==17559==ERROR: AddressSanitizer: heap-use-after-free on address 0x629000494030 at pc 0x55dfbd589d25 bp 0x7f2a53a3ca60 sp 0x7f2a53a3ca58

READ of size 7 at 0x629000494030 thread T33

    #0 0x55dfbd589d24 in Field_timestampf::cmp(unsigned char const*, unsigned char const*) /data/src/bb-10.3-temporal/sql/field.h:2650

    #1 0x55dfbd1dac10 in partition_info_compare_column_values /data/src/bb-10.3-temporal/sql/partition_info.cc:1693

    #2 0x55dfbd1dac88 in partition_info::compare_column_values(void const*, void const*) /data/src/bb-10.3-temporal/sql/partition_info.cc:1704

    #3 0x55dfbd1da09f in partition_info::check_range_constants(THD*, bool) /data/src/bb-10.3-temporal/sql/partition_info.cc:1554

    #4 0x55dfbd1de1c1 in partition_info::check_partition_info(THD*, handlerton**, handler*, HA_CREATE_INFO*, bool) /data/src/bb-10.3-temporal/sql/partition_info.cc:2181

    #5 0x55dfbda16d2a in prep_alter_part_table(THD*, TABLE*, Alter_info*, HA_CREATE_INFO*, Alter_table_ctx*, bool*, bool*) /data/src/bb-10.3-temporal/sql/sql_partition.cc:5437

    #6 0x55dfbd0e97ce in mysql_alter_table(THD*, char const*, char const*, HA_CREATE_INFO*, TABLE_LIST*, Alter_info*, unsigned int, st_order*, bool) /data/src/bb-10.3-temporal/sql/sql_table.cc:9321

    #7 0x55dfbd23ac24 in Sql_cmd_alter_table::execute(THD*) /data/src/bb-10.3-temporal/sql/sql_alter.cc:331

    #8 0x55dfbced2c06 in mysql_execute_command(THD*) /data/src/bb-10.3-temporal/sql/sql_parse.cc:6261

    #9 0x55dfbcedd143 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/bb-10.3-temporal/sql/sql_parse.cc:7991

    #10 0x55dfbceb7866 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/bb-10.3-temporal/sql/sql_parse.cc:1825

    #11 0x55dfbceb48c7 in do_command(THD*) /data/src/bb-10.3-temporal/sql/sql_parse.cc:1370

    #12 0x55dfbd22c664 in do_handle_one_connection(CONNECT*) /data/src/bb-10.3-temporal/sql/sql_connect.cc:1420

    #13 0x55dfbd22c079 in handle_one_connection /data/src/bb-10.3-temporal/sql/sql_connect.cc:1326

    #14 0x7f2a8909e493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)

    #15 0x7f2a8748493e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e)

0x629000494030 is located 7728 bytes inside of 16460-byte region [0x629000492200,0x62900049624c)

freed by thread T33 here:

    #0 0x7f2a89308527 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x54527)

    #1 0x55dfbe764957 in free_memory /data/src/bb-10.3-temporal/mysys/safemalloc.c:279

    #2 0x55dfbe763fb8 in sf_free /data/src/bb-10.3-temporal/mysys/safemalloc.c:197

    #3 0x55dfbe732baf in my_free /data/src/bb-10.3-temporal/mysys/my_malloc.c:217

    #4 0x55dfbe712fad in free_root /data/src/bb-10.3-temporal/mysys/my_alloc.c:405

    #5 0x55dfbcebaacc in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/bb-10.3-temporal/sql/sql_parse.cc:2414

    #6 0x55dfbceb48c7 in do_command(THD*) /data/src/bb-10.3-temporal/sql/sql_parse.cc:1370

    #7 0x55dfbd22c664 in do_handle_one_connection(CONNECT*) /data/src/bb-10.3-temporal/sql/sql_connect.cc:1420

    #8 0x55dfbd22c079 in handle_one_connection /data/src/bb-10.3-temporal/sql/sql_connect.cc:1326

    #9 0x7f2a8909e493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)

previously allocated by thread T33 here:

    #0 0x7f2a8930873f in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5473f)

    #1 0x55dfbe76375a in sf_malloc /data/src/bb-10.3-temporal/mysys/safemalloc.c:118

    #2 0x55dfbe73229d in my_malloc /data/src/bb-10.3-temporal/mysys/my_malloc.c:101

    #3 0x55dfbe712117 in alloc_root /data/src/bb-10.3-temporal/mysys/my_alloc.c:243

    #4 0x55dfbe7127ba in multi_alloc_root /data/src/bb-10.3-temporal/mysys/my_alloc.c:311

    #5 0x55dfbcf78c34 in make_join_statistics /data/src/bb-10.3-temporal/sql/sql_select.cc:4368

