Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-32423

Segmentation fault at /mariadb-11.3.0/sql/table.h:3123

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Duplicate
    • 11.3.0
    • N/A
    • Server
    • None
    • Ubuntu 20.04

    Description

      Run these queries in release build:

      CREATE TABLE x ( x INT ) ;
      INSERT INTO x ( x ) VALUES ( 1 ) ;
      UPDATE x SET x = 1 WHERE x = 1 ;
      INSERT INTO x ( x ) VALUES ( 1 ) , ( 1 ) ;
      WITH RECURSIVE x ( x ) AS ( WITH x ( x ) AS ( SELECT 1 EXCEPT SELECT x + x = ( SELECT x FROM x WHERE EXISTS ( SELECT 1 FROM x AS x WHERE x = x + 1 ) ) FROM ( WITH RECURSIVE x ( x ) AS ( WITH RECURSIVE x ( x ) AS ( SELECT 1 EXCEPT SELECT CASE WHEN x = 1 THEN x WHEN 1 = 1 THEN 1 ^ ( SELECT CASE 1 WHEN 1 THEN 1 / 1 WHEN 1 THEN 1 ELSE 1 / 1 END ) WHEN 1 = 1 THEN 1 ELSE x + 'x' END FROM x ) SELECT ( x = 'x' AND x BETWEEN 1 AND 1 ) OR ( x = 1 AND x = 1 ) FROM x GROUP BY x ) SELECT x FROM x UNION SELECT x FROM x ) AS x ) SELECT x FROM x UNION SELECT * FROM x WHERE x IN ( NOT CASE 1 WHEN 1 THEN 1 / 1 WHEN 1 THEN 1 ELSE 1 / 1 END ) GROUP BY 1 , 1 , 1.000000 , 'x' HAVING x < 'x' ) SELECT x + 1 , x FROM x WHERE FALSE IN ( FALSE BETWEEN 1 AND 1 , 1 , NULL , 1 , NULL , NULL , 1 , 1 ) ;

      Will trigger Segmentation fault.
      GDB info:
      Thread 16 "mariadbd" received signal SIGSEGV, Segmentation fault.
      [Switching to Thread 0x7fffd242e300 (LWP 2439)]
      0x0000000000e892c7 in Field_iterator_table::set (this=<optimized out>,
      table=<optimized out>) at /home/wx/mariadb-11.3.0/sql/table.h:3123
      3123 void set(TABLE_LIST *table)

