Details
-
Bug
-
Status: Confirmed (View Workflow)
-
Major
-
Resolution: Unresolved
-
10.4(EOL), 10.5, 10.6, 10.9(EOL), 10.10(EOL), 10.11, 11.0(EOL), 11.1(EOL)
Description
There quite a few marked_for_read bugs, but none looks related or identical, and this one requires the optimizer_trace option to be set. This bug does not seem to be a regression as optimizer_trace is not available in 10.3.
SET SESSION optimizer_trace="enabled=on";
|
CREATE TABLE t1 (i INT) ENGINE=InnoDB;
|
CREATE TABLE t2 (c INT) ENGINE=MyISAM;
|
INSERT INTO t2 VALUES (1);
|
SELECT 1 FROM (SELECT 1 IN (SELECT 1 FROM t1 WHERE (SELECT 1 FROM t2 HAVING c)) FROM t2) AS z;
|
Leads to:
|
10.6.0 9118fd360a3da0bba521caf2a35c424968235ac4 (Debug) |
mysqld: /test/10.6_dbg/sql/field.cc:4417: virtual String* Field_long::val_str(String*, String*): Assertion `marked_for_read()' failed.
|
|
10.6.0 9118fd360a3da0bba521caf2a35c424968235ac4 (Debug) |
Core was generated by `/test/MD010121-mariadb-10.6.0-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
|
Program terminated with signal SIGABRT, Aborted.
|
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=6)
|
at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
|
[Current thread is 1 (Thread 0x14dea40a3700 (LWP 1993186))]
|
(gdb) bt
|
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=6) at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
|
#1 0x0000559e04f4f0d7 in my_write_core (sig=sig@entry=6) at /test/10.6_dbg/mysys/stacktrace.c:424
|
#2 0x0000559e046e3ab1 in handle_fatal_signal (sig=6) at /test/10.6_dbg/sql/signal_handler.cc:330
|
#3 <signal handler called>
|
#4 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
|
#5 0x000014dea5e63859 in __GI_abort () at abort.c:79
|
#6 0x000014dea5e63729 in __assert_fail_base (fmt=0x14dea5ff9588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x559e052388dc "marked_for_read()", file=0x559e052386c3 "/test/10.6_dbg/sql/field.cc", line=4417, function=<optimized out>) at assert.c:92
|
#7 0x000014dea5e74f36 in __GI___assert_fail (assertion=assertion@entry=0x559e052388dc "marked_for_read()", file=file@entry=0x559e052386c3 "/test/10.6_dbg/sql/field.cc", line=line@entry=4417, function=function@entry=0x559e0523b238 "virtual String* Field_long::val_str(String*, String*)") at assert.c:101
|
#8 0x0000559e046bd20b in Field_long::val_str (this=0x14de54077218, val_buffer=0x14dea40a0dc0, val_ptr=<optimized out>) at /test/10.6_dbg/sql/field.cc:4417
|
#9 0x0000559e04705ab9 in Item_field::val_str (this=0x14de5407b1e8, str=0x14dea40a0dc0) at /test/10.6_dbg/sql/item.cc:3245
|
#10 0x0000559e047118c9 in Item::print_value (this=0x14de5407b1e8, str=0x14dea40a1300) at /test/10.6_dbg/sql/item.cc:516
|
#11 0x0000559e04711b03 in Item_field::print (this=<optimized out>, str=<optimized out>, query_type=<optimized out>) at /test/10.6_dbg/sql/item.cc:7661
|
#12 0x0000559e04711682 in Item::print_parenthesised (this=this@entry=0x14de5407b1e8, str=str@entry=0x14dea40a1300, query_type=query_type@entry=1033, parent_prec=CMP_PRECEDENCE) at /test/10.6_dbg/sql/item.cc:486
|
#13 0x0000559e04787579 in Item_func::print_op (this=0x14de54014c38, str=0x14dea40a1300, query_type=1033) at /test/10.6_dbg/sql/item_func.cc:638
|
