Details
-
Bug
-
Status: Closed (View Workflow)
-
Blocker
-
Resolution: Fixed
-
N/A
-
Not for Release Notes
Description
--source include/have_innodb.inc
|
|
|
SET SESSION TRANSACTION ISOLATION LEVEL READ COMMITTED; |
|
|
CREATE TABLE t (a INT, f TEXT UNIQUE, s DATETIME, e DATETIME, PERIOD FOR p(s,e)) ENGINE=InnoDB; |
INSERT INTO t VALUES (1,'foo','1900-01-01','2000-01-01'),(2,'bar','1900-01-01','2000-01-01'); |
--error ER_DUP_ENTRY
|
UPDATE t FOR PORTION OF p FROM '1980-01-01' TO '1980-01-02' SET a = 1; |
|
|
DROP TABLE t; |
|
bb-10.6-release 29775c03c147ae72b0a61378d3da729dbad346a2 |
==2858363==ERROR: AddressSanitizer: heap-use-after-free on address 0x62900027b2a0 at pc 0x5563a84bf866 bp 0x7fb62dc5ea70 sp 0x7fb62dc5ea68
|
READ of size 1 at 0x62900027b2a0 thread T11
|
#0 0x5563a84bf865 in my_mb_wc_latin1 /data/bld/2025-Q3/bb-10.6-release-asan/strings/ctype-latin1.c:376
|
#1 0x5563a853a213 in my_convert_using_func /data/bld/2025-Q3/bb-10.6-release-asan/strings/ctype.c:1163
|
#2 0x5563a64c6775 in err_conv(char*, unsigned int, char const*, unsigned int, charset_info_st const*) /data/bld/2025-Q3/bb-10.6-release-asan/sql/sql_error.cc:953
|
#3 0x5563a62e6eab in ErrBuff::set_str(char const*, unsigned long, charset_info_st const*) const /data/bld/2025-Q3/bb-10.6-release-asan/sql/sql_error.h:873
|
#4 0x5563a62e73ae in ErrConvString::lex_cstring() const /data/bld/2025-Q3/bb-10.6-release-asan/sql/sql_error.h:911
|
#5 0x5563a712b1fe in field_unpack(String*, Field*, unsigned char const*, unsigned int, bool) /data/bld/2025-Q3/bb-10.6-release-asan/sql/key.cc:396
|
#6 0x5563a712b8ba in key_unpack(String*, TABLE*, st_key*) /data/bld/2025-Q3/bb-10.6-release-asan/sql/key.cc:441
|
#7 0x5563a6e582a1 in print_keydup_error(TABLE*, st_key*, char const*, unsigned long) /data/bld/2025-Q3/bb-10.6-release-asan/sql/handler.cc:4427
|
#8 0x5563a6e58542 in print_keydup_error(TABLE*, st_key*, unsigned long) /data/bld/2025-Q3/bb-10.6-release-asan/sql/handler.cc:4450
|
#9 0x5563a6e58c1c in handler::print_error(int, unsigned long) /data/bld/2025-Q3/bb-10.6-release-asan/sql/handler.cc:4530
|
#10 0x5563a68e34f5 in mysql_update(THD*, TABLE_LIST*, List<Item>&, List<Item>&, Item*, unsigned int, st_order*, unsigned long long, bool, unsigned long long*, unsigned long long*) /data/bld/2025-Q3/bb-10.6-release-asan/sql/sql_update.cc:1166
|
#11 0x5563a65a5042 in mysql_execute_command(THD*, bool) /data/bld/2025-Q3/bb-10.6-release-asan/sql/sql_parse.cc:4477
|
#12 0x5563a65bed8d in mysql_parse(THD*, char*, unsigned int, Parser_state*) /data/bld/2025-Q3/bb-10.6-release-asan/sql/sql_parse.cc:8200
|
#13 0x5563a65941d6 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /data/bld/2025-Q3/bb-10.6-release-asan/sql/sql_parse.cc:1908
|
#14 0x5563a6590f0a in do_command(THD*, bool) /data/bld/2025-Q3/bb-10.6-release-asan/sql/sql_parse.cc:1421
|
#15 0x5563a6a168b8 in do_handle_one_connection(CONNECT*, bool) /data/bld/2025-Q3/bb-10.6-release-asan/sql/sql_connect.cc:1386
|
#16 0x5563a6a16417 in handle_one_connection /data/bld/2025-Q3/bb-10.6-release-asan/sql/sql_connect.cc:1298
|
#17 0x5563a7693dff in pfs_spawn_thread /data/bld/2025-Q3/bb-10.6-release-asan/storage/perfschema/pfs.cc:2201
|
