[MDEV-22444] SIGSEGV's in __strlen_avx2, __GI___dl_iterate_phdr, decimal2string, Field_iterator_table::create_item, Item::operator new, Item::real_type (__cxa_pure_virtual) | Assertion `0' failed | UBSAN: execution reached an unreachable program point - Jira

XML

Word

Printable

Details

Type: Bug
Status: Confirmed (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: 10.3, 10.4, 10.5, 10.6, 10.7, 10.8, 10.9, 10.10, 10.11, 11.0
Fix Version/s: 10.4, 10.5, 10.6, 10.11, 11.0, 11.1, 11.2, 11.3, 11.4
Component/s: JSON, Optimizer
Labels:
- UBSAN
- affects-tests
- not-10.1
- not-10.2
- regression

Description

USE test;

SET @@SESSION.optimizer_trace=1;

SET in_predicate_conversion_threshold=2;

CREATE TABLE t1(c1 YEAR);

SELECT * FROM t1 WHERE c1 IN(NOW(),NOW());

Leads to:

10.5.3 f544a712c8a2ef3f3ecba80cb2782b1839fb36ab
Core was generated by `/test/MD010520-mariadb-10.5.3-linux-x86_64-opt/bin/mysqld --no-defaults --core-'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=11)
at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
[Current thread is 1 (Thread 0x7f3014945700 (LWP 2651979))]
(gdb) bt
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=11) at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
#1 0x000056440c77eac7 in my_write_core (sig=sig@entry=11) at /test/10.5_opt/mysys/stacktrace.c:518
#2 0x000056440c1407ca in handle_fatal_signal (sig=11) at /test/10.5_opt/sql/signal_handler.cc:329
#3 <signal handler called>
#4 __strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:62
#5 0x000056440c0819bf in Json_writer::add_str (this=this@entry=0x7f2fe24cc180, str=str@entry=0x0) at /test/10.5_opt/sql/my_json_writer.cc:230
#6 0x000056440bfe5c33 in Json_value_helper::add_str (val=0x0, this=<synthetic pointer>) at /test/10.5_opt/sql/my_json_writer.h:259
#7 Json_writer_object::add (value=0x0, name=0x56440c8ee205 "field", this=<synthetic pointer>) at /test/10.5_opt/sql/my_json_writer.h:428
#8 print_keyuse_array_for_trace (thd=thd@entry=0x7f2fe2412018, keyuse_array=keyuse_array@entry=0x7f2fe2448f48) at /test/10.5_opt/sql/sql_test.cc:669
#9 0x000056440bfa6d0b in make_join_statistics (keyuse_array=0x7f2fe2448f48, tables_list=..., join=0x7f2fe2448c58) at /test/10.5_opt/sql/sql_select.cc:5065
#10 JOIN::optimize_inner (this=this@entry=0x7f2fe2448c58) at /test/10.5_opt/sql/sql_select.cc:2260
#11 0x000056440bfa7a7b in JOIN::optimize (this=this@entry=0x7f2fe2448c58) at /test/10.5_opt/sql/sql_select.cc:1606
#12 0x000056440bfa7b81 in mysql_select (thd=thd@entry=0x7f2fe2412018, tables=0x7f2fe24476e0, fields=..., conds=0x7f2fe2448148, og_num=<optimized out>, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7f2fe2448c30, unit=0x7f2fe2415e68, select_lex=0x7f2fe24470e8) at /test/10.5_opt/sql/sql_select.cc:4655
#13 0x000056440bfa8591 in handle_select (thd=thd@entry=0x7f2fe2412018, lex=lex@entry=0x7f2fe2415da0, result=result@entry=0x7f2fe2448c30, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.5_opt/sql/sql_select.cc:417
#14 0x000056440bf4f171 in execute_sqlcom_select (thd=thd@entry=0x7f2fe2412018, all_tables=0x7f2fe24476e0) at /test/10.5_opt/sql/sql_parse.cc:6172
#15 0x000056440bf4b092 in mysql_execute_command (thd=thd@entry=0x7f2fe2412018) at /test/10.5_opt/sql/sql_parse.cc:3901
#16 0x000056440bf5222c in mysql_parse (thd=0x7f2fe2412018, rawbuf=<optimized out>, length=41, parser_state=0x7f30149444d0, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /test/10.5_opt/sql/sql_parse.cc:7957
#17 0x000056440bf47855 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x7f2fe2412018, packet=packet@entry=0x7f2fe243a019 "SELECT * FROM t1 WHERE c1 IN(NOW(),NOW())", packet_length=packet_length@entry=41, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_opt/sql/sql_parse.cc:1839
#18 0x000056440bf45ae6 in do_command (thd=0x7f2fe2412018) at /test/10.5_opt/sql/sql_parse.cc:1358
#19 0x000056440c03a29e in do_handle_one_connection (connect=<optimized out>, connect@entry=0x7f30124329b8, put_in_cache=put_in_cache@entry=true) at /test/10.5_opt/sql/sql_connect.cc:1422
#20 0x000056440c03a444 in handle_one_connection (arg=arg@entry=0x7f30124329b8) at /test/10.5_opt/sql/sql_connect.cc:1319
#21 0x000056440c3a653a in pfs_spawn_thread (arg=0x7f301244b018) at /test/10.5_opt/storage/perfschema/pfs.cc:2201
#22 0x00007f3013d6c6db in start_thread (arg=0x7f3014945700) at pthread_create.c:463
#23 0x00007f301316a88f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Bug confirmed present in:
MariaDB: 10.3.23 (dbg), 10.3.23 (opt), 10.4.13 (dbg), 10.4.13 (opt), 10.5.2 (dbg), 10.5.2 (opt), 10.5.3 (dbg), 10.5.3 (opt)

Bug confirmed not present in:
MariaDB: 10.1.45 (dbg), 10.1.45 (opt), 10.2.32 (dbg), 10.2.32 (opt)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.47 (dbg), 5.6.47 (opt), 5.7.29 (dbg), 5.7.29 (opt), 8.0.19 (dbg), 8.0.19 (opt)

Both optimizer_trace and in_predicate_conversion_threshold are unknown variables in 10.2.32, so the testcase does not work there.

Attachments

Issue Links

relates to

MDEV-22716 Assertion `0' failed in Type_handler_row::subquery_type_allows_materialization

Confirmed

Activity

People

Assignee:: Igor Babaev

Reporter:: Roel Van de Paar

Votes:: 1 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 2020-05-04 06:35

Updated:: 2024-03-27 11:21

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.