Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-32434

Segmentation fault at /mariadb-11.3.0/storage/heap/hp_hash.c:351

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Duplicate
    • 11.3.0
    • N/A
    • Server
    • None
    • Ubuntu 20.04

    Description

      Run these queries in release build:

      CREATE TABLE x ( x BOOLEAN NOT NULL ) ;
      INSERT INTO x ( x ) VALUES ( 1 ) ;
      UPDATE x SET x = 1 WHERE x = 1 ;
      INSERT INTO x ( x ) VALUES ( 1 ) , ( x IN ( SELECT x FROM ( SELECT ( SELECT EXISTS ( SELECT * FROM ( SELECT DISTINCT ( - CASE WHEN x = 1 THEN 1 ELSE x + 1 END >= x IS NOT NULL = 1 AND x = 1 ) OR x = x OR x = 'x' FROM x AS x GROUP BY x ) AS x WHERE 1 / x GROUP BY x HAVING ( 1 = 1 AND x = 1 ) ) FROM x GROUP BY EXISTS ( SELECT 1 ) ) FROM x UNION SELECT x FROM x ) AS x ) ) ;

      Will trigger Segmentation fault.
      GDB info:
      Thread 16 "mariadbd" received signal SIGSEGV, Segmentation fault.
      [Switching to Thread 0x7fffd242e300 (LWP 3356)]
      0x0000000001b95526 in hp_rec_hashnr (keydef=<optimized out>, rec=<optimized out>)
      at /home/wx/mariadb-11.3.0/storage/heap/hp_hash.c:351
      351 nr^=(ulong) ((((uint) nr & 63)nr2)*((uint) *pos)) (nr << 8);

