[MDEV-27223] ASAN heap-use-after-free in my_strnncollsp_simple upon LOAD DATA with virtual unique blob Created: 2021-12-10  Updated: 2023-11-28

Status: Confirmed
Project: MariaDB Server
Component/s: Virtual Columns
Affects Version/s: 10.4, 10.5, 10.6, 10.7, 10.8, 10.9, 10.10
Fix Version/s: 10.4, 10.5, 10.6

Type: Bug Priority: Major
Reporter: Elena Stepanova Assignee: Nikita Malyavin
Resolution: Unresolved Votes: 0
Labels: None

Issue Links:
Relates
relates to MDEV-29520 ASAN heap-use-after-poison in row_mer... Closed

 Description   

We have a number of bugs with ASAN errors in my_strnncollsp_simple, but those which I've found (MDEV-16699, MDEV-18900, MDEV-20619, MDEV-22648) all seem to have specifics of the scenario which this one doesn't.

CREATE TABLE t1 (b VARCHAR(8), c TEXT AS (b), UNIQUE(c));
 
INSERT INTO t1 (b) VALUES ('foo'),('bar');
 
 
 
SELECT * INTO OUTFILE 't1.data' FROM t1;
 
LOAD DATA INFILE 't1.data' REPLACE INTO TABLE t1;
 
 
 
# Cleanup
 
--let $datadir= `SELECT @@datadir`
 
--remove_file $datadir/test/t1.data
 
 
 
DROP TABLE t1;

10.4 74b3d4252a29

 
==3860234==ERROR: AddressSanitizer: heap-use-after-free on address 0x60c0000212f0 at pc 0x55eff50e22bf bp 0x7ff2f77e5aa0 sp 0x7ff2f77e5a90
 
READ of size 1 at 0x60c0000212f0 thread T5
 
    #0 0x55eff50e22be in my_strnncollsp_simple /data/src/10.4-bug/strings/ctype-simple.c:182
 
    #1 0x55eff3bcb248 in Field_blob::cmp(unsigned char const*, unsigned int, unsigned char const*, unsigned int) /data/src/10.4-bug/sql/field.cc:8640
 
    #2 0x55eff3bcb551 in Field_blob::cmp(unsigned char const*, unsigned char const*) /data/src/10.4-bug/sql/field.cc:8651
 
    #3 0x55eff3beb2bb in Field::cmp_offset(long long) /data/src/10.4-bug/sql/field.h:1106
 
    #4 0x55eff3c529db in check_duplicate_long_entry_key /data/src/10.4-bug/sql/handler.cc:6637
 
    #5 0x55eff3c5360c in check_duplicate_long_entries /data/src/10.4-bug/sql/handler.cc:6688
 
    #6 0x55eff3c53ea2 in handler::ha_write_row(unsigned char const*) /data/src/10.4-bug/sql/handler.cc:6768
 
    #7 0x55eff33cb1ee in write_record(THD*, TABLE*, st_copy_info*) /data/src/10.4-bug/sql/sql_insert.cc:1747
 
    #8 0x55eff3459a06 in read_sep_field /data/src/10.4-bug/sql/sql_load.cc:1164
 
    #9 0x55eff3455bbc in mysql_load(THD*, sql_exchange const*, TABLE_LIST*, List<Item>&, List<Item>&, List<Item>&, enum_duplicates, bool, bool) /data/src/10.4-bug/sql/sql_load.cc:669
 
    #10 0x55eff3486a37 in mysql_execute_command(THD*) /data/src/10.4-bug/sql/sql_parse.cc:5008
 
    #11 0x55eff349af04 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.4-bug/sql/sql_parse.cc:7995
 
    #12 0x55eff347168b in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.4-bug/sql/sql_parse.cc:1857
 
    #13 0x55eff346e108 in do_command(THD*) /data/src/10.4-bug/sql/sql_parse.cc:1373
 
    #14 0x55eff3868a2c in do_handle_one_connection(CONNECT*) /data/src/10.4-bug/sql/sql_connect.cc:1420
 
    #15 0x55eff3868185 in handle_one_connection /data/src/10.4-bug/sql/sql_connect.cc:1316
 
    #16 0x55eff44ebe74 in pfs_spawn_thread /data/src/10.4-bug/storage/perfschema/pfs.cc:1869
 
    #17 0x7ff3015fb608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477
 
    #18 0x7ff3011ce292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)
 
 
 
0x60c0000212f0 is located 112 bytes inside of 124-byte region [0x60c000021280,0x60c0000212fc)
 
freed by thread T5 here:
 
    #0 0x7ff301ca77cf in __interceptor_free (/lib/x86_64-linux-gnu/libasan.so.5+0x10d7cf)
 
    #1 0x55eff507b260 in free_memory /data/src/10.4-bug/mysys/safemalloc.c:279
 
    #2 0x55eff507a81c in sf_free /data/src/10.4-bug/mysys/safemalloc.c:197
 
    #3 0x55eff504921a in my_free /data/src/10.4-bug/mysys/my_malloc.c:222
 
    #4 0x55eff3198bc1 in Binary_string::free() /data/src/10.4-bug/sql/sql_string.h:610
 
    #5 0x55eff31e246d in Binary_string::set(char const*, unsigned long) /data/src/10.4-bug/sql/sql_string.h:467
 
    #6 0x55eff31e24be in String::set(char const*, unsigned long, charset_info_st const*) /data/src/10.4-bug/sql/sql_string.h:769
 
    #7 0x55eff3bc317d in Field_varstring::val_str(String*, String*) /data/src/10.4-bug/sql/field.cc:7795
 
    #8 0x55eff31bfc07 in Field::val_str(String*) /data/src/10.4-bug/sql/field.h:857
 
    #9 0x55eff3bf6d1c in Field_blob::store_field(Field*) /data/src/10.4-bug/sql/field.h:3942
 
    #10 0x55eff3c056f3 in field_conv_incompatible /data/src/10.4-bug/sql/field_conv.cc:851
 
    #11 0x55eff3c05794 in field_conv(Field*, Field*) /data/src/10.4-bug/sql/field_conv.cc:864
 
    #12 0x55eff3ca0f6e in save_field_in_field /data/src/10.4-bug/sql/item.cc:6571
 
    #13 0x55eff3ca173a in Item_field::save_in_field(Field*, bool) /data/src/10.4-bug/sql/item.cc:6622
 
    #14 0x55eff37bb147 in TABLE::update_virtual_fields(handler*, enum_vcol_update_mode) /data/src/10.4-bug/sql/table.cc:8427
 
    #15 0x55eff3c34c86 in handler::ha_index_read_map(unsigned char*, unsigned char const*, unsigned long, ha_rkey_function) /data/src/10.4-bug/sql/handler.cc:2944
 
    #16 0x55eff3c52253 in check_duplicate_long_entry_key /data/src/10.4-bug/sql/handler.cc:6616
 
    #17 0x55eff3c5360c in check_duplicate_long_entries /data/src/10.4-bug/sql/handler.cc:6688
 
    #18 0x55eff3c53ea2 in handler::ha_write_row(unsigned char const*) /data/src/10.4-bug/sql/handler.cc:6768
 
    #19 0x55eff33cb1ee in write_record(THD*, TABLE*, st_copy_info*) /data/src/10.4-bug/sql/sql_insert.cc:1747
 
    #20 0x55eff3459a06 in read_sep_field /data/src/10.4-bug/sql/sql_load.cc:1164
 
    #21 0x55eff3455bbc in mysql_load(THD*, sql_exchange const*, TABLE_LIST*, List<Item>&, List<Item>&, List<Item>&, enum_duplicates, bool, bool) /data/src/10.4-bug/sql/sql_load.cc:669
 
    #22 0x55eff3486a37 in mysql_execute_command(THD*) /data/src/10.4-bug/sql/sql_parse.cc:5008
 
