--source include/have_partition.inc

create  table t1 (i1 int, i2 int not null, key (i2)) engine = memory partition by range (i1) (partition p0 values less than (5), partition p1 values less than (62));

set  debug_dbug= "+d,test_completely_invisible";

--error 1748

replace  into t1  partition (p1)  (i1, i2) values (5, 4), (0, 4);

alter  table t1 partition by range (i1) (partition p0 values less than (10),  partition p1 values less than (100));

set  debug_dbug="";

alter  table t1 drop partition p1;

set  debug_dbug="+d,test_completely_invisible";

alter  table t1 order by i1;

set  debug_dbug="";

replace  into t1  partition (p0)  (i1, i2) values (8, 8), (2, 8);

Version: '10.3.26-MariaDB-debug-log'  socket: '/git/10.3/mysql-test/var/tmp/mysqld.1.sock'  port: 16000  Source distribution

=================================================================

==943876==ERROR: AddressSanitizer: unknown-crash on address 0x61900008f341 at pc 0x7f5ac0d4c57d bp 0x7f5ab57bbd10 sp 0x7f5ab57bb4b8

WRITE of size 13 at 0x61900008f341 thread T5

    #0 0x7f5ac0d4c57c  (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x9b57c)

    #1 0x557cde2cace0 in heap_scan /git/10.3/storage/heap/hp_scan.c:74

    #2 0x557cde2b45da in ha_heap::rnd_next(unsigned char*) /git/10.3/storage/heap/ha_heap.cc:344

    #3 0x557cddd84587 in handler::ha_rnd_next(unsigned char*) /git/10.3/sql/handler.cc:2847

    #4 0x557cdf032186 in ha_partition::rnd_next(unsigned char*) /git/10.3/sql/ha_partition.cc:5088

    #5 0x557cddd84487 in handler::ha_rnd_next(unsigned char*) /git/10.3/sql/handler.cc:2847

    #6 0x557cddd62b58 in find_all_keys /git/10.3/sql/filesort.cc:782

    #7 0x557cddd5ebd9 in filesort(THD*, TABLE*, Filesort*, Filesort_tracker*, JOIN*, unsigned long long) /git/10.3/sql/filesort.cc:269

    #8 0x557cdd86888c in copy_data_between_tables /git/10.3/sql/sql_table.cc:10519

    #9 0x557cdd8648f6 in mysql_alter_table(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, HA_CREATE_INFO*, TABLE_LIST*, Alter_info*, unsigned int, st_order*, bool) /git/10.3/sql/sql_table.cc:10052

    #10 0x557cdd9cf790 in Sql_cmd_alter_table::execute(THD*) /git/10.3/sql/sql_alter.cc:512

    #11 0x557cdd615869 in mysql_execute_command(THD*) /git/10.3/sql/sql_parse.cc:6023

    #12 0x557cdd621e69 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /git/10.3/sql/sql_parse.cc:7811

    #13 0x557cdd5f8f08 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /git/10.3/sql/sql_parse.cc:1851

    #14 0x557cdd5f5a3f in do_command(THD*) /git/10.3/sql/sql_parse.cc:1397

    #15 0x557cdd9bec04 in do_handle_one_connection(CONNECT*) /git/10.3/sql/sql_connect.cc:1403

    #16 0x557cdd9be4be in handle_one_connection /git/10.3/sql/sql_connect.cc:1308

    #17 0x557cdefd4a4a in pfs_spawn_thread /git/10.3/storage/perfschema/pfs.cc:1869

    #18 0x7f5ac07de608 in start_thread /build/glibc-ZN95T4/glibc-2.31/nptl/pthread_create.c:477

    #19 0x7f5ac03b8292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)

0x61900008f341 is located 193 bytes inside of 1100-byte region [0x61900008f280,0x61900008f6cc)

allocated by thread T5 here:

    #0 0x7f5ac0dbebc8 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x10dbc8)

    #1 0x557cdf11f568 in sf_malloc /git/10.3/mysys/safemalloc.c:118

    #2 0x557cdf0ed3d0 in my_malloc /git/10.3/mysys/my_malloc.c:101

    #3 0x557cdf0c93bc in alloc_root /git/10.3/mysys/my_alloc.c:251

    #4 0x557cdf0cab7e in strmake_root /git/10.3/mysys/my_alloc.c:481

    #5 0x557cdd8f17bb in open_table_from_share(THD*, TABLE_SHARE*, st_mysql_const_lex_string const*, unsigned int, unsigned int, unsigned int, TABLE*, bool, List<String>*) /git/10.3/sql/table.cc:3230

