Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-30152

Crash bug on select related functions

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Duplicate
    • 10.4.27, 10.11.1
    • N/A
    • Server
    • Tested on Ubuntu 22.04

    Description

      The following query crash mariadb server:

      CREATE TEMPORARY TABLE v0 ( v1 CHAR UNIQUE ) ;
      SELECT 59 FROM v0 GROUP BY v1 , v1 HAVING ( ( SELECT 45 FROM v0 WHERE v1 IS NULL AND v1 IN ( v1 NOT LIKE v1 , 'x' ) ) AND v1 < 52 OR v1 > -128 AND NOT v1 ) ;
      

      Server version: 10.11.2-MariaDB Source distribution
      This should be easily reproducible. Please let me know if more details are needed.

      Attachments

        Issue Links

          Activity

            danblack Daniel Black added a comment -

            Thanks!

            10.4-07a06022c4e63adc360b42775934f35fa1df5a79

            #0  Item_func_not::fix_fields (this=0x7f7554016350, thd=0x7f7554000c58, ref=0x0) at /home/dan/repos/mariadb-server-10.4/sql/item_cmpfunc.cc:6394
            6394	      rc= (*ref= new_item)->fix_fields(thd, ref);
            [Current thread is 1 (Thread 0x7f75f49ff640 (LWP 210478))]
            (gdb) bt full
            #0  Item_func_not::fix_fields (this=0x7f7554016350, thd=0x7f7554000c58, ref=0x0) at /home/dan/repos/mariadb-server-10.4/sql/item_cmpfunc.cc:6394
                    backup = {_vptr$Query_arena = 0xf38e30 <vtable for Query_arena+16>, free_list = 0x89d1b7 <Item::cleanup_processor(void*)+23>, mem_root = 0x8b3eb0 <Item::cleanup_excluding_immutables_processor(void*)>, state = 6869395}
                    rc = true
                    arena = 0x0
                    new_item = 0x7f7554022190
            #1  0x00000000006b7df3 in st_select_lex::pushdown_from_having_into_where (this=0x7f75540128f8, thd=0x7f7554000c58, having=0x0) at /home/dan/repos/mariadb-server-10.4/sql/sql_lex.cc:10429
                    save_curr_select = 0x7f75540128f8
                    it = {<base_list_iterator> = {list = 0x7f75540129d8, el = 0x7f7554022090, prev = <synthetic pointer>, current = <synthetic pointer>}, <No data fields>}
                    item = 0x7f7554016350
            #2  0x00000000006f3875 in JOIN::optimize_inner (this=this@entry=0x7f7554016fb0) at /home/dan/repos/mariadb-server-10.4/sql/sql_select.cc:2114
                    trace_wrapper = {<Json_writer_struct> = {_vptr$Json_writer_struct = 0xf34ef8 <vtable for Json_writer_object+16>, my_writer = 0x0, context = {writer = 0x0}, closed = false}, <No data fields>}
                    trace_prepare = {<Json_writer_struct> = {_vptr$Json_writer_struct = 0xf34ef8 <vtable for Json_writer_object+16>, my_writer = 0x0, context = {writer = 0x0}, closed = false}, <No data fields>}
                    trace_steps = {<Json_writer_struct> = {_vptr$Json_writer_struct = 0xf34f70 <vtable for Json_writer_array+16>, my_writer = 0x0, context = {writer = 0x0}, closed = false}, <No data fields>}
                    eq_list = {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x16bc7a0 <end_of_list>, last = 0x7f75f49fda90, elements = 0}, <No data fields>}
                    sel = 0x7f75540128f8
                    ignore_on_expr = <optimized out>
            #3  0x00000000006f1674 in JOIN::optimize (this=this@entry=0x7f7554016fb0) at /home/dan/repos/mariadb-server-10.4/sql/sql_select.cc:1685
