[MDEV-31996] Segfault when setting spider_delete_all_rows to 0 and delete all rows of a spider table, ASAN heap-use-after-free in spider_db_delete_all_rows - Jira

XML

Word

Printable

Type: Bug
Status: Closed (View Workflow)
Priority: Critical
Resolution: Fixed
Affects Version/s: 10.5, 10.6, 10.9(EOL), 10.10(EOL), 10.11, 11.0(EOL), 11.1(EOL), 11.2
Fix Version/s: 10.4.32, 10.5.23, 10.6.16, 10.10.7, 10.11.6, 11.0.4, 11.1.3
Component/s: Storage Engine - Spider
Labels:
- not-10.5
- regression-10.6

Affects 11.2 73915d2cdad2d539ce984529bb6e64dc082ecd52 and does not affect 10.4 e9f3ca612528c5f917e27ef6113fd1deda2aef26

Test to reproduce (put under say spider/bugfix suite):

--disable_query_log

--disable_result_log

--source ../../t/test_init.inc

--enable_result_log

--enable_query_log

evalp CREATE SERVER srv FOREIGN DATA WRAPPER mysql

OPTIONS (SOCKET "$MASTER_1_MYSOCK", DATABASE 'test',user 'root');

set session spider_delete_all_rows_type=0;

create table t2 (c int);

create table t1 (c int) ENGINE=Spider

COMMENT='WRAPPER "mysql", srv "srv",TABLE "t2", delete_all_rows_type "0"';

insert ignore into t1 values (42), (378);

select * from t1;

delete from t1;

select * from t1;

drop table t1, t2;

drop server srv;

--disable_query_log

--disable_result_log

--source ../../t/test_deinit.inc

--enable_result_log

--enable_query_log

--echo #

--echo # end of test tmp

--echo #

Trace in mtr output:

mysys/stacktrace.c:215(my_print_stacktrace)[0x55bf85b4b891]

sql/signal_handler.cc:241(handle_fatal_signal)[0x55bf852ce514]

/lib/x86_64-linux-gnu/libpthread.so.0(+0x13140)[0x7fcad4843140]

/lib/x86_64-linux-gnu/libc.so.6(+0x15e319)[0x7fcad4078319]

/lib/x86_64-linux-gnu/libc.so.6(+0x68f76)[0x7fcad3f82f76]

/lib/x86_64-linux-gnu/libc.so.6(+0x69f44)[0x7fcad3f83f44]

/lib/x86_64-linux-gnu/libc.so.6(+0x670d4)[0x7fcad3f810d4]

/lib/x86_64-linux-gnu/libc.so.6(_IO_fprintf+0x96)[0x7fcad3f6dcc6]

mysys/thr_mutex.c:296(safe_mutex_lock)[0x55bf85b5013b]

mysys/my_thr_init.c:487(psi_mutex_lock)[0x55bf85b49a1d]

psi/mysql_thread.h:746(inline_mysql_mutex_lock)[0x7fcac0277fdb]

spider/spd_db_conn.cc:6701(spider_db_delete_all_rows(ha_spider*))[0x7fcac029a508]

spider/ha_spider.cc:8422(ha_spider::delete_all_rows())[0x7fcac0341e4c]

sql/handler.cc:5272(handler::ha_delete_all_rows())[0x55bf852e0a30]

sql/sql_delete.cc:438(Sql_cmd_delete::delete_from_single_table(THD*))[0x55bf84e80b99]

sql/sql_delete.cc:1794(Sql_cmd_delete::execute_inner(THD*))[0x55bf84e85a95]

sql/sql_select.cc:33356(Sql_cmd_dml::execute(THD*))[0x55bf84fa76f5]

sql/sql_parse.cc:4394(mysql_execute_command(THD*, bool))[0x55bf84ee9c51]

sql/sql_parse.cc:7799(mysql_parse(THD*, char*, unsigned int, Parser_state*))[0x55bf84ef4fe7]

sql/sql_parse.cc:1895(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool))[0x55bf84ee2592]

sql/sql_parse.cc:1406(do_command(THD*, bool))[0x55bf84ee0f60]

sql/sql_connect.cc:1445(do_handle_one_connection(CONNECT*, bool))[0x55bf850c8c0a]

sql/sql_connect.cc:1349(handle_one_connection)[0x55bf850c8975]

perfschema/pfs.cc:2203(pfs_spawn_thread)[0x55bf855dc062]

/lib/x86_64-linux-gnu/libpthread.so.0(+0x7ea7)[0x7fcad4837ea7]

/lib/x86_64-linux-gnu/libc.so.6(clone+0x3f)[0x7fcad4016a2f]

is caused by

MDEV-19002 Partition performance optimization

is part of

MDEV-29962 SIGSEGV in ha_spider::lock_tables on BEGIN after table lock

relates to

MDEV-27902 Spider: Crashes, asserts, hangs, memory corruptions and ASAN heap-use-after-free's

MDEV-28683 Spider: SIGSEGV in spider_db_direct_delete, SIGSEGV in spider_db_connect, ASAN: heap-use-after-free in spider_db_direct_delete

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.