Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-32523

ASAN errors or assertion failure in row_merge_buf_add

    XMLWordPrintable

Details

    • Bug
    • Status: Stalled (View Workflow)
    • Major
    • Resolution: Unresolved
    • 10.4(EOL), 10.5, 10.6, 10.10(EOL), 10.11, 11.0(EOL), 11.1(EOL), 11.2(EOL)
    • 10.5, 10.6, 10.11
    • Storage Engine - InnoDB
    • None

    Description

      The difference in test cases is only the length of the field in the final ALTER.

      --source include/have_innodb.inc
      		 
       
      		 
      CREATE TABLE t (a INT, b VARCHAR(16)) ENGINE=InnoDB;
      		 
      INSERT INTO t (a) VALUES (1),(2);
      		 
      ALTER TABLE t ALTER b SET DEFAULT '0';
      		 
      ALTER IGNORE TABLE t MODIFY b VARCHAR(12289) NOT NULL;
      		 
       
      		 
      # Cleanup
      		 
      DROP TABLE t;

      10.4 b1c8ea83

      		 
      ==1725987==ERROR: AddressSanitizer: unknown-crash on address 0x6190000dc0ce at pc 0x7f865ce4814b bp 0x7f8647b0c8e0 sp 0x7f8647b0c090
      		 
      READ of size 12289 at 0x6190000dc0ce thread T27
      		 
          #0 0x7f865ce4814a in __interceptor_memcpy ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:827
      		 
          #1 0x563a1941094b in mem_heap_dup(mem_block_info_t*, void const*, unsigned long) /data/src/10.4/storage/innobase/include/mem0mem.h:242
      		 
          #2 0x563a196fd846 in dfield_dup /data/src/10.4/storage/innobase/include/data0data.inl:173
      		 
          #3 0x563a1970a227 in row_merge_buf_add /data/src/10.4/storage/innobase/row/row0merge.cc:816
      		 
          #4 0x563a19715f0e in row_merge_read_clustered_index /data/src/10.4/storage/innobase/row/row0merge.cc:2323
      		 
          #5 0x563a19725973 in row_merge_build_indexes(trx_t*, dict_table_t*, dict_table_t*, bool, dict_index_t**, unsigned long const*, unsigned long, TABLE*, dtuple_t const*, unsigned long const*, unsigned long, ib_sequence_t&, bool, ut_stage_alter_t*, dict_add_v_col_t const*, TABLE*, bool) /data/src/10.4/storage/innobase/row/row0merge.cc:4697
      		 
          #6 0x563a1947c5c8 in ha_innobase::inplace_alter_table(TABLE*, Alter_inplace_info*) /data/src/10.4/storage/innobase/handler/handler0alter.cc:8746
      		 
          #7 0x563a184f2051 in handler::ha_inplace_alter_table(TABLE*, Alter_inplace_info*) /data/src/10.4/sql/handler.h:4355
      		 
          #8 0x563a184d3537 in mysql_inplace_alter_table /data/src/10.4/sql/sql_table.cc:7943
      		 
          #9 0x563a184e5cf0 in mysql_alter_table(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, HA_CREATE_INFO*, TABLE_LIST*, Recreate_info*, Alter_info*, unsigned int, st_order*, bool) /data/src/10.4/sql/sql_table.cc:10471
      		 
          #10 0x563a1866ca47 in Sql_cmd_alter_table::execute(THD*) /data/src/10.4/sql/sql_alter.cc:531
      		 
          #11 0x563a18275d0e in mysql_execute_command(THD*) /data/src/10.4/sql/sql_parse.cc:6218
      		 
          #12 0x563a18281588 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.4/sql/sql_parse.cc:8012
      		 
          #13 0x563a18257817 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.4/sql/sql_parse.cc:1857
      		 
          #14 0x563a18254386 in do_command(THD*) /data/src/10.4/sql/sql_parse.cc:1378
      		 
          #15 0x563a18653dd3 in do_handle_one_connection(CONNECT*) /data/src/10.4/sql/sql_connect.cc:1420
      		 
          #16 0x563a186536ea in handle_one_connection /data/src/10.4/sql/sql_connect.cc:1324
      		 
          #17 0x563a192c52f7 in pfs_spawn_thread /data/src/10.4/storage/perfschema/pfs.cc:1869
      		 
          #18 0x7f865c7c8fd3 in start_thread nptl/pthread_create.c:442
      		 
          #19 0x7f865c8495bb in clone3 ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
      		 
       
      		 
