[MDEV-14834] Crash in TABLE::update_virtual_fields() when called from stored procedure Created: 2017-12-31  Updated: 2020-08-25  Resolved: 2018-01-30

Status: Closed
Project: MariaDB Server
Component/s: Virtual Columns
Affects Version/s: 10.2.11, 10.3.3
Fix Version/s: 10.2.12

Type: Bug Priority: Blocker
Reporter: Valerii Kravchuk Assignee: Michael Widenius
Resolution: Fixed Votes: 0
Labels: crash, stored_procedures


 Description   

Crash happens when complex stored procedure is called, with the following crashing thread based on full backtrace from generated core file:

#10 <signal handler called>
 
No symbol table info available.
 
#11 0x0000564ac124cd7d in TABLE::update_virtual_fields (this=this@entry=0x564b9ef0a008, h=<optimized out>, update_mode=update_mode@entry=VCOL_UPDATE_FOR_WRITE)
 
    at /home/buildbot/buildbot/padding_for_CPACK_RPM_BUILD_SOURCE_DIRS_PREFIX/mariadb-10.2.11/sql/table.cc:7427
 
        vcol_info = 0x564bb0f05a80
 
        update = <error reading variable update (Cannot access memory at address 0xb787a93d7575d8be)>
 
        swap_values = false
 
        vf = 0x564baaeb71f0
 
        backup_arena = {_vptr.Query_arena = 0x564ac208a170 <vtable for Query_arena+16>, free_list = 0x564baec13410, mem_root = 0x7fad6e0378d0, state = Query_arena::STMT_INITIALIZED_FOR_SP}
 
        Suppress_errors = {<Internal_error_handler> = {_vptr.Internal_error_handler = 0x564ac2091ef0 <vtable for Turn_errors_to_warnings_handler+16>, m_prev_internal_handler = 0x0}, <No data fields>}
 
        handler_pushed = false
 
        vfield_ptr = 0x564bb039af50
 
#12 0x0000564ac1155317 in fill_record_n_invoke_before_triggers (thd=thd@entry=0x564bb2204008, table=table@entry=0x564b9ef0a008, fields=..., values=..., ignore_errors=ignore_errors@entry=false, 
    event=event@entry=TRG_EVENT_UPDATE) at /home/buildbot/buildbot/padding_for_CPACK_RPM_BUILD_SOURCE_DIRS_PREFIX/mariadb-10.2.11/sql/sql_base.cc:8176
 
        fld = <optimized out>
 
        item_field = <optimized out>
 
        result = <optimized out>
 
        triggers = 0x564bb0b5e830
 
#13 0x0000564ac1239a81 in mysql_update (thd=thd@entry=0x564bb2204008, table_list=0x564bb32bb5e8, fields=..., values=..., conds=0x564baec13410, order_num=<optimized out>, order=<optimized out>, 
    limit=18446744073709551615, handle_duplicates=DUP_ERROR, ignore=false, found_return=found_return@entry=0x7fad6e036170, updated_return=updated_return@entry=0x7fad6e036220)
 
    at /home/buildbot/buildbot/padding_for_CPACK_RPM_BUILD_SOURCE_DIRS_PREFIX/mariadb-10.2.11/sql/sql_update.cc:749
 
        using_limit = false
 
        transactional_table = true
 
        loc_error = <optimized out>
 
        dup_key_found = 31
 
        select = 0x564baec137b0
 
        info = {table = 0x564b9ef0a008, forms = 0x7fad6e035d70, unlock_row = 0x564ac11c4360 <rr_unlock_row(st_join_table*)>, read_record = 0x564ac147cd10 <rr_from_tempfile(READ_RECORD*)>, 
          thd = 0x564bb2204008, select = 0x564baec137b0, cache_records = 0, ref_length = 166, struct_length = 0, reclength = 0, rec_cache_size = 0, error_offset = 0, index = 0, 
          ref_pos = 0x564bb0b5e6b8 "\f", record = 0x564bac738020 "\340\337\377/\376\f820200142298", rec_buf = 0x0, cache = 0x0, cache_pos = 0x0, cache_end = 0x0, read_positions = 0x0, addon_field = 0x0, 
          io_cache = 0x564baec137d0, print_error = true, ignore_not_found_rows = false, unpack = 0x0, copy_field = 0x0, copy_field_end = 0x0}
 
        will_batch = false
 
        error = 0
 
        want_privilege = <optimized out>
 
        file_sort = 0x0
 
        id = <optimized out>
 
        killed_status = NOT_KILLED
 
        can_compare_record = true
 
        updated = 0
 
        query_plan = {_vptr.Update_plan = 0x564ac2091b70 <vtable for Update_plan+16>, impossible_where = false, no_partitions = false, updating_a_view = false, mem_root = 0x7fad6e0378d0, 
          table = 0x564b9ef0a008, select = 0x564baec137b0, index = 64, scanned_rows = 1, select_lex = 0x564bb11ca828, possible_keys = {map = 739}, using_filesort = false, using_io_buffer = true}
 
