[MDEV-23453] Server crash in Item_field::type_handler upon 3rd execution of PS with FOR PORTION Created: 2020-08-11  Updated: 2023-11-28

Status: Confirmed
Project: MariaDB Server
Component/s: Stored routines, Versioned Tables
Affects Version/s: 10.4, 10.5, 10.6, 10.9, 10.10, 10.11, 11.0, 11.1, 11.2
Fix Version/s: 10.4, 10.5, 10.6, 10.11, 11.0, 11.1, 11.2

Type: Bug Priority: Major
Reporter: Elena Stepanova Assignee: Nikita Malyavin
Resolution: Unresolved Votes: 0
Labels: None

Issue Links:
Relates
relates to MDEV-20762 Server crashes in Item_field::type_ha... Closed
relates to MDEV-26434 MariaDB Server SEGV in setup_copy_fields Closed

 Description    

CREATE TABLE t1 (id INT PRIMARY KEY, f INT, s DATETIME, e DATETIME, PERIOD FOR p(s,e));
 
INSERT INTO t1 VALUES (1,0,'1978-08-06','1990-05-26');
 
CREATE PROCEDURE sp() UPDATE t1 FOR PORTION OF p FROM '1980-12-29' TO '1994-08-09' SET f = NULL;
 
--error ER_DUP_ENTRY
 
CALL sp;
 
UPDATE t1 SET s = '2021-07-13', e = '2035-07-16';
 
CALL sp;
 
UPDATE t1 SET s = '1975-08-28', e = '2015-09-01';
 
CALL sp;
 
 
 
# Cleanup
 
DROP TABLE t1;
 
DROP PROCEDURE sp;

10.4 eae968f6

 
#3  <signal handler called>
 
#4  0x00005582f9963ab9 in Item_field::type_handler (this=0x7fd778075c70) at /data/src/10.4/sql/item.h:3395
 
#5  0x00005582f94ef61d in Item::field_type (this=0x7fd778075c70) at /data/src/10.4/sql/item.h:1043
 
#6  0x00005582f97e2186 in Temporal_with_date::make_from_item (this=0x7fd7895240f0, thd=0x7fd778000af0, item=0x7fd778075c70, fuzzydate=...) at /data/src/10.4/sql/sql_type.cc:860
 
#7  0x00005582f94a85bc in Temporal_with_date::Temporal_with_date (this=0x7fd7895240f0, thd=0x7fd778000af0, item=0x7fd778075c70, fuzzydate=...) at /data/src/10.4/sql/sql_type.h:1868
 
#8  0x00005582f94a8758 in Datetime::Datetime (this=0x7fd7895240f0, thd=0x7fd778000af0, item=0x7fd778075c70, fuzzydate=...) at /data/src/10.4/sql/sql_type.h:2111
 
#9  0x00005582f94a97b0 in Item::val_datetime_packed (this=0x7fd778075c70, thd=0x7fd778000af0) at /data/src/10.4/sql/item.h:1786
 
#10 0x00005582f96dac54 in cut_fields_for_portion_of_time (thd=0x7fd778000af0, table=0x7fd77800a5a0, period_conds=...) at /data/src/10.4/sql/sql_update.cc:311
 
#11 0x00005582f96dd3fc in mysql_update (thd=0x7fd778000af0, table_list=0x7fd7780662f0, fields=..., values=..., conds=0x7fd778073950, order_num=0, order=0x0, limit=18446744073709551615, ignore=false, found_return=0x7fd7895248d0, updated_return=0x7fd789524990) at /data/src/10.4/sql/sql_update.cc:989
 
#12 0x00005582f95cd519 in mysql_execute_command (thd=0x7fd778000af0) at /data/src/10.4/sql/sql_parse.cc:4367
 
#13 0x00005582f94dd668 in sp_instr_stmt::exec_core (this=0x7fd778066b78, thd=0x7fd778000af0, nextp=0x7fd78952509c) at /data/src/10.4/sql/sp_head.cc:3687
 
#14 0x00005582f94dca3d in sp_lex_keeper::reset_lex_and_exec_core (this=0x7fd778066bc0, thd=0x7fd778000af0, nextp=0x7fd78952509c, open_tables=false, instr=0x7fd778066b78) at /data/src/10.4/sql/sp_head.cc:3419
 
#15 0x00005582f94dd22c in sp_instr_stmt::execute (this=0x7fd778066b78, thd=0x7fd778000af0, nextp=0x7fd78952509c) at /data/src/10.4/sql/sp_head.cc:3593
 