      0x6190000dc460 is located 0 bytes to the right of 992-byte region [0x6190000dc080,0x6190000dc460)
      		 
      allocated by thread T27 here:
      		 
          #0 0x7f865ceb89cf in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69
      		 
          #1 0x563a19e0eece in my_malloc /data/src/10.4/mysys/my_malloc.c:101
      		 
          #2 0x563a19deb8f4 in alloc_root /data/src/10.4/mysys/my_alloc.c:258
      		 
          #3 0x563a19ded02c in strmake_root /data/src/10.4/mysys/my_alloc.c:488
      		 
          #4 0x563a18580dc3 in open_table_from_share(THD*, TABLE_SHARE*, st_mysql_const_lex_string const*, unsigned int, unsigned int, unsigned int, TABLE*, bool, List<String>*) /data/src/10.4/sql/table.cc:3800
      		 
          #5 0x563a180d24ed in open_table(THD*, TABLE_LIST*, Open_table_context*) /data/src/10.4/sql/sql_base.cc:2114
      		 
          #6 0x563a184d3ca6 in mysql_inplace_alter_table /data/src/10.4/sql/sql_table.cc:8028
      		 
          #7 0x563a184e5cf0 in mysql_alter_table(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, HA_CREATE_INFO*, TABLE_LIST*, Recreate_info*, Alter_info*, unsigned int, st_order*, bool) /data/src/10.4/sql/sql_table.cc:10471
      		 
          #8 0x563a1866ca47 in Sql_cmd_alter_table::execute(THD*) /data/src/10.4/sql/sql_alter.cc:531
      		 
          #9 0x563a18275d0e in mysql_execute_command(THD*) /data/src/10.4/sql/sql_parse.cc:6218
      		 
          #10 0x563a18281588 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.4/sql/sql_parse.cc:8012
      		 
          #11 0x563a18257817 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.4/sql/sql_parse.cc:1857
      		 
          #12 0x563a18254386 in do_command(THD*) /data/src/10.4/sql/sql_parse.cc:1378
      		 
          #13 0x563a18653dd3 in do_handle_one_connection(CONNECT*) /data/src/10.4/sql/sql_connect.cc:1420
      		 
          #14 0x563a186536ea in handle_one_connection /data/src/10.4/sql/sql_connect.cc:1324
      		 
          #15 0x563a192c52f7 in pfs_spawn_thread /data/src/10.4/storage/perfschema/pfs.cc:1869
      		 
          #16 0x7f865c7c8fd3 in start_thread nptl/pthread_create.c:442
      		 
       
      		 
      Thread T27 created by T0 here:
      		 
          #0 0x7f865ce49726 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:207
      		 
          #1 0x563a192c56e4 in spawn_thread_v1 /data/src/10.4/storage/perfschema/pfs.cc:1919
      		 
          #2 0x563a17f5ef89 in inline_mysql_thread_create /data/src/10.4/include/mysql/psi/mysql_thread.h:1275
      		 
          #3 0x563a17f766b6 in create_thread_to_handle_connection(CONNECT*) /data/src/10.4/sql/mysqld.cc:6289
      		 
          #4 0x563a17f76e01 in create_new_thread(CONNECT*) /data/src/10.4/sql/mysqld.cc:6359
      		 
          #5 0x563a17f772cf in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/src/10.4/sql/mysqld.cc:6457
      		 
          #6 0x563a17f7817b in handle_connections_sockets() /data/src/10.4/sql/mysqld.cc:6615
      		 
          #7 0x563a17f75e19 in mysqld_main(int, char**) /data/src/10.4/sql/mysqld.cc:5947
      		 
          #8 0x563a17f5d0b8 in main /data/src/10.4/sql/main.cc:25
      		 
          #9 0x7f865c767189 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
      		 
       
      		 
      SUMMARY: AddressSanitizer: unknown-crash ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:827 in __interceptor_memcpy
      		 
      Shadow bytes around the buggy address:
      		 
        0x0c32800137c0: 00 00 00 00 00 00 00 00 00 f7 00 00 00 00 f7 04
      		 
        0x0c32800137d0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
      		 
        0x0c32800137e0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 fa fa fa fa
      		 
        0x0c32800137f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      		 
        0x0c3280013800: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      		 
      =>0x0c3280013810: 00 00 00 00 f7 02 f7 00 00[06]00 00 06 f7 00 00
      		 
        0x0c3280013820: 00 f7 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      		 
        0x0c3280013830: 00 00 00 00 00 00 00 00 00 00 00 00 00 f7 00 00
      		 
