[#MDEV-27700] SUMMARY: AddressSanitizer: heap-use-after-free storage/innobase/btr/btr0sea.cc:1305 in btr_search_drop_page_hash_index(buf_block

origin/bb-10.6-MDEV-20605-cur-pos-fix ac48095d5ba1c408cdc77d095985b2f20e46c82f 2022-01-21T21:00:54+03:00

Per Vladislav his modifications for MDEV-20605 cannot be the reason for the bad effect.

[rr 2508867 1214435][rr 2508867 1214439]==2508867==ERROR: AddressSanitizer: heap-use-after-free on address 0x616004721520 at pc 0x55ac1b2df542 bp 0x2b8f042ec780 sp 0x2b8f042ec770

[rr 2508867 1214442][rr 2508867 1214444]READ of size 8 at 0x616004721520 thread T2

[rr 2508867 1214630]2022-01-31 17:21:11 40 [Warning] Aborted connection 40 to db: 'test' user: 'root' host: 'localhost' (This connection closed normally)

[rr 2508867 1220937]    #0 0x55ac1b2df541 in btr_search_drop_page_hash_index(buf_block_t*) /data/Server/bb-10.6-MDEV-20605-cur-pos-fix/storage/innobase/btr/btr0sea.cc:1305

[rr 2508867 1220954]    #1 0x55ac1b3505ec in buf_LRU_free_page(buf_page_t*, bool) /data/Server/bb-10.6-MDEV-20605-cur-pos-fix/storage/innobase/buf/buf0lru.cc:959

[rr 2508867 1220974]    #2 0x55ac1b33a539 in buf_flush_discard_page /data/Server/bb-10.6-MDEV-20605-cur-pos-fix/storage/innobase/buf/buf0flu.cc:1222

[rr 2508867 1220986]    #3 0x55ac1b33bf07 in buf_do_flush_list_batch /data/Server/bb-10.6-MDEV-20605-cur-pos-fix/storage/innobase/buf/buf0flu.cc:1427

[rr 2508867 1220988]    #4 0x55ac1b33c964 in buf_flush_list /data/Server/bb-10.6-MDEV-20605-cur-pos-fix/storage/innobase/buf/buf0flu.cc:1511

[rr 2508867 1220990]    #5 0x55ac1b342475 in buf_flush_page_cleaner /data/Server/bb-10.6-MDEV-20605-cur-pos-fix/storage/innobase/buf/buf0flu.cc:2320

[rr 2508867 1220992]    #6 0x55ac1b348f83 in void std::__invoke_impl<void, void (*)()>(std::__invoke_other, void (*&&)()) (/data/Server_bin/bb-10.6-MDEV-20605-cur-pos-fix_asan/bin/mariadbd+0x2d79f83)

[rr 2508867 1220994]    #7 0x55ac1b348ebf in std::__invoke_result<void (*)()>::type std::__invoke<void (*)()>(void (*&&)()) (/data/Server_bin/bb-10.6-MDEV-20605-cur-pos-fix_asan/bin/mariadbd+0x2d79ebf)

[rr 2508867 1221004]    #8 0x55ac1b348de5 in void std::thread::_Invoker<std::tuple<void (*)()> >::_M_invoke<0ul>(std::_Index_tuple<0ul>) (/data/Server_bin/bb-10.6-MDEV-20605-cur-pos-fix_asan/bin/mariadbd+0x2d79de5)

[rr 2508867 1221006]    #9 0x55ac1b348d66 in std::thread::_Invoker<std::tuple<void (*)()> >::operator()() (/data/Server_bin/bb-10.6-MDEV-20605-cur-pos-fix_asan/bin/mariadbd+0x2d79d66)

[rr 2508867 1221008]    #10 0x55ac1b348ccb in std::thread::_State_impl<std::thread::_Invoker<std::tuple<void (*)()> > >::_M_run() (/data/Server_bin/bb-10.6-MDEV-20605-cur-pos-fix_asan/bin/mariadbd+0x2d79ccb)

[rr 2508867 1221010]    #11 0x7f797408dde3  (/lib/x86_64-linux-gnu/libstdc++.so.6+0xd6de3)

[rr 2508867 1221016]    #12 0x17447d5c9608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477

[rr 2508867 1221018]    #13 0x7f7973ee5292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)

...

rr 2508867 1221774]SUMMARY: AddressSanitizer: heap-use-after-free /data/Server/bb-10.6-MDEV-20605-cur-pos-fix/storage/innobase/btr/btr0sea.cc:1305 in btr_search_drop_page_hash_index(buf_block_t*)

[rr 2508867 1222208]Shadow bytes around the buggy address:

  0x0c2c808dc250: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd

  0x0c2c808dc260: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd

  0x0c2c808dc270: fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa

  0x0c2c808dc280: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa

  0x0c2c808dc290: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd

=>0x0c2c808dc2a0: fd fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd

  0x0c2c808dc2b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd

  0x0c2c808dc2c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd

  0x0c2c808dc2d0: fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa

  0x0c2c808dc2e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa

  0x0c2c808dc2f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd

pluto:/data/results/1643649542/TBR-1001/dev/shm/rqg/1643649542/48/1/rr

RQG

====

# git clone https://github.com/mleich1/rqg --branch experimental RQG

# GIT_SHOW: HEAD -> experimental, origin/experimental 067340e8ec78c25880ccd2e67dd62ad134edc531 2022-01-31T17:10:39+01:00

# rqg.pl  : Version 4.0.4 (2021-12)

# $RQG_HOME/rqg.pl \

# --grammar=conf/mariadb/table_stress_innodb_dml.yy \

# --gendata=conf/mariadb/table_stress.zz \

# --gendata_sql=conf/mariadb/table_stress.sql \

# --mysqld=--loose-innodb_lock_schedule_algorithm=fcfs \

# --mysqld=--loose-idle_write_transaction_timeout=0 \

# --mysqld=--loose-idle_transaction_timeout=0 \

# --mysqld=--loose-idle_readonly_transaction_timeout=0 \

# --mysqld=--connect_timeout=60 \

# --mysqld=--interactive_timeout=28800 \

# --mysqld=--slave_net_timeout=60 \

# --mysqld=--net_read_timeout=30 \

# --mysqld=--net_write_timeout=60 \

# --mysqld=--loose-table_lock_wait_timeout=50 \

# --mysqld=--wait_timeout=28800 \

# --mysqld=--lock-wait-timeout=86400 \

# --mysqld=--innodb-lock-wait-timeout=50 \

# --no-mask \

# --queries=10000000 \

# --seed=random \

# --reporters=Backtrace \

# --reporters=ErrorLog \

# --reporters=Deadlock1 \

# --validators=None \

# --mysqld=--log_output=none \

# --mysqld=--log_bin_trust_function_creators=1 \

# --mysqld=--loose-debug_assert_on_not_freed_memory=0 \

# --engine=InnoDB \

# --restart_timeout=240 \

# --mysqld=--plugin-load-add=file_key_management.so \

# --mysqld=--loose-file-key-management-filename=$RQG_HOME/conf/mariadb/encryption_keys.txt \

# --mysqld=--plugin-load-add=provider_lzo.so \

# --mysqld=--plugin-load-add=provider_bzip2.so \

# --mysqld=--plugin-load-add=provider_lzma \

# --mysqld=--plugin-load-add=provider_snappy \

# --mysqld=--plugin-load-add=provider_lz4 \

# --duration=300 \

# --mysqld=--loose-innodb_fatal_semaphore_wait_threshold=300 \

# --mysqld=--loose-innodb_read_only_compressed=OFF \

# --mysqld=--innodb_stats_persistent=off \

# --mysqld=--innodb_adaptive_hash_index=on \

# --mysqld=--log-bin \

# --mysqld=--sync-binlog=1 \

# --mysqld=--loose-innodb_evict_tables_on_commit_debug=off \

# --mysqld=--loose-max-statement-time=30 \

# --threads=9 \

# --mysqld=--innodb-use-native-aio=0 \

# --mysqld=--loose-gdb \

# --mysqld=--loose-debug-gdb \

# --rr=Extended \

# --rr_options=--chaos --wait \

# --mysqld=--innodb_rollback_on_timeout=OFF \

# --vardir_type=fast \

# --mysqld=--innodb_page_size=4K \

# --mysqld=--innodb-buffer-pool-size=5M \

# --no_mask \

# <local settings>

[MDEV-27700] SUMMARY: AddressSanitizer: heap-use-after-free storage/innobase/btr/btr0sea.cc:1305 in btr_search_drop_page_hash_index(buf_block_t*) Created: 2022-02-01 Updated: 2023-11-16 Resolved: 2022-08-22
Status:	Closed
Project:	MariaDB Server
Component/s:	Storage Engine - InnoDB
Affects Version/s:	10.2.38, 10.3.29, 10.4.19, 10.5.10, 10.6.0, 10.6.6
Fix Version/s:	10.9.2, 10.10.1, 10.3.37, 10.4.27, 10.5.18, 10.6.10, 10.7.6, 10.8.5

[MDEV-27700] SUMMARY: AddressSanitizer: heap-use-after-free storage/innobase/btr/btr0sea.cc:1305 in btr_search_drop_page_hash_index(buf_block_t*) Created: 2022-02-01 Updated: 2023-11-16 Resolved: 2022-08-22