#18 0x7fb63c8a81c3 in start_thread nptl/pthread_create.c:442
|
#19 0x7fb63c92885b in clone3 ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
|
|
|
0x62900027b2a0 is located 160 bytes inside of 16536-byte region [0x62900027b200,0x62900027f298)
|
freed by thread T11 here:
|
#0 0x7fb63d4b76a8 in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:52
|
#1 0x5563a792a657 in ut_allocator<unsigned char, true>::deallocate(unsigned char*, unsigned long) /data/bld/2025-Q3/bb-10.6-release-asan/storage/innobase/include/ut0new.h:423
|
#2 0x5563a7bad0f1 in mem_heap_block_free(mem_block_info_t*, mem_block_info_t*) /data/bld/2025-Q3/bb-10.6-release-asan/storage/innobase/mem/mem0mem.cc:417
|
#3 0x5563a7d3672a in mem_heap_free /data/bld/2025-Q3/bb-10.6-release-asan/storage/innobase/include/mem0mem.inl:419
|
#4 0x5563a7d38dee in row_mysql_prebuilt_free_blob_heap(row_prebuilt_t*) /data/bld/2025-Q3/bb-10.6-release-asan/storage/innobase/row/row0mysql.cc:103
|
#5 0x5563a7db9f0f in row_sel_store_mysql_rec /data/bld/2025-Q3/bb-10.6-release-asan/storage/innobase/row/row0sel.cc:3151
|
#6 0x5563a7dca95a in row_search_mvcc(unsigned char*, page_cur_mode_t, row_prebuilt_t*, unsigned long, unsigned long) /data/bld/2025-Q3/bb-10.6-release-asan/storage/innobase/row/row0sel.cc:5710
|
#7 0x5563a78d1e38 in ha_innobase::index_read(unsigned char*, unsigned char const*, unsigned int, ha_rkey_function) /data/bld/2025-Q3/bb-10.6-release-asan/storage/innobase/handler/ha_innodb.cc:9082
|
#8 0x5563a78d58ea in ha_innobase::rnd_pos(unsigned char*, unsigned char*) /data/bld/2025-Q3/bb-10.6-release-asan/storage/innobase/handler/ha_innodb.cc:9568
|
#9 0x5563a6e73c27 in handler::ha_write_row(unsigned char const*) /data/bld/2025-Q3/bb-10.6-release-asan/sql/handler.cc:7780
|
#10 0x5563a6958bbc in TABLE::period_make_insert(Item*, Field*) /data/bld/2025-Q3/bb-10.6-release-asan/sql/table.cc:9295
|
#11 0x5563a6959115 in TABLE::insert_portion_of_time(THD*, vers_select_conds_t const&, unsigned long long*) /data/bld/2025-Q3/bb-10.6-release-asan/sql/table.cc:9319
|
#12 0x5563a68e2cef in mysql_update(THD*, TABLE_LIST*, List<Item>&, List<Item>&, Item*, unsigned int, st_order*, unsigned long long, bool, unsigned long long*, unsigned long long*) /data/bld/2025-Q3/bb-10.6-release-asan/sql/sql_update.cc:1132
|
#13 0x5563a65a5042 in mysql_execute_command(THD*, bool) /data/bld/2025-Q3/bb-10.6-release-asan/sql/sql_parse.cc:4477
|
#14 0x5563a65bed8d in mysql_parse(THD*, char*, unsigned int, Parser_state*) /data/bld/2025-Q3/bb-10.6-release-asan/sql/sql_parse.cc:8200
|
#15 0x5563a65941d6 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /data/bld/2025-Q3/bb-10.6-release-asan/sql/sql_parse.cc:1908
|
#16 0x5563a6590f0a in do_command(THD*, bool) /data/bld/2025-Q3/bb-10.6-release-asan/sql/sql_parse.cc:1421
|
#17 0x5563a6a168b8 in do_handle_one_connection(CONNECT*, bool) /data/bld/2025-Q3/bb-10.6-release-asan/sql/sql_connect.cc:1386
|
#18 0x5563a6a16417 in handle_one_connection /data/bld/2025-Q3/bb-10.6-release-asan/sql/sql_connect.cc:1298
|
#19 0x5563a7693dff in pfs_spawn_thread /data/bld/2025-Q3/bb-10.6-release-asan/storage/perfschema/pfs.cc:2201
|
#20 0x7fb63c8a81c3 in start_thread nptl/pthread_create.c:442
|
|
|
previously allocated by thread T11 here:
|
#0 0x7fb63d4b89cf in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69
|
#1 0x5563a792a18f in ut_allocator<unsigned char, true>::allocate(unsigned long, unsigned char const*, unsigned int, bool, bool) /data/bld/2025-Q3/bb-10.6-release-asan/storage/innobase/include/ut0new.h:374
|
#2 0x5563a7bac3dd in mem_heap_create_block_func(mem_block_info_t*, unsigned long, char const*, unsigned int, unsigned long) /data/bld/2025-Q3/bb-10.6-release-asan/storage/innobase/mem/mem0mem.cc:278
|
#3 0x5563a7da31e8 in mem_heap_create_func /data/bld/2025-Q3/bb-10.6-release-asan/storage/innobase/include/mem0mem.inl:377
|
#4 0x5563a7db9801 in row_sel_store_mysql_field /data/bld/2025-Q3/bb-10.6-release-asan/storage/innobase/row/row0sel.cc:3092
|
#5 0x5563a7dba8b9 in row_sel_store_mysql_rec /data/bld/2025-Q3/bb-10.6-release-asan/storage/innobase/row/row0sel.cc:3238
|
#6 0x5563a7dca95a in row_search_mvcc(unsigned char*, page_cur_mode_t, row_prebuilt_t*, unsigned long, unsigned long) /data/bld/2025-Q3/bb-10.6-release-asan/storage/innobase/row/row0sel.cc:5710
|
#7 0x5563a78d1e38 in ha_innobase::index_read(unsigned char*, unsigned char const*, unsigned int, ha_rkey_function) /data/bld/2025-Q3/bb-10.6-release-asan/storage/innobase/handler/ha_innodb.cc:9082
|
#8 0x5563a78d50b7 in ha_innobase::index_first(unsigned char*) /data/bld/2025-Q3/bb-10.6-release-asan/storage/innobase/handler/ha_innodb.cc:9443
|
#9 0x5563a78d55ef in ha_innobase::rnd_next(unsigned char*) /data/bld/2025-Q3/bb-10.6-release-asan/storage/innobase/handler/ha_innodb.cc:9535
|
#10 0x5563a6e4c87f in handler::ha_rnd_next(unsigned char*) /data/bld/2025-Q3/bb-10.6-release-asan/sql/handler.cc:3577
|
#11 0x5563a72bd682 in rr_sequential(READ_RECORD*) /data/bld/2025-Q3/bb-10.6-release-asan/sql/records.cc:519
|
#12 0x5563a63d9095 in READ_RECORD::read_record() /data/bld/2025-Q3/bb-10.6-release-asan/sql/records.h:81
|
#13 0x5563a68e3afa in mysql_update(THD*, TABLE_LIST*, List<Item>&, List<Item>&, Item*, unsigned int, st_order*, unsigned long long, bool, unsigned long long*, unsigned long long*) /data/bld/2025-Q3/bb-10.6-release-asan/sql/sql_update.cc:1029
|
#14 0x5563a65a5042 in mysql_execute_command(THD*, bool) /data/bld/2025-Q3/bb-10.6-release-asan/sql/sql_parse.cc:4477
|
#15 0x5563a65bed8d in mysql_parse(THD*, char*, unsigned int, Parser_state*) /data/bld/2025-Q3/bb-10.6-release-asan/sql/sql_parse.cc:8200
|
#16 0x5563a65941d6 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /data/bld/2025-Q3/bb-10.6-release-asan/sql/sql_parse.cc:1908
|
#17 0x5563a6590f0a in do_command(THD*, bool) /data/bld/2025-Q3/bb-10.6-release-asan/sql/sql_parse.cc:1421
|
#18 0x5563a6a168b8 in do_handle_one_connection(CONNECT*, bool) /data/bld/2025-Q3/bb-10.6-release-asan/sql/sql_connect.cc:1386
|
#19 0x5563a6a16417 in handle_one_connection /data/bld/2025-Q3/bb-10.6-release-asan/sql/sql_connect.cc:1298
|
#20 0x5563a7693dff in pfs_spawn_thread /data/bld/2025-Q3/bb-10.6-release-asan/storage/perfschema/pfs.cc:2201
|
#21 0x7fb63c8a81c3 in start_thread nptl/pthread_create.c:442
|
|
|
Thread T11 created by T0 here:
|
#0 0x7fb63d449726 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:207
|
#1 0x5563a768fb3a in my_thread_create /data/bld/2025-Q3/bb-10.6-release-asan/storage/perfschema/my_thread.h:52
