Details
-
Bug
-
Status: Stalled (View Workflow)
-
Major
-
Resolution: Unresolved
-
10.5, 10.6, 10.11, 11.2(EOL), 11.4, 11.6(EOL), 11.7(EOL)
Description
POC:
CREATE TABLE v0 ( v1 INT , v2 CHAR UNIQUE UNIQUE NOT NULL CHECK ( v2 NOT IN ( v1 > 59 OR v1 > 67 AND FALSE NOT LIKE 'x' , 'x' ) ) ) ; |
CREATE VIEW v3 AS SELECT DISTINCT 41503055.000000 FROM v0 WHERE v2 ; |
UPDATE v0 SET v2 = v2 * 0 WHERE v2 IN ( SELECT DISTINCT v2 FROM v0 WHERE EXISTS ( SELECT v1 FROM v3 WHERE v1 = v2 + -1 GROUP BY ( SELECT v2 FROM v0 AS v4 WHERE v2 = 'x' OR v1 = 'x' OR v1 = 'x' GROUP BY v2 HAVING v1 < 'x' ) BETWEEN 44 AND 0 HAVING 2147483647 ) ) ORDER BY v1 IS NULL ; |
DROP TABLE v3 ; |
INSERT INTO v0 VALUES ( 15 ) ; |
Backtrace:
Attempting backtrace. You can use the following information to find out
|
where mysqld died. If you see no messages after this, something went
|
terribly wrong...
|
stack_bottom = 0x7f02b8109c00 thread_stack 0x49000
|
addr2line: DWARF error: invalid or unhandled FORM value: 0x23
|
??:0(my_print_stacktrace)[0x56554d0d200b]
|
??:0(handle_fatal_signal)[0x56554c89b68f]
|
??:0(__sigaction)[0x7f02baa08520]
|
addr2line: DWARF error: invalid or unhandled FORM value: 0x23
|
sql_select.cc:0(get_sort_by_table(st_order*, st_order*, List<TABLE_LIST>&, unsigned long long))[0x56554c56656b]
|
sql_select.cc:0(make_join_statistics(JOIN*, List<TABLE_LIST>&, st_dynamic_array*))[0x56554c508744]
|
??:0(JOIN::optimize_inner())[0x56554c5027db]
|
??:0(JOIN::optimize())[0x56554c4fd5d6]
|
??:0(st_select_lex::optimize_unflattened_subqueries(bool))[0x56554c44916c]
|
??:0(JOIN::optimize_stage2())[0x56554c4ff3c4]
|
??:0(JOIN::optimize_inner())[0x56554c50232b]
|
??:0(JOIN::optimize())[0x56554c4fd5d6]
|
??:0(mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x56554c4f3048]
|
??:0(mysql_multi_update(THD*, TABLE_LIST*, List<Item>*, List<Item>*, Item*, unsigned long long, enum_duplicates, bool, st_select_lex_unit*, st_select_lex*, multi_update**))[0x56554c611053]
|
??:0(mysql_execute_command(THD*, bool))[0x56554c492722]
|
??:0(mysql_parse(THD*, char*, unsigned int, Parser_state*))[0x56554c481aa2]
|
??:0(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool))[0x56554c47f01b]
|
??:0(do_command(THD*, bool))[0x56554c4821d1]
|
??:0(do_handle_one_connection(CONNECT*, bool))[0x56554c68edc5]
|
??:0(handle_one_connection)[0x56554c68e9f7]
|
:0(pfs_spawn_thread)[0x56554cc1582f]
|
??:0(pthread_condattr_setpshared)[0x7f02baa5ab43]
|
??:0(clone)[0x7f02baaebbb4]
|
Trying to get some variables.
Attachments
Issue Links
- is duplicated by
-
-
- Closed
-
- relates to
-
-
- Closed
-
-
-
- Closed
-
-
-
- Confirmed
-
-
-
- In Review
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Stalled
-
(3 relates to)
Activity
| Field | Original Value | New Value |
|---|---|---|
| Link |
This issue relates to |
| Link |
This issue duplicates |
| Fix Version/s | N/A [ 14700 ] | |
| Resolution | Duplicate [ 3 ] | |
| Status | Open [ 1 ] | Closed [ 6 ] |
| Resolution | Duplicate [ 3 ] | |
| Status | Closed [ 6 ] | Stalled [ 10000 ] |
MDEV-29681 is a different case, reopening this issue.
CREATE TABLE t1 (id int);
|
|
SELECT * FROM t1 k WHERE 1 IN
|
(SELECT 1 FROM t1 WHERE EXISTS (SELECT id FROM (SELECT 1 FROM t1) d GROUP BY (SELECT 1 FROM t1 dt HAVING id) BETWEEN 0 AND 10 HAVING 1)) ;
|
--source include/have_innodb.inc
|
CREATE TABLE t1 (id int) engine=innodb;
|
|
SELECT * FROM t1 k WHERE 1 IN
|
(SELECT 1 FROM t1 WHERE EXISTS (SELECT id FROM (SELECT 1 FROM t1 where id) d GROUP BY (SELECT 1 FROM t1 dt HAVING id) having 1 )) ;
|
| Link |
This issue duplicates |
| Fix Version/s | 10.4 [ 22408 ] | |
| Fix Version/s | 10.5 [ 23123 ] | |
| Fix Version/s | 10.6 [ 24028 ] | |
| Fix Version/s | 10.11 [ 27614 ] | |
| Fix Version/s | 11.0 [ 28320 ] | |
| Fix Version/s | 11.1 [ 28549 ] | |
| Fix Version/s | 11.2 [ 28603 ] | |
| Fix Version/s | N/A [ 14700 ] |
| Assignee | Sergei Petrunia [ psergey ] |
Version: '10.4.34-MariaDB-debug-log'
|
240314 9:37:31 [ERROR] mysqld got signal 11 ;
|
|
|
Server version: 10.4.34-MariaDB-debug-log source revision: 428a67315294c32bedc4bbc48d898ae7a47893c4
|
|
|
sigaction.c:0(__restore_rt)[0x7f78651f8420]
|
sql/sql_select.cc:25407(get_sort_by_table(st_order*, st_order*, List<TABLE_LIST>&, unsigned long long))[0x5557c1421a97]
|
sql/sql_select.cc:5451(make_join_statistics(JOIN*, List<TABLE_LIST>&, st_dynamic_array*))[0x5557c1392261]
|
sql/sql_select.cc:2392(JOIN::optimize_inner())[0x5557c1372b5b]
|
