It is outer reference which somehow left in the condition (it was rolled back in some other place, so it is classical reference from 2 places).
above was not correct, problematic Item was allocated in agg_item_set_converter:
/*
|
If in statement prepare, then we create a converter for two
|
constant items, do it once and then reuse it.
|
If we're in execution of a prepared statement, arena is NULL,
|
and the conv was created in runtime memory. This can be
|
the case only if the argument is a parameter marker ('?'),
|
because for all true constants the charset converter has already
|
been created in prepare. In this case register the change for
|
rollback.
|
*/
|
if (thd->stmt_arena->is_stmt_prepare())
|
*arg= conv;
|
else
|
thd->change_item_tree(arg, conv);
|
Problematic Item was created in convert_subq_to_sj. Above make correct rollback, but then item which shouod be rolled back copied by convert_subq_to_sj.
So far I have no ideas how to fix it without a lot of scanning of the rollback list...
The question is why parts of equality touched not equality as whole.
Similar case, adding to make it searchable :
CREATE TABLE t1 (a1 varchar(10)); |
CREATE TABLE t2 (a2 varchar(10)); |
CREATE TABLE t3 (u1 varchar(10) CHARACTER SET utf8); |
CREATE TABLE t4 (u2 varchar(10) CHARACTER SET utf8); |
|
DELIMITER $$;
|
CREATE PROCEDURE p() |
BEGIN
|
PREPARE stmt FROM "SELECT t1.* FROM (t1 JOIN t2 JOIN t3 ON (t3.u1 = t2.a2)) |
WHERE (EXISTS (SELECT 1 FROM t4 WHERE t4.u2 = t1.a1))"; |
EXECUTE stmt; |
EXECUTE stmt; |
END$$ |
DELIMITER ;$$
|
|
|
CALL p();
|
10.0 09bc99fac900648ea36b0a0e66fbf1
|
#2 0x00000000008667c1 in handle_fatal_signal (sig=11) at /10.0/sql/signal_handler.cc:285
|
#3 <signal handler called>
|
#4 0x00000000008cd0a2 in Item_func::print_op (this=0x7f07501ca940, str=0x7f0765a22490, query_type=QT_ORDINARY) at /10.0/sql/item_func.cc:491
|
#5 0x00000000008b1d7b in Item_bool_func2::print (this=0x7f07501ca940, str=0x7f0765a22490, query_type=QT_ORDINARY) at /10.0/sql/item_cmpfunc.h:398
|
#6 0x00000000008abf70 in Item_cond::print (this=0x7f07501cd1c8, str=0x7f0765a22490, query_type=QT_ORDINARY) at /10.0/sql/item_cmpfunc.cc:4797
|
#7 0x00000000008959a1 in dbug_print_item (item=0x7f07501cd1c8) at /10.0/sql/item.cc:10012
|
#8 0x0000000000690f29 in JOIN::prepare (this=0x7f07501cd400, rref_pointer_array=0x7f0750123af0, tables_init=0x7f0750126088, wild_num=0, conds_init=0x7f07501cd1c8, og_num=0, order_init=0x0, skip_order_by=false, group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x7f0750123848, unit_arg=0x7f0750123158) at /10.0/sql/sql_select.cc:705
|
#9 0x000000000069aaf2 in mysql_select (thd=0x7f0758a4f070, rref_pointer_array=0x7f0750123af0, tables=0x7f0750126088, wild_num=0, fields=..., conds=0x7f07501cd1c8, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2416185088, result=0x7f0750127fd0, unit=0x7f0750123158, select_lex=0x7f0750123848) at /10.0/sql/sql_select.cc:3326
|
#10 0x000000000069052a in handle_select (thd=0x7f0758a4f070, lex=0x7f0750123090, result=0x7f0750127fd0, setup_tables_done_option=0) at /10.0/sql/sql_select.cc:377
|
#11 0x000000000066116a in execute_sqlcom_select (thd=0x7f0758a4f070, all_tables=0x7f0750126088) at /10.0/sql/sql_parse.cc:5301
|
#12 0x00000000006591ba in mysql_execute_command (thd=0x7f0758a4f070) at /10.0/sql/sql_parse.cc:2557
|
#13 0x000000000067e6dc in Prepared_statement::execute (this=0x7f0750113470, expanded_query=0x7f0765a239b0, open_cursor=false) at /10.0/sql/sql_prepare.cc:3975
|
#14 0x000000000067d695 in Prepared_statement::execute_loop (this=0x7f0750113470, expanded_query=0x7f0765a239b0, open_cursor=false, packet=0x0, packet_end=0x0) at /10.0/sql/sql_prepare.cc:3629
|
#15 0x000000000067b790 in mysql_sql_stmt_execute (thd=0x7f0758a4f070) at /10.0/sql/sql_prepare.cc:2779
|
#16 0x00000000006591eb in mysql_execute_command (thd=0x7f0758a4f070) at /10.0/sql/sql_parse.cc:2567
|
#17 0x00000000009bbecc in sp_instr_stmt::exec_core (this=0x7f075035d370, thd=0x7f0758a4f070, nextp=0x7f0765a24604) at /10.0/sql/sp_head.cc:3210
|
