Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-17361

Server crashes in Query_arena::set_query_arena upon UPDATE on multi-table view

    Details

      Description

      Note: Might be related to MDEV-18452 and/or MDEV-18216, but not similar enough to consider it a duplicate without further investigation.

      CREATE TABLE t1 (a TEXT DEFAULT '', b DATE DEFAULT '1900-01-01');
      CREATE TABLE t2 (c CHAR);
      INSERT INTO t2 () VALUES (),(),(),();
       
      CREATE ALGORITHM=MERGE VIEW v AS SELECT * FROM t1 JOIN t2;
      INSERT INTO v (a) VALUES (NULL);
       
      UPDATE v SET a = DEFAULT ORDER BY b LIMIT 1;
       
      # Cleanup
      DROP VIEW v;
      DROP TABLE t1, t2;
      

      10.3 117291db

      #3  <signal handler called>
      #4  0x000055ecd99616a8 in Query_arena::set_query_arena (this=0x7f9878000b18, set=0x0) at /data/src/10.3/sql/sql_class.cc:3730
      #5  0x000055ecd9961b12 in THD::set_n_backup_active_arena (this=0x7f9878000b00, set=0x0, backup=0x7f988aa25df0) at /data/src/10.3/sql/sql_class.cc:3818
      #6  0x000055ecd9c8048b in Field::set_default (this=0x7f9878175c18) at /data/src/10.3/sql/field.cc:2392
      #7  0x000055ecd9ca83e2 in Field::save_in_field_default_value (this=0x7f9878175c18, view_error_processing=false) at /data/src/10.3/sql/field.cc:11372
      #8  0x000055ecd9cee9be in Item_default_value::save_in_field (this=0x7f9878015568, field_arg=0x7f9878175c18, no_conversions=false) at /data/src/10.3/sql/item.cc:9368
      #9  0x000055ecd993fe54 in fill_record (thd=0x7f9878000b00, table=0x7f987803c8b8, ptr=0x7f987803d9a8, values=..., ignore_errors=true, use_value=false) at /data/src/10.3/sql/sql_base.cc:8567
      #10 0x000055ecd9ac1c8d in multi_update::send_data (this=0x7f987801a3f8, not_used_values=...) at /data/src/10.3/sql/sql_update.cc:2443
      #11 0x000055ecd9a39532 in end_send (join=0x7f987801a4d0, join_tab=0x7f987803a8d0, end_of_records=false) at /data/src/10.3/sql/sql_select.cc:20580
      #12 0x000055ecd9a36d42 in evaluate_join_record (join=0x7f987801a4d0, join_tab=0x7f987803a520, error=0) at /data/src/10.3/sql/sql_select.cc:19616
      #13 0x000055ecd9a36622 in sub_select (join=0x7f987801a4d0, join_tab=0x7f987803a520, end_of_records=false) at /data/src/10.3/sql/sql_select.cc:19396
      #14 0x000055ecd9a35b5c in do_select (join=0x7f987801a4d0, procedure=0x0) at /data/src/10.3/sql/sql_select.cc:18936
      #15 0x000055ecd9a0e735 in JOIN::exec_inner (this=0x7f987801a4d0) at /data/src/10.3/sql/sql_select.cc:4040
      #16 0x000055ecd9a0db76 in JOIN::exec (this=0x7f987801a4d0) at /data/src/10.3/sql/sql_select.cc:3834
      #17 0x000055ecd9a0ee16 in mysql_select (thd=0x7f9878000b00, tables=0x7f9878014df0, wild_num=0, fields=..., conds=0x0, og_num=1, order=0x7f98780157b8, group=0x0, having=0x0, proc_param=0x0, select_options=1342177408, result=0x7f987801a3f8, unit=0x7f98780049c8, select_lex=0x7f9878005138) at /data/src/10.3/sql/sql_select.cc:4239
      #18 0x000055ecd9abf551 in mysql_multi_update (thd=0x7f9878000b00, table_list=0x7f9878014df0, fields=0x7f9878005260, values=0x7f9878005768, conds=0x0, options=0, handle_duplicates=DUP_ERROR, ignore=false, unit=0x7f98780049c8, select_lex=0x7f9878005138, result=0x7f988aa267c0) at /data/src/10.3/sql/sql_update.cc:1764
      #19 0x000055ecd99c45f3 in mysql_execute_command (thd=0x7f9878000b00) at /data/src/10.3/sql/sql_parse.cc:4651
      #20 0x000055ecd99cf6bc in mysql_parse (thd=0x7f9878000b00, rawbuf=0x7f9878014ce8 "UPDATE v SET a = DEFAULT ORDER BY b LIMIT 1", length=43, parser_state=0x7f988aa275f0, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:8091
      #21 0x000055ecd99bc970 in dispatch_command (command=COM_QUERY, thd=0x7f9878000b00, packet=0x7f987800b1f1 "UPDATE v SET a = DEFAULT ORDER BY b LIMIT 1", packet_length=43, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:1857
      #22 0x000055ecd99bb35a in do_command (thd=0x7f9878000b00) at /data/src/10.3/sql/sql_parse.cc:1403
      #23 0x000055ecd9b23e51 in do_handle_one_connection (connect=0x55ecdc6cc470) at /data/src/10.3/sql/sql_connect.cc:1402
      #24 0x000055ecd9b23bd5 in handle_one_connection (arg=0x55ecdc6cc470) at /data/src/10.3/sql/sql_connect.cc:1308
      #25 0x000055ecd9fc0597 in pfs_spawn_thread (arg=0x55ecdc6111d0) at /data/src/10.3/storage/perfschema/pfs.cc:1862
      #26 0x00007f989276f494 in start_thread (arg=0x7f988aa28700) at pthread_create.c:333
      #27 0x00007f989093d93f in clone () from /lib/x86_64-linux-gnu/libc.so.6
      

