[MDEV-31116] SIGSEGV in test_if_skip_sort_order|JOIN::optimize_stage2 - Jira

Ramesh Sivaraman created issue - 2023-04-24 05:03

Elena Stepanova made changes - 2023-09-08 17:16

Field	Original Value	New Value
Component/s		Optimizer [ 10200 ]

Elena Stepanova added a comment - 2023-09-08 17:32

Description converted into an MTR test case:

--source include/have_innodb.inc

CREATE TABLE t (a BINARY(2),b BINARY(1),KEY(a)) ENGINE=InnoDB;

INSERT INTO t (a) VALUES (''),(''),(''),(''),(''),(''),(''),(''),(''),(''),(''),(''),('');

SELECT * FROM t WHERE a IN (SELECT a FROM t WHERE a >'') ORDER BY a LIMIT 1;

# Cleanup

DROP TABLE t;

Elena Stepanova added a comment - 2023-09-08 17:32 Description converted into an MTR test case: --source include/have_innodb.inc CREATE TABLE t (a BINARY (2),b BINARY (1), KEY (a)) ENGINE=InnoDB; INSERT INTO t (a) VALUES ( '' ),( '' ),( '' ),( '' ),( '' ),( '' ),( '' ),( '' ),( '' ),( '' ),( '' ),( '' ),( '' ); SELECT * FROM t WHERE a IN ( SELECT a FROM t WHERE a > '' ) ORDER BY a LIMIT 1; # Cleanup DROP TABLE t;

Elena Stepanova added a comment - 2023-09-08 17:37

Test case with UPDATE. Unfortunately since the stack trace is generic, and EXPLAINs also fail, it's hard to say whether it's the same problem or not. Maybe not, since the test case below requires not_null_range_scan, but filing it separately doesn't make much sense until the one in the description is fixed.

CREATE TABLE t1 (a INT, b INT, KEY(b));

INSERT INTO t1 VALUES (1,1),(2,2),(3,3),(4,4),(5,5),(6,6),(7,7),(8,8),(9,9);

CREATE TABLE t2 (a INT, b INT);

INSERT INTO t2 VALUES (1,1),(2,2);

SET optimizer_switch= 'not_null_range_scan=on', optimizer_search_depth= 1;

UPDATE t1 NATURAL JOIN t2 SET t1.a = t2.b ORDER BY b LIMIT 1;

# Cleanup

DROP TABLE t1, t2;

11.0 5f6e9874
#3 <signal handler called>
#4 0x0000559736db794b in test_if_skip_sort_order (tab=0x629000271238, order=0x6290000e7e60, select_limit=1, no_changes=false, map=0x61900009ac30) at /data/src/11.0/sql/sql_select.cc:26421
#5 0x0000559736d0cfa0 in JOIN::optimize_stage2 (this=0x6290000e8f70) at /data/src/11.0/sql/sql_select.cc:3344
#6 0x0000559736d05983 in JOIN::optimize_inner (this=0x6290000e8f70) at /data/src/11.0/sql/sql_select.cc:2633
#7 0x0000559736cfe6d7 in JOIN::optimize (this=0x6290000e8f70) at /data/src/11.0/sql/sql_select.cc:1935
#8 0x0000559736d200cf in mysql_select (thd=0x62b00007e218, tables=0x6290000e6388, fields=..., conds=0x0, og_num=1, order=0x6290000e7e60, group=0x0, having=0x0, proc_param=0x0, select_options=37383395344512, result=0x6290000e8e30, unit=0x62b000082698, select_lex=0x62b000082ec8) at /data/src/11.0/sql/sql_select.cc:5168
#9 0x0000559736f8e0e5 in mysql_multi_update (thd=0x62b00007e218, table_list=0x6290000e6388, fields=0x62b000083180, values=0x62b0000835d8, conds=0x0, options=0, handle_duplicates=DUP_ERROR, ignore=false, unit=0x62b000082698, select_lex=0x62b000082ec8, result=0x7fbe2bc83ec0) at /data/src/11.0/sql/sql_update.cc:1990
#10 0x0000559736c08294 in mysql_execute_command (thd=0x62b00007e218, is_called_from_prepared_stmt=false) at /data/src/11.0/sql/sql_parse.cc:4503
#11 0x0000559736c21172 in mysql_parse (thd=0x62b00007e218, rawbuf=0x6290000e6238 "UPDATE t1 NATURAL JOIN t2 SET t1.a = t2.b ORDER BY b LIMIT 1", length=60, parser_state=0x7fbe2bc849e0) at /data/src/11.0/sql/sql_parse.cc:8031
#12 0x0000559736bf6f70 in dispatch_command (command=COM_QUERY, thd=0x62b00007e218, packet=0x629000258219 "UPDATE t1 NATURAL JOIN t2 SET t1.a = t2.b ORDER BY b LIMIT 1", packet_length=60, blocking=true) at /data/src/11.0/sql/sql_parse.cc:1894
#13 0x0000559736bf3c89 in do_command (thd=0x62b00007e218, blocking=true) at /data/src/11.0/sql/sql_parse.cc:1407
#14 0x00005597370b9422 in do_handle_one_connection (connect=0x608000002d38, put_in_cache=true) at /data/src/11.0/sql/sql_connect.cc:1416
#15 0x00005597370b8de3 in handle_one_connection (arg=0x608000002cb8) at /data/src/11.0/sql/sql_connect.cc:1318
#16 0x0000559737c968ca in pfs_spawn_thread (arg=0x617000005b98) at /data/src/11.0/storage/perfschema/pfs.cc:2201
#17 0x00007fbe334a7fd4 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
#18 0x00007fbe335285bc in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

