Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-10785

Server crashes in Item_cond::copy_andor_arguments on 2nd execution of PS or SP

Details

    Description

      Note: it might be a duplicate of MDEV-10781, but the stack trace is somewhat different, so I'm filing it separately.
      Just like MDEV-10781, the problem started happening after recent merges, but I can't point at the exact commit which caused it.

      Stack trace from 10.2 1168e2fa54

      		 
      #3  <signal handler called>
      		 
      #4  0x00007f403cb9f2ae in Item_cond::copy_andor_arguments (this=0x7f40314641a0, thd=0x7f4031416070, item=0x7f40315248a0) at /data/src/10.2/sql/item_cmpfunc.cc:4457
      		 
      #5  0x00007f403cb9f242 in Item_cond_and::copy_andor_structure (this=0x7f40315248a0, thd=0x7f4031416070) at /data/src/10.2/sql/item_cmpfunc.cc:4448
      		 
      #6  0x00007f403c930385 in reinit_stmt_before_use (thd=0x7f4031416070, lex=0x7f40315d0090) at /data/src/10.2/sql/sql_prepare.cc:2817
      		 
      #7  0x00007f403c933cbf in Prepared_statement::execute (this=0x7f4031556470, expanded_query=0x7f403d867180, open_cursor=false) at /data/src/10.2/sql/sql_prepare.cc:4256
      		 
      #8  0x00007f403c932c25 in Prepared_statement::execute_loop (this=0x7f4031556470, expanded_query=0x7f403d867180, open_cursor=false, packet=0x0, packet_end=0x0) at /data/src/10.2/sql/sql_prepare.cc:3912
      		 
      #9  0x00007f403c930c71 in mysql_sql_stmt_execute (thd=0x7f4031416070) at /data/src/10.2/sql/sql_prepare.cc:3039
      		 
      #10 0x00007f403c90b79f in mysql_execute_command (thd=0x7f4031416070) at /data/src/10.2/sql/sql_parse.cc:3387
      		 
      #11 0x00007f403c9190d7 in mysql_parse (thd=0x7f4031416070, rawbuf=0x7f4031464088 "EXECUTE stmt", length=12, parser_state=0x7f403d867dd0, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:7774
      		 
      #12 0x00007f403c9074c5 in dispatch_command (command=COM_QUERY, thd=0x7f4031416070, packet=0x7f4031458071 "EXECUTE stmt", packet_length=12, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:1805
      		 
      #13 0x00007f403c905ef6 in do_command (thd=0x7f4031416070) at /data/src/10.2/sql/sql_parse.cc:1365
      		 
      #14 0x00007f403ca417ba in do_handle_one_connection (connect=0x7f403986d410) at /data/src/10.2/sql/sql_connect.cc:1354
      		 
      #15 0x00007f403ca41547 in handle_one_connection (arg=0x7f403986d410) at /data/src/10.2/sql/sql_connect.cc:1260
      		 
      #16 0x00007f403cd4fb26 in pfs_spawn_thread (arg=0x7f40398519f0) at /data/src/10.2/storage/perfschema/pfs.cc:1862
      		 
      #17 0x00007f403bf8a0a4 in start_thread (arg=0x7f403d869300) at pthread_create.c:309
      		 
      #18 0x00007f403a14287d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

      Test case

      		 
      CREATE TABLE t1 (i INT);
      		 
      CREATE OR REPLACE VIEW v1 AS SELECT i FROM t1 WHERE i < 5;
      		 
      CREATE FUNCTION f (in1 INT) RETURNS INT RETURN in1;
      		 
      CREATE OR REPLACE ALGORITHM = TEMPTABLE VIEW v2 AS SELECT * FROM v1;
      		 
      PREPARE stmt FROM "SELECT * FROM v2 WHERE f(0) <> 2";
      		 
      EXECUTE stmt;
      		 
      EXECUTE stmt;

      Attachments

        Activity

          Ascending order - Click to sort in descending order
          elenst Elena Stepanova created issue -
          elenst Elena Stepanova made changes -
          Field Original Value New Value
          Component/s Prepared Statements [ 10804 ]
          Fix Version/s 10.2 [ 14601 ]
          Description http://buildbot.askmonty.org/buildbot/builders/win-rqg-se/builds/2681/steps/rqg_crash_tests/logs/stdio
          {noformat}
          160909 0:13:19 [ERROR] mysqld got exception 0xc0000005 ;
          This could be because you hit a bug. It is also possible that this binary
          or one of the libraries it was linked against is corrupt, improperly built,
          or misconfigured. This error can also be caused by malfunctioning hardware.

          To report this bug, see https://mariadb.com/kb/en/reporting-bugs

          We will try our best to scrape up some info that will hopefully help
          diagnose the problem, but since we have already crashed,
          something is definitely wrong and this may fail.