                    res = 0
                    init_state = 1409426230
            #4  0x00000000006ec42d in mysql_select (thd=thd@entry=0x7f7554000c58, tables=<optimized out>, wild_num=<optimized out>, fields=@0x7f7554012a40: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x7f7554012e18, last = 0x7f7554012e18, elements = 1}, <No data fields>}, conds=<optimized out>, og_num=<optimized out>, order=<optimized out>, group=<optimized out>, having=<optimized out>, proc_param=<optimized out>, select_options=<optimized out>, result=<optimized out>, unit=<optimized out>, select_lex=<optimized out>) at /home/dan/repos/mariadb-server-10.4/sql/sql_select.cc:4781
                    err = <optimized out>
                    free_join = true
                    join = 0x7f7554016fb0
            #5  0x00000000006ec316 in handle_select (thd=thd@entry=0x7f7554000c58, lex=lex@entry=0x7f7554004910, result=result@entry=0x7f7554016f88, setup_tables_done_option=setup_tables_done_option@entry=0) at /home/dan/repos/mariadb-server-10.4/sql/sql_select.cc:437
                    unit = 0x7f75540049d0
                    select_lex = 0x7f75540128f8
                    res = <optimized out>
            #6  0x00000000006cdb42 in execute_sqlcom_select (thd=thd@entry=0x7f7554000c58, all_tables=0x7f7554012e60) at /home/dan/repos/mariadb-server-10.4/sql/sql_parse.cc:6452
                    save_protocol = 0x0
                    lex = 0x7f7554004910
                    result = 0x7f7554016f88
                    res = <optimized out>
            #7  0x00000000006c8050 in mysql_execute_command (thd=thd@entry=0x7f7554000c58) at /home/dan/repos/mariadb-server-10.4/sql/sql_parse.cc:3966
                    privileges_requested = <optimized out>
                    ots = {ctx = 0x7f75540045f8, traceable = false}
                    trace_command = {<Json_writer_struct> = {_vptr$Json_writer_struct = 0xf34ef8 <vtable for Json_writer_object+16>, my_writer = 0x0, context = {writer = 0x0}, closed = false}, <No data fields>}
                    trace_command_steps = {<Json_writer_struct> = {_vptr$Json_writer_struct = 0xf34f70 <vtable for Json_writer_array+16>, my_writer = 0x0, context = {writer = 0x0}, closed = false}, <No data fields>}
                    res = 0
                    up_result = 0
                    lex = 0x7f7554004910
                    select_lex = <optimized out>
                    first_table = 0x7f7554012e60
                    unit = 0x7f75540049d0
                    have_table_map_for_update = <optimized out>
                    all_tables = 0x7f7554000c58
                    orig_binlog_format = <optimized out>
                    orig_current_stmt_binlog_format = <optimized out>
                    rpl_filter = <optimized out>
                    error = <optimized out>
                    wsrep_error_label = <optimized out>
            #8  0x00000000006c4381 in mysql_parse (thd=thd@entry=0x7f7554000c58, rawbuf=0x7f7554012760 "SELECT 59 FROM v0 GROUP BY v1 , v1 HAVING ( ( SELECT 45 FROM v0 WHERE v1 IS NULL AND v1 IN ( v1 NOT LIKE v1 , 'x' ) ) AND v1 < 52 OR v1 > -128 AND NOT v1 )", length=<optimized out>, parser_state=parser_state@entry=0x7f75f49fe5f0, is_com_multi=false, is_next_command=false) at /home/dan/repos/mariadb-server-10.4/sql/sql_parse.cc:7984