Elena Stepanova added a comment - 2023-09-08 17:37 Test case with UPDATE. Unfortunately since the stack trace is generic, and EXPLAINs also fail, it's hard to say whether it's the same problem or not. Maybe not, since the test case below requires not_null_range_scan , but filing it separately doesn't make much sense until the one in the description is fixed. CREATE TABLE t1 (a INT , b INT , KEY (b)); INSERT INTO t1 VALUES (1,1),(2,2),(3,3),(4,4),(5,5),(6,6),(7,7),(8,8),(9,9); CREATE TABLE t2 (a INT , b INT ); INSERT INTO t2 VALUES (1,1),(2,2); SET optimizer_switch= 'not_null_range_scan=on' , optimizer_search_depth= 1; UPDATE t1 NATURAL JOIN t2 SET t1.a = t2.b ORDER BY b LIMIT 1; # Cleanup DROP TABLE t1, t2; 11.0 5f6e9874 #3 <signal handler called> #4 0x0000559736db794b in test_if_skip_sort_order (tab=0x629000271238, order=0x6290000e7e60, select_limit=1, no_changes=false, map=0x61900009ac30) at /data/src/11.0/sql/sql_select.cc:26421 #5 0x0000559736d0cfa0 in JOIN::optimize_stage2 (this=0x6290000e8f70) at /data/src/11.0/sql/sql_select.cc:3344 #6 0x0000559736d05983 in JOIN::optimize_inner (this=0x6290000e8f70) at /data/src/11.0/sql/sql_select.cc:2633 #7 0x0000559736cfe6d7 in JOIN::optimize (this=0x6290000e8f70) at /data/src/11.0/sql/sql_select.cc:1935 #8 0x0000559736d200cf in mysql_select (thd=0x62b00007e218, tables=0x6290000e6388, fields=..., conds=0x0, og_num=1, order=0x6290000e7e60, group=0x0, having=0x0, proc_param=0x0, select_options=37383395344512, result=0x6290000e8e30, unit=0x62b000082698, select_lex=0x62b000082ec8) at /data/src/11.0/sql/sql_select.cc:5168 #9 0x0000559736f8e0e5 in mysql_multi_update (thd=0x62b00007e218, table_list=0x6290000e6388, fields=0x62b000083180, values=0x62b0000835d8, conds=0x0, options=0, handle_duplicates=DUP_ERROR, ignore=false, unit=0x62b000082698, select_lex=0x62b000082ec8, result=0x7fbe2bc83ec0) at /data/src/11.0/sql/sql_update.cc:1990 #10 0x0000559736c08294 in mysql_execute_command (thd=0x62b00007e218, is_called_from_prepared_stmt=false) at /data/src/11.0/sql/sql_parse.cc:4503 #11 0x0000559736c21172 in mysql_parse (thd=0x62b00007e218, rawbuf=0x6290000e6238 "UPDATE t1 NATURAL JOIN t2 SET t1.a = t2.b ORDER BY b LIMIT 1", length=60, parser_state=0x7fbe2bc849e0) at /data/src/11.0/sql/sql_parse.cc:8031 #12 0x0000559736bf6f70 in dispatch_command (command=COM_QUERY, thd=0x62b00007e218, packet=0x629000258219 "UPDATE t1 NATURAL JOIN t2 SET t1.a = t2.b ORDER BY b LIMIT 1", packet_length=60, blocking=true) at /data/src/11.0/sql/sql_parse.cc:1894 #13 0x0000559736bf3c89 in do_command (thd=0x62b00007e218, blocking=true) at /data/src/11.0/sql/sql_parse.cc:1407 #14 0x00005597370b9422 in do_handle_one_connection (connect=0x608000002d38, put_in_cache=true) at /data/src/11.0/sql/sql_connect.cc:1416 #15 0x00005597370b8de3 in handle_one_connection (arg=0x608000002cb8) at /data/src/11.0/sql/sql_connect.cc:1318 #16 0x0000559737c968ca in pfs_spawn_thread (arg=0x617000005b98) at /data/src/11.0/storage/perfschema/pfs.cc:2201 #17 0x00007fbe334a7fd4 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442 #18 0x00007fbe335285bc in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

Alice Sherepa made changes - 2023-10-25 08:48

Description

{code:sql}
SET sql_select_limit=1;
CREATE TABLE t (a BINARY (2),b BINARY (1),KEY(a));
INSERT INTO t (a) VALUES (''),(''),(''),(''),(''),(''),(''),(''),(''),(''),(''),(''),(''),('');
SELECT * FROM t WHERE a IN (SELECT a FROM t WHERE a >'') ORDER BY a;
{code}

Leads to:

{noformat:title=11.1.0 2b61ff8f2221745f0a96855a0feb0825c426f993 (Optimized)}
Core was generated by `/test/MD040423-mariadb-11.1.0-linux-x86_64-opt/bin/mariadbd --no-defaults --cor'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 test_if_skip_sort_order (tab=tab@entry=0x14627c04e790,
    order=<optimized out>, select_limit=<optimized out>,
    no_changes=no_changes@entry=false, map=<optimized out>)
    at /test/11.1_opt/sql/sql_select.cc:26061
[Current thread is 1 (Thread 0x1462cdb7a700 (LWP 2680953))]
(gdb) bt
#0 test_if_skip_sort_order (tab=tab@entry=0x14627c04e790, order=<optimized out>, select_limit=<optimized out>, no_changes=no_changes@entry=false, map=<optimized out>) at /test/11.1_opt/sql/sql_select.cc:26061
#1 0x000055fd884899c8 in JOIN::optimize_stage2 (this=<optimized out>) at /test/11.1_opt/sql/sql_select.cc:3311
#2 0x000055fd8848cc02 in JOIN::optimize_inner (this=0x14627c013dc8) at /test/11.1_opt/sql/sql_select.cc:2600
#3 0x000055fd8848eee0 in JOIN::optimize (this=this@entry=0x14627c013dc8) at /test/11.1_opt/sql/sql_select.cc:1902
#4 0x000055fd8848efd1 in mysql_select (thd=0x14627c000c58, tables=0x14627c010e78, fields=<optimized out>, conds=0x14627c013050, og_num=1, order=0x14627c013c48, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x14627c013da0, unit=0x14627c004ce0, select_lex=0x14627c010858) at /test/11.1_opt/sql/sql_select.cc:5141
#5 0x000055fd8848f777 in handle_select (thd=thd@entry=0x14627c000c58, lex=lex@entry=0x14627c004c08, result=result@entry=0x14627c013da0, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/11.1_opt/sql/sql_select.cc:611
#6 0x000055fd8840f04e in execute_sqlcom_select (thd=0x14627c000c58, all_tables=0x14627c010e78) at /test/11.1_opt/sql/sql_parse.cc:6024
#7 0x000055fd8841c8e2 in mysql_execute_command (thd=0x14627c000c58, is_called_from_prepared_stmt=<optimized out>) at /test/11.1_opt/sql/sql_parse.cc:3944
#8 0x000055fd88409f25 in mysql_parse (rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, thd=0x14627c000c58) at /test/11.1_opt/sql/sql_parse.cc:7760
#9 mysql_parse (thd=0x14627c000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/11.1_opt/sql/sql_parse.cc:7682
#10 0x000055fd88415fc2 in dispatch_command (command=COM_QUERY, thd=0x14627c000c58, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/11.1_opt/sql/sql_class.h:1370
#11 0x000055fd88417dce in do_command (thd=0x14627c000c58, blocking=blocking@entry=true) at /test/11.1_opt/sql/sql_parse.cc:1405
#12 0x000055fd885351ef in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55fd8bf4c968, put_in_cache=put_in_cache@entry=true) at /test/11.1_opt/sql/sql_connect.cc:1416
#13 0x000055fd885354dd in handle_one_connection (arg=0x55fd8bf4c968) at /test/11.1_opt/sql/sql_connect.cc:1318
#14 0x00001462eb629609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#15 0x00001462eb215133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
{noformat}

