Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-36462

Crash on `DECLARE spvar1 ROW TYPE OF cursor1` after a table recreation

Details

    • Bug
    • Status: Closed (View Workflow)
    • Critical
    • Resolution: Fixed
    • 11.2.6, 11.4, 11.8
    • 11.4.6
    • Stored routines
    • None

    Description

      This problem can be a duplicate for MDEV-36114, but I'm not sure.

      The following script crashes 11.2, 11.4, 11.8 debug builds:

      DROP PROCEDURE IF EXISTS p1;
      		 
      DROP PROCEDURE IF EXISTS p2;
      		 
       
      		 
      DELIMITER /
      		 
      CREATE PROCEDURE p1()
      		 
      BEGIN 
        DECLARE c CURSOR FOR SELECT a FROM t1;
      		 
        BEGIN
      		 
          DECLARE va ROW TYPE OF c; -- the crash happens here
      		 
        END;
      		 
      END; 
      /
      		 
      CREATE PROCEDURE p2()
      		 
      BEGIN
      		 
        FOR i IN 1..10 DO  -- usually it crashes on the third iteration, but not always
      		 
          SELECT i;
      		 
          CREATE OR REPLACE TABLE t1 (a INT);
      		 
          CALL p1;
      		 
          CALL p1;
      		 
        END FOR;
      		 
      END;
      		 
      /
      		 
      DELIMITER ;
      		 
      CALL p2;

      with this stack:

      #0  0x0000555556074918 in cleanup_items (item=0x7fff940d8cc8)
      		 
          at /home/bar/maria-git/11.4/sql/sql_parse.cc:1135
      		 
      #1  0x0000555556362fb8 in sp_lex_instr::parse_expr (this=0x7fff940b8e68, thd=0x7fff94000dc8, 
          sp=0x7fff940ad168, sp_instr_lex=0x7fff940b6ff0) at /home/bar/maria-git/11.4/sql/sp_instr.cc:845
      		 
      #2  0x0000555556362336 in sp_lex_keeper::validate_lex_and_exec_core (this=0x7fff940b8ea0, 
          thd=0x7fff94000dc8, nextp=0x7ffff008e77c, open_tables=false, instr=0x7fff940b8e68)
      		 
          at /home/bar/maria-git/11.4/sql/sp_instr.cc:449
      		 
      #3  0x00005555563625b3 in sp_lex_keeper::cursor_reset_lex_and_exec_core (this=0x7fff940b8ea0, 
          thd=0x7fff94000dc8, nextp=0x7ffff008e77c, open_tables=false, instr=0x7fff940b8e68)
      		 
          at /home/bar/maria-git/11.4/sql/sp_instr.cc:531
      		 
      #4  0x0000555556366b2c in sp_instr_cursor_copy_struct::execute (this=0x7fff940b8e68, thd=0x7fff94000dc8, 
          nextp=0x7ffff008e77c) at /home/bar/maria-git/11.4/sql/sp_instr.cc:2078
      		 
      #5  0x0000555555f6ad4b in sp_head::execute (this=0x7fff940ad168, thd=0x7fff94000dc8, 
          merge_da_on_success=true) at /home/bar/maria-git/11.4/sql/sp_head.cc:1286

      A preview-12.0-preview debug build crashes with a different stack:

      #0  0x00007ffff72ae8a4 in __pthread_kill_implementation () from /lib64/libc.so.6
      		 
      #1  0x00007ffff725c8ee in raise () from /lib64/libc.so.6
      		 
      #2  0x00007ffff72448ff in abort () from /lib64/libc.so.6
      		 
      #3  0x00007ffff724481b in __assert_fail_base.cold () from /lib64/libc.so.6
      		 
      #4  0x00007ffff7254c57 in __assert_fail () from /lib64/libc.so.6
      		 
      #5  0x0000555556eee872 in alloc_root (mem_root=0x7fff8c0cb2a0, length=160)
      		 
          at /home/bar/maria-git/12.0-preview/mysys/my_alloc.c:278
      		 
      #6  0x00005555560ddebb in Query_arena::calloc<Item*> (this=0x7fff8c0cf5a0, size=20)
      		 
          at /home/bar/maria-git/12.0-preview/sql/sql_class.h:1321
      		 
      #7  0x00005555560b41cd in st_select_lex::setup_ref_array (this=0x7fff8c0e7ed8, thd=0x7fff8c000dc8, 
          order_group_num=0) at /home/bar/maria-git/12.0-preview/sql/sql_lex.cc:3695
      		 
