Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
10.4(EOL), 10.5, 10.6, 10.7(EOL), 10.8(EOL), 10.9(EOL), 10.10(EOL), 10.11
Description
CREATE TABLE c(c INT) ENGINE=InnoDB; |
SELECT 0 WHERE 0 IN(SELECT 0 FROM (SELECT 0 IN (WITH c AS(SELECT c=0 FROM (SELECT c FROM c WHERE c=0) AS c) SELECT (SELECT c FROM c AS c LIMIT 0 OFFSET 0)=0) AS c FROM c AS c) AS c WHERE c=0 GROUP BY c); |
Leads to:
|
10.11.0 bc563f1a4b0b38de3b41fd0f0d3d8b7f1aacbd8b (Optimized) |
Core was generated by `/test/MD190822-mariadb-10.11.0-linux-x86_64-opt/bin/mysqld --no-defaults --core'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 0x000055e1f5b7b26a in st_select_lex_unit::set_limit (this=0x14904401cee8,
|
sl=0x0) at /test/10.11_opt/sql/sql_lex.cc:4226
|
[Current thread is 1 (Thread 0x1490700a8700 (LWP 1440414))]
|
(gdb) bt
|
#0 0x000055e1f5b7b26a in st_select_lex_unit::set_limit (this=0x14904401cee8, sl=0x0) at /test/10.11_opt/sql/sql_lex.cc:4226
|
#1 0x000055e1f5ec0e77 in subselect_single_select_engine::exec (this=0x14904401d718) at /test/10.11_opt/sql/sql_lex.h:967
|
#2 0x000055e1f5ec05ac in Item_subselect::exec (this=0x149044014598) at /test/10.11_opt/sql/item_subselect.cc:854
|
#3 0x000055e1f5ec27e4 in Item_singlerow_subselect::val_int (this=0x149044014598) at /test/10.11_opt/sql/item_subselect.cc:1504
|
#4 0x000055e1f5e1e61d in Arg_comparator::compare_int_signed (this=0x14904401d888) at /test/10.11_opt/sql/item_cmpfunc.cc:943
|
#5 0x000055e1f5e1ec8f in Arg_comparator::compare (this=<optimized out>) at /test/10.11_opt/sql/item_cmpfunc.h:103
|
#6 Item_func_eq::val_int (this=<optimized out>) at /test/10.11_opt/sql/item_cmpfunc.cc:1775
|
#7 0x000055e1f5e1e63c in Arg_comparator::compare_int_signed (this=0x149044050cf0) at /test/10.11_opt/sql/item_cmpfunc.cc:946
|
#8 0x000055e1f5e1ec8f in Arg_comparator::compare (this=<optimized out>) at /test/10.11_opt/sql/item_cmpfunc.h:103
|
#9 Item_func_eq::val_int (this=<optimized out>) at /test/10.11_opt/sql/item_cmpfunc.cc:1775
|
#10 0x000055e1f5dfb153 in Item_direct_ref::val_int (this=0x149044051150) at /test/10.11_opt/sql/item.cc:8646
|
#11 0x000055e1f5e1e61d in Arg_comparator::compare_int_signed (this=0x14904401fee8) at /test/10.11_opt/sql/item_cmpfunc.cc:943
|
#12 0x000055e1f5e1ec8f in Arg_comparator::compare (this=<optimized out>) at /test/10.11_opt/sql/item_cmpfunc.h:103
|
#13 Item_func_eq::val_int (this=<optimized out>) at /test/10.11_opt/sql/item_cmpfunc.cc:1775
|
#14 0x000055e1f5c1d9cc in do_select (procedure=<optimized out>, join=0x149044021d10) at /test/10.11_opt/sql/sql_select.cc:21305
|
#15 JOIN::exec_inner (this=0x149044021d10) at /test/10.11_opt/sql/sql_select.cc:4812
|
#16 0x000055e1f5c1df68 in JOIN::exec (this=0x149044021d10) at /test/10.11_opt/sql/sql_select.cc:4590
|
#17 0x000055e1f5ec0f56 in subselect_single_select_engine::exec (this=0x149044020b70) at /test/10.11_opt/sql/item_subselect.cc:4144
|
#18 0x000055e1f5ec05ac in Item_subselect::exec (this=0x149044020978) at /test/10.11_opt/sql/item_subselect.cc:854
|
#19 0x000055e1f5ec0a14 in Item_in_subselect::val_bool (this=0x149044020978) at /test/10.11_opt/sql/item_subselect.cc:1989
|
#20 0x000055e1f5e2c064 in Item_in_optimizer::val_int (this=0x1490440513d0) at /test/10.11_opt/sql/item_cmpfunc.cc:1650
|
#21 Item_in_optimizer::val_int (this=0x1490440513d0) at /test/10.11_opt/sql/item_cmpfunc.cc:1558
|
#22 0x000055e1f5d32574 in Type_handler_int_result::Item_val_bool (this=<optimized out>, item=<optimized out>) at /test/10.11_opt/sql/sql_type.cc:5091
|
#23 0x000055e1f5bda5ad in Item::eval_const_cond (this=0x1490440513d0) at /test/10.11_opt/sql/item.h:1694
|
#24 Item::remove_eq_conds (thd=<optimized out>, top_level_arg=<optimized out>, cond_value=0x1490440218c0, this=0x1490440513d0) at /test/10.11_opt/sql/sql_select.cc:18611
|
#25 Item::remove_eq_conds (this=0x1490440513d0, thd=<optimized out>, cond_value=0x1490440218c0, top_level_arg=<optimized out>) at /test/10.11_opt/sql/sql_select.cc:18607
|
#26 0x000055e1f5be0d79 in optimize_cond (join=<optimized out>, conds=0x1490440513d0, join_list=0x149044010ad0, ignore_on_conds=<optimized out>, cond_value=0x1490440218c0, cond_equal=0x1490440219e8, flags=1) at /test/10.11_opt/sql/sql_select.cc:18161
