[MDEV-27366] SIGSEGV in handler_index_cond_check on SELECT in connection with rowid_filter setting - Jira

XML

Word

Printable

Details

Type: Bug
Status: In Review (View Workflow)
Priority: Critical
Resolution: Unresolved
Affects Version/s: 10.5, 10.6, 10.7, 10.8, 10.9, 10.10
Fix Version/s: 10.5, 10.6, 10.11
Component/s: Optimizer
Labels:

Description

SET sql_mode='';

SET join_cache_level=3;

CREATE TABLE t (c BIGINT, d INT, KEY c(c), KEY d(d)) ENGINE=InnoDB;

INSERT INTO t VALUES (0,0),(1,2),(1,3),(2,0),(3,0),(4,6),(5,0);

SELECT * FROM t,t AS b WHERE t.c=0 AND t.d=b.c AND t.c=b.d;

Leads to:

10.8.0 ccdf5711a8fff0cd610a91fdcf37c8ff1182878c (Optimized)
Core was generated by `/test/MD121221-mariadb-10.8.0-linux-x86_64-opt/bin/mysqld --no-defaults --core-'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x000055cb1b08680f in handler_index_cond_check (h_arg=0x14831c049e60)
at /test/10.8_opt/sql/handler.cc:6708
6708 if ((res= h->pushed_idx_cond->val_int()? CHECK_POS : CHECK_NEG) ==
[Current thread is 1 (Thread 0x148392175700 (LWP 635439))]
(gdb) bt
#0 0x000055cb1b08680f in handler_index_cond_check (h_arg=0x14831c049e60) at /test/10.8_opt/sql/handler.cc:6708
#1 0x000055cb1b441635 in row_search_idx_cond_check (mysql_rec=0x14831c049a48 <incomplete sequence \371>, prebuilt=0x14831c04aab0, rec=0x1483947c407e <error: Cannot access memory at address 0x1483947c407e>, offsets=0x148392172850) at /test/10.8_opt/storage/innobase/row/row0sel.cc:4045
#2 0x000055cb1b444c8a in row_search_mvcc (buf=buf@entry=0x14831c049a48 <incomplete sequence \371>, mode=<optimized out>, mode@entry=PAGE_CUR_G, prebuilt=0x14831c04aab0, match_mode=match_mode@entry=0, direction=direction@entry=0) at /test/10.8_opt/storage/innobase/row/row0sel.cc:5414
#3 0x000055cb1b375960 in ha_innobase::index_read (find_flag=HA_READ_AFTER_KEY, key_len=0, key_ptr=0x0, buf=0x14831c049a48 <incomplete sequence \371>, this=0x14831c049e60) at /test/10.8_opt/storage/innobase/handler/ha_innodb.cc:9002
#4 ha_innobase::index_first (buf=0x14831c049a48 <incomplete sequence \371>, this=0x14831c049e60) at /test/10.8_opt/storage/innobase/handler/ha_innodb.cc:9364
#5 ha_innobase::rnd_next (buf=0x14831c049a48 <incomplete sequence \371>, this=0x14831c049e60) at /test/10.8_opt/storage/innobase/handler/ha_innodb.cc:9457
#6 ha_innobase::rnd_next (this=0x14831c049e60, buf=0x14831c049a48 <incomplete sequence \371>) at /test/10.8_opt/storage/innobase/handler/ha_innodb.cc:9447
#7 0x000055cb1b07fd57 in handler::ha_rnd_next (this=0x14831c049e60, buf=0x14831c049a48 <incomplete sequence \371>) at /test/10.8_opt/sql/handler.cc:3393
#8 0x000055cb1ad690c4 in rr_sequential (info=0x14831c04d728) at /test/10.8_opt/sql/records.h:82