        0x0c3280013840: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      		 
        0x0c3280013850: 00 00 00 00 00 00 00 00 00 00 00 f7 00 00 00 04
      		 
        0x0c3280013860: f7 00 00 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
      		 
      Shadow byte legend (one shadow byte represents 8 application bytes):
      		 
        Addressable:           00
      		 
        Partially addressable: 01 02 03 04 05 06 07 
        Heap left redzone:       fa
      		 
        Freed heap region:       fd
      		 
        Stack left redzone:      f1
      		 
        Stack mid redzone:       f2
      		 
        Stack right redzone:     f3
      		 
        Stack after return:      f5
      		 
        Stack use after scope:   f8
      		 
        Global redzone:          f9
      		 
        Global init order:       f6
      		 
        Poisoned by user:        f7
      		 
        Container overflow:      fc
      		 
        Array cookie:            ac
      		 
        Intra object redzone:    bb
      		 
        ASan internal:           fe
      		 
        Left alloca redzone:     ca
      		 
        Right alloca redzone:    cb
      		 
      ==1725987==ABORTING


      --source include/have_innodb.inc
      		 
       
      		 
      CREATE TABLE t (a INT, b VARCHAR(16)) ENGINE=InnoDB;
      		 
      INSERT INTO t (a) VALUES (1),(2);
      		 
      ALTER TABLE t ALTER b SET DEFAULT '0';
      		 
      ALTER IGNORE TABLE t MODIFY b VARCHAR(256) NOT NULL;
      		 
       
      		 
      # Cleanup
      		 
      DROP TABLE t;


      mysqld: /data/src/10.4/storage/innobase/row/row0merge.cc:729: ulint row_merge_buf_add(row_merge_buf_t*, dict_index_t*, const dict_table_t*, const dict_table_t*, fts_psort_t*, dtuple_t*, const row_ext_t*, bool, doc_id_t*, mem_heap_t*, dberr_t*, mem_heap_t**, TABLE*, trx_t*): Assertion `len <= col->len || ((col->mtype) == 5 || (col->mtype) == 14)' failed.
      		 
      231020  0:24:55 [ERROR] mysqld got signal 6 ;
      		 
       
      		 
      #8  0x00007f31ad645395 in __assert_fail_base (fmt=0x7f31ad7b9a70 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x561ea19b8000 "len <= col->len || ((col->mtype) == 5 || (col->mtype) == 14)", file=file@entry=0x561ea19b7420 "/data/src/10.4/storage/innobase/row/row0merge.cc", line=line@entry=729, function=function@entry=0x561ea19b7e20 "ulint row_merge_buf_add(row_merge_buf_t*, dict_index_t*, const dict_table_t*, const dict_table_t*, fts_psort_t*, dtuple_t*, const row_ext_t*, bool, doc_id_t*, mem_heap_t*, dberr_t*, mem_heap_t**, TABL"...) at ./assert/assert.c:92
      		 
      #9  0x00007f31ad653df2 in __GI___assert_fail (assertion=0x561ea19b8000 "len <= col->len || ((col->mtype) == 5 || (col->mtype) == 14)", file=0x561ea19b7420 "/data/src/10.4/storage/innobase/row/row0merge.cc", line=729, function=0x561ea19b7e20 "ulint row_merge_buf_add(row_merge_buf_t*, dict_index_t*, const dict_table_t*, const dict_table_t*, fts_psort_t*, dtuple_t*, const row_ext_t*, bool, doc_id_t*, mem_heap_t*, dberr_t*, mem_heap_t**, TABL"...) at ./assert/assert.c:101
      		 
      #10 0x0000561ea06cb664 in row_merge_buf_add (buf=0x615000041d88, fts_index=0x0, old_table=0x618000033508, new_table=0x618000034508, psort_info=0x0, row=0x6310000b48b0, ext=0x0, history_fts=false, doc_id=0x7f319895b090, conv_heap=0x0, err=0x7f319895b030, v_heap=0x7f319895b070, my_table=0x7f319895f150, trx=0x7f31a555c908) at /data/src/10.4/storage/innobase/row/row0merge.cc:729
      		 
