Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Duplicate
-
11.1.2, 11.2.1
-
None
-
Ubuntu 20.04 x86-64, docker image mariadb:11.1.2
Description
PoC:
SELECT ( SELECT 1 UNION SELECT 1.000000 UNION ALL SELECT 1 EXCEPT ALL SELECT 1 EXCEPT ALL SELECT 1 UNION ALL SELECT 1 UNION ALL SELECT 1 ) ; |
docker log:
mariadbd(my_print_stacktrace+0x32)[0x55d30da857c2]
|
mariadbd(handle_fatal_signal+0x488)[0x55d30d55ecf8]
|
/lib/x86_64-linux-gnu/libc.so.6(+0x42520)[0x7fc717e6e520]
|
mariadbd(+0xd76d7f)[0x55d30d82fd7f]
|
mariadbd(+0xd72110)[0x55d30d82b110]
|
mariadbd(_ZN11select_unit12write_recordEv+0x2c5)[0x55d30d3bc5e5]
|
mariadbd(_ZN15select_unit_ext9send_dataER4ListI4ItemE+0x102)[0x55d30d3bd882]
|
mariadbd(_ZN4JOIN10exec_innerEv+0xc90)[0x55d30d36d880]
|
mariadbd(_ZN4JOIN4execEv+0x3f)[0x55d30d36dfff]
|
mariadbd(_ZN18st_select_lex_unit10exec_innerEv+0x5b4)[0x55d30d3c0344]
|
mariadbd(_ZN22subselect_union_engine4execEv+0x22)[0x55d30d63d262]
|
mariadbd(_ZN14Item_subselect4execEv+0x4c)[0x55d30d63d73c]
|
mariadbd(_ZN24Item_singlerow_subselect7val_strEP6String+0x29)[0x55d30d63fff9]
|
mariadbd(_ZNK12Type_handler13Item_send_strEP4ItemP8ProtocolP8st_value+0x28)[0x55d30d4b5708]
|
mariadbd(_ZN8Protocol19send_result_set_rowEP4ListI4ItemE+0xea)[0x55d30d213cfa]
|
mariadbd(_ZN11select_send9send_dataER4ListI4ItemE+0x37)[0x55d30d2926a7]
|
mariadbd(_ZN4JOIN10exec_innerEv+0xc90)[0x55d30d36d880]
|
mariadbd(_ZN4JOIN4execEv+0x3f)[0x55d30d36dfff]
|
mariadbd(_Z12mysql_selectP3THDP10TABLE_LISTR4ListI4ItemEPS4_jP8st_orderS9_S7_S9_yP13select_resultP18st_select_lex_unitP13st_select_lex+0x12c)[0x55d30d36bf7c]
|
mariadbd(_Z13handle_selectP3THDP3LEXP13select_resulty+0x154)[0x55d30d36c774]
|
mariadbd(+0x826f55)[0x55d30d2dff55]
|
mariadbd(_Z21mysql_execute_commandP3THDb+0x419e)[0x55d30d2eef0e]
|
mariadbd(_Z11mysql_parseP3THDPcjP12Parser_state+0x1e7)[0x55d30d2f0237]
|
mariadbd(_Z16dispatch_command19enum_server_commandP3THDPcjb+0x14bd)[0x55d30d2f2a1d]
|
mariadbd(_Z10do_commandP3THDb+0x138)[0x55d30d2f4818]
|
mariadbd(_Z24do_handle_one_connectionP7CONNECTb+0x3bf)[0x55d30d41c3af]
|
mariadbd(handle_one_connection+0x5d)[0x55d30d41c6fd]
|
mariadbd(+0xcd1906)[0x55d30d78a906]
|
/lib/x86_64-linux-gnu/libc.so.6(+0x94b43)[0x7fc717ec0b43]
|
/lib/x86_64-linux-gnu/libc.so.6(clone+0x44)[0x7fc717f51bb4]
|
|
|
Trying to get some variables.
|
Some pointers may be invalid and cause the dump to abort.
|
Query (0x7fc6b00130d8): SELECT ( SELECT 1 UNION SELECT 1.000000 UNION ALL SELECT 1 EXCEPT ALL SELECT 1 EXCEPT ALL SELECT 1 UNION ALL SELECT 1 UNION ALL SELECT 1 )
|
|
|
Connection ID (thread ID): 4
|
Status: NOT_KILLED
|
|
|
Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,engine_condition_pushdown=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on,not_null_range_scan=off,hash_join_cardinality=on
|
Attachments
Issue Links
- duplicates
-
-
- Stalled
-
Activity
Thank you for the report!
