mleich found a race condition between buffer pool resizing and an update of the adaptive hash index, while testing MDEV-14425.
==3752116==ERROR: AddressSanitizer: heap-use-after-free on address 0x61d00000d300 at pc 0x5588ff9718a7 bp 0x5038216570b0 sp 0x5038216570a0
|
READ of size 8 at 0x61d00000d300 thread T26
|
#0 0x5588ff9718a6 in buf_pool_t::is_block_field(void const*) const /data/Server/preview-10.8-MDEV-14425-innodbF/storage/innobase/include/buf0buf.h:1308
|
#1 0x5588ff97190a in buf_pool_t::is_uncompressed(buf_block_t const*) const /data/Server/preview-10.8-MDEV-14425-innodbF/storage/innobase/include/buf0buf.h:1449
|
#2 0x5588ffcd648f in btr_search_update_block_hash_info /data/Server/preview-10.8-MDEV-14425-innodbF/storage/innobase/btr/btr0sea.cc:415
|
The function is being called as part of a debug assertion there, so this particular failure only affects debug builds. The culprit (found by setting a hardware watchpoint on the AddressSanitizer reported poison byte and executing reverse-continue in rr) is buffer pool resizing:
Thread 50 (Thread 3752116.3794577):
|
#0 __memset_avx2_unaligned_erms () at ../sysdeps/x86_64/multiarch/memset-vec-unaligned-erms.S:200
|
#1 0x00007ff70bf479d9 in ?? () from /lib/x86_64-linux-gnu/libasan.so.5
|
#2 0x00007ff70c028799 in free () from /lib/x86_64-linux-gnu/libasan.so.5
|
#3 0x00005588ffd17b0b in buf_pool_t::resize (this=0x558901d978c0 <buf_pool>) at /data/Server/preview-10.8-MDEV-14425-innodbF/storage/innobase/buf/buf0buf.cc:1894
|
#4 0x00005588ffcf9ab8 in buf_resize_callback () at /data/Server/preview-10.8-MDEV-14425-innodbF/storage/innobase/buf/buf0buf.cc:1989
|
During the time of this, the thread that is going to fail is already executing that function:
Thread 3 (Thread 3752116.3757608):
|
#0 0x00005588ff971864 in buf_pool_t::is_block_field (this=0x558901d978c0 <buf_pool>, ptr=0x304715439930) at /data/Server/preview-10.8-MDEV-14425-innodbF/storage/innobase/include/buf0buf.h:1307
|
#1 0x00005588ff97190b in buf_pool_t::is_uncompressed (this=0x558901d978c0 <buf_pool>, block=0x304715439930) at /data/Server/preview-10.8-MDEV-14425-innodbF/storage/innobase/include/buf0buf.h:1449
|
#2 0x00005588ffcd6490 in btr_search_update_block_hash_info (info=0x61a000553a68, block=0x304715439930) at /data/Server/preview-10.8-MDEV-14425-innodbF/storage/innobase/btr/btr0sea.cc:415
|
Most invocations of buf_pool_t::is_uncompressed() are in debug assertions, and this faulty debug assertion was introduced in 10.6.
MDEV-27058 in 10.6 would allow the buf_pool.is_uncompressed(block) assertions to be rewritten simply as block->page.frame. That would be a null pointer for blocks of ROW_FORMAT=COMPRESSED tables whose uncompressed page frame has been discarded.
The calls to buf_pool.is_uncompressed() outside assertions seem to be protected correctly by buf_pool.page_hash latch. Those are in Block_hint::buffer_fix_block_if_still_valid() and buf_page_get_low().
The failing debug assertion was added in MDEV-27058.
A similar assertion had been added to mtr_t::modify() already in MDEV-22110 (MariaDB Server 10.5.5). That one is best removed.
This bug only affects debug builds during buffer pool resizing, possibly only when running with ASAN.