        __FUNCTION__ = "mysql_update"
 
        safe_update = <optimized out>
 
        found = 0
 
        old_covering_keys = <optimized out>
 
        table = 0x564b9ef0a008
 
        res = <optimized out>
 
        table_count = 7
 
        err2 = <optimized out>
 
        used_key_is_modified = <optimized out>
 
        need_sort = false
 
        reverse = false
 
        select_lex = 0x564bb11ca828
 
        all_fields = {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x564ac222c380 <end_of_list>, last = 0x7fad6e035cd0, elements = 0}, <No data fields>}
 
        explain = 0x564baec13d20
 
        update_source_table = <optimized out>
 
#14 0x0000564ac11a20db in mysql_execute_command (thd=0x564bb2204008) at /home/buildbot/buildbot/padding_for_CPACK_RPM_BUILD_SOURCE_DIRS_PREFIX/mariadb-10.2.11/sql/sql_parse.cc:4532
 
        found = 0
 
        updated = 0
 
        res = 0
 
        lex = 0x564bb11ca020
 
        orig_binlog_format = <optimized out>
 
        up_result = 0
 
        rpl_filter = <optimized out>
 
        orig_current_stmt_binlog_format = <optimized out>
 
        __FUNCTION__ = "mysql_execute_command"
 
        select_lex = 0x564bb11ca828
 
        first_table = <optimized out>
 
        all_tables = 0x564bb32bb5e8
 
        unit = 0x564bb11ca0e8
 
        have_table_map_for_update = <optimized out>
 
#15 0x0000564ac1117ca6 in sp_instr_stmt::exec_core (this=0x564bb11d02f0, thd=<optimized out>, nextp=0x7fad6e037820)
 
    at /home/buildbot/buildbot/padding_for_CPACK_RPM_BUILD_SOURCE_DIRS_PREFIX/mariadb-10.2.11/sql/sp_head.cc:3588
 
        res = -1326425472
 
#16 0x0000564ac111f8e9 in sp_lex_keeper::reset_lex_and_exec_core (this=this@entry=0x564bb11d0338, thd=thd@entry=0x564bb2204008, nextp=nextp@entry=0x7fad6e037820, open_tables=open_tables@entry=false, 
    instr=instr@entry=0x564bb11d02f0) at /home/buildbot/buildbot/padding_for_CPACK_RPM_BUILD_SOURCE_DIRS_PREFIX/mariadb-10.2.11/sql/sp_head.cc:3333
 
        res = <optimized out>
 
        parent_modified_non_trans_table = false
 
        __FUNCTION__ = "reset_lex_and_exec_core"
 
#17 0x0000564ac111fee5 in sp_instr_stmt::execute (this=0x564bb11d02f0, thd=0x564bb2204008, nextp=0x7fad6e037820)
 
    at /home/buildbot/buildbot/padding_for_CPACK_RPM_BUILD_SOURCE_DIRS_PREFIX/mariadb-10.2.11/sql/sp_head.cc:3504
 
        log_slow = <optimized out>
 
        res = 0
 
        query_backup = {string = {str = 0x564bb2218020 "call <some_pkg>.<some_proc>(<some_list_of_params>)", length = 111}, 
          cs = 0x564ac221a0c0 <my_charset_utf8_general_ci>}
 
#18 0x0000564ac111b94e in sp_head::execute (this=this@entry=0x564bb59cec20, thd=thd@entry=0x564bb2204008, merge_da_on_success=merge_da_on_success@entry=true)
 
    at /home/buildbot/buildbot/padding_for_CPACK_RPM_BUILD_SOURCE_DIRS_PREFIX/mariadb-10.2.11/sql/sp_head.cc:1377
 
        user_var_events_alloc_saved = 0x564bb2209060
 
        parent_digest = 0x0
 
        cur_db_changed = false
 
        old_server_status = 0
 
        err_status = false
 
        save_sql_mode = 270590478
 
        execute_arena = {_vptr.Query_arena = 0x564ac208a170 <vtable for Query_arena+16>, free_list = 0x0, mem_root = 0x7fad6e0378d0, state = Query_arena::STMT_INITIALIZED_FOR_SP}
 