sql/sql_select.cc:1731(JOIN::optimize())[0x5557c136b99b]
|
sql/sql_lex.cc:4347(st_select_lex::optimize_unflattened_subqueries(bool))[0x5557c123bf76]
|
sql/opt_subselect.cc:5611(JOIN::optimize_unflattened_subqueries())[0x5557c17b88a9]
|
sql/sql_select.cc:3189(JOIN::optimize_stage2())[0x5557c137ae18]
|
sql/sql_select.cc:2418(JOIN::optimize_inner())[0x5557c1372e66]
|
sql/sql_select.cc:1731(JOIN::optimize())[0x5557c136b99b]
|
sql/sql_select.cc:4836(mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x5557c138cbf5]
|
sql/sql_select.cc:442(handle_select(THD*, LEX*, select_result*, unsigned long))[0x5557c135d3ec]
|
sql/sql_parse.cc:6549(execute_sqlcom_select(THD*, TABLE_LIST*))[0x5557c12c43bc]
|
sql/sql_parse.cc:3980(mysql_execute_command(THD*))[0x5557c12b15a1]
|
sql/sql_parse.cc:8088(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x5557c12cd937]
|
sql/sql_parse.cc:1860(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x5557c12a36a9]
|
sql/sql_parse.cc:1378(do_command(THD*))[0x5557c12a01d4]
|
sql/sql_connect.cc:1419(do_handle_one_connection(CONNECT*))[0x5557c16b5c0a]
|
sql/sql_connect.cc:1324(handle_one_connection)[0x5557c16b54ae]
|
perfschema/pfs.cc:1871(pfs_spawn_thread)[0x5557c2354470]
|
nptl/pthread_create.c:478(start_thread)[0x7f78651ec609]
|
|
|
Query (0x62b0000a1290): SELECT * FROM t1 k WHERE 1 IN
|
(SELECT 1 FROM t1 WHERE EXISTS (SELECT id FROM (SELECT 1 FROM t1) d GROUP BY (SELECT 1 FROM t1 dt HAVING id) BETWEEN 0 AND 10 HAVING 1))
|
|
240314 9:39:47 [ERROR] mysqld got signal 11 ;
|
|
|
Server version: 10.4.34-MariaDB-debug-log source revision: 428a67315294c32bedc4bbc48d898ae7a47893c4
|
|
|
sql/signal_handler.cc:235(handle_fatal_signal)[0x55f4e2e3c88f]
|
sigaction.c:0(__restore_rt)[0x7f856a9d9420]
|
sql/sql_select.cc:14406(update_depend_map_for_order(JOIN*, st_order*))[0x55f4e27994f6]
|
sql/sql_select.cc:14502(remove_const(JOIN*, st_order*, Item*, bool, bool*))[0x55f4e2799cbf]
|
sql/sql_select.cc:2842(JOIN::optimize_stage2())[0x55f4e273e98f]
|
sql/sql_select.cc:2418(JOIN::optimize_inner())[0x55f4e2739e66]
|
sql/sql_select.cc:1731(JOIN::optimize())[0x55f4e273299b]
|
sql/sql_lex.cc:4347(st_select_lex::optimize_unflattened_subqueries(bool))[0x55f4e2602f76]
|
sql/opt_subselect.cc:5611(JOIN::optimize_unflattened_subqueries())[0x55f4e2b7f8a9]
|
sql/sql_select.cc:2966(JOIN::optimize_stage2())[0x55f4e273ff89]
|
sql/sql_select.cc:2418(JOIN::optimize_inner())[0x55f4e2739e66]
|
sql/sql_select.cc:1731(JOIN::optimize())[0x55f4e273299b]
|
sql/sql_select.cc:4836(mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x55f4e2753bf5]
|
sql/sql_select.cc:442(handle_select(THD*, LEX*, select_result*, unsigned long))[0x55f4e27243ec]
|
sql/sql_parse.cc:6549(execute_sqlcom_select(THD*, TABLE_LIST*))[0x55f4e268b3bc]
|
sql/sql_parse.cc:3980(mysql_execute_command(THD*))[0x55f4e26785a1]
|
sql/sql_parse.cc:8088(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x55f4e2694937]
|
sql/sql_parse.cc:1860(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x55f4e266a6a9]
|
sql/sql_parse.cc:1378(do_command(THD*))[0x55f4e26671d4]
|
sql/sql_connect.cc:1419(do_handle_one_connection(CONNECT*))[0x55f4e2a7cc0a]
|
sql/sql_connect.cc:1324(handle_one_connection)[0x55f4e2a7c4ae]
|
perfschema/pfs.cc:1871(pfs_spawn_thread)[0x55f4e371b470]
|
nptl/pthread_create.c:478(start_thread)[0x7f856a9cd609]
|
|
|
Query (0x62b0000a1290): SELECT * FROM t1 k WHERE 1 IN
|
(SELECT 1 FROM t1 WHERE EXISTS (SELECT id FROM (SELECT 1 FROM t1 where id) d GROUP BY (SELECT 1 FROM t1 dt HAVING id) having 1 ))
|
| Link |
This issue relates to |
| Link |
This issue is duplicated by |
Test case from MDEV-34035:
SELECT (WITH x AS (SELECT ('POINT(180 90)') AS x) SELECT x FROM x WHERE x IN (SELECT 0.200000 FROM x WHERE (SELECT x FROM (SELECT 2 UNION SELECT 3) AS x GROUP BY (SELECT x)))); |
or slightly simplified:
create table t1 as SELECT 5 x; |
SELECT 5 FROM t1 WHERE 4 IN |
(SELECT |
(SELECT x FROM (SELECT 2 UNION SELECT 3)dt GROUP BY (SELECT x) ) |
FROM t1); |
240430 10:57:37 [ERROR] mysqld got signal 11 ;
|
|
|
Server version: 10.4.34-MariaDB-debug-log source revision: a586b6dbc81b788106cee0f88416c389ae79d26c
|
|
|
sql/signal_handler.cc:235(handle_fatal_signal)[0x55cf42204fbf]
|
sigaction.c:0(__restore_rt)[0x7f9d2c1ef420]
|
sql/sql_select.cc:14427(update_depend_map_for_order(JOIN*, st_order*))[0x55cf41b6192d]
|
sql/sql_select.cc:14523(remove_const(JOIN*, st_order*, Item*, bool, bool*))[0x55cf41b62105]
|
