AddressSanitizer: use-after-poison in row_sel_convert_mysql_key_to_innobase

Work flow:

1. Start the server and generate some initial data

2. One sessions runs a DDL/DML mix

3. During 2. is ongoing send SIGKILL to the DB server

4. Restart attempt with success

5. Checks cause that the server crashes

The server error log does not contain any entry with

    [ERROR] InnoDB:   <whatever> 

Around the end follows

# 2021-04-26T05:56:58 [3968169] | [rr 4067420 65567][rr 4067420 65571]==4067420==ERROR: AddressSanitizer: use-after-poison on address 0x6120000992a8 at pc 0x55c7e10a0e1c bp 0x690d1ba63f60 sp 0x690d1ba63f50

# 2021-04-26T05:56:58 [3968169] | [rr 4067420 65574][rr 4067420 65576]READ of size 8 at 0x6120000992a8 thread T24

# 2021-04-26T05:56:58 [3968169] | [rr 4067420 71545]    #0 0x55c7e10a0e1b in row_sel_convert_mysql_key_to_innobase(dtuple_t*, unsigned char*, unsigned long, dict_index_t*, unsigned char const*, unsigned long) /data/Server/10.6alpha/storage/innobase/row/row0sel.cc:2529

# 2021-04-26T05:56:58 [3968169] | [rr 4067420 71582]    #1 0x55c7e0cd5099 in ha_innobase::records_in_range(unsigned int, st_key_range const*, st_key_range const*, st_page_range*) /data/Server/10.6alpha/storage/innobase/handler/ha_innodb.cc:13601

# 2021-04-26T05:56:58 [3968169] | [rr 4067420 71586]    #2 0x55c7e00adcf8 in handler::multi_range_read_info_const(unsigned int, st_range_seq_if*, void*, unsigned int, unsigned int*, unsigned int*, Cost_estimate*) /data/Server/10.6alpha/sql/multi_range_read.cc:177

# 2021-04-26T05:56:58 [3968169] | [rr 4067420 71588]    #3 0x55c7e00b8e11 in DsMrr_impl::dsmrr_info_const(unsigned int, st_range_seq_if*, void*, unsigned int, unsigned int*, unsigned int*, Cost_estimate*) /data/Server/10.6alpha/sql/multi_range_read.cc:1708

# 2021-04-26T05:56:58 [3968169] | [rr 4067420 71598]    #4 0x55c7e0cea3b3 in ha_innobase::multi_range_read_info_const(unsigned int, st_range_seq_if*, void*, unsigned int, unsigned int*, unsigned int*, Cost_estimate*) /data/Server/10.6alpha/storage/innobase/handler/ha_innodb.cc:19522

# 2021-04-26T05:56:58 [3968169] | [rr 4067420 71614]    #5 0x55c7e077783a in check_quick_select /data/Server/10.6alpha/sql/opt_range.cc:11558

# 2021-04-26T05:56:58 [3968169] | [rr 4067420 71616]    #6 0x55c7e0760f99 in get_key_scans_params /data/Server/10.6alpha/sql/opt_range.cc:7462

# 2021-04-26T05:56:58 [3968169] | [rr 4067420 71626]    #7 0x55c7e0746215 in SQL_SELECT::test_quick_select(THD*, Bitmap<64u>, unsigned long long, unsigned long long, bool, bool, bool, bool) /data/Server/10.6alpha/sql/opt_range.cc:2931

# 2021-04-26T05:56:58 [3968169] | [rr 4067420 71654]    #8 0x55c7dfcd4e73 in get_quick_record_count /data/Server/10.6alpha/sql/sql_select.cc:4898

# 2021-04-26T05:56:58 [3968169] | [rr 4067420 71656]    #9 0x55c7dfcdbc23 in make_join_statistics /data/Server/10.6alpha/sql/sql_select.cc:5630

# 2021-04-26T05:56:58 [3968169] | [rr 4067420 71658]    #10 0x55c7dfcbd097 in JOIN::optimize_inner() /data/Server/10.6alpha/sql/sql_select.cc:2325

# 2021-04-26T05:56:58 [3968169] | [rr 4067420 71660]    #11 0x55c7dfcb6f63 in JOIN::optimize() /data/Server/10.6alpha/sql/sql_select.cc:1694

# 2021-04-26T05:56:58 [3968169] | [rr 4067420 71670]    #12 0x55c7dfcd478d in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/Server/10.6alpha/sql/sql_select.cc:4840

# 2021-04-26T05:56:58 [3968169] | [rr 4067420 71672]    #13 0x55c7dfcaa0ae in handle_select(THD*, LEX*, select_result*, unsigned long) /data/Server/10.6alpha/sql/sql_select.cc:446

# 2021-04-26T05:56:58 [3968169] | [rr 4067420 71690]    #14 0x55c7dfc2870f in execute_sqlcom_select /data/Server/10.6alpha/sql/sql_parse.cc:6244

# 2021-04-26T05:56:58 [3968169] | [rr 4067420 71692]    #15 0x55c7dfc1797e in mysql_execute_command(THD*) /data/Server/10.6alpha/sql/sql_parse.cc:3940

