|
--source include/have_innodb.inc
|
|
CREATE TABLE t1 (a INT, b INT, PRIMARY KEY(a,b)) ENGINE=InnoDB;
|
ALTER TABLE t1 MODIFY b INT FIRST;
|
|
# Cleanup
|
DROP TABLE t1;
|
|
10.4 ASAN 2d4b6571
|
==16349==ERROR: AddressSanitizer: use-after-poison on address 0x61e00002addc at pc 0x55dea553a60e bp 0x7f40e4d57410 sp 0x7f40e4d57408
|
READ of size 4 at 0x61e00002addc thread T27
|
#0 0x55dea553a60d in dfield_get_len(dfield_t const*) /data/src/10.4/storage/innobase/include/data0data.h:593
|
#1 0x55dea574fa5d in rec_get_converted_size_comp_prefix_low<true> /data/src/10.4/storage/innobase/rem/rem0rec.cc:1161
|
#2 0x55dea5742603 in rec_get_converted_size_comp(dict_index_t const*, dtuple_t const*, unsigned long*) /data/src/10.4/storage/innobase/rem/rem0rec.cc:1297
|
#3 0x55dea5a89169 in rec_get_converted_size /data/src/10.4/storage/innobase/include/rem0rec.ic:1388
|
#4 0x55dea5a8bdee in dtuple_convert_big_rec(dict_index_t*, upd_t*, dtuple_t*, unsigned long*) /data/src/10.4/storage/innobase/data/data0data.cc:621
|
#5 0x55dea59bcfb8 in btr_cur_optimistic_insert(unsigned long, btr_cur_t*, unsigned short**, mem_block_info_t**, dtuple_t*, unsigned char**, big_rec_t**, unsigned long, que_thr_t*, mtr_t*) /data/src/10.4/storage/innobase/btr/btr0cur.cc:3438
|
#6 0x55dea57972d3 in row_ins_clust_index_entry_low(unsigned long, unsigned long, dict_index_t*, unsigned long, dtuple_t*, unsigned long, que_thr_t*) /data/src/10.4/storage/innobase/row/row0ins.cc:2777
|
#7 0x55dea557ab50 in innobase_instant_try /data/src/10.4/storage/innobase/handler/handler0alter.cc:5917
|
#8 0x55dea55c2692 in commit_try_norebuild(Alter_inplace_info*, ha_innobase_inplace_ctx*, TABLE*, TABLE const*, trx_t*, char const*) (/data/bld/10.4-asan/bin/mysqld+0x201d692)
|
#9 0x55dea559dd14 in ha_innobase::commit_inplace_alter_table(TABLE*, Alter_inplace_info*, bool) /data/src/10.4/storage/innobase/handler/handler0alter.cc:10900
|
#10 0x55dea4fcfe72 in handler::ha_commit_inplace_alter_table(TABLE*, Alter_inplace_info*, bool) /data/src/10.4/sql/handler.cc:4568
|
#11 0x55dea4a7565e in mysql_inplace_alter_table /data/src/10.4/sql/sql_table.cc:7776
|
#12 0x55dea4a83b08 in mysql_alter_table(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, HA_CREATE_INFO*, TABLE_LIST*, Alter_info*, unsigned int, st_order*, bool) /data/src/10.4/sql/sql_table.cc:10119
|
#13 0x55dea4bdba6b in Sql_cmd_alter_table::execute(THD*) /data/src/10.4/sql/sql_alter.cc:508
|
#14 0x55dea485eea3 in mysql_execute_command(THD*) /data/src/10.4/sql/sql_parse.cc:6102
|
#15 0x55dea486986d in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.4/sql/sql_parse.cc:7901
|
#16 0x55dea4842b20 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.4/sql/sql_parse.cc:1842
|
#17 0x55dea483fa20 in do_command(THD*) /data/src/10.4/sql/sql_parse.cc:1360
|
#18 0x55dea4bc6730 in do_handle_one_connection(CONNECT*) /data/src/10.4/sql/sql_connect.cc:1412
|
#19 0x55dea4bc60e4 in handle_one_connection /data/src/10.4/sql/sql_connect.cc:1316
|
#20 0x55dea602c919 in pfs_spawn_thread /data/src/10.4/storage/perfschema/pfs.cc:1862
|
#21 0x7f40fc9bb4a3 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x74a3)
|
#22 0x7f40faaefd0e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe8d0e)
|
|
0x61e00002addc is located 348 bytes inside of 2456-byte region [0x61e00002ac80,0x61e00002b618)