      #8  0x0000555556166f31 in JOIN::prepare (this=0x7fff8c068640, tables_init=0x7fff8c0e8520, conds_init=0x0, 
          og_num=0, order_init=0x0, skip_order_by=false, group_init=0x0, having_init=0x0, proc_param_init=0x0, 
          select_lex_arg=0x7fff8c0e7ed8, unit_arg=0x7fff8c0cd800)
      		 
          at /home/bar/maria-git/12.0-preview/sql/sql_select.cc:1555
      		 
      #9  0x000055555617531e in mysql_select (thd=0x7fff8c000dc8, tables=0x7fff8c0e8520, fields=..., conds=0x0, 
          og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=70884003584, 
          result=0x7fff8c068410, unit=0x7fff8c0cd800, select_lex=0x7fff8c0e7ed8)
      		 
          at /home/bar/maria-git/12.0-preview/sql/sql_select.cc:5355
      		 
      #10 0x00005555561631b4 in handle_select (thd=0x7fff8c000dc8, lex=0x7fff8c0cd720, result=0x7fff8c068410, 
          setup_tables_done_option=0) at /home/bar/maria-git/12.0-preview/sql/sql_select.cc:635
      		 
      #11 0x000055555610483d in execute_sqlcom_select (thd=0x7fff8c000dc8, all_tables=0x7fff8c0e8520)
      		 
          at /home/bar/maria-git/12.0-preview/sql/sql_parse.cc:6164
      		 
      #12 0x00005555560fc3db in mysql_execute_command (thd=0x7fff8c000dc8, is_called_from_prepared_stmt=false)
      		 
          at /home/bar/maria-git/12.0-preview/sql/sql_parse.cc:3952
      		 
      #13 0x00005555560782af in mysql_open_cursor (thd=0x7fff8c000dc8, result=0x7fffdc6d1210, 
          pcursor=0x7fffdc6d1248) at /home/bar/maria-git/12.0-preview/sql/sql_cursor.cc:135
      		 
      #14 0x0000555555fe7645 in sp_cursor::open (this=0x7fffdc6d11f0, thd=0x7fff8c000dc8, 
          check_open_cursor_counter=true) at /home/bar/maria-git/12.0-preview/sql/sp_rcontext.cc:795
      		 
      #15 0x00005555563f3d93 in sp_instr_cursor_copy_struct::exec_core (this=0x7fff8c0cf5d8, thd=0x7fff8c000dc8, 
          nextp=0x7fffdc6d14bc) at /home/bar/maria-git/12.0-preview/sql/sp_instr.cc:2197

      Attachments

        Issue Links

          blocks

          Bug - A problem which impairs or prevents the functions of the product. MDEV-36377 Assertion `thd->lex == sp_instr_lex' failed in LEX *sp_lex_instr::parse_expr(THD *, sp_head *, LEX *)

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed
          relates to

          Task - A task that needs to be done. MDEV-5816 MySQL WL#4179 - Stored programs: validation of stored program statements

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          New Feature - A new feature of the product, which has yet to be developed. MDEV-20034 Add support for the pre-defined weak SYS_REFCURSOR

          • Major - Major loss of function.
          • In Testing

          Bug - A problem which impairs or prevents the functions of the product. MDEV-31661 Assertion `thd->lex == sp_instr_lex' failed in LEX* sp_lex_instr::parse_expr(THD*, sp_head*, LEX*)

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-36114 Assertion `(mem_root->flags & 4) == 0' failed in Field_iterator_table::create_item

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-36377 Assertion `thd->lex == sp_instr_lex' failed in LEX *sp_lex_instr::parse_expr(THD *, sp_head *, LEX *)

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-36409 Server crashes when creating a table using function with a return type sys_refcursor

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            People

              shulga Dmitry Shulga
              bar Alexander Barkov
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.