Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-32510

ASAN use-after-poison in online alter with rocksdb under SERIALIZABLE isolation level

    XMLWordPrintable

Details

    Description

      The failure happens with rocksdb engine, so the code should be compiled with -DPLUGIN_ROCKSDB=YES

      install soname 'ha_rocksdb.so';
      		 
      set default_storage_engine= rocksdb;
      		 
       
      		 
      create table t1 (a int, b int, key(b));
      		 
       
      		 
      --connection con2
      		 
      insert into t1 values (1,1),(null,null),(3,3),(4,null),(null,5);
      		 
       
      		 
      --connection default
      		 
       
      		 
      eval set session transaction isolation level SERIALIZABLE;
      		 
      set debug_sync= "alter_table_online_downgraded signal downgraded wait_for goalters";
      		 
       
      		 
      send alter table t1 force, algorithm=copy;
      		 
       
      		 
      --connection con2
      		 
      set debug_sync= "now wait_for downgraded";
      		 
      delete from t1 where b is null;
      		 
      set debug_sync= "now signal goalters";
      		 
       
      		 
      --connection default
      		 
      --reap
      		 
      drop table t1;
      		 
       
      		 
      set debug_sync= reset;

      ASAN output:

      ==361875==ERROR: AddressSanitizer: use-after-poison on address 0x61900038fd80 at pc 0x7faf65e853b2 bp 0x7faf68478600 sp 0x7faf684785f8
      		 
      READ of size 8 at 0x61900038fd80 thread T33
      		 
          #0 0x7faf65e853b1 in myrocks::Rdb_field_packing::get_field_in_table(TABLE const*) const /home/nik/mariadb/storage/rocksdb/rdb_datadic.cc:3500:33
      		 
          #1 0x7faf65e93008 in myrocks::Rdb_key_def::pack_record(TABLE const*, unsigned char*, unsigned char const*, unsigned char*, myrocks::Rdb_string_writer*, bool, long long, unsigned int, unsigned int*, char const*) const /home/nik/mariadb/storage/rocksdb/rdb_datadic.cc:1378:41
      		 
          #2 0x7faf65e92327 in myrocks::Rdb_key_def::pack_index_tuple(TABLE*, unsigned char*, unsigned char*, unsigned char*, unsigned char const*, unsigned long const&) const /home/nik/mariadb/storage/rocksdb/rdb_datadic.cc:1024:10
      		 
          #3 0x7faf65c6c714 in myrocks::ha_rocksdb::index_read_map_impl(unsigned char*, unsigned char const*, unsigned long, ha_rkey_function, st_key_range const*) /home/nik/mariadb/storage/rocksdb/ha_rocksdb.cc:8579:22
      		 
          #4 0x7faf65c6deab in myrocks::ha_rocksdb::index_read_map(unsigned char*, unsigned char const*, unsigned long, ha_rkey_function) /home/nik/mariadb/storage/rocksdb/ha_rocksdb.cc:8491:3
      		 
          #5 0x560a8fd46b4e in handler::ha_index_read_map(unsigned char*, unsigned char const*, unsigned long, ha_rkey_function) /home/nik/mariadb/sql/handler.cc:3676:3
      		 
          #6 0x560a902ef111 in Rows_log_event::find_row(rpl_group_info*) /home/nik/mariadb/sql/log_event_server.cc:7558:25
      		 
          #7 0x560a902f1966 in Delete_rows_log_event::do_exec_row(rpl_group_info*) /home/nik/mariadb/sql/log_event_server.cc:7786:7
      		 
          #8 0x560a902d3c09 in Rows_log_event::do_apply_event(rpl_group_info*) /home/nik/mariadb/sql/log_event_server.cc:5139:14
      		 
          #9 0x560a90279fba in Log_event::apply_event(rpl_group_info*) /home/nik/mariadb/sql/log_event.cc:3875:8
      		 
          #10 0x560a90c3258d in online_alter_read_from_binlog(THD*, rpl_group_info*, Cache_flip_event_log*, unsigned long long*) /home/nik/mariadb/sql/sql_table.cc:11742:16
      		 
          #11 0x560a90c1d49f in copy_data_between_tables(THD*, TABLE*, TABLE*, List<Create_field>&, bool, unsigned int, st_order*, unsigned long long*, unsigned long long*, Alter_info::enum_enable_or_disable, Alter_table_ctx*, bool, unsigned long long) /home/nik/mariadb/sql/sql_table.cc:12171:12
      		 