    #23 0x55eff349af04 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.4-bug/sql/sql_parse.cc:7995
 
    #24 0x55eff347168b in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.4-bug/sql/sql_parse.cc:1857
 
    #25 0x55eff346e108 in do_command(THD*) /data/src/10.4-bug/sql/sql_parse.cc:1373
 
    #26 0x55eff3868a2c in do_handle_one_connection(CONNECT*) /data/src/10.4-bug/sql/sql_connect.cc:1420
 
    #27 0x55eff3868185 in handle_one_connection /data/src/10.4-bug/sql/sql_connect.cc:1316
 
    #28 0x55eff44ebe74 in pfs_spawn_thread /data/src/10.4-bug/storage/perfschema/pfs.cc:1869
 
    #29 0x7ff3015fb608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477
 
 
 
previously allocated by thread T5 here:
 
    #0 0x7ff301ca7bc8 in malloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10dbc8)
 
    #1 0x55eff507a1d0 in sf_malloc /data/src/10.4-bug/mysys/safemalloc.c:118
 
    #2 0x55eff5048723 in my_malloc /data/src/10.4-bug/mysys/my_malloc.c:101
 
    #3 0x55eff36aa7e1 in Binary_string::realloc_raw(unsigned long) /data/src/10.4-bug/sql/sql_string.cc:101
 
    #4 0x55eff3198c8a in Binary_string::realloc(unsigned long) /data/src/10.4-bug/sql/sql_string.h:625
 
    #5 0x55eff36ab649 in Binary_string::copy() /data/src/10.4-bug/sql/sql_string.cc:220
 
    #6 0x55eff3be4c7f in String::copy() /data/src/10.4-bug/sql/sql_string.h:823
 
    #7 0x55eff3bf6e25 in Field_blob::store_field(Field*) /data/src/10.4-bug/sql/field.h:3945
 
    #8 0x55eff3c056f3 in field_conv_incompatible /data/src/10.4-bug/sql/field_conv.cc:851
 
    #9 0x55eff3c05794 in field_conv(Field*, Field*) /data/src/10.4-bug/sql/field_conv.cc:864
 
    #10 0x55eff3ca0f6e in save_field_in_field /data/src/10.4-bug/sql/item.cc:6571
 
    #11 0x55eff3ca173a in Item_field::save_in_field(Field*, bool) /data/src/10.4-bug/sql/item.cc:6622
 
    #12 0x55eff37bb147 in TABLE::update_virtual_fields(handler*, enum_vcol_update_mode) /data/src/10.4-bug/sql/table.cc:8427
 
    #13 0x55eff330f28d in fill_record(THD*, TABLE*, List<Item>&, List<Item>&, bool, bool) /data/src/10.4-bug/sql/sql_base.cc:8626
 
    #14 0x55eff330fef4 in fill_record_n_invoke_before_triggers(THD*, TABLE*, List<Item>&, List<Item>&, bool, trg_event_type) /data/src/10.4-bug/sql/sql_base.cc:8754
 
    #15 0x55eff34598f6 in read_sep_field /data/src/10.4-bug/sql/sql_load.cc:1149
 
    #16 0x55eff3455bbc in mysql_load(THD*, sql_exchange const*, TABLE_LIST*, List<Item>&, List<Item>&, List<Item>&, enum_duplicates, bool, bool) /data/src/10.4-bug/sql/sql_load.cc:669
 
    #17 0x55eff3486a37 in mysql_execute_command(THD*) /data/src/10.4-bug/sql/sql_parse.cc:5008
 
    #18 0x55eff349af04 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.4-bug/sql/sql_parse.cc:7995
 
    #19 0x55eff347168b in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.4-bug/sql/sql_parse.cc:1857
 
    #20 0x55eff346e108 in do_command(THD*) /data/src/10.4-bug/sql/sql_parse.cc:1373
 
    #21 0x55eff3868a2c in do_handle_one_connection(CONNECT*) /data/src/10.4-bug/sql/sql_connect.cc:1420
 
    #22 0x55eff3868185 in handle_one_connection /data/src/10.4-bug/sql/sql_connect.cc:1316
 
    #23 0x55eff44ebe74 in pfs_spawn_thread /data/src/10.4-bug/storage/perfschema/pfs.cc:1869
 
    #24 0x7ff3015fb608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477
 
 
 
Thread T5 created by T0 here:
 
    #0 0x7ff301bd4805 in pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x3a805)
 
    #1 0x55eff44ec265 in spawn_thread_v1 /data/src/10.4-bug/storage/perfschema/pfs.cc:1919
 
    #2 0x55eff3173bdf in inline_mysql_thread_create /data/src/10.4-bug/include/mysql/psi/mysql_thread.h:1275
 
    #3 0x55eff318bae4 in create_thread_to_handle_connection(CONNECT*) /data/src/10.4-bug/sql/mysqld.cc:6241
 
    #4 0x55eff318c27f in create_new_thread(CONNECT*) /data/src/10.4-bug/sql/mysqld.cc:6311
 
    #5 0x55eff318c765 in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/src/10.4-bug/sql/mysqld.cc:6409
 
    #6 0x55eff318d632 in handle_connections_sockets() /data/src/10.4-bug/sql/mysqld.cc:6567
 
    #7 0x55eff318b1d8 in mysqld_main(int, char**) /data/src/10.4-bug/sql/mysqld.cc:5899
 
    #8 0x55eff3171e2c in main /data/src/10.4-bug/sql/main.cc:25
 
    #9 0x7ff3010d30b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
 
 
 
SUMMARY: AddressSanitizer: heap-use-after-free /data/src/10.4-bug/strings/ctype-simple.c:182 in my_strnncollsp_simple
 
Shadow bytes around the buggy address:
 
  0x0c187fffc200: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
 
  0x0c187fffc210: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
 
  0x0c187fffc220: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
 
  0x0c187fffc230: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
 
  0x0c187fffc240: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
 
=>0x0c187fffc250: fd fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]fd
 
  0x0c187fffc260: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
 
  0x0c187fffc270: 00 00 00 00 00 00 00 04 fa fa fa fa fa fa fa fa
 
  0x0c187fffc280: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
 
  0x0c187fffc290: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
 
  0x0c187fffc2a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
 
Shadow byte legend (one shadow byte represents 8 application bytes):
 
  Addressable:           00
 
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
 
  Freed heap region:       fd
 
  Stack left redzone:      f1
 
  Stack mid redzone:       f2
 
  Stack right redzone:     f3
 
  Stack after return:      f5
 
  Stack use after scope:   f8
 
  Global redzone:          f9
 
  Global init order:       f6
 
  Poisoned by user:        f7
 
  Container overflow:      fc
 
  Array cookie:            ac
 
  Intra object redzone:    bb
 
  ASan internal:           fe
 
  Left alloca redzone:     ca
 
  Right alloca redzone:    cb
 
  Shadow gap:              cc
 
==3860234==ABORTING
 
211211  0:57:13 [ERROR] mysqld got signal 6 ;
 
This could be because you hit a bug. It is also possible that this binary
 
or one of the libraries it was linked against is corrupt, improperly built,
 
or misconfigured. This error can also be caused by malfunctioning hardware.
 
 
 
To report this bug, see https://mariadb.com/kb/en/reporting-bugs
 
 
 
We will try our best to scrape up some info that will hopefully help
 
diagnose the problem, but since we have already crashed, 
something is definitely wrong and this may fail.
 
 
 
Server version: 10.4.23-MariaDB-debug-log
 
key_buffer_size=1048576
 
read_buffer_size=131072
 
max_used_connections=1
 
max_threads=153
 
thread_count=1
 
It is possible that mysqld could use up to 
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 63649 K  bytes of memory
 
Hope that's ok; if not, decrease some variables in the equation.
 
