Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-29320

MariaDB server crashes in Item::save_in_field() when executing stored procedure

    XMLWordPrintable

Details

    Description

      The following crash happens for customer:

      220815 22:58:47 [ERROR] mysqld got signal 11 ;
      This could be because you hit a bug. It is also possible that this binary
      or one of the libraries it was linked against is corrupt, improperly built,
      or misconfigured. This error can also be caused by malfunctioning hardware.
       
      To report this bug, see https://mariadb.com/kb/en/reporting-bugs
       
      We will try our best to scrape up some info that will hopefully help
      diagnose the problem, but since we have already crashed,
      something is definitely wrong and this may fail.
       
      Server version: 10.3.34-MariaDB-log
      key_buffer_size=67108864
      read_buffer_size=131072
      max_used_connections=58
      max_threads=1002
      thread_count=59
      It is possible that mysqld could use up to
      key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 2313574 K bytes of memory
      Hope that's ok; if not, decrease some variables in the equation.
       
      Thread pointer: 0x7fb770058b18
      Attempting backtrace. You can use the following information to find out
      where mysqld died. If you see no messages after this, something went
      terribly wrong...
      stack_bottom = 0x7fb8641a8d30 thread_stack 0x40000
      /usr/sbin/mysqld(my_print_stacktrace+0x2e)[0x55f9cdea036e]
      /usr/sbin/mysqld(handle_fatal_signal+0x30f)[0x55f9cd93495f]
      /lib64/libpthread.so.0(+0xf630)[0x7fc268d0a630]
      /usr/sbin/mysqld(_ZN4Item13save_in_fieldEP5Fieldb+0x4a)[0x55f9cd94983a]
      /usr/sbin/mysqld(_ZN5Field25sp_prepare_and_store_itemEP3THDPP4Item+0x53)[0x55f9cd9154a3]
      /usr/sbin/mysqld(_ZN3THD12sp_eval_exprEP5FieldPP4Item+0x57)[0x55f9cd6ba9c7]
      /usr/sbin/mysqld(_ZN11sp_rcontext12set_variableEP3THDjPP4Item+0x23)[0x55f9cd6c8ac3]
      /usr/sbin/mysqld(_ZN12sp_instr_set9exec_coreEP3THDPj+0x2f)[0x55f9cd6c143f]
      /usr/sbin/mysqld(_ZN13sp_lex_keeper23reset_lex_and_exec_coreEP3THDPjbP8sp_instr+0x2f9)[0x55f9cd6c08b9]
      /usr/sbin/mysqld(_ZN7sp_head7executeEP3THDb+0x897)[0x55f9cd6bc547]
      /usr/sbin/mysqld(_ZN7sp_head17execute_procedureEP3THDP4ListI4ItemE+0x74d)[0x55f9cd6bd7bd]
      /usr/sbin/mysqld(+0x5d0882)[0x55f9cd744882]
      /usr/sbin/mysqld(+0x5d2826)[0x55f9cd746826]
      /usr/sbin/mysqld(_ZN12Sql_cmd_call7executeEP3THD+0x90)[0x55f9cd747060]
      /usr/sbin/mysqld(_Z21mysql_execute_commandP3THD+0x137a)[0x55f9cd74dfca]
      /usr/sbin/mysqld(_Z11mysql_parseP3THDPcjP12Parser_statebb+0x1fb)[0x55f9cd75584b]
      /usr/sbin/mysqld(_Z16dispatch_command19enum_server_commandP3THDPcjbb+0x106c)[0x55f9cd7571bc]
      /usr/sbin/mysqld(_Z10do_commandP3THD+0x11b)[0x55f9cd75943b]
      /usr/sbin/mysqld(_Z24do_handle_one_connectionP7CONNECT+0x1d6)[0x55f9cd830ac6]
      /usr/sbin/mysqld(handle_one_connection+0x3d)[0x55f9cd830bdd]
      /lib64/libpthread.so.0(+0x7ea5)[0x7fc268d02ea5]
      /lib64/libc.so.6(clone+0x6d)[0x7fc268a2b98d]
       
      Trying to get some variables.
      Some pointers may be invalid and cause the dump to abort.
      Query (0x7fb770013a60): call DB.SOME_PROC()
       
      Connection ID (thread ID): 2038403
      Status: NOT_KILLED
      ...
      