      #0 0x0000000001b95526 in hp_rec_hashnr (keydef=<optimized out>, rec=<optimized out>) at /home/wx/mariadb-11.3.0/storage/heap/hp_hash.c:351
      #1 0x0000000001b9e13e in hp_write_key (info=<optimized out>, keyinfo=<optimized out>, record=<optimized out>, recpos=<optimized out>) at /home/wx/mariadb-11.3.0/storage/heap/hp_write.c:349
      #2 0x0000000001b9d01e in heap_write (info=0x61b000065e48, record=<optimized out>) at /home/wx/mariadb-11.3.0/storage/heap/hp_write.c:52
      #3 0x0000000001b8ecc5 in ha_heap::write_row (this=0x61b0000635b8, buf=0x6190002a2c90 "\377\001", '\276' <repeats 14 times>, "\377") at /home/wx/mariadb-11.3.0/storage/heap/ha_heap.cc:298
      #4 0x0000000000cd5bdf in handler::ha_write_tmp_row (this=0x61b0000635b8, buf=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_class.h:7621
      #5 0x0000000000c9b1c8 in end_write (join=<optimized out>, join_tab=0x62d0000dd718, end_of_records=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:24987
      #6 0x0000000000c9e284 in evaluate_join_record (join=join@entry=0x6290000bca48, join_tab=<optimized out>, join_tab@entry=0x62d0000dd2a0, error=error@entry=0) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:23677
      #7 0x0000000000be3396 in sub_select (join=0x6290000bca48, join_tab=0x62d0000dd2a0, end_of_records=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:23444
      #8 0x0000000000c45121 in do_select (join=0x6290000bca48, procedure=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:22961
      #9 JOIN::exec_inner (this=0x6290000bca48) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4941
      #10 0x0000000000c428e9 in JOIN::exec (this=0x6290000bca48) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4718
      #11 0x00000000015d8106 in subselect_single_select_engine::exec (this=<optimized out>) at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:4159
      #12 0x00000000015b3edc in Item_subselect::exec (this=0x6290000b2f28) at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:812
      #13 0x00000000015bda3d in Item_exists_subselect::val_int (this=0x6290000b2f28) at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:1840
      #14 0x0000000001376612 in Item_cache_int::cache_value (this=0x62d0000dea78) at /home/wx/mariadb-11.3.0/sql/item.cc:10161
      #15 0x000000000136b797 in Item_cache_wrapper::cache (this=0x62d0000de9c8) at /home/wx/mariadb-11.3.0/sql/item.cc:8915
      #16 Item_cache_wrapper::val_str (this=0x62d0000de9c8, str=<optimized out>) at /home/wx/mariadb-11.3.0/sql/item.cc:9023
      #17 0x000000000134ab45 in Item_copy_string::copy (this=0x62d0000df2c8) at /home/wx/mariadb-11.3.0/sql/item.cc:5092
      #18 0x0000000000c9bd60 in copy_fields (param=0x6290000bc670) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:28418
      #19 end_send_group (join=<optimized out>, join_tab=<optimized out>, end_of_records=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:24949
      #20 0x0000000000c9e284 in evaluate_join_record (join=join@entry=0x6290000bc418, join_tab=<optimized out>, join_tab@entry=0x62d0000d59c0, error=error@entry=0) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:23677
      #21 0x0000000000be3396 in sub_select (join=0x6290000bc418, join_tab=0x62d0000d59c0, end_of_records=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:23444
      #22 0x0000000000c45121 in do_select (join=0x6290000bc418, procedure=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:22961
      #23 JOIN::exec_inner (this=0x6290000bc418) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4941
      #24 0x0000000000c428e9 in JOIN::exec (this=0x6290000bc418) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4718
      #25 0x00000000015d8106 in subselect_single_select_engine::exec (this=<optimized out>) at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:4159
      #26 0x00000000015b3edc in Item_subselect::exec (this=0x6290000b62a0) at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:812
      #27 0x00000000015b9773 in Item_singlerow_subselect::val_int (this=0x6290000b62a0) at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:1462
      #28 0x00000000013552b8 in Item::save_int_in_field (this=0x6290000b62a0, field=0x6190002a17b8, no_conversions=false) at /home/wx/mariadb-11.3.0/sql/item.cc:6843
      #29 0x00000000013554a9 in Item::save_in_field (this=0x6290000b62a0, field=0x6190002a17b8, no_conversions=false) at /home/wx/mariadb-11.3.0/sql/item.cc:6853
      #30 0x00000000009d9dc9 in fill_record (thd=<optimized out>, table=<optimized out>, ptr=0x61f000016798, values=..., ignore_errors=<optimized out>, use_value=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_base.cc:9320
      #31 0x0000000000de507b in select_unit::send_data (this=0x6290000bbcf0, values=...) at /home/wx/mariadb-11.3.0/sql/sql_union.cc:122
      #32 0x0000000000c36f9a in select_result_sink::send_data_with_check (this=0x61b000065e48, items=..., u=<optimized out>, sent=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_class.h:5842
      #33 end_send (join=0x6290000bbde8, join_tab=0x62d0000e0d70, end_of_records=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:24710
