| Bug #11600 | Stored procedures: crash with function calling itself | ||
|---|---|---|---|
| Submitted: | 28 Jun 2005 1:55 | Modified: | 8 Jul 2005 18:53 |
| Reporter: | Peter Gulutzan | Email Updates: | |
| Status: | Duplicate | Impact on me: | |
| Category: | MySQL Server | Severity: | S3 (Non-critical) |
| Version: | 5.0.9-beta-debug | OS: | Linux (SUSE 9.2) |
| Assigned to: | Assigned Account | CPU Architecture: | Any |
[28 Jun 2005 1:55]
Peter Gulutzan
[28 Jun 2005 2:40]
MySQL Verification Team
Backtrace on Linux Slackware 10.1:
050627 23:37:32 [Note] /home/miguel/dbs/5.0/libexec/mysqld: ready for connections.
Version: '5.0.9-beta-debug' socket: '/tmp/mysql.sock' port: 3306 Source distribution
[New Thread 180236 (LWP 1902)]
mysqld: sql_prepare.cc:1861: void reinit_stmt_before_use(THD*, LEX*): Assertion `sl->join == 0' failed.
Program received signal SIGABRT, Aborted.
[Switching to Thread 180236 (LWP 1902)]
0x40269ef1 in kill () from /lib/libc.so.6
(gdb) backtrace full
#0 0x40269ef1 in kill () from /lib/libc.so.6
No symbol table info available.
#1 0x4018fbb1 in pthread_kill () from /lib/libpthread.so.0
No symbol table info available.
#2 0x4018ff2b in raise () from /lib/libpthread.so.0
No symbol table info available.
#3 0x40269b24 in raise () from /lib/libc.so.6
No symbol table info available.
#4 0x4026b3fd in abort () from /lib/libc.so.6
No symbol table info available.
#5 0x4026300f in __assert_fail () from /lib/libc.so.6
No symbol table info available.
#6 0x082421e4 in reinit_stmt_before_use (thd=0x8e0ad28, lex=0x8e4f9d0) at sql_prepare.cc:1861
order = (ORDER *) 0x856011e
sl = (SELECT_LEX *) 0x8e457c0
_db_func_ = 0x855ffbb "\211C<\213U\b\213E\f\211B0\213U\b\213E\020\211B4\203ì\fÿu\bèM¡½ÿ\203Ä\020\213Eø\213]üÉÃU\211å\203ì\b\203ì\fÿu\bèá\230½ÿ\203Ä\020\213E\b\203x8"
_db_file_ = 0xbe3fdefc ",ß?¾\227\0352\b(à\bÐùä\b\235\005"
_db_level_ = 180236
_db_framep_ = (char **) 0x87936c0
#7 0x08321d97 in sp_lex_keeper::reset_lex_and_exec_core (this=0x8e46518, thd=0x8e0ad28, nextp=0xbe3fdff4, open_tables=true, instr=0x8e464f0)
at sp_head.cc:1449
res = 0
#8 0x08322957 in sp_instr_freturn::execute (this=0x8e464f0, thd=0x8e0ad28, nextp=0xbe3fdff4) at sp_head.cc:1791
_db_func_ = 0x8e41590 "Hà\b"
_db_file_ = 0x8e0ad28 "HS[\b(0y\b,0y\bXS[\b"
_db_level_ = 137492742
_db_framep_ = (char **) 0x0
#9 0x0831fa88 in sp_head::execute (this=0x8e45520, thd=0x8e0ad28) at sp_head.cc:645
i = (sp_instr *) 0x8e464f0
hip = 0
_db_func_ = 0x831fdab "\203Ä \203=TVz\b"
_db_file_ = 0xbe3fe15c "\034â?¾®Â\026\b Uä\b(à\b¥¥¥¥"
_db_level_ = 0
_db_framep_ = (char **) 0x8e415bc
olddb = "qüf\b\022üf\b\\à?¾GwT\bÜ\000\000\000Là?¾Hà?¾Dà?¾", '\0' <repeats 12 times>, "È\037\000\000\004á?¾\200\025ä\bÐ\025ä\bÝ\002\024\bû\003\031@ô_\031@\\à?¾Ð\025ä\b\220\025ä\b\\¯à\b|à?¾ÈK\031\b\004á?¾\000\000\000\000\234à?¾7Ì\033\bÐ\025ä\b\004á?¾\234à?¾\237[2\b"
