Details
-
Bug
-
Status: Open (View Workflow)
-
Major
-
Resolution: Unresolved
-
10.11, 11.4, 11.8
-
None
Description
--source include/have_innodb.inc
|
--source include/have_partition.inc
|
|
|
CREATE TABLE t (a INT, b INT, PRIMARY KEY (b), KEY (a)) ENGINE=InnoDB PARTITION BY LIST (b) (PARTITION p0 VALUES IN (10,20), PARTITION pn DEFAULT); |
INSERT INTO t VALUES (1,1),(2,2); |
ALTER TABLE t CONVERT PARTITION p0 TO TABLE t_exchange; |
UPDATE t SET b = 3 WHERE b = 1; |
|
|
DROP TABLE t_exchange, t; |
|
10.11 0b16d7871c065c10be54cf61dac2220cab13fd18 |
2025-07-17 20:03:09 0x7fc986b116c0 InnoDB: Assertion failure in file /data/bld/10.11-asan-ubsan/storage/innobase/row/row0sel.cc line 2641
|
InnoDB: Failing assertion: field->col->mtype == type
|
|
|
#9 0x0000560b0858d886 in ut_dbg_assertion_failed (expr=expr@entry=0x560b09826960 "field->col->mtype == type", file=file@entry=0x560b0982dcc0 "/data/bld/10.11-asan-ubsan/storage/innobase/row/row0sel.cc", line=line@entry=2641) at /data/bld/10.11-asan-ubsan/storage/innobase/ut/ut0dbg.cc:60
|
#10 0x0000560b083f67ca in row_sel_convert_mysql_key_to_innobase (tuple=tuple@entry=0x6200000124a8, buf=0x6200000122f4 '\276' <repeats 20 times>, " \330\243", buf@entry=0x6200000122f0 "\200", buf_len=buf_len@entry=8, index=index@entry=0x616000a3d820, key_ptr=0x621000166386 "", key_ptr@entry=0x621000166382 "\001", key_len=key_len@entry=8) at /data/bld/10.11-asan-ubsan/storage/innobase/row/row0sel.cc:2641
|
#11 0x0000560b07d97308 in ha_innobase::index_read (this=this@entry=0x6250002949f8, buf=buf@entry=0x625000295200 "\377", key_ptr=key_ptr@entry=0x621000166382 "\001", key_len=<optimized out>, find_flag=find_flag@entry=HA_READ_KEY_EXACT) at /data/bld/10.11-asan-ubsan/storage/innobase/handler/ha_innodb.cc:9041
|
#12 0x0000560b07d99c20 in ha_innobase::rnd_pos (this=0x6250002949f8, buf=<optimized out>, pos=<optimized out>) at /data/bld/10.11-asan-ubsan/storage/innobase/handler/ha_innodb.cc:9539
|
#13 0x0000560b06ab5336 in handler::ha_rnd_pos (this=this@entry=0x6250002949f8, buf=buf@entry=0x625000295200 "\377", pos=pos@entry=0x621000166382 "\001") at /data/bld/10.11-asan-ubsan/sql/handler.cc:3610
|
#14 0x0000560b078ec9ae in ha_partition::rnd_pos (this=0x625000294148, buf=<optimized out>, pos=0x621000166380 "") at /data/bld/10.11-asan-ubsan/sql/ha_partition.cc:5543
|
#15 0x0000560b06ab4b2f in handler::ha_rnd_pos (this=this@entry=0x625000294148, buf=<optimized out>, pos=pos@entry=0x621000166380 "") at /data/bld/10.11-asan-ubsan/sql/handler.cc:3610
|
#16 0x0000560b0523a8b0 in rr_from_tempfile (info=0x7fc986b0e7e0) at /data/bld/10.11-asan-ubsan/sql/records.cc:535
|
#17 0x0000560b05e383f6 in READ_RECORD::read_record (this=0x7fc986b0e7e0) at /data/bld/10.11-asan-ubsan/sql/records.h:81
|
#18 mysql_update (thd=thd@entry=0x62c0001f0218, table_list=<optimized out>, fields=..., values=..., conds=conds@entry=0x62d0000a1040, order_num=order_num@entry=0, order=<optimized out>, limit=18446744073709551615, ignore=<optimized out>, found_return=<optimized out>, updated_return=<optimized out>) at /data/bld/10.11-asan-ubsan/sql/sql_update.cc:1040
|
#19 0x0000560b0581791d in mysql_execute_command (thd=thd@entry=0x62c0001f0218, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /data/bld/10.11-asan-ubsan/sql/sql_parse.cc:4476
|
#20 0x0000560b05834f65 in mysql_parse (thd=thd@entry=0x62c0001f0218, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x7fc986b0fab0) at /data/bld/10.11-asan-ubsan/sql/sql_parse.cc:8183
|
