[MDEV-31417] ASAN errors in ha_partition::create_handlers upon upgrading from MySQL 5.7 with partitioned tables Created: 2023-06-06  Updated: 2023-09-13  Resolved: 2023-06-07

Status: Closed
Project: MariaDB Server
Component/s: Partitioning
Affects Version/s: N/A
Fix Version/s: N/A

Type: Bug Priority: Critical
Reporter: Elena Stepanova Assignee: Michael Widenius
Resolution: Fixed Votes: 0
Labels: None

Attachments: File mysql_partitions2.tar.gz    
Issue Links:
Relates
relates to MDEV-23106 Unable to recognize/import partitione... Closed
relates to MDEV-32155 MariaDB Server crashes with ill-forme... Confirmed

 Description   

ATTN: The failure is observed on bb-10.6-monty 9654bf9dd904, not on a main branch!

The attached data directory was created using MySQL 5.7.42 release and partitioning examples from MySQL manual. The server was shut down normally afterwards.

MariaDB starts on the datadir with usual complains about mysql.event and alike, but crashes while executing mysql_upgrade, specifically when it runs this query:

SELECT DISTINCT LOWER(engine) AS c1 FROM information_schema.tables WHERE table_comment LIKE 'Unknown storage engine%' ORDER BY c1

The same outcome can be achieved by running the query directly on the newly started server.

bb-10.6-monty 9654bf9dd9

 
==3948386==ERROR: AddressSanitizer: use-after-poison on address 0x6160004c1dd8 at pc 0x561e673eb4a4 bp 0x7efd0abb5fc0 sp 0x7efd0abb5fb8
 
READ of size 8 at 0x6160004c1dd8 thread T12
 
    #0 0x561e673eb4a3 in ha_partition::create_handlers(st_mem_root*) /data/src/bb-10.6-monty-MySQL-partitions/sql/ha_partition.cc:3020
 
    #1 0x561e673ed5d1 in ha_partition::setup_engine_array(st_mem_root*, handlerton*) /data/src/bb-10.6-monty-MySQL-partitions/sql/ha_partition.cc:3257
 
    #2 0x561e673ee4b6 in ha_partition::get_from_handler_file(char const*, st_mem_root*, bool) /data/src/bb-10.6-monty-MySQL-partitions/sql/ha_partition.cc:3377
 
    #3 0x561e673dabe5 in ha_partition::initialize_partition(st_mem_root*) /data/src/bb-10.6-monty-MySQL-partitions/sql/ha_partition.cc:569
 
    #4 0x561e673d84bd in partition_create_handler /data/src/bb-10.6-monty-MySQL-partitions/sql/ha_partition.cc:264
 
    #5 0x561e66bf4e7e in get_new_handler(TABLE_SHARE*, st_mem_root*, handlerton*) /data/src/bb-10.6-monty-MySQL-partitions/sql/handler.cc:382
 
    #6 0x561e666efc41 in TABLE_SHARE::init_from_binary_frm_image(THD*, bool, unsigned char const*, unsigned long, unsigned char const*, unsigned long) /data/src/bb-10.6-monty-MySQL-partitions/sql/table.cc:2297
 
    #7 0x561e666e3bfe in open_table_def(THD*, TABLE_SHARE*, unsigned int) /data/src/bb-10.6-monty-MySQL-partitions/sql/table.cc:719
 
    #8 0x561e66a33fb8 in tdc_acquire_share(THD*, TABLE_LIST*, unsigned int, TABLE**) /data/src/bb-10.6-monty-MySQL-partitions/sql/table_cache.cc:836
 
    #9 0x561e66562a79 in fill_schema_table_from_frm /data/src/bb-10.6-monty-MySQL-partitions/sql/sql_show.cc:5017
 
    #10 0x561e66564909 in get_all_tables(THD*, TABLE_LIST*, Item*) /data/src/bb-10.6-monty-MySQL-partitions/sql/sql_show.cc:5327
 
    #11 0x561e66597d4c in get_schema_tables_result(JOIN*, enum_schema_table_state) /data/src/bb-10.6-monty-MySQL-partitions/sql/sql_show.cc:8888
 
    #12 0x561e66461e6e in JOIN::exec_inner() /data/src/bb-10.6-monty-MySQL-partitions/sql/sql_select.cc:4783
 
    #13 0x561e6645fc13 in JOIN::exec() /data/src/bb-10.6-monty-MySQL-partitions/sql/sql_select.cc:4604
 
    #14 0x561e66464060 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/bb-10.6-monty-MySQL-partitions/sql/sql_select.cc:5083
 
    #15 0x561e66433d7d in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/bb-10.6-monty-MySQL-partitions/sql/sql_select.cc:559
 
