Details
Critical Description
This statement:
VALUES ((VALUES(1))); |
crashes the server with the following stack trace:
#0 Item_field::type_handler (this=0x7fff60015588)
|
at /home/bar/maria-git/server.10.3/sql/item.h:3068
|
#1 0x0000000000b5a541 in subselect_engine::set_row (this=0x7fff60014ac8, item_list=...,
|
row=0x7fff60014a88) at /home/bar/maria-git/server.10.3/sql/item_subselect.cc:3749
|
#2 0x0000000000b5a711 in subselect_single_select_engine::fix_length_and_dec (
|
this=0x7fff60014ac8, row=0x7fff60014a88)
|
at /home/bar/maria-git/server.10.3/sql/item_subselect.cc:3766
|
#3 0x0000000000b4fdae in Item_singlerow_subselect::fix_length_and_dec (
|
this=0x7fff60014940) at /home/bar/maria-git/server.10.3/sql/item_subselect.cc:1208
|
#4 0x0000000000b4d62e in Item_subselect::fix_fields (this=0x7fff60014940,
|
thd_param=0x7fff60000d90, ref=0x0)
|
at /home/bar/maria-git/server.10.3/sql/item_subselect.cc:316
|
#5 0x000000000067d13e in Item::fix_fields_if_needed (this=0x7fff60014940,
|
thd=0x7fff60000d90, ref=0x0) at /home/bar/maria-git/server.10.3/sql/item.h:825
|
#6 0x0000000000984e47 in fix_fields_for_tvc (thd=0x7fff60000d90, li=...)
|
at /home/bar/maria-git/server.10.3/sql/sql_tvc.cc:62
|
#7 0x00000000009854c1 in table_value_constr::prepare (this=0x7fff600144e0,
|
thd=0x7fff60000d90, sl=0x7fff60013870, tmp_result=0x7fff60016b18,
|
unit_arg=0x7fff600156a8) at /home/bar/maria-git/server.10.3/sql/sql_tvc.cc:238
|
#8 0x000000000086d430 in st_select_lex_unit::prepare (this=0x7fff600156a8,
|
derived_arg=0x7fff60015e60, sel_result=0x7fff60016a30, additional_options=0)
|
at /home/bar/maria-git/server.10.3/sql/sql_union.cc:1018
|
#9 0x000000000072c701 in mysql_derived_prepare (thd=0x7fff60000d90, lex=0x7fff60004b98,
|
derived=0x7fff60015e60) at /home/bar/maria-git/server.10.3/sql/sql_derived.cc:770
|
#10 0x000000000072b2c3 in mysql_handle_single_derived (lex=0x7fff60004b98,
|
derived=0x7fff60015e60, phases=2)
|
at /home/bar/maria-git/server.10.3/sql/sql_derived.cc:199
|
#11 0x000000000089b868 in TABLE_LIST::handle_derived (this=0x7fff60015e60,
|
lex=0x7fff60004b98, phases=2) at /home/bar/maria-git/server.10.3/sql/table.cc:8292
|
#12 0x00000000007447c8 in LEX::handle_list_of_derived (this=0x7fff60004b98,
|
table_list=0x7fff60015e60, phases=2)
|
at /home/bar/maria-git/server.10.3/sql/sql_lex.h:3997
|
#13 0x0000000000750912 in st_select_lex::handle_derived (this=0x7fff60015170,
|
lex=0x7fff60004b98, phases=2) at /home/bar/maria-git/server.10.3/sql/sql_lex.cc:4143
|
#14 0x00000000007bb4ee in JOIN::prepare (this=0x7fff600164c8, tables_init=0x7fff60015e60,
|
wild_num=1, conds_init=0x0, og_num=0, order_init=0x0, skip_order_by=false,
|
group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x7fff60015170,
|
unit_arg=0x7fff60013c88) at /home/bar/maria-git/server.10.3/sql/sql_select.cc:1036
|
#15 0x0000000000b5a37f in subselect_single_select_engine::prepare (this=0x7fff60014ac8,
|
thd=0x7fff60000d90) at /home/bar/maria-git/server.10.3/sql/item_subselect.cc:3686
|
#16 0x0000000000b4d422 in Item_subselect::fix_fields (this=0x7fff60014940,