|
#27 0x000055e1f5c18afe in JOIN::optimize_inner (this=0x149044021540) at /test/10.11_opt/sql/sql_select.cc:2251
|
#28 0x000055e1f5c1c033 in JOIN::optimize (this=this@entry=0x149044021540) at /test/10.11_opt/sql/sql_select.cc:1863
|
#29 0x000055e1f5c1c11e in mysql_select (thd=0x149044000c58, tables=0x0, fields=@0x149044010bb8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x149044010e10, last = 0x149044010e10, elements = 1}, <No data fields>}, conds=0x149044020978, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x149044021518, unit=0x149044004cd0, select_lex=0x149044010918) at /test/10.11_opt/sql/sql_select.cc:5056
|
#30 0x000055e1f5c1c8b7 in handle_select (thd=thd@entry=0x149044000c58, lex=lex@entry=0x149044004bf8, result=result@entry=0x149044021518, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.11_opt/sql/sql_select.cc:581
|
#31 0x000055e1f5b9e5b1 in execute_sqlcom_select (thd=0x149044000c58, all_tables=0x149044012788) at /test/10.11_opt/sql/sql_parse.cc:6261
|
#32 0x000055e1f5bac1f8 in mysql_execute_command (thd=0x149044000c58, is_called_from_prepared_stmt=<optimized out>) at /test/10.11_opt/sql/sql_parse.cc:3945
|
#33 0x000055e1f5b997b5 in mysql_parse (rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, thd=0x149044000c58) at /test/10.11_opt/sql/sql_parse.cc:8035
|
#34 mysql_parse (thd=0x149044000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/10.11_opt/sql/sql_parse.cc:7957
|
#35 0x000055e1f5ba52ca in dispatch_command (command=COM_QUERY, thd=0x149044000c58, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/10.11_opt/sql/sql_class.h:1339
|
#36 0x000055e1f5ba71f2 in do_command (thd=0x149044000c58, blocking=blocking@entry=true) at /test/10.11_opt/sql/sql_parse.cc:1407
|
#37 0x000055e1f5cbf46f in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55e1f7bf34e8, put_in_cache=put_in_cache@entry=true) at /test/10.11_opt/sql/sql_connect.cc:1418
|
#38 0x000055e1f5cbf74d in handle_one_connection (arg=0x55e1f7bf34e8) at /test/10.11_opt/sql/sql_connect.cc:1312
|
#39 0x000014909cb3c609 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
#40 0x000014909c728133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
|
10.11.0 bc563f1a4b0b38de3b41fd0f0d3d8b7f1aacbd8b (Debug) |
mysqld: /test/10.11_dbg/sql/item_subselect.cc:829: virtual bool Item_subselect::exec(): Assertion `!eliminated' failed.
|
|
10.11.0 bc563f1a4b0b38de3b41fd0f0d3d8b7f1aacbd8b (Debug) |
Core was generated by `/test/MD190822-mariadb-10.11.0-linux-x86_64-dbg/bin/mysqld --no-defaults --core'.
|
Program terminated with signal SIGABRT, Aborted.
|
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
|
[Current thread is 1 (Thread 0x154586b4c700 (LWP 1440415))]
|
(gdb) bt
|
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
|
#1 0x00001545a30cb859 in __GI_abort () at abort.c:79
|
#2 0x00001545a30cb729 in __assert_fail_base (fmt=0x1545a3261588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x56101adc5f62 "!eliminated", file=0x56101adc6398 "/test/10.11_dbg/sql/item_subselect.cc", line=829, function=<optimized out>) at assert.c:92
|
#3 0x00001545a30dcfd6 in __GI___assert_fail (assertion=assertion@entry=0x56101adc5f62 "!eliminated", file=file@entry=0x56101adc6398 "/test/10.11_dbg/sql/item_subselect.cc", line=line@entry=829, function=function@entry=0x56101adc6c98 "virtual bool Item_subselect::exec()") at assert.c:101
|
#4 0x000056101a424e7b in Item_subselect::exec (this=0x15454c017ab8) at /test/10.11_dbg/sql/item_subselect.cc:829
|
#5 0x000056101a423385 in Item_singlerow_subselect::val_int (this=0x15454c017ab8) at /test/10.11_dbg/sql/item_subselect.cc:1504
|
#6 0x000056101a35c4eb in Arg_comparator::compare_int_signed (this=0x15454c0262a8) at /test/10.11_dbg/sql/item_cmpfunc.cc:943
|
#7 0x000056101a35eb22 in Arg_comparator::compare (this=0x15454c0262a8) at /test/10.11_dbg/sql/item_cmpfunc.h:103
|
#8 Item_func_eq::val_int (this=0x15454c0261f8) at /test/10.11_dbg/sql/item_cmpfunc.cc:1775
|
#9 0x000056101a35c50a in Arg_comparator::compare_int_signed (this=0x15454c078038) at /test/10.11_dbg/sql/item_cmpfunc.cc:946
|
#10 0x000056101a35eb22 in Arg_comparator::compare (this=0x15454c078038) at /test/10.11_dbg/sql/item_cmpfunc.h:103
