Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-23384

Server crashes in subselect_indexsubquery_engine::print with optimizer trace enabled

    XMLWordPrintable

Details

    Description

      --source include/have_innodb.inc
       
      CREATE TABLE t1 (a INT) ENGINE=MyISAM;
      INSERT INTO t1 VALUES (1),(2);
       
      CREATE TABLE t2 (b INT) ENGINE=MyISAM;
      INSERT INTO t2 VALUES (3),(4);
       
      CREATE TABLE t3 (c INT) ENGINE=MyISAM;
       
      CREATE TABLE t4 (d INT) ENGINE=MyISAM;
      INSERT INTO t4 VALUES (5),(6);
       
      CREATE TABLE t9_InnoDB (col_int INT) ENGINE=MyISAM;
      INSERT INTO t9_InnoDB VALUES (1),(2);
       
      SET SESSION optimizer_trace= 'enabled=on';
       
      UPDATE t1, t2 SET t2.b = 1 WHERE (WITH cte1 AS (SELECT MAX(c) FROM t3 WHERE c = 0 OR c IN (WITH cte2 AS (SELECT d FROM t4) SELECT * FROM cte2)) SELECT * FROM cte1) IS NULL;
       
      # Cleanup
      DROP TABLE t1, t2, t3, t4;
      

      10.4 00f964ab

      #3  <signal handler called>
      #4  0x00005622123d5e22 in subselect_indexsubquery_engine::print (this=0x7ff3fc1c50a8, str=0x7ff44a20b5d0, query_type=1545) at /data/src/10.4/sql/item_subselect.cc:4508
      #5  0x00005622123c890d in Item_subselect::print (this=0x7ff3fc0181e8, str=0x7ff44a20b5d0, query_type=1545) at /data/src/10.4/sql/item_subselect.cc:1002
      #6  0x00005622123d2908 in Item_in_subselect::print (this=0x7ff3fc0181e8, str=0x7ff44a20b5d0, query_type=1545) at /data/src/10.4/sql/item_subselect.cc:3311
      #7  0x00005622123721c8 in Item_func::print_args (this=0x7ff3fc1a94a8, str=0x7ff44a20b5d0, from=0, query_type=1545) at /data/src/10.4/sql/item_func.cc:610
      #8  0x0000562212372127 in Item_func::print (this=0x7ff3fc1a94a8, str=0x7ff44a20b5d0, query_type=1545) at /data/src/10.4/sql/item_func.cc:599
      #9  0x000056221233276d in Item_in_optimizer::print (this=0x7ff3fc1a94a8, str=0x7ff44a20b5d0, query_type=1545) at /data/src/10.4/sql/item_cmpfunc.cc:1240
      #10 0x0000562212021cf5 in st_select_lex::print (this=0x7ff3fc0143f0, thd=0x7ff3fc000af0, str=0x7ff44a20b5d0, query_type=1545) at /data/src/10.4/sql/sql_select.cc:27542
      #11 0x0000562211f5b136 in st_select_lex_unit::print (this=0x7ff3fc018568, str=0x7ff44a20b5d0, query_type=1545) at /data/src/10.4/sql/sql_lex.cc:3027
      #12 0x00005622121d4180 in With_element::print (this=0x7ff3fc018d60, str=0x7ff44a20b5d0, query_type=1545) at /data/src/10.4/sql/sql_cte.cc:1462
      #13 0x00005622121d4054 in With_clause::print (this=0x7ff3fc014360, str=0x7ff44a20b5d0, query_type=1545) at /data/src/10.4/sql/sql_cte.cc:1424
      #14 0x00005622123d5bac in subselect_single_select_engine::print (this=0x7ff3fc1a79e8, str=0x7ff44a20b5d0, query_type=1033) at /data/src/10.4/sql/item_subselect.cc:4440
      #15 0x00005622123c890d in Item_subselect::print (this=0x7ff3fc018ff8, str=0x7ff44a20b5d0, query_type=1033) at /data/src/10.4/sql/item_subselect.cc:1002
      #16 0x00005622123050ad in Item::print_parenthesised (this=0x7ff3fc018ff8, str=0x7ff44a20b5d0, query_type=1033, parent_prec=CMP_PRECEDENCE) at /data/src/10.4/sql/item.cc:487
      #17 0x0000562212340eae in Item_func_isnull::print (this=0x7ff3fc1a7a28, str=0x7ff44a20b5d0, query_type=1033) at /data/src/10.4/sql/item_cmpfunc.cc:5399
      #18 0x00005622121e2981 in Json_writer::add_str (this=0x7ff3fc1aa6b0, item=0x7ff3fc1a7a28) at /data/src/10.4/sql/opt_trace.cc:696