#14 0x0000559e04752d9f in Item_bool_rowready_func2::print (this=<optimized out>, str=<optimized out>, query_type=<optimized out>) at /test/10.6_dbg/sql/item_cmpfunc.h:524
|
#15 0x0000559e0449255d in st_select_lex::print (this=0x14de54013e38, thd=thd@entry=0x14de54000db8, str=str@entry=0x14dea40a1300, query_type=query_type@entry=1033) at /test/10.6_dbg/sql/sql_select.cc:27735
|
#16 0x0000559e047f1a54 in subselect_single_select_engine::print (this=0x14de54015830, str=0x14dea40a1300, query_type=1033) at /test/10.6_dbg/sql/item_subselect.cc:4495
|
#17 0x0000559e047f1fc9 in Item_subselect::print (this=0x14de54015688, str=0x14dea40a1300, query_type=1033) at /test/10.6_dbg/sql/item_subselect.cc:1038
|
#18 0x0000559e046406d9 in Json_writer::add_str (this=this@entry=0x14de54070510, item=item@entry=0x14de54015688) at /test/10.6_dbg/sql/opt_trace.cc:697
|
#19 0x0000559e04453403 in Json_value_helper::add_str (item=0x14de54015688, this=<synthetic pointer>) at /test/10.6_dbg/sql/my_json_writer.h:454
|
#20 Json_writer_object::add (value=0x14de54015688, name=0x559e050c5b1e "original_condition", this=<synthetic pointer>) at /test/10.6_dbg/sql/my_json_writer.h:454
|
#21 optimize_cond (join=join@entry=0x14de5407a600, conds=0x14de54015688, join_list=0x14de540133c8, ignore_on_conds=ignore_on_conds@entry=false, cond_value=cond_value@entry=0x14de5407a918, cond_equal=cond_equal@entry=0x14de5407aa40, flags=1) at /test/10.6_dbg/sql/sql_select.cc:17002
|
#22 0x0000559e0449e345 in JOIN::optimize_inner (this=this@entry=0x14de5407a600) at /test/10.6_dbg/sql/sql_select.cc:1995
|
#23 0x0000559e0449f06c in JOIN::optimize (this=this@entry=0x14de5407a600) at /test/10.6_dbg/sql/sql_select.cc:1627
|
#24 0x0000559e043e7517 in st_select_lex::optimize_unflattened_subqueries (this=0x14de540127e0, const_only=const_only@entry=false) at /test/10.6_dbg/sql/sql_lex.cc:4852
|
#25 0x0000559e045d84cb in JOIN::optimize_unflattened_subqueries (this=this@entry=0x14de54079b10) at /test/10.6_dbg/sql/opt_subselect.cc:5555
|
#26 0x0000559e0449c554 in JOIN::optimize_stage2 (this=this@entry=0x14de54079b10) at /test/10.6_dbg/sql/sql_select.cc:2826
|
#27 0x0000559e0449ee3b in JOIN::optimize_inner (this=this@entry=0x14de54079b10) at /test/10.6_dbg/sql/sql_select.cc:2277
|
#28 0x0000559e0449f06c in JOIN::optimize (this=this@entry=0x14de54079b10) at /test/10.6_dbg/sql/sql_select.cc:1627
|
#29 0x0000559e0449f9ba in mysql_select (thd=thd@entry=0x14de54000db8, tables=0x14de540172c8, fields=@0x14de54012930: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14de54012ce8, last = 0x14de54012ce8, elements = 1}, <No data fields>}, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x14de54018350, unit=0x14de54004f80, select_lex=0x14de540127e0) at /test/10.6_dbg/sql/sql_select.cc:4654
|
#30 0x0000559e0449fcd0 in handle_select (thd=thd@entry=0x14de54000db8, lex=lex@entry=0x14de54004eb8, result=result@entry=0x14de54018350, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.6_dbg/sql/sql_select.cc:417
|
#31 0x0000559e0441219d in execute_sqlcom_select (thd=thd@entry=0x14de54000db8, all_tables=0x14de540172c8) at /test/10.6_dbg/sql/sql_parse.cc:6116
|
#32 0x0000559e0441ec7c in mysql_execute_command (thd=thd@entry=0x14de54000db8) at /test/10.6_dbg/sql/sql_parse.cc:3820
|
