Details
-
Bug
-
Status: Open (View Workflow)
-
Critical
-
Resolution: Unresolved
-
11.2, 11.4, 11.5(EOL)
-
None
Description
The test is non-deterministic, run with --repeat=N. It usually fails for me in 2-3 attempts, but it can vary on different machines and builds.
The failure is rr-able.
CREATE TABLE t1 (a INT) ENGINE=MyISAM; |
CREATE TABLE t2 (a INT) ENGINE=MyISAM; |
INSERT INTO t2 VALUES (1); |
--delimiter $
|
CREATE FUNCTION f1() RETURNS INT BEGIN UPDATE t1 SET a = NULL; RETURN 1; END $ |
CREATE FUNCTION f2() RETURNS INT BEGIN UPDATE non_existing SET x = f1(); RETURN 1; END $ |
--delimiter ;
|
|
|
--connect (con1,localhost,root,,)
|
--send
|
PREPARE stmt FROM "UPDATE t2 SET a = test.f2()"; |
--connection default
|
--error 0,ER_LOCK_WAIT_TIMEOUT
|
ALTER TABLE t2 NOWAIT ADD f INT; |
--connection con1
|
--reap
|
|
|
# Cleanup
|
DROP TABLE t1, t2; |
DROP FUNCTION f1; |
DROP FUNCTION f2; |
--disconnect con1 |
|
11.2 12b01d740be82ab1fa583f8a54026b97123e5fe2 |
==1773889==ERROR: AddressSanitizer: heap-use-after-free on address 0x6190000d9e28 at pc 0x55802d6d9019 bp 0x7f091dcb8bc0 sp 0x7f091dcb8bb8
|
READ of size 8 at 0x6190000d9e28 thread T5
|
#0 0x55802d6d9018 in Item_field::used_tables() const /data/bld/11.2-asan/sql/item.cc:3578
|
#1 0x55802cb80873 in setup_fields(THD*, Bounds_checked_array<Item*>, List<Item>&, enum_column_usage, List<Item>*, List<Item>*, bool) /data/bld/11.2-asan/sql/sql_base.cc:8139
|
#2 0x55802d0beb36 in setup_fields_with_no_wrap(THD*, Bounds_checked_array<Item*>, List<Item>&, enum_column_usage, List<Item>*, bool) /data/bld/11.2-asan/sql/sql_base.h:393
|
#3 0x55802d0ae82b in Multiupdate_prelocking_strategy::handle_end(THD*) /data/bld/11.2-asan/sql/sql_update.cc:1586
|
#4 0x55802cb6cf17 in open_tables(THD*, DDL_options_st const&, TABLE_LIST**, unsigned int*, unsigned int, Prelocking_strategy*) /data/bld/11.2-asan/sql/sql_base.cc:4781
|
#5 0x55802cb5331f in open_tables /data/bld/11.2-asan/sql/sql_base.h:272
|
#6 0x55802cb724d3 in open_tables_for_query(THD*, TABLE_LIST*, unsigned int*, unsigned int, DML_prelocking_strategy*) /data/bld/11.2-asan/sql/sql_base.cc:5780
|
#7 0x55802cf00584 in Sql_cmd_dml::prepare(THD*) /data/bld/11.2-asan/sql/sql_select.cc:33702
|
#8 0x55802cdb5d8d in check_prepared_statement /data/bld/11.2-asan/sql/sql_prepare.cc:2290
|
#9 0x55802cdc162d in Prepared_statement::prepare(char const*, unsigned int) /data/bld/11.2-asan/sql/sql_prepare.cc:4244
|
#10 0x55802cdb8a34 in mysql_sql_stmt_prepare(THD*) /data/bld/11.2-asan/sql/sql_prepare.cc:2817
|
#11 0x55802cd1aaff in mysql_execute_command(THD*, bool) /data/bld/11.2-asan/sql/sql_parse.cc:3995
|
#12 0x55802cd34f33 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /data/bld/11.2-asan/sql/sql_parse.cc:7922
|
#13 0x55802cd0cb8b in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /data/bld/11.2-asan/sql/sql_parse.cc:1894
|
#14 0x55802cd098c8 in do_command(THD*, bool) /data/bld/11.2-asan/sql/sql_parse.cc:1407
|