 
 
Thread pointer: 0x62b00005b270
 
Attempting backtrace. You can use the following information to find out
 
where mysqld died. If you see no messages after this, something went
 
terribly wrong...
 
stack_bottom = 0x7ff2f77e9910 thread_stack 0x5fc00
 
/lib/x86_64-linux-gnu/libasan.so.5(+0x6cd30)[0x7ff301c06d30]
 
mysys/stacktrace.c:174(my_print_stacktrace)[0x55eff50585c5]
 
sql/signal_handler.cc:222(handle_fatal_signal)[0x55eff3c1b03b]
 
sigaction.c:0(__restore_rt)[0x7ff3016073c0]
 
/lib/x86_64-linux-gnu/libc.so.6(gsignal+0xcb)[0x7ff3010f218b]
 
/lib/x86_64-linux-gnu/libc.so.6(abort+0x12b)[0x7ff3010d1859]
 
/lib/x86_64-linux-gnu/libasan.so.5(+0x12b6a2)[0x7ff301cc56a2]
 
/lib/x86_64-linux-gnu/libasan.so.5(+0x13624c)[0x7ff301cd024c]
 
/lib/x86_64-linux-gnu/libasan.so.5(+0x1178ec)[0x7ff301cb18ec]
 
/lib/x86_64-linux-gnu/libasan.so.5(+0x117363)[0x7ff301cb1363]
 
/lib/x86_64-linux-gnu/libasan.so.5(__asan_report_load1+0x3b)[0x7ff301cb1e4b]
 
strings/ctype-simple.c:182(my_strnncollsp_simple)[0x55eff50e22bf]
 
sql/field.cc:8642(Field_blob::cmp(unsigned char const*, unsigned int, unsigned char const*, unsigned int))[0x55eff3bcb249]
 
sql/field.cc:8651(Field_blob::cmp(unsigned char const*, unsigned char const*))[0x55eff3bcb552]
 
sql/field.h:1106(Field::cmp_offset(long long))[0x55eff3beb2bc]
 
sql/handler.cc:6637(check_duplicate_long_entry_key(TABLE*, handler*, unsigned char const*, unsigned int))[0x55eff3c529dc]
 
sql/handler.cc:6688(check_duplicate_long_entries(TABLE*, handler*, unsigned char const*))[0x55eff3c5360d]
 
sql/handler.cc:6768(handler::ha_write_row(unsigned char const*))[0x55eff3c53ea3]
 
sql/sql_insert.cc:1747(write_record(THD*, TABLE*, st_copy_info*))[0x55eff33cb1ef]
 
sql/sql_load.cc:1164(read_sep_field(THD*, st_copy_info&, TABLE_LIST*, List<Item>&, List<Item>&, List<Item>&, READ_INFO&, String&, unsigned long, bool))[0x55eff3459a07]
 
sql/sql_load.cc:669(mysql_load(THD*, sql_exchange const*, TABLE_LIST*, List<Item>&, List<Item>&, List<Item>&, enum_duplicates, bool, bool))[0x55eff3455bbd]
 
sql/sql_parse.cc:5008(mysql_execute_command(THD*))[0x55eff3486a38]
 
sql/sql_parse.cc:7995(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x55eff349af05]
 
sql/sql_parse.cc:1860(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x55eff347168c]
 
sql/sql_parse.cc:1373(do_command(THD*))[0x55eff346e109]
 
sql/sql_connect.cc:1420(do_handle_one_connection(CONNECT*))[0x55eff3868a2d]
 
sql/sql_connect.cc:1317(handle_one_connection)[0x55eff3868186]
 
perfschema/pfs.cc:1871(pfs_spawn_thread)[0x55eff44ebe75]
 
nptl/pthread_create.c:478(start_thread)[0x7ff3015fb609]
 
/lib/x86_64-linux-gnu/libc.so.6(clone+0x43)[0x7ff3011ce293]
 
 
 
Trying to get some variables.
 
Some pointers may be invalid and cause the dump to abort.
 
Query (0x62b000062290): LOAD DATA INFILE 't1.data' REPLACE INTO TABLE t1
 
 
 
Connection ID (thread ID): 4
 
Status: NOT_KILLED
 
 
 
Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,engine_condition_pushdown=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on
 
 
 
The manual page at https://mariadb.com/kb/en/how-to-produce-a-full-stack-trace-for-mysqld/ contains
 
information that should help you find out what is causing the crash.
 
Writing a core file...
 
Working directory at /dev/shm/var_auto_o3Af/mysqld.1/data
 
Resource Limits:
 
Limit                     Soft Limit           Hard Limit           Units     
Max cpu time              unlimited            unlimited            seconds   
Max file size             unlimited            unlimited            bytes     
Max data size             unlimited            unlimited            bytes     
Max stack size            8388608              unlimited            bytes     
Max core file size        unlimited            unlimited            bytes     
Max resident set          unlimited            unlimited            bytes     
Max processes             385674               385674               processes 
Max open files            1024                 1024                 files     
Max locked memory         67108864             67108864             bytes     
Max address space         unlimited            unlimited            bytes     
Max file locks            unlimited            unlimited            locks     
Max pending signals       385674               385674               signals   
Max msgqueue size         819200               819200               bytes     
Max nice priority         0                    0                    
Max realtime priority     0                    0                    
Max realtime timeout      unlimited            unlimited            us        
Core pattern: core
 
 
 
----------SERVER LOG END-------------
 
 
 
 
 
 - found 'core' (0/5)
 
 
 
Trying 'dbx' to get a backtrace
 
 
 
Trying 'gdb' to get a backtrace from coredump /mnt-hd8t/src/10.4-bug/mysql-test/var/log/bug.dtuple2/mysqld.1/data/core
 
Core generated by '/mnt-hd8t/src/10.4-bug/sql/mysqld'
 
Output from gdb follows. The first stack trace is from the failing thread.
 
The following stack traces are from all threads (so the failing one is
 
duplicated).
 
--------------------------
 
[New LWP 3860241]
 
[New LWP 3860237]
 
[New LWP 3860235]
 
[New LWP 3860236]
 
[New LWP 3860234]
 
[New LWP 3860238]
 
[Thread debugging using libthread_db enabled]
 
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
 
Core was generated by `/mnt-hd8t/src/10.4-bug/sql/mysqld --defaults-group-suffix=.1 --defaults-file=/m'.
 
Program terminated with signal SIGABRT, Aborted.
 
#0  __pthread_kill (threadid=<optimized out>, signo=6) at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
 
56	../sysdeps/unix/sysv/linux/pthread_kill.c: No such file or directory.
 
[Current thread is 1 (Thread 0x7ff2f77ea300 (LWP 3860241))]
 
#0  __pthread_kill (threadid=<optimized out>, signo=6) at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
 
#1  0x000055eff5058747 in my_write_core (sig=6) at /data/src/10.4-bug/mysys/stacktrace.c:386
 
#2  0x000055eff3c1b632 in handle_fatal_signal (sig=6) at /data/src/10.4-bug/sql/signal_handler.cc:356
 
#3  <signal handler called>
 
#4  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
 
#5  0x00007ff3010d1859 in __GI_abort () at abort.c:79
 
#6  0x00007ff301cc56a2 in ?? () from /lib/x86_64-linux-gnu/libasan.so.5
 
#7  0x00007ff301cd024c in ?? () from /lib/x86_64-linux-gnu/libasan.so.5
 
#8  0x00007ff301cb18ec in ?? () from /lib/x86_64-linux-gnu/libasan.so.5
 
#9  0x00007ff301cb1363 in ?? () from /lib/x86_64-linux-gnu/libasan.so.5
 
#10 0x00007ff301cb1e4b in __asan_report_load1 () from /lib/x86_64-linux-gnu/libasan.so.5
 