      In the full backtrace we see:

      Thread 1 (Thread 0x7fb8641a9700 (LWP 7442)):
      #0  0x00007fc268d07aa1 in pthread_kill () from /lib64/libpthread.so.0
      No symbol table info available.
      #1  0x000055f9cd9349de in handle_fatal_signal (sig=11) at /usr/src/debug/MariaDB-10.3.34/src_0/sql/signal_handler.cc:355
              curr_time = 1660575527
              tm = {tm_sec = 47, tm_min = 58, tm_hour = 22, tm_mday = 15, tm_mon = 7, tm_year = 122, tm_wday = 1, tm_yday = 226, tm_isdst = 0, tm_gmtoff = 28800, tm_zone = 0x55f9cfe59680 "+08"}
              print_invalid_query_pointer = false
      #2  <signal handler called>
      No symbol table info available.
      #3  Item::save_in_field (this=0x7fb7721d73d0, field=0x7fb77032f228, no_conversions=<optimized out>) at /usr/src/debug/MariaDB-10.3.34/src_0/sql/item.cc:7001
              this = 0x7fb7721d73d0
              no_conversions = false
              field = 0x7fb77032f228
      #4  0x000055f9cd9154a3 in Field::sp_prepare_and_store_item (this=0x7fb77032f228, thd=0x7fb770058b18, value=<optimized out>) at /usr/src/debug/MariaDB-10.3.34/src_0/sql/field.cc:1357
      No locals.
      #5  0x000055f9cd6ba9c7 in THD::sp_eval_expr (this=this@entry=0x7fb770058b18, result_field=<optimized out>, expr_item_ptr=expr_item_ptr@entry=0x7fb7721d7508) at /usr/src/debug/MariaDB-10.3.34/src_0/sql/sp_head.cc:415
              state = {m_thd = 0x7fb770058b18, m_count_cuted_fields = CHECK_FIELD_IGNORE, m_abort_on_warning = false, m_stmt_modified_non_trans_table = false}
      #6  0x000055f9cd6c8ac3 in sp_rcontext::set_variable (this=<optimized out>, thd=thd@entry=0x7fb770058b18, idx=idx@entry=1, value=value@entry=0x7fb7721d7508) at /usr/src/debug/MariaDB-10.3.34/src_0/sql/sp_rcontext.cc:623
      No locals.
      #7  0x000055f9cd6c143f in sp_instr_set::exec_core (this=0x7fb7721d74c0, thd=0x7fb770058b18, nextp=0x7fb8641a61b0) at /usr/src/debug/MariaDB-10.3.34/src_0/sql/sp_head.cc:3737
              res = <optimized out>
      #8  0x000055f9cd6c08b9 in sp_lex_keeper::reset_lex_and_exec_core (this=0x7fb7721d7510, thd=0x7fb770058b18, nextp=0x7fb8641a61b0, open_tables=<optimized out>, instr=0x7fb7721d74c0) at /usr/src/debug/MariaDB-10.3.34/src_0/sql/sp_head.cc:3438
              res = <optimized out>
              parent_modified_non_trans_table = false
              parent_unsafe_rollback_flags = 0
      #9  0x000055f9cd6bc547 in sp_head::execute (this=this@entry=0x7fb770aba310, thd=thd@entry=0x7fb770058b18, merge_da_on_success=merge_da_on_success@entry=true) at /usr/src/debug/MariaDB-10.3.34/src_0/sql/sp_head.cc:1377
              parent_digest = 0x7fb77005c1c8
              saved_cur_db_name_buf = "\300c\032d\270\177\000\000\202\203l\315\371U\000\000\320c\032d\270\177\000\000\060d\032d\270\177\000\000\000\000\000\000\000\000\000\000\020\243\253p\267\177\000\000\030\213\005p\267\177\000\000\020\243\253p\267\177\000\000\000\000\000\000\000\000\000\000\060d\032d\270\177\000\000 d\032d\270\177\000\000H\313k\315\371U\000\000 d\032d\270\177\000\000\334kl\315\371U\000\000@d\032d\270\177\000\000\302\232p\315\371U\000\000\000\000\000\000\000\000\000\000\060\243\253p\267\177\000\000\060\243\253p\267\177\000\000襫p\267\177\000\000\000\000\000\000\000\000\000\000\020\243\253p\267\177\000\000\360d\032d\270\177\000\000\030\213\005p\267\177\000\000襫p\267\177\000\000\001"
              saved_cur_db_name = {str = 0x0, length = 0}
              ctx = 0x7fb77032dfa0
              execute_mem_root = {free = 0x0, used = 0x0, pre_alloc = 0x0, min_malloc = 32, block_size = 8152, total_alloc = 0, block_num = 4, first_block_usage = 0, error_handler = 0x55f9cd80e950 <sql_alloc_error_handler()>, name = 0x55f9cdf24181 "per_instruction_memroot"}
              old_query_id = 3966003692
              old_rec_tables = 0x0
