Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-32766

Segmentation fault at /mariadb-11.3.0/sql/sql_select.cc:23373

    XMLWordPrintable

Details

    • Bug
    • Status: Confirmed (View Workflow)
    • Major
    • Resolution: Unresolved
    • 10.4, 10.5, 10.6, 10.9, 10.10, 10.11, 11.0, 11.1, 11.2, 11.3.0
    • 10.4, 10.5, 10.6, 10.11, 11.1, 11.2
    • Optimizer, Server
    • None
    • Ubuntu 20.04

    Description

      Run these queries in debug build:

      CREATE TABLE t0 ( c35 INT , c27 INT ) ;
      INSERT INTO t0 VALUES ( -68 , 83 ) , ( -86 , -10 ) ;
      ALTER TABLE t0 ADD COLUMN c46 INT AFTER c27 ;
      INSERT INTO t0 VALUES ( DEFAULT , DEFAULT , DEFAULT ) , ( DEFAULT , DEFAULT , DEFAULT ) ;
      ( SELECT c35 AS c28 FROM t0 LIMIT 47 ) ORDER BY TRIM( -26 ) ^ SIN ( 68 ) = ALL ( SELECT c28 AS c0 FROM t0 ) XOR ( -101 = COS ( -46 ) ) = 123 LIMIT 75 ;

