Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-28937

AddressSanitizer: heap-use-after-free storage/innobase/handler/ha_innodb.cc:11217 in create_table_info_t::check_table_options()

Details

    Description

      # 2022-06-17T20:24:19 [2505911] | [rr 2508771 558859][rr 2508771 558863]==2508771==ERROR: AddressSanitizer: heap-use-after-free on address 0x61f0001317bc at pc 0x564286d307a7 bp 0x7f9edf2ba110 sp 0x7f9edf2ba100
      		 
      # 2022-06-17T20:24:19 [2505911] | [rr 2508771 558866][rr 2508771 558868]READ of size 4 at 0x61f0001317bc thread T34
      		 
      # 2022-06-17T20:24:19 [2505911] | [rr 2508771 562022]2022-06-17 20:17:13 0 [Warning] Aborted connection 42 to db: 'test' user: 'root' host: 'localhost' (KILLED)
      		 
      # 2022-06-17T20:24:19 [2505911] | [rr 2508771 563053]2022-06-17 20:17:14 42 [Note] InnoDB: Online DDL : End of reading clustered index of the table and create temporary files
      		 
      # 2022-06-17T20:24:19 [2505911] | [rr 2508771 563112]2022-06-17 20:17:14 16 [Note] InnoDB: Online DDL : End of reading clustered index of the table and create temporary files
      		 
      # 2022-06-17T20:24:19 [2505911] | [rr 2508771 569167]    #0 0x564286d307a6 in create_table_info_t::check_table_options() /data/Server/bb-10.10-MDEV-11026B/storage/innobase/handler/ha_innodb.cc:11217
      		 
      # 2022-06-17T20:24:19 [2505911] | [rr 2508771 569169]    #1 0x564286d34636 in create_table_info_t::prepare_create_table(char const*, bool) /data/Server/bb-10.10-MDEV-11026B/storage/innobase/handler/ha_innodb.cc:11988
      		 
      # 2022-06-17T20:24:19 [2505911] | [rr 2508771 569171]    #2 0x564286d757f2 in ha_innobase::create(char const*, TABLE*, HA_CREATE_INFO*, bool, trx_t*) (/data/Server_bin/bb-10.10-MDEV-11026B_asan/bin/mariadbd+0x29137f2)
      		 
      # 2022-06-17T20:24:19 [2505911] | [rr 2508771 569173]    #3 0x564286d412b9 in ha_innobase::truncate() /data/Server/bb-10.10-MDEV-11026B/storage/innobase/handler/ha_innodb.cc:13930
      		 
      # 2022-06-17T20:24:19 [2505911] | [rr 2508771 569206]    #4 0x5642864889ad in handler::ha_truncate() /data/Server/bb-10.10-MDEV-11026B/sql/handler.cc:5070
      		 
      # 2022-06-17T20:24:19 [2505911] | [rr 2508771 569222]    #5 0x564286c1ab9a in ha_partition::truncate_partition(Alter_info*, bool*) /data/Server/bb-10.10-MDEV-11026B/sql/ha_partition.cc:4913
      		 
      # 2022-06-17T20:24:19 [2505911] | [rr 2508771 569228]    #6 0x56428606e4a5 in Sql_cmd_alter_table_truncate_partition::execute(THD*) /data/Server/bb-10.10-MDEV-11026B/sql/sql_partition_admin.cc:959
      		 
      # 2022-06-17T20:24:19 [2505911] | [rr 2508771 569248]    #7 0x564285c40757 in mysql_execute_command(THD*, bool) /data/Server/bb-10.10-MDEV-11026B/sql/sql_parse.cc:5996
      		 
      # 2022-06-17T20:24:19 [2505911] | [rr 2508771 569254]    #8 0x564285c4cc43 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /data/Server/bb-10.10-MDEV-11026B/sql/sql_parse.cc:8036
      		 
      # 2022-06-17T20:24:19 [2505911] | [rr 2508771 569256]    #9 0x564285c24e0b in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /data/Server/bb-10.10-MDEV-11026B/sql/sql_parse.cc:1894
      		 
      # 2022-06-17T20:24:19 [2505911] | [rr 2508771 569258]    #10 0x564285c22252 in do_command(THD*, bool) /data/Server/bb-10.10-MDEV-11026B/sql/sql_parse.cc:1407
      		 
      # 2022-06-17T20:24:19 [2505911] | [rr 2508771 569264]    #11 0x564286066460 in do_handle_one_connection(CONNECT*, bool) /data/Server/bb-10.10-MDEV-11026B/sql/sql_connect.cc:1418
      		 
      # 2022-06-17T20:24:19 [2505911] | [rr 2508771 569266]    #12 0x564286065cec in handle_one_connection /data/Server/bb-10.10-MDEV-11026B/sql/sql_connect.cc:1312
      		 
      # 2022-06-17T20:24:19 [2505911] | [rr 2508771 569274]    #13 0x7f9f09f75608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477
      		 
      # 2022-06-17T20:24:19 [2505911] | [rr 2508771 569276]    #14 0x7f9f09b48292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)
      		 
       
      		 
      Query (0x6290011f8238): ALTER TABLE l TRUNCATE PARTITION p0 /* E_R Thread24 QNO 232 CON_ID 38 */
      		 
      Status: KILL_TIMEOUT
      		 
       
      		 
      pluto:/data/results/1655481418/TBR-1402
      		 
      _RR_TRACE_DIR=./1/rr/ rr replay
      		 
       
      		 
      origin/bb-10.10-MDEV-11026 cfb6106e511cae168aaba4fa2964d2c110ed834a 2022-06-17T17:33:15+03:00
      		 
      Hitting that problem is rare and happened up till today on 10.8 - 10.10
      		 
      development trees only.
      		 