#18 0x00000000009bb59c in sp_lex_keeper::reset_lex_and_exec_core (this=0x7f075035d3b0, thd=0x7f0758a4f070, nextp=0x7f0765a24604, open_tables=false, instr=0x7f075035d370) at /10.0/sql/sp_head.cc:2977
|
#19 0x00000000009bbb7a in sp_instr_stmt::execute (this=0x7f075035d370, thd=0x7f0758a4f070, nextp=0x7f0765a24604) at /10.0/sql/sp_head.cc:3126
|
#20 0x00000000009b7486 in sp_head::execute (this=0x7f075035c088, thd=0x7f0758a4f070, merge_da_on_success=true) at /10.0/sql/sp_head.cc:1369
|
#21 0x00000000009b9348 in sp_head::execute_procedure (this=0x7f075035c088, thd=0x7f0758a4f070, args=0x7f0758a536c8) at /10.0/sql/sp_head.cc:2157
|
#22 0x000000000065f3e5 in mysql_execute_command (thd=0x7f0758a4f070) at /10.0/sql/sql_parse.cc:4727
|
#23 0x000000000066434a in mysql_parse (thd=0x7f0758a4f070, rawbuf=0x7f07500f8088 "CALL p()", length=8, parser_state=0x7f0765a25670) at /10.0/sql/sql_parse.cc:6637
|
#24 0x0000000000656214 in dispatch_command (command=COM_QUERY, thd=0x7f0758a4f070, packet=0x7f075ddb4071 "", packet_length=8) at /10.0/sql/sql_parse.cc:1300
|
#25 0x0000000000655487 in do_command (thd=0x7f0758a4f070) at /10.0/sql/sql_parse.cc:1003
|
#26 0x000000000078b69a in do_handle_one_connection (thd_arg=0x7f0758a4f070) at /10.0/sql/sql_connect.cc:1377
|
#27 0x000000000078b3e8 in handle_one_connection (arg=0x7f0758a4f070) at /10.0/sql/sql_connect.cc:1292
|
#28 0x0000000000e4aae6 in pfs_spawn_thread (arg=0x7f07587f83f0) at /10.0/storage/perfschema/pfs.cc:1861
|
#29 0x00007f0764bcf6ba in start_thread (arg=0x7f0765a26700) at pthread_create.c:333
|
#30 0x00007f076427a41d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109
|
10.1 4caf3e08a853e413b4a08c1bf93cf737266a1451
Thread 1 (Thread 0x7f16b9830b00 (LWP 18076)):
|
#0 __pthread_kill (threadid=<optimized out>, signo=11) at ../sysdeps/unix/sysv/linux/pthread_kill.c:62
|
#1 0x000056133dd79d69 in my_write_core (sig=11) at /10.1/mysys/stacktrace.c:477
|
#2 0x000056133d7124af in handle_fatal_signal (sig=11) at /10.1/sql/signal_handler.cc:296
|
#3 <signal handler called>
|
#4 0x000056133d7791a2 in Item_func::print_op (this=0x7f16a0d559b8, str=0x7f16b982c100, query_type=QT_EXPLAIN) at /10.1/sql/item_func.cc:478
|
#5 0x000056133d75cb7d in Item_bool_rowready_func2::print (this=0x7f16a0d559b8, str=0x7f16b982c100, query_type=QT_EXPLAIN) at /10.1/sql/item_cmpfunc.h:475
|
#6 0x000056133d7564f1 in Item_cond::print (this=0x7f16a0d5d1c8, str=0x7f16b982c100, query_type=QT_EXPLAIN) at /10.1/sql/item_cmpfunc.cc:4975
|
#7 0x000056133d740c23 in dbug_print_item (item=0x7f16a0d5d1c8) at /10.1/sql/item.cc:9951
|
#8 0x000056133d50e329 in JOIN::prepare (this=0x7f16a0d5d468, rref_pointer_array=0x7f16a0e89b00, tables_init=0x7f16a0e8aec0, wild_num=0, conds_init=0x7f16a0d5d1c8, og_num=0, order_init=0x0, skip_order_by=false, group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x7f16a0e89858, unit_arg=0x7f16a0e89158) at /10.1/sql/sql_select.cc:716
|
#9 0x000056133d518249 in mysql_select (thd=0x7f16ad79e070, rref_pointer_array=0x7f16a0e89b00, tables=0x7f16a0e8aec0, wild_num=0, fields=..., conds=0x7f16a0d5d1c8, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2416185088, result=0x7f16a0e8e8c8, unit=0x7f16a0e89158, select_lex=0x7f16a0e89858) at /10.1/sql/sql_select.cc:3477
|
#10 0x000056133d50d9db in handle_select (thd=0x7f16ad79e070, lex=0x7f16a0e89090, result=0x7f16a0e8e8c8, setup_tables_done_option=0) at /10.1/sql/sql_select.cc:388
|
#11 0x000056133d4dd249 in execute_sqlcom_select (thd=0x7f16ad79e070, all_tables=0x7f16a0e8aec0) at /10.1/sql/sql_parse.cc:5947
|
#12 0x000056133d4d33f3 in mysql_execute_command (thd=0x7f16ad79e070) at /10.1/sql/sql_parse.cc:2993
|
#13 0x000056133d4fb6a8 in Prepared_statement::execute (this=0x7f16a0d45470, expanded_query=0x7f16b982d8e0, open_cursor=false) at /10.1/sql/sql_prepare.cc:4322
|
#14 0x000056133d4fa50d in Prepared_statement::execute_loop (this=0x7f16a0d45470, expanded_query=0x7f16b982d8e0, open_cursor=false, packet=0x0, packet_end=0x0) at /10.1/sql/sql_prepare.cc:3954
|
#15 0x000056133d4f8563 in mysql_sql_stmt_execute (thd=0x7f16ad79e070) at /10.1/sql/sql_prepare.cc:3070