#15 0x55802d1e080e in do_handle_one_connection(CONNECT*, bool) /data/bld/11.2-asan/sql/sql_connect.cc:1439
|
#16 0x55802d1e01cf in handle_one_connection /data/bld/11.2-asan/sql/sql_connect.cc:1341
|
#17 0x55802de3b341 in pfs_spawn_thread /data/bld/11.2-asan/storage/perfschema/pfs.cc:2201
|
#18 0x7f09294a8043 in start_thread nptl/pthread_create.c:442
|
#19 0x7f092952787f in clone ../sysdeps/unix/sysv/linux/x86_64/clone.S:100
|
|
|
0x6190000d9e28 is located 168 bytes inside of 1040-byte region [0x6190000d9d80,0x6190000da190)
|
freed by thread T5 here:
|
#0 0x7f0929eb76a8 in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:52
|
#1 0x55802eba7ba7 in my_free /data/bld/11.2-asan/mysys/my_malloc.c:221
|
#2 0x55802eb7a0e8 in root_free /data/bld/11.2-asan/mysys/my_alloc.c:77
|
#3 0x55802eb7cac1 in free_root /data/bld/11.2-asan/mysys/my_alloc.c:508
|
#4 0x55802d0faf54 in closefrm(TABLE*) /data/bld/11.2-asan/sql/table.cc:4791
|
#5 0x55802d4a67b1 in intern_close_table /data/bld/11.2-asan/sql/table_cache.cc:230
|
#6 0x55802d4a6a03 in tc_remove_table /data/bld/11.2-asan/sql/table_cache.cc:268
|
#7 0x55802d4a7fc5 in tc_release_table(TABLE*) /data/bld/11.2-asan/sql/table_cache.cc:461
|
#8 0x55802cb586f8 in close_thread_table(THD*, TABLE**) /data/bld/11.2-asan/sql/sql_base.cc:1055
|
#9 0x55802cb57af0 in close_thread_tables(THD*) /data/bld/11.2-asan/sql/sql_base.cc:984
|
#10 0x55802cb743fa in close_tables_for_reopen(THD*, TABLE_LIST**, MDL_savepoint const&, bool) /data/bld/11.2-asan/sql/sql_base.cc:6116
|
#11 0x55802cb6c7be in open_tables(THD*, DDL_options_st const&, TABLE_LIST**, unsigned int*, unsigned int, Prelocking_strategy*) /data/bld/11.2-asan/sql/sql_base.cc:4689
|
#12 0x55802cb5331f in open_tables /data/bld/11.2-asan/sql/sql_base.h:272
|
#13 0x55802cb724d3 in open_tables_for_query(THD*, TABLE_LIST*, unsigned int*, unsigned int, DML_prelocking_strategy*) /data/bld/11.2-asan/sql/sql_base.cc:5780
|
#14 0x55802cf00584 in Sql_cmd_dml::prepare(THD*) /data/bld/11.2-asan/sql/sql_select.cc:33702
|
#15 0x55802cdb5d8d in check_prepared_statement /data/bld/11.2-asan/sql/sql_prepare.cc:2290
|
#16 0x55802cdc162d in Prepared_statement::prepare(char const*, unsigned int) /data/bld/11.2-asan/sql/sql_prepare.cc:4244
|
#17 0x55802cdb8a34 in mysql_sql_stmt_prepare(THD*) /data/bld/11.2-asan/sql/sql_prepare.cc:2817
|
#18 0x55802cd1aaff in mysql_execute_command(THD*, bool) /data/bld/11.2-asan/sql/sql_parse.cc:3995
|
#19 0x55802cd34f33 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /data/bld/11.2-asan/sql/sql_parse.cc:7922
|
#20 0x55802cd0cb8b in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /data/bld/11.2-asan/sql/sql_parse.cc:1894
|
#21 0x55802cd098c8 in do_command(THD*, bool) /data/bld/11.2-asan/sql/sql_parse.cc:1407
|
#22 0x55802d1e080e in do_handle_one_connection(CONNECT*, bool) /data/bld/11.2-asan/sql/sql_connect.cc:1439
|
#23 0x55802d1e01cf in handle_one_connection /data/bld/11.2-asan/sql/sql_connect.cc:1341
|
#24 0x55802de3b341 in pfs_spawn_thread /data/bld/11.2-asan/storage/perfschema/pfs.cc:2201
