[MDEV-15492] Subquery crash similar to MDEV-10050 - Jira

Hartmut Holzgraefe created issue - 2018-03-06 20:21

Hartmut Holzgraefe made changes - 2018-03-06 20:21

Field	Original Value	New Value
Link		This issue relates to ~~MDEV-10050~~ [ ~~MDEV-10050~~ ]

Elena Stepanova made changes - 2018-03-07 00:16

Labels

need_feedback

Elena Stepanova made changes - 2018-03-13 14:28

Labels

need_feedback

Elena Stepanova made changes - 2018-03-13 23:23

Labels

need_feedback

Elena Stepanova made changes - 2018-03-14 11:44

Labels

need_feedback

Elena Stepanova made changes - 2018-03-15 03:37

Assignee

Elena Stepanova [ elenst ]

Elena Stepanova added a comment - 2018-03-15 03:37 - edited

Intermediate result

10.1 d11af098652
==5987==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x556258584b8d sp 0x7fbae435db60 bp 0x629000afdbf8 T33)
#0 0x556258584b8c in Item_func::fix_fields(THD, Item*) /data/src/10.1-bug/sql/item_func.cc:214
#1 0x5562584fe6f3 in Item_cond::fix_fields(THD, Item*) /data/src/10.1-bug/sql/item_cmpfunc.cc:4578
#2 0x556257e6cf1d in setup_conds(THD, TABLE_LIST, List<TABLE_LIST>&, Item**) /data/src/10.1-bug/sql/sql_base.cc:8637
#3 0x55625802f45f in setup_without_group /data/src/10.1-bug/sql/sql_select.cc:645
#4 0x55625802f45f in JOIN::prepare(Item**, TABLE_LIST, unsigned int, Item, unsigned int, st_order, bool, st_order, Item, st_order, st_select_lex, st_select_lex_unit*) /data/src/10.1-bug/sql/sql_select.cc:804
#5 0x55625805a291 in mysql_select(THD, Item*, TABLE_LIST, unsigned int, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex) /data/src/10.1-bug/sql/sql_select.cc:3427
#6 0x55625805ac0d in handle_select(THD, LEX, select_result*, unsigned long) /data/src/10.1-bug/sql/sql_select.cc:384
#7 0x556257f2cec8 in execute_sqlcom_select /data/src/10.1-bug/sql/sql_parse.cc:5912
#8 0x556257f4657d in mysql_execute_command(THD*) /data/src/10.1-bug/sql/sql_parse.cc:2982
#9 0x556257f956a6 in Prepared_statement::execute(String*, bool) /data/src/10.1-bug/sql/sql_prepare.cc:4299
#10 0x556257f962a4 in Prepared_statement::execute_loop(String, bool, unsigned char, unsigned char*) /data/src/10.1-bug/sql/sql_prepare.cc:3931
#11 0x556257f9762f in mysql_sql_stmt_execute(THD*) /data/src/10.1-bug/sql/sql_prepare.cc:3055
#12 0x556257f465a6 in mysql_execute_command(THD*) /data/src/10.1-bug/sql/sql_parse.cc:2993
#13 0x556257f5de23 in mysql_parse(THD, char, unsigned int, Parser_state*) /data/src/10.1-bug/sql/sql_parse.cc:7333
#14 0x556257f64624 in dispatch_command(enum_server_command, THD, char, unsigned int) /data/src/10.1-bug/sql/sql_parse.cc:1484
#15 0x556257f6abd7 in do_command(THD*) /data/src/10.1-bug/sql/sql_parse.cc:1106
#16 0x55625820d42e in do_handle_one_connection(THD*) /data/src/10.1-bug/sql/sql_connect.cc:1349
#17 0x55625820d93f in handle_one_connection /data/src/10.1-bug/sql/sql_connect.cc:1261
#18 0x7fbba9c07493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
#19 0x7fbba7d5293e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e)

Elena Stepanova added a comment - 2018-03-15 03:37 - edited Intermediate result 10.1 d11af098652 ==5987==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x556258584b8d sp 0x7fbae435db60 bp 0x629000afdbf8 T33) #0 0x556258584b8c in Item_func::fix_fields(THD*, Item**) /data/src/10.1-bug/sql/item_func.cc:214 #1 0x5562584fe6f3 in Item_cond::fix_fields(THD*, Item**) /data/src/10.1-bug/sql/item_cmpfunc.cc:4578 #2 0x556257e6cf1d in setup_conds(THD*, TABLE_LIST*, List<TABLE_LIST>&, Item**) /data/src/10.1-bug/sql/sql_base.cc:8637 #3 0x55625802f45f in setup_without_group /data/src/10.1-bug/sql/sql_select.cc:645 #4 0x55625802f45f in JOIN::prepare(Item***, TABLE_LIST*, unsigned int, Item*, unsigned int, st_order*, bool, st_order*, Item*, st_order*, st_select_lex*, st_select_lex_unit*) /data/src/10.1-bug/sql/sql_select.cc:804 #5 0x55625805a291 in mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/10.1-bug/sql/sql_select.cc:3427 #6 0x55625805ac0d in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.1-bug/sql/sql_select.cc:384 #7 0x556257f2cec8 in execute_sqlcom_select /data/src/10.1-bug/sql/sql_parse.cc:5912 #8 0x556257f4657d in mysql_execute_command(THD*) /data/src/10.1-bug/sql/sql_parse.cc:2982 #9 0x556257f956a6 in Prepared_statement::execute(String*, bool) /data/src/10.1-bug/sql/sql_prepare.cc:4299 #10 0x556257f962a4 in Prepared_statement::execute_loop(String*, bool, unsigned char*, unsigned char*) /data/src/10.1-bug/sql/sql_prepare.cc:3931 #11 0x556257f9762f in mysql_sql_stmt_execute(THD*) /data/src/10.1-bug/sql/sql_prepare.cc:3055 #12 0x556257f465a6 in mysql_execute_command(THD*) /data/src/10.1-bug/sql/sql_parse.cc:2993 #13 0x556257f5de23 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /data/src/10.1-bug/sql/sql_parse.cc:7333 #14 0x556257f64624 in dispatch_command(enum_server_command, THD*, char*, unsigned int) /data/src/10.1-bug/sql/sql_parse.cc:1484 #15 0x556257f6abd7 in do_command(THD*) /data/src/10.1-bug/sql/sql_parse.cc:1106 #16 0x55625820d42e in do_handle_one_connection(THD*) /data/src/10.1-bug/sql/sql_connect.cc:1349 #17 0x55625820d93f in handle_one_connection /data/src/10.1-bug/sql/sql_connect.cc:1261 #18 0x7fbba9c07493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493) #19 0x7fbba7d5293e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e)

Elena Stepanova added a comment - 2018-03-15 12:00 - edited

--source include/have_innodb.inc

SET @qcs.save= @@global.query_cache_size, @qct.save= @@global.query_cache_type;

SET GLOBAL query_cache_size= 512*1024*1024, query_cache_type= ON;

--connect (con1,localhost,root,,test)

CREATE TABLE t1 (a INT) ENGINE=InnoDB;

CREATE TABLE t2 (b INT) ENGINE=InnoDB;

CREATE VIEW v AS select a from t1 join t2;

PREPARE stmt FROM "SELECT * FROM t1 WHERE a in (SELECT a FROM v)";

--connect (con2,localhost,root,,test)

PREPARE stmt FROM "SELECT * FROM t1 WHERE a in (SELECT a FROM v)";

EXECUTE stmt;

--connection con1

EXECUTE stmt;

INSERT INTO t2 VALUES (0);

EXECUTE stmt;

START TRANSACTION;

EXECUTE stmt;

# Cleanup

--disconnect con1

--disconnect con2

--connection default

DROP VIEW v;

DROP TABLE t1, t2;

SET GLOBAL query_cache_size= @qcs.save, query_cache_type= @qct.save;

