Details
-
Bug
-
Status: Confirmed (View Workflow)
-
Critical
-
Resolution: Unresolved
-
11.1.2, 11.2.1, 10.4(EOL), 10.5, 10.6, 10.9(EOL), 10.10(EOL), 10.11, 11.0(EOL), 11.1(EOL)
-
None
-
Ubuntu 20.04 x86-64, docker image mariadb:11.1.2
Description
PoC:
SELECT 'POINT(37 -42)' = ALL ( SELECT NULL INTERSECT SELECT NULL ORDER BY ROW_NUMBER ( ) OVER ( ) ) ; |
docker log:
mariadbd(my_print_stacktrace+0x32)[0x55d608aa97c2]
|
mariadbd(handle_fatal_signal+0x488)[0x55d608582cf8]
|
/lib/x86_64-linux-gnu/libc.so.6(+0x42520)[0x7f799a334520]
|
mariadbd(_Z8filesortP3THDP5TABLEP8FilesortP16Filesort_trackerP4JOINy+0x305)[0x55d6085803f5]
|
mariadbd(_Z17create_sort_indexP3THDP4JOINP13st_join_tableP8Filesort+0xea)[0x55d608376dfa]
|
mariadbd(_ZN17Window_funcs_sort4execEP4JOINb+0x53)[0x55d6084e6dd3]
|
mariadbd(_ZN24Window_funcs_computation4execEP4JOINb+0x76)[0x55d6084e7976]
|
mariadbd(_ZN7AGGR_OP8end_sendEv+0xee)[0x55d60838771e]
|
mariadbd(_Z24sub_select_postjoin_aggrP4JOINP13st_join_tableb+0x50)[0x55d608387a60]
|
mariadbd(_ZN4JOIN10exec_innerEv+0xe8b)[0x55d608391a7b]
|
mariadbd(_ZN4JOIN4execEv+0x3f)[0x55d608391fff]
|
mariadbd(_Z12mysql_selectP3THDP10TABLE_LISTR4ListI4ItemEPS4_jP8st_orderS9_S7_S9_yP13select_resultP18st_select_lex_unitP13st_select_lex+0x12c)[0x55d60838ff7c]
|
mariadbd(_ZN18st_select_lex_unit10exec_innerEv+0x68c)[0x55d6083e441c]
|
mariadbd(_ZN22subselect_union_engine4execEv+0x22)[0x55d608661262]
|
mariadbd(_ZN14Item_subselect4execEv+0x4c)[0x55d60866173c]
|
mariadbd(_ZN17Item_in_subselect8val_boolEv+0x34)[0x55d608661c54]
|
mariadbd(_ZN17Item_in_optimizer7val_intEv+0x74)[0x55d6085c9304]
|
mariadbd(_ZNK23Type_handler_int_result13Item_val_boolEP4Item+0x14)[0x55d6084c53a4]
|
mariadbd(_ZN17Item_func_not_all7val_intEv+0x1e)[0x55d6085c73fe]
|
mariadbd(_ZNK12Type_handler14Item_send_longEP4ItemP8ProtocolP8st_value+0x1d)[0x55d6084d989d]
|
mariadbd(_ZN8Protocol19send_result_set_rowEP4ListI4ItemE+0xea)[0x55d608237cfa]
|
mariadbd(_ZN11select_send9send_dataER4ListI4ItemE+0x37)[0x55d6082b66a7]
|
mariadbd(_ZN4JOIN10exec_innerEv+0xc90)[0x55d608391880]
|
mariadbd(_ZN4JOIN4execEv+0x3f)[0x55d608391fff]
|
mariadbd(_Z12mysql_selectP3THDP10TABLE_LISTR4ListI4ItemEPS4_jP8st_orderS9_S7_S9_yP13select_resultP18st_select_lex_unitP13st_select_lex+0x12c)[0x55d60838ff7c]
|
mariadbd(_Z13handle_selectP3THDP3LEXP13select_resulty+0x154)[0x55d608390774]
|
mariadbd(+0x826f55)[0x55d608303f55]
|
mariadbd(_Z21mysql_execute_commandP3THDb+0x419e)[0x55d608312f0e]
|
mariadbd(_Z11mysql_parseP3THDPcjP12Parser_state+0x1e7)[0x55d608314237]
|
mariadbd(_Z16dispatch_command19enum_server_commandP3THDPcjb+0x14bd)[0x55d608316a1d]
|
mariadbd(_Z10do_commandP3THDb+0x138)[0x55d608318818]
|
mariadbd(_Z24do_handle_one_connectionP7CONNECTb+0x3bf)[0x55d6084403af]
|
mariadbd(handle_one_connection+0x5d)[0x55d6084406fd]
|
mariadbd(+0xcd1906)[0x55d6087ae906]
|
/lib/x86_64-linux-gnu/libc.so.6(+0x94b43)[0x7f799a386b43]
|
/lib/x86_64-linux-gnu/libc.so.6(clone+0x44)[0x7f799a417bb4]
|
|
|
Trying to get some variables.
|
Some pointers may be invalid and cause the dump to abort.
|
Query (0x7f793c0130d8): SELECT 'POINT(37 -42)' = ALL ( SELECT NULL INTERSECT SELECT NULL ORDER BY ROW_NUMBER ( ) OVER ( ) )
|
|
|
Connection ID (thread ID): 4
|
Status: NOT_KILLED
|
|
|
Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,engine_condition_pushdown=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on,not_null_range_scan=off,hash_join_cardinality=on
|
Attachments
Issue Links
- is duplicated by
-
-
- Closed
-
- relates to
-
-
- Closed
-
Thank you for the report!