{noformat:title=11.1.0 2b61ff8f2221745f0a96855a0feb0825c426f993 (Debug)}
Core was generated by `/test/MD040423-mariadb-11.1.0-linux-x86_64-dbg/bin/mariadbd --no-defaults --cor'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x000055e0cfa4824b in test_if_skip_sort_order (
    tab=tab@entry=0x1523c80713f8, order=0x1523c8016648,
    select_limit=<optimized out>, no_changes=no_changes@entry=false,
    map=<optimized out>) at /test/11.1_dbg/sql/sql_select.cc:26061
[Current thread is 1 (Thread 0x1523f4611700 (LWP 2681179))]
(gdb) bt
#0 0x000055e0cfa4824b in test_if_skip_sort_order (tab=tab@entry=0x1523c80713f8, order=0x1523c8016648, select_limit=<optimized out>, no_changes=no_changes@entry=false, map=<optimized out>) at /test/11.1_dbg/sql/sql_select.cc:26061
#1 0x000055e0cfa63908 in JOIN::optimize_stage2 (this=this@entry=0x1523c80167c8) at /test/11.1_dbg/sql/sql_select.cc:3311
#2 0x000055e0cfa6596d in JOIN::optimize_inner (this=this@entry=0x1523c80167c8) at /test/11.1_dbg/sql/sql_select.cc:2600
#3 0x000055e0cfa65d53 in JOIN::optimize (this=this@entry=0x1523c80167c8) at /test/11.1_dbg/sql/sql_select.cc:1902
#4 0x000055e0cfa65e5c in mysql_select (thd=thd@entry=0x1523c8000d48, tables=<optimized out>, fields=@0x1523c8013518: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x1523c8013830, last = 0x1523c80170f0, elements = 2}, <No data fields>}, conds=0x1523c8015a50, og_num=1, order=0x1523c8016648, group=0x0, having=0x0, proc_param=0x0, select_options=2164525824, result=0x1523c80167a0, unit=0x1523c8004f90, select_lex=0x1523c8013258) at /test/11.1_dbg/sql/sql_select.cc:5141
#5 0x000055e0cfa66641 in handle_select (thd=thd@entry=0x1523c8000d48, lex=lex@entry=0x1523c8004eb8, result=result@entry=0x1523c80167a0, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/11.1_dbg/sql/sql_select.cc:611
#6 0x000055e0cf9cdcc5 in execute_sqlcom_select (thd=thd@entry=0x1523c8000d48, all_tables=0x1523c8013878) at /test/11.1_dbg/sql/sql_parse.cc:6024
#7 0x000055e0cf9d9efe in mysql_execute_command (thd=thd@entry=0x1523c8000d48, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/11.1_dbg/sql/sql_parse.cc:3944
#8 0x000055e0cf9c817c in mysql_parse (thd=thd@entry=0x1523c8000d48, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x1523f46102f0) at /test/11.1_dbg/sql/sql_parse.cc:7760
#9 0x000055e0cf9d5718 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x1523c8000d48, packet=packet@entry=0x1523c800ae39 "SELECT * FROM t WHERE a IN (SELECT a FROM t WHERE a >'') ORDER BY a", packet_length=packet_length@entry=67, blocking=blocking@entry=true) at /test/11.1_dbg/sql/sql_class.h:1370
#10 0x000055e0cf9d7b54 in do_command (thd=0x1523c8000d48, blocking=blocking@entry=true) at /test/11.1_dbg/sql/sql_parse.cc:1405
#11 0x000055e0cfb3a9c1 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55e0d3371e28, put_in_cache=put_in_cache@entry=true) at /test/11.1_dbg/sql/sql_connect.cc:1416
#12 0x000055e0cfb3ae90 in handle_one_connection (arg=0x55e0d3371e28) at /test/11.1_dbg/sql/sql_connect.cc:1318
#13 0x000015240d0af609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#14 0x000015240cc9b133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
{noformat}

Bug confirmed present in:
MariaDB: 11.0.2 (dbg), 11.0.2 (opt), 11.1.0 (dbg), 11.1.0 (opt)

Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.4.29 (dbg), 10.4.29 (opt), 10.5.20 (dbg), 10.5.20 (opt), 10.6.13 (dbg), 10.6.13 (opt), 10.8.8 (dbg), 10.8.8 (opt), 10.9.6 (dbg), 10.9.6 (opt), 10.10.4 (dbg), 10.10.4 (opt), 10.11.3 (dbg), 10.11.3 (opt)

{code:sql}
--source include/have_innodb.inc
SET sql_select_limit=1;
CREATE TABLE t (a BINARY (2),b BINARY (1),KEY(a))engine=innodb;
INSERT INTO t (a) VALUES (''),(''),(''),(''),(''),(''),(''),(''),(''),(''),(''),(''),(''),('');
SELECT * FROM t WHERE a IN (SELECT a FROM t WHERE a >'') ORDER BY a;
{code}

Leads to:

{noformat:title=11.1.0 2b61ff8f2221745f0a96855a0feb0825c426f993 (Optimized)}
Core was generated by `/test/MD040423-mariadb-11.1.0-linux-x86_64-opt/bin/mariadbd --no-defaults --cor'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 test_if_skip_sort_order (tab=tab@entry=0x14627c04e790,
    order=<optimized out>, select_limit=<optimized out>,
    no_changes=no_changes@entry=false, map=<optimized out>)
    at /test/11.1_opt/sql/sql_select.cc:26061
[Current thread is 1 (Thread 0x1462cdb7a700 (LWP 2680953))]
(gdb) bt
#0 test_if_skip_sort_order (tab=tab@entry=0x14627c04e790, order=<optimized out>, select_limit=<optimized out>, no_changes=no_changes@entry=false, map=<optimized out>) at /test/11.1_opt/sql/sql_select.cc:26061
#1 0x000055fd884899c8 in JOIN::optimize_stage2 (this=<optimized out>) at /test/11.1_opt/sql/sql_select.cc:3311
#2 0x000055fd8848cc02 in JOIN::optimize_inner (this=0x14627c013dc8) at /test/11.1_opt/sql/sql_select.cc:2600
#3 0x000055fd8848eee0 in JOIN::optimize (this=this@entry=0x14627c013dc8) at /test/11.1_opt/sql/sql_select.cc:1902
#4 0x000055fd8848efd1 in mysql_select (thd=0x14627c000c58, tables=0x14627c010e78, fields=<optimized out>, conds=0x14627c013050, og_num=1, order=0x14627c013c48, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x14627c013da0, unit=0x14627c004ce0, select_lex=0x14627c010858) at /test/11.1_opt/sql/sql_select.cc:5141
#5 0x000055fd8848f777 in handle_select (thd=thd@entry=0x14627c000c58, lex=lex@entry=0x14627c004c08, result=result@entry=0x14627c013da0, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/11.1_opt/sql/sql_select.cc:611
#6 0x000055fd8840f04e in execute_sqlcom_select (thd=0x14627c000c58, all_tables=0x14627c010e78) at /test/11.1_opt/sql/sql_parse.cc:6024
#7 0x000055fd8841c8e2 in mysql_execute_command (thd=0x14627c000c58, is_called_from_prepared_stmt=<optimized out>) at /test/11.1_opt/sql/sql_parse.cc:3944
#8 0x000055fd88409f25 in mysql_parse (rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, thd=0x14627c000c58) at /test/11.1_opt/sql/sql_parse.cc:7760
#9 mysql_parse (thd=0x14627c000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/11.1_opt/sql/sql_parse.cc:7682
#10 0x000055fd88415fc2 in dispatch_command (command=COM_QUERY, thd=0x14627c000c58, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/11.1_opt/sql/sql_class.h:1370
#11 0x000055fd88417dce in do_command (thd=0x14627c000c58, blocking=blocking@entry=true) at /test/11.1_opt/sql/sql_parse.cc:1405
#12 0x000055fd885351ef in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55fd8bf4c968, put_in_cache=put_in_cache@entry=true) at /test/11.1_opt/sql/sql_connect.cc:1416
#13 0x000055fd885354dd in handle_one_connection (arg=0x55fd8bf4c968) at /test/11.1_opt/sql/sql_connect.cc:1318
#14 0x00001462eb629609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#15 0x00001462eb215133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
{noformat}

{noformat:title=11.1.0 2b61ff8f2221745f0a96855a0feb0825c426f993 (Debug)}
Core was generated by `/test/MD040423-mariadb-11.1.0-linux-x86_64-dbg/bin/mariadbd --no-defaults --cor'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x000055e0cfa4824b in test_if_skip_sort_order (
    tab=tab@entry=0x1523c80713f8, order=0x1523c8016648,
    select_limit=<optimized out>, no_changes=no_changes@entry=false,
    map=<optimized out>) at /test/11.1_dbg/sql/sql_select.cc:26061
[Current thread is 1 (Thread 0x1523f4611700 (LWP 2681179))]
(gdb) bt
#0 0x000055e0cfa4824b in test_if_skip_sort_order (tab=tab@entry=0x1523c80713f8, order=0x1523c8016648, select_limit=<optimized out>, no_changes=no_changes@entry=false, map=<optimized out>) at /test/11.1_dbg/sql/sql_select.cc:26061
#1 0x000055e0cfa63908 in JOIN::optimize_stage2 (this=this@entry=0x1523c80167c8) at /test/11.1_dbg/sql/sql_select.cc:3311
#2 0x000055e0cfa6596d in JOIN::optimize_inner (this=this@entry=0x1523c80167c8) at /test/11.1_dbg/sql/sql_select.cc:2600
#3 0x000055e0cfa65d53 in JOIN::optimize (this=this@entry=0x1523c80167c8) at /test/11.1_dbg/sql/sql_select.cc:1902
#4 0x000055e0cfa65e5c in mysql_select (thd=thd@entry=0x1523c8000d48, tables=<optimized out>, fields=@0x1523c8013518: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x1523c8013830, last = 0x1523c80170f0, elements = 2}, <No data fields>}, conds=0x1523c8015a50, og_num=1, order=0x1523c8016648, group=0x0, having=0x0, proc_param=0x0, select_options=2164525824, result=0x1523c80167a0, unit=0x1523c8004f90, select_lex=0x1523c8013258) at /test/11.1_dbg/sql/sql_select.cc:5141
#5 0x000055e0cfa66641 in handle_select (thd=thd@entry=0x1523c8000d48, lex=lex@entry=0x1523c8004eb8, result=result@entry=0x1523c80167a0, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/11.1_dbg/sql/sql_select.cc:611
#6 0x000055e0cf9cdcc5 in execute_sqlcom_select (thd=thd@entry=0x1523c8000d48, all_tables=0x1523c8013878) at /test/11.1_dbg/sql/sql_parse.cc:6024
#7 0x000055e0cf9d9efe in mysql_execute_command (thd=thd@entry=0x1523c8000d48, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/11.1_dbg/sql/sql_parse.cc:3944
#8 0x000055e0cf9c817c in mysql_parse (thd=thd@entry=0x1523c8000d48, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x1523f46102f0) at /test/11.1_dbg/sql/sql_parse.cc:7760
#9 0x000055e0cf9d5718 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x1523c8000d48, packet=packet@entry=0x1523c800ae39 "SELECT * FROM t WHERE a IN (SELECT a FROM t WHERE a >'') ORDER BY a", packet_length=packet_length@entry=67, blocking=blocking@entry=true) at /test/11.1_dbg/sql/sql_class.h:1370
#10 0x000055e0cf9d7b54 in do_command (thd=0x1523c8000d48, blocking=blocking@entry=true) at /test/11.1_dbg/sql/sql_parse.cc:1405
#11 0x000055e0cfb3a9c1 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55e0d3371e28, put_in_cache=put_in_cache@entry=true) at /test/11.1_dbg/sql/sql_connect.cc:1416
#12 0x000055e0cfb3ae90 in handle_one_connection (arg=0x55e0d3371e28) at /test/11.1_dbg/sql/sql_connect.cc:1318
#13 0x000015240d0af609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#14 0x000015240cc9b133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
{noformat}