10.1.28
==9077==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x55f5de9368bf sp 0x7fc0dc3e3b40 bp 0x6290000a15d8 T25)
#0 0x55f5de9368be in Item_func::fix_fields(THD, Item*) /data/src/10.1-bug/sql/item_func.cc:214
#1 0x55f5de8b0425 in Item_cond::fix_fields(THD, Item*) /data/src/10.1-bug/sql/item_cmpfunc.cc:4578
#2 0x55f5de21efad in setup_conds(THD, TABLE_LIST, List<TABLE_LIST>&, Item**) /data/src/10.1-bug/sql/sql_base.cc:8637
#3 0x55f5de3e14ef in setup_without_group /data/src/10.1-bug/sql/sql_select.cc:645
#4 0x55f5de3e14ef in JOIN::prepare(Item**, TABLE_LIST, unsigned int, Item, unsigned int, st_order, bool, st_order, Item, st_order, st_select_lex, st_select_lex_unit*) /data/src/10.1-bug/sql/sql_select.cc:804
#5 0x55f5de40c321 in mysql_select(THD, Item*, TABLE_LIST, unsigned int, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex) /data/src/10.1-bug/sql/sql_select.cc:3427
#6 0x55f5de40cc9d in handle_select(THD, LEX, select_result*, unsigned long) /data/src/10.1-bug/sql/sql_select.cc:384
#7 0x55f5de2def58 in execute_sqlcom_select /data/src/10.1-bug/sql/sql_parse.cc:5912
#8 0x55f5de2f860d in mysql_execute_command(THD*) /data/src/10.1-bug/sql/sql_parse.cc:2982
#9 0x55f5de347736 in Prepared_statement::execute(String*, bool) /data/src/10.1-bug/sql/sql_prepare.cc:4299
#10 0x55f5de348334 in Prepared_statement::execute_loop(String, bool, unsigned char, unsigned char*) /data/src/10.1-bug/sql/sql_prepare.cc:3931
#11 0x55f5de3496bf in mysql_sql_stmt_execute(THD*) /data/src/10.1-bug/sql/sql_prepare.cc:3055
#12 0x55f5de2f8636 in mysql_execute_command(THD*) /data/src/10.1-bug/sql/sql_parse.cc:2993
#13 0x55f5de30feb3 in mysql_parse(THD, char, unsigned int, Parser_state*) /data/src/10.1-bug/sql/sql_parse.cc:7333
#14 0x55f5de3166b4 in dispatch_command(enum_server_command, THD, char, unsigned int) /data/src/10.1-bug/sql/sql_parse.cc:1484
#15 0x55f5de31cc67 in do_command(THD*) /data/src/10.1-bug/sql/sql_parse.cc:1106
#16 0x55f5de5bf1ea in do_handle_one_connection(THD*) /data/src/10.1-bug/sql/sql_connect.cc:1349
#17 0x55f5de5bf6fb in handle_one_connection /data/src/10.1-bug/sql/sql_connect.cc:1261
#18 0x55f5dee7ec08 in pfs_spawn_thread /data/src/10.1-bug/storage/perfschema/pfs.cc:1860
#19 0x7fc0e4ad1493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
#20 0x7fc0e2c1c93e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e)

5.5 11408a69adc674
#3 <signal handler called>
#4 0x0000000000808f78 in Item_func::fix_fields (this=0x7fa1220f3030, thd=0x7fa12b5ef060, ref=0x7fa1220242d0) at /data/src/5.5-bug/sql/item_func.cc:204
#5 0x00000000007ebeeb in Item_cond::fix_fields (this=0x7fa1220241a0, thd=0x7fa12b5ef060, ref=0x7fa1220247e8) at /data/src/5.5-bug/sql/item_cmpfunc.cc:4361
#6 0x00000000005aebcb in setup_conds (thd=0x7fa12b5ef060, tables=0x7fa1220d85e8, leaves=..., conds=0x7fa1220247e8) at /data/src/5.5-bug/sql/sql_base.cc:8915
#7 0x0000000000670b59 in setup_without_group (thd=0x7fa12b5ef060, ref_pointer_array=0x7fa1220f2680, tables=0x7fa1220d85e8, leaves=..., fields=..., all_fields=..., conds=0x7fa1220247e8, order=0x0, group=0x0, hidden_group_fields=0x7fa1220246d0) at /data/src/5.5-bug/sql/sql_select.cc:582
#8 0x000000000062eed2 in JOIN::prepare (this=0x7fa1220243b0, rref_pointer_array=0x7fa1220d7ab0, tables_init=0x7fa1220d85e8, wild_num=0, conds_init=0x7fa1220241a0, og_num=0, order_init=0x0, skip_order_by=false, group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x7fa1220d7810, unit_arg=0x7fa1220d7130) at /data/src/5.5-bug/sql/sql_select.cc:734
#9 0x00000000006377bc in mysql_select (thd=0x7fa12b5ef060, rref_pointer_array=0x7fa1220d7ab0, tables=0x7fa1220d85e8, wild_num=0, fields=..., conds=0x7fa1220241a0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2417232640, result=0x7fa1220eb088, unit=0x7fa1220d7130, select_lex=0x7fa1220d7810) at /data/src/5.5-bug/sql/sql_select.cc:3095
#10 0x000000000062e034 in handle_select (thd=0x7fa12b5ef060, lex=0x7fa1220d7080, result=0x7fa1220eb088, setup_tables_done_option=0) at /data/src/5.5-bug/sql/sql_select.cc:323
#11 0x00000000006074ca in execute_sqlcom_select (thd=0x7fa12b5ef060, all_tables=0x7fa1220d85e8) at /data/src/5.5-bug/sql/sql_parse.cc:4678
#12 0x000000000060084b in mysql_execute_command (thd=0x7fa12b5ef060) at /data/src/5.5-bug/sql/sql_parse.cc:2224
#13 0x0000000000621681 in Prepared_statement::execute (this=0x7fa1220da460, expanded_query=0x7fa133057d90, open_cursor=false) at /data/src/5.5-bug/sql/sql_prepare.cc:3932
#14 0x0000000000620795 in Prepared_statement::execute_loop (this=0x7fa1220da460, expanded_query=0x7fa133057d90, open_cursor=false, packet=0x0, packet_end=0x0) at /data/src/5.5-bug/sql/sql_prepare.cc:3591
#15 0x000000000061e8b3 in mysql_sql_stmt_execute (thd=0x7fa12b5ef060) at /data/src/5.5-bug/sql/sql_prepare.cc:2740
#16 0x0000000000600879 in mysql_execute_command (thd=0x7fa12b5ef060) at /data/src/5.5-bug/sql/sql_parse.cc:2234
#17 0x000000000060a096 in mysql_parse (thd=0x7fa12b5ef060, rawbuf=0x7fa122024078 "EXECUTE stmt", length=12, parser_state=0x7fa133058640) at /data/src/5.5-bug/sql/sql_parse.cc:5923
#18 0x00000000005fddab in dispatch_command (command=COM_QUERY, thd=0x7fa12b5ef060, packet=0x7fa12b5f4061 "EXECUTE stmt", packet_length=12) at /data/src/5.5-bug/sql/sql_parse.cc:1066
#19 0x00000000005fcf9d in do_command (thd=0x7fa12b5ef060) at /data/src/5.5-bug/sql/sql_parse.cc:793
#20 0x00000000007000a7 in do_handle_one_connection (thd_arg=0x7fa12b5ef060) at /data/src/5.5-bug/sql/sql_connect.cc:1268
#21 0x00000000006ffe34 in handle_one_connection (arg=0x7fa12b5ef060) at /data/src/5.5-bug/sql/sql_connect.cc:1184
#22 0x0000000000a0dc97 in pfs_spawn_thread (arg=0x7fa12b7a0520) at /data/src/5.5-bug/storage/perfschema/pfs.cc:1015
#23 0x00007fa132cde494 in start_thread (arg=0x7fa133059700) at pthread_create.c:333
#24 0x00007fa1316f493f in clone () from /lib/x86_64-linux-gnu/libc.so.6