{"report":{"fcp":917.9000005722046,"ttfb":389.6000003814697,"pageVisibility":"visible","entityId":106667,"key":"jira.project.issue.view-issue","isInitial":true,"threshold":1000,"elementTimings":{},"userDeviceMemory":8,"userDeviceProcessors":64,"apdex":1,"journeyId":"f57ceb2d-6d76-4ec8-970b-230c91b303cc","navigationType":0,"readyForUser":979.7000007629395,"redirectCount":0,"resourceLoadedEnd":735.2000007629395,"resourceLoadedStart":395.1000003814697,"resourceTiming":[{"duration":22.100000381469727,"initiatorType":"link","name":"https://jira.mariadb.org/s/2c21342762a6a02add1c328bed317ffd-CDN/lu2bsh/820016/12ta74/0a8bac35585be7fc6c9cc5a0464cd4cf/_/download/contextbatch/css/_super/batch.css","startTime":395.1000003814697,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":395.1000003814697,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":417.20000076293945,"responseStart":0,"secureConnectionStart":0},{"duration":23.699999809265137,"initiatorType":"link","name":"https://jira.mariadb.org/s/7ebd35e77e471bc30ff0eba799ebc151-CDN/lu2bsh/820016/12ta74/eb142f92e4bd16bd1ef8b08c1b9d5d56/_/download/contextbatch/css/jira.browse.project,project.issue.navigator,jira.view.issue,jira.general,jira.global,atl.general,-_super/batch.css?agile_global_admin_condition=true&jag=true&jira.create.linked.issue=true&slack-enabled=true","startTime":395.4000005722046,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":395.4000005722046,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":419.1000003814697,"responseStart":0,"secureConnectionStart":0},{"duration":68.80000019073486,"initiatorType":"script","name":"https://jira.mariadb.org/s/b09d0d077992e4331b5f9ec0d3ec448c-CDN/lu2bsh/820016/12ta74/0a8bac35585be7fc6c9cc5a0464cd4cf/_/download/contextbatch/js/_super/batch.js?locale=en","startTime":395.5,"connectEnd":395.5,"connectStart":395.5,"domainLookupEnd":395.5,"domainLookupStart":395.5,"fetchStart":395.5,"redirectEnd":0,"redirectStart":0,"requestStart":422.4000005722046,"responseEnd":464.30000019073486,"responseStart":435.1000003814697,"secureConnectionStart":395.5},{"duration":88.80000019073486,"initiatorType":"script","name":"https://jira.mariadb.org/s/b47ab3df14096803b180217eb8482517-CDN/lu2bsh/820016/12ta74/eb142f92e4bd16bd1ef8b08c1b9d5d56/_/download/contextbatch/js/jira.browse.project,project.issue.navigator,jira.view.issue,jira.general,jira.global,atl.general,-_super/batch.js?agile_global_admin_condition=true&jag=true&jira.create.linked.issue=true&locale=en&slack-enabled=true","startTime":395.6000003814697,"connectEnd":395.6000003814697,"connectStart":395.6000003814697,"domainLookupEnd":395.6000003814697,"domainLookupStart":395.6000003814697,"fetchStart":395.6000003814697,"redirectEnd":0,"redirectStart":0,"requestStart":425.1000003814697,"responseEnd":484.4000005722046,"responseStart":443.6000003814697,"secureConnectionStart":395.6000003814697},{"duration":39.29999923706055,"initiatorType":"script","name":"https://jira.mariadb.org/s/6c569cbf8087ab04e40d0bef98627457-CDN/lu2bsh/820016/12ta74/c92c0caa9a024ae85b0ebdbed7fb4bd7/_/download/contextbatch/js/atl.global,-_super/batch.js?locale=en","startTime":395.70000076293945,"connectEnd":395.70000076293945,"connectStart":395.70000076293945,"domainLookupEnd":395.70000076293945,"domainLookupStart":395.70000076293945,"fetchStart":395.70000076293945,"redirectEnd":0,"redirectStart":0,"requestStart":424.4000005722046,"responseEnd":435,"responseStart":434.4000005722046,"secureConnectionStart":395.70000076293945},{"duration":49.30000019073486,"initiatorType":"script","name":"https://jira.mariadb.org/s/d41d8cd98f00b204e9800998ecf8427e-CDN/lu2bsh/820016/12ta74/1.0/_/download/batch/jira.webresources:calendar-en/jira.webresources:calendar-en.js","startTime":395.9000005722046,"connectEnd":395.9000005722046,"connectStart":395.9000005722046,"domainLookupEnd":395.9000005722046,"domainLookupStart":395.9000005722046,"fetchStart":395.9000005722046,"redirectEnd":0,"redirectStart":0,"requestStart