dbchanged = false
ctx = (sp_rcontext *) 0x8e41590
---Type <return> to continue, or q <return> to quit---
ret = 0
ip = 0
old_arena = (class Query_arena *) 0x8e464f0
old_query_id = 13
old_derived_tables = (TABLE *) 0x0
old_lex = (LEX *) 0x8e4f9d0
old_change_list = {<base_ilist> = {first = 0x8e0bf4c, last = {_vptr.ilink = 0x85b5588, prev = 0x8e0bf48,
next = 0x0}}, <No data fields>}
old_packet = {Ptr = 0x0, str_length = 0, Alloced_length = 0, alloced = false, str_charset = 0x8788a20}
#10 0x0832008c in sp_head::execute_function (this=0x8e45520, thd=0x8e0ad28, argp=0xa5a5a5a5, argcount=0, resp=0xbe3fe244) at sp_head.cc:769
_db_func_ = 0x832346f "\203Ä\020\205Àu\002ë\004ÆEû\001\212Uû\213Eü\210\020\213E\020\2008"
_db_file_ = 0xbe3fe16c "¥¥¥¥"
_db_level_ = 148942684
_db_framep_ = (char **) 0x1903fb
csize = 0
params = 0
hmax = 0
cmax = 0
octx = (sp_rcontext *) 0x8e3f5a8
nctx = (sp_rcontext *) 0x8e41590
i = 0
ret = 0
call_mem_root = {free = 0x8e41580, used = 0x0, pre_alloc = 0x0, min_malloc = 32, block_size = 8136, block_num = 5,
first_block_usage = 0, error_handler = 0}
call_arena = {_vptr.Query_arena = 0x85b50e8, free_list = 0x0, mem_root = 0xbe3fe104, is_backup_arena = false,
state = INITIALIZED_FOR_SP}
backup_arena = {_vptr.Query_arena = 0x85b50e8, free_list = 0x8e403c8, mem_root = 0x8e0ad48, is_backup_arena = true,
state = INITIALIZED_FOR_SP}
#11 0x0816c2ae in Item_func_sp::execute (this=0x8e45b20, itp=0xbe3fe244) at item_func.cc:4851
tmp_disable_binlog__save_options = 2191542784
_db_func_ = 0x81a2fbf "\203Ä\020\213U\b\213E\034\211BD\213U\b\213E\020\211BH\213U\b\212Eÿ\210BN\213U\b\213E\b\203x\b"
_db_file_ = 0xbe3fe23c "\214â?¾b7\"\bB\024"
_db_level_ = 0
_db_framep_ = (char **) 0x8e08600
thd = (class THD *) 0x8e0ad28
old_client_capabilites = 108165
res = -1
save_in_sub_stmt = true
nsok = 1 '\001'
---Type <return> to continue, or q <return> to quit---
save_ctx = {changed = false, master_access = 11, db_access = 149185144, priv_user = 0x40190250 "\211Â1À\201þÿ\003",
priv_host = "è[ä\b dä\bÌá?¾\000\000\000\000 dä\b(à\bÜá?¾Ñ]\033\bP\205à\b\217\000\000\000¸#ã\b\000\000\000\000ä\205à\bP\205à\büá?¾ ",
user = 0x8e08550 '\217' <repeats 84 times>, host = 0x0, ip = 0xbe3fe208 ""}
#12 0x0816c012 in Item_func_sp::execute (this=0x8e45b20, flp=0x8e45b9c) at item_func.cc:4786
it = (class Item *) 0x1442
f = (class Field *) 0x8223762
#13 0x0816fd78 in Item_func_sp::val_int (this=0x8e45b20) at item_func.h:1338
No locals.
#14 0x0814f110 in Item::val_int_result (this=0x8e45b20) at item.h:435
No locals.
#15 0x0814be4e in Item_cache_int::store (this=0x8e403c8, item=0x8e45b20) at item.cc:4844
No locals.
#16 0x08199b25 in Item_singlerow_subselect::store (this=0x8e46410, i=0, item=0x8e45b20) at item_subselect.cc:392
No locals.