Elena Stepanova added a comment - 2018-03-15 12:00 - edited --source include/have_innodb.inc SET @qcs.save= @@ global .query_cache_size, @qct.save= @@ global .query_cache_type; SET GLOBAL query_cache_size= 512*1024*1024, query_cache_type= ON ; --connect (con1,localhost,root,,test) CREATE TABLE t1 (a INT ) ENGINE=InnoDB; CREATE TABLE t2 (b INT ) ENGINE=InnoDB; CREATE VIEW v AS select a from t1 join t2; PREPARE stmt FROM "SELECT * FROM t1 WHERE a in (SELECT a FROM v)" ; --connect (con2,localhost,root,,test) PREPARE stmt FROM "SELECT * FROM t1 WHERE a in (SELECT a FROM v)" ; EXECUTE stmt; --connection con1 EXECUTE stmt; INSERT INTO t2 VALUES (0); EXECUTE stmt; START TRANSACTION ; EXECUTE stmt; # Cleanup --disconnect con1 --disconnect con2 --connection default DROP VIEW v; DROP TABLE t1, t2; SET GLOBAL query_cache_size= @qcs.save, query_cache_type= @qct.save; 10.1.28 ==9077==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x55f5de9368bf sp 0x7fc0dc3e3b40 bp 0x6290000a15d8 T25) #0 0x55f5de9368be in Item_func::fix_fields(THD*, Item**) /data/src/10.1-bug/sql/item_func.cc:214 #1 0x55f5de8b0425 in Item_cond::fix_fields(THD*, Item**) /data/src/10.1-bug/sql/item_cmpfunc.cc:4578 #2 0x55f5de21efad in setup_conds(THD*, TABLE_LIST*, List<TABLE_LIST>&, Item**) /data/src/10.1-bug/sql/sql_base.cc:8637 #3 0x55f5de3e14ef in setup_without_group /data/src/10.1-bug/sql/sql_select.cc:645 #4 0x55f5de3e14ef in JOIN::prepare(Item***, TABLE_LIST*, unsigned int, Item*, unsigned int, st_order*, bool, st_order*, Item*, st_order*, st_select_lex*, st_select_lex_unit*) /data/src/10.1-bug/sql/sql_select.cc:804 #5 0x55f5de40c321 in mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/10.1-bug/sql/sql_select.cc:3427 #6 0x55f5de40cc9d in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.1-bug/sql/sql_select.cc:384 #7 0x55f5de2def58 in execute_sqlcom_select /data/src/10.1-bug/sql/sql_parse.cc:5912 #8 0x55f5de2f860d in mysql_execute_command(THD*) /data/src/10.1-bug/sql/sql_parse.cc:2982 #9 0x55f5de347736 in Prepared_statement::execute(String*, bool) /data/src/10.1-bug/sql/sql_prepare.cc:4299 #10 0x55f5de348334 in Prepared_statement::execute_loop(String*, bool, unsigned char*, unsigned char*) /data/src/10.1-bug/sql/sql_prepare.cc:3931 #11 0x55f5de3496bf in mysql_sql_stmt_execute(THD*) /data/src/10.1-bug/sql/sql_prepare.cc:3055 #12 0x55f5de2f8636 in mysql_execute_command(THD*) /data/src/10.1-bug/sql/sql_parse.cc:2993 #13 0x55f5de30feb3 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /data/src/10.1-bug/sql/sql_parse.cc:7333 #14 0x55f5de3166b4 in dispatch_command(enum_server_command, THD*, char*, unsigned int) /data/src/10.1-bug/sql/sql_parse.cc:1484 #15 0x55f5de31cc67 in do_command(THD*) /data/src/10.1-bug/sql/sql_parse.cc:1106 #16 0x55f5de5bf1ea in do_handle_one_connection(THD*) /data/src/10.1-bug/sql/sql_connect.cc:1349 #17 0x55f5de5bf6fb in handle_one_connection /data/src/10.1-bug/sql/sql_connect.cc:1261 #18 0x55f5dee7ec08 in pfs_spawn_thread /data/src/10.1-bug/storage/perfschema/pfs.cc:1860 #19 0x7fc0e4ad1493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493) #20 0x7fc0e2c1c93e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e) 5.5 11408a69adc674 #3 <signal handler called> #4 0x0000000000808f78 in Item_func::fix_fields (this=0x7fa1220f3030, thd=0x7fa12b5ef060, ref=0x7fa1220242d0) at /data/src/5.5-bug/sql/item_func.cc:204 #5 0x00000000007ebeeb in Item_cond::fix_fields (this=0x7fa1220241a0, thd=0x7fa12b5ef060, ref=0x7fa1220247e8) at /data/src/5.5-bug/sql/item_cmpfunc.cc:4361 #6 0x00000000005aebcb in setup_conds (thd=0x7fa12b5ef060, tables=0x7fa1220d85e8, leaves=..., conds=0x7fa1220247e8) at /data/src/5.5-bug/sql/sql_base.cc:8915 #7 0x0000000000670b59 in setup_without_group (thd=0x7fa12b5ef060, ref_pointer_array=0x7fa1220f2680, tables=0x7fa1220d85e8, leaves=..., fields=..., all_fields=..., conds=0x7fa1220247e8, order=0x0, group=0x0, hidden_group_fields=0x7fa1220246d0) at /data/src/5.5-bug/sql/sql_select.cc:582 #8 0x000000000062eed2 in JOIN::prepare (this=0x7fa1220243b0, rref_pointer_array=0x7fa1220d7ab0, tables_init=0x7fa1220d85e8, wild_num=0, conds_init=0x7fa1220241a0, og_num=0, order_init=0x0, skip_order_by=false, group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x7fa1220d7810, unit_arg=0x7fa1220d7130) at /data/src/5.5-bug/sql/sql_select.cc:734 #9 0x00000000006377bc in mysql_select (thd=0x7fa12b5ef060, rref_pointer_array=0x7fa1220d7ab0, tables=0x7fa1220d85e8, wild_num=0, fields=..., conds=0x7fa1220241a0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2417232640, result=0x7fa1220eb088, unit=0x7fa1220d7130, select_lex=0x7fa1220d7810) at /data/src/5.5-bug/sql/sql_select.cc:3095 #10 0x000000000062e034 in handle_select (thd=0x7fa12b5ef060, lex=0x7fa1220d7080, result=0x7fa1220eb088, setup_tables_done_option=0) at /data/src/5.5-bug/sql/sql_select.cc:323 #11 0x00000000006074ca in execute_sqlcom_select (thd=0x7fa12b5ef060, all_tables=0x7fa1220d85e8) at /data/src/5.5-bug/sql/sql_parse.cc:4678 #12 0x000000000060084b in mysql_execute_command (thd=0x7fa12b5ef060) at /data/src/5.5-bug/sql/sql_parse.cc:2224 #13 0x0000000000621681 in Prepared_statement::execute (this=0x7fa1220da460, expanded_query=0x7fa133057d90, open_cursor=false) at /data/src/5.5-bug/sql/sql_prepare.cc:3932 #14 0x0000000000620795 in Prepared_statement::execute_loop (this=0x7fa1220da460, expanded_query=0x7fa133057d90, open_cursor=false, packet=0x0, packet_end=0x0) at /data/src/5.5-bug/sql/sql_prepare.cc:3591 #15 0x000000000061e8b3 in mysql_sql_stmt_execute (thd=0x7fa12b5ef060) at /data/src/5.5-bug/sql/sql_prepare.cc:2740 #16 0x0000000000600879 in mysql_execute_command (thd=0x7fa12b5ef060) at /data/src/5.5-bug/sql/sql_parse.cc:2234 #17 0x000000000060a096 in mysql_parse (thd=0x7fa12b5ef060, rawbuf=0x7fa122024078 "EXECUTE stmt", length=12, parser_state=0x7fa133058640) at /data/src/5.5-bug/sql/sql_parse.cc:5923 #18 0x00000000005fddab in dispatch_command (command=COM_QUERY, thd=0x7fa12b5ef060, packet=0x7fa12b5f4061 "EXECUTE stmt", packet_length=12) at /data/src/5.5-bug/sql/sql_parse.cc:1066 #19 0x00000000005fcf9d in do_command (thd=0x7fa12b5ef060) at /data/src/5.5-bug/sql/sql_parse.cc:793 #20 0x00000000007000a7 in do_handle_one_connection (thd_arg=0x7fa12b5ef060) at /data/src/5.5-bug/sql/sql_connect.cc:1268 #21 0x00000000006ffe34 in handle_one_connection (arg=0x7fa12b5ef060) at /data/src/5.5-bug/sql/sql_connect.cc:1184 #22 0x0000000000a0dc97 in pfs_spawn_thread (arg=0x7fa12b7a0520) at /data/src/5.5-bug/storage/perfschema/pfs.cc:1015 #23 0x00007fa132cde494 in start_thread (arg=0x7fa133059700) at pthread_create.c:333 #24 0x00007fa1316f493f in clone () from /lib/x86_64-linux-gnu/libc.so.6

Elena Stepanova added a comment - 2018-03-15 13:19 - edited

The problem affects all of 5.5-10.3, reproducible with the above test case.

On debug builds, this particular crash stopped happening after this commit in 5.5, and merge to higher versions:

commit ba8d0fa700a73893979793785ed53f7bbd950df8

Author: Oleksandr Byelkin <sanja@mariadb.com>

Date:   Mon Jan 15 14:50:35 2018 +0100

    MDEV-14786: Server crashes in Item_cond::transform on 2nd execution of SP querying from a view

    MDEV-14957: JOIN::prepare gets unusable "conds" as argument

    Do not touch merged derived (it is irreversible)

    Fix first argument of in_optimizer for calls possible before fix_fields()

However, it is not a cure, the same test case still fails on debug builds on all versions, although in a different fashion, possibly the original failure has just been masked:

5.5 0943b33de3daa debug
#3 <signal handler called>
#4 0x000000000080a202 in Item_func::print_op (this=0x7fd23dcf3030, str=0x7fd24edd9c80, query_type=QT_ORDINARY) at /data/src/5.5/sql/item_func.cc:496
#5 0x00000000007f1db9 in Item_bool_func2::print (this=0x7fd23dcf3030, str=0x7fd24edd9c80, query_type=QT_ORDINARY) at /data/src/5.5/sql/item_cmpfunc.h:386
#6 0x00000000007ecf84 in Item_cond::print (this=0x7fd23dc241a0, str=0x7fd24edd9c80, query_type=QT_ORDINARY) at /data/src/5.5/sql/item_cmpfunc.cc:4702
#7 0x00000000007d75b8 in dbug_print_item (item=0x7fd23dc241a0) at /data/src/5.5/sql/item.cc:10012
#8 0x000000000062eae0 in JOIN::prepare (this=0x7fd23dc243b0, rref_pointer_array=0x7fd23dcd7ab0, tables_init=0x7fd23dcd85e8, wild_num=0, conds_init=0x7fd23dc241a0, og_num=0, order_init=0x0, skip_order_by=false, group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x7fd23dcd7810, unit_arg=0x7fd23dcd7130) at /data/src/5.5/sql/sql_select.cc:642
#9 0x000000000063793a in mysql_select (thd=0x7fd2471ef060, rref_pointer_array=0x7fd23dcd7ab0, tables=0x7fd23dcd85e8, wild_num=0, fields=..., conds=0x7fd23dc241a0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2417232640, result=0x7fd23dceb088, unit=0x7fd23dcd7130, select_lex=0x7fd23dcd7810) at /data/src/5.5/sql/sql_select.cc:3098
#10 0x000000000062e19c in handle_select (thd=0x7fd2471ef060, lex=0x7fd23dcd7080, result=0x7fd23dceb088, setup_tables_done_option=0) at /data/src/5.5/sql/sql_select.cc:323
#11 0x0000000000607632 in execute_sqlcom_select (thd=0x7fd2471ef060, all_tables=0x7fd23dcd85e8) at /data/src/5.5/sql/sql_parse.cc:4678
#12 0x00000000006009b3 in mysql_execute_command (thd=0x7fd2471ef060) at /data/src/5.5/sql/sql_parse.cc:2224
#13 0x00000000006217e9 in Prepared_statement::execute (this=0x7fd23dcda460, expanded_query=0x7fd24eddad90, open_cursor=false) at /data/src/5.5/sql/sql_prepare.cc:3932
#14 0x00000000006208fd in Prepared_statement::execute_loop (this=0x7fd23dcda460, expanded_query=0x7fd24eddad90, open_cursor=false, packet=0x0, packet_end=0x0) at /data/src/5.5/sql/sql_prepare.cc:3591
#15 0x000000000061ea1b in mysql_sql_stmt_execute (thd=0x7fd2471ef060) at /data/src/5.5/sql/sql_prepare.cc:2740
#16 0x00000000006009e1 in mysql_execute_command (thd=0x7fd2471ef060) at /data/src/5.5/sql/sql_parse.cc:2234
#17 0x000000000060a1fe in mysql_parse (thd=0x7fd2471ef060, rawbuf=0x7fd23dc24078 "EXECUTE stmt", length=12, parser_state=0x7fd24eddb640) at /data/src/5.5/sql/sql_parse.cc:5923
#18 0x00000000005fdf13 in dispatch_command (command=COM_QUERY, thd=0x7fd2471ef060, packet=0x7fd2471f4061 "EXECUTE stmt", packet_length=12) at /data/src/5.5/sql/sql_parse.cc:1066
#19 0x00000000005fd105 in do_command (thd=0x7fd2471ef060) at /data/src/5.5/sql/sql_parse.cc:793
#20 0x000000000070024f in do_handle_one_connection (thd_arg=0x7fd2471ef060) at /data/src/5.5/sql/sql_connect.cc:1268
#21 0x00000000006fffdc in handle_one_connection (arg=0x7fd2471ef060) at /data/src/5.5/sql/sql_connect.cc:1184
#22 0x0000000000a0e071 in pfs_spawn_thread (arg=0x7fd24739eac0) at /data/src/5.5/storage/perfschema/pfs.cc:1015
#23 0x00007fd24ea61494 in start_thread (arg=0x7fd24eddc700) at pthread_create.c:333
#24 0x00007fd24d47793f in clone () from /lib/x86_64-linux-gnu/libc.so.6

