[MDEV-35654] Re-evaluation of constant subquery triggers debug assertion - Jira

Details

Type: Bug
Status: In Review (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: 10.5, 10.6, 10.11, 11.4, 11.8, 12.0
Fix Version/s: 10.5, 10.6, 10.11, 11.4, 11.8
Component/s: None
Labels:
None

Description

CREATE TABLE t (t INT);

INSERT INTO t VALUES (0),(t IN (SELECT t IN (SELECT 1 FROM (SELECT 1 AS t) AS t WHERE t IN (SELECT t HAVING NOT t))));

This testcase only crashes 10.5 to 10.11, debug, with UniqueID/stack:

(engine->uncacheable() & ~8) || ! engine->is_executed() || with_recursive_reference|SIGABRT|Item_in_subselect::val_bool|Item::val_bool_result|Item_in_optimizer::val_int|Type_handler_int_result::Item_val_bool

Attachments

Issue Links

relates to

MDEV-32866 Correlated subquery fails after single row substitution in outer query

In Review

split from

MDEV-22375 Assertion `(engine->uncacheable() & ~8) || ! engine->is_executed() || with_recursive_reference' failed in Item_in_subselect::val_bool

Closed

Activity

Ascending order - Click to sort in descending order

Oleg Smirnov added a comment - 2024-12-17 06:30

IN-predicate

a IN (SELECT a HAVING a=0)

is first evaluated as part of constant condition at make_join_select():

make_join_select()
bool const_cond_result;
{
Json_writer_array a(thd, "computing_condition");
const_cond_result= const_cond->val_int() != 0;
}

and later at SELECT_LEX::update_used_tables(). Duplicate execution of subquery engine triggers the debug assertion.

Oleg Smirnov added a comment - 2024-12-17 06:30 IN-predicate a IN ( SELECT a HAVING a=0) is first evaluated as part of constant condition at make_join_select(): make_join_select() bool const_cond_result; { Json_writer_array a(thd, "computing_condition"); const_cond_result= const_cond->val_int() != 0; } and later at SELECT_LEX::update_used_tables(). Duplicate execution of subquery engine triggers the debug assertion.

Oleg Smirnov added a comment - 2024-12-17 10:02

The fix is pushed to the same PR as for MDEV-32866, please review.

Oleg Smirnov added a comment - 2024-12-17 10:02 The fix is pushed to the same PR as for MDEV-32866 , please review.

Roel Van de Paar added a comment - 2025-02-22 02:15 - edited

Additional testcase with slightly different outcome. oleg.smirnov FYI

CREATE VIEW t AS SELECT 1 AS a;

SELECT a FROM t WHERE'' IN (SELECT''LIKE a HAVING a LIKE a);

Leads to:

CS 11.8.1 33e0796e7a154e02a5e53c55cefc5d6feb4f5e6d (Debug) Build 15/02/2025
mariadbd: /test/11.8_dbg/sql/item_subselect.cc:2009: virtual bool Item_in_subselect::val_bool(): Assertion `(engine->uncacheable() & ~8) \|\| ! engine->is_executed() \|\| with_recursive_reference' failed.

CS 11.8.1 33e0796e7a154e02a5e53c55cefc5d6feb4f5e6d (Debug) Build 15/02/2025
Core was generated by `/test/MD150225-mariadb-11.8.1-linux-x86_64-dbg/bin/mariadbd --no-defaults --max'.
Program terminated with signal SIGABRT, Aborted.
Download failed: Invalid argument. Continuing without source file ./nptl/./nptl/pthread_kill.c.
#0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=<optimized out>)at ./nptl/pthread_kill.c:44

