Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
10.2(EOL), 10.3(EOL)
Description
Note: It fails every time for me on ASAN/debug builds, and intermittently on non-debug builds. But it still uses a race condition, so run with --repeat=N if it doesn't fail right away, and use the ASAN build.
CREATE TABLE t1 (a INT, b INT) ENGINE=Aria; |
SELECT * FROM t1; |
CREATE TABLE t2 (c INT) ENGINE=Aria; |
|
|
--connect (con1,localhost,root,,test)
|
--send
|
SELECT * FROM t1; |
|
|
--connection default
|
--error ER_NO_SUCH_TABLE
|
SELECT * FROM t1, non_existing_table; |
LOCK TABLE t2 READ, t1 WRITE; |
--error ER_DUP_FIELDNAME
|
ALTER TABLE t1 CHANGE b a INT; |
|
|
# Cleanup
|
--connection con1
|
--reap
|
--disconnect con1
|
--connection default
|
UNLOCK TABLES;
|
DROP TABLE t1, t2; |
|
10.2 3fb6d25 ASAN |
==6037==ERROR: AddressSanitizer: heap-use-after-free on address 0x6290000eb280 at pc 0x55c7aa144408 bp 0x7f5dd69277c0 sp 0x7f5dd69277b8
|
READ of size 8 at 0x6290000eb280 thread T5
|
#0 0x55c7aa144407 in ha_maria::implicit_commit(THD*, bool) /data/src/10.2/storage/maria/ha_maria.cc:2936
|
#1 0x55c7a9c43444 in ha_commit_trans(THD*, bool) /data/src/10.2/sql/handler.cc:1356
|
#2 0x55c7a99b8dd2 in trans_commit_implicit(THD*) /data/src/10.2/sql/transaction.cc:368
|
#3 0x55c7a965e753 in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:6341
|
#4 0x55c7a9668a0d in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:8015
|
#5 0x55c7a96433fa in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1826
|
#6 0x55c7a964048f in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1379
|
#7 0x55c7a9986a7c in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1335
|
#8 0x55c7a9986491 in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241
|
#9 0x55c7aa3a1683 in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1862
|
#10 0x7f5de2d9c493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
|
#11 0x7f5de118293e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e)
|
|
|
0x6290000eb280 is located 128 bytes inside of 18412-byte region [0x6290000eb200,0x6290000ef9ec)
|
freed by thread T5 here:
|
#0 0x7f5de3006527 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x54527)
|
#1 0x55c7aacc256f in free_memory /data/src/10.2/mysys/safemalloc.c:279
|
#2 0x55c7aacc1b75 in sf_free /data/src/10.2/mysys/safemalloc.c:197
|
#3 0x55c7aac90e04 in my_free /data/src/10.2/mysys/my_malloc.c:217
|
#4 0x55c7aa2979d1 in maria_close /data/src/10.2/storage/maria/ma_close.c:269
|
#5 0x55c7aa137e03 in ha_maria::close() /data/src/10.2/storage/maria/ha_maria.cc:1274
|
#6 0x55c7a9c4b7bf in handler::ha_close() /data/src/10.2/sql/handler.cc:2567
|
#7 0x55c7a98dd75b in closefrm(TABLE*) /data/src/10.2/sql/table.cc:3452
|
#8 0x55c7a9aea0e5 in intern_close_table /data/src/10.2/sql/table_cache.cc:222
|
#9 0x55c7a9aea34b in tc_remove_table /data/src/10.2/sql/table_cache.cc:260
|
#10 0x55c7a9aeb1d7 in tc_release_table(TABLE*) /data/src/10.2/sql/table_cache.cc:461
|
#11 0x55c7a95340d8 in close_thread_table(THD*, TABLE**) /data/src/10.2/sql/sql_base.cc:903
|
#12 0x55c7a9532e24 in close_all_tables_for_name(THD*, TABLE_SHARE*, ha_extra_function, TABLE*) /data/src/10.2/sql/sql_base.cc:677
|
#13 0x55c7a953a8aa in Locked_tables_list::reopen_tables(THD*, bool) /data/src/10.2/sql/sql_base.cc:2422
|
#14 0x55c7a965e027 in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:6258
|
#15 0x55c7a9668a0d in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:8015
|
#16 0x55c7a96433fa in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1826
|
#17 0x55c7a964048f in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1379
|
#18 0x55c7a9986a7c in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1335
|
#19 0x55c7a9986491 in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241
|
#20 0x55c7aa3a1683 in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1862
|
#21 0x7f5de2d9c493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
|
|
|
previously allocated by thread T5 here:
|
#0 0x7f5de300673f in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5473f)
|
#1 0x55c7aacc12e5 in sf_malloc /data/src/10.2/mysys/safemalloc.c:118
|
#2 0x55c7aac9053c in my_malloc /data/src/10.2/mysys/my_malloc.c:101
|
#3 0x55c7aac6f576 in my_multi_malloc /data/src/10.2/mysys/mulalloc.c:51
|
#4 0x55c7aa1cc1d2 in maria_clone_internal /data/src/10.2/storage/maria/ma_open.c:117
|
#5 0x55c7aa1d55e2 in maria_open /data/src/10.2/storage/maria/ma_open.c:1056
|
#6 0x55c7aa136f54 in ha_maria::open(char const*, int, unsigned int) /data/src/10.2/storage/maria/ha_maria.cc:1200
|
#7 0x55c7a9c4a9ce in handler::ha_open(TABLE*, char const*, int, unsigned int) /data/src/10.2/sql/handler.cc:2502
|
#8 0x55c7a98dc879 in open_table_from_share(THD*, TABLE_SHARE*, char const*, unsigned int, unsigned int, unsigned int, TABLE*, bool) /data/src/10.2/sql/table.cc:3351
|
#9 0x55c7a9538246 in open_table(THD*, TABLE_LIST*, Open_table_context*) /data/src/10.2/sql/sql_base.cc:1923
|
#10 0x55c7a953ebff in open_and_process_table /data/src/10.2/sql/sql_base.cc:3488
|
#11 0x55c7a95413f0 in open_tables(THD*, DDL_options_st const&, TABLE_LIST**, unsigned int*, unsigned int, Prelocking_strategy*) /data/src/10.2/sql/sql_base.cc:4011
|
#12 0x55c7a95450fc in open_and_lock_tables(THD*, DDL_options_st const&, TABLE_LIST*, bool, unsigned int, Prelocking_strategy*) /data/src/10.2/sql/sql_base.cc:4767
|
#13 0x55c7a9526504 in open_and_lock_tables(THD*, TABLE_LIST*, bool, unsigned int) /data/src/10.2/sql/sql_base.h:506
|
#14 0x55c7a965f3a9 in execute_sqlcom_select /data/src/10.2/sql/sql_parse.cc:6402
|
#15 0x55c7a964ca0b in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:3487
|
#16 0x55c7a9668a0d in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:8015
|
#17 0x55c7a96433fa in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1826
|
#18 0x55c7a964048f in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1379
|
#19 0x55c7a9986a7c in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1335
|
#20 0x55c7a9986491 in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241
|
#21 0x55c7aa3a1683 in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1862
|
#22 0x7f5de2d9c493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
|
|
|
Thread T5 created by T0 here:
|
#0 0x7f5de2fd5bba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)
|
#1 0x55c7aa3a1c4b in spawn_thread_v1 /data/src/10.2/storage/perfschema/pfs.cc:1912
|
#2 0x55c7a943ccce in inline_mysql_thread_create /data/src/10.2/include/mysql/psi/mysql_thread.h:1239
|
#3 0x55c7a9451c6b in create_thread_to_handle_connection(CONNECT*) /data/src/10.2/sql/mysqld.cc:6466
|
#4 0x55c7a9452370 in create_new_thread /data/src/10.2/sql/mysqld.cc:6536
|
#5 0x55c7a9453387 in handle_connections_sockets() /data/src/10.2/sql/mysqld.cc:6811
|
#6 0x55c7a94511c0 in mysqld_main(int, char**) /data/src/10.2/sql/mysqld.cc:6085
|
#7 0x55c7a943b06f in main /data/src/10.2/sql/main.cc:25
|
#8 0x7f5de10ba2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
|
|
|
SUMMARY: AddressSanitizer: heap-use-after-free /data/src/10.2/storage/maria/ha_maria.cc:2936 ha_maria::implicit_commit(THD*, bool)
|
Shadow bytes around the buggy address:
|
0x0c5280015600: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c5280015610: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c5280015620: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c5280015630: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c5280015640: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
=>0x0c5280015650:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c5280015660: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c5280015670: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c5280015680: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c5280015690: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c52800156a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
Addressable: 00
|
Partially addressable: 01 02 03 04 05 06 07
|
Heap left redzone: fa
|
Heap right redzone: fb
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack partial redzone: f4
|
Stack after return: f5
|
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
Contiguous container OOB:fc
|
ASan internal: fe
|
==6037==ABORTING
|
|
10.2 3fb6d25 debug |
#3 <signal handler called>
|
#4 0x000055a081d10aeb in ha_maria::implicit_commit (thd=0x7ff498000b00, new_trn=true) at /data/src/10.2/storage/maria/ha_maria.cc:2937
|
#5 0x000055a081b031b7 in ha_commit_trans (thd=0x7ff498000b00, all=true) at /data/src/10.2/sql/handler.cc:1356
|
#6 0x000055a0819e9e0b in trans_commit_implicit (thd=0x7ff498000b00) at /data/src/10.2/sql/transaction.cc:368
|
#7 0x000055a0818906a7 in mysql_execute_command (thd=0x7ff498000b00) at /data/src/10.2/sql/sql_parse.cc:6341
|
#8 0x000055a0818950b3 in mysql_parse (thd=0x7ff498000b00, rawbuf=0x7ff498012448 "ALTER TABLE t1 CHANGE b a INT", length=29, parser_state=0x7ff4aa39d200, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:8015
|
#9 0x000055a0818829ed in dispatch_command (command=COM_QUERY, thd=0x7ff498000b00, packet=0x7ff49808d631 "ALTER TABLE t1 CHANGE b a INT", packet_length=29, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:1826
|
#10 0x000055a081881344 in do_command (thd=0x7ff498000b00) at /data/src/10.2/sql/sql_parse.cc:1379
|
#11 0x000055a0819d42cf in do_handle_one_connection (connect=0x55a084dac7e0) at /data/src/10.2/sql/sql_connect.cc:1335
|
#12 0x000055a0819d405c in handle_one_connection (arg=0x55a084dac7e0) at /data/src/10.2/sql/sql_connect.cc:1241
|
#13 0x000055a081df9f92 in pfs_spawn_thread (arg=0x55a084d0fe50) at /data/src/10.2/storage/perfschema/pfs.cc:1862
|
#14 0x00007ff4b1d98494 in start_thread (arg=0x7ff4aa39e700) at pthread_create.c:333
|
#15 0x00007ff4b017e93f in clone () from /lib/x86_64-linux-gnu/libc.so.6
|
|
10.2 3fb6d25 RelWithDebInfo |
#3 0x0000000000000000 in ?? ()
|
#4 0x000055aea6c44f60 in close_thread_tables (thd=thd@entry=0x7f6bc40009a8) at /data/src/10.2/sql/sql_base.cc:745
|
#5 0x000055aea6c45cb0 in Locked_tables_list::unlock_locked_tables (this=0x7f6bc4004240, thd=0x7f6bc40009a8) at /data/src/10.2/sql/sql_base.cc:2211
|
#6 0x000055aea6c8eedd in mysql_execute_command (thd=0x7f6bc40009a8) at /data/src/10.2/sql/sql_parse.cc:4877
|
#7 0x000055aea6c91e3a in mysql_parse (thd=0x7f6bc40009a8, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /data/src/10.2/sql/sql_parse.cc:8015
|
#8 0x000055aea6c959b4 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x7f6bc40009a8, packet=packet@entry=0x7f6bc4006ce9 "UNLOCK TABLES", packet_length=packet_length@entry=13, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /data/src/10.2/sql/sql_parse.cc:1826
|
#9 0x000055aea6c963e9 in do_command (thd=0x7f6bc40009a8) at /data/src/10.2/sql/sql_parse.cc:1379
|
#10 0x000055aea6d5fa14 in do_handle_one_connection (connect=connect@entry=0x55aea8f6a4c8) at /data/src/10.2/sql/sql_connect.cc:1335
|
#11 0x000055aea6d5fbb4 in handle_one_connection (arg=arg@entry=0x55aea8f6a4c8) at /data/src/10.2/sql/sql_connect.cc:1241
|
#12 0x000055aea7024664 in pfs_spawn_thread (arg=0x55aea8f322e8) at /data/src/10.2/storage/perfschema/pfs.cc:1862
|
#13 0x00007f6bdca92494 in start_thread (arg=0x7f6bd5096700) at pthread_create.c:333
|
#14 0x00007f6bdae7893f in clone () from /lib/x86_64-linux-gnu/libc.so.6
|
|
10.3 3b1b665 RelWithDebInfo |
#2 <signal handler called>
|
#3 start_mutex_wait_v1 (state=0x7fb8b93cb530, mutex=0xffffffffffffffff, op=PSI_MUTEX_LOCK, src_file=0x55c91ab4ba98 "/data/src/10.3/storage/maria/ma_state.c", src_line=88) at /data/src/10.3/storage/perfschema/pfs.cc:2215
|
#4 0x000055c91a65f7f2 in inline_mysql_mutex_lock (src_file=0x55c91ab4ba98 "/data/src/10.3/storage/maria/ma_state.c", src_line=88, that=0x7fb8a8000ff8) at /data/src/10.3/include/mysql/psi/mysql_thread.h:690
|
#5 _ma_setup_live_state (info=0x7fb8a80aec28) at /data/src/10.3/storage/maria/ma_state.c:88
|
#6 0x000055c91a66f17a in ha_maria::implicit_commit (thd=thd@entry=0x7fb8a80009a8, new_trn=new_trn@entry=true) at /data/src/10.3/storage/maria/ha_maria.cc:2953
|
#7 0x000055c91a5107e7 in ha_commit_trans (thd=thd@entry=0x7fb8a80009a8, all=all@entry=true) at /data/src/10.3/sql/handler.cc:1361
|
#8 0x000055c91a423ecc in trans_commit_implicit (thd=0x7fb8a80009a8) at /data/src/10.3/sql/transaction.cc:376
|
#9 0x000055c91a33b91d in mysql_execute_command (thd=0x7fb8a80009a8) at /data/src/10.3/sql/sql_parse.cc:6406
|
#10 0x000055c91a342309 in mysql_parse (thd=0x7fb8a80009a8, rawbuf=<optimized out>, length=29, parser_state=0x7fb8b93cd630, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /data/src/10.3/sql/sql_parse.cc:8092
|
#11 0x000055c91a34565e in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x7fb8a80009a8, packet=packet@entry=0x7fb8a8009319 "ALTER TABLE t1 CHANGE b a INT", packet_length=packet_length@entry=29, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /data/src/10.3/sql/sql_parse.cc:1851
|
#12 0x000055c91a345d00 in do_command (thd=0x7fb8a80009a8) at /data/src/10.3/sql/sql_parse.cc:1396
|
#13 0x000055c91a417a84 in do_handle_one_connection (connect=connect@entry=0x55c91d2e5b18) at /data/src/10.3/sql/sql_connect.cc:1402
|
#14 0x000055c91a417c24 in handle_one_connection (arg=arg@entry=0x55c91d2e5b18) at /data/src/10.3/sql/sql_connect.cc:1308
|
#15 0x000055c91a6fad84 in pfs_spawn_thread (arg=0x55c91d356958) at /data/src/10.3/storage/perfschema/pfs.cc:1862
|
#16 0x00007fb8c0eff494 in start_thread (arg=0x7fb8b93ce700) at pthread_create.c:333
|
#17 0x00007fb8bf2e593f in clone () from /lib/x86_64-linux-gnu/libc.so.6
|
Couldn't reproduce on 10.1 and 10.4.