|
thd_param=0x7fff60000d90, ref=0x0)
|
Attachments
Issue Links
- relates to
-
MDEV-21995 Server crashes in Item_field::real_type_handler with table value constructor
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
Activity
|
10.2.34 (Optimized) |
10.2.34>VALUES ((VALUES(1)));
|
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'VALUES ((VALUES(1)))' at line 1
|
probably the same problem:
VALUES ((select 1)); |
|
10.3 bc2dc83cb56851144a8 |
201209 15:26:43 [ERROR] mysqld got signal 11 ;
|
|
|
/lib/x86_64-linux-gnu/libpthread.so.0(+0x12730)[0x7fa992383730]
|
sql/item_subselect.cc:294(Item_subselect::fix_fields(THD*, Item**))[0x562111632b53]
|
sql/item.h:830(Item::fix_fields_if_needed(THD*, Item**))[0x5621109eac4f]
|
sql/sql_tvc.cc:62(fix_fields_for_tvc(THD*, List_iterator_fast<List<Item> >&))[0x5621111eaf94]
|
sql/sql_tvc.cc:238(table_value_constr::prepare(THD*, st_select_lex*, select_result*, st_select_lex_unit*))[0x5621111ec0a9]
|
sql/sql_union.cc:1038(st_select_lex_unit::prepare(TABLE_LIST*, select_result*, unsigned long))[0x562110f1ea5f]
|
sql/sql_union.cc:39(mysql_union(THD*, LEX*, select_result*, st_select_lex_unit*, unsigned long))[0x562110f148df]
|
sql/sql_select.cc:360(handle_select(THD*, LEX*, select_result*, unsigned long))[0x562110d169a5]
|
sql/sql_parse.cc:6316(execute_sqlcom_select(THD*, TABLE_LIST*))[0x562110c8316a]
|
sql/sql_parse.cc:3847(mysql_execute_command(THD*))[0x562110c70caa]
|
sql/sql_parse.cc:7837(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x562110c8d219]
|
sql/sql_parse.cc:1855(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x562110c63936]
|
sql/sql_parse.cc:1398(do_command(THD*))[0x562110c60071]
|
sql/sql_connect.cc:1403(do_handle_one_connection(CONNECT*))[0x562111050367]
|
sql/sql_connect.cc:1309(handle_one_connection)[0x56211104fc1f]
|
perfschema/pfs.cc:1871(pfs_spawn_thread)[0x5621127b31d3]
|
nptl/pthread_create.c:487(start_thread)[0x7fa992378fa3]
|
x86_64/clone.S:97(clone)[0x7fa991cfc4cf]
|
|
|
Query (0x62b000000410): VALUES ((select 1))
|
Testcase by Alice against all versions. Note the stack is quite different.
VALUES ((SELECT 1));
|
Leads to:
|
10.6.0 9118fd360a3da0bba521caf2a35c424968235ac4 (Debug) |
Core was generated by `/test/MD010121-mariadb-10.6.0-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=11)
|
at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
|
[Current thread is 1 (Thread 0x151cd4c38700 (LWP 877639))]
|
(gdb) bt
|
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=11) at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
|
#1 0x000055cb56dd70d7 in my_write_core (sig=sig@entry=11) at /test/10.6_dbg/mysys/stacktrace.c:424
|
#2 0x000055cb5656bab1 in handle_fatal_signal (sig=11) at /test/10.6_dbg/sql/signal_handler.cc:330
|
#3 <signal handler called>
|
#4 0x000055cb5667ebac in Item_subselect::fix_fields (this=0x151c98013a58, thd_param=<optimized out>, ref=0x0) at /test/10.6_dbg/sql/item_subselect.cc:303
|
#5 0x000055cb564c1170 in Item::fix_fields_if_needed (ref=0x0, thd=0x151c98000db8, this=0x151c98013a58) at /test/10.6_dbg/sql/sql_list.h:443
