Bug #58701 crash in Field::make_field, cursor-protocol
Submitted: 3 Dec 2010 15:03 Modified: 18 Mar 2011 14:55
Reporter: Matthias Leich Email Updates:
Status: Duplicate Impact on me:
None 
Category:MySQL Server: Prepared statements Severity:S3 (Non-critical)
Version:5.5.8,5.6.1-m5-debug-log OS:Any
Assigned to: CPU Architecture:Any
Tags: crash

[3 Dec 2010 15:03] Matthias Leich
Description:
The crash happens in sql/field.cc:1554
void Field::make_field(Send_field *field)
{
  if (orig_table && orig_table->s->db.str && *orig_table->s->db.str) <---
  {
    field->db_name= orig_table->s->db.str;
    if (orig_table->pos_in_table_list &&
        orig_table->pos_in_table_list->schema_table)
      field->org_table_name= (orig_table->pos_in_table_list->
                              schema_table->table_name);
    else
      field->org_table_name= orig_table->s->table_name.str;
  }

Result on mysql-trunk-stage revno: 3209 2010-11-30
--------------------------------------------------
...
101203 17:31:14 - mysqld got signal 11 ;
...
Thread 1 (Thread 19095):
#0  0x00007fdad02d45ec in pthread_kill ()
    from /lib64/libpthread.so.0
#1  0x0000000000b0b690 in my_write_core (sig=11)
    at mysys/stacktrace.c:330
#2  0x000000000058b622 in handle_segfault (sig=11)
    at sql/mysqld.cc:2511
#3  <signal handler called>
#4  0x0000000000750da2 in Field::make_field
    (this=0x1b52380, field=0x7fdad0554b10)
    at sql/field.cc:1554
#5  0x0000000000751341 in Field_num::make_field
    (this=0x1b52380, field=0x7fdad0554b10)
    at sql/field.cc:1689
#6  0x0000000000792e5e in Item_field::make_field
    (this=0x1b52650, tmp_field=0x7fdad0554b10)
    at sql/item.cc:5379
#7  0x000000000059d0d2 in Protocol::send_result_set_metadata
    (this=0x1bf3548, list=0x1bf4d00, flags=1)
    at sql/protocol.cc:702
#8  0x00000000005e7597 in select_send::send_result_set_metadata 
    (this=0x1bf3528, list=..., flags=1)
    at sql/sql_class.cc:1735
#9  0x0000000000630cfb in Select_fetch_protocol_binary::send_result_set_metadata
    (this=0x1bf3528, list=..., flags=1)
    at sql/sql_prepare.cc:2894
#10 0x00000000008713dc in Materialized_cursor::open
    (this=0x1bf4660, join=0x0) 
    at sql/sql_cursor.cc:278
#11 0x0000000000870e20 in mysql_open_cursor
    (thd=0x1ba6db0, result=0x1bf3528, pcursor=0x1bf3588)
    at sql/sql_cursor.cc:146
#12 0x0000000000632df3 in Prepared_statement::execute
    (this=0x1bf34a0, expanded_query=0x7fdad0555030, open_cursor=true)
    at sql/sql_prepare.cc:3755
#13 0x0000000000631f63 in Prepared_statement::execute_loop
    (this=0x1bf34a0, expanded_query=0x7fdad0555030, open_cursor=true,
     packet=0x1bfce7a "", packet_end=0x1bfce7a "")
    at sql/sql_prepare.cc:3425
#14 0x0000000000630108 in mysqld_stmt_execute
    (thd=0x1ba6db0, packet_arg=0x1bfce71 "", packet_length=9)
    at sql/sql_prepare.cc:2574
#15 0x0000000000611978 in dispatch_command
    (command=COM_STMT_EXECUTE, thd=0x1ba6db0, packet=0x1bfce71 "", 
     packet_length=9)
    at sql/sql_parse.cc:1024
#16 0x0000000000611215 in do_command (thd=0x1ba6db0)
    at sql/sql_parse.cc:812
#17 0x00000000006f164a in do_handle_one_connection (thd_arg=0x1ba6db0)
    at sql/sql_connect.cc:745
#18 0x00000000006f1484 in handle_one_connection (arg=0x1ba6db0)
    at sql/sql_connect.cc:684
#19 0x0000000000a46128 in pfs_spawn_thread (arg=0x1bd7910)
    at storage/perfschema/pfs.cc:1360
#20 0x00007fdad02cea4f in start_thread () from /lib64/libpthread.so.0
#21 0x00007fdacf38182d in clone () from /lib64/libc.so.6
#22 0x0000000000000000 in ?? ()

I have seen this crash in Field::make_field several times
when running some of our existing tests with the MTR option
"--cursor-protocol".
Here we have a
   select * from (select 1 union select 2) a;
in other tests it's a rather simple select on the information_schema
with the table direct assigned (no "from (....)") and without "union.

