Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
10.5.2, 10.1(EOL), 10.2(EOL), 10.3(EOL), 10.4(EOL), 10.5, 10.6
-
None
-
Ubuntu 18.04
Description
We found an assertion fail that crash debug version of MariaDB.
POC:
—
CREATE TABLE v0 ( v1 INT ) ; |
INSERT INTO v0 ( v1 ) VALUES ( 9 ) ; |
UPDATE v0 SET v1 = 2 WHERE v1 IN ( SELECT v1 WHERE v1 = v1 OR ( v1 = -1 AND v1 = 28 ) ) ; |
INSERT INTO v0 ( v1 ) VALUES ( 60 ) , ( 0 ) ; |
SELECT RANK ( v1 ) OVER w , STD ( v1 ) OVER w FROM v0 WINDOW v2 AS ( PARTITION BY v1 ORDER BY v1 * 0 ) ; |
—
Stack dump:
—
mysqld: /home/mysql/mariadb/sql/item_subselect.cc:2273: bool Item_in_subselect::create_single_in_to_exists_cond(JOIN *, Item **, Item **): Assertion `false' failed.
|
200505 4:51:20 [ERROR] mysqld got signal 6 ;
|
This could be because you hit a bug. It is also possible that this binary
|
or one of the libraries it was linked against is corrupt, improperly built,
|
or misconfigured. This error can also be caused by malfunctioning hardware.
|
|
|
To report this bug, see https://mariadb.com/kb/en/reporting-bugs
|
|
|
We will try our best to scrape up some info that will hopefully help
|
diagnose the problem, but since we have already crashed,
|
something is definitely wrong and this may fail.
|
|
|
Server version: 10.5.3-MariaDB-debug
|
key_buffer_size=134217728
|
read_buffer_size=131072
|
max_used_connections=2
|
max_threads=153
|
thread_count=3
|
It is possible that mysqld could use up to
|
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 467925 K bytes of memory
|
Hope that's ok; if not, decrease some variables in the equation.
|
|
|
Thread pointer: 0x7f971c000d78
|
Attempting backtrace. You can use the following information to find out
|
where mysqld died. If you see no messages after this, something went
|
terribly wrong...
|
stack_bottom = 0x7f9754ef4dc0 thread_stack 0x49000
|
fil/fil0fil.cc:3410(fil_ibd_discover(unsigned long, Datafile&))[0x32d4681]
|
sql/multi_range_read.cc:764(Mrr_ordered_index_reader::refill_buffer(bool))[0x13c0898]
|
??:0(__restore_rt)[0x7f976f537890]
|
linux/raise.c:51(__GI_raise)[0x7f976d1e9e97]
|
stdlib/abort.c:81(__GI_abort)[0x7f976d1eb801]
|
assert/assert.c:89(__assert_fail_base)[0x7f976d1db39a]
|
??:0(__assert_fail)[0x7f976d1db412]
|
sql/sql_alloc.h:39(ORAparse(THD*))[0x16a471f]
|
sql/threadpool_common.cc:313(threadpool_process_request(THD*))[0x16af6d1]
|
sql/sql_select.cc:28467(test_if_cheaper_ordering(st_join_table const*, st_order*, TABLE*, Bitmap<64u>, int, unsigned long long, int*, int*, unsigned long long*, unsigned int*, unsigned int*))[0x10075cc]
|
sql/slave.cc:1868(is_network_error(unsigned int))[0xafc690]
|
sql/log_event.h:2752(rpl_master_has_bug(Relay_log_info const*, unsigned int, bool, bool (*)(void const*), void const*))[0xb14a50]
|
sql/slave.cc:2446(get_master_version_and_clock(st_mysql*, Master_info*))[0xafc436]
|
/usr/local/mysql/bin/mysqld(_ZN13st_select_lex31optimize_unflattened_subqueriesEb+0xa29)[0x97e7b9]
|
sql/sql_lex.cc:4541(fix_prepare_info_in_table_list(THD*, TABLE_LIST*))[0xd7d4f0]
|
handler/ha_innodb.cc:19256(__cxx_global_var_init.1268)[0xa254ef]
|
sql/sys_vars.ic:627(Sys_var_charptr_fscs::Sys_var_charptr(char const*, char const, int, long, unsigned long, CMD_LINE, char const, PolyLock*, sys_var::binlog_status_enum, bool (*)(PolyLock**, THD*, set_var*), bool (*)(sys_var::binlog_status_enum, THD, enum_var_type), char const))[0xa07b70]
|
sql/set_var.h:258(_GLOBAL__sub_I_sys_vars.cc)[0x9fd70e]
|
sql/sys_vars.cc:5730(__cxx_global_var_init.1236)[0xa099cb]
|
sql/item.h:4563(Item_empty_string::Item_empty_string(THD*, char const*, unsigned int, charset_info_st const*))[0xedb6d1]
|
sql/item.h:746(show_binlog_info_get_fields(THD*, List<Item>*))[0xedaec1]
|
gcalc_slicescan.cc:0(__afl_fork_wait_loop)[0x1e8dfc6]
|
nptl/pthread_create.c:463(start_thread)[0x7f976f52c6db]
|
x86_64/clone.S:97(clone)[0x7f976d2cc88f]
|
|
|
Trying to get some variables.
|
Some pointers may be invalid and cause the dump to abort.
