[MDEV-17830] Server crashes in Item_null_result::field_type upon SELECT with CHARSET(date) and ROLLUP - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 10.1(EOL), 10.2(EOL)
Fix Version/s: 10.2.24, 10.1.39
Component/s: Stored routines, Temporal Types
Labels:
None

Description

CREATE TABLE t (d DATE) ENGINE=MyISAM;

INSERT INTO t VALUES ('2018-12-12');

SELECT CHARSET(d) AS f FROM t GROUP BY d WITH ROLLUP;

# Cleanup

DROP TABLE t;

10.1 8324e5e84dc
#3 <signal handler called>
#4 0x0000555e4ffb80e7 in Item_null_result::field_type (this=0x7f4408445d98) at /data/src/10.1/sql/item.h:2612
#5 0x0000555e4fedfe23 in Item_ref::field_type (this=0x7f4408444368) at /data/src/10.1/sql/item.h:3939
#6 0x0000555e5018c777 in Item::cmp_type (this=0x7f4408444368) at /data/src/10.1/sql/item.cc:658
#7 0x0000555e4fe83287 in Item::charset_for_protocol (this=0x7f4408444368) at /data/src/10.1/sql/item.h:1374
#8 0x0000555e502110cd in Item_func_charset::val_str (this=0x7f4408443268, str=0x7f4412eecdd0) at /data/src/10.1/sql/item_strfunc.cc:3439
#9 0x0000555e5019bc3f in Item::send (this=0x7f4408443268, protocol=0x7f440a0d5600, buffer=0x7f4412eecdd0) at /data/src/10.1/sql/item.cc:6398
#10 0x0000555e4fe80154 in Protocol::send_result_set_row (this=0x7f440a0d5600, row_items=0x7f4408444298) at /data/src/10.1/sql/protocol.cc:914
#11 0x0000555e4fef881a in select_send::send_data (this=0x7f4408443ba0, items=...) at /data/src/10.1/sql/sql_class.cc:2747
#12 0x0000555e4ffb017f in JOIN::rollup_send_data (this=0x7f4408443bc0, idx=0) at /data/src/10.1/sql/sql_select.cc:24032
#13 0x0000555e4ffa5c62 in end_send_group (join=0x7f4408443bc0, join_tab=0x0, end_of_records=true) at /data/src/10.1/sql/sql_select.cc:19769
#14 0x0000555e4ffa213e in do_select (join=0x7f4408443bc0, fields=0x7f4408443fc0, table=0x0, procedure=0x0) at /data/src/10.1/sql/sql_select.cc:18093
#15 0x0000555e4ff7cbac in JOIN::exec_inner (this=0x7f4408443bc0) at /data/src/10.1/sql/sql_select.cc:3275
#16 0x0000555e4ff79e3d in JOIN::exec (this=0x7f4408443bc0) at /data/src/10.1/sql/sql_select.cc:2562
#17 0x0000555e4ff7d3d3 in mysql_select (thd=0x7f440a0d5070, rref_pointer_array=0x7f440a0d9550, tables=0x7f4408443380, wild_num=0, fields=..., conds=0x0, og_num=1, order=0x0, group=0x7f4408443a88, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7f4408443ba0, unit=0x7f440a0d8ba8, select_lex=0x7f440a0d92a8) at /data/src/10.1/sql/sql_select.cc:3499
#18 0x0000555e4ff72a8c in handle_select (thd=0x7f440a0d5070, lex=0x7f440a0d8ae0, result=0x7f4408443ba0, setup_tables_done_option=0) at /data/src/10.1/sql/sql_select.cc:388
#19 0x0000555e4ff4241b in execute_sqlcom_select (thd=0x7f440a0d5070, all_tables=0x7f4408443380) at /data/src/10.1/sql/sql_parse.cc:5948
#20 0x0000555e4ff387ef in mysql_execute_command (thd=0x7f440a0d5070) at /data/src/10.1/sql/sql_parse.cc:2993
#21 0x0000555e4ff4605f in mysql_parse (thd=0x7f440a0d5070, rawbuf=0x7f4408443088 "SELECT CHARSET(d) AS f FROM t GROUP BY d WITH ROLLUP", length=52, parser_state=0x7f4412eee5e0) at /data/src/10.1/sql/sql_parse.cc:7466
#22 0x0000555e4ff348c0 in dispatch_command (command=COM_QUERY, thd=0x7f440a0d5070, packet=0x7f440cbf9071 "", packet_length=52) at /data/src/10.1/sql/sql_parse.cc:1495
#23 0x0000555e4ff33645 in do_command (thd=0x7f440a0d5070) at /data/src/10.1/sql/sql_parse.cc:1124
#24 0x0000555e5006e194 in do_handle_one_connection (thd_arg=0x7f440a0d5070) at /data/src/10.1/sql/sql_connect.cc:1330
#25 0x0000555e5006def8 in handle_one_connection (arg=0x7f440a0d5070) at /data/src/10.1/sql/sql_connect.cc:1242
#26 0x0000555e5042c15e in pfs_spawn_thread (arg=0x7f4410839ef0) at /data/src/10.1/storage/perfschema/pfs.cc:1861
#27 0x00007f4412b6e494 in start_thread (arg=0x7f4412eefb00) at pthread_create.c:333
#28 0x00007f441114293f in clone () from /lib/x86_64-linux-gnu/libc.so.6

