[MDEV-33537] ASAN errors or unexpected ER_TRUNCATED_WRONG_VALUE_FOR_FIELD upon adding key on virtual column - Jira

XML

Word

Printable

Details

Type: Bug
Status: Open (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: 10.4(EOL), 10.5, 10.6, 10.11, 11.0(EOL), 11.1(EOL), 11.2(EOL), 11.3(EOL), 11.4
Fix Version/s: 10.5, 10.6, 10.11, 11.4
Component/s: Virtual Columns
Labels:

Description

--source include/have_innodb.inc

CREATE TABLE t (a INT, b VARCHAR(8), f INT AS (a), PRIMARY KEY(b)) ENGINE=InnoDB;

INSERT INTO t (a,b) VALUES (1,'10');

ALTER TABLE t MODIFY f INT AS (b);

ALTER TABLE t ADD KEY(f);

# Cleanup

DROP TABLE t;

10.4 23101304887e9e1987c45f001377382e3fdfd88f ASAN
==4037630==ERROR: AddressSanitizer: use-after-poison on address 0x6290002a829a at pc 0x559890b7c724 bp 0x7f73fbd97f50 sp 0x7f73fbd97f48
READ of size 1 at 0x6290002a829a thread T27
#0 0x559890b7c723 in my_mb_wc_latin1 /data/bld/10.4-asan/strings/ctype-latin1.c:372
#1 0x559890bf6918 in my_convert_using_func /data/bld/10.4-asan/strings/ctype.c:1019
#2 0x559890bf6f31 in my_convert /data/bld/10.4-asan/strings/ctype.c:1127
#3 0x55988ec8f31d in copy_and_convert(char, unsigned long, charset_info_st const, char const, unsigned long, charset_info_st const, unsigned int*) /data/bld/10.4-asan/sql/sql_string.h:44
#4 0x55988ee85195 in err_conv(char, unsigned int, char const, unsigned int, charset_info_st const*) /data/bld/10.4-asan/sql/sql_error.cc:909
#5 0x55988ecb3bb1 in ErrBuff::set_str(char const, unsigned long, charset_info_st const) const /data/bld/10.4-asan/sql/sql_error.h:861
#6 0x55988ecb4030 in ErrConvString::ptr() const /data/bld/10.4-asan/sql/sql_error.h:893
#7 0x55988f6676d5 in Field_num::check_edom_and_important_data_truncation(char const, bool, charset_info_st const, char const, unsigned long, char const) /data/bld/10.4-asan/sql/field.cc:1609
#8 0x55988f66783b in Field_num::check_edom_and_truncation(char const, bool, charset_info_st const, char const, unsigned long, char const) /data/bld/10.4-asan/sql/field.cc:1627
#9 0x55988f6c8aa4 in Field_num::check_int(charset_info_st const, char const, unsigned long, char const*, int) (/mnt8t/bld/10.4-asan/sql/mysqld+0x1ab3aa4)
#10 0x55988f667c6f in Field_num::get_int(charset_info_st const, char const, unsigned long, long long*, unsigned long long, long long, long long) /data/bld/10.4-asan/sql/field.cc:1692
#11 0x55988f67bdb9 in Field_long::store(char const, unsigned long, charset_info_st const) /data/bld/10.4-asan/sql/field.cc:4207
#12 0x55988f6c5c38 in Field::save_in_field_str(Field*) /data/bld/10.4-asan/sql/field.h:622
#13 0x55988f6c8f44 in Field_str::save_in_field(Field*) /data/bld/10.4-asan/sql/field.h:1901
#14 0x55988f6c608c in Field::store_field(Field*) /data/bld/10.4-asan/sql/field.h:786
#15 0x55988f6e0655 in field_conv_incompatible /data/bld/10.4-asan/sql/field_conv.cc:900
#16 0x55988f6e06f2 in field_conv(Field, Field) /data/bld/10.4-asan/sql/field_conv.cc:913
#17 0x55988f77af7b in save_field_in_field /data/bld/10.4-asan/sql/item.cc:6577
#18 0x55988f77b6c0 in Item_field::save_in_field(Field*, bool) /data/bld/10.4-asan/sql/item.cc:6628
#19 0x55988f29a580 in TABLE::update_virtual_field(Field*, bool) /data/bld/10.4-asan/sql/table.cc:8642
#20 0x5598900ee20b in innobase_get_computed_value(dtuple_t, dict_v_col_t const, dict_index_t const, mem_block_info_t, mem_block_info_t, dict_field_t const, THD, TABLE, unsigned char, dict_table_t const, upd_t const, bool) /data/bld/10.4-asan/storage/innobase/handler/ha_innodb.cc:20882
#21 0x5598903f1f4b in row_merge_buf_add /data/bld/10.4-asan/storage/innobase/row/row0merge.cc:579
#22 0x5598903ff8c4 in row_merge_read_clustered_index /data/bld/10.4-asan/storage/innobase/row/row0merge.cc:2323
#23 0x55989040eff5 in row_merge_build_indexes(trx_t, dict_table_t, dict_table_t, bool, dict_index_t, unsigned long const, unsigned long, TABLE, dtuple_t const, unsigned long const, unsigned long, ib_sequence_t&, bool, ut_stage_alter_t, dict_add_v_col_t const, TABLE, bool) /data/bld/10.4-asan/storage/innobase/row/row0merge.cc:4670
#24 0x5598901653ee in ha_innobase::inplace_alter_table(TABLE, Alter_inplace_info) /data/bld/10.4-asan/storage/innobase/handler/handler0alter.cc:8745
#25 0x55988f1e5f75 in handler::ha_inplace_alter_table(TABLE, Alter_inplace_info) /data/bld/10.4-asan/sql/handler.h:4355
#26 0x55988f1c6868 in mysql_inplace_alter_table /data/bld/10.4-asan/sql/sql_table.cc:8012
#27 0x55988f1d98e5 in mysql_alter_table(THD, st_mysql_const_lex_string const, st_mysql_const_lex_string const, HA_CREATE_INFO, TABLE_LIST, Recreate_info, Alter_info, unsigned int, st_order, bool) /data/bld/10.4-asan/sql/sql_table.cc:10582
#28 0x55988f360ab6 in Sql_cmd_alter_table::execute(THD*) /data/bld/10.4-asan/sql/sql_alter.cc:535
#29 0x55988ef62c2a in mysql_execute_command(THD*) /data/bld/10.4-asan/sql/sql_parse.cc:6292
#30 0x55988ef6e57e in mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool) /data/bld/10.4-asan/sql/sql_parse.cc:8088
#31 0x55988ef4419d in dispatch_command(enum_server_command, THD, char, unsigned int, bool, bool) /data/bld/10.4-asan/sql/sql_parse.cc:1857
#32 0x55988ef40d0c in do_command(THD*) /data/bld/10.4-asan/sql/sql_parse.cc:1378
#33 0x55988f347dc6 in do_handle_one_connection(CONNECT*) /data/bld/10.4-asan/sql/sql_connect.cc:1419
#34 0x55988f3476dd in handle_one_connection /data/bld/10.4-asan/sql/sql_connect.cc:1323
#35 0x55988ffad53b in pfs_spawn_thread /data/bld/10.4-asan/storage/perfschema/pfs.cc:1869
#36 0x7f7411dc9043 in start_thread nptl/pthread_create.c:442
#37 0x7f7411e4961b in clone3 ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