|
#11 Item_func_eq::val_int (this=0x15454c077f88) at /test/10.11_dbg/sql/item_cmpfunc.cc:1775
|
#12 0x000056101a32ed59 in Item_direct_ref::val_int (this=this@entry=0x15454c078498) at /test/10.11_dbg/sql/item.cc:8646
|
#13 0x000056101a353bee in Item_direct_view_ref::val_int (this=0x15454c078498) at /test/10.11_dbg/sql/item.h:6090
|
#14 0x000056101a35c4eb in Arg_comparator::compare_int_signed (this=0x15454c029418) at /test/10.11_dbg/sql/item_cmpfunc.cc:943
|
#15 0x000056101a35eb22 in Arg_comparator::compare (this=0x15454c029418) at /test/10.11_dbg/sql/item_cmpfunc.h:103
|
#16 Item_func_eq::val_int (this=0x15454c029368) at /test/10.11_dbg/sql/item_cmpfunc.cc:1775
|
#17 0x000056101a0bb556 in do_select (procedure=<optimized out>, join=0x15454c02b248) at /test/10.11_dbg/sql/sql_select.cc:21305
|
#18 JOIN::exec_inner (this=this@entry=0x15454c02b248) at /test/10.11_dbg/sql/sql_select.cc:4812
|
#19 0x000056101a0bbe28 in JOIN::exec (this=0x15454c02b248) at /test/10.11_dbg/sql/sql_select.cc:4590
|
#20 0x000056101a425722 in subselect_single_select_engine::exec (this=0x15454c02a0a0) at /test/10.11_dbg/sql/item_subselect.cc:4144
|
#21 0x000056101a424d70 in Item_subselect::exec (this=this@entry=0x15454c029ea8) at /test/10.11_dbg/sql/item_subselect.cc:854
|
#22 0x000056101a42a03d in Item_in_subselect::exec (this=0x15454c029ea8) at /test/10.11_dbg/sql/item_subselect.cc:1036
|
#23 0x000056101a423f17 in Item_in_subselect::val_bool (this=0x15454c029ea8) at /test/10.11_dbg/sql/item_subselect.cc:1989
|
#24 0x0000561019efff5b in Item::val_bool_result (this=<optimized out>) at /test/10.11_dbg/sql/item.h:1783
|
#25 0x000056101a36c79a in Item_in_optimizer::val_int (this=0x15454c078718) at /test/10.11_dbg/sql/item_cmpfunc.cc:1650
|
#26 0x000056101a224022 in Type_handler_int_result::Item_val_bool (this=<optimized out>, item=<optimized out>) at /test/10.11_dbg/sql/sql_type.cc:5091
|
#27 0x0000561019effe8c in Item::val_bool (this=0x15454c078718) at /test/10.11_dbg/sql/item.h:1687
|
#28 0x000056101a06dc86 in Item::eval_const_cond (this=0x15454c078718) at /test/10.11_dbg/sql/item.h:1694
|
#29 Item::remove_eq_conds (this=0x15454c078718, thd=<optimized out>, cond_value=0x15454c02adf8, top_level_arg=<optimized out>) at /test/10.11_dbg/sql/sql_select.cc:18611
|
#30 0x000056101a072934 in optimize_cond (join=join@entry=0x15454c02aa70, conds=0x15454c078718, join_list=0x15454c013ff0, ignore_on_conds=ignore_on_conds@entry=false, cond_value=cond_value@entry=0x15454c02adf8, cond_equal=cond_equal@entry=0x15454c02af20, flags=1) at /test/10.11_dbg/sql/sql_select.cc:18161
|
#31 0x000056101a0b8c02 in JOIN::optimize_inner (this=this@entry=0x15454c02aa70) at /test/10.11_dbg/sql/sql_select.cc:2251
|
#32 0x000056101a0b9a66 in JOIN::optimize (this=this@entry=0x15454c02aa70) at /test/10.11_dbg/sql/sql_select.cc:1863
|
#33 0x000056101a0b9b59 in mysql_select (thd=thd@entry=0x15454c000db8, tables=0x0, fields=@0x15454c0140d8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x15454c014330, last = 0x15454c014330, elements = 1}, <No data fields>}, conds=0x15454c029ea8, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2164525824, result=0x15454c02aa48, unit=0x15454c004ff0, select_lex=0x15454c013e38) at /test/10.11_dbg/sql/sql_select.cc:5056
|
#34 0x000056101a0ba3a2 in handle_select (thd=thd@entry=0x15454c000db8, lex=lex@entry=0x15454c004f18, result=result@entry=0x15454c02aa48, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.11_dbg/sql/sql_select.cc:581
|
#35 0x000056101a0245a6 in execute_sqlcom_select (thd=thd@entry=0x15454c000db8, all_tables=0x15454c015ca8) at /test/10.11_dbg/sql/sql_parse.cc:6261
|
#36 0x000056101a0308c7 in mysql_execute_command (thd=thd@entry=0x15454c000db8, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.11_dbg/sql/sql_parse.cc:3945
|
#37 0x000056101a01e882 in mysql_parse (thd=thd@entry=0x15454c000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x154586b4b330) at /test/10.11_dbg/sql/sql_parse.cc:8035
|