Slight variations in the test case make it start failing with MDEV-18088 instead.
Attachments
Issue Links
- is duplicated by
-
-
- Closed
-
- relates to
-
-
- Confirmed
-
Activity
| Field | Original Value | New Value |
|---|---|---|
| Affects Version/s | 10.0 [ 16000 ] |
| Fix Version/s | 10.2 [ 14601 ] |
| Affects Version/s | 10.1 [ 16100 ] |
| Component/s | Data Definition - Alter Table [ 10114 ] | |
| Component/s | Storage Engine - Aria [ 10126 ] | |
| Fix Version/s | 10.2 [ 14601 ] | |
| Fix Version/s | 10.3 [ 22126 ] | |
| Affects Version/s | 10.3 [ 22126 ] | |
| Affects Version/s | 10.0 [ 16000 ] | |
| Affects Version/s | 10.1 [ 16100 ] | |
| Description |
{noformat}
E:\buildbot\rqg/runall.pl --no-mask --seed=time --threads=4 --duration=600 --queries=100M --reporte rs=QueryTimeout,Backtrace,ErrorLog,Deadlock,Shutdown --grammar=conf/mariadb/optimizer_basic.yy --gendata=conf/mariadb/optimizer_basic.zz - -redefine=conf/mariadb/redefine_random_keys.yy --redefine=conf/mariadb/redefine_set_session_vars.yy --mtr-build-thread=300 --basedir1=E:\b uildbot\bbwin1\win-rqg-se\build\..\build --basedir2=E:\buildbot\bbwin1\win-rqg-se\build\..\build-last-release --vardir1=E:\buildbot\bbwin1 \win-rqg-se\build\..\..\..\vardirs\10.2-2668\optim-comparison/current1_1 --vardir2=E:\buildbot\bbwin1\win-rqg-se\build\..\..\..\vardirs\10 .2-2668\optim-comparison/current2_1 seed => 1473068053 {noformat} {noformat} 160905 12:42:34 [ERROR] mysqld got exception 0xc0000005 ; This could be because you hit a bug. It is also possible that this binary or one of the libraries it was linked against is corrupt, improperly built, or misconfigured. This error can also be caused by malfunctioning hardware. To report this bug, see https://mariadb.com/kb/en/reporting-bugs We will try our best to scrape up some info that will hopefully help diagnose the problem, but since we have already crashed, something is definitely wrong and this may fail. Server version: 10.2.2-MariaDB-log key_buffer_size=1048576 read_buffer_size=131072 max_used_connections=6 max_threads=1001 thread_count=5 It is possible that mysqld could use up to key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 388170 K bytes of memory Hope that's ok; if not, decrease some variables in the equation. Thread pointer: 0x0x707e53af38 Attempting backtrace. You can use the following information to find out where mysqld died. If you see no messages after this, something went terribly wrong... mysqld.exe!ha_maria::implicit_commit()[ha_maria.cc:2933] mysqld.exe!ha_commit_trans()[handler.cc:1342] mysqld.exe!trans_commit_stmt()[transaction.cc:513] mysqld.exe!mysql_admin_table()[sql_admin.cc:783] mysqld.exe!Sql_cmd_analyze_table::execute()[sql_admin.cc:1274] mysqld.exe!mysql_execute_command()[sql_parse.cc:6103] mysqld.exe!mysql_parse()[sql_parse.cc:7770] mysqld.exe!dispatch_command()[sql_parse.cc:1796] mysqld.exe!threadpool_process_request()[threadpool_common.cc:252] mysqld.exe!io_completion_callback()[threadpool_win.cc:462] KERNEL32.DLL!VirtualUnlock() ntdll.dll!RtlGetActiveActivationContext() ntdll.dll!RtlFreeUnicodeString() KERNEL32.DLL!BaseThreadInitThunk() ntdll.dll!RtlUserThreadStart() Trying to get some variables. Some pointers may be invalid and cause the dump to abort. Query (0x707e6488f0): ANALYZE TABLE table0_aria_latin1,table0_aria_utf8,table0_innodb_latin1,table0_innodb_utf8,table0_myisam_latin1,table0_myisam_utf8,table1000_aria_latin1,table1000_aria_utf8,table1000_innodb_latin1,table1000_innodb_utf8,table1000_myisam_latin1,table1000_myisam_utf8,table10_aria_latin1,table10_aria_utf8,table10_innodb_latin1,table10_innodb_utf8,table10_myisam_latin1,table10_myisam_utf8,table1_aria_latin1,table1_aria_utf8,table1_innodb_latin1,table1_innodb_utf8,table1_myisam_latin1,table1_myisam_utf8,table20_aria_latin1,table20_aria_utf8,table20_innodb_latin1,table20_innodb_utf8,table20_myisam_latin1,table20_myisam_utf8 /* QUERY_NO 5514 CON_ID 10 */ Connection ID (thread ID): 10 Status: NOT_KILLED Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,engine_condition_pushdown=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=off,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=off {noformat} |
_Note: It fails every time for me on ASAN/debug builds, and intermittently on non-debug builds. But it still uses a race condition, so run with {{--repeat=N}} if it doesn't fail right away, and use the ASAN build._
{code:sql} CREATE TABLE t1 (a INT, b INT) ENGINE=Aria; SELECT * FROM t1; CREATE TABLE t2 (c INT) ENGINE=Aria; --connect (con1,localhost,root,,test) --send SELECT * FROM t1; --connection default --error ER_NO_SUCH_TABLE SELECT * FROM t1, non_existing_table; LOCK TABLE t2 READ, t1 WRITE; --error ER_DUP_FIELDNAME ALTER TABLE t1 CHANGE b a INT; # Cleanup --connection con1 --reap --disconnect con1 --connection default UNLOCK TABLES; DROP TABLE t1, t2; {code} {noformat:title=10.2 3fb6d25 ASAN} ==6037==ERROR: AddressSanitizer: heap-use-after-free on address 0x6290000eb280 at pc 0x55c7aa144408 bp 0x7f5dd69277c0 sp 0x7f5dd69277b8 READ of size 8 at 0x6290000eb280 thread T5 #0 0x55c7aa144407 in ha_maria::implicit_commit(THD*, bool) /data/src/10.2/storage/maria/ha_maria.cc:2936 #1 0x55c7a9c43444 in ha_commit_trans(THD*, bool) /data/src/10.2/sql/handler.cc:1356 #2 0x55c7a99b8dd2 in trans_commit_implicit(THD*) /data/src/10.2/sql/transaction.cc:368 #3 0x55c7a965e753 in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:6341 #4 0x55c7a9668a0d in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:8015 #5 0x55c7a96433fa in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1826 #6 0x55c7a964048f in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1379 #7 0x55c7a9986a7c in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1335 #8 0x55c7a9986491 in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241 #9 0x55c7aa3a1683 in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1862 #10 0x7f5de2d9c493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493) #11 0x7f5de118293e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e) 0x6290000eb280 is located 128 bytes inside of 18412-byte region [0x6290000eb200,0x6290000ef9ec) freed by thread T5 here: #0 0x7f5de3006527 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x54527) #1 0x55c7aacc256f in free_memory /data/src/10.2/mysys/safemalloc.c:279 #2 0x55c7aacc1b75 in sf_free /data/src/10.2/mysys/safemalloc.c:197 #3 0x55c7aac90e04 in my_free /data/src/10.2/mysys/my_malloc.c:217 #4 0x55c7aa2979d1 in maria_close /data/src/10.2/storage/maria/ma_close.c:269 #5 0x55c7aa137e03 in ha_maria::close() /data/src/10.2/storage/maria/ha_maria.cc:1274 #6 0x55c7a9c4b7bf in handler::ha_close() /data/src/10.2/sql/handler.cc:2567 #7 0x55c7a98dd75b in closefrm(TABLE*) /data/src/10.2/sql/table.cc:3452 #8 0x55c7a9aea0e5 in intern_close_table /data/src/10.2/sql/table_cache.cc:222 #9 0x55c7a9aea34b in tc_remove_table /data/src/10.2/sql/table_cache.cc:260 #10 0x55c7a9aeb1d7 in tc_release_table(TABLE*) /data/src/10.2/sql/table_cache.cc:461 #11 0x55c7a95340d8 in close_thread_table(THD*, TABLE**) /data/src/10.2/sql/sql_base.cc:903 #12 0x55c7a9532e24 in close_all_tables_for_name(THD*, TABLE_SHARE*, ha_extra_function, TABLE*) /data/src/10.2/sql/sql_base.cc:677 #13 0x55c7a953a8aa in Locked_tables_list::reopen_tables(THD*, bool) /data/src/10.2/sql/sql_base.cc:2422 #14 0x55c7a965e027 in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:6258 #15 0x55c7a9668a0d in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:8015 #16 0x55c7a96433fa in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1826 #17 0x55c7a964048f in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1379 #18 0x55c7a9986a7c in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1335 #19 0x55c7a9986491 in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241 #20 0x55c7aa3a1683 in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1862 #21 0x7f5de2d9c493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493) previously allocated by thread T5 here: #0 0x7f5de300673f in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5473f) #1 0x55c7aacc12e5 in sf_malloc /data/src/10.2/mysys/safemalloc.c:118 #2 0x55c7aac9053c in my_malloc /data/src/10.2/mysys/my_malloc.c:101 #3 0x55c7aac6f576 in my_multi_malloc /data/src/10.2/mysys/mulalloc.c:51 #4 0x55c7aa1cc1d2 in maria_clone_internal /data/src/10.2/storage/maria/ma_open.c:117 #5 0x55c7aa1d55e2 in maria_open /data/src/10.2/storage/maria/ma_open.c:1056 #6 0x55c7aa136f54 in ha_maria::open(char const*, int, unsigned int) /data/src/10.2/storage/maria/ha_maria.cc:1200 #7 0x55c7a9c4a9ce in handler::ha_open(TABLE*, char const*, int, unsigned int) /data/src/10.2/sql/handler.cc:2502 #8 0x55c7a98dc879 in open_table_from_share(THD*, TABLE_SHARE*, char const*, unsigned int, unsigned int, unsigned int, TABLE*, bool) /data/src/10.2/sql/table.cc:3351 #9 0x55c7a9538246 in open_table(THD*, TABLE_LIST*, Open_table_context*) /data/src/10.2/sql/sql_base.cc:1923 #10 0x55c7a953ebff in open_and_process_table /data/src/10.2/sql/sql_base.cc:3488 #11 0x55c7a95413f0 in open_tables(THD*, DDL_options_st const&, TABLE_LIST**, unsigned int*, unsigned int, Prelocking_strategy*) /data/src/10.2/sql/sql_base.cc:4011 #12 0x55c7a95450fc in open_and_lock_tables(THD*, DDL_options_st const&, TABLE_LIST*, bool, unsigned int, Prelocking_strategy*) /data/src/10.2/sql/sql_base.cc:4767 #13 0x55c7a9526504 in open_and_lock_tables(THD*, TABLE_LIST*, bool, unsigned int) /data/src/10.2/sql/sql_base.h:506 #14 0x55c7a965f3a9 in execute_sqlcom_select /data/src/10.2/sql/sql_parse.cc:6402 #15 0x55c7a964ca0b in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:3487 #16 0x55c7a9668a0d in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:8015 #17 0x55c7a96433fa in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1826 #18 0x55c7a964048f in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1379 #19 0x55c7a9986a7c in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1335 #20 0x55c7a9986491 in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241 #21 0x55c7aa3a1683 in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1862 #22 0x7f5de2d9c493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493) Thread T5 created by T0 here: #0 0x7f5de2fd5bba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba) #1 0x55c7aa3a1c4b in spawn_thread_v1 /data/src/10.2/storage/perfschema/pfs.cc:1912 #2 0x55c7a943ccce in inline_mysql_thread_create /data/src/10.2/include/mysql/psi/mysql_thread.h:1239 #3 0x55c7a9451c6b in create_thread_to_handle_connection(CONNECT*) /data/src/10.2/sql/mysqld.cc:6466 #4 0x55c7a9452370 in create_new_thread /data/src/10.2/sql/mysqld.cc:6536 #5 0x55c7a9453387 in handle_connections_sockets() /data/src/10.2/sql/mysqld.cc:6811 #6 0x55c7a94511c0 in mysqld_main(int, char**) /data/src/10.2/sql/mysqld.cc:6085 #7 0x55c7a943b06f in main /data/src/10.2/sql/main.cc:25 #8 0x7f5de10ba2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) SUMMARY: AddressSanitizer: heap-use-after-free /data/src/10.2/storage/maria/ha_maria.cc:2936 ha_maria::implicit_commit(THD*, bool) Shadow bytes around the buggy address: 0x0c5280015600: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c5280015610: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c5280015620: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c5280015630: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c5280015640: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x0c5280015650:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c5280015660: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c5280015670: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c5280015680: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c5280015690: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c52800156a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Contiguous container OOB:fc ASan internal: fe ==6037==ABORTING {noformat} {noformat:title=10.2 3fb6d25 debug} #3 <signal handler called> #4 0x000055a081d10aeb in ha_maria::implicit_commit (thd=0x7ff498000b00, new_trn=true) at /data/src/10.2/storage/maria/ha_maria.cc:2937 #5 0x000055a081b031b7 in ha_commit_trans (thd=0x7ff498000b00, all=true) at /data/src/10.2/sql/handler.cc:1356 #6 0x000055a0819e9e0b in trans_commit_implicit (thd=0x7ff498000b00) at /data/src/10.2/sql/transaction.cc:368 #7 0x000055a0818906a7 in mysql_execute_command (thd=0x7ff498000b00) at /data/src/10.2/sql/sql_parse.cc:6341 #8 0x000055a0818950b3 in mysql_parse (thd=0x7ff498000b00, rawbuf=0x7ff498012448 "ALTER TABLE t1 CHANGE b a INT", length=29, parser_state=0x7ff4aa39d200, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:8015 #9 0x000055a0818829ed in dispatch_command (command=COM_QUERY, thd=0x7ff498000b00, packet=0x7ff49808d631 "ALTER TABLE t1 CHANGE b a INT", packet_length=29, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:1826 #10 0x000055a081881344 in do_command (thd=0x7ff498000b00) at /data/src/10.2/sql/sql_parse.cc:1379 #11 0x000055a0819d42cf in do_handle_one_connection (connect=0x55a084dac7e0) at /data/src/10.2/sql/sql_connect.cc:1335 #12 0x000055a0819d405c in handle_one_connection (arg=0x55a084dac7e0) at /data/src/10.2/sql/sql_connect.cc:1241 #13 0x000055a081df9f92 in pfs_spawn_thread (arg=0x55a084d0fe50) at /data/src/10.2/storage/perfschema/pfs.cc:1862 #14 0x00007ff4b1d98494 in start_thread (arg=0x7ff4aa39e700) at pthread_create.c:333 #15 0x00007ff4b017e93f in clone () from /lib/x86_64-linux-gnu/libc.so.6 {noformat} {noformat:title=10.2 3fb6d25 RelWithDebInfo} #3 0x0000000000000000 in ?? () #4 0x000055aea6c44f60 in close_thread_tables (thd=thd@entry=0x7f6bc40009a8) at /data/src/10.2/sql/sql_base.cc:745 #5 0x000055aea6c45cb0 in Locked_tables_list::unlock_locked_tables (this=0x7f6bc4004240, thd=0x7f6bc40009a8) at /data/src/10.2/sql/sql_base.cc:2211 #6 0x000055aea6c8eedd in mysql_execute_command (thd=0x7f6bc40009a8) at /data/src/10.2/sql/sql_parse.cc:4877 #7 0x000055aea6c91e3a in mysql_parse (thd=0x7f6bc40009a8, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /data/src/10.2/sql/sql_parse.cc:8015 #8 0x000055aea6c959b4 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x7f6bc40009a8, packet=packet@entry=0x7f6bc4006ce9 "UNLOCK TABLES", packet_length=packet_length@entry=13, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /data/src/10.2/sql/sql_parse.cc:1826 #9 0x000055aea6c963e9 in do_command (thd=0x7f6bc40009a8) at /data/src/10.2/sql/sql_parse.cc:1379 #10 0x000055aea6d5fa14 in do_handle_one_connection (connect=connect@entry=0x55aea8f6a4c8) at /data/src/10.2/sql/sql_connect.cc:1335 #11 0x000055aea6d5fbb4 in handle_one_connection (arg=arg@entry=0x55aea8f6a4c8) at /data/src/10.2/sql/sql_connect.cc:1241 #12 0x000055aea7024664 in pfs_spawn_thread (arg=0x55aea8f322e8) at /data/src/10.2/storage/perfschema/pfs.cc:1862 #13 0x00007f6bdca92494 in start_thread (arg=0x7f6bd5096700) at pthread_create.c:333 #14 0x00007f6bdae7893f in clone () from /lib/x86_64-linux-gnu/libc.so.6 {noformat} {noformat:title=10.3 3b1b665 RelWithDebInfo} #2 <signal handler called> #3 start_mutex_wait_v1 (state=0x7fb8b93cb530, mutex=0xffffffffffffffff, op=PSI_MUTEX_LOCK, src_file=0x55c91ab4ba98 "/data/src/10.3/storage/maria/ma_state.c", src_line=88) at /data/src/10.3/storage/perfschema/pfs.cc:2215 #4 0x000055c91a65f7f2 in inline_mysql_mutex_lock (src_file=0x55c91ab4ba98 "/data/src/10.3/storage/maria/ma_state.c", src_line=88, that=0x7fb8a8000ff8) at /data/src/10.3/include/mysql/psi/mysql_thread.h:690 #5 _ma_setup_live_state (info=0x7fb8a80aec28) at /data/src/10.3/storage/maria/ma_state.c:88 #6 0x000055c91a66f17a in ha_maria::implicit_commit (thd=thd@entry=0x7fb8a80009a8, new_trn=new_trn@entry=true) at /data/src/10.3/storage/maria/ha_maria.cc:2953 #7 0x000055c91a5107e7 in ha_commit_trans (thd=thd@entry=0x7fb8a80009a8, all=all@entry=true) at /data/src/10.3/sql/handler.cc:1361 #8 0x000055c91a423ecc in trans_commit_implicit (thd=0x7fb8a80009a8) at /data/src/10.3/sql/transaction.cc:376 #9 0x000055c91a33b91d in mysql_execute_command (thd=0x7fb8a80009a8) at /data/src/10.3/sql/sql_parse.cc:6406 #10 0x000055c91a342309 in mysql_parse (thd=0x7fb8a80009a8, rawbuf=<optimized out>, length=29, parser_state=0x7fb8b93cd630, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /data/src/10.3/sql/sql_parse.cc:8092 #11 0x000055c91a34565e in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x7fb8a80009a8, packet=packet@entry=0x7fb8a8009319 "ALTER TABLE t1 CHANGE b a INT", packet_length=packet_length@entry=29, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /data/src/10.3/sql/sql_parse.cc:1851 #12 0x000055c91a345d00 in do_command (thd=0x7fb8a80009a8) at /data/src/10.3/sql/sql_parse.cc:1396 #13 0x000055c91a417a84 in do_handle_one_connection (connect=connect@entry=0x55c91d2e5b18) at /data/src/10.3/sql/sql_connect.cc:1402 #14 0x000055c91a417c24 in handle_one_connection (arg=arg@entry=0x55c91d2e5b18) at /data/src/10.3/sql/sql_connect.cc:1308 #15 0x000055c91a6fad84 in pfs_spawn_thread (arg=0x55c91d356958) at /data/src/10.3/storage/perfschema/pfs.cc:1862 #16 0x00007fb8c0eff494 in start_thread (arg=0x7fb8b93ce700) at pthread_create.c:333 #17 0x00007fb8bf2e593f in clone () from /lib/x86_64-linux-gnu/libc.so.6 {noformat} |
| Summary | [Draft] Server crashes in ha_maria::implicit_commit | Server crashes in ha_maria::implicit_commit upon ALTER TABLE |
| Description |
_Note: It fails every time for me on ASAN/debug builds, and intermittently on non-debug builds. But it still uses a race condition, so run with {{--repeat=N}} if it doesn't fail right away, and use the ASAN build._
{code:sql} CREATE TABLE t1 (a INT, b INT) ENGINE=Aria; SELECT * FROM t1; CREATE TABLE t2 (c INT) ENGINE=Aria; --connect (con1,localhost,root,,test) --send SELECT * FROM t1; --connection default --error ER_NO_SUCH_TABLE SELECT * FROM t1, non_existing_table; LOCK TABLE t2 READ, t1 WRITE; --error ER_DUP_FIELDNAME ALTER TABLE t1 CHANGE b a INT; # Cleanup --connection con1 --reap --disconnect con1 --connection default UNLOCK TABLES; DROP TABLE t1, t2; {code} {noformat:title=10.2 3fb6d25 ASAN} ==6037==ERROR: AddressSanitizer: heap-use-after-free on address 0x6290000eb280 at pc 0x55c7aa144408 bp 0x7f5dd69277c0 sp 0x7f5dd69277b8 READ of size 8 at 0x6290000eb280 thread T5 #0 0x55c7aa144407 in ha_maria::implicit_commit(THD*, bool) /data/src/10.2/storage/maria/ha_maria.cc:2936 #1 0x55c7a9c43444 in ha_commit_trans(THD*, bool) /data/src/10.2/sql/handler.cc:1356 #2 0x55c7a99b8dd2 in trans_commit_implicit(THD*) /data/src/10.2/sql/transaction.cc:368 #3 0x55c7a965e753 in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:6341 #4 0x55c7a9668a0d in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:8015 #5 0x55c7a96433fa in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1826 #6 0x55c7a964048f in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1379 #7 0x55c7a9986a7c in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1335 #8 0x55c7a9986491 in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241 #9 0x55c7aa3a1683 in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1862 #10 0x7f5de2d9c493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493) #11 0x7f5de118293e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e) 0x6290000eb280 is located 128 bytes inside of 18412-byte region [0x6290000eb200,0x6290000ef9ec) freed by thread T5 here: #0 0x7f5de3006527 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x54527) #1 0x55c7aacc256f in free_memory /data/src/10.2/mysys/safemalloc.c:279 #2 0x55c7aacc1b75 in sf_free /data/src/10.2/mysys/safemalloc.c:197 #3 0x55c7aac90e04 in my_free /data/src/10.2/mysys/my_malloc.c:217 #4 0x55c7aa2979d1 in maria_close /data/src/10.2/storage/maria/ma_close.c:269 #5 0x55c7aa137e03 in ha_maria::close() /data/src/10.2/storage/maria/ha_maria.cc:1274 #6 0x55c7a9c4b7bf in handler::ha_close() /data/src/10.2/sql/handler.cc:2567 #7 0x55c7a98dd75b in closefrm(TABLE*) /data/src/10.2/sql/table.cc:3452 #8 0x55c7a9aea0e5 in intern_close_table /data/src/10.2/sql/table_cache.cc:222 #9 0x55c7a9aea34b in tc_remove_table /data/src/10.2/sql/table_cache.cc:260 #10 0x55c7a9aeb1d7 in tc_release_table(TABLE*) /data/src/10.2/sql/table_cache.cc:461 #11 0x55c7a95340d8 in close_thread_table(THD*, TABLE**) /data/src/10.2/sql/sql_base.cc:903 #12 0x55c7a9532e24 in close_all_tables_for_name(THD*, TABLE_SHARE*, ha_extra_function, TABLE*) /data/src/10.2/sql/sql_base.cc:677 #13 0x55c7a953a8aa in Locked_tables_list::reopen_tables(THD*, bool) /data/src/10.2/sql/sql_base.cc:2422 #14 0x55c7a965e027 in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:6258 #15 0x55c7a9668a0d in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:8015 #16 0x55c7a96433fa in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1826 #17 0x55c7a964048f in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1379 #18 0x55c7a9986a7c in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1335 #19 0x55c7a9986491 in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241 #20 0x55c7aa3a1683 in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1862 #21 0x7f5de2d9c493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493) previously allocated by thread T5 here: #0 0x7f5de300673f in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5473f) #1 0x55c7aacc12e5 in sf_malloc /data/src/10.2/mysys/safemalloc.c:118 #2 0x55c7aac9053c in my_malloc /data/src/10.2/mysys/my_malloc.c:101 #3 0x55c7aac6f576 in my_multi_malloc /data/src/10.2/mysys/mulalloc.c:51 #4 0x55c7aa1cc1d2 in maria_clone_internal /data/src/10.2/storage/maria/ma_open.c:117 #5 0x55c7aa1d55e2 in maria_open /data/src/10.2/storage/maria/ma_open.c:1056 #6 0x55c7aa136f54 in ha_maria::open(char const*, int, unsigned int) /data/src/10.2/storage/maria/ha_maria.cc:1200 #7 0x55c7a9c4a9ce in handler::ha_open(TABLE*, char const*, int, unsigned int) /data/src/10.2/sql/handler.cc:2502 #8 0x55c7a98dc879 in open_table_from_share(THD*, TABLE_SHARE*, char const*, unsigned int, unsigned int, unsigned int, TABLE*, bool) /data/src/10.2/sql/table.cc:3351 #9 0x55c7a9538246 in open_table(THD*, TABLE_LIST*, Open_table_context*) /data/src/10.2/sql/sql_base.cc:1923 #10 0x55c7a953ebff in open_and_process_table /data/src/10.2/sql/sql_base.cc:3488 #11 0x55c7a95413f0 in open_tables(THD*, DDL_options_st const&, TABLE_LIST**, unsigned int*, unsigned int, Prelocking_strategy*) /data/src/10.2/sql/sql_base.cc:4011 #12 0x55c7a95450fc in open_and_lock_tables(THD*, DDL_options_st const&, TABLE_LIST*, bool, unsigned int, Prelocking_strategy*) /data/src/10.2/sql/sql_base.cc:4767 #13 0x55c7a9526504 in open_and_lock_tables(THD*, TABLE_LIST*, bool, unsigned int) /data/src/10.2/sql/sql_base.h:506 #14 0x55c7a965f3a9 in execute_sqlcom_select /data/src/10.2/sql/sql_parse.cc:6402 #15 0x55c7a964ca0b in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:3487 #16 0x55c7a9668a0d in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:8015 #17 0x55c7a96433fa in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1826 #18 0x55c7a964048f in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1379 #19 0x55c7a9986a7c in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1335 #20 0x55c7a9986491 in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241 #21 0x55c7aa3a1683 in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1862 #22 0x7f5de2d9c493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493) Thread T5 created by T0 here: #0 0x7f5de2fd5bba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba) #1 0x55c7aa3a1c4b in spawn_thread_v1 /data/src/10.2/storage/perfschema/pfs.cc:1912 #2 0x55c7a943ccce in inline_mysql_thread_create /data/src/10.2/include/mysql/psi/mysql_thread.h:1239 #3 0x55c7a9451c6b in create_thread_to_handle_connection(CONNECT*) /data/src/10.2/sql/mysqld.cc:6466 #4 0x55c7a9452370 in create_new_thread /data/src/10.2/sql/mysqld.cc:6536 #5 0x55c7a9453387 in handle_connections_sockets() /data/src/10.2/sql/mysqld.cc:6811 #6 0x55c7a94511c0 in mysqld_main(int, char**) /data/src/10.2/sql/mysqld.cc:6085 #7 0x55c7a943b06f in main /data/src/10.2/sql/main.cc:25 #8 0x7f5de10ba2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) SUMMARY: AddressSanitizer: heap-use-after-free /data/src/10.2/storage/maria/ha_maria.cc:2936 ha_maria::implicit_commit(THD*, bool) Shadow bytes around the buggy address: 0x0c5280015600: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c5280015610: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c5280015620: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c5280015630: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c5280015640: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x0c5280015650:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c5280015660: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c5280015670: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c5280015680: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c5280015690: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c52800156a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Contiguous container OOB:fc ASan internal: fe ==6037==ABORTING {noformat} {noformat:title=10.2 3fb6d25 debug} #3 <signal handler called> #4 0x000055a081d10aeb in ha_maria::implicit_commit (thd=0x7ff498000b00, new_trn=true) at /data/src/10.2/storage/maria/ha_maria.cc:2937 #5 0x000055a081b031b7 in ha_commit_trans (thd=0x7ff498000b00, all=true) at /data/src/10.2/sql/handler.cc:1356 #6 0x000055a0819e9e0b in trans_commit_implicit (thd=0x7ff498000b00) at /data/src/10.2/sql/transaction.cc:368 #7 0x000055a0818906a7 in mysql_execute_command (thd=0x7ff498000b00) at /data/src/10.2/sql/sql_parse.cc:6341 #8 0x000055a0818950b3 in mysql_parse (thd=0x7ff498000b00, rawbuf=0x7ff498012448 "ALTER TABLE t1 CHANGE b a INT", length=29, parser_state=0x7ff4aa39d200, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:8015 #9 0x000055a0818829ed in dispatch_command (command=COM_QUERY, thd=0x7ff498000b00, packet=0x7ff49808d631 "ALTER TABLE t1 CHANGE b a INT", packet_length=29, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:1826 #10 0x000055a081881344 in do_command (thd=0x7ff498000b00) at /data/src/10.2/sql/sql_parse.cc:1379 #11 0x000055a0819d42cf in do_handle_one_connection (connect=0x55a084dac7e0) at /data/src/10.2/sql/sql_connect.cc:1335 #12 0x000055a0819d405c in handle_one_connection (arg=0x55a084dac7e0) at /data/src/10.2/sql/sql_connect.cc:1241 #13 0x000055a081df9f92 in pfs_spawn_thread (arg=0x55a084d0fe50) at /data/src/10.2/storage/perfschema/pfs.cc:1862 #14 0x00007ff4b1d98494 in start_thread (arg=0x7ff4aa39e700) at pthread_create.c:333 #15 0x00007ff4b017e93f in clone () from /lib/x86_64-linux-gnu/libc.so.6 {noformat} {noformat:title=10.2 3fb6d25 RelWithDebInfo} #3 0x0000000000000000 in ?? () #4 0x000055aea6c44f60 in close_thread_tables (thd=thd@entry=0x7f6bc40009a8) at /data/src/10.2/sql/sql_base.cc:745 #5 0x000055aea6c45cb0 in Locked_tables_list::unlock_locked_tables (this=0x7f6bc4004240, thd=0x7f6bc40009a8) at /data/src/10.2/sql/sql_base.cc:2211 #6 0x000055aea6c8eedd in mysql_execute_command (thd=0x7f6bc40009a8) at /data/src/10.2/sql/sql_parse.cc:4877 #7 0x000055aea6c91e3a in mysql_parse (thd=0x7f6bc40009a8, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /data/src/10.2/sql/sql_parse.cc:8015 #8 0x000055aea6c959b4 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x7f6bc40009a8, packet=packet@entry=0x7f6bc4006ce9 "UNLOCK TABLES", packet_length=packet_length@entry=13, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /data/src/10.2/sql/sql_parse.cc:1826 #9 0x000055aea6c963e9 in do_command (thd=0x7f6bc40009a8) at /data/src/10.2/sql/sql_parse.cc:1379 #10 0x000055aea6d5fa14 in do_handle_one_connection (connect=connect@entry=0x55aea8f6a4c8) at /data/src/10.2/sql/sql_connect.cc:1335 #11 0x000055aea6d5fbb4 in handle_one_connection (arg=arg@entry=0x55aea8f6a4c8) at /data/src/10.2/sql/sql_connect.cc:1241 #12 0x000055aea7024664 in pfs_spawn_thread (arg=0x55aea8f322e8) at /data/src/10.2/storage/perfschema/pfs.cc:1862 #13 0x00007f6bdca92494 in start_thread (arg=0x7f6bd5096700) at pthread_create.c:333 #14 0x00007f6bdae7893f in clone () from /lib/x86_64-linux-gnu/libc.so.6 {noformat} {noformat:title=10.3 3b1b665 RelWithDebInfo} #2 <signal handler called> #3 start_mutex_wait_v1 (state=0x7fb8b93cb530, mutex=0xffffffffffffffff, op=PSI_MUTEX_LOCK, src_file=0x55c91ab4ba98 "/data/src/10.3/storage/maria/ma_state.c", src_line=88) at /data/src/10.3/storage/perfschema/pfs.cc:2215 #4 0x000055c91a65f7f2 in inline_mysql_mutex_lock (src_file=0x55c91ab4ba98 "/data/src/10.3/storage/maria/ma_state.c", src_line=88, that=0x7fb8a8000ff8) at /data/src/10.3/include/mysql/psi/mysql_thread.h:690 #5 _ma_setup_live_state (info=0x7fb8a80aec28) at /data/src/10.3/storage/maria/ma_state.c:88 #6 0x000055c91a66f17a in ha_maria::implicit_commit (thd=thd@entry=0x7fb8a80009a8, new_trn=new_trn@entry=true) at /data/src/10.3/storage/maria/ha_maria.cc:2953 #7 0x000055c91a5107e7 in ha_commit_trans (thd=thd@entry=0x7fb8a80009a8, all=all@entry=true) at /data/src/10.3/sql/handler.cc:1361 #8 0x000055c91a423ecc in trans_commit_implicit (thd=0x7fb8a80009a8) at /data/src/10.3/sql/transaction.cc:376 #9 0x000055c91a33b91d in mysql_execute_command (thd=0x7fb8a80009a8) at /data/src/10.3/sql/sql_parse.cc:6406 #10 0x000055c91a342309 in mysql_parse (thd=0x7fb8a80009a8, rawbuf=<optimized out>, length=29, parser_state=0x7fb8b93cd630, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /data/src/10.3/sql/sql_parse.cc:8092 #11 0x000055c91a34565e in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x7fb8a80009a8, packet=packet@entry=0x7fb8a8009319 "ALTER TABLE t1 CHANGE b a INT", packet_length=packet_length@entry=29, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /data/src/10.3/sql/sql_parse.cc:1851 #12 0x000055c91a345d00 in do_command (thd=0x7fb8a80009a8) at /data/src/10.3/sql/sql_parse.cc:1396 #13 0x000055c91a417a84 in do_handle_one_connection (connect=connect@entry=0x55c91d2e5b18) at /data/src/10.3/sql/sql_connect.cc:1402 #14 0x000055c91a417c24 in handle_one_connection (arg=arg@entry=0x55c91d2e5b18) at /data/src/10.3/sql/sql_connect.cc:1308 #15 0x000055c91a6fad84 in pfs_spawn_thread (arg=0x55c91d356958) at /data/src/10.3/storage/perfschema/pfs.cc:1862 #16 0x00007fb8c0eff494 in start_thread (arg=0x7fb8b93ce700) at pthread_create.c:333 #17 0x00007fb8bf2e593f in clone () from /lib/x86_64-linux-gnu/libc.so.6 {noformat} |
_Note: It fails every time for me on ASAN/debug builds, and intermittently on non-debug builds. But it still uses a race condition, so run with {{--repeat=N}} if it doesn't fail right away, and use the ASAN build._
