Details
-
Bug
-
Status: Closed (View Workflow)
-
Critical
-
Resolution: Duplicate
-
11.8, 12.0(EOL)
Description
--source include/have_innodb.inc
|
CREATE TABLE t (c CHAR(100)) ENGINE=InnoDB ROW_FORMAT=COMPRESSED; |
Leads to:
|
CS 11.8.1 865b05bf4acf10e0d4b3359019ed7b2efe0be81d (Debug, UBASAN, Clang) Build 06/05/2025 |
/test/11.8_dbg_san/storage/innobase/buf/buf0buddy.cc:168:32: runtime error: shift exponent 16384 is too large for 64-bit type 'size_t' (aka 'unsigned long')
|
#0 0x5ec4299f379a in buf_pool_t::contains_zip(void const*, unsigned long) const /test/11.8_dbg_san/storage/innobase/buf/buf0buddy.cc:168:32
|
#1 0x5ec4299f45c3 in buf_buddy_alloc_from(void*, unsigned long) /test/11.8_dbg_san/storage/innobase/buf/buf0buddy.cc:388:2
|
#2 0x5ec4299f3976 in buf_buddy_alloc_low(unsigned long, bool*) /test/11.8_dbg_san/storage/innobase/buf/buf0buddy.cc:442:3
|
#3 0x5ec429945a86 in buf_buddy_alloc(unsigned long, bool*) /test/11.8_dbg_san/storage/innobase/include/buf0buddy.h:60:10
|
#4 0x5ec429945a86 in buf_page_create_low(page_id_t, unsigned long, mtr_t*, buf_block_t*) /test/11.8_dbg_san/storage/innobase/buf/buf0buf.cc:3173:22
|
#5 0x5ec429a0b6eb in fsp_header_init(fil_space_t*, unsigned int, mtr_t*) /test/11.8_dbg_san/storage/innobase/fsp/fsp0fsp.cc:520:23
|
#6 0x5ec429988f65 in fil_ibd_create(unsigned int, table_name_t, char const*, unsigned int, unsigned int, fil_encryption_t, unsigned int, dberr_t*) /test/11.8_dbg_san/storage/innobase/fil/fil0fil.cc:2110:3
|
#7 0x5ec429b5c07c in dict_create_index_space(ind_node_t const&) /test/11.8_dbg_san/storage/innobase/dict/dict0crea.cc:1152:17
|
#8 0x5ec429b5c07c in dict_create_index_step(que_thr_t*) /test/11.8_dbg_san/storage/innobase/dict/dict0crea.cc:1206:9
|
#9 0x5ec429e288c9 in que_thr_step(que_thr_t*) /test/11.8_dbg_san/storage/innobase/que/que0que.cc:563:9
|
#10 0x5ec429e288c9 in que_run_threads_low(que_thr_t*) /test/11.8_dbg_san/storage/innobase/que/que0que.cc:609:25
|
#11 0x5ec429e288c9 in que_run_threads(que_thr_t*) /test/11.8_dbg_san/storage/innobase/que/que0que.cc:629:2
|
#12 0x5ec429f1cc03 in row_create_index_for_mysql(dict_index_t*, trx_t*, unsigned long const*, fil_encryption_t, unsigned int) /test/11.8_dbg_san/storage/innobase/row/row0mysql.cc:2155:3
|
#13 0x5ec4297cd5ad in create_table_info_t::create_table(bool, bool) /test/11.8_dbg_san/storage/innobase/handler/ha_innodb.cc:12801:4
|
#14 0x5ec42978eff2 in ha_innobase::create(char const*, TABLE*, HA_CREATE_INFO*, bool, trx_t*) /test/11.8_dbg_san/storage/innobase/handler/ha_innodb.cc:13291:17
|
#15 0x5ec427551c63 in handler::ha_create(char const*, TABLE*, HA_CREATE_INFO*) /test/11.8_dbg_san/sql/handler.cc:5934:14
|
#16 0x5ec42755c0d0 in ha_create_table_from_share(THD*, TABLE_SHARE*, HA_CREATE_INFO*, unsigned int*) /test/11.8_dbg_san/sql/handler.cc:6386:26
|
#17 0x5ec42755af88 in ha_create_table(THD*, char const*, char const*, char const*, HA_CREATE_INFO*, st_mysql_const_unsigned_lex_string*, bool) /test/11.8_dbg_san/sql/handler.cc:6453:15
|