      But per Marko this is a problem of partitioning and not related to the modifications in these trees.
      		 
      His analysis of the problem could be found in https://jira.mariadb.org/browse/MDEV-11026
      		 
      There the problem is called "failure 2".
      		 
       
      		 
       
      		 
      RQG
      		 
      ===
      		 
      # git clone https://github.com/mleich1/rqg --branch experimental RQG
      		 
      #
      		 
      # GIT_SHOW: HEAD -> experimental, origin/experimental a32979c6d789ddf0982e6a56af687565be00590c 2022-06-14T17:21:56+02:00
      		 
      # rqg.pl  : Version 4.0.6 (2022-05)
      		 
      #
      		 
      # $RQG_HOME/rqg.pl \
      		 
      # --grammar=conf/mariadb/partitions_innodb.yy \
      		 
      # --redefine=conf/mariadb/redefine_innodb_io_threads_dynamic.yy \
      		 
      # --mysqld=--loose-innodb_lock_schedule_algorithm=fcfs \
      		 
      # --mysqld=--loose-idle_write_transaction_timeout=0 \
      		 
      # --mysqld=--loose-idle_transaction_timeout=0 \
      		 
      # --mysqld=--loose-idle_readonly_transaction_timeout=0 \
      		 
      # --mysqld=--connect_timeout=60 \
      		 
      # --mysqld=--interactive_timeout=28800 \
      		 
      # --mysqld=--slave_net_timeout=60 \
      		 
      # --mysqld=--net_read_timeout=30 \
      		 
      # --mysqld=--net_write_timeout=60 \
      		 
      # --mysqld=--loose-table_lock_wait_timeout=50 \
      		 
      # --mysqld=--wait_timeout=28800 \
      		 
      # --mysqld=--lock-wait-timeout=86400 \
      		 
      # --mysqld=--innodb-lock-wait-timeout=50 \
      		 
      # --no-mask \
      		 
      # --queries=10000000 \
      		 
      # --seed=random \
      		 
      # --reporters=Backtrace \
      		 
      # --reporters=ErrorLog \
      		 
      # --reporters=Deadlock1 \
      		 
      # --validators=None \
      		 
      # --mysqld=--log_output=none \
      		 
      # --mysqld=--log_bin_trust_function_creators=1 \
      		 
      # --mysqld=--loose-debug_assert_on_not_freed_memory=0 \
      		 
      # --engine=InnoDB \
      		 
      # --restart_timeout=240 \
      		 
      # --mysqld=--plugin-load-add=file_key_management.so \
      		 
      # --mysqld=--loose-file-key-management-filename=$RQG_HOME/conf/mariadb/encryption_keys.txt \
      		 
      # --mysqld=--plugin-load-add=provider_lzo.so \
      		 
      # --mysqld=--plugin-load-add=provider_bzip2.so \
      		 
      # --mysqld=--plugin-load-add=provider_lzma.so \
      		 
      # --mysqld=--plugin-load-add=provider_snappy.so \
      		 
      # --mysqld=--plugin-load-add=provider_lz4.so \
      		 
      # --duration=300 \
      		 
      # --mysqld=--loose-innodb_fatal_semaphore_wait_threshold=300 \
      		 
      # --mysqld=--loose-innodb_read_only_compressed=OFF \
      		 
      # --mysqld=--innodb_stats_persistent=on \
      		 
      # --mysqld=--innodb_adaptive_hash_index=off \
      		 
      # --mysqld=--loose-innodb_evict_tables_on_commit_debug=on \
      		 
      # --mysqld=--loose-max-statement-time=30 \
      		 
      # --threads=33 \
      		 
      # --mysqld=--innodb-use-native-aio=0 \
      		 
      # --mysqld=--loose-gdb \
      		 
      # --mysqld=--loose-debug-gdb \
      		 
      # --rr=Extended \
      		 
      # --rr_options=--wait \
      		 
      # --mysqld=--loose_innodb_change_buffering=deletes \
      		 
      # --mysqld=--innodb_rollback_on_timeout=ON \
      		 
      # --vardir_type=fast \
      		 
      # --mysqld=--innodb_page_size=32K \
      		 
      # --mysqld=--innodb-buffer-pool-size=24M \
      		 
      # --no_mask \
      		 
      # <local settings>

      Attachments

        1. MDEV-28937.cfg
          47 kB
        2. MDEV-28937.yy
          0.6 kB
        3. REPLAY_SIMP_slow.sh
          12 kB

        Activity

          Ascending order - Click to sort in descending order
          nayuta-yanagisawa Nayuta Yanagisawa (Inactive) added a comment -

          mleich I'm now checking the issue. Could you still provide the rr trace of the ASAN crash.

          nayuta-yanagisawa Nayuta Yanagisawa (Inactive) added a comment - mleich I'm now checking the issue. Could you still provide the rr trace of the ASAN crash.
          ycp Yuchen Pei added a comment - - edited

          Is there a testcase to reproduce this issue locally?

          Update: had a discussion with holyfoot last Thursday about this issue and my takeaway is that the testcase is likely to reprod with the same rqg command if the bug is still present

          ycp Yuchen Pei added a comment - - edited Is there a testcase to reproduce this issue locally? Update: had a discussion with holyfoot last Thursday about this issue and my takeaway is that the testcase is likely to reprod with the same rqg command if the bug is still present

          People

            holyfoot Alexey Botchkov
            mleich Matthias Leich
            Votes:
            1 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.