[MDEV-32419] Segmentation fault at /mariadb-11.3.0/sql/sql_union.cc:2608 - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Duplicate
Affects Version/s: 11.3.0
Fix Version/s: N/A
Component/s: Server
Labels:
None
Environment:
Ubuntu 20.04

Description

Run these queries in release build:

CREATE TABLE x ( x INT ) ;
INSERT INTO x ( x ) VALUES ( 1 ) ;
UPDATE IGNORE x SET x = ( WITH RECURSIVE x ( x ) AS ( SELECT 1 EXCEPT SELECT x % ( WITH x ( x ) AS ( SELECT 1 EXCEPT SELECT x + 1 FROM x ORDER BY x , x DESC , x , NULL , ( x = 1 AND x = 1 ) DESC ) SELECT 1 FROM x WHERE x != 'x' ) FROM x WHERE x LIKE ( x BETWEEN 1 AND 1 ) GROUP BY x HAVING x > 'x' ) SELECT 1 FROM x WHERE x != 'x' WINDOW x AS ( PARTITION BY 1 , 1 , 1 , 1 ORDER BY x RANGE BETWEEN 1 PRECEDING AND 1 PRECEDING ) ) WHERE x = ( x - x <= x ) ;

Will trigger Segmentation fault.
GDB info:
Thread 16 "mariadbd" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffd242e300 (LWP 2103)]
0x0000000000df2bf1 in st_select_lex_unit::exec_recursive (this=<optimized out>)
at /home/wx/mariadb-11.3.0/sql/sql_union.cc:2608
2608 derived->table->reginfo.join_tab->preread_init_done= false;

#0 0x0000000000df2bf1 in st_select_lex_unit::exec_recursive (this=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_union.cc:2608
#1 0x0000000000a57f78 in TABLE_LIST::fill_recursive (this=this@entry=0x6290000b5488, thd=thd@entry=0x62b00016c218) at /home/wx/mariadb-11.3.0/sql/sql_derived.cc:1155
#2 0x0000000000a56ed0 in mysql_derived_fill (thd=<optimized out>, lex=<optimized out>, derived=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_derived.cc:1250
#3 0x0000000000a57cc2 in mysql_handle_single_derived (lex=0x62b0001703c8, derived=derived@entry=0x6290000b5488, phases=phases@entry=96) at /home/wx/mariadb-11.3.0/sql/sql_derived.cc:200
#4 0x0000000000c71b80 in st_join_table::preread_init (this=this@entry=0x62d0000de068) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:16029
#5 0x0000000000be2fea in sub_select (join=0x6290000bf160, join_tab=0x62d0000de068, end_of_records=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:23392
#6 0x0000000000c45121 in do_select (join=0x6290000bf160, procedure=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:22961
#7 JOIN::exec_inner (this=0x6290000bf160) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4941
#8 0x0000000000c428e9 in JOIN::exec (this=0x6290000bf160) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4718
#9 0x00000000015d8106 in subselect_single_select_engine::exec (this=<optimized out>) at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:4159
#10 0x00000000015b3edc in Item_subselect::exec (this=0x6290000b7018) at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:812
#11 0x00000000015b9773 in Item_singlerow_subselect::val_int (this=0x6290000b7018) at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:1462
#12 0x00000000013552b8 in Item::save_int_in_field (this=0x6290000b7018, field=0x61900016e000, no_conversions=false) at /home/wx/mariadb-11.3.0/sql/item.cc:6843
#13 0x00000000013554a9 in Item::save_in_field (this=0x6290000b7018, field=0x61900016e000, no_conversions=false) at /home/wx/mariadb-11.3.0/sql/item.cc:6853
#14 0x00000000009d7a96 in fill_record (thd=thd@entry=0x62b00016c218, table_arg=<optimized out>, fields=..., values=..., ignore_errors=false, update=true) at /home/wx/mariadb-11.3.0/sql/sql_base.cc:9032
#15 0x00000000009d9233 in fill_record_n_invoke_before_triggers (thd=thd@entry=0x62b00016c218, table=table@entry=0x61900016da98, fields=..., values=..., ignore_errors=<optimized out>, event=event@entry=TRG_EVENT_UPDATE) at /home/wx/mariadb-11.3.0/sql/sql_base.cc:9206
#16 0x0000000000e197e8 in Sql_cmd_update::update_single_table (this=0x6290000b7230, thd=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_update.cc:928
#17 0x0000000000e2cf6a in Sql_cmd_update::execute_inner (this=<optimized out>, thd=0x62b00016c218) at /home/wx/mariadb-11.3.0/sql/sql_update.cc:3065
#18 0x0000000000cc40b2 in Sql_cmd_dml::execute (this=0x6290000b7230, thd=0x62b00016c218) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:33350
#19 0x0000000000b2ce82 in mysql_execute_command (thd=0x62b00016c218, is_called_from_prepared_stmt=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:4361
#20 0x0000000000b1fe79 in mysql_parse (thd=thd@entry=0x62b00016c218, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, parser_state@entry=0x7fffd1c15a80) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:7734
#21 0x0000000000b19069 in dispatch_command (command=<optimized out>, thd=0x62b00016c218, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:1893
#22 0x0000000000b20b71 in do_command (thd=0x62b00016c218, blocking=true) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:1406
#23 0x0000000000f03476 in do_handle_one_connection (connect=<optimized out>, put_in_cache=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_connect.cc:1445
#24 0x0000000000f02eb9 in handle_one_connection (arg=arg@entry=0x6080020636b8) at /home/wx/mariadb-11.3.0/sql/sql_connect.cc:1347
#25 0x0000000001a00c1b in pfs_spawn_thread (arg=0x617000005118) at /home/wx/mariadb-11.3.0/storage/perfschema/pfs.cc:2201
#26 0x00007ffff79f7609 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
#27 0x00007ffff770f133 in clone () from /lib/x86_64-linux-gnu/libc.so.6

Attachments

Issue Links

duplicates

MDEV-32326 exec_recursive? Server crashes at st_select_lex_unit::exec_recursive

Confirmed

Activity

People

Assignee:: Unassigned

Reporter:: Xin Wen

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2023-10-10 09:09

Updated:: 2023-10-24 10:13

Resolved:: 2023-10-24 10:13

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.