Bug confirmed present in:
MariaDB: 11.0.2 (dbg), 11.0.2 (opt), 11.1.0 (dbg), 11.1.0 (opt)

Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.4.29 (dbg), 10.4.29 (opt), 10.5.20 (dbg), 10.5.20 (opt), 10.6.13 (dbg), 10.6.13 (opt), 10.8.8 (dbg), 10.8.8 (opt), 10.9.6 (dbg), 10.9.6 (opt), 10.10.4 (dbg), 10.10.4 (opt), 10.11.3 (dbg), 10.11.3 (opt)

Alice Sherepa made changes - 2023-10-25 08:48

Description

{code:sql}
--source include/have_innodb.inc
SET sql_select_limit=1;
CREATE TABLE t (a BINARY (2),b BINARY (1),KEY(a))engine=innodb;
INSERT INTO t (a) VALUES (''),(''),(''),(''),(''),(''),(''),(''),(''),(''),(''),(''),(''),('');
SELECT * FROM t WHERE a IN (SELECT a FROM t WHERE a >'') ORDER BY a;
{code}

Leads to:

{noformat:title=11.1.0 2b61ff8f2221745f0a96855a0feb0825c426f993 (Optimized)}
Core was generated by `/test/MD040423-mariadb-11.1.0-linux-x86_64-opt/bin/mariadbd --no-defaults --cor'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 test_if_skip_sort_order (tab=tab@entry=0x14627c04e790,
    order=<optimized out>, select_limit=<optimized out>,
    no_changes=no_changes@entry=false, map=<optimized out>)
    at /test/11.1_opt/sql/sql_select.cc:26061
[Current thread is 1 (Thread 0x1462cdb7a700 (LWP 2680953))]
(gdb) bt
#0 test_if_skip_sort_order (tab=tab@entry=0x14627c04e790, order=<optimized out>, select_limit=<optimized out>, no_changes=no_changes@entry=false, map=<optimized out>) at /test/11.1_opt/sql/sql_select.cc:26061
#1 0x000055fd884899c8 in JOIN::optimize_stage2 (this=<optimized out>) at /test/11.1_opt/sql/sql_select.cc:3311
#2 0x000055fd8848cc02 in JOIN::optimize_inner (this=0x14627c013dc8) at /test/11.1_opt/sql/sql_select.cc:2600
#3 0x000055fd8848eee0 in JOIN::optimize (this=this@entry=0x14627c013dc8) at /test/11.1_opt/sql/sql_select.cc:1902
#4 0x000055fd8848efd1 in mysql_select (thd=0x14627c000c58, tables=0x14627c010e78, fields=<optimized out>, conds=0x14627c013050, og_num=1, order=0x14627c013c48, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x14627c013da0, unit=0x14627c004ce0, select_lex=0x14627c010858) at /test/11.1_opt/sql/sql_select.cc:5141
#5 0x000055fd8848f777 in handle_select (thd=thd@entry=0x14627c000c58, lex=lex@entry=0x14627c004c08, result=result@entry=0x14627c013da0, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/11.1_opt/sql/sql_select.cc:611
#6 0x000055fd8840f04e in execute_sqlcom_select (thd=0x14627c000c58, all_tables=0x14627c010e78) at /test/11.1_opt/sql/sql_parse.cc:6024
#7 0x000055fd8841c8e2 in mysql_execute_command (thd=0x14627c000c58, is_called_from_prepared_stmt=<optimized out>) at /test/11.1_opt/sql/sql_parse.cc:3944
#8 0x000055fd88409f25 in mysql_parse (rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, thd=0x14627c000c58) at /test/11.1_opt/sql/sql_parse.cc:7760
#9 mysql_parse (thd=0x14627c000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/11.1_opt/sql/sql_parse.cc:7682
#10 0x000055fd88415fc2 in dispatch_command (command=COM_QUERY, thd=0x14627c000c58, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/11.1_opt/sql/sql_class.h:1370
#11 0x000055fd88417dce in do_command (thd=0x14627c000c58, blocking=blocking@entry=true) at /test/11.1_opt/sql/sql_parse.cc:1405
#12 0x000055fd885351ef in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55fd8bf4c968, put_in_cache=put_in_cache@entry=true) at /test/11.1_opt/sql/sql_connect.cc:1416
#13 0x000055fd885354dd in handle_one_connection (arg=0x55fd8bf4c968) at /test/11.1_opt/sql/sql_connect.cc:1318
#14 0x00001462eb629609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#15 0x00001462eb215133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
{noformat}