      #11 0x0000561ea06d7f0f in row_merge_read_clustered_index (trx=0x7f31a555c908, table=0x7f319895f150, old_table=0x618000033508, new_table=0x618000034508, online=true, index=0x6190000dd710, fts_sort_idx=0x0, psort_info=0x0, files=0x603000037930, key_numbers=0x6190000dd720, n_index=1, defaults=0x6190000dd7a8, add_v=0x0, col_map=0x6190000dd860, add_autoinc=18446744073709551615, sequence=..., block=0x7f319841a000 "", skip_pk_sort=true, tmpfd=0x7f319895be80, stage=0x60700001c250, pct_cost=50, crypt_block=0x0, eval_table=0x7f319895f150, allow_not_null=true) at /data/src/10.4/storage/innobase/row/row0merge.cc:2323
      		 
      #12 0x0000561ea06e7974 in row_merge_build_indexes (trx=0x7f31a555c908, old_table=0x618000033508, new_table=0x618000034508, online=true, indexes=0x6190000dd710, key_numbers=0x6190000dd720, n_indexes=1, table=0x7f319895f150, defaults=0x6190000dd7a8, col_map=0x6190000dd860, add_autoinc=18446744073709551615, sequence=..., skip_pk_sort=true, stage=0x60700001c250, add_v=0x0, eval_table=0x7f319895f150, allow_not_null=true) at /data/src/10.4/storage/innobase/row/row0merge.cc:4697
      		 
      #13 0x0000561ea043e5c9 in ha_innobase::inplace_alter_table (this=0x61d000265ca8, altered_table=0x7f319895f150, ha_alter_info=0x7f319895d3e0) at /data/src/10.4/storage/innobase/handler/handler0alter.cc:8746
      		 
      #14 0x0000561e9f4b4052 in handler::ha_inplace_alter_table (this=0x61d000265ca8, altered_table=0x7f319895f150, ha_alter_info=0x7f319895d3e0) at /data/src/10.4/sql/handler.h:4355
      		 
      #15 0x0000561e9f495538 in mysql_inplace_alter_table (thd=0x62b00009a208, table_list=0x62b0000a1368, table=0x620000041088, altered_table=0x7f319895f150, ha_alter_info=0x7f319895d3e0, target_mdl_request=0x7f319895d600, alter_ctx=0x7f319895e660) at /data/src/10.4/sql/sql_table.cc:7943
      		 
      #16 0x0000561e9f4a7cf1 in mysql_alter_table (thd=0x62b00009a208, new_db=0x62b00009ea10, new_name=0x62b00009ee78, create_info=0x7f3198960250, table_list=0x62b0000a1368, recreate_info=0x7f31989600b0, alter_info=0x7f3198960150, order_num=0, order=0x0, ignore=true) at /data/src/10.4/sql/sql_table.cc:10471
      		 
      #17 0x0000561e9f62ea48 in Sql_cmd_alter_table::execute (this=0x62b0000a1bb8, thd=0x62b00009a208) at /data/src/10.4/sql/sql_alter.cc:531
      		 
      #18 0x0000561e9f237d0f in mysql_execute_command (thd=0x62b00009a208) at /data/src/10.4/sql/sql_parse.cc:6218
      		 
      #19 0x0000561e9f243589 in mysql_parse (thd=0x62b00009a208, rawbuf=0x62b0000a1228 "ALTER IGNORE TABLE t MODIFY b VARCHAR(256) NOT NULL", length=51, parser_state=0x7f3198962860, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:8012
      		 
      #20 0x0000561e9f219818 in dispatch_command (command=COM_QUERY, thd=0x62b00009a208, packet=0x62900029e209 "ALTER IGNORE TABLE t MODIFY b VARCHAR(256) NOT NULL", packet_length=51, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:1857
      		 
      #21 0x0000561e9f216387 in do_command (thd=0x62b00009a208) at /data/src/10.4/sql/sql_parse.cc:1378
      		 
      #22 0x0000561e9f615dd4 in do_handle_one_connection (connect=0x608000000ba8) at /data/src/10.4/sql/sql_connect.cc:1420
      		 
      #23 0x0000561e9f6156eb in handle_one_connection (arg=0x608000000ba8) at /data/src/10.4/sql/sql_connect.cc:1324
      		 
      #24 0x0000561ea02872f8 in pfs_spawn_thread (arg=0x615000006208) at /data/src/10.4/storage/perfschema/pfs.cc:1869
      		 
      #25 0x00007f31ad6a7fd4 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
      		 
      #26 0x00007f31ad7285bc in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-32547 ALTER IGNORE TABLE only sometimes converts NULL to DEFAULT value

          • Major - Major loss of function.
          • Open

          Activity

            People

              thiru Thirunarayanan Balathandayuthapani
              elenst Elena Stepanova
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.