{code:sql} CREATE TABLE t1 (a INT, b INT) ENGINE=Aria; SELECT * FROM t1; CREATE TABLE t2 (c INT) ENGINE=Aria; --connect (con1,localhost,root,,test) --send SELECT * FROM t1; --connection default --error ER_NO_SUCH_TABLE SELECT * FROM t1, non_existing_table; LOCK TABLE t2 READ, t1 WRITE; --error ER_DUP_FIELDNAME ALTER TABLE t1 CHANGE b a INT; # Cleanup --connection con1 --reap --disconnect con1 --connection default UNLOCK TABLES; DROP TABLE t1, t2; {code} {noformat:title=10.2 3fb6d25 ASAN} ==6037==ERROR: AddressSanitizer: heap-use-after-free on address 0x6290000eb280 at pc 0x55c7aa144408 bp 0x7f5dd69277c0 sp 0x7f5dd69277b8 READ of size 8 at 0x6290000eb280 thread T5 #0 0x55c7aa144407 in ha_maria::implicit_commit(THD*, bool) /data/src/10.2/storage/maria/ha_maria.cc:2936 #1 0x55c7a9c43444 in ha_commit_trans(THD*, bool) /data/src/10.2/sql/handler.cc:1356 #2 0x55c7a99b8dd2 in trans_commit_implicit(THD*) /data/src/10.2/sql/transaction.cc:368 #3 0x55c7a965e753 in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:6341 #4 0x55c7a9668a0d in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:8015 #5 0x55c7a96433fa in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1826 #6 0x55c7a964048f in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1379 #7 0x55c7a9986a7c in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1335 #8 0x55c7a9986491 in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241 #9 0x55c7aa3a1683 in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1862 #10 0x7f5de2d9c493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493) #11 0x7f5de118293e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e) 0x6290000eb280 is located 128 bytes inside of 18412-byte region [0x6290000eb200,0x6290000ef9ec) freed by thread T5 here: #0 0x7f5de3006527 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x54527) #1 0x55c7aacc256f in free_memory /data/src/10.2/mysys/safemalloc.c:279 #2 0x55c7aacc1b75 in sf_free /data/src/10.2/mysys/safemalloc.c:197 #3 0x55c7aac90e04 in my_free /data/src/10.2/mysys/my_malloc.c:217 #4 0x55c7aa2979d1 in maria_close /data/src/10.2/storage/maria/ma_close.c:269 #5 0x55c7aa137e03 in ha_maria::close() /data/src/10.2/storage/maria/ha_maria.cc:1274 #6 0x55c7a9c4b7bf in handler::ha_close() /data/src/10.2/sql/handler.cc:2567 #7 0x55c7a98dd75b in closefrm(TABLE*) /data/src/10.2/sql/table.cc:3452 #8 0x55c7a9aea0e5 in intern_close_table /data/src/10.2/sql/table_cache.cc:222 #9 0x55c7a9aea34b in tc_remove_table /data/src/10.2/sql/table_cache.cc:260 #10 0x55c7a9aeb1d7 in tc_release_table(TABLE*) /data/src/10.2/sql/table_cache.cc:461 #11 0x55c7a95340d8 in close_thread_table(THD*, TABLE**) /data/src/10.2/sql/sql_base.cc:903 #12 0x55c7a9532e24 in close_all_tables_for_name(THD*, TABLE_SHARE*, ha_extra_function, TABLE*) /data/src/10.2/sql/sql_base.cc:677 #13 0x55c7a953a8aa in Locked_tables_list::reopen_tables(THD*, bool) /data/src/10.2/sql/sql_base.cc:2422 #14 0x55c7a965e027 in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:6258 #15 0x55c7a9668a0d in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:8015 #16 0x55c7a96433fa in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1826 #17 0x55c7a964048f in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1379 #18 0x55c7a9986a7c in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1335 #19 0x55c7a9986491 in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241 #20 0x55c7aa3a1683 in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1862 #21 0x7f5de2d9c493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493) previously allocated by thread T5 here: #0 0x7f5de300673f in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5473f) #1 0x55c7aacc12e5 in sf_malloc /data/src/10.2/mysys/safemalloc.c:118 #2 0x55c7aac9053c in my_malloc /data/src/10.2/mysys/my_malloc.c:101 #3 0x55c7aac6f576 in my_multi_malloc /data/src/10.2/mysys/mulalloc.c:51 #4 0x55c7aa1cc1d2 in maria_clone_internal /data/src/10.2/storage/maria/ma_open.c:117 #5 0x55c7aa1d55e2 in maria_open /data/src/10.2/storage/maria/ma_open.c:1056 #6 0x55c7aa136f54 in ha_maria::open(char const*, int, unsigned int) /data/src/10.2/storage/maria/ha_maria.cc:1200 #7 0x55c7a9c4a9ce in handler::ha_open(TABLE*, char const*, int, unsigned int) /data/src/10.2/sql/handler.cc:2502 #8 0x55c7a98dc879 in open_table_from_share(THD*, TABLE_SHARE*, char const*, unsigned int, unsigned int, unsigned int, TABLE*, bool) /data/src/10.2/sql/table.cc:3351 #9 0x55c7a9538246 in open_table(THD*, TABLE_LIST*, Open_table_context*) /data/src/10.2/sql/sql_base.cc:1923 #10 0x55c7a953ebff in open_and_process_table /data/src/10.2/sql/sql_base.cc:3488 #11 0x55c7a95413f0 in open_tables(THD*, DDL_options_st const&, TABLE_LIST**, unsigned int*, unsigned int, Prelocking_strategy*) /data/src/10.2/sql/sql_base.cc:4011 #12 0x55c7a95450fc in open_and_lock_tables(THD*, DDL_options_st const&, TABLE_LIST*, bool, unsigned int, Prelocking_strategy*) /data/src/10.2/sql/sql_base.cc:4767 #13 0x55c7a9526504 in open_and_lock_tables(THD*, TABLE_LIST*, bool, unsigned int) /data/src/10.2/sql/sql_base.h:506 #14 0x55c7a965f3a9 in execute_sqlcom_select /data/src/10.2/sql/sql_parse.cc:6402 #15 0x55c7a964ca0b in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:3487 #16 0x55c7a9668a0d in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:8015 #17 0x55c7a96433fa in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1826 #18 0x55c7a964048f in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1379 #19 0x55c7a9986a7c in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1335 #20 0x55c7a9986491 in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241 #21 0x55c7aa3a1683 in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1862 #22 0x7f5de2d9c493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493) Thread T5 created by T0 here: #0 0x7f5de2fd5bba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba) #1 0x55c7aa3a1c4b in spawn_thread_v1 /data/src/10.2/storage/perfschema/pfs.cc:1912 #2 0x55c7a943ccce in inline_mysql_thread_create /data/src/10.2/include/mysql/psi/mysql_thread.h:1239 #3 0x55c7a9451c6b in create_thread_to_handle_connection(CONNECT*) /data/src/10.2/sql/mysqld.cc:6466 #4 0x55c7a9452370 in create_new_thread /data/src/10.2/sql/mysqld.cc:6536 #5 0x55c7a9453387 in handle_connections_sockets() /data/src/10.2/sql/mysqld.cc:6811 #6 0x55c7a94511c0 in mysqld_main(int, char**) /data/src/10.2/sql/mysqld.cc:6085 #7 0x55c7a943b06f in main /data/src/10.2/sql/main.cc:25 #8 0x7f5de10ba2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) SUMMARY: AddressSanitizer: heap-use-after-free /data/src/10.2/storage/maria/ha_maria.cc:2936 ha_maria::implicit_commit(THD*, bool) Shadow bytes around the buggy address: 0x0c5280015600: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c5280015610: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c5280015620: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c5280015630: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c5280015640: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x0c5280015650:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c5280015660: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c5280015670: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c5280015680: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c5280015690: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c52800156a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Contiguous container OOB:fc ASan internal: fe ==6037==ABORTING {noformat} {noformat:title=10.2 3fb6d25 debug} #3 <signal handler called> #4 0x000055a081d10aeb in ha_maria::implicit_commit (thd=0x7ff498000b00, new_trn=true) at /data/src/10.2/storage/maria/ha_maria.cc:2937 #5 0x000055a081b031b7 in ha_commit_trans (thd=0x7ff498000b00, all=true) at /data/src/10.2/sql/handler.cc:1356 #6 0x000055a0819e9e0b in trans_commit_implicit (thd=0x7ff498000b00) at /data/src/10.2/sql/transaction.cc:368 #7 0x000055a0818906a7 in mysql_execute_command (thd=0x7ff498000b00) at /data/src/10.2/sql/sql_parse.cc:6341 #8 0x000055a0818950b3 in mysql_parse (thd=0x7ff498000b00, rawbuf=0x7ff498012448 "ALTER TABLE t1 CHANGE b a INT", length=29, parser_state=0x7ff4aa39d200, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:8015 #9 0x000055a0818829ed in dispatch_command (command=COM_QUERY, thd=0x7ff498000b00, packet=0x7ff49808d631 "ALTER TABLE t1 CHANGE b a INT", packet_length=29, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:1826 #10 0x000055a081881344 in do_command (thd=0x7ff498000b00) at /data/src/10.2/sql/sql_parse.cc:1379 #11 0x000055a0819d42cf in do_handle_one_connection (connect=0x55a084dac7e0) at /data/src/10.2/sql/sql_connect.cc:1335 #12 0x000055a0819d405c in handle_one_connection (arg=0x55a084dac7e0) at /data/src/10.2/sql/sql_connect.cc:1241 #13 0x000055a081df9f92 in pfs_spawn_thread (arg=0x55a084d0fe50) at /data/src/10.2/storage/perfschema/pfs.cc:1862 #14 0x00007ff4b1d98494 in start_thread (arg=0x7ff4aa39e700) at pthread_create.c:333 #15 0x00007ff4b017e93f in clone () from /lib/x86_64-linux-gnu/libc.so.6 {noformat} {noformat:title=10.2 3fb6d25 RelWithDebInfo} #3 0x0000000000000000 in ?? () #4 0x000055aea6c44f60 in close_thread_tables (thd=thd@entry=0x7f6bc40009a8) at /data/src/10.2/sql/sql_base.cc:745 #5 0x000055aea6c45cb0 in Locked_tables_list::unlock_locked_tables (this=0x7f6bc4004240, thd=0x7f6bc40009a8) at /data/src/10.2/sql/sql_base.cc:2211 #6 0x000055aea6c8eedd in mysql_execute_command (thd=0x7f6bc40009a8) at /data/src/10.2/sql/sql_parse.cc:4877 #7 0x000055aea6c91e3a in mysql_parse (thd=0x7f6bc40009a8, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /data/src/10.2/sql/sql_parse.cc:8015 #8 0x000055aea6c959b4 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x7f6bc40009a8, packet=packet@entry=0x7f6bc4006ce9 "UNLOCK TABLES", packet_length=packet_length@entry=13, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /data/src/10.2/sql/sql_parse.cc:1826 #9 0x000055aea6c963e9 in do_command (thd=0x7f6bc40009a8) at /data/src/10.2/sql/sql_parse.cc:1379 #10 0x000055aea6d5fa14 in do_handle_one_connection (connect=connect@entry=0x55aea8f6a4c8) at /data/src/10.2/sql/sql_connect.cc:1335 #11 0x000055aea6d5fbb4 in handle_one_connection (arg=arg@entry=0x55aea8f6a4c8) at /data/src/10.2/sql/sql_connect.cc:1241 #12 0x000055aea7024664 in pfs_spawn_thread (arg=0x55aea8f322e8) at /data/src/10.2/storage/perfschema/pfs.cc:1862 #13 0x00007f6bdca92494 in start_thread (arg=0x7f6bd5096700) at pthread_create.c:333 #14 0x00007f6bdae7893f in clone () from /lib/x86_64-linux-gnu/libc.so.6 {noformat} {noformat:title=10.3 3b1b665 RelWithDebInfo} #2 <signal handler called> #3 start_mutex_wait_v1 (state=0x7fb8b93cb530, mutex=0xffffffffffffffff, op=PSI_MUTEX_LOCK, src_file=0x55c91ab4ba98 "/data/src/10.3/storage/maria/ma_state.c", src_line=88) at /data/src/10.3/storage/perfschema/pfs.cc:2215 #4 0x000055c91a65f7f2 in inline_mysql_mutex_lock (src_file=0x55c91ab4ba98 "/data/src/10.3/storage/maria/ma_state.c", src_line=88, that=0x7fb8a8000ff8) at /data/src/10.3/include/mysql/psi/mysql_thread.h:690 #5 _ma_setup_live_state (info=0x7fb8a80aec28) at /data/src/10.3/storage/maria/ma_state.c:88 #6 0x000055c91a66f17a in ha_maria::implicit_commit (thd=thd@entry=0x7fb8a80009a8, new_trn=new_trn@entry=true) at /data/src/10.3/storage/maria/ha_maria.cc:2953 #7 0x000055c91a5107e7 in ha_commit_trans (thd=thd@entry=0x7fb8a80009a8, all=all@entry=true) at /data/src/10.3/sql/handler.cc:1361 #8 0x000055c91a423ecc in trans_commit_implicit (thd=0x7fb8a80009a8) at /data/src/10.3/sql/transaction.cc:376 #9 0x000055c91a33b91d in mysql_execute_command (thd=0x7fb8a80009a8) at /data/src/10.3/sql/sql_parse.cc:6406 #10 0x000055c91a342309 in mysql_parse (thd=0x7fb8a80009a8, rawbuf=<optimized out>, length=29, parser_state=0x7fb8b93cd630, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /data/src/10.3/sql/sql_parse.cc:8092 #11 0x000055c91a34565e in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x7fb8a80009a8, packet=packet@entry=0x7fb8a8009319 "ALTER TABLE t1 CHANGE b a INT", packet_length=packet_length@entry=29, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /data/src/10.3/sql/sql_parse.cc:1851 #12 0x000055c91a345d00 in do_command (thd=0x7fb8a80009a8) at /data/src/10.3/sql/sql_parse.cc:1396 #13 0x000055c91a417a84 in do_handle_one_connection (connect=connect@entry=0x55c91d2e5b18) at /data/src/10.3/sql/sql_connect.cc:1402 #14 0x000055c91a417c24 in handle_one_connection (arg=arg@entry=0x55c91d2e5b18) at /data/src/10.3/sql/sql_connect.cc:1308 #15 0x000055c91a6fad84 in pfs_spawn_thread (arg=0x55c91d356958) at /data/src/10.3/storage/perfschema/pfs.cc:1862 #16 0x00007fb8c0eff494 in start_thread (arg=0x7fb8b93ce700) at pthread_create.c:333 #17 0x00007fb8bf2e593f in clone () from /lib/x86_64-linux-gnu/libc.so.6 {noformat} *Couldn't reproduce on 10.1 and 10.4*. |
| Attachment | master.log.gz [ 42401 ] |
| Comment |
[ Fresh occurrence on 10.1:
http://buildbot.askmonty.org/buildbot/builders/qa-win-rel/builds/3555/steps/transform/logs/stdio {noformat} mysqld.exe!ha_maria::implicit_commit()[ha_maria.cc:2933] mysqld.exe!ha_commit_trans()[handler.cc:1345] mysqld.exe!trans_commit_stmt()[transaction.cc:435] mysqld.exe!mysql_admin_table()[sql_admin.cc:1118] mysqld.exe!Sql_cmd_analyze_table::execute()[sql_admin.cc:1252] mysqld.exe!mysql_execute_command()[sql_parse.cc:5698] mysqld.exe!mysql_parse()[sql_parse.cc:7344] mysqld.exe!dispatch_command()[sql_parse.cc:1492] mysqld.exe!do_command()[sql_parse.cc:1109] mysqld.exe!threadpool_process_request()[threadpool_common.cc:271] mysqld.exe!io_completion_callback()[threadpool_win.cc:568] KERNEL32.DLL!VirtualUnlock() ntdll.dll!RtlGetActiveActivationContext() ntdll.dll!RtlFreeUnicodeString() KERNEL32.DLL!BaseThreadInitThunk() ntdll.dll!RtlUserThreadStart() Trying to get some variables. Some pointers may be invalid and cause the dump to abort. Query (0x17e9fdc1b0): ANALYZE TABLE table0_aria,table0_innodb,table0_myisam,table100_aria,table100_innodb,table100_myisam,table10_aria,table10_innodb,table10_myisam,table1_aria,table1_innodb,table1_myisam,table20_aria,table20_innodb,table20_myisam /* QNO 1938 CON_ID 10 */ {noformat} {noformat} seed=1496247654 Command line: E:\buildbot\rqg/runall.pl --no-mask --seed=time --threads=5 --duration=400 --queries=100M --reporters=QueryTimeout,Backtrace,ErrorLog,Deadlock,Shutdown --redefine=conf/mariadb/redefine_random_keys.yy --redefine=conf/mariadb/redefine_set_session_vars.yy --validators=TransformerLight --transformers=ConvertSubqueriesToViews,DisableOptimizations,EnableOptimizations,ExecuteAsInsertSelect,ExecuteAsSelectItem,ExecuteAsUpdateDelete,ExecuteAsView,ExecuteAsDerived,DisableJoinCache --appverif --grammar=conf/mariadb/optimizer.yy --gendata=conf/mariadb/optimizer.zz --mtr-build-thread=140 --basedir1=D:\qa-win-rel\build --vardir1=E:\buildbot\vardirs\qa-win-rel\10.1-3555\optim-transform/current1_1 {noformat} ] |
| Comment |
[ New occurrence on bb-10.2- https://dev.azure.com/elenst/MariaDB%20tests/_build/results?buildId=118&view=logs&jobId=26090bc1-bb8d-5026-4812-1edfb4c7702a&taskId=2dd2bf97-3d69-5a7c-2a20-32cafe776fa3&lineStart=775&lineEnd=779&colStart=30&colEnd=94 20190129.1 test005 ] |
| Assignee | Elena Stepanova [ elenst ] | Michael Widenius [ monty ] |
| Description |
_Note: It fails every time for me on ASAN/debug builds, and intermittently on non-debug builds. But it still uses a race condition, so run with {{--repeat=N}} if it doesn't fail right away, and use the ASAN build._
{code:sql} CREATE TABLE t1 (a INT, b INT) ENGINE=Aria; SELECT * FROM t1; CREATE TABLE t2 (c INT) ENGINE=Aria; --connect (con1,localhost,root,,test) --send SELECT * FROM t1; --connection default --error ER_NO_SUCH_TABLE SELECT * FROM t1, non_existing_table; LOCK TABLE t2 READ, t1 WRITE; --error ER_DUP_FIELDNAME ALTER TABLE t1 CHANGE b a INT; # Cleanup --connection con1 --reap --disconnect con1 --connection default UNLOCK TABLES; DROP TABLE t1, t2; {code} {noformat:title=10.2 3fb6d25 ASAN} ==6037==ERROR: AddressSanitizer: heap-use-after-free on address 0x6290000eb280 at pc 0x55c7aa144408 bp 0x7f5dd69277c0 sp 0x7f5dd69277b8 READ of size 8 at 0x6290000eb280 thread T5 #0 0x55c7aa144407 in ha_maria::implicit_commit(THD*, bool) /data/src/10.2/storage/maria/ha_maria.cc:2936 #1 0x55c7a9c43444 in ha_commit_trans(THD*, bool) /data/src/10.2/sql/handler.cc:1356 #2 0x55c7a99b8dd2 in trans_commit_implicit(THD*) /data/src/10.2/sql/transaction.cc:368 #3 0x55c7a965e753 in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:6341 #4 0x55c7a9668a0d in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:8015 #5 0x55c7a96433fa in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1826 #6 0x55c7a964048f in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1379 #7 0x55c7a9986a7c in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1335 #8 0x55c7a9986491 in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241 #9 0x55c7aa3a1683 in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1862 #10 0x7f5de2d9c493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493) #11 0x7f5de118293e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e) 0x6290000eb280 is located 128 bytes inside of 18412-byte region [0x6290000eb200,0x6290000ef9ec) freed by thread T5 here: #0 0x7f5de3006527 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x54527) #1 0x55c7aacc256f in free_memory /data/src/10.2/mysys/safemalloc.c:279 #2 0x55c7aacc1b75 in sf_free /data/src/10.2/mysys/safemalloc.c:197 #3 0x55c7aac90e04 in my_free /data/src/10.2/mysys/my_malloc.c:217 #4 0x55c7aa2979d1 in maria_close /data/src/10.2/storage/maria/ma_close.c:269 #5 0x55c7aa137e03 in ha_maria::close() /data/src/10.2/storage/maria/ha_maria.cc:1274 #6 0x55c7a9c4b7bf in handler::ha_close() /data/src/10.2/sql/handler.cc:2567 #7 0x55c7a98dd75b in closefrm(TABLE*) /data/src/10.2/sql/table.cc:3452 #8 0x55c7a9aea0e5 in intern_close_table /data/src/10.2/sql/table_cache.cc:222 #9 0x55c7a9aea34b in tc_remove_table /data/src/10.2/sql/table_cache.cc:260 #10 0x55c7a9aeb1d7 in tc_release_table(TABLE*) /data/src/10.2/sql/table_cache.cc:461 #11 0x55c7a95340d8 in close_thread_table(THD*, TABLE**) /data/src/10.2/sql/sql_base.cc:903 #12 0x55c7a9532e24 in close_all_tables_for_name(THD*, TABLE_SHARE*, ha_extra_function, TABLE*) /data/src/10.2/sql/sql_base.cc:677 #13 0x55c7a953a8aa in Locked_tables_list::reopen_tables(THD*, bool) /data/src/10.2/sql/sql_base.cc:2422 #14 0x55c7a965e027 in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:6258 #15 0x55c7a9668a0d in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:8015 #16 0x55c7a96433fa in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1826 #17 0x55c7a964048f in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1379 #18 0x55c7a9986a7c in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1335 #19 0x55c7a9986491 in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241 #20 0x55c7aa3a1683 in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1862 #21 0x7f5de2d9c493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493) previously allocated by thread T5 here: #0 0x7f5de300673f in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5473f) #1 0x55c7aacc12e5 in sf_malloc /data/src/10.2/mysys/safemalloc.c:118 #2 0x55c7aac9053c in my_malloc /data/src/10.2/mysys/my_malloc.c:101 #3 0x55c7aac6f576 in my_multi_malloc /data/src/10.2/mysys/mulalloc.c:51 #4 0x55c7aa1cc1d2 in maria_clone_internal /data/src/10.2/storage/maria/ma_open.c:117 #5 0x55c7aa1d55e2 in maria_open /data/src/10.2/storage/maria/ma_open.c:1056 #6 0x55c7aa136f54 in ha_maria::open(char const*, int, unsigned int) /data/src/10.2/storage/maria/ha_maria.cc:1200 #7 0x55c7a9c4a9ce in handler::ha_open(TABLE*, char const*, int, unsigned int) /data/src/10.2/sql/handler.cc:2502 #8 0x55c7a98dc879 in open_table_from_share(THD*, TABLE_SHARE*, char const*, unsigned int, unsigned int, unsigned int, TABLE*, bool) /data/src/10.2/sql/table.cc:3351 #9 0x55c7a9538246 in open_table(THD*, TABLE_LIST*, Open_table_context*) /data/src/10.2/sql/sql_base.cc:1923 #10 0x55c7a953ebff in open_and_process_table /data/src/10.2/sql/sql_base.cc:3488 #11 0x55c7a95413f0 in open_tables(THD*, DDL_options_st const&, TABLE_LIST**, unsigned int*, unsigned int, Prelocking_strategy*) /data/src/10.2/sql/sql_base.cc:4011 #12 0x55c7a95450fc in open_and_lock_tables(THD*, DDL_options_st const&, TABLE_LIST*, bool, unsigned int, Prelocking_strategy*) /data/src/10.2/sql/sql_base.cc:4767 #13 0x55c7a9526504 in open_and_lock_tables(THD*, TABLE_LIST*, bool, unsigned int) /data/src/10.2/sql/sql_base.h:506 #14 0x55c7a965f3a9 in execute_sqlcom_select /data/src/10.2/sql/sql_parse.cc:6402 #15 0x55c7a964ca0b in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:3487 #16 0x55c7a9668a0d in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:8015 #17 0x55c7a96433fa in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1826 #18 0x55c7a964048f in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1379 #19 0x55c7a9986a7c in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1335 #20 0x55c7a9986491 in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241 #21 0x55c7aa3a1683 in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1862 #22 0x7f5de2d9c493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493) Thread T5 created by T0 here: #0 0x7f5de2fd5bba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba) #1 0x55c7aa3a1c4b in spawn_thread_v1 /data/src/10.2/storage/perfschema/pfs.cc:1912 #2 0x55c7a943ccce in inline_mysql_thread_create /data/src/10.2/include/mysql/psi/mysql_thread.h:1239 #3 0x55c7a9451c6b in