      10.3 117291db ASAN

      ==27349==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc 0x55c258f7190f sp 0x7f717ac9c280 bp 0x7f717ac9c290 T5)
          #0 0x55c258f7190e in Query_arena::set_query_arena(Query_arena*) /data/src/10.3/sql/sql_class.cc:3730
          #1 0x55c258f7278b in THD::set_n_backup_active_arena(Query_arena*, Query_arena*) /data/src/10.3/sql/sql_class.cc:3818
          #2 0x55c2596ca04a in Field::set_default() /data/src/10.3/sql/field.cc:2392
          #3 0x55c25973b08e in Field::save_in_field_default_value(bool) /data/src/10.3/sql/field.cc:11372
          #4 0x55c2597f32dc in Item_default_value::save_in_field(Field*, bool) /data/src/10.3/sql/item.cc:9368
          #5 0x55c258f20df2 in fill_record(THD*, TABLE*, Field**, List<Item>&, bool, bool) /data/src/10.3/sql/sql_base.cc:8567
          #6 0x55c2592cd3af in multi_update::send_data(List<Item>&) /data/src/10.3/sql/sql_update.cc:2443
          #7 0x55c259176f1c in end_send /data/src/10.3/sql/sql_select.cc:20580
          #8 0x55c25916f08a in evaluate_join_record /data/src/10.3/sql/sql_select.cc:19616
          #9 0x55c25916dc56 in sub_select(JOIN*, st_join_table*, bool) /data/src/10.3/sql/sql_select.cc:19396
          #10 0x55c25916bf70 in do_select /data/src/10.3/sql/sql_select.cc:18936
          #11 0x55c259108765 in JOIN::exec_inner() /data/src/10.3/sql/sql_select.cc:4040
          #12 0x55c259106393 in JOIN::exec() /data/src/10.3/sql/sql_select.cc:3834
          #13 0x55c2591098ac in mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/10.3/sql/sql_select.cc:4239
          #14 0x55c2592c62bf in mysql_multi_update(THD*, TABLE_LIST*, List<Item>*, List<Item>*, Item*, unsigned long long, enum_duplicates, bool, st_select_lex_unit*, st_select_lex*, multi_update**) /data/src/10.3/sql/sql_update.cc:1764
          #15 0x55c259059cb8 in mysql_execute_command(THD*) /data/src/10.3/sql/sql_parse.cc:4651
          #16 0x55c259070104 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.3/sql/sql_parse.cc:8091
          #17 0x55c25904a1e1 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.3/sql/sql_parse.cc:1857
          #18 0x55c259047243 in do_command(THD*) /data/src/10.3/sql/sql_parse.cc:1403
          #19 0x55c2593bad9f in do_handle_one_connection(CONNECT*) /data/src/10.3/sql/sql_connect.cc:1402
          #20 0x55c2593ba7ab in handle_one_connection /data/src/10.3/sql/sql_connect.cc:1308
          #21 0x55c259ef0f29 in pfs_spawn_thread /data/src/10.3/storage/perfschema/pfs.cc:1862
          #22 0x7f71874b9493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
          #23 0x7f718568793e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e)
       
      AddressSanitizer can not provide additional info.
      SUMMARY: AddressSanitizer: SEGV /data/src/10.3/sql/sql_class.cc:3730 Query_arena::set_query_arena(Query_arena*)
      Thread T5 created by T0 here:
          #0 0x7f71876f2bba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)
          #1 0x55c259ef14f1 in spawn_thread_v1 /data/src/10.3/storage/perfschema/pfs.cc:1912
          #2 0x55c258db2a18 in inline_mysql_thread_create /data/src/10.3/include/mysql/psi/mysql_thread.h:1268
          #3 0x55c258dc83ae in create_thread_to_handle_connection(CONNECT*) /data/src/10.3/sql/mysqld.cc:6589
          #4 0x55c258dc8ab3 in create_new_thread /data/src/10.3/sql/mysqld.cc:6659
          #5 0x55c258dc9aca in handle_connections_sockets() /data/src/10.3/sql/mysqld.cc:6934
          #6 0x55c258dc786b in mysqld_main(int, char**) /data/src/10.3/sql/mysqld.cc:6211
          #7 0x55c258db0a9f in main /data/src/10.3/sql/main.cc:25
          #8 0x7f71855bf2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
       
      ==27349==ABORTING
      

      Also reproducible on a non-debug build.
      Reproducible with at least MyISAM and InnoDB.
      Couldn't reproduce on 10.2.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                sanja Oleksandr Byelkin
                Reporter:
                elenst Elena Stepanova
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated: