Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-17626

Draft: ASAN: heap-buffer-overflow storage/innobase/include/dict0dict.ic:272 in dict_index_is_clust

    XMLWordPrintable

Details

    • Bug
    • Status: Open (View Workflow)
    • Major
    • Resolution: Unresolved
    • 10.2
    • 10.2
    • Storage Engine - InnoDB
    • None
    • Ubuntu 17.04 but most probably not important

    Description

      ==32134==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x618000101948 at pc 0x558d94d400c4 bp 0x7f7b129c8020 sp 0x7f7b129c8010
      		 
      READ of size 4 at 0x618000101948 thread T45
      		 
          #0 0x558d94d400c3 in dict_index_is_clust storage/innobase/include/dict0dict.ic:272
      		 
          #1 0x558d94d411e8 in dict_index_is_online_ddl storage/innobase/include/dict0dict.ic:1329
      		 
          #2 0x558d94d68262 in lock_table_locks_lookup storage/innobase/lock/lock0lock.cc:7010
      		 
          #3 0x558d94d686f2 in lock_table_has_locks(dict_table_t const*) storage/innobase/lock/lock0lock.cc:7045
      		 
          #4 0x558d94edebcf in row_drop_table_for_mysql(char const*, trx_t*, enum_sql_command, bool, bool) storage/innobase/row/row0mysql.cc:3625
      		 
          #5 0x558d94c94eab in ha_innobase::delete_table(char const*, enum_sql_command) (/mnt/r0/mleich/bb-10.2-marko/bld_asan/sql/mysqld+0x18feeab)
      		 
          #6 0x558d94c68cfd in ha_innobase::truncate() storage/innobase/handler/ha_innodb.cc:13535
      		 
          #7 0x558d9476e873 in handler::ha_truncate() sql/handler.cc:4081
      		 
          #8 0x558d94bae426 in Sql_cmd_truncate_table::handler_truncate(THD*, TABLE_LIST*, bool) sql/sql_truncate.cc:245
      		 
          #9 0x558d94baf560 in Sql_cmd_truncate_table::truncate_table(THD*, TABLE_LIST*) sql/sql_truncate.cc:442
      		 
          #10 0x558d94baf8d7 in Sql_cmd_truncate_table::execute(THD*) sql/sql_truncate.cc:499
      		 
          #11 0x558d9419fb82 in mysql_execute_command(THD*) sql/sql_parse.cc:6225
      		 
          #12 0x558d941aa61d in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) sql/sql_parse.cc:8012
      		 
          #13 0x558d941851d6 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) sql/sql_parse.cc:1824
      		 
          #14 0x558d94182277 in do_command(THD*) sql/sql_parse.cc:1377
      		 
          #15 0x558d944b563e in do_handle_one_connection(CONNECT*) sql/sql_connect.cc:1335
      		 
          #16 0x558d944b5023 in handle_one_connection sql/sql_connect.cc:1241
      		 
          #17 0x7f7b4fcb26d9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76d9)
      		 
          #18 0x7f7b4f144d7e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x108d7e)
      		 
      for a TRUNCATE TABLE t1
      		 
       
      		 
      /mnt/r0/mleich/RQG_new/rqg.pl \ 
      --grammar=conf/mariadb/table_stress.yy \ 
      --gendata=conf/mariadb/table_stress.zz \ 
      --gendata_sql=conf/mariadb/table_stress.sql \ 
      --mysqld=--loose_innodb_lock_schedule_algorithm=fcfs \ 
      --mysqld=--loose_innodb_adaptive_hash_index=OFF \ 
      --mysqld=--loose-idle_write_transaction_timeout=0 \ 
      --mysqld=--loose-idle_transaction_timeout=0 \ 
      --mysqld=--loose-idle_readonly_transaction_timeout=0 \ 
      --mysqld=--connect_timeout=60 \ 
      --mysqld=--interactive_timeout=28800 \ 
      --mysqld=--slave_net_timeout=60 \ 
      --mysqld=--net_read_timeout=30 \ 
      --mysqld=--net_write_timeout=60 \ 
      --mysqld=--loose-table_lock_wait_timeout=50 \ 
      --mysqld=--wait_timeout=28800 \ 
      --mysqld=--lock-wait-timeout=86400 \ 
      --mysqld=--innodb-lock-wait-timeout=50 \ 
      --seed=random \ 
      --no-mask \ 
      --queries=10M \ 
      --duration=300 \ 
      --views \ 
      --validators=none \ 
      --redefine=conf/mariadb/general-workarounds.yy \ 
      --redefine=conf/mariadb/alter_table.yy \ 
      --redefine=conf/mariadb/bulk_insert.yy \ 
      --redefine=conf/mariadb/xa.yy \ 
      --redefine=conf/mariadb/versioning.yy \ 
      --redefine=conf/mariadb/sequences.yy \ 
      --mysqld=--log_output=FILE \  
      --mysqld=--log-bin \  
      --mysqld=--log_bin_trust_function_creators=1 \ 
      --mysqld=--loose-max-statement-time=30 \ 
      --mysqld=--loose-debug_assert_on_not_freed_memory=0 \ 
      --reporters=Backtrace,ErrorLog,Deadlock \ 
      --engine=InnoDB \ 
      --mysqld=--innodb-buffer-pool-size=256M \ 
      --mysqld=--innodb_use_native_aio=0 \ 
      --whitelist_statuses='STATUS_SERVER_CRASHED' \ 
      --whitelist_patterns="'<signal handler called>','SUMMARY: AddressSanitizer: '" \
      		 
      --blacklist_statuses='STATUS_OK' \ 
      --blacklist_patterns="'Sentence is now longer than .{1,10} symbols. Possible endless loop in grammar. Aborting.','\[ERROR\] InnoDB: preallocating .{1,120} with error 28',' is truncated: expected core file size ',' is not a core dump: File truncated','<signal handler called>.{1,500}ut_dbg_assertion_failed.{1,500}lock_trx_table_locks_remove'" \
      		 
      --threads=12 \ 
      --no-mask \
      		 
      ... certain RQG testing box specific settings

      Source tree
      HEAD, origin/bb-10.2-marko 0ec656b4b0fd2943950e65c13f8fa01a2b470798 2018-11-05T16:02:37+02:00

      Attachments

        Activity

          People

            Unassigned Unassigned
            mleich Matthias Leich
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.