[MDEV-19178] Server crash in create_view_field or Assertion `m_sp == __null' failed in Item_func_sp::fix_fields after invalidating view by dropping function - Jira

XML

Word

Printable

Details

Type: Bug
Status: Confirmed (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: 5.5, 10.1, 10.2, 10.3, 10.4, 10.5, 10.6, 10.7, 10.8, 10.9, 10.10
Fix Version/s: 10.4, 10.5, 10.6, 10.11, 11.0
Component/s: Stored routines, Views
Labels:
None

Description

Note: The assertion looks like MDEV-14557, but the location, stack trace and test case are different, so I'm filing it separately. Still, I assume the root cause is the same, ~~MDEV-5816~~, so I'm setting fix version to 10.5. Feel free to fix in earlier versions if it turns out possible/reasonable.

CREATE TABLE t1 (a INT);

CREATE FUNCTION zero() RETURNS INT RETURN 0;

CREATE VIEW v1 AS SELECT zero() AS zero FROM t1;

CREATE FUNCTION f(i INT) RETURNS INT RETURN i;

CREATE VIEW v2 AS SELECT f(zero) AS f FROM v1;

DROP FUNCTION zero;

UPDATE v2 SET f = 4;

10.4 0dc442ac
mysqld: /data/src/10.4/sql/item_func.cc:6341: virtual bool Item_func_sp::fix_fields(THD, Item*): Assertion `m_sp == __null' failed.
190405 0:30:34 [ERROR] mysqld got signal 6 ;

#7 0x00007ff850698ee2 in __assert_fail () from /lib/x86_64-linux-gnu/libc.so.6
#8 0x00005573dadcca3b in Item_func_sp::fix_fields (this=0x7ff8380184b8, thd=0x7ff838000b00, ref=0x7ff8380481d0) at /data/src/10.4/sql/item_func.cc:6341
#9 0x00005573dab18fe6 in create_view_field (thd=0x7ff838000b00, view=0x7ff8380156c0, field_ref=0x7ff8380481d0, name=0x7ff8380481d8) at /data/src/10.4/sql/table.cc:6378
#10 0x00005573dab18e5f in Field_iterator_view::create_item (this=0x7ff84a810870, thd=0x7ff838000b00) at /data/src/10.4/sql/table.cc:6353
#11 0x00005573da95a27e in find_field_in_view (thd=0x7ff838000b00, table_list=0x7ff8380156c0, name=0x7ff838015d80 "f", length=1, item_name=0x7ff838015d80 "f", ref=0x7ff838015f38, register_tree_change=true) at /data/src/10.4/sql/sql_base.cc:5700
#12 0x00005573da95b108 in find_field_in_table_ref (thd=0x7ff838000b00, table_list=0x7ff8380156c0, name=0x7ff838015d80 "f", length=1, item_name=0x7ff838015d80 "f", db_name=0x0, table_name=0x0, ref=0x7ff838015f38, check_privileges=true, allow_rowid=true, cached_field_index_ptr=0x7ff838015e5c, register_tree_change=true, actual_table=0x7ff84a810a60) at /data/src/10.4/sql/sql_base.cc:6039
#13 0x00005573da95bd6a in find_field_in_tables (thd=0x7ff838000b00, item=0x7ff838015d88, first_table=0x7ff8380156c0, last_table=0x0, ref=0x7ff838015f38, report_error=REPORT_ALL_ERRORS, check_privileges=true, register_tree_change=true) at /data/src/10.4/sql/sql_base.cc:6348
#14 0x00005573dad5d4ee in Item_field::fix_outer_field (this=0x7ff838015d88, thd=0x7ff838000b00, from_field=0x7ff84a810e70, reference=0x7ff838015f38) at /data/src/10.4/sql/item.cc:5516
#15 0x00005573dad5e0d5 in Item_field::fix_fields (this=0x7ff838015d88, thd=0x7ff838000b00, reference=0x7ff838015f38) at /data/src/10.4/sql/item.cc:5766
#16 0x00005573da8e5ed3 in Item::fix_fields_if_needed (this=0x7ff838015d88, thd=0x7ff838000b00, ref=0x7ff838015f38) at /data/src/10.4/sql/item.h:955
#17 0x00005573da8e5f01 in Item::fix_fields_if_needed_for_scalar (this=0x7ff838015d88, thd=0x7ff838000b00, ref=0x7ff838015f38) at /data/src/10.4/sql/item.h:959
#18 0x00005573da95ebe9 in setup_fields (thd=0x7ff838000b00, ref_pointer_array=..., fields=..., column_usage=MARK_COLUMNS_WRITE, sum_func_list=0x0, pre_fix=0x0, allow_sum_func=false) at /data/src/10.4/sql/sql_base.cc:7554
#19 0x00005573daafd74d in setup_fields_with_no_wrap (thd=0x7ff838000b00, ref_pointer_array=..., item=..., column_usage=MARK_COLUMNS_WRITE, sum_func_list=0x0, allow_sum_func=false) at /data/src/10.4/sql/sql_base.h:376
#20 0x00005573daaf4b5d in mysql_update (thd=0x7ff838000b00, table_list=0x7ff8380156c0, fields=..., values=..., conds=0x0, order_num=0, order=0x0, limit=18446744073709551615, ignore=false, found_return=0x7ff84a811850, updated_return=0x7ff84a811910) at /data/src/10.4/sql/sql_update.cc:455
#21 0x00005573da9f3926 in mysql_execute_command (thd=0x7ff838000b00) at /data/src/10.4/sql/sql_parse.cc:4648
#22 0x00005573da9ffbe4 in mysql_parse (thd=0x7ff838000b00, rawbuf=0x7ff8380155e8 "UPDATE v2 SET f = 4", length=19, parser_state=0x7ff84a812180, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:8154
#23 0x00005573da9eb630 in dispatch_command (command=COM_QUERY, thd=0x7ff838000b00, packet=0x7ff838139261 "UPDATE v2 SET f = 4", packet_length=19, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:1832
#24 0x00005573da9e9e16 in do_command (thd=0x7ff838000b00) at /data/src/10.4/sql/sql_parse.cc:1365
#25 0x00005573dab61e55 in do_handle_one_connection (connect=0x5573dd87d520) at /data/src/10.4/sql/sql_connect.cc:1398
#26 0x00005573dab61bc6 in handle_one_connection (arg=0x5573dd87d520) at /data/src/10.4/sql/sql_connect.cc:1301
#27 0x00005573db055cb9 in pfs_spawn_thread (arg=0x5573dd96f8f0) at /data/src/10.4/storage/perfschema/pfs.cc:1862
#28 0x00007ff852587494 in start_thread (arg=0x7ff84a813700) at pthread_create.c:333
#29 0x00007ff85075593f in clone () from /lib/x86_64-linux-gnu/libc.so.6

Attachments

Issue Links

relates to

MDEV-14557 Assertion `m_sp == __null' failed in Item_func_sp::init_result_field upon 2nd execution of SP

Stalled

MDEV-20410 Pure virtual method called in Item_ref::set_properties, SIGSEGV or ASAN heap-use-after-free in create_view_field

Closed

Activity

People

Assignee:: Oleksandr Byelkin

Reporter:: Elena Stepanova

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2019-04-04 21:36

Updated:: 2023-11-28 10:27

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.