Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-36377

Assertion `thd->lex == sp_instr_lex' failed in LEX *sp_lex_instr::parse_expr(THD *, sp_head *, LEX *)

Details

    • Bug
    • Status: Open (View Workflow)
    • Blocker
    • Resolution: Unresolved
    • 12.0
    • 12.0
    • Stored routines
    • None

    Description

      The assertion has already been fixed in MDEV-31661, this fix should also address the new feature SYS_REFCURSOR.

      CREATE TABLE t1 (a INT);
      		 
       
      		 
      --delimiter $
      		 
      CREATE PROCEDURE p1() 
      BEGIN 
        DECLARE c1 SYS_REFCURSOR; 
        OPEN c1 FOR SELECT * FROM t1; 
        END;
      		 
      $
      		 
      --delimiter ;
      		 
       
      		 
      CALL p1;
      		 
      CREATE OR REPLACE TABLE t1(a INT);
      		 
      --error ER_PARSE_ERROR
      		 
      CALL p1;
      		 
      --error ER_PARSE_ERROR
      		 
      CALL p1;
      		 
      CALL p1;
      		 
       
      		 
      DROP PROCEDURE p1;
      		 
      DROP TABLE t1;

      CS 12.0.0 61c96785d1910976fd740aa0724105b16952786d (Optimized) Build 21/03/2025

      		 
      Core was generated by `/test/mtest/MD210325-mariadb-12.0.0-linux-x86_64-opt/bin/mariadbd --no-defaults'.
      		 
      Program terminated with signal SIGSEGV, Segmentation fault.
      		 
      #0  st_select_lex_unit::unclean (this=0x0)at /test/mtest/12.0_opt/sql/sql_lex.h:884
      		 
       
      		 
      [Current thread is 1 (Thread 0x1526691696c0 (LWP 1498553))]
      		 
      (gdb) bt
      		 
      #0  st_select_lex_unit::unclean (this=0x0)at /test/mtest/12.0_opt/sql/sql_lex.h:884
      		 
      #1  reinit_stmt_before_use (thd=thd@entry=0x15260c000c68, lex=0x15260c0298a0)at /test/mtest/12.0_opt/sql/sql_prepare.cc:3005
      		 
      #2  0x0000564d3ad3c0ce in sp_lex_keeper::reset_lex_and_exec_core (this=this@entry=0x15260c028dd0, thd=thd@entry=0x15260c000c68, nextp=nextp@entry=0x152669166d34, open_tables=true, instr=instr@entry=0x15260c028d98, rerun_the_same_instr=<optimized out>)at /test/mtest/12.0_opt/sql/sp_instr.cc:331
      		 
      #3  0x0000564d3ad3c89b in sp_lex_keeper::validate_lex_and_exec_core (this=0x15260c028dd0, thd=0x15260c000c68, nextp=0x152669166d34, open_tables=<optimized out>, instr=0x15260c028d98)at /test/mtest/12.0_opt/sql/sp_instr.cc:535
      		 
      #4  0x0000564d3aae2bba in sp_head::execute (this=this@entry=0x15260c027920, thd=thd@entry=0x15260c000c68, merge_da_on_success=true)at /test/mtest/12.0_opt/sql/sp_head.cc:1293
      		 
      #5  0x0000564d3aae46f3 in sp_head::execute_procedure (this=0x15260c027920, thd=0x15260c000c68, args=0x15260c006028)at /test/mtest/12.0_opt/sql/sp_head.cc:2327
      		 
      #6  0x0000564d3ab9123a in do_execute_sp (thd=thd@entry=0x15260c000c68, sp=0x15260c000c68, sp@entry=0x15260c027920)at /test/mtest/12.0_opt/sql/sql_parse.cc:3058
      		 
      #7  0x0000564d3ab90f0d in Sql_cmd_call::execute (this=0x15260c017860, thd=0x15260c000c68) at /test/mtest/12.0_opt/sql/sql_parse.cc:3281
      		 