      { ptr= table->table->field; }

      (gdb) p table->table
      $61 = (TABLE *) 0x0

      #0 0x0000000000e892c7 in Field_iterator_table::set (this=<optimized out>, table=<optimized out>) at /home/wx/mariadb-11.3.0/sql/table.h:3123
      #1 0x00000000009d1dce in insert_fields (thd=<optimized out>, context=<optimized out>, db_name_arg=..., table_name=..., it=<optimized out>, any_privileges=<optimized out>, hidden_bit_fields=<optimized out>, returning_field=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_base.cc:8601
      #2 0x00000000009d11b0 in setup_wild (thd=<optimized out>, tables=<optimized out>, fields=..., sum_func_list=<optimized out>, select_lex=<optimized out>, returning_field=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_base.cc:7954
      #3 0x0000000000bf2e1d in JOIN::prepare (this=0x62f000026980, tables_init=<optimized out>, conds_init=<optimized out>, og_num=<optimized out>, order_init=<optimized out>, skip_order_by=<optimized out>, group_init=<optimized out>, having_init=<optimized out>, proc_param_init=<optimized out>, select_lex_arg=<optimized out>, unit_arg=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:1505
      #4 0x0000000000dec22a in st_select_lex_unit::prepare_join (this=this@entry=0x6290000bf7f0, thd_arg=<optimized out>, sl=sl@entry=0x6290000c0030, tmp_result=tmp_result@entry=0x62f0000267a8, additional_options=additional_options@entry=0, is_union_select=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_union.cc:1103
      #5 0x0000000000de1743 in st_select_lex_unit::prepare (this=0x6290000bf7f0, derived_arg=<optimized out>, sel_result=<optimized out>, additional_options=0) at /home/wx/mariadb-11.3.0/sql/sql_union.cc:1659
      #6 0x0000000000a52e38 in mysql_derived_prepare (thd=<optimized out>, lex=<optimized out>, derived=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_derived.cc:840
      #7 0x0000000000a57cc2 in mysql_handle_single_derived (lex=lex@entry=0x62b0001703c8, derived=derived@entry=0x629000093710, phases=phases@entry=2) at /home/wx/mariadb-11.3.0/sql/sql_derived.cc:200
      #8 0x0000000000e7cf8d in TABLE_LIST::handle_derived (this=0x629000093710, lex=0x62b0001703c8, phases=2) at /home/wx/mariadb-11.3.0/sql/table.cc:9651
      #9 0x0000000000ab86cc in LEX::handle_list_of_derived (this=0x62b0001703c8, table_list=<optimized out>, phases=2) at /home/wx/mariadb-11.3.0/sql/sql_lex.h:4579
      #10 st_select_lex::handle_derived (this=<optimized out>, lex=0x62b0001703c8, phases=2) at /home/wx/mariadb-11.3.0/sql/sql_lex.cc:4989
      #11 0x0000000000bf2a78 in JOIN::prepare (this=0x62f0000260b0, tables_init=<optimized out>, conds_init=<optimized out>, og_num=<optimized out>, order_init=<optimized out>, skip_order_by=<optimized out>, group_init=<optimized out>, having_init=<optimized out>, proc_param_init=<optimized out>, select_lex_arg=<optimized out>, unit_arg=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:1439
      #12 0x00000000015d5c30 in subselect_single_select_engine::prepare (this=<optimized out>, thd=<optimized out>) at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:3943
      #13 0x00000000015b1a8e in Item_subselect::fix_fields (this=<optimized out>, thd_param=<optimized out>, ref=<optimized out>) at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:296
      #14 0x0000000001459380 in Item::fix_fields_if_needed (this=0x7fffd2427908, thd=0x62b00016c218, ref=0x6290000b06a8) at /home/wx/mariadb-11.3.0/sql/item.h:1147
      #15 Item_func::fix_fields (this=<optimized out>, thd=<optimized out>, ref=<optimized out>) at /home/wx/mariadb-11.3.0/sql/item_func.cc:349
      #16 0x00000000009d3359 in Item::fix_fields_if_needed (this=0x6290000b0620, thd=0x62b00016c218, ref=0x6290000b0860) at /home/wx/mariadb-11.3.0/sql/item.h:1147
      #17 Item::fix_fields_if_needed_for_scalar (this=0x6290000b0620, thd=0x62b00016c218, ref=0x6290000b0860) at /home/wx/mariadb-11.3.0/sql/item.h:1156
      #18 setup_fields (thd=0x62b00016c218, ref_pointer_array=..., fields=..., column_usage=<optimized out>, sum_func_list=sum_func_list@entry=0x62f000025a88, pre_fix=0x629000092b80, allow_sum_func=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_base.cc:8061