              old_change_list = {change_list = {<base_ilist> = {first = 0x7fb770058bd0, last = {_vptr.ilink = 0x55f9ce6c4cd0 <vtable for ilink+16>, prev = 0x7fb770058bc8, next = 0x0}}, <No data fields>}}
              ip = 80
              saved_creation_ctx = 0x7fb6656cb050
              cur_db_changed = true
              err_status = false
              execute_arena = {_vptr.Query_arena = 0x55f9ce6cb470 <vtable for Query_arena+16>, free_list = 0x0, mem_root = 0x7fb8641a6260, state = Query_arena::STMT_INITIALIZED_FOR_SP}
              backup_arena = {_vptr.Query_arena = 0x55f9ce6cb470 <vtable for Query_arena+16>, free_list = 0x7fb7723bf960, mem_root = 0x7fb77005dec0, state = Query_arena::STMT_CONVENTIONAL_EXECUTION}
              old_lex = 0x7fb77005c748
              status_backup_mask = 192
              user_var_events_alloc_saved = 0x7fb77005dec0
              i = 0x7fb7721d74c0
              old_derived_tables = 0x0
              old_server_status = 0
              save_abort_on_warning = false
              old_arena = 0x7fb770058b30
              old_packet = {<Sql_alloc> = {<No data fields>}, Ptr = 0x7fb77000f8c8 "\001\060ef", str_length = 2, Alloced_length = 16392, extra_alloc = 0, alloced = true, thread_specific = false, str_charset = 0x55f9ce8094e0 <my_charset_bin>}
              save_reprepare_observer = 0x0
              save_sql_mode = 8860525070
              da = 0x7fb77005df08
              sp_wi = {m_warn_root = {free = 0x0, used = 0x0, pre_alloc = 0x0, min_malloc = 32, block_size = 2009, total_alloc = 0, block_num = 4, first_block_usage = 0, error_handler = 0x55f9cd80e950 <sql_alloc_error_handler()>, name = 0x55f9cdf25cf4 "Warning_info"}, m_warn_list = {<I_P_List_counter> = {m_counter = 0}, <I_P_List_fast_push_back<Sql_condition>> = {m_last = 0x7fb8641a6308}, m_first = 0x0}, m_warn_count = {0, 0, 0}, m_current_statement_warn_count = 0, m_current_row_for_warning = 26, m_warn_id = 3966015501, m_error_condition = 0x0, m_allow_unlimited_warnings = false, initialized = true, m_read_only = false, m_next_in_da = 0x7fb77005e148, m_prev_in_da = 0x7fb77005e210, m_marked_sql_conditions = {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x55f9ce8843e0 <end_of_list>, last = 0x7fb8641a6350, elements = 0}, <No data fields>}}
      #10 0x000055f9cd6bd7bd in sp_head::execute_procedure (this=0x7fb770aba310, thd=thd@entry=0x7fb770058b18, args=0x7fb77005d5f8) at /usr/src/debug/MariaDB-10.3.34/src_0/sql/sp_head.cc:2404
              params = <optimized out>
              save_spcont = 0x0
              nctx = 0x7fb77032dfa0
              octx = 0x7fb770018818
              save_log_general = true
              need_binlog_call = <optimized out>
              err_status = false
              utime_before_sp_exec = 12249565017655
              save_enable_slow_log = true
              pkg = 0x0
              save_security_ctx = 0x0
      #11 0x000055f9cd744882 in do_execute_sp (thd=0x7fb770058b18, sp=<optimized out>) at /usr/src/debug/MariaDB-10.3.34/src_0/sql/sql_parse.cc:3019
              bits_to_be_cleared = <optimized out>
              affected_rows = <optimized out>
              select_limit = 18446744073709551615
              res = <optimized out>
              sp = <optimized out>
              thd = 0x7fb770058b18
      #12 0x000055f9cd746826 in Sql_cmd_call::execute (this=this@entry=0x7fb770013b60, thd=thd@entry=0x7fb770058b18) at /usr/src/debug/MariaDB-10.3.34/src_0/sql/sql_parse.cc:3259
              sp = 0x7fb770aba310
      #13 0x000055f9cd747060 in Sql_cmd_call::execute (this=0x7fb770013b60, thd=0x7fb770058b18) at /usr/src/debug/MariaDB-10.3.34/src_0/sql/sql_parse.cc:3213
      No locals.
      #14 0x000055f9cd74dfca in mysql_execute_command (thd=thd@entry=0x7fb770058b18) at /usr/src/debug/MariaDB-10.3.34/src_0/sql/sql_parse.cc:6075
              res = 0