#38 0x000056101a02be6a in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x15454c000db8, packet=packet@entry=0x15454c00b6e9 "SELECT 0 WHERE 0 IN(SELECT 0 FROM (SELECT 0 IN (WITH c AS(SELECT c=0 FROM (SELECT c FROM c WHERE c=0) AS c) SELECT (SELECT c FROM c AS c LIMIT 0 OFFSET 0)=0) AS c FROM c AS c) AS c WHERE c=0 GROUP BY "..., packet_length=packet_length@entry=202, blocking=blocking@entry=true) at /test/10.11_dbg/sql/sql_class.h:1339
|
#39 0x000056101a02e574 in do_command (thd=0x15454c000db8, blocking=blocking@entry=true) at /test/10.11_dbg/sql/sql_parse.cc:1407
|
#40 0x000056101a1901da in do_handle_one_connection (connect=<optimized out>, connect@entry=0x56101d13d1e8, put_in_cache=put_in_cache@entry=true) at /test/10.11_dbg/sql/sql_connect.cc:1418
|
#41 0x000056101a1906e3 in handle_one_connection (arg=0x56101d13d1e8) at /test/10.11_dbg/sql/sql_connect.cc:1312
|
#42 0x00001545a35dc609 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
#43 0x00001545a31c8133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
In 10.4 and 10.5 we see a different SIGSEGV:
|
10.5.18 5fc172fd43375b392a8c8adfb9038c279e578d83 (Optimized) |
Core was generated by `/test/MD200822-mariadb-10.5.18-linux-x86_64-opt/bin/mysqld --no-defaults --core'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 0x0000562c95ebb881 in st_select_lex::get_offset (this=0x0)
|
at /test/10.5_opt/sql/sql_lex.cc:3408
|
[Current thread is 1 (Thread 0x154798089700 (LWP 1440457))]
|
(gdb) bt
|
#0 0x0000562c95ebb881 in st_select_lex::get_offset (this=0x0) at /test/10.5_opt/sql/sql_lex.cc:3408
|
#1 0x0000562c95ebdd4f in st_select_lex_unit::set_limit (this=0x15471c015b10, sl=0x0) at /test/10.5_opt/sql/sql_lex.cc:4186
|
#2 0x0000562c961ad8e7 in subselect_single_select_engine::exec (this=0x15471c020a70) at /test/10.5_opt/sql/sql_lex.h:924
|
#3 0x0000562c961ace0c in Item_subselect::exec (this=0x15471c0208c8) at /test/10.5_opt/sql/item_subselect.cc:837
|
#4 0x0000562c961ac7a3 in Item_singlerow_subselect::val_int (this=0x15471c0208c8) at /test/10.5_opt/sql/item_subselect.cc:1461
|
#5 0x0000562c9611db2d in Arg_comparator::compare_int_signed (this=0x15471c020c20) at /test/10.5_opt/sql/item_cmpfunc.cc:952
|
#6 0x0000562c9611e1cf in Arg_comparator::compare (this=<optimized out>) at /test/10.5_opt/sql/item_cmpfunc.h:102
|
#7 Item_func_eq::val_int (this=<optimized out>) at /test/10.5_opt/sql/item_cmpfunc.cc:1791
|
#8 0x0000562c9611db4c in Arg_comparator::compare_int_signed (this=0x15471c0280f8) at /test/10.5_opt/sql/item_cmpfunc.cc:955
|
#9 0x0000562c9611e1cf in Arg_comparator::compare (this=<optimized out>) at /test/10.5_opt/sql/item_cmpfunc.h:102
|
#10 Item_func_eq::val_int (this=<optimized out>) at /test/10.5_opt/sql/item_cmpfunc.cc:1791
|
#11 0x0000562c960fc113 in Item_direct_ref::val_int (this=0x15471c028558) at /test/10.5_opt/sql/item.cc:8570
|
#12 0x0000562c9611db2d in Arg_comparator::compare_int_signed (this=0x15471c023220) at /test/10.5_opt/sql/item_cmpfunc.cc:952
|
#13 0x0000562c9611e1cf in Arg_comparator::compare (this=<optimized out>) at /test/10.5_opt/sql/item_cmpfunc.h:102
|
#14 Item_func_eq::val_int (this=<optimized out>) at /test/10.5_opt/sql/item_cmpfunc.cc:1791
|
#15 0x0000562c95f4f555 in do_select (procedure=<optimized out>, join=0x15471c025220) at /test/10.5_opt/sql/sql_select.cc:20495
|
#16 JOIN::exec_inner (this=0x15471c025220) at /test/10.5_opt/sql/sql_select.cc:4560
|
#17 0x0000562c95f4fac8 in JOIN::exec (this=0x15471c025220) at /test/10.5_opt/sql/sql_select.cc:4340
|
#18 0x0000562c961ad9c6 in subselect_single_select_engine::exec (this=0x15471c023fa0) at /test/10.5_opt/sql/item_subselect.cc:4097
|
#19 0x0000562c961ace0c in Item_subselect::exec (this=0x15471c023d58) at /test/10.5_opt/sql/item_subselect.cc:837
|
#20 0x0000562c961ad664 in Item_in_subselect::val_bool (this=0x15471c023d58) at /test/10.5_opt/sql/item_subselect.cc:1947
|
#21 0x0000562c9612947a in Item_in_optimizer::val_int (this=0x15471c0286e8) at /test/10.5_opt/sql/item_cmpfunc.cc:1666
|
#22 Item_in_optimizer::val_int (this=0x15471c0286e8) at /test/10.5_opt/sql/item_cmpfunc.cc:1574
|
#23 0x0000562c9603ba84 in Type_handler_int_result::Item_val_bool (this=<optimized out>, item=<optimized out>) at /test/10.5_opt/sql/sql_type.cc:5082
|
#24 0x0000562c95f0ab8d in Item::eval_const_cond (this=0x15471c0286e8) at /test/10.5_opt/sql/item.h:1496
|