[Current thread is 1 (LWP 2523513)]
(gdb) bt
#0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=<optimized out>)at ./nptl/pthread_kill.c:44
#1 __pthread_kill_internal (signo=6, threadid=<optimized out>)at ./nptl/pthread_kill.c:78
#2 __GI___pthread_kill (threadid=<optimized out>, signo=signo@entry=6)at ./nptl/pthread_kill.c:89
#3 0x000014b8e104526e in __GI_raise (sig=sig@entry=6)at ../sysdeps/posix/raise.c:26
#4 0x000014b8e10288ff in __GI_abort () at ./stdlib/abort.c:79
#5 0x000014b8e102881b in __assert_fail_base (fmt=0x14b8e11d01e8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x563be906fad3 "(engine->uncacheable() & ~8) \|\| ! engine->is_executed() \|\| with_recursive_reference", file=file@entry=0x563be906f326 "/test/11.8_dbg/sql/item_subselect.cc", line=line@entry=2009, function=function@entry=0x563be906fa42 "virtual bool Item_in_subselect::val_bool()") at ./assert/assert.c:94
#6 0x000014b8e103b507 in __assert_fail (assertion=0x563be906fad3 "(engine->uncacheable() & ~8) \|\| ! engine->is_executed() \|\| with_recursive_reference", file=0x563be906f326 "/test/11.8_dbg/sql/item_subselect.cc", line=2009, function=0x563be906fa42 "virtual bool Item_in_subselect::val_bool()")at ./assert/assert.c:103
#7 0x0000563be850abe2 in Item_in_subselect::val_bool (this=0x14b88001c0a0)at /test/11.8_dbg/sql/item_subselect.cc:2008
#8 0x0000563be7e19489 in Item::val_bool_result (this=0x14b88001c0a0)at /test/11.8_dbg/sql/item.h:1822
#9 0x0000563be842908d in Item_in_optimizer::val_bool (this=0x14b880030c60)at /test/11.8_dbg/sql/item_cmpfunc.cc:1796
#10 0x0000563be803da76 in JOIN::exec_inner (this=0x14b88001ff48)at /test/11.8_dbg/sql/sql_select.cc:4957
#11 0x0000563be803d0de in JOIN::exec (this=0x14b88001ff48)at /test/11.8_dbg/sql/sql_select.cc:4842
#12 0x0000563be801834d in mysql_select (thd=0x14b880000d58, tables=0x14b88001a438, fields=@0x14b88001a0b0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14b88001a3e8, last = 0x14b88001a3e8, elements = 1}, <No data fields>}, conds=0x14b88001c0a0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2164525824, result=0x14b88001ff20, unit=0x14b880005080, select_lex=0x14b880019df8)at /test/11.8_dbg/sql/sql_select.cc:5375
#13 0x0000563be8017dd5 in handle_select (thd=0x14b880000d58, lex=0x14b880004fa0, result=0x14b88001ff20, setup_tables_done_option=0)at /test/11.8_dbg/sql/sql_select.cc:633
#14 0x0000563be7fbf771 in execute_sqlcom_select (thd=0x14b880000d58, all_tables=0x14b88001a438) at /test/11.8_dbg/sql/sql_parse.cc:6191
#15 0x0000563be7fb4650 in mysql_execute_command (thd=0x14b880000d58, is_called_from_prepared_stmt=false) at /test/11.8_dbg/sql/sql_parse.cc:3979
#16 0x0000563be7fac7d4 in mysql_parse (thd=0x14b880000d58, rawbuf=0x14b880019d20 "SELECT a FROM t WHERE'' IN (SELECT''LIKE a HAVING a LIKE a)", length=59, parser_state=0x14b8d30a2a20)at /test/11.8_dbg/sql/sql_parse.cc:7915
#17 0x0000563be7fa9ba4 in dispatch_command (command=COM_QUERY, thd=0x14b880000d58, packet=0x14b88000b099 "SELECT a FROM t WHERE'' IN (SELECT''LIKE a HAVING a LIKE a)", packet_length=59, blocking=true)at /test/11.8_dbg/sql/sql_parse.cc:1902
#18 0x0000563be7fad383 in do_command (thd=0x14b880000d58, blocking=true)at /test/11.8_dbg/sql/sql_parse.cc:1415
#19 0x0000563be8196a19 in do_handle_one_connection (connect=0x563bed112138, put_in_cache=true) at /test/11.8_dbg/sql/sql_connect.cc:1415
#20 0x0000563be81967be in handle_one_connection (arg=0x563bed12b348)at /test/11.8_dbg/sql/sql_connect.cc:1327
#21 0x000014b8e109ca94 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447
#22 0x000014b8e1129c3c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

