[MDEV-29039] ANALYZE on RECURSIVE CTE crashes MariaDB Server signal 11 - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Duplicate
Affects Version/s: None
Fix Version/s: N/A
Component/s: N/A
Labels:
None

Description

create schema if not exists crashtest;

use crashtest;

CREATE TABLE `PROJECTS` (`LIBRARY_ID` int(11) NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;

insert into PROJECTS (LIBRARY_ID) values (1046);

ANALYZE FORMAT = JSON

with recursive

effective_project_security as (

   select project.LIBRARY_ID

     from PROJECTS as project

    where project.LIBRARY_ID = 1046

 union all

   select project_child.LIBRARY_ID

     from PROJECTS as project_parent

          inner join effective_project_security as project_child

                  on project_parent.LIBRARY_ID = project_child.LIBRARY_ID

                  where 1=1),

effective_descendant_security as (

    select project.LIBRARY_ID

      from PROJECTS as project

           inner join effective_project_security

                   on project.LIBRARY_ID = effective_project_security.LIBRARY_ID

                   where 1=1)

select * from PROJECTS as main;

This script will crash mariadb server: signal 11.
tested on 10.5.10-7-MariaDB-enterprise

Not all ANALYZE on recursive CTE will crash the server. Customer provided one that does not crash.

Attachments

Issue Links

duplicates

MDEV-23160 SIGSEGV in Explain_node::print_explain_for_children on UNION SELECT or on EXPLAIN EXTENDED (on optimized builds)

Closed

Activity

Alice Sherepa added a comment - 2022-11-04 11:38

Thanks! I repeated as described

CREATE TABLE t1 (id int);

insert into t1 values (1),(2),(3);

ANALYZE FORMAT = JSON

with recursive cte as (SELECT id FROM t1 a1 UNION SELECT id FROM cte),

	cte2 AS (SELECT * FROM cte)

SELECT * FROM t1 ;

221104 12:02:50 [ERROR] mysqld got signal 11 ;

Server version: 10.7.7-MariaDB-debug-log

sql/signal_handler.cc:236(handle_fatal_signal)[0x559a089ecdb8]

sigaction.c:0(__restore_rt)[0x7f31d94c8420]

sql/sql_explain.cc:711(Explain_node::print_explain_json_for_children(Explain_query*, Json_writer*, bool))[0x559a0867c128]

sql/sql_explain.cc:1096(Explain_basic_join::print_explain_json_interns(Explain_query*, Json_writer*, bool))[0x559a0867ebef]

sql/sql_explain.cc:1003(Explain_select::print_explain_json(Explain_query*, Json_writer*, bool))[0x559a0867df89]

sql/sql_explain.cc:235(Explain_query::print_explain_json(select_result_sink*, bool))[0x559a08678b90]

sql/sql_explain.cc:175(Explain_query::send_explain(THD*))[0x559a086784a1]

sql/sql_parse.cc:6265(execute_sqlcom_select(THD*, TABLE_LIST*))[0x559a0814f87e]

sql/sql_parse.cc:3944(mysql_execute_command(THD*, bool))[0x559a0813e1c0]

sql/sql_parse.cc:8014(mysql_parse(THD*, char*, unsigned int, Parser_state*))[0x559a0815a82a]

sql/sql_parse.cc:1896(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool))[0x559a08130a6f]

sql/sql_parse.cc:1407(do_command(THD*, bool))[0x559a0812d7d2]

sql/sql_connect.cc:1416(do_handle_one_connection(CONNECT*, bool))[0x559a085d76e6]

sql/sql_connect.cc:1320(handle_one_connection)[0x559a085d7043]

perfschema/pfs.cc:2203(pfs_spawn_thread)[0x559a091d8768]

nptl/pthread_create.c:478(start_thread)[0x7f31d94bc609]

??:0(clone)[0x7f31d908d133]

Query (0x6290000e62a8): ANALYZE FORMAT = JSON

with recursive cte as (SELECT id FROM t1 a1 UNION SELECT id FROM cte),

cte2 AS (SELECT * FROM cte)

SELECT * FROM t1

fixed by 6bc2e9338127cf9e97fa76cc97ab23f9c929991b commit by Sergei Petrunia (~~MDEV-23160~~: SIGSEGV in Explain_node::print_explain_for_children on UNION SELECT)

Alice Sherepa added a comment - 2022-11-04 11:38 Thanks! I repeated as described CREATE TABLE t1 (id int ); insert into t1 values (1),(2),(3); ANALYZE FORMAT = JSON with recursive cte as ( SELECT id FROM t1 a1 UNION SELECT id FROM cte), cte2 AS ( SELECT * FROM cte) SELECT * FROM t1 ; 221104 12:02:50 [ERROR] mysqld got signal 11 ; Server version: 10.7.7-MariaDB-debug-log sql/signal_handler.cc:236(handle_fatal_signal)[0x559a089ecdb8] sigaction.c:0(__restore_rt)[0x7f31d94c8420] sql/sql_explain.cc:711(Explain_node::print_explain_json_for_children(Explain_query*, Json_writer*, bool))[0x559a0867c128] sql/sql_explain.cc:1096(Explain_basic_join::print_explain_json_interns(Explain_query*, Json_writer*, bool))[0x559a0867ebef] sql/sql_explain.cc:1003(Explain_select::print_explain_json(Explain_query*, Json_writer*, bool))[0x559a0867df89] sql/sql_explain.cc:235(Explain_query::print_explain_json(select_result_sink*, bool))[0x559a08678b90] sql/sql_explain.cc:175(Explain_query::send_explain(THD*))[0x559a086784a1] sql/sql_parse.cc:6265(execute_sqlcom_select(THD*, TABLE_LIST*))[0x559a0814f87e] sql/sql_parse.cc:3944(mysql_execute_command(THD*, bool))[0x559a0813e1c0] sql/sql_parse.cc:8014(mysql_parse(THD*, char*, unsigned int, Parser_state*))[0x559a0815a82a] sql/sql_parse.cc:1896(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool))[0x559a08130a6f] sql/sql_parse.cc:1407(do_command(THD*, bool))[0x559a0812d7d2] sql/sql_connect.cc:1416(do_handle_one_connection(CONNECT*, bool))[0x559a085d76e6] sql/sql_connect.cc:1320(handle_one_connection)[0x559a085d7043] perfschema/pfs.cc:2203(pfs_spawn_thread)[0x559a091d8768] nptl/pthread_create.c:478(start_thread)[0x7f31d94bc609] ??:0(clone)[0x7f31d908d133] Query (0x6290000e62a8): ANALYZE FORMAT = JSON with recursive cte as (SELECT id FROM t1 a1 UNION SELECT id FROM cte), cte2 AS (SELECT * FROM cte) SELECT * FROM t1 fixed by 6bc2e9338127cf9e97fa76cc97ab23f9c929991b commit by Sergei Petrunia ( MDEV-23160 : SIGSEGV in Explain_node::print_explain_for_children on UNION SELECT)

People

Assignee:: Unassigned

Reporter:: Edward Stoever

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2022-07-05 22:29

Updated:: 2024-07-07 20:15

Resolved:: 2022-11-04 11:39

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.