Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-16957

Server crashes in Field_iterator_natural_join::next upon 2nd execution of SP

Details

    Description

      CREATE TABLE t1 (a INT, b VARCHAR(32));
      		 
      CREATE PROCEDURE sp() SELECT * FROM t1 AS t1x JOIN t1 AS t1y USING (c);
      		 
      --error ER_BAD_FIELD_ERROR
      		 
      CALL sp;
      		 
      --error ER_BAD_FIELD_ERROR
      		 
      CALL sp;
      		 
       
      		 
      # Cleanup
      		 
      DROP PROCEDURE sp;
      		 
      DROP TABLE t1;

      10.0 9dfef6e29b9

      		 
      #3  <signal handler called>
      		 
      #4  0x0000000000732b0c in Field_iterator_natural_join::next (this=0x7f94442b31e0) at /data/src/10.0/sql/table.cc:5371
      		 
      #5  0x0000000000732f11 in Field_iterator_table_ref::next (this=0x7f94442b3190) at /data/src/10.0/sql/table.cc:5441
      		 
      #6  0x00000000005f52f5 in mark_common_columns (thd=0x7f943c2a8070, table_ref_1=0x7f943a7b8190, table_ref_2=0x7f943a7b87c0, using_fields=0x7f943a7b8dc0, found_using_fields=0x7f94442b3364) at /data/src/10.0/sql/sql_base.cc:7178
      		 
      #7  0x00000000005f5ffe in store_top_level_join_columns (thd=0x7f943c2a8070, table_ref=0x7f943a7b8e08, left_neighbor=0x0, right_neighbor=0x0) at /data/src/10.0/sql/sql_base.cc:7591
      		 
      #8  0x00000000005f6309 in setup_natural_join_row_types (thd=0x7f943c2a8070, from_clause=0x7f943a758518, context=0x7f943a7583c0) at /data/src/10.0/sql/sql_base.cc:7713
      		 
      #9  0x00000000005f74ae in setup_tables (thd=0x7f943c2a8070, context=0x7f943a7583c0, from_clause=0x7f943a758518, tables=0x7f943a7b8190, leaves=..., select_insert=false, full_table_list=false) at /data/src/10.0/sql/sql_base.cc:8114
      		 
      #10 0x00000000005f7569 in setup_tables_and_check_access (thd=0x7f943c2a8070, context=0x7f943a7583c0, from_clause=0x7f943a758518, tables=0x7f943a7b8190, leaves=..., select_insert=false, want_access_first=1, want_access=1, full_table_list=false) at /data/src/10.0/sql/sql_base.cc:8158
      		 
      #11 0x00000000006813f2 in JOIN::prepare (this=0x7f943a7f41e0, rref_pointer_array=0x7f943a758618, tables_init=0x7f943a7b8190, wild_num=1, conds_init=0x0, og_num=0, order_init=0x0, skip_order_by=false, group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x7f943a758370, unit_arg=0x7f943a757c80) at /data/src/10.0/sql/sql_select.cc:720
      		 
      #12 0x000000000068a896 in mysql_select (thd=0x7f943c2a8070, rref_pointer_array=0x7f943a758618, tables=0x7f943a7b8190, wild_num=1, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147749632, result=0x7f943a7f41c0, unit=0x7f943a757c80, select_lex=0x7f943a758370) at /data/src/10.0/sql/sql_select.cc:3326
      		 
      #13 0x00000000006809c0 in handle_select (thd=0x7f943c2a8070, lex=0x7f943a757bb8, result=0x7f943a7f41c0, setup_tables_done_option=0) at /data/src/10.0/sql/sql_select.cc:377
      		 
      #14 0x0000000000654eb3 in execute_sqlcom_select (thd=0x7f943c2a8070, all_tables=0x7f943a7b8190) at /data/src/10.0/sql/sql_parse.cc:5301
      		 
      #15 0x000000000064d409 in mysql_execute_command (thd=0x7f943c2a8070) at /data/src/10.0/sql/sql_parse.cc:2557
      		 
      #16 0x000000000097f3fa in sp_instr_stmt::exec_core (this=0x7f943a7b9480, thd=0x7f943c2a8070, nextp=0x7f94442b4a68) at /data/src/10.0/sql/sp_head.cc:3210
      		 
