Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-13064

Server crashes in Item_func_plus::int_op or assertion `n < m_size' fails in sql_array.h

    XMLWordPrintable

Details

    Description

      create table t1 (i int) engine=MyISAM; 
      insert into t1 value (1),(2);
      SELECT count(*)+sleep(0) FROM t1;
      

      10.2 7a12894de debug

      mysqld: /data/src/10.2-bug/sql/sql_array.h:64: Element_type& Bounds_checked_array<Element_type>::operator[](size_t) [with Element_type = Item*; size_t = long unsigned int]: Assertion `n < m_size' failed.
      170613  2:32:59 [ERROR] mysqld got signal 6 ;
       
      #7  0x00007fa9cee89ee2 in __assert_fail () from /lib/x86_64-linux-gnu/libc.so.6
      #8  0x000056547ac2246d in Bounds_checked_array<Item*>::operator[] (this=0x7fa9c9178d10, n=2) at /data/src/10.2-bug/sql/sql_array.h:64
      #9  0x000056547af056d7 in Item::split_sum_func2 (this=0x7fa9b80126b0, thd=0x7fa9b8000b00, ref_pointer_array=..., fields=..., ref=0x7fa9b8012808, split_flags=3) at /data/src/10.2-bug/sql/item.cc:1974
      #10 0x000056547af638a4 in Item_func::split_sum_func (this=0x7fa9b8012770, thd=0x7fa9b8000b00, ref_pointer_array=..., fields=..., flags=2) at /data/src/10.2-bug/sql/item_func.cc:442
      #11 0x000056547ac19ea7 in setup_fields (thd=0x7fa9b8000b00, ref_pointer_array=..., fields=..., mark_used_columns=MARK_COLUMNS_READ, sum_func_list=0x7fa9b80132e8, allow_sum_func=true) at /data/src/10.2-bug/sql/sql_base.cc:7074
      #12 0x000056547acbf38c in JOIN::prepare (this=0x7fa9b8012fd0, tables_init=0x7fa9b80128c0, wild_num=0, conds_init=0x0, og_num=0, order_init=0x0, skip_order_by=false, group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x7fa9b8004d18, unit_arg=0x7fa9b80045e0) at /data/src/10.2-bug/sql/sql_select.cc:806
      #13 0x000056547acc9647 in mysql_select (thd=0x7fa9b8000b00, tables=0x7fa9b80128c0, wild_num=0, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7fa9b8012fb0, unit=0x7fa9b80045e0, select_lex=0x7fa9b8004d18) at /data/src/10.2-bug/sql/sql_select.cc:3646
      #14 0x000056547acbe072 in handle_select (thd=0x7fa9b8000b00, lex=0x7fa9b8004518, result=0x7fa9b8012fb0, setup_tables_done_option=0) at /data/src/10.2-bug/sql/sql_select.cc:373
      #15 0x000056547ac8a379 in execute_sqlcom_select (thd=0x7fa9b8000b00, all_tables=0x7fa9b80128c0) at /data/src/10.2-bug/sql/sql_parse.cc:6433
      #16 0x000056547ac803b8 in mysql_execute_command (thd=0x7fa9b8000b00) at /data/src/10.2-bug/sql/sql_parse.cc:3448
      #17 0x000056547ac8dd4c in mysql_parse (thd=0x7fa9b8000b00, rawbuf=0x7fa9b8012368 "SELECT count(*)+sleep(0) FROM t1", length=32, parser_state=0x7fa9c917a200, is_com_multi=false, is_next_command=false) at /data/src/10.2-bug/sql/sql_parse.cc:7870
      #18 0x000056547ac7be24 in dispatch_command (command=COM_QUERY, thd=0x7fa9b8000b00, packet=0x7fa9b80df981 "SELECT count(*)+sleep(0) FROM t1", packet_length=32, is_com_multi=false, is_next_command=false) at /data/src/10.2-bug/sql/sql_parse.cc:1812
      #19 0x000056547ac7a794 in do_command (thd=0x7fa9b8000b00) at /data/src/10.2-bug/sql/sql_parse.cc:1362
      #20 0x000056547adc5a79 in do_handle_one_connection (connect=0x56547e201d00) at /data/src/10.2-bug/sql/sql_connect.cc:1354
      #21 0x000056547adc5806 in handle_one_connection (arg=0x56547e201d00) at /data/src/10.2-bug/sql/sql_connect.cc:1260
      #22 0x000056547b1e00d8 in pfs_spawn_thread (arg=0x56547e148080) at /data/src/10.2-bug/storage/perfschema/pfs.cc:1862
      #23 0x00007fa9d0dce494 in start_thread (arg=0x7fa9c917b700) at pthread_create.c:333
      #24 0x00007fa9cef4693f in clone () from /lib/x86_64-linux-gnu/libc.so.6
      