    #6 0x55dfbcf6225f in JOIN::optimize_inner() /data/src/bb-10.3-temporal/sql/sql_select.cc:1971

    #7 0x55dfbcf5e50c in JOIN::optimize() /data/src/bb-10.3-temporal/sql/sql_select.cc:1556

    #8 0x55dfbce82cb5 in st_select_lex::optimize_unflattened_subqueries(bool) /data/src/bb-10.3-temporal/sql/sql_lex.cc:3976

    #9 0x55dfbd2f97a8 in JOIN::optimize_constant_subqueries() /data/src/bb-10.3-temporal/sql/opt_subselect.cc:5211

    #10 0x55dfbcf5f4b3 in JOIN::optimize_inner() /data/src/bb-10.3-temporal/sql/sql_select.cc:1681

    #11 0x55dfbcf5e50c in JOIN::optimize() /data/src/bb-10.3-temporal/sql/sql_select.cc:1556

    #12 0x55dfbcf77f55 in mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/bb-10.3-temporal/sql/sql_select.cc:4244

    #13 0x55dfbcf52f6c in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/bb-10.3-temporal/sql/sql_select.cc:382

    #14 0x55dfbced4d9e in execute_sqlcom_select /data/src/bb-10.3-temporal/sql/sql_parse.cc:6535

    #15 0x55dfbcec2ec5 in mysql_execute_command(THD*) /data/src/bb-10.3-temporal/sql/sql_parse.cc:3749

    #16 0x55dfbcedd143 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/bb-10.3-temporal/sql/sql_parse.cc:7991

    #17 0x55dfbceb7866 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/bb-10.3-temporal/sql/sql_parse.cc:1825

    #18 0x55dfbceb48c7 in do_command(THD*) /data/src/bb-10.3-temporal/sql/sql_parse.cc:1370

    #19 0x55dfbd22c664 in do_handle_one_connection(CONNECT*) /data/src/bb-10.3-temporal/sql/sql_connect.cc:1420

    #20 0x55dfbd22c079 in handle_one_connection /data/src/bb-10.3-temporal/sql/sql_connect.cc:1326

    #21 0x7f2a8909e493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)

Thread T33 created by T0 here:

    #0 0x7f2a892d7bba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)

    #1 0x55dfbe78ece6 in spawn_thread_noop /data/src/bb-10.3-temporal/mysys/psi_noop.c:187

    #2 0x55dfbcc7ef0f in inline_mysql_thread_create /data/src/bb-10.3-temporal/include/mysql/psi/mysql_thread.h:1239

    #3 0x55dfbcc94cef in create_thread_to_handle_connection(CONNECT*) /data/src/bb-10.3-temporal/sql/mysqld.cc:6574

    #4 0x55dfbcc953f4 in create_new_thread /data/src/bb-10.3-temporal/sql/mysqld.cc:6644

    #5 0x55dfbcc96405 in handle_connections_sockets() /data/src/bb-10.3-temporal/sql/mysqld.cc:6919

    #7 0x55dfbcc7d43f in main /data/src/bb-10.3-temporal/sql/main.cc:25

    #8 0x7f2a873bc2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)

SUMMARY: AddressSanitizer: heap-use-after-free /data/src/bb-10.3-temporal/sql/field.h:2650 Field_timestampf::cmp(unsigned char const*, unsigned char const*)

Shadow bytes around the buggy address:

  0x0c528008a7b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd

  0x0c528008a7c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd

  0x0c528008a7d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd

  0x0c528008a7e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd

  0x0c528008a7f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd

=>0x0c528008a800: fd fd fd fd fd fd[fd]fd fd fd fd fd fd fd fd fd

  0x0c528008a810: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd

  0x0c528008a820: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd

  0x0c528008a830: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd

  0x0c528008a840: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd

  0x0c528008a850: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd

Shadow byte legend (one shadow byte represents 8 application bytes):

  Addressable:           00

  Partially addressable: 01 02 03 04 05 06 07 

  Heap left redzone:       fa

  Heap right redzone:      fb

  Freed heap region:       fd

  Stack left redzone:      f1

  Stack mid redzone:       f2

  Stack right redzone:     f3

  Stack partial redzone:   f4

  Stack after return:      f5

  Stack use after scope:   f8

  Global redzone:          f9

  Global init order:       f6

  Poisoned by user:        f7

  Contiguous container OOB:fc

  ASan internal:           fe

==17559==ABORTING

# Run with --mysqld=--sql-mode='' --default-server-options --mysqld=--max-statement-time=30   --mysqld=--lock-wait-timeout=5 --mysqld=--innodb-lock-wait-timeout=3

GRANT ALL ON *.* TO rqg@localhost;

CREATE TABLE `table0_innodb_int_autoinc` (

`col_char_12_key` char(12),

`col_char_12` char(12),

`col_int_key` int,

`col_int` int,

pk integer auto_increment,

primary key (pk)) ENGINE=innodb;