        sp_wi = {m_warn_root = {free = 0x0, used = 0x0, pre_alloc = 0x0, min_malloc = 32, block_size = 2009, total_alloc = 0, block_num = 4, first_block_usage = 0, 
            error_handler = 0x564ac124f710 <sql_alloc_error_handler()>}, m_warn_list = {<I_P_List_counter> = {m_counter = 0}, <I_P_List_fast_push_back<Sql_condition>> = {m_last = 0x7fad6e037960}, 
            m_first = 0x0}, m_warn_count = {0, 0, 0}, m_current_statement_warn_count = 0, m_current_row_for_warning = 1, m_warn_id = 208827307, m_error_condition = 0x0, m_allow_unlimited_warnings = false, 
          initialized = true, m_read_only = false, m_next_in_da = 0x564bb22092e0, m_prev_in_da = 0x564bb22093a0, m_marked_sql_conditions = {<base_list> = {<Sql_alloc> = {<No data fields>}, 
              first = 0x564ac222c380 <end_of_list>, last = 0x7fad6e0379a8, elements = 0}, <No data fields>}}
 
        saved_cur_db_name_buf = '\000' <repeats 168 times>, " 융KV\000\000@{\003n\255\177\000\000\b@ \262KV\000\000\330KV\000\000\001"
 
        old_lex = 0x564bbbe70020
 
        old_change_list = {<base_ilist> = {first = 0x564bb2207468, last = {_vptr.ilink = 0x564ac20844b0 <vtable for ilink+16>, prev = 0x564bb2207460, next = 0x0}}, <No data fields>}
 
        save_reprepare_observer = 0x7fad6e039ad0
 
        saved_cur_db_name = {str = 0x7fad6e0379c0 "", length = 202}
 
        ctx = 0x564ba4d21680
 
        save_abort_on_warning = false
 
        old_arena = 0x564ba506f0e0
 
        execute_mem_root = {free = 0x564bae25c008, used = 0x564baec12008, pre_alloc = 0x0, min_malloc = 32, block_size = 8152, total_alloc = 16304, block_num = 6, first_block_usage = 0, 
          error_handler = 0x564ac124f710 <sql_alloc_error_handler()>}
 
        i = 0x564bb11d02f0
 
        ip = 154
 
        backup_arena = {_vptr.Query_arena = 0x564ac208a170 <vtable for Query_arena+16>, free_list = 0x564bb0dc56d0, mem_root = 0x564bb2209060, state = Query_arena::STMT_CONVENTIONAL_EXECUTION}
 
        old_query_id = 203559017
 
        old_derived_tables = 0x0
 
        old_packet = {Ptr = 0x564bb2213008 "\003def", str_length = 23, Alloced_length = 16392, extra_alloc = 0, alloced = true, thread_specific = false, str_charset = 0x564ac21b1ea0 <my_charset_bin>}
 
        saved_creation_ctx = 0x564bb0dc5758
 
        da = 0x564bb22090a0
 
#19 0x0000564ac111ca77 in sp_head::execute_procedure (this=0x564bb59cec20, thd=thd@entry=0x564bb2204008, args=0x564bbbe70e10)
 
    at /home/buildbot/buildbot/padding_for_CPACK_RPM_BUILD_SOURCE_DIRS_PREFIX/mariadb-10.2.11/sql/sp_head.cc:2299
 
        params = <optimized out>
 
        save_spcont = 0x0
 
        nctx = 0x564ba4d21680
 
        octx = 0x564bb2235ad0
 
        save_log_general = true
 
        __FUNCTION__ = "execute_procedure"
 
        need_binlog_call = <optimized out>
 
        err_status = false
 
        utime_before_sp_exec = 3157850677169
 
        save_enable_slow_log = true
 
        pkg = 0x0
 
        save_security_ctx = 0x564bb2205ac0
 
#20 0x0000564ac119748b in do_execute_sp (thd=thd@entry=0x564bb2204008, sp=sp@entry=0x564bb59cec20)
 
    at /home/buildbot/buildbot/padding_for_CPACK_RPM_BUILD_SOURCE_DIRS_PREFIX/mariadb-10.2.11/sql/sql_parse.cc:2920
 
        bits_to_be_cleared = <optimized out>
 
        select_limit = 18446744073709551615
 
        res = <optimized out>
 
#21 0x0000564ac1199286 in Sql_cmd_call::execute (this=this@entry=0x564bbbe726d0, thd=thd@entry=0x564bb2204008)
 
    at /home/buildbot/buildbot/padding_for_CPACK_RPM_BUILD_SOURCE_DIRS_PREFIX/mariadb-10.2.11/sql/sql_parse.cc:3160
 
        sp = 0x564bb59cec20
 
#22 0x0000564ac1199a80 in Sql_cmd_call::execute (this=0x564bbbe726d0, thd=0x564bb2204008) at /home/buildbot/buildbot/padding_for_CPACK_RPM_BUILD_SOURCE_DIRS_PREFIX/mariadb-10.2.11/sql/sql_parse.cc:3114
 
No locals.
 