#21 0x0000560b0583e239 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x62c0001f0218, packet=packet@entry=0x62900028a219 "UPDATE t SET b = 3 WHERE b = 1", packet_length=packet_length@entry=30, blocking=blocking@entry=true) at /data/bld/10.11-asan-ubsan/sql/sql_parse.cc:1906
|
#22 0x0000560b0584ae75 in do_command (thd=thd@entry=0x62c0001f0218, blocking=blocking@entry=true) at /data/bld/10.11-asan-ubsan/sql/sql_parse.cc:1419
|
#23 0x0000560b0603cf62 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x608000019438, put_in_cache=put_in_cache@entry=true) at /data/bld/10.11-asan-ubsan/sql/sql_connect.cc:1386
|
#24 0x0000560b0603e0bf in handle_one_connection (arg=0x608000019438) at /data/bld/10.11-asan-ubsan/sql/sql_connect.cc:1298
|
#25 0x0000560b0799f4f5 in pfs_spawn_thread (arg=0x617000007e98) at /data/bld/10.11-asan-ubsan/storage/perfschema/pfs.cc:2201
|
#26 0x00007fc9970a81c4 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
|
#27 0x00007fc99712885c in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
|
Note that it's a non-debug assertion, it fails the same way on a debug and a release build.
A slightly different scenario (all the same but no key on column a) leads to a different failure on an ASAN build and crash on a release build:
--source include/have_innodb.inc
|
--source include/have_partition.inc
|
|
|
CREATE TABLE t (a INT, b INT, PRIMARY KEY (b)) ENGINE=InnoDB PARTITION BY LIST (b) (PARTITION p0 VALUES IN (10,20), PARTITION pn DEFAULT); |
INSERT INTO t VALUES (1,1),(2,2); |
ALTER TABLE t CONVERT PARTITION p0 TO TABLE t_exchange; |
UPDATE t SET b = 3 WHERE b = 1; |
|
|
DROP TABLE t_exchange, t; |
|
10.11 ASAN 0b16d7871c065c10be54cf61dac2220cab13fd18 |
==1028964==ERROR: AddressSanitizer: use-after-poison on address 0x62500029552c at pc 0x55583ac992eb bp 0x7fbd601801f0 sp 0x7fbd601801e8
|
READ of size 4 at 0x62500029552c thread T11
|
#0 0x55583ac992ea in key_copy(unsigned char*, unsigned char const*, st_key const*, unsigned int, bool) /data/bld/10.11-asan-ubsan/sql/key.cc:129
|
#1 0x55583b718c25 in ha_innobase::position(unsigned char const*) /data/bld/10.11-asan-ubsan/storage/innobase/handler/ha_innodb.cc:10431
|
#2 0x55583b2c2bf9 in ha_partition::position(unsigned char const*) /data/bld/10.11-asan-ubsan/sql/ha_partition.cc:5499
|
#3 0x55583981ab87 in mysql_update(THD*, TABLE_LIST*, List<Item>&, List<Item>&, Item*, unsigned int, st_order*, unsigned long long, bool, unsigned long long*, unsigned long long*) /data/bld/10.11-asan-ubsan/sql/sql_update.cc:913
|
#4 0x5558391fe91c in mysql_execute_command(THD*, bool) /data/bld/10.11-asan-ubsan/sql/sql_parse.cc:4476
|
#5 0x55583921bf64 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /data/bld/10.11-asan-ubsan/sql/sql_parse.cc:8183
|
#6 0x555839225238 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /data/bld/10.11-asan-ubsan/sql/sql_parse.cc:1906
|
#7 0x555839231e74 in do_command(THD*, bool) /data/bld/10.11-asan-ubsan/sql/sql_parse.cc:1419
|
#8 0x555839a23f61 in do_handle_one_connection(CONNECT*, bool) /data/bld/10.11-asan-ubsan/sql/sql_connect.cc:1386
|
#9 0x555839a250be in handle_one_connection /data/bld/10.11-asan-ubsan/sql/sql_connect.cc:1298
|
#10 0x55583b3864f4 in pfs_spawn_thread /data/bld/10.11-asan-ubsan/storage/perfschema/pfs.cc:2201
|
#11 0x7fbd706a81c3 in start_thread nptl/pthread_create.c:442
|
#12 0x7fbd7072885b in clone3 ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
|
|
|
0x62500029552c is located 5164 bytes inside of 8184-byte region [0x625000294100,0x6250002960f8)
|
allocated by thread T11 here:
|
#0 0x7fbd71ab89cf in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69
|
#1 0x55583c5e60ab in my_malloc /data/bld/10.11-asan-ubsan/mysys/my_malloc.c:92
