Bug #37749 Falcon assertion at line 36 in file SectorBuffer.cpp
Submitted: 30 Jun 2008 21:04 Modified: 30 Jul 2008 15:57
Reporter: Hakan Kuecuekyilmaz
Status: Closed
Category:Server: Falcon Severity:S2 (Serious)
Version:6.0 bzr OS:Linux
Assigned to: Kelly Long Target Version:6.0.6
Tags: DBT2
Triage: D1 (Critical) / R2 (Low) / E2 (Low)

[30 Jun 2008 21:04] Hakan Kuecuekyilmaz 
Description:
Falcon assertion in (offset < activeLength) failed at line 36 in file SectorBuffer.cpp
when running DBT2.

Please note that it does not assert on every DBT2 run.

How to repeat:
/lib64/libpthread.so.0[0x2b31787e0c10]
/lib64/libpthread.so.0(raise+0x2d)[0x2b31787e0abd]
/data0/work/mysql/mysql-6.0-falcon/sql/mysqld(Error::error(char const*,
...)+0xf9)[0x82a349]
/data0/work/mysql/mysql-6.0-falcon/sql/mysqld(SectorBuffer::readPage(Bdb*)+0x54)[0x8b9b64]

/data0/work/mysql/mysql-6.0-falcon/sql/mysqld(SectorCache::readPage(Bdb*)+0x22c)[0x8b801c]

/data0/work/mysql/mysql-6.0-falcon/sql/mysqld(Cache::fetchPage(Dbb*, int, PageType,
LockType)+0x2d4)[0x89ff44]
/data0/work/mysql/mysql-6.0-falcon/sql/mysqld(Dbb::handoffPage(Bdb*, int, PageType,
LockType)+0x2c)[0x82199c]
/data0/work/mysql/mysql-6.0-falcon/sql/mysqld(IndexRootPage::findLeaf(Dbb*, int, int,
IndexKey*, LockType, unsigned int)+0x7b)[0x8392bb]
/data0/work/mysql/mysql-6.0-falcon/sql/mysqld(IndexRootPage::scanIndex(Dbb*, int, int,
IndexKey*, IndexKey*, int, unsigned int, Bitmap*)+0x7e)[0x83a85e]
/data0/work/mysql/mysql-6.0-falcon/sql/mysqld(Index::scanIndex(IndexKey*, IndexKey*, int,
Transaction*, Bitmap*)+0x2c1)[0x834f21]
/data0/work/mysql/mysql-6.0-falcon/sql/mysqld(StorageTable::indexScan(int)+0x66)[0x7e57c6]

/data0/work/mysql/mysql-6.0-falcon/sql/mysqld(StorageInterface::index_read(unsigned char*,
unsigned char const*, unsigned int, ha_rkey_function)+0x89)[0x7d5349]
/data0/work/mysql/mysql-6.0-falcon/sql/mysqld[0x6b59f8]
/data0/work/mysql/mysql-6.0-falcon/sql/mysqld(sub_select(JOIN*, st_join_table*,
bool)+0xf3)[0x6ab1f3]
/data0/work/mysql/mysql-6.0-falcon/sql/mysqld[0x6ab62e]
/data0/work/mysql/mysql-6.0-falcon/sql/mysqld(JOIN::exec()+0x89e)[0x6c017e]
/data0/work/mysql/mysql-6.0-falcon/sql/mysqld(mysql_select(THD*, Item***, TABLE_LIST*,
unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*,
unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*)+0x191)[0x6c1da1]
/data0/work/mysql/mysql-6.0-falcon/sql/mysqld(handle_select(THD*, st_lex*, select_result*,
unsigned long)+0x167)[0x6c2757]
/data0/work/mysql/mysql-6.0-falcon/sql/mysqld[0x646a16]
/data0/work/mysql/mysql-6.0-falcon/sql/mysqld(mysql_execute_command(THD*)+0x325d)[0x64d26d
]
/data0/work/mysql/mysql-6.0-falcon/sql/mysqld(mysql_parse(THD*, char const*, unsigned int,
char const**)+0x1ed)[0x651cbd]
/data0/work/mysql/mysql-6.0-falcon/sql/mysqld(dispatch_command(enum_server_command, THD*,
char*, unsigned int)+0x913)[0x6525e3]
/data0/work/mysql/mysql-6.0-falcon/sql/mysqld(do_command(THD*)+0xc6)[0x6530b6]
/data0/work/mysql/mysql-6.0-falcon/sql/mysqld(handle_one_connection+0xf4)[0x644034]
/lib64/libpthread.so.0[0x2b31787d9143]
/lib64/libc.so.6(__clone+0x6d)[0x2b3178f1e74d]
[Falcon] Error: assertion (offset < activeLength) failed at line 36 in file
SectorBuffer.cpp
[1 Jul 2008 21:45] Hakan Kuecuekyilmaz 
Verified with a DBT2 -c8 -w100 on caneland, lu0009, and walldorf. I hit the assertion
every time with -w100.
[2 Jul 2008 21:45] Kelly Long 
32-bit math overflow.

=== modified file 'storage/falcon/SectorBuffer.cpp'
--- storage/falcon/SectorBuffer.cpp     2008-06-17 21:00:45 +0000
+++ storage/falcon/SectorBuffer.cpp     2008-07-02 19:45:14 +0000
@@ -39,7 +39,7 @@
 
 void SectorBuffer::readSector()
 {
-       uint64 offset = sectorNumber * cache->pagesPerSector * cache->pageSize;
+       uint64 offset = (uint64)sectorNumber * (uint64)cache->pagesPerSector *
(uint64)cache->pageSize;
        activeLength = dbb->pread(offset, SECTOR_BUFFER_SIZE, buffer);
 }
[2 Jul 2008 22:50] Kevin Lewis 
The patch looks good to me.  Kelly explained to me that because of the overflow of
'offset' in SectorBuffer::readSector(), the buffer had a zero length. So 'activeLength'
was zero.  Then in SectorBuffer::readPage(Bdb* bdb), ASSERT(offset < activeLength) 
failed.
OK to push.
[2 Jul 2008 22:55] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/48915

2727 Kelly Long	2008-07-02
      fix 32-bit math overflow -- Bug #37749
[2 Jul 2008 22:58] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/48916

2727 Kelly Long	2008-07-02
      fix 32-bit math overflow -- Bug #37749
[30 Jul 2008 15:57] MC Brown 
Internal testing, no changelog entry required.