          Server version: 10.2.2-MariaDB-debug-log
          key_buffer_size=1048576
          read_buffer_size=131072
          max_used_connections=7
          max_threads=1001
          thread_count=6
          It is possible that mysqld could use up to
          key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 388182 K bytes of memory
          Hope that's ok; if not, decrease some variables in the equation.

          Thread pointer: 0x0x42513bdf8
          Attempting backtrace. You can use the following information to find out
          where mysqld died. If you see no messages after this, something went
          terribly wrong...
          mysqld.exe!Item_cond::copy_andor_arguments()[item_cmpfunc.cc:4457]
          mysqld.exe!Item_cond_and::copy_andor_structure()[item_cmpfunc.cc:4449]
          mysqld.exe!reinit_stmt_before_use()[sql_prepare.cc:2817]
          mysqld.exe!sp_lex_keeper::reset_lex_and_exec_core()[sp_head.cc:2990]
          mysqld.exe!sp_instr_stmt::execute()[sp_head.cc:3152]
          mysqld.exe!sp_head::execute()[sp_head.cc:1325]
          mysqld.exe!sp_head::execute_procedure()[sp_head.cc:2114]
          mysqld.exe!do_execute_sp()[sql_parse.cc:2805]
          mysqld.exe!mysql_execute_command()[sql_parse.cc:5686]
          mysqld.exe!mysql_parse()[sql_parse.cc:7759]
          mysqld.exe!dispatch_command()[sql_parse.cc:1796]
          mysqld.exe!do_command()[sql_parse.cc:1353]
          mysqld.exe!threadpool_process_request()[threadpool_common.cc:252]
          mysqld.exe!io_completion_callback()[threadpool_win.cc:462]
          KERNEL32.DLL!VirtualUnlock()
          ntdll.dll!RtlGetActiveActivationContext()
          ntdll.dll!RtlFreeUnicodeString()
          KERNEL32.DLL!BaseThreadInitThunk()
          ntdll.dll!RtlUserThreadStart()

          Trying to get some variables.
          Some pointers may be invalid and cause the dump to abort.
          Query (0x4253a8780): SELECT STRAIGHT_JOIN COUNT(DISTINCT 0 ) INTO inout1 FROM view_2 WHERE func_1 ( 0 ) <> 2
          Connection ID (thread ID): 12
          Status: NOT_KILLED
          {noformat}
          		_Note: it might be a duplicate of MDEV-10781, but the stack trace is somewhat different, so I'm filing it separately._

          {noformat:title=Stack trace from 10.2 1168e2fa54}
          #3 <signal handler called>
          #4 0x00007f403cb9f2ae in Item_cond::copy_andor_arguments (this=0x7f40314641a0, thd=0x7f4031416070, item=0x7f40315248a0) at /data/src/10.2/sql/item_cmpfunc.cc:4457
          #5 0x00007f403cb9f242 in Item_cond_and::copy_andor_structure (this=0x7f40315248a0, thd=0x7f4031416070) at /data/src/10.2/sql/item_cmpfunc.cc:4448
          #6 0x00007f403c930385 in reinit_stmt_before_use (thd=0x7f4031416070, lex=0x7f40315d0090) at /data/src/10.2/sql/sql_prepare.cc:2817
          #7 0x00007f403c933cbf in Prepared_statement::execute (this=0x7f4031556470, expanded_query=0x7f403d867180, open_cursor=false) at /data/src/10.2/sql/sql_prepare.cc:4256
          #8 0x00007f403c932c25 in Prepared_statement::execute_loop (this=0x7f4031556470, expanded_query=0x7f403d867180, open_cursor=false, packet=0x0, packet_end=0x0) at /data/src/10.2/sql/sql_prepare.cc:3912
          #9 0x00007f403c930c71 in mysql_sql_stmt_execute (thd=0x7f4031416070) at /data/src/10.2/sql/sql_prepare.cc:3039
          #10 0x00007f403c90b79f in mysql_execute_command (thd=0x7f4031416070) at /data/src/10.2/sql/sql_parse.cc:3387
          #11 0x00007f403c9190d7 in mysql_parse (thd=0x7f4031416070, rawbuf=0x7f4031464088 "EXECUTE stmt", length=12, parser_state=0x7f403d867dd0, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:7774
          #12 0x00007f403c9074c5 in dispatch_command (command=COM_QUERY, thd=0x7f4031416070, packet=0x7f4031458071 "EXECUTE stmt", packet_length=12, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:1805
          #13 0x00007f403c905ef6 in do_command (thd=0x7f4031416070) at /data/src/10.2/sql/sql_parse.cc:1365
          #14 0x00007f403ca417ba in do_handle_one_connection (connect=0x7f403986d410) at /data/src/10.2/sql/sql_connect.cc:1354
          #15 0x00007f403ca41547 in handle_one_connection (arg=0x7f403986d410) at /data/src/10.2/sql/sql_connect.cc:1260
          #16 0x00007f403cd4fb26 in pfs_spawn_thread (arg=0x7f40398519f0) at /data/src/10.2/storage/perfschema/pfs.cc:1862
          #17 0x00007f403bf8a0a4 in start_thread (arg=0x7f403d869300) at pthread_create.c:309
          #18 0x00007f403a14287d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
          {noformat}

          {code:sql|title=Test case}
          CREATE TABLE t1 (i INT);
          CREATE OR REPLACE VIEW v1 AS SELECT i FROM t1 WHERE i < 5;
          CREATE FUNCTION f (in1 INT) RETURNS INT RETURN in1;
          CREATE OR REPLACE ALGORITHM = TEMPTABLE VIEW v2 AS SELECT * FROM v1;
          PREPARE stmt FROM "SELECT * FROM v2 WHERE f(0) <> 2";
          EXECUTE stmt;
          EXECUTE stmt;
          {code}
          Summary [Draft] Server crashes in Item_cond::copy_andor_arguments Server crashes in Item_cond::copy_andor_arguments on 2nd execution of PS or SP
          elenst Elena Stepanova made changes -
          Description _Note: it might be a duplicate of MDEV-10781, but the stack trace is somewhat different, so I'm filing it separately._

          {noformat:title=Stack trace from 10.2 1168e2fa54}
          #3 <signal handler called>
          #4 0x00007f403cb9f2ae in Item_cond::copy_andor_arguments (this=0x7f40314641a0, thd=0x7f4031416070, item=0x7f40315248a0) at /data/src/10.2/sql/item_cmpfunc.cc:4457
          #5 0x00007f403cb9f242 in Item_cond_and::copy_andor_structure (this=0x7f40315248a0, thd=0x7f4031416070) at /data/src/10.2/sql/item_cmpfunc.cc:4448
          #6 0x00007f403c930385 in reinit_stmt_before_use (thd=0x7f4031416070, lex=0x7f40315d0090) at /data/src/10.2/sql/sql_prepare.cc:2817
          #7 0x00007f403c933cbf in Prepared_statement::execute (this=0x7f4031556470, expanded_query=0x7f403d867180, open_cursor=false) at /data/src/10.2/sql/sql_prepare.cc:4256
          #8 0x00007f403c932c25 in Prepared_statement::execute_loop (this=0x7f4031556470, expanded_query=0x7f403d867180, open_cursor=false, packet=0x0, packet_end=0x0) at /data/src/10.2/sql/sql_prepare.cc:3912
          #9 0x00007f403c930c71 in mysql_sql_stmt_execute (thd=0x7f4031416070) at /data/src/10.2/sql/sql_prepare.cc:3039
          #10 0x00007f403c90b79f in mysql_execute_command (thd=0x7f4031416070) at /data/src/10.2/sql/sql_parse.cc:3387
          #11 0x00007f403c9190d7 in mysql_parse (thd=0x7f4031416070, rawbuf=0x7f4031464088 "EXECUTE stmt", length=12, parser_state=0x7f403d867dd0, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:7774
          #12 0x00007f403c9074c5 in dispatch_command (command=COM_QUERY, thd=0x7f4031416070, packet=0x7f4031458071 "EXECUTE stmt", packet_length=12, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:1805
          #13 0x00007f403c905ef6 in do_command (thd=0x7f4031416070) at /data/src/10.2/sql/sql_parse.cc:1365
          #14 0x00007f403ca417ba in do_handle_one_connection (connect=0x7f403986d410) at /data/src/10.2/sql/sql_connect.cc:1354
          #15 0x00007f403ca41547 in handle_one_connection (arg=0x7f403986d410) at /data/src/10.2/sql/sql_connect.cc:1260
          #16 0x00007f403cd4fb26 in pfs_spawn_thread (arg=0x7f40398519f0) at /data/src/10.2/storage/perfschema/pfs.cc:1862
          #17 0x00007f403bf8a0a4 in start_thread (arg=0x7f403d869300) at pthread_create.c:309
          #18 0x00007f403a14287d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
          {noformat}

          {code:sql|title=Test case}
          CREATE TABLE t1 (i INT);
          CREATE OR REPLACE VIEW v1 AS SELECT i FROM t1 WHERE i < 5;
          CREATE FUNCTION f (in1 INT) RETURNS INT RETURN in1;
          CREATE OR REPLACE ALGORITHM = TEMPTABLE VIEW v2 AS SELECT * FROM v1;
          PREPARE stmt FROM "SELECT * FROM v2 WHERE f(0) <> 2";
          EXECUTE stmt;
          EXECUTE stmt;
          {code}           		_Note: it might be a duplicate of MDEV-10781, but the stack trace is somewhat different, so I'm filing it separately._
          _Just like MDEV-10781, the problem started happening after recent merges, but I can't point at the exact commit which caused it._

