Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Duplicate
-
11.3.0
-
None
-
Ubuntu 20.04
Description
Run these queries in release build:
CREATE TABLE t0 ( c43 DECIMAL ( 31 ) DEFAULT ( 45 ) ) ;
INSERT INTO t0 VALUES ( 13 ) , ( 29 ) ;
ALTER TABLE t0 ADD COLUMN c24 INT AFTER c43 ;
INSERT INTO t0 VALUES ( DEFAULT , DEFAULT ) , ( DEFAULT , DEFAULT ) ;
SELECT t1 . c22 AS c9 FROM ( SELECT ( SELECT + EXISTS ( SELECT -128 AS c29 ) << LOCATE ( t0 . c43 , t0 . c24 <= t0 . c24 NOT BETWEEN 4642475734208631537 AND -108 , NULLIF ( 57 , -8 ) SOUNDS LIKE TRIM( TRAILING FROM 6107036197732405580 ) ) - t0 . c43 AS c57 FROM t0 LIMIT 1 ) AS c22 FROM t0 ) AS t1 HAVING TRIM( CASE t1 . c22 WHEN -16 THEN RAND ( ) % HEX ( t1 . c22 ) - SUBSTRING_INDEX ( t1 . c22 , ':A9SEZxtjN,fKN*zR' , 'V*vhJb}&c%Op,[T[S,j`F9NDsK;\'8 4;m"
P,ce}1r"3ID1DN' ) >> NULLIF ( t1 . c22 , -95 ) ELSE -2 END IS TRUE FROM t1 . c22 >= EXISTS ( SELECT t2 . c57 AS c59 FROM ( SELECT CASE c24 WHEN -103 THEN 85 ELSE 22 END IS TRUE AS c57 FROM t0 ) AS t2 WHERE MOD ( 64 , 46 ) = CONVERT ( 73 , BINARY ) % RAND ( ) IS NOT NULL = -65 GROUP BY c57 , c22 , c22 WINDOW w0 AS ( PARTITION BY t2 . c57 ) ) & PI ( ) ) ;
Will trigger Segmentation fault.
GDB info:
Thread 17 "mariadbd" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffe011a700 (LWP 45342)]
0x0000555555d4af6a in st_select_lex_unit::set_limit (this=0x7fff980719d0, sl=0x0)
at /home/wx/mariadb-11.3.0/sql/sql_lex.cc:4227
4227 lim.set_limit(sl->get_limit(), sl->get_offset(), sl->limit_params.with_ties);
(gdb) p sl
$1 = (st_select_lex *) 0x0
#0 0x0000555555d4af6a in st_select_lex_unit::set_limit (this=0x7fff980719d0, sl=0x0)
at /home/wx/mariadb-11.3.0/sql/sql_lex.cc:4227
#1 0x00005555560b133e in subselect_single_select_engine::exec (this=0x7fff98016bb0)
at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:4074
#2 0x00005555560b040c in Item_subselect::exec (this=0x7fff98016a20)
at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:812
#3 0x00005555560afd03 in Item_singlerow_subselect::val_int (this=0x7fff98016a20)
at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:1462
#4 0x0000555555fef893 in Item_direct_view_ref::val_int_result (this=0x7fff9807c578)
at /home/wx/mariadb-11.3.0/sql/item.cc:9518
#5 0x0000555555fef2e3 in Item_ref::val_int (this=0x7fff98074cd0)
at /home/wx/mariadb-11.3.0/sql/item.cc:8522
#6 0x00005555560106cd in Arg_comparator::compare_int_unsigned (this=0x7fff980793b8)
at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.cc:963
#7 0x0000555556010d2f in Arg_comparator::compare (this=<optimized out>)
at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.h:104
#8 Item_func_ge::val_int (this=<optimized out>)
at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.cc:1812
#9 0x0000555556044dba in Item_int_func::val_str (this=0x7fff98079300, str=0x7fffe01182e0)
at /home/wx/mariadb-11.3.0/sql/item_func.cc:760
#10 0x00005555560835ed in Item_func_trim::val_str (this=0x7fff98079528, str=<optimized out>)
at /home/wx/mariadb-11.3.0/sql/item_strfunc.cc:2477
#11 0x000055555607f344 in Item_str_func::val_int (this=<optimized out>)
at /home/wx/mariadb-11.3.0/sql/item_strfunc.cc:165
#12 0x0000555555dd9c5d in end_send (join=0x7fff98079ef8, join_tab=0x7fff98085168,
end_of_records=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:24685
#13 0x0000555555dad6d4 in evaluate_join_record (join=join@entry=0x7fff98079ef8,
join_tab=join_tab@entry=0x7fff98084cf0, error=<optimized out>)
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:23677
#14 0x0000555555dbf7fb in sub_select (join=0x7fff98079ef8, join_tab=0x7fff98084cf0,
end_of_records=false) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:23444
#15 0x0000555555df19b2 in do_select (procedure=<optimized out>, join=0x7fff98079ef8)
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:22961
#16 JOIN::exec_inner (this=this@entry=0x7fff98079ef8)
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4941
#17 0x0000555555df1d78 in JOIN::exec (this=this@entry=0x7fff98079ef8)
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4718
#18 0x0000555555defe1c in mysql_select (thd=thd@entry=0x7fff98000c58, tables=0x7fff98073200,
fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x7fff98079528,
proc_param=0x0, select_options=<optimized out>, result=0x7fff98079ed0,
unit=0x7fff98004ee8, select_lex=0x7fff980132f8)
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:5249
#19 0x0000555555df0607 in handle_select (thd=thd@entry=0x7fff98000c58,
lex=lex@entry=0x7fff98004e08, result=result@entry=0x7fff98079ed0,
setup_tables_done_option=setup_tables_done_option@entry=0)
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:628
#20 0x0000555555d6de41 in execute_sqlcom_select (thd=thd@entry=0x7fff98000c58,
all_tables=0x7fff98073200) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:6013
#21 0x0000555555d7c2aa in mysql_execute_command (thd=thd@entry=0x7fff98000c58,
is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false)
at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:3912
#22 0x0000555555d68c27 in mysql_parse (thd=0x7fff98000c58, rawbuf=<optimized out>,
length=<optimized out>, parser_state=<optimized out>)
at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:7734
#23 0x0000555555d74fdd in dispatch_command (command=command@entry=COM_QUERY,
thd=thd@entry=0x7fff98000c58, packet=packet@entry=0x7fff98008509 "",
packet_length=packet_length@entry=811, blocking=blocking@entry=true)
at /home/wx/mariadb-11.3.0/sql/sql_class.h:251
#24 0x0000555555d7721e in do_command (thd=0x7fff98000c58, blocking=blocking@entry=true)
at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:1406
#25 0x0000555555e9a617 in do_handle_one_connection (connect=<optimized out>,
connect@entry=0x555557e0ae58, put_in_cache=put_in_cache@entry=true)
at /home/wx/mariadb-11.3.0/sql/sql_connect.cc:1445
#26 0x0000555555e9a94d in handle_one_connection (arg=arg@entry=0x555557e0ae58)
at /home/wx/mariadb-11.3.0/sql/sql_connect.cc:1347
#27 0x00005555561e658d in pfs_spawn_thread (arg=0x555557db46e8)
at /home/wx/mariadb-11.3.0/storage/perfschema/pfs.cc:2201
#28 0x00007ffff7b48609 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
#29 0x00007ffff7719133 in clone () from /lib/x86_64-linux-gnu/libc.so.6
Attachments
Issue Links
- duplicates
-
-
- Closed
-
Thanks!
This is the same as
MDEV-28621Version: '10.4.32-MariaDB-debug-log'mysqld: /10.4/src/sql/item_subselect.cc:733: virtual bool Item_subselect::exec(): Assertion `!eliminated' failed.231010 16:22:18 [ERROR] mysqld got signal 6 ;Server version: 10.4.32-MariaDB-debug-log source revision: 0c7af6a2a19343cb9d4fedbd7165b8f73bc4cf96/lib/x86_64-linux-gnu/libc.so.6(+0x33fd6)[0x7f5e60504fd6]sql/item_subselect.cc:735(Item_subselect::exec())[0x56093e7de89e]sql/item_subselect.cc:1382(Item_singlerow_subselect::val_int())[0x56093e7e4b9f]sql/item.h:1557(Item::val_int_result())[0x56093db2b0be]sql/item.cc:9373(Item_direct_view_ref::val_int_result())[0x56093e64b6a3]sql/item.cc:8380(Item_ref::val_int())[0x56093e640050]sql/item_cmpfunc.cc:969(Arg_comparator::compare_int_unsigned())[0x56093e67bc65]sql/item_cmpfunc.h:104(Arg_comparator::compare())[0x56093e6bd64e]sql/item_cmpfunc.cc:1821(Item_func_ge::val_int())[0x56093e685867]sql/item_func.cc:763(Item_int_func::val_str(String*))[0x56093e70a2c6]sql/item_strfunc.cc:2096(Item_func_trim::val_str(String*))[0x56093e7a6539]sql/item_strfunc.cc:159(Item_str_func::val_int())[0x56093e79383c]sql/sql_select.cc:22086(end_send(JOIN*, st_join_table*, bool))[0x56093df3f25e]sql/sql_select.cc:21129(evaluate_join_record(JOIN*, st_join_table*, int))[0x56093df378b9]sql/sql_select.cc:20902(sub_select(JOIN*, st_join_table*, bool))[0x56093df361ee]sql/sql_select.cc:20423(do_select(JOIN*, Procedure*))[0x56093df33f94]sql/sql_select.cc:4605(JOIN::exec_inner())[0x56093dec1adc]sql/sql_select.cc:4388(JOIN::exec())[0x56093debf10c]sql/sql_select.cc:4828(mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x56093dec32e8]sql/sql_select.cc:442(handle_select(THD*, LEX*, select_result*, unsigned long))[0x56093de93de0]sql/sql_parse.cc:6475(execute_sqlcom_select(THD*, TABLE_LIST*))[0x56093ddffbe4]sql/sql_parse.cc:3978(mysql_execute_command(THD*))[0x56093dded35b]sql/sql_parse.cc:8012(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x56093de090bf]sql/sql_parse.cc:1860(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x56093dddf4e5]sql/sql_parse.cc:1378(do_command(THD*))[0x56093dddc010]sql/sql_connect.cc:1420(do_handle_one_connection(CONNECT*))[0x56093e1e9deb]sql/sql_connect.cc:1325(handle_one_connection)[0x56093e1e968f]perfschema/pfs.cc:1871(pfs_spawn_thread)[0x56093ee94274]nptl/pthread_create.c:478(start_thread)[0x7f5e60a1f609]Query (0x62b0000a1290): SELECT t1 . c22 AS c9 FROM ( SELECT ( SELECT + EXISTS ( SELECT -128 AS c29 ) << LOCATE ( t0 . c43 , t0 . c24 <= t0 . c24 NOT BETWEEN 4642475734208631537 AND -108 , NULLIF ( 57 , -8 ) SOUNDS LIKE TRIM( TRAILING FROM 6107036197732405580 ) ) - t0 . c43 AS c57 FROM t0 LIMIT 1 ) AS c22 FROM t0 ) AS t1 HAVING TRIM( CASE t1 . c22 WHEN -16 THEN RAND ( ) % HEX ( t1 . c22 ) - SUBSTRING_INDEX ( t1 . c22 , ':A9SEZxtjN,fKN*zR' , 'V*vhJb}&c%Op,[T[S,j`F9NDsK;\'8 4;m"P,ce}1r"3ID1DN' ) >> NULLIF ( t1 . c22 , -95 ) ELSE -2 END IS TRUE FROM t1 . c22 >= EXISTS ( SELECT t2 . c57 AS c59 FROM ( SELECT CASE c24 WHEN -103 THEN 85 ELSE 22 END IS TRUE AS c57 FROM t0 ) AS t2 WHERE MOD ( 64 , 46 ) = CONVERT ( 73 , BINARY ) % RAND ( ) IS NOT NULL = -65 GROUP BY c57 , c22 , c22 WINDOW w0 AS ( PARTITION BY t2 . c57 ) ) & PI ( ) )