#16 0x00005582f94d6a24 in sp_head::execute (this=0x7fd778065398, thd=0x7fd778000af0, merge_da_on_success=true) at /data/src/10.4/sql/sp_head.cc:1364
 
#17 0x00005582f94d9759 in sp_head::execute_procedure (this=0x7fd778065398, thd=0x7fd778000af0, args=0x7fd7780058e0) at /data/src/10.4/sql/sp_head.cc:2370
 
#18 0x00005582f95c90db in do_execute_sp (thd=0x7fd778000af0, sp=0x7fd778065398) at /data/src/10.4/sql/sql_parse.cc:3005
 
#19 0x00005582f95c9d5a in Sql_cmd_call::execute (this=0x7fd778013240, thd=0x7fd778000af0) at /data/src/10.4/sql/sql_parse.cc:3247
 
#20 0x00005582f95d40fe in mysql_execute_command (thd=0x7fd778000af0) at /data/src/10.4/sql/sql_parse.cc:6098
 
#21 0x00005582f95d95ef in mysql_parse (thd=0x7fd778000af0, rawbuf=0x7fd778013198 "CALL sp", length=7, parser_state=0x7fd789526570, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:7896
 
#22 0x00005582f95c5b24 in dispatch_command (command=COM_QUERY, thd=0x7fd778000af0, packet=0x7fd7781364f1 "CALL sp", packet_length=7, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:1835
 
#23 0x00005582f95c42c6 in do_command (thd=0x7fd778000af0) at /data/src/10.4/sql/sql_parse.cc:1353
 
#24 0x00005582f974d958 in do_handle_one_connection (connect=0x5582fd72cce0) at /data/src/10.4/sql/sql_connect.cc:1412
 
#25 0x00005582f974d6a7 in handle_one_connection (arg=0x5582fd72cce0) at /data/src/10.4/sql/sql_connect.cc:1316
 
#26 0x00005582fa15082f in pfs_spawn_thread (arg=0x5582fd748900) at /data/src/10.4/storage/perfschema/pfs.cc:1869
 
#27 0x00007fd7913054a4 in start_thread (arg=0x7fd789527700) at pthread_create.c:456
 
#28 0x00007fd78f439d0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97

Reproducible on 10.4-10.5, non-debug, debug and ASAN alike, with at least InnoDB, MyISAM, Aria.

 Comments   
Comment by Alice Sherepa [ 2021-08-25 ]

Currently test fails on 10.4-10.6 with the assertion `fixed == 1' in Item_field::val_datetime_packed:

10.4 2b66cd249384221e2a89

 
mysqld: /10.4/src/sql/item.cc:3242: virtual longlong Item_field::val_datetime_packed(THD*): Assertion `fixed == 1' failed.
 
210825 12:56:11 [ERROR] mysqld got signal 6 ;
 
 
 
linux/raise.c:51(__GI_raise)[0x7f2f5ea9918b]
 
stdlib/abort.c:81(__GI_abort)[0x7f2f5ea78859]
 
intl/loadmsgcat.c:509(get_sysdep_segment_value)[0x7f2f5ea78729]
 
:0(__GI___assert_fail)[0x7f2f5ea89f36]
 
sql/item.cc:3243(Item_field::val_datetime_packed(THD*))[0x556f7ba3f253]
 
sql/sql_update.cc:319(cut_fields_for_portion_of_time(THD*, TABLE*, vers_select_conds_t const&))[0x556f7b494cf3]
 
sql/sql_update.cc:1011(mysql_update(THD*, TABLE_LIST*, List<Item>&, List<Item>&, Item*, unsigned int, st_order*, unsigned long long, bool, unsigned long long*, unsigned long long*))[0x556f7b49add0]
 
sql/sql_parse.cc:4434(mysql_execute_command(THD*))[0x556f7b1d036c]
 
sql/sp_head.cc:3686(sp_instr_stmt::exec_core(THD*, unsigned int*))[0x556f7af89f12]
 
sql/sp_head.cc:3418(sp_lex_keeper::reset_lex_and_exec_core(THD*, unsigned int*, bool, sp_instr*))[0x556f7af88689]
 
sql/sp_head.cc:3592(sp_instr_stmt::execute(THD*, unsigned int*))[0x556f7af89678]
 
sql/sp_head.cc:1364(sp_head::execute(THD*, bool))[0x556f7af7abb1]
 
sql/sp_head.cc:2370(sp_head::execute_procedure(THD*, List<Item>*))[0x556f7af80d8a]
 
sql/sql_parse.cc:3052(do_execute_sp(THD*, sp_head*))[0x556f7b1c6c29]
 
sql/sql_parse.cc:3294(Sql_cmd_call::execute(THD*))[0x556f7b1c8832]
 