I've created ~~MDEV-15573~~ for this crash.

Release builds are less consistent.

5.5 non-debug build and 10.0.34 release fail, although in a different way:

10.0.34 release bintar
pure virtual method called
terminate called without an active exception
180315 15:47:50 [ERROR] mysqld got signal 6 ;

#7 0x00007ff2f8a920b1 in std::terminate() () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#8 0x00007ff2f8a92b8f in __cxa_pure_virtual () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#9 0x000000000061792b in check_simple_equality (left_item=0x7ff2e4cbfc58, right_item=0x7ff2e4c1f3e8, item=item@entry=0x7ff2e4cf03a0, cond_equal=cond_equal@entry=0x7ff2f994a140) at /home/buildbot/buildbot/build/sql/sql_select.cc:12519
#10 0x0000000000618a5a in check_equality (eq_list=0x7ff2f994a120, cond_equal=0x7ff2f994a140, item=0x7ff2e4cf03a0, thd=0x7ff2ecb61008) at /home/buildbot/buildbot/build/sql/sql_select.cc:12793
#11 check_equality (eq_list=0x7ff2f994a120, cond_equal=0x7ff2f994a140, item=0x7ff2e4cf03a0, thd=0x7ff2ecb61008) at /home/buildbot/buildbot/build/sql/sql_select.cc:12863
#12 build_equal_items_for_cond (thd=0x7ff2ecb61008, cond=cond@entry=0x7ff2e4c1e148, inherited=inherited@entry=0x0, link_item_fields=link_item_fields@entry=true) at /home/buildbot/buildbot/build/sql/sql_select.cc:12899
#13 0x00000000006192a8 in build_equal_items (join=join@entry=0x7ff2e4c1e358, cond=cond@entry=0x7ff2e4c1e148, join_list=0x7ff2e4cbe988, ignore_on_conds=ignore_on_conds@entry=false, cond_equal_ref=cond_equal_ref@entry=0x7ff2e4c1e7c8, link_equal_fields=link_equal_fields@entry=true, inherited=0x0) at /home/buildbot/buildbot/build/sql/sql_select.cc:13108
#14 0x0000000000619849 in optimize_cond (flags=1, cond_equal=0x7ff2e4c1e7c8, cond_value=0x7ff2e4c1e6a0, ignore_on_conds=false, join_list=<optimized out>, conds=0x7ff2e4c1e148, join=0x7ff2e4c1e358) at /home/buildbot/buildbot/build/sql/sql_select.cc:14741
#15 JOIN::optimize_inner (this=this@entry=0x7ff2e4c1e358) at /home/buildbot/buildbot/build/sql/sql_select.cc:1214
#16 0x000000000061c20e in optimize (this=0x7ff2e4c1e358) at /home/buildbot/buildbot/build/sql/sql_select.cc:1041
#17 mysql_select (thd=thd@entry=0x7ff2ecb61008, rref_pointer_array=rref_pointer_array@entry=0x7ff2e4cbea88, tables=<optimized out>, wild_num=<optimized out>, fields=..., conds=<optimized out>, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2417232640, result=result@entry=0x7ff2e4cbff40, unit=0x7ff2e4cbe0f0, select_lex=select_lex@entry=0x7ff2e4cbe7e0) at /home/buildbot/buildbot/build/sql/sql_select.cc:3319
#18 0x000000000061fa0d in handle_select (thd=thd@entry=0x7ff2ecb61008, lex=lex@entry=0x7ff2e4cbe028, result=result@entry=0x7ff2e4cbff40, setup_tables_done_option=setup_tables_done_option@entry=0) at /home/buildbot/buildbot/build/sql/sql_select.cc:377
#19 0x00000000005c4c38 in execute_sqlcom_select (thd=thd@entry=0x7ff2ecb61008, all_tables=0x7ff2e4cbf658) at /home/buildbot/buildbot/build/sql/sql_parse.cc:5293
#20 0x00000000005d002e in mysql_execute_command (thd=0x7ff2ecb61008) at /home/buildbot/buildbot/build/sql/sql_parse.cc:2553
#21 0x00000000005e3467 in Prepared_statement::execute (this=this@entry=0x7ff2e4c91288, expanded_query=expanded_query@entry=0x7ff2f994bf90, open_cursor=open_cursor@entry=false) at /home/buildbot/buildbot/build/sql/sql_prepare.cc:3974
#22 0x00000000005e3561 in Prepared_statement::execute_loop (this=0x7ff2e4c91288, expanded_query=0x7ff2f994bf90, open_cursor=false, packet_end=<optimized out>, packet=<optimized out>) at /home/buildbot/buildbot/build/sql/sql_prepare.cc:3629
#23 0x00000000005e3a6b in mysql_sql_stmt_execute (thd=thd@entry=0x7ff2ecb61008) at /home/buildbot/buildbot/build/sql/sql_prepare.cc:2779
#24 0x00000000005cf5cc in mysql_execute_command (thd=thd@entry=0x7ff2ecb61008) at /home/buildbot/buildbot/build/sql/sql_parse.cc:2563
#25 0x00000000005d1b37 in mysql_parse (thd=thd@entry=0x7ff2ecb61008, parser_state=parser_state@entry=0x7ff2f994d5d0, length=<optimized out>, rawbuf=<optimized out>) at /home/buildbot/buildbot/build/sql/sql_parse.cc:6569
#26 0x00000000005d4006 in dispatch_command (command=COM_QUERY, thd=0x7ff2ecb61008, packet=<optimized out>, packet_length=12) at /home/buildbot/buildbot/build/sql/sql_parse.cc:1771
#27 0x00000000005d41b3 in do_command (thd=<optimized out>) at /home/buildbot/buildbot/build/sql/sql_parse.cc:999
#28 0x0000000000694d33 in do_handle_one_connection (thd_arg=thd_arg@entry=0x7ff2ecb61008) at /home/buildbot/buildbot/build/sql/sql_connect.cc:1377
#29 0x0000000000694e02 in handle_one_connection (arg=arg@entry=0x7ff2ecb61008) at /home/buildbot/buildbot/build/sql/sql_connect.cc:1292
#30 0x00000000008965dd in pfs_spawn_thread (arg=0x7ff2f783fc08) at /home/buildbot/buildbot/build/storage/perfschema/pfs.cc:1861
#31 0x00007ff2f8f90494 in start_thread (arg=0x7ff2f994e700) at pthread_create.c:333
#32 0x00007ff2f844993f in clone () from /lib/x86_64-linux-gnu/libc.so.6

10.1.31 release build does not fail, but current 10.1 non-debug with ASAN still produces the error:

READ of size 1 at 0x62b000016745 thread T24

    #0 0x5587481441e7 in Item_func::fix_fields(THD*, Item**) /data/src/10.1/sql/item_func.cc:208

    #1 0x5587480c4e81 in Item_cond::fix_fields(THD*, Item**) /data/src/10.1/sql/item_cmpfunc.cc:4634

    #2 0x558747afb1f8 in setup_conds(THD*, TABLE_LIST*, List<TABLE_LIST>&, Item**) /data/src/10.1/sql/sql_base.cc:8642

    #3 0x558747c7bbf5 in setup_without_group /data/src/10.1/sql/sql_select.cc:649

    #4 0x558747c7bbf5 in JOIN::prepare(Item***, TABLE_LIST*, unsigned int, Item*, unsigned int, st_order*, bool, st_order*, Item*, st_order*, st_select_lex*, st_select_lex_unit*) /data/src/10.1/sql/sql_select.cc:811

