[MDEV-21028] Server crashes in Query_arena::set_query_arena upon SELECT from view Created: 2019-11-11  Updated: 2022-04-25  Resolved: 2022-04-20

Status: Closed
Project: MariaDB Server
Component/s: Data Definition - Temporary, Views
Affects Version/s: 10.2, 10.3, 10.4, 10.5, 10.6
Fix Version/s: 10.2.44, 10.3.35, 10.4.25, 10.5.16, 10.6.8, 10.7.4

Type: Bug Priority: Blocker
Reporter: Elena Stepanova Assignee: Sergei Golubchik
Resolution: Fixed Votes: 0
Labels: None

Issue Links:
Duplicate
is duplicated by MDEV-26406 A SEGV in sql/sql_class.cc Closed
Relates
relates to MDEV-15703 Crash in EXECUTE IMMEDIATE 'CREATE OR... Stalled
relates to MDEV-18216 Server crashes in Query_arena::set_qu... Confirmed
relates to MDEV-26061 MariaDB server crash at Field::set_de... Closed
relates to MDEV-17361 Server crashes in Query_arena::set_qu... Closed

 Description   

Note: Might be related to MDEV-17361, MDEV-18216.

CREATE TABLE t1 (a DATETIME DEFAULT CURRENT_TIMESTAMP);
 
INSERT INTO t1 () VALUES (),();
 
 
 
CREATE ALGORITHM=TEMPTABLE VIEW v1 AS SELECT * FROM t1;
 
SELECT INSTR( CURRENT_TIMESTAMP(), DEFAULT(a) ) FROM v1;
 
 
 
# Cleanup
 
DROP VIEW v1;
 
DROP TABLE t1;

10.2 cbf5f6d6

 
#3  <signal handler called>
 
#4  0x0000561e0c00a5e4 in Query_arena::set_query_arena (this=0x7f1d08000b08, set=0x0) at /data/src/10.2/sql/sql_class.cc:3502
 
#5  0x0000561e0c00aa30 in THD::set_n_backup_active_arena (this=0x7f1d08000af0, set=0x0, backup=0x7f1d1a4c7770) at /data/src/10.2/sql/sql_class.cc:3591
 
#6  0x0000561e0c29eb93 in Field::set_default (this=0x7f1d08016450) at /data/src/10.2/sql/field.cc:2456
 
#7  0x0000561e0c2fb2f2 in Item_default_value::calculate (this=0x7f1d080127a8) at /data/src/10.2/sql/item.cc:8965
 
#8  0x0000561e0c2fb34e in Item_default_value::val_str (this=0x7f1d080127a8, str=0x7f1d080129c0) at /data/src/10.2/sql/item.cc:8971
 
#9  0x0000561e0c34f4f4 in Item_func_locate::val_int (this=0x7f1d080128e0) at /data/src/10.2/sql/item_func.cc:3137
 
#10 0x0000561e0c2f5788 in Item::send (this=0x7f1d080128e0, protocol=0x7f1d080010a8, buffer=0x7f1d1a4c7940) at /data/src/10.2/sql/item.cc:6944
 
#11 0x0000561e0bf85ce3 in Protocol::send_result_set_row (this=0x7f1d080010a8, row_items=0x7f1d08004f58) at /data/src/10.2/sql/protocol.cc:990
 
#12 0x0000561e0c0079ee in select_send::send_data (this=0x7f1d08015660, items=...) at /data/src/10.2/sql/sql_class.cc:2725
 
#13 0x0000561e0c0c239e in end_send (join=0x7f1d08015680, join_tab=0x7f1d0807fbf0, end_of_records=false) at /data/src/10.2/sql/sql_select.cc:20029
 
#14 0x0000561e0c0bfe3c in evaluate_join_record (join=0x7f1d08015680, join_tab=0x7f1d0807f840, error=0) at /data/src/10.2/sql/sql_select.cc:19077
 
#15 0x0000561e0c0bf728 in sub_select (join=0x7f1d08015680, join_tab=0x7f1d0807f840, end_of_records=false) at /data/src/10.2/sql/sql_select.cc:18857
 
#16 0x0000561e0c0becaf in do_select (join=0x7f1d08015680, procedure=0x0) at /data/src/10.2/sql/sql_select.cc:18401
 
#17 0x0000561e0c098689 in JOIN::exec_inner (this=0x7f1d08015680) at /data/src/10.2/sql/sql_select.cc:3623
 
#18 0x0000561e0c097b44 in JOIN::exec (this=0x7f1d08015680) at /data/src/10.2/sql/sql_select.cc:3418
 