Bug confirmed present in:
MariaDB: 10.5.29 (dbg), 10.6.22 (dbg), 10.11.12 (dbg), 11.4.6 (dbg), 11.8.1 (dbg), 12.0.0 (dbg)

Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.5.29 (opt), 10.6.22 (opt), 10.11.12 (opt), 11.4.6 (opt), 11.8.1 (opt), 12.0.0 (opt)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.44 (dbg), 5.7.44 (opt), 8.0.36 (dbg), 8.0.36 (opt), 9.1.0 (dbg), 9.1.0 (opt)

Note that two stacks are generated by this testcase (ref Item_in_optimizer::val_bool vs _int:

(engine->uncacheable() & ~8) || ! engine->is_executed() || with_recursive_reference|SIGABRT|Item_in_subselect::val_bool|Item::val_bool_result|Item_in_optimizer::val_bool|JOIN::exec_inner

(engine->uncacheable() & ~8) || ! engine->is_executed() || with_recursive_reference|SIGABRT|Item_in_subselect::val_bool|Item::val_bool_result|Item_in_optimizer::val_int|JOIN::exec_inner

Given that the _int stack is only applicable to 10.5 debug (and was previously seen in ~~MDEV-22375~~), it is likely indicative of another bug or at least difference in execution. The full stack for this is:

CS 10.5.29 c43d0a015f974c5a0142e6779332089a7a979853 (Debug) Build 15/02/2025
mariadbd: /test/10.5_dbg/sql/item_subselect.cc:1927: virtual bool Item_in_subselect::val_bool(): Assertion `(engine->uncacheable() & ~8) \|\| ! engine->is_executed() \|\| with_recursive_reference' failed.

CS 10.5.29 c43d0a015f974c5a0142e6779332089a7a979853 (Debug) Build 15/02/2025
Core was generated by `/test/MD150225-mariadb-10.5.29-linux-x86_64-dbg/bin/mariadbd --no-defaults --ma'.
Program terminated with signal SIGABRT, Aborted.
#0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=<optimized out>)at ./nptl/pthread_kill.c:44