|
#16 0x000056133d4d3424 in mysql_execute_command (thd=0x7f16ad79e070) at /10.1/sql/sql_parse.cc:3004
|
#17 0x000056133d868c84 in sp_instr_stmt::exec_core (this=0x7f16a0e874c0, thd=0x7f16ad79e070, nextp=0x7f16b982e494) at /10.1/sql/sp_head.cc:3218
|
#18 0x000056133d86837e in sp_lex_keeper::reset_lex_and_exec_core (this=0x7f16a0e87500, thd=0x7f16ad79e070, nextp=0x7f16b982e494, open_tables=false, instr=0x7f16a0e874c0) at /10.1/sql/sp_head.cc:2984
|
#19 0x000056133d868948 in sp_instr_stmt::execute (this=0x7f16a0e874c0, thd=0x7f16ad79e070, nextp=0x7f16b982e494) at /10.1/sql/sp_head.cc:3134
|
#20 0x000056133d8641c9 in sp_head::execute (this=0x7f16a0e86088, thd=0x7f16ad79e070, merge_da_on_success=true) at /10.1/sql/sp_head.cc:1315
|
#21 0x000056133d86605a in sp_head::execute_procedure (this=0x7f16a0e86088, thd=0x7f16ad79e070, args=0x7f16ad7a2838) at /10.1/sql/sp_head.cc:2102
|
#22 0x000056133d4d1a23 in do_execute_sp (thd=0x7f16ad79e070, sp=0x7f16a0e86088) at /10.1/sql/sql_parse.cc:2425
|
#23 0x000056133d4dabdb in mysql_execute_command (thd=0x7f16ad79e070) at /10.1/sql/sql_parse.cc:5299
|
#24 0x000056133d4e0e26 in mysql_parse (thd=0x7f16ad79e070, rawbuf=0x7f16a0c45088 "CALL p()", length=8, parser_state=0x7f16b982f460) at /10.1/sql/sql_parse.cc:7463
|
#25 0x000056133d4cf490 in dispatch_command (command=COM_QUERY, thd=0x7f16ad79e070, packet=0x7f16af793071 "", packet_length=8) at /10.1/sql/sql_parse.cc:1495
|
#26 0x000056133d4ce20e in do_command (thd=0x7f16ad79e070) at /10.1/sql/sql_parse.cc:1124
|
#27 0x000056133d608bcd in do_handle_one_connection (thd_arg=0x7f16ad79e070) at /10.1/sql/sql_connect.cc:1330
|
#28 0x000056133d60891c in handle_one_connection (arg=0x7f16ad79e070) at /10.1/sql/sql_connect.cc:1242
|
#29 0x000056133dd19ac2 in pfs_spawn_thread (arg=0x7f16af7d53f0) at /10.1/storage/perfschema/pfs.cc:1861
|
#30 0x00007f16b889c6ba in start_thread (arg=0x7f16b9830b00) at pthread_create.c:333
|
#31 0x00007f16b7f4741d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109
|
It also fails on non-debug builds of all 10.x:
|
10.1 6567636b |
pure virtual method called
|
terminate called without an active exception
|
190310 21:21:19 [ERROR] mysqld got signal 6 ;
|
|
|
#4 0x00007fe7f86233fa in abort () from /lib/x86_64-linux-gnu/libc.so.6
|
#5 0x00007fe7f8f380ad in __gnu_cxx::__verbose_terminate_handler() () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
|
#6 0x00007fe7f8f36066 in ?? () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
|
#7 0x00007fe7f8f360b1 in std::terminate() () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
|
#8 0x00007fe7f8f36b8f in __cxa_pure_virtual () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
|
#9 0x000055fdbb47b632 in Item_func::convert_const_compared_to_int_field (this=0x7fe7ef993900, thd=0x7fe7f3fe9008) at /data/src/10.1/sql/item_cmpfunc.cc:494
|
#10 0x000055fdbb47be84 in Item_func::setup_args_and_comparator (this=0x7fe7ef993900, thd=0x7fe7f3fe9008, cmp=0x7fe7ef9939c0) at /data/src/10.1/sql/item_cmpfunc.cc:520
|
#11 0x000055fdbb49ce3c in Item_func::fix_fields (this=0x7fe7ef993900, thd=0x7fe7f3fe9008, ref=<optimized out>) at /data/src/10.1/sql/item_func.cc:236
|
#12 0x000055fdbb47aa75 in Item_cond::fix_fields (this=0x7fe7ef905188, thd=0x7fe7f3fe9008, ref=<optimized out>) at /data/src/10.1/sql/item_cmpfunc.cc:4663
|
#13 0x000055fdbb29ff8d in setup_conds (thd=0x7fe7f3fe9008, tables=0x7fe7ef980e18, leaves=..., conds=0x7fe7ef905880) at /data/src/10.1/sql/sql_base.cc:8785
|
#14 0x000055fdbb31cfbb in setup_without_group (reserved=<optimized out>, hidden_group_fields=<optimized out>, group=<optimized out>, order=<optimized out>, conds=<optimized out>, all_fields=..., fields=..., leaves=..., tables=<optimized out>, ref_pointer_array=<optimized out>, thd=<optimized out>) at /data/src/10.1/sql/sql_select.cc:649
|
#15 JOIN::prepare (this=0x7fe7ef905428, rref_pointer_array=0x7fe7ef97fa98, tables_init=0x0, wild_num=4019714032, conds_init=0x0, og_num=4019214464, order_init=0x0, skip_order_by=false, group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x7fe7ef97f7f0, unit_arg=0x7fe7ef97f0f0) at /data/src/10.1/sql/sql_select.cc:811