|
#2 0x5563a76941ee in pfs_spawn_thread_v1 /data/bld/2025-Q3/bb-10.6-release-asan/storage/perfschema/pfs.cc:2252
|
#3 0x5563a62626e0 in inline_mysql_thread_create /data/bld/2025-Q3/bb-10.6-release-asan/include/mysql/psi/mysql_thread.h:1139
|
#4 0x5563a62797ac in create_thread_to_handle_connection(CONNECT*) /data/bld/2025-Q3/bb-10.6-release-asan/sql/mysqld.cc:6016
|
#5 0x5563a6279dbd in create_new_thread(CONNECT*) /data/bld/2025-Q3/bb-10.6-release-asan/sql/mysqld.cc:6075
|
#6 0x5563a627a0a8 in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/bld/2025-Q3/bb-10.6-release-asan/sql/mysqld.cc:6137
|
#7 0x5563a627ad3c in handle_connections_sockets() /data/bld/2025-Q3/bb-10.6-release-asan/sql/mysqld.cc:6260
|
#8 0x5563a6277b11 in run_main_loop /data/bld/2025-Q3/bb-10.6-release-asan/sql/mysqld.cc:5519
|
#9 0x5563a627907b in mysqld_main(int, char**) /data/bld/2025-Q3/bb-10.6-release-asan/sql/mysqld.cc:5917
|
#10 0x5563a62619a8 in main /data/bld/2025-Q3/bb-10.6-release-asan/sql/main.cc:34
|
#11 0x7fb63c846249 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
|
|
|
SUMMARY: AddressSanitizer: heap-use-after-free /data/bld/2025-Q3/bb-10.6-release-asan/strings/ctype-latin1.c:376 in my_mb_wc_latin1
|
Shadow bytes around the buggy address:
|
0x0c5280047600: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c5280047610: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c5280047620: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c5280047630: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c5280047640: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
=>0x0c5280047650: fd fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd
|
0x0c5280047660: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c5280047670: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c5280047680: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c5280047690: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c52800476a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
Addressable: 00
|
Partially addressable: 01 02 03 04 05 06 07
|
Heap left redzone: fa
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack after return: f5
|
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
Container overflow: fc
|
Array cookie: ac
|
Intra object redzone: bb
|
ASan internal: fe
|
Left alloca redzone: ca
|
Right alloca redzone: cb
|
==2858363==ABORTING
|
|
|
...
|
Status: NOT_KILLED
|
Query (0x62d0000a0438): UPDATE t FOR PORTION OF p FROM '1980-01-01' TO '1980-01-02' SET a = 1
|
|
The same but with partitioning |
--source include/have_innodb.inc
|
--source include/have_partition.inc
|
|
|
SET SESSION TRANSACTION ISOLATION LEVEL READ COMMITTED; |
|
|
CREATE TABLE t (a INT, f TEXT UNIQUE, s DATETIME, e DATETIME, PERIOD FOR p(s,e)) ENGINE=InnoDB PARTITION BY HASH (a); |
INSERT INTO t VALUES (1,'foo','1900-01-01','2000-01-01'),(2,'bar','1900-01-01','2000-01-01'); |
--error ER_DUP_ENTRY
|
UPDATE t FOR PORTION OF p FROM '1980-01-01' TO '1980-01-02' SET a = 1; |
|
|
DROP TABLE t; |
mariadbd: /data/bld/2025-Q3/bb-10.6-release-asan/sql/handler.h:3539: int handler::ha_rnd_init(bool): Assertion `inited==NONE || (inited==RND && scan)' failed.
