Details
-
Bug
-
Status: Confirmed (View Workflow)
-
Major
-
Resolution: Unresolved
-
10.2(EOL), 10.3(EOL), 10.4(EOL), 10.5, 10.6, 10.7(EOL), 10.8(EOL), 10.9(EOL), 10.10(EOL), 10.11
-
None
-
Linux version 5.13.0-1-MANJARO (builduser@LEGION) (gcc (GCC) 11.1.0, GNU ld (GNU Binutils) 2.36.1) #1 SMP PREEMPT Mon Jun 7 06:16:10 UTC 2021 x86_64
Description
PoC:
CREATE TABLE v0 ( v1 BIGINT ZEROFILL UNIQUE NOT NULL CHECK ( LENGTH ( HEX ( CASE v1 OR v1 WHEN v1 IS NULL THEN v1 END ) ) ) ) ;
|
INSERT INTO v0 VALUES ( 80 ) ;
|
SELECT * FROM v0 WHERE GET_LOCK ( ( hex ( v1 NOT LIKE v1 ) ) , CONVERT ( 67528449.000000 + 0 + 83 , CHAR ) ) ;
|
SELECT * FROM v0 ORDER BY v1 BETWEEN SIN ( COLLATION ( AVG ( 'x' ) OVER ( ) ) ) AND -1 ;
|
COMMIT ;
|
Log and Coredump:
2021-08-16 14:41:38 0 [Note] InnoDB: Compressed tables use zlib 1.2.11
|
2021-08-16 14:41:38 0 [Note] InnoDB: Number of pools: 1
|
2021-08-16 14:41:38 0 [Note] InnoDB: Using crc32 + pclmulqdq instructions
|
2021-08-16 14:41:38 0 [Note] mysqld: O_TMPFILE is not supported on /tmp (disabling future attempts)
|
2021-08-16 14:41:38 0 [Note] InnoDB: Using liburing
|
2021-08-16 14:41:38 0 [Note] InnoDB: Initializing buffer pool, total size = 134217728, chunk size = 134217728
|
2021-08-16 14:41:38 0 [Note] InnoDB: Completed initialization of buffer pool
|
2021-08-16 14:41:38 0 [Note] InnoDB: 128 rollback segments are active.
|
2021-08-16 14:41:38 0 [Note] InnoDB: Creating shared tablespace for temporary tables
|
2021-08-16 14:41:38 0 [Note] InnoDB: Setting file './ibtmp1' size to 12 MB. Physically writing the file full; Please wait ...
|
2021-08-16 14:41:38 0 [Note] InnoDB: File './ibtmp1' size is now 12 MB.
|
2021-08-16 14:41:38 0 [Note] InnoDB: 10.7.0 started; log sequence number 42161; transaction id 14
|
2021-08-16 14:41:38 0 [Note] InnoDB: Loading buffer pool(s) from /home/fuboat/mariadb-tmp/mysql-default-data/ib_buffer_pool
|
2021-08-16 14:41:38 0 [Note] Plugin 'FEEDBACK' is disabled.
|
2021-08-16 14:41:38 0 [Note] InnoDB: Buffer pool(s) load completed at 210816 14:41:38
|
2021-08-16 14:41:38 0 [Note] Server socket created on IP: '0.0.0.0'.
|
2021-08-16 14:41:38 0 [Note] Server socket created on IP: '::'.
|
2021-08-16 14:41:38 0 [Note] /usr/local/mysql/bin//mysqld: ready for connections.
|
Version: '10.7.0-MariaDB' socket: '/tmp/0.socket' port: 3306 Source distribution
|
2021-08-16 14:41:39 0 [Note] /usr/local/mysql/bin//mysqld (initiated by: root[root] @ localhost []): Normal shutdown
|
2021-08-16 14:41:39 0 [Note] InnoDB: FTS optimize thread exiting.
|
2021-08-16 14:41:39 0 [Note] InnoDB: Starting shutdown...
