Elena Stepanova added a comment - 2024-11-17 22:11 Here is a similar test case with a seemingly identical failure which also fails on 11.1. So I guess it's not related to online alter after all, removing the link. Also non-deterministic, run with --repeat=N. It usually fails for me within ~5-10 attempts. --source include/have_innodb.inc   --let $restart_parameters= --disable-performance-schema --source include/restart_mysqld.inc   CREATE TABLE t1 (a INT ) ENGINE=InnoDB; CREATE TABLE t2 (b INT ); INSERT INTO t2 VALUES (1),(2);   CREATE PROCEDURE p() UPDATE t2 SET b = 1;   --connect (con1,localhost,root,,) --delimiter $ --send CREATE FUNCTION f() RETURNS INT BEGIN CALL p(); RETURN 10; END $ --delimiter ; --connection default --send OPTIMIZE TABLE t1; --connection con1 --reap UPDATE t1 SET a = f();   # Cleanup --let $restart_parameters= --source include/restart_mysqld.inc DROP PROCEDURE p; DROP FUNCTION f; DROP TABLE t1, t2; 11.1 3e3a326108ab0ec74a02fd1c63430b7373faf51f ==1883093==ERROR: AddressSanitizer: heap-use-after-free on address 0x6190000d0d28 at pc 0x56510efda0e5 bp 0x7f2a4b3c0490 sp 0x7f2a4b3c0488 READ of size 8 at 0x6190000d0d28 thread T12 #0 0x56510efda0e4 in Item_field::used_tables() const /data/bld/11.1-asan/sql/item.cc:3578 #1 0x56510e4a950b in setup_fields(THD*, Bounds_checked_array<Item*>, List<Item>&, enum_column_usage, List<Item>*, List<Item>*, bool) /data/bld/11.1-asan/sql/sql_base.cc:8141 #2 0x56510e9e1522 in setup_fields_with_no_wrap(THD*, Bounds_checked_array<Item*>, List<Item>&, enum_column_usage, List<Item>*, bool) /data/bld/11.1-asan/sql/sql_base.h:393 #3 0x56510e9d1217 in Multiupdate_prelocking_strategy::handle_end(THD*) /data/bld/11.1-asan/sql/sql_update.cc:1586 #4 0x56510e495baf in open_tables(THD*, DDL_options_st const&, TABLE_LIST**, unsigned int*, unsigned int, Prelocking_strategy*) /data/bld/11.1-asan/sql/sql_base.cc:4783 #5 0x56510e47bff1 in open_tables /data/bld/11.1-asan/sql/sql_base.h:272 #6 0x56510e49b16b in open_tables_for_query(THD*, TABLE_LIST*, unsigned int*, unsigned int, DML_prelocking_strategy*) /data/bld/11.1-asan/sql/sql_base.cc:5782 #7 0x56510e82afba in Sql_cmd_dml::prepare(THD*) /data/bld/11.1-asan/sql/sql_select.cc:33702 #8 0x56510e82b317 in Sql_cmd_dml::execute(THD*) /data/bld/11.1-asan/sql/sql_select.cc:33764 #9 0x56510e648c0a in mysql_execute_command(THD*, bool) /data/bld/11.1-asan/sql/sql_parse.cc:4432 #10 0x56510e660653 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /data/bld/11.1-asan/sql/sql_parse.cc:7897 #11 0x56510e63830a in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /data/bld/11.1-asan/sql/sql_parse.cc:1893 #12 0x56510e635047 in do_command(THD*, bool) /data/bld/11.1-asan/sql/sql_parse.cc:1406 #13 0x56510eb020a6 in do_handle_one_connection(CONNECT*, bool) /data/bld/11.1-asan/sql/sql_connect.cc:1417 #14 0x56510eb01a67 in handle_one_connection /data/bld/11.1-asan/sql/sql_connect.cc:1319 #15 0x56510f731403 in pfs_spawn_thread /data/bld/11.1-asan/storage/perfschema/pfs.cc:2201 #16 0x7f2a564a8043 in start_thread nptl/pthread_create.c:442 #17 0x7f2a5652861b in clone3 ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81   0x6190000d0d28 is located 168 bytes inside of 1040-byte region [0x6190000d0c80,0x6190000d1090) freed by thread T12 here: #0 0x7f2a570b76a8 