sql/sql_select.cc:2863(JOIN::optimize_stage2())[0x55cf41b06d89]
|
sql/sql_select.cc:2439(JOIN::optimize_inner())[0x55cf41b02260]
|
sql/sql_select.cc:1731(JOIN::optimize())[0x55cf41aface9]
|
sql/sql_lex.cc:4347(st_select_lex::optimize_unflattened_subqueries(bool))[0x55cf419cacf6]
|
sql/opt_subselect.cc:5611(JOIN::optimize_unflattened_subqueries())[0x55cf41f47ee7]
|
sql/sql_select.cc:2987(JOIN::optimize_stage2())[0x55cf41b08383]
|
sql/sql_select.cc:2439(JOIN::optimize_inner())[0x55cf41b02260]
|
sql/sql_select.cc:1731(JOIN::optimize())[0x55cf41aface9]
|
sql/sql_select.cc:4857(mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x55cf41b1c03b]
|
sql/sql_select.cc:442(handle_select(THD*, LEX*, select_result*, unsigned long))[0x55cf41aec73a]
|
sql/sql_parse.cc:6558(execute_sqlcom_select(THD*, TABLE_LIST*))[0x55cf41a5326c]
|
sql/sql_parse.cc:3989(mysql_execute_command(THD*))[0x55cf41a40459]
|
sql/sql_parse.cc:8097(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x55cf41a5c7e7]
|
sql/sql_parse.cc:1860(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x55cf41a32421]
|
sql/sql_parse.cc:1378(do_command(THD*))[0x55cf41a2ef4c]
|
sql/sql_connect.cc:1419(do_handle_one_connection(CONNECT*))[0x55cf41e4515c]
|
sql/sql_connect.cc:1324(handle_one_connection)[0x55cf41e44a00]
|
perfschema/pfs.cc:1871(pfs_spawn_thread)[0x55cf42ae3ffa]
|
nptl/pthread_create.c:478(start_thread)[0x7f9d2c1e3609]
|
|
|
Query (0x62b0000a1290): SELECT 5 FROM t1 WHERE 4 IN
|
(SELECT
|
(SELECT x FROM (SELECT 2 UNION SELECT 3)dt GROUP BY (SELECT x) )
|
FROM t1)
|
| Fix Version/s | 11.0 [ 28320 ] |
| Description |
POC:
{code:sql} CREATE TABLE v0 ( v1 INT , v2 CHAR UNIQUE UNIQUE NOT NULL CHECK ( v2 NOT IN ( v1 > 59 OR v1 > 67 AND FALSE NOT LIKE 'x' , 'x' ) ) ) ; CREATE VIEW v3 AS SELECT DISTINCT 41503055.000000 FROM v0 WHERE v2 ; UPDATE v0 SET v2 = v2 * 0 WHERE v2 IN ( SELECT DISTINCT v2 FROM v0 WHERE EXISTS ( SELECT v1 FROM v3 WHERE v1 = v2 + -1 GROUP BY ( SELECT v2 FROM v0 AS v4 WHERE v2 = 'x' OR v1 = 'x' OR v1 = 'x' GROUP BY v2 HAVING v1 < 'x' ) BETWEEN 44 AND 0 HAVING 2147483647 ) ) ORDER BY v1 IS NULL ; DROP TABLE v3 ; INSERT INTO v0 VALUES ( 15 ) ; {code} Backtrace: Attempting backtrace. You can use the following information to find out where mysqld died. If you see no messages after this, something went terribly wrong... stack_bottom = 0x7f02b8109c00 thread_stack 0x49000 addr2line: DWARF error: invalid or unhandled FORM value: 0x23 ??:0(my_print_stacktrace)[0x56554d0d200b] ??:0(handle_fatal_signal)[0x56554c89b68f] ??:0(__sigaction)[0x7f02baa08520] addr2line: DWARF error: invalid or unhandled FORM value: 0x23 sql_select.cc:0(get_sort_by_table(st_order*, st_order*, List<TABLE_LIST>&, unsigned long long))[0x56554c56656b] sql_select.cc:0(make_join_statistics(JOIN*, List<TABLE_LIST>&, st_dynamic_array*))[0x56554c508744] ??:0(JOIN::optimize_inner())[0x56554c5027db] ??:0(JOIN::optimize())[0x56554c4fd5d6] ??:0(st_select_lex::optimize_unflattened_subqueries(bool))[0x56554c44916c] ??:0(JOIN::optimize_stage2())[0x56554c4ff3c4] ??:0(JOIN::optimize_inner())[0x56554c50232b] ??:0(JOIN::optimize())[0x56554c4fd5d6] ??:0(mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x56554c4f3048] ??:0(mysql_multi_update(THD*, TABLE_LIST*, List<Item>*, List<Item>*, Item*, unsigned long long, enum_duplicates, bool, st_select_lex_unit*, st_select_lex*, multi_update**))[0x56554c611053] ??:0(mysql_execute_command(THD*, bool))[0x56554c492722] ??:0(mysql_parse(THD*, char*, unsigned int, Parser_state*))[0x56554c481aa2] ??:0(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool))[0x56554c47f01b] ??:0(do_command(THD*, bool))[0x56554c4821d1] ??:0(do_handle_one_connection(CONNECT*, bool))[0x56554c68edc5] ??:0(handle_one_connection)[0x56554c68e9f7] :0(pfs_spawn_thread)[0x56554cc1582f] ??:0(pthread_condattr_setpshared)[0x7f02baa5ab43] ??:0(clone)[0x7f02baaebbb4] Trying to get some variables. |
POC:
{code:sql} CREATE TABLE v0 ( v1 INT , v2 CHAR UNIQUE UNIQUE NOT NULL CHECK ( v2 NOT IN ( v1 > 59 OR v1 > 67 AND FALSE NOT LIKE 'x' , 'x' ) ) ) ; CREATE VIEW v3 AS SELECT DISTINCT 41503055.000000 FROM v0 WHERE v2 ; UPDATE v0 SET v2 = v2 * 0 WHERE v2 IN ( SELECT DISTINCT v2 FROM v0 WHERE EXISTS ( SELECT v1 FROM v3 WHERE v1 = v2 + -1 GROUP BY ( SELECT v2 FROM v0 AS v4 WHERE v2 = 'x' OR v1 = 'x' OR v1 = 'x' GROUP BY v2 HAVING v1 < 'x' ) BETWEEN 44 AND 0 HAVING 2147483647 ) ) ORDER BY v1 IS NULL ; DROP TABLE v3 ; INSERT INTO v0 VALUES ( 15 ) ; {code} Backtrace: {noformat} Attempting backtrace. You can use the following information to find out where mysqld died. If you see no messages after this, something went terribly wrong... stack_bottom = 0x7f02b8109c00 thread_stack 0x49000 addr2line: DWARF error: invalid or unhandled FORM value: 0x23 ??:0(my_print_stacktrace)[0x56554d0d200b] ??:0(handle_fatal_signal)[0x56554c89b68f] ??:0(__sigaction)[0x7f02baa08520] addr2line: DWARF error: invalid or unhandled FORM value: 0x23 sql_select.cc:0(get_sort_by_table(st_order*, st_order*, List<TABLE_LIST>&, unsigned long long))[0x56554c56656b] sql_select.cc:0(make_join_statistics(JOIN*, List<TABLE_LIST>&, st_dynamic_array*))[0x56554c508744] ??:0(JOIN::optimize_inner())[0x56554c5027db] ??:0(JOIN::optimize())[0x56554c4fd5d6] ??:0(st_select_lex::optimize_unflattened_subqueries(bool))[0x56554c44916c] ??:0(JOIN::optimize_stage2())[0x56554c4ff3c4] ??:0(JOIN::optimize_inner())[0x56554c50232b] ??:0(JOIN::optimize())[0x56554c4fd5d6] ??:0(mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x56554c4f3048] ??:0(mysql_multi_update(THD*, TABLE_LIST*, List<Item>*, List<Item>*, Item*, unsigned long long, enum_duplicates, bool, st_select_lex_unit*, st_select_lex*, multi_update**))[0x56554c611053] ??:0(mysql_execute_command(THD*, bool))[0x56554c492722] ??:0(mysql_parse(THD*, char*, unsigned int, Parser_state*))[0x56554c481aa2] ??:0(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool))[0x56554c47f01b] ??:0(do_command(THD*, bool))[0x56554c4821d1] ??:0(do_handle_one_connection(CONNECT*, bool))[0x56554c68edc5] ??:0(handle_one_connection)[0x56554c68e9f7] :0(pfs_spawn_thread)[0x56554cc1582f] ??:0(pthread_condattr_setpshared)[0x7f02baa5ab43] ??:0(clone)[0x7f02baaebbb4] {noformat} Trying to get some variables. |
| Summary | Crash in make_join_statistics | Crash in get_sort_by_table / make_join_statistics |
| Link |
This issue relates to |
Here's a more comprehensive test case that cases the same kind of crash:
create table t1 (a int); |
insert into t1 values (3), (7), (1); |
create table t2 (b int); |
insert into t2 values (1), (2); |
create table t3 (c int); |
insert into t3 values (1), (3); |
create table t4 (d int); |
insert into t4 values (1); |
|
|
select c from t3 where c in (select (select a from t2 group by (select a from t4)) from t1); |
EXPLAIN for the query also cause such crash.
When trying to execute the above query we have :
Thread 18 "mysqld" received signal SIGSEGV, Segmentation fault.
|
0x0000555555f73a39 in update_depend_map_for_order (join=0x7fff94037328, order=0x7fff940194b8) at /home/igor/maria-git/10.4-test/sql/sql_select.cc:14560
|
(gdb) cont
|
Continuing.
|
240712 11:43:53 [ERROR] mysqld got signal 11 ;
|
...
|
sql/sql_select.cc:14560(update_depend_map_for_order(JOIN*, st_order*))[0x555555f73a39]
|
sql/sql_select.cc:14656(remove_const(JOIN*, st_order*, Item*, bool, bool*))[0x555555f73d0f]
|
sql/sql_select.cc:2867(JOIN::optimize_stage2())[0x555555f50aa6]
|
sql/sql_select.cc:2440(JOIN::optimize_inner())[0x555555f4f083]
|
sql/sql_select.cc:1765(JOIN::optimize())[0x555555f4c8ce]
|
sql/sql_lex.cc:4959(st_select_lex::optimize_unflattened_subqueries(bool))[0x555555ec801f]
|
sql/opt_subselect.cc:5672(JOIN::optimize_unflattened_subqueries())[0x55555612fb6a]
|
sql/sql_select.cc:2990(JOIN::optimize_stage2())[0x555555f51154]
|
sql/sql_select.cc:2440(JOIN::optimize_inner())[0x555555f4f083]
|
sql/sql_select.cc:1765(JOIN::optimize())[0x555555f4c8ce]
|
sql/sql_select.cc:4897(mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x555555f58103]
|
sql/sql_select.cc:28237(mysql_explain_union(THD*, st_select_lex_unit*, select_result*))[0x555555f993b4]
|
sql/sql_parse.cc:6364(execute_sqlcom_select(THD*, TABLE_LIST*))[0x555555f07766]
|
sql/sql_parse.cc:4030(mysql_execute_command(THD*))[0x555555efed0e]
|
sql/sql_parse.cc:8221(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x555555f0ca58]
|
sql/sql_parse.cc:1895(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x555555ef8723]
|
sql/sql_parse.cc:1377(do_command(THD*))[0x555555ef6e2e]
|
sql/sql_connect.cc:1417(do_handle_one_connection(CONNECT*, bool))[0x5555560b39b0]
|
sql/sql_connect.cc:1321(handle_one_connection)[0x5555560b3721]
|
perfschema/pfs.cc:2203(pfs_spawn_thread)[0x55555661acd6]
|
...
|
Query (0x7fff94015ae0): explain select c from t3 where c in (select (select a from t2 group by (select a from t4)) from t1)
|
I got it with a fresh Debug build built from the current 10.5 tree.
