[MDEV-32427] Segmentation fault at /mariadb-11.3.0/sql/table.cc:7154 - Jira

XML

Word

Printable

Details

Type: Bug
Status: Confirmed (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: 11.3.0, 10.6, 10.11, 10.4(EOL), 10.5(EOL), 10.9(EOL), 10.10(EOL), 11.0(EOL), 11.1(EOL), 11.2(EOL)
Fix Version/s: 10.11, 11.4, 11.8, 12.0(EOL)
Component/s: Optimizer - CTE, Views
Labels:
- name_resolution
Environment:
Ubuntu 20.04

Description

Run these queries in release build:

CREATE VIEW x AS WITH RECURSIVE x ( x ) AS ( WITH x AS ( SELECT 1 FROM x AS x NATURAL INNER JOIN x AS x ORDER BY EXISTS ( WITH x AS ( SELECT x ( x ) FROM x GROUP BY x ORDER BY x ) SELECT 1 ) DESC ) SELECT 1 UNION SELECT x IN ( 'x' = x ) FROM x ) SELECT 1 ;

Will trigger Segmentation fault.
GDB info:

Thread 17 "mariadbd" received signal SIGSEGV, Segmentation fault.

[Switching to Thread 0x7fffe011a700 (LWP 47254)]

Field_iterator_natural_join::set (this=0x7fffe0115790, table_ref=0x7fff98013d28)

    at /home/wx/mariadb-11.3.0/sql/table.cc:7154

7154	  cur_column_ref= column_ref_it++;

(gdb) p column_ref_it

$80 = {<base_list_iterator> = {list = 0x0, el = 0x0, prev = 0x0,

    current = 0x0}, <No data fields>}

#0  Field_iterator_natural_join::set (this=0x7fffe0115790, table_ref=0x7fff98013d28)

    at /home/wx/mariadb-11.3.0/sql/table.cc:7154

#1  0x0000555555d00091 in store_natural_using_join_columns (

    natural_using_join=0x7fff98014bb0, natural_using_join=0x7fff98014bb0,

    found_using_fields=0, using_fields=0x0, table_ref_2=0x7fff98014480,

    table_ref_1=0x7fff98013d28, thd=0x7fff98000c58)

    at /home/wx/mariadb-11.3.0/sql/sql_base.cc:7554

#2  store_top_level_join_columns (thd=thd@entry=0x7fff98000c58,

    table_ref=table_ref@entry=0x7fff98014bb0, left_neighbor=left_neighbor@entry=0x0,

    right_neighbor=0x0) at /home/wx/mariadb-11.3.0/sql/sql_base.cc:7765

#3  0x0000555555d0a249 in setup_natural_join_row_types (context=0x7fff980137d8,

    from_clause=0x7fff98013948, thd=0x7fff98000c58)

    at /home/wx/mariadb-11.3.0/sql/sql_base.cc:7876

#4  setup_tables (thd=thd@entry=0x7fff98000c58, context=0x7fff980137d8,

    from_clause=0x7fff98013948, tables=tables@entry=0x7fff98013d28, leaves=...,

    select_insert=select_insert@entry=false, full_table_list=<optimized out>)

    at /home/wx/mariadb-11.3.0/sql/sql_base.cc:8388

#5  0x0000555555d0a434 in setup_tables_and_check_access (thd=0x7fff98000c58,

    context=<optimized out>, from_clause=<optimized out>, tables=0x7fff98013d28, leaves=...,

    select_insert=select_insert@entry=false, want_access_first=SELECT_ACL,

    want_access=SELECT_ACL, full_table_list=false)

    at /home/wx/mariadb-11.3.0/sql/sql_base.cc:8430

#6  0x0000555555ddc881 in JOIN::prepare (this=this@entry=0x7fff98073950,

    tables_init=<optimized out>, conds_init=<optimized out>, og_num=1,

    order_init=<optimized out>, skip_order_by=<optimized out>, group_init=0x0,

    having_init=0x0, proc_param_init=0x0, select_lex_arg=0x7fff98013790,

    unit_arg=0x7fff98015378) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:1451

