Details
-
Bug
-
Status: Open (View Workflow)
-
Major
-
Resolution: Unresolved
-
10.4(EOL), 10.5, 10.6, 10.7(EOL), 10.8(EOL), 10.9(EOL), 10.10(EOL), 10.11, 11.0(EOL)
Description
SELECT x FROM (SELECT * FROM (SELECT 1 AS x) AS x) AS x WHERE x IN (SELECT * FROM (SELECT 1) AS x WHERE x IN (SELECT x IN (SELECT 1) AS x)) GROUP BY x HAVING NOT x; |
Leads to (please note the difference between dbg and opt stacks):
11.0.1 f2dc4d4c10ac36a73b5c1eb765352d3aee808d66 (Optimized) |
Core was generated by `/test/MD180223-mariadb-11.0.1-linux-x86_64-opt/bin/mariadbd --no-defaults --cor'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 0x000055efef34bbbb in Item_field::used_tables (this=0x14864001ec28)
|
at /test/11.0_opt/sql/item.cc:3510
|
3510 if (field->table->const_table)
|
[Current thread is 1 (Thread 0x148678129640 (LWP 3105045))]
|
(gdb) bt
|
#0 0x000055efef34bbbb in Item_field::used_tables (this=0x14864001ec28) at /test/11.0_opt/sql/item.cc:3510
|
#1 0x000055efef34c0b3 in Item_direct_view_ref::used_tables (this=0x14864001f3e0) at /test/11.0_opt/sql/item.cc:10831
|
#2 Item_direct_view_ref::used_tables (this=0x14864001f3e0) at /test/11.0_opt/sql/item.cc:10822
|
#3 0x000055efef08e379 in Item::pushable_equality_checker_for_derived (this=this@entry=0x14864001f3e0, arg=arg@entry=0x148640016a88 "\001") at /test/11.0_opt/sql/item.h:2720
|
#4 0x000055efef36c206 in Item_equal::create_pushable_equalities (this=this@entry=0x148640024de0, thd=thd@entry=0x148640000c68, equalities=equalities@entry=0x148678126f30, checker=<optimized out>, arg=arg@entry=0x148640016a88 "\001", clone_const=true) at /test/11.0_opt/sql/item_cmpfunc.cc:7747
|
#5 0x000055efef347a88 in Item::build_pushable_cond (this=0x148640024de0, thd=0x148640000c68, checker=<optimized out>, arg=0x148640016a88 "\001") at /test/11.0_opt/sql/item.cc:7695
|
#6 0x000055efef347983 in Item::build_pushable_cond (this=this@entry=0x148640024ad0, thd=thd@entry=0x148640000c68, checker=<optimized out>, arg=0x148640016a88 "\001") at /test/11.0_opt/sql/item.cc:7665
|
#7 0x000055efef08d06f in pushdown_cond_for_derived (thd=0x148640000c68, cond=0x148640024ad0, derived=derived@entry=0x148640012428) at /test/11.0_opt/sql/sql_derived.cc:1539
|
#8 0x000055efef14bf82 in JOIN::optimize_inner (this=0x14864001d5a0) at /test/11.0_opt/sql/sql_select.cc:2384
|
#9 0x000055efef14ce6a in JOIN::optimize (this=this@entry=0x14864001d5a0) at /test/11.0_opt/sql/sql_select.cc:1897
|
#10 0x000055efef14cf5e in mysql_select (thd=0x148640000c68, tables=0x1486400133d0, fields=@0x148640010d40: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x148640011060, last = 0x148640011060, elements = 1}, <No data fields>}, conds=0x14864001c690, og_num=1, order=0x0, group=0x14864001ca28, having=0x14864001cb90, proc_param=0x0, select_options=<optimized out>, result=0x14864001cc88, unit=0x148640004cf0, select_lex=0x148640010a88) at /test/11.0_opt/sql/sql_select.cc:5132
|
#11 0x000055efef14d6f4 in handle_select (thd=thd@entry=0x148640000c68, lex=lex@entry=0x148640004c18, result=result@entry=0x14864001cc88, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/11.0_opt/sql/sql_select.cc:608
|
#12 0x000055efef0c6ee5 in execute_sqlcom_select (thd=0x148640000c68, all_tables=0x1486400133d0) at /test/11.0_opt/sql/sql_parse.cc:6267
|
#13 0x000055efef0d5f00 in mysql_execute_command (thd=0x148640000c68, is_called_from_prepared_stmt=<optimized out>) at /test/11.0_opt/sql/sql_parse.cc:3949
|
#14 0x000055efef0d7794 in mysql_parse (rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, thd=0x148640000c68) at /test/11.0_opt/sql/sql_parse.cc:8002
|
#15 mysql_parse (thd=0x148640000c68, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/11.0_opt/sql/sql_parse.cc:7924
|
#16 0x000055efef0d9d72 in dispatch_command (command=COM_QUERY, thd=0x148640000c68, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/11.0_opt/sql/sql_parse.cc:1991