Without semi-join optimization the query works fine:
MariaDB [test]> set optimizer_switch='semijoin=off';
|
Query OK, 0 rows affected (0.000 sec)
|
|
|
MariaDB [test]> select c from t3 where c in (select (select a from t2 group by (select a from t4)) from t1);
|
+------+
|
| c |
|
+------+
|
| 1 |
|
| 3 |
|
+------+
|
2 rows in set (0.006 sec)
|
|
|
MariaDB [test]> explain select c from t3 where c in (select (select a from t2 group by (select a from t4)) from t1);
|
+------+--------------------+-------+------+---------------+------+---------+------+------+---------------------------------+
|
| id | select_type | table | type | possible_keys | key | key_len | ref | rows | Extra |
|
+------+--------------------+-------+------+---------------+------+---------+------+------+---------------------------------+
|
| 1 | PRIMARY | t3 | ALL | NULL | NULL | NULL | NULL | 2 | Using where |
|
| 2 | MATERIALIZED | t1 | ALL | NULL | NULL | NULL | NULL | 3 | |
|
| 3 | DEPENDENT SUBQUERY | t2 | ALL | NULL | NULL | NULL | NULL | 2 | Using temporary; Using filesort |
|
| 4 | DEPENDENT SUBQUERY | t4 | ALL | NULL | NULL | NULL | NULL | 1 | |
|
+------+--------------------+-------+------+---------------+------+---------+------+------+---------------------------------+
|
4 rows in set (0.003 sec)
|
|
|
MariaDB [test]> prepare stmt from "
|
"> select c from t3 where c in (select (select a from t2 group by (select a from t4)) from t1);
|
"> ";
|
Query OK, 0 rows affected (0.001 sec)
|
Statement prepared
|
|
|
MariaDB [test]> execute stmt;
|
+------+
|
| c |
|
+------+
|
| 1 |
|
| 3 |
|
+------+
|
2 rows in set (0.006 sec)
|
|
|
MariaDB [test]> execute stmt;
|
+------+
|
| c |
|
+------+
|
| 1 |
|
| 3 |
|
+------+
|
2 rows in set (0.005 sec)
|
| Link |
This issue relates to |
The new testcase by Igor gives a different stack (SIGSEGV in update_depend_map_for_order) than the original description, and that stack was previously seen in MDEV-28501.
After fixing, please test and include all testcases. Thank you
| Summary | Crash in get_sort_by_table / make_join_statistics | Crash in get_sort_by_table / make_join_statistics / update_depend_map_for_order |
| Fix Version/s | 10.4 [ 22408 ] |
| Fix Version/s | 11.1 [ 28549 ] |
Looking at the case:
select c from t3 where c in (select (select a from t2 group by (select a from t4)) from t1); |
It crashes in update_depend_map_for_order as depend_map has 2 and the join->map2table only has 1 table.
depend_map gets assigned 2 based on Field_fixer::visit_field where at this point the Item_field passed is:
|
t1.a |
(rr) p item->field->table[0].s
|
$25 = (TABLE_SHARE *) 0x7f5fd0219f90
|
(rr) p item->field->table[1].s
|
$26 = (TABLE_SHARE *) 0x185
|
(rr) p item->field->table->map
|
$27 = 2
|
SELECT(WITH x AS(SELECT (0)AS x) SELECT x FROM x WHERE x IN (SELECT 0 FROM x WHERE (SELECT x FROM (SELECT 0 UNION SELECT 0) AS x GROUP BY (SELECT x)))); |
Leads to:
|
CS 11.2.6 12a91b57e27b979819924cf89614e6e51f24b37b (Debug) |
Core was generated by `/test/MD141024-mariadb-11.2.6-linux-x86_64-dbg/bin/mariadbd --no-defaults --max'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 0x000055ca7ed32413 in update_depend_map_for_order (order=0x1538fc01e3f8, join=0x1538fc026600) at /test/11.2_dbg/sql/sql_select.cc:17176
|
|
|
[Current thread is 1 (LWP 3469540)]
|
(gdb) bt
|
#0 0x000055ca7ed32413 in update_depend_map_for_order (order=0x1538fc01e3f8, join=0x1538fc026600) at /test/11.2_dbg/sql/sql_select.cc:17176
|
#1 remove_const (join=join@entry=0x1538fc026600, first_order=<optimized out>, cond=0x0, change_list=true, simple_order=simple_order@entry=0x1538fc026954)at /test/11.2_dbg/sql/sql_select.cc:17289
|
#2 0x000055ca7ed599a4 in JOIN::optimize_stage2 (this=this@entry=0x1538fc026600) at /test/11.2_dbg/sql/sql_select.cc:3190
|
#3 0x000055ca7ed5c956 in JOIN::optimize_inner (this=this@entry=0x1538fc026600)at /test/11.2_dbg/sql/sql_select.cc:2725
|
#4 0x000055ca7ed5ceae in JOIN::optimize (this=this@entry=0x1538fc026600)at /test/11.2_dbg/sql/sql_select.cc:2003
|
#5 0x000055ca7ec9a412 in st_select_lex::optimize_unflattened_subqueries (this=0x1538fc014d90, const_only=const_only@entry=false)at /test/11.2_dbg/sql/sql_lex.cc:5005
|
#6 0x000055ca7eea2f27 in JOIN::optimize_unflattened_subqueries (this=this@entry=0x1538fc024468) at /test/11.2_dbg/sql/opt_subselect.cc:5873
|
#7 0x000055ca7ed5a3f7 in JOIN::optimize_stage2 (this=this@entry=0x1538fc024468) at /test/11.2_dbg/sql/sql_select.cc:3318
|
#8 0x000055ca7ed5c956 in JOIN::optimize_inner (this=this@entry=0x1538fc024468)at /test/11.2_dbg/sql/sql_select.cc:2725
|
#9 0x000055ca7ed5ceae in JOIN::optimize (this=this@entry=0x1538fc024468)at /test/11.2_dbg/sql/sql_select.cc:2003
|
#10 0x000055ca7ec9a412 in st_select_lex::optimize_unflattened_subqueries (this=0x1538fc013958, const_only=const_only@entry=true)at /test/11.2_dbg/sql/sql_lex.cc:5005
|
#11 0x000055ca7eea2f5f in JOIN::optimize_constant_subqueries (this=this@entry=0x1538fc023c10) at /test/11.2_dbg/sql/opt_subselect.cc:5907
|