          {noformat:title=Stack trace from 10.2 1168e2fa54}
          #3 <signal handler called>
          #4 0x00007f403cb9f2ae in Item_cond::copy_andor_arguments (this=0x7f40314641a0, thd=0x7f4031416070, item=0x7f40315248a0) at /data/src/10.2/sql/item_cmpfunc.cc:4457
          #5 0x00007f403cb9f242 in Item_cond_and::copy_andor_structure (this=0x7f40315248a0, thd=0x7f4031416070) at /data/src/10.2/sql/item_cmpfunc.cc:4448
          #6 0x00007f403c930385 in reinit_stmt_before_use (thd=0x7f4031416070, lex=0x7f40315d0090) at /data/src/10.2/sql/sql_prepare.cc:2817
          #7 0x00007f403c933cbf in Prepared_statement::execute (this=0x7f4031556470, expanded_query=0x7f403d867180, open_cursor=false) at /data/src/10.2/sql/sql_prepare.cc:4256
          #8 0x00007f403c932c25 in Prepared_statement::execute_loop (this=0x7f4031556470, expanded_query=0x7f403d867180, open_cursor=false, packet=0x0, packet_end=0x0) at /data/src/10.2/sql/sql_prepare.cc:3912
          #9 0x00007f403c930c71 in mysql_sql_stmt_execute (thd=0x7f4031416070) at /data/src/10.2/sql/sql_prepare.cc:3039
          #10 0x00007f403c90b79f in mysql_execute_command (thd=0x7f4031416070) at /data/src/10.2/sql/sql_parse.cc:3387
          #11 0x00007f403c9190d7 in mysql_parse (thd=0x7f4031416070, rawbuf=0x7f4031464088 "EXECUTE stmt", length=12, parser_state=0x7f403d867dd0, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:7774
          #12 0x00007f403c9074c5 in dispatch_command (command=COM_QUERY, thd=0x7f4031416070, packet=0x7f4031458071 "EXECUTE stmt", packet_length=12, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:1805
          #13 0x00007f403c905ef6 in do_command (thd=0x7f4031416070) at /data/src/10.2/sql/sql_parse.cc:1365
          #14 0x00007f403ca417ba in do_handle_one_connection (connect=0x7f403986d410) at /data/src/10.2/sql/sql_connect.cc:1354
          #15 0x00007f403ca41547 in handle_one_connection (arg=0x7f403986d410) at /data/src/10.2/sql/sql_connect.cc:1260
          #16 0x00007f403cd4fb26 in pfs_spawn_thread (arg=0x7f40398519f0) at /data/src/10.2/storage/perfschema/pfs.cc:1862
          #17 0x00007f403bf8a0a4 in start_thread (arg=0x7f403d869300) at pthread_create.c:309
          #18 0x00007f403a14287d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
          {noformat}

          {code:sql|title=Test case}
          CREATE TABLE t1 (i INT);
          CREATE OR REPLACE VIEW v1 AS SELECT i FROM t1 WHERE i < 5;
          CREATE FUNCTION f (in1 INT) RETURNS INT RETURN in1;
          CREATE OR REPLACE ALGORITHM = TEMPTABLE VIEW v2 AS SELECT * FROM v1;
          PREPARE stmt FROM "SELECT * FROM v2 WHERE f(0) <> 2";
          EXECUTE stmt;
          EXECUTE stmt;
          {code}
          elenst Elena Stepanova made changes -
          Assignee Elena Stepanova [ elenst ] Oleksandr Byelkin [ sanja ]
          elenst Elena Stepanova made changes -
          Labels regression-10.2
          elenst Elena Stepanova made changes -
          Component/s Views [ 10111 ]
          sanja Oleksandr Byelkin made changes -
          Status Open [ 1 ] In Progress [ 3 ]
          sanja Oleksandr Byelkin made changes -
          Status In Progress [ 3 ] Stalled [ 10000 ]
          sanja Oleksandr Byelkin made changes -
          Assignee Oleksandr Byelkin [ sanja ] Igor Babaev [ igor ]
          igor Igor Babaev (Inactive) made changes -
          Fix Version/s 10.2.2 [ 22013 ]
          Fix Version/s 10.2 [ 14601 ]
          Resolution Fixed [ 1 ]
          Status Stalled [ 10000 ] Closed [ 6 ]
          serg Sergei Golubchik made changes -
          Workflow MariaDB v3 [ 77026 ] MariaDB v4 [ 150902 ]

          People

            igor Igor Babaev (Inactive)
            elenst Elena Stepanova
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.