      #8  0x0000564d3ab92463 in mysql_execute_command (thd=thd@entry=0x15260c000c68, is_called_from_prepared_stmt=false)at /test/mtest/12.0_opt/sql/sql_parse.cc:5859
      		 
      #9  0x0000564d3ab8de51 in mysql_parse (thd=thd@entry=0x15260c000c68, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x152669168420)at /test/mtest/12.0_opt/sql/sql_parse.cc:7889
      		 
      #10 0x0000564d3ab8c36f in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x15260c000c68, packet=packet@entry=0x15260c008b39 "CALL p1", packet_length=packet_length@entry=7, blocking=true)at /test/mtest/12.0_opt/sql/sql_parse.cc:1875
      		 
      #11 0x0000564d3ab8e261 in do_command (thd=thd@entry=0x15260c000c68, blocking=true) at /test/mtest/12.0_opt/sql/sql_parse.cc:1416
      		 
      #12 0x0000564d3acbbb2d in do_handle_one_connection (connect=<optimized out>, connect@entry=0x564d61739218, put_in_cache=true)at /test/mtest/12.0_opt/sql/sql_connect.cc:1415
      		 
      #13 0x0000564d3acbb8ef in handle_one_connection (arg=arg@entry=0x564d61739218)at /test/mtest/12.0_opt/sql/sql_connect.cc:1327
      		 
      #14 0x0000564d3b04aed9 in pfs_spawn_thread (arg=0x564d616e5c98)at /test/mtest/12.0_opt/storage/perfschema/pfs.cc:2198
      		 
      #15 0x0000152670a9caa4 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447
      		 
      #16 0x0000152670b29c3c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

      CS 12.0.0 61c96785d1910976fd740aa0724105b16952786d (Debug) Build 21/03/2025

      		 
      mariadbd: /test/mtest/12.0_dbg/sql/sp_instr.cc:924: LEX *sp_lex_instr::parse_expr(THD *, sp_head *, LEX *): Assertion `thd->lex == sp_instr_lex' failed.

      CS 12.0.0 61c96785d1910976fd740aa0724105b16952786d (Debug) Build 21/03/2025

      		 
      Core was generated by `/test/mtest/MD210325-mariadb-12.0.0-linux-x86_64-dbg/bin/mariadbd --no-defaults'.
      		 
      Program terminated with signal SIGABRT, Aborted.
      		 
      #0  __pthread_kill_implementation (no_tid=0, signo=6, threadid=<optimized out>)at ./nptl/pthread_kill.c:44
      		 
       
      		 
      [Current thread is 1 (Thread 0x1496a3f336c0 (LWP 1506746))]
      		 
      (gdb) bt
      		 
      #0  __pthread_kill_implementation (no_tid=0, signo=6, threadid=<optimized out>)at ./nptl/pthread_kill.c:44
      		 
      #1  __pthread_kill_internal (signo=6, threadid=<optimized out>)at ./nptl/pthread_kill.c:78
      		 
      #2  __GI___pthread_kill (threadid=<optimized out>, signo=signo@entry=6)at ./nptl/pthread_kill.c:89
      		 
      #3  0x00001496aec4527e in __GI_raise (sig=sig@entry=6)at ../sysdeps/posix/raise.c:26
      		 
      #4  0x00001496aec288ff in __GI_abort () at ./stdlib/abort.c:79
      		 
      #5  0x00001496aec2881b in __assert_fail_base (fmt=0x1496aedd01e8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x56422290a4ce "thd->lex == sp_instr_lex", file=file@entry=0x56422290a26f "/test/mtest/12.0_dbg/sql/sp_instr.cc", line=line@entry=924, function=function@entry=0x56422290a47d "LEX *sp_lex_instr::parse_expr(THD *, sp_head *, LEX *)") at ./assert/assert.c:96
      		 
