[MDEV-7765] Crash (Assertion `!table || (!table->write_set || bitmap_is_set(table->write_set, field_index) || bitmap_is_set(table->vcol_set, field_index))' fails) on using function over not created table Created: 2015-03-12  Updated: 2016-02-09  Resolved: 2016-02-09

Status: Closed
Project: MariaDB Server
Component/s: Data Definition - Procedure
Affects Version/s: 5.5.42, 10.0.17, 10.1.2
Fix Version/s: 5.5.48, 10.0.24, 10.1.12

Type: Bug Priority: Major
Reporter: Oleksandr Byelkin Assignee: Oleksandr Byelkin
Resolution: Fixed Votes: 0
Labels: upstream

Sprint: 5.5.47-1, 5.5.48-0

 Description    

DELIMITER |;
 
CREATE function f1() returns int
 
BEGIN
 
  declare n int;
 
  set n:= (select count(*) from t1);
 
  return n;
 
end|
 
DELIMITER ;|
 
create table t1 as select  f1();
 
select * from t1;
 
drop table t1;
 
 
 
drop function f1;
 

5.5/sql/field.cc:3604: virtual int Field_long::store(longlong, bool): Assertion `!table || (!table->write_set || bitmap_is_set(table->write_set, field_index) || bitmap_is_set(table->vcol_set, field_index))' failed.
 

Thread 1 (Thread 0x7feebd57a700 (LWP 10140)):
 
#0  0x00007feec1042621 in __pthread_kill (threadid=<optimized out>, signo=6) at ../nptl/sysdeps/unix/sysv/linux/pthread_kill.c:61
 
#1  0x0000000000cc3cbc in my_write_core (sig=6) at /home/bell/maria/bzr/work-maria-5.5-test/mysys/stacktrace.c:457
 
#2  0x00000000007c4226 in handle_fatal_signal (sig=6) at /home/bell/maria/bzr/work-maria-5.5-test/sql/signal_handler.cc:262
 
#3  <signal handler called>
 
#4  0x00007feec069ccc9 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
 
#5  0x00007feec06a00d8 in __GI_abort () at abort.c:89
 
#6  0x00007feec0695b86 in __assert_fail_base (fmt=0x7feec07e6830 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0xdbe2b8 "!table || (!table->write_set || bitmap_is_set(table->write_set, field_index) || bitmap_is_set(table->vcol_set, field_index))", file=file@entry=0xdbe0d0 "/home/bell/maria/bzr/work-maria-5.5-test/sql/field.cc", line=line@entry=3604, function=function@entry=0xdc01e0 <Field_long::store(long long, bool)::__PRETTY_FUNCTION__> "virtual int Field_long::store(longlong, bool)") at assert.c:92
 
#7  0x00007feec0695c32 in __GI___assert_fail (assertion=0xdbe2b8 "!table || (!table->write_set || bitmap_is_set(table->write_set, field_index) || bitmap_is_set(table->vcol_set, field_index))", file=0xdbe0d0 "/home/bell/maria/bzr/work-maria-5.5-test/sql/field.cc", line=3604, function=0xdc01e0 <Field_long::store(long long, bool)::__PRETTY_FUNCTION__> "virtual int Field_long::store(longlong, bool)") at assert.c:101
 
#8  0x00000000007a0fda in Field_long::store (this=0x7feeb4025fd8, nr=0, unsigned_val=false) at /home/bell/maria/bzr/work-maria-5.5-test/sql/field.cc:3604
 
#9  0x00000000007e2788 in Item::save_in_field (this=0x7feeb4007d98, field=0x7feeb4025fd8, no_conversions=false) at /home/bell/maria/bzr/work-maria-5.5-test/sql/item.cc:6063
 
#10 0x00000000005b0fcc in fill_record (thd=0x28e87b0, ptr=0x7feeb4025fd0, values=..., ignore_errors=true, use_value=false) at /home/bell/maria/bzr/work-maria-5.5-test/sql/sql_base.cc:9167
 
#11 0x00000000005b1159 in fill_record_n_invoke_before_triggers (thd=0x28e87b0, ptr=0x7feeb4025fc8, values=..., ignore_errors=true, triggers=0x0, event=TRG_EVENT_INSERT) at /home/bell/maria/bzr/work-maria-5.5-test/sql/sql_base.cc:9217
 
#12 0x00000000005eeff4 in select_create::store_values (this=0x7feeb4009060, values=...) at /home/bell/maria/bzr/work-maria-5.5-test/sql/sql_insert.cc:4175
 