      #19 0x0000000000bf311c in JOIN::prepare (this=0x62f0000256e0, tables_init=<optimized out>, conds_init=<optimized out>, og_num=<optimized out>, order_init=<optimized out>, skip_order_by=<optimized out>, group_init=<optimized out>, having_init=<optimized out>, proc_param_init=<optimized out>, select_lex_arg=<optimized out>, unit_arg=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:1526
      #20 0x0000000000dec22a in st_select_lex_unit::prepare_join (this=this@entry=0x629000092070, thd_arg=<optimized out>, sl=sl@entry=0x6290000928b0, tmp_result=tmp_result@entry=0x62f000024f28, additional_options=additional_options@entry=0, is_union_select=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_union.cc:1103
      #21 0x0000000000de1743 in st_select_lex_unit::prepare (this=0x629000092070, derived_arg=<optimized out>, sel_result=<optimized out>, additional_options=0) at /home/wx/mariadb-11.3.0/sql/sql_union.cc:1659
      #22 0x0000000000a52e38 in mysql_derived_prepare (thd=<optimized out>, lex=<optimized out>, derived=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_derived.cc:840
      #23 0x0000000000a57cc2 in mysql_handle_single_derived (lex=lex@entry=0x62b0001703c8, derived=derived@entry=0x6290000bf0a8, phases=phases@entry=2) at /home/wx/mariadb-11.3.0/sql/sql_derived.cc:200
      #24 0x0000000000e7cf8d in TABLE_LIST::handle_derived (this=0x6290000bf0a8, lex=0x62b0001703c8, phases=2) at /home/wx/mariadb-11.3.0/sql/table.cc:9651
      #25 0x0000000000ab86cc in LEX::handle_list_of_derived (this=0x62b0001703c8, table_list=<optimized out>, phases=2) at /home/wx/mariadb-11.3.0/sql/sql_lex.h:4579
      #26 st_select_lex::handle_derived (this=<optimized out>, lex=0x62b0001703c8, phases=2) at /home/wx/mariadb-11.3.0/sql/sql_lex.cc:4989
      #27 0x0000000000e7cfc6 in TABLE_LIST::handle_derived (this=0x62d0000e6438, lex=0x62b0001703c8, phases=2) at /home/wx/mariadb-11.3.0/sql/table.cc:9648
      #28 0x0000000000ab86cc in LEX::handle_list_of_derived (this=0x62b0001703c8, table_list=<optimized out>, phases=2) at /home/wx/mariadb-11.3.0/sql/sql_lex.h:4579
      #29 st_select_lex::handle_derived (this=<optimized out>, lex=0x62b0001703c8, phases=2) at /home/wx/mariadb-11.3.0/sql/sql_lex.cc:4989
      #30 0x0000000000bf2a78 in JOIN::prepare (this=0x62f000016dc8, tables_init=<optimized out>, conds_init=<optimized out>, og_num=<optimized out>, order_init=<optimized out>, skip_order_by=<optimized out>, group_init=<optimized out>, having_init=<optimized out>, proc_param_init=<optimized out>, select_lex_arg=<optimized out>, unit_arg=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:1439
      #31 0x00000000015d5c30 in subselect_single_select_engine::prepare (this=<optimized out>, thd=<optimized out>) at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:3943
      #32 0x00000000015b1a8e in Item_subselect::fix_fields (this=<optimized out>, thd_param=<optimized out>, ref=<optimized out>) at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:296
      #33 0x0000000001459380 in Item::fix_fields_if_needed (this=0x7fffd2427908, thd=0x62b00016c218, ref=0x62d0000e8f88) at /home/wx/mariadb-11.3.0/sql/item.h:1147
      #34 Item_func::fix_fields (this=<optimized out>, thd=<optimized out>, ref=<optimized out>) at /home/wx/mariadb-11.3.0/sql/item_func.cc:349
      #35 0x00000000009d3359 in Item::fix_fields_if_needed (this=0x62d0000e8f00, thd=0x62b00016c218, ref=0x62d0000e9140) at /home/wx/mariadb-11.3.0/sql/item.h:1147
      #36 Item::fix_fields_if_needed_for_scalar (this=0x62d0000e8f00, thd=0x62b00016c218, ref=0x62d0000e9140) at /home/wx/mariadb-11.3.0/sql/item.h:1156
      #37 setup_fields (thd=0x62b00016c218, ref_pointer_array=..., fields=..., column_usage=<optimized out>, sum_func_list=sum_func_list@entry=0x62f0000167a0, pre_fix=0x62d0000e3468, allow_sum_func=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_base.cc:8061
      #38 0x0000000000bf311c in JOIN::prepare (this=0x62f0000163f8, tables_init=<optimized out>, conds_init=<optimized out>, og_num=<optimized out>, order_init=<optimized out>, skip_order_by=<optimized out>, group_init=<optimized out>, having_init=<optimized out>, proc_param_init=<optimized out>, select_lex_arg=<optimized out>, unit_arg=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:1526
      #39 0x0000000000dec22a in st_select_lex_unit::prepare_join (this=this@entry=0x62d0000e0610, thd_arg=<optimized out>, sl=sl@entry=0x62d0000e3198, tmp_result=tmp_result@entry=0x62f000015c40, additional_options=additional_options@entry=0, is_union_select=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_union.cc:1103