#7  0x0000555555e42e50 in st_select_lex_unit::prepare_join (this=this@entry=0x7fff98015378,

    thd_arg=0x7fff98000c58, sl=sl@entry=0x7fff98013790,

    tmp_result=tmp_result@entry=0x7fff98073860,

    additional_options=additional_options@entry=0,

    is_union_select=is_union_select@entry=false)

    at /home/wx/mariadb-11.3.0/sql/sql_union.cc:1103

#8  0x0000555555e45b64 in st_select_lex_unit::prepare (this=this@entry=0x7fff98015378,

    derived_arg=derived_arg@entry=0x7fff98039890, sel_result=sel_result@entry=0x7fff98073860,

    additional_options=additional_options@entry=0)

    at /home/wx/mariadb-11.3.0/sql/sql_union.cc:1583

#9  0x0000555555d30444 in mysql_derived_prepare (thd=0x7fff98000c58, lex=<optimized out>,

    derived=0x7fff98039890) at /home/wx/mariadb-11.3.0/sql/sql_derived.cc:840

#10 0x0000555555d2f249 in mysql_handle_single_derived (lex=lex@entry=0x7fff98004e08,

    derived=derived@entry=0x7fff98039890, phases=phases@entry=2)

    at /home/wx/mariadb-11.3.0/sql/sql_derived.cc:200

#11 0x0000555555e6e8ce in TABLE_LIST::handle_derived (this=this@entry=0x7fff98039890,

    lex=lex@entry=0x7fff98004e08, phases=phases@entry=2)

    at /home/wx/mariadb-11.3.0/sql/table.cc:9651

#12 0x0000555555d4bbb7 in LEX::handle_list_of_derived (phases=2, table_list=<optimized out>,

    this=0x7fff98004e08) at /home/wx/mariadb-11.3.0/sql/sql_lex.h:4579

#13 st_select_lex::handle_derived (this=<optimized out>, lex=0x7fff98004e08,

    phases=phases@entry=2) at /home/wx/mariadb-11.3.0/sql/sql_lex.cc:4989

#14 0x0000555555ddc80b in JOIN::prepare (this=this@entry=0x7fff98073058,

    tables_init=<optimized out>, conds_init=<optimized out>, og_num=0,

    order_init=<optimized out>, skip_order_by=<optimized out>, group_init=0x0,

    having_init=0x0, proc_param_init=0x0, select_lex_arg=0x7fff98038c20,

    unit_arg=0x7fff980383e8) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:1439

#15 0x0000555555e42e50 in st_select_lex_unit::prepare_join (this=this@entry=0x7fff980383e8,

    thd_arg=0x7fff98000c58, sl=sl@entry=0x7fff98038c20,

    tmp_result=tmp_result@entry=0x7fff98072e88,

    additional_options=additional_options@entry=0, is_union_select=is_union_select@entry=true)

    at /home/wx/mariadb-11.3.0/sql/sql_union.cc:1103

#16 0x0000555555e4635f in st_select_lex_unit::prepare (this=0x7fff980383e8,

    derived_arg=0x7fff98016398, sel_result=sel_result@entry=0x0,

    additional_options=additional_options@entry=0)

    at /home/wx/mariadb-11.3.0/sql/sql_union.cc:1659

#17 0x0000555555f488b0 in With_element::prepare_unreferenced (this=this@entry=0x7fff98039fc0,

    thd=thd@entry=0x7fff98000c58) at /home/wx/mariadb-11.3.0/sql/sql_cte.cc:1284

#18 0x0000555555f48925 in With_clause::prepare_unreferenced_elements (this=<optimized out>,