|
allocated by thread T27 here:
|
#0 0x7f40fcc92d28 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1d28)
|
#1 0x55dea569e899 in mem_heap_create_block_func(mem_block_info_t*, unsigned long, char const*, unsigned int, unsigned long) /data/src/10.4/storage/innobase/mem/mem0mem.cc:280
|
#2 0x55dea569effe in mem_heap_add_block(mem_block_info_t*, unsigned long) /data/src/10.4/storage/innobase/mem/mem0mem.cc:386
|
#3 0x55dea5556390 in mem_heap_alloc /data/src/10.4/storage/innobase/include/mem0mem.ic:203
|
#4 0x55dea5556e15 in dtuple_create_with_vcol /data/src/10.4/storage/innobase/include/data0data.ic:405
|
#5 0x55dea5556d5d in dtuple_create /data/src/10.4/storage/innobase/include/data0data.ic:383
|
#6 0x55dea55bd96b in dict_index_t::instant_metadata(dtuple_t const&, mem_block_info_t*) const (/data/bld/10.4-asan/bin/mysqld+0x201896b)
|
#7 0x55dea557932d in innobase_instant_try /data/src/10.4/storage/innobase/handler/handler0alter.cc:5782
|
#8 0x55dea55c2692 in commit_try_norebuild(Alter_inplace_info*, ha_innobase_inplace_ctx*, TABLE*, TABLE const*, trx_t*, char const*) (/data/bld/10.4-asan/bin/mysqld+0x201d692)
|
#9 0x55dea559dd14 in ha_innobase::commit_inplace_alter_table(TABLE*, Alter_inplace_info*, bool) /data/src/10.4/storage/innobase/handler/handler0alter.cc:10900
|
#10 0x55dea4fcfe72 in handler::ha_commit_inplace_alter_table(TABLE*, Alter_inplace_info*, bool) /data/src/10.4/sql/handler.cc:4568
|
#11 0x55dea4a7565e in mysql_inplace_alter_table /data/src/10.4/sql/sql_table.cc:7776
|
#12 0x55dea4a83b08 in mysql_alter_table(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, HA_CREATE_INFO*, TABLE_LIST*, Alter_info*, unsigned int, st_order*, bool) /data/src/10.4/sql/sql_table.cc:10119
|
#13 0x55dea4bdba6b in Sql_cmd_alter_table::execute(THD*) /data/src/10.4/sql/sql_alter.cc:508
|
#14 0x55dea485eea3 in mysql_execute_command(THD*) /data/src/10.4/sql/sql_parse.cc:6102
|
#15 0x55dea486986d in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.4/sql/sql_parse.cc:7901
|
#16 0x55dea4842b20 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.4/sql/sql_parse.cc:1842
|
#17 0x55dea483fa20 in do_command(THD*) /data/src/10.4/sql/sql_parse.cc:1360
|
#18 0x55dea4bc6730 in do_handle_one_connection(CONNECT*) /data/src/10.4/sql/sql_connect.cc:1412
|
#19 0x55dea4bc60e4 in handle_one_connection /data/src/10.4/sql/sql_connect.cc:1316
|
#20 0x55dea602c919 in pfs_spawn_thread /data/src/10.4/storage/perfschema/pfs.cc:1862
|
#21 0x7f40fc9bb4a3 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x74a3)
|
|
Thread T27 created by T0 here:
|
#0 0x7f40fcc01f59 in __interceptor_pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x30f59)
|
#1 0x55dea602cd06 in spawn_thread_v1 /data/src/10.4/storage/perfschema/pfs.cc:1912
|
#2 0x55dea4598b78 in inline_mysql_thread_create /data/src/10.4/include/mysql/psi/mysql_thread.h:1268
|
#3 0x55dea45ad11c in create_thread_to_handle_connection(CONNECT*) /data/src/10.4/sql/mysqld.cc:6234
|
#4 0x55dea45ad7ff in create_new_thread(CONNECT*) /data/src/10.4/sql/mysqld.cc:6304
|
#5 0x55dea45adb8a in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/src/10.4/sql/mysqld.cc:6402
|
#6 0x55dea45ae7dc in handle_connections_sockets() /data/src/10.4/sql/mysqld.cc:6560
|
