[MDEV-32594] server crash - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Critical
Resolution: Duplicate
Affects Version/s: 10.11.5, 11.1.3
Fix Version/s: N/A
Component/s: Optimizer, Server
Labels:
None
Environment:
docker quay.io/mariadb-foundation/mariadb-devel:latest

Description

Reproduce testcase:

SET default_storage_engine = InnoDB ;
CREATE TABLE v0 ( v1 INT , v2 SMALLINT NOT NULL PRIMARY KEY ) ;
SELECT v2 FROM v0 . TABLES WHERE v1 = 'x' AND v2 = 'x' ;
INSERT INTO v0 VALUES ( 99 , 'x' ) ;
INSERT INTO v0 VALUES ( v1 , v1 NOT IN ( WITH v0 AS ( SELECT 68 * 8 FROM v0 ) SELECT * FROM v0 GROUP BY v1 HAVING v1 >= NULL AND ( NULL , 9877221.000000 ) < ( NULL , 'x' ) ) ) ;
INSERT INTO v0 VALUES ( v1 , 'x' ) ;
SELECT * FROM v0 ORDER BY v2 ;
DELETE FROM t1 ;
SELECT * FROM v0 ORDER BY v1 ;
ROLLBACK ;
SELECT * FROM v0 ORDER BY v1 ;
DELETE FROM t1 ;
START TRANSACTION ;
SELECT * FROM v0 ORDER BY v1 ;
COMMIT ;
SELECT * FROM v0 ORDER BY v2 ;
DELETE FROM t1 ;
START TRANSACTION ;
SELECT * ORDER BY v2 ;
ROLLBACK ;
SELECT v1 , v1 FROM v0 WHERE v2 > 0 AND CASE ( 0 ) WHEN NOT NOT NULL THEN 'x' / 93 END < 'x' ;
DELETE FROM t1 ;
DROP TABLE v0 ;

ERROR 2013 (HY000): Lost connection to server during query

Attachments

Issue Links

duplicates

MDEV-29210 Assertion `param->field_count > (uint) (copy - copy_start)' failed in setup_copy_fields, SIGSEGV in JOIN::make_sum_func_list and TABLE_LIST::is_active_sjm (ES), ASAN: use-after-poison in Copy_field::set

Confirmed

Activity

Alice Sherepa added a comment - 2023-11-09 13:53

Thanks! This is the same as MDEV-29210

mariadbd: /11.2/src/sql/sql_select.cc:28403: bool setup_copy_fields(THD*, TMP_TABLE_PARAM*, Ref_ptr_array, List<Item>&, List<Item>&, uint, List<Item>&): Assertion `param->field_count > (uint) (copy - copy_start)' failed.

231109 14:40:37 [ERROR] mysqld got signal 6 ;

Server version: 11.2.2-MariaDB-debug-log source revision: f7646d890b98e1ff5480f60c9d4795a4c9efa6ba

/lib/x86_64-linux-gnu/libc.so.6(+0x33fd6)[0x7f8d4ebb6fd6]

sql/sql_select.cc:28404(setup_copy_fields(THD*, TMP_TABLE_PARAM*, Bounds_checked_array<Item*>, List<Item>&, List<Item>&, unsigned int, List<Item>&))[0x55debdfb6542]

sql/sql_select.cc:4025(JOIN::make_aggr_tables_info())[0x55debdf03f94]

sql/sql_select.cc:3436(JOIN::optimize_stage2())[0x55debdefcf5d]

sql/sql_select.cc:2646(JOIN::optimize_inner())[0x55debdef4f7f]

sql/sql_select.cc:1944(JOIN::optimize())[0x55debdeedbfa]

sql/sql_lex.cc:4888(st_select_lex::optimize_unflattened_subqueries(bool))[0x55debdd76787]

sql/sql_insert.cc:877(mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicates, bool, select_result*))[0x55debdd25bf5]

sql/sql_parse.cc:4462(mysql_execute_command(THD*, bool))[0x55debddf4a8d]

