Details
-
Bug
-
Status: Confirmed (View Workflow)
-
Major
-
Resolution: Unresolved
-
10.4(EOL), 10.5, 10.6, 10.9(EOL), 10.10(EOL), 10.11, 11.0(EOL), 11.3(EOL)
-
None
-
Ubuntu Desktop 20.04 LTS
Intel(R) Core(TM) i7-10700 CPU @ 2.90GHz
Description
The latest version of MariDB Server: Git commit hash: (905c3d61e18ae6222d0d195c43d335046eec65d9) crashes when executing the following query:
drop database if exists test1;
create database test1;
use test1;
create table v1099(c1100 INT);
INSERT v1099 SET c1100 = DEFAULT ;
( SELECT * FROM v1099 LOCK IN SHARE MODE ) ORDER BY c1100 , EXISTS ( SELECT * UNION SELECT * ) = c1100 ;
Here is the crashing stack trace from version: 905c3d61e18
#0 0x000000000105ddcc in st_select_lex_unit::optimize (this=<optimized out>) at /home/mysql/mariadb/sql/sql_union.cc:2249
#1 0x000000000105e6e4 in st_select_lex_unit::exec_inner (this=0xffff7f07a188) at /home/mysql/mariadb/sql/sql_union.cc:2310
#2 0x000000000104f9e8 in st_select_lex_unit::exec (this=0xffff7f07a188) at /home/mysql/mariadb/sql/sql_union.cc:2292
#3 0x0000000001accf54 in subselect_union_engine::exec (this=<optimized out>) at /home/mysql/mariadb/sql/item_subselect.cc:4187
#4 0x0000000001aa5370 in Item_subselect::exec (this=0xffff7f07b498) at /home/mysql/mariadb/sql/item_subselect.cc:812
#5 0x0000000001ab0770 in Item_exists_subselect::val_int (this=0xffff7f07b498) at /home/mysql/mariadb/sql/item_subselect.cc:1840
#6 0x0000000001821df0 in Arg_comparator::compare_int_signed (this=0xffff7f07b880) at /home/mysql/mariadb/sql/item_cmpfunc.cc:944
#7 0x000000000182be1c in Arg_comparator::compare (this=<optimized out>) at /home/mysql/mariadb/sql/item_cmpfunc.h:104
#8 Item_func_eq::val_int (this=<optimized out>) at /home/mysql/mariadb/sql/item_cmpfunc.cc:1780
#9 0x000000000170d210 in Type_handler_int_result::make_sort_key_part (this=<optimized out>, to=0xffff81814d1d '\276' <repeats 200 times>..., item=0xffff7f07b7c8,
sort_field=0xffff7f0dd560, tmp_buffer=0xffff81368a88) at /home/mysql/mariadb/sql/filesort.cc:1245
#10 0x000000000170ae1c in make_sortkey (param=<optimized out>, to=0xffff81814d1d '\276' <repeats 200 times>...) at /home/mysql/mariadb/sql/filesort.cc:2954
#11 make_sortkey (param=<optimized out>, to=<optimized out>, ref_pos=<optimized out>, using_packed_sortkeys=<optimized out>) at /home/mysql/mariadb/sql/filesort.cc:1414
#12 0x0000000001706558 in find_all_keys (thd=0xffff58662218, param=0xffff81368a10, select=0xffff7f0dad58, fs_info=0xffff7da09a40, buffpek_pointers=0xffff813688d0,
tempfile=0xffff81368790, pq=0x0, found_rows=0xffff7da09bb8) at /home/mysql/mariadb/sql/filesort.cc:1030
#13 filesort (thd=0xffff58662218, table=0x18, filesort=<optimized out>, tracker=0xffff7f0db110, join=<optimized out>, first_table_bit=<optimized out>)
at /home/mysql/mariadb/sql/filesort.cc:408
#14 0x0000000000e996e0 in create_sort_index (thd=0xffff58662218, join=0xffff7f0d3190, tab=0xffff7f0dc238, fsort=0xffff7f0daef0)
at /home/mysql/mariadb/sql/sql_select.cc:26843
#15 0x0000000000e991d0 in st_join_table::sort_table (this=0xffff7f0dc238) at /home/mysql/mariadb/sql/sql_select.cc:24485