#33 0x0000559e0440b072 in mysql_parse (thd=thd@entry=0x14de54000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14dea40a23d0) at /test/10.6_dbg/sql/sql_parse.cc:7881
|
#34 0x0000559e044191ec in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14de54000db8, packet=packet@entry=0x14de54008d39 "SELECT 1 FROM (SELECT 1 IN (SELECT 1 FROM t1 WHERE (SELECT 1 FROM t2 HAVING c)) FROM t2) AS z", packet_length=packet_length@entry=93) at /test/10.6_dbg/sql/sql_class.h:1293
|
#35 0x0000559e0441c52d in do_command (thd=0x14de54000db8) at /test/10.6_dbg/sql/sql_parse.cc:1348
|
#36 0x0000559e045787fc in do_handle_one_connection (connect=<optimized out>, connect@entry=0x559e07d5e9a8, put_in_cache=put_in_cache@entry=true) at /test/10.6_dbg/sql/sql_connect.cc:1410
|
#37 0x0000559e04578f03 in handle_one_connection (arg=arg@entry=0x559e07d5e9a8) at /test/10.6_dbg/sql/sql_connect.cc:1312
|
#38 0x0000559e04a2e88f in pfs_spawn_thread (arg=0x559e07c86898) at /test/10.6_dbg/storage/perfschema/pfs.cc:2201
|
#39 0x000014dea6371609 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
#40 0x000014dea5f60293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
Bug confirmed present in:
MariaDB: 10.4.18 (dbg), 10.5.9 (dbg), 10.6.0 (dbg)
Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.2.37 (dbg), 10.2.37 (opt), 10.3.28 (dbg), 10.3.28 (opt), 10.4.18 (opt), 10.5.9 (opt), 10.6.0 (opt)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.50 (dbg), 5.6.50 (opt), 5.7.32 (dbg), 5.7.32 (opt), 8.0.22 (dbg), 8.0.22 (opt)
Attachments
Issue Links
- relates to
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
Activity
SET SESSION optimizer_trace=1; |
CREATE TABLE t1 (c VARCHAR(1)) ENGINE=InnoDB; |
CREATE TEMPORARY TABLE t2 (b VARCHAR(1)) ENGINE=MEMORY; |
INSERT INTO t2 VALUES (1); |
EXPLAIN SELECT 1 FROM (SELECT 1 IN (SELECT 1 FROM t1 WHERE (SELECT 1 FROM t2 HAVING b) NOT IN (SELECT 1 FROM t2)) FROM t2) AS z; |
Leads to:
|
10.7.0 57f14eab20ae2733eb341f3d293515a10a40bc48 (Debug) |
mysqld: /test/10.7_dbg/sql/field.cc:7838: virtual String* Field_varstring::val_str(String*, String*): Assertion `marked_for_read()' failed.
|
|
10.7.0 57f14eab20ae2733eb341f3d293515a10a40bc48 (Debug) |
Core was generated by `/test/MD090721-mariadb-10.7.0-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
|
Program terminated with signal SIGABRT, Aborted.
|
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
|
[Current thread is 1 (Thread 0x14e6686b4700 (LWP 3047717))]
|
(gdb) bt
|
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
|
#1 0x000014e66b272859 in __GI_abort () at abort.c:79
|
#2 0x000014e66b272729 in __assert_fail_base (fmt=0x14e66b408588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x55c72685afbc "marked_for_read()", file=0x55c72685ada3 "/test/10.7_dbg/sql/field.cc", line=7838, function=<optimized out>) at assert.c:92
|
#3 0x000014e66b283f36 in __GI___assert_fail (assertion=assertion@entry=0x55c72685afbc "marked_for_read()", file=file@entry=0x55c72685ada3 "/test/10.7_dbg/sql/field.cc", line=line@entry=7838, function=function@entry=0x55c72685cd40 "virtual String* Field_varstring::val_str(String*, String*)") at assert.c:101
|
#4 0x000055c725cdd5d4 in Field_varstring::val_str (this=0x14e618029e78, val_buffer=<optimized out>, val_ptr=0x14e61804db00) at /test/10.7_dbg/sql/field.cc:7838