      Will trigger Segmentation fault.
      GDB info:
      #0 0x000055555735f6a6 in sub_select (join=0x629000192c60, join_tab=0x62900019a2a8, end_of_records=false) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:23373
      #1 0x000055555735dadd in do_select (join=0x629000192c60, procedure=0x0) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:22961
      #2 0x00005555572dbfe9 in JOIN::exec_inner (this=0x629000192c60) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4941
      #3 0x00005555572d93a0 in JOIN::exec (this=0x629000192c60) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4718
      #4 0x0000555557dce72f in subselect_single_select_engine::exec (this=0x6290000f87d8) at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:4159
      #5 0x0000555557da9c85 in Item_subselect::exec (this=0x6290000f8588) at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:812
      #6 0x0000555557dab291 in Item_in_subselect::exec (this=0x6290000f8588) at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:994
      #7 0x0000555557db650f in Item_in_subselect::val_bool (this=0x6290000f8588) at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:1991
      #8 0x0000555556e14cd4 in Item::val_bool_result (this=0x6290000f8588) at /home/wx/mariadb-11.3.0/sql/item.h:1797
      #9 0x0000555557bf3f02 in Item_in_optimizer::val_int (this=0x629000193480) at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.cc:1664
      #10 0x00005555578b4b6e in Type_handler_int_result::Item_val_bool (this=0x55555b7b68c0 <type_handler_bool>, item=0x629000193480) at /home/wx/mariadb-11.3.0/sql/sql_type.cc:5082
      #11 0x0000555556e147f6 in Item::val_bool (this=0x629000193480) at /home/wx/mariadb-11.3.0/sql/item.h:1701
      #12 0x0000555557be2e79 in Item_func_not_all::val_int (this=0x6290000f8820) at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.cc:222
      #13 0x0000555557c208c3 in Item_func_xor::val_int (this=0x6290000f9050) at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.cc:6497
      #14 0x0000555556e14b78 in Item::val_int_result (this=0x6290000f9050) at /home/wx/mariadb-11.3.0/sql/item.h:1793
      #15 0x0000555557b00dff in Type_handler_int_result::make_sort_key_part (this=0x55555b7b68c0 <type_handler_bool>, to=0x61d000275708 '\276' <repeats 200 times>..., item=0x6290000f9050, sort_field=0x62900019dd40, tmp_buffer=0x7fffd162a158) at /home/wx/mariadb-11.3.0/sql/filesort.cc:1245
      #16 0x0000555557b0cd2d in make_sortkey (param=0x7fffd162a0e0, to=0x61d000275708 '\276' <repeats 200 times>...) at /home/wx/mariadb-11.3.0/sql/filesort.cc:2954
      #17 0x0000555557b02449 in make_sortkey (param=0x7fffd162a0e0, to=0x61d000275708 '\276' <repeats 200 times>..., ref_pos=0x61a000212c38 "\210\b", using_packed_sortkeys=false) at /home/wx/mariadb-11.3.0/sql/filesort.cc:1414
      #18 0x0000555557b10435 in Bounded_queue<unsigned char, unsigned char>::push (this=0x7fffd162a070, element=0x61a000212c38 "\210\b") at /home/wx/mariadb-11.3.0/sql/bounded_queue.h:189
      #19 0x0000555557aff7b4 in find_all_keys (thd=0x62c0001e0288, param=0x7fffd162a0e0, select=0x62900019d3b8, fs_info=0x615000154d00, buffpek_pointers=0x7fffd162a3e0, tempfile=0x7fffd162a230, pq=0x7fffd162a070, found_rows=0x615000154ef0) at /home/wx/mariadb-11.3.0/sql/filesort.cc:1015
      #20 0x0000555557afab66 in filesort (thd=0x62c0001e0288, table=0x620000023128, filesort=0x6290001991a0, tracker=0x62900019dc90, join=0x6290001918e0, first_table_bit=1) at /home/wx/mariadb-11.3.0/sql/filesort.cc:408
      #21 0x00005555573791c3 in create_sort_index (thd=0x62c0001e0288, join=0x6290001918e0, tab=0x62900019c438, fsort=0x6290001991a0) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:26843
      #22 0x00005555573677dd in st_join_table::sort_table (this=0x62900019c438) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:24485
      #23 0x0000555557366bdc in join_init_read_record (tab=0x62900019c438) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:24405
      #24 0x0000555557360006 in sub_select (join=0x6290001918e0, join_tab=0x62900019c438, end_of_records=false) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:23441
      #25 0x000055555735dadd in do_select (join=0x6290001918e0, procedure=0x0) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:22961
      #26 0x00005555572dbfe9 in JOIN::exec_inner (this=0x6290001918e0) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4941
      #27 0x00005555572d93a0 in JOIN::exec (this=0x6290001918e0) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4718
      #28 0x00005555572ddbab in mysql_select (thd=0x62c0001e0288, tables=0x6290001908d8, fields=..., conds=0x0, og_num=1, order=0x6290000f9130, group=0x0, having=0x0, proc_param=0x0, select_options=2165049856, result=0x6290001918b0, unit=0x62c0001e46d8, select_lex=0x6290001902a8) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:5249
      #29 0x00005555572ad18a in handle_select (thd=0x62c0001e0288, lex=0x62c0001e45f8, result=0x6290001918b0, setup_tables_done_option=0) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:628
      #30 0x00005555571ce583 in execute_sqlcom_select (thd=0x62c0001e0288, all_tables=0x6290001908d8) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:6013
      #31 0x00005555571becf6 in mysql_execute_command (thd=0x62c0001e0288, is_called_from_prepared_stmt=false) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:3912
      #32 0x00005555571d95e2 in mysql_parse (thd=0x62c0001e0288, rawbuf=0x6290000f52a8 "( SELECT c35 AS c28 FROM t0 LIMIT 47 ) ORDER BY TRIM( -26 ) ^ SIN ( 68 ) = ALL ( SELECT c28 AS c0 FROM t0 ) XOR ( -101 = COS ( -46 ) ) = 123 LIMIT 75", length=149, parser_state=0x7fffd162c870) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:7734
      #33 0x00005555571b1237 in dispatch_command (command=COM_QUERY, thd=0x62c0001e0288, packet=0x6290000fa289 "", packet_length=152, blocking=true) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:1893
      #34 0x00005555571adf7c in do_command (thd=0x62c0001e0288, blocking=true) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:1406
      #35 0x000055555768e557 in do_handle_one_connection (connect=0x61100004c108, put_in_cache=true) at /home/wx/mariadb-11.3.0/sql/sql_connect.cc:1445
      #36 0x000055555768deb4 in handle_one_connection (arg=0x61100004bfc8) at /home/wx/mariadb-11.3.0/sql/sql_connect.cc:1347
      #37 0x00005555582fa350 in pfs_spawn_thread (arg=0x618000005108) at /home/wx/mariadb-11.3.0/storage/perfschema/pfs.cc:2201
      #38 0x00007ffff7115609 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
      #39 0x00007ffff6ce8133 in clone () from /lib/x86_64-linux-gnu/libc.so.6

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-28505 Server crash in sql/sql_select.cc:19830 in sub_select(JOIN*, st_join_table*, bool)

          • Major - Major loss of function.
          • Closed

          Activity

            People

              psergei Sergei Petrunia
              Xin Wen Xin Wen
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.