    thd=0x7fff98000c58) at /home/wx/mariadb-11.3.0/sql/sql_cte.cc:923

#19 0x0000555555ddd2f3 in JOIN::prepare (this=this@entry=0x7fff98072648,

    tables_init=<optimized out>, conds_init=<optimized out>, og_num=<optimized out>,

    order_init=<optimized out>, skip_order_by=<optimized out>, group_init=<optimized out>,

    having_init=<optimized out>, proc_param_init=<optimized out>,

    select_lex_arg=<optimized out>, unit_arg=<optimized out>)

    at /home/wx/mariadb-11.3.0/sql/sql_select.cc:1620

#20 0x0000555555e42e50 in st_select_lex_unit::prepare_join (this=this@entry=0x7fff98004ee8,

    thd_arg=0x7fff98000c58, sl=sl@entry=0x7fff980716b8, tmp_result=tmp_result@entry=0x0,

    additional_options=additional_options@entry=0,

    is_union_select=is_union_select@entry=false)

    at /home/wx/mariadb-11.3.0/sql/sql_union.cc:1103

#21 0x0000555555e45b64 in st_select_lex_unit::prepare (this=this@entry=0x7fff98004ee8,

    derived_arg=0x0, sel_result=sel_result@entry=0x0,

    additional_options=additional_options@entry=0)

    at /home/wx/mariadb-11.3.0/sql/sql_union.cc:1583

#22 0x0000555555e589f9 in mysql_create_view (thd=thd@entry=0x7fff98000c58,

    views=views@entry=0x7fff98012f00, mode=VIEW_CREATE_NEW)

    at /home/wx/mariadb-11.3.0/sql/sql_view.cc:556

#23 0x0000555555d7a72f in mysql_execute_command (thd=thd@entry=0x7fff98000c58,

    is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false)

    at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:5531

#24 0x0000555555d68c27 in mysql_parse (thd=0x7fff98000c58, rawbuf=<optimized out>,

    length=<optimized out>, parser_state=<optimized out>)

    at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:7734

#25 0x0000555555d74fdd in dispatch_command (command=command@entry=COM_QUERY,

    thd=thd@entry=0x7fff98000c58,

    packet=packet@entry=0x7fff98008509 "CREATE VIEW x AS WITH RECURSIVE x ( x ) AS ( WITH x AS ( SELECT 1 FROM x AS x NATURAL INNER JOIN x AS x ORDER BY EXISTS ( WITH x AS ( SELECT x ( x ) FROM x GROUP BY x ORDER BY x ) SELECT 1 ) DESC ) SE"...,

    packet_length=packet_length@entry=254, blocking=blocking@entry=true)

    at /home/wx/mariadb-11.3.0/sql/sql_class.h:251

#26 0x0000555555d7721e in do_command (thd=0x7fff98000c58, blocking=blocking@entry=true)

    at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:1406

#27 0x0000555555e9a617 in do_handle_one_connection (connect=<optimized out>,

    connect@entry=0x555557e16318, put_in_cache=put_in_cache@entry=true)

    at /home/wx/mariadb-11.3.0/sql/sql_connect.cc:1445

#28 0x0000555555e9a94d in handle_one_connection (arg=arg@entry=0x555557e16318)

    at /home/wx/mariadb-11.3.0/sql/sql_connect.cc:1347

#29 0x00005555561e658d in pfs_spawn_thread (arg=0x555557dbfdd8)

    at /home/wx/mariadb-11.3.0/storage/perfschema/pfs.cc:2201

#30 0x00007ffff7b48609 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0

#31 0x00007ffff7719133 in clone () from /lib/x86_64-linux-gnu/libc.so.6

Attachments

Issue Links

relates to

MDEV-32310 Prepare phase: Server crashes at Field_iterator_table::set

Confirmed

MDEV-37079 Assertion in store_natural_using_join_columns() fails on second call of procedure with erroneous query

Confirmed

Activity

People

Assignee:: Sergei Petrunia

Reporter:: Xin Wen

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2023-10-10 11:25

Updated:: 2025-09-20 09:16

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.