      #40 0x0000000000de1743 in st_select_lex_unit::prepare (this=0x62d0000e0610, derived_arg=<optimized out>, sel_result=<optimized out>, additional_options=0) at /home/wx/mariadb-11.3.0/sql/sql_union.cc:1659
      #41 0x0000000000a52e38 in mysql_derived_prepare (thd=<optimized out>, lex=<optimized out>, derived=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_derived.cc:840
      #42 0x0000000000a57cc2 in mysql_handle_single_derived (lex=lex@entry=0x62b0001703c8, derived=derived@entry=0x6290000c0688, phases=phases@entry=2) at /home/wx/mariadb-11.3.0/sql/sql_derived.cc:200
      #43 0x0000000000e7cf8d in TABLE_LIST::handle_derived (this=0x6290000c0688, lex=0x62b0001703c8, phases=2) at /home/wx/mariadb-11.3.0/sql/table.cc:9651
      #44 0x0000000000ab86cc in LEX::handle_list_of_derived (this=0x62b0001703c8, table_list=<optimized out>, phases=2) at /home/wx/mariadb-11.3.0/sql/sql_lex.h:4579
      #45 st_select_lex::handle_derived (this=<optimized out>, lex=0x62b0001703c8, phases=2) at /home/wx/mariadb-11.3.0/sql/sql_lex.cc:4989
      #46 0x0000000000e7cfc6 in TABLE_LIST::handle_derived (this=0x62d0000d3440, lex=0x62b0001703c8, phases=2) at /home/wx/mariadb-11.3.0/sql/table.cc:9648
      #47 0x0000000000ab86cc in LEX::handle_list_of_derived (this=0x62b0001703c8, table_list=<optimized out>, phases=2) at /home/wx/mariadb-11.3.0/sql/sql_lex.h:4579
      #48 st_select_lex::handle_derived (this=<optimized out>, lex=0x62b0001703c8, phases=2) at /home/wx/mariadb-11.3.0/sql/sql_lex.cc:4989
      #49 0x0000000000bf2a78 in JOIN::prepare (this=0x62f0000078f8, tables_init=<optimized out>, conds_init=<optimized out>, og_num=<optimized out>, order_init=<optimized out>, skip_order_by=<optimized out>, group_init=<optimized out>, having_init=<optimized out>, proc_param_init=<optimized out>, select_lex_arg=<optimized out>, unit_arg=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:1439
      #50 0x0000000000be4c97 in mysql_select (thd=<optimized out>, thd@entry=0x62b00016c218, tables=0x6290000c0788, fields=..., conds=0x6290000c0078, og_num=4199042849, order=0x6290000c0758, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x62f0000078c8, unit=0x62b0001704a8, select_lex=0x62d0000d2b18) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:5224
      #51 0x0000000000be4596 in handle_select (thd=thd@entry=0x62b00016c218, lex=<optimized out>, lex@entry=0x62b0001703c8, result=<optimized out>, result@entry=0x62f0000078c8, setup_tables_done_option=<optimized out>, setup_tables_done_option@entry=0) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:628
      #52 0x0000000000b3df18 in execute_sqlcom_select (thd=0x62b00016c218, all_tables=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:6013
      #53 0x0000000000b2cd51 in mysql_execute_command (thd=0x62b00016c218, is_called_from_prepared_stmt=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:3912
      #54 0x0000000000b1fe79 in mysql_parse (thd=thd@entry=0x62b00016c218, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, parser_state@entry=0x7fffd242ca80) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:7734
      #55 0x0000000000b19069 in dispatch_command (command=<optimized out>, thd=0x62b00016c218, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:1893
      #56 0x0000000000b20b71 in do_command (thd=0x62b00016c218, blocking=true) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:1406
      #57 0x0000000000f03476 in do_handle_one_connection (connect=<optimized out>, put_in_cache=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_connect.cc:1445
      #58 0x0000000000f02eb9 in handle_one_connection (arg=arg@entry=0x6080021a41b8) at /home/wx/mariadb-11.3.0/sql/sql_connect.cc:1347
      #59 0x0000000001a00c1b in pfs_spawn_thread (arg=0x617000005498) at /home/wx/mariadb-11.3.0/storage/perfschema/pfs.cc:2201
      #60 0x00007ffff79f7609 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
      #61 0x00007ffff770f133 in clone () from /lib/x86_64-linux-gnu/libc.so.6

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. MDEV-32310 Prepare phase: Server crashes at Field_iterator_table::set

          • Critical - Crashes, loss of data, severe memory leak.
          • Confirmed

          Activity

            People

              Unassigned Unassigned
              Xin Wen Xin Wen
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.