#19 0x0000561e0c098cfa in mysql_select (thd=0x7f1d08000af0, tables=0x7f1d08012ab8, wild_num=0, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7f1d08015660, unit=0x7f1d080046f0, select_lex=0x7f1d08004e30) at /data/src/10.2/sql/sql_select.cc:3818
 
#20 0x0000561e0c08cf66 in handle_select (thd=0x7f1d08000af0, lex=0x7f1d08004628, result=0x7f1d08015660, setup_tables_done_option=0) at /data/src/10.2/sql/sql_select.cc:361
 
#21 0x0000561e0c057fad in execute_sqlcom_select (thd=0x7f1d08000af0, all_tables=0x7f1d08012ab8) at /data/src/10.2/sql/sql_parse.cc:6225
 
#22 0x0000561e0c04e98e in mysql_execute_command (thd=0x7f1d08000af0) at /data/src/10.2/sql/sql_parse.cc:3532
 
#23 0x0000561e0c05be4e in mysql_parse (thd=0x7f1d08000af0, rawbuf=0x7f1d08012458 "SELECT INSTR( CURRENT_TIMESTAMP(), DEFAULT(a) ) FROM v1", length=55, parser_state=0x7f1d1a4c9200, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:7740
 
#24 0x0000561e0c04a169 in dispatch_command (command=COM_QUERY, thd=0x7f1d08000af0, packet=0x7f1d0808de91 "", packet_length=55, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:1831
 
#25 0x0000561e0c048abd in do_command (thd=0x7f1d08000af0) at /data/src/10.2/sql/sql_parse.cc:1384
 
#26 0x0000561e0c19e1e3 in do_handle_one_connection (connect=0x561e0ed53b60) at /data/src/10.2/sql/sql_connect.cc:1336
 
#27 0x0000561e0c19df4e in handle_one_connection (arg=0x561e0ed53b60) at /data/src/10.2/sql/sql_connect.cc:1241
 
#28 0x0000561e0c9d0952 in pfs_spawn_thread (arg=0x561e0ed59970) at /data/src/10.2/storage/perfschema/pfs.cc:1862
 
#29 0x00007f1d21d0b4a4 in start_thread (arg=0x7f1d1a4ca700) at pthread_create.c:456
 
#30 0x00007f1d20252d0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97

Reproducible on 10.2-10.5 with at least InnoDB and MyISAM.
All of non-debug, debug and ASAN builds crash the same way.
Not reproducible on 10.1.

 Comments   
Comment by Alice Sherepa [ 2021-02-10 ]

similar test

CREATE TABLE t1 ( a text default '');
 
create ALGORITHM=TEMPTABLE view v1 as select * from t1;
 
INSERT INTO t1 VALUES ('a'),('b'),('c');
 
 
 
SELECT default(a) FROM v1;

10.2 afc5bac49d48b6fd13def

 
Version: '10.2.37-MariaDB-debug-log' 
210210 12:22:39 [ERROR] mysqld got signal 11 ;
 
 
 
/lib/x86_64-linux-gnu/libpthread.so.0(+0x12730)[0x7f49894f7730]
 
sql/sql_class.cc:3510(Query_arena::set_query_arena(Query_arena*))[0x56347f27dc8f]
 
sql/sql_class.cc:3601(THD::set_n_backup_active_arena(Query_arena*, Query_arena*))[0x56347f27eb43]
 
sql/field.cc:2457(Field::set_default())[0x56347f90c6fb]
 
sql/item.cc:9024(Item_default_value::calculate())[0x56347fa1920f]
 
sql/item.cc:9060(Item_default_value::send(Protocol*, String*))[0x56347fa193fa]
 
sql/protocol.cc:992(Protocol::send_result_set_row(List<Item>*))[0x56347f100fe3]
 
sql/sql_class.cc:2734(select_send::send_data(List<Item>&))[0x56347f27598f]
 
sql/sql_select.cc:20031(end_send(JOIN*, st_join_table*, bool))[0x56347f46ac05]
 
sql/sql_select.cc:19079(evaluate_join_record(JOIN*, st_join_table*, int))[0x56347f46305f]
 
sql/sql_select.cc:18859(sub_select(JOIN*, st_join_table*, bool))[0x56347f461850]
 
sql/sql_select.cc:18403(do_select(JOIN*, Procedure*))[0x56347f45f363]
 
sql/sql_select.cc:3642(JOIN::exec_inner())[0x56347f3f653c]
 
sql/sql_select.cc:3438(JOIN::exec())[0x56347f3f40ae]
 
sql/sql_select.cc:3839(mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x56347f3f770e]
 
