[MDEV-18625] ASAN unknown-crash in my_copy_fix_mb / ha_mroonga::storage_inplace_alter_table_add_column - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 10.2(EOL), 10.3(EOL), 10.4(EOL)
Fix Version/s: 10.2.23, 10.3.14, 10.4.4
Component/s: Storage Engine - Mroonga, Tests, Virtual Columns
Labels:
None

Description

perl ./mtr mroonga/storage.column_generated_stored_add_column

10.2 ASAN 40b4f9c9
==14058==ERROR: AddressSanitizer: unknown-crash on address 0x619000098e23 at pc 0x55b85fd9a261 bp 0x7f022da36330 sp 0x7f022da36328
WRITE of size 7 at 0x619000098e23 thread T5
#0 0x55b85fd9a260 in my_copy_fix_mb /data/src/10.2/strings/ctype-mb.c:410
#1 0x55b85e8a3005 in String_copier::well_formed_copy(charset_info_st const, char, unsigned int, charset_info_st const, char const, unsigned int, unsigned int) /data/src/10.2/sql/sql_string.cc:1062
#2 0x55b85ec71c4e in Field_varstring::store(char const, unsigned int, charset_info_st const) /data/src/10.2/sql/field.cc:7525
#3 0x55b85ed194ab in Item::save_in_field(Field*, bool) /data/src/10.2/sql/item.cc:6365
#4 0x55b85e972fdb in TABLE::update_virtual_field(Field*) /data/src/10.2/sql/table.cc:7675
#5 0x7f0238583883 in ha_mroonga::storage_inplace_alter_table_add_column(TABLE, Alter_inplace_info) /data/src/10.2/storage/mroonga/ha_mroonga.cpp:15212
#6 0x7f0238585f66 in ha_mroonga::storage_inplace_alter_table(TABLE, Alter_inplace_info) /data/src/10.2/storage/mroonga/ha_mroonga.cpp:15406
#7 0x7f0238586777 in ha_mroonga::inplace_alter_table(TABLE, Alter_inplace_info) /data/src/10.2/storage/mroonga/ha_mroonga.cpp:15445
#8 0x55b85e8ea209 in handler::ha_inplace_alter_table(TABLE, Alter_inplace_info) /data/src/10.2/sql/handler.h:3795
#9 0x55b85e8d434b in mysql_inplace_alter_table /data/src/10.2/sql/sql_table.cc:7362
#10 0x55b85e8e1534 in mysql_alter_table(THD, char, char, HA_CREATE_INFO, TABLE_LIST, Alter_info, unsigned int, st_order*, bool) /data/src/10.2/sql/sql_table.cc:9452
#11 0x55b85ea0db10 in Sql_cmd_alter_table::execute(THD*) /data/src/10.2/sql/sql_alter.cc:329
#12 0x55b85e6d5a35 in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:6231
#13 0x55b85e6e056b in mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:8018
#14 0x55b85e6baf58 in dispatch_command(enum_server_command, THD, char, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1829
#15 0x55b85e6b7f77 in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1379
#16 0x55b85e9ff687 in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1336
#17 0x55b85e9ff09c in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1242
#18 0x55b85f41cc95 in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1862
#19 0x7f024261d493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
#20 0x7f0240a0393e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e)

0x619000098e23 is located 163 bytes inside of 1100-byte region [0x619000098d80,0x6190000991cc)
allocated by thread T5 here:
#0 0x7f024288773f in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5473f)
#1 0x55b85fd3ddcd in sf_malloc /data/src/10.2/mysys/safemalloc.c:118
#2 0x55b85fd0cf53 in my_malloc /data/src/10.2/mysys/my_malloc.c:101
#3 0x55b85fcede00 in alloc_root /data/src/10.2/mysys/my_alloc.c:242
#4 0x55b85fcef65b in strmake_root /data/src/10.2/mysys/my_alloc.c:449
#5 0x55b85e951fbb in open_table_from_share(THD, TABLE_SHARE, char const, unsigned int, unsigned int, unsigned int, TABLE, bool) /data/src/10.2/sql/table.cc:3048
#6 0x55b85e5afc16 in open_table(THD, TABLE_LIST, Open_table_context*) /data/src/10.2/sql/sql_base.cc:1923
#7 0x55b85e5b65cf in open_and_process_table /data/src/10.2/sql/sql_base.cc:3488
#8 0x55b85e5b8dc0 in open_tables(THD, DDL_options_st const&, TABLE_LIST, unsigned int, unsigned int, Prelocking_strategy*) /data/src/10.2/sql/sql_base.cc:4011
#9 0x55b85e5bcacc in open_and_lock_tables(THD, DDL_options_st const&, TABLE_LIST, bool, unsigned int, Prelocking_strategy*) /data/src/10.2/sql/sql_base.cc:4767
#10 0x55b85e59ded4 in open_and_lock_tables(THD, TABLE_LIST, bool, unsigned int) /data/src/10.2/sql/sql_base.h:506
#11 0x55b85e664d1e in mysql_insert(THD, TABLE_LIST, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicates, bool) /data/src/10.2/sql/sql_insert.cc:758
#12 0x55b85e6c912a in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:4441
#13 0x55b85e6e056b in mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:8018
#14 0x55b85e6baf58 in dispatch_command(enum_server_command, THD, char, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1829
#15 0x55b85e6b7f77 in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1379
#16 0x55b85e9ff687 in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1336
#17 0x55b85e9ff09c in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1242
#18 0x55b85f41cc95 in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1862
#19 0x7f024261d493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)

Thread T5 created by T0 here:
#0 0x7f0242856bba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)
#1 0x55b85f41d25d in spawn_thread_v1 /data/src/10.2/storage/perfschema/pfs.cc:1912
#2 0x55b85e4b469e in inline_mysql_thread_create /data/src/10.2/include/mysql/psi/mysql_thread.h:1239
#3 0x55b85e4c963b in create_thread_to_handle_connection(CONNECT*) /data/src/10.2/sql/mysqld.cc:6466
#4 0x55b85e4c9d40 in create_new_thread /data/src/10.2/sql/mysqld.cc:6536
#5 0x55b85e4cad57 in handle_connections_sockets() /data/src/10.2/sql/mysqld.cc:6811
#6 0x55b85e4c8b90 in mysqld_main(int, char**) /data/src/10.2/sql/mysqld.cc:6085
#7 0x55b85e4b2a3f in main /data/src/10.2/sql/main.cc:25
#8 0x7f024093b2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)

SUMMARY: AddressSanitizer: unknown-crash /data/src/10.2/strings/ctype-mb.c:410 my_copy_fix_mb
Shadow bytes around the buggy address:
0x0c328000b170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c328000b180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c328000b190: 00 00 00 00 00 00 f7 f7 f7 04 fa fa fa fa fa fa
0x0c328000b1a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c328000b1b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c328000b1c0: 00 05 00 00[01]00 00 01 00 00 00 00 00 00 00 00
0x0c328000b1d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c328000b1e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c328000b1f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c328000b200: 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 f7
0x0c328000b210: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Contiguous container OOB:fc
ASan internal: fe
==14058==ABORTING

Attachments

Issue Links

causes

MDEV-18840 re-enable ALTER inplace adding of stored generated columns in Mroonga

Open

Activity

People

Assignee:: Sergei Golubchik

Reporter:: Elena Stepanova

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2019-02-18 12:15

Updated:: 2019-03-06 14:48

Resolved:: 2019-03-06 14:45

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.