    #5 0x558747ca7dc5 in mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/10.1/sql/sql_select.cc:3454

    #6 0x558747ca8672 in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.1/sql/sql_select.cc:388

    #7 0x558747b9c9c4 in execute_sqlcom_select /data/src/10.1/sql/sql_parse.cc:5926

    #8 0x558747bb3706 in mysql_execute_command(THD*) /data/src/10.1/sql/sql_parse.cc:2976

    #9 0x558747bfa1bf in Prepared_statement::execute(String*, bool) /data/src/10.1/sql/sql_prepare.cc:4284

    #10 0x558747bfabea in Prepared_statement::execute_loop(String*, bool, unsigned char*, unsigned char*) /data/src/10.1/sql/sql_prepare.cc:3916

    #11 0x558747bfbb7d in mysql_sql_stmt_execute(THD*) /data/src/10.1/sql/sql_prepare.cc:3042

    #12 0x558747bb372f in mysql_execute_command(THD*) /data/src/10.1/sql/sql_parse.cc:2987

    #13 0x558747bc8f4b in mysql_parse(THD*, char*, unsigned int, Parser_state*) /data/src/10.1/sql/sql_parse.cc:7352

    #14 0x558747bceef9 in dispatch_command(enum_server_command, THD*, char*, unsigned int) /data/src/10.1/sql/sql_parse.cc:1477

    #15 0x558747bd4a35 in do_command(THD*) /data/src/10.1/sql/sql_parse.cc:1106

    #16 0x558747e291fb in do_handle_one_connection(THD*) /data/src/10.1/sql/sql_connect.cc:1330

    #17 0x558747e296de in handle_one_connection /data/src/10.1/sql/sql_connect.cc:1242

    #18 0x5587485d9cab in pfs_spawn_thread /data/src/10.1/storage/perfschema/pfs.cc:1861

    #19 0x7fc1dba59493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)

    #20 0x7fc1d9e1293e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e)

10.2.13 release build fails with the same crash in fix_fields:

10.2.13 release bintar
#2 <signal handler called>
#3 0x0000000000000000 in ?? ()
#4 0x000055641774f570 in fix_fields (thd=0x7f97dc0009a8, this=0x7f97dc02a078, ref=<optimized out>) at /home/buildbot/buildbot/build/sql/item_func.cc:211
#5 Item_func::fix_fields (this=0x7f97dc02a078, thd=0x7f97dc0009a8, ref=<optimized out>) at /home/buildbot/buildbot/build/sql/item_func.cc:178
#6 0x00005564177271f8 in Item_cond::fix_fields (this=0x7f97dc00f158, thd=0x7f97dc0009a8, ref=<optimized out>) at /home/buildbot/buildbot/build/sql/item_cmpfunc.cc:4660
#7 0x000055641753b34b in setup_conds (thd=thd@entry=0x7f97dc0009a8, tables=tables@entry=0x7f97dc023228, leaves=..., conds=conds@entry=0x7f97dc00f790) at /home/buildbot/buildbot/build/sql/sql_base.cc:7800
#8 0x00005564175b6dd9 in setup_without_group (reserved=0x7f97dc02245c, hidden_group_fields=0x7f97dc00f66f, win_funcs=..., win_specs=..., group=0x0, order=0x0, conds=0x7f97dc00f790, all_fields=..., fields=..., leaves=..., tables=0x7f97dc023228, ref_pointer_array=..., thd=0x7f97dc0009a8) at /home/buildbot/buildbot/build/sql/sql_select.cc:640
#9 prepare (unit_arg=0x7f97dc021a60, select_lex_arg=0x7f97dc022198, proc_param_init=0x0, having_init=0x0, group_init=0x0, skip_order_by=false, order_init=<optimized out>, og_num=<optimized out>, conds_init=<optimized out>, wild_num=<optimized out>, tables_init=<optimized out>, this=<optimized out>) at /home/buildbot/buildbot/build/sql/sql_select.cc:823
#10 JOIN::prepare (this=<optimized out>, tables_init=<optimized out>, wild_num=<optimized out>, conds_init=<optimized out>, og_num=<optimized out>, order_init=<optimized out>, skip_order_by=false, group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x7f97dc022198, unit_arg=0x7f97dc021a60) at /home/buildbot/buildbot/build/sql/sql_select.cc:689
#11 0x00005564175c7cd6 in mysql_select (thd=thd@entry=0x7f97dc0009a8, tables=0x7f97dc023228, wild_num=0, fields=..., conds=<optimized out>, og_num=<optimized out>, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2417232640, result=result@entry=0x7f97dc024e28, unit=unit@entry=0x7f97dc021a60, select_lex=select_lex@entry=0x7f97dc022198) at /home/buildbot/buildbot/build/sql/sql_select.cc:3739
#12 0x00005564175c8de4 in handle_select (thd=thd@entry=0x7f97dc0009a8, lex=lex@entry=0x7f97dc021998, result=result@entry=0x7f97dc024e28, setup_tables_done_option=setup_tables_done_option@entry=0) at /home/buildbot/buildbot/build/sql/sql_select.cc:376
#13 0x00005564174b9789 in execute_sqlcom_select (thd=thd@entry=0x7f97dc0009a8, all_tables=0x7f97dc023228) at /home/buildbot/buildbot/build/sql/sql_parse.cc:6456
#14 0x00005564175784f8 in mysql_execute_command (thd=0x7f97dc0009a8) at /home/buildbot/buildbot/build/sql/sql_parse.cc:3467
#15 0x000055641758fb4e in Prepared_statement::execute (this=this@entry=0x7f97dc0215c8, expanded_query=expanded_query@entry=0x7f982bbacb20, open_cursor=open_cursor@entry=false) at /home/buildbot/buildbot/build/sql/sql_prepare.cc:4773
#16 0x00005564175908ec in Prepared_statement::execute_loop (this=0x7f97dc0215c8, expanded_query=0x7f982bbacb20, open_cursor=false, packet_end=<optimized out>, packet=<optimized out>) at /home/buildbot/buildbot/build/sql/sql_prepare.cc:4203
#17 0x000055641759138d in mysql_sql_stmt_execute (thd=thd@entry=0x7f97dc0009a8) at /home/buildbot/buildbot/build/sql/sql_prepare.cc:3311
#18 0x000055641757645c in mysql_execute_command (thd=thd@entry=0x7f97dc0009a8) at /home/buildbot/buildbot/build/sql/sql_parse.cc:3483
#19 0x000055641757d2da in mysql_parse (thd=thd@entry=0x7f97dc0009a8, rawbuf=<optimized out>, length=12, parser_state=parser_state@entry=0x7f982bbae260, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /home/buildbot/buildbot/build/sql/sql_parse.cc:7902
#20 0x000055641757f66e in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x7f97dc0009a8, packet=<optimized out>, packet_length=3691049008, packet_length@entry=12, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /home/buildbot/buildbot/build/sql/sql_parse.cc:1806
#21 0x000055641757fc1e in do_command (thd=0x7f97dc0009a8) at /home/buildbot/buildbot/build/sql/sql_parse.cc:1360
#22 0x000055641763da7f in do_handle_one_connection (connect=connect@entry=0x55641953c0a8) at /home/buildbot/buildbot/build/sql/sql_connect.cc:1335
#23 0x000055641763dba4 in handle_one_connection (arg=arg@entry=0x55641953c0a8) at /home/buildbot/buildbot/build/sql/sql_connect.cc:1241
#24 0x0000556417879d3d in pfs_spawn_thread (arg=0x5564194d9108) at /home/buildbot/buildbot/build/storage/perfschema/pfs.cc:1862
#25 0x00007f98307ed494 in start_thread (arg=0x7f982bbaf700) at pthread_create.c:333
#26 0x00007f982feaa93f in clone () from /lib/x86_64-linux-gnu/libc.so.6

All in all, the problem still seem to exist, although it might be not easy to debug due to the masking crash ~~MDEV-15573~~.