      #34 0x0000000000c9e284 in evaluate_join_record (join=join@entry=0x6290000bbde8, join_tab=<optimized out>, join_tab@entry=0x62d0000e08f8, error=error@entry=0) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:23677
      #35 0x0000000000be3396 in sub_select (join=0x6290000bbde8, join_tab=0x62d0000e08f8, end_of_records=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:23444
      #36 0x0000000000c45121 in do_select (join=0x6290000bbde8, procedure=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:22961
      #37 JOIN::exec_inner (this=0x6290000bbde8) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4941
      #38 0x0000000000c428e9 in JOIN::exec (this=0x6290000bbde8) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4718
      #39 0x0000000000df0df7 in st_select_lex_unit::exec_inner (this=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_union.cc:2389
      #40 0x0000000000a56f10 in mysql_derived_fill (thd=<optimized out>, lex=<optimized out>, derived=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_derived.cc:1256
      #41 0x0000000000a57cc2 in mysql_handle_single_derived (lex=0x62b0001703c8, derived=derived@entry=0x6290000b9950, phases=phases@entry=96) at /home/wx/mariadb-11.3.0/sql/sql_derived.cc:200
      #42 0x0000000000c71b80 in st_join_table::preread_init (this=this@entry=0x62d0000e8000) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:16029
      #43 0x0000000000be2fea in sub_select (join=0x6290000bb5f8, join_tab=0x62d0000e8000, end_of_records=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:23392
      #44 0x0000000000c45121 in do_select (join=0x6290000bb5f8, procedure=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:22961
      #45 JOIN::exec_inner (this=0x6290000bb5f8) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4941
      #46 0x0000000000c428e9 in JOIN::exec (this=0x6290000bb5f8) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4718
      #47 0x00000000015d8106 in subselect_single_select_engine::exec (this=<optimized out>) at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:4159
      #48 0x00000000015b4bab in Item_subselect::exec (this=0x6290000ba8a8) at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:812
      #49 Item_in_subselect::exec (this=0x6290000ba8a8) at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:994
      #50 0x00000000015be5e0 in Item_in_subselect::val_bool (this=0x6290000ba8a8) at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:1991
      #51 0x00000000013b4fcc in Item_in_optimizer::val_int (this=0x62d0000d4700) at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.cc:1664
      #52 0x00000000013552b8 in Item::save_int_in_field (this=0x62d0000d4700, field=0x61900029e100, no_conversions=false) at /home/wx/mariadb-11.3.0/sql/item.cc:6843
      #53 0x00000000013554a9 in Item::save_in_field (this=0x62d0000d4700, field=0x61900029e100, no_conversions=false) at /home/wx/mariadb-11.3.0/sql/item.cc:6853
      #54 0x00000000009d7a96 in fill_record (thd=thd@entry=0x62b00016c218, table_arg=<optimized out>, fields=..., values=..., ignore_errors=false, update=false) at /home/wx/mariadb-11.3.0/sql/sql_base.cc:9032
      #55 0x00000000009d9233 in fill_record_n_invoke_before_triggers (thd=thd@entry=0x62b00016c218, table=table@entry=0x61900029db98, fields=..., values=..., ignore_errors=<optimized out>, event=event@entry=TRG_EVENT_INSERT) at /home/wx/mariadb-11.3.0/sql/sql_base.cc:9206
      #56 0x0000000000a6a4e5 in mysql_insert (thd=<optimized out>, table_list=0x6290000915f8, fields=..., values_list=..., update_fields=..., update_values=..., duplic=<optimized out>, ignore=<optimized out>, result=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_insert.cc:1051
      #57 0x0000000000b36566 in mysql_execute_command (thd=0x62b00016c218, is_called_from_prepared_stmt=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:4417
      #58 0x0000000000b1fe79 in mysql_parse (thd=thd@entry=0x62b00016c218, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, parser_state@entry=0x7fffd242ca80) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:7734
      #59 0x0000000000b19069 in dispatch_command (command=<optimized out>, thd=0x62b00016c218, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:1893
      #60 0x0000000000b20b71 in do_command (thd=0x62b00016c218, blocking=true) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:1406
      #61 0x0000000000f03476 in do_handle_one_connection (connect=<optimized out>, put_in_cache=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_connect.cc:1445
      #62 0x0000000000f02eb9 in handle_one_connection (arg=arg@entry=0x608000ebabb8) at /home/wx/mariadb-11.3.0/sql/sql_connect.cc:1347
      #63 0x0000000001a00c1b in pfs_spawn_thread (arg=0x617000005498) at /home/wx/mariadb-11.3.0/storage/perfschema/pfs.cc:2201
      #64 0x00007ffff79f7609 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
      #65 0x00007ffff770f133 in clone () from /lib/x86_64-linux-gnu/libc.so.6

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. MDEV-32329 (patch) pushdown from having into where: Server crashes at sub_select

          • Major - Major loss of function.
          • Closed

          Activity

            People

              Unassigned Unassigned
              Xin Wen Xin Wen
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.