                    found_semicolon = <optimized out>
                    error = <optimized out>
                    lex = 0x7f7554004910
                    err = false
            #9  0x00000000006c26ce in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x7f7554000c58, packet=packet@entry=0x7f7554007d59 "SELECT 59 FROM v0 GROUP BY v1 , v1 HAVING ( ( SELECT 45 FROM v0 WHERE v1 IS NULL AND v1 IN ( v1 NOT LIKE v1 , 'x' ) ) AND v1 < 52 OR v1 > -128 AND NOT v1 )", packet_length=packet_length@entry=155, is_com_multi=false, is_next_command=false) at /home/dan/repos/mariadb-server-10.4/sql/sql_parse.cc:1857
                    parser_state = {m_lip = {lookahead_token = -1, lookahead_yylval = 0x0, m_thd = 0x7f7554000c58, m_ptr = 0x7f75540127fc "\004", m_tok_start = 0x7f75540127fc "\004", m_tok_end = 0x7f75540127fc "\004", m_end_of_query = 0x7f75540127fb "", m_tok_start_prev = 0x7f75540127fb "", m_buf = 0x7f7554012760 "SELECT 59 FROM v0 GROUP BY v1 , v1 HAVING ( ( SELECT 45 FROM v0 WHERE v1 IS NULL AND v1 IN ( v1 NOT LIKE v1 , 'x' ) ) AND v1 < 52 OR v1 > -128 AND NOT v1 )", m_buf_length = 155, m_echo = true, m_echo_saved = 101, m_cpp_buf = 0x7f7554012858 "SELECT 59 FROM v0 GROUP BY v1 , v1 HAVING ( ( SELECT 45 FROM v0 WHERE v1 IS NULL AND v1 IN ( v1 NOT LIKE v1 , 'x' ) ) AND v1 < 52 OR v1 > -128 AND NOT v1 )", m_cpp_ptr = 0x7f75540128f3 "", m_cpp_tok_start = 0x7f75540128f3 "", m_cpp_tok_start_prev = 0x7f75540128f3 "", m_cpp_tok_end = 0x7f75540128f3 "", m_body_utf8 = 0x0, m_body_utf8_ptr = 0x0, m_cpp_utf8_processed_ptr = 0x0, next_state = MY_LEX_END, found_semicolon = 0x0, ignore_space = false, stmt_prepare_mode = false, multi_statements = true, yylineno = 1, m_digest = 0x0, in_comment = NO_COMMENT, in_comment_saved = NO_COMMENT, m_cpp_text_start = 0x7f75540128ef "v1 )", m_cpp_text_end = 0x7f75540128f1 " )", m_underscore_cs = 0x0}, m_yacc = {yacc_yyss = 0x0, yacc_yyvs = 0x0, m_set_signal_info = {m_item = {0x0 <repeats 12 times>}}, m_lock_type = TL_READ_DEFAULT, m_mdl_type = MDL_SHARED_READ}, m_digest_psi = 0x0}
                    packet_end = <optimized out>
                    net = <optimized out>
                    error = false
                    do_end_of_statement = true
                    drop_more_results = <optimized out>
            #10 0x00000000006c4804 in do_command (thd=0x7f7554000c58) at /home/dan/repos/mariadb-server-10.4/sql/sql_parse.cc:1378
                    packet = <optimized out>
                    net = 0x7f7554000f00
                    packet_length = <optimized out>
                    command = COM_QUERY
                    return_value = <optimized out>
            #11 0x00000000007a81e9 in do_handle_one_connection (connect=<optimized out>) at /home/dan/repos/mariadb-server-10.4/sql/sql_connect.cc:1419
                    create_user = true
                    thr_create_utime = <optimized out>
                    thd = 0x7f75540223d0
            #12 0x00000000007a8023 in handle_one_connection (arg=0x29804e8) at /home/dan/repos/mariadb-server-10.4/sql/sql_connect.cc:1323
                    connect = 0x29804e8
            #13 0x00007f75f6c8cded in start_thread () from /lib64/libc.so.6
            No symbol table info available.
            #14 0x00007f75f6d12370 in clone3 () from /lib64/libc.so.6
            No symbol table info available.
            
