Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-9496

Crash in CREATE OR REPLACE TABLE t1 AS SELECT stored_function()

Details

    Description

      DROP FUNCTION IF EXISTS f1;
      		 
      CREATE  FUNCTION f1() RETURNS INT RETURN 1;
      		 
      CREATE OR REPLACE TABLE t1 SELECT f1() AS a;

      crashes the server with this stack trace:

      #0  0x00000000005e7e77 in wait_while_table_is_used (thd=0x7fff9a6b0070, 
          table=0x0, function=HA_EXTRA_NOT_USED)
      		 
          at /home/bar/maria-git/server-10.0/sql/sql_base.cc:1835
      		 
      #1  0x00000000006f0e5c in mysql_rm_table_no_locks (thd=0x7fff9a6b0070, 
          tables=0x7ffff7f7ba70, if_exists=false, drop_temporary=false, 
          drop_view=false, dont_log_query=true, dont_free_locks=true)
      		 
          at /home/bar/maria-git/server-10.0/sql/sql_table.cc:2469
      		 
      #2  0x00000000006f7126 in create_table_impl (thd=0x7fff9a6b0070, 
          orig_db=0x7fff918d3770 "test", orig_table_name=0x7fff918d3158 "t1", 
          db=0x7fff918d3770 "test", table_name=0x7fff918d3158 "t1", 
          path=0x7ffff7f7c520 "./test/t1", create_info=0x7ffff7f7dc50, 
          alter_info=0x7ffff7f7dbc0, create_table_mode=1, is_trans=0x0, 
          key_info=0x7ffff7f7c728, key_count=0x7ffff7f7c724, frm=0x7ffff7f7c510)
      		 
          at /home/bar/maria-git/server-10.0/sql/sql_table.cc:4738
      		 
      #3  0x00000000006f7a26 in mysql_create_table_no_lock (thd=0x7fff9a6b0070, 
          db=0x7fff918d3770 "test", table_name=0x7fff918d3158 "t1", 
          create_info=0x7ffff7f7dc50, alter_info=0x7ffff7f7dbc0, is_trans=0x0, 
          create_table_mode=1)
      		 
          at /home/bar/maria-git/server-10.0/sql/sql_table.cc:4941
      		 
      #4  0x00000000006338ec in create_table_from_items (thd=0x7fff9a6b0070, 
          create_info=0x7ffff7f7dc50, create_table=0x7fff918d3190, 
          alter_info=0x7ffff7f7dbc0, items=0x7fff9a6b41e8, lock=0x7ffff7f7d898, 
          hooks=0x7ffff7f7d850)
      		 
          at /home/bar/maria-git/server-10.0/sql/sql_insert.cc:3955
      		 
      #5  0x0000000000633f7b in select_create::prepare (this=0x7fff918d4e10, 
          values=..., u=0x7fff9a6b39e0)
      		 
          at /home/bar/maria-git/server-10.0/sql/sql_insert.cc:4128
      		 
      #6  0x000000000067ead0 in JOIN::prepare (this=0x7fff919b6088, 
          rref_pointer_array=0x7fff9a6b4348, tables_init=0x0, wild_num=0, conds_init=
      		 
          0x0, og_num=0, order_init=0x0, skip_order_by=false, group_init=0x0, 
          having_init=0x0, proc_param_init=0x0, select_lex_arg=0x7fff9a6b40d0, 
          unit_arg=0x7fff9a6b39e0)
      		 
          at /home/bar/maria-git/server-10.0/sql/sql_select.cc:967
      		 
      ....

      If I rewrite the script as follows:

      DROP FUNCTION IF EXISTS f1;
      		 
      CREATE  FUNCTION f1() RETURNS INT RETURN 1;
      		 
      DROP TABLE IF EXISTS t1;
      		 
      CREATE OR REPLACE TABLE t1 SELECT f1() AS a;

      it does not crash.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-10824 Crash in CREATE OR REPLACE TABLE t1 AS SELECT spfunc()