          #12 0x560a90bfc9c4 in mysql_alter_table(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, Table_specification_st*, TABLE_LIST*, Recreate_info*, Alter_info*, unsigned int, st_order*, bool, bool) /home/nik/mariadb/sql/sql_table.cc:11201:9
      		 
          #13 0x560a90ea9985 in Sql_cmd_alter_table::execute(THD*) /home/nik/mariadb/sql/sql_alter.cc:615:11
      		 
          #14 0x560a90852c89 in mysql_execute_command(THD*, bool) /home/nik/mariadb/sql/sql_parse.cc:5775:26
      		 
          #15 0x560a90831a9a in mysql_parse(THD*, char*, unsigned int, Parser_state*) /home/nik/mariadb/sql/sql_parse.cc:7810:18
      		 
          #16 0x560a9082b4ed in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /home/nik/mariadb/sql/sql_parse.cc:1893:7
      		 
          #17 0x560a908338c9 in do_command(THD*, bool) /home/nik/mariadb/sql/sql_parse.cc:1406:17
      		 
          #18 0x560a90e80995 in do_handle_one_connection(CONNECT*, bool) /home/nik/mariadb/sql/sql_connect.cc:1445:11
      		 
          #19 0x560a90e8013e in handle_one_connection /home/nik/mariadb/sql/sql_connect.cc:1347:5
      		 
          #20 0x560a91767e68 in pfs_spawn_thread /home/nik/mariadb/storage/perfschema/pfs.cc:2201:3
      		 
          #21 0x7faf96c679ea  (/usr/lib/libc.so.6+0x8c9ea) (BuildId: 8bfe03f6bf9b6a6e2591babd0bbc266837d8f658)
      		 
          #22 0x7faf96ceb7cb  (/usr/lib/libc.so.6+0x1107cb) (BuildId: 8bfe03f6bf9b6a6e2591babd0bbc266837d8f658)
      		 
       
      		 
      0x61900038fd80 is located 1024 bytes inside of 1040-byte region [0x61900038f980,0x61900038fd90)
      		 
      allocated by thread T33 here:
      		 
          #0 0x560a8fa80639 in malloc (/home/nik/mariadb/bld/sql/mariadbd+0x1ef8639) (BuildId: 61f2f0aa5846429700a393caa97e17ef66f1d08e)
      		 
          #1 0x560a9268a406 in my_malloc /home/nik/mariadb/mysys/my_malloc.c:89:29
      		 
          #2 0x560a92658545 in root_alloc /home/nik/mariadb/mysys/my_alloc.c:71:10
      		 
          #3 0x560a92659b29 in alloc_root /home/nik/mariadb/mysys/my_alloc.c:339:29
      		 
          #4 0x560a9265c634 in strmake_root /home/nik/mariadb/mysys/my_alloc.c:598:12
      		 
          #5 0x560a90d1ff49 in open_table_from_share(THD*, TABLE_SHARE*, st_mysql_const_lex_string const*, unsigned int, unsigned int, unsigned int, TABLE*, bool, List<String>*) /home/nik/mariadb/sql/table.cc:4270:20
      		 
          #6 0x560a9125d8b2 in THD::open_temporary_table(TMP_TABLE_SHARE*, char const*) /home/nik/mariadb/sql/temporary_tables.cc:1135:7
      		 
          #7 0x560a9125c19c in THD::create_and_open_tmp_table(st_mysql_const_unsigned_lex_string*, char const*, char const*, char const*, bool) /home/nik/mariadb/sql/temporary_tables.cc:74:12
      		 
          #8 0x560a90bfb94e in mysql_alter_table(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, Table_specification_st*, TABLE_LIST*, Recreate_info*, Alter_info*, unsigned int, st_order*, bool, bool) /home/nik/mariadb/sql/sql_table.cc:11115:19
      		 
          #9 0x560a90ea9985 in Sql_cmd_alter_table::execute(THD*) /home/nik/mariadb/sql/sql_alter.cc:615:11
      		 
          #10 0x560a90852c89 in mysql_execute_command(THD*, bool) /home/nik/mariadb/sql/sql_parse.cc:5775:26
      		 
          #11 0x560a90831a9a in mysql_parse(THD*, char*, unsigned int, Parser_state*) /home/nik/mariadb/sql/sql_parse.cc:7810:18
      		 
          #12 0x560a9082b4ed in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /home/nik/mariadb/sql/sql_parse.cc:1893:7
      		 
          #13 0x560a908338c9 in do_command(THD*, bool) /home/nik/mariadb/sql/sql_parse.cc:1406:17
      		 