|
2021-08-16 14:41:39 0 [Note] InnoDB: Dumping buffer pool(s) to /home/fuboat/mariadb-tmp/mysql-default-data/ib_buffer_pool
|
2021-08-16 14:41:39 0 [Note] InnoDB: Buffer pool(s) dump completed at 210816 14:41:39
|
2021-08-16 14:41:39 0 [Note] InnoDB: Removed temporary tablespace data file: "./ibtmp1"
|
2021-08-16 14:41:39 0 [Note] InnoDB: Shutdown completed; log sequence number 42173; transaction id 15
|
2021-08-16 14:41:39 0 [Note] /usr/local/mysql/bin//mysqld: Shutdown complete
|
 |
2021-08-16 15:26:49 0 [Note] InnoDB: Compressed tables use zlib 1.2.11
|
2021-08-16 15:26:49 0 [Note] InnoDB: Number of pools: 1
|
2021-08-16 15:26:49 0 [Note] InnoDB: Using crc32 + pclmulqdq instructions
|
2021-08-16 15:26:49 0 [Note] mysqld: O_TMPFILE is not supported on /tmp (disabling future attempts)
|
2021-08-16 15:26:49 0 [Note] InnoDB: Using liburing
|
2021-08-16 15:26:49 0 [Note] InnoDB: Initializing buffer pool, total size = 134217728, chunk size = 134217728
|
2021-08-16 15:26:49 0 [Note] InnoDB: Completed initialization of buffer pool
|
2021-08-16 15:27:01 0 [Note] InnoDB: 128 rollback segments are active.
|
2021-08-16 15:27:01 0 [Note] InnoDB: Creating shared tablespace for temporary tables
|
2021-08-16 15:27:01 0 [Note] InnoDB: Setting file './ibtmp1' size to 12 MB. Physically writing the file full; Please wait ...
|
2021-08-16 15:27:01 0 [Note] InnoDB: File './ibtmp1' size is now 12 MB.
|
2021-08-16 15:27:01 0 [Note] InnoDB: 10.7.0 started; log sequence number 42173; transaction id 14
|
2021-08-16 15:27:01 0 [Note] InnoDB: Loading buffer pool(s) from /home/fuboat/mariadb-tmp/7/ib_buffer_pool
|
2021-08-16 15:27:01 0 [Note] Plugin 'FEEDBACK' is disabled.
|
2021-08-16 15:27:02 0 [Note] Server socket created on IP: '0.0.0.0'.
|
2021-08-16 15:27:02 0 [Note] Server socket created on IP: '::'.
|
2021-08-16 15:27:04 0 [Note] InnoDB: Buffer pool(s) load completed at 210816 15:27:04
|
2021-08-16 15:27:05 0 [Note] /usr/local/mysql/bin//mysqld: ready for connections.
|
Version: '10.7.0-MariaDB' socket: '/tmp/7.socket' port: 10007 Source distribution
|
210816 15:27:05 [ERROR] mysqld got signal 11 ;
|
This could be because you hit a bug. It is also possible that this binary
|
or one of the libraries it was linked against is corrupt, improperly built,
|
or misconfigured. This error can also be caused by malfunctioning hardware.
|
 |
To report this bug, see https://mariadb.com/kb/en/reporting-bugs
|
 |
We will try our best to scrape up some info that will hopefully help
|
diagnose the problem, but since we have already crashed,
|
something is definitely wrong and this may fail.
|
 |
Server version: 10.7.0-MariaDB
|
key_buffer_size=134217728
|
read_buffer_size=131072
|
max_used_connections=1
|
max_threads=153
|
thread_count=1
|
It is possible that mysqld could use up to
|
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 467956 K bytes of memory
|
Hope that's ok; if not, decrease some variables in the equation.
|
 |
Thread pointer: 0x62b0000bd218
|
Attempting backtrace. You can use the following information to find out
|
where mysqld died. If you see no messages after this, something went
|
terribly wrong...
