[MDEV-32595] MariaDB Server Crash - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Duplicate
Affects Version/s: 10.4(EOL), 10.5, 10.6, 10.9(EOL), 10.10(EOL), 10.11, 11.0(EOL), 11.1(EOL), 11.2(EOL)
Fix Version/s: N/A
Component/s: Server
Labels:
None

Description

When executing the following SQL, "ERROR 2013 (HY000): Lost connection to server during query" will happen.

DROP TABLE t1 ;
DROP TABLE t2 ;
CREATE TABLE t1 ( c1 INT , c2 VARBINARY ( 100 ) ) ;
INSERT INTO t1 VALUES ( null NULL , NULL null ) ;
INSERT INTO t1 VALUES ( 66 , 'x' ) ;
INSERT INTO t1 VALUES ( 85 , 'x' ) ;
INSERT INTO t1 VALUES ( 127 , 'x' ) ;
CREATE TABLE v0 ( v1 CHARACTER ) ;
INSERT INTO v0 VALUES ( null NULL ) ;
INSERT INTO v0 VALUES ( -128 ) ;
INSERT INTO v0 VALUES ( 16 ) ;
SELECT v1 FROM v0 WHERE ( SELECT v1 UNION SELECT 1 UNION SELECT 1 ) IN ( SELECT * FROM v0 WHERE ( 1 ) GROUP BY v1 HAVING v1 = v1 * 1 ) GROUP BY v1 , v1 HAVING v1 / v1 / v1 ;
SELECT v1 FROM v0 WHERE v1 NOT IN ( SELECT v1 FROM v0 ) ;
DROP TABLE v0 ;
DROP TABLE v0 ;

Attachments

Issue Links

duplicates

MDEV-29070 SIGSEGV in my_decimal::operator= and Assertion `0' failed in Item_type_holder::val_decimal on SELECT

Closed

Activity

Ascending order - Click to sort in descending order

Alice Sherepa added a comment - 2023-10-31 14:58 - edited

Thanks! I repeated on 10.4-11.2, both with InnoDB and Myisam:
non-debug

Version: '10.4.31-MariaDB'

231031 15:32:55 [ERROR] mysqld got signal 11 ;

Server version: 10.4.31-MariaDB source revision: 2aea9387497cecb5668ef605b8f80886f9de812c

sigaction.c:0(__restore_rt)[0x7fa10ba81420]

sql/sql_string.h:165(Charset::set_charset(Charset const&))[0x55a3fd9171fb]

sql/item.h:6951(Item_cache::has_value())[0x55a3fd914fdc]

sql/sql_select.h:2078(store_key_item::copy_inner())[0x55a3fd763f0b]

sql/sql_class.h:6917(create_ref_for_key(JOIN*, st_join_table*, keyuse_t*, bool, unsigned long long))[0x55a3fd730cb1]

sql/sql_select.cc:10732(JOIN::get_best_combination())[0x55a3fd75b62c]

sql/sql_select.cc:2415(JOIN::optimize_stage2())[0x55a3fd75bc83]

sql/sql_select.cc:2394(JOIN::optimize_inner())[0x55a3fd75eef5]

sql/sql_select.cc:1713(JOIN::optimize())[0x55a3fd76183d]

sql/sql_select.cc:4812(mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x55a3fd761951]

sql/sql_select.cc:454(handle_select(THD*, LEX*, select_result*, unsigned long))[0x55a3fd762577]

sql/sql_parse.cc:6474(execute_sqlcom_select(THD*, TABLE_LIST*))[0x55a3fd5e5fa3]

sql/sql_parse.cc:3976(mysql_execute_command(THD*))[0x55a3fd70545b]

sql/sql_parse.cc:8010(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x55a3fd709e72]

sql/sql_parse.cc:1919(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x55a3fd70cac2]

sql/sql_parse.cc:1379(do_command(THD*))[0x55a3fd70dbe2]

sql/sql_connect.cc:1420(do_handle_one_connection(CONNECT*))[0x55a3fd7f2602]

sql/sql_connect.cc:1326(handle_one_connection)[0x55a3fd7f26ed]

nptl/pthread_create.c:478(start_thread)[0x7fa10ba75609]

Query (0x7fa09c010300): SELECT v1 FROM v0 WHERE ( SELECT v1 UNION SELECT 1 UNION SELECT 1 ) IN ( SELECT * FROM v0 WHERE ( 1 ) GROUP BY v1 HAVING v1 = v1 * 1 ) GROUP BY v1 , v1 HAVING v1 / v1 / v1

CREATE TABLE t1 (a char(1) );

SELECT a FROM t1 WHERE ( SELECT a UNION SELECT 1 ) IN ( SELECT * FROM t1 HAVING a );

Version: '10.4.32-MariaDB-debug-log'

mysqld: /10.4/src/sql/item.cc:10613: virtual String* Item_type_holder::val_str(String*): Assertion `0' failed.

