[MDEV-31996] Segfault when setting spider_delete_all_rows to 0 and delete all rows of a spider table, ASAN heap-use-after-free in spider_db_delete_all_rows - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Critical
Resolution: Fixed
Affects Version/s: 10.5, 10.6, 10.9(EOL), 10.10(EOL), 10.11, 11.0(EOL), 11.1(EOL), 11.2(EOL)
Fix Version/s: 10.4.32, 10.5.23, 10.6.16, 10.10.7, 10.11.6, 11.0.4, 11.1.3
Component/s: Storage Engine - Spider
Labels:
- not-10.5
- regression-10.6

Description

Affects 11.2 73915d2cdad2d539ce984529bb6e64dc082ecd52 and does not affect 10.4 e9f3ca612528c5f917e27ef6113fd1deda2aef26

Test to reproduce (put under say spider/bugfix suite):

--disable_query_log

--disable_result_log

--source ../../t/test_init.inc

--enable_result_log

--enable_query_log

evalp CREATE SERVER srv FOREIGN DATA WRAPPER mysql

OPTIONS (SOCKET "$MASTER_1_MYSOCK", DATABASE 'test',user 'root');

set session spider_delete_all_rows_type=0;

create table t2 (c int);

create table t1 (c int) ENGINE=Spider

COMMENT='WRAPPER "mysql", srv "srv",TABLE "t2", delete_all_rows_type "0"';

insert ignore into t1 values (42), (378);

select * from t1;

delete from t1;

select * from t1;

drop table t1, t2;

drop server srv;

--disable_query_log

--disable_result_log

--source ../../t/test_deinit.inc

--enable_result_log

--enable_query_log

--echo #

--echo # end of test tmp

--echo #

Trace in mtr output:

mysys/stacktrace.c:215(my_print_stacktrace)[0x55bf85b4b891]

sql/signal_handler.cc:241(handle_fatal_signal)[0x55bf852ce514]

/lib/x86_64-linux-gnu/libpthread.so.0(+0x13140)[0x7fcad4843140]

/lib/x86_64-linux-gnu/libc.so.6(+0x15e319)[0x7fcad4078319]

/lib/x86_64-linux-gnu/libc.so.6(+0x68f76)[0x7fcad3f82f76]

/lib/x86_64-linux-gnu/libc.so.6(+0x69f44)[0x7fcad3f83f44]

/lib/x86_64-linux-gnu/libc.so.6(+0x670d4)[0x7fcad3f810d4]

/lib/x86_64-linux-gnu/libc.so.6(_IO_fprintf+0x96)[0x7fcad3f6dcc6]

mysys/thr_mutex.c:296(safe_mutex_lock)[0x55bf85b5013b]

mysys/my_thr_init.c:487(psi_mutex_lock)[0x55bf85b49a1d]

psi/mysql_thread.h:746(inline_mysql_mutex_lock)[0x7fcac0277fdb]

spider/spd_db_conn.cc:6701(spider_db_delete_all_rows(ha_spider*))[0x7fcac029a508]

spider/ha_spider.cc:8422(ha_spider::delete_all_rows())[0x7fcac0341e4c]

sql/handler.cc:5272(handler::ha_delete_all_rows())[0x55bf852e0a30]

sql/sql_delete.cc:438(Sql_cmd_delete::delete_from_single_table(THD*))[0x55bf84e80b99]

sql/sql_delete.cc:1794(Sql_cmd_delete::execute_inner(THD*))[0x55bf84e85a95]

sql/sql_select.cc:33356(Sql_cmd_dml::execute(THD*))[0x55bf84fa76f5]

sql/sql_parse.cc:4394(mysql_execute_command(THD*, bool))[0x55bf84ee9c51]

sql/sql_parse.cc:7799(mysql_parse(THD*, char*, unsigned int, Parser_state*))[0x55bf84ef4fe7]

sql/sql_parse.cc:1895(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool))[0x55bf84ee2592]

sql/sql_parse.cc:1406(do_command(THD*, bool))[0x55bf84ee0f60]

sql/sql_connect.cc:1445(do_handle_one_connection(CONNECT*, bool))[0x55bf850c8c0a]

sql/sql_connect.cc:1349(handle_one_connection)[0x55bf850c8975]

perfschema/pfs.cc:2203(pfs_spawn_thread)[0x55bf855dc062]

/lib/x86_64-linux-gnu/libpthread.so.0(+0x7ea7)[0x7fcad4837ea7]

