[MDEV-32313] pushdown: and_new_conditions_to_optimized_cond: Server crashes at Item_singlerow_subselect::element_index - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 11.1.2, 11.2.1, 10.4(EOL), 10.5, 10.6, 10.9(EOL), 10.10(EOL), 10.11, 11.0(EOL)
Fix Version/s: 10.4.33, 10.5.24, 10.6.17, 10.11.7, 11.0.5, 11.1.4, 11.2.3, 11.3.2, 11.4.1, 11.5.1
Component/s: Optimizer
Labels:
None
Environment:
Ubuntu 20.04 x86-64, docker image mariadb:11.1.2

Description

PoC:

SELECT * FROM ( SELECT 1 x ) ss GROUP BY x HAVING ( ( x = ( ( ( SELECT 1 , 1 ) IN ( SELECT 1 , 1 ) ) ) ) ) ;

docker log:

mariadbd(my_print_stacktrace+0x32)[0x55b81c54a7c2]

mariadbd(handle_fatal_signal+0x488)[0x55b81c023cf8]

/lib/x86_64-linux-gnu/libc.so.6(+0x42520)[0x7efc0e8db520]

mariadbd(_ZN24Item_singlerow_subselect13element_indexEj+0xd)[0x55b81bd5dd0d]

mariadbd(_ZN14Item_cache_row5storeEP4Item+0x59)[0x55b81c03b1f9]

mariadbd(_ZN17Item_in_optimizer7val_intEv+0x2f)[0x55b81c06a2bf]

mariadbd(_ZNK23Type_handler_int_result13Item_eq_valueEP3THDPK19Type_cmp_attributesP4ItemS6_+0x23)[0x55b81bf66a63]

mariadbd(_ZN10Item_equal9add_constEP3THDP4Item+0x56)[0x55b81c071a66]

mariadbd(_ZN10Item_equal16merge_with_checkEP3THDPS_b+0xc5)[0x55b81c071d85]

mariadbd(_Z24propagate_new_equalitiesP3THDP4ItemP4ListI10Item_equalEP10COND_EQUALPb+0xe0)[0x55b81be063e0]

mariadbd(_Z36and_new_conditions_to_optimized_condP3THDP4ItemPP10COND_EQUALR4ListIS1_EPNS1_11cond_resultE+0x462)[0x55b81bf2a602]

mariadbd(_ZN4JOIN14optimize_innerEv+0x152b)[0x55b81be309eb]

mariadbd(_ZN4JOIN8optimizeEv+0xda)[0x55b81be30e2a]

mariadbd(_Z12mysql_selectP3THDP10TABLE_LISTR4ListI4ItemEPS4_jP8st_orderS9_S7_S9_yP13select_resultP18st_select_lex_unitP13st_select_lex+0xd1)[0x55b81be30f21]

mariadbd(_Z13handle_selectP3THDP3LEXP13select_resulty+0x154)[0x55b81be31774]

mariadbd(+0x826f55)[0x55b81bda4f55]

mariadbd(_Z21mysql_execute_commandP3THDb+0x419e)[0x55b81bdb3f0e]

mariadbd(_Z11mysql_parseP3THDPcjP12Parser_state+0x1e7)[0x55b81bdb5237]

mariadbd(_Z16dispatch_command19enum_server_commandP3THDPcjb+0x14bd)[0x55b81bdb7a1d]

mariadbd(_Z10do_commandP3THDb+0x138)[0x55b81bdb9818]

mariadbd(_Z24do_handle_one_connectionP7CONNECTb+0x3bf)[0x55b81bee13af]

mariadbd(handle_one_connection+0x5d)[0x55b81bee16fd]

mariadbd(+0xcd1906)[0x55b81c24f906]

/lib/x86_64-linux-gnu/libc.so.6(+0x94b43)[0x7efc0e92db43]

/lib/x86_64-linux-gnu/libc.so.6(clone+0x44)[0x7efc0e9bebb4]

Trying to get some variables.

Some pointers may be invalid and cause the dump to abort.

Query (0x7efbb00130d8): SELECT * FROM ( SELECT 1 x ) ss GROUP BY x HAVING ( ( x = ( ( ( SELECT 1 , 1 ) IN ( SELECT 1 , 1 ) ) ) ) )

Connection ID (thread ID): 4

Status: NOT_KILLED

Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,engine_condition_pushdown=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on,not_null_range_scan=off,hash_join_cardinality=on

Attachments

Issue Links

relates to

MDEV-29362 Crash with query using constant subquery as left part of IN subquery

Closed

Activity

People

Assignee:: Galina Shalygina (Inactive)

Reporter:: Jingzhou Fu

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 2023-09-30 19:29

Updated:: 2025-04-14 10:03

Resolved:: 2024-06-27 12:38

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server