sql/sql_select.cc:361(handle_select(THD*, LEX*, select_result*, unsigned long))[0x56347f3d4280]
 
sql/sql_parse.cc:6248(execute_sqlcom_select(THD*, TABLE_LIST*))[0x56347f347e5f]
 
sql/sql_parse.cc:3559(mysql_execute_command(THD*))[0x56347f3331f9]
 
sql/sql_parse.cc:7763(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x56347f3511d8]
 
sql/sql_parse.cc:1830(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x56347f327f06]
 
sql/sql_parse.cc:1381(do_command(THD*))[0x56347f32492b]
 
sql/sql_connect.cc:1336(do_handle_one_connection(CONNECT*))[0x56347f6cd0f2]
 
sql/sql_connect.cc:1242(handle_one_connection)[0x56347f6cc9b3]
 
perfschema/pfs.cc:1871(pfs_spawn_thread)[0x563480b66822]
 
nptl/pthread_create.c:487(start_thread)[0x7f49894ecfa3]
 
x86_64/clone.S:97(clone)[0x7f4988e704cf]
 
 
 
Query (0x62b000000290): SELECT default(a) FROM v1

SELECT 1 FROM v1 where default(a)

10.5

 
210210 13:33:56 [ERROR] mysqld got signal 11 ;
 
Server version: 10.5.9-MariaDB-debug-log
 
 
 
sigaction.c:0(__restore_rt)[0x7fe0b4bcb3c0]
 
sql/sql_class.cc:3808(Query_arena::set_query_arena(Query_arena*))[0x55a3a83f1abb]
 
sql/sql_class.cc:3898(THD::set_n_backup_active_arena(Query_arena*, Query_arena*))[0x55a3a83f2a6a]
 
sql/field.cc:2580(Field::set_default())[0x55a3a8c83251]
 
sql/item.cc:9410(Item_default_value::calculate())[0x55a3a8db5bf0]
 
sql/item.cc:9428(Item_default_value::val_real())[0x55a3a8db5d54]
 
sql/sql_type.cc:5008(Type_handler_string_result::Item_val_bool(Item*) const)[0x55a3a8ac6de6]
 
sql/item.h:1490(Item::val_bool())[0x55a3a82477c0]
 
sql/item.h:1497(Item::eval_const_cond())[0x55a3a86a4474]
 
sql/sql_select.cc:17551(Item::remove_eq_conds(THD*, Item::cond_result*, bool))[0x55a3a8640a94]
 
sql/sql_select.cc:17101(optimize_cond(JOIN*, Item*, List<TABLE_LIST>*, bool, Item::cond_result*, COND_EQUAL**, int))[0x55a3a863def4]
 
sql/sql_select.cc:1999(JOIN::optimize_inner())[0x55a3a85cb6f3]
 
sql/sql_select.cc:1627(JOIN::optimize())[0x55a3a85c7530]
 
sql/sql_select.cc:4705(mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x55a3a85e7d27]
 
sql/sql_select.cc:417(handle_select(THD*, LEX*, select_result*, unsigned long))[0x55a3a85b975a]
 
sql/sql_parse.cc:6281(execute_sqlcom_select(THD*, TABLE_LIST*))[0x55a3a8522d56]
 
sql/sql_parse.cc:3977(mysql_execute_command(THD*))[0x55a3a8511c51]
 
sql/sql_parse.cc:8062(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x55a3a852e050]
 
sql/sql_parse.cc:1892(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x55a3a850433d]
 
sql/sql_parse.cc:1370(do_command(THD*))[0x55a3a8500c66]
 
sql/sql_connect.cc:1410(do_handle_one_connection(CONNECT*, bool))[0x55a3a8943540]
 
sql/sql_connect.cc:1314(handle_one_connection)[0x55a3a8942ea4]
 
perfschema/pfs.cc:2203(pfs_spawn_thread)[0x55a3a96513e5]
 
nptl/pthread_create.c:478(start_thread)[0x7fe0b4bbf609]
 
x86_64/clone.S:97(__GI___clone)[0x7fe0b4793293]
 
 
 
Query (0x62b0000a12a8): SELECT 1 FROM v1 where default(a)

Comment by Alice Sherepa [ 2021-08-25 ]

Test case from MDEV-26406, no view involved, but derived table:

CREATE TABLE t1 (v1 TIMESTAMP) SELECT 'x';
 
SELECT DEFAULT(v1) FROM ( SELECT v1 FROM t1 GROUP BY v1 ) dt ;