#7 0x55dea45ac99d in mysqld_main(int, char**) /data/src/10.4/sql/mysqld.cc:5892
|
#8 0x55dea4596a5f in main /data/src/10.4/sql/main.cc:25
|
#9 0x7f40faa272e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0)
|
|
SUMMARY: AddressSanitizer: use-after-poison /data/src/10.4/storage/innobase/include/data0data.h:593 in dfield_get_len(dfield_t const*)
|
Shadow bytes around the buggy address:
|
0x0c3c7fffd560: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c3c7fffd570: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c3c7fffd580: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c3c7fffd590: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0c3c7fffd5a0: 00 f7 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
=>0x0c3c7fffd5b0: 00 00 00 00 00 00 00 00 00 00 f7[04]f7 00 00 00
|
0x0c3c7fffd5c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0c3c7fffd5d0: 00 00 00 00 00 f7 00 00 00 00 00 00 00 00 00 00
|
0x0c3c7fffd5e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f7 f7
|
0x0c3c7fffd5f0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x0c3c7fffd600: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
Addressable: 00
|
Partially addressable: 01 02 03 04 05 06 07
|
Heap left redzone: fa
|
Heap right redzone: fb
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack partial redzone: f4
|
Stack after return: f5
|
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
Container overflow: fc
|
Array cookie: ac
|
Intra object redzone: bb
|
ASan internal: fe
|
Left alloca redzone: ca
|
Right alloca redzone: cb
|
==16349==ABORTING
|
|
10.4 debug 2d4b6571
|
mysqld: /data/src/10.4/storage/innobase/include/dict0dict.ic:839: dict_field_t* dict_index_get_nth_field(const dict_index_t*, ulint): Assertion `pos < index->n_def' failed.
|
200115 15:13:09 [ERROR] mysqld got signal 6 ;
|
|
#7 0x00007f31b0d6bf12 in __GI___assert_fail (assertion=0x55a9507f2441 "pos < index->n_def", file=0x55a9507f2380 "/data/src/10.4/storage/innobase/include/dict0dict.ic", line=839, function=0x55a9507f48c0 <_ZZL24dict_index_get_nth_fieldPK12dict_index_tmE19__PRETTY_FUNCTION__> "dict_field_t* dict_index_get_nth_field(const dict_index_t*, ulint)") at assert.c:101
|
#8 0x000055a94ff72a8f in dict_index_get_nth_field (index=0x7f31581a0768, pos=4) at /data/src/10.4/storage/innobase/include/dict0dict.ic:839
|
#9 0x000055a94ff7f56f in rec_get_converted_size_comp_prefix_low<true> (index=0x7f31581a0768, dfield=0x7f31581505e8, n_fields=5, extra=0x0, status=REC_STATUS_INSTANT, temp=false) at /data/src/10.4/storage/innobase/rem/rem0rec.cc:1163
|
#10 0x000055a94ff77e2a in rec_get_converted_size_comp (index=0x7f31581a0768, tuple=0x7f3158150528, extra=0x0) at /data/src/10.4/storage/innobase/rem/rem0rec.cc:1297
|
#11 0x000055a95017139a in rec_get_converted_size (index=0x7f31581a0768, dtuple=0x7f3158150528, n_ext=0) at /data/src/10.4/storage/innobase/include/rem0rec.ic:1388
|
#12 0x000055a950172fea in dtuple_convert_big_rec (index=0x7f31581a0768, upd=0x0, entry=0x7f3158150528, n_ext=0x7f31ac0c41f8) at /data/src/10.4/storage/innobase/data/data0data.cc:621
|
#13 0x000055a9500f296a in btr_cur_optimistic_insert (flags=2, cursor=0x7f31ac0c42d0, offsets=0x7f31ac0c4268, heap=0x7f31ac0c4260, entry=0x7f3158150528, rec=0x7f31ac0c4270, big_rec=0x7f31ac0c4258, n_ext=0, thr=0x7f31581506b0, mtr=0x7f31ac0c4630) at /data/src/10.4/storage/innobase/btr/btr0cur.cc:3438