#11 0x000055eff50e22bf in my_strnncollsp_simple (cs=0x55eff69ad7e0 <my_charset_latin1>, a=0x60c0000213b1 "oo", a_length=3, b=0x60c0000212f1 "oo", b_length=3) at /data/src/10.4-bug/strings/ctype-simple.c:182
 
#12 0x000055eff3bcb249 in Field_blob::cmp (this=0x61900008d180, a=0x60c0000213b0 "foo", a_length=3, b=0x60c0000212f0 "foo", b_length=3) at /data/src/10.4-bug/sql/field.cc:8640
 
#13 0x000055eff3bcb552 in Field_blob::cmp (this=0x61900008d180, a_ptr=0x61900008d02a "\003", b_ptr=0x61d0001ef33a "\003") at /data/src/10.4-bug/sql/field.cc:8651
 
#14 0x000055eff3beb2bc in Field::cmp_offset (this=0x61900008d180, row_offset=274879357712) at /data/src/10.4-bug/sql/field.h:1106
 
#15 0x000055eff3c529dc in check_duplicate_long_entry_key (table=0x62000003d0f0, h=0x62b000062e48, new_rec=0x61900008d020 "\370\003foo", key_no=0) at /data/src/10.4-bug/sql/handler.cc:6637
 
#16 0x000055eff3c5360d in check_duplicate_long_entries (table=0x62000003d0f0, h=0x62b000062e48, new_rec=0x61900008d020 "\370\003foo") at /data/src/10.4-bug/sql/handler.cc:6688
 
#17 0x000055eff3c53ea3 in handler::ha_write_row (this=0x61d0001ee710, buf=0x61900008d020 "\370\003foo") at /data/src/10.4-bug/sql/handler.cc:6768
 
#18 0x000055eff33cb1ef in write_record (thd=0x62b00005b270, table=0x62000003d0f0, info=0x7ff2f77e6440) at /data/src/10.4-bug/sql/sql_insert.cc:1747
 
#19 0x000055eff3459a07 in read_sep_field (thd=0x62b00005b270, info=..., table_list=0x62b000062430, fields_vars=..., set_fields=..., set_values=..., read_info=..., enclosed=..., skip_lines=0, ignore_check_option_errors=false) at /data/src/10.4-bug/sql/sql_load.cc:1164
 
#20 0x000055eff3455bbd in mysql_load (thd=0x62b00005b270, ex=0x62b000062388, table_list=0x62b000062430, fields_vars=..., set_fields=..., set_values=..., handle_duplicates=DUP_REPLACE, ignore=false, read_file_from_client=false) at /data/src/10.4-bug/sql/sql_load.cc:669
 
#21 0x000055eff3486a38 in mysql_execute_command (thd=0x62b00005b270) at /data/src/10.4-bug/sql/sql_parse.cc:5008
 
#22 0x000055eff349af05 in mysql_parse (thd=0x62b00005b270, rawbuf=0x62b000062290 "LOAD DATA INFILE 't1.data' REPLACE INTO TABLE t1", length=48, parser_state=0x7ff2f77e8780, is_com_multi=false, is_next_command=false) at /data/src/10.4-bug/sql/sql_parse.cc:7995
 
#23 0x000055eff347168c in dispatch_command (command=COM_QUERY, thd=0x62b00005b270, packet=0x62900023f271 "LOAD DATA INFILE 't1.data' REPLACE INTO TABLE t1", packet_length=48, is_com_multi=false, is_next_command=false) at /data/src/10.4-bug/sql/sql_parse.cc:1857
 
#24 0x000055eff346e109 in do_command (thd=0x62b00005b270) at /data/src/10.4-bug/sql/sql_parse.cc:1373
 
#25 0x000055eff3868a2d in do_handle_one_connection (connect=0x611000008170) at /data/src/10.4-bug/sql/sql_connect.cc:1420
 
#26 0x000055eff3868186 in handle_one_connection (arg=0x611000008170) at /data/src/10.4-bug/sql/sql_connect.cc:1316
 
#27 0x000055eff44ebe75 in pfs_spawn_thread (arg=0x61600000b7f0) at /data/src/10.4-bug/storage/perfschema/pfs.cc:1869
 
#28 0x00007ff3015fb609 in start_thread (arg=<optimized out>) at pthread_create.c:477
 
#29 0x00007ff3011ce293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
 
 
 
Thread 6 (Thread 0x7ff2f7862300 (LWP 3860238)):
 
#0  futex_wait_cancelable (private=<optimized out>, expected=0, futex_word=0x55eff6b1e708 <COND_manager+40>) at ../sysdeps/nptl/futex-internal.h:183
 
#1  __pthread_cond_wait_common (abstime=0x0, clockid=0, mutex=0x55eff6b1e628 <LOCK_manager+40>, cond=0x55eff6b1e6e0 <COND_manager>) at pthread_cond_wait.c:508
 
#2  __pthread_cond_wait (cond=0x55eff6b1e6e0 <COND_manager>, mutex=0x55eff6b1e628 <LOCK_manager+40>) at pthread_cond_wait.c:638
 
#3  0x000055eff5066213 in safe_cond_wait (cond=0x55eff6b1e6e0 <COND_manager>, mp=0x55eff6b1e600 <LOCK_manager>, file=0x55eff52e1be0 "/data/src/10.4-bug/include/mysql/psi/mysql_thread.h", line=1174) at /data/src/10.4-bug/mysys/thr_mutex.c:492
 
#4  0x000055eff3462dd0 in inline_mysql_cond_wait (that=0x55eff6b1e6e0 <COND_manager>, mutex=0x55eff6b1e600 <LOCK_manager>, src_file=0x55eff52e2620 "/data/src/10.4-bug/sql/sql_manager.cc", src_line=102) at /data/src/10.4-bug/include/mysql/psi/mysql_thread.h:1174
 
#5  0x000055eff34638b6 in handle_manager (arg=0x0) at /data/src/10.4-bug/sql/sql_manager.cc:102
 
#6  0x000055eff44ebe75 in pfs_spawn_thread (arg=0x616000009ff0) at /data/src/10.4-bug/storage/perfschema/pfs.cc:1869
 
#7  0x00007ff3015fb609 in start_thread (arg=<optimized out>) at pthread_create.c:477
 
#8  0x00007ff3011ce293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
 
 
 
Thread 5 (Thread 0x7ff300f59840 (LWP 3860234)):
 
#0  0x00007ff3011c1aff in __GI___poll (fds=0x7ffce5cb5df0, nfds=2, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
 
#1  0x00007ff301bd65ba in poll () from /lib/x86_64-linux-gnu/libasan.so.5
 
#2  0x000055eff318cef3 in handle_connections_sockets () at /data/src/10.4-bug/sql/mysqld.cc:6463
 
#3  0x000055eff318b1d9 in mysqld_main (argc=<error reading variable: Cannot access memory at address 0x3d60>, argv=<error reading variable: Cannot access memory at address 0x3d70>) at /data/src/10.4-bug/sql/mysqld.cc:5899
 
#4  0x000055eff3171e2d in main (argc=6, argv=0x7ffce5cb6238) at /data/src/10.4-bug/sql/main.cc:25
 
 
 
Thread 4 (Thread 0x7ff2f8119700 (LWP 3860236)):
 
#0  futex_abstimed_wait_cancelable (private=<optimized out>, abstime=0x7ff2f8118c00, clockid=<optimized out>, expected=0, futex_word=0x55eff7378ee8 <COND_checkpoint+40>) at ../sysdeps/nptl/futex-internal.h:320
 
#1  __pthread_cond_wait_common (abstime=0x7ff2f8118c00, clockid=<optimized out>, mutex=0x55eff7378e08 <LOCK_checkpoint+40>, cond=0x55eff7378ec0 <COND_checkpoint>) at pthread_cond_wait.c:520
 
#2  __pthread_cond_timedwait (cond=0x55eff7378ec0 <COND_checkpoint>, mutex=0x55eff7378e08 <LOCK_checkpoint+40>, abstime=0x7ff2f8118c00) at pthread_cond_wait.c:656
 