Reproducible on 10.1 and 10.2, debug and non-debug builds, at least MyISAM and Aria.
Not reproducible on 10.3 or 10.4.

Attachments

Issue Links

relates to

MDEV-16190 Server crashes in Item_null_result::field_type on SELECT with time field, ROLLUP and HAVING

Closed

MDEV-19271 CHARSET(column) returns different result with and without ROLLUP

Open

MDEV-22772 Server crashes in Item_null_result::field_type upon query with ROLLUP

Closed

Activity

Ascending order - Click to sort in descending order

Elena Stepanova created issue - 2018-11-25 21:33

Elena Stepanova made changes - 2018-11-26 00:25

Field	Original Value	New Value
Link		This issue relates to ~~MDEV-16190~~ [ ~~MDEV-16190~~ ]

Elena Stepanova made changes - 2018-11-26 00:29

Component/s		Stored routines [ 13905 ]
Component/s		Temporal Types [ 11000 ]
Fix Version/s		10.1 [ 16100 ]
Fix Version/s		10.2 [ 14601 ]
Affects Version/s		10.2 [ 14601 ]
Description	{color:blue}No information yet whether it's reproducible, queued{color} https://travis-ci.org/elenst/travis-tests/jobs/459001243 {noformat:title=10.1 8324e5e84dc786b2d4a07d7798f26ddea239159e} 181124 23:09:26 [ERROR] mysqld got signal 11 ; This could be because you hit a bug. It is also possible that this binary or one of the libraries it was linked against is corrupt, improperly built, or misconfigured. This error can also be caused by malfunctioning hardware. To report this bug, see https://mariadb.com/kb/en/reporting-bugs We will try our best to scrape up some info that will hopefully help diagnose the problem, but since we have already crashed, something is definitely wrong and this may fail. Server version: 10.1.38-MariaDB-debug key_buffer_size=134217728 read_buffer_size=131072 max_used_connections=8 max_threads=153 thread_count=7 It is possible that mysqld could use up to key_buffer_size + (read_buffer_size + sort_buffer_size)max_threads = 467240 K bytes of memory Hope that's ok; if not, decrease some variables in the equation. Thread pointer: 0x55ac9afec750 Attempting backtrace. You can use the following information to find out where mysqld died. If you see no messages after this, something went terribly wrong... stack_bottom = 0x7f1994da9280 thread_stack 0x48400 /home/travis/server/bin/mysqld(my_print_stacktrace+0x38)[0x55ac98625205] /home/travis/server/bin/mysqld(handle_fatal_signal+0x38f)[0x55ac97fc301c] /lib/x86_64-linux-gnu/libpthread.so.0(+0x10330)[0x7f19b9e3d330] sql/item.h:2612(Item_null_result::field_type() const)[0x55ac97dfdb15] sql/item.h:3939(Item_ref::field_type() const)[0x55ac97d25581] sql/item.cc:658(Item::cmp_type() const)[0x55ac97fd8643] sql/item.h:1375(Item::charset_for_protocol() const)[0x55ac97cc87e7] sql/item_strfunc.cc:3439(Item_func_charset::val_str(String))[0x55ac9805c939] sql/item.cc:5904(Item::save_in_field(Field, bool))[0x55ac97fe6091] sql/sql_base.cc:9113(fill_record(THD, TABLE, Field, List<Item>&, bool, bool))[0x55ac97d22e99] sql/sql_base.cc:9161(fill_record_n_invoke_before_triggers(THD, TABLE, Field, List<Item>&, bool, trg_event_type))[0x55ac97d2303a] sql/sql_insert.cc:4358(select_create::store_values(List<Item>&))[0x55ac97d6511f] sql/sql_insert.cc:3690(select_insert::send_data(List<Item>&))[0x55ac97d631f4] sql/sql_select.cc:24032(JOIN::rollup_send_data(unsigned int))[0x55ac97df5c04] sql/sql_select.cc:19769(end_send_group(JOIN, st_join_table, bool))[0x55ac97deb678] sql/sql_select.cc:18093(do_select)[0x55ac97de7b5f] sql/sql_select.cc:3275(JOIN::exec_inner())[0x55ac97dc26b6] sql/sql_select.cc:2563(JOIN::exec())[0x55ac97dbf941] sql/sql_select.cc:3501(mysql_select(THD, Item**, TABLE_LIST, unsigned int, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex))[0x55ac97dc2f1e] sql/sql_select.cc:388(handle_select(THD, LEX, select_result, unsigned long))[0x55ac97db85a1] sql/sql_parse.cc:3457(mysql_execute_command(THD))[0x55ac97d7f400] sql/sql_prepare.cc:4322(Prepared_statement::execute(String, bool))[0x55ac97da6266] sql/sql_prepare.cc:3954(Prepared_statement::execute_loop(String, bool, unsigned char, unsigned char))[0x55ac97da50f6] sql/sql_prepare.cc:3077(mysql_sql_stmt_execute(THD))[0x55ac97da3147] sql/sql_parse.cc:3005(mysql_execute_command(THD))[0x55ac97d7e1ac] sql/sql_parse.cc:7466(mysql_parse(THD, char, unsigned int, Parser_state))[0x55ac97d8b9ee] sql/sql_parse.cc:1497(dispatch_command(enum_server_command, THD, char, unsigned int))[0x55ac97d7a6a3] sql/sql_parse.cc:1124(do_command(THD))[0x55ac97d78fde] sql/sql_connect.cc:1330(do_handle_one_connection(THD*))[0x55ac97eb481a] sql/sql_connect.cc:1243(handle_one_connection)[0x55ac97eb457e] /lib/x86_64-linux-gnu/libpthread.so.0(+0x8184)[0x7f19b9e35184] /lib/x86_64-linux-gnu/libc.so.6(clone+0x6d)[0x7f19b9557ffd] Trying to get some variables. Some pointers may be invalid and cause the dump to abort. Query (0x7f19b4017948): CREATE TEMPORARY TABLE `ps` AS SELECT CHARSET( `col_date_key` ) AS field1, SLEEP( 0 ) AS field2 FROM `view_BB` WHERE CASE ( ( SIN( `col_int_nokey` ) ) MOD ( CHARSET( `col_time_nokey` ) ) ) WHEN ( RADIANS( NULL ) ) THEN 0 ELSE '1992-04-18' END GROUP BY `col_date_key`, ( CASE ( `col_datetime_nokey` BETWEEN 17000 AND ( IS_FREE_LOCK( NULL ) ) ) WHEN NULL THEN ( COS( NULL ) ) ELSE ( SHA1( `col_varchar_nokey` ) ) END ) - `col_int_key` WITH ROLLUP Connection ID (thread ID): 11 Status: NOT_KILLED Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,engine_condition_pushdown=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=off,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=off {noformat} {noformat:title=elenst-dev 0025eb562b9f334c1b80e0be959f1521905575ad} perl ./runall-new.pl --basedir=/home/travis/server --vardir=/home/travis/logs/vardir --duration=350 --threads=6 --seed=1543100820 --reporters=Backtrace,ErrorLog,Deadlock --validators=TransformerNoComparator --views --redefine=conf/mariadb/alter_table.yy --redefine=conf/mariadb/sp.yy --redefine=conf/mariadb/bulk_insert.yy --mysqld=--log_output=FILE --mysqld=--max-statement-time=30 --mysqld=--lock-wait-timeout=10 --mysqld=--loose-innodb-lock-wait-timeout=5 --mysqld=--loose-debug_assert_on_not_freed_memory=0 --mysqld=--default-storage-engine=MyISAM --grammar=conf/mariadb/functions.yy --mysqld=--log_bin_trust_function_creators=1 --mysqld=--default-storage-engine=MyISAM --grammar=conf/mariadb/functions.yy --mysqld=--log-bin --transformers=ExecuteAsDeleteReturning,ExecuteAsInsertSelect,ExecuteAsUnion,ExecuteAsUpdateDelete,ExecuteAsView,ExecuteAsPreparedTwice --redefine=conf/mariadb/general-workarounds.yy {noformat}	{code:sql} CREATE TABLE t (d DATE) ENGINE=MyISAM; INSERT INTO t VALUES ('2018-12-12'); SELECT CHARSET(d) AS f FROM t GROUP BY d WITH ROLLUP; # Cleanup DROP TABLE t; {code} {noformat:title=10.1 8324e5e84dc} #3 <signal handler called> #4 0x0000555e4ffb80e7 in Item_null_result::field_type (this=0x7f4408445d98) at /data/src/10.1/sql/item.h:2612 #5 0x0000555e4fedfe23 in Item_ref::field_type (this=0x7f4408444368) at /data/src/10.1/sql/item.h:3939 #6 0x0000555e5018c777 in Item::cmp_type (this=0x7f4408444368) at /data/src/10.1/sql/item.cc:658 #7 0x0000555e4fe83287 in Item::charset_for_protocol (this=0x7f4408444368) at /data/src/10.1/sql/item.h:1374 #8 0x0000555e502110cd in Item_func_charset::val_str (this=0x7f4408443268, str=0x7f4412eecdd0) at /data/src/10.1/sql/item_strfunc.cc:3439 #9 0x0000555e5019bc3f in Item::send (this=0x7f4408443268, protocol=0x7f440a0d5600, buffer=0x7f4412eecdd0) at /data/src/10.1/sql/item.cc:6398 #10 0x0000555e4fe80154 in Protocol::send_result_set_row (this=0x7f440a0d5600, row_items=0x7f4408444298) at /data/src/10.1/sql/protocol.cc:914 #11 0x0000555e4fef881a in select_send::send_data (this=0x7f4408443ba0, items=...) at /data/src/10.1/sql/sql_class.cc:2747 #12 0x0000555e4ffb017f in JOIN::rollup_send_data (this=0x7f4408443bc0, idx=0) at /data/src/10.1/sql/sql_select.cc:24032 #13 0x0000555e4ffa5c62 in end_send_group (join=0x7f4408443bc0, join_tab=0x0, end_of_records=true) at /data/src/10.1/sql/sql_select.cc:19769 #14 0x0000555e4ffa213e in do_select (join=0x7f4408443bc0, fields=0x7f4408443fc0, table=0x0, procedure=0x0) at /data/src/10.1/sql/sql_select.cc:18093 #15 0x0000555e4ff7cbac in JOIN::exec_inner (this=0x7f4408443bc0) at /data/src/10.1/sql/sql_select.cc:3275 #16 0x0000555e4ff79e3d in JOIN::exec (this=0x7f4408443bc0) at /data/src/10.1/sql/sql_select.cc:2562 #17 0x0000555e4ff7d3d3 in mysql_select (thd=0x7f440a0d5070, rref_pointer_array=0x7f440a0d9550, tables=0x7f4408443380, wild_num=0, fields=..., conds=0x0, og_num=1, order=0x0, group=0x7f4408443a88, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7f4408443ba0, unit=0x7f440a0d8ba8, select_lex=0x7f440a0d92a8) at /data/src/10.1/sql/sql_select.cc:3499 #18 0x0000555e4ff72a8c in handle_select (thd=0x7f440a0d5070, lex=0x7f440a0d8ae0, result=0x7f4408443ba0, setup_tables_done_option=0) at /data/src/10.1/sql/sql_select.cc:388 #19 0x0000555e4ff4241b in execute_sqlcom_select (thd=0x7f440a0d5070, all_tables=0x7f4408443380) at /data/src/10.1/sql/sql_parse.cc:5948 #20 0x0000555e4ff387ef in mysql_execute_command (thd=0x7f440a0d5070) at /data/src/10.1/sql/sql_parse.cc:2993 #21 0x0000555e4ff4605f in mysql_parse (thd=0x7f440a0d5070, rawbuf=0x7f4408443088 "SELECT CHARSET(d) AS f FROM t GROUP BY d WITH ROLLUP", length=52, parser_state=0x7f4412eee5e0) at /data/src/10.1/sql/sql_parse.cc:7466 #22 0x0000555e4ff348c0 in dispatch_command (command=COM_QUERY, thd=0x7f440a0d5070, packet=0x7f440cbf9071 "", packet_length=52) at /data/src/10.1/sql/sql_parse.cc:1495 #23 0x0000555e4ff33645 in do_command (thd=0x7f440a0d5070) at /data/src/10.1/sql/sql_parse.cc:1124 #24 0x0000555e5006e194 in do_handle_one_connection (thd_arg=0x7f440a0d5070) at /data/src/10.1/sql/sql_connect.cc:1330 #25 0x0000555e5006def8 in handle_one_connection (arg=0x7f440a0d5070) at /data/src/10.1/sql/sql_connect.cc:1242 #26 0x0000555e5042c15e in pfs_spawn_thread (arg=0x7f4410839ef0) at /data/src/10.1/storage/perfschema/pfs.cc:1861 #27 0x00007f4412b6e494 in start_thread (arg=0x7f4412eefb00) at pthread_create.c:333 #28 0x00007f441114293f in clone () from /lib/x86_64-linux-gnu/libc.so.6 {noformat} Reproducible on 10.1 and 10.2, debug and non-debug builds, at least MyISAM and Aria. Not reproducible on 10.3 or 10.4.
Summary	[Draft] Server crashes in Item_null_result::field_type	Server crashes in Item_null_result::field_type upon SELECT with CHARSET(date) and ROLLUP