|
#5 0x000055c725d28f6a in Item_field::val_str (this=0x14e61804dad8, str=0x14e6686b1d20) at /test/10.7_dbg/sql/item.cc:3277
|
#6 0x000055c725d355ad in Item::print_value (this=0x14e61804dad8, str=0x14e6686b2380) at /test/10.7_dbg/sql/item.cc:526
|
#7 0x000055c725d35939 in Item_field::print (this=<optimized out>, str=<optimized out>, query_type=<optimized out>) at /test/10.7_dbg/sql/item.cc:7711
|
#8 0x000055c725d35368 in Item::print_parenthesised (this=this@entry=0x14e61804dad8, str=str@entry=0x14e6686b2380, query_type=query_type@entry=1033, parent_prec=CMP_PRECEDENCE) at /test/10.7_dbg/sql/item.cc:496
|
#9 0x000055c725da73f0 in Item_func::print_op (this=0x14e6180164f8, str=0x14e6686b2380, query_type=1033) at /test/10.7_dbg/sql/item_func.cc:630
|
#10 0x000055c725d744bf in Item_bool_rowready_func2::print (this=<optimized out>, str=<optimized out>, query_type=<optimized out>) at /test/10.7_dbg/sql/item_cmpfunc.h:551
|
#11 0x000055c725a96906 in st_select_lex::print (this=0x14e618015740, thd=thd@entry=0x14e618000db8, str=str@entry=0x14e6686b2380, query_type=query_type@entry=1033) at /test/10.7_dbg/sql/sql_select.cc:28240
|
#12 0x000055c725e0a63a in subselect_single_select_engine::print (this=0x14e6180170a8, str=0x14e6686b2380, query_type=1033) at /test/10.7_dbg/sql/item_subselect.cc:4606
|
#13 0x000055c725e0aeb1 in Item_subselect::print (this=0x14e618016f20, str=0x14e6686b2380, query_type=1033) at /test/10.7_dbg/sql/item_subselect.cc:1116
|
#14 0x000055c725da6f46 in Item_func::print_args (this=this@entry=0x14e61804e3a0, str=str@entry=0x14e6686b2380, from=from@entry=0, query_type=query_type@entry=1033) at /test/10.7_dbg/sql/item_func.cc:621
|
#15 0x000055c725da7164 in Item_func::print (this=this@entry=0x14e61804e3a0, str=str@entry=0x14e6686b2380, query_type=query_type@entry=1033) at /test/10.7_dbg/sql/item_func.cc:610
|
#16 0x000055c725d65378 in Item_in_optimizer::print (this=0x14e61804e3a0, str=0x14e6686b2380, query_type=1033) at /test/10.7_dbg/sql/item_cmpfunc.cc:1241
|
#17 0x000055c725d3539c in Item::print_parenthesised (this=this@entry=0x14e61804e3a0, str=str@entry=0x14e6686b2380, query_type=query_type@entry=1033, parent_prec=<optimized out>) at /test/10.7_dbg/sql/item.cc:496
|
#18 0x000055c725d5fa25 in Item_func_not::print (this=0x14e618018790, str=0x14e6686b2380, query_type=1033) at /test/10.7_dbg/sql/item_cmpfunc.cc:210
|
#19 0x000055c725c5f635 in Json_writer::add_str (this=this@entry=0x14e618008200, item=item@entry=0x14e618018790) at /test/10.7_dbg/sql/opt_trace.cc:711
|
#20 0x000055c725a588c3 in Json_value_helper::add_str (item=0x14e618018790, this=<synthetic pointer>) at /test/10.7_dbg/sql/my_json_writer.h:454
|
#21 Json_writer_object::add (value=0x14e618018790, name=0x55c7266dbafd "original_condition", this=<synthetic pointer>) at /test/10.7_dbg/sql/my_json_writer.h:454
|
#22 optimize_cond (join=join@entry=0x14e61804ccc8, conds=0x14e618018790, join_list=0x14e618014cc0, ignore_on_conds=ignore_on_conds@entry=false, cond_value=cond_value@entry=0x14e61804d010, cond_equal=cond_equal@entry=0x14e61804d138, flags=1) at /test/10.7_dbg/sql/sql_select.cc:17393
|