":425.4000005722046,"responseEnd":445.20000076293945,"responseStart":444.5,"secureConnectionStart":395.9000005722046},{"duration":64.80000019073486,"initiatorType":"script","name":"https://jira.mariadb.org/s/d41d8cd98f00b204e9800998ecf8427e-CDN/lu2bsh/820016/12ta74/1.0/_/download/batch/jira.webresources:calendar-localisation-moment/jira.webresources:calendar-localisation-moment.js","startTime":396,"connectEnd":396,"connectStart":396,"domainLookupEnd":396,"domainLookupStart":396,"fetchStart":396,"redirectEnd":0,"redirectStart":0,"requestStart":431.1000003814697,"responseEnd":460.80000019073486,"responseStart":459.9000005722046,"secureConnectionStart":396},{"duration":29.5,"initiatorType":"link","name":"https://jira.mariadb.org/s/b04b06a02d1959df322d9cded3aeecc1-CDN/lu2bsh/820016/12ta74/a2ff6aa845ffc9a1d22fe23d9ee791fc/_/download/contextbatch/css/jira.global.look-and-feel,-_super/batch.css","startTime":396.1000003814697,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":396.1000003814697,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":425.6000003814697,"responseStart":0,"secureConnectionStart":0},{"duration":45.59999942779541,"initiatorType":"script","name":"https://jira.mariadb.org/rest/api/1.0/shortcuts/820016/47140b6e0a9bc2e4913da06536125810/shortcuts.js?context=issuenavigation&context=issueaction","startTime":396.20000076293945,"connectEnd":431,"connectStart":431,"domainLookupEnd":431,"domainLookupStart":431,"fetchStart":396.20000076293945,"redirectEnd":0,"redirectStart":0,"requestStart":431.20000076293945,"responseEnd":441.80000019073486,"responseStart":440.80000019073486,"secureConnectionStart":431},{"duration":34.60000038146973,"initiatorType":"link","name":"https://jira.mariadb.org/s/3ac36323ba5e4eb0af2aa7ac7211b4bb-CDN/lu2bsh/820016/12ta74/d176f0986478cc64f24226b3d20c140d/_/download/contextbatch/css/com.atlassian.jira.projects.sidebar.init,-_super,-project.issue.navigator,-jira.view.issue/batch.css?jira.create.linked.issue=true","startTime":396.30000019073486,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":396.30000019073486,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":430.9000005722046,"responseStart":0,"secureConnectionStart":0},{"duration":52.39999961853027,"initiatorType":"script","name":"https://jira.mariadb.org/s/81b5d7c27af3ebc078cc4a36383678ba-CDN/lu2bsh/820016/12ta74/d176f0986478cc64f24226b3d20c140d/_/download/contextbatch/js/com.atlassian.jira.projects.sidebar.init,-_super,-project.issue.navigator,-jira.view.issue/batch.js?jira.create.linked.issue=true&locale=en","startTime":396.4000005722046,"connectEnd":396.4000005722046,"connectStart":396.4000005722046,"domainLookupEnd":396.4000005722046,"domainLookupStart":396.4000005722046,"fetchStart":396.4000005722046,"redirectEnd":0,"redirectStart":0,"requestStart":436.20000076293945,"responseEnd":448.80000019073486,"responseStart":446.30000019073486,"secureConnectionStart":396.4000005722046},{"duration":322.80000019073486,"initiatorType":"script","name":"https://jira.mariadb.org/s/d41d8cd98f00b204e9800998ecf8427e-CDN/lu2bsh/820016/12ta74/1.0/_/download/batch/jira.webresources:bigpipe-js/jira.webresources:bigpipe-js.js","startTime":406.4000005722046,"connectEnd":406.4000005722046,"connectStart":406.4000005722046,"domainLookupEnd":406.4000005722046,"domainLookupStart":406.4000005722046,"fetchStart":406.4000005722046,"redirectEnd":0,"redirectStart":0,"requestStart":509.5,"responseEnd":729.2000007629395,"responseStart":723.5,"secureConnectionStart":406.4000005722046},{"duration":323.20000076293945,"initiatorType":"script","name":"https://jira.mariadb.org/s/d41d8cd98f00b204e9800998ecf8427e-CDN/lu2bsh/820016/12ta74/1.0/_/download/batch/jira.webresources:bigpipe-init/jira.webresources:bigpipe-init.js","startTime":412,"connectEnd":412,"connectStart":412,"domainLookupEnd":412,"domainLookupStart":412,"fetchStart":412,"redirectEnd":0,"redirectStart":0,"requestStart":629.6000003814697,"responseEnd":735.2000007629395,"responseStart