# 2021-04-26T05:56:58 [3968169] | [rr 4067420 71694]    #16 0x55c7dfc32737 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /data/Server/10.6alpha/sql/sql_parse.cc:8018

# 2021-04-26T05:56:58 [3968169] | [rr 4067420 71696]    #17 0x55c7dfc0b021 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /data/Server/10.6alpha/sql/sql_parse.cc:1897

# 2021-04-26T05:56:58 [3968169] | [rr 4067420 71698]    #18 0x55c7dfc083f6 in do_command(THD*, bool) /data/Server/10.6alpha/sql/sql_parse.cc:1406

# 2021-04-26T05:56:58 [3968169] | [rr 4067420 71704]    #19 0x55c7dffecb6f in do_handle_one_connection(CONNECT*, bool) /data/Server/10.6alpha/sql/sql_connect.cc:1410

# 2021-04-26T05:56:58 [3968169] | [rr 4067420 71706]    #20 0x55c7dffec4d1 in handle_one_connection /data/Server/10.6alpha/sql/sql_connect.cc:1312

# 2021-04-26T05:56:58 [3968169] | [rr 4067420 71714]    #21 0x694c18963608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477

# 2021-04-26T05:56:58 [3968169] | [rr 4067420 71716]    #22 0x24d603f12292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)

...

SUMMARY: AddressSanitizer: use-after-poison /data/Server/10.6alpha/storage/innobase/row/row0sel.cc:2529 in row_sel_convert_mysql_key_to_innobase(dtuple_t*, unsigned char*, unsigned long, dict_index_t*, unsigned char const*, unsigned long)

Query (0x62b0000a8238): SELECT * FROM `test`.`t1` FORCE INDEX (`idx1`) WHERE `col_int` >= -9223372036854775808 OR `col_int` IS NULL OR `col_int` IS NOT NULL

sdp:/data/Results/1619433372/TBR-1036/dev/shm/vardir/1619433372/37/1/rr

_RR_TRACE_DIR="." rr replay --mark-stdio mysqld-0 # Fate of DB server till SIGKILL

_RR_TRACE_DIR="." rr replay --mark-stdio mysqld-1 # Fate of DB server after restart

/data/Results/1619433372/TBR-1036/dev/shm/vardir/1619433372/37/1/data_copy

    Copy of the datadir of the server after SIGKILL before restart

10.6 1a647b700f6b72dc97211510a5d0c647d5d3d911 2021-04-23T10:07:08+03:00

RQG

-------

git clone https://github.com/mleich1/rqg --branch experimental RQG

perl rqg.pl \

--grammar=conf/mariadb/table_stress_innodb.yy \

--gendata=conf/mariadb/table_stress.zz \

--gendata_sql=conf/mariadb/table_stress.sql \

--reporters=CrashRecovery1 \

--mysqld=--loose-innodb_lock_schedule_algorithm=fcfs \

--mysqld=--loose-idle_write_transaction_timeout=0 \

--mysqld=--loose-idle_transaction_timeout=0 \

--mysqld=--loose-idle_readonly_transaction_timeout=0 \

--mysqld=--connect_timeout=60 \

--mysqld=--interactive_timeout=28800 \

--mysqld=--slave_net_timeout=60 \

--mysqld=--net_read_timeout=30 \

--mysqld=--net_write_timeout=60 \

--mysqld=--loose-table_lock_wait_timeout=50 \

--mysqld=--wait_timeout=28800 \

--mysqld=--lock-wait-timeout=86400 \

--mysqld=--innodb-lock-wait-timeout=50 \

--no-mask \

--queries=10000000 \

--seed=random \

--reporters=Backtrace \

--reporters=ErrorLog \

--reporters=Deadlock1 \

--validators=None \

--mysqld=--log_output=none \

--mysqld=--log-bin \

--mysqld=--log_bin_trust_function_creators=1 \

--mysqld=--loose-debug_assert_on_not_freed_memory=0 \

--engine=InnoDB \

--restart_timeout=240 \

--mysqld=--plugin-load-add=file_key_management.so \

--mysqld=--loose-file-key-management-filename=$RQG_HOME/conf/mariadb/encryption_keys.txt \

--duration=300 \

--mysqld=--loose-innodb_fatal_semaphore_wait_threshold=300 \

--mysqld=--loose-innodb-sync-debug \

--mysqld=--innodb_stats_persistent=off \

--mysqld=--innodb_adaptive_hash_index=off \

--mysqld=--loose-innodb_evict_tables_on_commit_debug=off \

--mysqld=--loose-max-statement-time=30 \

--threads=1 \

--mysqld=--innodb-use-native-aio=0 \

--rr=Extended \

--rr_options="--chaos --wait" \

--mysqld=--innodb_page_size=8K \

--mysqld=--innodb-buffer-pool-size=256M \

--duration=300 \

--no_mask \

--workdir=<local settings >\

--vardir=<local settings >\

--mtr-build-thread=<local settings >\

--basedir1=<local settings >\

--script_debug=_nix_