Details
-
Bug
-
Status: Open (View Workflow)
-
Major
-
Resolution: Unresolved
-
10.6.2
-
None
Description
[rr 4150676 7553]2022-04-07 9:50:23 0 [Warning] InnoDB: Load table `test`.`C` failed, the table has missing foreign key indexes. Turn off 'foreign_key_checks' and try again.
|
[rr 4150676 7557]=================================================================
|
[rr 4150676 7564][rr 4150676 7568]==4150676==ERROR: AddressSanitizer: heap-use-after-free on address 0x61c000004c48 at pc 0x7f6e79e15a6d bp 0x7fffcc9ca8c0 sp 0x7fffcc9ca068
|
[rr 4150676 7571][rr 4150676 7573]READ of size 8 at 0x61c000004c48 thread T0
|
[rr 4150676 13317] #0 0x7f6e79e15a6c (/lib/x86_64-linux-gnu/libasan.so.5+0x67a6c)
|
[rr 4150676 13355] #1 0x55c5e378d28c in dict_sys_t::load_table(st_::span<char const> const&, dict_err_ignore_t) /data/Server/bb-10.6-MDEV-27783A/storage/innobase/dict/dict0load.cc:2531
|
[rr 4150676 13357] #2 0x55c5e378db76 in dict_load_table_on_id(unsigned long, dict_err_ignore_t) /data/Server/bb-10.6-MDEV-27783A/storage/innobase/dict/dict0load.cc:2601
|
[rr 4150676 13373] #3 0x55c5e37704ea in dict_table_t* dict_table_open_on_id<false>(unsigned long, bool, dict_table_op_t, THD*, MDL_ticket**) /data/Server/bb-10.6-MDEV-27783A/storage/innobase/dict/dict0dict.cc:860
|
[rr 4150676 13385] #4 0x55c5e35e479b in trx_resurrect_table_locks /data/Server/bb-10.6-MDEV-27783A/storage/innobase/trx/trx0trx.cc:602
|
[rr 4150676 13387] #5 0x55c5e35e5716 in trx_resurrect /data/Server/bb-10.6-MDEV-27783A/storage/innobase/trx/trx0trx.cc:685
|
[rr 4150676 13389] #6 0x55c5e35e5e6d in trx_lists_init_at_db_start() /data/Server/bb-10.6-MDEV-27783A/storage/innobase/trx/trx0trx.cc:735
|
[rr 4150676 13397] #7 0x55c5e3578170 in srv_start(bool) /data/Server/bb-10.6-MDEV-27783A/storage/innobase/srv/srv0start.cc:1467
|
[rr 4150676 13421] #8 0x55c5e31041cc in innodb_init /data/Server/bb-10.6-MDEV-27783A/storage/innobase/handler/ha_innodb.cc:4291
|
[rr 4150676 13439] #9 0x55c5e2813ece in ha_initialize_handlerton(st_plugin_int*) /data/Server/bb-10.6-MDEV-27783A/sql/handler.cc:659
|
[rr 4150676 13449] #10 0x55c5e2072a9b in plugin_initialize /data/Server/bb-10.6-MDEV-27783A/sql/sql_plugin.cc:1464
|
[rr 4150676 13451] #11 0x55c5e2074800 in plugin_init(int*, char**, int) /data/Server/bb-10.6-MDEV-27783A/sql/sql_plugin.cc:1757
|
[rr 4150676 13463] #12 0x55c5e1d7e88d in init_server_components /data/Server/bb-10.6-MDEV-27783A/sql/mysqld.cc:5052
|
[rr 4150676 13465] #13 0x55c5e1d8024c in mysqld_main(int, char**) /data/Server/bb-10.6-MDEV-27783A/sql/mysqld.cc:5667
|
[rr 4150676 13467] #14 0x55c5e1d6efbc in main /data/Server/bb-10.6-MDEV-27783A/sql/main.cc:34
|
[rr 4150676 13469] #15 0x7f6e791b30b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
|
[rr 4150676 13471] #16 0x55c5e1d6eedd in _start (/data/Server_bin/bb-10.6-MDEV-27783A_asan/bin/mariadbd+0x13f6edd)
|
dict_sys_t::load_table() function is throwing the error:
dict_table_t *dict_sys_t::load_table(const span<const char> &name,
|
dict_err_ignore_t ignore)
|
{
|
if (dict_table_t *table= find_table(name))
|
return table;
|
dict_names_t fk_list;
|
dict_table_t *table= dict_load_table_one(name, ignore, fk_list);
|
while (!fk_list.empty())
|
{
|
const char *f= fk_list.front();
|
const span<const char> name{f, strlen(f)};
|
if (!find_table(name))
|
dict_load_table_one(name, ignore, fk_list);
|
fk_list.pop_front();
|
}
|
|
|
return table;
|
}
|
In above function `dict_load_table_one()` fails because of error `DB_CANNOT_ADD_CONSTRAINT` and it is being
evicted and table has been freed. In the next iteration, it tries to access the name present in fk_list. But the name is part of freed table heap and leads to the ASAN failure.
This issue is specific to 10.6. This function has been added as a part of the following
commit message:
commit 49e2c8f0a6fefdeac50925f758090d6bd099768d
|
Author: Marko Mäkelä <marko.makela@mariadb.com>
|
Date: Thu May 20 14:58:25 2021 +0300
|
|
|
MDEV-25743: Unnecessary copying of table names in InnoDB dictionary
|
Attachments
Issue Links
- is caused by
-
-
- Closed
-