      #6  0x00001496aec3b517 in __assert_fail (assertion=0x56422290a4ce "thd->lex == sp_instr_lex", file=0x56422290a26f "/test/mtest/12.0_dbg/sql/sp_instr.cc", line=924, function=0x56422290a47d "LEX *sp_lex_instr::parse_expr(THD *, sp_head *, LEX *)") at ./assert/assert.c:105
      		 
      #7  0x0000564221b34299 in sp_lex_instr::parse_expr (this=0x14964c02ff40, thd=0x14964c000d58, sp=0x14964c02e300, sp_instr_lex=0x14964c032280)at /test/mtest/12.0_dbg/sql/sp_instr.cc:924
      		 
      #8  0x0000564221b33af8 in sp_lex_keeper::validate_lex_and_exec_core (this=0x14964c02ff80, thd=0x14964c000d58, nextp=0x1496a3f2f688, open_tables=false, instr=0x14964c02ff40)at /test/mtest/12.0_dbg/sql/sp_instr.cc:508
      		 
      #9  0x0000564221b3469a in sp_lex_keeper::cursor_reset_lex_and_exec_core (this=0x14964c02ff80, thd=0x14964c000d58, nextp=0x1496a3f2f688, open_tables=false, instr=0x14964c02ff40)at /test/mtest/12.0_dbg/sql/sp_instr.cc:590
      		 
      #10 0x0000564221b38e0f in sp_instr_copen_by_ref::execute (this=0x14964c02ff40, thd=0x14964c000d58, nextp=0x1496a3f2f688)at /test/mtest/12.0_dbg/sql/sp_instr.cc:2264
      		 
      #11 0x0000564221753d1c in sp_head::execute (this=0x14964c02e300, thd=0x14964c000d58, merge_da_on_success=true)at /test/mtest/12.0_dbg/sql/sp_head.cc:1293
      		 
      #12 0x000056422175668e in sp_head::execute_procedure (this=0x14964c02e300, thd=0x14964c000d58, args=0x14964c0060f0)at /test/mtest/12.0_dbg/sql/sp_head.cc:2327
      		 
      #13 0x000056422187a8dd in do_execute_sp (thd=0x14964c000d58, sp=0x14964c02e300)at /test/mtest/12.0_dbg/sql/sql_parse.cc:3058
      		 
      #14 0x000056422187a3f4 in Sql_cmd_call::execute (this=0x14964c01a060, thd=0x14964c000d58) at /test/mtest/12.0_dbg/sql/sql_parse.cc:3281
      		 
      #15 0x00005642218867a2 in mysql_execute_command (thd=0x14964c000d58, is_called_from_prepared_stmt=false)at /test/mtest/12.0_dbg/sql/sql_parse.cc:5859
      		 
      #16 0x0000564221875b04 in mysql_parse (thd=0x14964c000d58, rawbuf=0x14964c019fc0 "CALL p1", length=7, parser_state=0x1496a3f31a10)at /test/mtest/12.0_dbg/sql/sql_parse.cc:7889
      		 
      #17 0x0000564221872ed8 in dispatch_command (command=COM_QUERY, thd=0x14964c000d58, packet=0x14964c00b339 "CALL p1", packet_length=7, blocking=true) at /test/mtest/12.0_dbg/sql/sql_parse.cc:1875
      		 
      #18 0x00005642218766b3 in do_command (thd=0x14964c000d58, blocking=true)at /test/mtest/12.0_dbg/sql/sql_parse.cc:1416
      		 
      #19 0x0000564221a63799 in do_handle_one_connection (connect=0x5642472597d8, put_in_cache=true) at /test/mtest/12.0_dbg/sql/sql_connect.cc:1415
      		 
      #20 0x0000564221a6353e in handle_one_connection (arg=0x5642472171d8)at /test/mtest/12.0_dbg/sql/sql_connect.cc:1327
      		 
      #21 0x00001496aec9caa4 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447
      		 
      #22 0x00001496aed29c3c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

      Attachments

        Issue Links

          is caused by

          New Feature - A new feature of the product, which has yet to be developed. MDEV-20034 Add support for the pre-defined weak SYS_REFCURSOR

