SUMMARY: AddressSanitizer: heap-use-after-free storage/innobase/include/dict0dict.ic:1026 in dict_index_get_nth_field

RQG testing on

origin/10.2 50641db2d11ad8a2228f7938d851e52decb71a9b 2020-06-01T15:38:04+02:00

==73006==ERROR: AddressSanitizer: heap-use-after-free on address 0x617000276bb0 at pc 0x56316fa45e19 bp 0x46215c741180 sp 0x46215c741170

READ of size 20 at 0x617000276bb0 thread T34

    #0 0x56316fa45e18 in dict_index_get_nth_field storage/innobase/include/dict0dict.ic:1026

    #1 0x56316fa45f56 in dict_index_get_nth_col storage/innobase/include/dict0dict.ic:1079

    #2 0x56316fa73897 in dict_foreign_qualify_index(dict_table_t const*, char const**, char const**, unsigned long, dict_index_t const*, dict_index_t const*, bool, unsigned long, fkerr_t*, unsigned long*, dict_index_t**) storage/innobase/dict/dict0dict.cc:6662

    #3 0x56316fa5d99e in dict_foreign_find_index(dict_table_t const*, char const**, char const**, unsigned long, dict_index_t const*, bool, unsigned long, fkerr_t*, unsigned long*, dict_index_t**) storage/innobase/dict/dict0dict.cc:3148

    #4 0x56316f4943ec in innobase_update_foreign_try storage/innobase/handler/handler0alter.cc:7338

    #5 0x56316f4a2a2d in commit_try_norebuild(Alter_inplace_info*, ha_innobase_inplace_ctx*, TABLE*, TABLE const*, trx_t*, char const*) (/home/mleich/Server_bin/10.2_asan/bin/mysqld+0x1b55a2d)

    #6 0x56316f49905e in ha_innobase::commit_inplace_alter_table(TABLE*, Alter_inplace_info*, bool) storage/innobase/handler/handler0alter.cc:8423

    #7 0x56316eeb9886 in handler::ha_commit_inplace_alter_table(TABLE*, Alter_inplace_info*, bool) sql/handler.cc:4378

    #8 0x56316ea8679a in mysql_inplace_alter_table sql/sql_table.cc:7480

    #9 0x56316ea96323 in mysql_alter_table(THD*, char*, char*, HA_CREATE_INFO*, TABLE_LIST*, Alter_info*, unsigned int, st_order*, bool) sql/sql_table.cc:9615

    #10 0x56316ebe9080 in Sql_cmd_alter_table::execute(THD*) sql/sql_alter.cc:333

    #11 0x56316e851c05 in mysql_execute_command(THD*) sql/sql_parse.cc:5972

    #12 0x56316e85d65c in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) sql/sql_parse.cc:7741

    #13 0x56316e834308 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) sql/sql_parse.cc:1831

    #14 0x56316e830d2f in do_command(THD*) sql/sql_parse.cc:1385

    #15 0x56316ebd8f75 in do_handle_one_connection(CONNECT*) sql/sql_connect.cc:1336

    #16 0x56316ebd8832 in handle_one_connection sql/sql_connect.cc:1241

    #17 0x796d128366da in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76da)

    #18 0x4d414f47e88e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x12188e)

...

SUMMARY: AddressSanitizer: heap-use-after-free storage/innobase/include/dict0dict.ic:1026 in dict_index_get_nth_field

...

Query (0x62b00012d228): ALTER TABLE `D` /* 100301 WAIT 1 */ ADD CONSTRAINT r FOREIGN KEY ( `col_int_nokey` ) REFERENCES `AA` (col_varchar_key) ON DELETE RESTRICT, ALGORITHM=INPLACE

...

Connection ID (thread ID): 18

Status: NOT_KILLED

RQG

-------

git clone https://github.com/mleich1/rqg --branch experimental RQG_mleich

origin/experimental 5c63068c24fa6d687422f4d26490b067ff6535e4 2020-05-28T13:50:30+02:00

perl rqg.pl \                        

--views \

--grammar=conf/mariadb/partitions_innodb.yy \

--redefine=conf/mariadb/alter_table.yy \

--redefine=conf/mariadb/instant_add.yy \

--redefine=conf/mariadb/modules/alter_table_columns.yy \

--redefine=conf/mariadb/sp.yy \

--redefine=conf/mariadb/bulk_insert.yy \

--redefine=conf/mariadb/modules/userstat.yy \

--redefine=conf/mariadb/modules/foreign_keys.yy \

--redefine=conf/mariadb/modules/locks.yy \

--redefine=conf/mariadb/modules/sql_mode.yy \

--redefine=conf/mariadb/versioning.yy \

--redefine=conf/mariadb/sequences.yy \

--redefine=conf/mariadb/modules/locks-10.4-extra.yy \

--mysqld=--innodb_use_native_aio=1 \

--mysqld=--innodb_stats_persistent=off \

--mysqld=--innodb_lock_schedule_algorithm=fcfs \

--mysqld=--loose-idle_write_transaction_timeout=0 \

--mysqld=--loose-idle_transaction_timeout=0 \

--mysqld=--loose-idle_readonly_transaction_timeout=0 \

--mysqld=--connect_timeout=60 \

--mysqld=--interactive_timeout=28800 \

--mysqld=--slave_net_timeout=60 \

--mysqld=--net_read_timeout=30 \

--mysqld=--net_write_timeout=60 \

--mysqld=--loose-table_lock_wait_timeout=50 \

--mysqld=--wait_timeout=28800 \

--mysqld=--lock-wait-timeout=86400 \

--mysqld=--innodb-lock-wait-timeout=50 \

--no-mask \

--queries=10000000 \

--seed=random \

--reporters=Backtrace \

--reporters=ErrorLog \

--reporters=Deadlock1 \

--validators=None \

--mysqld=--log_output=none \

--mysqld=--log-bin \

--mysqld=--log_bin_trust_function_creators=1 \

--mysqld=--loose-max-statement-time=30 \

--mysqld=--loose-debug_assert_on_not_freed_memory=0 \

--engine=InnoDB \

--restart_timeout=120 \

--duration=300 \

--mysqld=--loose-innodb_fatal_semaphore_wait_threshold=300 \

--threads=2 \

--mysqld=--innodb_page_size=8K \

--mysqld=--innodb-buffer-pool-size=8M \

--duration=300 \

--no_mask \

--workdir=<local settings> \

--vardir=<local settings> \

--mtr-build-thread=<local settings> \

--basedir1=<local settings> \

--script_debug=_nix_ \

--rr=Server \

--rr_options=--chaos