|
stack_bottom = 0x7f95d25fd850 thread_stack 0x5fc00
|
sanitizer_common/sanitizer_common_interceptors.inc:4203(__interceptor_backtrace.part.0)[0x7f95f1ea9c3e]
|
mysys/stacktrace.c:213(my_print_stacktrace)[0x559fe3c85747]
|
sql/signal_handler.cc:222(handle_fatal_signal)[0x559fe2c4d120]
|
sigaction.c:0(__restore_rt)[0x7f95f1893870]
|
sql/field.h:1385(Field::set_notnull(long long))[0x559fe2cd4ac9]
|
sql/item.cc:6713(Item::save_in_field(Field*, bool))[0x559fe2c9ae71]
|
sql/sql_list.h:441(base_list_iterator::next_fast())[0x559fe2a84756]
|
sql/sql_list.h:441(base_list_iterator::next_fast())[0x559fe2a85837]
|
sql/sql_window.cc:3015(Window_funcs_sort::exec(JOIN*, bool))[0x559fe2a85de5]
|
sql/sql_window.cc:3140(Window_funcs_computation::exec(JOIN*, bool))[0x559fe2a88435]
|
sql/sql_select.cc:29457(AGGR_OP::end_send())[0x559fe265fc76]
|
sql/sql_select.cc:20766(sub_select_postjoin_aggr(JOIN*, st_join_table*, bool))[0x559fe26605d0]
|
sql/sql_select.cc:20604(JOIN::exec_inner())[0x559fe268482c]
|
sql/sql_select.cc:4514(JOIN::exec())[0x559fe2686593]
|
sql/sql_select.cc:4993(mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x559fe267eb5b]
|
sql/sql_select.cc:545(handle_select(THD*, LEX*, select_result*, unsigned long))[0x559fe2680655]
|
sql/sql_parse.cc:6256(execute_sqlcom_select(THD*, TABLE_LIST*))[0x559fe24c3d7d]
|
sql/sql_parse.cc:3946(mysql_execute_command(THD*, bool))[0x559fe24ed421]
|
sql/sql_parse.cc:8047(mysql_parse(THD*, char*, unsigned int, Parser_state*))[0x559fe24f25a1]
|
sql/sql_parse.cc:1898(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool))[0x559fe24f860c]
|
sql/sql_parse.cc:1406(do_command(THD*, bool))[0x559fe24fd73d]
|
sql/sql_connect.cc:1418(do_handle_one_connection(CONNECT*, bool))[0x559fe28b8e57]
|
sql/sql_connect.cc:1312(handle_one_connection)[0x559fe28b933d]
|
perfschema/pfs.cc:2204(pfs_spawn_thread)[0x559fe3349c2c]
|
pthread_create.c:0(start_thread)[0x7f95f1889259]
|
:0(__GI___clone)[0x7f95f14345e3]
|
 |
Trying to get some variables.
|
Some pointers may be invalid and cause the dump to abort.
|
Query (0x629000087238): SELECT * FROM v0 ORDER BY v1 BETWEEN SIN ( COLLATION ( AVG ( 'x' ) OVER ( ) ) ) AND -1
|
 |
Connection ID (thread ID): 4
|
Status: NOT_KILLED
|
 |
Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,engine_condition_pushdown=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on,not_null_range_scan=off
|
 |
The manual page at https://mariadb.com/kb/en/how-to-produce-a-full-stack-trace-for-mysqld/ contains
|
information that should help you find out what is causing the crash.
|
Writing a core file...