          • Critical - Crashes, loss of data, severe memory leak.
          • In Testing

          Activity

            ramesh Ramesh Sivaraman added a comment - - edited

            Following test cases crashes release build with a different stack. Please also test the fix with these test cases
            Test case 1

            CREATE TABLE t (a INT);
            		 
             
            		 
            --delimiter $
            		 
            CREATE PROCEDURE p1 (OUT c sys_refcursor) 
            BEGIN 
              OPEN c FOR SELECT a FROM t ;
            		 
            END; 
            $
            		 
             
            		 
            CREATE PROCEDURE p2() 
            BEGIN 
              DECLARE c sys_refcursor;
            		 
              DECLARE v INT;
            		 
              EXECUTE IMMEDIATE 'CALL p1 (?)' USING c;
            		 
              FETCH c INTO v;
            		 
              SELECT c,v;
            		 
            END; 
            $
            		 
            --delimiter ;
            		 
             
            		 
            --error ER_SP_FETCH_NO_DATA
            		 
            CALL p2;
            		 
             
            		 
            CREATE OR REPLACE TABLE t (a INT);
            		 
            --error ER_PARSE_ERROR
            		 
            CALL p2;
            		 
            --error ER_PARSE_ERROR
            		 
            CALL p2;
            		 
            CALL p1;

            Test case 2

            --source include/have_innodb.inc
            		 
             
            		 
            CREATE TABLE t (a INT) ENGINE=INNODB;
            		 
             
            		 
            --delimiter $
            		 
            CREATE PROCEDURE p (OUT c sys_refcursor) 
            BEGIN 
              OPEN c FOR SELECT a FROM t ;
            		 
            END;
            		 
            $
            		 
            --delimiter ;
            		 
             
            		 
            CREATE TEMPORARY TABLE t (c INT) ENGINE=INNODB;
            		 
            SET GLOBAL innodb_file_per_table=0;
            		 
            SET innodb_compression_default=ON;
            		 
            --error ER_BAD_FIELD_ERROR
            		 
            CALL p (@a);
            		 
             
            		 
            --error ER_CANT_CREATE_TABLE
            		 
            CREATE OR REPLACE TEMPORARY TABLE t (c INT) ENGINE=INNODB;
            		 
            PREPARE s FROM 'CALL p(?)';
            		 
            --error ER_PARSE_ERROR
            		 
            EXECUTE s USING @a;
            		 
            --error ER_PARSE_ERROR
            		 
            CALL p(@a);
            		 
            CALL p;

            MDEV-20034 CS 11.4.6 b057fa93dec9b36521cb10e7d50c1458d49cf2d6 (Optimized) Build 21/03/2025

            		 
            #0  Spvar_definition::is_table_rowtype_ref (this=0x0) at /test/mtest/MDEV-20034/12.0_opt/sql/field.h:5695
            		 
            #1  sp_rcontext::init_var_items (this=this@entry=0x151ce4011138, thd=thd@entry=0x151ce4000c68, field_def_lst=...) at /test/mtest/MDEV-20034/12.0_opt/sql/sp_rcontext.cc:431
            		 
            #2  0x0000559e56e1f207 in sp_rcontext::create (thd=0x151ce4000c68, owner=<optimized out>, root_parsing_ctx=<optimized out>, return_value_fld=<optimized out>, field_def_lst=...) at /test/mtest/MDEV-20034/12.0_opt/sql/sp_rcontext.cc:165
            		 
            #3  0x0000559e56e163bc in sp_head::rcontext_create (this=0x151ce4142ca0, thd=0x151ce4000c68, ret_value=0x0, args=0x151ce4005ee0) at /test/mtest/MDEV-20034/12.0_opt/sql/sp_head.cc:1678
            		 
