[MDEV-31022] SIGSEGV in maria_create from create_internal_tmp_table - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Blocker
Resolution: Fixed
Affects Version/s: 11.0, 11.1
Fix Version/s: 11.1.1, 11.0.2
Component/s: Optimizer
Labels:

Description

SET SQL_MODE='';

SET SESSION enforce_storage_engine=Aria;

CREATE TABLE t (c INT,c2 CHAR(1) NOT NULL);

SET @@optimizer_where_cost=1;

SET big_tables=1;

SET @@in_predicate_conversion_threshold=2;

INSERT INTO t (c) VALUES (1);

SELECT * FROM t WHERE c2 IN ('','');

Leads to:

11.1.0 2b61ff8f2221745f0a96855a0feb0825c426f993 (Optimized)
Core was generated by `/test/MD070423-mariadb-11.1.0-linux-x86_64-opt/bin/mariadbd --no-defaults --cor'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 maria_create (
name=0x145bc80529f0 "/test/MD070423-mariadb-11.1.0-linux-x86_64=opt/data/#sql-temptable-56b39-4=1", datafile_type=<optimized out>, keys=2,
keydefs=keydefs@entry=0x145c14172310, columns=2,
columndef=columndef@entry=0x145bc8052830, uniques=0,
uniquedefs=0x145c14172290, ci=0x145c141722b0, flags=260)
at /test/11.1_opt/storage/maria/ma_create.c:574
574 switch (keyseg->type) {
[Current thread is 1 (Thread 0x145c14174700 (LWP 355154))]
(gdb) bt
#0 maria_create (name=0x145bc80529f0 "/test/MD070423-mariadb-11.1.0-linux-x86_64=opt/data/#sql-temptable-56b39-4=1", datafile_type=<optimized out>, keys=2, keydefs=keydefs@entry=0x145c14172310, columns=2, columndef=columndef@entry=0x145bc8052830, uniques=0, uniquedefs=0x145c14172290, ci=0x145c141722b0, flags=260) at /test/11.1_opt/storage/maria/ma_create.c:574
#1 0x00005586010bcee9 in create_internal_tmp_table (table=0x145bc8051e30, keyinfo=<optimized out>, start_recinfo=0x145bc8052830, recinfo=0x145bc8014688, options=<optimized out>) at /test/11.1_opt/sql/sql_select.cc:21946
#2 0x00005586014deeca in ha_partition::pre_direct_update_rows_init (this=0x145bc804cdb8, update_fields=<optimized out>) at /test/11.1_opt/sql/ha_partition.cc:11828
#3 0x000055860101fcb8 in mysql_handle_single_derived (lex=0x145bc8051e30, derived=derived@entry=0x145bc804cdb8, phases=3355462664, phases@entry=96) at /test/11.1_opt/sql/sql_derived.cc:200
#4 0x00005586010b11f0 in st_join_table::preread_init (this=this@entry=0x145bc80553e0) at /test/11.1_opt/sql/sql_select.cc:15666
#5 0x00005586010b13b8 in sub_select (end_of_records=false, join_tab=0x145bc80553e0, join=0x145bc8012288) at /test/11.1_opt/sql/sql_select.cc:23021
#6 sub_select (join=0x145bc8012288, join_tab=0x145bc80553e0, end_of_records=false) at /test/11.1_opt/sql/sql_select.cc:22953
#7 0x00005586010e2049 in do_select (procedure=<optimized out>, join=0x145bc8012288) at /test/11.1_opt/sql/sql_select.cc:22569
#8 JOIN::exec_inner (this=0x145bc8012288) at /test/11.1_opt/sql/sql_select.cc:4897
#9 0x00005586010e24ce in JOIN::exec (this=this@entry=0x145bc8012288) at /test/11.1_opt/sql/sql_select.cc:4674
#10 0x00005586010e061c in mysql_select (thd=0x145bc8000c58, tables=0x145bc8010e38, fields=<optimized out>, conds=0x145bc80117e0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x145bc8012260, unit=0x145bc8004ce0, select_lex=0x145bc8010818) at /test/11.1_opt/sql/sql_select.cc:5155
#11 0x00005586010e0d67 in handle_select (thd=thd@entry=0x145bc8000c58, lex=lex@entry=0x145bc8004c08, result=result@entry=0x145bc8012260, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/11.1_opt/sql/sql_select.cc:611
#12 0x000055860105fbbe in execute_sqlcom_select (thd=0x145bc8000c58, all_tables=0x145bc8010e38) at /test/11.1_opt/sql/sql_parse.cc:6024
#13 0x000055860106d3f2 in mysql_execute_command (thd=0x145bc8000c58, is_called_from_prepared_stmt=<optimized out>) at /test/11.1_opt/sql/sql_parse.cc:3944
#14 0x000055860105aaa5 in mysql_parse (rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, thd=0x145bc8000c58) at /test/11.1_opt/sql/sql_parse.cc:7760
#15 mysql_parse (thd=0x145bc8000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/11.1_opt/sql/sql_parse.cc:7682
#16 0x0000558601066ad2 in dispatch_command (command=COM_QUERY, thd=0x145bc8000c58, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/11.1_opt/sql/sql_class.h:1370
#17 0x00005586010688de in do_command (thd=0x145bc8000c58, blocking=blocking@entry=true) at /test/11.1_opt/sql/sql_parse.cc:1405
#18 0x000055860118722f in do_handle_one_connection (connect=<optimized out>, connect@entry=0x558603e36fe8, put_in_cache=put_in_cache@entry=true) at /test/11.1_opt/sql/sql_connect.cc:1416
#19 0x000055860118751d in handle_one_connection (arg=0x558603e36fe8) at /test/11.1_opt/sql/sql_connect.cc:1318
#20 0x0000145c4108e609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#21 0x0000145c40c7a133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

