[#MDEV-18655] innodb.innodb-bigblob fails in buildbot with ASAN unknown-crash in dict_col_copy

innodb.innodb-bigblob 'innodb'           w1 [ fail ]

        Test ended at 2019-02-18 07:13:04

CURRENT_TEST: innodb.innodb-bigblob

mysqltest: At line 12: query 'drop table foo' failed: 2013: Lost connection to MySQL server during query

The result from queries just before the failure was:

create table foo (id varchar(37) not null, content longblob) engine=INNODB;

insert into foo (id, content) values('xyz', '');

update foo set content=repeat('a', 43941888) where id='xyz';

drop table foo;

Server [mysqld.1 - pid: 31816, winpid: 31816, exit: 256] failed during test run

Server log from this test:

----------SERVER LOG START-----------

...

=================================================================

==31817==ERROR: AddressSanitizer: unknown-crash on address 0x61300000c31c at pc 0x55ff8b4402d1 bp 0x7f248550efe0 sp 0x7f248550efd0

READ of size 4 at 0x61300000c31c thread T18

    #0 0x55ff8b4402d0 in dict_col_copy_type /home/buildbot/buildbot/build/mariadb-10.3.13/storage/innobase/include/dict0dict.ic:63

    #1 0x55ff8b4402d0 in upd_field_set_field_no /home/buildbot/buildbot/build/mariadb-10.3.13/storage/innobase/include/row0upd.ic:103

    #2 0x55ff8b4402d0 in trx_undo_update_rec_get_update(unsigned char const*, dict_index_t*, unsigned long, unsigned long, unsigned long, unsigned long, mem_block_info_t*, upd_t**) /home/buildbot/buildbot/build/mariadb-10.3.13/storage/innobase/trx/trx0rec.cc:1564

    #3 0x55ff8b373935 in row_purge_parse_undo_rec /home/buildbot/buildbot/build/mariadb-10.3.13/storage/innobase/row/row0purge.cc:1145

    #4 0x55ff8b373935 in row_purge /home/buildbot/buildbot/build/mariadb-10.3.13/storage/innobase/row/row0purge.cc:1254

    #5 0x55ff8b373935 in row_purge_step(que_thr_t*) /home/buildbot/buildbot/build/mariadb-10.3.13/storage/innobase/row/row0purge.cc:1343

    #6 0x55ff8b2c7d9a in que_thr_step /home/buildbot/buildbot/build/mariadb-10.3.13/storage/innobase/que/que0que.cc:1042

    #7 0x55ff8b2c7d9a in que_run_threads_low /home/buildbot/buildbot/build/mariadb-10.3.13/storage/innobase/que/que0que.cc:1104

    #8 0x55ff8b2c7d9a in que_run_threads(que_thr_t*) /home/buildbot/buildbot/build/mariadb-10.3.13/storage/innobase/que/que0que.cc:1144

    #9 0x55ff8b3e1998 in srv_task_execute /home/buildbot/buildbot/build/mariadb-10.3.13/storage/innobase/srv/srv0srv.cc:2449

    #10 0x55ff8b3e1998 in srv_worker_thread /home/buildbot/buildbot/build/mariadb-10.3.13/storage/innobase/srv/srv0srv.cc:2497

    #11 0x7f2497c036b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)

    #12 0x7f24972ae82c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x10682c)

0x61300000c31c is located 156 bytes inside of 368-byte region [0x61300000c280,0x61300000c3f0)

allocated by thread T0 here:

    #0 0x7f2498fbf602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)

    #1 0x55ff8b23d3de in mem_heap_create_block_func(mem_block_info_t*, unsigned long, unsigned long) /home/buildbot/buildbot/build/mariadb-10.3.13/storage/innobase/mem/mem0mem.cc:269

    #2 0x55ff8b36c7a5 in mem_heap_create_func /home/buildbot/buildbot/build/mariadb-10.3.13/storage/innobase/include/mem0mem.ic:484

    #3 0x55ff8b36c7a5 in row_purge_node_create(que_thr_t*, mem_block_info_t*) /home/buildbot/buildbot/build/mariadb-10.3.13/storage/innobase/row/row0purge.cc:80

    #4 0x55ff8b4204e6 in purge_graph_build /home/buildbot/buildbot/build/mariadb-10.3.13/storage/innobase/trx/trx0purge.cc:151

    #5 0x55ff8b4204e6 in purge_sys_t::create() /home/buildbot/buildbot/build/mariadb-10.3.13/storage/innobase/trx/trx0purge.cc:166

    #6 0x55ff8b480a9b in trx_lists_init_at_db_start() /home/buildbot/buildbot/build/mariadb-10.3.13/storage/innobase/trx/trx0trx.cc:705

    #7 0x55ff8b3f194a in srv_start(bool) /home/buildbot/buildbot/build/mariadb-10.3.13/storage/innobase/srv/srv0start.cc:1973