Elena Stepanova added a comment - 2018-03-15 13:19 - edited The problem affects all of 5.5-10.3, reproducible with the above test case. On debug builds, this particular crash stopped happening after this commit in 5.5, and merge to higher versions: commit ba8d0fa700a73893979793785ed53f7bbd950df8 Author: Oleksandr Byelkin <sanja@mariadb.com> Date: Mon Jan 15 14:50:35 2018 +0100 MDEV-14786: Server crashes in Item_cond::transform on 2nd execution of SP querying from a view MDEV-14957: JOIN::prepare gets unusable "conds" as argument Do not touch merged derived (it is irreversible) Fix first argument of in_optimizer for calls possible before fix_fields() However, it is not a cure, the same test case still fails on debug builds on all versions, although in a different fashion, possibly the original failure has just been masked: 5.5 0943b33de3daa debug #3 <signal handler called> #4 0x000000000080a202 in Item_func::print_op (this=0x7fd23dcf3030, str=0x7fd24edd9c80, query_type=QT_ORDINARY) at /data/src/5.5/sql/item_func.cc:496 #5 0x00000000007f1db9 in Item_bool_func2::print (this=0x7fd23dcf3030, str=0x7fd24edd9c80, query_type=QT_ORDINARY) at /data/src/5.5/sql/item_cmpfunc.h:386 #6 0x00000000007ecf84 in Item_cond::print (this=0x7fd23dc241a0, str=0x7fd24edd9c80, query_type=QT_ORDINARY) at /data/src/5.5/sql/item_cmpfunc.cc:4702 #7 0x00000000007d75b8 in dbug_print_item (item=0x7fd23dc241a0) at /data/src/5.5/sql/item.cc:10012 #8 0x000000000062eae0 in JOIN::prepare (this=0x7fd23dc243b0, rref_pointer_array=0x7fd23dcd7ab0, tables_init=0x7fd23dcd85e8, wild_num=0, conds_init=0x7fd23dc241a0, og_num=0, order_init=0x0, skip_order_by=false, group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x7fd23dcd7810, unit_arg=0x7fd23dcd7130) at /data/src/5.5/sql/sql_select.cc:642 #9 0x000000000063793a in mysql_select (thd=0x7fd2471ef060, rref_pointer_array=0x7fd23dcd7ab0, tables=0x7fd23dcd85e8, wild_num=0, fields=..., conds=0x7fd23dc241a0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2417232640, result=0x7fd23dceb088, unit=0x7fd23dcd7130, select_lex=0x7fd23dcd7810) at /data/src/5.5/sql/sql_select.cc:3098 #10 0x000000000062e19c in handle_select (thd=0x7fd2471ef060, lex=0x7fd23dcd7080, result=0x7fd23dceb088, setup_tables_done_option=0) at /data/src/5.5/sql/sql_select.cc:323 #11 0x0000000000607632 in execute_sqlcom_select (thd=0x7fd2471ef060, all_tables=0x7fd23dcd85e8) at /data/src/5.5/sql/sql_parse.cc:4678 #12 0x00000000006009b3 in mysql_execute_command (thd=0x7fd2471ef060) at /data/src/5.5/sql/sql_parse.cc:2224 #13 0x00000000006217e9 in Prepared_statement::execute (this=0x7fd23dcda460, expanded_query=0x7fd24eddad90, open_cursor=false) at /data/src/5.5/sql/sql_prepare.cc:3932 #14 0x00000000006208fd in Prepared_statement::execute_loop (this=0x7fd23dcda460, expanded_query=0x7fd24eddad90, open_cursor=false, packet=0x0, packet_end=0x0) at /data/src/5.5/sql/sql_prepare.cc:3591 #15 0x000000000061ea1b in mysql_sql_stmt_execute (thd=0x7fd2471ef060) at /data/src/5.5/sql/sql_prepare.cc:2740 #16 0x00000000006009e1 in mysql_execute_command (thd=0x7fd2471ef060) at /data/src/5.5/sql/sql_parse.cc:2234 #17 0x000000000060a1fe in mysql_parse (thd=0x7fd2471ef060, rawbuf=0x7fd23dc24078 "EXECUTE stmt", length=12, parser_state=0x7fd24eddb640) at /data/src/5.5/sql/sql_parse.cc:5923 #18 0x00000000005fdf13 in dispatch_command (command=COM_QUERY, thd=0x7fd2471ef060, packet=0x7fd2471f4061 "EXECUTE stmt", packet_length=12) at /data/src/5.5/sql/sql_parse.cc:1066 #19 0x00000000005fd105 in do_command (thd=0x7fd2471ef060) at /data/src/5.5/sql/sql_parse.cc:793 #20 0x000000000070024f in do_handle_one_connection (thd_arg=0x7fd2471ef060) at /data/src/5.5/sql/sql_connect.cc:1268 #21 0x00000000006fffdc in handle_one_connection (arg=0x7fd2471ef060) at /data/src/5.5/sql/sql_connect.cc:1184 #22 0x0000000000a0e071 in pfs_spawn_thread (arg=0x7fd24739eac0) at /data/src/5.5/storage/perfschema/pfs.cc:1015 #23 0x00007fd24ea61494 in start_thread (arg=0x7fd24eddc700) at pthread_create.c:333 #24 0x00007fd24d47793f in clone () from /lib/x86_64-linux-gnu/libc.so.6 I've created MDEV-15573 for this crash. Release builds are less consistent. 5.5 non-debug build and 10.0.34 release fail, although in a different way: 10.0.34 release bintar pure virtual method called terminate called without an active exception 180315 15:47:50 [ERROR] mysqld got signal 6 ; #7 0x00007ff2f8a920b1 in std::terminate() () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6 #8 0x00007ff2f8a92b8f in __cxa_pure_virtual () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6 #9 0x000000000061792b in check_simple_equality (left_item=0x7ff2e4cbfc58, right_item=0x7ff2e4c1f3e8, item=item@entry=0x7ff2e4cf03a0, cond_equal=cond_equal@entry=0x7ff2f994a140) at /home/buildbot/buildbot/build/sql/sql_select.cc:12519 #10 0x0000000000618a5a in check_equality (eq_list=0x7ff2f994a120, cond_equal=0x7ff2f994a140, item=0x7ff2e4cf03a0, thd=0x7ff2ecb61008) at /home/buildbot/buildbot/build/sql/sql_select.cc:12793 #11 check_equality (eq_list=0x7ff2f994a120, cond_equal=0x7ff2f994a140, item=0x7ff2e4cf03a0, thd=0x7ff2ecb61008) at /home/buildbot/buildbot/build/sql/sql_select.cc:12863 #12 build_equal_items_for_cond (thd=0x7ff2ecb61008, cond=cond@entry=0x7ff2e4c1e148, inherited=inherited@entry=0x0, link_item_fields=link_item_fields@entry=true) at /home/buildbot/buildbot/build/sql/sql_select.cc:12899 #13 0x00000000006192a8 in build_equal_items (join=join@entry=0x7ff2e4c1e358, cond=cond@entry=0x7ff2e4c1e148, join_list=0x7ff2e4cbe988, ignore_on_conds=ignore_on_conds@entry=false, cond_equal_ref=cond_equal_ref@entry=0x7ff2e4c1e7c8, link_equal_fields=link_equal_fields@entry=true, inherited=0x0) at /home/buildbot/buildbot/build/sql/sql_select.cc:13108 #14 0x0000000000619849 in optimize_cond (flags=1, cond_equal=0x7ff2e4c1e7c8, cond_value=0x7ff2e4c1e6a0, ignore_on_conds=false, join_list=<optimized out>, conds=0x7ff2e4c1e148, join=0x7ff2e4c1e358) at /home/buildbot/buildbot/build/sql/sql_select.cc:14741 #15 JOIN::optimize_inner (this=this@entry=0x7ff2e4c1e358) at /home/buildbot/buildbot/build/sql/sql_select.cc:1214 #16 0x000000000061c20e in optimize (this=0x7ff2e4c1e358) at /home/buildbot/buildbot/build/sql/sql_select.cc:1041 #17 mysql_select (thd=thd@entry=0x7ff2ecb61008, rref_pointer_array=rref_pointer_array@entry=0x7ff2e4cbea88, tables=<optimized out>, wild_num=<optimized out>, fields=..., conds=<optimized out>, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2417232640, result=result@entry=0x7ff2e4cbff40, unit=0x7ff2e4cbe0f0, select_lex=select_lex@entry=0x7ff2e4cbe7e0) at /home/buildbot/buildbot/build/sql/sql_select.cc:3319 #18 0x000000000061fa0d in handle_select (thd=thd@entry=0x7ff2ecb61008, lex=lex@entry=0x7ff2e4cbe028, result=result@entry=0x7ff2e4cbff40, setup_tables_done_option=setup_tables_done_option@entry=0) at /home/buildbot/buildbot/build/sql/sql_select.cc:377 #19 0x00000000005c4c38 in execute_sqlcom_select (thd=thd@entry=0x7ff2ecb61008, all_tables=0x7ff2e4cbf658) at /home/buildbot/buildbot/build/sql/sql_parse.cc:5293 #20 0x00000000005d002e in mysql_execute_command (thd=0x7ff2ecb61008) at /home/buildbot/buildbot/build/sql/sql_parse.cc:2553 #21 0x00000000005e3467 in Prepared_statement::execute (this=this@entry=0x7ff2e4c91288, expanded_query=expanded_query@entry=0x7ff2f994bf90, open_cursor=open_cursor@entry=false) at /home/buildbot/buildbot/build/sql/sql_prepare.cc:3974 #22 0x00000000005e3561 in Prepared_statement::execute_loop (this=0x7ff2e4c91288, expanded_query=0x7ff2f994bf90, open_cursor=false, packet_end=<optimized out>, packet=<optimized out>) at /home/buildbot/buildbot/build/sql/sql_prepare.cc:3629 #23 0x00000000005e3a6b in mysql_sql_stmt_execute (thd=thd@entry=0x7ff2ecb61008) at /home/buildbot/buildbot/build/sql/sql_prepare.cc:2779 #24 0x00000000005cf5cc in mysql_execute_command (thd=thd@entry=0x7ff2ecb61008) at /home/buildbot/buildbot/build/sql/sql_parse.cc:2563 #25 0x00000000005d1b37 in mysql_parse (thd=thd@entry=0x7ff2ecb61008, parser_state=parser_state@entry=0x7ff2f994d5d0, length=<optimized out>, rawbuf=<optimized