sql/sql_parse.cc:6192(mysql_execute_command(THD*))[0x556f7b1dd78a]
 
sql/sql_parse.cc:7995(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x556f7b1e92d7]
 
sql/sql_parse.cc:1860(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x556f7b1bfa53]
 
sql/sql_parse.cc:1373(do_command(THD*))[0x556f7b1bc4d0]
 
sql/sql_connect.cc:1420(do_handle_one_connection(CONNECT*))[0x556f7b5b5b39]
 
sql/sql_connect.cc:1317(handle_one_connection)[0x556f7b5b5292]
 
perfschema/pfs.cc:1871(pfs_spawn_thread)[0x556f7cc86df9]
 
nptl/pthread_create.c:478(start_thread)[0x7f2f5efa0609]
 
x86_64/clone.S:97(__GI___clone)[0x7f2f5eb75293]
 
 
 
Query (0x625000138990): UPDATE t1 FOR PORTION OF p FROM '1980-12-29' TO '1994-08-09' SET f = NULL

Comment by Alice Sherepa [ 2023-10-09 ] 

mariadbd: /11.2/src/sql/item.cc:3405: virtual longlong Item_field::val_datetime_packed(THD*): Assertion `fixed()' failed.
 
231009 12:33:59 [ERROR] mysqld got signal 6 ;
 
 
 
Server version: 11.2.2-MariaDB-debug-log source revision: 872ed5342d8f1ec02f8f8a7a25a606e4ff512234
 
 
 
/lib/x86_64-linux-gnu/libc.so.6(+0x33fd6)[0x7fecd078cfd6]
 
sql/item.cc:3406(Item_field::val_datetime_packed(THD*))[0x55edfdddb149]
 
sql/sql_update.cc:315(cut_fields_for_portion_of_time(THD*, TABLE*, vers_select_conds_t const&))[0x55edfd79f431]
 
sql/sql_update.cc:927(Sql_cmd_update::update_single_table(THD*))[0x55edfd7a4ceb]
 
sql/sql_update.cc:3072(Sql_cmd_update::execute_inner(THD*))[0x55edfd7b9ea7]
 
sql/sql_select.cc:33407(Sql_cmd_dml::execute(THD*))[0x55edfd5fac0b]
 
sql/sql_parse.cc:4404(mysql_execute_command(THD*, bool))[0x55edfd41449e]
 
sql/sp_instr.cc:956(sp_instr_stmt::exec_core(THD*, unsigned int*))[0x55edfdad401d]
 
sql/sp_instr.cc:296(sp_lex_keeper::reset_lex_and_exec_core(THD*, unsigned int*, bool, sp_instr*, bool))[0x55edfdacfec3]
 
sql/sp_instr.cc:476(sp_lex_keeper::validate_lex_and_exec_core(THD*, unsigned int*, bool, sp_lex_instr*))[0x55edfdad1110]
 
sql/sp_instr.cc:862(sp_instr_stmt::execute(THD*, unsigned int*))[0x55edfdad376d]
 
sql/sp_head.cc:1277(sp_head::execute(THD*, bool))[0x55edfd1a1667]
 
sql/sp_head.cc:2264(sp_head::execute_procedure(THD*, List<Item>*))[0x55edfd1a78c7]
 
sql/sql_parse.cc:3035(do_execute_sp(THD*, sp_head*))[0x55edfd40af20]
 
sql/sql_parse.cc:3280(Sql_cmd_call::execute(THD*))[0x55edfd40cb0e]
 
sql/sql_parse.cc:5775(mysql_execute_command(THD*, bool))[0x55edfd41eb11]
 
sql/sql_parse.cc:7810(mysql_parse(THD*, char*, unsigned int, Parser_state*))[0x55edfd42bdb7]
 
sql/sql_parse.cc:1895(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool))[0x55edfd40415e]
 
sql/sql_parse.cc:1406(do_command(THD*, bool))[0x55edfd400ea8]
 
sql/sql_connect.cc:1445(do_handle_one_connection(CONNECT*, bool))[0x55edfd8df8f9]
 
sql/sql_connect.cc:1349(handle_one_connection)[0x55edfd8df256]
 
perfschema/pfs.cc:2203(pfs_spawn_thread)[0x55edfe54d722]
 
nptl/pthread_create.c:478(start_thread)[0x7fecd0ca7609]
 
 
 
Query (0x6250001a41a8): UPDATE t1 FOR PORTION OF p FROM '1980-12-29' TO '1994-08-09' SET f = NULL
 
 

Generated at Thu Feb 08 09:22:31 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.