[MDEV-33170] ASAN errors upon CONVERT TABLE TO PARTITION with query cache - Jira

XML

Word

Printable

Details

Type: Bug
Status: Open (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: 10.7, 10.11, 11.0, 11.1, 11.2, 11.3
Fix Version/s: 10.11, 11.0, 11.1, 11.2, 11.3
Component/s: Partitioning, Query Cache
Labels:
None

Description

--source include/have_partition.inc

--source include/have_query_cache.inc

SET @qcache= @@global.query_cache_type;

SET GLOBAL query_cache_type= 1;

CREATE TABLE t (a INT) PARTITION BY LIST (a) (PARTITION p0 VALUES IN (1));

CREATE TABLE t1 (a INT);

ALTER TABLE t CONVERT TABLE t1 TO PARTITION pn VALUES IN (2);

# Cleanup

DROP TABLE IF EXISTS t1, t;

SET GLOBAL query_cache_type= @qcache;

10.11 9a7deb1c36f9ed08a1ce48e7fd635b45c721dcd6
==4010492==ERROR: AddressSanitizer: heap-use-after-free on address 0x61900009ab98 at pc 0x56371711790f bp 0x7fa528c10900 sp 0x7fa528c108f8
READ of size 8 at 0x61900009ab98 thread T5
#0 0x56371711790e in Query_cache::invalidate_table(THD, TABLE) /data/bld/10.11-asan/sql/sql_cache.cc:3306
#1 0x563717117845 in Query_cache::invalidate_table(THD, TABLE_LIST) /data/bld/10.11-asan/sql/sql_cache.cc:3291
#2 0x563717110f91 in Query_cache::invalidate(THD, TABLE_LIST, char) /data/bld/10.11-asan/sql/sql_cache.cc:2256
#3 0x5637172d0a9c in fast_end_partition /data/bld/10.11-asan/sql/sql_partition.cc:4612
#4 0x5637172e6704 in fast_alter_partition_table(THD, TABLE, Alter_info, Alter_table_ctx, HA_CREATE_INFO, TABLE_LIST) /data/bld/10.11-asan/sql/sql_partition.cc:7883
#5 0x563717584a6e in mysql_alter_table(THD, st_mysql_const_lex_string const, st_mysql_const_lex_string const, Table_specification_st, TABLE_LIST, Recreate_info, Alter_info, unsigned int, st_order, bool, bool) /data/bld/10.11-asan/sql/sql_table.cc:10698
#6 0x56371774d1eb in Sql_cmd_alter_table::execute(THD*) /data/bld/10.11-asan/sql/sql_alter.cc:688
#7 0x563717293bd8 in mysql_execute_command(THD*, bool) /data/bld/10.11-asan/sql/sql_parse.cc:6075
#8 0x5637172a0ca2 in mysql_parse(THD, char, unsigned int, Parser_state*) /data/bld/10.11-asan/sql/sql_parse.cc:8080
#9 0x563717276934 in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /data/bld/10.11-asan/sql/sql_parse.cc:1894
#10 0x563717273661 in do_command(THD*, bool) /data/bld/10.11-asan/sql/sql_parse.cc:1407
#11 0x56371772e3d2 in do_handle_one_connection(CONNECT*, bool) /data/bld/10.11-asan/sql/sql_connect.cc:1415
#12 0x56371772dd93 in handle_one_connection /data/bld/10.11-asan/sql/sql_connect.cc:1317
#13 0x56371831c141 in pfs_spawn_thread /data/bld/10.11-asan/storage/perfschema/pfs.cc:2201
#14 0x7fa5318a8043 in start_thread nptl/pthread_create.c:442
#15 0x7fa53192861b in clone3 ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

0x61900009ab98 is located 24 bytes inside of 992-byte region [0x61900009ab80,0x61900009af60)
freed by thread T5 here:
#0 0x7fa5324b76a8 in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:52
#1 0x563718f31fe1 in my_free /data/bld/10.11-asan/mysys/my_malloc.c:220
#2 0x5637179a1dc7 in intern_close_table /data/bld/10.11-asan/sql/table_cache.cc:232
#3 0x5637179a1fdd in tc_remove_table /data/bld/10.11-asan/sql/table_cache.cc:268
#4 0x5637179a34b7 in tc_release_table(TABLE*) /data/bld/10.11-asan/sql/table_cache.cc:459
#5 0x5637170c5e8f in close_thread_table(THD, TABLE*) /data/bld/10.11-asan/sql/sql_base.cc:1041
#6 0x5637170c42a4 in close_all_tables_for_name(THD, TABLE_SHARE, ha_extra_function, TABLE*) /data/bld/10.11-asan/sql/sql_base.cc:772
#7 0x563717738ebf in alter_partition_convert_in(st_lock_param_type*) /data/bld/10.11-asan/sql/sql_partition_admin.cc:1040
#8 0x5637172e5045 in fast_alter_partition_table(THD, TABLE, Alter_info, Alter_table_ctx, HA_CREATE_INFO, TABLE_LIST) /data/bld/10.11-asan/sql/sql_partition.cc:7681
#9 0x563717584a6e in mysql_alter_table(THD, st_mysql_const_lex_string const, st_mysql_const_lex_string const, Table_specification_st, TABLE_LIST, Recreate_info, Alter_info, unsigned int, st_order, bool, bool) /data/bld/10.11-asan/sql/sql_table.cc:10698
#10 0x56371774d1eb in Sql_cmd_alter_table::execute(THD*) /data/bld/10.11-asan/sql/sql_alter.cc:688
#11 0x563717293bd8 in mysql_execute_command(THD*, bool) /data/bld/10.11-asan/sql/sql_parse.cc:6075
#12 0x5637172a0ca2 in mysql_parse(THD, char, unsigned int, Parser_state*) /data/bld/10.11-asan/sql/sql_parse.cc:8080
#13 0x563717276934 in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /data/bld/10.11-asan/sql/sql_parse.cc:1894
#14 0x563717273661 in do_command(THD*, bool) /data/bld/10.11-asan/sql/sql_parse.cc:1407
#15 0x56371772e3d2 in do_handle_one_connection(CONNECT*, bool) /data/bld/10.11-asan/sql/sql_connect.cc:1415
#16 0x56371772dd93 in handle_one_connection /data/bld/10.11-asan/sql/sql_connect.cc:1317
#17 0x56371831c141 in pfs_spawn_thread /data/bld/10.11-asan/storage/perfschema/pfs.cc:2201
#18 0x7fa5318a8043 in start_thread nptl/pthread_create.c:442