/lib/x86_64-linux-gnu/libc.so.6(clone+0x3f)[0x7fcad4016a2f]

Attachments

Issue Links

is caused by

MDEV-19002 Partition performance optimization

Stalled

is part of

MDEV-29962 SIGSEGV in ha_spider::lock_tables on BEGIN after table lock

Closed

relates to

MDEV-27902 Spider: Crashes, asserts, hangs, memory corruptions and ASAN heap-use-after-free's

Closed

MDEV-28683 Spider: SIGSEGV in spider_db_direct_delete, SIGSEGV in spider_db_connect, ASAN: heap-use-after-free in spider_db_direct_delete

Closed

Activity

Ascending order - Click to sort in descending order

View 5 older comments

Yuchen Pei added a comment - 2023-10-06 00:15

I can confirm the following commit causes the regression:

commit e954d9de886aebc68c39240304fe97ae88276dbb

Author: Kentoku SHIBA <kentokushiba@gmail.com>

Date:   Tue Mar 3 02:50:40 2020 +0900

    MDEV-19002 Spider performance optimization with partition

    Change the following function for batch call instead of each partition

    - store_lock

    - external_lock

    - start_stmt

    - extra

    - cond_push

    - info_push

    - top_table

Yuchen Pei added a comment - 2023-10-06 00:15 I can confirm the following commit causes the regression: commit e954d9de886aebc68c39240304fe97ae88276dbb Author: Kentoku SHIBA <kentokushiba@gmail.com> Date: Tue Mar 3 02:50:40 2020 +0900 MDEV-19002 Spider performance optimization with partition Change the following function for batch call instead of each partition - store_lock - external_lock - start_stmt - extra - cond_push - info_push - top_table

Yuchen Pei added a comment - 2023-10-06 03:47 - edited

Hi holyfoot, ptal thanks

8694d80de2a bb-11.0-ycp-mdev-31996 ~~MDEV-31996~~ Create connection on demand in spider_db_delete_all_rows

The above patch is based on 11.0. The following is based on 10.4

aff5e8b843d upstream/bb-10.4-mdev-31996 ~~MDEV-31996~~ Create connection on demand in spider_db_delete_all_rows

Yuchen Pei added a comment - 2023-10-06 03:47 - edited Hi holyfoot , ptal thanks 8694d80de2a bb-11.0-ycp-mdev-31996 MDEV-31996 Create connection on demand in spider_db_delete_all_rows The above patch is based on 11.0. The following is based on 10.4 aff5e8b843d upstream/bb-10.4-mdev-31996 MDEV-31996 Create connection on demand in spider_db_delete_all_rows

Alexey Botchkov added a comment - 2023-10-09 17:40

ok to push.

Alexey Botchkov added a comment - 2023-10-09 17:40 ok to push.

Yuchen Pei added a comment - 2023-10-11 05:38

Thanks for the review. In the previous commit I forgot to keep the check on spider_param_delete_all_rows_type(thd, share->delete_all_rows_type), which is why the result files of the spider_fixes tests were changed. But that is now fixed. Pushing...

Yuchen Pei added a comment - 2023-10-11 05:38 Thanks for the review. In the previous commit I forgot to keep the check on spider_param_delete_all_rows_type(thd, share->delete_all_rows_type) , which is why the result files of the spider_fixes tests were changed. But that is now fixed. Pushing...

Yuchen Pei added a comment - 2023-10-11 06:55

Pushed a314aa1217849f36d66a78f80275a2e7aa51626a to 10.4

Conflicts and solutions:

10.4->10.5 (no need to assign to wide_handler->sql_command) 3c8631ae5c5eafa89944ebe04db2008d721cf0cc
10.11->11.0 (one fewer arg in spider_check_trx_and_get_conn()) cbb0d0232f50050447620a37972518ae536c1e71

Yuchen Pei added a comment - 2023-10-11 06:55 Pushed a314aa1217849f36d66a78f80275a2e7aa51626a to 10.4 Conflicts and solutions: 10.4->10.5 (no need to assign to wide_handler->sql_command) 3c8631ae5c5eafa89944ebe04db2008d721cf0cc 10.11->11.0 (one fewer arg in spider_check_trx_and_get_conn()) cbb0d0232f50050447620a37972518ae536c1e71

People

Assignee:: Yuchen Pei

Reporter:: Yuchen Pei

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2023-08-24 06:42

Updated:: 2024-07-16 08:33

Resolved:: 2023-10-11 06:55

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server