#13 0x00000000005ed1fb in select_insert::send_data (this=0x7feeb4009060, values=...) at /home/bell/maria/bzr/work-maria-5.5-test/sql/sql_insert.cc:3567
 
#14 0x00000000006391ea in JOIN::exec (this=0x7feeb4023de8) at /home/bell/maria/bzr/work-maria-5.5-test/sql/sql_select.cc:2281
 
#15 0x000000000063c077 in mysql_select (thd=0x28e87b0, rref_pointer_array=0x28ec420, tables=0x0, wild_num=0, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2416184064, result=0x7feeb4009060, unit=0x28ebad0, select_lex=0x28ec1b0) at /home/bell/maria/bzr/work-maria-5.5-test/sql/sql_select.cc:3094
 
#16 0x0000000000632721 in handle_select (thd=0x28e87b0, lex=0x28eba20, result=0x7feeb4009060, setup_tables_done_option=0) at /home/bell/maria/bzr/work-maria-5.5-test/sql/sql_select.cc:319
 
#17 0x0000000000604122 in mysql_execute_command (thd=0x28e87b0) at /home/bell/maria/bzr/work-maria-5.5-test/sql/sql_parse.cc:2622
 
#18 0x000000000060d2dd in mysql_parse (thd=0x28e87b0, rawbuf=0x7feeb40074c8 "create table t1 as select  f1()", length=31, parser_state=0x7feebd579630) at /home/bell/maria/bzr/work-maria-5.5-test/sql/sql_parse.cc:5909
 
#19 0x00000000006006cc in dispatch_command (command=COM_QUERY, thd=0x28e87b0, packet=0x2959a91 "create table t1 as select  f1()", packet_length=31) at /home/bell/maria/bzr/work-maria-5.5-test/sql/sql_parse.cc:1079
 
#20 0x00000000005ff81c in do_command (thd=0x28e87b0) at /home/bell/maria/bzr/work-maria-5.5-test/sql/sql_parse.cc:793
 
#21 0x000000000070cbb2 in do_handle_one_connection (thd_arg=0x28e87b0) at /home/bell/maria/bzr/work-maria-5.5-test/sql/sql_connect.cc:1266
 
#22 0x000000000070c684 in handle_one_connection (arg=0x28e87b0) at /home/bell/maria/bzr/work-maria-5.5-test/sql/sql_connect.cc:1181
 
#23 0x0000000000c1788e in pfs_spawn_thread (arg=0x28f1e80) at /home/bell/maria/bzr/work-maria-5.5-test/storage/perfschema/pfs.cc:1015
 
#24 0x00007feec103d182 in start_thread (arg=0x7feebd57a700) at pthread_create.c:312
 
#25 0x00007feec076047d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111



 Comments   
Comment by Oleksandr Byelkin [ 2016-02-08 ]

Preparation of the table as it should set all write bits for table we are going to write in, but then stored procedure came to the play and reset all tables including the table we are writing in. Because it also uses the table t1 (which is kind of created as temporary one).

IMHO it should return an error or do not touch the same instance of t1...

Comment by Oleksandr Byelkin [ 2016-02-09 ]

INSERT / UPDATE t1 with the same function works, so CREATE ... SELECT should.

Comment by Oleksandr Byelkin [ 2016-02-09 ]

Repeatable on MySQL 5.6 & 5.7

Comment by Oleksandr Byelkin [ 2016-02-09 ]

Opening table in the routine decides to use already opened by create table table.

Comment by Oleksandr Byelkin [ 2016-02-09 ]

Above become possible because we have no query id set in the table we created (i.e. it is not marked as used).

Comment by Oleksandr Byelkin [ 2016-02-09 ]

revision-id: f623aa6267619db41a8be0af48bacccd87a44d68 (mariadb-5.5.47-37-gf623aa6)
parent(s): c4cb24006139bb6a619ca9d6b00d00c2275d2c28
committer: Oleksandr Byelkin
timestamp: 2016-02-09 13:50:48 +0100
message:

MDEV-7765: Crash (Assertion `!table || (!table->write_set || bitmap_is_set(table->write_set, field_index) || bitmap_is_set(table->vcol_set, field_index))' fails) on using function over not created table

Problem was that created table was not marked as used (not set query_id) and so opening tables for stored function pick it up (as opened place holder for it) and used changing TABLE internals.

Comment by Sergei Golubchik [ 2016-02-09 ]

ok to push

Generated at Thu Feb 08 07:22:06 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.