#17 0x081bbd75 in select_singlerow_subselect::send_data (this=0x8e46490, items=@0x8e45830) at sql_class.cc:1294
i = 0
_db_func_ = 0x822dd0d "\203Ä \200}ÿ"
_db_file_ = 0xbe3fe38c "Üã?¾\213¿\"\bèõã\bÐ\211à\b"
_db_level_ = 0
_db_framep_ = (char **) 0x2aa
it = (class Item_singlerow_subselect *) 0x8e46410
li = {<base_list_iterator> = {list = 0x8e45830, el = 0x8e46270, prev = 0x0, current = 0x0}, <No data fields>}
val_item = (class Item *) 0x8e45b20
#18 0x0822dde4 in end_send (join=0x8e3f5e8, join_tab=0x8e089d0, end_of_records=false) at sql_select.cc:10070
error = 0
_db_func_ = 0x822dcda "U\211å\203ìH\213E\020\210Eÿ\203ì\004\215EìP\215EðP\215EôP\215EøPhL'"
_db_file_ = 0xbdc6 <Address 0xbdc6 out of bounds>
_db_level_ = 3191858140
_db_framep_ = (char **) 0x8e3f5e8
#19 0x0822bf8b in do_select (join=0x8e3f5e8, fields=0x8e45830, table=0x0, procedure=0x0) at sql_select.cc:9040
end_select = 0x822dcda <end_send>
rc = 0
error = NESTED_LOOP_OK
join_tab = (JOIN_TAB *) 0x8e089d0
_db_func_ = 0xbe3fe3f4 "èõã\b"
_db_file_ = 0x8e403c8 "¨×X\b"
_db_level_ = 135599133
_db_framep_ = (char **) 0x8e3f5e8
#20 0x0821a875 in JOIN::exec (this=0x8e3f5e8) at sql_select.cc:1654
---Type <return> to continue, or q <return> to quit---
tmp_error = -1
_db_func_ = 0xffffffff <Address 0xffffffff out of bounds>
_db_file_ = 0x8e458f8 "(¨X\b"
_db_level_ = 149157352
_db_framep_ = (char **) 0x8e457c0
curr_join = (JOIN *) 0x8e3f5e8
curr_all_fields = (List<Item> *) 0x8e40314
curr_fields_list = (List<Item> *) 0x8e45830
curr_tmp_table = (TABLE *) 0x0
#21 0x0819c985 in subselect_single_select_engine::exec (this=0x8e464a0) at item_subselect.cc:1463
_db_func_ = 0x2000 <Address 0x2000 out of bounds>
_db_file_ = 0x8e464a0 "\báZ\b\220dä\b(à\b\020dä\b\002"
_db_level_ = 135893474
_db_framep_ = (char **) 0xbe3fe4bc
save_where = 0x85f8955 "order clause"
save_select = (SELECT_LEX *) 0x8e4fbc4
#22 0x08199286 in Item_subselect::exec (this=0x8e46410) at item_subselect.cc:204
res = -1103108892
old_root = (MEM_ROOT *) 0xbe3feb04
#23 0x08199dec in Item_singlerow_subselect::val_int (this=0x8e46410) at item_subselect.cc:470
No locals.