This bug might be a duplicate of
http://bugs.mysql.com/bug.php?id=56115 .
The main difference is that we do not need an
information_schema table here.

How to repeat:
Content of t/ml101:test:
select * from (select 1 union select 2) a;

Run
./mysql-test-run.pl  --cursor-protocol --skip-ndb ml101
[3 Dec 2010 16:24] Valeriy Kravchuk
I can not repeat this on Mac OS X with mysql-trunk tree having revno 3205. It can be a recent regression...
[15 Dec 2010 13:29] Sveta Smirnova
Thank you for the report.

I can not repeat described behavior too. Which tree do you use? How did you compile it?
[15 Dec 2010 13:49] Matthias Leich
I cloned the tree mysql-trunk-stage.
The lastest modification was revno: 3209 2010-11-30.
Compile from source was via
   ./BUILD/compile-pentium64-debug-max

My environment:
- Intel Core2Duo
- OpenSuSE Linux 11.3 64 Bit

If you want I can try on another tree or pull the
latest changes into my mysql-trunk-stage.
[15 Dec 2010 19:45] Sveta Smirnova
Thank you for the feedback.

I can not repeat described behavior on RedHat Linux with trunk-stage too, but in my case revision is 3210 which is merge from trunk. Please try with this revision and inform us if mysqld still crashes for you.
[22 Dec 2010 14:21] MySQL Verification Team
I get this too:

Version: '5.5.8-log'  socket: ''  port: 3306  MySQL Community Server (GPL)
101222 16:23:40 - mysqld got exception 0xc0000005 ;
mysqld.exe!Field::make_field()[field.cc:1555]
mysqld.exe!Field_num::make_field()[field.cc:1691]
mysqld.exe!Item_field::make_field()[item.cc:5282]
mysqld.exe!Protocol::send_result_set_metadata()[protocol.cc:705]
mysqld.exe!select_send::send_result_set_metadata()[sql_class.cc:1770]
mysqld.exe!Select_fetch_protocol_binary::send_result_set_metadata()[sql_prepare.cc:2894]
mysqld.exe!Materialized_cursor::open()[sql_cursor.cc:278]
mysqld.exe!mysql_open_cursor()[sql_cursor.cc:145]
mysqld.exe!Prepared_statement::execute()[sql_prepare.cc:3760]
mysqld.exe!Prepared_statement::execute_loop()[sql_prepare.cc:3430]
mysqld.exe!mysqld_stmt_execute()[sql_prepare.cc:2574]
mysqld.exe!THD::set_query_id()[sql_class.cc:3479]
mysqld.exe!dispatch_command()[sql_parse.cc:985]
mysqld.exe!do_command()[sql_parse.cc:772]
mysqld.exe!do_handle_one_connection()[sql_connect.cc:745]
mysqld.exe!handle_one_connection()[sql_connect.cc:684]
mysqld.exe!pthread_start()[my_winthread.c:61]
mysqld.exe!_callthreadstartex()[threadex.c:348]
mysqld.exe!_threadstartex()[threadex.c:326]
kernel32.dll!FlsSetValue()
t some variables.
s may be invalid and cause the dump to abort...
t 0E15DA58=select * from `t15` limit 1

table t15 is defined like this:
Create Table: CREATE TABLE `t15` (
  `a15` int(10) unsigned zerofill NOT NULL,
  `col36` double unsigned DEFAULT NULL,
  `col38` datetime DEFAULT NULL,
  `col39` polygon DEFAULT NULL,
  `col40` double unsigned zerofill DEFAULT NULL
) ENGINE=MyISAM DEFAULT CHARSET=latin1 MIN_ROWS=9019986
1 row in set (0.22 sec)
[23 Dec 2010 11:26] Matthias Leich
I get the same crash with:
--------------------------
5.6.1-m5-debug-log
mysql-trunk-bugfixing revno: 3469 2010-12-22 

5.6.1-m5-debug-log
mysql-trunk-stage revno: 3469 Wed 2010-12-22
[26 Dec 2010 20:39] Valeriy Kravchuk
I still can not repeat this on Mac OS X with recent trees. Looks like test on OpenSuSE or on Windows is needed.
[18 Mar 2011 14:55] Alexander Nozdrin
It's a duplicate of Bug#56115.