|
Working directory at /home/fuboat/mariadb-tmp/7
|
Resource Limits:
|
Limit Soft Limit Hard Limit Units
|
Max cpu time unlimited unlimited seconds
|
Max file size unlimited unlimited bytes
|
Max data size unlimited unlimited bytes
|
Max stack size 8388608 unlimited bytes
|
Max core file size unlimited unlimited bytes
|
Max resident set unlimited unlimited bytes
|
Max processes 61608 61608 processes
|
Max open files 524288 524288 files
|
Max locked memory 65536 65536 bytes
|
Max address space unlimited unlimited bytes
|
Max file locks unlimited unlimited locks
|
Max pending signals 61608 61608 signals
|
Max msgqueue size 819200 819200 bytes
|
Max nice priority 0 0
|
Max realtime priority 0 0
|
Max realtime timeout unlimited unlimited us
|
Core pattern: core
 |
GNU gdb (GDB) 10.2
|
Copyright (C) 2021 Free Software Foundation, Inc.
|
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
|
This is free software: you are free to change and redistribute it.
|
There is NO WARRANTY, to the extent permitted by law.
|
Type "show copying" and "show warranty" for details.
|
This GDB was configured as "x86_64-pc-linux-gnu".
|
Type "show configuration" for configuration details.
|
For bug reporting instructions, please see:
|
<https://www.gnu.org/software/gdb/bugs/>.
|
Find the GDB manual and other documentation resources online at:
|
<http://www.gnu.org/software/gdb/documentation/>.
|
 |
For help, type "help".
|
Type "apropos word" to search for commands related to "word"...
|
Reading symbols from /usr/local/mysql/bin//mysqld...
|
[New LWP 899411]
|
[New LWP 893684]
|
[New LWP 889532]
|
[New LWP 889531]
|
[New LWP 893936]
|
[New LWP 893683]
|
[New LWP 893678]
|
[New LWP 894247]
|
[New LWP 864942]
|
[New LWP 864941]
|
[New LWP 899345]
|
[New LWP 864943]
|
[New LWP 864841]
|
[New LWP 864883]
|
[Thread debugging using libthread_db enabled]
|
Using host libthread_db library "/usr/lib/libthread_db.so.1".
|
Core was generated by `/usr/local/mysql/bin//mysqld --port 10007 --datadir=/home/fuboat/mariadb-tmp/7'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 0x00007f95f1890808 in pthread_kill () from /usr/lib/libpthread.so.0
|
[Current thread is 1 (Thread 0x7f95d25fe240 (LWP 899411))]
|
(gdb) (gdb) #0 0x00007f95f1890808 in pthread_kill () from /usr/lib/libpthread.so.0
|
#1 0x0000559fe2c4d06b in handle_fatal_signal (sig=<optimized out>) at /experiment/mariadb-server/sql/signal_handler.cc:344
|
#2 <signal handler called>
|
#3 0x0000559fe2cd4ac9 in Field::set_notnull (row_offset=0, this=0x0) at /experiment/mariadb-server/sql/field.h:1385
|
#4 Item::save_real_in_field (this=0x629000088d20, field=0x0, no_conversions=<optimized out>) at /experiment/mariadb-server/sql/item.cc:6685
|
#5 0x0000559fe2c9ae71 in Item::save_in_field (this=0x629000088d20, field=0x0, no_conversions=<optimized out>) at /experiment/mariadb-server/sql/item.cc:6712
|
#6 0x0000559fe2a84756 in save_window_function_values (rowid_buf=0x603000014f08 "\030\b", tbl=0x61f00000fcb8, window_functions=...) at /experiment/mariadb-server/sql/sql_window.cc:2721
|
#7 compute_window_func (thd=<optimized out>, window_functions=..., cursor_managers=..., tbl=0x61f00000fcb8, filesort_result=<optimized out>) at /experiment/mariadb-server/sql/sql_window.cc:2873
|
#8 0x0000559fe2a85837 in Window_func_runner::exec (this=this@entry=0x6290000a0e78, thd=thd@entry=0x62b0000bd218, tbl=<optimized out>, filesort_result=0x613000030780) at /experiment/mariadb-server/sql/sql_window.cc:2985