      #17 0x000000000097eb09 in sp_lex_keeper::reset_lex_and_exec_core (this=0x7f943a7b94c0, thd=0x7f943c2a8070, nextp=0x7f94442b4a68, open_tables=false, instr=0x7f943a7b9480) at /data/src/10.0/sql/sp_head.cc:2977
      		 
      #18 0x000000000097f0c4 in sp_instr_stmt::execute (this=0x7f943a7b9480, thd=0x7f943c2a8070, nextp=0x7f94442b4a68) at /data/src/10.0/sql/sp_head.cc:3126
      		 
      #19 0x000000000097ae95 in sp_head::execute (this=0x7f943a757088, thd=0x7f943c2a8070, merge_da_on_success=true) at /data/src/10.0/sql/sp_head.cc:1369
      		 
      #20 0x000000000097cb49 in sp_head::execute_procedure (this=0x7f943a757088, thd=0x7f943c2a8070, args=0x7f943c2ac6c8) at /data/src/10.0/sql/sp_head.cc:2157
      		 
      #21 0x0000000000653393 in mysql_execute_command (thd=0x7f943c2a8070) at /data/src/10.0/sql/sql_parse.cc:4727
      		 
      #22 0x0000000000657d10 in mysql_parse (thd=0x7f943c2a8070, rawbuf=0x7f943a4fa088 "CALL sp", length=7, parser_state=0x7f94442b5640) at /data/src/10.0/sql/sql_parse.cc:6637
      		 
      #23 0x000000000064a630 in dispatch_command (command=COM_QUERY, thd=0x7f943c2a8070, packet=0x7f943d7e5071 "CALL sp", packet_length=7) at /data/src/10.0/sql/sql_parse.cc:1300
      		 
      #24 0x0000000000649930 in do_command (thd=0x7f943c2a8070) at /data/src/10.0/sql/sql_parse.cc:1003
      		 
      #25 0x000000000076ac56 in do_handle_one_connection (thd_arg=0x7f943c2a8070) at /data/src/10.0/sql/sql_connect.cc:1377
      		 
      #26 0x000000000076a9c8 in handle_one_connection (arg=0x7f943c2a8070) at /data/src/10.0/sql/sql_connect.cc:1292
      		 
      #27 0x0000000000accd5a in pfs_spawn_thread (arg=0x7f943c1a25f0) at /data/src/10.0/storage/perfschema/pfs.cc:1861
      		 
      #28 0x00007f9443f32494 in start_thread (arg=0x7f94442b6700) at pthread_create.c:333
      		 
      #29 0x00007f94422eb93f in clone () from /lib/x86_64-linux-gnu/libc.so.6

      Reproducible with at least MyISAM and InnoDB.

      On some builds it causes effects described in MDEV-16789, and in general it's similar, only this crashes on all of 5.5-10.3.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-24935 Server crashes in Field_iterator_natural_join::next or Field_iterator_table_ref::set_field_iterator upon 2nd execution of SP

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-16789 Server crash in insert_fields or unexpected ER_NO_TABLES_USED upon 2nd execution of SP

          • Major - Major loss of function.
          • Open

          Activity

            Ascending order - Click to sort in descending order
            elenst Elena Stepanova added a comment -

            Badly affects tests

            elenst Elena Stepanova added a comment - Badly affects tests
            sanja Oleksandr Byelkin added a comment -

            It looks like problem is in bad cleanup of join setup after error

            sanja Oleksandr Byelkin added a comment - It looks like problem is in bad cleanup of join setup after error
            sanja Oleksandr Byelkin added a comment -

            The problem was that join_columns creation was not finished due to error of notfound column in USING, but next execution tried to use join_columns lists.

            sanja Oleksandr Byelkin added a comment - The problem was that join_columns creation was not finished due to error of notfound column in USING, but next execution tried to use join_columns lists.
            sanja Oleksandr Byelkin added a comment -

            revision-id: 1e40186998b1c609059f8840f05af031f68b6647 (mariadb-5.5.61-10-g1e40186998b)
            parent(s): e560f2f342aeb2d72937e9c6f5a4fcbfecc1c35e
            author: Oleksandr Byelkin
            committer: Oleksandr Byelkin
            timestamp: 2018-08-30 15:18:35 +0200
            message:

            MDEV-16957: Server crashes in Field_iterator_natural_join::next upon 2nd execution of SP

            The problem was that join_columns creation was not finished due to error of notfound column in USING, but next execution tried to use join_columns lists.