#18 0x5ec428a3c5d3 in create_table_impl(THD*, st_ddl_log_state*, st_ddl_log_state*, Lex_ident_db const&, Lex_ident_table const&, st_mysql_const_lex_string const&, st_mysql_const_lex_string const&, st_mysql_const_lex_string const&, DDL_options_st, HA_CREATE_INFO*, Alter_info*, int, bool*, st_key**, unsigned int*, st_mysql_const_unsigned_lex_string*) /test/11.8_dbg_san/sql/sql_table.cc:4889:11
|
#19 0x5ec428a39e40 in mysql_create_table_no_lock(THD*, st_ddl_log_state*, st_ddl_log_state*, Table_specification_st*, Alter_info*, bool*, int, TABLE_LIST*) /test/11.8_dbg_san/sql/sql_table.cc:4991:8
|
#20 0x5ec428a98396 in mysql_create_table(THD*, TABLE_LIST*, Table_specification_st*, Alter_info*) /test/11.8_dbg_san/sql/sql_table.cc:5233:7
|
#21 0x5ec428a91cb7 in Sql_cmd_create_table_like::execute(THD*) /test/11.8_dbg_san/sql/sql_table.cc:13624:12
|
#22 0x5ec4285c86a6 in mysql_execute_command(THD*, bool) /test/11.8_dbg_san/sql/sql_parse.cc:5886:26
|
#23 0x5ec4285a7ba8 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.8_dbg_san/sql/sql_parse.cc:7915:18
|
#24 0x5ec42859bc6b in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.8_dbg_san/sql/sql_parse.cc:1902:7
|
#25 0x5ec4285aa5cd in do_command(THD*, bool) /test/11.8_dbg_san/sql/sql_parse.cc:1415:17
|
#26 0x5ec428d3484c in do_handle_one_connection(CONNECT*, bool) /test/11.8_dbg_san/sql/sql_connect.cc:1415:11
|
#27 0x5ec428d34107 in handle_one_connection /test/11.8_dbg_san/sql/sql_connect.cc:1327:5
|
#28 0x5ec4273e631c in asan_thread_start(void*) crtstuff.c
|
#29 0x7be03269ca93 in start_thread nptl/pthread_create.c:447:8
|
#30 0x7be032729c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
|
|
SUMMARY: UndefinedBehaviorSanitizer: invalid-shift-exponent
|
/test/11.8_dbg_san/storage/innobase/buf/buf0buddy.cc:168:32
|
/test/11.8_dbg_san/storage/innobase/buf/buf0buddy.cc:173:38: runtime error: shift exponent 16384 is too large for 64-bit type 'size_t' (aka 'unsigned long')
|
#0 0x5ec4299f376c in buf_pool_t::contains_zip(void const*, unsigned long) const /test/11.8_dbg_san/storage/innobase/buf/buf0buddy.cc:173:38
|
#1 0x5ec4299f45c3 in buf_buddy_alloc_from(void*, unsigned long) /test/11.8_dbg_san/storage/innobase/buf/buf0buddy.cc:388:2
|
#2 0x5ec4299f3976 in buf_buddy_alloc_low(unsigned long, bool*) /test/11.8_dbg_san/storage/innobase/buf/buf0buddy.cc:442:3
|
#3 0x5ec429945a86 in buf_buddy_alloc(unsigned long, bool*) /test/11.8_dbg_san/storage/innobase/include/buf0buddy.h:60:10
|
#4 0x5ec429945a86 in buf_page_create_low(page_id_t, unsigned long, mtr_t*, buf_block_t*) /test/11.8_dbg_san/storage/innobase/buf/buf0buf.cc:3173:22
|
#5 0x5ec429a0b6eb in fsp_header_init(fil_space_t*, unsigned int, mtr_t*) /test/11.8_dbg_san/storage/innobase/fsp/fsp0fsp.cc:520:23
|
#6 0x5ec429988f65 in fil_ibd_create(unsigned int, table_name_t, char const*, unsigned int, unsigned int, fil_encryption_t, unsigned int, dberr_t*) /test/11.8_dbg_san/storage/innobase/fil/fil0fil.cc:2110:3
|
#7 0x5ec429b5c07c in dict_create_index_space(ind_node_t const&) /test/11.8_dbg_san/storage/innobase/dict/dict0crea.cc:1152:17
|
