Bug #97697 MySQL Crash during query from query cache
Submitted: 20 Nov 2019 3:48 Modified: 21 Nov 2019 8:04
Reporter: Fengchun Hua Email Updates:
Status: Can't repeat Impact on me:
None 
Category:MySQL Server Severity:S3 (Non-critical)
Version:5.7.25 OS:Any
Assigned to: CPU Architecture:Any

[20 Nov 2019 3:48] Fengchun Hua
Description:
When we do Alter Table modify column(Innodb rebuilt this table). MySQL server crashed(sig 11). Here is the stack(line number may not accurate).

/usr/local/mysql/bin/mysqld(my_print_stacktrace+0x3b)[0xf5ec2b]
/usr/local/mysql/bin/mysqld(handle_fatal_signal+0x461)[0x7ee0b1]
/lib64/libpthread.so.0(+0xf100)[0x7f2d5d3eb100]
/usr/local/mysql/bin/mysqld(_Z22lock_table_get_n_locksP12dict_table_t+0x3c)[0x101ab4c](storage/innobase/lock/lock0lock.cc:7192)
/usr/local/mysql/bin/mysqld(_Z41row_search_check_if_query_cache_permittedP5trx_tP12dict_table_tPKc+0x32)[0x10da012](storage/innobase/row/row0sel.cc:6485)
/usr/local/mysql/bin/mysqld[0xfcaa27](storage/innobase/handler/ha_innodb.cc:3186)
/usr/local/mysql/bin/mysqld(_ZN11Query_cache21send_result_to_clientEP3THDRK25st_mysql_const_lex_string+0x3fe)[0xcc065e](sql/sql_cache.cc:1639)
/usr/local/mysql/bin/mysqld(_ZN19Query_cache_manager21send_result_to_clientEP3THDRK25st_mysql_const_lex_string+0x3f0)[0xcc2e00](sql/sql_cache.cc:5219)
/usr/local/mysql/bin/mysqld(_Z11mysql_parseP3THDP12Parser_state+0x6c)[0xd11a4c](sql/sql_parse.cc:5726)
/usr/local/mysql/bin/mysqld(_Z16dispatch_commandP3THDPK8COM_DATA19enum_server_command+0xb6a)[0xd129da]
/usr/local/mysql/bin/mysqld(_Z10do_commandP3THD+0x1c7)[0xd144c7]
/usr/local/mysql-5.7.25-2-linux-x86_64/lib/plugin/threadpool.so(_Z26threadpool_process_requestP3THD+0xf3)[0x7f21d88b8b53]
/usr/local/mysql-5.7.25-2-linux-x86_64/lib/plugin/threadpool.so(+0x48a6)[0x7f21d88b98a6]

MySQL crashed at lock-lock.cc:lock_table_get_n_locks 
//line: n_table_locks = UT_LIST_GET_LEN(table->locks);

sig 11 means table pointer which from table_cache is invalid(should not be a null pointer).

According to my analysis, at the end of this DDL, table in cache should be invalid, but somehow, this query still get the invalid table pointer, and this invalid pointer lead to this crash. Maybe due to some race conditions.

How to repeat:
I have no idea how to repeat it.

Suggested fix:
No suggested fix.
[20 Nov 2019 12:26] MySQL Verification Team
Hi Mr. Hua,

Thank you for your bug report.

However, we can not repeat it , nor can we fix it, for several reasons.

First of all, from the stacktrace it is quite evident that you are not using our binary. You are using a binary from some of our forks. We do not fix other people's bugs.

Second of all, you are using query cache, which is deprecated and we do not fix its bugs in 5.7. 8.0 does not have any query cache, because as I wrote , it is deprecated.

Third, if you manage to repeat the cache with our binary and without query cache, then we would need. a repeatable test case.
[21 Nov 2019 8:04] Fengchun Hua
Thank you for your reply. We will disable query_cache.
[21 Nov 2019 13:00] MySQL Verification Team
You are welcome.