            #4  sp_head::execute_procedure (this=0x151ce4142ca0, thd=0x151ce4000c68, args=0x151ce4005ee0) at /test/mtest/MDEV-20034/12.0_opt/sql/sp_head.cc:2181
            		 
            #5  0x0000559e56eba10f in do_execute_sp (thd=thd@entry=0x151ce4000c68, sp=0x151ce4006bf0, sp@entry=0x151ce4142ca0) at /test/mtest/MDEV-20034/12.0_opt/sql/sql_parse.cc:3082
            		 
            #6  0x0000559e56eb9ded in Sql_cmd_call::execute (this=0x151ce4010f30, thd=0x151ce4000c68) at /test/mtest/MDEV-20034/12.0_opt/sql/sql_parse.cc:3305
            		 
            #7  0x0000559e56ebb3ad in mysql_execute_command (thd=thd@entry=0x151ce4000c68, is_called_from_prepared_stmt=false) at /test/mtest/MDEV-20034/12.0_opt/sql/sql_parse.cc:5878
            		 
            #8  0x0000559e56eb6ce1 in mysql_parse (thd=thd@entry=0x151ce4000c68, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x151d176b3490) at /test/mtest/MDEV-20034/12.0_opt/sql/sql_parse.cc:7907
            		 
            #9  0x0000559e56eb5199 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x151ce4000c68, packet=packet@entry=0x151ce4008829 "CALL p", packet_length=packet_length@entry=6, blocking=true) at /test/mtest/MDEV-20034/12.0_opt/sql/sql_parse.cc:1904
            		 
            #10 0x0000559e56eb70f1 in do_command (thd=thd@entry=0x151ce4000c68, blocking=true) at /test/mtest/MDEV-20034/12.0_opt/sql/sql_parse.cc:1417
            		 
            #11 0x0000559e56fde8fd in do_handle_one_connection (connect=<optimized out>, connect@entry=0x559e6273dc38, put_in_cache=true) at /test/mtest/MDEV-20034/12.0_opt/sql/sql_connect.cc:1408
            		 
            #12 0x0000559e56fde6c3 in handle_one_connection (arg=arg@entry=0x559e6273dc38) at /test/mtest/MDEV-20034/12.0_opt/sql/sql_connect.cc:1320
            		 
            #13 0x0000559e5734e03e in pfs_spawn_thread (arg=0x559e626d92d8) at /test/mtest/MDEV-20034/12.0_opt/storage/perfschema/pfs.cc:2201
            		 
