LP #1588386: ADDRESS SANITIZER REPORTS FAILURE IN MAIN.PARTITION_ORDER ON MYSQL-TRUNK
General
Escalation
General
Escalation
Description
Environment
None
Smart Checklist
Activity
Show:
lpjirasync January 24, 2018 at 9:36 AM
**Comment from Launchpad by: Laurynas Biveinis on: 03-06-2016 13:03:17
https://github.com/percona/percona-server/pull/591, https://github.com/percona/percona-server/pull/592, https://github.com/percona/percona-server/pull/593
lpjirasync January 24, 2018 at 9:36 AM
**Comment from Launchpad by: Laurynas Biveinis on: 02-06-2016 14:10:32
The fix seems to be backporting
commit f0d7a37c48cd423ea48c32c644d1da3c4d5898e7
Author: Mattias Jonsson <mattias.jonsson@oracle.com>
Date: Thu Feb 13 16:47:31 2014 +0100
Bug#17957894: ADDRESS SANITIZER REPORTS FAILURE IN MAIN.PARTITION_ORDER ON MYSQL-TRUNK
Bad length in memcmp in Field_bit::cmp_max().
Done
Details
Details
Assignee
Unassigned
UnassignedReporter
lpjirasync
lpjirasync(Deactivated)Priority
LowSmart Checklist
Open Smart Checklist
Smart Checklist
Open Smart Checklist
Created January 24, 2018 at 9:36 AM
Updated January 24, 2018 at 9:36 AM
Resolved January 24, 2018 at 9:36 AM
**Reported in Launchpad by Laurynas Biveinis last update 03-06-2016 13:03:27
parts.partition_bit_myisam w3 [ fail ]
...
CURRENT_TEST: parts.partition_bit_myisam
mysqltest: In included file "./suite/parts/inc/partition_bit.inc":
included from ./suite/parts/inc/partition_bit.inc at line 48:
At line 48: query 'select hex(a) from t1' failed: 2013: Lost connection to MySQL server during query
...
=================================================================
==18175==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6060002c6275 at pc 0x7f322348e676 bp 0x7f3207ed79f0 sp 0x7f3207ed7198
READ of size 64 at 0x6060002c6275 thread T841
#0 0x7f322348e675 in memcmp (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x77675)
#1 0x957d8d in Field_bit::cmp_max(unsigned char const*, unsigned char const*, unsigned int) /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-64bit/sql/field.cc:8761
#2 0xb5f919 in key_rec_cmp /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-64bit/sql/key.cc:598
#3 0xd4dda2 in _downheap /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-64bit/mysys/queues.c:293
#4 0xd4e122 in queue_fix /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-64bit/mysys/queues.c:365
#5 0x1285d70 in ha_partition::handle_ordered_index_scan(unsigned char*, bool) /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-64bit/sql/ha_partition.cc:5356
#6 0x1286e41 in ha_partition::common_first_last(unsigned char*) /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-64bit/sql/ha_partition.cc:4711
#7 0x1286f72 in ha_partition::index_first(unsigned char*) /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-64bit/sql/ha_partition.cc:4660
#8 0x719732 in join_read_first /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-64bit/sql/sql_select.cc:12715
#9 0x6fe6e8 in sub_select(JOIN*, st_join_table*, bool) /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-64bit/sql/sql_select.cc:11907
#10 0x718286 in do_select /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-64bit/sql/sql_select.cc:11673
#11 0x756715 in JOIN::exec() /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-64bit/sql/sql_select.cc:2443
#12 0x7451ad in mysql_select(THD*, Item**, TABLE_LIST, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-64bit/sql/sql_select.cc:2662
#13 0x745a0c in handle_select(THD*, LEX*, select_result*, unsigned long) /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-64bit/sql/sql_select.cc:315
#14 0x66d883 in execute_sqlcom_select /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-64bit/sql/sql_parse.cc:4868
#15 0x680f1c in mysql_execute_command(THD*) /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-64bit/sql/sql_parse.cc:2361
#16 0x693331 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-64bit/sql/sql_parse.cc:6058
#17 0x6970ce in dispatch_command(enum_server_command, THD*, char*, unsigned int) /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-64bit/sql/sql_parse.cc:1075
#18 0x69b88d in do_command(THD*) /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-64bit/sql/sql_parse.cc:789
#19 0x8956ad in do_handle_one_connection(THD*) /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-64bit/sql/sql_connect.cc:1418
#20 0x89594e in handle_one_connection /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-64bit/sql/sql_connect.cc:1325
#21 0xd914dc in pfs_spawn_thread /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-64bit/storage/perfschema/pfs.cc:1015