|
#17 0x000055efef0db510 in do_command (thd=0x148640000c68, blocking=blocking@entry=true) at /test/11.0_opt/sql/sql_parse.cc:1407
|
#18 0x000055efef1f3717 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55eff1380e88, put_in_cache=put_in_cache@entry=true) at /test/11.0_opt/sql/sql_connect.cc:1416
|
#19 0x000055efef1f39ed in handle_one_connection (arg=0x55eff1380e88) at /test/11.0_opt/sql/sql_connect.cc:1318
|
#20 0x000014869cc19b43 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
|
#21 0x000014869ccaba00 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
|
11.0.1 f2dc4d4c10ac36a73b5c1eb765352d3aee808d66 (Debug) |
Core was generated by `/test/MD180223-mariadb-11.0.1-linux-x86_64-dbg/bin/mariadbd --no-defaults --cor'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 0x000055ade0c16e45 in Item_field::used_tables (this=0x15081c021618)
|
at /test/11.0_dbg/sql/item.cc:3510
|
3510 if (field->table->const_table)
|
[Current thread is 1 (Thread 0x150890ceb640 (LWP 3105030))]
|
(gdb) bt
|
#0 0x000055ade0c16e45 in Item_field::used_tables (this=0x15081c021618) at /test/11.0_dbg/sql/item.cc:3510
|
#1 0x000055ade0c1734a in Item_direct_view_ref::used_tables (this=0x15081c021dd0) at /test/11.0_dbg/sql/item.cc:10831
|
#2 0x000055ade08caf8b in Item::pushable_equality_checker_for_derived (this=<optimized out>, arg=0x15081c019458 "\001") at /test/11.0_dbg/sql/item.h:2720
|
#3 0x000055ade0c3da2c in Item_equal::create_pushable_equalities (this=this@entry=0x15081c0278f8, thd=thd@entry=0x15081c000d58, equalities=equalities@entry=0x150890ce9590, checker=<optimized out>, arg=arg@entry=0x15081c019458 "\001", clone_const=true) at /test/11.0_dbg/sql/item_cmpfunc.cc:7747
|
#4 0x000055ade0c121a8 in Item::build_pushable_cond (this=0x15081c0278f8, thd=0x15081c000d58, checker=<optimized out>, arg=0x15081c019458 "\001") at /test/11.0_dbg/sql/item.cc:7695
|
#5 0x000055ade0c1204c in Item::build_pushable_cond (this=this@entry=0x15081c0275e8, thd=thd@entry=0x15081c000d58, checker=<optimized out>, arg=0x15081c019458 "\001") at /test/11.0_dbg/sql/item.cc:7665
|
#6 0x000055ade08c99f1 in pushdown_cond_for_derived (thd=0x15081c000d58, cond=0x15081c0275e8, derived=derived@entry=0x15081c014df8) at /test/11.0_dbg/sql/sql_derived.cc:1539
|
#7 0x000055ade09a2efb in JOIN::optimize_inner (this=this@entry=0x15081c01ff70) at /test/11.0_dbg/sql/sql_select.cc:2384
|
#8 0x000055ade09a39bc in JOIN::optimize (this=this@entry=0x15081c01ff70) at /test/11.0_dbg/sql/sql_select.cc:1897
|
#9 0x000055ade09a3ac5 in mysql_select (thd=thd@entry=0x15081c000d58, tables=0x15081c015da0, fields=@0x15081c013710: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x15081c013a30, last = 0x15081c013a30, elements = 1}, <No data fields>}, conds=0x15081c01f060, og_num=1, order=0x0, group=0x15081c01f3f8, having=0x15081c01f560, proc_param=0x0, select_options=2164525824, result=0x15081c01f658, unit=0x15081c004fa0, select_lex=0x15081c013458) at /test/11.0_dbg/sql/sql_select.cc:5132
|
#10 0x000055ade09a428b in handle_select (thd=thd@entry=0x15081c000d58, lex=lex@entry=0x15081c004ec8, result=result@entry=0x15081c01f658, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/11.0_dbg/sql/sql_select.cc:608
|
#11 0x000055ade0909e8d in execute_sqlcom_select (thd=thd@entry=0x15081c000d58, all_tables=0x15081c015da0) at /test/11.0_dbg/sql/sql_parse.cc:6267
|
#12 0x000055ade09154af in mysql_execute_command (thd=thd@entry=0x15081c000d58, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/11.0_dbg/sql/sql_parse.cc:3949
|
#13 0x000055ade091c7cf in mysql_parse (thd=thd@entry=0x15081c000d58, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x150890cea2c0) at /test/11.0_dbg/sql/sql_parse.cc:8002
|
