[MDEV-28937] AddressSanitizer: heap-use-after-free storage/innobase/handler/ha_innodb.cc:11217 in create_table_info_t::check_table_options() - Jira

Details

Type: Bug
Status: Stalled (View Workflow)
Priority: Critical
Resolution: Unresolved
Affects Version/s: 10.10.0
Fix Version/s: 10.11
Component/s: Partitioning
Labels:
- ASAN
- rr-profile

Description

# 2022-06-17T20:24:19 [2505911] | [rr 2508771 558859][rr 2508771 558863]==2508771==ERROR: AddressSanitizer: heap-use-after-free on address 0x61f0001317bc at pc 0x564286d307a7 bp 0x7f9edf2ba110 sp 0x7f9edf2ba100

# 2022-06-17T20:24:19 [2505911] | [rr 2508771 558866][rr 2508771 558868]READ of size 4 at 0x61f0001317bc thread T34

# 2022-06-17T20:24:19 [2505911] | [rr 2508771 562022]2022-06-17 20:17:13 0 [Warning] Aborted connection 42 to db: 'test' user: 'root' host: 'localhost' (KILLED)

# 2022-06-17T20:24:19 [2505911] | [rr 2508771 563053]2022-06-17 20:17:14 42 [Note] InnoDB: Online DDL : End of reading clustered index of the table and create temporary files

# 2022-06-17T20:24:19 [2505911] | [rr 2508771 563112]2022-06-17 20:17:14 16 [Note] InnoDB: Online DDL : End of reading clustered index of the table and create temporary files

# 2022-06-17T20:24:19 [2505911] | [rr 2508771 569167]    #0 0x564286d307a6 in create_table_info_t::check_table_options() /data/Server/bb-10.10-MDEV-11026B/storage/innobase/handler/ha_innodb.cc:11217

# 2022-06-17T20:24:19 [2505911] | [rr 2508771 569169]    #1 0x564286d34636 in create_table_info_t::prepare_create_table(char const*, bool) /data/Server/bb-10.10-MDEV-11026B/storage/innobase/handler/ha_innodb.cc:11988

# 2022-06-17T20:24:19 [2505911] | [rr 2508771 569171]    #2 0x564286d757f2 in ha_innobase::create(char const*, TABLE*, HA_CREATE_INFO*, bool, trx_t*) (/data/Server_bin/bb-10.10-MDEV-11026B_asan/bin/mariadbd+0x29137f2)

# 2022-06-17T20:24:19 [2505911] | [rr 2508771 569173]    #3 0x564286d412b9 in ha_innobase::truncate() /data/Server/bb-10.10-MDEV-11026B/storage/innobase/handler/ha_innodb.cc:13930

# 2022-06-17T20:24:19 [2505911] | [rr 2508771 569206]    #4 0x5642864889ad in handler::ha_truncate() /data/Server/bb-10.10-MDEV-11026B/sql/handler.cc:5070

# 2022-06-17T20:24:19 [2505911] | [rr 2508771 569222]    #5 0x564286c1ab9a in ha_partition::truncate_partition(Alter_info*, bool*) /data/Server/bb-10.10-MDEV-11026B/sql/ha_partition.cc:4913

# 2022-06-17T20:24:19 [2505911] | [rr 2508771 569228]    #6 0x56428606e4a5 in Sql_cmd_alter_table_truncate_partition::execute(THD*) /data/Server/bb-10.10-MDEV-11026B/sql/sql_partition_admin.cc:959

# 2022-06-17T20:24:19 [2505911] | [rr 2508771 569248]    #7 0x564285c40757 in mysql_execute_command(THD*, bool) /data/Server/bb-10.10-MDEV-11026B/sql/sql_parse.cc:5996

# 2022-06-17T20:24:19 [2505911] | [rr 2508771 569254]    #8 0x564285c4cc43 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /data/Server/bb-10.10-MDEV-11026B/sql/sql_parse.cc:8036

# 2022-06-17T20:24:19 [2505911] | [rr 2508771 569256]    #9 0x564285c24e0b in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /data/Server/bb-10.10-MDEV-11026B/sql/sql_parse.cc:1894

# 2022-06-17T20:24:19 [2505911] | [rr 2508771 569258]    #10 0x564285c22252 in do_command(THD*, bool) /data/Server/bb-10.10-MDEV-11026B/sql/sql_parse.cc:1407

# 2022-06-17T20:24:19 [2505911] | [rr 2508771 569264]    #11 0x564286066460 in do_handle_one_connection(CONNECT*, bool) /data/Server/bb-10.10-MDEV-11026B/sql/sql_connect.cc:1418

# 2022-06-17T20:24:19 [2505911] | [rr 2508771 569266]    #12 0x564286065cec in handle_one_connection /data/Server/bb-10.10-MDEV-11026B/sql/sql_connect.cc:1312

# 2022-06-17T20:24:19 [2505911] | [rr 2508771 569274]    #13 0x7f9f09f75608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477

# 2022-06-17T20:24:19 [2505911] | [rr 2508771 569276]    #14 0x7f9f09b48292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)

Query (0x6290011f8238): ALTER TABLE l TRUNCATE PARTITION p0 /* E_R Thread24 QNO 232 CON_ID 38 */

Status: KILL_TIMEOUT

pluto:/data/results/1655481418/TBR-1402

_RR_TRACE_DIR=./1/rr/ rr replay

origin/bb-10.10-MDEV-11026 cfb6106e511cae168aaba4fa2964d2c110ed834a 2022-06-17T17:33:15+03:00

Hitting that problem is rare and happened up till today on 10.8 - 10.10

development trees only.