|
Query (0x7f971c015054): UPDATE v0 SET v1 = 2 WHERE v1 IN ( SELECT v1 WHERE v1 = v1 OR ( v1 = -1 AND v1 = 28 ) )
|
Connection ID (thread ID): 2868
|
Status: NOT_KILLED
|
|
|
Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,engine_condition_pushdown=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on,not_null_range_scan=off
|
|
|
The manual page at http://dev.mysql.com/doc/mysql/en/crashing.html contains
|
information that should help you find out what is causing the crash.
|
Writing a core file...
|
Working directory at /usr/local/mysql/data
|
Resource Limits:
|
Limit Soft Limit Hard Limit Units
|
Max cpu time unlimited unlimited seconds
|
Max file size unlimited unlimited bytes
|
Max data size unlimited unlimited bytes
|
Max stack size 8388608 unlimited bytes
|
Max core file size unlimited unlimited bytes
|
Max resident set unlimited unlimited bytes
|
Max processes unlimited unlimited processes
|
Max open files 1048576 1048576 files
|
Max locked memory 16777216 16777216 bytes
|
Max address space unlimited unlimited bytes
|
Max file locks unlimited unlimited locks
|
Max pending signals 1030951 1030951 signals
|
Max msgqueue size 819200 819200 bytes
|
Max nice priority 0 0
|
Max realtime priority 0 0
|
Max realtime timeout unlimited unlimited us
|
Core pattern: co...
|
—
Attachments
Activity
| Field | Original Value | New Value |
|---|---|---|
| Description |
We found an assertion fail that crash debug version of MariaDB.
POC: --- CREATE TABLE v0 ( v1 INT ) ; INSERT INTO v0 ( v1 ) VALUES ( 9 ) ; UPDATE v0 SET v1 = 2 WHERE v1 IN ( SELECT v1 WHERE v1 = v1 OR ( v1 = -1 AND v1 = 28 ) ) ; INSERT INTO v0 ( v1 ) VALUES ( 60 ) , ( 0 ) ; SELECT RANK ( v1 ) OVER w , STD ( v1 ) OVER w FROM v0 WINDOW v2 AS ( PARTITION BY v1 ORDER BY v1 * 0 ) ; --- Stack dump: --- mysqld: /home/mysql/mariadb/sql/item_subselect.cc:2273: bool Item_in_subselect::create_single_in_to_exists_cond(JOIN *, Item **, Item **): Assertion `false' failed. 200505 4:51:20 [ERROR] mysqld got signal 6 ; This could be because you hit a bug. It is also possible that this binary or one of the libraries it was linked against is corrupt, improperly built, or misconfigured. This error can also be caused by malfunctioning hardware. To report this bug, see https://mariadb.com/kb/en/reporting-bugs We will try our best to scrape up some info that will hopefully help diagnose the problem, but since we have already crashed, something is definitely wrong and this may fail. Server version: 10.5.3-MariaDB-debug key_buffer_size=134217728 read_buffer_size=131072 max_used_connections=2 max_threads=153 thread_count=3 It is possible that mysqld could use up to key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 467925 K bytes of memory Hope that's ok; if not, decrease some variables in the equation. Thread pointer: 0x7f971c000d78 Attempting backtrace. You can use the following information to find out where mysqld died. If you see no messages after this, something went terribly wrong... stack_bottom = 0x7f9754ef4dc0 thread_stack 0x49000 fil/fil0fil.cc:3410(fil_ibd_discover(unsigned long, Datafile&))[0x32d4681] sql/multi_range_read.cc:764(Mrr_ordered_index_reader::refill_buffer(bool))[0x13c0898] ??:0(__restore_rt)[0x7f976f537890] linux/raise.c:51(__GI_raise)[0x7f976d1e9e97] stdlib/abort.c:81(__GI_abort)[0x7f976d1eb801] assert/assert.c:89(__assert_fail_base)[0x7f976d1db39a] ??:0(__assert_fail)[0x7f976d1db412] sql/sql_alloc.h:39(ORAparse(THD*))[0x16a471f] sql/threadpool_common.cc:313(threadpool_process_request(THD*))[0x16af6d1] sql/sql_select.cc:28467(test_if_cheaper_ordering(st_join_table const*, st_order*, TABLE*, Bitmap<64u>, int, unsigned long long, int*, int*, unsigned long long*, unsigned int*, unsigned int*))[0x10075cc] sql/slave.cc:1868(is_network_error(unsigned int))[0xafc690] sql/log_event.h:2752(rpl_master_has_bug(Relay_log_info const*, unsigned int, bool, bool (*)(void const*), void const*))[0xb14a50] sql/slave.cc:2446(get_master_version_and_clock(st_mysql*, Master_info*))[0xafc436] /usr/local/mysql/bin/mysqld(_ZN13st_select_lex31optimize_unflattened_subqueriesEb+0xa29)[0x97e7b9] sql/sql_lex.cc:4541(fix_prepare_info_in_table_list(THD*, TABLE_LIST*))[0xd7d4f0] handler/ha_innodb.cc:19256(__cxx_global_var_init.1268)[0xa254ef] sql/sys_vars.ic:627(Sys_var_charptr_fscs::Sys_var_charptr(char const*, char const, int, long, unsigned long, CMD_LINE, char