#8 0x5ec429b5c07c in dict_create_index_step(que_thr_t*) /test/11.8_dbg_san/storage/innobase/dict/dict0crea.cc:1206:9
|
#9 0x5ec429e288c9 in que_thr_step(que_thr_t*) /test/11.8_dbg_san/storage/innobase/que/que0que.cc:563:9
|
#10 0x5ec429e288c9 in que_run_threads_low(que_thr_t*) /test/11.8_dbg_san/storage/innobase/que/que0que.cc:609:25
|
#11 0x5ec429e288c9 in que_run_threads(que_thr_t*) /test/11.8_dbg_san/storage/innobase/que/que0que.cc:629:2
|
#12 0x5ec429f1cc03 in row_create_index_for_mysql(dict_index_t*, trx_t*, unsigned long const*, fil_encryption_t, unsigned int) /test/11.8_dbg_san/storage/innobase/row/row0mysql.cc:2155:3
|
#13 0x5ec4297cd5ad in create_table_info_t::create_table(bool, bool) /test/11.8_dbg_san/storage/innobase/handler/ha_innodb.cc:12801:4
|
#14 0x5ec42978eff2 in ha_innobase::create(char const*, TABLE*, HA_CREATE_INFO*, bool, trx_t*) /test/11.8_dbg_san/storage/innobase/handler/ha_innodb.cc:13291:17
|
#15 0x5ec427551c63 in handler::ha_create(char const*, TABLE*, HA_CREATE_INFO*) /test/11.8_dbg_san/sql/handler.cc:5934:14
|
#16 0x5ec42755c0d0 in ha_create_table_from_share(THD*, TABLE_SHARE*, HA_CREATE_INFO*, unsigned int*) /test/11.8_dbg_san/sql/handler.cc:6386:26
|
#17 0x5ec42755af88 in ha_create_table(THD*, char const*, char const*, char const*, HA_CREATE_INFO*, st_mysql_const_unsigned_lex_string*, bool) /test/11.8_dbg_san/sql/handler.cc:6453:15
|
#18 0x5ec428a3c5d3 in create_table_impl(THD*, st_ddl_log_state*, st_ddl_log_state*, Lex_ident_db const&, Lex_ident_table const&, st_mysql_const_lex_string const&, st_mysql_const_lex_string const&, st_mysql_const_lex_string const&, DDL_options_st, HA_CREATE_INFO*, Alter_info*, int, bool*, st_key**, unsigned int*, st_mysql_const_unsigned_lex_string*) /test/11.8_dbg_san/sql/sql_table.cc:4889:11
|
#19 0x5ec428a39e40 in mysql_create_table_no_lock(THD*, st_ddl_log_state*, st_ddl_log_state*, Table_specification_st*, Alter_info*, bool*, int, TABLE_LIST*) /test/11.8_dbg_san/sql/sql_table.cc:4991:8
|
#20 0x5ec428a98396 in mysql_create_table(THD*, TABLE_LIST*, Table_specification_st*, Alter_info*) /test/11.8_dbg_san/sql/sql_table.cc:5233:7
|
#21 0x5ec428a91cb7 in Sql_cmd_create_table_like::execute(THD*) /test/11.8_dbg_san/sql/sql_table.cc:13624:12
|
#22 0x5ec4285c86a6 in mysql_execute_command(THD*, bool) /test/11.8_dbg_san/sql/sql_parse.cc:5886:26
|
#23 0x5ec4285a7ba8 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.8_dbg_san/sql/sql_parse.cc:7915:18
|
#24 0x5ec42859bc6b in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.8_dbg_san/sql/sql_parse.cc:1902:7
|
#25 0x5ec4285aa5cd in do_command(THD*, bool) /test/11.8_dbg_san/sql/sql_parse.cc:1415:17
|
#26 0x5ec428d3484c in do_handle_one_connection(CONNECT*, bool) /test/11.8_dbg_san/sql/sql_connect.cc:1415:11
|
#27 0x5ec428d34107 in handle_one_connection /test/11.8_dbg_san/sql/sql_connect.cc:1327:5
|
#28 0x5ec4273e631c in asan_thread_start(void*) crtstuff.c
|
#29 0x7be03269ca93 in start_thread nptl/pthread_create.c:447:8
|
#30 0x7be032729c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
|
|