But per Marko this is a problem of partitioning and not related to the modifications in these trees.

His analysis of the problem could be found in https://jira.mariadb.org/browse/MDEV-11026

There the problem is called "failure 2".

RQG

===

# git clone https://github.com/mleich1/rqg --branch experimental RQG

# GIT_SHOW: HEAD -> experimental, origin/experimental a32979c6d789ddf0982e6a56af687565be00590c 2022-06-14T17:21:56+02:00

# rqg.pl  : Version 4.0.6 (2022-05)

# $RQG_HOME/rqg.pl \

# --grammar=conf/mariadb/partitions_innodb.yy \

# --redefine=conf/mariadb/redefine_innodb_io_threads_dynamic.yy \

# --mysqld=--loose-innodb_lock_schedule_algorithm=fcfs \

# --mysqld=--loose-idle_write_transaction_timeout=0 \

# --mysqld=--loose-idle_transaction_timeout=0 \

# --mysqld=--loose-idle_readonly_transaction_timeout=0 \

# --mysqld=--connect_timeout=60 \

# --mysqld=--interactive_timeout=28800 \

# --mysqld=--slave_net_timeout=60 \

# --mysqld=--net_read_timeout=30 \

# --mysqld=--net_write_timeout=60 \

# --mysqld=--loose-table_lock_wait_timeout=50 \

# --mysqld=--wait_timeout=28800 \

# --mysqld=--lock-wait-timeout=86400 \

# --mysqld=--innodb-lock-wait-timeout=50 \

# --no-mask \

# --queries=10000000 \

# --seed=random \

# --reporters=Backtrace \

# --reporters=ErrorLog \

# --reporters=Deadlock1 \

# --validators=None \

# --mysqld=--log_output=none \

# --mysqld=--log_bin_trust_function_creators=1 \

# --mysqld=--loose-debug_assert_on_not_freed_memory=0 \

# --engine=InnoDB \

# --restart_timeout=240 \

# --mysqld=--plugin-load-add=file_key_management.so \

# --mysqld=--loose-file-key-management-filename=$RQG_HOME/conf/mariadb/encryption_keys.txt \

# --mysqld=--plugin-load-add=provider_lzo.so \

# --mysqld=--plugin-load-add=provider_bzip2.so \

# --mysqld=--plugin-load-add=provider_lzma.so \

# --mysqld=--plugin-load-add=provider_snappy.so \

# --mysqld=--plugin-load-add=provider_lz4.so \

# --duration=300 \

# --mysqld=--loose-innodb_fatal_semaphore_wait_threshold=300 \

# --mysqld=--loose-innodb_read_only_compressed=OFF \

# --mysqld=--innodb_stats_persistent=on \

# --mysqld=--innodb_adaptive_hash_index=off \

# --mysqld=--loose-innodb_evict_tables_on_commit_debug=on \

# --mysqld=--loose-max-statement-time=30 \

# --threads=33 \

# --mysqld=--innodb-use-native-aio=0 \

# --mysqld=--loose-gdb \

# --mysqld=--loose-debug-gdb \

# --rr=Extended \

# --rr_options=--wait \

# --mysqld=--loose_innodb_change_buffering=deletes \

# --mysqld=--innodb_rollback_on_timeout=ON \

# --vardir_type=fast \

# --mysqld=--innodb_page_size=32K \

# --mysqld=--innodb-buffer-pool-size=24M \

# --no_mask \

# <local settings>

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

MDEV-28937.cfg
47 kB
2024-12-30 13:30
MDEV-28937.yy
0.6 kB
2024-12-30 13:31
REPLAY_SIMP_slow.sh
12 kB
2024-12-30 13:31

Activity

Transition	Time In Source Status	Execution Times

Nayuta Yanagisawa (Inactive) made transition - 2022-10-03 12:11

Open

In Progress

101d 19h 24m

1

Alexey Botchkov made transition - 2025-01-14 22:12

Stalled

In Progress

652d 8h 53m

3

JiraAutomate made transition - 2025-03-02 17:14

In Progress

Stalled

228d 20h 10m

4

MariaDB Server

AddressSanitizer: heap-use-after-free storage/innobase/handler/ha_innodb.cc:11217 in create_table_info_t::check_table_options()

Details

Description

Attachments

Attachments

Activity

People

Dates

Git Integration