|
#16 0x000055fdbb329d66 in mysql_select (thd=thd@entry=0x7fe7f3fe9008, rref_pointer_array=rref_pointer_array@entry=0x7fe7ef97fa98, tables=0x7fe7ef980e18, wild_num=<optimized out>, fields=..., conds=0x7fe7ef905188, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2416184064, result=0x7fe7ef984820, unit=0x7fe7ef97f0f0, select_lex=0x7fe7ef97f7f0) at /data/src/10.1/sql/sql_select.cc:3477
|
#17 0x000055fdbb329f50 in handle_select (thd=thd@entry=0x7fe7f3fe9008, lex=lex@entry=0x7fe7ef97f028, result=result@entry=0x7fe7ef984820, setup_tables_done_option=setup_tables_done_option@entry=0) at /data/src/10.1/sql/sql_select.cc:388
|
#18 0x000055fdbb2d0eb8 in execute_sqlcom_select (thd=0x7fe7f3fe9008, all_tables=0x7fe7ef980e18) at /data/src/10.1/sql/sql_parse.cc:5991
|
#19 0x000055fdbb2ddd18 in mysql_execute_command (thd=0x7fe7f3fe9008) at /data/src/10.1/sql/sql_parse.cc:3042
|
#20 0x000055fdbb2f11c7 in Prepared_statement::execute (this=0x7fe7ef9b3288, expanded_query=<optimized out>, open_cursor=<optimized out>) at /data/src/10.1/sql/sql_prepare.cc:4331
|
#21 0x000055fdbb2f12fe in Prepared_statement::execute_loop (this=0x7fe7ef9b3288, expanded_query=0x7fe7fa69cc20, open_cursor=false, packet_end=<optimized out>, packet=<optimized out>) at /data/src/10.1/sql/sql_prepare.cc:3963
|
#22 0x000055fdbb2f1986 in mysql_sql_stmt_execute (thd=0x7fe7f3fe9008) at /data/src/10.1/sql/sql_prepare.cc:3079
|
#23 0x000055fdbb2d8d9f in mysql_execute_command (thd=0x7fe7f3fe9008) at /data/src/10.1/sql/sql_parse.cc:3053
|
#24 0x000055fdbb2e00c7 in mysql_parse (thd=0x7fe7f3fe9008, rawbuf=<optimized out>, length=<optimized out>, parser_state=0x7fe7fa69e220) at /data/src/10.1/sql/sql_parse.cc:7509
|
#25 0x000055fdbb2e2c1a in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x7fe7f3fe9008, packet=packet@entry=0x7fe7f178c009 "EXECUTE stmt", packet_length=packet_length@entry=12) at /data/src/10.1/sql/sql_parse.cc:1496
|
#26 0x000055fdbb2e33e2 in do_command (thd=0x7fe7f3fe9008) at /data/src/10.1/sql/sql_parse.cc:1124
|
#27 0x000055fdbb3a138c in do_handle_one_connection (thd_arg=thd_arg@entry=0x7fe7f3fe9008) at /data/src/10.1/sql/sql_connect.cc:1330
|
#28 0x000055fdbb3a1547 in handle_one_connection (arg=arg@entry=0x7fe7f3fe9008) at /data/src/10.1/sql/sql_connect.cc:1242
|
#29 0x000055fdbb61c174 in pfs_spawn_thread (arg=0x7fe7f7c3ea08) at /data/src/10.1/storage/perfschema/pfs.cc:1861
|
#30 0x00007fe7fa31e494 in start_thread (arg=0x7fe7fa69f700) at pthread_create.c:333
|
#31 0x00007fe7f86d793f in clone () from /lib/x86_64-linux-gnu/libc.so.6
|
not only with prepared statements, any sp, called twice:
Version: '10.5.3-MariaDB-debug-log'
|
ERROR: AddressSanitizer: heap-use-after-free on address 0x625000140ff0 at pc 0x0000011d2d4b bp 0x7f7649de4d20 sp 0x7f7649de4d10
|
READ of size 8 at 0x625000140ff0 thread T12
|
#0 0x11d2d4a in Item::print_parenthesised(String*, enum_query_type, precedence) /10.5/sql/item.cc:476
|
#1 0x12c225c in Item_func::print_op(String*, enum_query_type) /10.5/sql/item_func.cc:638
|
#2 0x1283e64 in Item_bool_rowready_func2::print(String*, enum_query_type) /10.5/sql/item_cmpfunc.h:522
|
#3 0x11d2e08 in Item::print_parenthesised(String*, enum_query_type, precedence) /10.5/sql/item.cc:479
|
#4 0x126db6b in Item_cond::print(String*, enum_query_type) /10.5/sql/item_cmpfunc.cc:5274
|
#5 0x12271f8 in dbug_print_item(Item*) /10.5/sql/item.cc:10507
|
#6 0xabbdf5 in JOIN::prepare(TABLE_LIST*, Item*, unsigned int, st_order*, bool, st_order*, Item*, st_order*, st_select_lex*, st_select_lex_unit*) /10.5/sql/sql_select.cc:1138
|
#7 0xadf42a in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /10.5/sql/sql_select.cc:4632
|
#8 0xab4c83 in handle_select(THD*, LEX*, select_result*, unsigned long) /10.5/sql/sql_select.cc:429
|
#9 0xa3202e in execute_sqlcom_select /10.5/sql/sql_parse.cc:6168
|
#10 0xa21b83 in mysql_execute_command(THD*) /10.5/sql/sql_parse.cc:3901
|