":731,"secureConnectionStart":412},{"duration":191.19999980926514,"initiatorType":"xmlhttprequest","name":"https://jira.mariadb.org/rest/webResources/1.0/resources","startTime":674.8000001907349,"connectEnd":674.8000001907349,"connectStart":674.8000001907349,"domainLookupEnd":674.8000001907349,"domainLookupStart":674.8000001907349,"fetchStart":674.8000001907349,"redirectEnd":0,"redirectStart":0,"requestStart":835.6000003814697,"responseEnd":866,"responseStart":865,"secureConnectionStart":674.8000001907349},{"duration":200.19999980926514,"initiatorType":"script","name":"https://www.google-analytics.com/analytics.js","startTime":889.3000001907349,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":889.3000001907349,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":1089.5,"responseStart":0,"secureConnectionStart":0}],"fetchStart":0,"domainLookupStart":0,"domainLookupEnd":0,"connectStart":0,"connectEnd":0,"requestStart":255,"responseStart":389,"responseEnd":412,"domLoading":393,"domInteractive":1041,"domContentLoadedEventStart":1041,"domContentLoadedEventEnd":1085,"domComplete":1684,"loadEventStart":1684,"loadEventEnd":1684,"userAgent":"Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)","marks":[{"name":"bigPipe.sidebar-id.start","time":1016.7000007629395},{"name":"bigPipe.sidebar-id.end","time":1017.5},{"name":"bigPipe.activity-panel-pipe-id.start","time":1017.6000003814697},{"name":"bigPipe.activity-panel-pipe-id.end","time":1019.8000001907349},{"name":"activityTabFullyLoaded","time":1099.3000001907349}],"measures":[],"correlationId":"4065841aee11cc","effectiveType":"4g","downlink":9.4,"rtt":0,"serverDuration":81,"dbReadsTimeInMs":13,"dbConnsTimeInMs":20,"applicationHash":"9d11dbea5f4be3d4cc21f03a88dd11d8c8687422","experiments":[]}}
Bug
Major
RQG-------# git clone https://github.com/mleich1/rqg --branch experimental RQG## GIT_SHOW: HEAD -> experimental, origin/experimental f1cb1e206678662cb17c7e1d948fd5e0a9fd50b7 2021-12-21T17:57:05+01:00# rqg.pl : Version 4.0.4 (2021-12)## $RQG_HOME/rqg.pl \# --grammar=conf/mariadb/table_stress_innodb_nocopy1.yy \# --gendata=conf/mariadb/table_stress.zz \# --gendata_sql=conf/mariadb/table_stress.sql \# --reporters=Mariabackup_linux \# --mysqld=--loose-innodb_lock_schedule_algorithm=fcfs \# --mysqld=--loose-idle_write_transaction_timeout=0 \# --mysqld=--loose-idle_transaction_timeout=0 \# --mysqld=--loose-idle_readonly_transaction_timeout=0 \# --mysqld=--connect_timeout=60 \# --mysqld=--interactive_timeout=28800 \# --mysqld=--slave_net_timeout=60 \# --mysqld=--net_read_timeout=30 \# --mysqld=--net_write_timeout=60 \# --mysqld=--loose-table_lock_wait_timeout=50 \# --mysqld=--wait_timeout=28800 \# --mysqld=--lock-wait-timeout=86400 \# --mysqld=--innodb-lock-wait-timeout=50 \# --no-mask \# --queries=10000000 \# --seed=random \# --reporters=Backtrace \# --reporters=ErrorLog \# --reporters=Deadlock1 \# --validators=None \# --mysqld=--log_output=none \# --mysqld=--log_bin_trust_function_creators=1 \# --mysqld=--loose-debug_assert_on_not_freed_memory=0 \# --engine=InnoDB \# --restart_timeout=240 \# --mysqld=--plugin-load-add=file_key_management.so \# --mysqld=--loose-file-key-management-filename=$RQG_HOME/conf/mariadb/encryption_keys.txt \# --duration=300 \# --mysqld=--loose-innodb_fatal_semaphore_wait_threshold=300 \# --mysqld=--loose-innodb_read_only_compressed=OFF \# --mysqld=--loose-innodb-sync-debug \# --mysqld=--innodb_stats_persistent=off \# --mysqld=--innodb_adaptive_hash_index=on \# --mysqld=--log-bin \# --mysqld=--sync-binlog=1 \# --mysqld=--loose-innodb_evict_tables_on_commit_debug=off \# --mysqld=--loose-max-statement-time=30 \# --threads=33 \# --mysqld=--innodb-use-native-aio=0 \# --mysqld=--loose-gdb \# --mysqld=--loose-debug-gdb \# --rr=Extended \# --rr_options=--chaos --wait \# --mysqld=--innodb_rollback_on_timeout=OFF \# --vardir_type=fast \# --mysqld=--innodb_page_size=32K \# --mysqld=--innodb-buffer-pool-size=256M \# --no_mask \# <local settings>