const, PolyLock*, sys_var::binlog_status_enum, bool (*)(PolyLock**, THD*, set_var*), bool (*)(sys_var::binlog_status_enum, THD, enum_var_type), char const))[0xa07b70] sql/set_var.h:258(_GLOBAL__sub_I_sys_vars.cc)[0x9fd70e] sql/sys_vars.cc:5730(__cxx_global_var_init.1236)[0xa099cb] sql/item.h:4563(Item_empty_string::Item_empty_string(THD*, char const*, unsigned int, charset_info_st const*))[0xedb6d1] sql/item.h:746(show_binlog_info_get_fields(THD*, List<Item>*))[0xedaec1] gcalc_slicescan.cc:0(__afl_fork_wait_loop)[0x1e8dfc6] nptl/pthread_create.c:463(start_thread)[0x7f976f52c6db] x86_64/clone.S:97(clone)[0x7f976d2cc88f] Trying to get some variables. Some pointers may be invalid and cause the dump to abort. Query (0x7f971c015054): UPDATE v0 SET v1 = 2 WHERE v1 IN ( SELECT v1 WHERE v1 = v1 OR ( v1 = -1 AND v1 = 28 ) ) Connection ID (thread ID): 2868 Status: NOT_KILLED Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,engine_condition_pushdown=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on,not_null_range_scan=off The manual page at http://dev.mysql.com/doc/mysql/en/crashing.html contains information that should help you find out what is causing the crash. Writing a core file... Working directory at /usr/local/mysql/data Resource Limits: Limit Soft Limit Hard Limit Units Max cpu time unlimited unlimited seconds Max file size unlimited unlimited bytes Max data size unlimited unlimited bytes Max stack size 8388608 unlimited bytes Max core file size unlimited unlimited bytes Max resident set unlimited unlimited bytes Max processes unlimited unlimited processes Max open files 1048576 1048576 files Max locked memory 16777216 16777216 bytes Max address space unlimited unlimited bytes Max file locks unlimited unlimited locks Max pending signals 1030951 1030951 signals Max msgqueue size 819200 819200 bytes Max nice priority 0 0 Max realtime priority 0 0 Max realtime timeout unlimited unlimited us Core pattern: co... --- |
We found an assertion fail that crash debug version of MariaDB.
POC: --- {code:sql} CREATE TABLE v0 ( v1 INT ) ; INSERT INTO v0 ( v1 ) VALUES ( 9 ) ; UPDATE v0 SET v1 = 2 WHERE v1 IN ( SELECT v1 WHERE v1 = v1 OR ( v1 = -1 AND v1 = 28 ) ) ; INSERT INTO v0 ( v1 ) VALUES ( 60 ) , ( 0 ) ; SELECT RANK ( v1 ) OVER w , STD ( v1 ) OVER w FROM v0 WINDOW v2 AS ( PARTITION BY v1 ORDER BY v1 * 0 ) ; {code} --- Stack dump: --- {noformat} mysqld: /home/mysql/mariadb/sql/item_subselect.cc:2273: bool Item_in_subselect::create_single_in_to_exists_cond(JOIN *, Item **, Item **): Assertion `false' failed. 200505 4:51:20 [ERROR] mysqld got signal 6 ; This could be because you hit a bug. It is also possible that this binary or one of the libraries it was linked against is corrupt, improperly built, or misconfigured. This error can also be caused by malfunctioning hardware. To report this bug, see https://mariadb.com/kb/en/reporting-bugs We will try our best to scrape up some info that will hopefully help diagnose the problem, but since we have already crashed, something is definitely wrong and this may fail. Server version: 10.5.3-MariaDB-debug key_buffer_size=134217728 read_buffer_size=131072 max_used_connections=2 max_threads=153 thread_count=3 It is possible that mysqld could use up to key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 467925 K bytes of memory Hope that's ok; if not, decrease some variables in the equation. Thread pointer: 0x7f971c000d78 Attempting backtrace. You can use the following information to find out where mysqld died. If you see no messages after this, something went terribly wrong... stack_bottom = 0x7f9754ef4dc0 thread_stack 0x49000 fil/fil0fil.cc:3410(fil_ibd_discover(unsigned long, Datafile&))[0x32d4681] sql/multi_range_read.cc:764(Mrr_ordered_index_reader::refill_buffer(bool))[0x13c0898] ??:0(__restore_rt)[0x7f976f537890] linux/raise.c:51(__GI_raise)[0x7f976d1e9e97] stdlib/abort.c:81(__GI_abort)[0x7f976d1eb801] assert/assert.c:89(__assert_fail_base)[0x7f976d1db39a] ??:0(__assert_fail)[0x7f976d1db412] sql/sql_alloc.h:39(ORAparse(THD*))[0x16a471f] sql/threadpool_common.cc:313(threadpool_process_request(THD*))[0x16af6d1] sql/sql_select.cc:28467(test_if_cheaper_ordering(st_join_table const*, st_order*, TABLE*, Bitmap<64u>, int, unsigned long long, int*, int*, unsigned long long*, unsigned int*, unsigned int*))[0x10075cc] sql/slave.cc:1868(is_network_error(unsigned int))[0xafc690] sql/log_event.h:2752(rpl_master_has_bug(Relay_log_info