Details
-
Bug
-
Status: Open (View Workflow)
-
Major
-
Resolution: Unresolved
-
10.11
Description
The mtr tests
MTR test innodb.innodb-table-online innodb.innodb-index-online
cause the following UBSAN errors:
|
10.11 bf60478fd63a4328968afd666fe4f9f1482db9ec |
/source/storage/innobase/row/row0log.cc:3607:6: runtime error: applying non-zero offset 65536 to null pointer
|
#0 0x5634343cebbd in row_log_apply_ops(trx_t const*, dict_index_t*, row_merge_dup_t*, ut_stage_alter_t*) /source/storage/innobase/row/row0log.cc:3607:6
|
#1 0x5634343a7f33 in row_log_apply(trx_t const*, dict_index_t*, TABLE*, ut_stage_alter_t*) /source/storage/innobase/row/row0log.cc:3774:11
|
#2 0x563434335173 in row_merge_build_indexes(trx_t*, dict_table_t*, dict_table_t*, bool, dict_index_t**, unsigned long const*, unsigned long, TABLE*, dtuple_t const*, unsigned long const*, unsigned long, ib_sequence_t&, bool, ut_stage_alter_t*, dict_add_v_col_t const*, TABLE*, bool, std::map<unsigned int, dict_col_t*, std::less<unsigned int>, std::allocator<std::pair<unsigned int const, dict_col_t*>>> const*) /source/storage/innobase/row/row0merge.cc:4940:12
|
#3 0x563433de7bec in ha_innobase::inplace_alter_table(TABLE*, Alter_inplace_info*) /source/storage/innobase/handler/handler0alter.cc:8971:10
|
#4 0x563431bcea0c in handler::ha_inplace_alter_table(TABLE*, Alter_inplace_info*) /source/sql/handler.h:4620:11
|
#5 0x563431b89adf in mysql_inplace_alter_table(THD*, TABLE_LIST*, TABLE*, TABLE*, Alter_inplace_info*, MDL_request*, st_ddl_log_state*, TRIGGER_RENAME_PARAM*, Alter_table_ctx*, bool&, unsigned long long&, bool) /source/sql/sql_table.cc:8128:21
|
#6 0x563431b5ef95 in mysql_alter_table(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, Table_specification_st*, TABLE_LIST*, Recreate_info*, Alter_info*, unsigned int, st_order*, bool, bool) /source/sql/sql_table.cc:11404:16
|
#7 0x563431f4a2ea in Sql_cmd_alter_table::execute(THD*) /source/sql/sql_alter.cc:688:11
|
#8 0x5634315864f3 in mysql_execute_command(THD*, bool) /source/sql/sql_parse.cc:6165:26
|
#9 0x56343152a4c4 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /source/sql/sql_parse.cc:8180:18
|
#10 0x563431519379 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /source/sql/sql_parse.cc:1906:7
|
#11 0x56343152f793 in do_command(THD*, bool) /source/sql/sql_parse.cc:1419:17
|
#12 0x563431f126c3 in do_handle_one_connection(CONNECT*, bool) /source/sql/sql_connect.cc:1475:11
|
#13 0x563431f119fa in handle_one_connection /source/sql/sql_connect.cc:1387:5
|
#14 0x563430cd4706 in asan_thread_start(void*) asan_interceptors.cpp.o
|
#15 0x7f8f868ae1f4 (/lib/x86_64-linux-gnu/libc.so.6+0x891f4) (BuildId: 79005c16293efa45b441fed45f4f29b138557e9e)
|
#16 0x7f8f8692e89b (/lib/x86_64-linux-gnu/libc.so.6+0x10989b) (BuildId: 79005c16293efa45b441fed45f4f29b138557e9e)
|
|
|
|
|
|
|
Thread 2 hit Breakpoint 1, row_log_apply_ops (trx=0x7b95539ffe40, index=0x7cf556cb6508, dup=0x7b9541872820, stage=0x7bb556235db0)
|
at /source/storage/innobase/row/row0log.cc:3607
|
3607 + srv_sort_buf_size) {
|
(rr) info locals
|
error = DB_SUCCESS
|
mrec = 0x0
|
next_mrec = 0x7b9550eee000 "a"
|
mrec_end = 0x0
|
next_mrec_end = 0x7b9550eee01c ""
|
offsets_heap = 0x7e25564dd200
|
heap = 0x7e25564e2200
|
offsets = 0x7bc5562392c0
|
has_index_lock = true
|
i = 13
|
(rr) list
|
3602 middle of the block */
|
3603 ut_ad((mrec == NULL) == (index->online_log->head.bytes == 0));
|
3604
|
3605 #ifdef UNIV_DEBUG
|
3606 if (next_mrec_end == index->online_log->head.block
|
3607 + srv_sort_buf_size) {
|
3608 /* If tail.bytes == 0, next_mrec_end can also be at
|
3609 the end of tail.block. */
|
3610 if (index->online_log->tail.bytes == 0) {
|
3611 ut_ad(next_mrec == next_mrec_end);
|
(rr) p index->online_log->head
|
value of type `row_log_buf_t' requires 65584 bytes, which is more than max-value-size
|
(rr) p index->online_log->head.block
|
$1 = (byte *) 0x0
|
(rr) p index->online_log->tail.block
|
$2 = (byte *) 0x7b9550eee000 "a"
|
(rr) p index->online_log->tail.bytes
|
$3 = 28
|
/build$ mysql-test/mtr --rr --parallel=1 innodb.innodb-table-online
|
innodb.innodb-table-online '16k,crypt' [ fail ] Found warnings/errors in server log file!