#14 0x000055ade091e963 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x15081c000d58, packet=packet@entry=0x15081c00ae19 "SELECT x FROM (SELECT * FROM (SELECT 1 AS x) AS x) AS x WHERE x IN (SELECT * FROM (SELECT 1) AS x WHERE x IN (SELECT x IN (SELECT 1) AS x)) GROUP BY x HAVING NOT x", packet_length=packet_length@entry=163, blocking=blocking@entry=true) at /test/11.0_dbg/sql/sql_class.h:242
|
#15 0x000055ade09207bc in do_command (thd=0x15081c000d58, blocking=blocking@entry=true) at /test/11.0_dbg/sql/sql_parse.cc:1407
|
#16 0x000055ade0a716e2 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55ade4a04fe8, put_in_cache=put_in_cache@entry=true) at /test/11.0_dbg/sql/sql_connect.cc:1416
|
#17 0x000055ade0a71941 in handle_one_connection (arg=0x55ade4a04fe8) at /test/11.0_dbg/sql/sql_connect.cc:1318
|
#18 0x00001508bf7cdb43 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
|
#19 0x00001508bf85fa00 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
|
11.0.1 4d09050ca77a7efac4565d46e4bcd85a5f210c53 (Optimized, UBASAN) |
/test/11.0_opt_san/sql/item.cc:3512:14: runtime error: member access within null pointer of type 'struct Field'
|
#0 0x56468270486e in Item_field::used_tables() const /test/11.0_opt_san/sql/item.cc:3512
|
#1 0x564682707b5f in Item_direct_view_ref::used_tables() const /test/11.0_opt_san/sql/item.cc:10815
|
#2 0x564680e4ac8c in Item::pushable_equality_checker_for_derived(unsigned char*) /test/11.0_opt_san/sql/item.h:2714
|
#3 0x56468289471e in Item_equal::create_pushable_equalities(THD*, List<Item>*, bool (Item::*)(unsigned char*), unsigned char*, bool) /test/11.0_opt_san/sql/item_cmpfunc.cc:7716
|
#4 0x5646826d546f in Item::build_pushable_cond(THD*, bool (Item::*)(unsigned char*), unsigned char*) /test/11.0_opt_san/sql/item.cc:7679
|
#5 0x5646826d5c0f in Item::build_pushable_cond(THD*, bool (Item::*)(unsigned char*), unsigned char*) /test/11.0_opt_san/sql/item.cc:7649
|
#6 0x564680e3fadc in pushdown_cond_for_derived(THD*, Item*, TABLE_LIST*) /test/11.0_opt_san/sql/sql_derived.cc:1537
|
#7 0x5646814d076d in JOIN::optimize_inner() /test/11.0_opt_san/sql/sql_select.cc:2349
|
#8 0x5646814d6430 in JOIN::optimize() /test/11.0_opt_san/sql/sql_select.cc:1870
|
#9 0x5646814d6ac6 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/11.0_opt_san/sql/sql_select.cc:5066
|
#10 0x5646814da8e0 in handle_select(THD*, LEX*, select_result*, unsigned long long) /test/11.0_opt_san/sql/sql_select.cc:581
|
#11 0x564681082f60 in execute_sqlcom_select /test/11.0_opt_san/sql/sql_parse.cc:6265
|
#12 0x5646810e8827 in mysql_execute_command(THD*, bool) /test/11.0_opt_san/sql/sql_parse.cc:3949
|
#13 0x5646810f9542 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.0_opt_san/sql/sql_parse.cc:8000
|
#14 0x564681106fa5 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.0_opt_san/sql/sql_parse.cc:1894
|
#15 0x564681110700 in do_command(THD*, bool) /test/11.0_opt_san/sql/sql_parse.cc:1407
|
#16 0x5646819f103c in do_handle_one_connection(CONNECT*, bool) /test/11.0_opt_san/sql/sql_connect.cc:1416
|
#17 0x5646819f363c in handle_one_connection /test/11.0_opt_san/sql/sql_connect.cc:1318
|
#18 0x15352e0efb42 in start_thread nptl/pthread_create.c:442
|
#19 0x15352e1819ff (/lib/x86_64-linux-gnu/libc.so.6+0x1269ff)
|
Bug confirmed present in:
MariaDB: 10.4.29 (dbg), 10.4.29 (opt), 10.5.20 (dbg), 10.5.20 (opt), 10.6.13 (dbg), 10.6.13 (opt), 10.7.8 (dbg), 10.7.8 (opt), 10.8.8 (dbg), 10.8.8 (opt), 10.9.6 (dbg), 10.9.6 (opt), 10.10.4 (dbg), 10.10.4 (opt), 10.11.2 (dbg), 10.11.2 (opt), 11.0.1 (dbg), 11.0.1 (opt)
Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.3.38 (dbg), 10.3.38 (opt)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.40 (dbg), 5.7.40 (opt), 8.0.31 (dbg), 8.0.31 (opt)
Attachments
Issue Links
- relates to
-
MDEV-19817 Server crashes in Multiupdate_prelocking_strategy::handle_end upon UPDATE with view and foreign key
- Open