{noformat:title=11.1.0 2b61ff8f2221745f0a96855a0feb0825c426f993 (Debug)}
Core was generated by `/test/MD040423-mariadb-11.1.0-linux-x86_64-dbg/bin/mariadbd --no-defaults --cor'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x000055e0cfa4824b in test_if_skip_sort_order (
    tab=tab@entry=0x1523c80713f8, order=0x1523c8016648,
    select_limit=<optimized out>, no_changes=no_changes@entry=false,
    map=<optimized out>) at /test/11.1_dbg/sql/sql_select.cc:26061
[Current thread is 1 (Thread 0x1523f4611700 (LWP 2681179))]
(gdb) bt
#0 0x000055e0cfa4824b in test_if_skip_sort_order (tab=tab@entry=0x1523c80713f8, order=0x1523c8016648, select_limit=<optimized out>, no_changes=no_changes@entry=false, map=<optimized out>) at /test/11.1_dbg/sql/sql_select.cc:26061
#1 0x000055e0cfa63908 in JOIN::optimize_stage2 (this=this@entry=0x1523c80167c8) at /test/11.1_dbg/sql/sql_select.cc:3311
#2 0x000055e0cfa6596d in JOIN::optimize_inner (this=this@entry=0x1523c80167c8) at /test/11.1_dbg/sql/sql_select.cc:2600
#3 0x000055e0cfa65d53 in JOIN::optimize (this=this@entry=0x1523c80167c8) at /test/11.1_dbg/sql/sql_select.cc:1902
#4 0x000055e0cfa65e5c in mysql_select (thd=thd@entry=0x1523c8000d48, tables=<optimized out>, fields=@0x1523c8013518: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x1523c8013830, last = 0x1523c80170f0, elements = 2}, <No data fields>}, conds=0x1523c8015a50, og_num=1, order=0x1523c8016648, group=0x0, having=0x0, proc_param=0x0, select_options=2164525824, result=0x1523c80167a0, unit=0x1523c8004f90, select_lex=0x1523c8013258) at /test/11.1_dbg/sql/sql_select.cc:5141
#5 0x000055e0cfa66641 in handle_select (thd=thd@entry=0x1523c8000d48, lex=lex@entry=0x1523c8004eb8, result=result@entry=0x1523c80167a0, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/11.1_dbg/sql/sql_select.cc:611
#6 0x000055e0cf9cdcc5 in execute_sqlcom_select (thd=thd@entry=0x1523c8000d48, all_tables=0x1523c8013878) at /test/11.1_dbg/sql/sql_parse.cc:6024
#7 0x000055e0cf9d9efe in mysql_execute_command (thd=thd@entry=0x1523c8000d48, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/11.1_dbg/sql/sql_parse.cc:3944
#8 0x000055e0cf9c817c in mysql_parse (thd=thd@entry=0x1523c8000d48, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x1523f46102f0) at /test/11.1_dbg/sql/sql_parse.cc:7760
#9 0x000055e0cf9d5718 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x1523c8000d48, packet=packet@entry=0x1523c800ae39 "SELECT * FROM t WHERE a IN (SELECT a FROM t WHERE a >'') ORDER BY a", packet_length=packet_length@entry=67, blocking=blocking@entry=true) at /test/11.1_dbg/sql/sql_class.h:1370
#10 0x000055e0cf9d7b54 in do_command (thd=0x1523c8000d48, blocking=blocking@entry=true) at /test/11.1_dbg/sql/sql_parse.cc:1405
#11 0x000055e0cfb3a9c1 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55e0d3371e28, put_in_cache=put_in_cache@entry=true) at /test/11.1_dbg/sql/sql_connect.cc:1416
#12 0x000055e0cfb3ae90 in handle_one_connection (arg=0x55e0d3371e28) at /test/11.1_dbg/sql/sql_connect.cc:1318
#13 0x000015240d0af609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#14 0x000015240cc9b133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
{noformat}

Bug confirmed present in:
MariaDB: 11.0.2 (dbg), 11.0.2 (opt), 11.1.0 (dbg), 11.1.0 (opt)

Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.4.29 (dbg), 10.4.29 (opt), 10.5.20 (dbg), 10.5.20 (opt), 10.6.13 (dbg), 10.6.13 (opt), 10.8.8 (dbg), 10.8.8 (opt), 10.9.6 (dbg), 10.9.6 (opt), 10.10.4 (dbg), 10.10.4 (opt), 10.11.3 (dbg), 10.11.3 (opt)

{code:sql}
SET sql_select_limit=1;
CREATE TABLE t (a BINARY (2),b BINARY (1),KEY(a));
INSERT INTO t (a) VALUES (''),(''),(''),(''),(''),(''),(''),(''),(''),(''),(''),(''),(''),('');
SELECT * FROM t WHERE a IN (SELECT a FROM t WHERE a >'') ORDER BY a;
{code}

Leads to:

{noformat:title=11.1.0 2b61ff8f2221745f0a96855a0feb0825c426f993 (Optimized)}
Core was generated by `/test/MD040423-mariadb-11.1.0-linux-x86_64-opt/bin/mariadbd --no-defaults --cor'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 test_if_skip_sort_order (tab=tab@entry=0x14627c04e790,
    order=<optimized out>, select_limit=<optimized out>,
    no_changes=no_changes@entry=false, map=<optimized out>)
    at /test/11.1_opt/sql/sql_select.cc:26061
[Current thread is 1 (Thread 0x1462cdb7a700 (LWP 2680953))]
(gdb) bt
#0 test_if_skip_sort_order (tab=tab@entry=0x14627c04e790, order=<optimized out>, select_limit=<optimized out>, no_changes=no_changes@entry=false, map=<optimized out>) at /test/11.1_opt/sql/sql_select.cc:26061
#1 0x000055fd884899c8 in JOIN::optimize_stage2 (this=<optimized out>) at /test/11.1_opt/sql/sql_select.cc:3311
#2 0x000055fd8848cc02 in JOIN::optimize_inner (this=0x14627c013dc8) at /test/11.1_opt/sql/sql_select.cc:2600
#3 0x000055fd8848eee0 in JOIN::optimize (this=this@entry=0x14627c013dc8) at /test/11.1_opt/sql/sql_select.cc:1902
#4 0x000055fd8848efd1 in mysql_select (thd=0x14627c000c58, tables=0x14627c010e78, fields=<optimized out>, conds=0x14627c013050, og_num=1, order=0x14627c013c48, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x14627c013da0, unit=0x14627c004ce0, select_lex=0x14627c010858) at /test/11.1_opt/sql/sql_select.cc:5141
#5 0x000055fd8848f777 in handle_select (thd=thd@entry=0x14627c000c58, lex=lex@entry=0x14627c004c08, result=result@entry=0x14627c013da0, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/11.1_opt/sql/sql_select.cc:611
#6 0x000055fd8840f04e in execute_sqlcom_select (thd=0x14627c000c58, all_tables=0x14627c010e78) at /test/11.1_opt/sql/sql_parse.cc:6024
#7 0x000055fd8841c8e2 in mysql_execute_command (thd=0x14627c000c58, is_called_from_prepared_stmt=<optimized out>) at /test/11.1_opt/sql/sql_parse.cc:3944
#8 0x000055fd88409f25 in mysql_parse (rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, thd=0x14627c000c58) at /test/11.1_opt/sql/sql_parse.cc:7760
#9 mysql_parse (thd=0x14627c000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/11.1_opt/sql/sql_parse.cc:7682
#10 0x000055fd88415fc2 in dispatch_command (command=COM_QUERY, thd=0x14627c000c58, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/11.1_opt/sql/sql_class.h:1370
#11 0x000055fd88417dce in do_command (thd=0x14627c000c58, blocking=blocking@entry=true) at /test/11.1_opt/sql/sql_parse.cc:1405
#12 0x000055fd885351ef in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55fd8bf4c968, put_in_cache=put_in_cache@entry=true) at /test/11.1_opt/sql/sql_connect.cc:1416
#13 0x000055fd885354dd in handle_one_connection (arg=0x55fd8bf4c968) at /test/11.1_opt/sql/sql_connect.cc:1318
#14 0x00001462eb629609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#15 0x00001462eb215133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
{noformat}