231031 15:54:36 [ERROR] mysqld got signal 6 ;

Server version: 10.4.32-MariaDB-debug-log source revision: 6fa69ad7477d4a1a1f9031959b633fcdbf2981a7

/lib/x86_64-linux-gnu/libc.so.6(+0x33fd6)[0x7f5418f52fd6]

sql/item.cc:10614(Item_type_holder::val_str(String*))[0x559fb043cdad]

sql/item.h:1558(Item::str_result(String*))[0x559faf90e135]

sql/item.cc:10376(Item_cache_str::cache_value())[0x559fb043a66c]

sql/item.h:6953(Item_cache::has_value())[0x559fb018695e]

sql/item.cc:10431(Item_cache_str::save_in_field(Field*, bool))[0x559fb043aa9f]

sql/sql_select.h:2074(store_key_item::copy_inner())[0x559fafd6f94c]

sql/sql_select.h:1968(store_key::copy())[0x559fafd6edd9]

sql/sql_select.cc:11090(create_ref_for_key(JOIN*, st_join_table*, keyuse_t*, bool, unsigned long long))[0x559fafcd5029]

sql/sql_select.cc:10752(JOIN::get_best_combination())[0x559fafcd1db2]

sql/sql_select.cc:2435(JOIN::optimize_stage2())[0x559fafc8d932]

sql/sql_select.cc:2414(JOIN::optimize_inner())[0x559fafc8d3c0]

sql/sql_select.cc:1731(JOIN::optimize())[0x559fafc860cb]

sql/sql_select.cc:4832(mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x559fafca70b5]

sql/sql_select.cc:442(handle_select(THD*, LEX*, select_result*, unsigned long))[0x559fafc77b1c]

sql/sql_parse.cc:6475(execute_sqlcom_select(THD*, TABLE_LIST*))[0x559fafbe38ac]

sql/sql_parse.cc:3978(mysql_execute_command(THD*))[0x559fafbd1023]

sql/sql_parse.cc:8013(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x559fafbecdeb]

sql/sql_parse.cc:1860(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x559fafbc31ad]

sql/sql_parse.cc:1378(do_command(THD*))[0x559fafbbfcd8]

sql/sql_connect.cc:1420(do_handle_one_connection(CONNECT*))[0x559faffcf5b3]

sql/sql_connect.cc:1325(handle_one_connection)[0x559faffcee57]

perfschema/pfs.cc:1871(pfs_spawn_thread)[0x559fb0c7b6be]

nptl/pthread_create.c:478(start_thread)[0x7f541946d609]

Query (0x62b0000a1290): SELECT a FROM t1 WHERE ( SELECT a UNION SELECT 1 ) IN ( SELECT * FROM t1 HAVING a )