#23 0x000055c725aa251f in JOIN::optimize_inner (this=this@entry=0x14e61804ccc8) at /test/10.7_dbg/sql/sql_select.cc:2192
|
#24 0x000055c725aa3298 in JOIN::optimize (this=this@entry=0x14e61804ccc8) at /test/10.7_dbg/sql/sql_select.cc:1807
|
#25 0x000055c7259ed738 in st_select_lex::optimize_unflattened_subqueries (this=0x14e618014108, const_only=const_only@entry=false) at /test/10.7_dbg/sql/sql_lex.cc:4937
|
#26 0x000055c725be6bdb in JOIN::optimize_unflattened_subqueries (this=this@entry=0x14e61804be68) at /test/10.7_dbg/sql/opt_subselect.cc:5567
|
#27 0x000055c725aa0737 in JOIN::optimize_stage2 (this=this@entry=0x14e61804be68) at /test/10.7_dbg/sql/sql_select.cc:3059
|
#28 0x000055c725aa308d in JOIN::optimize_inner (this=this@entry=0x14e61804be68) at /test/10.7_dbg/sql/sql_select.cc:2477
|
#29 0x000055c725aa3298 in JOIN::optimize (this=this@entry=0x14e61804be68) at /test/10.7_dbg/sql/sql_select.cc:1807
|
#30 0x000055c725aa3911 in mysql_select (thd=thd@entry=0x14e618000db8, tables=0x14e61804ad38, fields=@0x14e6180143a8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14e618014600, last = 0x14e618014600, elements = 1}, <No data fields>}, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748612, result=0x14e618019c10, unit=0x14e618005130, select_lex=0x14e618014108) at /test/10.7_dbg/sql/sql_select.cc:4968
|
#31 0x000055c725aa3fbd in mysql_explain_union (thd=thd@entry=0x14e618000db8, unit=unit@entry=0x14e618005130, result=result@entry=0x14e618019c10) at /test/10.7_dbg/sql/sql_select.cc:27701
|
#32 0x000055c725a1741c in execute_sqlcom_select (thd=thd@entry=0x14e618000db8, all_tables=0x14e61804ad38) at /test/10.7_dbg/sql/sql_parse.cc:6191
|
#33 0x000055c725a24592 in mysql_execute_command (thd=thd@entry=0x14e618000db8, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.7_dbg/sql/sql_parse.cc:3947
|
#34 0x000055c725a10b27 in mysql_parse (thd=thd@entry=0x14e618000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14e6686b3400) at /test/10.7_dbg/sql/sql_parse.cc:8026
|
#35 0x000055c725a1f692 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14e618000db8, packet=packet@entry=0x14e61800b769 "", packet_length=packet_length@entry=127, blocking=blocking@entry=true) at /test/10.7_dbg/sql/sql_class.h:1340
|
#36 0x000055c725a22aaa in do_command (thd=0x14e618000db8, blocking=blocking@entry=true) at /test/10.7_dbg/sql/sql_parse.cc:1404
|
#37 0x000055c725b8709a in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55c72932d148, put_in_cache=put_in_cache@entry=true) at /test/10.7_dbg/sql/sql_connect.cc:1410
|
#38 0x000055c725b8769f in handle_one_connection (arg=arg@entry=0x55c72932d148) at /test/10.7_dbg/sql/sql_connect.cc:1312
|
#39 0x000055c726036400 in pfs_spawn_thread (arg=0x55c729216138) at /test/10.7_dbg/storage/perfschema/pfs.cc:2201
|
#40 0x000014e66b781609 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
#41 0x000014e66b36f293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
Bug confirmed present in:
MariaDB: 10.4.20 (dbg), 10.5.11 (dbg), 10.6.3 (dbg), 10.7.0 (dbg)
Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.2.39 (dbg), 10.2.39 (opt), 10.3.30 (dbg), 10.3.30 (opt), 10.4.20 (opt), 10.5.11 (opt), 10.6.3 (opt), 10.7.0 (opt)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.34 (dbg), 5.7.34 (opt), 8.0.24 (dbg), 8.0.24 (opt)