#9 0x000055cb1af8578f in JOIN_CACHE::join_matching_records (this=0x14831c04ee60, skip_last=false) at /test/10.8_opt/sql/sql_join_cache.cc:2329
#10 0x000055cb1af85141 in JOIN_CACHE::join_records (this=this@entry=0x14831c04ee60, skip_last=skip_last@entry=false) at /test/10.8_opt/sql/sql_join_cache.cc:2151
#11 0x000055cb1ae81b9a in sub_select_cache (join=0x14831c013478, join_tab=0x14831c04d660, end_of_records=<optimized out>) at /test/10.8_opt/sql/sql_select.cc:20844
#12 0x000055cb1aeaf2df in do_select (procedure=<optimized out>, join=0x14831c013478) at /test/10.8_opt/sql/sql_select.cc:20619
#13 JOIN::exec_inner (this=0x14831c013478) at /test/10.8_opt/sql/sql_select.cc:4735
#14 0x000055cb1aeaf848 in JOIN::exec (this=this@entry=0x14831c013478) at /test/10.8_opt/sql/sql_select.cc:4513
#15 0x000055cb1aead941 in mysql_select (thd=0x14831c000c58, tables=0x14831c010f60, fields=@0x14831c010c28: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14831c010f18, last = 0x14831c013f30, elements = 4}, <No data fields>}, conds=0x14831c0125e0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x14831c013450, unit=0x14831c004ea0, select_lex=0x14831c010988) at /test/10.8_opt/sql/sql_select.cc:4993
#16 0x000055cb1aeae0f7 in handle_select (thd=thd@entry=0x14831c000c58, lex=lex@entry=0x14831c004dc8, result=result@entry=0x14831c013450, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.8_opt/sql/sql_select.cc:545
#17 0x000055cb1ae2ec01 in execute_sqlcom_select (thd=0x14831c000c58, all_tables=0x14831c010f60) at /test/10.8_opt/sql/sql_parse.cc:6253
#18 0x000055cb1ae3cef2 in mysql_execute_command (thd=0x14831c000c58, is_called_from_prepared_stmt=<optimized out>) at /test/10.8_opt/sql/sql_parse.cc:3944
#19 0x000055cb1ae29986 in mysql_parse (thd=0x14831c000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/10.8_opt/sql/sql_parse.cc:8028
#20 0x000055cb1ae35b35 in dispatch_command (command=COM_QUERY, thd=0x14831c000c58, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/10.8_opt/sql/sql_class.h:1360
#21 0x000055cb1ae37d27 in do_command (thd=0x14831c000c58, blocking=blocking@entry=true) at /test/10.8_opt/sql/sql_parse.cc:1402
#22 0x000055cb1af562e7 in do_handle_one_connection (connect=<optimized out>, put_in_cache=true) at /test/10.8_opt/sql/sql_connect.cc:1418
#23 0x000055cb1af5662d in handle_one_connection (arg=arg@entry=0x55cb1dbe5be8) at /test/10.8_opt/sql/sql_connect.cc:1312
#24 0x000055cb1b2c45d8 in pfs_spawn_thread (arg=0x55cb1db9d218) at /test/10.8_opt/storage/perfschema/pfs.cc:2201
#25 0x00001483b1316609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#26 0x00001483b0f04293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