      #19 0x000056221202d26e in Json_value_helper::add_str (this=0x7ff44a20b7d8, item=0x7ff3fc1a7a28) at /data/src/10.4/sql/my_json_writer.h:275
      #20 0x000056221202d78a in Json_writer_object::add (this=0x7ff44a20b7d0, name=0x562212c9d3bf "original_condition", value=0x7ff3fc1a7a28) at /data/src/10.4/sql/my_json_writer.h:454
      #21 0x00005622120041f4 in optimize_cond (join=0x7ff3fc1a9a18, conds=0x7ff3fc1a7a28, join_list=0x7ff3fc0053d0, ignore_on_conds=false, cond_value=0x7ff3fc1a9d28, cond_equal=0x7ff3fc1a9e50, flags=1) at /data/src/10.4/sql/sql_select.cc:16968
      #22 0x0000562211fd8eaa in JOIN::optimize_inner (this=0x7ff3fc1a9a18) at /data/src/10.4/sql/sql_select.cc:2008
      #23 0x0000562211fd7748 in JOIN::optimize (this=0x7ff3fc1a9a18) at /data/src/10.4/sql/sql_select.cc:1610
      #24 0x0000562211fe2bf0 in mysql_select (thd=0x7ff3fc000af0, tables=0x7ff3fc0133a0, wild_num=0, fields=..., conds=0x7ff3fc1a7a28, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=1342177408, result=0x7ff3fc1a9940, unit=0x7ff3fc004a18, select_lex=0x7ff3fc005210) at /data/src/10.4/sql/sql_select.cc:4673
      #25 0x00005622120a3704 in mysql_multi_update (thd=0x7ff3fc000af0, table_list=0x7ff3fc0133a0, fields=0x7ff3fc005358, values=0x7ff3fc0058e0, conds=0x7ff3fc1a7a28, options=0, handle_duplicates=DUP_ERROR, ignore=false, unit=0x7ff3fc004a18, select_lex=0x7ff3fc005210, result=0x7ff44a20bf00) at /data/src/10.4/sql/sql_update.cc:1927
      #26 0x0000562211f911f3 in mysql_execute_command (thd=0x7ff3fc000af0) at /data/src/10.4/sql/sql_parse.cc:4436
      #27 0x0000562211f9cf33 in mysql_parse (thd=0x7ff3fc000af0, rawbuf=0x7ff3fc013198 "UPDATE t1, t2 SET t2.b = 1 WHERE (WITH cte1 AS (SELECT MAX(c) FROM t3 WHERE c = 0 OR c IN (WITH cte2 AS (SELECT d FROM t4) SELECT * FROM cte2)) SELECT * FROM cte1) IS NULL", length=171, parser_state=0x7ff44a20c570, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:7896
      #28 0x0000562211f89468 in dispatch_command (command=COM_QUERY, thd=0x7ff3fc000af0, packet=0x7ff3fc0083a1 "UPDATE t1, t2 SET t2.b = 1 WHERE (WITH cte1 AS (SELECT MAX(c) FROM t3 WHERE c = 0 OR c IN (WITH cte2 AS (SELECT d FROM t4) SELECT * FROM cte2)) SELECT * FROM cte1) IS NULL", packet_length=171, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:1835
      #29 0x0000562211f87c0a in do_command (thd=0x7ff3fc000af0) at /data/src/10.4/sql/sql_parse.cc:1353
      #30 0x0000562212110fa0 in do_handle_one_connection (connect=0x56221547a8e0) at /data/src/10.4/sql/sql_connect.cc:1412
      #31 0x0000562212110cef in handle_one_connection (arg=0x56221547a8e0) at /data/src/10.4/sql/sql_connect.cc:1316
      #32 0x0000562212b130d5 in pfs_spawn_thread (arg=0x56221539d2a0) at /data/src/10.4/storage/perfschema/pfs.cc:1869
      #33 0x00007ff456df04a4 in start_thread (arg=0x7ff44a20d700) at pthread_create.c:456
      #34 0x00007ff454f24d0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97
      

      Reproducible the same way on 10.4-10.5, debug, non-debug and ASAN builds, with MyISAM and Aria.
      Couldn't reproduce with the provided test case with InnoDB instead of MyISAM.
      Not applicable to earlier versions of CS due to optimizer trace.

      Attachments

        Activity

          People

            psergei Sergei Petrunia
            elenst Elena Stepanova
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.