Please also test this testcase:
SET default_storage_engine=MEMORY; |
CREATE TABLE t (b BIT(1)); |
INSERT INTO t VALUES (1); |
CREATE TABLE t2 (i FLOAT); |
SET SESSION optimizer_trace=1; |
SELECT 1 FROM (SELECT 1 IN (SELECT 1 FROM t2 WHERE (SELECT 1 FROM t HAVING b) NOT IN (SELECT 1 FROM t)) FROM t) AS z; |
marked_for_read()|SIGABRT|Field_bit::val_str|Item_field::val_str|Item::print_value|Item_field::print
|
Another stack with
SET optimizer_trace='enabled=on'; |
CREATE TABLE t1 ENGINE=MEMORY SELECT NOW() AS a,curTIME() AS b,CURDATE() AS c,1 AS d,+1 AS e,+1 AS f; |
CREATE TABLE t2 (a INT); |
SELECT 1 FROM (SELECT 1 IN (SELECT 1 FROM t2 WHERE (SELECT 1 FROM t1 HAVING c)) FROM t1) AS z; |
marked_for_read()|SIGABRT|Field_newdate::val_str|Item_field::val_str|Item::print_value|Item_field::print
|
Another stack with:
SET SESSION optimizer_trace=1; |
SET optimizer_switch=REPLACE(REPLACE(@@optimizer_switch,'=on','=off'),'in_to_exists=off','in_to_exists=on'); |
SET SESSION optimizer_switch='materialization=ON,semijoin=ON'; |
SELECT * FROM (SELECT x,0 FROM (SELECT * FROM (SELECT * FROM (SELECT x,0 FROM (SELECT 1 AS x) AS x WHERE x IN (SELECT 1 AS x FROM (SELECT 1 AS x FROM (SELECT 1 AS x) AS x WHERE x IN (1)) AS x WHERE x IN (SELECT * FROM (SELECT 1 AS x) AS x WHERE x IN (SELECT x IN ((SELECT * FROM (SELECT 1 AS x FROM (SELECT 1 AS x) AS x WHERE x IN (1)) AS x GROUP BY x HAVING NOT x)) GROUP BY x HAVING NOT x)) GROUP BY x HAVING NOT NOT x)) AS x) AS x GROUP BY x,x IN (SELECT 1 WHERE x IN (SELECT 1 WHERE NOT x IN (1)))) AS x WHERE x IN (1)) AS x GROUP BY NOT x IN (SELECT (SELECT 1 AS x FROM (SELECT * FROM (SELECT * FROM (SELECT 1 AS x GROUP BY x HAVING NOT 1) AS x WHERE x IN (1) GROUP BY x,x) AS x) AS x) IN ((SELECT (SELECT * FROM (SELECT 1 AS x FROM (SELECT 1 AS x) AS x WHERE x IN (1)) AS x GROUP BY x HAVING NOT x) IN (SELECT 1 AS x FROM (SELECT 1 AS x FROM (SELECT * FROM (SELECT 1 AS x) AS x WHERE x IN (SELECT x) GROUP BY x,x HAVING x IN (SELECT x IN (SELECT 1 AS x FROM (SELECT 1 AS x) AS x WHERE x IN (SELECT * FROM (SELECT 1 AS x) AS x WHERE x IN (SELECT 1 AS x FROM (SELECT 1 AS x FROM (SELECT 1 AS x) AS x WHERE x IN (1)) AS x WHERE x IN (1) GROUP BY x HAVING x IN (SELECT NOT (SELECT * FROM (SELECT * FROM (SELECT x IN (SELECT 1 AS x WHERE x IN ((SELECT 1 AS x FROM (SELECT 1 AS x) AS x WHERE x IN (SELECT 1 IN (1) AS x)))) AS x FROM (SELECT 1 AS x FROM (SELECT * FROM (SELECT * FROM (SELECT x,0 FROM (SELECT 1 AS x) AS x WHERE x IN (SELECT 1 AS x FROM (SELECT 1 AS x FROM (SELECT 1 AS x) AS x WHERE x IN (1)) AS x WHERE x IN (1) GROUP BY x HAVING NOT NOT x)) AS x) AS x) AS x) AS x) AS x WHERE x IN (1)) AS x) FROM (SELECT 1 AS x) AS x)))) WHERE NOT x IN (1))) AS x WHERE x IN (1)) AS x WHERE x IN (1) GROUP BY x HAVING NOT NOT x) AS x FROM (SELECT * FROM (SELECT * FROM (SELECT 1 AS x FROM (SELECT 1 AS x) AS x) AS x WHERE x IN (1)) AS x) AS x WHERE x IN (1)))); |
SIGSEGV|Item_field::print|Item_equal::print|st_select_lex::print|st_select_lex_unit::print
|
This stack may be sporadic, i.e. other stacks could potentially be produced when using, or slightly modifying this testcase, for example combining SESSION vars in one line. Testcase can be reduced further if needed; let me know.