#3  0x000055eff5066b4c in safe_cond_timedwait (cond=0x55eff7378ec0 <COND_checkpoint>, mp=0x55eff7378de0 <LOCK_checkpoint>, abstime=0x7ff2f8118c00, file=0x55eff5790e20 "/data/src/10.4-bug/include/mysql/psi/mysql_thread.h", line=1211) at /data/src/10.4-bug/mysys/thr_mutex.c:546
 
#4  0x000055eff4281627 in inline_mysql_cond_timedwait (that=0x55eff7378ec0 <COND_checkpoint>, mutex=0x55eff7378de0 <LOCK_checkpoint>, abstime=0x7ff2f8118c00, src_file=0x55eff5790ea0 "/data/src/10.4-bug/storage/maria/ma_servicethread.c", src_line=115) at /data/src/10.4-bug/include/mysql/psi/mysql_thread.h:1211
 
#5  0x000055eff4282502 in my_service_thread_sleep (control=0x55eff65659a0 <checkpoint_control>, sleep_time=29000000000) at /data/src/10.4-bug/storage/maria/ma_servicethread.c:115
 
#6  0x000055eff4263fe6 in ma_checkpoint_background (arg=0x1e) at /data/src/10.4-bug/storage/maria/ma_checkpoint.c:707
 
#7  0x000055eff44ebe75 in pfs_spawn_thread (arg=0x6160000066f0) at /data/src/10.4-bug/storage/perfschema/pfs.cc:1869
 
#8  0x00007ff3015fb609 in start_thread (arg=<optimized out>) at pthread_create.c:477
 
#9  0x00007ff3011ce293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
 
 
 
Thread 3 (Thread 0x7ff2f982b700 (LWP 3860235)):
 
#0  futex_abstimed_wait_cancelable (private=<optimized out>, abstime=0x7ff2f982ad50, clockid=<optimized out>, expected=0, futex_word=0x55eff7412028 <COND_timer+40>) at ../sysdeps/nptl/futex-internal.h:320
 
#1  __pthread_cond_wait_common (abstime=0x7ff2f982ad50, clockid=<optimized out>, mutex=0x55eff7411f48 <LOCK_timer+40>, cond=0x55eff7412000 <COND_timer>) at pthread_cond_wait.c:520
 
#2  __pthread_cond_timedwait (cond=0x55eff7412000 <COND_timer>, mutex=0x55eff7411f48 <LOCK_timer+40>, abstime=0x7ff2f982ad50) at pthread_cond_wait.c:656
 
#3  0x000055eff5066b4c in safe_cond_timedwait (cond=0x55eff7412000 <COND_timer>, mp=0x55eff7411f20 <LOCK_timer>, abstime=0x7ff2f982ad50, file=0x55eff5c87120 "/data/src/10.4-bug/include/mysql/psi/mysql_thread.h", line=1211) at /data/src/10.4-bug/mysys/thr_mutex.c:546
 
#4  0x000055eff5069999 in inline_mysql_cond_timedwait (that=0x55eff7412000 <COND_timer>, mutex=0x55eff7411f20 <LOCK_timer>, abstime=0x7ff2f982ad50, src_file=0x55eff5c871c0 "/data/src/10.4-bug/mysys/thr_timer.c", src_line=292) at /data/src/10.4-bug/include/mysql/psi/mysql_thread.h:1211
 
#5  0x000055eff506b91d in timer_handler (arg=0x0) at /data/src/10.4-bug/mysys/thr_timer.c:292
 
#6  0x000055eff44ebe75 in pfs_spawn_thread (arg=0x616000001ef0) at /data/src/10.4-bug/storage/perfschema/pfs.cc:1869
 
#7  0x00007ff3015fb609 in start_thread (arg=<optimized out>) at pthread_create.c:477
 
#8  0x00007ff3011ce293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
 
 
 
Thread 2 (Thread 0x7ff2f78fa300 (LWP 3860237)):
 
#0  0x00007ff3010f3322 in __GI___sigtimedwait (set=0x7ff2f78f98b0, info=0x7ff2f78f96e0, timeout=0x0) at ../sysdeps/unix/sysv/linux/sigtimedwait.c:29
 
#1  0x00007ff301c21111 in ?? () from /lib/x86_64-linux-gnu/libasan.so.5
 
#2  0x000055eff3171f29 in my_sigwait (set=0x7ff2f78f98b0, sig=0x7ff2f78f9820, code=0x7ff2f78f9830) at /data/src/10.4-bug/include/my_pthread.h:196
 
#3  0x000055eff3181c6a in signal_hand (arg=0x0) at /data/src/10.4-bug/sql/mysqld.cc:3219
 
#4  0x000055eff44ebe75 in pfs_spawn_thread (arg=0x6160000087f0) at /data/src/10.4-bug/storage/perfschema/pfs.cc:1869
 
#5  0x00007ff3015fb609 in start_thread (arg=<optimized out>) at pthread_create.c:477
 
#6  0x00007ff3011ce293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
 
 
 
Thread 1 (Thread 0x7ff2f77ea300 (LWP 3860241)):
 
#0  __pthread_kill (threadid=<optimized out>, signo=6) at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
 
#1  0x000055eff5058747 in my_write_core (sig=6) at /data/src/10.4-bug/mysys/stacktrace.c:386
 
#2  0x000055eff3c1b632 in handle_fatal_signal (sig=6) at /data/src/10.4-bug/sql/signal_handler.cc:356
 
#3  <signal handler called>
 
#4  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
 
#5  0x00007ff3010d1859 in __GI_abort () at abort.c:79
 
#6  0x00007ff301cc56a2 in ?? () from /lib/x86_64-linux-gnu/libasan.so.5
 
#7  0x00007ff301cd024c in ?? () from /lib/x86_64-linux-gnu/libasan.so.5
 
#8  0x00007ff301cb18ec in ?? () from /lib/x86_64-linux-gnu/libasan.so.5
 
#9  0x00007ff301cb1363 in ?? () from /lib/x86_64-linux-gnu/libasan.so.5
 
#10 0x00007ff301cb1e4b in __asan_report_load1 () from /lib/x86_64-linux-gnu/libasan.so.5
 
#11 0x000055eff50e22bf in my_strnncollsp_simple (cs=0x55eff69ad7e0 <my_charset_latin1>, a=0x60c0000213b1 "oo", a_length=3, b=0x60c0000212f1 "oo", b_length=3) at /data/src/10.4-bug/strings/ctype-simple.c:182
 
#12 0x000055eff3bcb249 in Field_blob::cmp (this=0x61900008d180, a=0x60c0000213b0 "foo", a_length=3, b=0x60c0000212f0 "foo", b_length=3) at /data/src/10.4-bug/sql/field.cc:8640
 
#13 0x000055eff3bcb552 in Field_blob::cmp (this=0x61900008d180, a_ptr=0x61900008d02a "\003", b_ptr=0x61d0001ef33a "\003") at /data/src/10.4-bug/sql/field.cc:8651
 
#14 0x000055eff3beb2bc in Field::cmp_offset (this=0x61900008d180, row_offset=274879357712) at /data/src/10.4-bug/sql/field.h:1106
 
#15 0x000055eff3c529dc in check_duplicate_long_entry_key (table=0x62000003d0f0, h=0x62b000062e48, new_rec=0x61900008d020 "\370\003foo", key_no=0) at /data/src/10.4-bug/sql/handler.cc:6637
 
#16 0x000055eff3c5360d in check_duplicate_long_entries (table=0x62000003d0f0, h=0x62b000062e48, new_rec=0x61900008d020 "\370\003foo") at /data/src/10.4-bug/sql/handler.cc:6688
 