I repeated on 10.4-11.2
231003 15:20:34 [ERROR] mysqld got signal 11 ;mysys/stacktrace.c:174(my_print_stacktrace)[0x557a2924a603]sql/signal_handler.cc:238(handle_fatal_signal)[0x557a27deb7e9]sigaction.c:0(__restore_rt)[0x7f26de4aa420]sql/sql_analyze_stmt.h:74(Exec_time_tracker::get_loops() const)[0x557a27acc5a7]sql/sql_analyze_stmt.h:191(Filesort_tracker::report_use(unsigned long long))[0x557a27de9bae]sql/filesort.cc:198(filesort(THD*, TABLE*, Filesort*, Filesort_tracker*, JOIN*, unsigned long long))[0x557a27dda5d9]sql/sql_select.cc:24212(create_sort_index(THD*, JOIN*, st_join_table*, Filesort*))[0x557a277917dc]sql/sql_window.cc:3046(Window_funcs_sort::exec(JOIN*, bool))[0x557a27bf0a87]sql/sql_window.cc:3179(Window_funcs_computation::exec(JOIN*, bool))[0x557a27bf1920]sql/sql_select.cc:29661(AGGR_OP::end_send())[0x557a277baf66]sql/sql_select.cc:20601(sub_select_postjoin_aggr(JOIN*, st_join_table*, bool))[0x557a277779c5]sql/sql_select.cc:20847(sub_select(JOIN*, st_join_table*, bool))[0x557a277784c0]sql/sql_select.cc:20425(do_select(JOIN*, Procedure*))[0x557a27776bc0]sql/sql_select.cc:4605(JOIN::exec_inner())[0x557a27704602]sql/sql_select.cc:4388(JOIN::exec())[0x557a27701c2e]sql/sql_select.cc:4828(mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x557a27705e0e]sql/sql_union.cc:1729(st_select_lex_unit::exec())[0x557a278fbe2a]sql/item_subselect.cc:4049(subselect_union_engine::exec())[0x557a2804714d]sql/item_subselect.cc:758(Item_subselect::exec())[0x557a280215aa]sql/item_subselect.cc:938(Item_in_subselect::exec())[0x557a28022bae]sql/item_subselect.cc:1868(Item_in_subselect::val_bool())[0x557a2802e067]sql/item.h:1561(Item::val_bool_result())[0x557a2736e21a]sql/item_cmpfunc.cc:1673(Item_in_optimizer::val_int())[0x557a27ec5dc6]sql/sql_type.cc:4607(Type_handler_int_result::Item_val_bool(Item*) const)[0x557a27bad8b6]sql/item.h:1474(Item::val_bool())[0x557a2736dd52]sql/item_cmpfunc.cc:219(Item_func_not_all::val_int())[0x557a27eb4288]sql/sql_type.cc:7106(Type_handler::Item_send_long(Item*, Protocol*, st_value*) const)[0x557a27bbad46]sql/sql_type.h:5192(Type_handler_long::Item_send(Item*, Protocol*, st_value*) const)[0x557a27bd5452]sql/item.h:1045(Item::send(Protocol*, st_value*))[0x557a2736d5e4]sql/protocol.cc:1038(Protocol::send_result_set_row(List<Item>*))[0x557a2735ef63]sql/sql_class.cc:3137(select_send::send_data(List<Item>&))[0x557a27511c87]sql/sql_select.cc:4472(JOIN::exec_inner())[0x557a27703043]sql/sql_select.cc:4388(JOIN::exec())[0x557a27701c2e]sql/sql_select.cc:4828(mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x557a27705e0e]sql/sql_select.cc:442(handle_select(THD*, LEX*, select_result*, unsigned long))[0x557a276d6922]sql/sql_parse.cc:6475(execute_sqlcom_select(THD*, TABLE_LIST*))[0x557a2764272c]sql/sql_parse.cc:3978(mysql_execute_command(THD*))[0x557a2762fea3]sql/sql_parse.cc:8012(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x557a2764bc07]sql/sql_parse.cc:1860(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x557a2762202d]sql/sql_parse.cc:1378(do_command(THD*))[0x557a2761eb58]sql/sql_connect.cc:1420(do_handle_one_connection(CONNECT*))[0x557a27a2c7fd]sql/sql_connect.cc:1325(handle_one_connection)[0x557a27a2c0a1]perfschema/pfs.cc:1871(pfs_spawn_thread)[0x557a286d699a]nptl/pthread_create.c:478(start_thread)[0x7f26de49e609]Query (0x62b0000a1420): SELECT 1 = ALL ( SELECT 1 a union SELECT 1 ORDER BY sum(a) OVER ( ) )