const*, unsigned int, bool, bool (*)(void const*), void const*))[0xb14a50] sql/slave.cc:2446(get_master_version_and_clock(st_mysql*, Master_info*))[0xafc436] /usr/local/mysql/bin/mysqld(_ZN13st_select_lex31optimize_unflattened_subqueriesEb+0xa29)[0x97e7b9] sql/sql_lex.cc:4541(fix_prepare_info_in_table_list(THD*, TABLE_LIST*))[0xd7d4f0] handler/ha_innodb.cc:19256(__cxx_global_var_init.1268)[0xa254ef] sql/sys_vars.ic:627(Sys_var_charptr_fscs::Sys_var_charptr(char const*, char const, int, long, unsigned long, CMD_LINE, char const, PolyLock*, sys_var::binlog_status_enum, bool (*)(PolyLock**, THD*, set_var*), bool (*)(sys_var::binlog_status_enum, THD, enum_var_type), char const))[0xa07b70] sql/set_var.h:258(_GLOBAL__sub_I_sys_vars.cc)[0x9fd70e] sql/sys_vars.cc:5730(__cxx_global_var_init.1236)[0xa099cb] sql/item.h:4563(Item_empty_string::Item_empty_string(THD*, char const*, unsigned int, charset_info_st const*))[0xedb6d1] sql/item.h:746(show_binlog_info_get_fields(THD*, List<Item>*))[0xedaec1] gcalc_slicescan.cc:0(__afl_fork_wait_loop)[0x1e8dfc6] nptl/pthread_create.c:463(start_thread)[0x7f976f52c6db] x86_64/clone.S:97(clone)[0x7f976d2cc88f] Trying to get some variables. Some pointers may be invalid and cause the dump to abort. Query (0x7f971c015054): UPDATE v0 SET v1 = 2 WHERE v1 IN ( SELECT v1 WHERE v1 = v1 OR ( v1 = -1 AND v1 = 28 ) ) Connection ID (thread ID): 2868 Status: NOT_KILLED Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,engine_condition_pushdown=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on,not_null_range_scan=off The manual page at http://dev.mysql.com/doc/mysql/en/crashing.html contains information that should help you find out what is causing the crash. Writing a core file... Working directory at /usr/local/mysql/data Resource Limits: Limit Soft Limit Hard Limit Units Max cpu time unlimited unlimited seconds Max file size unlimited unlimited bytes Max data size unlimited unlimited bytes Max stack size 8388608 unlimited bytes Max core file size unlimited unlimited bytes Max resident set unlimited unlimited bytes Max processes unlimited unlimited processes Max open files 1048576 1048576 files Max locked memory 16777216 16777216 bytes Max address space unlimited unlimited bytes Max file locks unlimited unlimited locks Max pending signals 1030951 1030951 signals Max msgqueue size 819200 819200 bytes Max nice priority 0 0 Max realtime priority 0 0 Max realtime timeout unlimited unlimited us Core pattern: co... {noformat} --- |
| Affects Version/s | 10.1 [ 16100 ] | |
| Affects Version/s | 10.2 [ 14601 ] | |
| Affects Version/s | 10.3 [ 22126 ] | |
| Affects Version/s | 10.4 [ 22408 ] | |
| Affects Version/s | 10.5 [ 23123 ] |
| Fix Version/s | 10.1 [ 16100 ] | |
| Fix Version/s | 10.2 [ 14601 ] | |
| Fix Version/s | 10.3 [ 22126 ] | |
| Fix Version/s | 10.4 [ 22408 ] | |
| Fix Version/s | 10.5 [ 23123 ] |
| Status | Open [ 1 ] | Confirmed [ 10101 ] |
| Assignee | Igor Babaev [ igor ] |
| Fix Version/s | 10.1 [ 16100 ] |
| Priority | Critical [ 2 ] | Major [ 3 ] |
| Assignee | Igor Babaev [ igor ] | Sergei Petrunia [ psergey ] |
on non-debug build there is no crash, but the wrong result:
MariaDB [test]> select 3 in (select 5);
|
+-----------------+
|
| 3 in (select 5) |
|
+-----------------+
|
| 0 |
|
+-----------------+
|
1 row in set (0.000 sec)
|
|
|
MariaDB [test]> select 3 in (select 5 where 1);
|
+-------------------------+
|
| 3 in (select 5 where 1) |
|
+-------------------------+
|
| 1 |
|
+-------------------------+
|
1 row in set (0.000 sec)
|
|
|
MariaDB [test]> select version();
|
+--------------------+
|
| version() |
|
+--------------------+
|
| 10.5.7-MariaDB-log |
|
+--------------------+
|
1 row in set (0.000 sec)
|
|
MariaDB [test]> create table t1 (a int );
|
Query OK, 0 rows affected (0.009 sec)
|
|
|
MariaDB [test]> insert into t1 values (1),(2),(3);
|
Query OK, 3 rows affected (0.001 sec)
|
Records: 3 Duplicates: 0 Warnings: 0
|
|
|
MariaDB [test]> update t1 set a = 5 where a in (select 10 where 1);
|
Query OK, 3 rows affected (0.002 sec)
|
Rows matched: 3 Changed: 3 Warnings: 0
|
|
|
MariaDB [test]> select * from t1;
|
+------+
|
| a |
|
+------+
|
| 5 |
|
| 5 |
|
| 5 |
|
+------+
|
3 rows in set (0.000 sec)
|
|
Note: The syntax used in the test case (select 10 where 1) causes parse error in current versions, but the issue is still reproducible if one adds from dual.