I repeated as described on 10.5-11.2, this is the same bug as MDEV-25158. I will add the test case there.
Server version: 11.2.2-MariaDB-debug-log source revision: daca468c682ede3b423359b4d835dcbe3d6251a8
|
|
|
asan/asan_report.cc:185(__asan::ScopedInErrorReport::~ScopedInErrorReport())[0x7fc9f215d52c]
|
asan/asan_report.cc:462(__asan::ReportGenericError(unsigned long, unsigned long, unsigned long, unsigned long, bool, unsigned long, unsigned int, bool))[0x7fc9f215cfa3]
|
asan/asan_rtl.cc:119(__asan_report_load8)[0x7fc9f215ddeb]
|
heap/ha_heap.cc:872(ha_heap::find_unique_row(unsigned char*, unsigned int))[0x55dd6a88ad6f]
|
sql/sql_union.cc:676(select_unit_ext::send_data(List<Item>&))[0x55dd698e50a5]
|
sql/sql_class.h:5794(select_result_sink::send_data_with_check(List<Item>&, st_select_lex_unit*, unsigned long long))[0x55dd69781323]
|
sql/sql_select.cc:4807(JOIN::exec_inner())[0x55dd696a7a75]
|
sql/sql_select.cc:4720(JOIN::exec())[0x55dd696a6568]
|
sql/sql_union.cc:2389(st_select_lex_unit::exec_inner())[0x55dd698f4f93]
|
sql/sql_union.cc:2292(st_select_lex_unit::exec())[0x55dd698f3a07]
|
sql/item_subselect.cc:4187(subselect_union_engine::exec())[0x55dd6a19a7eb]
|
sql/item_subselect.cc:812(Item_subselect::exec())[0x55dd6a175491]
|
sql/item_subselect.cc:1484(Item_singlerow_subselect::val_str(String*))[0x55dd6a17b91d]
|
sql/sql_type.cc:7448(Type_handler::Item_send_str(Item*, Protocol*, st_value*) const)[0x55dd69c90480]
|
sql/sql_type.h:4967(Type_handler_decimal_result::Item_send(Item*, Protocol*, st_value*) const)[0x55dd69a11800]
|
sql/item.h:1239(Item::send(Protocol*, st_value*))[0x55dd691e62a8]
|
sql/protocol.cc:1332(Protocol::send_result_set_row(List<Item>*))[0x55dd692a6263]
|
sql/sql_class.cc:3129(select_send::send_data(List<Item>&))[0x55dd6944a7f0]
|
sql/sql_class.h:5794(select_result_sink::send_data_with_check(List<Item>&, st_select_lex_unit*, unsigned long long))[0x55dd69781323]
|
sql/sql_select.cc:4807(JOIN::exec_inner())[0x55dd696a7a75]
|
sql/sql_select.cc:4720(JOIN::exec())[0x55dd696a6568]
|
sql/sql_select.cc:5251(mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x55dd696aad73]
|
sql/sql_select.cc:628(handle_select(THD*, LEX*, select_result*, unsigned long long))[0x55dd6967a21a]
|
sql/sql_parse.cc:6064(execute_sqlcom_select(THD*, TABLE_LIST*))[0x55dd6959c001]
|
sql/sql_parse.cc:3955(mysql_execute_command(THD*, bool))[0x55dd6958cc53]
|
sql/sql_parse.cc:7810(mysql_parse(THD*, char*, unsigned int, Parser_state*))[0x55dd695a6e7f]
|
sql/sql_parse.cc:1895(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool))[0x55dd6957f226]
|
sql/sql_parse.cc:1406(do_command(THD*, bool))[0x55dd6957bf70]
|
sql/sql_connect.cc:1445(do_handle_one_connection(CONNECT*, bool))[0x55dd69a5abb1]
|
sql/sql_connect.cc:1349(handle_one_connection)[0x55dd69a5a50e]
|
perfschema/pfs.cc:2203(pfs_spawn_thread)[0x55dd6a6c88f0]
|
nptl/pthread_create.c:478(start_thread)[0x7fc9f1bc6609]
|
|
|
Query (0x6290001092a8): SELECT ( SELECT 1 UNION SELECT 1.000000 UNION ALL SELECT 1 EXCEPT ALL SELECT 1 EXCEPT ALL SELECT 1 UNION ALL SELECT 1 UNION ALL SELECT 1 )
|
Version: '10.6.14-MariaDB'
|
231004 13:32:56 [ERROR] mysqld got signal 11 ;
|
|
|
Server version: 10.6.14-MariaDB source revision: c93754d45e5d9379e3e23d7ada1d5f21d2711f66
|
|
|
sigaction.c:0(__restore_rt)[0x7f6cbff25420]
|
heap/hp_write.c:143(next_free_record_pos)[0x55a51ed1eacb]
|
heap/ha_heap.cc:240(ha_heap::write_row(unsigned char const*))[0x55a51ed19f6c]
|
sql/sql_class.h:7466(handler::ha_write_tmp_row(unsigned char*))[0x55a51e84ff2f]
|
sql/sql_union.cc:418(select_unit::write_record())[0x55a51e8949d0]
|
sql/sql_union.cc:665(select_unit_ext::send_data(List<Item>&))[0x55a51e8953cd]
|
sql/sql_select.cc:4675(JOIN::exec_inner())[0x55a51e84d499]
|
sql/sql_select.cc:4591(JOIN::exec())[0x55a51e84da73]
|
sql/sql_union.cc:2249(st_select_lex_unit::exec())[0x55a51e89762c]
|
sql/item_subselect.cc:4124(subselect_union_engine::exec())[0x55a51eacfdce]
|
sql/item_subselect.cc:816(Item_subselect::exec())[0x55a51eacf60a]
|
sql/item_subselect.cc:1477(Item_singlerow_subselect::val_str(String*))[0x55a51ead024f]
|
sql/sql_type.cc:7457(Type_handler::Item_send_str(Item*, Protocol*, st_value*) const)[0x55a51e967f14]
|
sql/protocol.cc:1328(Protocol::send_result_set_row(List<Item>*))[0x55a51e72945d]
|
sql/sql_class.cc:3120(select_send::send_data(List<Item>&))[0x55a51e79bb12]
|
sql/sql_select.cc:4675(JOIN::exec_inner())[0x55a51e84d499]
|
sql/sql_select.cc:4591(JOIN::exec())[0x55a51e84da73]
|
sql/sql_select.cc:5071(mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x55a51e84bbfe]
|
sql/sql_select.cc:571(handle_select(THD*, LEX*, select_result*, unsigned long))[0x55a51e84c464]
|
sql/sql_parse.cc:6274(execute_sqlcom_select(THD*, TABLE_LIST*))[0x55a51e6a0069]
|
sql/sql_parse.cc:3949(mysql_execute_command(THD*, bool))[0x55a51e7ecb53]
|
sql/sql_parse.cc:8037(mysql_parse(THD*, char*, unsigned int, Parser_state*))[0x55a51e7eeefb]
|
sql/sql_parse.cc:1955(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool))[0x55a51e7f1338]
|
sql/sql_parse.cc:1411(do_command(THD*, bool))[0x55a51e7f2863]
|
sql/sql_connect.cc:1416(do_handle_one_connection(CONNECT*, bool))[0x55a51e8eb387]
|
sql/sql_connect.cc:1324(handle_one_connection)[0x55a51e8eb624]
|
perfschema/pfs.cc:2204(pfs_spawn_thread)[0x55a51ec87f3c]
|
nptl/pthread_create.c:478(start_thread)[0x7f6cbff19609]
|
|
|
Query (0x7f6c6c010b80): SELECT ( SELECT 1 UNION SELECT 1.000000 UNION ALL SELECT 1 EXCEPT ALL SELECT 1 EXCEPT ALL SELECT 1 UNION ALL SELECT 1 UNION ALL SELECT 1 )
|
|
All these bug reports are great. Can you also confirm if you have tested these with older versions aside from 11.1 and 11.2?
We'll be looking at these as soon as we can to fix them.