|
#14 0x000055a94ffa8961 in row_ins_clust_index_entry_low (flags=2, mode=33, index=0x7f31581a0768, n_uniq=2, entry=0x7f3158150528, n_ext=0, thr=0x7f31581506b0) at /data/src/10.4/storage/innobase/row/row0ins.cc:2777
|
#15 0x000055a94fe6bb95 in innobase_instant_try (ha_alter_info=0x7f31ac0c6770, ctx=0x7f3158014a00, altered_table=0x7f31ac0c6800, table=0x7f315819edb0, trx=0x7f31a6a74268) at /data/src/10.4/storage/innobase/handler/handler0alter.cc:5917
|
#16 0x000055a94fe8e9d7 in commit_try_norebuild (ha_alter_info=0x7f31ac0c6770, ctx=0x7f3158014a00, altered_table=0x7f31ac0c6800, old_table=0x7f315819edb0, trx=0x7f31a6a74268, table_name=0x7f315800ab3d "t1") at /data/src/10.4/storage/innobase/handler/handler0alter.cc:10149
|
#17 0x000055a94fe7c9f3 in ha_innobase::commit_inplace_alter_table (this=0x7f315819fc18, altered_table=0x7f31ac0c6800, ha_alter_info=0x7f31ac0c6770, commit=true) at /data/src/10.4/storage/innobase/handler/handler0alter.cc:10900
|
#18 0x000055a94fbe9be7 in handler::ha_commit_inplace_alter_table (this=0x7f315819fc18, altered_table=0x7f31ac0c6800, ha_alter_info=0x7f31ac0c6770, commit=true) at /data/src/10.4/sql/handler.cc:4568
|
#19 0x000055a94f96b5de in mysql_inplace_alter_table (thd=0x7f3158000af0, table_list=0x7f3158013288, table=0x7f315819edb0, altered_table=0x7f31ac0c6800, ha_alter_info=0x7f31ac0c6770, inplace_supported=HA_ALTER_INPLACE_INSTANT, target_mdl_request=0x7f31ac0c75d0, alter_ctx=0x7f31ac0c8100) at /data/src/10.4/sql/sql_table.cc:7776
|
#20 0x000055a94f972231 in mysql_alter_table (thd=0x7f3158000af0, new_db=0x7f31580052b0, new_name=0x7f31580056b8, create_info=0x7f31ac0c8cf0, table_list=0x7f3158013288, alter_info=0x7f31ac0c8c30, order_num=0, order=0x0, ignore=false) at /data/src/10.4/sql/sql_table.cc:10119
|
#21 0x000055a94fa0a341 in Sql_cmd_alter_table::execute (this=0x7f3158013a70, thd=0x7f3158000af0) at /data/src/10.4/sql/sql_alter.cc:508
|
#22 0x000055a94f888d95 in mysql_execute_command (thd=0x7f3158000af0) at /data/src/10.4/sql/sql_parse.cc:6102
|
#23 0x000055a94f88e457 in mysql_parse (thd=0x7f3158000af0, rawbuf=0x7f3158013198 "ALTER TABLE t1 MODIFY b INT FIRST", length=33, parser_state=0x7f31ac0ca160, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:7901
|
#24 0x000055a94f8795fc in dispatch_command (command=COM_QUERY, thd=0x7f3158000af0, packet=0x7f3158137511 "ALTER TABLE t1 MODIFY b INT FIRST", packet_length=33, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:1842
|
#25 0x000055a94f877c89 in do_command (thd=0x7f3158000af0) at /data/src/10.4/sql/sql_parse.cc:1360
|
#26 0x000055a94fa00c51 in do_handle_one_connection (connect=0x55a9535fd880) at /data/src/10.4/sql/sql_connect.cc:1412
|
#27 0x000055a94fa009a0 in handle_one_connection (arg=0x55a9535fd880) at /data/src/10.4/sql/sql_connect.cc:1316
|
#28 0x000055a950406b0d in pfs_spawn_thread (arg=0x55a953569f50) at /data/src/10.4/storage/perfschema/pfs.cc:1862
|
#29 0x00007f31b2cf44a4 in start_thread (arg=0x7f31ac0cb700) at pthread_create.c:456
|
#30 0x00007f31b0e28d0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97
|
No obvious effect on a non-debug build.
Not reproducible on 10.3.
Not reproducible on 10.5, probably because the failure is fairly new (I didn't bisect for the exact revision, though).
|