#11 0x800feb in sp_instr_stmt::exec_core(THD*, unsigned int*) /10.5/sql/sp_head.cc:3761
|
#12 0x7ff7bd in sp_lex_keeper::reset_lex_and_exec_core(THD*, unsigned int*, bool, sp_instr*) /10.5/sql/sp_head.cc:3488
|
#13 0x8007a3 in sp_instr_stmt::execute(THD*, unsigned int*) /10.5/sql/sp_head.cc:3667
|
#14 0x7f2acb in sp_head::execute(THD*, bool) /10.5/sql/sp_head.cc:1432
|
#15 0x7f86d9 in sp_head::execute_procedure(THD*, List<Item>*) /10.5/sql/sp_head.cc:2442
|
#16 0xa1b9b1 in do_execute_sp /10.5/sql/sql_parse.cc:3013
|
#17 0xa1d535 in Sql_cmd_call::execute(THD*) /10.5/sql/sql_parse.cc:3258
|
#18 0xa2fc9e in mysql_execute_command(THD*) /10.5/sql/sql_parse.cc:5908
|
#19 0xa3c531 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /10.5/sql/sql_parse.cc:7953
|
#20 0xa15236 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /10.5/sql/sql_parse.cc:1840
|
#21 0xa12100 in do_command(THD*) /10.5/sql/sql_parse.cc:1359
|
#22 0xddaddf in do_handle_one_connection(CONNECT*, bool) /10.5/sql/sql_connect.cc:1422
|
#23 0xdda7c2 in handle_one_connection /10.5/sql/sql_connect.cc:1319
|
#24 0x17beb1b in pfs_spawn_thread /10.5/storage/perfschema/pfs.cc:2201
|
#25 0x7f765f5666b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0
|
|
on 10.5 non-debug sometimes there is pure virtual method called, signal 6,
sometimes signal 11. Probably the same bug as MDEV-22623, MDEV-19605
|
10.5 17a7bafec068d6436f3f6c5c non-debug |
Version: '10.5.4-MariaDB-log'
|
pure virtual method called
|
terminate called without an active exception
|
200610 10:44:56 [ERROR] mysqld got signal 6 ;
|
|
|
sql/item_func.cc:150(Item_func::check_argument_types_like_args0() const)[0x5608f515da6c]
|
sql/item_func.cc:368(Item_func::fix_fields(THD*, Item**))[0x5608f513ad50]
|
sql/item.h:982(Item_cond::fix_fields(THD*, Item**))[0x5608f4edadcf]
|
sql/item.h:982(setup_conds(THD*, TABLE_LIST*, List<TABLE_LIST>&, Item**))[0x5608f4f7b047]
|
sql/sql_select.cc:694(setup_without_group)[0x5608f4f8a6ca]
|
sql/sql_select.cc:4613(mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x5608f4f8a9a5]
|
sql/sql_select.cc:417(handle_select(THD*, LEX*, select_result*, unsigned long))[0x5608f4f2f187]
|
sql/sql_parse.cc:6208(execute_sqlcom_select(THD*, TABLE_LIST*))[0x5608f4f37cd1]
|
sql/sql_parse.cc:5950(mysql_execute_command(THD*))[0x5608f4f4a425]
|
sql/sql_prepare.cc:4786(Prepared_statement::execute(String*, bool))[0x5608f4f4a5df]
|
sql/sql_prepare.cc:4275(Prepared_statement::execute_loop(String*, bool, unsigned char*, unsigned char*))[0x5608f4f4a8a8]
|
sql/sql_class.h:1462(mysql_sql_stmt_execute(THD*))[0x5608f4f39282]
|
sql/sql_parse.cc:3955(mysql_execute_command(THD*))[0x5608f4ea2bd4]
|
sql/sp_head.cc:3767(sp_instr_stmt::exec_core(THD*, unsigned int*))[0x5608f4ea9be5]
|
sql/sp_head.cc:3492(sp_lex_keeper::reset_lex_and_exec_core(THD*, unsigned int*, bool, sp_instr*))[0x5608f4eaa678]
|
sql/sp_head.cc:3671(sp_instr_stmt::execute(THD*, unsigned int*))[0x5608f4ea5c87]
|
sql/sp_head.cc:1435(sp_head::execute(THD*, bool))[0x5608f4ea6f06]
|
sql/sp_head.cc:2446(sp_head::execute_procedure(THD*, List<Item>*))[0x5608f4f2e5ff]
|
sql/sql_parse.cc:3052(do_execute_sp(THD*, sp_head*))[0x5608f4f32a3d]
|
sql/sql_parse.cc:3296(Sql_cmd_call::execute(THD*))[0x5608f4f37d00]
|
sql/sql_parse.cc:5950(mysql_execute_command(THD*))[0x5608f4f2a6c0]
|
sql/sql_parse.cc:8009(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x5608f4f34e3d]
|
sql/sql_parse.cc:1877(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x5608f4f35f0f]
|
sql/sql_parse.cc:1355(do_command(THD*))[0x5608f5016164]
|
sql/sql_connect.cc:1411(do_handle_one_connection(CONNECT*, bool))[0x5608f50164fd]
|
sql/sql_connect.cc:1313(handle_one_connection)[0x5608f531e36f]
|
nptl/pthread_create.c:487(start_thread)[0x7f0ef2b5efa3]
|
x86_64/clone.S:97(clone)[0x7f0ef21674cf]
|
200610 9:35:13 [ERROR] mysqld got signal 11 ;
|
Server version: 10.5.4-MariaDB-log
|
|
|
Thread pointer: 0x7fb310000c18
|
Attempting backtrace. You can use the following information to find out
|
where mysqld died. If you see no messages after this, something went
|
terribly wrong...