#17 0x000055eff3c53ea3 in handler::ha_write_row (this=0x61d0001ee710, buf=0x61900008d020 "\370\003foo") at /data/src/10.4-bug/sql/handler.cc:6768
 
#18 0x000055eff33cb1ef in write_record (thd=0x62b00005b270, table=0x62000003d0f0, info=0x7ff2f77e6440) at /data/src/10.4-bug/sql/sql_insert.cc:1747
 
#19 0x000055eff3459a07 in read_sep_field (thd=0x62b00005b270, info=..., table_list=0x62b000062430, fields_vars=..., set_fields=..., set_values=..., read_info=..., enclosed=..., skip_lines=0, ignore_check_option_errors=false) at /data/src/10.4-bug/sql/sql_load.cc:1164
 
#20 0x000055eff3455bbd in mysql_load (thd=0x62b00005b270, ex=0x62b000062388, table_list=0x62b000062430, fields_vars=..., set_fields=..., set_values=..., handle_duplicates=DUP_REPLACE, ignore=false, read_file_from_client=false) at /data/src/10.4-bug/sql/sql_load.cc:669
 
#21 0x000055eff3486a38 in mysql_execute_command (thd=0x62b00005b270) at /data/src/10.4-bug/sql/sql_parse.cc:5008
 
#22 0x000055eff349af05 in mysql_parse (thd=0x62b00005b270, rawbuf=0x62b000062290 "LOAD DATA INFILE 't1.data' REPLACE INTO TABLE t1", length=48, parser_state=0x7ff2f77e8780, is_com_multi=false, is_next_command=false) at /data/src/10.4-bug/sql/sql_parse.cc:7995
 
#23 0x000055eff347168c in dispatch_command (command=COM_QUERY, thd=0x62b00005b270, packet=0x62900023f271 "LOAD DATA INFILE 't1.data' REPLACE INTO TABLE t1", packet_length=48, is_com_multi=false, is_next_command=false) at /data/src/10.4-bug/sql/sql_parse.cc:1857
 
#24 0x000055eff346e109 in do_command (thd=0x62b00005b270) at /data/src/10.4-bug/sql/sql_parse.cc:1373
 
#25 0x000055eff3868a2d in do_handle_one_connection (connect=0x611000008170) at /data/src/10.4-bug/sql/sql_connect.cc:1420
 
#26 0x000055eff3868186 in handle_one_connection (arg=0x611000008170) at /data/src/10.4-bug/sql/sql_connect.cc:1316
 
#27 0x000055eff44ebe75 in pfs_spawn_thread (arg=0x61600000b7f0) at /data/src/10.4-bug/storage/perfschema/pfs.cc:1869
 
#28 0x00007ff3015fb609 in start_thread (arg=<optimized out>) at pthread_create.c:477
 
#29 0x00007ff3011ce293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Reproducible on 10.4-10.7, with at least MyISAM and InnoDB.
No obvious immediate problem on a non-ASAN build.

 Comments   
Comment by Alice Sherepa [ 2022-06-21 ]

Another test, seems to be related, reproducible on 10.4-10.10

CREATE TABLE t1 ( a mediumtext GENERATED always AS (b), b longtext) ;
 
 
 
 INSERT INTO t1 (b) VALUES
 
('¿‚ƒ | Position | Binlog_Do_DB | Binlog_Ignore_DB  mariadb-bin.000096 |      568 \n+--------------------+----------+--------------+------------------+\n—°¿¸ˆ¸‚µ ´°½½‹µ ¿» File ¸ Position. •»¸ binary log ‚»Œ ‡‚ ±‹» ²»Ž‡µ½, ‚ ¿» ±ƒ´ƒ‚ ¿ƒ‚‹µ.\n¢µ¿µ€Œ, ³´° ‚°±»¸†‹ µ‰µ ·°±»¸€²°½‹, ¿¸€ƒ¹‚µ ´°½½‹µ   ½° slave. ž ‚, ° ‚ ´µ»°‚Œ, ²‹ ¶µ‚µ ¿€‡¸‚°‚Œ ² Backup, Restore and Import.\nŸ»µ ‚³ ° ´°½½‹µ ±ƒ´ƒ‚ ¿»ƒ‡µ½‹, ²‹ ¶µ‚µ ½‚Œ ±»¸€²ƒ ½°  ²‹¿»½¸² UNLOCK TABLES.\nUNLOCK TABLES;\n—°¿ƒ slave\nŸ»µ ‚³ ° ´°½½‹µ ±‹»¸ ¸¿€‚¸€²°½‹, ²‹ ¶µ‚µ ·°¿ƒ‚¸‚Œ €µ¿»¸°†¸Ž. ”» ½°‡°»° ·°¿ƒ‚¸‚µ CHANGE  TO, ƒ±µ´¸²ˆ¸Œ ² ‚, ‡‚ LOG_FILE ¸ LOG_POS ‚²µ‚‚²ƒŽ ¿» ²‹²µ´µ½½‹¸ €°½µµ °½´¹ SHOW  STATUS. °¿€¸µ€:\nCHANGE  TO\n  HOST=\'.domain.com\',\n  USER=\'replication_user\',\n  \',\n  PORT=3306,\n  LOG_FILE=\'mariadb-bin.000096\',\n  LOG_POS=568,\n  CONNECT_RETRY=10;\n•»¸ ²‹ ·°¿ƒ°µ‚µ slave  ²µ¶¸  ‚€‹¹ ‚»Œ ‡‚ ±‹» ½°‚€µ½ ½° ·°¿ƒ €µ¿»¸°†¸¸, ‚ ² ‚ »ƒ‡°µ ²° ½µ ½ƒ¶½ ƒ°·‹²°‚Œ LOG_FILE ¸ LOG_POS.\n\n¢µ¿µ€Œ ·°¿ƒ‚¸‚µ slave  ¿‰ŒŽ °½´‹ START SLAVE:\nSTART SLAVE;\nµ¿»¸°†¸  MySQL  ½° MariaDB slave\nµ¿»¸°†¸  MySQL 5.5 ½° MariaDB 5.5+ €°±‚°µ‚.\nµ¿»¸°†¸  MySQL 5.6 ±µ· GTID ½° MariaDB 10+ €°±‚°µ‚.\nµ¿»¸°†¸  MySQL 5.6  GTID, binlog_rows_query_log_events ¸ ignorable events works starting from .22 and MariaDB 10.1.8. In this case MariaDB will remove the MySQL GTIDs and other unneeded events and instead adds its own GTIDs.\n˜¿»Œ·²°½¸µ global transaction id (GTID)\nMariaDB starting with 10.0\nž±€°‚¸‚µ ²½¸°½¸µ, ‡‚ ²  ²²µ´µ½ global transaction IDs (GTIDs) ´» €µ¿»¸°†¸¸. š° ¿€°²¸», ‚ €µµ½´ƒµ‚ ¸¿»Œ·²°‚Œ (GTIDs) ´» , ‚° ° ¸µµ‚ €´ ¿€µ¸ƒ‰µ‚². ’µ ‡‚ ‚€µ±ƒµ‚, ‚° ‚ ´±°²¸‚Œ USE_GTID ¿†¸Ž ² ¿µ€°‚€ CHANGE '),
 