|
#25 0x7f09294a8043 in start_thread nptl/pthread_create.c:442
|
|
|
previously allocated by thread T6 here:
|
#0 0x7f0929eb89cf in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69
|
#1 0x55802eba6cd8 in my_malloc /data/bld/11.2-asan/mysys/my_malloc.c:93
|
#2 0x55802eb7a064 in root_alloc /data/bld/11.2-asan/mysys/my_alloc.c:66
|
#3 0x55802eb7b9bd in alloc_root /data/bld/11.2-asan/mysys/my_alloc.c:332
|
#4 0x55802eb7d5e3 in strmake_root /data/bld/11.2-asan/mysys/my_alloc.c:652
|
#5 0x55802d0f690c in open_table_from_share(THD*, TABLE_SHARE*, st_mysql_const_lex_string const*, unsigned int, unsigned int, unsigned int, TABLE*, bool, List<String>*) /data/bld/11.2-asan/sql/table.cc:4271
|
#6 0x55802cb5e9f7 in open_table(THD*, TABLE_LIST*, Open_table_context*) /data/bld/11.2-asan/sql/sql_base.cc:2247
|
#7 0x55802cb69bfe in open_and_process_table /data/bld/11.2-asan/sql/sql_base.cc:4180
|
#8 0x55802cb6c755 in open_tables(THD*, DDL_options_st const&, TABLE_LIST**, unsigned int*, unsigned int, Prelocking_strategy*) /data/bld/11.2-asan/sql/sql_base.cc:4666
|
#9 0x55802cb71615 in open_and_lock_tables(THD*, DDL_options_st const&, TABLE_LIST*, bool, unsigned int, Prelocking_strategy*) /data/bld/11.2-asan/sql/sql_base.cc:5640
|
#10 0x55802cb95b0e in open_and_lock_tables(THD*, TABLE_LIST*, bool, unsigned int) /data/bld/11.2-asan/sql/sql_base.h:531
|
#11 0x55802cc4c9b6 in mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicates, bool, select_result*) /data/bld/11.2-asan/sql/sql_insert.cc:772
|
#12 0x55802cd1dd37 in mysql_execute_command(THD*, bool) /data/bld/11.2-asan/sql/sql_parse.cc:4489
|
#13 0x55802cd34f33 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /data/bld/11.2-asan/sql/sql_parse.cc:7922
|
#14 0x55802cd0cb8b in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /data/bld/11.2-asan/sql/sql_parse.cc:1894
|
#15 0x55802cd098c8 in do_command(THD*, bool) /data/bld/11.2-asan/sql/sql_parse.cc:1407
|
#16 0x55802d1e080e in do_handle_one_connection(CONNECT*, bool) /data/bld/11.2-asan/sql/sql_connect.cc:1439
|
#17 0x55802d1e01cf in handle_one_connection /data/bld/11.2-asan/sql/sql_connect.cc:1341
|
#18 0x55802de3b341 in pfs_spawn_thread /data/bld/11.2-asan/storage/perfschema/pfs.cc:2201
|
#19 0x7f09294a8043 in start_thread nptl/pthread_create.c:442
|
|
|
Thread T5 created by T0 here:
|
#0 0x7f0929e49726 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:207
|
#1 0x55802de3707c in my_thread_create /data/bld/11.2-asan/storage/perfschema/my_thread.h:52
|
#2 0x55802de3b730 in pfs_spawn_thread_v1 /data/bld/11.2-asan/storage/perfschema/pfs.cc:2252
|
#3 0x55802c93d8d5 in inline_mysql_thread_create /data/bld/11.2-asan/include/mysql/psi/mysql_thread.h:1139
|
#4 0x55802c955ef6 in create_thread_to_handle_connection(CONNECT*) /data/bld/11.2-asan/sql/mysqld.cc:6239
|
#5 0x55802c95651b in create_new_thread(CONNECT*) /data/bld/11.2-asan/sql/mysqld.cc:6301
|