sql/sql_parse.cc:7807(mysql_parse(THD*, char*, unsigned int, Parser_state*))[0x55debde0bb13]

sql/sql_parse.cc:1895(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool))[0x55debdde3e7e]

sql/sql_parse.cc:1406(do_command(THD*, bool))[0x55debdde0bc8]

sql/sql_connect.cc:1418(do_handle_one_connection(CONNECT*, bool))[0x55debe2bebfe]

sql/sql_connect.cc:1322(handle_one_connection)[0x55debe2be55b]

perfschema/pfs.cc:2203(pfs_spawn_thread)[0x55debef33ab6]

nptl/pthread_create.c:478(start_thread)[0x7f8d4f0d1609]

Query (0x6290001092a8): INSERT INTO v0 VALUES ( v1 , v1 NOT IN ( WITH v0 AS ( SELECT 68 * 8 FROM v0 ) SELECT * FROM v0 GROUP BY v1 HAVING v1 >= NULL AND ( NULL , 9877221.000000 ) < ( NULL , 'x' ) ) )

Alice Sherepa added a comment - 2023-11-09 13:53 Thanks! This is the same as MDEV-29210 mariadbd: /11.2/src/sql/sql_select.cc:28403: bool setup_copy_fields(THD*, TMP_TABLE_PARAM*, Ref_ptr_array, List<Item>&, List<Item>&, uint, List<Item>&): Assertion `param->field_count > (uint) (copy - copy_start)' failed. 231109 14:40:37 [ERROR] mysqld got signal 6 ; Server version: 11.2.2-MariaDB-debug-log source revision: f7646d890b98e1ff5480f60c9d4795a4c9efa6ba /lib/x86_64-linux-gnu/libc.so.6(+0x33fd6)[0x7f8d4ebb6fd6] sql/sql_select.cc:28404(setup_copy_fields(THD*, TMP_TABLE_PARAM*, Bounds_checked_array<Item*>, List<Item>&, List<Item>&, unsigned int, List<Item>&))[0x55debdfb6542] sql/sql_select.cc:4025(JOIN::make_aggr_tables_info())[0x55debdf03f94] sql/sql_select.cc:3436(JOIN::optimize_stage2())[0x55debdefcf5d] sql/sql_select.cc:2646(JOIN::optimize_inner())[0x55debdef4f7f] sql/sql_select.cc:1944(JOIN::optimize())[0x55debdeedbfa] sql/sql_lex.cc:4888(st_select_lex::optimize_unflattened_subqueries(bool))[0x55debdd76787] sql/sql_insert.cc:877(mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicates, bool, select_result*))[0x55debdd25bf5] sql/sql_parse.cc:4462(mysql_execute_command(THD*, bool))[0x55debddf4a8d] sql/sql_parse.cc:7807(mysql_parse(THD*, char*, unsigned int, Parser_state*))[0x55debde0bb13] sql/sql_parse.cc:1895(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool))[0x55debdde3e7e] sql/sql_parse.cc:1406(do_command(THD*, bool))[0x55debdde0bc8] sql/sql_connect.cc:1418(do_handle_one_connection(CONNECT*, bool))[0x55debe2bebfe] sql/sql_connect.cc:1322(handle_one_connection)[0x55debe2be55b] perfschema/pfs.cc:2203(pfs_spawn_thread)[0x55debef33ab6] nptl/pthread_create.c:478(start_thread)[0x7f8d4f0d1609] Query (0x6290001092a8): INSERT INTO v0 VALUES ( v1 , v1 NOT IN ( WITH v0 AS ( SELECT 68 * 8 FROM v0 ) SELECT * FROM v0 GROUP BY v1 HAVING v1 >= NULL AND ( NULL , 9877221.000000 ) < ( NULL , 'x' ) ) )

People

Assignee:: Unassigned

Reporter:: csfuzz

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2023-10-27 02:34

Updated:: 2023-11-09 13:53

Resolved:: 2023-11-09 13:51

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server