10.8.0 ccdf5711a8fff0cd610a91fdcf37c8ff1182878c (Debug)
Core was generated by `/test/MD121221-mariadb-10.8.0-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x000055f9f0af1c63 in handler_index_cond_check (h_arg=0x1463a00728e0)
at /test/10.8_dbg/sql/handler.cc:6708
6708 if ((res= h->pushed_idx_cond->val_int()? CHECK_POS : CHECK_NEG) ==
[Current thread is 1 (Thread 0x1464505a2700 (LWP 636278))]
(gdb) bt
#0 0x000055f9f0af1c63 in handler_index_cond_check (h_arg=0x1463a00728e0) at /test/10.8_dbg/sql/handler.cc:6708
#1 0x000055f9f10622ac in row_search_idx_cond_check (mysql_rec=mysql_rec@entry=0x1463a0072458 <incomplete sequence \371>, prebuilt=prebuilt@entry=0x1463a00735c8, rec=rec@entry=0x14643cc5c07e "", offsets=0x14645059f520) at /test/10.8_dbg/storage/innobase/row/row0sel.cc:4045
#2 0x000055f9f106d0a9 in row_search_mvcc (buf=buf@entry=0x1463a0072458 <incomplete sequence \371>, mode=PAGE_CUR_G, prebuilt=0x1463a00735c8, match_mode=<optimized out>, direction=direction@entry=0) at /test/10.8_dbg/storage/innobase/row/row0sel.cc:5414
#3 0x000055f9f0ea45c5 in ha_innobase::index_read (this=this@entry=0x1463a00728e0, buf=buf@entry=0x1463a0072458 <incomplete sequence \371>, key_ptr=key_ptr@entry=0x0, key_len=key_len@entry=0, find_flag=find_flag@entry=HA_READ_AFTER_KEY) at /test/10.8_dbg/storage/innobase/handler/ha_innodb.cc:9002
#4 0x000055f9f0ea484c in ha_innobase::index_first (this=this@entry=0x1463a00728e0, buf=buf@entry=0x1463a0072458 <incomplete sequence \371>) at /test/10.8_dbg/storage/innobase/handler/ha_innodb.cc:9364
#5 0x000055f9f0ea48d5 in ha_innobase::rnd_next (this=0x1463a00728e0, buf=0x1463a0072458 <incomplete sequence \371>) at /test/10.8_dbg/storage/innobase/handler/ha_innodb.cc:9457
#6 0x000055f9f0ae8561 in handler::ha_rnd_next (this=0x1463a00728e0, buf=0x1463a0072458 <incomplete sequence \371>) at /test/10.8_dbg/sql/handler.cc:3393
#7 0x000055f9f06d6445 in rr_sequential (info=0x1463a00763e8) at /test/10.8_dbg/sql/records.h:82
#8 0x000055f9f0859b30 in READ_RECORD::read_record (this=0x1463a00763e8) at /test/10.8_dbg/sql/records.h:81
#9 join_init_read_record (tab=0x1463a0076320) at /test/10.8_dbg/sql/sql_select.cc:22065
#10 0x000055f9f09a1827 in JOIN_TAB_SCAN::open (this=0x1463a0077f58) at /test/10.8_dbg/sql/sql_join_cache.cc:3426
#11 0x000055f9f09a4c2d in JOIN_CACHE::join_matching_records (this=0x1463a0077da0, skip_last=false) at /test/10.8_dbg/sql/sql_join_cache.cc:2329
#12 0x000055f9f09a4482 in JOIN_CACHE::join_records (this=this@entry=0x1463a0077da0, skip_last=skip_last@entry=false) at /test/10.8_dbg/sql/sql_join_cache.cc:2151
#13 0x000055f9f0841336 in sub_select_cache (join=0x1463a0016998, join_tab=0x1463a0076320, end_of_records=<optimized out>) at /test/10.8_dbg/sql/sql_select.cc:20844
