Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Duplicate
-
10.2, 10.3, 10.4
Description
Note: Affected servers already have a patch for MDEV-18090.
|
10.2 c676f58c |
==23343==ERROR: AddressSanitizer: use-after-poison on address 0x61e00001e208 at pc 0x558b85a975fd bp 0x7fe8792027e0 sp 0x7fe8792027d8
|
WRITE of size 8 at 0x61e00001e208 thread T31
|
#0 0x558b85a975fc in innobase_build_col_map /data/src/10.2/storage/innobase/handler/handler0alter.cc:3075
|
#1 0x558b85aa1858 in prepare_inplace_alter_table_dict /data/src/10.2/storage/innobase/handler/handler0alter.cc:4774
|
#2 0x558b85aaa980 in ha_innobase::prepare_inplace_alter_table(TABLE*, Alter_inplace_info*) /data/src/10.2/storage/innobase/handler/handler0alter.cc:6262
|
#3 0x558b8529c821 in handler::ha_prepare_inplace_alter_table(TABLE*, Alter_inplace_info*) /data/src/10.2/sql/handler.cc:4293
|
#4 0x558b86264fe7 in ha_partition::prepare_inplace_alter_table(TABLE*, Alter_inplace_info*) /data/src/10.2/sql/ha_partition.cc:8346
|
#5 0x558b8529c821 in handler::ha_prepare_inplace_alter_table(TABLE*, Alter_inplace_info*) /data/src/10.2/sql/handler.cc:4293
|
#6 0x558b84e9d1aa in mysql_inplace_alter_table /data/src/10.2/sql/sql_table.cc:7329
|
#7 0x558b84eaa6cc in mysql_alter_table(THD*, char*, char*, HA_CREATE_INFO*, TABLE_LIST*, Alter_info*, unsigned int, st_order*, bool) /data/src/10.2/sql/sql_table.cc:9452
|
#8 0x558b84eb0068 in mysql_recreate_table(THD*, TABLE_LIST*, bool) /data/src/10.2/sql/sql_table.cc:10277
|
#9 0x558b84fedfb3 in admin_recreate_table /data/src/10.2/sql/sql_admin.cc:58
|
#10 0x558b84ff4f9f in mysql_admin_table /data/src/10.2/sql/sql_admin.cc:1022
|
#11 0x558b84ff7af7 in Sql_cmd_optimize_table::execute(THD*) /data/src/10.2/sql/sql_admin.cc:1366
|
#12 0x558b84c9f59a in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:6226
|
#13 0x558b84caa103 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:8013
|
#14 0x558b84c84cab in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1832
|
#15 0x558b84c81d1a in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1386
|
#16 0x558b84fc8764 in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1335
|
#17 0x558b84fc8179 in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241
|
#18 0x7fe8a3a30493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
|
#19 0x7fe8a1bfe93e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e)
|
|
|
0x61e00001e208 is located 392 bytes inside of 2456-byte region [0x61e00001e080,0x61e00001ea18)
|
allocated by thread T31 here:
|
#0 0x7fe8a3c9a73f in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5473f)
|
#1 0x558b85b7ba83 in mem_heap_create_block_func(mem_block_info_t*, unsigned long, char const*, unsigned int, unsigned long) /data/src/10.2/storage/innobase/mem/mem0mem.cc:294
|
#2 0x558b85b7c1cb in mem_heap_add_block(mem_block_info_t*, unsigned long) /data/src/10.2/storage/innobase/mem/mem0mem.cc:400
|
#3 0x558b85f69661 in mem_heap_alloc /data/src/10.2/storage/innobase/include/mem0mem.ic:201
|
#4 0x558b85f6b7f3 in dict_add_col_name /data/src/10.2/storage/innobase/dict/dict0mem.cc:260
|
#5 0x558b85f6bd84 in dict_mem_table_add_col(dict_table_t*, mem_block_info_t*, char const*, unsigned long, unsigned long, unsigned long) /data/src/10.2/storage/innobase/dict/dict0mem.cc:309
|
#6 0x558b85aa0c32 in prepare_inplace_alter_table_dict /data/src/10.2/storage/innobase/handler/handler0alter.cc:4684
|
#7 0x558b85aaa980 in ha_innobase::prepare_inplace_alter_table(TABLE*, Alter_inplace_info*) /data/src/10.2/storage/innobase/handler/handler0alter.cc:6262
|
#8 0x558b8529c821 in handler::ha_prepare_inplace_alter_table(TABLE*, Alter_inplace_info*) /data/src/10.2/sql/handler.cc:4293
|
#9 0x558b86264fe7 in ha_partition::prepare_inplace_alter_table(TABLE*, Alter_inplace_info*) /data/src/10.2/sql/ha_partition.cc:8346
|
