Bug #37749 Falcon assertion at line 36 in file SectorBuffer.cpp
Submitted: 30 Jun 2008 19:04 Modified: 30 Jul 2008 13:57
Reporter: Hakan Küçükyılmaz Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Falcon storage engine Severity:S2 (Serious)
Version:6.0 bzr OS:Linux
Assigned to: Kelly Long CPU Architecture:Any
Tags: DBT2
Triage: D1 (Critical) / R2 (Low) / E2 (Low)

[30 Jun 2008 19:04] Hakan Küçükyılmaz
Description:
Falcon assertion in (offset < activeLength) failed at line 36 in file SectorBuffer.cpp when running DBT2.

Please note that it does not assert on every DBT2 run.

How to repeat:
/lib64/libpthread.so.0[0x2b31787e0c10]
/lib64/libpthread.so.0(raise+0x2d)[0x2b31787e0abd]
/data0/work/mysql/mysql-6.0-falcon/sql/mysqld(Error::error(char const*, ...)+0xf9)[0x82a349]
/data0/work/mysql/mysql-6.0-falcon/sql/mysqld(SectorBuffer::readPage(Bdb*)+0x54)[0x8b9b64]
/data0/work/mysql/mysql-6.0-falcon/sql/mysqld(SectorCache::readPage(Bdb*)+0x22c)[0x8b801c]
/data0/work/mysql/mysql-6.0-falcon/sql/mysqld(Cache::fetchPage(Dbb*, int, PageType, LockType)+0x2d4)[0x89ff44]
/data0/work/mysql/mysql-6.0-falcon/sql/mysqld(Dbb::handoffPage(Bdb*, int, PageType, LockType)+0x2c)[0x82199c]
/data0/work/mysql/mysql-6.0-falcon/sql/mysqld(IndexRootPage::findLeaf(Dbb*, int, int, IndexKey*, LockType, unsigned int)+0x7b)[0x8392bb]
/data0/work/mysql/mysql-6.0-falcon/sql/mysqld(IndexRootPage::scanIndex(Dbb*, int, int, IndexKey*, IndexKey*, int, unsigned int, Bitmap*)+0x7e)[0x83a85e]
/data0/work/mysql/mysql-6.0-falcon/sql/mysqld(Index::scanIndex(IndexKey*, IndexKey*, int, Transaction*, Bitmap*)+0x2c1)[0x834f21]
/data0/work/mysql/mysql-6.0-falcon/sql/mysqld(StorageTable::indexScan(int)+0x66)[0x7e57c6]
/data0/work/mysql/mysql-6.0-falcon/sql/mysqld(StorageInterface::index_read(unsigned char*, unsigned char const*, unsigned int, ha_rkey_function)+0x89)[0x7d5349]
/data0/work/mysql/mysql-6.0-falcon/sql/mysqld[0x6b59f8]
/data0/work/mysql/mysql-6.0-falcon/sql/mysqld(sub_select(JOIN*, st_join_table*, bool)+0xf3)[0x6ab1f3]
/data0/work/mysql/mysql-6.0-falcon/sql/mysqld[0x6ab62e]
/data0/work/mysql/mysql-6.0-falcon/sql/mysqld(JOIN::exec()+0x89e)[0x6c017e]
/data0/work/mysql/mysql-6.0-falcon/sql/mysqld(mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*)+0x191)[0x6c1da1]
/data0/work/mysql/mysql-6.0-falcon/sql/mysqld(handle_select(THD*, st_lex*, select_result*, unsigned long)+0x167)[0x6c2757]
/data0/work/mysql/mysql-6.0-falcon/sql/mysqld[0x646a16]
/data0/work/mysql/mysql-6.0-falcon/sql/mysqld(mysql_execute_command(THD*)+0x325d)[0x64d26d]
/data0/work/mysql/mysql-6.0-falcon/sql/mysqld(mysql_parse(THD*, char const*, unsigned int, char const**)+0x1ed)[0x651cbd]
/data0/work/mysql/mysql-6.0-falcon/sql/mysqld(dispatch_command(enum_server_command, THD*, char*, unsigned int)+0x913)[0x6525e3]
/data0/work/mysql/mysql-6.0-falcon/sql/mysqld(do_command(THD*)+0xc6)[0x6530b6]
/data0/work/mysql/mysql-6.0-falcon/sql/mysqld(handle_one_connection+0xf4)[0x644034]
/lib64/libpthread.so.0[0x2b31787d9143]
/lib64/libc.so.6(__clone+0x6d)[0x2b3178f1e74d]
[Falcon] Error: assertion (offset < activeLength) failed at line 36 in file SectorBuffer.cpp
[1 Jul 2008 19:45] Hakan Küçükyılmaz
Verified with a DBT2 -c8 -w100 on caneland, lu0009, and walldorf. I hit the assertion every time with -w100.
[2 Jul 2008 19:45] Kelly Long
32-bit math overflow.

=== modified file 'storage/falcon/SectorBuffer.cpp'
--- storage/falcon/SectorBuffer.cpp     2008-06-17 21:00:45 +0000
+++ storage/falcon/SectorBuffer.cpp     2008-07-02 19:45:14 +0000
@@ -39,7 +39,7 @@
 
 void SectorBuffer::readSector()
 {
-       uint64 offset = sectorNumber * cache->pagesPerSector * cache->pageSize;
+       uint64 offset = (uint64)sectorNumber * (uint64)cache->pagesPerSector * (uint64)cache->pageSize;
        activeLength = dbb->pread(offset, SECTOR_BUFFER_SIZE, buffer);
 }
[2 Jul 2008 20:50] Kevin Lewis
The patch looks good to me.  Kelly explained to me that because of the overflow of 'offset' in SectorBuffer::readSector(), the buffer had a zero length. So 'activeLength' was zero.  Then in SectorBuffer::readPage(Bdb* bdb), ASSERT(offset < activeLength)  failed.
OK to push.
[2 Jul 2008 20:55] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/48915

2727 Kelly Long	2008-07-02
      fix 32-bit math overflow -- Bug #37749
[2 Jul 2008 20:58] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/48916

2727 Kelly Long	2008-07-02
      fix 32-bit math overflow -- Bug #37749
[30 Jul 2008 13:57] MC Brown
Internal testing, no changelog entry required.