0x6290002a829a is located 154 bytes inside of 16512-byte region [0x6290002a8200,0x6290002ac280)
allocated by thread T27 here:
#0 0x7f74124b89cf in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x5598902a808d in mem_heap_create_block_func(mem_block_info_t, unsigned long, char const, unsigned int, unsigned long) /data/bld/10.4-asan/storage/innobase/mem/mem0mem.cc:277
#2 0x55989008da68 in mem_heap_create_func /data/bld/10.4-asan/storage/innobase/include/mem0mem.inl:375
#3 0x5598900ec906 in innobase_allocate_row_for_vcol(THD, dict_index_t, mem_block_info_t, TABLE, VCOL_STORAGE*) /data/bld/10.4-asan/storage/innobase/handler/ha_innodb.cc:20713
#4 0x5598903f1e41 in row_merge_buf_add /data/bld/10.4-asan/storage/innobase/row/row0merge.cc:571
#5 0x5598903ff8c4 in row_merge_read_clustered_index /data/bld/10.4-asan/storage/innobase/row/row0merge.cc:2323
#6 0x55989040eff5 in row_merge_build_indexes(trx_t, dict_table_t, dict_table_t, bool, dict_index_t, unsigned long const, unsigned long, TABLE, dtuple_t const, unsigned long const, unsigned long, ib_sequence_t&, bool, ut_stage_alter_t, dict_add_v_col_t const, TABLE, bool) /data/bld/10.4-asan/storage/innobase/row/row0merge.cc:4670
#7 0x5598901653ee in ha_innobase::inplace_alter_table(TABLE, Alter_inplace_info) /data/bld/10.4-asan/storage/innobase/handler/handler0alter.cc:8745
#8 0x55988f1e5f75 in handler::ha_inplace_alter_table(TABLE, Alter_inplace_info) /data/bld/10.4-asan/sql/handler.h:4355
#9 0x55988f1c6868 in mysql_inplace_alter_table /data/bld/10.4-asan/sql/sql_table.cc:8012
#10 0x55988f1d98e5 in mysql_alter_table(THD, st_mysql_const_lex_string const, st_mysql_const_lex_string const, HA_CREATE_INFO, TABLE_LIST, Recreate_info, Alter_info, unsigned int, st_order, bool) /data/bld/10.4-asan/sql/sql_table.cc:10582
#11 0x55988f360ab6 in Sql_cmd_alter_table::execute(THD*) /data/bld/10.4-asan/sql/sql_alter.cc:535
#12 0x55988ef62c2a in mysql_execute_command(THD*) /data/bld/10.4-asan/sql/sql_parse.cc:6292
#13 0x55988ef6e57e in mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool) /data/bld/10.4-asan/sql/sql_parse.cc:8088
#14 0x55988ef4419d in dispatch_command(enum_server_command, THD, char, unsigned int, bool, bool) /data/bld/10.4-asan/sql/sql_parse.cc:1857
#15 0x55988ef40d0c in do_command(THD*) /data/bld/10.4-asan/sql/sql_parse.cc:1378
#16 0x55988f347dc6 in do_handle_one_connection(CONNECT*) /data/bld/10.4-asan/sql/sql_connect.cc:1419
#17 0x55988f3476dd in handle_one_connection /data/bld/10.4-asan/sql/sql_connect.cc:1323
#18 0x55988ffad53b in pfs_spawn_thread /data/bld/10.4-asan/storage/perfschema/pfs.cc:1869
#19 0x7f7411dc9043 in start_thread nptl/pthread_create.c:442