#14 0x000055f9f0840dfb in sub_select (join=0x1463a0016998, join_tab=0x1463a0075f70, end_of_records=<optimized out>) at /test/10.8_dbg/sql/sql_select.cc:21014
#15 0x000055f9f0878fcc in do_select (procedure=<optimized out>, join=0x1463a0016998) at /test/10.8_dbg/sql/sql_select.cc:20619
#16 JOIN::exec_inner (this=this@entry=0x1463a0016998) at /test/10.8_dbg/sql/sql_select.cc:4735
#17 0x000055f9f0879542 in JOIN::exec (this=this@entry=0x1463a0016998) at /test/10.8_dbg/sql/sql_select.cc:4513
#18 0x000055f9f0877553 in mysql_select (thd=thd@entry=0x1463a0000db8, tables=0x1463a0014480, fields=@0x1463a0014148: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x1463a0014438, last = 0x1463a0017450, elements = 4}, <No data fields>}, conds=0x1463a0015b00, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x1463a0016970, unit=0x1463a00051c0, select_lex=0x1463a0013ea8) at /test/10.8_dbg/sql/sql_select.cc:4993
#19 0x000055f9f0877808 in handle_select (thd=thd@entry=0x1463a0000db8, lex=lex@entry=0x1463a00050e8, result=result@entry=0x1463a0016970, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.8_dbg/sql/sql_select.cc:545
#20 0x000055f9f07d6c1e in execute_sqlcom_select (thd=thd@entry=0x1463a0000db8, all_tables=0x1463a0014480) at /test/10.8_dbg/sql/sql_parse.cc:6253
#21 0x000055f9f07e3af1 in mysql_execute_command (thd=thd@entry=0x1463a0000db8, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.8_dbg/sql/sql_parse.cc:3944
#22 0x000055f9f07cfe0f in mysql_parse (thd=thd@entry=0x1463a0000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x1464505a1400) at /test/10.8_dbg/sql/sql_parse.cc:8028
#23 0x000055f9f07deaab in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x1463a0000db8, packet=packet@entry=0x1463a000b879 "", packet_length=packet_length@entry=58, blocking=blocking@entry=true) at /test/10.8_dbg/sql/sql_class.h:1360
#24 0x000055f9f07e1eea in do_command (thd=0x1463a0000db8, blocking=blocking@entry=true) at /test/10.8_dbg/sql/sql_parse.cc:1402
#25 0x000055f9f095b89c in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55f9f466be38, put_in_cache=put_in_cache@entry=true) at /test/10.8_dbg/sql/sql_connect.cc:1418
#26 0x000055f9f095bea1 in handle_one_connection (arg=arg@entry=0x55f9f466be38) at /test/10.8_dbg/sql/sql_connect.cc:1312
#27 0x000055f9f0ddd442 in pfs_spawn_thread (arg=0x55f9f457f4a8) at /test/10.8_dbg/storage/perfschema/pfs.cc:2201
#28 0x0000146459d15609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#29 0x0000146459903293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Bug confirmed present in:
MariaDB: 10.5.14 (dbg), 10.5.14 (opt), 10.6.6 (dbg), 10.6.6 (opt), 10.7.2 (dbg), 10.7.2 (opt), 10.8.0 (dbg), 10.8.0 (opt)

Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.2.42 (dbg), 10.2.42 (opt), 10.3.33 (dbg), 10.3.33 (opt), 10.4.23 (dbg), 10.4.23 (opt)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.36 (dbg), 5.7.36 (opt), 8.0.27 (dbg), 8.0.27 (opt)

Setting rowid_filter=off prevents the crash from occurring.

Some older ASAN Traces:

10.6.0 3f871b339429441ad907ecf7dfabdc414797e664 (Debug)
2021-04-27 10:18:23 0 [Note] /test/UBASAN_MD260121-mariadb-10.6.0-linux-x86_64-dbg/bin/mysqld: ready for connections.
Version: '10.6.0-MariaDB-debug' socket: '/test/UBASAN_MD260121-mariadb-10.6.0-linux-x86_64-dbg/socket.sock' port: 32200 MariaDB Server
/data/builds/10.6_dbg_san/sql/handler.cc:6343:40: runtime error: member call on null pointer of type 'struct Item'
#0 0x55e4bd3e4d6e in handler_index_cond_check /data/builds/10.6_dbg_san/sql/handler.cc:6343
#1 0x55e4bf8a7542 in row_search_idx_cond_check /data/builds/10.6_dbg_san/storage/innobase/row/row0sel.cc:3989
#2 0x55e4bf8d1c3c in row_search_mvcc(unsigned char, page_cur_mode_t, row_prebuilt_t, unsigned long, unsigned long) /data/builds/10.6_dbg_san/storage/innobase/row/row0sel.cc:5336
#3 0x55e4bf1c310a in ha_innobase::index_read(unsigned char, unsigned char const, unsigned int, ha_rkey_function) /data/builds/10.6_dbg_san/storage/innobase/handler/ha_innodb.cc:8546
#4 0x55e4bf1c4a73 in ha_innobase::index_first(unsigned char*) /data/builds/10.6_dbg_san/storage/innobase/handler/ha_innodb.cc:8907
#5 0x55e4bf1c4d6b in ha_innobase::rnd_next(unsigned char*) /data/builds/10.6_dbg_san/storage/innobase/handler/ha_innodb.cc:9000
#6 0x55e4bd39cea8 in handler::ha_rnd_next(unsigned char*) /data/builds/10.6_dbg_san/sql/handler.cc:3066
#7 0x55e4be47f57d in rr_sequential(READ_RECORD*) /data/builds/10.6_dbg_san/sql/records.cc:519
#8 0x55e4bc07d90d in READ_RECORD::read_record() /data/builds/10.6_dbg_san/sql/records.h:81
#9 0x55e4bc07d90d in join_init_read_record(st_join_table*) /data/builds/10.6_dbg_san/sql/sql_select.cc:21577
#10 0x55e4bc96e0c4 in JOIN_TAB_SCAN::open() /data/builds/10.6_dbg_san/sql/sql_join_cache.cc:3358
#11 0x55e4bc994a42 in JOIN_CACHE::join_matching_records(bool) /data/builds/10.6_dbg_san/sql/sql_join_cache.cc:2261
#12 0x55e4bc98fac4 in JOIN_CACHE::join_records(bool) /data/builds/10.6_dbg_san/sql/sql_join_cache.cc:2093
#13 0x55e4bbfc2ade in sub_select_cache(JOIN, st_join_table, bool) /data/builds/10.6_dbg_san/sql/sql_select.cc:20376
#14 0x55e4bbfc02dc in sub_select(JOIN, st_join_table, bool) /data/builds/10.6_dbg_san/sql/sql_select.cc:20547
#15 0x55e4bc18420a in do_select /data/builds/10.6_dbg_san/sql/sql_select.cc:20151
#16 0x55e4bc18420a in JOIN::exec_inner() /data/builds/10.6_dbg_san/sql/sql_select.cc:4476
#17 0x55e4bc18596c in JOIN::exec() /data/builds/10.6_dbg_san/sql/sql_select.cc:4256
#18 0x55e4bc176a97 in mysql_select(THD, TABLE_LIST, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex) /data/builds/10.6_dbg_san/sql/sql_select.cc:4672
#19 0x55e4bc17846b in handle_select(THD, LEX, select_result*, unsigned long) /data/builds/10.6_dbg_san/sql/sql_select.cc:417
#20 0x55e4bbd89ab2 in execute_sqlcom_select /data/builds/10.6_dbg_san/sql/sql_parse.cc:6133
#21 0x55e4bbdea948 in mysql_execute_command(THD*) /data/builds/10.6_dbg_san/sql/sql_parse.cc:3829
#22 0x55e4bbd4e2ea in mysql_parse(THD, char, unsigned int, Parser_state*) /data/builds/10.6_dbg_san/sql/sql_parse.cc:7901
#23 0x55e4bbdbd012 in dispatch_command(enum_server_command, THD, char, unsigned int) /data/builds/10.6_dbg_san/sql/sql_parse.cc:1833
#24 0x55e4bbdd25e4 in do_command(THD*) /data/builds/10.6_dbg_san/sql/sql_parse.cc:1365
#25 0x55e4bc7ba5bc in do_handle_one_connection(CONNECT*, bool) /data/builds/10.6_dbg_san/sql/sql_connect.cc:1410
#26 0x55e4bc7bd83f in handle_one_connection /data/builds/10.6_dbg_san/sql/sql_connect.cc:1312
#27 0x55e4becbe631 in pfs_spawn_thread /data/builds/10.6_dbg_san/storage/perfschema/pfs.cc:2201
#28 0x14d364474608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477
#29 0x14d3635c8292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)

210427 10:18:54 [ERROR] mysqld got signal 11 ;

