[MDEV-21028] Server crashes in Query_arena::set_query_arena upon SELECT from view - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Blocker
Resolution: Fixed
Affects Version/s: 10.2(EOL), 10.3(EOL), 10.4(EOL), 10.5, 10.6
Fix Version/s: 10.7.4, 10.2.44, 10.3.35, 10.4.25, 10.5.16, 10.6.8
Component/s: Data Definition - Temporary, Views
Labels:
None

Description

Note: Might be related to ~~MDEV-17361~~, MDEV-18216.

CREATE TABLE t1 (a DATETIME DEFAULT CURRENT_TIMESTAMP);

INSERT INTO t1 () VALUES (),();

CREATE ALGORITHM=TEMPTABLE VIEW v1 AS SELECT * FROM t1;

SELECT INSTR( CURRENT_TIMESTAMP(), DEFAULT(a) ) FROM v1;

# Cleanup

DROP VIEW v1;

DROP TABLE t1;

10.2 cbf5f6d6
#3 <signal handler called>
#4 0x0000561e0c00a5e4 in Query_arena::set_query_arena (this=0x7f1d08000b08, set=0x0) at /data/src/10.2/sql/sql_class.cc:3502
#5 0x0000561e0c00aa30 in THD::set_n_backup_active_arena (this=0x7f1d08000af0, set=0x0, backup=0x7f1d1a4c7770) at /data/src/10.2/sql/sql_class.cc:3591
#6 0x0000561e0c29eb93 in Field::set_default (this=0x7f1d08016450) at /data/src/10.2/sql/field.cc:2456
#7 0x0000561e0c2fb2f2 in Item_default_value::calculate (this=0x7f1d080127a8) at /data/src/10.2/sql/item.cc:8965
#8 0x0000561e0c2fb34e in Item_default_value::val_str (this=0x7f1d080127a8, str=0x7f1d080129c0) at /data/src/10.2/sql/item.cc:8971
#9 0x0000561e0c34f4f4 in Item_func_locate::val_int (this=0x7f1d080128e0) at /data/src/10.2/sql/item_func.cc:3137
#10 0x0000561e0c2f5788 in Item::send (this=0x7f1d080128e0, protocol=0x7f1d080010a8, buffer=0x7f1d1a4c7940) at /data/src/10.2/sql/item.cc:6944
#11 0x0000561e0bf85ce3 in Protocol::send_result_set_row (this=0x7f1d080010a8, row_items=0x7f1d08004f58) at /data/src/10.2/sql/protocol.cc:990
#12 0x0000561e0c0079ee in select_send::send_data (this=0x7f1d08015660, items=...) at /data/src/10.2/sql/sql_class.cc:2725
#13 0x0000561e0c0c239e in end_send (join=0x7f1d08015680, join_tab=0x7f1d0807fbf0, end_of_records=false) at /data/src/10.2/sql/sql_select.cc:20029
#14 0x0000561e0c0bfe3c in evaluate_join_record (join=0x7f1d08015680, join_tab=0x7f1d0807f840, error=0) at /data/src/10.2/sql/sql_select.cc:19077
#15 0x0000561e0c0bf728 in sub_select (join=0x7f1d08015680, join_tab=0x7f1d0807f840, end_of_records=false) at /data/src/10.2/sql/sql_select.cc:18857
#16 0x0000561e0c0becaf in do_select (join=0x7f1d08015680, procedure=0x0) at /data/src/10.2/sql/sql_select.cc:18401
#17 0x0000561e0c098689 in JOIN::exec_inner (this=0x7f1d08015680) at /data/src/10.2/sql/sql_select.cc:3623
#18 0x0000561e0c097b44 in JOIN::exec (this=0x7f1d08015680) at /data/src/10.2/sql/sql_select.cc:3418
#19 0x0000561e0c098cfa in mysql_select (thd=0x7f1d08000af0, tables=0x7f1d08012ab8, wild_num=0, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7f1d08015660, unit=0x7f1d080046f0, select_lex=0x7f1d08004e30) at /data/src/10.2/sql/sql_select.cc:3818
#20 0x0000561e0c08cf66 in handle_select (thd=0x7f1d08000af0, lex=0x7f1d08004628, result=0x7f1d08015660, setup_tables_done_option=0) at /data/src/10.2/sql/sql_select.cc:361
#21 0x0000561e0c057fad in execute_sqlcom_select (thd=0x7f1d08000af0, all_tables=0x7f1d08012ab8) at /data/src/10.2/sql/sql_parse.cc:6225
#22 0x0000561e0c04e98e in mysql_execute_command (thd=0x7f1d08000af0) at /data/src/10.2/sql/sql_parse.cc:3532
#23 0x0000561e0c05be4e in mysql_parse (thd=0x7f1d08000af0, rawbuf=0x7f1d08012458 "SELECT INSTR( CURRENT_TIMESTAMP(), DEFAULT(a) ) FROM v1", length=55, parser_state=0x7f1d1a4c9200, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:7740
#24 0x0000561e0c04a169 in dispatch_command (command=COM_QUERY, thd=0x7f1d08000af0, packet=0x7f1d0808de91 "", packet_length=55, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:1831
#25 0x0000561e0c048abd in do_command (thd=0x7f1d08000af0) at /data/src/10.2/sql/sql_parse.cc:1384
#26 0x0000561e0c19e1e3 in do_handle_one_connection (connect=0x561e0ed53b60) at /data/src/10.2/sql/sql_connect.cc:1336
#27 0x0000561e0c19df4e in handle_one_connection (arg=0x561e0ed53b60) at /data/src/10.2/sql/sql_connect.cc:1241
#28 0x0000561e0c9d0952 in pfs_spawn_thread (arg=0x561e0ed59970) at /data/src/10.2/storage/perfschema/pfs.cc:1862
#29 0x00007f1d21d0b4a4 in start_thread (arg=0x7f1d1a4ca700) at pthread_create.c:456
#30 0x00007f1d20252d0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97

Reproducible on 10.2-10.5 with at least InnoDB and MyISAM.
All of non-debug, debug and ASAN builds crash the same way.
Not reproducible on 10.1.

Attachments

Issue Links

is duplicated by

MDEV-26406 A SEGV in sql/sql_class.cc

Closed

relates to

MDEV-15703 Crash in EXECUTE IMMEDIATE 'CREATE OR REPLACE TABLE t1 (a INT DEFAULT ?)' USING DEFAULT, UBSAN runtime error: member call on null pointer of type 'struct TABLE_LIST' in Item_param::save_in_field

Closed

MDEV-18216 Server crashes in Query_arena::set_query_arena upon CREATE VIEW

Confirmed

MDEV-26061 MariaDB server crash at Field::set_default

Closed

MDEV-17361 Server crashes in Query_arena::set_query_arena upon UPDATE on multi-table view

Closed

Activity

People

Assignee:: Sergei Golubchik

Reporter:: Elena Stepanova

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 2019-11-11 17:23

Updated:: 2022-04-25 19:22

Resolved:: 2022-04-20 20:13

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server