{noformat:title=11.1.0 2b61ff8f2221745f0a96855a0feb0825c426f993 (Debug)}
Core was generated by `/test/MD040423-mariadb-11.1.0-linux-x86_64-dbg/bin/mariadbd --no-defaults --cor'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x000055e0cfa4824b in test_if_skip_sort_order (
    tab=tab@entry=0x1523c80713f8, order=0x1523c8016648,
    select_limit=<optimized out>, no_changes=no_changes@entry=false,
    map=<optimized out>) at /test/11.1_dbg/sql/sql_select.cc:26061
[Current thread is 1 (Thread 0x1523f4611700 (LWP 2681179))]
(gdb) bt
#0 0x000055e0cfa4824b in test_if_skip_sort_order (tab=tab@entry=0x1523c80713f8, order=0x1523c8016648, select_limit=<optimized out>, no_changes=no_changes@entry=false, map=<optimized out>) at /test/11.1_dbg/sql/sql_select.cc:26061
#1 0x000055e0cfa63908 in JOIN::optimize_stage2 (this=this@entry=0x1523c80167c8) at /test/11.1_dbg/sql/sql_select.cc:3311
#2 0x000055e0cfa6596d in JOIN::optimize_inner (this=this@entry=0x1523c80167c8) at /test/11.1_dbg/sql/sql_select.cc:2600
#3 0x000055e0cfa65d53 in JOIN::optimize (this=this@entry=0x1523c80167c8) at /test/11.1_dbg/sql/sql_select.cc:1902
#4 0x000055e0cfa65e5c in mysql_select (thd=thd@entry=0x1523c8000d48, tables=<optimized out>, fields=@0x1523c8013518: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x1523c8013830, last = 0x1523c80170f0, elements = 2}, <No data fields>}, conds=0x1523c8015a50, og_num=1, order=0x1523c8016648, group=0x0, having=0x0, proc_param=0x0, select_options=2164525824, result=0x1523c80167a0, unit=0x1523c8004f90, select_lex=0x1523c8013258) at /test/11.1_dbg/sql/sql_select.cc:5141
#5 0x000055e0cfa66641 in handle_select (thd=thd@entry=0x1523c8000d48, lex=lex@entry=0x1523c8004eb8, result=result@entry=0x1523c80167a0, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/11.1_dbg/sql/sql_select.cc:611
#6 0x000055e0cf9cdcc5 in execute_sqlcom_select (thd=thd@entry=0x1523c8000d48, all_tables=0x1523c8013878) at /test/11.1_dbg/sql/sql_parse.cc:6024
#7 0x000055e0cf9d9efe in mysql_execute_command (thd=thd@entry=0x1523c8000d48, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/11.1_dbg/sql/sql_parse.cc:3944
#8 0x000055e0cf9c817c in mysql_parse (thd=thd@entry=0x1523c8000d48, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x1523f46102f0) at /test/11.1_dbg/sql/sql_parse.cc:7760
#9 0x000055e0cf9d5718 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x1523c8000d48, packet=packet@entry=0x1523c800ae39 "SELECT * FROM t WHERE a IN (SELECT a FROM t WHERE a >'') ORDER BY a", packet_length=packet_length@entry=67, blocking=blocking@entry=true) at /test/11.1_dbg/sql/sql_class.h:1370
#10 0x000055e0cf9d7b54 in do_command (thd=0x1523c8000d48, blocking=blocking@entry=true) at /test/11.1_dbg/sql/sql_parse.cc:1405
#11 0x000055e0cfb3a9c1 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55e0d3371e28, put_in_cache=put_in_cache@entry=true) at /test/11.1_dbg/sql/sql_connect.cc:1416
#12 0x000055e0cfb3ae90 in handle_one_connection (arg=0x55e0d3371e28) at /test/11.1_dbg/sql/sql_connect.cc:1318
#13 0x000015240d0af609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#14 0x000015240cc9b133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
{noformat}

Bug confirmed present in:
MariaDB: 11.0.2 (dbg), 11.0.2 (opt), 11.1.0 (dbg), 11.1.0 (opt)

Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.4.29 (dbg), 10.4.29 (opt), 10.5.20 (dbg), 10.5.20 (opt), 10.6.13 (dbg), 10.6.13 (opt), 10.8.8 (dbg), 10.8.8 (opt), 10.9.6 (dbg), 10.9.6 (opt), 10.10.4 (dbg), 10.10.4 (opt), 10.11.3 (dbg), 10.11.3 (opt)

Alice Sherepa made changes - 2023-10-25 08:49

Fix Version/s

11.2 [ 28603 ]

Alice Sherepa made changes - 2023-10-25 08:49

Status

Open [ 1 ]

Confirmed [ 10101 ]

Alice Sherepa made changes - 2023-10-25 08:49

Labels

regression-11.0

Sergei Petrunia made changes - 2023-10-30 08:09

Assignee

Sergei Petrunia [ psergey ]

Dave Gosselin [ JIRAUSER52216 ]

Dave Gosselin made changes - 2023-10-30 17:50

Status

Confirmed [ 10101 ]

In Progress [ 3 ]

Dave Gosselin added a comment - 2023-10-30 19:52

Following line numbers are relative to git sha c507678b207a1a8ce. This crash occurs because the select member on the passed JOIN_TAB tab argument can be NULL, but we don't always check against that in the test_if_skip_sort_order function. In fact, the code expects that select can be null at lines 26318 and 26382 but assumes that it must be set at line 26557, the location of the crash. A similar assumption is made at line 26483 and would crash if we had a case follow this flow of control. My next step is to determine the correct fix.

Background:

For 11.1, 11.2, and 11.3 I can reproduce the problem from the description. For the same versions, the issue from the previous comment ("Test case with UPDATE..." does not reproduce. I suspect that problem is 11.0-specific should be ticketed separately.
I cannot build 11.0 from source due to a submodule issue.

Dave Gosselin added a comment - 2023-10-30 19:52 Following line numbers are relative to git sha c507678b207a1a8ce . This crash occurs because the select member on the passed JOIN_TAB tab argument can be NULL, but we don't always check against that in the test_if_skip_sort_order function. In fact, the code expects that select can be null at lines 26318 and 26382 but assumes that it must be set at line 26557, the location of the crash. A similar assumption is made at line 26483 and would crash if we had a case follow this flow of control. My next step is to determine the correct fix. Background: For 11.1, 11.2, and 11.3 I can reproduce the problem from the description. For the same versions, the issue from the previous comment ("Test case with UPDATE..." does not reproduce. I suspect that problem is 11.0-specific should be ticketed separately. I cannot build 11.0 from source due to a submodule issue.