|
#6 fix_fields_for_tvc (thd=thd@entry=0x151c98000db8, li=@0x151cd4c36740: {<base_list_iterator> = {list = 0x151c98013c78, el = 0x151c98013c60, prev = 0x0, current = 0x0}, <No data fields>}) at /test/10.6_dbg/sql/sql_tvc.cc:93
|
#7 0x000055cb564c1685 in table_value_constr::prepare (this=0x151c98013c70, thd=0x151c98000db8, sl=sl@entry=0x151c980128b0, tmp_result=tmp_result@entry=0x151c98014598, unit_arg=unit_arg@entry=0x151c98004f80) at /test/10.6_dbg/sql/sql_tvc.cc:269
|
#8 0x000055cb563983b0 in st_select_lex_unit::prepare (this=this@entry=0x151c98004f80, derived_arg=0x0, sel_result=sel_result@entry=0x151c98014570, additional_options=additional_options@entry=2199023255552) at /test/10.6_dbg/sql/sql_union.cc:1567
|
#9 0x000055cb56399fde in mysql_union (thd=thd@entry=0x151c98000db8, lex=lex@entry=0x151c98004eb8, result=result@entry=0x151c98014570, unit=unit@entry=0x151c98004f80, setup_tables_done_option=<optimized out>, setup_tables_done_option@entry=0) at /test/10.6_dbg/sql/sql_union.cc:39
|
#10 0x000055cb56327c0e in handle_select (thd=thd@entry=0x151c98000db8, lex=lex@entry=0x151c98004eb8, result=result@entry=0x151c98014570, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.6_dbg/sql/sql_select.cc:407
|
#11 0x000055cb5629a19d in execute_sqlcom_select (thd=thd@entry=0x151c98000db8, all_tables=0x0) at /test/10.6_dbg/sql/sql_parse.cc:6116
|
#12 0x000055cb562a6c7c in mysql_execute_command (thd=thd@entry=0x151c98000db8) at /test/10.6_dbg/sql/sql_parse.cc:3820
|
#13 0x000055cb56293072 in mysql_parse (thd=thd@entry=0x151c98000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x151cd4c373d0) at /test/10.6_dbg/sql/sql_parse.cc:7881
|
#14 0x000055cb562a11ec in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x151c98000db8, packet=packet@entry=0x151c98008d39 "VALUES ((SELECT 1))", packet_length=packet_length@entry=19) at /test/10.6_dbg/sql/sql_class.h:1293
|
#15 0x000055cb562a452d in do_command (thd=0x151c98000db8) at /test/10.6_dbg/sql/sql_parse.cc:1348
|
#16 0x000055cb564007fc in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55cb5879ab68, put_in_cache=put_in_cache@entry=true) at /test/10.6_dbg/sql/sql_connect.cc:1410
|
#17 0x000055cb56400f03 in handle_one_connection (arg=arg@entry=0x55cb5879ab68) at /test/10.6_dbg/sql/sql_connect.cc:1312
|
#18 0x000055cb568b688f in pfs_spawn_thread (arg=0x55cb586a1f58) at /test/10.6_dbg/storage/perfschema/pfs.cc:2201
|
#19 0x0000151ce9fcd609 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
#20 0x0000151ce9bbc293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
Bug confirmed present in:
MariaDB: 10.3.28 (dbg), 10.3.28 (opt), 10.4.18 (dbg), 10.4.18 (opt), 10.5.9 (dbg), 10.5.9 (opt), 10.6.0 (dbg), 10.6.0 (opt)
Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.2.37 (dbg), 10.2.37 (opt)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.50 (dbg), 5.6.50 (opt), 5.7.32 (dbg), 5.7.32 (opt), 8.0.22 (dbg), 8.0.22 (opt)
Unique ID's seen so far. First line: first testcase, second + third line: testcase by Alice.