|
Test ended at 2025-09-11 02:51:23
|
line
|
/source/storage/innobase/row/row0log.cc:2813:13: runtime error: addition of unsigned offset to 0x7ba699eed000 overflowed to 0x7ba696834949
|
SUMMARY: UndefinedBehaviorSanitizer: pointer-overflow /source/storage/innobase/row/row0log.cc:2813:13
|
^ Found warnings in /build/mysql-test/var/log/mysqld.1.
|
|
|
/source/storage/innobase/row/row0log.cc:2813:13: runtime error: addition of unsigned offset to 0x7ba699eed000 overflowed to 0x7ba696834949
|
#0 0x558c7419d8df in row_log_table_apply_ops(que_thr_t*, row_merge_dup_t*, ut_stage_alter_t*) /source/storage/innobase/row/row0log.cc:2813:13
|
#1 0x558c74191f00 in row_log_table_apply(que_thr_t*, dict_table_t*, TABLE*, ut_stage_alter_t*, dict_table_t*) /source/storage/innobase/row/row0log.cc:2881:11
|
#2 0x558c73bd886d in alter_rebuild_apply_log(ha_innobase_inplace_ctx*, Alter_inplace_info*, TABLE*) /source/storage/innobase/handler/handler0alter.cc:11306:18
|
#3 0x558c73bca427 in ha_innobase::commit_inplace_alter_table(TABLE*, Alter_inplace_info*, bool) /source/storage/innobase/handler/handler0alter.cc:11525:8
|
#4 0x558c728002d6 in handler::ha_commit_inplace_alter_table(TABLE*, Alter_inplace_info*, bool) /source/sql/handler.cc:5431:11
|
#5 0x558c71963a51 in mysql_inplace_alter_table(THD*, TABLE_LIST*, TABLE*, TABLE*, Alter_inplace_info*, MDL_request*, st_ddl_log_state*, TRIGGER_RENAME_PARAM*, Alter_table_ctx*, bool&, unsigned long long&, bool) /source/sql/sql_table.cc:8190:22
|
#6 0x558c71937f95 in mysql_alter_table(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, Table_specification_st*, TABLE_LIST*, Recreate_info*, Alter_info*, unsigned int, st_order*, bool, bool) /source/sql/sql_table.cc:11404:16
|
#7 0x558c71d232ea in Sql_cmd_alter_table::execute(THD*) /source/sql/sql_alter.cc:688:11
|
#8 0x558c7135f4f3 in mysql_execute_command(THD*, bool) /source/sql/sql_parse.cc:6165:26
|
#9 0x558c713034c4 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /source/sql/sql_parse.cc:8180:18
|
#10 0x558c712f2379 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /source/sql/sql_parse.cc:1906:7
|
#11 0x558c71308793 in do_command(THD*, bool) /source/sql/sql_parse.cc:1419:17
|
#12 0x558c71ceb6c3 in do_handle_one_connection(CONNECT*, bool) /source/sql/sql_connect.cc:1475:11
|
#13 0x558c71cea9fa in handle_one_connection /source/sql/sql_connect.cc:1387:5
|
#14 0x558c70aad706 in asan_thread_start(void*) asan_interceptors.cpp.o
|
#15 0x7fa6a15821f4 (/lib/x86_64-linux-gnu/libc.so.6+0x891f4) (BuildId: 79005c16293efa45b441fed45f4f29b138557e9e)
|
#16 0x7fa6a1601aff in clone (/lib/x86_64-linux-gnu/libc.so.6+0x108aff) (BuildId: 79005c16293efa45b441fed45f4f29b138557e9e)
|
|
|
SUMMARY: UndefinedBehaviorSanitizer: pointer-overflow /source/storage/innobase/row/row0log.cc:2813:13
|
|
|
Thread 11 hit Breakpoint 1, row_log_table_apply_ops (thr=0x7d36a0609dc0, dup=0x7ba68e694a20, stage=0x7bc6a07b67b0)
|
at /source/storage/innobase/row/row0log.cc:2813
|
2813 mrec_end += ulint(index->online_log->head.buf - mrec);
|
(rr) p index->online_log->head.buf
|
$3 = "A", '\000' <repeats 65534 times>
|
(rr) p &index->online_log->head.buf
|
$4 = (mrec_buf_t *) 0x7ba696834948
|
(rr) info locals
|
error = DB_SUCCESS
|
mrec = 0x7ba699eecfff "A"
|
next_mrec = 0x0
|
mrec_end = 0x7ba699eed000 ""
|
next_mrec_end = 0x7ba699eed000 ""
|
heap = 0x7e36a0d59200
|
offsets_heap = 0x7e36a0d18200
|
offsets = 0x7be6a040f250
|
has_index_lock = false
|
index = 0x7d06a391d408
|
new_table = 0x7d26a0473108
|
new_index = 0x7d06a39a0b08
|
i = 18
|
new_trx_id_col = 1
|
trx = 0x7ba69dbff340
|
Attachments
Issue Links
- blocks
-
-
- Verified
-
- is part of
-
MDEV-25454 Make MariaDB server UBSAN safe
-
- Confirmed
-
- links to