#22 0x7f3222de56f9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76f9)
#23 0x7f3221990b5c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x106b5c)
0x6060002c6275 is located 0 bytes to the right of 53-byte region [0x6060002c6240,0x6060002c6275)
allocated by thread T841 here:
#0 0x7f32234af54a in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x9854a)
#1 0xd41419 in my_malloc /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-64bit/mysys/my_malloc.c:38
#2 0x1281db9 in ha_partition::init_record_priority_queue() /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-64bit/sql/ha_partition.cc:4328
#3 0x128258c in ha_partition::index_init(unsigned int, bool) /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-64bit/sql/ha_partition.cc:4422
#4 0x719641 in handler::ha_index_init(unsigned int, bool) /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-64bit/sql/handler.h:1426
#5 0x719641 in join_read_first /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-64bit/sql/sql_select.cc:12708
#6 0x6fe6e8 in sub_select(JOIN*, st_join_table*, bool) /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-64bit/sql/sql_select.cc:11907
#7 0x718286 in do_select /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-64bit/sql/sql_select.cc:11673
#8 0x756715 in JOIN::exec() /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-64bit/sql/sql_select.cc:2443
#9 0x7451ad in mysql_select(THD*, Item**, TABLE_LIST, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-64bit/sql/sql_select.cc:2662
#10 0x745a0c in handle_select(THD*, LEX*, select_result*, unsigned long) /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-64bit/sql/sql_select.cc:315
#11 0x66d883 in execute_sqlcom_select /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-64bit/sql/sql_parse.cc:4868
#12 0x680f1c in mysql_execute_command(THD*) /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-64bit/sql/sql_parse.cc:2361
#13 0x693331 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-64bit/sql/sql_parse.cc:6058
#14 0x6970ce in dispatch_command(enum_server_command, THD*, char*, unsigned int) /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-64bit/sql/sql_parse.cc:1075
#15 0x69b88d in do_command(THD*) /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-64bit/sql/sql_parse.cc:789
#16 0x8956ad in do_handle_one_connection(THD*) /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-64bit/sql/sql_connect.cc:1418
#17 0x89594e in handle_one_connection /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-64bit/sql/sql_connect.cc:1325
#18 0xd914dc in pfs_spawn_thread /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-64bit/storage/perfschema/pfs.cc:1015
#19 0x7f3222de56f9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76f9)
Thread T841 created by T0 here:
#0 0x7f322344d253 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x36253)
#1 0xd94a99 in spawn_thread_v1 /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-64bit/storage/perfschema/pfs.cc:1038
#2 0x519d5d in inline_mysql_thread_create /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-64bit/include/mysql/psi/mysql_thread.h:1049
#3 0x519d5d in create_thread_to_handle_connection(THD*) /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-64bit/sql/mysqld.cc:5289
#4 0x51b4d9 in create_new_thread /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-64bit/sql/mysqld.cc:5387
#5 0x51b4d9 in handle_connections_sockets() /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-64bit/sql/mysqld.cc:5647
#6 0x51e8c0 in mysqld_main(int, char**) /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-64bit/sql/mysqld.cc:4901
#7 0x505e3e in main /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-64bit/sql/main.cc:25
#8 0x7f32218aa82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
SUMMARY: AddressSanitizer: heap-buffer-overflow ??:0 memcmp
Shadow bytes around the buggy address:
0x0c0c80050bf0: fa fa fa fa fd fd fd fd fd fd fd fd fa fa fa fa
0x0c0c80050c00: fd fd fd fd fd fd fd fd fa fa fa fa fd fd fd fd
0x0c0c80050c10: fd fd fd fd fa fa fa fa fd fd fd fd fd fd fd fd
0x0c0c80050c20: fa fa fa fa fd fd fd fd fd fd fd fd fa fa fa fa
0x0c0c80050c30: fd fd fd fd fd fd fd fd fa fa fa fa fd fd fd fd
=>0x0c0c80050c40: fd fd fd fd fa fa fa fa 00 00 00 00 00 00[05]fa
0x0c0c80050c50: fa fa fa fa 00 00 00 00 00 00 00 00 fa fa fa fa
0x0c0c80050c60: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
0x0c0c80050c70: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x0c0c80050c80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0c80050c90: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==18175==ABORTING