|
250725 19:28:06 [ERROR] /share8t/bld/2025-Q3/bb-10.6-release-asan/sql/mariadbd got signal 6 ;
|
|
|
#9 0x00007f092fc53eb2 in __GI___assert_fail (assertion=0x55c5a644fdc0 "inited==NONE || (inited==RND && scan)", file=0x55c5a644fac0 "/data/bld/2025-Q3/bb-10.6-release-asan/sql/handler.h", line=3539, function=0x55c5a644fe20 "int handler::ha_rnd_init(bool)") at ./assert/assert.c:101
|
#10 0x000055c5a41bb860 in handler::ha_rnd_init (this=0x625000285a20, scan=false) at /data/bld/2025-Q3/bb-10.6-release-asan/sql/handler.h:3539
|
#11 0x000055c5a5339938 in ha_partition::rnd_init (this=0x625000285148, scan=false) at /data/bld/2025-Q3/bb-10.6-release-asan/sql/ha_partition.cc:5292
|
#12 0x000055c5a4b5dad1 in handler::ha_write_row (this=0x625000285148, buf=0x625000286228 "\370\001") at /data/bld/2025-Q3/bb-10.6-release-asan/sql/handler.cc:7777
|
#13 0x000055c5a4642bbd in TABLE::period_make_insert (this=0x6190000ae198, src=0x62d0000a05b0, dst=0x6250002865f8) at /data/bld/2025-Q3/bb-10.6-release-asan/sql/table.cc:9295
|
#14 0x000055c5a4643116 in TABLE::insert_portion_of_time (this=0x6190000ae198, thd=0x62b0000bd218, period_conds=..., rows_inserted=0x7f092108e490) at /data/bld/2025-Q3/bb-10.6-release-asan/sql/table.cc:9319
|
#15 0x000055c5a45cccf0 in mysql_update (thd=0x62b0000bd218, table_list=0x62d0000a0728, fields=..., values=..., conds=0x62d0000a1c10, order_num=0, order=0x0, limit=18446744073709551615, ignore=false, found_return=0x7f092108eea0, updated_return=0x7f092108eec0) at /data/bld/2025-Q3/bb-10.6-release-asan/sql/sql_update.cc:1132
|
#16 0x000055c5a428f043 in mysql_execute_command (thd=0x62b0000bd218, is_called_from_prepared_stmt=false) at /data/bld/2025-Q3/bb-10.6-release-asan/sql/sql_parse.cc:4477
|
#17 0x000055c5a42a8d8e in mysql_parse (thd=0x62b0000bd218, rawbuf=0x62d0000a0438 "UPDATE t FOR PORTION OF p FROM '1980-01-01' TO '1980-01-02' SET a = 1", length=69, parser_state=0x7f092108fa90) at /data/bld/2025-Q3/bb-10.6-release-asan/sql/sql_parse.cc:8200
|
#18 0x000055c5a427e1d7 in dispatch_command (command=COM_QUERY, thd=0x62b0000bd218, packet=0x629000276219 "UPDATE t FOR PORTION OF p FROM '1980-01-01' TO '1980-01-02' SET a = 1", packet_length=69, blocking=true) at /data/bld/2025-Q3/bb-10.6-release-asan/sql/sql_parse.cc:1908
|
#19 0x000055c5a427af0b in do_command (thd=0x62b0000bd218, blocking=true) at /data/bld/2025-Q3/bb-10.6-release-asan/sql/sql_parse.cc:1421
|
#20 0x000055c5a47008b9 in do_handle_one_connection (connect=0x608000014638, put_in_cache=true) at /data/bld/2025-Q3/bb-10.6-release-asan/sql/sql_connect.cc:1386
|
#21 0x000055c5a4700418 in handle_one_connection (arg=0x6080000145b8) at /data/bld/2025-Q3/bb-10.6-release-asan/sql/sql_connect.cc:1298
|
#22 0x000055c5a537de00 in pfs_spawn_thread (arg=0x617000007e98) at /data/bld/2025-Q3/bb-10.6-release-asan/storage/perfschema/pfs.cc:2201
|
#23 0x00007f092fca81c4 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
|
#24 0x00007f092fd2885c in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
|
No obvious error on my release builds, but with ASAN errors it's hard to be sure.
The failures started happening after this commit in 10.6
commit 3a2e1f87a1fa01bfe5ada183ec38412aa96726ce (HEAD)
|
Author: Sergei Golubchik
|
Date: Sun Jul 20 12:06:42 2025 +0200
|
|
|
MDEV-37268 ER_NOT_KEYFILE or assertion failure upon REPLACE into table with unique hash under READ-COMMITTED
|
Attachments
Issue Links
- causes
-
-
- Closed
-
- is caused by
-
-
- Closed
-