[Current thread is 1 (LWP 2523339)]
(gdb) bt
#0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=<optimized out>)at ./nptl/pthread_kill.c:44
#1 __pthread_kill_internal (signo=6, threadid=<optimized out>)at ./nptl/pthread_kill.c:78
#2 __GI___pthread_kill (threadid=<optimized out>, signo=signo@entry=6)at ./nptl/pthread_kill.c:89
#3 0x00001469b5c4526e in __GI_raise (sig=sig@entry=6)at ../sysdeps/posix/raise.c:26
#4 0x00001469b5c288ff in __GI_abort () at ./stdlib/abort.c:79
#5 0x00001469b5c2881b in __assert_fail_base (fmt=0x1469b5dd01e8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x5642c4706f8b "(engine->uncacheable() & ~8) \|\| ! engine->is_executed() \|\| with_recursive_reference", file=file@entry=0x5642c47067c1 "/test/10.5_dbg/sql/item_subselect.cc", line=line@entry=1927, function=function@entry=0x5642c4706efa "virtual bool Item_in_subselect::val_bool()") at ./assert/assert.c:94
#6 0x00001469b5c3b507 in __assert_fail (assertion=0x5642c4706f8b "(engine->uncacheable() & ~8) \|\| ! engine->is_executed() \|\| with_recursive_reference", file=0x5642c47067c1 "/test/10.5_dbg/sql/item_subselect.cc", line=1927, function=0x5642c4706efa "virtual bool Item_in_subselect::val_bool()")at ./assert/assert.c:103
#7 0x00005642c3bbc7e0 in Item_in_subselect::val_bool (this=0x146940015310)at /test/10.5_dbg/sql/item_subselect.cc:1926
#8 0x00005642c35f2119 in Item::val_bool_result (this=0x146940015310)at /test/10.5_dbg/sql/item.h:1598
#9 0x00005642c3b0bc9b in Item_in_optimizer::val_int (this=0x14694001f038)at /test/10.5_dbg/sql/item_cmpfunc.cc:1696
#10 0x00005642c3797c69 in JOIN::exec_inner (this=0x14694001d528)at /test/10.5_dbg/sql/sql_select.cc:4560
#11 0x00005642c37972ee in JOIN::exec (this=0x14694001d528)at /test/10.5_dbg/sql/sql_select.cc:4444
#12 0x00005642c3774de1 in mysql_select (thd=0x146940000d58, tables=0x1469400135e8, fields=@0x1469400130f0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x1469400135a0, last = 0x1469400135a0, elements = 1}, <No data fields>}, conds=0x146940015310, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x14694001d500, unit=0x146940004d10, select_lex=0x146940012f88)at /test/10.5_dbg/sql/sql_select.cc:4921
#13 0x00005642c37748a5 in handle_select (thd=0x146940000d58, lex=0x146940004c48, result=0x14694001d500, setup_tables_done_option=0)at /test/10.5_dbg/sql/sql_select.cc:449
#14 0x00005642c37385bd in execute_sqlcom_select (thd=0x146940000d58, all_tables=0x1469400135e8) at /test/10.5_dbg/sql/sql_parse.cc:6452
#15 0x00005642c372c0a2 in mysql_execute_command (thd=0x146940000d58)at /test/10.5_dbg/sql/sql_parse.cc:4043
#16 0x00005642c3724306 in mysql_parse (thd=0x146940000d58, rawbuf=0x146940012eb0 "SELECT a FROM t WHERE'' IN (SELECT''LIKE a HAVING a LIKE a)", length=59, parser_state=0x1469acaa2c38, is_com_multi=false, is_next_command=false) at /test/10.5_dbg/sql/sql_parse.cc:8252
#17 0x00005642c37211c0 in dispatch_command (command=COM_QUERY, thd=0x146940000d58, packet=0x14694000aa39 "SELECT a FROM t WHERE'' IN (SELECT''LIKE a HAVING a LIKE a)", packet_length=59, is_com_multi=false, is_next_command=false)at /test/10.5_dbg/sql/sql_parse.cc:1891
#18 0x00005642c3724cec in do_command (thd=0x146940000d58)at /test/10.5_dbg/sql/sql_parse.cc:1375
#19 0x00005642c38ccfd3 in do_handle_one_connection (connect=0x5642c6ad9278, put_in_cache=true) at /test/10.5_dbg/sql/sql_connect.cc:1386
#20 0x00005642c38ccd72 in handle_one_connection (arg=0x5642c6abf138)at /test/10.5_dbg/sql/sql_connect.cc:1298
#21 0x00001469b5c9ca94 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447
#22 0x00001469b5d29c3c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