Elena Stepanova made changes - 2018-11-26 00:29

Assignee

Elena Stepanova [ elenst ]

Alexander Barkov [ bar ]

Alexander Barkov made changes - 2019-04-17 15:08

Link

This issue relates to MDEV-19271 [ MDEV-19271 ]

Alexander Barkov made changes - 2019-04-17 16:22

issue.field.resolutiondate

2019-04-17 16:22:28.0

2019-04-17 16:22:28.798

Alexander Barkov made changes - 2019-04-17 16:22

Fix Version/s		10.1.39 [ 23305 ]
Fix Version/s		10.2.24 [ 23308 ]
Fix Version/s	10.2 [ 14601 ]
Fix Version/s	10.1 [ 16100 ]
Resolution		Fixed [ 1 ]
Status	Open [ 1 ]	Closed [ 6 ]

Elena Stepanova made changes - 2020-06-02 01:03

Link

This issue relates to ~~MDEV-22772~~ [ ~~MDEV-22772~~ ]

Sergei Golubchik made changes - 2021-12-06 21:48

Workflow

MariaDB v3 [ 90868 ]

MariaDB v4 [ 155267 ]

People

Assignee:: Alexander Barkov

Reporter:: Elena Stepanova

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2018-11-25 21:33

Updated:: 2020-06-02 01:03

Resolved:: 2019-04-17 16:22

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server