SIGSEGV|Item_field::type_handler|subselect_engine::set_row|subselect_single_select_engine::fix_length_and_dec|Item_singlerow_subselect::fix_length_and_dec
|
SIGSEGV|Item_subselect::fix_fields|Item::fix_fields_if_needed|Item::fix_fields_if_needed|fix_fields_for_tvc
|
SIGSEGV|Item_subselect::fix_fields|Item::fix_fields_if_needed|fix_fields_for_tvc|table_value_constr::prepare
|
The problem is that when parsing TVC we use some variables that are global for the processed query. They are LEX::fields, LEX::many_values, LEX::insert_list. We need counterpart variables local for TVC. In order not to modify all code in the grammar rules that currently uses those global we save the globals' values when entering a TVC and restore them when leaving the TVC. Here's a diff that does it:
diff --git a/sql/sql_lex.cc b/sql/sql_lex.cc
|
index b8f6610..cd2a43b 100644
|
--- a/sql/sql_lex.cc
|
+++ b/sql/sql_lex.cc
|
@@ -2421,6 +2421,9 @@ void st_select_lex::init_select()
|
with_dep= 0;
|
join= 0;
|
lock_type= TL_READ_DEFAULT;
|
+ save_field_list.empty();
|
+ save_many_values.empty();
|
+ save_insert_list= 0;
|
tvc= 0;
|
in_funcs.empty();
|
curr_tvc_name= 0;
|
@@ -8276,16 +8279,33 @@ bool LEX::last_field_generated_always_as_row_end()
|
}
|
|
|
+void LEX::tvc_start()
|
+{
|
+ if (!nest_level)
|
+ current_select->init_select();
|
+ else
|
+ {
|
+ current_select->save_field_list= field_list;
|
+ current_select->save_many_values= many_values;
|
+ current_select->save_insert_list= insert_list;
|
+ }
|
+ field_list.empty();
|
+ many_values.empty();
|
+ insert_list= 0;
|
+}
|
+
|
+
|
bool LEX::tvc_finalize()
|
{
|
- mysql_init_select(this);
|
if (unlikely(!(current_select->tvc=
|
new (thd->mem_root)
|
table_value_constr(many_values,
|
current_select,
|
current_select->options))))
|
return true;
|
- many_values.empty();
|
+ field_list= current_select->save_field_list;
|
+ many_values= current_select->save_many_values;
|
+ insert_list= current_select->save_insert_list;
|
if (!current_select->master_unit()->fake_select_lex)
|
current_select->master_unit()->add_fake_select_lex(thd);
|
return false;
|
diff --git a/sql/sql_lex.h b/sql/sql_lex.h
|
index 55929ed..c8e014d 100644
|
--- a/sql/sql_lex.h
|
+++ b/sql/sql_lex.h
|
@@ -1175,6 +1175,9 @@ class st_select_lex: public st_select_lex_node
|
/* it is for correct printing SELECT options */
|
thr_lock_type lock_type;
|
|
+ List<Item> save_field_list;
|
+ List<List_item> save_many_values;
|
+ List<Item> *save_insert_list;
|
table_value_constr *tvc;
|
bool in_tvc;
|
|
@@ -4045,12 +4048,7 @@ struct LEX: public Query_tables_list
|
return false;
|
}
|
|
- void tvc_start()
|
- {
|
- field_list.empty();
|
- many_values.empty();
|
- insert_list= 0;
|
- }
|
+ void tvc_start();
|
bool tvc_finalize();
|
bool tvc_finalize_derived();
|
With the above code (after the fix of MDEV-24675!!!) I had:
MariaDB [test]> values ((values(2)));
|
+-------------+
|
| (values(2)) |
|
+-------------+
|
| 2 |
|
+-------------+
|
MariaDB [test]> select (values(2)) union values ((values(3)));
|
+-------------+
|
| (values(2)) |
|
+-------------+
|
| 2 |
|
| 3 |
|
+-------------+
|
MariaDB [test]> values ((values(2)),(values(3)));
|
+-------------+-------------+
|
| (values(2)) | (values(3)) |
|
+-------------+-------------+
|
| 2 | 3 |
|
+-------------+-------------+
|
MariaDB [test]> values ((values(2))) union values((values(3)));
|
+-------------+
|
| (values(2)) |
|
+-------------+
|
| 2 |
|
| 3 |
|
+-------------+
|
Most probably we have to change LEX::tvc_finalize_derived() similar how it's done in the above diff for LEX::tvc_finalize();
There is actually another more serious bug in wrap_tvc() that causes different crashes for nested TVCs.
The code of wrap_tvc() must be re-written.
The issue also affects optimized builds
VALUES ((VALUES(1)));Leads to:
10.5.6 1c587481966abc7a9ad5309d0a91ca920f7a5657 (Debug)
Core was generated by `/test/MD110820-mariadb-10.5.6-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.Program terminated with signal SIGSEGV, Segmentation fault.#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=11)at ../sysdeps/unix/sysv/linux/pthread_kill.c:57[Current thread is 1 (Thread 0x1536e9e71700 (LWP 1878992))](gdb) bt#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=11) at ../sysdeps/unix/sysv/linux/pthread_kill.c:57#1 0x00005640b83d1b86 in my_write_core (sig=sig@entry=11) at /test/10.5_dbg/mysys/stacktrace.c:519#2 0x00005640b7b88d7b in handle_fatal_signal (sig=11) at /test/10.5_dbg/sql/signal_handler.cc:330#3 <signal handler called>#4 0x00005640b7bc3acf in Item_field::type_handler (this=<optimized out>) at /test/10.5_dbg/sql/item.h:3450#5 0x00005640b7c7c4bc in subselect_engine::set_row (this=this@entry=0x1536c5875660, item_list=@0x1536c5876260: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x1536c5876b10, last = 0x1536c5876b10, elements = 1}, <No data fields>}, row=row@entry=0x1536c5875620) at /test/10.5_dbg/sql/item_subselect.cc:3837#6 0x00005640b7c7c5aa in subselect_single_select_engine::fix_length_and_dec (this=0x1536c5875660, row=0x1536c5875620) at /test/10.5_dbg/sql/item_subselect.cc:3854#7 0x00005640b7c75f4e in Item_singlerow_subselect::fix_length_and_dec (this=0x1536c58754b8) at /test/10.5_dbg/sql/item_subselect.cc:1254#8 0x00005640b7c7a774 in Item_subselect::fix_fields (this=0x1536c58754b8, thd_param=<optimized out>, ref=0x0) at /test/10.5_dbg/sql/item_subselect.cc:325#9 0x00005640b7ae1d29 in Item::fix_fields_if_needed (ref=0x0, thd=0x1536c5815088, this=0x1536c58754b8) at /test/10.5_dbg/sql/item.h:982#10 fix_fields_for_tvc (thd=thd@entry=0x1536c5815088, li=@0x1536e9e6dee0: {<base_list_iterator> = {list = 0x1536c5874c68, el = 0x1536c5874c50, prev = 0x0, current = 0x0}, <No data fields>}) at /test/10.5_dbg/sql/sql_tvc.cc:92#11 0x00005640b7ae2221 in table_value_constr::prepare (this=0x1536c5874c60, thd=0x1536c5815088, sl=sl@entry=0x1536c5874718, tmp_result=tmp_result@entry=0x1536c5878088, unit_arg=unit_arg@entry=0x1536c5876b20) at /test/10.5_dbg/sql/sql_tvc.cc:268#12 0x00005640b79c94eb in st_select_lex_unit::prepare (this=this@entry=0x1536c5876b20, derived_arg=derived_arg@entry=0x1536c5877350, sel_result=<optimized out>, additional_options=additional_options@entry=0) at /test/10.5_dbg/sql/sql_union.cc:1563#13 0x00005640b788fac6 in mysql_derived_prepare (thd=0x1536c5815088, lex=0x1536c5818fd8, derived=0x1536c5877350) at/test/10.5_dbg/sql/sql_derived.cc:816#14 0x00005640b788df3d in mysql_handle_single_derived (lex=lex@entry=0x1536c5818fd8, derived=derived@entry=0x1536c5877350, phases=phases@entry=2) at /test/10.5_dbg/sql/sql_derived.cc:206#15 0x00005640b79ed275 in TABLE_LIST::handle_derived (this=this@entry=0x1536c5877350, lex=lex@entry=0x1536c5818fd8,phases=phases@entry=2) at /test/10.5_dbg/sql/table.cc:9095#16 0x00005640b78b09e3 in LEX::handle_list_of_derived (phases=2, table_list=<optimized out>, this=0x1536c5818fd8) at /test/10.5_dbg/sql/sql_lex.h:4424#17 st_select_lex::handle_derived (this=<optimized out>, lex=0x1536c5818fd8, phases=phases@entry=2) at /test/10.5_dbg/sql/sql_lex.cc:4866#18 0x00005640b794b6b2 in JOIN::prepare (this=0x1536c5877a30, tables_init=<optimized out>, conds_init=<optimized out>, og_num=0, order_init=0x0, skip_order_by=skip_order_by@entry=false, group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x1536c5876110, unit_arg=0x1536c5874cb8) at /test/10.5_dbg/sql/sql_select.cc:1149#19 0x00005640b7c7b3b3 in subselect_single_select_engine::prepare (this=0x1536c5875660, thd=0x1536c5815088) at /test/10.5_dbg/sql/item_subselect.cc:3775#20 0x00005640b7c7a507 in Item_subselect::fix_fields (this=0x1536c58754b8, thd_param=<optimized out>, ref=0x0) at /test/10.5_dbg/sql/item_subselect.cc:285#21 0x00005640b7ae1d29 in Item::fix_fields_if_needed (ref=0x0, thd=0x1536c5815088, this=0x1536c58754b8) at /test/10.5_dbg/sql/item.h:982#22 fix_fields_for_tvc (thd=thd@entry=0x1536c5815088, li=@0x1536e9e6f4c0: {<base_list_iterator> = {list = 0x1536c58756d8, el = 0x1536c58756c0, prev = 0x0, current = 0x0}, <No data fields>}) at /test/10.5_dbg/sql/sql_tvc.cc:92#23 0x00005640b7ae2221 in table_value_constr::prepare (this=0x1536c58756d0, thd=0x1536c5815088, sl=sl@entry=0x1536c5874290, tmp_result=tmp_result@entry=0x1536c5875ff8, unit_arg=unit_arg@entry=0x1536c58190a0) at /test/10.5_dbg/sql/sql_tvc.cc:268#24 0x00005640b79c94eb in st_select_lex_unit::prepare (this=this@entry=0x1536c58190a0, derived_arg=0x0, sel_result=sel_result@entry=0x1536c5875fd0, additional_options=additional_options@entry=2199023255552) at /test/10.5_dbg/sql/sql_union.cc:1563#25 0x00005640b79cb09b in mysql_union (thd=thd@entry=0x1536c5815088, lex=lex@entry=0x1536c5818fd8, result=result@entry=0x1536c5875fd0, unit=unit@entry=0x1536c58190a0, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.5_dbg/sql/sql_union.cc:39#26 0x00005640b79596b6 in handle_select (thd=thd@entry=0x1536c5815088, lex=lex@entry=0x1536c5818fd8, result=result@entry=0x1536c5875fd0, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.5_dbg/sql/sql_select.cc:407#27 0x00005640b78e1d72 in execute_sqlcom_select (thd=thd@entry=0x1536c5815088, all_tables=0x0) at /test/10.5_dbg/sql/sql_parse.cc:6210#28 0x00005640b78dae46 in mysql_execute_command (thd=thd@entry=0x1536c5815088) at /test/10.5_dbg/sql/sql_parse.cc:3932#29 0x00005640b78e7d4e in mysql_parse (thd=thd@entry=0x1536c5815088, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x1536e9e70350, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_dbg/sql/sql_parse.cc:7994#30 0x00005640b78d477e in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x1536c5815088, packet=packet@entry=0x1536c5867089 "VALUES ((VALUES(1)))", packet_length=packet_length@entry=20, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_dbg/sql/sql_parse.cc:1867#31 0x00005640b78d2f58 in do_command (thd=0x1536c5815088) at /test/10.5_dbg/sql/sql_parse.cc:1348#32 0x00005640b7a2fbc9 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x1536c8cd0808, put_in_cache=put_in_cache@entry=true) at /test/10.5_dbg/sql/sql_connect.cc:1410#33 0x00005640b7a302e5 in handle_one_connection (arg=arg@entry=0x1536c8cd0808) at /test/10.5_dbg/sql/sql_connect.cc:1312#34 0x00005640b7e96572 in pfs_spawn_thread (arg=0x1536e6c46508) at /test/10.5_dbg/storage/perfschema/pfs.cc:2201#35 0x00001536e8dea6db in start_thread (arg=0x1536e9e71700) at pthread_create.c:463#36 0x00001536e81e8a3f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:9510.6.0 9118fd360a3da0bba521caf2a35c424968235ac4 (Debug)
Core was generated by `/test/MD010121-mariadb-10.6.0-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.Program terminated with signal SIGSEGV, Segmentation fault.#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=11)at ../sysdeps/unix/sysv/linux/pthread_kill.c:56[Current thread is 1 (Thread 0x14641c6a2700 (LWP 911091))](gdb) bt#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=11) at ../sysdeps/unix/sysv/linux/pthread_kill.c:56#1 0x000055dba7baf0d7 in my_write_core (sig=sig@entry=11) at /test/10.6_dbg/mysys/stacktrace.c:424#2 0x000055dba7343ab1 in handle_fatal_signal (sig=11) at /test/10.6_dbg/sql/signal_handler.cc:330#3 <signal handler called>#4 0x000055dba738408d in Item_field::type_handler (this=<optimized out>) at /test/10.6_dbg/sql/item.h:3458#5 0x000055dba745b2ec in subselect_engine::set_row (this=this@entry=0x1463d8013c70, item_list=@0x1463d8014870: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x1463d8015110, last = 0x1463d8015110, elements = 1}, <No data fields>}, row=row@entry=0x1463d8013c30) at /test/10.6_dbg/sql/item_subselect.cc:3838#6 0x000055dba745b3de in subselect_single_select_engine::fix_length_and_dec (this=0x1463d8013c70, row=0x1463d8013c30) at /test/10.6_dbg/sql/item_subselect.cc:3855#7 0x000055dba745100a in Item_singlerow_subselect::fix_length_and_dec (this=0x1463d8013ac8) at /test/10.6_dbg/sql/item_subselect.cc:1254#8 0x000055dba7456a82 in Item_subselect::fix_fields (this=0x1463d8013ac8, thd_param=<optimized out>, ref=0x0) at /test/10.6_dbg/sql/item_subselect.cc:325#9 0x000055dba7299170 in Item::fix_fields_if_needed (ref=0x0, thd=0x1463d8000db8, this=0x1463d8013ac8) at /test/10.6_dbg/sql/sql_list.h:443#10 fix_fields_for_tvc (thd=thd@entry=0x1463d8000db8, li=@0x14641c69f1a0: {<base_list_iterator> = {list = 0x1463d8013278, el = 0x1463d8013260, prev = 0x0, current = 0x0}, <No data fields>}) at /test/10.6_dbg/sql/sql_tvc.cc:93#11 0x000055dba7299685 in table_value_constr::prepare (this=0x1463d8013270, thd=0x1463d8000db8, sl=sl@entry=0x1463d8012d30, tmp_result=tmp_result@entry=0x1463d8016688, unit_arg=unit_arg@entry=0x1463d8015120) at /test/10.6_dbg/sql/sql_tvc.cc:269#12 0x000055dba71703b0 in st_select_lex_unit::prepare (this=this@entry=0x1463d8015120, derived_arg=derived_arg@entry=0x1463d8015950, sel_result=<optimized out>, additional_options=additional_options@entry=0) at /test/10.6_dbg/sql/sql_union.cc:1567#13 0x000055dba7022be8 in mysql_derived_prepare (thd=0x1463d8000db8, lex=0x1463d8004eb8, derived=0x1463d8015950) at /test/10.6_dbg/sql/sql_derived.cc:816#14 0x000055dba7020f0c in mysql_handle_single_derived (lex=lex@entry=0x1463d8004eb8, derived=derived@entry=0x1463d8015950, phases=phases@entry=2) at /test/10.6_dbg/sql/sql_derived.cc:206#15 0x000055dba719539b in TABLE_LIST::handle_derived (this=this@entry=0x1463d8015950, lex=lex@entry=0x1463d8004eb8, phases=phases@entry=2) at /test/10.6_dbg/sql/table.cc:9120#16 0x000055dba70455c5 in LEX::handle_list_of_derived (phases=2, table_list=<optimized out>, this=0x1463d8004eb8) at /test/10.6_dbg/sql/table.h:2704#17 st_select_lex::handle_derived (this=<optimized out>, lex=0x1463d8004eb8, phases=phases@entry=2) at /test/10.6_dbg/sql/sql_lex.cc:4911#18 0x000055dba70e5f55 in JOIN::prepare (this=0x1463d8016030, tables_init=<optimized out>, conds_init=<optimized out>, og_num=0, order_init=0x0, skip_order_by=skip_order_by@entry=false, group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x1463d8014720, unit_arg=0x1463d80132c8) at /test/10.6_dbg/sql/sql_select.cc:1158#19 0x000055dba74578e8 in subselect_single_select_engine::prepare (this=0x1463d8013c70, thd=0x1463d8000db8) at /test/10.6_dbg/sql/sql_lex.h:1350#20 0x000055dba7456a35 in Item_subselect::fix_fields (this=0x1463d8013ac8, thd_param=<optimized out>, ref=0x0) at /test/10.6_dbg/sql/item_subselect.cc:285#21 0x000055dba7299170 in Item::fix_fields_if_needed (ref=0x0, thd=0x1463d8000db8, this=0x1463d8013ac8) at /test/10.6_dbg/sql/sql_list.h:443#22 fix_fields_for_tvc (thd=thd@entry=0x1463d8000db8, li=@0x14641c6a0740: {<base_list_iterator> = {list = 0x1463d8013ce8, el = 0x1463d8013cd0, prev = 0x0, current = 0x0}, <No data fields>}) at /test/10.6_dbg/sql/sql_tvc.cc:93#23 0x000055dba7299685 in table_value_constr::prepare (this=0x1463d8013ce0, thd=0x1463d8000db8, sl=sl@entry=0x1463d80128b0, tmp_result=tmp_result@entry=0x1463d8014608, unit_arg=unit_arg@entry=0x1463d8004f80) at /test/10.6_dbg/sql/sql_tvc.cc:269#24 0x000055dba71703b0 in st_select_lex_unit::prepare (this=this@entry=0x1463d8004f80, derived_arg=0x0, sel_result=sel_result@entry=0x1463d80145e0, additional_options=additional_options@entry=2199023255552) at /test/10.6_dbg/sql/sql_union.cc:1567#25 0x000055dba7171fde in mysql_union (thd=thd@entry=0x1463d8000db8, lex=lex@entry=0x1463d8004eb8, result=result@entry=0x1463d80145e0, unit=unit@entry=0x1463d8004f80, setup_tables_done_option=<optimized out>, setup_tables_done_option@entry=0) at /test/10.6_dbg/sql/sql_union.cc:39#26 0x000055dba70ffc0e in handle_select (thd=thd@entry=0x1463d8000db8, lex=lex@entry=0x1463d8004eb8, result=result@entry=0x1463d80145e0, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.6_dbg/sql/sql_select.cc:407#27 0x000055dba707219d in execute_sqlcom_select (thd=thd@entry=0x1463d8000db8, all_tables=0x0) at /test/10.6_dbg/sql/sql_parse.cc:6116#28 0x000055dba707ec7c in mysql_execute_command (thd=thd@entry=0x1463d8000db8) at /test/10.6_dbg/sql/sql_parse.cc:3820#29 0x000055dba706b072 in mysql_parse (thd=thd@entry=0x1463d8000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14641c6a13d0) at /test/10.6_dbg/sql/sql_parse.cc:7881#30 0x000055dba70791ec in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x1463d8000db8, packet=packet@entry=0x1463d8008d39 "VALUES ((VALUES(1)))", packet_length=packet_length@entry=20) at /test/10.6_dbg/sql/sql_class.h:1293#31 0x000055dba707c52d in do_command (thd=0x1463d8000db8) at /test/10.6_dbg/sql/sql_parse.cc:1348#32 0x000055dba71d87fc in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55dbaaa03458, put_in_cache=put_in_cache@entry=true) at /test/10.6_dbg/sql/sql_connect.cc:1410#33 0x000055dba71d8f03 in handle_one_connection (arg=arg@entry=0x55dbaaa03458) at /test/10.6_dbg/sql/sql_connect.cc:1312#34 0x000055dba768e88f in pfs_spawn_thread (arg=0x55dbaa94f8b8) at /test/10.6_dbg/storage/perfschema/pfs.cc:2201#35 0x000014641f76e609 in start_thread (arg=<optimized out>) at pthread_create.c:477#36 0x000014641f35d293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95Bug confirmed present in:
MariaDB: 10.3.28 (dbg), 10.3.28 (opt), 10.4.18 (dbg), 10.4.18 (opt), 10.5.9 (opt), 10.6.0 (dbg), 10.6.0 (opt)
Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.2.37 (dbg), 10.2.37 (opt), 10.5.9 (dbg)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.50 (dbg), 5.6.50 (opt), 5.7.32 (dbg), 5.7.32 (opt), 8.0.22 (dbg), 8.0.22 (opt)