#12 0x000055ca7ed5b845 in JOIN::optimize_inner (this=this@entry=0x1538fc023c10)at /test/11.2_dbg/sql/sql_select.cc:2345
|
#13 0x000055ca7ed5ceae in JOIN::optimize (this=this@entry=0x1538fc023c10)at /test/11.2_dbg/sql/sql_select.cc:2003
|
#14 0x000055ca7ed5cfce in mysql_select (thd=thd@entry=0x1538fc000d58, tables=0x0, fields=@0x1538fc013c10: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x1538fc01faf8, last = 0x1538fc01faf8, elements = 1}, <No data fields>}, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2164525824, result=0x1538fc023898, unit=0x1538fc0052b0, select_lex=0x1538fc013958) at /test/11.2_dbg/sql/sql_select.cc:5344
|
#15 0x000055ca7ed5d858 in handle_select (thd=thd@entry=0x1538fc000d58, lex=lex@entry=0x1538fc0051d0, result=result@entry=0x1538fc023898, setup_tables_done_option=setup_tables_done_option@entry=0)at /test/11.2_dbg/sql/sql_select.cc:642
|
#16 0x000055ca7ecbb751 in execute_sqlcom_select (thd=thd@entry=0x1538fc000d58, all_tables=0x1538fc0153c8) at /test/11.2_dbg/sql/sql_parse.cc:6177
|
#17 0x000055ca7ecc75bc in mysql_execute_command (thd=thd@entry=0x1538fc000d58, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false)at /test/11.2_dbg/sql/sql_parse.cc:3984
|
#18 0x000055ca7ecce2ce in mysql_parse (thd=thd@entry=0x1538fc000d58, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x15395cbb32a0)at /test/11.2_dbg/sql/sql_parse.cc:7938
|
#19 0x000055ca7ecd0786 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x1538fc000d58, packet=packet@entry=0x1538fc00b319 "SELECT(WITH x AS(SELECT (0)AS x) SELECT x FROM x WHERE x IN (SELECT 0 FROM x WHERE (SELECT x FROM (SELECT 0 UNION SELECT 0) AS x GROUP BY (SELECT x))))", packet_length=packet_length@entry=151, blocking=blocking@entry=true) at /test/11.2_dbg/sql/sql_class.h:248
|
#20 0x000055ca7ecd29c2 in do_command (thd=0x1538fc000d58, blocking=blocking@entry=true) at /test/11.2_dbg/sql/sql_parse.cc:1407
|
#21 0x000055ca7ee3ffe7 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55ca81a20608, put_in_cache=put_in_cache@entry=true)at /test/11.2_dbg/sql/sql_connect.cc:1439
|
#22 0x000055ca7ee402ef in handle_one_connection (arg=arg@entry=0x55ca81a20608)at /test/11.2_dbg/sql/sql_connect.cc:1341
|
#23 0x000055ca7f287f14 in pfs_spawn_thread (arg=0x55ca81973328)at /test/11.2_dbg/storage/perfschema/pfs.cc:2201
|
#24 0x000015395da9ca94 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447
|
#25 0x000015395db29c3c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
And produces the following UBSAN member access within null pointer:
|
CS 11.2.6 66b8d32b7514f46b1467d404d3f9ad688bbfeb4f (Optimized, UBASAN) |
/test/11.2_opt_san/sql/sql_select.cc:17174:35: runtime error: member access within null pointer of type 'struct JOIN_TAB'
|
#0 0x55bff80b72b0 in update_depend_map_for_order /test/11.2_opt_san/sql/sql_select.cc:17174
|
#1 0x55bff80b72b0 in remove_const /test/11.2_opt_san/sql/sql_select.cc:17287
|
#2 0x55bff8207229 in JOIN::optimize_stage2() /test/11.2_opt_san/sql/sql_select.cc:3190
|
#3 0x55bff8211232 in JOIN::optimize_inner() /test/11.2_opt_san/sql/sql_select.cc:2725
|
#4 0x55bff8217ee5 in JOIN::optimize() /test/11.2_opt_san/sql/sql_select.cc:2003
|
#5 0x55bff7c2e352 in st_select_lex::optimize_unflattened_subqueries(bool) /test/11.2_opt_san/sql/sql_lex.cc:5005
|
#6 0x55bff81fcda4 in JOIN::optimize_stage2() /test/11.2_opt_san/sql/sql_select.cc:3318
|
#7 0x55bff8211232 in JOIN::optimize_inner() /test/11.2_opt_san/sql/sql_select.cc:2725
|
#8 0x55bff8217ee5 in JOIN::optimize() /test/11.2_opt_san/sql/sql_select.cc:2003
|
#9 0x55bff7c2e352 in st_select_lex::optimize_unflattened_subqueries(bool) /test/11.2_opt_san/sql/sql_lex.cc:5005
|
#10 0x55bff8a6db87 in JOIN::optimize_constant_subqueries() /test/11.2_opt_san/sql/opt_subselect.cc:5907
|
#11 0x55bff820b368 in JOIN::optimize_inner() /test/11.2_opt_san/sql/sql_select.cc:2345
|
#12 0x55bff8217ee5 in JOIN::optimize() /test/11.2_opt_san/sql/sql_select.cc:2003
|
#13 0x55bff8218686 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/11.2_opt_san/sql/sql_select.cc:5344
|
#14 0x55bff821c550 in handle_select(THD*, LEX*, select_result*, unsigned long long) /test/11.2_opt_san/sql/sql_select.cc:642
|
#15 0x55bff7d51450 in execute_sqlcom_select /test/11.2_opt_san/sql/sql_parse.cc:6177
|
#16 0x55bff7dc175f in mysql_execute_command(THD*, bool) /test/11.2_opt_san/sql/sql_parse.cc:3984
|
#17 0x55bff7dd2482 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.2_opt_san/sql/sql_parse.cc:7938
|
#18 0x55bff7de40da in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.2_opt_san/sql/sql_parse.cc:1894
|
#19 0x55bff7df4486 in do_command(THD*, bool) /test/11.2_opt_san/sql/sql_parse.cc:1407
|
#20 0x55bff87c7efc in do_handle_one_connection(CONNECT*, bool) /test/11.2_opt_san/sql/sql_connect.cc:1439
|
#21 0x55bff87ca52c in handle_one_connection /test/11.2_opt_san/sql/sql_connect.cc:1341
|
#22 0x14a8f5a9ca93 in start_thread nptl/pthread_create.c:447
|
#23 0x14a8f5b29c3b in clone3 ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
|
|
241113 7:25:06 [ERROR] mysqld got signal 11 ;
|
Bug confirmed present in:
MariaDB: 10.5.27 (dbg), 10.5.27 (opt), 10.6.20 (dbg), 10.6.20 (opt), 10.11.10 (dbg), 10.11.10 (opt), 11.2.6 (dbg), 11.2.6 (opt), 11.4.4 (dbg), 11.4.4 (opt), 11.6.2 (dbg), 11.6.2 (opt), 11.7.0 (dbg), 11.7.0 (opt)
Bug (or feature/syntax) confirmed not present in:
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.44 (dbg), 5.7.44 (opt), 8.0.36 (dbg), 8.0.36 (opt), 9.1.0 (dbg), 9.1.0 (opt)
| Fix Version/s | 11.4 [ 29301 ] | |
| Fix Version/s | 11.6 [ 29515 ] | |
| Affects Version/s | 10.5 [ 23123 ] | |
| Affects Version/s | 10.6 [ 24028 ] | |
| Affects Version/s | 10.11 [ 27614 ] | |
| Affects Version/s | 11.2 [ 28603 ] | |
| Affects Version/s | 11.4 [ 29301 ] | |
| Affects Version/s | 11.6 [ 29515 ] | |
| Affects Version/s | 11.7 [ 29815 ] | |
| Affects Version/s | 11.0.2 [ 28706 ] |
| Labels | UBSAN |
| Summary | Crash in get_sort_by_table / make_join_statistics / update_depend_map_for_order | Crash in get_sort_by_table / make_join_statistics / update_depend_map_for_order, UBSAN member access within null pointer in update_depend_map_for_order |
| Fix Version/s | 11.6(EOL) [ 29515 ] |
| Fix Version/s | 11.2(EOL) [ 28603 ] |
| Link | This issue relates to MDEV-35565 [ MDEV-35565 ] |
| Comment | [ I can confirm that all the above crashes are fixed by my patch for MDEV-35565. ] |
| Link | This issue relates to MDEV-35717 [ MDEV-35717 ] |
This testcase somewhat similar to the last one above:
SELECT (WITH x AS(SELECT (NULL) AS x) SELECT x FROM x WHERE x IN (SELECT 0 FROM x WHERE (SELECT x FROM (SELECT 0 UNION SELECT 0) AS x GROUP BY (SELECT x)))); |
Produces (besides also producing this MDEV-35717 stack) this stack (note the aka 'st_join_table'):
|
CS 11.8.0 cacaaebf01939d387645fb850ceeec5392496171 (Debug, UBASAN) |
/test/11.8_dbg_san/sql/sql_select.cc:17227:31: runtime error: member access within null pointer of type 'JOIN_TAB' (aka 'st_join_table')
|
#0 0x5581fc0fcc8f in update_depend_map_for_order(JOIN*, st_order*) /test/11.8_dbg_san/sql/sql_select.cc:17227:31
|
#1 0x5581fc0fcc8f in remove_const(JOIN*, st_order*, Item*, bool, bool*) /test/11.8_dbg_san/sql/sql_select.cc:17340:3
|
#2 0x5581fc0e8e06 in JOIN::optimize_stage2() /test/11.8_dbg_san/sql/sql_select.cc:3190:17
|
#3 0x5581fc0f135e in JOIN::optimize_inner() /test/11.8_dbg_san/sql/sql_select.cc:2725:9
|
#4 0x5581fc0e32a2 in JOIN::optimize() /test/11.8_dbg_san/sql/sql_select.cc:1994:10
|
#5 0x5581fbe96d13 in st_select_lex::optimize_unflattened_subqueries(bool) /test/11.8_dbg_san/sql/sql_lex.cc:5054:31
|
#6 0x5581fc0e7330 in JOIN::optimize_stage2() /test/11.8_dbg_san/sql/sql_select.cc:3550:7
|
#7 0x5581fc0f135e in JOIN::optimize_inner() /test/11.8_dbg_san/sql/sql_select.cc:2725:9
|
#8 0x5581fc0e32a2 in JOIN::optimize() /test/11.8_dbg_san/sql/sql_select.cc:1994:10
|
#9 0x5581fbe96d13 in st_select_lex::optimize_unflattened_subqueries(bool) /test/11.8_dbg_san/sql/sql_lex.cc:5054:31
|
#10 0x5581fc7bd526 in JOIN::optimize_constant_subqueries() /test/11.8_dbg_san/sql/opt_subselect.cc:5900:20
|
#11 0x5581fc0eedf3 in JOIN::optimize_inner() /test/11.8_dbg_san/sql/sql_select.cc:2339:7
|
#12 0x5581fc0e32a2 in JOIN::optimize() /test/11.8_dbg_san/sql/sql_select.cc:1994:10
|
#13 0x5581fc0c4bf8 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/11.8_dbg_san/sql/sql_select.cc:5342:19
|
#14 0x5581fc0c3f12 in handle_select(THD*, LEX*, select_result*, unsigned long long) /test/11.8_dbg_san/sql/sql_select.cc:633:10
|
#15 0x5581fbf99167 in execute_sqlcom_select(THD*, TABLE_LIST*) /test/11.8_dbg_san/sql/sql_parse.cc:6191:12
|
#16 0x5581fbf84d39 in mysql_execute_command(THD*, bool) /test/11.8_dbg_san/sql/sql_parse.cc:3980:12
|
#17 0x5581fbf54588 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.8_dbg_san/sql/sql_parse.cc:7915:18
|
#18 0x5581fbf4864b in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.8_dbg_san/sql/sql_parse.cc:1903:7
|
#19 0x5581fbf56fad in do_command(THD*, bool) /test/11.8_dbg_san/sql/sql_parse.cc:1416:17
|
#20 0x5581fc61a76c in do_handle_one_connection(CONNECT*, bool) /test/11.8_dbg_san/sql/sql_connect.cc:1415:11
|
#21 0x5581fc61a027 in handle_one_connection /test/11.8_dbg_san/sql/sql_connect.cc:1327:5
|
#22 0x5581fb959b5c in asan_thread_start(void*) asan_interceptors.cpp.o
|
#23 0x147a1c89ca93 in start_thread nptl/pthread_create.c:447:8
|
#24 0x147a1c929c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
|
|
SUMMARY: UndefinedBehaviorSanitizer: null-pointer-use /test/11.8_dbg_san/sql/sql_select.cc:17227:31
|
As well as:
|
CS 11.8.0 cacaaebf01939d387645fb850ceeec5392496171 (Debug, UBASAN, Clang) |
/test/11.8_dbg_san/strings/ctype-ascii.h:110:27: runtime error: applying non-zero offset 4 to null pointer
|
#0 0x55de96554b1e in my_strcoll_ascii_4bytes_found /test/11.8_dbg_san/strings/ctype-ascii.h:110:27
|
#1 0x55de96559cce in my_strnncoll_utf8mb3_general1400_as_ci /test/11.8_dbg_san/strings/strcoll.inl:238:24
|
#2 0x55de937e0349 in charset_info_st::streq(st_mysql_const_lex_string, st_mysql_const_lex_string) const /test/11.8_dbg_san/include/m_ctype.h:1073:17
|