#16 0x0000000000e170c4 in join_init_read_record (tab=0xffff7f0dc238) at /home/mysql/mariadb/sql/sql_select.cc:24405
#17 0x0000000000da1a9c in sub_select (join=0xffff7f0d3190, join_tab=0xffff7f0dc238, end_of_records=<optimized out>) at /home/mysql/mariadb/sql/sql_select.cc:23441
#18 0x0000000000e1f3f8 in do_select (join=0xffff7f0d3190, procedure=0x0) at /home/mysql/mariadb/sql/sql_select.cc:22961
#19 JOIN::exec_inner (this=0xffff7f0d3190) at /home/mysql/mariadb/sql/sql_select.cc:4941
#20 0x0000000000e1c110 in JOIN::exec (this=0xffff7f0d3190) at /home/mysql/mariadb/sql/sql_select.cc:4718
#21 0x0000000000da4580 in mysql_select (thd=0xffff58662218, tables=<optimized out>, fields=..., conds=<optimized out>, og_num=<optimized out>, order=<optimized out>,
group=<optimized out>, having=<optimized out>, proc_param=0x0, select_options=<optimized out>, result=0xffff7f07c1d8, unit=0xffff58666590, select_lex=0xffff7f07ba98)
at /home/mysql/mariadb/sql/sql_select.cc:5249
#22 0x0000000000da36bc in handle_select (thd=0xffff58662218, lex=0xffff586664b0, result=0xffff7f07c1d8, setup_tables_done_option=0)
at /home/mysql/mariadb/sql/sql_select.cc:628
#23 0x0000000000cc9b24 in execute_sqlcom_select (thd=0xffff58662218, all_tables=<optimized out>) at /home/mysql/mariadb/sql/sql_parse.cc:6012
#24 0x0000000000cae820 in mysql_execute_command (thd=0xffff58662218, is_called_from_prepared_stmt=<optimized out>) at /home/mysql/mariadb/sql/sql_parse.cc:3911
#25 0x0000000000c9aa54 in mysql_parse (thd=0xffff58662218, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>)
at /home/mysql/mariadb/sql/sql_parse.cc:7732
#26 0x0000000000c8fb18 in dispatch_command (command=<optimized out>, thd=0xffff58662218, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>)
at /home/mysql/mariadb/sql/sql_parse.cc:1893
#27 0x0000000000c9b920 in do_command (thd=0xffff58662218, blocking=true) at /home/mysql/mariadb/sql/sql_parse.cc:1406
#28 0x00000000011d5160 in do_handle_one_connection (connect=<optimized out>, put_in_cache=<optimized out>) at /home/mysql/mariadb/sql/sql_connect.cc:1445
#29 0x00000000011d4a88 in handle_one_connection (arg=0xffff8024afb8) at /home/mysql/mariadb/sql/sql_connect.cc:1347
#30 0x00000000020a6ee8 in pfs_spawn_thread (arg=0xffff7ea10398) at /home/mysql/mariadb/storage/perfschema/pfs.cc:2201
#31 0x0000ffff85c11624 in start_thread (arg=0x816fa0 <asan_thread_start(void*)>) at pthread_create.c:477
#32 0x0000ffff8593349c in thread_start () at ../sysdeps/unix/sysv/linux/aarch64/clone.S:78
Some other useful information:
Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,engine_condition_pushdown=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on,not_null_range_scan=off,hash_join_cardinality=on,sargable_casefold=on
I am not sure whether the bug has the same root cause of MDEV-29411. It does share a different crash stack. And I believe the bug introduced commit is:
commit de745ecf29721795710910a19bd0ea3389da804c
Author: Oleksandr Byelkin <sanja@mariadb.com>
Date: Tue May 22 19:08:39 2018 +0200
MDEV-11953: support of brackets in UNION/EXCEPT/INTERSECT operations