#25 Item::remove_eq_conds (thd=<optimized out>, top_level_arg=<optimized out>, cond_value=0x15471c0244a0, this=0x15471c0286e8) at /test/10.5_opt/sql/sql_select.cc:17782
|
#26 Item::remove_eq_conds (this=0x15471c0286e8, thd=<optimized out>, cond_value=0x15471c0244a0, top_level_arg=<optimized out>) at /test/10.5_opt/sql/sql_select.cc:17778
|
#27 0x0000562c95f137e9 in optimize_cond (join=<optimized out>, conds=0x15471c0286e8, join_list=0x15471c0107d0, ignore_on_conds=<optimized out>, cond_value=0x15471c0244a0, cond_equal=0x15471c0245c8, flags=1) at /test/10.5_opt/sql/sql_select.cc:17332
|
#28 0x0000562c95f4a7c2 in JOIN::optimize_inner (this=0x15471c024190) at /test/10.5_opt/sql/sql_select.cc:2058
|
#29 0x0000562c95f4da03 in JOIN::optimize (this=this@entry=0x15471c024190) at /test/10.5_opt/sql/sql_select.cc:1686
|
#30 0x0000562c95f4db0c in mysql_select (thd=0x15471c000c58, tables=0x0, fields=@0x15471c010758: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x15471c010b30, last = 0x15471c010b30, elements = 1}, <No data fields>}, conds=0x15471c023d58, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x15471c024168, unit=0x15471c004a40, select_lex=0x15471c010608) at /test/10.5_opt/sql/sql_select.cc:4803
|
#31 0x0000562c95f4e517 in handle_select (thd=thd@entry=0x15471c000c58, lex=lex@entry=0x15471c004978, result=result@entry=0x15471c024168, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.5_opt/sql/sql_select.cc:444
|
#32 0x0000562c95edfa01 in execute_sqlcom_select (thd=0x15471c000c58, all_tables=0x15471c0125d8) at /test/10.5_opt/sql/sql_parse.cc:6315
|
#33 0x0000562c95eedb1d in mysql_execute_command (thd=0x15471c000c58) at /test/10.5_opt/sql/sql_parse.cc:4006
|
#34 0x0000562c95eda933 in mysql_parse (thd=0x15471c000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /test/10.5_opt/sql/sql_parse.cc:8101
|
#35 0x0000562c95ee7202 in dispatch_command (command=COM_QUERY, thd=0x15471c000c58, packet=<optimized out>, packet_length=<optimized out>, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /test/10.5_opt/sql/sql_class.h:1290
|
#36 0x0000562c95ee8ed6 in do_command (thd=0x15471c000c58) at /test/10.5_opt/sql/sql_parse.cc:1375
|
#37 0x0000562c95fe52c6 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x562c98c53dd8, put_in_cache=put_in_cache@entry=true) at /test/10.5_opt/sql/sql_connect.cc:1418
|
#38 0x0000562c95fe557d in handle_one_connection (arg=0x562c98c53dd8) at /test/10.5_opt/sql/sql_connect.cc:1312
|
#39 0x00001547b0140609 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
#40 0x00001547afd2c133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
Bug confirmed present in:
MariaDB: 10.4.27 (dbg), 10.4.27 (opt), 10.5.18 (dbg), 10.5.18 (opt), 10.6.10 (dbg), 10.6.10 (opt), 10.7.6 (dbg), 10.7.6 (opt), 10.8.5 (dbg), 10.8.5 (opt), 10.9.2 (dbg), 10.9.2 (opt), 10.10.2 (dbg), 10.10.2 (opt), 10.11.0 (dbg), 10.11.0 (opt)
Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.3.37 (dbg), 10.3.37 (opt)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.38 (dbg), 5.7.38 (opt), 8.0.29 (dbg), 8.0.29 (opt)
10.3 Fails with invalid syntax:
|
10.3.37 a1055ab35d29437b717e83b1a388eaa02901c42f (Debug) |
10.3.37-dbg>CREATE TABLE c(c INT) ENGINE=InnoDB;
|
Query OK, 0 rows affected (0.015 sec)
|
|
|
10.3.37-dbg>SELECT 0 WHERE 0 IN(SELECT 0 FROM (SELECT 0 IN (WITH c AS(SELECT c=0 FROM (SELECT c FROM c WHERE c=0) AS c) SELECT (SELECT c FROM c AS c LIMIT 0 OFFSET 0)=0) AS c FROM c AS c) AS c WHERE c=0 GROUP BY c);
|
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'WHERE 0 IN(SELECT 0 FROM (SELECT 0 IN (WITH c AS(SELECT c=0 FROM (SELECT c FR...' at line 1
|
Attachments
Issue Links
- duplicates
-
-
- Closed
-
- is duplicated by
-
-
- Closed
-
- is part of
-
-
- Closed
-
- relates to
-
-
- Closed
-
-
-
- Closed
-
-
-
- Confirmed
-
(1 relates to)
Activity
This testcase:
CREATE TABLE c (c DOUBLE,v2 TEXT,v3 INT) ENGINE=InnoDB; |
SELECT 0 WHERE 0 IN (SELECT 0 FROM (SELECT 0 IN (WITH c AS (SELECT c=0 FROM (SELECT c FROM c WHERE c=0) AS c) SELECT (SELECT c FROM c AS c LIMIT 0 OFFSET 0)=0) AS c FROM c AS c) AS c WHERE c=0 GROUP BY c); |
On debug leads to the previously seen "Assertion `!eliminated' failed" on debug builds (even on a UB+ASAN debug build).
