Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
10.4(EOL), 10.5, 10.6, 10.7(EOL), 10.8(EOL), 10.9(EOL), 10.10(EOL), 10.11
Description
This bug blocks ASAN/UBSAN testing of the Spider Engine.
Steps to reproduce:
Build server as ASAN/UBSAN build. Attempt to load Spider engine.
10.7.0 1bc82aaf0a7746c0921a94034aff2d51f0d75cd0 (Debug) |
10.7.0-dbg>INSTALL PLUGIN spider SONAME 'ha_spider.so';
|
ERROR 1126 (HY000): Can't open shared library '/test/UBASAN_MD060921-mariadb-10.7.0-linux-x86_64-dbg/lib/plugin/ha_spider.so' (errno: 2, undefined symbol: _ZTI12ha_partition)
|
The file is there:
$ ls -lh /test/UBASAN_MD060921-mariadb-10.7.0-linux-x86_64-dbg/lib/plugin/ha_spider.so
|
-rw-r--r-- 1 roel roel 39M Sep 6 06:00 /test/UBASAN_MD060921-mariadb-10.7.0-linux-x86_64-dbg/lib/plugin/ha_spider.so
|
$ cat BUILD_CMD_CMAKE
|
cmake . -DWITH_SSL=bundled -DCMAKE_BUILD_TYPE=Debug -DBUILD_CONFIG=mysql_release -DWITH_TOKUDB=0 -DWITH_JEMALLOC=no -DFEATURE_SET=community -DDEBUG_EXTNAME=OFF -DWITH_EMBEDDED_SERVER=0 -DENABLE_DOWNLOADS=1 -DDOWNLOAD_BOOST=1 -DWITH_BOOST=/tmp/boost_805116 -DENABLED_LOCAL_INFILE=1 -DENABLE_DTRACE=0 -DWITH_PERFSCHEMA_STORAGE_ENGINE=1 -DWITH_ZLIB=bundled -DWITH_ROCKSDB=1 -DWITH_PAM=ON -DFORCE_INSOURCE_BUILD=1 -DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWSREP_LIB_WITH_ASAN=ON -DCMAKE_CXX_FLAGS=-static-libasan -DMYSQL_MAINTAINER_MODE=OFF
|
Present in 10.5 and 10.7. Likely same in older versions also.
Attachments
Issue Links
- causes
-
MDEV-31421 spider/bugfix.mdev_26541 fails post-test check
-
- Closed
-
- relates to
-
MDEV-30191 SIGSEGV & heap-use-after-free in spider_db_print_item_type, SIGABRT in __cxa_pure_virtual/spider_db_print_item_type, Got error 128 "Out of memory in engine", 56/112 memory not freed, and Assertion `fixed()' failed in Item_sp_variable::val_str on SP call
-
- Closed
-
It seems this issue cannot be directly analysed by a debugger, as the traces are identical with or without ubsan.
The server binary is built with rtti, which can be verified using the method mentioned in <https://stackoverflow.com/questions/22150806/how-can-i-check-if-a-library-was-compiled-with-fno-rtti>.
Without -fno-rtti for spider, we get
$ nm /home/ycp/source/mariadb-server/mdev-26541/build/mysql-test/var/plugins/ha_spider.so
...
0000000000b4a488 V _ZTI10Item_const
U _ZTI10Item_field
U _ZTI10Item_ident
U _ZTI11Item_string
U _ZTI11Query_arena
U _ZTI12ha_partition
...
$ nm -C /home/ycp/source/mariadb-server/mdev-26541/build/mysql-test/var/plugins/ha_spider.so
...
0000000000b4a488 V typeinfo for Item_const
U typeinfo for Item_field
U typeinfo for Item_ident
U typeinfo for Item_string
U typeinfo for Query_arena
U typeinfo for ha_partition
...
$ nm -C /home/ycp/source/mariadb-server/mdev-26541/build/sql/mysqld
...
0000000007beb3d8 d typeinfo for ha_partition
...
$ nm sql/mysqld | grep 0000000007beb3d8
0000000007beb3d8 d _ZTI12ha_partition
With -fno-rtti for spider, as with the stackoverflow post, there's no typeinfo for ha_partition, or anything for ha_partition:
$ nm /home/ycp/source/mariadb-server/mdev-26541/build/mysql-test/var/plugins/ha_spider.so | grep ha_partition
0000000000782488 W _ZN12ha_partition18get_child_handlersEv
$ nm -C /home/ycp/source/mariadb-server/mdev-26541/build/mysql-test/var/plugins/ha_spider.so | grep ha_partition
0000000000782488 W ha_partition::get_child_handlers()
Furthermore, with the -fno-rtti and ubsan build for spider, we get test failures which
disappears with the --nowarnings mtr flag:
$ ./mysql-test/mtr spider.basic_sql
...
worker[1] Using MTR_BUILD_THREAD 300, with reserved ports 16000..16019
spider.basic_sql [ fail ] Found warnings/errors in server log file!
Test ended at 2022-12-21 18:56:23
line
/home/ycp/source/mariadb-server/mdev-26541/src/sql/handler.cc:320:17: runtime error: member call on address 0x7f54e8016ce8 which does not point to an object of type 'handler'
/home/ycp/source/mariadb-server/mdev-26541/src/sql/handler.h:3168:36: runtime error: member call on address 0x7f54e8016ce8 which does not point to an object of type 'handler'
/home/ycp/source/mariadb-server/mdev-26541/src/sql/handler.h:3168:5: runtime error: member access within address 0x7f54e8016ce8 which does not point to an object of type 'handler'
/home/ycp/source/mariadb-server/mdev-26541/src/sql/sql_table.cc:3463:39: runtime error: member call on address 0x7f54e8016ce8 which does not point to an object of type 'handler'
/home/ycp/source/mariadb-server/mdev-26541/src/sql/handler.h:3922:12: runtime error: member call on address 0x7f54e8016ce8 which does not point to an object of type 'handler'
/home/ycp/source/mariadb-server/mdev-26541/src/sql/sql_table.cc:3497:61: runtime error: member call on address 0x7f54e8016ce8 which does not point to an object of type 'handler'
...
These seem to be errors produced by ubsan, cf <https://jira.mariadb.org/browse/MDEV-20923>. If we use Nayuta's patch, we will need to fix these errors. OTOH I wonder whether the tests will pass if we can find a fix for this issue without disabling rtti.