A patch: http://lists.askmonty.org/pipermail/commits/2020-December/014414.html
sanja, could you review this?
| Assignee | Sergei Petrunia [ psergey ] | Oleksandr Byelkin [ sanja ] |
| Status | Confirmed [ 10101 ] | In Review [ 10002 ] |
CREATE TABLE t (i INT AUTO_INCREMENT PRIMARY KEY);
|
DELETE FROM t WHERE i IN (SELECT JSON_OBJECT('a','a') FROM DUAL WHERE 1);
|
Leads to:
|
10.6.0 9118fd360a3da0bba521caf2a35c424968235ac4 (Debug) |
mysqld: /test/10.6_dbg/sql/item_subselect.cc:2311: bool Item_in_subselect::create_single_in_to_exists_cond(JOIN*, Item**, Item**): Assertion `false' failed.
|
|
10.6.0 9118fd360a3da0bba521caf2a35c424968235ac4 (Debug) |
Core was generated by `/test/MD010121-mariadb-10.6.0-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
|
Program terminated with signal SIGABRT, Aborted.
|
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=6)
|
at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
|
[Current thread is 1 (Thread 0x14cf500e5700 (LWP 739633))]
|
(gdb) bt
|
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=6) at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
|
#1 0x000055c7b0db80d7 in my_write_core (sig=sig@entry=6) at /test/10.6_dbg/mysys/stacktrace.c:424
|
#2 0x000055c7b054cab1 in handle_fatal_signal (sig=6) at /test/10.6_dbg/sql/signal_handler.cc:330
|
#3 <signal handler called>
|
#4 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
|
#5 0x000014cf526a1859 in __GI_abort () at abort.c:79
|
#6 0x000014cf526a1729 in __assert_fail_base (fmt=0x14cf52837588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x55c7b14a366b "false", file=0x55c7b10c0dd0 "/test/10.6_dbg/sql/item_subselect.cc", line=2311, function=<optimized out>) at assert.c:92
|
#7 0x000014cf526b2f36 in __GI___assert_fail (assertion=assertion@entry=0x55c7b14a366b "false", file=file@entry=0x55c7b10c0dd0 "/test/10.6_dbg/sql/item_subselect.cc", line=line@entry=2311, function=function@entry=0x55c7b10c1d48 "bool Item_in_subselect::create_single_in_to_exists_cond(JOIN*, Item**, Item**)") at assert.c:101
|
#8 0x000055c7b065e09e in Item_in_subselect::create_single_in_to_exists_cond (this=this@entry=0x14cf0c013fe8, join=join@entry=0x14cf0c0144b0, where_item=where_item@entry=0x14cf0c0149b8, having_item=having_item@entry=0x14cf0c0149c0) at /test/10.6_dbg/sql/item_subselect.cc:2311
|
#9 0x000055c7b066e078 in Item_in_subselect::create_in_to_exists_cond (this=this@entry=0x14cf0c013fe8, join_arg=join_arg@entry=0x14cf0c0144b0) at /test/10.6_dbg/sql/item_subselect.cc:2659
|
#10 0x000055c7b044411f in JOIN::choose_tableless_subquery_plan (this=this@entry=0x14cf0c0144b0) at /test/10.6_dbg/sql/opt_subselect.cc:6712
|
#11 0x000055c7b0303aee in JOIN::optimize_stage2 (this=this@entry=0x14cf0c0144b0) at /test/10.6_dbg/sql/sql_select.cc:3011
|
#12 0x000055c7b0307e3b in JOIN::optimize_inner (this=this@entry=0x14cf0c0144b0) at /test/10.6_dbg/sql/sql_select.cc:2277
|
#13 0x000055c7b030806c in JOIN::optimize (this=this@entry=0x14cf0c0144b0) at /test/10.6_dbg/sql/sql_select.cc:1627
|
#14 0x000055c7b0250517 in st_select_lex::optimize_unflattened_subqueries (this=this@entry=0x14cf0c005780, const_only=const_only@entry=false) at /test/10.6_dbg/sql/sql_lex.cc:4852
|
#15 0x000055c7b07458a9 in mysql_delete (thd=thd@entry=0x14cf0c000db8, table_list=0x14cf0c012800, conds=<optimized out>, order_list=order_list@entry=0x14cf0c005a20, limit=18446744073709551615, options=0, result=0x0) at /test/10.6_dbg/sql/sql_delete.cc:405
|
#16 0x000055c7b028a1c8 in mysql_execute_command (thd=thd@entry=0x14cf0c000db8) at /test/10.6_dbg/sql/sql_limit.h:67
|
#17 0x000055c7b0274072 in mysql_parse (thd=thd@entry=0x14cf0c000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14cf500e43d0) at /test/10.6_dbg/sql/sql_parse.cc:7881
|
#18 0x000055c7b02821ec in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14cf0c000db8, packet=packet@entry=0x14cf0c008d39 "DELETE FROM t WHERE i IN (SELECT JSON_OBJECT('a','a') FROM DUAL WHERE 1)", packet_length=packet_length@entry=72) at /test/10.6_dbg/sql/sql_class.h:1293
|
#19 0x000055c7b028552d in do_command (thd=0x14cf0c000db8) at /test/10.6_dbg/sql/sql_parse.cc:1348
|
#20 0x000055c7b03e17fc in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55c7b3be66f8, put_in_cache=put_in_cache@entry=true) at /test/10.6_dbg/sql/sql_connect.cc:1410
|
#21 0x000055c7b03e1f03 in handle_one_connection (arg=arg@entry=0x55c7b3be66f8) at /test/10.6_dbg/sql/sql_connect.cc:1312
|
#22 0x000055c7b089788f in pfs_spawn_thread (arg=0x55c7b3b32898) at /test/10.6_dbg/storage/perfschema/pfs.cc:2201
|
#23 0x000014cf52baf609 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
#24 0x000014cf5279e293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
Bug confirmed present in:
MariaDB: 10.2.37 (dbg), 10.3.28 (dbg), 10.4.18 (dbg), 10.5.9 (dbg), 10.6.0 (dbg)
Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.2.37 (opt), 10.3.28 (opt), 10.4.18 (opt), 10.5.9 (opt), 10.6.0 (opt)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.50 (dbg), 5.6.50 (opt), 5.7.32 (dbg), 5.7.32 (opt), 8.0.22 (dbg), 8.0.22 (opt)
Note that the same testcase gives a slightly different stack on 10.2 dbg (only):
|
10.2.37 (Debug) |
mysqld: /test/10.2_dbg/sql/item_subselect.cc:2241: bool Item_in_subselect::create_single_in_to_exists_cond(JOIN*, Item**, Item**): Assertion `false' failed.
|
|
10.2.37 (Debug) |
Core was generated by `/test/MD010121-mariadb-10.2.37-linux-x86_64-dbg/bin/mysqld --no-defaults --core'.
|
Program terminated with signal SIGABRT, Aborted.
|
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=6)
|
at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
|
[Current thread is 1 (Thread 0x15276d34f700 (LWP 767508))]
|
(gdb) bt
|
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=6) at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
|
#1 0x0000562f10de9c2a in my_write_core (sig=sig@entry=6) at /test/10.2_dbg/mysys/stacktrace.c:382
|
#2 0x0000562f106dc82b in handle_fatal_signal (sig=6) at /test/10.2_dbg/sql/signal_handler.cc:343
|
#3 <signal handler called>
|
#4 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
|
#5 0x00001527883f7859 in __GI_abort () at abort.c:79
|
#6 0x00001527883f7729 in __assert_fail_base (fmt=0x15278858d588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x562f1100d458 "false", file=0x562f10f608a8 "/test/10.2_dbg/sql/item_subselect.cc", line=2241, function=<optimized out>) at assert.c:92
|
#7 0x0000152788408f36 in __GI___assert_fail (assertion=assertion@entry=0x562f1100d458 "false", file=file@entry=0x562f10f608a8 "/test/10.2_dbg/sql/item_subselect.cc", line=line@entry=2241, function=function@entry=0x562f10f616b8 "bool Item_in_subselect::create_single_in_to_exists_cond(JOIN*, Item**, Item**)") at assert.c:101
|
#8 0x0000562f107af8cf in Item_in_subselect::create_single_in_to_exists_cond (this=this@entry=0x152728012860, join=join@entry=0x152728012c48, where_item=where_item@entry=0x152728013148, having_item=having_item@entry=0x152728013150) at /test/10.2_dbg/sql/item_subselect.cc:2241
|
#9 0x0000562f107b325a in Item_in_subselect::create_in_to_exists_cond (this=this@entry=0x152728012860, join_arg=join_arg@entry=0x152728012c48) at /test/10.2_dbg/sql/item_subselect.cc:2589
|
#10 0x0000562f106351d9 in JOIN::choose_tableless_subquery_plan (this=this@entry=0x152728012c48) at /test/10.2_dbg/sql/opt_subselect.cc:6064
|
#11 0x0000562f1053de9a in JOIN::optimize_inner (this=this@entry=0x152728012c48) at /test/10.2_dbg/sql/sql_select.cc:2266
|
#12 0x0000562f10541f7a in JOIN::optimize (this=this@entry=0x152728012c48) at /test/10.2_dbg/sql/sql_select.cc:1117
|
#13 0x0000562f104c75bd in st_select_lex::optimize_unflattened_subqueries (this=this@entry=0x1527280050c8, const_only=const_only@entry=false) at /test/10.2_dbg/sql/sql_lex.cc:3871
|
#14 0x0000562f10863e00 in mysql_delete (thd=thd@entry=0x152728000d90, table_list=0x1527280112d0, conds=<optimized out>, order_list=order_list@entry=0x152728005328, limit=18446744073709551615, options=0, result=0x0) at /test/10.2_dbg/sql/sql_delete.cc:310
|
#15 0x0000562f104d6d62 in mysql_execute_command (thd=thd@entry=0x152728000d90) at /test/10.2_dbg/sql/sql_parse.cc:4396
|
#16 0x0000562f104dcea0 in mysql_parse (thd=thd@entry=0x152728000d90, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x15276d34e550, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.2_dbg/sql/sql_parse.cc:7762
|
#17 0x0000562f104df9d9 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x152728000d90, packet=packet@entry=0x1527280195d1 "DELETE FROM t WHERE i IN (SELECT JSON_OBJECT('a','a') FROM DUAL WHERE 1)", packet_length=packet_length@entry=72, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.2_dbg/sql/sql_class.h:1096
|
#18 0x0000562f104e27e1 in do_command (thd=0x152728000d90) at /test/10.2_dbg/sql/sql_parse.cc:1381
|
#19 0x0000562f105e7a61 in do_handle_one_connection (connect=connect@entry=0x562f128ee410) at /test/10.2_dbg/sql/sql_connect.cc:1336
|
#20 0x0000562f105e7c8c in handle_one_connection (arg=0x562f128ee410) at /test/10.2_dbg/sql/sql_connect.cc:1241