#6 0x55802c956806 in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/bld/11.2-asan/sql/mysqld.cc:6363
|
#7 0x55802c95718a in handle_connections_sockets() /data/bld/11.2-asan/sql/mysqld.cc:6487
|
#8 0x55802c955773 in mysqld_main(int, char**) /data/bld/11.2-asan/sql/mysqld.cc:6134
|
#9 0x55802c93c958 in main /data/bld/11.2-asan/sql/main.cc:34
|
#10 0x7f09294461c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
|
|
|
Thread T6 created by T0 here:
|
#0 0x7f0929e49726 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:207
|
#1 0x55802de3707c in my_thread_create /data/bld/11.2-asan/storage/perfschema/my_thread.h:52
|
#2 0x55802de3b730 in pfs_spawn_thread_v1 /data/bld/11.2-asan/storage/perfschema/pfs.cc:2252
|
#3 0x55802c93d8d5 in inline_mysql_thread_create /data/bld/11.2-asan/include/mysql/psi/mysql_thread.h:1139
|
#4 0x55802c955ef6 in create_thread_to_handle_connection(CONNECT*) /data/bld/11.2-asan/sql/mysqld.cc:6239
|
#5 0x55802c95651b in create_new_thread(CONNECT*) /data/bld/11.2-asan/sql/mysqld.cc:6301
|
#6 0x55802c956806 in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/bld/11.2-asan/sql/mysqld.cc:6363
|
#7 0x55802c95718a in handle_connections_sockets() /data/bld/11.2-asan/sql/mysqld.cc:6487
|
#8 0x55802c955773 in mysqld_main(int, char**) /data/bld/11.2-asan/sql/mysqld.cc:6134
|
#9 0x55802c93c958 in main /data/bld/11.2-asan/sql/main.cc:34
|
#10 0x7f09294461c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
|
|
|
SUMMARY: AddressSanitizer: heap-use-after-free /data/bld/11.2-asan/sql/item.cc:3578 in Item_field::used_tables() const
|
Shadow bytes around the buggy address:
|
0x0c3280013370: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c3280013380: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c3280013390: fd fd fd fd fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c32800133a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c32800133b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
=>0x0c32800133c0: fd fd fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd
|
0x0c32800133d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c32800133e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c32800133f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c3280013400: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c3280013410: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
Addressable: 00
|
Partially addressable: 01 02 03 04 05 06 07
|
Heap left redzone: fa
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack after return: f5
|
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
Container overflow: fc
|
Array cookie: ac
|
Intra object redzone: bb
|
ASan internal: fe
|
Left alloca redzone: ca
|
Right alloca redzone: cb
|
==1773889==ABORTING
|
Not reproducible before 11.2 and not reproducible with LOCK=SHARED, which is why I assume for now that it is related to online ALTER.
Could not reproduce with InnoDB.
Attachments
Issue Links
- relates to
-
MDEV-16329 Engine-independent online ALTER TABLE
-
- Closed
-
-
-
- Open
-