          #14 0x560a90e80995 in do_handle_one_connection(CONNECT*, bool) /home/nik/mariadb/sql/sql_connect.cc:1445:11
      		 
          #15 0x560a90e8013e in handle_one_connection /home/nik/mariadb/sql/sql_connect.cc:1347:5
      		 
          #16 0x560a91767e68 in pfs_spawn_thread /home/nik/mariadb/storage/perfschema/pfs.cc:2201:3
      		 
          #17 0x7faf96c679ea  (/usr/lib/libc.so.6+0x8c9ea) (BuildId: 8bfe03f6bf9b6a6e2591babd0bbc266837d8f658)
      		 
       
      		 
      Thread T33 created by T0 here:
      		 
          #0 0x560a8f9b92f8 in pthread_create (/home/nik/mariadb/bld/sql/mariadbd+0x1e312f8) (BuildId: 61f2f0aa5846429700a393caa97e17ef66f1d08e)
      		 
          #1 0x560a9176843c in my_thread_create(unsigned long*, pthread_attr_t const*, void* (*)(void*), void*) /home/nik/mariadb/storage/perfschema/my_thread.h:52:10
      		 
          #2 0x560a917683cb in pfs_spawn_thread_v1 /home/nik/mariadb/storage/perfschema/pfs.cc:2252:15
      		 
          #3 0x560a903180e2 in inline_mysql_thread_create(unsigned int, unsigned long*, pthread_attr_t const*, void* (*)(void*), void*) /home/nik/mariadb/include/mysql/psi/mysql_thread.h:1139:11
      		 
          #4 0x560a90327b99 in create_thread_to_handle_connection(CONNECT*) /home/nik/mariadb/sql/mysqld.cc:6169:19
      		 
          #5 0x560a9032848b in create_new_thread(CONNECT*) /home/nik/mariadb/sql/mysqld.cc:6231:3
      		 
          #6 0x560a90328b4d in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /home/nik/mariadb/sql/mysqld.cc:6293:5
      		 
          #7 0x560a9032661b in handle_connections_sockets() /home/nik/mariadb/sql/mysqld.cc:6417:9
      		 
          #8 0x560a9031ba31 in mysqld_main(int, char**) /home/nik/mariadb/sql/mysqld.cc:6064:3
      		 
          #9 0x560a8facb161 in main /home/nik/mariadb/sql/main.cc:34:10
      		 
          #10 0x7faf96c02ccf  (/usr/lib/libc.so.6+0x27ccf) (BuildId: 8bfe03f6bf9b6a6e2591babd0bbc266837d8f658)
      		 
       
      		 
      SUMMARY: AddressSanitizer: use-after-poison /home/nik/mariadb/storage/rocksdb/rdb_datadic.cc:3500:33 in myrocks::Rdb_field_packing::get_field_in_table(TABLE const*) const
      		 
      Shadow bytes around the buggy address:
      		 
        0x61900038fb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      		 
        0x61900038fb80: f7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      		 
        0x61900038fc00: 00 00 00 00 00 00 00 00 00 00 00 f7 00 00 00 00
      		 
        0x61900038fc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      		 
        0x61900038fd00: 00 00 00 f7 00 00 00 00 f7 f7 00 00 00 04 f7 f7
      		 
      =>0x61900038fd80:[f7]f7 fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      		 
        0x61900038fe00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      		 
        0x61900038fe80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      		 
        0x61900038ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      		 
        0x61900038ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      		 
        0x619000390000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      		 
      Shadow byte legend (one shadow byte represents 8 application bytes):
      		 
        Addressable:           00
      		 
        Partially addressable: 01 02 03 04 05 06 07 
        Heap left redzone:       fa
      		 
        Freed heap region:       fd
      		 
        Stack left redzone:      f1
      		 
        Stack mid redzone:       f2
      		 
        Stack right redzone:     f3
      		 
        Stack after return:      f5
      		 
        Stack use after scope:   f8
      		 
        Global redzone:          f9
      		 
        Global init order:       f6
      		 
        Poisoned by user:        f7
      		 
        Container overflow:      fc
      		 
        Array cookie:            ac
      		 
        Intra object redzone:    bb
      		 
        ASan internal:           fe
      		 
        Left alloca redzone:     ca
      		 
        Right alloca redzone:    cb

      Attachments

        Issue Links

          is caused by

          Task - A task that needs to be done. MDEV-16329 Engine-independent online ALTER TABLE

          • Blocker - Blocks development and/or testing work, production could not run.
          • Closed

          Activity

            People

              nikitamalyavin Nikita Malyavin
              nikitamalyavin Nikita Malyavin
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.