          • Major - Major loss of function.
          • Closed

          Activity

            Ascending order - Click to sort in descending order
            bar Alexander Barkov created issue -
            bar Alexander Barkov made changes -
            Field Original Value New Value
            Priority Major [ 3 ] Critical [ 2 ]
            bar Alexander Barkov made changes -
            Priority Critical [ 2 ] Major [ 3 ]
            elenst Elena Stepanova made changes -
            Status Open [ 1 ] Confirmed [ 10101 ]
            elenst Elena Stepanova added a comment -

            So, the full test case is actually this:

            CREATE TABLE t1 (i INT);
            		 
            DROP FUNCTION IF EXISTS f1;
            		 
            CREATE  FUNCTION f1() RETURNS INT RETURN 1;
            		 
            CREATE OR REPLACE TABLE t1 SELECT f1() AS a;

            (the table should already exist).

            elenst Elena Stepanova added a comment - So, the full test case is actually this: CREATE TABLE t1 (i INT); DROP FUNCTION IF EXISTS f1; CREATE FUNCTION f1() RETURNS INT RETURN 1; CREATE OR REPLACE TABLE t1 SELECT f1() AS a; (the table should already exist).
            elenst Elena Stepanova made changes -
            Assignee Michael Widenius [ monty ]
            serg Sergei Golubchik made changes -
            Fix Version/s 10.0 [ 16000 ]
            Fix Version/s 10.1 [ 16100 ]
            Fix Version/s 10.2 [ 14601 ]
            serg Sergei Golubchik made changes -
            Assignee Michael Widenius [ monty ]
            elenst Elena Stepanova made changes -
            elenst Elena Stepanova added a comment - - edited

            Fixed in the scope of MDEV-10824 (or at least disappeared from 10.0 tree after this bugfix).

            commit a3c980b381ead0ea13df8314258c7a8d11fe5cd1
            		 
            Author: Sergey Vojtovich
            		 
            Date:   Mon Oct 24 15:26:11 2016 +0400
            		 
             
            		 
                MDEV-10824 - Crash in CREATE OR REPLACE TABLE t1 AS SELECT spfunc()
            		 
                
                Code flow hit incorrect branch while closing table instances before removal.
            		 
                This branch expects thread to hold open table instance, whereas CREATE OR
            		 
                REPLACE doesn't actually hold open table instance.
            		 
                
                Before CREATE OR REPLACE TABLE it was impossible to hit this condition in
            		 
                LTM_PRELOCKED mode, thus the problem didn't expose itself during DROP TABLE
            		 
                or DROP DATABASE.
            		 
                
                Fixed by adjusting condition to take into account LTM_PRELOCKED mode, which can
            		 
                be set during CREATE OR REPLACE TABLE.

            elenst Elena Stepanova added a comment - - edited Fixed in the scope of MDEV-10824 (or at least disappeared from 10.0 tree after this bugfix). commit a3c980b381ead0ea13df8314258c7a8d11fe5cd1 Author: Sergey Vojtovich Date: Mon Oct 24 15:26:11 2016 +0400   MDEV-10824 - Crash in CREATE OR REPLACE TABLE t1 AS SELECT spfunc() Code flow hit incorrect branch while closing table instances before removal. This branch expects thread to hold open table instance, whereas CREATE OR REPLACE doesn't actually hold open table instance. Before CREATE OR REPLACE TABLE it was impossible to hit this condition in LTM_PRELOCKED mode, thus the problem didn't expose itself during DROP TABLE or DROP DATABASE. Fixed by adjusting condition to take into account LTM_PRELOCKED mode, which can be set during CREATE OR REPLACE TABLE.
            elenst Elena Stepanova made changes -
            Component/s Locking [ 10900 ]
            Component/s Stored routines [ 13905 ]
            Fix Version/s 10.2.4 [ 22116 ]
            Fix Version/s 10.1.19 [ 22111 ]
            Fix Version/s 10.0.28 [ 22107 ]
            Fix Version/s 10.2 [ 14601 ]
            Fix Version/s 10.0 [ 16000 ]
            Fix Version/s 10.1 [ 16100 ]
            Resolution Fixed [ 1 ]
            Status Confirmed [ 10101 ] Closed [ 6 ]
            serg Sergei Golubchik made changes -
            Workflow MariaDB v3 [ 73847 ] MariaDB v4 [ 150062 ]

            People

              Unassigned Unassigned
              bar Alexander Barkov
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.