create_thread_to_handle_connection(CONNECT*) /data/src/10.2/sql/mysqld.cc:6466 #4 0x55c7a9452370 in create_new_thread /data/src/10.2/sql/mysqld.cc:6536 #5 0x55c7a9453387 in handle_connections_sockets() /data/src/10.2/sql/mysqld.cc:6811 #6 0x55c7a94511c0 in mysqld_main(int, char**) /data/src/10.2/sql/mysqld.cc:6085 #7 0x55c7a943b06f in main /data/src/10.2/sql/main.cc:25 #8 0x7f5de10ba2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) SUMMARY: AddressSanitizer: heap-use-after-free /data/src/10.2/storage/maria/ha_maria.cc:2936 ha_maria::implicit_commit(THD*, bool) Shadow bytes around the buggy address: 0x0c5280015600: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c5280015610: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c5280015620: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c5280015630: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c5280015640: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x0c5280015650:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c5280015660: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c5280015670: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c5280015680: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c5280015690: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c52800156a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Contiguous container OOB:fc ASan internal: fe ==6037==ABORTING {noformat} {noformat:title=10.2 3fb6d25 debug} #3 <signal handler called> #4 0x000055a081d10aeb in ha_maria::implicit_commit (thd=0x7ff498000b00, new_trn=true) at /data/src/10.2/storage/maria/ha_maria.cc:2937 #5 0x000055a081b031b7 in ha_commit_trans (thd=0x7ff498000b00, all=true) at /data/src/10.2/sql/handler.cc:1356 #6 0x000055a0819e9e0b in trans_commit_implicit (thd=0x7ff498000b00) at /data/src/10.2/sql/transaction.cc:368 #7 0x000055a0818906a7 in mysql_execute_command (thd=0x7ff498000b00) at /data/src/10.2/sql/sql_parse.cc:6341 #8 0x000055a0818950b3 in mysql_parse (thd=0x7ff498000b00, rawbuf=0x7ff498012448 "ALTER TABLE t1 CHANGE b a INT", length=29, parser_state=0x7ff4aa39d200, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:8015 #9 0x000055a0818829ed in dispatch_command (command=COM_QUERY, thd=0x7ff498000b00, packet=0x7ff49808d631 "ALTER TABLE t1 CHANGE b a INT", packet_length=29, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:1826 #10 0x000055a081881344 in do_command (thd=0x7ff498000b00) at /data/src/10.2/sql/sql_parse.cc:1379 #11 0x000055a0819d42cf in do_handle_one_connection (connect=0x55a084dac7e0) at /data/src/10.2/sql/sql_connect.cc:1335 #12 0x000055a0819d405c in handle_one_connection (arg=0x55a084dac7e0) at /data/src/10.2/sql/sql_connect.cc:1241 #13 0x000055a081df9f92 in pfs_spawn_thread (arg=0x55a084d0fe50) at /data/src/10.2/storage/perfschema/pfs.cc:1862 #14 0x00007ff4b1d98494 in start_thread (arg=0x7ff4aa39e700) at pthread_create.c:333 #15 0x00007ff4b017e93f in clone () from /lib/x86_64-linux-gnu/libc.so.6 {noformat} {noformat:title=10.2 3fb6d25 RelWithDebInfo} #3 0x0000000000000000 in ?? () #4 0x000055aea6c44f60 in close_thread_tables (thd=thd@entry=0x7f6bc40009a8) at /data/src/10.2/sql/sql_base.cc:745 #5 0x000055aea6c45cb0 in Locked_tables_list::unlock_locked_tables (this=0x7f6bc4004240, thd=0x7f6bc40009a8) at /data/src/10.2/sql/sql_base.cc:2211 #6 0x000055aea6c8eedd in mysql_execute_command (thd=0x7f6bc40009a8) at /data/src/10.2/sql/sql_parse.cc:4877 #7 0x000055aea6c91e3a in mysql_parse (thd=0x7f6bc40009a8, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /data/src/10.2/sql/sql_parse.cc:8015 #8 0x000055aea6c959b4 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x7f6bc40009a8, packet=packet@entry=0x7f6bc4006ce9 "UNLOCK TABLES", packet_length=packet_length@entry=13, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /data/src/10.2/sql/sql_parse.cc:1826 #9 0x000055aea6c963e9 in do_command (thd=0x7f6bc40009a8) at /data/src/10.2/sql/sql_parse.cc:1379 #10 0x000055aea6d5fa14 in do_handle_one_connection (connect=connect@entry=0x55aea8f6a4c8) at /data/src/10.2/sql/sql_connect.cc:1335 #11 0x000055aea6d5fbb4 in handle_one_connection (arg=arg@entry=0x55aea8f6a4c8) at /data/src/10.2/sql/sql_connect.cc:1241 #12 0x000055aea7024664 in pfs_spawn_thread (arg=0x55aea8f322e8) at /data/src/10.2/storage/perfschema/pfs.cc:1862 #13 0x00007f6bdca92494 in start_thread (arg=0x7f6bd5096700) at pthread_create.c:333 #14 0x00007f6bdae7893f in clone () from /lib/x86_64-linux-gnu/libc.so.6 {noformat} {noformat:title=10.3 3b1b665 RelWithDebInfo} #2 <signal handler called> #3 start_mutex_wait_v1 (state=0x7fb8b93cb530, mutex=0xffffffffffffffff, op=PSI_MUTEX_LOCK, src_file=0x55c91ab4ba98 "/data/src/10.3/storage/maria/ma_state.c", src_line=88) at /data/src/10.3/storage/perfschema/pfs.cc:2215 #4 0x000055c91a65f7f2 in inline_mysql_mutex_lock (src_file=0x55c91ab4ba98 "/data/src/10.3/storage/maria/ma_state.c", src_line=88, that=0x7fb8a8000ff8) at /data/src/10.3/include/mysql/psi/mysql_thread.h:690 #5 _ma_setup_live_state (info=0x7fb8a80aec28) at /data/src/10.3/storage/maria/ma_state.c:88 #6 0x000055c91a66f17a in ha_maria::implicit_commit (thd=thd@entry=0x7fb8a80009a8, new_trn=new_trn@entry=true) at /data/src/10.3/storage/maria/ha_maria.cc:2953 #7 0x000055c91a5107e7 in ha_commit_trans (thd=thd@entry=0x7fb8a80009a8, all=all@entry=true) at /data/src/10.3/sql/handler.cc:1361 #8 0x000055c91a423ecc in trans_commit_implicit (thd=0x7fb8a80009a8) at /data/src/10.3/sql/transaction.cc:376 #9 0x000055c91a33b91d in mysql_execute_command (thd=0x7fb8a80009a8) at /data/src/10.3/sql/sql_parse.cc:6406 #10 0x000055c91a342309 in mysql_parse (thd=0x7fb8a80009a8, rawbuf=<optimized out>, length=29, parser_state=0x7fb8b93cd630, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /data/src/10.3/sql/sql_parse.cc:8092 #11 0x000055c91a34565e in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x7fb8a80009a8, packet=packet@entry=0x7fb8a8009319 "ALTER TABLE t1 CHANGE b a INT", packet_length=packet_length@entry=29, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /data/src/10.3/sql/sql_parse.cc:1851 #12 0x000055c91a345d00 in do_command (thd=0x7fb8a80009a8) at /data/src/10.3/sql/sql_parse.cc:1396 #13 0x000055c91a417a84 in do_handle_one_connection (connect=connect@entry=0x55c91d2e5b18) at /data/src/10.3/sql/sql_connect.cc:1402 #14 0x000055c91a417c24 in handle_one_connection (arg=arg@entry=0x55c91d2e5b18) at /data/src/10.3/sql/sql_connect.cc:1308 #15 0x000055c91a6fad84 in pfs_spawn_thread (arg=0x55c91d356958) at /data/src/10.3/storage/perfschema/pfs.cc:1862 #16 0x00007fb8c0eff494 in start_thread (arg=0x7fb8b93ce700) at pthread_create.c:333 #17 0x00007fb8bf2e593f in clone () from /lib/x86_64-linux-gnu/libc.so.6 {noformat} *Couldn't reproduce on 10.1 and 10.4*. |
_Note: It fails every time for me on ASAN/debug builds, and intermittently on non-debug builds. But it still uses a race condition, so run with {{--repeat=N}} if it doesn't fail right away, and use the ASAN build._
{code:sql} CREATE TABLE t1 (a INT, b INT) ENGINE=Aria; SELECT * FROM t1; CREATE TABLE t2 (c INT) ENGINE=Aria; --connect (con1,localhost,root,,test) --send SELECT * FROM t1; --connection default --error ER_NO_SUCH_TABLE SELECT * FROM t1, non_existing_table; LOCK TABLE t2 READ, t1 WRITE; --error ER_DUP_FIELDNAME ALTER TABLE t1 CHANGE b a INT; # Cleanup --connection con1 --reap --disconnect con1 --connection default UNLOCK TABLES; DROP TABLE t1, t2; {code} {noformat:title=10.2 3fb6d25 ASAN} ==6037==ERROR: AddressSanitizer: heap-use-after-free on address 0x6290000eb280 at pc 0x55c7aa144408 bp 0x7f5dd69277c0 sp 0x7f5dd69277b8 READ of size 8 at 0x6290000eb280 thread T5 #0 0x55c7aa144407 in ha_maria::implicit_commit(THD*, bool) /data/src/10.2/storage/maria/ha_maria.cc:2936 #1 0x55c7a9c43444 in ha_commit_trans(THD*, bool) /data/src/10.2/sql/handler.cc:1356 #2 0x55c7a99b8dd2 in trans_commit_implicit(THD*) /data/src/10.2/sql/transaction.cc:368 #3 0x55c7a965e753 in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:6341 #4 0x55c7a9668a0d in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:8015 #5 0x55c7a96433fa in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1826 #6 0x55c7a964048f in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1379 #7 0x55c7a9986a7c in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1335 #8 0x55c7a9986491 in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241 #9 0x55c7aa3a1683 in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1862 #10 0x7f5de2d9c493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493) #11 0x7f5de118293e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e) 0x6290000eb280 is located 128 bytes inside of 18412-byte region [0x6290000eb200,0x6290000ef9ec) freed by thread T5 here: #0 0x7f5de3006527 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x54527) #1 0x55c7aacc256f in free_memory /data/src/10.2/mysys/safemalloc.c:279 #2 0x55c7aacc1b75 in sf_free /data/src/10.2/mysys/safemalloc.c:197 #3 0x55c7aac90e04 in my_free /data/src/10.2/mysys/my_malloc.c:217 #4 0x55c7aa2979d1 in maria_close /data/src/10.2/storage/maria/ma_close.c:269 #5 0x55c7aa137e03 in ha_maria::close() /data/src/10.2/storage/maria/ha_maria.cc:1274 #6 0x55c7a9c4b7bf in handler::ha_close() /data/src/10.2/sql/handler.cc:2567 #7 0x55c7a98dd75b in closefrm(TABLE*) /data/src/10.2/sql/table.cc:3452 #8 0x55c7a9aea0e5 in intern_close_table /data/src/10.2/sql/table_cache.cc:222 #9 0x55c7a9aea34b in tc_remove_table /data/src/10.2/sql/table_cache.cc:260 #10 0x55c7a9aeb1d7 in tc_release_table(TABLE*) /data/src/10.2/sql/table_cache.cc:461 #11 0x55c7a95340d8 in close_thread_table(THD*, TABLE**) /data/src/10.2/sql/sql_base.cc:903 #12 0x55c7a9532e24 in close_all_tables_for_name(THD*, TABLE_SHARE*, ha_extra_function, TABLE*) /data/src/10.2/sql/sql_base.cc:677 #13 0x55c7a953a8aa in Locked_tables_list::reopen_tables(THD*, bool) /data/src/10.2/sql/sql_base.cc:2422 #14 0x55c7a965e027 in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:6258 #15 0x55c7a9668a0d in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:8015 #16 0x55c7a96433fa in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1826 #17 0x55c7a964048f in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1379 #18 0x55c7a9986a7c in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1335 #19 0x55c7a9986491 in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241 #20 0x55c7aa3a1683 in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1862 #21 0x7f5de2d9c493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493) previously allocated by thread T5 here: #0 0x7f5de300673f in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5473f) #1 0x55c7aacc12e5 in sf_malloc /data/src/10.2/mysys/safemalloc.c:118 #2 0x55c7aac9053c in my_malloc /data/src/10.2/mysys/my_malloc.c:101 #3 0x55c7aac6f576 in my_multi_malloc /data/src/10.2/mysys/mulalloc.c:51 #4 0x55c7aa1cc1d2 in maria_clone_internal /data/src/10.2/storage/maria/ma_open.c:117 #5 0x55c7aa1d55e2 in maria_open /data/src/10.2/storage/maria/ma_open.c:1056 #6 0x55c7aa136f54 in ha_maria::open(char const*, int, unsigned int) /data/src/10.2/storage/maria/ha_maria.cc:1200 #7 0x55c7a9c4a9ce in handler::ha_open(TABLE*, char const*, int, unsigned int) /data/src/10.2/sql/handler.cc:2502 #8 0x55c7a98dc879 in open_table_from_share(THD*, TABLE_SHARE*, char const*, unsigned int, unsigned int, unsigned int, TABLE*, bool) /data/src/10.2/sql/table.cc:3351 #9 0x55c7a9538246 in open_table(THD*, TABLE_LIST*, Open_table_context*) /data/src/10.2/sql/sql_base.cc:1923 #10 0x55c7a953ebff in open_and_process_table /data/src/10.2/sql/sql_base.cc:3488 #11 0x55c7a95413f0 in open_tables(THD*, DDL_options_st const&, TABLE_LIST**, unsigned int*, unsigned int, Prelocking_strategy*) /data/src/10.2/sql/sql_base.cc:4011 #12 0x55c7a95450fc in open_and_lock_tables(THD*, DDL_options_st const&, TABLE_LIST*, bool, unsigned int, Prelocking_strategy*) /data/src/10.2/sql/sql_base.cc:4767 #13 0x55c7a9526504 in open_and_lock_tables(THD*, TABLE_LIST*, bool, unsigned int) /data/src/10.2/sql/sql_base.h:506 #14 0x55c7a965f3a9 in execute_sqlcom_select /data/src/10.2/sql/sql_parse.cc:6402 #15 0x55c7a964ca0b in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:3487 #16 0x55c7a9668a0d in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:8015 #17 0x55c7a96433fa in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1826 #18 0x55c7a964048f in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1379 #19 0x55c7a9986a7c in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1335 #20 0x55c7a9986491 in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241 #21 0x55c7aa3a1683 in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1862 #22 0x7f5de2d9c493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493) Thread T5 created by T0 here: #0 0x7f5de2fd5bba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba) #1 0x55c7aa3a1c4b in spawn_thread_v1 /data/src/10.2/storage/perfschema/pfs.cc:1912 #2 0x55c7a943ccce in inline_mysql_thread_create /data/src/10.2/include/mysql/psi/mysql_thread.h:1239 #3 0x55c7a9451c6b in create_thread_to_handle_connection(CONNECT*) /data/src/10.2/sql/mysqld.cc:6466 #4 0x55c7a9452370 in create_new_thread /data/src/10.2/sql/mysqld.cc:6536 #5 0x55c7a9453387 in handle_connections_sockets() /data/src/10.2/sql/mysqld.cc:6811 #6 0x55c7a94511c0 in mysqld_main(int, char**) /data/src/10.2/sql/mysqld.cc:6085 #7 0x55c7a943b06f in main /data/src/10.2/sql/main.cc:25 #8 0x7f5de10ba2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) SUMMARY: AddressSanitizer: heap-use-after-free /data/src/10.2/storage/maria/ha_maria.cc:2936 ha_maria::implicit_commit(THD*, bool) Shadow bytes around the buggy address: 0x0c5280015600: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c5280015610: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c5280015620: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c5280015630: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c5280015640: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x0c5280015650:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c5280015660: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c5280015670: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c5280015680: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c5280015690: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c52800156a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Contiguous container OOB:fc ASan internal: fe ==6037==ABORTING {noformat} {noformat:title=10.2 3fb6d25 debug} #3 <signal handler called> #4 0x000055a081d10aeb in ha_maria::implicit_commit (thd=0x7ff498000b00, new_trn=true) at /data/src/10.2/storage/maria/ha_maria.cc:2937 #5 0x000055a081b031b7 in ha_commit_trans (thd=0x7ff498000b00, all=true) at /data/src/10.2/sql/handler.cc:1356 #6 0x000055a0819e9e0b in trans_commit_implicit (thd=0x7ff498000b00) at /data/src/10.2/sql/transaction.cc:368 #7 0x000055a0818906a7 in mysql_execute_command (thd=0x7ff498000b00) at /data/src/10.2/sql/sql_parse.cc:6341 #8 0x000055a0818950b3 in mysql_parse (thd=0x7ff498000b00, rawbuf=0x7ff498012448 "ALTER TABLE t1 CHANGE b a INT", length=29, parser_state=0x7ff4aa39d200, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:8015 #9 0x000055a0818829ed in dispatch_command (command=COM_QUERY, thd=0x7ff498000b00, packet=0x7ff49808d631 "ALTER TABLE t1 CHANGE b a INT", packet_length=29, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:1826 #10 0x000055a081881344 in do_command (thd=0x7ff498000b00) at /data/src/10.2/sql/sql_parse.cc:1379 #11 0x000055a0819d42cf in do_handle_one_connection (connect=0x55a084dac7e0) at /data/src/10.2/sql/sql_connect.cc:1335 #12 0x000055a0819d405c in handle_one_connection (arg=0x55a084dac7e0) at /data/src/10.2/sql/sql_connect.cc:1241 #13 0x000055a081df9f92 in pfs_spawn_thread (arg=0x55a084d0fe50) at /data/src/10.2/storage/perfschema/pfs.cc:1862 #14 0x00007ff4b1d98494 in start_thread (arg=0x7ff4aa39e700) at pthread_create.c:333 #15 0x00007ff4b017e93f in clone () from /lib/x86_64-linux-gnu/libc.so.6 {noformat} {noformat:title=10.2 3fb6d25 RelWithDebInfo} #3 0x0000000000000000 in ?? () #4 0x000055aea6c44f60 in close_thread_tables (thd=thd@entry=0x7f6bc40009a8) at /data/src/10.2/sql/sql_base.cc:745 #5 0x000055aea6c45cb0 in Locked_tables_list::unlock_locked_tables (this=0x7f6bc4004240, thd=0x7f6bc40009a8) at /data/src/10.2/sql/sql_base.cc:2211 #6 0x000055aea6c8eedd in mysql_execute_command (thd=0x7f6bc40009a8) at /data/src/10.2/sql/sql_parse.cc:4877 #7 0x000055aea6c91e3a in mysql_parse (thd=0x7f6bc40009a8, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /data/src/10.2/sql/sql_parse.cc:8015 #8 0x000055aea6c959b4 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x7f6bc40009a8, packet=packet@entry=0x7f6bc4006ce9 "UNLOCK TABLES", packet_length=packet_length@entry=13, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /data/src/10.2/sql/sql_parse.cc:1826 #9 0x000055aea6c963e9 in do_command (thd=0x7f6bc40009a8) at /data/src/10.2/sql/sql_parse.cc:1379 #10 0x000055aea6d5fa14 in do_handle_one_connection (connect=connect@entry=0x55aea8f6a4c8) at /data/src/10.2/sql/sql_connect.cc:1335 #11 0x000055aea6d5fbb4 in handle_one_connection (arg=arg@entry=0x55aea8f6a4c8) at /data/src/10.2/sql/sql_connect.cc:1241 #12 0x000055aea7024664 in pfs_spawn_thread (arg=0x55aea8f322e8) at /data/src/10.2/storage/perfschema/pfs.cc:1862 #13 0x00007f6bdca92494 in start_thread (arg=0x7f6bd5096700) at pthread_create.c:333 #14 0x00007f6bdae7893f in clone () from /lib/x86_64-linux-gnu/libc.so.6 {noformat} {noformat:title=10.3 3b1b665 RelWithDebInfo} #2 <signal handler called> #3 start_mutex_wait_v1 (state=0x7fb8b93cb530, mutex=0xffffffffffffffff, op=PSI_MUTEX_LOCK, src_file=0x55c91ab4ba98 "/data/src/10.3/storage/maria/ma_state.c", src_line=88) at /data/src/10.3/storage/perfschema/pfs.cc:2215 #4 0x000055c91a65f7f2 in inline_mysql_mutex_lock (src_file=0x55c91ab4ba98 "/data/src/10.3/storage/maria/ma_state.c", src_line=88, that=0x7fb8a8000ff8) at /data/src/10.3/include/mysql/psi/mysql_thread.h:690 #5 _ma_setup_live_state (info=0x7fb8a80aec28) at /data/src/10.3/storage/maria/ma_state.c:88 #6 0x000055c91a66f17a in ha_maria::implicit_commit (thd=thd@entry=0x7fb8a80009a8, new_trn=new_trn@entry=true) at /data/src/10.3/storage/maria/ha_maria.cc:2953 #7 0x000055c91a5107e7 in ha_commit_trans (thd=thd@entry=0x7fb8a80009a8, all=all@entry=true) at /data/src/10.3/sql/handler.cc:1361 #8 0x000055c91a423ecc in trans_commit_implicit (thd=0x7fb8a80009a8) at /data/src/10.3/sql/transaction.cc:376 #9 0x000055c91a33b91d in mysql_execute_command (thd=0x7fb8a80009a8) at /data/src/10.3/sql/sql_parse.cc:6406 #10 0x000055c91a342309 in mysql_parse (thd=0x7fb8a80009a8, rawbuf=<optimized out>, length=29, parser_state=0x7fb8b93cd630, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /data/src/10.3/sql/sql_parse.cc:8092 #11 0x000055c91a34565e in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x7fb8a80009a8, packet=packet@entry=0x7fb8a8009319 "ALTER TABLE t1 CHANGE b a INT", packet_length=packet_length@entry=29, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /data/src/10.3/sql/sql_parse.cc:1851 #12 0x000055c91a345d00 in do_command (thd=0x7fb8a80009a8) at /data/src/10.3/sql/sql_parse.cc:1396 #13 0x000055c91a417a84 in do_handle_one_connection (connect=connect@entry=0x55c91d2e5b18) at /data/src/10.3/sql/sql_connect.cc:1402 #14 0x000055c91a417c24 in handle_one_connection (arg=arg@entry=0x55c91d2e5b18) at /data/src/10.3/sql/sql_connect.cc:1308 #15 0x000055c91a6fad84 in pfs_spawn_thread (arg=0x55c91d356958) at /data/src/10.3/storage/perfschema/pfs.cc:1862 #16 0x00007fb8c0eff494 in start_thread (arg=0x7fb8b93ce700) at pthread_create.c:333 #17 0x00007fb8bf2e593f in clone () from /lib/x86_64-linux-gnu/libc.so.6 {noformat} *Couldn't reproduce on 10.1 and 10.4*. Slight variations in the test case make it start failing with |
| Link |
This issue relates to |
| Assignee | Michael Widenius [ monty ] | Vladislav Lesin [ vlad.lesin ] |
| Fix Version/s | 10.4 [ 22408 ] |
| Fix Version/s | 10.4 [ 22408 ] | |
| Labels | not-10.4 |
| Assignee | Vladislav Lesin [ vlad.lesin ] | Michael Widenius [ monty ] |
| Status | Open [ 1 ] | In Progress [ 3 ] |
| issue.field.resolutiondate | 2019-10-15 17:29:16.0 | 2019-10-15 17:29:16.349 |
| Component/s | Locking [ 10900 ] | |
| Fix Version/s | 10.2.29 [ 23911 ] | |
| Fix Version/s | 10.3.20 [ 23909 ] | |
| Fix Version/s | 10.2 [ 14601 ] | |
| Fix Version/s | 10.3 [ 22126 ] | |
| Resolution | Fixed [ 1 ] | |
| Status | In Progress [ 3 ] | Closed [ 6 ] |
| Fix Version/s | 10.2.28 [ 23910 ] | |
| Fix Version/s | 10.3.19 [ 23908 ] | |
| Fix Version/s | 10.3.20 [ 23909 ] | |
| Fix Version/s | 10.2.29 [ 23911 ] |
| Link |
This issue relates to |
| Link |
This issue is duplicated by |
| Link | This issue relates to MDEV-21830 [ MDEV-21830 ] |
| Workflow | MariaDB v3 [ 76923 ] | MariaDB v4 [ 150875 ] |