|
#21 0x00001527888fd609 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
#22 0x00001527884f4293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
| Affects Version/s | 10.6 [ 24028 ] |
| Assignee | Oleksandr Byelkin [ sanja ] | Sergei Petrunia [ psergey ] |
| Status | In Review [ 10002 ] | Stalled [ 10000 ] |
| Fix Version/s | 10.6.1 [ 24437 ] | |
| Fix Version/s | 10.2.39 [ 25731 ] | |
| Fix Version/s | 10.3.30 [ 25732 ] | |
| Fix Version/s | 10.4.20 [ 25733 ] | |
| Fix Version/s | 10.5.11 [ 25734 ] | |
| Fix Version/s | 10.2 [ 14601 ] | |
| Fix Version/s | 10.3 [ 22126 ] | |
| Fix Version/s | 10.4 [ 22408 ] | |
| Fix Version/s | 10.5 [ 23123 ] | |
| Resolution | Fixed [ 1 ] | |
| Status | Stalled [ 10000 ] | Closed [ 6 ] |
| Workflow | MariaDB v3 [ 108227 ] | MariaDB v4 [ 157721 ] |
Thank you for the report and the test case!
Repeatable on 10.1-10.5:
10.1 d233fd14a39f9c583b85ff
#5 0x00007fdb0432e535 in __GI_abort () at abort.c:79#6 0x00007fdb0432e40f in __assert_fail_base (fmt=0x7fdb04490ee0 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x55f35a66db5a "false", file=0x55f35a66d468 "/10.1/sql/item_subselect.cc", line=2215, function=<optimized out>) at assert.c:92#7 0x00007fdb0433c102 in __GI___assert_fail (assertion=0x55f35a66db5a "false", file=0x55f35a66d468 "/10.1/sql/item_subselect.cc", line=2215, function=0x55f35a66f560 <Item_in_subselect::create_single_in_to_exists_cond(JOIN*, Item**, Item**)::__PRETTY_FUNCTION__> "bool Item_in_subselect::create_single_in_to_exists_cond(JOIN*, Item**, Item**)") at assert.c:101#8 0x000055f359ef9e22 in Item_in_subselect::create_single_in_to_exists_cond (this=0x7fdaf861e8b8, join=0x7fdaf861f178, where_item=0x7fdaf861f6a0, having_item=0x7fdaf861f6a8) at /10.1/sql/item_subselect.cc:2215#9 0x000055f359efb424 in Item_in_subselect::create_in_to_exists_cond (this=0x7fdaf861e8b8, join_arg=0x7fdaf861f178) at /10.1/sql/item_subselect.cc:2560#10 0x000055f359dac5fa in JOIN::choose_tableless_subquery_plan (this=0x7fdaf861f178) at /10.1/sql/opt_subselect.cc:6072#11 0x000055f359c597a0 in JOIN::optimize_inner (this=0x7fdaf861f178) at /10.1/sql/sql_select.cc:2070#12 0x000055f359c55dba in JOIN::optimize (this=0x7fdaf861f178) at /10.1/sql/sql_select.cc:1059#13 0x000055f359c0d4a3 in st_select_lex::optimize_unflattened_subqueries (this=0x7fdafcf8f500, const_only=true) at /10.1/sql/sql_lex.cc:3805#14 0x000055f359daaad7 in JOIN::optimize_constant_subqueries (this=0x7fdaf861eb68) at /10.1/sql/opt_subselect.cc:5368#15 0x000055f359c564f7 in JOIN::optimize_inner (this=0x7fdaf861eb68) at /10.1/sql/sql_select.cc:1214#16 0x000055f359c55dba in JOIN::optimize (this=0x7fdaf861eb68) at /10.1/sql/sql_select.cc:1059#17 0x000055f359c5e64d in mysql_select (thd=0x7fdafcf8b2b0, rref_pointer_array=0x7fdafcf8f7a8, tables=0x0, wild_num=0, fields=..., conds=0x7fdaf861e8b8, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7fdaf861eb48, unit=0x7fdafcf8edf8, select_lex=0x7fdafcf8f500) at /10.1/sql/sql_select.cc:3487#18 0x000055f359c53e9f in handle_select (thd=0x7fdafcf8b2b0, lex=0x7fdafcf8ed38, result=0x7fdaf861eb48, setup_tables_done_option=0) at /10.1/sql/sql_select.cc:377#19 0x000055f359c23d50 in execute_sqlcom_select (thd=0x7fdafcf8b2b0, all_tables=0x0) at /10.1/sql/sql_parse.cc:5690#20 0x000055f359c1aa64 in mysql_execute_command (thd=0x7fdafcf8b2b0) at /10.1/sql/sql_parse.cc:3037#21 0x000055f359c2784a in mysql_parse (thd=0x7fdafcf8b2b0, rawbuf=0x7fdaf861dac8 "select 1 from dual where 1 in (select 5 where 1)", length=48, parser_state=0x7fdb0426ae20) at /10.1/sql/sql_parse.cc:7208#22 0x000055f359c16b05 in dispatch_command (command=COM_QUERY, thd=0x7fdafcf8b2b0, packet=0x7fdb00788071 "select 1 from dual where 1 in (select 5 where 1)", packet_length=48) at /10.1/sql/sql_parse.cc:1499#23 0x000055f359c159f1 in do_command (thd=0x7fdafcf8b2b0) at /10.1/sql/sql_parse.cc:1131#24 0x000055f359d516ad in do_handle_one_connection (thd_arg=0x7fdafcf8b2b0) at /10.1/sql/sql_connect.cc:1331#25 0x000055f359d513e8 in handle_one_connection (arg=0x7fdafcf8b2b0) at /10.1/sql/sql_connect.cc:1242#26 0x000055f35a169466 in pfs_spawn_thread (arg=0x7fdafcf28470) at /10.1/storage/perfschema/pfs.cc:1868#27 0x00007fdb04d40fa3 in start_thread (arg=<optimized out>) at pthread_create.c:486#28 0x00007fdb044054cf in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95the same, but with UPDATE:
#4 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50#5 0x00007f30fb521535 in __GI_abort () at abort.c:79#6 0x00007f30fb52140f in __assert_fail_base (fmt=0x7f30fb683ee0 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x55d2522a4b5a "false", file=0x55d2522a4468 "/10.1/sql/item_subselect.cc", line=2215, function=<optimized out>) at assert.c:92#7 0x00007f30fb52f102 in __GI___assert_fail (assertion=0x55d2522a4b5a "false", file=0x55d2522a4468 "/10.1/sql/item_subselect.cc", line=2215, function=0x55d2522a6560 <Item_in_subselect::create_single_in_to_exists_cond(JOIN*, Item**, Item**)::__PRETTY_FUNCTION__> "bool Item_in_subselect::create_single_in_to_exists_cond(JOIN*, Item**, Item**)") at assert.c:101#8 0x000055d251b30e22 in Item_in_subselect::create_single_in_to_exists_cond (this=0x7f30efe1edb8, join=0x7f30efe1f170, where_item=0x7f30efe1f698, having_item=0x7f30efe1f6a0) at /10.1/sql/item_subselect.cc:2215#9 0x000055d251b32424 in Item_in_subselect::create_in_to_exists_cond (this=0x7f30efe1edb8, join_arg=0x7f30efe1f170) at /10.1/sql/item_subselect.cc:2560#10 0x000055d2519e35fa in JOIN::choose_tableless_subquery_plan (this=0x7f30efe1f170) at /10.1/sql/opt_subselect.cc:6072#11 0x000055d2518907a0 in JOIN::optimize_inner (this=0x7f30efe1f170) at /10.1/sql/sql_select.cc:2070#12 0x000055d25188cdba in JOIN::optimize (this=0x7f30efe1f170) at /10.1/sql/sql_select.cc:1059#13 0x000055d2518444a3 in st_select_lex::optimize_unflattened_subqueries (this=0x7f30f478f700, const_only=false) at /10.1/sql/sql_lex.cc:3805#14 0x000055d25192f207 in mysql_update (thd=0x7f30f478b4b0, table_list=0x7f30efe1d5e0, fields=..., values=..., conds=0x7f30efe1f830, order_num=0, order=0x0, limit=18446744073709551615, handle_duplicates=DUP_ERROR, ignore=false, found_return=0x7f30fb45d510, updated_return=0x7f30fb45d5a0) at /10.1/sql/sql_update.cc:377#15 0x000055d2518530e7 in mysql_execute_command (thd=0x7f30f478b4b0) at /10.1/sql/sql_parse.cc:3506#16 0x000055d25185e84a in mysql_parse (thd=0x7f30f478b4b0, rawbuf=0x7f30efe1d4c8 "update t1 set a = 2 where a in (select a where a = a)", length=53, parser_state=0x7f30fb45de20) at /10.1/sql/sql_parse.cc:7208#17 0x000055d25184db05 in dispatch_command (command=COM_QUERY, thd=0x7f30f478b4b0, packet=0x7f30f79884b1 "update t1 set a = 2 where a in (select a where a = a)", packet_length=53) at /10.1/sql/sql_parse.cc:1499#18 0x000055d25184c9f1 in do_command (thd=0x7f30f478b4b0) at /10.1/sql/sql_parse.cc:1131#19 0x000055d2519886ad in do_handle_one_connection (thd_arg=0x7f30f478b4b0) at /10.1/sql/sql_connect.cc:1331#20 0x000055d2519883e8 in handle_one_connection (arg=0x7f30f478b4b0) at /10.1/sql/sql_connect.cc:1242#21 0x000055d251da0466 in pfs_spawn_thread (arg=0x7f30f4728470) at /10.1/storage/perfschema/pfs.cc:1868#22 0x00007f30fbf33fa3 in start_thread (arg=<optimized out>) at pthread_create.c:486#23 0x00007f30fb5f84cf in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95