#23 0x0000564ac119f3dd in mysql_execute_command (thd=0x564bb2204008) at /home/buildbot/buildbot/padding_for_CPACK_RPM_BUILD_SOURCE_DIRS_PREFIX/mariadb-10.2.11/sql/sql_parse.cc:6236
 
        res = 0
 
        lex = 0x564bbbe70020
 
        orig_binlog_format = <optimized out>
 
        up_result = 0
 
        rpl_filter = <optimized out>
 
        orig_current_stmt_binlog_format = <optimized out>
 
        __FUNCTION__ = "mysql_execute_command"
 
        select_lex = 0x564bbbe70828
 
        first_table = <optimized out>
 
        all_tables = 0x0
 
        unit = 0x564bbbe700e8
 
        have_table_map_for_update = <optimized out>
 
#24 0x0000564ac11b93ae in Prepared_statement::execute (this=this@entry=0x564ba506f0c8, expanded_query=expanded_query@entry=0x7fad6e039f90, open_cursor=open_cursor@entry=false)
 
    at /home/buildbot/buildbot/padding_for_CPACK_RPM_BUILD_SOURCE_DIRS_PREFIX/mariadb-10.2.11/sql/sql_prepare.cc:4777
 
        parent_locker = <optimized out>
 
        stmt_backup = {<ilink> = {_vptr.ilink = 0x564ac208a1b0 <vtable for Statement+16>, prev = 0x0, next = 0x0}, <Query_arena> = {_vptr.Query_arena = 0x564ac208a1e0 <vtable for Statement+64>, 
            free_list = 0x7fad6e039910, mem_root = 0x564ac18c74e5 <my_malloc+101>, state = 1845729584}, id = 0, mark_used_columns = MARK_COLUMNS_READ, name = {
 
            str = 0x564ac221a0c0 <my_charset_utf8_general_ci> "!", length = 140382851799344}, lex = 0x564bb2207a88, query_string = {string = {
 
              str = 0x564bb2218020 ""call <some_pkg>.<some_proc>(<some_list_of_params>)"", length = 111}, 
            cs = 0x564ac221a0c0 <my_charset_utf8_general_ci>}, base_query = {Ptr = 0x0, str_length = 0, Alloced_length = 0, extra_alloc = 0, alloced = false, thread_specific = false, 
            str_charset = 0x564ac21b1ea0 <my_charset_bin>}, db = 0x564bb2204248 "\b\354\356\264KV", db_length = 94883110994504, query_cache_is_applicable = 20 '\024'}
 
        old_stmt_arena = 0x564bb2204020
 
        saved_cur_db_name_buf = "P\237\003n\255\177\000\000\000\206\240\375\000\000\000\000\065\340 \262KV\000\000\255\032\203\t\302\177\000\000m\340 \262KV\000\000\b\340 \262KV\000\000˙\003n\255\177\000\000\000\000\000\000\000\000\000\000\300\231\003n\255\177\000\000\b\354\356\264KV\000\000tdsdbinuser\000JV\000\000P\232\003n\255\177\000\000\360\231\003n\255\177\000\000\347\000\000\000\000\000\000\000\b\340 \262KV\000\000\200\001\271\037.n\270{\261\215V\311d\205\240\244\217w\237\332\320\347yR~\236\363Q\227\320\301\324\375Ƚ\203\353\216\f\025\255u\202%Fӝ%\335qp\351\006\035\213\353y\346\036X(\255\224\271\000\232\003n\255\177\000\000P\233"
 
        saved_cur_db_name = {str = 0x7fad6e039970 "P\237\003n\255\177", length = 202}
 
        cur_db_changed = false
 
        error = true
 
        stmt_db_name = {str = 0x564bbbe715f8 "tdsdbinowner", length = 12}
 
#25 0x0000564ac11b953f in Prepared_statement::execute_loop (this=0x564ba506f0c8, expanded_query=0x7fad6e039f90, open_cursor=false, packet_end=<optimized out>, packet=<optimized out>)
 