|
#2 0x55583c5b9fc1 in root_alloc /data/bld/10.11-asan-ubsan/mysys/my_alloc.c:66
|
#3 0x55583c5ba574 in init_alloc_root /data/bld/10.11-asan-ubsan/mysys/my_alloc.c:178
|
#4 0x5558398e8d86 in init_sql_alloc(unsigned int, st_mem_root*, unsigned int, unsigned int, unsigned long) /data/bld/10.11-asan-ubsan/sql/thr_malloc.cc:64
|
#5 0x5558398bd10b in open_table_from_share(THD*, TABLE_SHARE*, st_mysql_const_lex_string const*, unsigned int, unsigned int, unsigned int, TABLE*, bool, List<String>*) /data/bld/10.11-asan-ubsan/sql/table.cc:4196
|
#6 0x555838e6930f in open_table(THD*, TABLE_LIST*, Open_table_context*) /data/bld/10.11-asan-ubsan/sql/sql_base.cc:2277
|
#7 0x555838e70abd in open_and_process_table /data/bld/10.11-asan-ubsan/sql/sql_base.cc:4210
|
#8 0x555838ea3e7d in open_tables(THD*, DDL_options_st const&, TABLE_LIST**, unsigned int*, unsigned int, Prelocking_strategy*) /data/bld/10.11-asan-ubsan/sql/sql_base.cc:4698
|
#9 0x555838e272ae in open_tables(THD*, TABLE_LIST**, unsigned int*, unsigned int) /data/bld/10.11-asan-ubsan/sql/sql_base.h:489
|
#10 0x555839811084 in mysql_update(THD*, TABLE_LIST*, List<Item>&, List<Item>&, Item*, unsigned int, st_order*, unsigned long long, bool, unsigned long long*, unsigned long long*) /data/bld/10.11-asan-ubsan/sql/sql_update.cc:415
|
#11 0x5558391fe91c in mysql_execute_command(THD*, bool) /data/bld/10.11-asan-ubsan/sql/sql_parse.cc:4476
|
#12 0x55583921bf64 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /data/bld/10.11-asan-ubsan/sql/sql_parse.cc:8183
|
#13 0x555839225238 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /data/bld/10.11-asan-ubsan/sql/sql_parse.cc:1906
|
#14 0x555839231e74 in do_command(THD*, bool) /data/bld/10.11-asan-ubsan/sql/sql_parse.cc:1419
|
#15 0x555839a23f61 in do_handle_one_connection(CONNECT*, bool) /data/bld/10.11-asan-ubsan/sql/sql_connect.cc:1386
|
#16 0x555839a250be in handle_one_connection /data/bld/10.11-asan-ubsan/sql/sql_connect.cc:1298
|
#17 0x55583b3864f4 in pfs_spawn_thread /data/bld/10.11-asan-ubsan/storage/perfschema/pfs.cc:2201
|
#18 0x7fbd706a81c3 in start_thread nptl/pthread_create.c:442
|
|
|
Thread T11 created by T0 here:
|
#0 0x7fbd71a49726 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:207
|
#1 0x55583b37bdc0 in my_thread_create /data/bld/10.11-asan-ubsan/storage/perfschema/my_thread.h:52
|
#2 0x55583b3836e8 in pfs_spawn_thread_v1 /data/bld/10.11-asan-ubsan/storage/perfschema/pfs.cc:2252
|
#3 0x555838a8bfca in inline_mysql_thread_create /data/bld/10.11-asan-ubsan/include/mysql/psi/mysql_thread.h:1139
|
#4 0x555838a8bfca in create_thread_to_handle_connection(CONNECT*) /data/bld/10.11-asan-ubsan/sql/mysqld.cc:6139
|
#5 0x555838a9dd23 in create_new_thread(CONNECT*) /data/bld/10.11-asan-ubsan/sql/mysqld.cc:6198
|
#6 0x555838a9df41 in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/bld/10.11-asan-ubsan/sql/mysqld.cc:6260
|
#7 0x555838a9eb82 in handle_connections_sockets() /data/bld/10.11-asan-ubsan/sql/mysqld.cc:6383
|
#8 0x555838a9f02e in run_main_loop /data/bld/10.11-asan-ubsan/sql/mysqld.cc:5639
|
#9 0x555838aa03f4 in mysqld_main(int, char**) /data/bld/10.11-asan-ubsan/sql/mysqld.cc:6040
|
#10 0x555838a73981 in main /data/bld/10.11-asan-ubsan/sql/main.cc:34
|
#11 0x7fbd70646249 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
|
|
|
SUMMARY: AddressSanitizer: use-after-poison /data/bld/10.11-asan-ubsan/sql/key.cc:129 in key_copy(unsigned char*, unsigned char const*, st_key const*, unsigned int, bool)
|
Shadow bytes around the buggy address:
|
0x0c4a8004aa50: f7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0c4a8004aa60: 00 00 00 00 00 00 00 00 00 00 00 f7 00 00 00 00
