Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
10.2(EOL), 10.3(EOL), 10.4(EOL), 10.5
Description
This testcase:
SET @@SESSION.max_sort_length=2000000;
|
USE INFORMATION_SCHEMA;
|
SELECT * FROM tables t JOIN columns c ON t.table_schema=c.table_schema WHERE c.table_schema=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.columns GROUP BY column_type) GROUP BY t.table_name;
|
Leads to:
Core was generated by `/data/MD140320-mariadb-10.4.13-linux-x86_64-opt/bin/mysqld --no-defaults --core'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=11)
|
at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
|
57 ../sysdeps/unix/sysv/linux/pthread_kill.c: No such file or directory.
|
[Current thread is 1 (Thread 0x7f2ebdbde700 (LWP 18246))]
|
(gdb) bt
|
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=11)
|
at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
|
#1 0x000055e9e382a987 in my_write_core (sig=sig@entry=11) at /data/git/10.4_opt/mysys/stacktrace.c:481
|
#2 0x000055e9e329de3a in handle_fatal_signal (sig=11) at /data/git/10.4_opt/sql/signal_handler.cc:343
|
#3 <signal handler called>
|
#4 0x000055e9e30ca011 in next_breadth_first_tab (tab=0x7f2e76cf7800, n_top_tabs_count=2,
|
first_top_tab=0x7f2e76cf70b0) at /data/git/10.4_opt/sql/sql_select.cc:9921
|
#5 JOIN::cleanup (this=this@entry=0x7f2e76c516b0, full=full@entry=true)
|
at /data/git/10.4_opt/sql/sql_select.cc:13766
|
#6 0x000055e9e30ca6f6 in JOIN::destroy (this=0x7f2e76c516b0) at /data/git/10.4_opt/sql/sql_select.cc:4481
|
#7 0x000055e9e312a4d8 in st_select_lex::cleanup (this=this@entry=0x7f2e76c3f208)
|
at /data/git/10.4_opt/sql/sql_union.cc:2070
|
#8 0x000055e9e30e3392 in mysql_select (thd=thd@entry=0x7f2e76c12008, tables=0x7f2e76c3f7d8, wild_num=1,
|
fields=..., conds=<optimized out>, og_num=1, order=0x0, group=0x7f2e76c42f88, having=0x0,
|
proc_param=0x0, select_options=2684619520, result=0x7f2e76c51688, unit=0x7f2e76c15d70,
|
select_lex=0x7f2e76c3f208) at /data/git/10.4_opt/sql/sql_select.cc:4688
|
#9 0x000055e9e30e35a1 in handle_select (thd=thd@entry=0x7f2e76c12008, lex=lex@entry=0x7f2e76c15cb0,
|
result=result@entry=0x7f2e76c51688, setup_tables_done_option=setup_tables_done_option@entry=0)
|
at /data/git/10.4_opt/sql/sql_select.cc:410
|
#10 0x000055e9e307f681 in execute_sqlcom_select (thd=thd@entry=0x7f2e76c12008, all_tables=0x7f2e76c3f7d8)
|
at /data/git/10.4_opt/sql/sql_parse.cc:6359
|
#11 0x000055e9e3088747 in mysql_execute_command (thd=thd@entry=0x7f2e76c12008)
|
at /data/git/10.4_opt/sql/sql_parse.cc:3898
|
#12 0x000055e9e308f37a in mysql_parse (thd=thd@entry=0x7f2e76c12008, rawbuf=<optimized out>, length=184,
|
parser_state=parser_state@entry=0x7f2ebdbdd140, is_com_multi=is_com_multi@entry=false,
|
is_next_command=is_next_command@entry=false) at /data/git/10.4_opt/sql/sql_parse.cc:7900
|
#13 0x000055e9e3091939 in dispatch_command (command=command@entry=COM_QUERY,
|
thd=thd@entry=0x7f2e76c12008,
|
packet=packet@entry=0x7f2e76c32009 "SELECT * FROM tables t JOIN columns c ON t.table_schema=c.table_schema WHERE c.table_schema=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.columns GROUP BY column_type) GROUP BY t.table_name", packet_length=packet_length@entry=184, is_com_multi=is_com_multi@entry=false,
|
is_next_command=is_next_command@entry=false) at /data/git/10.4_opt/sql/sql_parse.cc:1841
|
#14 0x000055e9e3093220 in do_command (thd=0x7f2e76c12008) at /data/git/10.4_opt/sql/sql_parse.cc:1359
|
#15 0x000055e9e316fb2e in do_handle_one_connection (connect=connect@entry=0x7f2ebac31748)
|
at /data/git/10.4_opt/sql/sql_connect.cc:1412
|
#16 0x000055e9e316fbed in handle_one_connection (arg=0x7f2ebac31748)
|
at /data/git/10.4_opt/sql/sql_connect.cc:1316
|
#17 0x00007f2ebcb676db in start_thread (arg=0x7f2ebdbde700) at pthread_create.c:463
|
#18 0x00007f2ebb80d88f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
Bug confirmed present in:
MariaDB: 10.2.32 (dbg), 10.2.32 (opt), 10.3.23 (dbg), 10.3.23 (opt), 10.4.13 (dbg), 10.4.13 (opt), 10.5.2 (dbg), 10.5.2 (opt)
Bug confirmed not present in:
MariaDB: 10.1.45 (dbg), 10.1.45 (opt)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.47 (dbg), 5.6.47 (opt), 5.7.29 (dbg), 5.7.29 (opt), 8.0.19 (dbg), 8.0.19 (opt)
A few observations;
- Lowering the SESSION.max_sort_length stops the bug from occurring.
10.4.13>SET @@SESSION.max_sort_length=200000; # <- one less zero
|
Query OK, 0 rows affected (0.000 sec)
|
10.4.13>USE INFORMATION_SCHEMA;
|
Database changed
|
10.4.13>SELECT * FROM tables t JOIN columns c ON t.table_schema=c.table_schema WHERE c.table_schema=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.columns GROUP BY column_type) GROUP BY t.table_name;
|
ERROR 1242 (21000): Subquery returns more than 1 row
|
 |
10.4.13>SET @@SESSION.max_sort_length=2000000;
|
Query OK, 0 rows affected (0.000 sec)
|
10.4.13>SELECT * FROM tables t JOIN columns c ON t.table_schema=c.table_schema WHERE c.table_schema=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.columns GROUP BY column_type) GROUP BY t.table_name;
|
ERROR 2013 (HY000): Lost connection to MySQL server during query
|
- Removing the second GROUP BY stops this bug from occurring:
10.4.13>SET @@SESSION.max_sort_length=2000000;
|
Query OK, 0 rows affected (0.000 sec)
|
10.4.13>USE INFORMATION_SCHEMA;
|
Database changed
|
10.4.13>SELECT * FROM tables t JOIN columns c ON t.table_schema=c.table_schema WHERE c.table_schema=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.columns GROUP BY column_type);
|
ERROR 1038 (HY001): Out of sort memory, consider increasing server sort buffer size
|