previously allocated by thread T5 here:
#0 0x7fa5324b89cf in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x563718f31112 in my_malloc /data/bld/10.11-asan/mysys/my_malloc.c:92
#2 0x5637170cbcb7 in open_table(THD, TABLE_LIST, Open_table_context*) /data/bld/10.11-asan/sql/sql_base.cc:2199
#3 0x5637170d6fc9 in open_and_process_table /data/bld/10.11-asan/sql/sql_base.cc:4136
#4 0x5637170d9b20 in open_tables(THD, DDL_options_st const&, TABLE_LIST, unsigned int, unsigned int, Prelocking_strategy*) /data/bld/10.11-asan/sql/sql_base.cc:4624
#5 0x563717535c36 in open_tables /data/bld/10.11-asan/sql/sql_base.h:269
#6 0x56371758086c in mysql_alter_table(THD, st_mysql_const_lex_string const, st_mysql_const_lex_string const, Table_specification_st, TABLE_LIST, Recreate_info, Alter_info, unsigned int, st_order, bool, bool) /data/bld/10.11-asan/sql/sql_table.cc:10166
#7 0x56371774d1eb in Sql_cmd_alter_table::execute(THD*) /data/bld/10.11-asan/sql/sql_alter.cc:688
#8 0x563717293bd8 in mysql_execute_command(THD*, bool) /data/bld/10.11-asan/sql/sql_parse.cc:6075
#9 0x5637172a0ca2 in mysql_parse(THD, char, unsigned int, Parser_state*) /data/bld/10.11-asan/sql/sql_parse.cc:8080
#10 0x563717276934 in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /data/bld/10.11-asan/sql/sql_parse.cc:1894
#11 0x563717273661 in do_command(THD*, bool) /data/bld/10.11-asan/sql/sql_parse.cc:1407
#12 0x56371772e3d2 in do_handle_one_connection(CONNECT*, bool) /data/bld/10.11-asan/sql/sql_connect.cc:1415
#13 0x56371772dd93 in handle_one_connection /data/bld/10.11-asan/sql/sql_connect.cc:1317
#14 0x56371831c141 in pfs_spawn_thread /data/bld/10.11-asan/storage/perfschema/pfs.cc:2201
#15 0x7fa5318a8043 in start_thread nptl/pthread_create.c:442

Thread T5 created by T0 here:
#0 0x7fa532449726 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:207
#1 0x563718317e7c in my_thread_create /data/bld/10.11-asan/storage/perfschema/my_thread.h:52
#2 0x56371831c530 in pfs_spawn_thread_v1 /data/bld/10.11-asan/storage/perfschema/pfs.cc:2252
#3 0x563716eb389b in inline_mysql_thread_create /data/bld/10.11-asan/include/mysql/psi/mysql_thread.h:1139
#4 0x563716ecb34f in create_thread_to_handle_connection(CONNECT*) /data/bld/10.11-asan/sql/mysqld.cc:6111
#5 0x563716ecb960 in create_new_thread(CONNECT*) /data/bld/10.11-asan/sql/mysqld.cc:6170
#6 0x563716ecbc4b in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/bld/10.11-asan/sql/mysqld.cc:6232
#7 0x563716ecc5cf in handle_connections_sockets() /data/bld/10.11-asan/sql/mysqld.cc:6356
#8 0x563716ecabcc in mysqld_main(int, char**) /data/bld/10.11-asan/sql/mysqld.cc:6006
#9 0x563716eb29a8 in main /data/bld/10.11-asan/sql/main.cc:34
#10 0x7fa5318461c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58

SUMMARY: AddressSanitizer: heap-use-after-free /data/bld/10.11-asan/sql/sql_cache.cc:3306 in Query_cache::invalidate_table(THD, TABLE)
Shadow bytes around the buggy address:
0x0c328000b520: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c328000b530: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c328000b540: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c328000b550: fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c328000b560: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c328000b570: fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd
0x0c328000b580: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c328000b590: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c328000b5a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c328000b5b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c328000b5c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==4010492==ABORTING

Not reproducible with EXCHANGE PARTITION or with CONVERT PARTITION TO TABLE.

Attachments

Issue Links

is caused by

MDEV-22165 CONVERT TABLE: move in partition from existing table

Closed

Activity

People

Assignee:: Oleksandr Byelkin

Reporter:: Elena Stepanova

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2024-01-03 23:57

Updated:: 2024-01-04 00:00

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.