            

            danblack Daniel Black added a comment - Thanks! 10.4-07a06022c4e63adc360b42775934f35fa1df5a79 #0 Item_func_not::fix_fields (this=0x7f7554016350, thd=0x7f7554000c58, ref=0x0) at /home/dan/repos/mariadb-server-10.4/sql/item_cmpfunc.cc:6394 6394 rc= (*ref= new_item)->fix_fields(thd, ref); [Current thread is 1 (Thread 0x7f75f49ff640 (LWP 210478))] (gdb) bt full #0 Item_func_not::fix_fields (this=0x7f7554016350, thd=0x7f7554000c58, ref=0x0) at /home/dan/repos/mariadb-server-10.4/sql/item_cmpfunc.cc:6394 backup = {_vptr$Query_arena = 0xf38e30 <vtable for Query_arena+16>, free_list = 0x89d1b7 <Item::cleanup_processor(void*)+23>, mem_root = 0x8b3eb0 <Item::cleanup_excluding_immutables_processor(void*)>, state = 6869395} rc = true arena = 0x0 new_item = 0x7f7554022190 #1 0x00000000006b7df3 in st_select_lex::pushdown_from_having_into_where (this=0x7f75540128f8, thd=0x7f7554000c58, having=0x0) at /home/dan/repos/mariadb-server-10.4/sql/sql_lex.cc:10429 save_curr_select = 0x7f75540128f8 it = {<base_list_iterator> = {list = 0x7f75540129d8, el = 0x7f7554022090, prev = <synthetic pointer>, current = <synthetic pointer>}, <No data fields>} item = 0x7f7554016350 #2 0x00000000006f3875 in JOIN::optimize_inner (this=this@entry=0x7f7554016fb0) at /home/dan/repos/mariadb-server-10.4/sql/sql_select.cc:2114 trace_wrapper = {<Json_writer_struct> = {_vptr$Json_writer_struct = 0xf34ef8 <vtable for Json_writer_object+16>, my_writer = 0x0, context = {writer = 0x0}, closed = false}, <No data fields>} trace_prepare = {<Json_writer_struct> = {_vptr$Json_writer_struct = 0xf34ef8 <vtable for Json_writer_object+16>, my_writer = 0x0, context = {writer = 0x0}, closed = false}, <No data fields>} trace_steps = {<Json_writer_struct> = {_vptr$Json_writer_struct = 0xf34f70 <vtable for Json_writer_array+16>, my_writer = 0x0, context = {writer = 0x0}, closed = false}, <No data fields>} eq_list = {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x16bc7a0 <end_of_list>, last = 0x7f75f49fda90, elements = 0}, <No data fields>} sel = 0x7f75540128f8 ignore_on_expr = <optimized out> #3 0x00000000006f1674 in JOIN::optimize (this=this@entry=0x7f7554016fb0) at /home/dan/repos/mariadb-server-10.4/sql/sql_select.cc:1685 res = 0 init_state = 1409426230 #4 0x00000000006ec42d in mysql_select (thd=thd@entry=0x7f7554000c58, tables=<optimized out>, wild_num=<optimized out>, fields=@0x7f7554012a40: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x7f7554012e18, last = 0x7f7554012e18, elements = 1}, <No data fields>}, conds=<optimized out>, og_num=<optimized out>, order=<optimized out>, group=<optimized out>, having=<optimized out>, proc_param=<optimized out>, select_options=<optimized out>, result=<optimized out>, unit=<optimized out>, select_lex=<optimized out>) at /home/dan/repos/mariadb-server-10.4/sql/sql_select.cc:4781 err = <optimized out> free_join = true join = 0x7f7554016fb0 #5 0x00000000006ec316 in handle_select (thd=thd@entry=0x7f7554000c58, lex=lex@entry=0x7f7554004910, result=result@entry=0x7f7554016f88, setup_tables_done_option=setup_tables_done_option@entry=0) at /home/dan/repos/mariadb-server-10.4/sql/sql_select.cc:437 unit = 0x7f75540049d0 select_lex = 0x7f75540128f8 res = <optimized out> #6 0x00000000006cdb42 in execute_sqlcom_select (thd=thd@entry=0x7f7554000c58, all_tables=0x7f7554012e60) at /home/dan/repos/mariadb-server-10.4/sql/sql_parse.cc:6452 save_protocol = 0x0 lex = 0x7f7554004910 result = 0x7f7554016f88 res = <optimized out> #7 0x00000000006c8050 in mysql_execute_command (thd=thd@entry=0x7f7554000c58) at /home/dan/repos/mariadb-server-10.4/sql/sql_parse.cc:3966 privileges_requested = <optimized out> ots = {ctx = 0x7f75540045f8, traceable = false} trace_command = {<Json_writer_struct> = {_vptr$Json_writer_struct = 0xf34ef8 <vtable for Json_writer_object+16>, my_writer = 0x0, context = {writer = 0x0}, closed = false}, <No data fields>} trace_command_steps = {<Json_writer_struct> = {_vptr$Json_writer_struct = 0xf34f70 <vtable for Json_writer_array+16>, my_writer = 0x0, context = {writer = 0x0}, closed = false}, <No data fields>} res = 0 up_result = 0 lex = 0x7f7554004910 select_lex = <optimized out> first_table = 0x7f7554012e60 unit = 0x7f75540049d0 have_table_map_for_update = <optimized out> all_tables = 0x7f7554000c58 orig_binlog_format = <optimized out> orig_current_stmt_binlog_format = <optimized out> rpl_filter = <optimized out> error = <optimized out> wsrep_error_label = <optimized out> #8 0x00000000006c4381 in mysql_parse (thd=thd@entry=0x7f7554000c58, rawbuf=0x7f7554012760 "SELECT 59 FROM v0 GROUP BY v1 , v1 HAVING ( ( SELECT 45 FROM v0 WHERE v1 IS NULL AND v1 IN ( v1 NOT LIKE v1 , 'x' ) ) AND v1 < 52 OR v1 > -128 AND NOT v1 )", length=<optimized out>, parser_state=parser_state@entry=0x7f75f49fe5f0, is_com_multi=false, is_next_command=false) at /home/dan/repos/mariadb-server-10.4/sql/sql_parse.cc:7984 found_semicolon = <optimized out> error = <optimized out> lex = 0x7f7554004910 err = false #9 0x00000000006c26ce in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x7f7554000c58, packet=packet@entry=0x7f7554007d59 "SELECT 59 FROM v0 GROUP BY v1 , v1 HAVING ( ( SELECT 45 FROM v0 WHERE v1 IS NULL AND v1 IN ( v1 NOT LIKE v1 , 'x' ) ) AND v1 < 52 OR v1 > -128 AND NOT v1 )", packet_length=packet_length@entry=155, is_com_multi=false, is_next_command=false) at /home/dan/repos/mariadb-server-10.4/sql/sql_parse.cc:1857 parser_state = {m_lip = {lookahead_token = -1, lookahead_yylval = 0x0, m_thd = 0x7f7554000c58, m_ptr = 0x7f75540127fc "\004", m_tok_start = 0x7f75540127fc "\004", m_tok_end = 0x7f75540127fc "\004", m_end_of_query = 0x7f75540127fb "", m_tok_start_prev = 0x7f75540127fb "", m_buf = 0x7f7554012760 "SELECT 59 FROM v0 GROUP BY v1 , v1 HAVING ( ( SELECT 45 FROM v0 WHERE v1 IS NULL AND v1 IN ( v1 NOT LIKE v1 , 'x' ) ) AND v1 < 52 OR v1 > -128 AND NOT v1 )", m_buf_length = 155, m_echo = true, m_echo_saved = 101, m_cpp_buf = 0x7f7554012858 "SELECT 59 FROM v0 GROUP BY v1 , v1 HAVING ( ( SELECT 45 FROM v0 WHERE v1 IS NULL AND v1 IN ( v1 NOT LIKE v1 , 'x' ) ) AND v1 < 52 OR v1 > -128 AND NOT v1 )", m_cpp_ptr = 0x7f75540128f3 "", m_cpp_tok_start = 0x7f75540128f3 "", m_cpp_tok_start_prev = 0x7f75540128f3 "", m_cpp_tok_end = 0x7f75540128f3 "", m_body_utf8 = 0x0, m_body_utf8_ptr = 0x0, m_cpp_utf8_processed_ptr = 0x0, next_state = MY_LEX_END, found_semicolon = 0x0, ignore_space = false, stmt_prepare_mode = false, multi_statements = true, yylineno = 1, m_digest = 0x0, in_comment = NO_COMMENT, in_comment_saved = NO_COMMENT, m_cpp_text_start = 0x7f75540128ef "v1 )", m_cpp_text_end = 0x7f75540128f1 " )", m_underscore_cs = 0x0}, m_yacc = {yacc_yyss = 0x0, yacc_yyvs = 0x0, m_set_signal_info = {m_item = {0x0 <repeats 12 times>}}, m_lock_type = TL_READ_DEFAULT, m_mdl_type = MDL_SHARED_READ}, m_digest_psi = 0x0} packet_end = <optimized out> net = <optimized out> error = false do_end_of_statement = true drop_more_results = <optimized out> #10 0x00000000006c4804 in do_command (thd=0x7f7554000c58) at /home/dan/repos/mariadb-server-10.4/sql/sql_parse.cc:1378 packet = <optimized out> net = 0x7f7554000f00 packet_length = <optimized out> command = COM_QUERY return_value = <optimized out> #11 0x00000000007a81e9 in do_handle_one_connection (connect=<optimized out>) at /home/dan/repos/mariadb-server-10.4/sql/sql_connect.cc:1419 create_user = true thr_create_utime = <optimized out> thd = 0x7f75540223d0 #12 0x00000000007a8023 in handle_one_connection (arg=0x29804e8) at /home/dan/repos/mariadb-server-10.4/sql/sql_connect.cc:1323 connect = 0x29804e8 #13 0x00007f75f6c8cded in start_thread () from /lib64/libc.so.6 No symbol table info available. #14 0x00007f75f6d12370 in clone3 () from /lib64/libc.so.6 No symbol table info available.

            People

              sanja Oleksandr Byelkin
              Ne0 Yongheng Chen
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.