[MDEV-32211] MariaDB server crashes in ill-formed CREATE TABLE with check expression - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Blocker
Resolution: Fixed
Affects Version/s: 11.3
Fix Version/s: N/A
Component/s: Server
Labels:
- crash
- regression
Environment:
Ubuntu Desktop 20.04 LTS
Intel(R) Core(TM) i7-10700 CPU @ 2.90GHz

Description

The latest version of MariDB Server: Git commit hash: (8d9bc61d0bf783fa792e6c3be37b0eceecbeec89) crashes when executing the following query:

drop database if exists test1;;
create database test1;;
use test1;;
create table v0(c1 INT);
CREATE TABLE IF NOT EXISTS v2 ( CHECK ( c1 >> FORMAT ( c1, DEFAULT ( c1 )) ) , c3 TEXT REFERENCES v1 ON UPDATE CASCADE ON DELETE NO ACTION ) ;

Here is the crashing stack trace from version 8d9bc61d0b:

#0 0x0000aaaab719ce3c in my_strcasecmp_utf8mb3 (cs=<optimized out>, s=0xffff79b79248 "c3", t=0x0) at /home/mysql/mariadb/strings/ctype-utf8.c:831
#1 0x0000aaaab6328398 in lex_string_cmp (a=<optimized out>, b=0xffff79b78ff8, charset=<optimized out>) at /home/mysql/mariadb/sql/lex_string.h:95
#2 Item_field::check_vcol_func_processor (this=0xffff79b78f28, arg=<optimized out>) at /home/mysql/mariadb/sql/item.cc:1574
#3 0x0000aaaab635069c in Item_default_value::walk (this=0xffff79b78f28, processor=<optimized out>, walk_subquery=<optimized out>, args=0xffff7be64260)
at /home/mysql/mariadb/sql/item.h:6750
#4 0x0000aaaab5a02970 in Item_args::walk_args (arg=0xffff7be64260, walk_subquery=false, processor=<optimized out>, this=0xffff79b790d0)
at /home/mysql/mariadb/sql/item.h:2796
#5 Item_func_or_sum::walk (this=<optimized out>, processor=<optimized out>, walk_subquery=false, arg=0xffff7be64260) at /home/mysql/mariadb/sql/item.h:5496
#6 0x0000aaaab5a02970 in Item_args::walk_args (arg=0xffff7be64260, walk_subquery=false, processor=<optimized out>, this=0xffff79b791b0)
at /home/mysql/mariadb/sql/item.h:2796
#7 Item_func_or_sum::walk (this=<optimized out>, processor=<optimized out>, walk_subquery=false, arg=0xffff7be64260) at /home/mysql/mariadb/sql/item.h:5496
#8 0x0000aaaab6285ef8 in check_expression (vcol=0xffff79b791f8, name=0xffff79b79210, type=VCOL_CHECK_TABLE, alter_info=<optimized out>)
at /home/mysql/mariadb/sql/field.cc:10523
#9 0x0000aaaab5e2af74 in mysql_prepare_create_table_finalize (thd=<optimized out>, create_info=<optimized out>, alter_info=<optimized out>, db_options=<optimized out>,
file=<optimized out>, key_info_buffer=<optimized out>, key_count=<optimized out>, create_table_mode=<optimized out>, db=..., table_name=...)
at /home/mysql/mariadb/sql/sql_table.cc:3761
#10 0x0000aaaab5e31804 in mysql_create_frm_image (thd=0xffff52d62218, db=..., table_name=..., create_info=0xffff7be67260, alter_info=<optimized out>,
create_table_mode=<optimized out>, key_info=<optimized out>, key_count=<optimized out>, frm=<optimized out>) at /home/mysql/mariadb/sql/sql_table.cc:4327
#11 0x0000aaaab5e3b74c in create_table_impl (thd=0xffff52d62218, ddl_log_state_create=0xffff7be66c60, ddl_log_state_rm=<optimized out>, orig_db=..., orig_table_name=...,
db=..., table_name=..., path=..., options=..., create_info=<optimized out>, alter_info=<optimized out>, create_table_mode=<optimized out>, is_trans=<optimized out>,
key_info=<optimized out>, key_count=<optimized out>, frm=<optimized out>) at /home/mysql/mariadb/sql/sql_table.cc:4641
#12 0x0000aaaab5e3d3a8 in mysql_create_table_no_lock (thd=0xffff52d62218, ddl_log_state_create=<optimized out>, ddl_log_state_rm=<optimized out>, db=0xffff79b78470,
table_name=<optimized out>, create_info=0xffff7be67260, alter_info=<optimized out>, is_trans=<optimized out>, create_table_mode=<optimized out>,
table_list=<optimized out>) at /home/mysql/mariadb/sql/sql_table.cc:4766
#13 0x0000aaaab5e4b468 in mysql_create_table (alter_info=0xffff7be67000, create_info=0xffff7be67260, create_table=0xffff79b78458, thd=0xffff52d62218)
at /home/mysql/mariadb/sql/sql_table.cc:4882
#14 Sql_cmd_create_table_like::execute (this=<optimized out>, thd=0xffff52d62218) at /home/mysql/mariadb/sql/sql_table.cc:12819
#15 0x0000aaaab5c4164c in mysql_execute_command (thd=0xffff52d62218, is_called_from_prepared_stmt=<optimized out>) at /home/mysql/mariadb/sql/sql_parse.cc:5722
#16 0x0000aaaab5c147d0 in mysql_parse (thd=0xffff52d62218, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>)
at /home/mysql/mariadb/sql/sql_parse.cc:7732
#17 0x0000aaaab5c37afc in dispatch_command (command=COM_QUERY, thd=0xffff52d62218,
packet=0xffff79b6e219 "CREATE TABLE IF NOT EXISTS v2 ( CHECK ( c1 >> FORMAT ( c1, DEFAULT ( c1 )) ) , c3 TEXT REFERENCES v1 ON UPDATE CASCADE ON DELETE NO ACTION )",
packet_length=<optimized out>, blocking=<optimized out>) at /home/mysql/mariadb/sql/sql_class.h:1528
#18 0x0000aaaab5c3c878 in do_command (thd=0xffff52d62218, blocking=<optimized out>) at /home/mysql/mariadb/sql/sql_parse.cc:1406
#19 0x0000aaaab5f71458 in do_handle_one_connection (connect=<optimized out>, put_in_cache=true) at /home/mysql/mariadb/sql/sql_connect.cc:1445
#20 0x0000aaaab5f71c3c in handle_one_connection (arg=0xffff7ad2b4b8) at /home/mysql/mariadb/sql/sql_connect.cc:1347
#21 0x0000aaaab694524c in pfs_spawn_thread (arg=0xffff79511898) at /home/mysql/mariadb/storage/perfschema/pfs.cc:2201
#22 0x0000ffff8073a624 in start_thread (arg=0xffff80b5b918 <asan_thread_start(void*)>) at pthread_create.c:477
#23 0x0000ffff803c949c in thread_start () at ../sysdeps/unix/sysv/linux/aarch64/clone.S:78

The bug seems to be introduce in commit: faee972f18bebfab4bed5527741743807787ca69, which is a merge commit that merge multiple modifications from 10.4 to 10.5. However, the specific bug introduced commit is not yet found.

Some other useful information:

Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,engine_condition_pushdown=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on,not_null_range_scan=off,hash_join_cardinality=on,sargable_casefold=on

Attachments

Activity

People

Assignee:: Sergei Golubchik

Reporter:: Yu Liang

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2023-09-20 16:08

Updated:: 2023-09-30 15:01

Resolved:: 2023-09-30 15:00

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.