10.5.9 927a882341eb1087e71d64de4e8cd89ab520de89 (Optimized)
2021-04-27 10:45:26 0 [Note] /test/UBASAN_MD260121-mariadb-10.5.9-linux-x86_64-opt/bin/mysqld: ready for connections.
Version: '10.5.9-MariaDB' socket: '/test/UBASAN_MD260121-mariadb-10.5.9-linux-x86_64-opt/socket.sock' port: 10430 MariaDB Server
/data/builds/10.5_opt_san/sql/handler.cc:6343:40: runtime error: member call on null pointer of type 'struct Item'
#0 0x559eb15ee1c9 in handler_index_cond_check /data/builds/10.5_opt_san/sql/handler.cc:6343
#1 0x559eb37b9c9d in row_search_idx_cond_check /data/builds/10.5_opt_san/storage/innobase/row/row0sel.cc:3965
#2 0x559eb37de8f3 in row_search_mvcc(unsigned char, page_cur_mode_t, row_prebuilt_t, unsigned long, unsigned long) /data/builds/10.5_opt_san/storage/innobase/row/row0sel.cc:5265
#3 0x559eb313635b in ha_innobase::index_read(unsigned char, unsigned char const, unsigned int, ha_rkey_function) /data/builds/10.5_opt_san/storage/innobase/handler/ha_innodb.cc:8758
#4 0x559eb313854e in ha_innobase::index_first(unsigned char*) /data/builds/10.5_opt_san/storage/innobase/handler/ha_innodb.cc:9119
#5 0x559eb313854e in ha_innobase::rnd_next(unsigned char*) /data/builds/10.5_opt_san/storage/innobase/handler/ha_innodb.cc:9212
#6 0x559eb15b4f59 in handler::ha_rnd_next(unsigned char*) /data/builds/10.5_opt_san/sql/handler.cc:3066
#7 0x559eb2369b18 in rr_sequential(READ_RECORD*) /data/builds/10.5_opt_san/sql/records.cc:519
#8 0x559eb0d01b87 in JOIN_CACHE::join_matching_records(bool) /data/builds/10.5_opt_san/sql/sql_join_cache.cc:2261
#9 0x559eb0cfdd07 in JOIN_CACHE::join_records(bool) /data/builds/10.5_opt_san/sql/sql_join_cache.cc:2093
#10 0x559eb0536811 in sub_select_cache(JOIN, st_join_table, bool) /data/builds/10.5_opt_san/sql/sql_select.cc:20405
#11 0x559eb06af396 in do_select /data/builds/10.5_opt_san/sql/sql_select.cc:20167
#12 0x559eb06af396 in JOIN::exec_inner() /data/builds/10.5_opt_san/sql/sql_select.cc:4466
#13 0x559eb06b2c69 in JOIN::exec() /data/builds/10.5_opt_san/sql/sql_select.cc:4246
#14 0x559eb06a37fd in mysql_select(THD, TABLE_LIST, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex) /data/builds/10.5_opt_san/sql/sql_select.cc:4662
#15 0x559eb06a8a93 in handle_select(THD, LEX, select_result*, unsigned long) /data/builds/10.5_opt_san/sql/sql_select.cc:417
#16 0x559eb0367a81 in execute_sqlcom_select /data/builds/10.5_opt_san/sql/sql_parse.cc:6281
#17 0x559eb03aafa2 in mysql_execute_command(THD*) /data/builds/10.5_opt_san/sql/sql_parse.cc:3977
#18 0x559eb03351b7 in mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool) /data/builds/10.5_opt_san/sql/sql_parse.cc:8062
#19 0x559eb038ea31 in dispatch_command(enum_server_command, THD, char, unsigned int, bool, bool) /data/builds/10.5_opt_san/sql/sql_parse.cc:1889
#20 0x559eb039b5d9 in do_command(THD*) /data/builds/10.5_opt_san/sql/sql_parse.cc:1370
#21 0x559eb0b8fe2c in do_handle_one_connection(CONNECT*, bool) /data/builds/10.5_opt_san/sql/sql_connect.cc:1410
#22 0x559eb0b92b64 in handle_one_connection /data/builds/10.5_opt_san/sql/sql_connect.cc:1312
#23 0x559eb2ba454a in pfs_spawn_thread /data/builds/10.5_opt_san/storage/perfschema/pfs.cc:2201
#24 0x152c8eb49608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477
#25 0x152c8dc9d292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)

210427 10:45:32 [ERROR] mysqld got signal 11 ;

Confirmed that neither 10.3.28 75538f94ca06915ddc22458b82b8e148e51dd0db (Debug) nor 10.4.19 e626f511f9dc4faee9ae98fb5a8c8c6ddd06679b (Debug) produces an ASAN trace. The 10.4 output is as follows:

10.4.18 e626f511f9dc4faee9ae98fb5a8c8c6ddd06679b (Debug)
10.4.19-dbg>SELECT * FROM t,t AS b WHERE t.c=0 AND t.d=b.c AND t.c=b.d;
+------+------+------+------+
\| c \| d \| c \| d \|
+------+------+------+------+
\| 0 \| 0 \| 0 \| 0 \|
+------+------+------+------+
1 row in set (0.002 sec)

Attachments

Issue Links

relates to

MDEV-27292 Assertion `!prebuilt->index->is_primary()' failed upon SELECT with subqueries and rowid_filter

Closed

MDEV-28747 Possible problem with ha_innobase::build_template

Closed

MDEV-22846 Server crashes in handler_index_cond_check on SELECT

Closed

MDEV-28712 join_cache.test shows plans that meaninglessly use rowid filtering

Open

MDEV-33530 Server crash while executing delete query

Closed

Activity

People

Assignee:: Sergei Petrunia

Reporter:: Roel Van de Paar

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 2021-12-26 16:18

Updated:: 2024-02-23 13:42

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.