Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-30648

btr_estimate_n_rows_in_range() accesses unfixed, unlatched page

    XMLWordPrintable

Details

    Description

      Some RQG test ends with a SEGV
      		 
      (backtrace taken from server error log)
      		 
      # 2023-02-13T05:10:43 [3309421] | ==3313011==ERROR: AddressSanitizer: use-after-poison on address 0x7ff13d319028 at pc 0x5586b23a4291 bp 0x7ff118f792b0 sp 0x7ff118f792a0
      		 
      # 2023-02-13T05:10:43 [3309421] | READ of size 1 at 0x7ff13d319028 thread T63
      		 
      # 2023-02-13T05:10:43 [3309421] |     #0 0x5586b23a4290 in mach_read_from_2 /data/Server/bb-10.6-MDEV-26055-2-MDEV-26827-MDEV-30134-MDEV-30638/storage/innobase/include/mach0data.inl:85
      		 
      # 2023-02-13T05:10:43 [3309421] |     #1 0x5586b23a4290 in page_header_get_field(unsigned char const*, unsigned long) /data/Server/bb-10.6-MDEV-26055-2-MDEV-26827-MDEV-30134-MDEV-30638/storage/innobase/include/page0page.h:504
      		 
      # 2023-02-13T05:10:43 [3309421] |     #2 0x5586b23a4290 in page_rec_check /data/Server/bb-10.6-MDEV-26055-2-MDEV-26827-MDEV-30134-MDEV-30638/storage/innobase/include/page0page.inl:310
      		 
      # 2023-02-13T05:10:43 [3309421] |     #3 0x5586b24080f5 in page_rec_is_infimum(unsigned char const*) /data/Server/bb-10.6-MDEV-26055-2-MDEV-26827-MDEV-30134-MDEV-30638/storage/innobase/include/page0page.inl:176
      		 
      # 2023-02-13T05:10:43 [3309421] |     #4 0x5586b2998c0a in btr_est_cur_t::should_count_the_left_border() const /data/Server/bb-10.6-MDEV-26055-2-MDEV-26827-MDEV-30134-MDEV-30638/storage/innobase/btr/btr0cur.cc:5014
      		 
      # 2023-02-13T05:10:43 [3309421] |     #5 0x5586b2998c0a in btr_estimate_n_rows_in_range(dict_index_t*, btr_pos_t*, btr_pos_t*) /data/Server/bb-10.6-MDEV-26055-2-MDEV-26827-MDEV-30134-MDEV-30638/storage/innobase/btr/btr0cur.cc:5394
      		 
      # 2023-02-13T05:10:43 [3309421] |     #6 0x5586b23c4fe1 in ha_innobase::records_in_range(unsigned int, st_key_range const*, st_key_range const*, st_page_range*) /data/Server/bb-10.6-MDEV-26055-2-MDEV-26827-MDEV-30134-MDEV-30638/storage/innobase/handler/ha_innodb.cc:14341
      		 
      # 2023-02-13T05:10:43 [3309421] |     #7 0x5586b15a5d2e in handler::multi_range_read_info_const(unsigned int, st_range_seq_if*, void*, unsigned int, unsigned int*, unsigned int*, Cost_estimate*) /data/Server/bb-10.6-MDEV-26055-2-MDEV-26827-MDEV-30134-MDEV-30638/sql/multi_range_read.cc:177
      		 
      # 2023-02-13T05:10:43 [3309421] |     #8 0x5586b15aebc3 in DsMrr_impl::dsmrr_info_const(unsigned int, st_range_seq_if*, void*, unsigned int, unsigned int*, unsigned int*, Cost_estimate*) /data/Server/bb-10.6-MDEV-26055-2-MDEV-26827-MDEV-30134-MDEV-30638/sql/multi_range_read.cc:1710
      		 
      # 2023-02-13T05:10:43 [3309421] |     #9 0x5586b239d028 in ha_innobase::multi_range_read_info_const(unsigned int, st_range_seq_if*, void*, unsigned int, unsigned int*, unsigned int*, Cost_estimate*) /data/Server/bb-10.6-MDEV-26055-2-MDEV-26827-MDEV-30134-MDEV-30638/storage/innobase/handler/ha_innodb.cc:20018
      		 
      # 2023-02-13T05:10:43 [3309421] |     #10 0x5586b1f094f8 in check_quick_select /data/Server/bb-10.6-MDEV-26055-2-MDEV-26827-MDEV-30134-MDEV-30638/sql/opt_range.cc:11573
      		 
      # 2023-02-13T05:10:43 [3309421] |     #11 0x5586b1f1ef55 in get_key_scans_params /data/Server/bb-10.6-MDEV-26055-2-MDEV-26827-MDEV-30134-MDEV-30638/sql/opt_range.cc:7484
      		 
      # 2023-02-13T05:10:43 [3309421] |     #12 0x5586b1f66f36 in SQL_SELECT::test_quick_select(THD*, Bitmap<64u>, unsigned long long, unsigned long long, bool, bool, bool, bool) /data/Server/bb-10.6-MDEV-26055-2-MDEV-26827-MDEV-30134-MDEV-30638/sql/opt_range.cc:2935
      		 
