpool::task::execute() /test/10.5_opt_san/tpool/task.cc:52 (mariadbd+0x16f48df)
          #7 tpool::thread_pool_generic::worker_main(tpool::worker_data*) /test/10.5_opt_san/tpool/tpool_generic.cc:546 (mariadbd+0x16f1b54)
          #8 void std::__invoke_impl<void, void (tpool::thread_pool_generic::*)(tpool::worker_data*), tpool::thread_pool_generic*, tpool::worker_data*>(std::__invoke_memfun_deref, void (tpool::thread_pool_generic::*&&)(tpool::worker_data*), tpool::thread_pool_generic*&&, tpool::worker_data*&&) /usr/include/c++/9/bits/invoke.h:73 (mariadbd+0x16f2a47)
          #9 std::__invoke_result<void (tpool::thread_pool_generic::*)(tpool::worker_data*), tpool::thread_pool_generic*, tpool::worker_data*>::type std::__invoke<void (tpool::thread_pool_generic::*)(tpool::worker_data*), tpool::thread_pool_generic*, tpool::worker_data*>(void (tpool::thread_pool_generic::*&&)(tpool::worker_data*), tpool::thread_pool_generic*&&, tpool::worker_data*&&) /usr/include/c++/9/bits/invoke.h:95 (mariadbd+0x16f2a47)
          #10 void std::thread::_Invoker<std::tuple<void (tpool::thread_pool_generic::*)(tpool::worker_data*), tpool::thread_pool_generic*, tpool::worker_data*> >::_M_invoke<0ul, 1ul, 2ul>(std::_Index_tuple<0ul, 1ul, 2ul>) /usr/include/c++/9/thread:244 (mariadbd+0x16f2a47)
          #11 std::thread::_Invoker<std::tuple<void (tpool::thread_pool_generic::*)(tpool::worker_data*), tpool::thread_pool_generic*, tpool::worker_data*> >::operator()() /usr/include/c++/9/thread:251 (mariadbd+0x16f2a47)
          #12 std::thread::_State_impl<std::thread::_Invoker<std::tuple<void (tpool::thread_pool_generic::*)(tpool::worker_data*), tpool::thread_pool_generic*, tpool::worker_data*> > >::_M_run() /usr/include/c++/9/thread:195 (mariadbd+0x16f2a47)
          #13 <null> <null> (libstdc++.so.6+0xd6d83)
       
        Previous write of size 8 at 0x55d1d35b7e68 by main thread:
          #0 srv_mon_default_on() /test/10.5_opt_san/storage/innobase/srv/srv0mon.cc:2099 (mariadbd+0x14decc1)
          #1 innodb_init /test/10.5_opt_san/storage/innobase/handler/ha_innodb.cc:3961 (mariadbd+0x136065c)
          #2 ha_initialize_handlerton(st_plugin_int*) /test/10.5_opt_san/sql/handler.cc:645 (mariadbd+0xcf9547)
          #3 plugin_initialize /test/10.5_opt_san/sql/sql_plugin.cc:1459 (mariadbd+0x8d3f74)
          #4 plugin_init(int*, char**, int) /test/10.5_opt_san/sql/sql_plugin.cc:1751 (mariadbd+0x8d5cc3)
          #5 init_server_components /test/10.5_opt_san/sql/mysqld.cc:4913 (mariadbd+0x72043d)
          #6 mysqld_main(int, char**) /test/10.5_opt_san/sql/mysqld.cc:5496 (mariadbd+0x725bf4)
          #7 main /test/10.5_opt_san/sql/main.cc:25 (mariadbd+0x6b8455)
       
        Location is global 'monitor_set_tbl' of size 32 at 0x55d1d35b7e60 
       
        Thread T8 (tid=2636752, running) created by main thread at:
          #0 pthread_create <null> (libtsan.so.0+0x5ea99)
          #1 std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) <null> (libstdc++.so.6+0xd7048)
          #2 tpool::thread_pool_generic::maybe_wake_or_create_thread() /test/10.5_opt_san/tpool/tpool_generic.cc:802 (mariadbd+0x16f2787)
          #3 tpool::thread_pool_generic::submit_task(tpool::task*) /test/10.5_opt_san/tpool/tpool_generic.cc:821 (mariadbd+0x16f2787)
          #4 buf_do_load_dump /test/10.5_opt_san/storage/innobase/buf/buf0dump.cc:812 (mariadbd+0x15c115c)
          #5 buf_load_at_startup() /test/10.5_opt_san/storage/innobase/buf/buf0dump.cc:806 (mariadbd+0x15c115c)
          #6 srv_start(bool) /test/10.5_opt_san/storage/innobase/srv/srv0start.cc:1927 (mariadbd+0x6752ad)
          #7 innodb_init /test/10.5_opt_san/storage/innobase/handler/ha_innodb.cc:3922 (mariadbd+0x1360400)
          #8 ha_initialize_handlerton(st_plugin_int*) /test/10.5_opt_san/sql/handler.cc:645 (mariadbd+0xcf9547)
          #9 plugin_initialize /test/10.5_opt_san/sql/sql_plugin.cc:1459 (mariadbd+0x8d3f74)
          #10 plugin_init(int*, char**, int) /test/10.5_opt_san/sql/sql_plugin.cc:1751 (mariadbd+0x8d5cc3)
          #11 init_server_components /test/10.5_opt_san/sql/mysqld.cc:4913 (mariadbd+0x72043d)
          #12 mysqld_main(int, char**) /test/10.5_opt_san/sql/mysqld.cc:5496 (mariadbd+0x725bf4)
          #13 main /test/10.5_opt_san/sql/main.cc:25 (mariadbd+0x6b8455)
       
      SUMMARY: ThreadSanitizer: data race /test/10.5_opt_san/storage/innobase/buf/buf0lru.cc:408 in buf_LRU_get_free_block(bool)(mariadbd+0x000002b2ae68)
      

      @param have_mutex  whether buf_pool.mutex is already being held
      @return the free control block, in state BUF_BLOCK_MEMORY */
      buf_block_t* buf_LRU_get_free_block(bool have_mutex)
      {
        ulint   n_iterations  = 0;
        ulint   flush_failures  = 0;
        MONITOR_INC(MONITOR_LRU_GET_FREE_SEARCH);        <------------------ Here
        if (have_mutex) {
          mysql_mutex_assert_owner(&buf_pool.mutex);
          goto got_mutex;
        }
      loop:
        mysql_mutex_lock(&buf_pool.mutex);
      

      Setup:

      Compiled with GCC >=7.5.0 (I use GCC 9.3.0) and:
          -DWITH_TSAN=ON -DWSREP_LIB_WITH_TSAN=ON -DMUTEXTYPE=sys
      Set before execution:
          export TSAN_OPTIONS=suppress_equal_stacks=1:suppress_equal_addresses=1:history_size=7:verbosity=1:exitcode=0
      

      Bug confirmed present in:
      MariaDB: 10.5.9 (dbg), 10.5.9 (opt), 10.6.0 (dbg), 10.6.0 (opt)

      Bug confirmed not present in:
      MariaDB: 10.1.49 (dbg), 10.1.49 (opt), 10.2.37 (dbg), 10.2.37 (opt), 10.3.28 (dbg), 10.3.28 (opt), 10.4.18 (dbg), 10.4.18 (opt)

      Attachments

        Issue Links

          Activity

            People

              marko Marko Mäkelä
              Roel Roel Van de Paar
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.