CREATE TABLE `table0_innodb_key_pk_parts_2_int_autoinc` (

`col_int` int,

`col_char_12_key` char(12),

pk integer auto_increment,

`col_int_key` int,

primary key (pk),

key (`col_int_key` )) ENGINE=innodb;

CREATE TABLE `table1_innodb_int_autoinc` (

`col_char_12` char(12),

`col_char_12_key` char(12),

`col_int_key` int,

pk integer auto_increment,

`col_int` int,

primary key (pk)) ENGINE=innodb;

CREATE TABLE `table1_innodb_key_pk_parts_2_int_autoinc` (

`col_int_key` int,

`col_char_12_key` char(12),

`col_int` int,

pk integer auto_increment,

primary key (pk)) ENGINE=innodb;

CREATE TABLE `table100_innodb_key_pk_parts_2_int_autoinc` (

pk integer auto_increment,

`col_char_12_key` char(12),

`col_int_key` int,

primary key (pk),

key (`col_int_key` )) ENGINE=innodb PARTITION BY key (pk) partitions 2;

--connect (con15_0,localhost,rqg,,test)

SET STATEMENT system_versioning_alter_history=KEEP FOR ALTER TABLE `table0_innodb_key_pk_parts_2_int_autoinc` ADD SYSTEM VERSIONING, ADD COLUMN IF NOT EXISTS `col_char_12` TEXT NOT NULL DEFAULT '';

--connect (con14_0,localhost,rqg,,test)

INSERT INTO `table1_innodb_int_autoinc` (`pk`) VALUES (NULL);

REPLACE INTO `table0_innodb_key_pk_parts_2_int_autoinc` ( `col_int_key`, `col_int` ) VALUES ( 'l', 6 ), ( 50, 1456406528 );

UPDATE `table0_innodb_key_pk_parts_2_int_autoinc` AS X SET `col_int` = 4162584576 ORDER BY `col_char_12`,`col_char_12_key`,`col_int`,`col_int_key`,`pk` LIMIT 7;

SET AUTOCOMMIT=OFF;

INSERT IGNORE INTO `table0_innodb_int_autoinc` ( `col_int_key` ) SELECT `pk` FROM `table1_innodb_int_autoinc` AS X ORDER BY `col_char_12`,`col_char_12_key`,`col_int`,`col_int_key`,`pk` LIMIT 8;

SELECT ( SELECT `col_int_key` FROM `table1_innodb_key_pk_parts_2_int_autoinc` WHERE `pk` = 2701590528 ) FROM `table0_innodb_key_pk_parts_2_int_autoinc` AS X LEFT JOIN `table1_innodb_int_autoinc` AS Y USING ( `pk` ) WHERE X.`col_char_12_key` BETWEEN 24 AND 752156672 LIMIT 6;

--connection con15_0

--error ER_LOCK_WAIT_TIMEOUT

SET STATEMENT system_versioning_alter_history=KEEP FOR ALTER TABLE `table1_innodb_key_pk_parts_2_int_autoinc` ADD PERIOD FOR SYSTEM_TIME(`sys_trx_start`, `sys_trx_start`), CHANGE COLUMN IF EXISTS `vers_start` `vers_start` TIMESTAMP(6) GENERATED ALWAYS AS ROW START, MODIFY COLUMN IF EXISTS tcol10 TIME NULL, ALTER COLUMN `col_int` SET DEFAULT NULL;

--error ER_LOCK_WAIT_TIMEOUT

UPDATE IGNORE `table0_innodb_int_autoinc` AS X SET `col_char_12` = 5 WHERE X.`col_char_12_key` < 1401028608 ORDER BY `col_char_12`,`col_char_12_key`,`col_int`,`col_int_key`,`pk` LIMIT 6;

--connection con14_0

SET STATEMENT system_versioning_alter_history=KEEP FOR ALTER TABLE `table0_innodb_key_pk_parts_2_int_autoinc` PARTITION BY system_time INTERVAL 9 SECOND ( PARTITION ver_p1 HISTORY, PARTITION ver_p2 HISTORY, PARTITION ver_pn CURRENT );

DELETE FROM `table0_innodb_key_pk_parts_2_int_autoinc`;

SELECT * FROM `table1_innodb_key_pk_parts_2_int_autoinc` AS X LEFT JOIN `table0_innodb_key_pk_parts_2_int_autoinc` AS Y USING ( `col_int_key` ) WHERE X.`col_char_12_key` = ( SELECT `pk` FROM `table100_innodb_key_pk_parts_2_int_autoinc` WHERE `pk` = 'n' ) LIMIT 8;

SET STATEMENT system_versioning_alter_history=KEEP FOR ALTER TABLE `table0_innodb_key_pk_parts_2_int_autoinc` ADD PARTITION (PARTITION ver_p3 HISTORY);