    #8 0x55ff8b129571 in innodb_init /home/buildbot/buildbot/build/mariadb-10.3.13/storage/innobase/handler/ha_innodb.cc:4266

    #9 0x55ff8aa48d3c in ha_initialize_handlerton(st_plugin_int*) /home/buildbot/buildbot/build/mariadb-10.3.13/sql/handler.cc:523

    #10 0x55ff8a51ebe5 in plugin_initialize /home/buildbot/buildbot/build/mariadb-10.3.13/sql/sql_plugin.cc:1432

    #11 0x55ff8a52010c in plugin_init(int*, char**, int) /home/buildbot/buildbot/build/mariadb-10.3.13/sql/sql_plugin.cc:1714

    #12 0x55ff8a2d612c in init_server_components /home/buildbot/buildbot/build/mariadb-10.3.13/sql/mysqld.cc:5385

    #13 0x55ff8a2e1919 in mysqld_main(int, char**) /home/buildbot/buildbot/build/mariadb-10.3.13/sql/mysqld.cc:5998

    #14 0x7f24971c882f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

Thread T18 created by T0 here:

    #0 0x7f2498f5d253 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x36253)

    #1 0x55ff8b26c2b7 in os_thread_create_func(void* (*)(void*), void*, unsigned long*) /home/buildbot/buildbot/build/mariadb-10.3.13/storage/innobase/os/os0thread.cc:132

    #2 0x55ff8b3f0de3 in srv_start(bool) /home/buildbot/buildbot/build/mariadb-10.3.13/storage/innobase/srv/srv0start.cc:2418

    #3 0x55ff8b129571 in innodb_init /home/buildbot/buildbot/build/mariadb-10.3.13/storage/innobase/handler/ha_innodb.cc:4266

    #4 0x55ff8aa48d3c in ha_initialize_handlerton(st_plugin_int*) /home/buildbot/buildbot/build/mariadb-10.3.13/sql/handler.cc:523

    #5 0x55ff8a51ebe5 in plugin_initialize /home/buildbot/buildbot/build/mariadb-10.3.13/sql/sql_plugin.cc:1432

    #6 0x55ff8a52010c in plugin_init(int*, char**, int) /home/buildbot/buildbot/build/mariadb-10.3.13/sql/sql_plugin.cc:1714

    #7 0x55ff8a2d612c in init_server_components /home/buildbot/buildbot/build/mariadb-10.3.13/sql/mysqld.cc:5385

    #8 0x55ff8a2e1919 in mysqld_main(int, char**) /home/buildbot/buildbot/build/mariadb-10.3.13/sql/mysqld.cc:5998

    #9 0x7f24971c882f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

SUMMARY: AddressSanitizer: unknown-crash /home/buildbot/buildbot/build/mariadb-10.3.13/storage/innobase/include/dict0dict.ic:63 dict_col_copy_type

Shadow bytes around the buggy address:

  0x0c267fff9810: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00

  0x0c267fff9820: 00 00 00 00 00 00 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7

  0x0c267fff9830: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7

  0x0c267fff9840: f7 f7 f7 f7 f7 f7 fa fa fa fa fa fa fa fa fa fa

  0x0c267fff9850: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

=>0x0c267fff9860: 00 00 00[07]00 00 00 00 00 00 00 00 00 f7 f7 f7

  0x0c267fff9870: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 fa fa

  0x0c267fff9880: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa

  0x0c267fff9890: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa

  0x0c267fff98a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa

  0x0c267fff98b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa

Shadow byte legend (one shadow byte represents 8 application bytes):

  Addressable:           00

  Partially addressable: 01 02 03 04 05 06 07

  Heap left redzone:       fa

  Heap right redzone:      fb

  Freed heap region:       fd

  Stack left redzone:      f1

  Stack mid redzone:       f2

  Stack right redzone:     f3

  Stack partial redzone:   f4

  Stack after return:      f5

  Stack use after scope:   f8

  Global redzone:          f9

  Global init order:       f6

  Poisoned by user:        f7

  Container overflow:      fc

  Array cookie:            ac

  Intra object redzone:    bb

  ASan internal:           fe

==31817==ABORTING

Same for parts.partition_alter1_1_2_innodb, parts.partition_alter1_1_innodb, parts.partition_alter1_2_innodb

[MDEV-18655] innodb.innodb-bigblob fails in buildbot with ASAN unknown-crash in dict_col_copy_type Created: 2019-02-20 Updated: 2023-10-19
Status:	Open
Project:	MariaDB Server
Component/s:	Storage Engine - InnoDB, Tests
Affects Version/s:	10.3, 10.4
Fix Version/s:	10.4

[MDEV-18655] innodb.innodb-bigblob fails in buildbot with ASAN unknown-crash in dict_col_copy_type Created: 2019-02-20 Updated: 2023-10-19