10.2 1f1d5606e08c928e3da98b

 
#3  <signal handler called>
 
#4  0x000055d610807ff0 in Query_arena::set_query_arena (this=0x7f5440000da8, set=0x0) at /10.2/src/sql/sql_class.cc:3564
 
#5  0x000055d61080844e in THD::set_n_backup_active_arena (this=0x7f5440000d90, set=0x0, backup=0x7f549379cda0) at /10.2/src/sql/sql_class.cc:3653
 
#6  0x000055d610aa2aff in Field::set_default (this=0x7f5440015418) at /10.2/src/sql/field.cc:2456
 
#7  0x000055d610b019a1 in Item_default_value::calculate (this=0x7f54400128f8) at /10.2/src/sql/item.cc:9040
 
#8  0x000055d610b01b04 in Item_default_value::send (this=0x7f54400128f8, protocol=0x7f5440001348, buffer=0x7f549379ce50) at /10.2/src/sql/item.cc:9076
 
#9  0x000055d61076e2eb in Protocol::send_result_set_row (this=0x7f5440001348, row_items=0x7f5440005200) at /10.2/src/sql/protocol.cc:992
 
#10 0x000055d61080538e in select_send::send_data (this=0x7f54400145a8, items=...) at /10.2/src/sql/sql_class.cc:2788
 
#11 0x000055d6108c1be2 in end_send (join=0x7f54400145c8, join_tab=0x0, end_of_records=false) at /10.2/src/sql/sql_select.cc:20067
 
#12 0x000055d6108be18a in do_select (join=0x7f54400145c8, procedure=0x0) at /10.2/src/sql/sql_select.cc:18396
 
#13 0x000055d610897f4b in JOIN::exec_inner (this=0x7f54400145c8) at /10.2/src/sql/sql_select.cc:3651
 
#14 0x000055d6108973f2 in JOIN::exec (this=0x7f54400145c8) at /10.2/src/sql/sql_select.cc:3446
 
#15 0x000055d6108985cc in mysql_select (thd=0x7f5440000d90, tables=0x7f5440013eb0, wild_num=0, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7f54400145a8, unit=0x7f5440004988, select_lex=0x7f54400050d8) at /10.2/src/sql/sql_select.cc:3849
 
#16 0x000055d61088c720 in handle_select (thd=0x7f5440000d90, lex=0x7f54400048c8, result=0x7f54400145a8, setup_tables_done_option=0) at /10.2/src/sql/sql_select.cc:361
 
#17 0x000055d610856d86 in execute_sqlcom_select (thd=0x7f5440000d90, all_tables=0x7f5440013eb0) at /10.2/src/sql/sql_parse.cc:6271
 
#18 0x000055d61084d8fa in mysql_execute_command (thd=0x7f5440000d90) at /10.2/src/sql/sql_parse.cc:3582
 
#19 0x000055d61085ab42 in mysql_parse (thd=0x7f5440000d90, rawbuf=0x7f5440012708 "SELECT DEFAULT(v1) FROM ( SELECT v1 FROM t1 GROUP BY v1 ) dt", length=60, parser_state=0x7f549379e560, is_com_multi=false, is_next_command=false) at /10.2/src/sql/sql_parse.cc:7793
 
#20 0x000055d610848d9d in dispatch_command (command=COM_QUERY, thd=0x7f5440000d90, packet=0x7f5440008b61 "", packet_length=61, is_com_multi=false, is_next_command=false) at /10.2/src/sql/sql_parse.cc:1827
 
#21 0x000055d610847898 in do_command (thd=0x7f5440000d90) at /10.2/src/sql/sql_parse.cc:1381
 
#22 0x000055d6109a3661 in do_handle_one_connection (connect=0x55d6148bed10) at /10.2/src/sql/sql_connect.cc:1336
 
#23 0x000055d6109a33c6 in handle_one_connection (arg=0x55d6148bed10) at /10.2/src/sql/sql_connect.cc:1241
 
#24 0x000055d6111ccec4 in pfs_spawn_thread (arg=0x55d6148a1fd0) at /10.2/src/storage/perfschema/pfs.cc:1869
 
#25 0x00007f549da65609 in start_thread (arg=<optimized out>) at pthread_create.c:477
 
#26 0x00007f549d640293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Comment by Oleksandr Byelkin [ 2021-09-15 ]

It appeared that temporary table has no mem_root and so it lead to crash

Comment by Oleksandr Byelkin [ 2021-09-15 ]

question if it is OK for temporary table to do not have a mem_root.

Comment by Oleksandr Byelkin [ 2022-04-20 ]

OK to push.

Generated at Thu Feb 08 09:04:03 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.