#24 0x0831e05d in sp_eval_func_item (thd=0x8e0ad28, it_addr=0x8e46510, type=MYSQL_TYPE_LONG, reuse=0x0) at sp_head.cc:154
i = 149223888
_db_func_ = 0x820bd00 "\203Ä\020ÇEè"
_db_file_ = 0xbe3fe8fc ",é?¾\004\0362\bðdä\b(à\bôé?¾"
_db_level_ = 0
_db_framep_ = (char **) 0x0
it = (class Item *) 0x8e46410
rsize = 4188412
#25 0x08322979 in sp_instr_freturn::exec_core (this=0x8e464f0, thd=0x8e0ad28, nextp=0xbe3fe9f4) at sp_head.cc:1801
it = (class Item *) 0x1
res = 0
#26 0x08321e04 in sp_lex_keeper::reset_lex_and_exec_core (this=0x8e46518, thd=0x8e0ad28, nextp=0xbe3fe9f4, open_tables=true, instr=0x8e464f0)
at sp_head.cc:1461
res = 0
#27 0x08322957 in sp_instr_freturn::execute (this=0x8e464f0, thd=0x8e0ad28, nextp=0xbe3fe9f4) at sp_head.cc:1791
_db_func_ = 0x8e3f5a8 "Hà\b"
_db_file_ = 0x8e0ad28 "HS[\b(0y\b,0y\bXS[\b"
_db_level_ = 137492742
---Type <return> to continue, or q <return> to quit---
_db_framep_ = (char **) 0x0
#28 0x0831fa88 in sp_head::execute (this=0x8e45520, thd=0x8e0ad28) at sp_head.cc:645
i = (sp_instr *) 0x8e464f0
hip = 1075384369
_db_func_ = 0x831fdab "\203Ä \203=TVz\b"
_db_file_ = 0xbe3feb5c "\034ì?¾®Â\026\b Uä\b(à\b"
_db_level_ = 0
_db_framep_ = (char **) 0x8e3f5d4
olddb = "qüf\b\022üf\b\\ê?¾GwT\bÜ\000\000\000Lê?¾Hê?¾Dê?¾", '\0' <repeats 12 times>, "È\037\000\000\004ë?¾\230õã\bèõã\bÝ\002\024\bû\003\031@ô_\031@\\ê?¾èõã\b¨õã\b\\¯à\b|ê?¾ÈK\031\b\004ë?¾\000\000\000\000\234ê?¾7Ì\033\bèõã\b\004ë?¾\234ê?¾\237[2\b"
dbchanged = false
ctx = (sp_rcontext *) 0x8e3f5a8
ret = 0
ip = 0
old_arena = (class Query_arena *) 0x8e0ad34
old_query_id = 12
old_derived_tables = (TABLE *) 0x0
old_lex = (LEX *) 0x8e0ad68
old_change_list = {<base_ilist> = {first = 0x8e0bf4c, last = {_vptr.ilink = 0x85b5588, prev = 0x8e0bf48,
next = 0x0}}, <No data fields>}
old_packet = {Ptr = 0x8e2aaa8 "\003def", str_length = 0, Alloced_length = 16384, alloced = true, str_charset = 0x8788a20}
#29 0x0832008c in sp_head::execute_function (this=0x8e45520, thd=0x8e0ad28, argp=0x0, argcount=0, resp=0xbe3fec44) at sp_head.cc:769
_db_func_ = 0x832346f "\203Ä\020\205Àu\002ë\004ÆEû\001\212Uû\213Eü\210\020\213E\020\2008"
_db_file_ = 0xbe3feb6c ""
_db_level_ = 148942684
_db_framep_ = (char **) 0x1903fb
csize = 0
params = 0
hmax = 0
cmax = 0
octx = (sp_rcontext *) 0x0
nctx = (sp_rcontext *) 0x8e3f5a8
i = 0
ret = 0
call_mem_root = {free = 0x8e3f598, used = 0x0, pre_alloc = 0x0, min_malloc = 32, block_size = 8136, block_num = 5,
first_block_usage = 0, error_handler = 0}
call_arena = {_vptr.Query_arena = 0x85b50e8, free_list = 0x0, mem_root = 0xbe3feb04, is_backup_arena = false,
state = INITIALIZED_FOR_SP}
backup_arena = {_vptr.Query_arena = 0x85b50e8, free_list = 0x8e073d0, mem_root = 0x8e0ad48, is_backup_arena = true,
---Type <return> to continue, or q <return> to quit---
state = CONVENTIONAL_EXECUTION}
#30 0x0816c2ae in Item_func_sp::execute (this=0x8e06c68, itp=0xbe3fec44) at item_func.cc:4851
tmp_disable_binlog__save_options = 2191804928
_db_func_ = 0x81b46a0 "\203Ä\020ÉÃ\220U\211å¸\002"
_db_file_ = 0xbe3fec2c "lì?¾?Å\026\b-\023"
_db_level_ = 148931832
_db_framep_ = (char **) 0x4019140e
thd = (class THD *) 0x8e0ad28
old_client_capabilites = 239237
res = -1
save_in_sub_stmt = false
nsok = 0 '\0'
save_ctx = {changed = false, master_access = 11, db_access = 140627216, priv_user = 0x0,
priv_host = "\033\200\000\000\003\000\000\000ìë?¾ñ÷1\b5\002\000\000Üë?¾Øë?¾Ôë?¾°Éä\b\v\000\000\000Àsà\b\bØä\bDî?¾hjâ\b,ì?¾(",
user = 0x8e0af5c "ȧX\b", host = 0x8e0ad28 "HS[\b(0y\b,0y\bXS[\b",
ip = 0xbe3fec0c ",ì?¾ F\033\bø\204à\b8và\bLì?¾\022À\026\bhlà\bDì?¾lì?¾?Å\026\b-\023"}
#31 0x0816c012 in Item_func_sp::execute (this=0x8e06c68, flp=0x8e06ce4) at item_func.cc:4786
it = (class Item *) 0x1
f = (class Field *) 0xbe3fec5c
#32 0x0816fd78 in Item_func_sp::val_int (this=0x8e06c68) at item_func.h:1338
No locals.
