Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
10.5, 10.6, 10.5.2, 10.1(EOL), 10.2(EOL), 10.3(EOL), 10.4(EOL)
-
None
-
Ubuntu 18.04
Description
We found an assertion fail that crash debug version of MariaDB.
POC:
—
CREATE TABLE v0 ( v1 INT ) ; |
INSERT INTO v0 ( v1 ) VALUES ( 9 ) ; |
UPDATE v0 SET v1 = 2 WHERE v1 IN ( SELECT v1 WHERE v1 = v1 OR ( v1 = -1 AND v1 = 28 ) ) ; |
INSERT INTO v0 ( v1 ) VALUES ( 60 ) , ( 0 ) ; |
SELECT RANK ( v1 ) OVER w , STD ( v1 ) OVER w FROM v0 WINDOW v2 AS ( PARTITION BY v1 ORDER BY v1 * 0 ) ; |
—
Stack dump:
—
mysqld: /home/mysql/mariadb/sql/item_subselect.cc:2273: bool Item_in_subselect::create_single_in_to_exists_cond(JOIN *, Item **, Item **): Assertion `false' failed.
|
200505 4:51:20 [ERROR] mysqld got signal 6 ;
|
This could be because you hit a bug. It is also possible that this binary
|
or one of the libraries it was linked against is corrupt, improperly built,
|
or misconfigured. This error can also be caused by malfunctioning hardware.
|
|
|
To report this bug, see https://mariadb.com/kb/en/reporting-bugs
|
|
|
We will try our best to scrape up some info that will hopefully help
|
diagnose the problem, but since we have already crashed,
|
something is definitely wrong and this may fail.
|
|
|
Server version: 10.5.3-MariaDB-debug
|
key_buffer_size=134217728
|
read_buffer_size=131072
|
max_used_connections=2
|
max_threads=153
|
thread_count=3
|
It is possible that mysqld could use up to
|
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 467925 K bytes of memory
|
Hope that's ok; if not, decrease some variables in the equation.
|
|
|
Thread pointer: 0x7f971c000d78
|
Attempting backtrace. You can use the following information to find out
|
where mysqld died. If you see no messages after this, something went
|
terribly wrong...
|
stack_bottom = 0x7f9754ef4dc0 thread_stack 0x49000
|
fil/fil0fil.cc:3410(fil_ibd_discover(unsigned long, Datafile&))[0x32d4681]
|
sql/multi_range_read.cc:764(Mrr_ordered_index_reader::refill_buffer(bool))[0x13c0898]
|
??:0(__restore_rt)[0x7f976f537890]
|
linux/raise.c:51(__GI_raise)[0x7f976d1e9e97]
|
stdlib/abort.c:81(__GI_abort)[0x7f976d1eb801]
|
assert/assert.c:89(__assert_fail_base)[0x7f976d1db39a]
|
??:0(__assert_fail)[0x7f976d1db412]
|
sql/sql_alloc.h:39(ORAparse(THD*))[0x16a471f]
|
sql/threadpool_common.cc:313(threadpool_process_request(THD*))[0x16af6d1]
|
sql/sql_select.cc:28467(test_if_cheaper_ordering(st_join_table const*, st_order*, TABLE*, Bitmap<64u>, int, unsigned long long, int*, int*, unsigned long long*, unsigned int*, unsigned int*))[0x10075cc]
|
sql/slave.cc:1868(is_network_error(unsigned int))[0xafc690]
|
sql/log_event.h:2752(rpl_master_has_bug(Relay_log_info const*, unsigned int, bool, bool (*)(void const*), void const*))[0xb14a50]
|
sql/slave.cc:2446(get_master_version_and_clock(st_mysql*, Master_info*))[0xafc436]
|
/usr/local/mysql/bin/mysqld(_ZN13st_select_lex31optimize_unflattened_subqueriesEb+0xa29)[0x97e7b9]
|
sql/sql_lex.cc:4541(fix_prepare_info_in_table_list(THD*, TABLE_LIST*))[0xd7d4f0]
|
handler/ha_innodb.cc:19256(__cxx_global_var_init.1268)[0xa254ef]
|
sql/sys_vars.ic:627(Sys_var_charptr_fscs::Sys_var_charptr(char const*, char const, int, long, unsigned long, CMD_LINE, char const, PolyLock*, sys_var::binlog_status_enum, bool (*)(PolyLock**, THD*, set_var*), bool (*)(sys_var::binlog_status_enum, THD, enum_var_type), char const))[0xa07b70]
|
sql/set_var.h:258(_GLOBAL__sub_I_sys_vars.cc)[0x9fd70e]
|
sql/sys_vars.cc:5730(__cxx_global_var_init.1236)[0xa099cb]
|
sql/item.h:4563(Item_empty_string::Item_empty_string(THD*, char const*, unsigned int, charset_info_st const*))[0xedb6d1]
|
sql/item.h:746(show_binlog_info_get_fields(THD*, List<Item>*))[0xedaec1]
|
gcalc_slicescan.cc:0(__afl_fork_wait_loop)[0x1e8dfc6]
|
nptl/pthread_create.c:463(start_thread)[0x7f976f52c6db]
|
x86_64/clone.S:97(clone)[0x7f976d2cc88f]
|
|
|
Trying to get some variables.
|
Some pointers may be invalid and cause the dump to abort.
|
Query (0x7f971c015054): UPDATE v0 SET v1 = 2 WHERE v1 IN ( SELECT v1 WHERE v1 = v1 OR ( v1 = -1 AND v1 = 28 ) )
|
Connection ID (thread ID): 2868
|
Status: NOT_KILLED
|
|
|
Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,engine_condition_pushdown=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on,not_null_range_scan=off
|
|
|
The manual page at http://dev.mysql.com/doc/mysql/en/crashing.html contains
|
information that should help you find out what is causing the crash.
|
Writing a core file...
|
Working directory at /usr/local/mysql/data
|
Resource Limits:
|
Limit Soft Limit Hard Limit Units
|
Max cpu time unlimited unlimited seconds
|
Max file size unlimited unlimited bytes
|
Max data size unlimited unlimited bytes
|
Max stack size 8388608 unlimited bytes
|
Max core file size unlimited unlimited bytes
|
Max resident set unlimited unlimited bytes
|
Max processes unlimited unlimited processes
|
Max open files 1048576 1048576 files
|
Max locked memory 16777216 16777216 bytes
|
Max address space unlimited unlimited bytes
|
Max file locks unlimited unlimited locks
|
Max pending signals 1030951 1030951 signals
|
Max msgqueue size 819200 819200 bytes
|
Max nice priority 0 0
|
Max realtime priority 0 0
|
Max realtime timeout unlimited unlimited us
|
Core pattern: co...
|
—