However on an optimized UB+ASAN build we see this UBSAN error:
|
11.5.0 3f9182126c64bcec359bebe9ebad2a0e559b13e2 (Optimized, UBASAN) |
/test/11.5_opt_san/sql/sql_lex.cc:4317:69: runtime error: member access within null pointer of type 'struct st_select_lex'
|
#0 0x55df0b6b953e in st_select_lex_unit::set_limit(st_select_lex*) /test/11.5_opt_san/sql/sql_lex.cc:4317
|
#1 0x55df0d8b07e9 in subselect_single_select_engine::exec() /test/11.5_opt_san/sql/item_subselect.cc:4089
|
#2 0x55df0d8a1036 in Item_subselect::exec() /test/11.5_opt_san/sql/item_subselect.cc:812
|
#3 0x55df0d8981fc in Item_singlerow_subselect::val_real() /test/11.5_opt_san/sql/item_subselect.cc:1459
|
#4 0x55df0d1268b2 in Arg_comparator::compare_real() /test/11.5_opt_san/sql/item_cmpfunc.cc:933
|
#5 0x55df0d11e10a in Arg_comparator::compare() /test/11.5_opt_san/sql/item_cmpfunc.h:118
|
#6 0x55df0d11e10a in Item_func_eq::val_int() /test/11.5_opt_san/sql/item_cmpfunc.cc:1885
|
#7 0x55df0d1415e0 in Arg_comparator::compare_int_signed() /test/11.5_opt_san/sql/item_cmpfunc.cc:1035
|
#8 0x55df0d11e10a in Arg_comparator::compare() /test/11.5_opt_san/sql/item_cmpfunc.h:118
|
#9 0x55df0d11e10a in Item_func_eq::val_int() /test/11.5_opt_san/sql/item_cmpfunc.cc:1885
|
#10 0x55df0cf5abfc in Item_direct_ref::val_int() /test/11.5_opt_san/sql/item.cc:8721
|
#11 0x55df0d141414 in Arg_comparator::compare_int_signed() /test/11.5_opt_san/sql/item_cmpfunc.cc:1032
|
#12 0x55df0d11e10a in Arg_comparator::compare() /test/11.5_opt_san/sql/item_cmpfunc.h:118
|
#13 0x55df0d11e10a in Item_func_eq::val_int() /test/11.5_opt_san/sql/item_cmpfunc.cc:1885
|
#14 0x55df0bc96b7a in do_select /test/11.5_opt_san/sql/sql_select.cc:23111
|
#15 0x55df0bc96b7a in JOIN::exec_inner() /test/11.5_opt_san/sql/sql_select.cc:4988
|
#16 0x55df0bc9bf16 in JOIN::exec() /test/11.5_opt_san/sql/sql_select.cc:4774
|
#17 0x55df0d8b1a98 in subselect_single_select_engine::exec() /test/11.5_opt_san/sql/item_subselect.cc:4174
|
#18 0x55df0d8a1036 in Item_subselect::exec() /test/11.5_opt_san/sql/item_subselect.cc:812
|
#19 0x55df0d8a73fd in Item_in_subselect::val_bool() /test/11.5_opt_san/sql/item_subselect.cc:2009
|
#20 0x55df0d1a3a35 in Item_in_optimizer::val_int() /test/11.5_opt_san/sql/item_cmpfunc.cc:1769
|
#21 0x55df0c706655 in Type_handler_int_result::Item_val_bool(Item*) const /test/11.5_opt_san/sql/sql_type.cc:5125
|
#22 0x55df0b9e5757 in Item::eval_const_cond() /test/11.5_opt_san/sql/item.h:1727
|
#23 0x55df0b9e5757 in Item::remove_eq_conds(THD*, Item::cond_result*, bool) /test/11.5_opt_san/sql/sql_select.cc:20357
|
#24 0x55df0ba27153 in optimize_cond /test/11.5_opt_san/sql/sql_select.cc:19905
|
#25 0x55df0bc7ee2c in JOIN::optimize_inner() /test/11.5_opt_san/sql/sql_select.cc:2382
|
#26 0x55df0bc88e89 in JOIN::optimize() /test/11.5_opt_san/sql/sql_select.cc:1966
|
#27 0x55df0bc8975a in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/11.5_opt_san/sql/sql_select.cc:5290
|
#28 0x55df0bc8d6ca in handle_select(THD*, LEX*, select_result*, unsigned long long) /test/11.5_opt_san/sql/sql_select.cc:630
|
#29 0x55df0b7f28ae in execute_sqlcom_select /test/11.5_opt_san/sql/sql_parse.cc:6093
|
#30 0x55df0b8579bc in mysql_execute_command(THD*, bool) /test/11.5_opt_san/sql/sql_parse.cc:3942
|
#31 0x55df0b866aed in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.5_opt_san/sql/sql_parse.cc:7815
|
#32 0x55df0b874519 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.5_opt_san/sql/sql_parse.cc:1892
|
#33 0x55df0b87ece3 in do_command(THD*, bool) /test/11.5_opt_san/sql/sql_parse.cc:1405
|
#34 0x55df0c210887 in do_handle_one_connection(CONNECT*, bool) /test/11.5_opt_san/sql/sql_connect.cc:1445
|
#35 0x55df0c21327c in handle_one_connection /test/11.5_opt_san/sql/sql_connect.cc:1347
|
#36 0x14d0dc88f189 in start_thread nptl/pthread_create.c:444
|
#37 0x14d0dc91dbcf in clone3 ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
|
|
|
240507 13:59:03 [ERROR] mysqld got signal 11 ;
|
Which may help with debugging things further, including in MDEV-28621.