|
stack_bottom = 0x7fb534153de8 thread_stack 0x49000
|
/d1/git/10.5/sql/mysqld(my_print_stacktrace+0x29)[0x55ee7919b5d9]
|
/d1/git/10.5/sql/mysqld(handle_fatal_signal+0x47d)[0x55ee78c834ad]
|
??:0(__restore_rt)[0x7fb536211730]
|
sql/item.h:978(Item_func::fix_fields(THD*, Item**))[0x55ee78a57dcf]
|
sql/item.h:982(setup_conds(THD*, TABLE_LIST*, List<TABLE_LIST>&, Item**))[0x55ee78af8047]
|
sql/sql_select.cc:694(setup_without_group)[0x55ee78b076ca]
|
sql/sql_select.cc:4613(mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x55ee78b079a5]
|
sql/sql_select.cc:417(handle_select(THD*, LEX*, select_result*, unsigned long))[0x55ee78aac187]
|
sql/sql_parse.cc:6208(execute_sqlcom_select(THD*, TABLE_LIST*))[0x55ee78ab4cd1]
|
sql/sql_parse.cc:5950(mysql_execute_command(THD*))[0x55ee78a1fbd4]
|
sql/sp_head.cc:3767(sp_instr_stmt::exec_core(THD*, unsigned int*))[0x55ee78a26be5]
|
sql/sp_head.cc:3492(sp_lex_keeper::reset_lex_and_exec_core(THD*, unsigned int*, bool, sp_instr*))[0x55ee78a27678]
|
sql/sp_head.cc:3671(sp_instr_stmt::execute(THD*, unsigned int*))[0x55ee78a22c87]
|
sql/sp_head.cc:1435(sp_head::execute(THD*, bool))[0x55ee78a23f06]
|
sql/sp_head.cc:2446(sp_head::execute_procedure(THD*, List<Item>*))[0x55ee78aab5ff]
|
sql/sql_parse.cc:3052(do_execute_sp(THD*, sp_head*))[0x55ee78aafa3d]
|
sql/sql_parse.cc:3296(Sql_cmd_call::execute(THD*))[0x55ee78ab4d00]
|
sql/sql_parse.cc:5950(mysql_execute_command(THD*))[0x55ee78aa76c0]
|
sql/sql_parse.cc:8009(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x55ee78ab1e3d]
|
sql/sql_parse.cc:1877(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x55ee78ab2f0f]
|
sql/sql_parse.cc:1355(do_command(THD*))[0x55ee78b93164]
|
sql/sql_connect.cc:1411(do_handle_one_connection(CONNECT*, bool))[0x55ee78b934fd]
|
sql/sql_connect.cc:1313(handle_one_connection)[0x55ee78e9b36f]
|
nptl/pthread_create.c:487(start_thread)[0x7fb536206fa3]
|
x86_64/clone.S:97(clone)[0x7fb53580f4cf]
|
similar case (without STRAIGHT_JOIN - the same bug):
|
|
CREATE TABLE t1 (i1 varchar(10)); |
INSERT INTO t1 VALUES (1),(2),(3); #optional |
|
|
CREATE TABLE t2 (i2 varchar(10) CHARACTER SET utf8); |
INSERT INTO t2 VALUES (1),(2),(3); #optional |
|
|
CREATE PROCEDURE sp1 () |
SELECT STRAIGHT_JOIN 1 FROM t1 |
WHERE EXISTS (SELECT 1 FROM t2 WHERE t2.i2 = t1.i1); |
|
|
call sp1();
|
call sp1();
|
|
|
10.0 c2a7dffc573f311029 |
#3 <signal handler called>
|
#4 0x000055bf294d72a3 in Item_func::print_args (this=0x7f540da60390, str=0x7f540e7f9de0, from=0, query_type=QT_ORDINARY) at /10.0/sql/item_func.cc:482
|
#5 0x000055bf294d7211 in Item_func::print (this=0x7f540da60390, str=0x7f540e7f9de0, query_type=QT_ORDINARY) at /10.0/sql/item_func.cc:471
|
#6 0x000055bf294ad1f7 in Item_in_optimizer::print (this=0x7f540da60390, str=0x7f540e7f9de0, query_type=QT_ORDINARY) at /10.0/sql/item_cmpfunc.cc:1480
|
#7 0x000055bf294a302e in dbug_print_item (item=0x7f540da60390) at /10.0/sql/item.cc:9842
|
#8 0x000055bf292bcbd8 in JOIN::prepare (this=0x7f540d7a9258, rref_pointer_array=0x7f540d7f3e90, tables_init=0x7f540da5b160, wild_num=0, conds_init=0x7f540da60390, og_num=0, order_init=0x0, skip_order_by=false, group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x7f540d7f3be8, unit_arg=0x7f540d7f34f0) at /10.0/sql/sql_select.cc:706
|
#9 0x000055bf292c610b in mysql_select (thd=0x7f541006ab30, rref_pointer_array=0x7f540d7f3e90, tables=0x7f540da5b160, wild_num=0, fields=..., conds=0x7f540da60390, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147749634, result=0x7f540d7a9238, unit=0x7f540d7f34f0, select_lex=0x7f540d7f3be8) at /10.0/sql/sql_select.cc:3328
|
#10 0x000055bf292bc2ac in handle_select (thd=0x7f541006ab30, lex=0x7f540d7f3428, result=0x7f540d7a9238, setup_tables_done_option=0) at /10.0/sql/sql_select.cc:366
|
#11 0x000055bf29290038 in execute_sqlcom_select (thd=0x7f541006ab30, all_tables=0x7f540da5b160) at /10.0/sql/sql_parse.cc:5312
|
#12 0x000055bf2928838d in mysql_execute_command (thd=0x7f541006ab30) at /10.0/sql/sql_parse.cc:2554
|
#13 0x000055bf295b6fae in sp_instr_stmt::exec_core (this=0x7f540da5ce20, thd=0x7f541006ab30, nextp=0x7f540e7fb198) at /10.0/sql/sp_head.cc:3211
|
#14 0x000055bf295b66cf in sp_lex_keeper::reset_lex_and_exec_core (this=0x7f540da5ce60, thd=0x7f541006ab30, nextp=0x7f540e7fb198, open_tables=false, instr=0x7f540da5ce20) at /10.0/sql/sp_head.cc:2978