#10 0x558b8529c821 in handler::ha_prepare_inplace_alter_table(TABLE*, Alter_inplace_info*) /data/src/10.2/sql/handler.cc:4293
|
#11 0x558b84e9d1aa in mysql_inplace_alter_table /data/src/10.2/sql/sql_table.cc:7329
|
#12 0x558b84eaa6cc in mysql_alter_table(THD*, char*, char*, HA_CREATE_INFO*, TABLE_LIST*, Alter_info*, unsigned int, st_order*, bool) /data/src/10.2/sql/sql_table.cc:9452
|
#13 0x558b84eb0068 in mysql_recreate_table(THD*, TABLE_LIST*, bool) /data/src/10.2/sql/sql_table.cc:10277
|
#14 0x558b84fedfb3 in admin_recreate_table /data/src/10.2/sql/sql_admin.cc:58
|
#15 0x558b84ff4f9f in mysql_admin_table /data/src/10.2/sql/sql_admin.cc:1022
|
#16 0x558b84ff7af7 in Sql_cmd_optimize_table::execute(THD*) /data/src/10.2/sql/sql_admin.cc:1366
|
#17 0x558b84c9f59a in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:6226
|
#18 0x558b84caa103 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:8013
|
#19 0x558b84c84cab in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1832
|
#20 0x558b84c81d1a in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1386
|
#21 0x558b84fc8764 in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1335
|
#22 0x558b84fc8179 in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241
|
#23 0x7fe8a3a30493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
|
|
|
Thread T31 created by T0 here:
|
#0 0x7fe8a3c69bba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)
|
#1 0x558b86333bc7 in spawn_thread_noop /data/src/10.2/mysys/psi_noop.c:187
|
#2 0x558b84a7e10e in inline_mysql_thread_create /data/src/10.2/include/mysql/psi/mysql_thread.h:1239
|
#3 0x558b84a93176 in create_thread_to_handle_connection(CONNECT*) /data/src/10.2/sql/mysqld.cc:6482
|
#4 0x558b84a9387b in create_new_thread /data/src/10.2/sql/mysqld.cc:6552
|
#5 0x558b84a94892 in handle_connections_sockets() /data/src/10.2/sql/mysqld.cc:6827
|
#6 0x558b84a926cb in mysqld_main(int, char**) /data/src/10.2/sql/mysqld.cc:6101
|
#7 0x558b84a7c4af in main /data/src/10.2/sql/main.cc:25
|
#8 0x7fe8a1b362b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
|
|
|
SUMMARY: AddressSanitizer: use-after-poison /data/src/10.2/storage/innobase/handler/handler0alter.cc:3075 innobase_build_col_map
|
Shadow bytes around the buggy address:
|
0x0c3c7fffbbf0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c3c7fffbc00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c3c7fffbc10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0c3c7fffbc20: 00 00 00 00 00 07 00 00 00 00 00 03 00 00 00 00
|
0x0c3c7fffbc30: 00 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
=>0x0c3c7fffbc40: 00[f7]f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x0c3c7fffbc50: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x0c3c7fffbc60: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x0c3c7fffbc70: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x0c3c7fffbc80: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x0c3c7fffbc90: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
Addressable: 00
|
Partially addressable: 01 02 03 04 05 06 07
|
Heap left redzone: fa
|
Heap right redzone: fb
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack partial redzone: f4
|
Stack after return: f5
|
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
Contiguous container OOB:fc
|
ASan internal: fe
|
==23343==ABORTING
|
To reproduce:
- download ftp://perro.askmonty.org/public/innodb_upgrade_data/10.1.38/format-Antelope/innodb-builtin/4K/compression-none/encryption-off/normal.tar.gz
- unpack (it creates folder data)
- start 10.2+ ASAN build with --innodb-page-size=4K --innodb-compression-algorithm=none, otherwise defaults
- run
CHECK TABLE test.tp012 FOR UPGRADE;
OPTIMIZE TABLE test.tp012;
Reproducible on 10.2+.
Not reproducible on 10.1.
The datadir was created with 10.1.38 release build.
Attachments
Issue Links
- blocks
-
-
- Closed
-
- relates to
-
-
- Closed
-
-
-
- Closed
-