      # 2023-02-13T05:10:43 [3309421] |     #13 0x5586b1115c0e in get_quick_record_count /data/Server/bb-10.6-MDEV-26055-2-MDEV-26827-MDEV-30134-MDEV-30638/sql/sql_select.cc:5106
      		 
      # 2023-02-13T05:10:43 [3309421] |     #14 0x5586b11fc111 in make_join_statistics /data/Server/bb-10.6-MDEV-26055-2-MDEV-26827-MDEV-30134-MDEV-30638/sql/sql_select.cc:5833
      		 
      # 2023-02-13T05:10:43 [3309421] |     #15 0x5586b120e98b in JOIN::optimize_inner() /data/Server/bb-10.6-MDEV-26055-2-MDEV-26827-MDEV-30134-MDEV-30638/sql/sql_select.cc:2504
      		 
      # 2023-02-13T05:10:43 [3309421] |     #16 0x5586b120f293 in JOIN::optimize() /data/Server/bb-10.6-MDEV-26055-2-MDEV-26827-MDEV-30134-MDEV-30638/sql/sql_select.cc:1843
      		 
      # 2023-02-13T05:10:43 [3309421] |     #17 0x5586b120f48f in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/Server/bb-10.6-MDEV-26055-2-MDEV-26827-MDEV-30134-MDEV-30638/sql/sql_select.cc:5048
      		 
      # 2023-02-13T05:10:43 [3309421] |     #18 0x5586b1210f08 in handle_select(THD*, LEX*, select_result*, unsigned long) /data/Server/bb-10.6-MDEV-26055-2-MDEV-26827-MDEV-30134-MDEV-30638/sql/sql_select.cc:554
      		 
      # 2023-02-13T05:10:43 [3309421] |     #19 0x5586b1066791 in execute_sqlcom_select /data/Server/bb-10.6-MDEV-26055-2-MDEV-26827-MDEV-30134-MDEV-30638/sql/sql_parse.cc:6261
      		 
      # 2023-02-13T05:10:43 [3309421] |     #20 0x5586b108e2a5 in mysql_execute_command(THD*, bool) /data/Server/bb-10.6-MDEV-26055-2-MDEV-26827-MDEV-30134-MDEV-30638/sql/sql_parse.cc:3949
      		 
      # 2023-02-13T05:10:43 [3309421] |     #21 0x5586b109e230 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /data/Server/bb-10.6-MDEV-26055-2-MDEV-26827-MDEV-30134-MDEV-30638/sql/sql_parse.cc:8021
      		 
      # 2023-02-13T05:10:43 [3309421] |     #22 0x5586b10a4a6b in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /data/Server/bb-10.6-MDEV-26055-2-MDEV-26827-MDEV-30134-MDEV-30638/sql/sql_parse.cc:1896
      		 
      # 2023-02-13T05:10:43 [3309421] |     #23 0x5586b10a9aca in do_command(THD*, bool) /data/Server/bb-10.6-MDEV-26055-2-MDEV-26827-MDEV-30134-MDEV-30638/sql/sql_parse.cc:1409
      		 
      # 2023-02-13T05:10:43 [3309421] |     #24 0x5586b14c8f33 in do_handle_one_connection(CONNECT*, bool) /data/Server/bb-10.6-MDEV-26055-2-MDEV-26827-MDEV-30134-MDEV-30638/sql/sql_connect.cc:1416
      		 
      # 2023-02-13T05:10:43 [3309421] |     #25 0x5586b14c9599 in handle_one_connection /data/Server/bb-10.6-MDEV-26055-2-MDEV-26827-MDEV-30134-MDEV-30638/sql/sql_connect.cc:1318
      		 
      # 2023-02-13T05:10:43 [3309421] |     #26 0x7ff1495a7b42 in start_thread nptl/pthread_create.c:442
      		 
      # 2023-02-13T05:10:43 [3309421] |     #27 0x7ff1496399ff  (/lib/x86_64-linux-gnu/libc.so.6+0x1269ff)
      		 
      ...
      		 
      # 2023-02-13T05:10:43 [3309421] | Query (0x62b0001e3238): SELECT SUM(`pad`) FROM `oltp3` WHERE `id` BETWEEN 9294 AND 59338 /* E_R Thread19 QNO 11060 CON_ID 32 */
      		 
      ...
      		 
      # 2023-02-13T05:10:43 [3309421] | Status: NOT_KILLED
      		 
      origin/bb-10.6-MDEV-26055-2-MDEV-26827-MDEV-30134-MDEV-30638 1758349676aebb176e4c6d50b2eaa78b7298fe39 2023-02-13T10:37:23+02:00
      		 
       
      		 
      sdp:/data1/results/1676285404/SEGV/
      		 
      gdb -c ./1/data/core.3313011 /data/Server_bin/bb-10.6-MDEV-26055-2-MDEV-26827-MDEV-30134-MDEV-30638_asan_Og/bin/mysqld
      		 
       
      		 
      Per initial analysis of Marko the problem should be in the main trees too.
      		 