in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:52 #1 0x56511048f1b3 in my_free /data/bld/11.1-asan/mysys/my_malloc.c:221 #2 0x5651104617d6 in root_free /data/bld/11.1-asan/mysys/my_alloc.c:77 #3 0x5651104641af in free_root /data/bld/11.1-asan/mysys/my_alloc.c:508 #4 0x56510ea1dabe in closefrm(TABLE*) /data/bld/11.1-asan/sql/table.cc:4788 #5 0x56510edaa4d1 in intern_close_table /data/bld/11.1-asan/sql/table_cache.cc:230 #6 0x56510edaa723 in tc_remove_table /data/bld/11.1-asan/sql/table_cache.cc:268 #7 0x56510edabce5 in tc_release_table(TABLE*) /data/bld/11.1-asan/sql/table_cache.cc:461 #8 0x56510e4813ca in close_thread_table(THD*, TABLE**) /data/bld/11.1-asan/sql/sql_base.cc:1055 #9 0x56510e4807c2 in close_thread_tables(THD*) /data/bld/11.1-asan/sql/sql_base.cc:984 #10 0x56510e49d092 in close_tables_for_reopen(THD*, TABLE_LIST**, MDL_savepoint const&, bool) /data/bld/11.1-asan/sql/sql_base.cc:6118 #11 0x56510e495456 in open_tables(THD*, DDL_options_st const&, TABLE_LIST**, unsigned int*, unsigned int, Prelocking_strategy*) /data/bld/11.1-asan/sql/sql_base.cc:4691 #12 0x56510e47bff1 in open_tables /data/bld/11.1-asan/sql/sql_base.h:272 #13 0x56510e49b16b in open_tables_for_query(THD*, TABLE_LIST*, unsigned int*, unsigned int, DML_prelocking_strategy*) /data/bld/11.1-asan/sql/sql_base.cc:5782 #14 0x56510e82afba in Sql_cmd_dml::prepare(THD*) /data/bld/11.1-asan/sql/sql_select.cc:33702 #15 0x56510e82b317 in Sql_cmd_dml::execute(THD*) /data/bld/11.1-asan/sql/sql_select.cc:33764 #16 0x56510e648c0a in mysql_execute_command(THD*, bool) /data/bld/11.1-asan/sql/sql_parse.cc:4432 #17 0x56510e660653 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /data/bld/11.1-asan/sql/sql_parse.cc:7897 #18 0x56510e63830a in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /data/bld/11.1-asan/sql/sql_parse.cc:1893 #19 0x56510e635047 in do_command(THD*, bool) /data/bld/11.1-asan/sql/sql_parse.cc:1406 #20 0x56510eb020a6 in do_handle_one_connection(CONNECT*, bool) /data/bld/11.1-asan/sql/sql_connect.cc:1417 #21 0x56510eb01a67 in handle_one_connection /data/bld/11.1-asan/sql/sql_connect.cc:1319 #22 0x56510f731403 in pfs_spawn_thread /data/bld/11.1-asan/storage/perfschema/pfs.cc:2201 #23 0x7f2a564a8043 in start_thread nptl/pthread_create.c:442   previously allocated by thread T12 here: #0 0x7f2a570b89cf in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x56511048e2e4 in my_malloc /data/bld/11.1-asan/mysys/my_malloc.c:93 #2 0x565110461752 in root_alloc /data/bld/11.1-asan/mysys/my_alloc.c:66 #3 0x5651104630ab in alloc_root /data/bld/11.1-asan/mysys/my_alloc.c:332 #4 0x565110464cd1 in strmake_root /data/bld/11.1-asan/mysys/my_alloc.c:652 #5 0x56510ea19475 in open_table_from_share(THD*, TABLE_SHARE*, st_mysql_const_lex_string const*, unsigned int, unsigned int, unsigned int, TABLE*, bool, List<String>*) /data/bld/11.1-asan/sql/table.cc:4268 #6 0x56510e4876c9 in open_table(THD*, TABLE_LIST*, Open_table_context*) /data/bld/11.1-asan/sql/sql_base.cc:2247 #7 0x56510e492896 in open_and_process_table /data/bld/11.1-asan/sql/sql_base.cc:4180 #8 0x56510e4953ed in open_tables(THD*, DDL_options_st const&, TABLE_LIST**, unsigned int*, unsigned int, Prelocking_strategy*) /data/bld/11.1-asan/sql/sql_base.cc:4668 #9 0x56510e47bff1 in open_tables /data/bld/11.1-asan/sql/sql_base.h:272 #10 0x56510e49b16b in open_tables_for_query(THD*, TABLE_LIST*, unsigned int*, unsigned int, DML_prelocking_strategy*) /data/bld/11.1-asan/sql/sql_base.cc:5782 #11 0x56510e82afba in Sql_cmd_dml::prepare(THD*) /data/bld/11.1-asan/sql/sql_select.cc:33702 #12 0x56510e82b317 in Sql_cmd_dml::execute(THD*) /data/bld/11.1-asan/sql/sql_select.cc:33764 #13 0x56510e648c0a in mysql_execute_command(THD*, bool) /data/bld/11.1-asan/sql/sql_parse.cc:4432 #14 0x56510e660653 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /data/bld/11.1-asan/sql/sql_parse.cc:7897 #15 0x56510e63830a in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /data/bld/11.1-asan/sql/sql_parse.cc:1893 #16 0x56510e635047 in do_command(THD*, bool) /data/bld/11.1-asan/sql/sql_parse.cc:1406 #17 0x56510eb020a6 in do_handle_one_connection(CONNECT*, bool) /data/bld/11.1-asan/sql/sql_connect.cc:1417 #18 0x56510eb01a67 in handle_one_connection /data/bld/11.1-asan/sql/sql_connect.cc:1319 #19 0x56510f731403 in pfs_spawn_thread /data/bld/11.1-asan/storage/perfschema/pfs.cc:2201 #20 0x7f2a564a8043 in start_thread nptl/pthread_create.c:442   Thread T12 created by T0 here: #0 0x7f2a57049726 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:207 #1 0x56510f72d13e in my_thread_create /data/bld/11.1-asan/storage/perfschema/my_thread.h:52 #2 0x56510f7317f2 in pfs_spawn_thread_v1 /data/bld/11.1-asan/storage/perfschema/pfs.cc:2252 #3 0x56510e2588d5 in inline_mysql_thread_create /data/bld/11.1-asan/include/mysql/psi/mysql_thread.h:1139 #4 0x56510e270c88 in create_thread_to_handle_connection(CONNECT*) /data/bld/11.1-asan/sql/mysqld.cc:6220 #5 0x56510e2712ad in create_new_thread(CONNECT*) /data/bld/11.1-asan/sql/mysqld.cc:6282 #6 0x56510e271598 in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/bld/11.1-asan/sql/mysqld.cc:6344 #7 0x56510e271f1c in handle_connections_sockets() /data/bld/11.1-asan/sql/mysqld.cc:6468 #8 0x56510e270505 in mysqld_main(int, char**) /data/bld/11.1-asan/sql/mysqld.cc:6115 #9 0x56510e257958 in main /data/bld/11.1-asan/sql/main.cc:34 #10 0x7f2a564461c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58   SUMMARY: AddressSanitizer: heap-use-after-free /data/bld/11.1-asan/sql/item.cc:3578 in Item_field::used_tables() const Shadow bytes around the buggy address: 0x0c3280012150: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c3280012160: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c3280012170: fd fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c3280012180: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c3280012190: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x0c32800121a0: fd fd fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd 0x0c32800121b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c32800121c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c32800121d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c32800121e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c32800121f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==1883093==ABORTING /data/bld/11.1-ubsan/sql/item.cc:3578:14: runtime error: member access within address 0x7f6b0401db58 which does not point to an object of type 'Field' 0x7f6b0401db58: note: object has invalid vptr a5 a5 a5 a5 00 00 00 00 00 00 00 00 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 ^~~~~~~~~~~~~~~~~~~~~~~ invalid vptr 241118 0:11:06 [ERROR] mysqld got signal 7 ;   #4 <signal handler called> #5 0x000055842d96ca3e in Item_field::used_tables (this=0x7f6b04013e20) at /data/bld/11.1-ubsan/sql/item.cc:3578 #6 0x000055842c9b2f7f in setup_fields (thd=thd@entry=0x7f6b04000d58, ref_pointer_array=..., fields=..., column_usage=column_usage@entry=MARK_COLUMNS_WRITE, sum_func_list=sum_func_list@entry=0x0, pre_fix=0x0, allow_sum_func=false) at /data/bld/11.1-ubsan/sql/sql_base.cc:8141 #7 0x000055842cfaec6d in setup_fields_with_no_wrap (thd=thd@entry=0x7f6b04000d58, ref_pointer_array=..., item=..., column_usage=column_usage@entry=MARK_COLUMNS_WRITE, sum_func_list=sum_func_list@entry=0x0, allow_sum_func=<optimized out>) at /data/bld/11.1-ubsan/sql/sql_base.h:393 #8 0x000055842cf8f078 in Multiupdate_prelocking_strategy::handle_end (this=0x7f6b04014db0, thd=0x7f6b04000d58) at /data/bld/11.1-ubsan/sql/sql_array.h:38 #9 0x000055842c9ad795 in open_tables (thd=thd@entry=0x7f6b04000d58, options=..., start=start@entry=0x7f6b1a1f8d88, counter=counter@entry=0x7f6b04014d90, flags=flags@entry=0, prelocking_strategy=prelocking_strategy@entry=0x7f6b04014db0) at /data/bld/11.1-ubsan/sql/sql_base.cc:4783 #10 0x000055842c9b1570 in open_tables (prelocking_strategy=0x7f6b04014db0, flags=0, counter=0x7f6b04014d90, tables=0x7f6b1a1f8d88, thd=0x7f6b04000d58) at /data/bld/11.1-ubsan/sql/sql_base.h:272 #11 open_tables_for_query (thd=thd@entry=0x7f6b04000d58, tables=<optimized out>, table_count=table_count@entry=0x7f6b04014d90, flags=flags@entry=0, prelocking_strategy=prelocking_strategy@entry=0x7f6b04014db0) at /data/bld/11.1-ubsan/sql/sql_base.cc:5782 #12 0x000055842cccc27e in Sql_cmd_dml::prepare (this=0x7f6b04014d78, thd=0x7f6b04000d58) at /data/bld/11.1-ubsan/sql/sql_select.cc:33702 #13 0x000055842ccd2aea in Sql_cmd_dml::execute (this=0x7f6b04014d78, thd=0x7f6b04000d58) at /data/bld/11.1-ubsan/sql/sql_select.cc:33764 #14 0x000055842cbe4dbf in mysql_execute_command (thd=thd@entry=0x7f6b04000d58, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /data/bld/11.1-ubsan/sql/sql_parse.cc:4432 #15 0x000055842cbf679b in mysql_parse (thd=thd@entry=0x7f6b04000d58, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x7f6b1a1f94b0) at /data/bld/11.1-ubsan/sql/sql_parse.cc:7897 #16 0x000055842cbfd16c in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x7f6b04000d58, packet=packet@entry=0x7f6b0400b2e9 "UPDATE t1 SET a = f()", packet_length=packet_length@entry=21, blocking=blocking@entry=true) at /data/bld/11.1-ubsan/sql/sql_parse.cc:1893 #17 0x000055842cc05862 in do_command (thd=0x7f6b04000d58, blocking=blocking@entry=true) at /data/bld/11.1-ubsan/sql/sql_parse.cc:1406 #18 0x000055842d0e4610 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x558432b02e68, put_in_cache=put_in_cache@entry=true) at /data/bld/11.1-ubsan/sql/sql_connect.cc:1417 #19 0x000055842d0e54ba in handle_one_connection (arg=0x558432b02e68) at /data/bld/11.1-ubsan/sql/sql_connect.cc:1319 #20 0x000055842e21296f in pfs_spawn_thread (arg=0x558432b12938) at /data/bld/11.1-ubsan/storage/perfschema/pfs.cc:2201 #21 0x00007f6b3eea8044 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442 #22 0x00007f6b3ef2861c in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81