    at /home/buildbot/buildbot/padding_for_CPACK_RPM_BUILD_SOURCE_DIRS_PREFIX/mariadb-10.2.11/sql/sql_prepare.cc:4206
 
        reprepare_observer = {m_invalidated = false}
 
        error = <optimized out>
 
#26 0x0000564ac11ba287 in mysql_stmt_execute_common (thd=thd@entry=0x564bb2204008, stmt_id=1, packet=packet@entry=0x564bb220e012 "@\001\017", packet_end=packet_end@entry=0x564bb220e04e "", cursor_flags=0, 
    bulk_op=bulk_op@entry=false, read_types=read_types@entry=false) at /home/buildbot/buildbot/padding_for_CPACK_RPM_BUILD_SOURCE_DIRS_PREFIX/mariadb-10.2.11/sql/sql_prepare.cc:3224
 
        expanded_query = {Ptr = 0x564baa506048 ""call <some_pkg>.<some_proc>(<some_list_of_params>)"", str_length = 111, Alloced_length = 184, 
          extra_alloc = 128, alloced = true, thread_specific = false, str_charset = 0x564ac21b1ea0 <my_charset_bin>}
 
        stmt = 0x564ba506f0c8
 
        save_protocol = 0x564bb2204518
 
        open_cursor = false
 
#27 0x0000564ac11ba317 in mysqld_stmt_execute (thd=thd@entry=0x564bb2204008, packet_arg=packet_arg@entry=0x564bb220e009 "\001", packet_length=packet_length@entry=69)
 
    at /home/buildbot/buildbot/padding_for_CPACK_RPM_BUILD_SOURCE_DIRS_PREFIX/mariadb-10.2.11/sql/sql_prepare.cc:3122
 
        packet = 0x564bb220e012 "@\001\017"
 
        stmt_id = <optimized out>
 
        flags = <optimized out>
 
        packet_end = 0x564bb220e04e ""
 
#28 0x0000564ac11a8d92 in dispatch_command (command=command@entry=COM_STMT_EXECUTE, thd=thd@entry=0x564bb2204008, packet=packet@entry=0x564bb220e009 "\001", packet_length=packet_length@entry=69, 
    is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /home/buildbot/buildbot/padding_for_CPACK_RPM_BUILD_SOURCE_DIRS_PREFIX/mariadb-10.2.11/sql/sql_parse.cc:1776
 
        net = 0x564bb2204248
 
        do_end_of_statement = true
 
        __FUNCTION__ = "dispatch_command"
 
        error = false
 
        drop_more_results = false
 
#29 0x0000564ac11aac89 in do_command (thd=0x564bb2204008) at /home/buildbot/buildbot/padding_for_CPACK_RPM_BUILD_SOURCE_DIRS_PREFIX/mariadb-10.2.11/sql/sql_parse.cc:1383
 
        return_value = <optimized out>
 
        packet = 0x564bb220e008 "\027\001"
 
        packet_length = 70
 
        net = 0x564bb2204248
 
        command = COM_STMT_EXECUTE
 
#30 0x0000564ac126f5aa in do_handle_one_connection (connect=connect@entry=0x564bb0c688a8) at /home/buildbot/buildbot/padding_for_CPACK_RPM_BUILD_SOURCE_DIRS_PREFIX/mariadb-10.2.11/sql/sql_connect.cc:1354
 
        create_user = true
 
        thr_create_utime = <optimized out>
 
        thd = 0x564bb2204008
 
#31 0x0000564ac126f6cd in handle_one_connection (arg=0x564bb0c688a8) at /home/buildbot/buildbot/padding_for_CPACK_RPM_BUILD_SOURCE_DIRS_PREFIX/mariadb-10.2.11/sql/sql_connect.cc:1260
 
        connect = 0x564bb0c688a8
 
#32 0x00007fc20982ae25 in start_thread () from /lib64/libpthread.so.0
 
No symbol table info available.
 
#33 0x00007fc207e7d34d in clone () from /lib64/libc.so.6
 
No symbol table info available

I feel it may be related to https://jira.mariadb.org/browse/MDEV-13679, but so far there are no reasons to think SEQUENCE is used to set default value for any column.

 Comments   
Comment by Michael Widenius [ 2018-01-30 ]

This was fixed in commit 7e882a60bfb116e40df89e793c2b71decbe82f6d

The commit message was:

Ensure that table->vcol_set is properly restored if used
 
    
Code in QUICK_RANGE_SELECT::init_ror_merged_scan() could theoretically
 
have caused crashes if this was ever called from an update or delete
 
    
This also found a bug in the vcol/range.result file.

Generated at Thu Feb 08 08:16:38 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.