('¿‚ƒ | Position | Binlog_Do_DB | Binlog_Ignore_DB  mariadb-bin.000096 |      568 \n+--------------------+----------+--------------+------------------+\n—°¿¸ˆ¸‚µ ´°½½‹µ ¿» File ¸ Position. •»¸ binary log ‚»Œ ‡‚ ±‹» ²»Ž‡µ½, ‚ ¿» ±ƒ´ƒ‚ ¿ƒ‚‹µ.\n¢µ¿µ€Œ, ³´° ‚°±»¸†‹ µ‰µ ·°±»¸€²°½‹, ¿¸€ƒ¹‚µ ´°½½‹µ   ½° slave. ž ‚, ° ‚ ´µ»°‚Œ, ²‹ ¶µ‚µ ¿€‡¸‚°‚Œ ² Backup, Restore and Import.\nŸ»µ ‚³ ° ´°½½‹µ ±ƒ´ƒ‚ ¿»ƒ‡µ½‹, ²‹ ¶µ‚µ ½‚Œ ±»¸€²ƒ ½°  ²‹¿»½¸² UNLOCK TABLES.\nUNLOCK TABLES;\n—°¿ƒ slave\nŸ»µ ‚³ ° ´°½½‹µ ±‹»¸ ¸¿€‚¸€²°½‹, ²‹ ¶µ‚µ ·°¿ƒ‚¸‚Œ €µ¿»¸°†¸Ž. ”» ½°‡°»° ·°¿ƒ‚¸‚µ CHANGE  TO, ƒ±µ´¸²ˆ¸Œ ² ‚, ‡‚ LOG_FILE ¸ LOG_POS ‚²µ‚‚²ƒŽ ¿» ²‹²µ´µ½½‹¸ €°½µµ °½´¹ SHOW  STATUS. °¿€¸µ€:\nCHANGE  TO\n  HOST=\'.domain.com\',\n  USER=\'replication_user\',\n  \',\n  PORT=3306,\n  LOG_FILE=\'mariadb-bin.000096\',\n  LOG_POS=568,\n  CONNECT_RETRY=10;\n•»¸ ²‹ ·°¿ƒ°µ‚µ slave  ²µ¶¸  ‚€‹¹ ‚»Œ ‡‚ ±‹» ½°‚€µ½ ½° ·°¿ƒ €µ¿»¸°†¸¸, ‚ ² ‚ »ƒ‡°µ ²° ½µ ½ƒ¶½ ƒ°·‹²°‚Œ LOG_FILE ¸ LOG_POS.\n\n¢µ¿µ€Œ ·°¿ƒ‚¸‚µ slave  ¿‰ŒŽ °½´‹ START SLAVE:\nSTART SLAVE;\nµ¿»¸°†¸  MySQL  ½° MariaDB slave\nµ¿»¸°†¸  MySQL 5.5 ½° MariaDB 5.5+ €°±‚°µ‚.\nµ¿»¸°†¸  MySQL 5.6 ±µ· GTID ½° MariaDB 10+ €°±‚°µ‚.\nµ¿»¸°†¸  MySQL 5.6  GTID, binlog_rows_query_log_events ¸ ignorable events works starting from .22 and MariaDB 10.1.8. In this case MariaDB will remove the MySQL GTIDs and other unneeded events and instead adds its own GTIDs.\n˜¿»Œ·²°½¸µ global transaction id (GTID)\nMariaDB starting with 10.0\nž±€°‚¸‚µ ²½¸°½¸µ, ‡‚ ²  ²²µ´µ½ global transaction IDs (GTIDs) ´» €µ¿»¸°†¸¸. š° ¿€°²¸», ‚ €µµ½´ƒµ‚ ¸¿»Œ·²°‚Œ (GTIDs) ´» , ‚° ° ¸µµ‚ €´ ¿€µ¸ƒ‰µ‚². ');
 
 
 
ALTER  TABLE `t1` ADD UNIQUE KEY  ( a(2190) );

10.4 c89e3b70a740f486db2c6027089

 
Version: '10.4.26-MariaDB-debug-log'  socket: '/home/alice/am/_depot/m-branch/m4-10.4-bld/mysql-test/var/tmp/mysqld.1.sock'  port: 16000  Source distribution
 
=================================================================
 
==1025982==ERROR: AddressSanitizer: heap-use-after-free on address 0x61d00026d4f0 at pc 0x55b30cd7eb2a bp 0x7f2b5467cde0 sp 0x7f2b5467cdd0
 
READ of size 1 at 0x61d00026d4f0 thread T27
 
    #0 0x55b30cd7eb29 in my_strnncollsp_simple /10.4/src/strings/ctype-simple.c:182
 
    #1 0x55b30cd7eed3 in my_strnncollsp_nchars_simple /10.4/src/strings/ctype-simple.c:219
 
    #2 0x55b30b85e84e in Field_blob::cmp_prefix(unsigned char const*, unsigned char const*, unsigned long) /10.4/src/sql/field.cc:8646
 
    #3 0x55b30b8e64bb in check_duplicate_long_entry_key /10.4/src/sql/handler.cc:6667
 
    #4 0x55b30b8e6aa5 in check_duplicate_long_entries /10.4/src/sql/handler.cc:6708
 
    #5 0x55b30b8e733c in handler::ha_write_row(unsigned char const*) /10.4/src/sql/handler.cc:6788
 
    #6 0x55b30b3921e9 in copy_data_between_tables /10.4/src/sql/sql_table.cc:10999
 
    #7 0x55b30b38d3b9 in mysql_alter_table(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, HA_CREATE_INFO*, TABLE_LIST*, Alter_info*, unsigned int, st_order*, bool) /10.4/src/sql/sql_table.cc:10419
 
    #8 0x55b30b512765 in Sql_cmd_alter_table::execute(THD*) /10.4/src/sql/sql_alter.cc:520
 
    #9 0x55b30b11d7cb in mysql_execute_command(THD*) /10.4/src/sql/sql_parse.cc:6192
 
    #10 0x55b30b1292ea in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /10.4/src/sql/sql_parse.cc:7995
 
    #11 0x55b30b0ffade in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /10.4/src/sql/sql_parse.cc:1857
 
    #12 0x55b30b0fc5d2 in do_command(THD*) /10.4/src/sql/sql_parse.cc:1378
 
    #13 0x55b30b4f9c45 in do_handle_one_connection(CONNECT*) /10.4/src/sql/sql_connect.cc:1420
 
    #14 0x55b30b4f939e in handle_one_connection /10.4/src/sql/sql_connect.cc:1316
 
    #15 0x55b30c1827c4 in pfs_spawn_thread /10.4/src/storage/perfschema/pfs.cc:1869
 
    #16 0x7f2b6b253608 in start_thread /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_create.c:477
 
    #17 0x7f2b6ae24132 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x11f132)
 
 
 
0x61d00026d4f0 is located 112 bytes inside of 2316-byte region [0x61d00026d480,0x61d00026dd8c)
 
freed by thread T27 here:
 
    #0 0x7f2b6b85140f in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:122
 
    #1 0x55b30cd1224c in free_memory /10.4/src/mysys/safemalloc.c:279
 
    #2 0x55b30cd11808 in sf_free /10.4/src/mysys/safemalloc.c:197
 
    #3 0x55b30cce0206 in my_free /10.4/src/mysys/my_malloc.c:222
 
    #4 0x55b30ae23df1 in Binary_string::free() /10.4/src/sql/sql_string.h:610
 
    #5 0x55b30ae6da6d in Binary_string::set(char const*, unsigned long) /10.4/src/sql/sql_string.h:467
 
    #6 0x55b30ae6dabe in String::set(char const*, unsigned long, charset_info_st const*) /10.4/src/sql/sql_string.h:769
 
    #7 0x55b30b85dba1 in Field_blob::val_str(String*, String*) /10.4/src/sql/field.cc:8593
 
    #8 0x55b30ae4b12f in Field::val_str(String*) /10.4/src/sql/field.h:865
 
    #9 0x55b30b889c36 in Field_blob::store_field(Field*) /10.4/src/sql/field.h:3950
 
    #10 0x55b30b898675 in field_conv_incompatible /10.4/src/sql/field_conv.cc:851
 
    #11 0x55b30b898716 in field_conv(Field*, Field*) /10.4/src/sql/field_conv.cc:864
 
    #12 0x55b30b9349b6 in save_field_in_field /10.4/src/sql/item.cc:6560
 
    #13 0x55b30b935182 in Item_field::save_in_field(Field*, bool) /10.4/src/sql/item.cc:6611
 