              lex = 0x7fb77005c748
              orig_binlog_format = BINLOG_FORMAT_ROW
              up_result = 0
              rpl_filter = <optimized out>
              orig_current_stmt_binlog_format = BINLOG_FORMAT_ROW
              select_lex = 0x7fb77005cfa0
              first_table = 0x0
              all_tables = 0x0
              unit = 0x7fb77005c808
              have_table_map_for_update = false
      #15 0x000055f9cd75584b in mysql_parse (thd=thd@entry=0x7fb770058b18, rawbuf=<optimized out>, length=32, parser_state=parser_state@entry=0x7fb8641a84d0, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /usr/src/debug/MariaDB-10.3.34/src_0/sql/sql_parse.cc:7870
              found_semicolon = <optimized out>
              error = <optimized out>
              lex = 0x7fb77005c748
              err = <optimized out>
      #16 0x000055f9cd7571bc in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x7fb770058b18, packet=packet@entry=0x7fb77005e569 "call DB.SOME_PROC()", packet_length=packet_length@entry=32, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /usr/src/debug/MariaDB-10.3.34/src_0/sql/sql_parse.cc:1853
              packet_end = 0x7fb770013a80 ""
              parser_state = {m_lip = {lookahead_token = -1, lookahead_yylval = 0x0, m_thd = 0x7fb770058b18, m_ptr = 0x7fb770013a81 "", m_tok_start = 0x7fb770013a81 "", m_tok_end = 0x7fb770013a81 "", m_end_of_query = 0x7fb770013a80 "", m_tok_start_prev = 0x7fb770013a80 "", m_buf = 0x7fb770013a60 "call DB.SOME_PROC()", m_buf_length = 32, m_echo = true, m_echo_saved = 135, m_cpp_buf = 0x7fb770013ad8 "call DB.SOME_PROC()", m_cpp_ptr = 0x7fb770013af8 "", m_cpp_tok_start = 0x7fb770013af8 "", m_cpp_tok_start_prev = 0x7fb770013af8 "", m_cpp_tok_end = 0x7fb770013af8 "", m_body_utf8 = 0x0, m_body_utf8_ptr = 0xc21deaa10d0d3700 <Address 0xc21deaa10d0d3700 out of bounds>, m_cpp_utf8_processed_ptr = 0x0, next_state = MY_LEX_END, found_semicolon = 0x0, ignore_space = true, stmt_prepare_mode = false, multi_statements = true, yylineno = 1, m_digest = 0x0, in_comment = NO_COMMENT, in_comment_saved = (DISCARD_COMMENT | unknown: 32704), m_cpp_text_start = 0x7fb770013ae3 "SOME_PROC()", m_cpp_text_end = 0x7fb770013af6 "()", m_underscore_cs = 0x0}, m_yacc = {yacc_yyss = 0x0, yacc_yyvs = 0x0, m_set_signal_info = {m_item = {0x0 <repeats 12 times>}}, m_lock_type = TL_READ_DEFAULT, m_mdl_type = MDL_SHARED_READ}, m_digest_psi = 0x0}
              net = 0x7fb770058d78
              error = false
              do_end_of_statement = true
              drop_more_results = false
      #17 0x000055f9cd75943b in do_command (thd=0x7fb770058b18) at /usr/src/debug/MariaDB-10.3.34/src_0/sql/sql_parse.cc:1399
              return_value = <optimized out>
              packet = 0x7fb77005e568 "\003call DB.SOME_PROC()"
              packet_length = 33
              net = 0x7fb770058d78
              command = COM_QUERY
      #18 0x000055f9cd830ac6 in do_handle_one_connection (connect=connect@entry=0x55fa0331a4f8) at /usr/src/debug/MariaDB-10.3.34/src_0/sql/sql_connect.cc:1403
              create_user = true
              thr_create_utime = <optimized out>
              thd = 0x7fb770058b18
      #19 0x000055f9cd830bdd in handle_one_connection (arg=0x55fa0331a4f8) at /usr/src/debug/MariaDB-10.3.34/src_0/sql/sql_connect.cc:1308
              connect = 0x55fa0331a4f8
      #20 0x00007fc268d02ea5 in start_thread () from /lib64/libpthread.so.0
      No symbol table info available.
      #21 0x00007fc268a2b98d in clone () from /lib64/libc.so.6
      No symbol table info available.
      

      I can not find any existing bug report with similar backtrace, hence this new one.

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              valerii Valerii Kravchuk
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.