    #16 0x561e66398f4c in execute_sqlcom_select /data/src/bb-10.6-monty-MySQL-partitions/sql/sql_parse.cc:6273
 
    #17 0x561e66387625 in mysql_execute_command(THD*, bool) /data/src/bb-10.6-monty-MySQL-partitions/sql/sql_parse.cc:3949
 
    #18 0x561e663a3ec4 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /data/src/bb-10.6-monty-MySQL-partitions/sql/sql_parse.cc:8041
 
    #19 0x561e66379d0b in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /data/src/bb-10.6-monty-MySQL-partitions/sql/sql_parse.cc:1896
 
    #20 0x561e66376a3f in do_command(THD*, bool) /data/src/bb-10.6-monty-MySQL-partitions/sql/sql_parse.cc:1409
 
    #21 0x561e667e40e5 in do_handle_one_connection(CONNECT*, bool) /data/src/bb-10.6-monty-MySQL-partitions/sql/sql_connect.cc:1416
 
    #22 0x561e667e3aa6 in handle_one_connection /data/src/bb-10.6-monty-MySQL-partitions/sql/sql_connect.cc:1318
 
    #23 0x561e67441ca3 in pfs_spawn_thread /data/src/bb-10.6-monty-MySQL-partitions/storage/perfschema/pfs.cc:2201
 
    #24 0x7efd2d0a7fd3 in start_thread nptl/pthread_create.c:442
 
    #25 0x7efd2d1285bb in clone3 ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
 
 
 
0x6160004c1dd8 is located 88 bytes inside of 560-byte region [0x6160004c1d80,0x6160004c1fb0)
 
allocated by thread T12 here:
 
    #0 0x7efd2dab89cf in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69
 
    #1 0x561e6803dfb0 in my_malloc /data/src/bb-10.6-monty-MySQL-partitions/mysys/my_malloc.c:91
 
    #2 0x561e68019928 in init_alloc_root /data/src/bb-10.6-monty-MySQL-partitions/mysys/my_alloc.c:86
 
    #3 0x561e673d882c in ha_partition::ha_partition_init() /data/src/bb-10.6-monty-MySQL-partitions/sql/ha_partition.cc:308
 
    #4 0x561e673d866d in ha_partition::ha_partition(handlerton*, TABLE_SHARE*) /data/src/bb-10.6-monty-MySQL-partitions/sql/ha_partition.cc:298
 
    #5 0x561e673d849f in partition_create_handler /data/src/bb-10.6-monty-MySQL-partitions/sql/ha_partition.cc:263
 
    #6 0x561e66bf4e7e in get_new_handler(TABLE_SHARE*, st_mem_root*, handlerton*) /data/src/bb-10.6-monty-MySQL-partitions/sql/handler.cc:382
 
    #7 0x561e666efc41 in TABLE_SHARE::init_from_binary_frm_image(THD*, bool, unsigned char const*, unsigned long, unsigned char const*, unsigned long) /data/src/bb-10.6-monty-MySQL-partitions/sql/table.cc:2297
 
    #8 0x561e666e3bfe in open_table_def(THD*, TABLE_SHARE*, unsigned int) /data/src/bb-10.6-monty-MySQL-partitions/sql/table.cc:719
 
    #9 0x561e66a33fb8 in tdc_acquire_share(THD*, TABLE_LIST*, unsigned int, TABLE**) /data/src/bb-10.6-monty-MySQL-partitions/sql/table_cache.cc:836
 
    #10 0x561e66562a79 in fill_schema_table_from_frm /data/src/bb-10.6-monty-MySQL-partitions/sql/sql_show.cc:5017
 
    #11 0x561e66564909 in get_all_tables(THD*, TABLE_LIST*, Item*) /data/src/bb-10.6-monty-MySQL-partitions/sql/sql_show.cc:5327
 
    #12 0x561e66597d4c in get_schema_tables_result(JOIN*, enum_schema_table_state) /data/src/bb-10.6-monty-MySQL-partitions/sql/sql_show.cc:8888
 
    #13 0x561e66461e6e in JOIN::exec_inner() /data/src/bb-10.6-monty-MySQL-partitions/sql/sql_select.cc:4783
 
    #14 0x561e6645fc13 in JOIN::exec() /data/src/bb-10.6-monty-MySQL-partitions/sql/sql_select.cc:4604
 
    #15 0x561e66464060 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/bb-10.6-monty-MySQL-partitions/sql/sql_select.cc:5083
 
    #16 0x561e66433d7d in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/bb-10.6-monty-MySQL-partitions/sql/sql_select.cc:559
 