|
#15 0x000055bf295b6c7e in sp_instr_stmt::execute (this=0x7f540da5ce20, thd=0x7f541006ab30, nextp=0x7f540e7fb198) at /10.0/sql/sp_head.cc:3127
|
#16 0x000055bf295b2a0c in sp_head::execute (this=0x7f540d7f2888, thd=0x7f541006ab30, merge_da_on_success=true) at /10.0/sql/sp_head.cc:1370
|
#17 0x000055bf295b46fc in sp_head::execute_procedure (this=0x7f540d7f2888, thd=0x7f541006ab30, args=0x7f541006f190) at /10.0/sql/sp_head.cc:2158
|
#18 0x000055bf2928e38e in mysql_execute_command (thd=0x7f541006ab30) at /10.0/sql/sql_parse.cc:4738
|
#19 0x000055bf29292e6b in mysql_parse (thd=0x7f541006ab30, rawbuf=0x7f540d7f0088 "call sp1()", length=10, parser_state=0x7f540e7fbe50) at /10.0/sql/sql_parse.cc:6648
|
#20 0x000055bf29285635 in dispatch_command (command=COM_QUERY, thd=0x7f541006ab30, packet=0x7f541007dbb1 "call sp1()", packet_length=10) at /10.0/sql/sql_parse.cc:1301
|
#21 0x000055bf2928495f in do_command (thd=0x7f541006ab30) at /10.0/sql/sql_parse.cc:1003
|
#22 0x000055bf293a7358 in do_handle_one_connection (thd_arg=0x7f541006ab30) at /10.0/sql/sql_connect.cc:1377
|
#23 0x000055bf293a70b6 in handle_one_connection (arg=0x7f541006ab30) at /10.0/sql/sql_connect.cc:1292
|
#24 0x000055bf2977826f in pfs_spawn_thread (arg=0x7f540fff5ff0) at /10.0/storage/perfschema/pfs.cc:1861
|
#25 0x00007f541689cfa3 in start_thread (arg=<optimized out>) at pthread_create.c:486
|
#26 0x00007f5415f894cf in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
|
10.5 17a7bafec068d6436f3f non-debug |
pure virtual method called
|
terminate called without an active exception
|
200610 16:59:48 [ERROR] mysqld got signal 6 ;
|
Server version: 10.5.4-MariaDB-log
|
|
|
mysys/stacktrace.c:307(my_print_stacktrace)[0x55e02fe514ad]
|
??:0(__restore_rt)[0x7f45d9051730]
|
linux/raise.c:51(__GI_raise)[0x7f45d858d7bb]
|
stdlib/abort.c:81(__GI_abort)[0x7f45d8578535]
|
/usr/lib/x86_64-linux-gnu/libstdc++.so.6(+0x8c983)[0x7f45d8940983]
|
??:0(std::rethrow_exception(std::__exception_ptr::exception_ptr))[0x7f45d89468c6]
|
??:0(std::terminate())[0x7f45d8946901]
|
??:0(__cxa_pure_virtual)[0x7f45d894763f]
|
/10.5/sql/mariadbd(+0x875006)[0x55e02fdc6006]
|
sql/item.h:6653(Item_cache::setup(THD*, Item*))[0x55e02fe87bdf]
|
sql/item_cmpfunc.cc:1310(Item_in_optimizer::fix_left(THD*))[0x55e02fe87f66]
|
sql/item_cmpfunc.cc:1378(Item_in_optimizer::fix_fields(THD*, Item**))[0x55e02fc25dcf]
|
sql/item.h:982(setup_conds(THD*, TABLE_LIST*, List<TABLE_LIST>&, Item**))[0x55e02fcc6047]
|
sql/sql_select.cc:694(setup_without_group)[0x55e02fcd56ca]
|
sql/sql_select.cc:4613(mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x55e02fcd59a5]
|
sql/sql_select.cc:417(handle_select(THD*, LEX*, select_result*, unsigned long))[0x55e02fc7a187]
|
sql/sql_parse.cc:6208(execute_sqlcom_select(THD*, TABLE_LIST*))[0x55e02fc82cd1]
|
sql/sql_parse.cc:5950(mysql_execute_command(THD*))[0x55e02fbedbd4]
|
sql/sp_head.cc:3767(sp_instr_stmt::exec_core(THD*, unsigned int*))[0x55e02fbf4be5]
|
sql/sp_head.cc:3492(sp_lex_keeper::reset_lex_and_exec_core(THD*, unsigned int*, bool, sp_instr*))[0x55e02fbf5678]
|
sql/sp_head.cc:3671(sp_instr_stmt::execute(THD*, unsigned int*))[0x55e02fbf0c87]
|
sql/sp_head.cc:1435(sp_head::execute(THD*, bool))[0x55e02fbf1f06]
|
sql/sp_head.cc:2446(sp_head::execute_procedure(THD*, List<Item>*))[0x55e02fc795ff]
|
sql/sql_parse.cc:3052(do_execute_sp(THD*, sp_head*))[0x55e02fc7da3d]
|
sql/sql_parse.cc:3296(Sql_cmd_call::execute(THD*))[0x55e02fc82d00]
|
sql/sql_parse.cc:5950(mysql_execute_command(THD*))[0x55e02fc756c0]
|
sql/sql_parse.cc:8009(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x55e02fc7fe3d]
|
sql/sql_parse.cc:1877(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x55e02fc80f0f]
|
sql/sql_parse.cc:1355(do_command(THD*))[0x55e02fd61164]
|
sql/sql_connect.cc:1411(do_handle_one_connection(CONNECT*, bool))[0x55e02fd614fd]
|
sql/sql_connect.cc:1313(handle_one_connection)[0x55e03006936f]
|
nptl/pthread_create.c:487(start_thread)[0x7f45d9046fa3]
|
x86_64/clone.S:97(clone)[0x7f45d864f4cf]
|
|
|
Query (0x7f45b803e3f0): SELECT STRAIGHT_JOIN 1 FROM t1 WHERE EXISTS (SELECT 1 FROM t2 WHERE t2.i2 = t1.i1)
|
|
10.5.9 |
Version: '10.5.9-MariaDB'
|
210305 11:16:59 [ERROR] mysqld got signal 6 ;