SUMMARY: UndefinedBehaviorSanitizer: invalid-shift-exponent /test/11.8_dbg_san/storage/innobase/buf/buf0buddy.cc:173:38
|
Setup:
Compiled with a recent version of Clang (I used Clang 18.1.3) with LLVM 18. Ubuntu instructions:
|
# Note: It is strongly recommended to uninstall all old Clang & LLVM packages (ref dpkg --list | grep -iE 'clang|llvm' and use apt purge and dpkg --purge to remove the packages), before installing Clang/LLVM 18
|
sudo apt install clang llvm-18 llvm-18-linker-tools llvm-18-runtime llvm-18-tools llvm-18-dev libstdc++-14-dev llvm-dev
|
Compiled with: "-DCMAKE_C_COMPILER=/usr/bin/clang -DCMAKE_CXX_COMPILER=/usr/bin/clang++ -DCMAKE_C{,XX}_FLAGS='-march=native -mtune=native'" and:
|
-DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWSREP_LIB_WITH_ASAN=ON
|
Set before execution:
|
export UBSAN_OPTIONS=print_stacktrace=1:report_error_type=1 # And you may also want to supress UBSAN startup issues using 'suppressions=UBSAN.filter' in UBSAN_OPTIONS. For an example of UBSAN.filter, which includes current startup issues see: https://github.com/mariadb-corporation/mariadb-qa/blob/master/UBSAN.filter
|
|
SAN Bug Detection Matrix |
Rel o/d Build Commit UniqueID observed
|
CS 10.5 dbg 060525 5c92b27d5433df7558f41ac5718481f87bdfa544 No bug found
|
CS 10.5 opt 060525 5c92b27d5433df7558f41ac5718481f87bdfa544 No bug found
|
CS 10.6 dbg 060525 c62671543976eb397576f1b57fb6817029bc21ee No bug found
|
CS 10.6 opt 060525 c62671543976eb397576f1b57fb6817029bc21ee No bug found
|
CS 10.11 dbg 060525 2263c8a1f7db9b308e1458d1ddc4203d006940d7 No bug found
|
CS 10.11 opt 060525 2263c8a1f7db9b308e1458d1ddc4203d006940d7 No bug found
|
CS 11.4 dbg 060525 da5a4d05b9da58705498a42b6ffa5d9211f446af No bug found
|
CS 11.4 opt 060525 da5a4d05b9da58705498a42b6ffa5d9211f446af No bug found
|
CS 11.8 dbg 060525 865b05bf4acf10e0d4b3359019ed7b2efe0be81d UBSAN|shift exponent X is too large for 64-bit type 'size_t' (aka 'unsigned long')|storage/innobase/buf/buf0buddy.cc|buf_pool_t::contains_zip|buf_buddy_alloc_from|buf_buddy_alloc_low|buf_buddy_alloc
|
CS 11.8 opt 060525 865b05bf4acf10e0d4b3359019ed7b2efe0be81d No bug found
|
CS 12.0 dbg 060525 51c0afcd248ad57095fdcf56efec2865ea49bd83 UBSAN|shift exponent X is too large for 64-bit type 'size_t' (aka 'unsigned long')|storage/innobase/buf/buf0buddy.cc|buf_pool_t::contains_zip|buf_buddy_alloc_from|buf_buddy_alloc_low|buf_buddy_alloc
|
CS 12.0 opt 060525 51c0afcd248ad57095fdcf56efec2865ea49bd83 No bug found
|
ES 10.5 dbg 140325 6553c62369ab3606efc74295c902181f793fd6d1 No bug found
|
ES 10.5 opt 140325 6553c62369ab3606efc74295c902181f793fd6d1 No bug found
|
ES 10.6 dbg 140325 a99e9e4101f5d56a379577e6d81c829b7658df99 No bug found
|
ES 10.6 opt 140325 a99e9e4101f5d56a379577e6d81c829b7658df99 No bug found
|
ES 11.4 dbg 140325 26e39c99feaa4e6f9d3e1b13fd4a7d101059b7ba No bug found
|
ES 11.4 opt 140325 26e39c99feaa4e6f9d3e1b13fd4a7d101059b7ba No bug found
|
Testcase is MTR and CLI compatible.
Attachments
Issue Links
- relates to
-
MDEV-29445 reorganise innodb buffer pool (and remove buffer pool chunks)
-
- Closed
-