    #6 0x557cdd48e45b in open_table(THD*, TABLE_LIST*, Open_table_context*) /git/10.3/sql/sql_base.cc:1992

    #7 0x557cdd497824 in open_and_process_table /git/10.3/sql/sql_base.cc:3730

    #8 0x557cdd499e47 in open_tables(THD*, DDL_options_st const&, TABLE_LIST**, unsigned int*, unsigned int, Prelocking_strategy*) /git/10.3/sql/sql_base.cc:4199

    #9 0x557cdd81e5c3 in open_tables /git/10.3/sql/sql_base.h:250

    #10 0x557cdd85f76f in mysql_alter_table(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, HA_CREATE_INFO*, TABLE_LIST*, Alter_info*, unsigned int, st_order*, bool) /git/10.3/sql/sql_table.cc:9274

    #11 0x557cdd9cf790 in Sql_cmd_alter_table::execute(THD*) /git/10.3/sql/sql_alter.cc:512

    #12 0x557cdd615869 in mysql_execute_command(THD*) /git/10.3/sql/sql_parse.cc:6023

    #13 0x557cdd621e69 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /git/10.3/sql/sql_parse.cc:7811

    #14 0x557cdd5f8f08 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /git/10.3/sql/sql_parse.cc:1851

    #15 0x557cdd5f5a3f in do_command(THD*) /git/10.3/sql/sql_parse.cc:1397

    #16 0x557cdd9bec04 in do_handle_one_connection(CONNECT*) /git/10.3/sql/sql_connect.cc:1403

    #17 0x557cdd9be4be in handle_one_connection /git/10.3/sql/sql_connect.cc:1308

    #18 0x557cdefd4a4a in pfs_spawn_thread /git/10.3/storage/perfschema/pfs.cc:1869

    #19 0x7f5ac07de608 in start_thread /build/glibc-ZN95T4/glibc-2.31/nptl/pthread_create.c:477

Thread T5 created by T0 here:

    #0 0x7f5ac0ceb805 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x3a805)

    #1 0x557cdefd4e3b in spawn_thread_v1 /git/10.3/storage/perfschema/pfs.cc:1919

    #2 0x557cdd32124e in inline_mysql_thread_create /git/10.3/include/mysql/psi/mysql_thread.h:1275

    #3 0x557cdd339c3a in create_thread_to_handle_connection(CONNECT*) /git/10.3/sql/mysqld.cc:6609

    #4 0x557cdd33a3d5 in create_new_thread /git/10.3/sql/mysqld.cc:6679

    #5 0x557cdd33b578 in handle_connections_sockets() /git/10.3/sql/mysqld.cc:6937

    #6 0x557cdd338f2b in mysqld_main(int, char**) /git/10.3/sql/mysqld.cc:6231

    #7 0x557cdd31fa4c in main /git/10.3/sql/main.cc:25

    #8 0x7f5ac02bd0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)

SUMMARY: AddressSanitizer: unknown-crash (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x9b57c) 

Shadow bytes around the buggy address:

  0x0c3280009e10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

  0x0c3280009e20: 00 00 00 f7 00 03 f7 04 f7 f7 f7 f7 f7 f7 f7 f7

  0x0c3280009e30: f7 f7 f7 f7 f7 f7 f7 f7 f7 04 fa fa fa fa fa fa

  0x0c3280009e40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa

  0x0c3280009e50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

=>0x0c3280009e60: 00 f7 03 f7 00 00 f7 00[01]00 01 f7 00 00 00 f7

  0x0c3280009e70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

  0x0c3280009e80: 00 00 00 00 00 00 00 00 00 00 00 f7 00 00 00 00

  0x0c3280009e90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

  0x0c3280009ea0: 00 00 00 00 00 00 00 f7 00 00 00 00 00 00 00 00

  0x0c3280009eb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Shadow byte legend (one shadow byte represents 8 application bytes):

  Addressable:           00

  Partially addressable: 01 02 03 04 05 06 07 

  Heap left redzone:       fa

  Freed heap region:       fd

  Stack left redzone:      f1

  Stack mid redzone:       f2

  Stack right redzone:     f3

  Stack after return:      f5

  Stack use after scope:   f8

  Global redzone:          f9

  Global init order:       f6

  Poisoned by user:        f7

  Container overflow:      fc

  Array cookie:            ac

  Intra object redzone:    bb

  ASan internal:           fe

  Left alloca redzone:     ca

  Right alloca redzone:    cb

  Shadow gap:              cc

==943876==ABORTING

----------SERVER LOG END-------------