    #14 0x55b30b44b6c5 in TABLE::update_virtual_fields(handler*, enum_vcol_update_mode) /10.4/src/sql/table.cc:8533
 
    #15 0x55b30b8c7e06 in handler::ha_index_read_map(unsigned char*, unsigned char const*, unsigned long, ha_rkey_function) /10.4/src/sql/handler.cc:2955
 
    #16 0x55b30b8e56ec in check_duplicate_long_entry_key /10.4/src/sql/handler.cc:6636
 
    #17 0x55b30b8e6aa5 in check_duplicate_long_entries /10.4/src/sql/handler.cc:6708
 
    #18 0x55b30b8e733c in handler::ha_write_row(unsigned char const*) /10.4/src/sql/handler.cc:6788
 
    #19 0x55b30b3921e9 in copy_data_between_tables /10.4/src/sql/sql_table.cc:10999
 
    #20 0x55b30b38d3b9 in mysql_alter_table(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, HA_CREATE_INFO*, TABLE_LIST*, Alter_info*, unsigned int, st_order*, bool) /10.4/src/sql/sql_table.cc:10419
 
    #21 0x55b30b512765 in Sql_cmd_alter_table::execute(THD*) /10.4/src/sql/sql_alter.cc:520
 
    #22 0x55b30b11d7cb in mysql_execute_command(THD*) /10.4/src/sql/sql_parse.cc:6192
 
    #23 0x55b30b1292ea in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /10.4/src/sql/sql_parse.cc:7995
 
    #24 0x55b30b0ffade in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /10.4/src/sql/sql_parse.cc:1857
 
    #25 0x55b30b0fc5d2 in do_command(THD*) /10.4/src/sql/sql_parse.cc:1378
 
    #26 0x55b30b4f9c45 in do_handle_one_connection(CONNECT*) /10.4/src/sql/sql_connect.cc:1420
 
    #27 0x55b30b4f939e in handle_one_connection /10.4/src/sql/sql_connect.cc:1316
 
    #28 0x55b30c1827c4 in pfs_spawn_thread /10.4/src/storage/perfschema/pfs.cc:1869
 
    #29 0x7f2b6b253608 in start_thread /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_create.c:477
 
 
 
previously allocated by thread T27 here:
 
    #0 0x7f2b6b851808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144
 
    #1 0x55b30cd111bc in sf_malloc /10.4/src/mysys/safemalloc.c:118
 
    #2 0x55b30ccdf70f in my_malloc /10.4/src/mysys/my_malloc.c:101
 
    #3 0x55b30b339b39 in Binary_string::realloc_raw(unsigned long) /10.4/src/sql/sql_string.cc:101
 
    #4 0x55b30ae23eba in Binary_string::realloc(unsigned long) /10.4/src/sql/sql_string.h:625
 
    #5 0x55b30b33a9a1 in Binary_string::copy() /10.4/src/sql/sql_string.cc:220
 
    #6 0x55b30b877b99 in String::copy() /10.4/src/sql/sql_string.h:823
 
    #7 0x55b30b889d3f in Field_blob::store_field(Field*) /10.4/src/sql/field.h:3953
 
    #8 0x55b30b898675 in field_conv_incompatible /10.4/src/sql/field_conv.cc:851
 
    #9 0x55b30b898716 in field_conv(Field*, Field*) /10.4/src/sql/field_conv.cc:864
 
    #10 0x55b30b9349b6 in save_field_in_field /10.4/src/sql/item.cc:6560
 
    #11 0x55b30b935182 in Item_field::save_in_field(Field*, bool) /10.4/src/sql/item.cc:6611
 
    #12 0x55b30b44b6c5 in TABLE::update_virtual_fields(handler*, enum_vcol_update_mode) /10.4/src/sql/table.cc:8533
 
    #13 0x55b30b391f7d in copy_data_between_tables /10.4/src/sql/sql_table.cc:10979
 
    #14 0x55b30b38d3b9 in mysql_alter_table(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, HA_CREATE_INFO*, TABLE_LIST*, Alter_info*, unsigned int, st_order*, bool) /10.4/src/sql/sql_table.cc:10419
 
    #15 0x55b30b512765 in Sql_cmd_alter_table::execute(THD*) /10.4/src/sql/sql_alter.cc:520
 
    #16 0x55b30b11d7cb in mysql_execute_command(THD*) /10.4/src/sql/sql_parse.cc:6192
 
    #17 0x55b30b1292ea in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /10.4/src/sql/sql_parse.cc:7995
 
    #18 0x55b30b0ffade in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /10.4/src/sql/sql_parse.cc:1857
 
    #19 0x55b30b0fc5d2 in do_command(THD*) /10.4/src/sql/sql_parse.cc:1378
 
    #20 0x55b30b4f9c45 in do_handle_one_connection(CONNECT*) /10.4/src/sql/sql_connect.cc:1420
 
    #21 0x55b30b4f939e in handle_one_connection /10.4/src/sql/sql_connect.cc:1316
 
    #22 0x55b30c1827c4 in pfs_spawn_thread /10.4/src/storage/perfschema/pfs.cc:1869
 
    #23 0x7f2b6b253608 in start_thread /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_create.c:477
 
 
 
Thread T27 created by T0 here:
 
    #0 0x7f2b6b77e815 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cc:208
 
    #1 0x55b30c182bb5 in spawn_thread_v1 /10.4/src/storage/perfschema/pfs.cc:1919
 
    #2 0x55b30adfeb9f in inline_mysql_thread_create /10.4/src/include/mysql/psi/mysql_thread.h:1275
 
    #3 0x55b30ae16d17 in create_thread_to_handle_connection(CONNECT*) /10.4/src/sql/mysqld.cc:6282
 
    #4 0x55b30ae174b2 in create_new_thread(CONNECT*) /10.4/src/sql/mysqld.cc:6352
 
    #5 0x55b30ae17998 in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /10.4/src/sql/mysqld.cc:6450
 
    #6 0x55b30ae18854 in handle_connections_sockets() /10.4/src/sql/mysqld.cc:6608
 
    #7 0x55b30ae1641c in mysqld_main(int, char**) /10.4/src/sql/mysqld.cc:5940
 
    #8 0x55b30adfcdec in main /10.4/src/sql/main.cc:25
 
    #9 0x7f2b6ad29082 in __libc_start_main ../csu/libc-start.c:308
 
 
 
SUMMARY: AddressSanitizer: heap-use-after-free /10.4/src/strings/ctype-simple.c:182 in my_strnncollsp_simple
 
Shadow bytes around the buggy address:
 
  0x0c3a80045a40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
 
  0x0c3a80045a50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
 
  0x0c3a80045a60: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
 
  0x0c3a80045a70: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa
 
  0x0c3a80045a80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
 
=>0x0c3a80045a90: fd fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]fd
 
  0x0c3a80045aa0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
 
  0x0c3a80045ab0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
 
  0x0c3a80045ac0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
 
  0x0c3a80045ad0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
 
  0x0c3a80045ae0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
 
Shadow byte legend (one shadow byte represents 8 application bytes):
 
  Addressable:           00
 
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
 
  Freed heap region:       fd
 
  Stack left redzone:      f1
 
  Stack mid redzone:       f2
 
  Stack right redzone:     f3
 
  Stack after return:      f5
 
  Stack use after scope:   f8
 
  Global redzone:          f9
 
  Global init order:       f6
 
  Poisoned by user:        f7
 
  Container overflow:      fc
 
  Array cookie:            ac
 
  Intra object redzone:    bb
 
  ASan internal:           fe
 
  Left alloca redzone:     ca
 
  Right alloca redzone:    cb
 
  Shadow gap:              cc
 
==1025982==ABORTING
 
----------SERVER LOG END-------------

Generated at Thu Feb 08 09:51:17 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.