Query cache destroys uninitialized rwlock

Description

The following tests crashes the server when compiled with -DUSE_MUTEX_INSTEAD_OF_RW_LOCKS:
main.cache_innodb
main.mysql_client_test
main.mysql_client_test_nonblock
main.partition_cache
main.query_cache
main.query_cache_debug
main.query_cache_notembedded
main.query_cache_ps_no_prot
perfschema.query_cache
rpl.rpl_row_basic_11bugs
sys_vars.query_cache_limit_func
sys_vars.query_cache_type_func

A simpler way to reproduce crash is to compile with the following patch:

1 2 3 4 5 6 7 8 9 10 === modified file 'sql/sql_cache.cc' --- sql/sql_cache.cc 2013-11-19 12:16:25 +0000 +++ sql/sql_cache.cc 2014-02-04 13:30:20 +0000 @@ -976,6 +976,7 @@ void Query_cache_query::unlock_n_destroy */ this->unlock_writing(); mysql_rwlock_destroy(&lock); + memset(&lock, 0xA5, sizeof(lock)); DBUG_VOID_RETURN; }

Test case:

1 2 3 4 5 6 7 8 9 10 11 SET @global_query_cache_size = @@global.query_cache_size; SET @global_query_cache_type = @@global.query_cache_type; SET GLOBAL query_cache_type = ON; SET GLOBAL query_cache_size = 131072; CREATE TABLE t1(a INT); SELECT * FROM t1; SET GLOBAL query_cache_size = @global_query_cache_size; SET GLOBAL query_cache_type = @global_query_cache_type; DROP TABLE t1;

Stack trace:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 Thread 1 (Thread 0x7f3e5307a700 (LWP 9804)): #0 0x00007f3e52657f0c in __pthread_kill (threadid=<optimized out>, signo=11) at ../nptl/sysdeps/unix/sysv/linux/pthread_kill.c:62 #1 0x0000000000cbc3ac in my_write_core (sig=11) at /home/svoj/devel/maria/5.5-mdev5089-test/mysys/stacktrace.c:457 #2 0x00000000007c28ba in handle_fatal_signal (sig=11) at /home/svoj/devel/maria/5.5-mdev5089-test/sql/signal_handler.cc:262 #3 <signal handler called> #4 0x0000000000b8c885 in pfs_lock::allocated_to_free (this=0xa5a5a5a5a5a5a5a5) at /home/svoj/devel/maria/5.5-mdev5089-test/storage/perfschema/pfs_lock.h:145 #5 0x0000000000b8b124 in destroy_rwlock (pfs=0xa5a5a5a5a5a5a5a5) at /home/svoj/devel/maria/5.5-mdev5089-test/storage/perfschema/pfs_instr.cc:668 #6 0x0000000000b98a3d in destroy_rwlock_v1 (rwlock=0xa5a5a5a5a5a5a5a5) at /home/svoj/devel/maria/5.5-mdev5089-test/storage/perfschema/pfs.cc:895 #7 0x00000000005b5f79 in inline_mysql_rwlock_destroy (that=0x7f3e4c93f1b0) at /home/svoj/devel/maria/5.5-mdev5089-test/include/mysql/psi/mysql_thread.h:720 #8 0x00000000005bc6b3 in Query_cache::free_cache (this=0x1504960 <query_cache>) at /home/svoj/devel/maria/5.5-mdev5089-test/sql/sql_cache.cc:2698 #9 0x00000000005b873d in Query_cache::resize (this=0x1504960 <query_cache>, query_cache_size_arg=0) at /home/svoj/devel/maria/5.5-mdev5089-test/sql/sql_cache.cc:1331 #10 0x0000000000720032 in fix_query_cache_size (self=0x1513ac0 <Sys_query_cache_size>, thd=0x7f3e4d67e060, type=OPT_GLOBAL) at /home/svoj/devel/maria/5.5-mdev5089-test/sql/sys_vars.cc:1864 #11 0x000000000056af06 in sys_var::update (this=0x1513ac0 <Sys_query_cache_size>, thd=0x7f3e4d67e060, var=0x7f3e4c81a270) at /home/svoj/devel/maria/5.5-mdev5089-test/sql/set_var.cc:200 #12 0x000000000056c022 in set_var::update (this=0x7f3e4c81a270, thd=0x7f3e4d67e060) at /home/svoj/devel/maria/5.5-mdev5089-test/sql/set_var.cc:667 #13 0x000000000056bbe9 in sql_set_variables (thd=0x7f3e4d67e060, var_list=0x7f3e4d682040) at /home/svoj/devel/maria/5.5-mdev5089-test/sql/set_var.cc:570 #14 0x0000000000605771 in mysql_execute_command (thd=0x7f3e4d67e060) at /home/svoj/devel/maria/5.5-mdev5089-test/sql/sql_parse.cc:3253 #15 0x000000000060c6bf in mysql_parse (thd=0x7f3e4d67e060, rawbuf=0x7f3e4c81a078 "SET GLOBAL query_cache_size = @global_query_cache_size", length=54, parser_state=0x7f3e530795d0) at /home/svoj/devel/maria/5.5-mdev5089-test/sql/sql_parse.cc:5799 #16 0x00000000005fff3c in dispatch_command (command=COM_QUERY, thd=0x7f3e4d67e060, packet=0x7f3e4d7d8061 "SET GLOBAL query_cache_size = @global_query_cache_size", packet_length=54) at /home/svoj/devel/maria/5.5-mdev5089-test/sql/sql_parse.cc:1078 #17 0x00000000005ff0a3 in do_command (thd=0x7f3e4d67e060) at /home/svoj/devel/maria/5.5-mdev5089-test/sql/sql_parse.cc:793 #18 0x000000000070af5d in do_handle_one_connection (thd_arg=0x7f3e4d67e060) at /home/svoj/devel/maria/5.5-mdev5089-test/sql/sql_connect.cc:1266 #19 0x000000000070aa2f in handle_one_connection (arg=0x7f3e4d67e060) at /home/svoj/devel/maria/5.5-mdev5089-test/sql/sql_connect.cc:1181 #20 0x0000000000b98ddc in pfs_spawn_thread (arg=0x7f3e4d685760) at /home/svoj/devel/maria/5.5-mdev5089-test/storage/perfschema/pfs.cc:1015 #21 0x00007f3e52652f6e in start_thread (arg=0x7f3e5307a700) at pthread_create.c:311 #22 0x00007f3e51d759cd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113

Environment

None

Status

Assignee

Oleksandr Byelkin

Reporter

Sergey Vojtovich

Labels

None

External issue ID

None

External issue ID

None

Fix versions

Affects versions

10.0.8
5.5.35

Priority

Major