    #17 0x561e66398f4c in execute_sqlcom_select /data/src/bb-10.6-monty-MySQL-partitions/sql/sql_parse.cc:6273
 
    #18 0x561e66387625 in mysql_execute_command(THD*, bool) /data/src/bb-10.6-monty-MySQL-partitions/sql/sql_parse.cc:3949
 
    #19 0x561e663a3ec4 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /data/src/bb-10.6-monty-MySQL-partitions/sql/sql_parse.cc:8041
 
    #20 0x561e66379d0b in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /data/src/bb-10.6-monty-MySQL-partitions/sql/sql_parse.cc:1896
 
    #21 0x561e66376a3f in do_command(THD*, bool) /data/src/bb-10.6-monty-MySQL-partitions/sql/sql_parse.cc:1409
 
    #22 0x561e667e40e5 in do_handle_one_connection(CONNECT*, bool) /data/src/bb-10.6-monty-MySQL-partitions/sql/sql_connect.cc:1416
 
    #23 0x561e667e3aa6 in handle_one_connection /data/src/bb-10.6-monty-MySQL-partitions/sql/sql_connect.cc:1318
 
    #24 0x561e67441ca3 in pfs_spawn_thread /data/src/bb-10.6-monty-MySQL-partitions/storage/perfschema/pfs.cc:2201
 
    #25 0x7efd2d0a7fd3 in start_thread nptl/pthread_create.c:442
 
 
 
Thread T12 created by T0 here:
 
    #0 0x7efd2da49726 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:207
 
    #1 0x561e6743d9de in my_thread_create /data/src/bb-10.6-monty-MySQL-partitions/storage/perfschema/my_thread.h:52
 
    #2 0x561e67442092 in pfs_spawn_thread_v1 /data/src/bb-10.6-monty-MySQL-partitions/storage/perfschema/pfs.cc:2252
 
    #3 0x561e6606784b in inline_mysql_thread_create /data/src/bb-10.6-monty-MySQL-partitions/include/mysql/psi/mysql_thread.h:1139
 
    #4 0x561e6607ea94 in create_thread_to_handle_connection(CONNECT*) /data/src/bb-10.6-monty-MySQL-partitions/sql/mysqld.cc:5991
 
    #5 0x561e6607f0a5 in create_new_thread(CONNECT*) /data/src/bb-10.6-monty-MySQL-partitions/sql/mysqld.cc:6050
 
    #6 0x561e6607f390 in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/src/bb-10.6-monty-MySQL-partitions/sql/mysqld.cc:6112
 
    #7 0x561e6607fd20 in handle_connections_sockets() /data/src/bb-10.6-monty-MySQL-partitions/sql/mysqld.cc:6236
 
    #8 0x561e6607e311 in mysqld_main(int, char**) /data/src/bb-10.6-monty-MySQL-partitions/sql/mysqld.cc:5886
 
    #9 0x561e66066958 in main /data/src/bb-10.6-monty-MySQL-partitions/sql/main.cc:34
 
    #10 0x7efd2d046189 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
 
 
 
SUMMARY: AddressSanitizer: use-after-poison /data/src/bb-10.6-monty-MySQL-partitions/sql/ha_partition.cc:3020 in ha_partition::create_handlers(st_mem_root*)
 
Shadow bytes around the buggy address:
 
  0x0c2c80090360: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
 
  0x0c2c80090370: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
 
  0x0c2c80090380: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
 
  0x0c2c80090390: fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa
 
  0x0c2c800903a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
 
=>0x0c2c800903b0: 00 00 00 00 00 00 f7 00 00 f7 f7[f7]f7 f7 f7 f7
 
  0x0c2c800903c0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
 
  0x0c2c800903d0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
 
  0x0c2c800903e0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
 
  0x0c2c800903f0: f7 f7 f7 f7 f7 f7 fa fa fa fa fa fa fa fa fa fa
 
  0x0c2c80090400: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
 
Shadow byte legend (one shadow byte represents 8 application bytes):
 
  Addressable:           00
 
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
 
  Freed heap region:       fd
 
  Stack left redzone:      f1
 
  Stack mid redzone:       f2
 
  Stack right redzone:     f3
 
  Stack after return:      f5
 
  Stack use after scope:   f8
 
  Global redzone:          f9
 
  Global init order:       f6
 
  Poisoned by user:        f7
 
  Container overflow:      fc
 
  Array cookie:            ac
 
  Intra object redzone:    bb
 
  ASan internal:           fe
 
  Left alloca redzone:     ca
 
  Right alloca redzone:    cb
 
==3948386==ABORTING



 Comments   
Comment by Michael Widenius [ 2023-06-07 ]

Fixed bugs in partitioning

Generated at Thu Feb 08 10:23:43 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.