|
#9 0x0000559fe2a85de5 in Window_funcs_sort::exec (this=0x6290000a0e70, join=join@entry=0x629000089368, keep_filesort_result=keep_filesort_result@entry=false) at /experiment/mariadb-server/sql/sql_window.cc:3013
|
#10 0x0000559fe2a88435 in Window_funcs_computation::exec (this=<optimized out>, join=join@entry=0x629000089368, keep_last_filesort_result=keep_last_filesort_result@entry=false) at /experiment/mariadb-server/sql/sql_window.cc:3140
|
#11 0x0000559fe265fc76 in AGGR_OP::end_send (this=0x62900008af00) at /experiment/mariadb-server/sql/sql_select.cc:29457
|
#12 0x0000559fe26605d0 in sub_select_postjoin_aggr (join=0x629000089368, join_tab=0x6290000a05e8, end_of_records=<optimized out>) at /experiment/mariadb-server/sql/sql_select.cc:20765
|
#13 0x0000559fe268482c in do_select (procedure=0x0, join=0x629000089368) at /experiment/mariadb-server/sql/sql_select.cc:20604
|
#14 JOIN::exec_inner (this=0x629000089368) at /experiment/mariadb-server/sql/sql_select.cc:4735
|
#15 0x0000559fe2686593 in JOIN::exec (this=this@entry=0x629000089368) at /experiment/mariadb-server/sql/sql_select.cc:4513
|
#16 0x0000559fe267eb5b in mysql_select (thd=0x62b0000bd218, tables=<optimized out>, fields=..., conds=<optimized out>, og_num=1, order=0x6290000891c8, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x629000089338, unit=0x62b0000c13c0, select_lex=0x629000087350)
|
at /experiment/mariadb-server/sql/sql_select.cc:4991
|
#17 0x0000559fe2680655 in handle_select (thd=thd@entry=0x62b0000bd218, lex=lex@entry=0x62b0000c12f8, result=result@entry=0x629000089338, setup_tables_done_option=setup_tables_done_option@entry=0) at /experiment/mariadb-server/sql/sql_select.cc:545
|
#18 0x0000559fe24c3d7d in execute_sqlcom_select (thd=0x62b0000bd218, all_tables=<optimized out>) at /experiment/mariadb-server/sql/sql_parse.cc:6256
|
#19 0x0000559fe24ed421 in mysql_execute_command (thd=0x62b0000bd218, is_called_from_prepared_stmt=<optimized out>) at /experiment/mariadb-server/sql/sql_parse.cc:3946
|
#20 0x0000559fe24f25a1 in mysql_parse (thd=0x62b0000bd218, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /experiment/mariadb-server/sql/sql_parse.cc:8030
|
#21 0x0000559fe24f860c in dispatch_command (command=<optimized out>, thd=0x62b0000bd218, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /experiment/mariadb-server/sql/sql_parse.cc:1896
|
#22 0x0000559fe24fd73d in do_command (thd=0x62b0000bd218, blocking=blocking@entry=true) at /experiment/mariadb-server/sql/sql_parse.cc:1404
|
#23 0x0000559fe28b8e57 in do_handle_one_connection (connect=<optimized out>, put_in_cache=<optimized out>) at /experiment/mariadb-server/sql/sql_connect.cc:1418
|
#24 0x0000559fe28b933d in handle_one_connection (arg=arg@entry=0x6080000023b8) at /experiment/mariadb-server/sql/sql_connect.cc:1312
|
#25 0x0000559fe3349c2c in pfs_spawn_thread (arg=0x617000005f18) at /experiment/mariadb-server/storage/perfschema/pfs.cc:2201
|
#26 0x00007f95f1889259 in start_thread () from /usr/lib/libpthread.so.0
|
#27 0x00007f95f14345e3 in clone () from /usr/lib/libc.so.6
|
(gdb) quit
|
Attachments
Issue Links
- is duplicated by
-
MDEV-30352 crash with firstvalue()/over()
- Closed
- relates to
-
MDEV-14791 Crash with order by expression containing window functions
- Closed