It looks like the test cases from this bug report got fixed, the one from the last comment in particular by this commit in 10.5.25:
commit 40b3525fcc79aef62ea1ae057ec5687a55c0630b
|
Author: Sergei Petrunia
|
Date: Tue May 7 14:10:35 2024 +0300
|
|
|
MDEV-28621: group by optimization incorrectly removing subquery where subject buried in a function
|
however, the assertion failure still occurs regularly in my tests, and I suppose in Roel's too.
Roel, do you prefer to add a new test case to this ticket, or close it and open another one with the new test cases?
Thank you elenst! Yes, let's close this one and open as needed.
For the original testcase I still see these UBSAN warnings:
|
SAN Bug Detection Matrix |
Rel o/d Build Commit UniqueID observed
|
CS 10.5 dbg 150225 c43d0a015f974c5a0142e6779332089a7a979853 No bug found
|
CS 10.5 opt 150225 c43d0a015f974c5a0142e6779332089a7a979853 No bug found
|
CS 10.6 dbg 150225 f1d7e0c17e33f77278e6226dd94aeb30fc856bf0 No bug found
|
CS 10.6 opt 150225 f1d7e0c17e33f77278e6226dd94aeb30fc856bf0 No bug found
|
CS 10.11 dbg 150225 43c5d1303f5c7c726db276815c459436110f342f No bug found
|
CS 10.11 opt 150225 43c5d1303f5c7c726db276815c459436110f342f No bug found
|
CS 11.4 dbg 150225 ef966af801afc2a07222b5df65dddd52c77431dd No bug found
|
CS 11.4 opt 150225 ef966af801afc2a07222b5df65dddd52c77431dd No bug found
|
CS 11.8 dbg 150225 33e0796e7a154e02a5e53c55cefc5d6feb4f5e6d UBSAN|applying zero offset to null pointer|strings/strcoll.inl|my_strnncoll_utf8mb3_general1400_as_ci|charset_info_st::streq|Lex_ident<Compare_ident_ci>::streq|is_infoschema_db
|
CS 11.8 opt 150225 33e0796e7a154e02a5e53c55cefc5d6feb4f5e6d UBSAN|applying zero offset to null pointer|strings/strcoll.inl|my_strnncoll_utf8mb3_general1400_as_ci|charset_info_st::strnncoll|charset_info_st::streq|Lex_ident<Compare_ident_ci>::streq
|
CS 12.0 dbg 150225 c92add291e636c797e6d6ddca605905541b2a441 UBSAN|applying zero offset to null pointer|strings/strcoll.inl|my_strnncoll_utf8mb3_general1400_as_ci|charset_info_st::streq|Lex_ident<Compare_ident_ci>::streq|is_infoschema_db
|
CS 12.0 opt 150225 c92add291e636c797e6d6ddca605905541b2a441 UBSAN|applying zero offset to null pointer|strings/strcoll.inl|my_strnncoll_utf8mb3_general1400_as_ci|charset_info_st::strnncoll|charset_info_st::streq|Lex_ident<Compare_ident_ci>::streq
|
ES 10.5 dbg 140325 6553c62369ab3606efc74295c902181f793fd6d1 No bug found
|
ES 10.5 opt 140325 6553c62369ab3606efc74295c902181f793fd6d1 No bug found
|
ES 10.6 dbg 140325 a99e9e4101f5d56a379577e6d81c829b7658df99 No bug found
|
ES 10.6 opt 140325 a99e9e4101f5d56a379577e6d81c829b7658df99 No bug found
|
ES 11.4 dbg 140325 26e39c99feaa4e6f9d3e1b13fd4a7d101059b7ba No bug found
|
ES 11.4 opt 140325 26e39c99feaa4e6f9d3e1b13fd4a7d101059b7ba No bug found
|
However, those are being addressed in MDEV-30756 it looks like.