11.1.0 2b61ff8f2221745f0a96855a0feb0825c426f993 (Debug)
Core was generated by `/test/MD040423-mariadb-11.1.0-linux-x86_64-dbg/bin/mariadbd --no-defaults --cor'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x000055935057dc9f in maria_create (
name=0x14d02c0794e8 "/test/MD040423-mariadb-11.1.0-linux-x86_64-dbg/data/#sql-temptable-11a892-4-1", datafile_type=<optimized out>, keys=2,
keydefs=keydefs@entry=0x14d0680a71f0, columns=2,
columndef=columndef@entry=0x14d02c079318, uniques=0,
uniquedefs=0x14d0680a7170, ci=0x14d0680a7190, flags=260)
at /test/11.1_dbg/storage/maria/ma_create.c:547
[Current thread is 1 (Thread 0x14d0680a9700 (LWP 1157977))]
(gdb) bt
#0 0x000055935057dc9f in maria_create (name=0x14d02c0794e8 "/test/MD040423-mariadb-11.1.0-linux-x86_64-dbg/data/#sql-temptable-11a892-4-1", datafile_type=<optimized out>, keys=2, keydefs=keydefs@entry=0x14d0680a71f0, columns=2, columndef=columndef@entry=0x14d02c079318, uniques=0, uniquedefs=0x14d0680a7170, ci=0x14d0680a7190, flags=260) at /test/11.1_dbg/storage/maria/ma_create.c:547
#1 0x00005593500ea806 in create_internal_tmp_table (table=table@entry=0x14d02c0787d0, keyinfo=<optimized out>, start_recinfo=0x14d02c079318, recinfo=0x14d02c017098, options=<optimized out>) at /test/11.1_dbg/sql/sql_select.cc:21946
#2 0x00005593500319c4 in mysql_derived_create (thd=0x14d02c000d48, lex=<optimized out>, derived=0x14d02c073a08) at /test/11.1_dbg/sql/sql_lex.h:986
#3 0x0000559350032620 in mysql_handle_single_derived (lex=0x14d02c004eb8, derived=derived@entry=0x14d02c073a08, phases=phases@entry=96) at /test/11.1_dbg/sql/sql_derived.cc:200
#4 0x00005593500dc1c3 in st_join_table::preread_init (this=this@entry=0x14d02c07bf28) at /test/11.1_dbg/sql/sql_select.cc:15666
#5 0x00005593500dc754 in sub_select (join=0x14d02c014c88, join_tab=0x14d02c07bf28, end_of_records=false) at /test/11.1_dbg/sql/sql_select.cc:22972
#6 0x0000559350114a88 in do_select (procedure=<optimized out>, join=0x14d02c014c88) at /test/11.1_dbg/sql/sql_select.cc:22569
#7 JOIN::exec_inner (this=this@entry=0x14d02c014c88) at /test/11.1_dbg/sql/sql_select.cc:4897
#8 0x0000559350114fae in JOIN::exec (this=this@entry=0x14d02c014c88) at /test/11.1_dbg/sql/sql_select.cc:4674
