MySQL Bugs: #85777: Segfault in open_table_from_share at sql/table.cc on concurrent ALTER TABLE

Bug #85777	Segfault in open_table_from_share at sql/table.cc on concurrent ALTER TABLE
Submitted:	4 Apr 2017 10:56	Modified:	8 Apr 2017 21:42
Reporter:	John Embretsen	Email Updates:
Status:	Closed	Impact on me:	None
Category:	MySQL Server: DDL	Severity:	S2 (Serious)
Version:	8.0.2	OS:	Any
Assigned to:		CPU Architecture:	Any

Description:
The server crashes when executing some ALTER TABLE MODIFY COLUMN statement concurrently with other DDL and DML.

Crashing statement according to error log:

ALTER TABLE `MM` MODIFY `c20` DATETIME NOT NULL DEFAULT 0 FIRST

Stacktrace of crashing thread:

Program terminated with signal 11, Segmentation fault.
 #0  in pthread_kill () from /lib64/libpthread.so.0
 #1  in my_write_core (sig=11) at mysys/stacktrace.cc:291
 #2  in handle_fatal_signal (sig=11) at sql/signal_handler.cc:231
 #3  <signal handler called>
 #4  in __strlen_sse2_pminub () from /lib64/libc.so.6
 #5  in my_strdup (key=102, from=0x0, my_flags=16)
     at mysys/my_malloc.cc:327
 #6  in open_table_from_share (thd=0x7f8278000be0, share=0x7f82781868d0,
        alias=0x0, db_stat=0, prgflag=8, ha_open_flags=0,
        outparam=0x7f8279203bb0, is_create_table=false, table_def_param=0x0)
        at sql/table.cc:3054
 #7  in open_table at sql/sql_base.cc:3418
 #8  in open_and_process_table at sql/sql_base.cc:5212
 #9  in open_tables at sql/sql_base.cc:5835
 #10 in open_views_and_update_metadata at sql/dd_sql_view.cc:387
 #11 in update_view_metadata<dd::View_table> at sql/dd_sql_view.cc:608
 #12 in update_referencing_views_metadata at sql/dd_sql_view.cc:630
 #13 in mysql_alter_table at sql/sql_table.cc:13419
 #14 in Sql_cmd_alter_table::execute at sql/sql_alter.cc:356
 #15 in mysql_execute_command at sql/sql_parse.cc:4550

Verified against mysql-trunk commit b79398b (2017-04-04).

How to repeat:
Using the RQG with the following grammar file contents:

(formatting may be hard to read/copy, will attach grammar file just in case)

query:  
        wl_query;

wl_query:
        ALTER TABLE _table MODIFY _field DATETIME NOT NULL DEFAULT 0 FIRST |
        DROP TABLE IF EXISTS _letter[invariant] ; DROP VIEW IF EXISTS _letter[invariant] ; CREATE VIEW _letter[invariant] AS SELECT * FROM _table ; INSERT INTO _letter[invariant] ( _field ) VALUES ( _datetime ) |
        DROP TABLE IF EXISTS _letter[invariant] ; DROP VIEW IF EXISTS _letter[invariant] ; CREATE TABLE _letter[invariant] LIKE _table[invariant] ; INSERT INTO _letter[invariant] SELECT * FROM _table[invariant];

RQG command line follows. Paths to basedir, vardir etc may need adjustment:

perl runtest.pl \
  --termination_timeout=240 \
  --views \
  --strict_fields \
  --short_column_names \
  --reporter=Backtrace,QueryTimeout:querytimeout=120,ErrorLog,ErrorLogAlarm \
  --basedir1=/log/RQG/johnemb/common/git-mysql/mysql-trunk/jbuild/install \
  --queries=10000000 \
  --gendata=$TRUNK_SRC/internal/rqg_grammars/temporal/current_timestamp.zz \
  --duration=900 \
  --mysqld1=--max_heap_table_size=134217728 \
  --mysqld1=--log_error_verbosity=3 \
  --mysqld1=--sql_mode=NO_ENGINE_SUBSTITUTION,ONLY_FULL_GROUP_BY \
  --mysqld1=--loose-innodb-lock-wait-timeout=1 \
  --mysqld1=--lock-wait-timeout=2 \
  --mysqld1=--default-time-zone=+00:00 \
  --mysqld1=--loose-skip-safemalloc \
  --mysqld1=--wait_timeout=45 \
  --mysqld1=--log-output=none \
  --grammar=crash_open_table_from_share.yy \
  --vardir1=/dev/shm/var-timestamp \
  --seed=1 \
  --threads=5

Some options may not be required, as this command line has not been simplified.
The grammar shown above has been simplified using the RMR tool.

You can get the RQG from git: myrepo:rqg

Posted by developer:
 
Fixed in 8.0.2.

Bug affects no released version. No changelog entry needed.