            Solution is cleanup the lists on error. It can eat memory in statement MEM_ROOT but it is an error and error will be fixed or statement/procedure removed/altered.

            sanja Oleksandr Byelkin added a comment - revision-id: 1e40186998b1c609059f8840f05af031f68b6647 (mariadb-5.5.61-10-g1e40186998b) parent(s): e560f2f342aeb2d72937e9c6f5a4fcbfecc1c35e author: Oleksandr Byelkin committer: Oleksandr Byelkin timestamp: 2018-08-30 15:18:35 +0200 message: MDEV-16957 : Server crashes in Field_iterator_natural_join::next upon 2nd execution of SP The problem was that join_columns creation was not finished due to error of notfound column in USING, but next execution tried to use join_columns lists. Solution is cleanup the lists on error. It can eat memory in statement MEM_ROOT but it is an error and error will be fixed or statement/procedure removed/altered. —
            sanja Oleksandr Byelkin added a comment -

            revision-id: 10edeb4d0292d52e06e66dbe19e6a80ea903a64a (mariadb-5.5.61-10-g10edeb4d029)
            parent(s): e560f2f342aeb2d72937e9c6f5a4fcbfecc1c35e
            author: Oleksandr Byelkin
            committer: Oleksandr Byelkin
            timestamp: 2018-08-30 16:29:42 +0200
            message:

            MDEV-16957: Server crashes in Field_iterator_natural_join::next upon 2nd execution of SP

            The problem was that join_columns creation was not finished due to error of notfound column in USING, but next execution tried to use join_columns lists.

            Solution is cleanup the lists on error. It can eat memory in statement MEM_ROOT but it is an error and error will be fixed or statement/procedure removed/altered.

            sanja Oleksandr Byelkin added a comment - revision-id: 10edeb4d0292d52e06e66dbe19e6a80ea903a64a (mariadb-5.5.61-10-g10edeb4d029) parent(s): e560f2f342aeb2d72937e9c6f5a4fcbfecc1c35e author: Oleksandr Byelkin committer: Oleksandr Byelkin timestamp: 2018-08-30 16:29:42 +0200 message: MDEV-16957 : Server crashes in Field_iterator_natural_join::next upon 2nd execution of SP The problem was that join_columns creation was not finished due to error of notfound column in USING, but next execution tried to use join_columns lists. Solution is cleanup the lists on error. It can eat memory in statement MEM_ROOT but it is an error and error will be fixed or statement/procedure removed/altered. —
            sanja Oleksandr Byelkin added a comment -

            revision-id: a69cb800d3a2001589dea6f2b189d4aeee661e60 (mariadb-5.5.61-10-ga69cb800d3a)
            parent(s): e560f2f342aeb2d72937e9c6f5a4fcbfecc1c35e
            author: Oleksandr Byelkin
            committer: Oleksandr Byelkin
            timestamp: 2018-08-30 16:56:46 +0200
            message:

            MDEV-16957: Server crashes in Field_iterator_natural_join::next upon 2nd execution of SP

            The problem was that join_columns creation was not finished due to error of notfound column in USING, but next execution tried to use join_columns lists.

            Solution is cleanup the lists on error. It can eat memory in statement MEM_ROOT but it is an error and error will be fixed or statement/procedure removed/altered.

            sanja Oleksandr Byelkin added a comment - revision-id: a69cb800d3a2001589dea6f2b189d4aeee661e60 (mariadb-5.5.61-10-ga69cb800d3a) parent(s): e560f2f342aeb2d72937e9c6f5a4fcbfecc1c35e author: Oleksandr Byelkin committer: Oleksandr Byelkin timestamp: 2018-08-30 16:56:46 +0200 message: MDEV-16957 : Server crashes in Field_iterator_natural_join::next upon 2nd execution of SP The problem was that join_columns creation was not finished due to error of notfound column in USING, but next execution tried to use join_columns lists. Solution is cleanup the lists on error. It can eat memory in statement MEM_ROOT but it is an error and error will be fixed or statement/procedure removed/altered. —
            psergei Sergei Petrunia added a comment -

            Ok to push

            psergei Sergei Petrunia added a comment - Ok to push

            People

              sanja Oleksandr Byelkin
              elenst Elena Stepanova
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.