            #14 0x0000151d2609caa4 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:447
            		 
            #15 0x0000151d26129c3c in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

            ramesh Ramesh Sivaraman added a comment - - edited Following test cases crashes release build with a different stack. Please also test the fix with these test cases Test case 1 CREATE TABLE t (a INT );   --delimiter $ CREATE PROCEDURE p1 ( OUT c sys_refcursor) BEGIN OPEN c FOR SELECT a FROM t ; END ; $   CREATE PROCEDURE p2() BEGIN DECLARE c sys_refcursor; DECLARE v INT ; EXECUTE IMMEDIATE 'CALL p1 (?)' USING c; FETCH c INTO v; SELECT c,v; END ; $ --delimiter ;   --error ER_SP_FETCH_NO_DATA CALL p2;   CREATE OR REPLACE TABLE t (a INT ); --error ER_PARSE_ERROR CALL p2; --error ER_PARSE_ERROR CALL p2; CALL p1; Test case 2 --source include/have_innodb.inc   CREATE TABLE t (a INT ) ENGINE=INNODB;   --delimiter $ CREATE PROCEDURE p ( OUT c sys_refcursor) BEGIN OPEN c FOR SELECT a FROM t ; END ; $ --delimiter ;   CREATE TEMPORARY TABLE t (c INT ) ENGINE=INNODB; SET GLOBAL innodb_file_per_table=0; SET innodb_compression_default= ON ; --error ER_BAD_FIELD_ERROR CALL p (@a);   --error ER_CANT_CREATE_TABLE CREATE OR REPLACE TEMPORARY TABLE t (c INT ) ENGINE=INNODB; PREPARE s FROM 'CALL p(?)' ; --error ER_PARSE_ERROR EXECUTE s USING @a; --error ER_PARSE_ERROR CALL p(@a); CALL p; MDEV-20034 CS 11.4.6 b057fa93dec9b36521cb10e7d50c1458d49cf2d6 (Optimized) Build 21/03/2025 #0 Spvar_definition::is_table_rowtype_ref (this=0x0) at /test/mtest/MDEV-20034/12.0_opt/sql/field.h:5695 #1 sp_rcontext::init_var_items (this=this@entry=0x151ce4011138, thd=thd@entry=0x151ce4000c68, field_def_lst=...) at /test/mtest/MDEV-20034/12.0_opt/sql/sp_rcontext.cc:431 #2 0x0000559e56e1f207 in sp_rcontext::create (thd=0x151ce4000c68, owner=<optimized out>, root_parsing_ctx=<optimized out>, return_value_fld=<optimized out>, field_def_lst=...) at /test/mtest/MDEV-20034/12.0_opt/sql/sp_rcontext.cc:165 #3 0x0000559e56e163bc in sp_head::rcontext_create (this=0x151ce4142ca0, thd=0x151ce4000c68, ret_value=0x0, args=0x151ce4005ee0) at /test/mtest/MDEV-20034/12.0_opt/sql/sp_head.cc:1678 #4 sp_head::execute_procedure (this=0x151ce4142ca0, thd=0x151ce4000c68, args=0x151ce4005ee0) at /test/mtest/MDEV-20034/12.0_opt/sql/sp_head.cc:2181 #5 0x0000559e56eba10f in do_execute_sp (thd=thd@entry=0x151ce4000c68, sp=0x151ce4006bf0, sp@entry=0x151ce4142ca0) at /test/mtest/MDEV-20034/12.0_opt/sql/sql_parse.cc:3082 #6 0x0000559e56eb9ded in Sql_cmd_call::execute (this=0x151ce4010f30, thd=0x151ce4000c68) at /test/mtest/MDEV-20034/12.0_opt/sql/sql_parse.cc:3305 #7 0x0000559e56ebb3ad in mysql_execute_command (thd=thd@entry=0x151ce4000c68, is_called_from_prepared_stmt=false) at /test/mtest/MDEV-20034/12.0_opt/sql/sql_parse.cc:5878 #8 0x0000559e56eb6ce1 in mysql_parse (thd=thd@entry=0x151ce4000c68, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x151d176b3490) at /test/mtest/MDEV-20034/12.0_opt/sql/sql_parse.cc:7907 #9 0x0000559e56eb5199 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x151ce4000c68, packet=packet@entry=0x151ce4008829 "CALL p", packet_length=packet_length@entry=6, blocking=true) at /test/mtest/MDEV-20034/12.0_opt/sql/sql_parse.cc:1904 #10 0x0000559e56eb70f1 in do_command (thd=thd@entry=0x151ce4000c68, blocking=true) at /test/mtest/MDEV-20034/12.0_opt/sql/sql_parse.cc:1417 #11 0x0000559e56fde8fd in do_handle_one_connection (connect=<optimized out>, connect@entry=0x559e6273dc38, put_in_cache=true) at /test/mtest/MDEV-20034/12.0_opt/sql/sql_connect.cc:1408 #12 0x0000559e56fde6c3 in handle_one_connection (arg=arg@entry=0x559e6273dc38) at /test/mtest/MDEV-20034/12.0_opt/sql/sql_connect.cc:1320 #13 0x0000559e5734e03e in pfs_spawn_thread (arg=0x559e626d92d8) at /test/mtest/MDEV-20034/12.0_opt/storage/perfschema/pfs.cc:2201 #14 0x0000151d2609caa4 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:447 #15 0x0000151d26129c3c in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

            People

              bar Alexander Barkov
              ramesh Ramesh Sivaraman
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.