Details
Description
PoC:
CREATE TABLE v2 ( v3 INT ( 29 ) ) ; |
SELECT ( 'x' ) FROM v2 GROUP BY v3 HAVING v3 = ( NOT EXISTS ( SELECT * WHERE 'x' ) ) ; |
report (compiled with ASAN):
Thread pointer: 0x7f0dac000c58
|
Attempting backtrace. You can use the following information to find out
|
where mysqld died. If you see no messages after this, something went
|
terribly wrong...
|
stack_bottom = 0x7f0e10057e30 thread_stack 0x49000
|
mysys/stacktrace.c:212(my_print_stacktrace)[0xe12bae]
|
sql/signal_handler.cc:226(handle_fatal_signal)[0x973f04]
|
sigaction.c:0(__restore_rt)[0x7f0e1b8b53c0]
|
sql/item_subselect.cc:4026(subselect_single_select_engine::exec())[0xa36cdc]
|
sql/item_subselect.cc:858(Item_subselect::exec())[0xa2e4bc]
|
sql/item_subselect.cc:1872(Item_exists_subselect::val_bool())[0xa30a1e]
|
sql/item_cmpfunc.cc:202(Item_func_not::val_int())[0x9a6739]
|
sql/sql_type.cc:8716(Type_handler_int_result::Item_eq_value(THD*, Type_cmp_attributes const*, Item*, Item*) const)[0x8d676c]
|
sql/item_cmpfunc.cc:6746(Item_equal::add_const(THD*, Item*))[0x9b79d8]
|
??:0(Item_equal::merge_with_check(THD*, Item_equal*, bool))[0x9b7d7b]
|
sql/sql_list.h:429(base_list_iterator::next())[0x7aec59]
|
sql/field.h:429(Context)[0x899f87]
|
??:0(JOIN::optimize_inner())[0x79112c]
|
??:0(JOIN::optimize())[0x78af00]
|
sql/sql_select.cc:4993(mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_
|
select_lex*))[0x785468]
|
sql/sql_select.cc:543(handle_select(THD*, LEX*, select_result*, unsigned long))[0x785330]
|
sql/sql_parse.cc:6252(execute_sqlcom_select(THD*, TABLE_LIST*))[0x754fea]
|
??:0(mysql_execute_command(THD*, bool))[0x74ef77]
|
sql/sql_class.h:2734(THD::enter_stage(PSI_stage_info_v1 const*, char const*, char const*, unsigned int))[0x74b207]
|
sql/sql_parse.cc:1896(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool))[0x7490c7]
|
sql/sql_parse.cc:1404(do_command(THD*, bool))[0x74b65e]
|
sql/sql_connect.cc:1418(do_handle_one_connection(CONNECT*, bool))[0x85bf2e]
|
sql/sql_connect.cc:1318(handle_one_connection)[0x85bd4d]
|
perfschema/pfs.cc:2203(pfs_spawn_thread)[0xb8496e]
|
nptl/pthread_create.c:478(start_thread)[0x7f0e1b8a9609]
|
??:0(clone)[0x7f0e1b5c9163]
|
|
|
Trying to get some variables.
|
Some pointers may be invalid and cause the dump to abort.
|
Query (0x7f0dac010b50): SELECT ( 'x' ) FROM v2 GROUP BY v3 HAVING v3 = ( NOT EXISTS ( SELECT * WHERE 'x' ) )
|
Attachments
Issue Links
- duplicates
-
MDEV-26402 A SEGV in Item_field::used_tables/update_depend_map_for_order or Assertion `fixed == 1'
-
- Closed
-
- relates to
-
-
- Stalled
-
- links to
Activity
This bug has been actually fixed by the patch for MDEV-26402. Only a test case of MDEV-28080 will be added to 10.4.
Here's a more general test case that causes the same crash:
CREATE TABLE t1 (a int);
|
CREATE TABLE t2 (b int);
|
INSERT INTO t1 VALUES (0), (1), (1), (0);
|
INSERT INTO t2 VALUES (3), (7);
|
|
|
SELECT a FROM t1
|
GROUP BY a HAVING a= (NOT EXISTS (SELECT b FROM t2 WHERE b = 1));
|
SELECT a FROM t1
|
GROUP BY a HAVING a= (NOT EXISTS (SELECT b FROM t2 WHERE b = 7));
|
|
|
DROP TABLE t1, t2;
|
Thanks! I repeated on 10.4-10.8, a temporary workaround - optimizer_switch='condition_pushdown_from_having=off';
10.4 069139a549a62f26d566c1ae
Version: '10.4.25-MariaDB-debug-log'mysqld: /10.4/src/sql/item_subselect.cc:1799: virtual bool Item_exists_subselect::val_bool(): Assertion `fixed == 1' failed.220318 9:59:21 [ERROR] mysqld got signal 6 ;Server version: 10.4.25-MariaDB-debug-logsql/item_subselect.cc:1800(Item_exists_subselect::val_bool())[0x556271a47cd1]sql/item_cmpfunc.cc:200(Item_func_not::val_int())[0x5562718d37cc]sql/sql_type.cc:8270(Type_handler_int_result::Item_eq_value(THD*, Type_cmp_attributes const*, Item*, Item*) const)[0x5562715ebf52]sql/item_cmpfunc.cc:6653(Item_equal::add_const(THD*, Item*))[0x5562719154b6]sql/item_cmpfunc.cc:6779(Item_equal::merge_with_check(THD*, Item_equal*, bool))[0x556271915b63]sql/sql_select.cc:17242(propagate_new_equalities(THD*, Item*, List<Item_equal>*, COND_EQUAL*, bool*))[0x55627119c974]sql/opt_subselect.cc:6012(and_new_conditions_to_optimized_cond(THD*, Item*, COND_EQUAL**, List<Item>&, Item::cond_result*))[0x55627155f154]sql/sql_select.cc:2091(JOIN::optimize_inner())[0x5562711299ac]sql/sql_select.cc:1659(JOIN::optimize())[0x556271124bda]sql/sql_select.cc:4749(mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x5562711459c9]sql/sql_select.cc:436(handle_select(THD*, LEX*, select_result*, unsigned long))[0x556271116c70]sql/sql_parse.cc:6449(execute_sqlcom_select(THD*, TABLE_LIST*))[0x55627108525f]sql/sql_parse.cc:3963(mysql_execute_command(THD*))[0x556271072b3e]sql/sql_parse.cc:7995(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x55627108e74d]sql/sql_parse.cc:1860(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x556271064ed4]sql/sql_parse.cc:1373(do_command(THD*))[0x556271061951]sql/sql_connect.cc:1420(do_handle_one_connection(CONNECT*))[0x55627145d30d]sql/sql_connect.cc:1317(handle_one_connection)[0x55627145ca66]perfschema/pfs.cc:1871(pfs_spawn_thread)[0x55627215e09d]nptl/pthread_create.c:478(start_thread)[0x7f119acb6609]/lib/x86_64-linux-gnu/libc.so.6(clone+0x43)[0x7f119a887163]Query (0x62b0000a1290): SELECT 1 FROM t1 GROUP BY a HAVING a= (NOT EXISTS (SELECT 1))on 10.6+ assertion was renamed -10.6/src/sql/item_subselect.cc:1872: virtual bool Item_exists_subselect::val_bool(): Assertion `fixed()' failed.