      10.2 7a12894de non-debug

      #2  <signal handler called>
      #3  0x00007faff0011950 in ?? ()
      #4  0x000055efa4d5ac5c in Item_func_plus::int_op (this=0x7faff000f3b8) at /data/src/10.2/sql/item_func.cc:1297
      #5  0x000055efa4d5827c in Item_func_hybrid_field_type::val_int (this=0x7faff000f3b8) at /data/src/10.2/sql/item_func.cc:937
      #6  0x000055efa4d0b3f4 in Item::send (this=0x7faff000f3b8, protocol=0x7faff0000eb8, buffer=0x7fb00d1e01e0) at /data/src/10.2/sql/item.cc:6924
      #7  0x000055efa4af3a98 in Protocol::send_result_set_row (this=this@entry=0x7faff0000eb8, row_items=row_items@entry=0x7faff000ffc0) at /data/src/10.2/sql/protocol.cc:979
      #8  0x000055efa4b47a32 in select_send::send_data (this=0x7faff000fbf8, items=...) at /data/src/10.2/sql/sql_class.cc:2762
      #9  0x000055efa4bbe19c in end_send_group (join=0x7faff000fc18, join_tab=<optimized out>, end_of_records=<optimized out>) at /data/src/10.2/sql/sql_select.cc:19799
      #10 0x000055efa4bc6e26 in do_select (procedure=<optimized out>, join=0x7faff000fc18) at /data/src/10.2/sql/sql_select.cc:18034
      #11 JOIN::exec_inner (this=this@entry=0x7faff000fc18) at /data/src/10.2/sql/sql_select.cc:3473
      #12 0x000055efa4bc71a9 in JOIN::exec (this=this@entry=0x7faff000fc18) at /data/src/10.2/sql/sql_select.cc:3274
      #13 0x000055efa4bc72eb in mysql_select (thd=thd@entry=0x7faff00009a8, tables=0x7faff000f508, wild_num=0, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7faff000fbf8, unit=0x7faff0004348, select_lex=0x7faff0004a80) at /data/src/10.2/sql/sql_select.cc:3668
      #14 0x000055efa4bc7ce6 in handle_select (thd=thd@entry=0x7faff00009a8, lex=lex@entry=0x7faff0004280, result=result@entry=0x7faff000fbf8, setup_tables_done_option=setup_tables_done_option@entry=0) at /data/src/10.2/sql/sql_select.cc:373
      #15 0x000055efa4b6af56 in execute_sqlcom_select (thd=0x7faff00009a8, all_tables=0x7faff000f508) at /data/src/10.2/sql/sql_parse.cc:6433
      #16 0x000055efa4b77164 in mysql_execute_command (thd=0x7faff00009a8) at /data/src/10.2/sql/sql_parse.cc:3448
      #17 0x000055efa4b7a4aa in mysql_parse (thd=0x7faff00009a8, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /data/src/10.2/sql/sql_parse.cc:7870
      #18 0x000055efa4b7d7ac in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x7faff00009a8, packet=packet@entry=0x7faff0006c09 "", packet_length=packet_length@entry=32, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /data/src/10.2/sql/sql_parse.cc:1812
      #19 0x000055efa4b7e0d7 in do_command (thd=0x7faff00009a8) at /data/src/10.2/sql/sql_parse.cc:1362
      #20 0x000055efa4c416c4 in do_handle_one_connection (connect=connect@entry=0x55efa8158568) at /data/src/10.2/sql/sql_connect.cc:1354
      #21 0x000055efa4c41864 in handle_one_connection (arg=arg@entry=0x55efa8158568) at /data/src/10.2/sql/sql_connect.cc:1260
      #22 0x000055efa4efa264 in pfs_spawn_thread (arg=0x55efa810db88) at /data/src/10.2/storage/perfschema/pfs.cc:1862
      #23 0x00007fb014d68494 in start_thread (arg=0x7fb00d1e3700) at pthread_create.c:333
      #24 0x00007fb012ee093f in clone () from /lib/x86_64-linux-gnu/libc.so.6
      

      rpl-tokudb.rpl_parallel_tokudb test fails in MTR on the same reason:
      https://internal.askmonty.org/buildbot/builders/kvm-deb-wheezy-amd64/builds/9165/steps/mtr/logs/stdio

      Apparently it was introduced by this commit:

      commit 7a12894de11ab04b93c9e96359008386b3b41cbb
      Author: Igor Babaev <igor@askmonty.org>
      Date:   Sat Jun 10 16:39:39 2017 -0700
       
          Fixed the bug mdev12992.
      

      Attachments

        Activity

          People

            igor Igor Babaev
            elenst Elena Stepanova
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.