       
      		 
      RQG
      		 
      ------
      		 
      # git clone https://github.com/mleich1/rqg --branch <pick the right branch> RQG
      		 
      #
      		 
      # GIT_SHOW: HEAD -> master, origin/master, origin/HEAD 59501a648871529e16fe0ae18cb24183685590e1 2023-02-13T11:22:10+01:00
      		 
      # rqg.pl  : Version 4.2.1 (2022-12)
      		 
      #
      		 
      # $RQG_HOME/rqg.pl \
      		 
      # --grammar=conf/mariadb/oltp-transactional.yy \
      		 
      # --gendata=conf/mariadb/oltp.zz \
      		 
      # --max_gd_duration=900 \
      		 
      # --mysqld=--transaction-isolation=REPEATABLE-READ \
      		 
      # --validator=SelectStability \
      		 
      # --mysqld=--loose-innodb_lock_schedule_algorithm=fcfs \
      		 
      # --mysqld=--loose-idle_write_transaction_timeout=0 \
      		 
      # --mysqld=--loose-idle_transaction_timeout=0 \
      		 
      # --mysqld=--loose-idle_readonly_transaction_timeout=0 \
      		 
      # --mysqld=--connect_timeout=60 \
      		 
      # --mysqld=--interactive_timeout=28800 \
      		 
      # --mysqld=--slave_net_timeout=60 \
      		 
      # --mysqld=--net_read_timeout=30 \
      		 
      # --mysqld=--net_write_timeout=60 \
      		 
      # --mysqld=--loose-table_lock_wait_timeout=50 \
      		 
      # --mysqld=--wait_timeout=28800 \
      		 
      # --mysqld=--lock-wait-timeout=86400 \
      		 
      # --mysqld=--innodb-lock-wait-timeout=50 \
      		 
      # --no-mask \
      		 
      # --queries=10000000 \
      		 
      # --seed=random \
      		 
      # --reporters=Backtrace \
      		 
      # --reporters=ErrorLog \
      		 
      # --reporters=Deadlock \
      		 
      # --validators=None \
      		 
      # --mysqld=--log_output=none \
      		 
      # --mysqld=--log_bin_trust_function_creators=1 \
      		 
      # --mysqld=--loose-debug_assert_on_not_freed_memory=0 \
      		 
      # --engine=InnoDB \
      		 
      # --restart_timeout=240 \
      		 
      # --mysqld=--plugin-load-add=file_key_management.so \
      		 
      # --mysqld=--loose-file-key-management-filename=$RQG_HOME/conf/mariadb/encryption_keys.txt \
      		 
      # --mysqld=--plugin-load-add=provider_lzo.so \
      		 
      # --mysqld=--plugin-load-add=provider_bzip2.so \
      		 
      # --mysqld=--plugin-load-add=provider_lzma.so \
      		 
      # --mysqld=--plugin-load-add=provider_snappy.so \
      		 
      # --mysqld=--plugin-load-add=provider_lz4.so \
      		 
      # --duration=300 \
      		 
      # --mysqld=--loose-innodb_fatal_semaphore_wait_threshold=300 \
      		 
      # --mysqld=--innodb_file_per_table=0 \
      		 
      # --mysqld=--loose-innodb_read_only_compressed=OFF \
      		 
      # --mysqld=--innodb_stats_persistent=off \
      		 
      # --mysqld=--innodb_adaptive_hash_index=off \
      		 
      # --mysqld=--innodb_sort_buffer_size=65536 \
      		 
      # --mysqld=--loose-innodb_evict_tables_on_commit_debug=off \
      		 
      # --mysqld=--loose-max-statement-time=30 \
      		 
      # --threads=33 \
      		 
      # --mysqld=--innodb_use_native_aio=1 \
      		 
      # --mysqld=--innodb_undo_log_truncate=OFF \
      		 
      # --mysqld=--loose_innodb_change_buffering=purges \
      		 
      # --mysqld=--innodb_undo_tablespaces=3 \
      		 
      # --mysqld=--innodb_rollback_on_timeout=OFF \
      		 
      # --mysqld=--innodb_page_size=4K \
      		 
      # --mysqld=--innodb-buffer-pool-size=5M \
      		 
      # <local settings>

      Attachments

        Issue Links

          is caused by

          Bug - A problem which impairs or prevents the functions of the product. MDEV-30400 Assertion `height == btr_page_get_level(page_cur_get_page(page_cursor))' failed in btr_cur_search_to_nth_level on INSERT

          • Blocker - Blocks development and/or testing work, production could not run.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-21136 InnoDB's records_in_range estimates can be way off

          • Major - Major loss of function.
          • Closed

          Activity

            People

              vlad.lesin Vladislav Lesin
              mleich Matthias Leich
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.