Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-32596

Server crash after query

    XMLWordPrintable

Details

    • Bug
    • Status: Confirmed (View Workflow)
    • Major
    • Resolution: Unresolved
    • 10.4(EOL), 10.5, 10.6, 10.9(EOL), 10.10(EOL), 10.11, 11.0(EOL), 11.1(EOL), 11.2(EOL)
    • 10.5, 10.6, 10.11
    • Server
    • None

    Description

      SET default_storage_engine = InnoDB ;
      CREATE TABLE v0 ( v1 BOOLEAN UNIQUE , v2 TEXT ) ;
      SELECT v1 FROM v0 . TABLES WHERE v1 = 'x' AND v1 = 'x' ;
      INSERT INTO v0 VALUES ( 54 , 'x' ) ;
      INSERT INTO v0 VALUES ( v1 , v1 NOT IN ( WITH v0 AS ( SELECT * FROM v0 ORDER BY v2 / 67 * v2 ) SELECT DISTINCT v1 * v2 FROM v0 WHERE v2 = 'x' AND -1 = 5 AND v2 = v2 ) ) ;
      INSERT INTO v0 VALUES ( v1 , 'x' ) ;
      SELECT * FROM v0 ORDER BY v2 ;
      DELETE FROM t1 ;
      SELECT * FROM v0 ORDER BY v2 ;
      ROLLBACK ;
      SELECT * FROM v0 GROUP BY v1 HAVING ( SELECT v2 WHERE v2 = 'x' OR v2 = 'x' ) ORDER BY v1 ;
      DELETE FROM t1 ;
      START TRANSACTION ;
      SELECT * FROM v0 ORDER BY v2 ;
      COMMIT ;
      SELECT * FROM v0 ORDER BY v1 ;
      DELETE FROM t1 ;
      START TRANSACTION ;
      SELECT * ORDER BY v2 ;
      ROLLBACK ;
      SELECT * FROM v0 ORDER BY ( SELECT 1 UNION SELECT 1 UNION SELECT 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + x + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + ( SELECT 1 UNION SELECT 1 UNION SELECT 1 ) * ( SELECT 1 UNION SELECT 1 UNION SELECT 1 ) * 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + ( SELECT 1 UNION SELECT 1 UNION SELECT 1 ) * 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 + 1 ) ;
      DELETE FROM t1 ;
      DROP TABLE v0 ;

      Attempting backtrace. You can use the following information to find out
      where mysqld died. If you see no messages after this, something went
      terribly wrong...
      stack_bottom = 0x7f8df02a1880 thread_stack 0x5fc00
      /usr/local/mysql/bin/mariadbd(__interceptor_backtrace+0x5b)[0x781b5b]
      mysys/stacktrace.c:215(my_print_stacktrace)[0x228cfae]
      sql/signal_handler.cc:0(handle_fatal_signal)[0x12bd0d2]
      sigaction.c:0(__restore_rt)[0x7f8e123fc420]
      sql/item_cmpfunc.cc:7372(Item_equal::val_int())[0x13d459c]
      sql/sql_type.cc:5075(Type_handler_int_result::Item_val_bool(Item*) const)[0x10c1351]
      sql/item_cmpfunc.cc:5622(Item_cond_or::val_int())[0x13bed03]
      sql/sql_select.cc:4803(JOIN::exec_inner())[0xc487b9]
      sql/sql_select.cc:4721(JOIN::exec())[0xc45f19]
      /usr/local/mysql/bin/mariadbd(_ZN30subselect_single_select_engine4execEv+0xb26)[0x15b5176]
      sql/item_subselect.cc:817(Item_subselect::exec())[0x159115c]
      sql/item_subselect.cc:1484(Item_singlerow_subselect::val_str(String*))[0x1596b3c]
      sql/item.cc:10524(Item_cache_str::cache_value())[0x136055a]
      sql/item.cc:8928(Item_cache_wrapper::cache())[0x134d2cc]
      sql/sql_select.cc:24933(end_send_group(JOIN*, st_join_table*, bool))[0xc9f706]
      sql/sql_select.cc:23737(evaluate_join_record(JOIN*, st_join_table*, int))[0xca16a3]
      /usr/local/mysql/bin/mariadbd(_Z10sub_selectP4JOINP13st_join_tableb+0x6df)[0xbe6ccf]
      /usr/local/mysql/bin/mariadbd(_ZN4JOIN10exec_innerEv+0x2681)[0xc48751]
      sql/sql_select.cc:4721(JOIN::exec())[0xc45f19]
      sql/sql_select.cc:5251(mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0xbe89b8]
      sql/sql_select.cc:628(handle_select(THD*, LEX*, select_result*, unsigned long long))[0xbe7e59]
      sql/sql_parse.cc:6041(execute_sqlcom_select(THD*, TABLE_LIST*))[0xb41bc6]
      /usr/local/mysql/bin/mariadbd(_Z21mysql_execute_commandP3THDb+0x18b7)[0xb319a7]
      sql/sql_class.h:2830(THD::enter_stage(PSI_stage_info_v1 const*, char const*, char const*, unsigned int))[0xb24c79]
      /usr/local/mysql/bin/mariadbd(_Z16dispatch_command19enum_server_commandP3THDPcjb+0x2cf8)[0xb1e648]
      sql/sql_parse.cc:1407(do_command(THD*, bool))[0xb25971]
      sql/sql_connect.cc:1416(do_handle_one_connection(CONNECT*, bool))[0xf0d066]
      sql/sql_connect.cc:1322(handle_one_connection)[0xf0caa9]
      perfschema/pfs.cc:2203(pfs_spawn_thread)[0x19d710b]
      nptl/pthread_create.c:478(start_thread)[0x7f8e123f0609]
      addr2line: DWARF error: section .debug_info is larger than its filesize! (0x93ef57 vs 0x530f28)
      /lib/x86_64-linux-gnu/libc.so.6(clone+0x43)[0x7f8e12108133]

      Trying to get some variables.
      Some pointers may be invalid and cause the dump to abort.
      Query (0x629000087238): SELECT * FROM v0 GROUP BY v1 HAVING ( SELECT v2 WHERE v2 = 'x' OR v2 = 'x' ) ORDER BY v1

      Attachments

        Activity

          People

            psergei Sergei Petrunia
            csfuzz csfuzz
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.