test case from
MDEV-32312Version: '10.4.32-MariaDB-debug-log'mysqld: /10.4/src/sql/item_subselect.cc:733: virtual bool Item_subselect::exec(): Assertion `!eliminated' failed.231002 14:57:08 [ERROR] mysqld got signal 6 ;Server version: 10.4.32-MariaDB-debug-log source revision: 50a2e8b1892b6b8a276d4bd75a1a02148f9e6ff2sql/item_subselect.cc:735(Item_subselect::exec())[0x55d5259160f0]sql/item_subselect.cc:1717(Item_exists_subselect::val_int())[0x55d525920dfd]sql/item.h:1557(Item::val_int_result())[0x55d524c630be]sql/item.cc:9373(Item_direct_view_ref::val_int_result())[0x55d525782eef]sql/item.cc:10013(Item_cache_int::cache_value())[0x55d525788209]sql/item_cmpfunc.cc:1371(Item_in_optimizer::fix_left(THD*))[0x55d5257b802e]sql/item_subselect.cc:3340(Item_in_subselect::select_in_like_transformer(JOIN*))[0x55d525934bff]sql/item_subselect.cc:2649(Item_in_subselect::select_transformer(JOIN*))[0x55d52592d57f]sql/opt_subselect.cc:742(check_and_do_in_subquery_rewrites(JOIN*))[0x55d5253fe0e4]sql/sql_select.cc:1434(JOIN::prepare(TABLE_LIST*, unsigned int, Item*, unsigned int, st_order*, bool, st_order*, Item*, st_order*, st_select_lex*, st_select_lex_unit*))[0x55d524fd647d]sql/item_subselect.cc:3804(subselect_single_select_engine::prepare(THD*))[0x55d525939280]sql/item_subselect.cc:289(Item_subselect::fix_fields(THD*, Item**))[0x55d525912cd3]sql/item_subselect.cc:3466(Item_in_subselect::fix_fields(THD*, Item**))[0x55d525936047]sql/item.h:966(Item::fix_fields_if_needed(THD*, Item**))[0x55d524c815cd]sql/item.h:970(Item::fix_fields_if_needed_for_scalar(THD*, Item**))[0x55d524c81607]sql/item.h:975(Item::fix_fields_if_needed_for_bool(THD*, Item**))[0x55d524db9a05]sql/sql_base.cc:8545(setup_conds(THD*, TABLE_LIST*, List<TABLE_LIST>&, Item**))[0x55d524db0e94]sql/sql_select.cc:744(setup_without_group(THD*, Bounds_checked_array<Item*>, TABLE_LIST*, List<TABLE_LIST>&, List<Item>&, List<Item>&, Item**, st_order*, st_order*, List<Window_spec>&, List<Item_window_func>&, bool*))[0x55d524fcd955]sql/sql_select.cc:1335(JOIN::prepare(TABLE_LIST*, unsigned int, Item*, unsigned int, st_order*, bool, st_order*, Item*, st_order*, st_select_lex*, st_select_lex_unit*))[0x55d524fd50b9]sql/item_subselect.cc:3804(subselect_single_select_engine::prepare(THD*))[0x55d525939280]sql/item_subselect.cc:289(Item_subselect::fix_fields(THD*, Item**))[0x55d525912cd3]sql/item.h:966(Item::fix_fields_if_needed(THD*, Item**))[0x55d524c815cd]sql/item.h:970(Item::fix_fields_if_needed_for_scalar(THD*, Item**))[0x55d524c81607]sql/sql_base.cc:7744(setup_fields(THD*, Bounds_checked_array<Item*>, List<Item>&, enum_column_usage, List<Item>*, List<Item>*, bool))[0x55d524daae03]sql/sql_select.cc:1330(JOIN::prepare(TABLE_LIST*, unsigned int, Item*, unsigned int, st_order*, bool, st_order*, Item*, st_order*, st_select_lex*, st_select_lex_unit*))[0x55d524fd4d8d]sql/sql_select.cc:4789(mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x55d524ffa98d]sql/sql_select.cc:442(handle_select(THD*, LEX*, select_result*, unsigned long))[0x55d524fcb922]sql/sql_parse.cc:6475(execute_sqlcom_select(THD*, TABLE_LIST*))[0x55d524f3772c]sql/sql_parse.cc:3978(mysql_execute_command(THD*))[0x55d524f24ea3]sql/sql_parse.cc:8012(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x55d524f40c07]sql/sql_parse.cc:1860(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x55d524f1702d]sql/sql_parse.cc:1378(do_command(THD*))[0x55d524f13b58]sql/sql_connect.cc:1420(do_handle_one_connection(CONNECT*))[0x55d5253217fd]sql/sql_connect.cc:1325(handle_one_connection)[0x55d5253210a1]perfschema/pfs.cc:1871(pfs_spawn_thread)[0x55d525fcb99a]nptl/pthread_create.c:478(start_thread)[0x7f64d9b73609]Query (0x62b0000a1420): SELECT ( WITH x ( x ) AS ( WITH x AS ( SELECT 1 ) SELECT ( ( EXISTS ( SELECT 1 ) ) ) FROM x ) SELECT * FROM x WHERE x IN ( SELECT x GROUP BY x = 1 ) )