#3 0x55de937e0349 in Lex_ident<Compare_ident_ci>::streq(st_mysql_const_lex_string const&) const /test/11.8_dbg_san/sql/lex_ident.h:119:38
|
#4 0x55de93c2a387 in is_infoschema_db(st_mysql_const_lex_string const*) /test/11.8_dbg_san/sql/table.h:3583:34
|
#5 0x55de93c2a387 in st_select_lex::add_table_to_list(THD*, Table_ident*, st_mysql_const_lex_string const*, unsigned long, thr_lock_type, enum_mdl_type, List<Index_hint>*, List<String>*, st_mysql_lex_string*) /test/11.8_dbg_san/sql/sql_parse.cc:8114:21
|
#6 0x55de947d82ae in MYSQLparse(THD*) /test/11.8_dbg_san/sql/sql_yacc.yy:12151:47
|
#7 0x55de93c6affb in parse_sql(THD*, Parser_state*, Object_creation_ctx*, bool) /test/11.8_dbg_san/sql/sql_parse.cc:10328:46
|
#8 0x55de93c14cb4 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.8_dbg_san/sql/sql_parse.cc:7867:15
|
#9 0x55de93c0964b in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.8_dbg_san/sql/sql_parse.cc:1903:7
|
#10 0x55de93c17fad in do_command(THD*, bool) /test/11.8_dbg_san/sql/sql_parse.cc:1416:17
|
#11 0x55de942db76c in do_handle_one_connection(CONNECT*, bool) /test/11.8_dbg_san/sql/sql_connect.cc:1415:11
|
#12 0x55de942db027 in handle_one_connection /test/11.8_dbg_san/sql/sql_connect.cc:1327:5
|
#13 0x55de9361ab5c in asan_thread_start(void*) asan_interceptors.cpp.o
|
#14 0x14b9f1a9ca93 in start_thread nptl/pthread_create.c:447:8
|
#15 0x14b9f1b29c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
|
|
SUMMARY: UndefinedBehaviorSanitizer: nullptr-with-nonzero-offset /test/11.8_dbg_san/strings/ctype-ascii.h:110:27
|
|
CS 11.8.0 cacaaebf01939d387645fb850ceeec5392496171 (Debug, UBASAN, Clang) |
/test/11.8_dbg_san/sql/sql_select.cc:17227:31: runtime error: member access within null pointer of type 'JOIN_TAB' (aka 'st_join_table')
|
#0 0x55de93dbdc8f in update_depend_map_for_order(JOIN*, st_order*) /test/11.8_dbg_san/sql/sql_select.cc:17227:31
|
#1 0x55de93dbdc8f in remove_const(JOIN*, st_order*, Item*, bool, bool*) /test/11.8_dbg_san/sql/sql_select.cc:17340:3
|
#2 0x55de93da9e06 in JOIN::optimize_stage2() /test/11.8_dbg_san/sql/sql_select.cc:3190:17
|
#3 0x55de93db235e in JOIN::optimize_inner() /test/11.8_dbg_san/sql/sql_select.cc:2725:9
|
#4 0x55de93da42a2 in JOIN::optimize() /test/11.8_dbg_san/sql/sql_select.cc:1994:10
|
#5 0x55de93b57d13 in st_select_lex::optimize_unflattened_subqueries(bool) /test/11.8_dbg_san/sql/sql_lex.cc:5054:31
|
#6 0x55de93da8330 in JOIN::optimize_stage2() /test/11.8_dbg_san/sql/sql_select.cc:3550:7
|
#7 0x55de93db235e in JOIN::optimize_inner() /test/11.8_dbg_san/sql/sql_select.cc:2725:9
|
#8 0x55de93da42a2 in JOIN::optimize() /test/11.8_dbg_san/sql/sql_select.cc:1994:10
|
#9 0x55de93b57d13 in st_select_lex::optimize_unflattened_subqueries(bool) /test/11.8_dbg_san/sql/sql_lex.cc:5054:31
|
#10 0x55de9447e526 in JOIN::optimize_constant_subqueries() /test/11.8_dbg_san/sql/opt_subselect.cc:5900:20
|
#11 0x55de93dafdf3 in JOIN::optimize_inner() /test/11.8_dbg_san/sql/sql_select.cc:2339:7
|
#12 0x55de93da42a2 in JOIN::optimize() /test/11.8_dbg_san/sql/sql_select.cc:1994:10
|
#13 0x55de93d85bf8 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/11.8_dbg_san/sql/sql_select.cc:5342:19
|
#14 0x55de93d84f12 in handle_select(THD*, LEX*, select_result*, unsigned long long) /test/11.8_dbg_san/sql/sql_select.cc:633:10
|
#15 0x55de93c5a167 in execute_sqlcom_select(THD*, TABLE_LIST*) /test/11.8_dbg_san/sql/sql_parse.cc:6191:12
|
#16 0x55de93c45d39 in mysql_execute_command(THD*, bool) /test/11.8_dbg_san/sql/sql_parse.cc:3980:12
|
#17 0x55de93c15588 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.8_dbg_san/sql/sql_parse.cc:7915:18
|
#18 0x55de93c0964b in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.8_dbg_san/sql/sql_parse.cc:1903:7
|
#19 0x55de93c17fad in do_command(THD*, bool) /test/11.8_dbg_san/sql/sql_parse.cc:1416:17
|
#20 0x55de942db76c in do_handle_one_connection(CONNECT*, bool) /test/11.8_dbg_san/sql/sql_connect.cc:1415:11
|
#21 0x55de942db027 in handle_one_connection /test/11.8_dbg_san/sql/sql_connect.cc:1327:5
|
#22 0x55de9361ab5c in asan_thread_start(void*) asan_interceptors.cpp.o
|
#23 0x14b9f1a9ca93 in start_thread nptl/pthread_create.c:447:8
|
#24 0x14b9f1b29c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
|
|
SUMMARY: UndefinedBehaviorSanitizer: null-pointer-use /test/11.8_dbg_san/sql/sql_select.cc:17227:31
|
| Labels | UBSAN | UBSAN null-pointer-use |
| Labels | UBSAN null-pointer-use | UBSAN null-pointer-use nullptr-with-nonzero-offset |
| Summary | Crash in get_sort_by_table / make_join_statistics / update_depend_map_for_order, UBSAN member access within null pointer in update_depend_map_for_order | Crash in get_sort_by_table / make_join_statistics / update_depend_map_for_order, various UBSAN pointer issues |
| Link | This issue relates to MDEV-28509 [ MDEV-28509 ] |
| Assignee | Sergei Petrunia [ psergey ] | Rex Johnston [ JIRAUSER52533 ] |
| Link | This issue relates to MDEV-32294 [ MDEV-32294 ] |
Thank you for the report!
I will add the test case to
MDEV-29681to be checked after the patch, it seems to be the same problem.