Dave Gosselin made changes - 2023-10-31 20:37

Assignee	Dave Gosselin [ JIRAUSER52216 ]	Sergei Petrunia [ psergey ]
Status	In Progress [ 3 ]	In Review [ 10002 ]

Sergei Petrunia added a comment - 2023-11-03 12:14

Gosselin,

, the issue from the previous comment ("Test case with UPDATE..." does not reproduce. I

I could reproduce on 11.0 and 11.2, when using MyISAM storage engine, but not when using InnoDB.

The difference comes from here:
1. if you paste that text into .test file and run it with mysql-test-run, it will use MyISAM (this is for historical/test simplicity reasons and also MyISAM has predictable statistics while InnoDB doesn't).
2. But if you paste this into command-line client, the default setting is to use InnoDB.

Could this be the reason you were unable to reproduce...

Sergei Petrunia added a comment - 2023-11-03 12:14 Gosselin , , the issue from the previous comment ("Test case with UPDATE..." does not reproduce. I I could reproduce on 11.0 and 11.2, when using MyISAM storage engine, but not when using InnoDB. The difference comes from here: 1. if you paste that text into .test file and run it with mysql-test-run, it will use MyISAM (this is for historical/test simplicity reasons and also MyISAM has predictable statistics while InnoDB doesn't). 2. But if you paste this into command-line client, the default setting is to use InnoDB. Could this be the reason you were unable to reproduce...

Sergei Petrunia added a comment - 2023-11-03 12:49

... why does it not repeat for versions earlier than 11.0?
Diff'ing test_if_skip_sort_order() between versions I see that 10.11 has the if (select ...) check...

.. and in 11.0 it was removed by this patch: https://github.com/MariaDB/server/commit/1c88ac60cf5167b89c8e4911f157596e0f3ac1e1

Sergei Petrunia added a comment - 2023-11-03 12:49 ... why does it not repeat for versions earlier than 11.0? Diff'ing test_if_skip_sort_order() between versions I see that 10.11 has the if (select ...) check... .. and in 11.0 it was removed by this patch: https://github.com/MariaDB/server/commit/1c88ac60cf5167b89c8e4911f157596e0f3ac1e1

Sergei Petrunia added a comment - 2023-11-03 13:40

Review input provided in https://github.com/MariaDB/server/pull/2812

Sergei Petrunia added a comment - 2023-11-03 13:40 Review input provided in https://github.com/MariaDB/server/pull/2812

Sergei Petrunia made changes - 2023-11-03 13:40

Assignee	Sergei Petrunia [ psergey ]	Dave Gosselin [ JIRAUSER52216 ]
Status	In Review [ 10002 ]	Stalled [ 10000 ]

Dave Gosselin added a comment - 2023-11-03 13:56

psergei I have 11.0 building now and I can reproduce the issue there. With my fix, the issue is resolved and the crash no longer seen. I also built 10.11 today and cannot reproduce the crash there. In 10.11 the select pointer check is indeed present (line 25210 in sql/sql_select.cc at git sha 818a9f38b64de60b15 ) so it makes sense that this case would not crash.

Dave Gosselin added a comment - 2023-11-03 13:56 psergei I have 11.0 building now and I can reproduce the issue there. With my fix, the issue is resolved and the crash no longer seen. I also built 10.11 today and cannot reproduce the crash there. In 10.11 the select pointer check is indeed present (line 25210 in sql/sql_select.cc at git sha 818a9f38b64de60b15 ) so it makes sense that this case would not crash.

Dave Gosselin made changes - 2023-11-03 13:57

Status

Stalled [ 10000 ]

In Progress [ 3 ]

Dave Gosselin made changes - 2023-11-03 16:50

Assignee	Dave Gosselin [ JIRAUSER52216 ]	Sergei Petrunia [ psergey ]
Status	In Progress [ 3 ]	In Review [ 10002 ]

Sergei Petrunia added a comment - 2023-11-07 10:09

Second portion of review input provided.

Sergei Petrunia added a comment - 2023-11-07 10:09 Second portion of review input provided.

Sergei Petrunia made changes - 2023-11-07 10:09

Assignee	Sergei Petrunia [ psergey ]	Dave Gosselin [ JIRAUSER52216 ]
Status	In Review [ 10002 ]	Stalled [ 10000 ]

Dave Gosselin made changes - 2023-11-07 11:51

Status

Stalled [ 10000 ]

In Progress [ 3 ]

Dave Gosselin made changes - 2023-11-07 15:50

Assignee	Dave Gosselin [ JIRAUSER52216 ]	Sergei Petrunia [ psergey ]
Status	In Progress [ 3 ]	In Review [ 10002 ]

Sergei Petrunia added a comment - 2023-11-08 11:09

Ok to push

Sergei Petrunia added a comment - 2023-11-08 11:09 Ok to push

Sergei Petrunia made changes - 2023-11-08 11:09

Assignee	Sergei Petrunia [ psergey ]	Dave Gosselin [ JIRAUSER52216 ]
Status	In Review [ 10002 ]	Stalled [ 10000 ]

Dave Gosselin made changes - 2023-11-08 13:35

Status

Stalled [ 10000 ]

In Testing [ 10301 ]

Sergei Petrunia made changes - 2023-11-09 10:48

Status

In Testing [ 10301 ]

Stalled [ 10000 ]

Sergei Petrunia made changes - 2023-11-09 10:49

Fix Version/s		11.0.4 [ 29021 ]
Fix Version/s		11.1.3 [ 29023 ]
Fix Version/s		11.2.2 [ 29035 ]
Fix Version/s	11.0 [ 28320 ]
Fix Version/s	11.1 [ 28549 ]
Fix Version/s	11.2 [ 28603 ]
Resolution		Fixed [ 1 ]
Status	Stalled [ 10000 ]	Closed [ 6 ]

Daniel Bartholomew made changes - 2023-11-13 16:50

Fix Version/s		11.0.5 [ 29520 ]
Fix Version/s		11.1.4 [ 29024 ]
Fix Version/s		11.2.3 [ 29521 ]
Fix Version/s	11.0.4 [ 29021 ]
Fix Version/s	11.1.3 [ 29023 ]
Fix Version/s	11.2.2 [ 29035 ]

MariaDB Server

SIGSEGV in test_if_skip_sort_order|JOIN::optimize_stage2

Details

Description

Attachments

Activity

People

Dates

Git Integration