Additionally, we get an ASAN hear-use-after-free in Item_field::print:
ASAN|heap-use-after-free|sql/item.cc|Item_field::print|Item_equal::print|st_select_lex::print|st_select_lex_unit::print
|
Slightly different stack (Field_string::val_str instead of Field_long::val_str);
Leads to:
10.6.2 06dd151bb86ad5b87d4d46011f36da1289c01074 (Debug)
mysqld: /test/10.6_dbg/sql/field.cc:7470: virtual String* Field_string::val_str(String*, String*): Assertion `marked_for_read()' failed.10.6.2 06dd151bb86ad5b87d4d46011f36da1289c01074 (Debug)
Core was generated by `/test/MD050621-mariadb-10.6.2-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.Program terminated with signal SIGABRT, Aborted.#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50[Current thread is 1 (Thread 0x150d540a1700 (LWP 38388))](gdb) bt#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50#1 0x0000150d56062859 in __GI_abort () at abort.c:79#2 0x0000150d56062729 in __assert_fail_base (fmt=0x150d561f8588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x556804265174 "marked_for_read()", file=0x556804264f5b "/test/10.6_dbg/sql/field.cc", line=7470, function=<optimized out>) at assert.c:92#3 0x0000150d56073f36 in __GI___assert_fail (assertion=assertion@entry=0x556804265174 "marked_for_read()", file=file@entry=0x556804264f5b "/test/10.6_dbg/sql/field.cc", line=line@entry=7470, function=function@entry=0x556804266ec0 "virtual String* Field_string::val_str(String*, String*)") at assert.c:101#4 0x00005568036e34bc in Field_string::val_str (this=0x150d1002b0b8, val_buffer=<optimized out>, val_ptr=0x150d1004f198) at /test/10.6_dbg/sql/field.cc:7470#5 0x000055680372e9e2 in Item_field::val_str (this=0x150d1004f170, str=0x150d5409ed10) at /test/10.6_dbg/sql/item.cc:3277#6 0x000055680373b025 in Item::print_value (this=0x150d1004f170, str=0x150d5409f370) at /test/10.6_dbg/sql/item.cc:526#7 0x000055680373b3b1 in Item_field::print (this=<optimized out>, str=<optimized out>, query_type=<optimized out>) at /test/10.6_dbg/sql/item.cc:7713#8 0x000055680373ade0 in Item::print_parenthesised (this=this@entry=0x150d1004f170, str=str@entry=0x150d5409f370, query_type=query_type@entry=1033, parent_prec=CMP_PRECEDENCE) at /test/10.6_dbg/sql/item.cc:496#9 0x00005568037ace14 in Item_func::print_op (this=0x150d100164e8, str=0x150d5409f370, query_type=1033) at /test/10.6_dbg/sql/item_func.cc:630#10 0x0000556803779ee5 in Item_bool_rowready_func2::print (this=<optimized out>, str=<optimized out>, query_type=<optimized out>) at /test/10.6_dbg/sql/item_cmpfunc.h:551#11 0x00005568034aea7e in st_select_lex::print (this=0x150d10015730, thd=thd@entry=0x150d10000db8, str=str@entry=0x150d5409f370, query_type=query_type@entry=1033) at /test/10.6_dbg/sql/sql_select.cc:28223#12 0x00005568038102e8 in subselect_single_select_engine::print (this=0x150d10017098, str=0x150d5409f370, query_type=1033) at /test/10.6_dbg/sql/item_subselect.cc:4606#13 0x0000556803810857 in Item_subselect::print (this=0x150d10016f10, str=0x150d5409f370, query_type=1033) at /test/10.6_dbg/sql/item_subselect.cc:1114#14 0x00005568037ac96a in Item_func::print_args (this=this@entry=0x150d1004fa18, str=str@entry=0x150d5409f370, from=from@entry=0, query_type=query_type@entry=1033) at /test/10.6_dbg/sql/item_func.cc:621#15 0x00005568037acb88 in Item_func::print (this=this@entry=0x150d1004fa18, str=str@entry=0x150d5409f370, query_type=query_type@entry=1033) at /test/10.6_dbg/sql/item_func.cc:610#16 0x000055680376ae86 in Item_in_optimizer::print (this=0x150d1004fa18, str=0x150d5409f370, query_type=1033) at /test/10.6_dbg/sql/item_cmpfunc.cc:1241#17 0x000055680373ae14 in Item::print_parenthesised (this=this@entry=0x150d1004fa18, str=str@entry=0x150d5409f370, query_type=query_type@entry=1033, parent_prec=<optimized out>) at /test/10.6_dbg/sql/item.cc:496#18 0x0000556803765533 in Item_func_not::print (this=0x150d10018780, str=0x150d5409f370, query_type=1033) at /test/10.6_dbg/sql/item_cmpfunc.cc:210#19 0x0000556803665829 in Json_writer::add_str (this=this@entry=0x150d10008160, item=item@entry=0x150d10018780) at /test/10.6_dbg/sql/opt_trace.cc:711#20 0x0000556803470c67 in Json_value_helper::add_str (item=0x150d10018780, this=<synthetic pointer>) at /test/10.6_dbg/sql/my_json_writer.h:454#21 Json_writer_object::add (value=0x150d10018780, name=0x5568040e6a8d "original_condition", this=<synthetic pointer>) at /test/10.6_dbg/sql/my_json_writer.h:454#22 optimize_cond (join=join@entry=0x150d1004e3a0, conds=0x150d10018780, join_list=0x150d10014cb0, ignore_on_conds=ignore_on_conds@entry=false, cond_value=cond_value@entry=0x150d1004e6e8, cond_equal=cond_equal@entry=0x150d1004e810, flags=1) at /test/10.6_dbg/sql/sql_select.cc:17398#23 0x00005568034ba639 in JOIN::optimize_inner (this=this@entry=0x150d1004e3a0) at /test/10.6_dbg/sql/sql_select.cc:2192#24 0x00005568034bb3b2 in JOIN::optimize (this=this@entry=0x150d1004e3a0) at /test/10.6_dbg/sql/sql_select.cc:1807#25 0x0000556803405496 in st_select_lex::optimize_unflattened_subqueries (this=0x150d100140f8, const_only=const_only@entry=false) at /test/10.6_dbg/sql/sql_lex.cc:4936#26 0x00005568035fe95f in JOIN::optimize_unflattened_subqueries (this=this@entry=0x150d1004d850) at /test/10.6_dbg/sql/opt_subselect.cc:5567#27 0x00005568034b8851 in JOIN::optimize_stage2 (this=this@entry=0x150d1004d850) at /test/10.6_dbg/sql/sql_select.cc:3059#28 0x00005568034bb1a7 in JOIN::optimize_inner (this=this@entry=0x150d1004d850) at /test/10.6_dbg/sql/sql_select.cc:2477#29 0x00005568034bb3b2 in JOIN::optimize (this=this@entry=0x150d1004d850) at /test/10.6_dbg/sql/sql_select.cc:1807#30 0x00005568034bba2b in mysql_select (thd=thd@entry=0x150d10000db8, tables=0x150d1004c978, fields=@0x150d10014398: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x150d100145f0, last = 0x150d100145f0, elements = 1}, <No data fields>}, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x150d10019c00, unit=0x150d10005130, select_lex=0x150d100140f8) at /test/10.6_dbg/sql/sql_select.cc:4968#31 0x00005568034bbd2f in handle_select (thd=thd@entry=0x150d10000db8, lex=lex@entry=0x150d10005068, result=result@entry=0x150d10019c00, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.6_dbg/sql/sql_select.cc:544#32 0x000055680342f6ac in execute_sqlcom_select (thd=thd@entry=0x150d10000db8, all_tables=0x150d1004c978) at /test/10.6_dbg/sql/sql_parse.cc:6242#33 0x000055680343c58c in mysql_execute_command (thd=thd@entry=0x150d10000db8) at /test/10.6_dbg/sql/sql_parse.cc:3937#34 0x0000556803428adc in mysql_parse (thd=thd@entry=0x150d10000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x150d540a0400) at /test/10.6_dbg/sql/sql_parse.cc:8016#35 0x0000556803437646 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x150d10000db8, packet=packet@entry=0x150d1000b769 "SELECT 1 FROM (SELECT 1 IN (SELECT 1 FROM t1 WHERE (SELECT 1 FROM t2 HAVING b) NOT IN (SELECT 1 FROM t2)) FROM t2) AS z", packet_length=packet_length@entry=119, blocking=blocking@entry=true) at /test/10.6_dbg/sql/sql_class.h:1340#36 0x000055680343aa26 in do_command (thd=0x150d10000db8, blocking=blocking@entry=true) at /test/10.6_dbg/sql/sql_parse.cc:1406#37 0x000055680359eec2 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x556806a48b98, put_in_cache=put_in_cache@entry=true) at /test/10.6_dbg/sql/sql_connect.cc:1410#38 0x000055680359f4c7 in handle_one_connection (arg=arg@entry=0x556806a48b98) at /test/10.6_dbg/sql/sql_connect.cc:1312#39 0x0000556803a4b03a in pfs_spawn_thread (arg=0x556806931128) at /test/10.6_dbg/storage/perfschema/pfs.cc:2201#40 0x0000150d56570609 in start_thread (arg=<optimized out>) at pthread_create.c:477#41 0x0000150d5615f293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95Bug confirmed present in:
MariaDB: 10.4.19 (dbg), 10.5.10 (dbg), 10.6.2 (dbg)
Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.2.38 (dbg), 10.2.38 (opt), 10.3.29 (dbg), 10.3.29 (opt), 10.4.19 (opt), 10.5.10 (opt), 10.6.2 (opt)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.34 (dbg), 5.7.34 (opt), 8.0.24 (dbg), 8.0.24 (opt)