#9 0x0000559350112ebb in mysql_select (thd=thd@entry=0x14d02c000d48, tables=<optimized out>, fields=@0x14d02c0134d8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14d02c0137f0, last = 0x14d02c0156d0, elements = 2}, <No data fields>}, conds=0x14d02c0141e0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2164525824, result=0x14d02c014c60, unit=0x14d02c004f90, select_lex=0x14d02c013218) at /test/11.1_dbg/sql/sql_select.cc:5155
#10 0x0000559350113641 in handle_select (thd=thd@entry=0x14d02c000d48, lex=lex@entry=0x14d02c004eb8, result=result@entry=0x14d02c014c60, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/11.1_dbg/sql/sql_select.cc:611
#11 0x000055935007acc5 in execute_sqlcom_select (thd=thd@entry=0x14d02c000d48, all_tables=0x14d02c013838) at /test/11.1_dbg/sql/sql_parse.cc:6024
#12 0x0000559350086efe in mysql_execute_command (thd=thd@entry=0x14d02c000d48, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/11.1_dbg/sql/sql_parse.cc:3944
#13 0x000055935007517c in mysql_parse (thd=thd@entry=0x14d02c000d48, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14d0680a82f0) at /test/11.1_dbg/sql/sql_parse.cc:7760
#14 0x0000559350082718 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14d02c000d48, packet=packet@entry=0x14d02c00ae39 "", packet_length=packet_length@entry=35, blocking=blocking@entry=true) at /test/11.1_dbg/sql/sql_class.h:1370
#15 0x0000559350084b54 in do_command (thd=0x14d02c000d48, blocking=blocking@entry=true) at /test/11.1_dbg/sql/sql_parse.cc:1405
#16 0x00005593501e79c1 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x559352dbbc58, put_in_cache=put_in_cache@entry=true) at /test/11.1_dbg/sql/sql_connect.cc:1416
#17 0x00005593501e7e90 in handle_one_connection (arg=0x559352dbbc58) at /test/11.1_dbg/sql/sql_connect.cc:1318
#18 0x000014d080d68609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#19 0x000014d080954133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Bug confirmed present in:
MariaDB: 11.1.0 (dbg), 11.1.0 (opt)

Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.4.29 (dbg), 10.4.29 (opt), 10.5.20 (dbg), 10.5.20 (opt), 10.6.13 (dbg), 10.6.13 (opt), 10.8.8 (dbg), 10.8.8 (opt), 10.9.6 (opt),10.9.6 (dbg), 10.10.4 (dbg), 10.10.4 (opt), 10.11.3 (opt), 10.11.3 (dbg)

Attachments

Issue Links

is caused by

MDEV-30540 Wrong result with IN list length reaching IN_PREDICATE_CONVERSION_THRESHOLD

Closed

SIGSEGV in maria_create from create_internal_tmp_table

Details

Description

Attachments

Issue Links

Activity

People

Dates

Git Integration