Alice Sherepa added a comment - 2023-10-31 14:58 - edited Thanks! I repeated on 10.4-11.2, both with InnoDB and Myisam: non-debug Version: '10.4.31-MariaDB' 231031 15:32:55 [ERROR] mysqld got signal 11 ; Server version: 10.4.31-MariaDB source revision: 2aea9387497cecb5668ef605b8f80886f9de812c sigaction.c:0(__restore_rt)[0x7fa10ba81420] sql/sql_string.h:165(Charset::set_charset(Charset const&))[0x55a3fd9171fb] sql/item.h:6951(Item_cache::has_value())[0x55a3fd914fdc] sql/sql_select.h:2078(store_key_item::copy_inner())[0x55a3fd763f0b] sql/sql_class.h:6917(create_ref_for_key(JOIN*, st_join_table*, keyuse_t*, bool, unsigned long long))[0x55a3fd730cb1] sql/sql_select.cc:10732(JOIN::get_best_combination())[0x55a3fd75b62c] sql/sql_select.cc:2415(JOIN::optimize_stage2())[0x55a3fd75bc83] sql/sql_select.cc:2394(JOIN::optimize_inner())[0x55a3fd75eef5] sql/sql_select.cc:1713(JOIN::optimize())[0x55a3fd76183d] sql/sql_select.cc:4812(mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x55a3fd761951] sql/sql_select.cc:454(handle_select(THD*, LEX*, select_result*, unsigned long))[0x55a3fd762577] sql/sql_parse.cc:6474(execute_sqlcom_select(THD*, TABLE_LIST*))[0x55a3fd5e5fa3] sql/sql_parse.cc:3976(mysql_execute_command(THD*))[0x55a3fd70545b] sql/sql_parse.cc:8010(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x55a3fd709e72] sql/sql_parse.cc:1919(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x55a3fd70cac2] sql/sql_parse.cc:1379(do_command(THD*))[0x55a3fd70dbe2] sql/sql_connect.cc:1420(do_handle_one_connection(CONNECT*))[0x55a3fd7f2602] sql/sql_connect.cc:1326(handle_one_connection)[0x55a3fd7f26ed] nptl/pthread_create.c:478(start_thread)[0x7fa10ba75609] Query (0x7fa09c010300): SELECT v1 FROM v0 WHERE ( SELECT v1 UNION SELECT 1 UNION SELECT 1 ) IN ( SELECT * FROM v0 WHERE ( 1 ) GROUP BY v1 HAVING v1 = v1 * 1 ) GROUP BY v1 , v1 HAVING v1 / v1 / v1 CREATE TABLE t1 (a char (1) ); SELECT a FROM t1 WHERE ( SELECT a UNION SELECT 1 ) IN ( SELECT * FROM t1 HAVING a ); Version: '10.4.32-MariaDB-debug-log' mysqld: /10.4/src/sql/item.cc:10613: virtual String* Item_type_holder::val_str(String*): Assertion `0' failed. 231031 15:54:36 [ERROR] mysqld got signal 6 ; Server version: 10.4.32-MariaDB-debug-log source revision: 6fa69ad7477d4a1a1f9031959b633fcdbf2981a7 /lib/x86_64-linux-gnu/libc.so.6(+0x33fd6)[0x7f5418f52fd6] sql/item.cc:10614(Item_type_holder::val_str(String*))[0x559fb043cdad] sql/item.h:1558(Item::str_result(String*))[0x559faf90e135] sql/item.cc:10376(Item_cache_str::cache_value())[0x559fb043a66c] sql/item.h:6953(Item_cache::has_value())[0x559fb018695e] sql/item.cc:10431(Item_cache_str::save_in_field(Field*, bool))[0x559fb043aa9f] sql/sql_select.h:2074(store_key_item::copy_inner())[0x559fafd6f94c] sql/sql_select.h:1968(store_key::copy())[0x559fafd6edd9] sql/sql_select.cc:11090(create_ref_for_key(JOIN*, st_join_table*, keyuse_t*, bool, unsigned long long))[0x559fafcd5029] sql/sql_select.cc:10752(JOIN::get_best_combination())[0x559fafcd1db2] sql/sql_select.cc:2435(JOIN::optimize_stage2())[0x559fafc8d932] sql/sql_select.cc:2414(JOIN::optimize_inner())[0x559fafc8d3c0] sql/sql_select.cc:1731(JOIN::optimize())[0x559fafc860cb] sql/sql_select.cc:4832(mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x559fafca70b5] sql/sql_select.cc:442(handle_select(THD*, LEX*, select_result*, unsigned long))[0x559fafc77b1c] sql/sql_parse.cc:6475(execute_sqlcom_select(THD*, TABLE_LIST*))[0x559fafbe38ac] sql/sql_parse.cc:3978(mysql_execute_command(THD*))[0x559fafbd1023] sql/sql_parse.cc:8013(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x559fafbecdeb] sql/sql_parse.cc:1860(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x559fafbc31ad] sql/sql_parse.cc:1378(do_command(THD*))[0x559fafbbfcd8] sql/sql_connect.cc:1420(do_handle_one_connection(CONNECT*))[0x559faffcf5b3] sql/sql_connect.cc:1325(handle_one_connection)[0x559faffcee57] perfschema/pfs.cc:1871(pfs_spawn_thread)[0x559fb0c7b6be] nptl/pthread_create.c:478(start_thread)[0x7f541946d609] Query (0x62b0000a1290): SELECT a FROM t1 WHERE ( SELECT a UNION SELECT 1 ) IN ( SELECT * FROM t1 HAVING a )

Alice Sherepa added a comment - 2023-12-12 14:02

not repeatable after 69d294e7557eca760251d418c8fc9db94cf0521f (~~MDEV-29070~~)

Alice Sherepa added a comment - 2023-12-12 14:02 not repeatable after 69d294e7557eca760251d418c8fc9db94cf0521f ( MDEV-29070 )

MariaDB Server

MariaDB Server Crash

Details

Description

Attachments

Issue Links

Activity

People

Dates

Git Integration