Thread T27 created by T0 here:
#0 0x7f7412449726 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:207
#1 0x55988ffad928 in spawn_thread_v1 /data/bld/10.4-asan/storage/perfschema/pfs.cc:1919
#2 0x55988ec46f79 in inline_mysql_thread_create /data/bld/10.4-asan/include/mysql/psi/mysql_thread.h:1275
#3 0x55988ec5e704 in create_thread_to_handle_connection(CONNECT*) /data/bld/10.4-asan/sql/mysqld.cc:6296
#4 0x55988ec5ee4f in create_new_thread(CONNECT*) /data/bld/10.4-asan/sql/mysqld.cc:6366
#5 0x55988ec5f31d in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/bld/10.4-asan/sql/mysqld.cc:6464
#6 0x55988ec601c9 in handle_connections_sockets() /data/bld/10.4-asan/sql/mysqld.cc:6622
#7 0x55988ec5de67 in mysqld_main(int, char**) /data/bld/10.4-asan/sql/mysqld.cc:5954
#8 0x55988ec450a8 in main /data/bld/10.4-asan/sql/main.cc:25
#9 0x7f7411d671c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58

SUMMARY: AddressSanitizer: use-after-poison /data/bld/10.4-asan/strings/ctype-latin1.c:372 in my_mb_wc_latin1
Shadow bytes around the buggy address:
0x0c528004d000: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c528004d010: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c528004d020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c528004d030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c528004d040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c528004d050: f7 00 00[02]f7 f7 00 00 02 f7 f7 f7 f7 f7 f7 f7
0x0c528004d060: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
0x0c528004d070: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
0x0c528004d080: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
0x0c528004d090: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
0x0c528004d0a0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==4037630==ABORTING

10.4 87a5d16911bb94d383480fdd49e20876ed1400f2 non-ASAN
mysqltest: At line 7: query 'ALTER TABLE t ADD KEY(f)' failed: 1366: Incorrect integer value: '' for column `test`.`t`.`f` at row 1

Note a wrong value in the message, there is no empty string in the table.
The value is in fact corrupt, on a different build it may look like this:

mysqltest: At line 7: query 'ALTER TABLE t ADD KEY(f)' failed: 1366: Incorrect integer value: '��������������������������������������������������������������...' for column `test`.`t`.`f` at row 1

Reproducible on all existing versions, with InnoDB and non-copy-algorithm in ALTERs (in other words, not reproducible if at least one of ALTERs is run with ALGORITHM=COPY).

Attachments

Activity

People

Assignee:: Nikita Malyavin

Reporter:: Elena Stepanova

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2024-02-25 21:47

Updated:: 2024-12-27 23:07

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.