[MDEV-25814] Server crashes in Query_cache::process_and_count_tables upon query with SQL_CACHE and function modifying data Created: 2021-05-28  Updated: 2023-11-28

Status: Confirmed
Project: MariaDB Server
Component/s: Query Cache
Affects Version/s: 10.4, 10.5, 10.6, 10.7, 10.8, 10.9, 10.10, 10.11
Fix Version/s: 10.4, 10.5, 10.6

Type: Bug Priority: Major
Reporter: Elena Stepanova Assignee: Oleksandr Byelkin
Resolution: Unresolved Votes: 0
Labels: regression


 Description    

SET @qtype= @@global.query_cache_type;
 
SET GLOBAL query_cache_type= ON;
 
SET query_cache_type= ON;
 
 
 
--delimiter $
 
CREATE FUNCTION f() RETURNS INT
 
BEGIN
 
  DELETE FROM x;
 
  RETURN 1;
 
END $
 
--delimiter ;
 
 
 
CREATE TABLE t1 (a INT);
 
SELECT SQL_CACHE f() FROM t1;
 
 
 
# Cleanup
 
DROP FUNCTION f;
 
DROP TABLE t1;
 
SET GLOBAL query_cache_type= @qtype;

10.4 26f9ff0a

 
#3  <signal handler called>
 
#4  Query_cache::process_and_count_tables (this=0x561d4d4dcca0 <query_cache>, thd=0x7f18dc000d90, tables_used=0x7f18dc017628, tables_type=0x7f18ede2b613 "") at /data/src/10.4/sql/sql_cache.cc:4109
 
#5  0x0000561d4bccc5af in Query_cache::is_cacheable (this=0x561d4d4dcca0 <query_cache>, thd=0x7f18dc000d90, lex=0x7f18dc004c10, tables_used=0x7f18dc016428, tables_type=0x7f18ede2b613 "") at /data/src/10.4/sql/sql_cache.cc:4165
 
#6  0x0000561d4bcc4a7c in Query_cache::store_query (this=0x561d4d4dcca0 <query_cache>, thd=0x7f18dc000d90, tables_used=0x7f18dc016428) at /data/src/10.4/sql/sql_cache.cc:1408
 
#7  0x0000561d4bd5b598 in execute_sqlcom_select (thd=0x7f18dc000d90, all_tables=0x7f18dc016428) at /data/src/10.4/sql/sql_parse.cc:6445
 
#8  0x0000561d4bd51dca in mysql_execute_command (thd=0x7f18dc000d90) at /data/src/10.4/sql/sql_parse.cc:3965
 
#9  0x0000561d4bd5f5eb in mysql_parse (thd=0x7f18dc000d90, rawbuf=0x7f18dc0147a8 "SELECT SQL_CACHE f() FROM t1", length=28, parser_state=0x7f18ede2c4d0, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:7992
 
#10 0x0000561d4bd4b92b in dispatch_command (command=COM_QUERY, thd=0x7f18dc000d90, packet=0x7f18dc00ac01 "SELECT SQL_CACHE f() FROM t1", packet_length=28, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:1857
 
#11 0x0000561d4bd4a191 in do_command (thd=0x7f18dc000d90) at /data/src/10.4/sql/sql_parse.cc:1373
 
#12 0x0000561d4bedb218 in do_handle_one_connection (connect=0x561d4ef81f20) at /data/src/10.4/sql/sql_connect.cc:1412
 
#13 0x0000561d4bedaf61 in handle_one_connection (arg=0x561d4ef81f20) at /data/src/10.4/sql/sql_connect.cc:1316
 
#14 0x0000561d4c908e46 in pfs_spawn_thread (arg=0x561d4ef5ad20) at /data/src/10.4/storage/perfschema/pfs.cc:1869
 
#15 0x00007f18f44c2609 in start_thread (arg=<optimized out>) at pthread_create.c:477
 
#16 0x00007f18f4096293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Fails the same way on 10.4-10.6 debug, release and ASAN builds.
The failure was introduced in 10.4.0 by this commit:

commit de745ecf29721795710910a19bd0ea3389da804c
 
Author: Oleksandr Byelkin
 
Date:   Tue May 22 19:08:39 2018 +0200
 
 
 
    MDEV-11953: support of brackets in UNION/EXCEPT/INTERSECT operations


Generated at Thu Feb 08 09:40:36 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.