#33 0x08149741 in Item::send (this=0x8e06c68, protocol=0x8e0b724, buffer=0xbe3fed34) at item.cc:3858
nr = 582328088843513084
result = false
type = MYSQL_TYPE_LONG
#34 0x081ba0d8 in select_send::send_data (this=0x8e07628, items=@0x8e0afcc) at sql_class.cc:878
li = {<base_list_iterator> = {list = 0x8e0afcc, el = 0x8e073b8, prev = 0x0, current = 0x0}, <No data fields>}
protocol = (class Protocol *) 0x8e0b724
buff = " \204à\b\022üf\001\214í?¾Ê*\032\b \204à\b\000\000\000\000\v\000\000\000\020Ía\b\001\000\000\000\000\000\000\000Àsà\b0mà\b\000\000\000\001 \204à\bÌí?¾¢ç\024\b \204à\b\000\000\000\000\v\000\000\000\020Ía\b\001\000\000\000\000\000\000\000Àsà\b0mà\b", '\0' <repeats 12 times>, "jÜ\030@ \204à\bH\000\000\001<î?¾³(\033\b \204à\b\000\000\000\000\v\000\000\000\020Ía\b\001\000\000\000\000\000\000\000Àsà\b0mà\b\000\000\000\000\001\000\000\000\\î?)3\rà\bÿÿÿÿÀ\220x\bLî?¾Çu\034\b@Ïv\bDî?¾Äs"...
buffer = {Ptr = 0xbe3fed54 " \204à\b\022üf\001\214í?¾Ê*\032\b \204à\b", str_length = 766, Alloced_length = 766, alloced = false,
str_charset = 0x8788a20}
_db_func_ = 0x81a2fbf "\203Ä\020\213U\b\213E\034\211BD\213U\b\213E\020\211BH\213U\b\212Eÿ\210BN\213U\b\213E\b\203x\b"
_db_file_ = 0xbe3fed5c "\214í?¾Ê*\032\b \204à\b"
_db_level_ = 0
_db_framep_ = (char **) 0x8e08438
item = (class Item *) 0x8e06c68
---Type <return> to continue, or q <return> to quit---
#35 0x08219167 in JOIN::exec (this=0x8e07638) at sql_select.cc:1203
tmp_error = 0
_db_func_ = 0x0
_db_file_ = 0x8e0b064 "\020\204à\b\001"
_db_level_ = 148928056
_db_framep_ = (char **) 0x8e0af5c
curr_join = (JOIN *) 0x0
curr_all_fields = (List<Item> *) 0x8e07638
curr_fields_list = (List<Item> *) 0x8e07628
curr_tmp_table = (TABLE *) 0x82a44a00
#36 0x0821b74e in mysql_select (thd=0x8e0ad28, rref_pointer_array=0x8e0b064, tables=0x0, wild_num=0, fields=@0x8e0afcc, conds=0x0, og_num=0,
order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2191804928, result=0x8e07628, unit=0x8e0ad78, select_lex=0x8e0af5c)
at sql_select.cc:2040
err = false
free_join = true
_db_func_ = 0x813db48 "\203Ä\020\211Eð\211Uôë\016ÇEðÿÿÿÿÇEôÿÿÿÿ\213Eð\213Uô\211Eø\211Uü\213U\b\211Uì\213E\f\203¸\004\001"
_db_file_ = 0xbe3ff17c ""
_db_level_ = 140582735
_db_framep_ = (char **) 0x861220c
join = (JOIN *) 0x8e07638
#37 0x08216175 in handle_select (thd=0x8e0ad28, lex=0x8e0ad68, result=0x8e07628, setup_tables_done_option=0) at sql_select.cc:240
unit = (SELECT_LEX_UNIT *) 0x8e0ad78
res = false
select_lex = (SELECT_LEX *) 0x8e0af5c
_db_func_ = 0x8e0ad28 "HS[\b(0y\b,0y\bXS[\b"
_db_file_ = 0x81e0fd6 "\203Ä \210Eç\200}ç"
_db_level_ = 3191863052
_db_framep_ = (char **) 0x1a0
