Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-21999

Server crashes in LEX::create_item_ident or LEX::create_item_ident_nospvar

    XMLWordPrintable

Details

    Description

      Note: Possibly related to MDEV-21998. The stack trace is different though, also this one doesn't need sequences, and the crash is reproducible on non-debug builds as well.

      KILL ( SELECT 1 ) IN ( a.b );

      10.4 debug 81f70001

      		 
      #3  <signal handler called>
      		 
      #4  0x000055bf14c926b2 in LEX::create_item_ident_nospvar (this=0x7f8c5c004958, thd=0x7f8c5c000af0, a=0x7f8c6e25a450, b=0x7f8c6e25a460) at /data/src/10.4/sql/sql_lex.cc:7212
      		 
      #5  0x000055bf14c9343c in LEX::create_item_ident (this=0x7f8c5c004958, thd=0x7f8c5c000af0, ca=0x7f8c6e25b5e0, cb=0x7f8c6e25b610) at /data/src/10.4/sql/sql_lex.cc:7404
      		 
      #6  0x000055bf14f7eeb4 in MYSQLparse (thd=0x7f8c5c000af0) at /data/src/10.4/sql/sql_yacc.yy:15566
      		 
      #7  0x000055bf14ccf03a in parse_sql (thd=0x7f8c5c000af0, parser_state=0x7f8c6e25c160, creation_ctx=0x0, do_pfs_digest=true) at /data/src/10.4/sql/sql_parse.cc:10206
      		 
      #8  0x000055bf14cc985e in mysql_parse (thd=0x7f8c5c000af0, rawbuf=0x7f8c5c0132f0 "KILL ( SELECT 1 ) IN ( a.b )", length=28, parser_state=0x7f8c6e25c160, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:7853
      		 
      #9  0x000055bf14cb4bd0 in dispatch_command (command=COM_QUERY, thd=0x7f8c5c000af0, packet=0x7f8c5c136171 "KILL ( SELECT 1 ) IN ( a.b )", packet_length=28, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:1842
      		 
      #10 0x000055bf14cb325d in do_command (thd=0x7f8c5c000af0) at /data/src/10.4/sql/sql_parse.cc:1360
      		 
      #11 0x000055bf14e3c70f in do_handle_one_connection (connect=0x55bf1742b520) at /data/src/10.4/sql/sql_connect.cc:1412
      		 
      #12 0x000055bf14e3c45e in handle_one_connection (arg=0x55bf1742b520) at /data/src/10.4/sql/sql_connect.cc:1316
      		 
      #13 0x000055bf15844d6d in pfs_spawn_thread (arg=0x55bf1733f4b0) at /data/src/10.4/storage/perfschema/pfs.cc:1869
      		 
      #14 0x00007f8c7603b4a4 in start_thread (arg=0x7f8c6e25d700) at pthread_create.c:456
      		 
      #15 0x00007f8c7416fd0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97


      KILL ( SELECT 1 ) IN ( a.b.c );


      #3  <signal handler called>
      		 
      #4  0x000055decf5de581 in LEX::create_item_ident (this=0x7f8d78004958, thd=0x7f8d78000af0, a=0x7f8d941de450, b=0x7f8d941de430, c=0x7f8d941de440) at /data/src/10.4/sql/sql_lex.cc:7428
      		 
      #5  0x000055decf8dbd7c in LEX::create_item_ident (this=0x7f8d78004958, thd=0x7f8d78000af0, ca=0x7f8d941df5e0, cb=0x7f8d941df610, cc=0x7f8d941df640) at /data/src/10.4/sql/sql_lex.h:3929
      		 
      #6  0x000055decf8c9fe2 in MYSQLparse (thd=0x7f8d78000af0) at /data/src/10.4/sql/sql_yacc.yy:15577
      		 
      #7  0x000055decf61a03a in parse_sql (thd=0x7f8d78000af0, parser_state=0x7f8d941e0160, creation_ctx=0x0, do_pfs_digest=true) at /data/src/10.4/sql/sql_parse.cc:10206
      		 
      #8  0x000055decf61485e in mysql_parse (thd=0x7f8d78000af0, rawbuf=0x7f8d780132f0 "KILL ( SELECT 1 ) IN ( a.b.c )", length=30, parser_state=0x7f8d941e0160, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:7853
      		 
      #9  0x000055decf5ffbd0 in dispatch_command (command=COM_QUERY, thd=0x7f8d78000af0, packet=0x7f8d78136171 "KILL ( SELECT 1 ) IN ( a.b.c )", packet_length=30, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:1842
      		 
      #10 0x000055decf5fe25d in do_command (thd=0x7f8d78000af0) at /data/src/10.4/sql/sql_parse.cc:1360
      		 
      #11 0x000055decf78770f in do_handle_one_connection (connect=0x55ded2196530) at /data/src/10.4/sql/sql_connect.cc:1412
      		 
      #12 0x000055decf78745e in handle_one_connection (arg=0x55ded2196530) at /data/src/10.4/sql/sql_connect.cc:1316
      		 
      #13 0x000055ded018fd6d in pfs_spawn_thread (arg=0x55ded20aa4c0) at /data/src/10.4/storage/perfschema/pfs.cc:1869
      		 
      #14 0x00007f8d9b7be4a4 in start_thread (arg=0x7f8d941e1700) at pthread_create.c:456
      		 
      #15 0x00007f8d998f2d0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97

      Reproducible on 10.4, 10.5, debug and non-debug.
      Not reproducible on 10.3.

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. MDEV-21998 Server crashes in st_select_lex::add_table_to_list upon mix of KILL and sequences

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-22000 Server crashes in st_select_lex::inc_in_sum_expr upon DECLARE with group function

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-21998 Server crashes in st_select_lex::add_table_to_list upon mix of KILL and sequences

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            People

              sanja Oleksandr Byelkin
              elenst Elena Stepanova
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.