|
|
|
stdlib/abort.c:81(__GI_abort)[0x7f799d703859]
|
??:0(__cxa_throw_bad_array_new_length)[0x7f799dabf951]
|
libsupc++/eh_terminate.cc:42(__cxxabiv1::__terminate(void (*)()))[0x55d3b431ca06]
|
??:0(std::terminate())[0x55d3b431ca33]
|
??:0(__cxa_pure_virtual)[0x55d3b42e3f8f]
|
sql/item.h:988(Item::fix_fields_if_needed(THD*, Item**))[0x55d3b3bccd73]
|
sql/item_cmpfunc.cc:1376(Item_in_optimizer::fix_fields(THD*, Item**))[0x55d3b3bcd1b2]
|
sql/item.h:992(Item::fix_fields_if_needed_for_scalar(THD*, Item**))[0x55d3b3920c3f]
|
sql/sql_select.cc:697(JOIN::prepare(TABLE_LIST*, Item*, unsigned int, st_order*, bool, st_order*, Item*, st_order*, st_select_lex*, st_select_lex_unit*))[0x55d3b39d08b3]
|
sql/sql_select.cc:4695(mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x55d3b39e548f]
|
sql/sql_select.cc:429(handle_select(THD*, LEX*, select_result*, unsigned long))[0x55d3b39e57da]
|
sql/sql_parse.cc:6283(execute_sqlcom_select(THD*, TABLE_LIST*))[0x55d3b3849b65]
|
sql/sql_parse.cc:3978(mysql_execute_command(THD*))[0x55d3b398a0c4]
|
sql/sp_head.cc:3770(sp_instr_stmt::exec_core(THD*, unsigned int*))[0x55d3b38e1665]
|
sql/sp_head.cc:3503(sp_lex_keeper::reset_lex_and_exec_core(THD*, unsigned int*, bool, sp_instr*))[0x55d3b38e9f0a]
|
sql/sp_head.cc:3675(sp_instr_stmt::execute(THD*, unsigned int*))[0x55d3b38ea99c]
|
sql/sp_head.cc:1437(sp_head::execute(THD*, bool))[0x55d3b38e5638]
|
psi/mysql_sp.h:79(sp_head::execute_procedure(THD*, List<Item>*))[0x55d3b38e6bbf]
|
sql/sql_parse.cc:3091(do_execute_sp(THD*, sp_head*))[0x55d3b397c6ca]
|
sql/sql_parse.cc:3334(Sql_cmd_call::execute(THD*))[0x55d3b398061a]
|
sql/sql_parse.cc:6024(mysql_execute_command(THD*))[0x55d3b398876a]
|
sql/sql_parse.cc:8063(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x55d3b398d169]
|
sql/sql_audit.h:169(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x55d3b398f215]
|
sql/sql_parse.cc:1375(do_command(THD*))[0x55d3b3990bdb]
|
sql/sql_connect.cc:1410(do_handle_one_connection(CONNECT*, bool))[0x55d3b3a7bbc2]
|
sql/sql_connect.cc:1318(handle_one_connection)[0x55d3b3a7be84]
|
perfschema/pfs.cc:2204(pfs_spawn_thread)[0x55d3b3dff28d]
|
nptl/pthread_create.c:478(start_thread)[0x7f799dc5c609]
|
x86_64/clone.S:97(__GI___clone)[0x7f799d800293]
|
|
|
Query (0x7f793406b020): SELECT STRAIGHT_JOIN 1 FROM t1
|
WHERE EXISTS (SELECT 1 FROM t2 WHERE t2.i2 = t1.i1)
|
|
|
Connection ID (thread ID): 4
|
Status: NOT_KILLED
|
|
shulga take the patch MDEV-14959 (in comments, see "draft") and check your test case with it, you will see it allocate after first execution in the permanent mem_root (or find a bug in the patch 
)
For those statements that require conversion of a data
from one character set to another attempt to run such
statement in PS mode the second time results in server crash.
The reason of server crash is that an instance of the class
Item_func_conv_charset, that created for conversion of a column
from one character set to another, is allocated on execution
memory root but pointer to this instance is stored in an item
allocated on prepared statement memory root. The first time the prepared
statement completes the instance of the class Item_func_conv_charset
is released but a pointer to the deallocated object still stored
inside internal structures created during execution of the statement.
The second time the same prepared statement executed it references
the pointer to already deallocated memory that leads to crash.
One of the possible ways to fix the issue is to place an instance
of the class Item_func_conv_charset on PS memory root. Since character set
of a data passed to a prepared statement can change between execution of
a prepared statement the information about character set used on the last
execution should be remembered and compared against one used on next
execution of the prepared statement. In case a character set used on
next execution of the prepared statement is different from the one
used on previous execution of the PS statement a new instance of the class
Item_func_conv_charset should be created on PS memroot and replace
the current one used on the last execution of the prepared statement.
The branch for review is bb-10.3-MDEV-16128
ok, to push
what about test cases for ? (Item_param) and binary ?