Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-29353

SIGSEGV's in _ma_unique_hash, _ma_make_key and _ma_calc_blob_length on SELECT (on optimized builds)

    XMLWordPrintable

Details

    Description

      I am creating this as a new bug as we have not thus far seen a SIGSEGV in _ma_unique_hash. However, this is the outcome only on all versions' optimized builds.

      On debug builds on the other hand, with the same testcase, the outcome presents itself like the stacks in MDEV-28515. Furthermore, when the BLOB column type in the testcase is changed to INT the outcome on optimized builds looks like MDEV-29052. Both these issues are intertwined as well.

      It looks like there are various clusters of issues at play here as discussed earlier. While all versions are affected by this testcase, this bug is thus primarily for the SIGSEGV in _ma_unique_hash in optimized 10.3+ builds.

      CREATE TABLE t (c BLOB);
      INSERT INTO t VALUES (0);
      DELETE FROM t;
      INSERT INTO t VALUES (0);
      SELECT * FROM (SELECT * FROM t) AS a JOIN t WINDOW b AS (PARTITION BY t.c AND 0 BETWEEN (SELECT * FROM t GROUP BY t.c WINDOW d AS (PARTITION BY t.c)) AND 0);
      

      Leads to:

      10.11.0 bc563f1a4b0b38de3b41fd0f0d3d8b7f1aacbd8b (Optimized)

      Core was generated by `/test/MD190822-mariadb-10.11.0-linux-x86_64-opt/bin/mysqld --no-defaults --core'.
      Program terminated with signal SIGSEGV, Segmentation fault.
      #0  0x0000555eafa3bf4f in _ma_unique_hash (def=def@entry=0x15234c08c2b8, 
          record=record@entry=0x15234c05a100 <incomplete sequence \362>)
          at /test/10.11_opt/storage/maria/ma_unique.c:117
      [Current thread is 1 (Thread 0x1523e80bf700 (LWP 1929823))]
      (gdb) bt
      #0  0x0000555eafa3bf4f in _ma_unique_hash (def=def@entry=0x15234c08c2b8, record=record@entry=0x15234c05a100 <incomplete sequence \362>) at /test/10.11_opt/storage/maria/ma_unique.c:117
      #1  0x0000555eafa8b15d in maria_write (info=0x15234c08c6f8, record=0x15234c05a100 <incomplete sequence \362>) at /test/10.11_opt/storage/maria/ma_write.c:133
      #2  0x0000555eaf6ae018 in handler::ha_write_tmp_row (buf=0x15234c05a100 <incomplete sequence \362>, this=0x15234c05a630) at /test/10.11_opt/include/mysql/psi/mysql_thread.h:795
      #3  end_write (join=0x15234c04b878, join_tab=0x15234c055800, end_of_records=<optimized out>) at /test/10.11_opt/sql/sql_select.cc:23256
      #4  0x0000555eaf793169 in JOIN_CACHE::generate_full_extensions (rec_ptr=0x15234c05ae08 "\376\001", this=0x15234c0535f0) at /test/10.11_opt/sql/sql_join_cache.cc:2478
      #5  JOIN_CACHE::generate_full_extensions (this=0x15234c0535f0, rec_ptr=0x15234c05ae08 "\376\001") at /test/10.11_opt/sql/sql_join_cache.cc:2461
      #6  0x0000555eaf79356e in JOIN_CACHE::join_matching_records (this=0x15234c0535f0, skip_last=false) at /test/10.11_opt/sql/sql_join_cache.cc:2370
      #7  0x0000555eaf792db1 in JOIN_CACHE::join_records (this=this@entry=0x15234c0535f0, skip_last=skip_last@entry=false) at /test/10.11_opt/sql/sql_join_cache.cc:2151
      #8  0x0000555eaf6954aa in sub_select_cache (join=0x15234c04b878, join_tab=0x15234c055448, end_of_records=<optimized out>) at /test/10.11_opt/sql/sql_select.cc:21537
      #9  0x0000555eaf6c39ff in do_select (procedure=<optimized out>, join=0x15234c04b878) at /test/10.11_opt/sql/sql_select.cc:21310
      #10 JOIN::exec_inner (this=0x15234c04b878) at /test/10.11_opt/sql/sql_select.cc:4812
      #11 0x0000555eaf6c3f68 in JOIN::exec (this=this@entry=0x15234c04b878) at /test/10.11_opt/sql/sql_select.cc:4590
      #12 0x0000555eaf6c2171 in mysql_select (thd=0x15234c000c58, tables=0x15234c012380, fields=@0x15234c010b58: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x15234c010e48, last = 0x15234c04ca20, elements = 2}, <No data fields>}, conds=0x0, og_num=1, order=0x0, group=0x15234c014218, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x15234c04b850, unit=0x15234c004cd0, select_lex=0x15234c0108b8) at /test/10.11_opt/sql/sql_select.cc:5070
      #13 0x0000555eaf6c28b7 in handle_select (thd=thd@entry=0x15234c000c58, lex=lex@entry=0x15234c004bf8, result=result@entry=0x15234c04b850, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.11_opt/sql/sql_select.cc:581
      #14 0x0000555eaf6445b1 in execute_sqlcom_select (thd=0x15234c000c58, all_tables=0x15234c012380) at /test/10.11_opt/sql/sql_parse.cc:6261
      #15 0x0000555eaf6521f8 in mysql_execute_command (thd=0x15234c000c58, is_called_from_prepared_stmt=<optimized out>) at /test/10.11_opt/sql/sql_parse.cc:3945
      #16 0x0000555eaf63f7b5 in mysql_parse (rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, thd=0x15234c000c58) at /test/10.11_opt/sql/sql_parse.cc:8035
      #17 mysql_parse (thd=0x15234c000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/10.11_opt/sql/sql_parse.cc:7957
      #18 0x0000555eaf64b2ca in dispatch_command (command=COM_QUERY, thd=0x15234c000c58, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/10.11_opt/sql/sql_class.h:1339
      #19 0x0000555eaf64d1f2 in do_command (thd=0x15234c000c58, blocking=blocking@entry=true) at /test/10.11_opt/sql/sql_parse.cc:1407
      #20 0x0000555eaf76546f in do_handle_one_connection (connect=<optimized out>, connect@entry=0x555eb2152398, put_in_cache=put_in_cache@entry=true) at /test/10.11_opt/sql/sql_connect.cc:1418
      #21 0x0000555eaf76574d in handle_one_connection (arg=0x555eb2152398) at /test/10.11_opt/sql/sql_connect.cc:1312
      #22 0x000015240713d609 in start_thread (arg=<optimized out>) at pthread_create.c:477
      #23 0x0000152406d29133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
      

      Bug confirmed present in:
      MariaDB: 10.3.37 (dbg), 10.3.37 (opt), 10.4.27 (dbg), 10.4.27 (opt), 10.5.18 (dbg), 10.5.18 (opt), 10.6.10 (dbg), 10.6.10 (opt), 10.7.6 (dbg), 10.7.6 (opt), 10.8.5 (dbg), 10.8.5 (opt), 10.9.2 (dbg), 10.9.2 (opt), 10.10.2 (dbg), 10.10.2 (opt), 10.11.0 (dbg), 10.11.0 (opt)

      Bug (or feature/syntax) confirmed not present in:
      MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.38 (dbg), 5.7.38 (opt), 8.0.29 (dbg), 8.0.29 (opt)

      Attachments

        Issue Links

          Activity

            People

              psergei Sergei Petrunia
              Roel Roel Van de Paar
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.