out>) at /home/buildbot/buildbot/build/sql/sql_parse.cc:6569 #26 0x00000000005d4006 in dispatch_command (command=COM_QUERY, thd=0x7ff2ecb61008, packet=<optimized out>, packet_length=12) at /home/buildbot/buildbot/build/sql/sql_parse.cc:1771 #27 0x00000000005d41b3 in do_command (thd=<optimized out>) at /home/buildbot/buildbot/build/sql/sql_parse.cc:999 #28 0x0000000000694d33 in do_handle_one_connection (thd_arg=thd_arg@entry=0x7ff2ecb61008) at /home/buildbot/buildbot/build/sql/sql_connect.cc:1377 #29 0x0000000000694e02 in handle_one_connection (arg=arg@entry=0x7ff2ecb61008) at /home/buildbot/buildbot/build/sql/sql_connect.cc:1292 #30 0x00000000008965dd in pfs_spawn_thread (arg=0x7ff2f783fc08) at /home/buildbot/buildbot/build/storage/perfschema/pfs.cc:1861 #31 0x00007ff2f8f90494 in start_thread (arg=0x7ff2f994e700) at pthread_create.c:333 #32 0x00007ff2f844993f in clone () from /lib/x86_64-linux-gnu/libc.so.6 10.1.31 release build does not fail, but current 10.1 non-debug with ASAN still produces the error: READ of size 1 at 0x62b000016745 thread T24 #0 0x5587481441e7 in Item_func::fix_fields(THD*, Item**) /data/src/10.1/sql/item_func.cc:208 #1 0x5587480c4e81 in Item_cond::fix_fields(THD*, Item**) /data/src/10.1/sql/item_cmpfunc.cc:4634 #2 0x558747afb1f8 in setup_conds(THD*, TABLE_LIST*, List<TABLE_LIST>&, Item**) /data/src/10.1/sql/sql_base.cc:8642 #3 0x558747c7bbf5 in setup_without_group /data/src/10.1/sql/sql_select.cc:649 #4 0x558747c7bbf5 in JOIN::prepare(Item***, TABLE_LIST*, unsigned int, Item*, unsigned int, st_order*, bool, st_order*, Item*, st_order*, st_select_lex*, st_select_lex_unit*) /data/src/10.1/sql/sql_select.cc:811 #5 0x558747ca7dc5 in mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/10.1/sql/sql_select.cc:3454 #6 0x558747ca8672 in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.1/sql/sql_select.cc:388 #7 0x558747b9c9c4 in execute_sqlcom_select /data/src/10.1/sql/sql_parse.cc:5926 #8 0x558747bb3706 in mysql_execute_command(THD*) /data/src/10.1/sql/sql_parse.cc:2976 #9 0x558747bfa1bf in Prepared_statement::execute(String*, bool) /data/src/10.1/sql/sql_prepare.cc:4284 #10 0x558747bfabea in Prepared_statement::execute_loop(String*, bool, unsigned char*, unsigned char*) /data/src/10.1/sql/sql_prepare.cc:3916 #11 0x558747bfbb7d in mysql_sql_stmt_execute(THD*) /data/src/10.1/sql/sql_prepare.cc:3042 #12 0x558747bb372f in mysql_execute_command(THD*) /data/src/10.1/sql/sql_parse.cc:2987 #13 0x558747bc8f4b in mysql_parse(THD*, char*, unsigned int, Parser_state*) /data/src/10.1/sql/sql_parse.cc:7352 #14 0x558747bceef9 in dispatch_command(enum_server_command, THD*, char*, unsigned int) /data/src/10.1/sql/sql_parse.cc:1477 #15 0x558747bd4a35 in do_command(THD*) /data/src/10.1/sql/sql_parse.cc:1106 #16 0x558747e291fb in do_handle_one_connection(THD*) /data/src/10.1/sql/sql_connect.cc:1330 #17 0x558747e296de in handle_one_connection /data/src/10.1/sql/sql_connect.cc:1242 #18 0x5587485d9cab in pfs_spawn_thread /data/src/10.1/storage/perfschema/pfs.cc:1861 #19 0x7fc1dba59493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493) #20 0x7fc1d9e1293e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e) 10.2.13 release build fails with the same crash in fix_fields: 10.2.13 release bintar #2 <signal handler called> #3 0x0000000000000000 in ?? () #4 0x000055641774f570 in fix_fields (thd=0x7f97dc0009a8, this=0x7f97dc02a078, ref=<optimized out>) at /home/buildbot/buildbot/build/sql/item_func.cc:211 #5 Item_func::fix_fields (this=0x7f97dc02a078, thd=0x7f97dc0009a8, ref=<optimized out>) at /home/buildbot/buildbot/build/sql/item_func.cc:178 #6 0x00005564177271f8 in Item_cond::fix_fields (this=0x7f97dc00f158, thd=0x7f97dc0009a8, ref=<optimized out>) at /home/buildbot/buildbot/build/sql/item_cmpfunc.cc:4660 #7 0x000055641753b34b in setup_conds (thd=thd@entry=0x7f97dc0009a8, tables=tables@entry=0x7f97dc023228, leaves=..., conds=conds@entry=0x7f97dc00f790) at /home/buildbot/buildbot/build/sql/sql_base.cc:7800 #8 0x00005564175b6dd9 in setup_without_group (reserved=0x7f97dc02245c, hidden_group_fields=0x7f97dc00f66f, win_funcs=..., win_specs=..., group=0x0, order=0x0, conds=0x7f97dc00f790, all_fields=..., fields=..., leaves=..., tables=0x7f97dc023228, ref_pointer_array=..., thd=0x7f97dc0009a8) at /home/buildbot/buildbot/build/sql/sql_select.cc:640 #9 prepare (unit_arg=0x7f97dc021a60, select_lex_arg=0x7f97dc022198, proc_param_init=0x0, having_init=0x0, group_init=0x0, skip_order_by=false, order_init=<optimized out>, og_num=<optimized out>, conds_init=<optimized out>, wild_num=<optimized out>, tables_init=<optimized out>, this=<optimized out>) at /home/buildbot/buildbot/build/sql/sql_select.cc:823 #10 JOIN::prepare (this=<optimized out>, tables_init=<optimized out>, wild_num=<optimized out>, conds_init=<optimized out>, og_num=<optimized out>, order_init=<optimized out>, skip_order_by=false, group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x7f97dc022198, unit_arg=0x7f97dc021a60) at /home/buildbot/buildbot/build/sql/sql_select.cc:689 #11 0x00005564175c7cd6 in mysql_select (thd=thd@entry=0x7f97dc0009a8, tables=0x7f97dc023228, wild_num=0, fields=..., conds=<optimized out>, og_num=<optimized out>, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2417232640, result=result@entry=0x7f97dc024e28, unit=unit@entry=0x7f97dc021a60, select_lex=select_lex@entry=0x7f97dc022198) at /home/buildbot/buildbot/build/sql/sql_select.cc:3739 #12 0x00005564175c8de4 in handle_select (thd=thd@entry=0x7f97dc0009a8, lex=lex@entry=0x7f97dc021998, result=result@entry=0x7f97dc024e28, setup_tables_done_option=setup_tables_done_option@entry=0) at /home/buildbot/buildbot/build/sql/sql_select.cc:376 #13 0x00005564174b9789 in execute_sqlcom_select (thd=thd@entry=0x7f97dc0009a8, all_tables=0x7f97dc023228) at /home/buildbot/buildbot/build/sql/sql_parse.cc:6456 #14 0x00005564175784f8 in mysql_execute_command (thd=0x7f97dc0009a8) at /home/buildbot/buildbot/build/sql/sql_parse.cc:3467 #15 0x000055641758fb4e in Prepared_statement::execute (this=this@entry=0x7f97dc0215c8, expanded_query=expanded_query@entry=0x7f982bbacb20, open_cursor=open_cursor@entry=false) at /home/buildbot/buildbot/build/sql/sql_prepare.cc:4773 #16 0x00005564175908ec in Prepared_statement::execute_loop (this=0x7f97dc0215c8, expanded_query=0x7f982bbacb20, open_cursor=false, packet_end=<optimized out>, packet=<optimized out>) at /home/buildbot/buildbot/build/sql/sql_prepare.cc:4203 #17 0x000055641759138d in mysql_sql_stmt_execute (thd=thd@entry=0x7f97dc0009a8) at /home/buildbot/buildbot/build/sql/sql_prepare.cc:3311 #18 0x000055641757645c in mysql_execute_command (thd=thd@entry=0x7f97dc0009a8) at /home/buildbot/buildbot/build/sql/sql_parse.cc:3483 #19 0x000055641757d2da in mysql_parse (thd=thd@entry=0x7f97dc0009a8, rawbuf=<optimized out>, length=12, parser_state=parser_state@entry=0x7f982bbae260, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /home/buildbot/buildbot/build/sql/sql_parse.cc:7902 #20 0x000055641757f66e in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x7f97dc0009a8, packet=<optimized out>, packet_length=3691049008, packet_length@entry=12, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /home/buildbot/buildbot/build/sql/sql_parse.cc:1806 #21 0x000055641757fc1e in do_command (thd=0x7f97dc0009a8) at /home/buildbot/buildbot/build/sql/sql_parse.cc:1360 #22 0x000055641763da7f in do_handle_one_connection (connect=connect@entry=0x55641953c0a8) at /home/buildbot/buildbot/build/sql/sql_connect.cc:1335 #23 0x000055641763dba4 in handle_one_connection (arg=arg@entry=0x55641953c0a8) at /home/buildbot/buildbot/build/sql/sql_connect.cc:1241 #24 0x0000556417879d3d in pfs_spawn_thread (arg=0x5564194d9108) at /home/buildbot/buildbot/build/storage/perfschema/pfs.cc:1862 #25 0x00007f98307ed494 in start_thread (arg=0x7f982bbaf700) at pthread_create.c:333 #26 0x00007f982feaa93f in clone () from /lib/x86_64-linux-gnu/libc.so.6 All in all, the problem still seem to exist, although it might be not easy to debug due to the masking crash MDEV-15573 .