|
0x0c4a8004aa70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0c4a8004aa80: 00 00 00 00 00 00 f7 00 00 00 00 00 00 00 00 00
|
0x0c4a8004aa90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f7
|
=>0x0c4a8004aaa0: 00 00 00 00 f7[f7]00 00 00 00 00 00 00 00 02 f7
|
0x0c4a8004aab0: 00 00 00 00 00 f7 02 f7 00 00 00 00 00 00 00 00
|
0x0c4a8004aac0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0c4a8004aad0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0c4a8004aae0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0c4a8004aaf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
Addressable: 00
|
Partially addressable: 01 02 03 04 05 06 07
|
Heap left redzone: fa
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack after return: f5
|
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
Container overflow: fc
|
Array cookie: ac
|
Intra object redzone: bb
|
ASan internal: fe
|
Left alloca redzone: ca
|
Right alloca redzone: cb
|
==1028964==ABORTING
|
|
10.11 RelWithDebInfo 0b16d7871c065c10be54cf61dac2220cab13fd18 |
#2 <signal handler called>
|
#3 0x00005579e7db94a1 in key_copy (to_key=0x7f2d4411a624 "\001", from_record=0x7f2d4415dd78 "\375\001", key_info=0x7f2d4415df78, key_length=4, with_zerofill=false) at /data/bld/10.11-rel/sql/key.cc:129
|
#4 0x00005579e7eefe18 in ha_partition::position (this=0x7f2d4415ccd8, record=<optimized out>) at /data/bld/10.11-rel/sql/ha_partition.cc:5499
|
#5 0x00005579e7b2a2ac in mysql_update (thd=thd@entry=0x7f2d44000c68, table_list=<optimized out>, fields=..., values=..., conds=<optimized out>, order_num=<optimized out>, order=<optimized out>, limit=18446744073709551615, ignore=<optimized out>, found_return=<optimized out>, updated_return=<optimized out>) at /data/bld/10.11-rel/sql/sql_update.cc:913
|
#6 0x00005579e7a40f7a in mysql_execute_command (thd=thd@entry=0x7f2d44000c68, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /data/bld/10.11-rel/sql/sql_parse.cc:4476
|
#7 0x00005579e7a44d16 in mysql_parse (thd=0x7f2d44000c68, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /data/bld/10.11-rel/sql/sql_parse.cc:8183
|
#8 0x00005579e7a471d5 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x7f2d44000c68, packet=packet@entry=0x7f2d44008759 "UPDATE t SET b = 3 WHERE b = 1", packet_length=packet_length@entry=30, blocking=blocking@entry=true) at /data/bld/10.11-rel/sql/sql_parse.cc:2005
|
#9 0x00005579e7a48dbf in do_command (thd=thd@entry=0x7f2d44000c68, blocking=blocking@entry=true) at /data/bld/10.11-rel/sql/sql_parse.cc:1419
|
#10 0x00005579e7b71025 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x557a04de32e8, put_in_cache=put_in_cache@entry=true) at /data/bld/10.11-rel/sql/sql_connect.cc:1386
|
#11 0x00005579e7b71375 in handle_one_connection (arg=arg@entry=0x557a04de32e8) at /data/bld/10.11-rel/sql/sql_connect.cc:1298
|
#12 0x00005579e7f060b7 in pfs_spawn_thread (arg=0x557a04d86ae8) at /data/bld/10.11-rel/storage/perfschema/pfs.cc:2201
|
#13 0x00007f2d777a91c4 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
|
#14 0x00007f2d7782985c in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
|
The failures started happening after this merge in 10.11.11:
commit e69f8cae1a15e15b9e4f5e0f8497e1f17bdc81a4
|
Merge: 04595175621 066e8d6aeab
|
Author: Sergei Golubchik
|
Date: Thu Jan 30 11:55:13 2025 +0100
|
|
|
Merge branch '10.6' into 10.11
|
I can't point at the exact commit as it's a big merge, and the test case is not applicable to 10.6 community server (because of CONVERT PARTITION) so I can't bisect it.