#38 0x081e11bc in mysql_execute_command (thd=0x8e0ad28) at sql_parse.cc:2425
result = (class select_result *) 0x8e07628
res = false
result = 0
lex = (LEX *) 0x8e0ad68
select_lex = (SELECT_LEX *) 0x8e0af5c
slave_fake_lock = false
fake_prev_lock = (MYSQL_LOCK *) 0x0
first_table = (TABLE_LIST *) 0x0
all_tables = (TABLE_LIST *) 0x0
unit = (SELECT_LEX_UNIT *) 0x8e0ad78
---Type <return> to continue, or q <return> to quit---
_db_func_ = 0x0
_db_file_ = 0x0
_db_level_ = 0
_db_framep_ = (char **) 0xbe3ff6d0
#39 0x081e89d4 in mysql_parse (thd=0x8e0ad28, inBuf=0x8e06bf0 "select f5()", length=11) at sql_parse.cc:5363
lex = (LEX *) 0x8e0ad68
_db_func_ = 0x8795240 "¨Û_\b"
_db_file_ = 0x81df56e "\203Ä \203=TVz\b"
_db_level_ = 3191863740
_db_framep_ = (char **) 0x2c00c
#40 0x081df5ce in dispatch_command (command=COM_QUERY, thd=0x8e0ad28, packet=0x8e22a59 "", packet_length=12) at sql_parse.cc:1674
packet_end = 0x8e06bfb ""
net = (NET *) 0x8e0b494
error = false
_db_func_ = 0x604b58 <Address 0x604b58 out of bounds>
_db_file_ = 0x0
_db_level_ = 136918254
_db_framep_ = (char **) 0xbe3ff9dc
#41 0x081deeb5 in do_command (thd=0x8e0ad28) at sql_parse.cc:1477
packet = 0x8e22a58 "\001"
old_timeout = 30
packet_length = 12
net = (NET *) 0x8e0b494
command = COM_QUERY
_db_func_ = 0x8e0bd90 "ÿÿÿÿ"
_db_file_ = 0x81b83b7 "\203Ä\020ÉÃU\211å\203ì\b\203ì\fÿu\bè\217"
_db_level_ = 3191863804
_db_framep_ = (char **) 0x1010
#42 0x081de0bd in handle_one_connection (arg=0x8e0ad28) at sql_parse.cc:1126
error = 0
net = (NET *) 0x8e0b494
thd = (class THD *) 0x8e0ad28
launch_time = 0
set = {__val = {0 <repeats 32 times>}}
#43 0x4018d54e in pthread_start_thread () from /lib/libpthread.so.0
No symbol table info available.
#44 0x4018d5df in pthread_start_thread_event () from /lib/libpthread.so.0
No symbol table info available.
#45 0x402fab8a in clone () from /lib/libc.so.6
---Type <return> to continue, or q <return> to quit---
No symbol table info available.
(gdb)
[1 Jul 2005 9:00]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/internals/26578
[6 Jul 2005 7:44]
Dmitry Lenev
Fixed in 5.0.9
[6 Jul 2005 7:46]
Dmitry Lenev
We've disabled recursion in stored routines. See bug #11394 for more info.
[8 Jul 2005 18:53]
Jon Stephens
Please do not submit the same bug more than once. An existing bug report already describes this very problem. Even if you feel that your issue is somewhat different, the resolution is likely to be the same. Because of this, we hope you add your comments to the original bug instead. Thank you for your interest in MySQL. Additional info: Duplicate of Bug#11394. Updated 5.0.9 change history to include this bug #.