Elena Stepanova made changes - 2018-03-15 13:19

Fix Version/s		5.5.60 [ 22913 ]
Fix Version/s		10.3.5 [ 22905 ]
Fix Version/s		10.2.13 [ 22910 ]
Fix Version/s		10.1.31 [ 22907 ]
Fix Version/s		10.0.34 [ 22613 ]
Affects Version/s		10.3.4 [ 22904 ]
Affects Version/s		10.2.12 [ 22810 ]
Affects Version/s		10.1.30 [ 22637 ]
Affects Version/s		10.0.33 [ 22552 ]
Affects Version/s		5.5.59 [ 22612 ]

Elena Stepanova made changes - 2018-03-15 13:24

Component/s		Prepared Statements [ 10804 ]
Component/s		Views [ 10111 ]

Elena Stepanova made changes - 2018-03-15 13:28

Link

This issue relates to ~~MDEV-15573~~ [ ~~MDEV-15573~~ ]

Elena Stepanova made changes - 2018-03-15 13:37

Fix Version/s

10.2.13 [ 22910 ]

Elena Stepanova made changes - 2018-03-15 13:57

Fix Version/s		10.2 [ 14601 ]
Fix Version/s		10.3 [ 22126 ]
Fix Version/s		10.0 [ 16000 ]
Fix Version/s		10.1 [ 16100 ]
Fix Version/s	10.0.34 [ 22613 ]
Fix Version/s	10.3.5 [ 22905 ]
Fix Version/s	10.1.31 [ 22907 ]

Elena Stepanova made changes - 2018-03-15 14:04

Fix Version/s		5.5 [ 15800 ]
Fix Version/s	5.5.60 [ 22913 ]

Elena Stepanova made changes - 2018-03-15 14:04

Status

Open [ 1 ]

Confirmed [ 10101 ]

Elena Stepanova made changes - 2018-03-15 14:11

Priority

Major [ 3 ]

Blocker [ 1 ]

Elena Stepanova made changes - 2018-03-15 14:11

Assignee

Elena Stepanova [ elenst ]

Oleksandr Byelkin [ sanja ]

Oleksandr Byelkin made changes - 2018-03-15 14:52

Status

Confirmed [ 10101 ]

In Progress [ 3 ]

Oleksandr Byelkin added a comment - 2018-03-15 16:24

somehow temporally created item for the view field left in arguments of comparison...

Oleksandr Byelkin added a comment - 2018-03-15 16:24 somehow temporally created item for the view field left in arguments of comparison...

Oleksandr Byelkin added a comment - 2018-03-20 08:34

The real problem is that INSERT invalidate re-prepare observer, but it never checked because result returned from QC, then when we start execution without QC we already do not detect need in reprepare (because it was checked before).

Oleksandr Byelkin added a comment - 2018-03-20 08:34 The real problem is that INSERT invalidate re-prepare observer, but it never checked because result returned from QC, then when we start execution without QC we already do not detect need in reprepare (because it was checked before).

Oleksandr Byelkin added a comment - 2018-03-20 11:41

above is again wrong theory

Oleksandr Byelkin added a comment - 2018-03-20 11:41 above is again wrong theory

Oleksandr Byelkin added a comment - 2018-03-20 13:04

Original idea looks like correct, but causes are not found jet:

view field rolled back in other adders:
It used in function constructed for SemiJoin:
(gdb) p args[1]
$2 = (Item *) 0x7fff94027238
(gdb) p args+1
$3 = (Item **) 0x7fff94027438

but rolled back in other address:
T@7 : | | | | | | | info: Rollback: 0x7fff94027238 (0x7fff9400ade8) <- 0x7fff94006c08

i.e. Semi join uses second reference to the field.

Oleksandr Byelkin added a comment - 2018-03-20 13:04 Original idea looks like correct, but causes are not found jet: view field rolled back in other adders: It used in function constructed for SemiJoin: (gdb) p args [1] $2 = (Item *) 0x7fff94027238 (gdb) p args+1 $3 = (Item **) 0x7fff94027438 but rolled back in other address: T@7 : | | | | | | | info: Rollback: 0x7fff94027238 (0x7fff9400ade8) <- 0x7fff94006c08 i.e. Semi join uses second reference to the field.

Oleksandr Byelkin added a comment - 2018-03-21 07:56

in "Normal" execution there is also Item_direct_view_ref used in the right part of semijoin.

Oleksandr Byelkin added a comment - 2018-03-21 07:56 in "Normal" execution there is also Item_direct_view_ref used in the right part of semijoin.

Oleksandr Byelkin added a comment - 2018-03-21 08:54

but above Items (2 of them created - one during prepare, and one during execution) put in statement memory so they are not removed.

Oleksandr Byelkin added a comment - 2018-03-21 08:54 but above Items (2 of them created - one during prepare, and one during execution) put in statement memory so they are not removed.

Oleksandr Byelkin added a comment - 2018-03-21 09:23

"Normal" execution is based on hack (first bug) that direct view reference put in statement memory and can be used without re-prepare.
It this scenario QC answer instead first execution but statement marked as it was really first time executed (second bug) so direct view reference was put in runtime memory during real first execution and so can not be used after that.

Oleksandr Byelkin added a comment - 2018-03-21 09:23 "Normal" execution is based on hack (first bug) that direct view reference put in statement memory and can be used without re-prepare. It this scenario QC answer instead first execution but statement marked as it was really first time executed (second bug) so direct view reference was put in runtime memory during real first execution and so can not be used after that.

Oleksandr Byelkin made changes - 2018-03-21 10:33

Link

This issue relates to MDEV-15614 [ MDEV-15614 ]

Oleksandr Byelkin added a comment - 2018-03-21 10:48

in 5.5 we will fix only bug with incorrect first execution flag, for view references created https://jira.mariadb.org/browse/MDEV-15614

Oleksandr Byelkin added a comment - 2018-03-21 10:48 in 5.5 we will fix only bug with incorrect first execution flag, for view references created https://jira.mariadb.org/browse/MDEV-15614

Oleksandr Byelkin made changes - 2018-03-21 11:19

Assignee	Oleksandr Byelkin [ sanja ]	Sergei Golubchik [ serg ]
Status	In Progress [ 3 ]	In Review [ 10002 ]

Oleksandr Byelkin added a comment - 2018-03-21 11:20

revision-id: 49a443c53a7f01812299f20e94c7209579efd881 (mariadb-5.5.59-45-g49a443c53a7)
parent(s): 0943b33de3daa0fcbf58803be8e991941de63218
author: Oleksandr Byelkin
committer: Oleksandr Byelkin
timestamp: 2018-03-21 12:13:37 +0100
message:

~~MDEV-15492~~: Subquery crash similar to ~~MDEV-10050~~

Detection of first execution of PS fixed.
More debug info.

—

Oleksandr Byelkin added a comment - 2018-03-21 11:20 revision-id: 49a443c53a7f01812299f20e94c7209579efd881 (mariadb-5.5.59-45-g49a443c53a7) parent(s): 0943b33de3daa0fcbf58803be8e991941de63218 author: Oleksandr Byelkin committer: Oleksandr Byelkin timestamp: 2018-03-21 12:13:37 +0100 message: MDEV-15492 : Subquery crash similar to MDEV-10050 Detection of first execution of PS fixed. More debug info. —

Sergei Golubchik made changes - 2018-03-21 15:49

Assignee	Sergei Golubchik [ serg ]	Oleksandr Byelkin [ sanja ]
Status	In Review [ 10002 ]	Stalled [ 10000 ]

Oleksandr Byelkin made changes - 2018-03-21 18:55

Status

Stalled [ 10000 ]

In Progress [ 3 ]

Oleksandr Byelkin made changes - 2018-03-21 18:56

Component/s	Data Manipulation - Subquery [ 10107 ]
Component/s	Views [ 10111 ]
Fix Version/s		5.5.60 [ 22913 ]
Fix Version/s		10.0.35 [ 22912 ]
Fix Version/s		10.1.32 [ 22908 ]
Fix Version/s		10.2.14 [ 22911 ]
Fix Version/s		10.3.6 [ 23003 ]
Fix Version/s	10.2 [ 14601 ]
Fix Version/s	5.5 [ 15800 ]
Fix Version/s	10.0 [ 16000 ]
Fix Version/s	10.1 [ 16100 ]
Fix Version/s	10.3 [ 22126 ]
Resolution		Fixed [ 1 ]
Status	In Progress [ 3 ]	Closed [ 6 ]

Sergei Golubchik made changes - 2021-12-06 21:46

Workflow

MariaDB v3 [ 85874 ]

MariaDB v4 [ 153908 ]

Jira Automation (IT) made changes - 2024-07-04 07:54

Zendesk Related Tickets

162461 161252

MariaDB Server

Subquery crash similar to MDEV-10050

Details

Description

Attachments

Issue Links

Activity

People

Dates

Git Integration