Roel Van de Paar added a comment - 2025-02-22 02:15 - edited Additional testcase with slightly different outcome. oleg.smirnov FYI CREATE VIEW t AS SELECT 1 AS a; SELECT a FROM t WHERE '' IN ( SELECT '' LIKE a HAVING a LIKE a); Leads to: CS 11.8.1 33e0796e7a154e02a5e53c55cefc5d6feb4f5e6d (Debug) Build 15/02/2025 mariadbd: /test/11.8_dbg/sql/item_subselect.cc:2009: virtual bool Item_in_subselect::val_bool(): Assertion `(engine->uncacheable() & ~8) || ! engine->is_executed() || with_recursive_reference' failed. CS 11.8.1 33e0796e7a154e02a5e53c55cefc5d6feb4f5e6d (Debug) Build 15/02/2025 Core was generated by `/test/MD150225-mariadb-11.8.1-linux-x86_64-dbg/bin/mariadbd --no-defaults --max'. Program terminated with signal SIGABRT, Aborted. Download failed: Invalid argument. Continuing without source file ./nptl/./nptl/pthread_kill.c. #0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=<optimized out>)at ./nptl/pthread_kill.c:44 [Current thread is 1 (LWP 2523513)] (gdb) bt #0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=<optimized out>)at ./nptl/pthread_kill.c:44 #1 __pthread_kill_internal (signo=6, threadid=<optimized out>)at ./nptl/pthread_kill.c:78 #2 __GI___pthread_kill (threadid=<optimized out>, signo=signo@entry=6)at ./nptl/pthread_kill.c:89 #3 0x000014b8e104526e in __GI_raise (sig=sig@entry=6)at ../sysdeps/posix/raise.c:26 #4 0x000014b8e10288ff in __GI_abort () at ./stdlib/abort.c:79 #5 0x000014b8e102881b in __assert_fail_base (fmt=0x14b8e11d01e8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x563be906fad3 "(engine->uncacheable() & ~8) || ! engine->is_executed() || with_recursive_reference", file=file@entry=0x563be906f326 "/test/11.8_dbg/sql/item_subselect.cc", line=line@entry=2009, function=function@entry=0x563be906fa42 "virtual bool Item_in_subselect::val_bool()") at ./assert/assert.c:94 #6 0x000014b8e103b507 in __assert_fail (assertion=0x563be906fad3 "(engine->uncacheable() & ~8) || ! engine->is_executed() || with_recursive_reference", file=0x563be906f326 "/test/11.8_dbg/sql/item_subselect.cc", line=2009, function=0x563be906fa42 "virtual bool Item_in_subselect::val_bool()")at ./assert/assert.c:103 #7 0x0000563be850abe2 in Item_in_subselect::val_bool (this=0x14b88001c0a0)at /test/11.8_dbg/sql/item_subselect.cc:2008 #8 0x0000563be7e19489 in Item::val_bool_result (this=0x14b88001c0a0)at /test/11.8_dbg/sql/item.h:1822 #9 0x0000563be842908d in Item_in_optimizer::val_bool (this=0x14b880030c60)at /test/11.8_dbg/sql/item_cmpfunc.cc:1796 #10 0x0000563be803da76 in JOIN::exec_inner (this=0x14b88001ff48)at /test/11.8_dbg/sql/sql_select.cc:4957 #11 0x0000563be803d0de in JOIN::exec (this=0x14b88001ff48)at /test/11.8_dbg/sql/sql_select.cc:4842 #12 0x0000563be801834d in mysql_select (thd=0x14b880000d58, tables=0x14b88001a438, fields=@0x14b88001a0b0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14b88001a3e8, last = 0x14b88001a3e8, elements = 1}, <No data fields>}, conds=0x14b88001c0a0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2164525824, result=0x14b88001ff20, unit=0x14b880005080, select_lex=0x14b880019df8)at /test/11.8_dbg/sql/sql_select.cc:5375 #13 0x0000563be8017dd5 in handle_select (thd=0x14b880000d58, lex=0x14b880004fa0, result=0x14b88001ff20, setup_tables_done_option=0)at /test/11.8_dbg/sql/sql_select.cc:633 #14 0x0000563be7fbf771 in execute_sqlcom_select (thd=0x14b880000d58, all_tables=0x14b88001a438) at /test/11.8_dbg/sql/sql_parse.cc:6191 #15 0x0000563be7fb4650 in mysql_execute_command (thd=0x14b880000d58, is_called_from_prepared_stmt=false) at /test/11.8_dbg/sql/sql_parse.cc:3979 #16 0x0000563be7fac7d4 in mysql_parse (thd=0x14b880000d58, rawbuf=0x14b880019d20 "SELECT a FROM t WHERE'' IN (SELECT''LIKE a HAVING a LIKE a)", length=59, parser_state=0x14b8d30a2a20)at /test/11.8_dbg/sql/sql_parse.cc:7915 #17 0x0000563be7fa9ba4 in dispatch_command (command=COM_QUERY, thd=0x14b880000d58, packet=0x14b88000b099 "SELECT a FROM t WHERE'' IN (SELECT''LIKE a HAVING a LIKE a)", packet_length=59, blocking=true)at /test/11.8_dbg/sql/sql_parse.cc:1902 #18 0x0000563be7fad383 in do_command (thd=0x14b880000d58, blocking=true)at /test/11.8_dbg/sql/sql_parse.cc:1415 #19 0x0000563be8196a19 in do_handle_one_connection (connect=0x563bed112138, put_in_cache=true) at /test/11.8_dbg/sql/sql_connect.cc:1415 #20 0x0000563be81967be in handle_one_connection (arg=0x563bed12b348)at /test/11.8_dbg/sql/sql_connect.cc:1327 #21 0x000014b8e109ca94 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447 #22 0x000014b8e1129c3c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78 Bug confirmed present in: MariaDB: 10.5.29 (dbg), 10.6.22 (dbg), 10.11.12 (dbg), 11.4.6 (dbg), 11.8.1 (dbg), 12.0.0 (dbg) Bug (or feature/syntax) confirmed not present in: MariaDB: 10.5.29 (opt), 10.6.22 (opt), 10.11.12 (opt), 11.4.6 (opt), 11.8.1 (opt), 12.0.0 (opt) MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.44 (dbg), 5.7.44 (opt), 8.0.36 (dbg), 8.0.36 (opt), 9.1.0 (dbg), 9.1.0 (opt) Note that two stacks are generated by this testcase (ref Item_in_optimizer::val_bool vs _int : (engine->uncacheable() & ~8) || ! engine->is_executed() || with_recursive_reference|SIGABRT|Item_in_subselect::val_bool|Item::val_bool_result|Item_in_optimizer::val_bool|JOIN::exec_inner (engine->uncacheable() & ~8) || ! engine->is_executed() || with_recursive_reference|SIGABRT|Item_in_subselect::val_bool|Item::val_bool_result|Item_in_optimizer::val_int|JOIN::exec_inner Given that the _int stack is only applicable to 10.5 debug (and was previously seen in MDEV-22375 ), it is likely indicative of another bug or at least difference in execution. The full stack for this is: CS 10.5.29 c43d0a015f974c5a0142e6779332089a7a979853 (Debug) Build 15/02/2025 mariadbd: /test/10.5_dbg/sql/item_subselect.cc:1927: virtual bool Item_in_subselect::val_bool(): Assertion `(engine->uncacheable() & ~8) || ! engine->is_executed() || with_recursive_reference' failed. CS 10.5.29 c43d0a015f974c5a0142e6779332089a7a979853 (Debug) Build 15/02/2025 Core was generated by `/test/MD150225-mariadb-10.5.29-linux-x86_64-dbg/bin/mariadbd --no-defaults --ma'. Program terminated with signal SIGABRT, Aborted. #0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=<optimized out>)at ./nptl/pthread_kill.c:44 [Current thread is 1 (LWP 2523339)] (gdb) bt #0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=<optimized out>)at ./nptl/pthread_kill.c:44 #1 __pthread_kill_internal (signo=6, threadid=<optimized out>)at ./nptl/pthread_kill.c:78 #2 __GI___pthread_kill (threadid=<optimized out>, signo=signo@entry=6)at ./nptl/pthread_kill.c:89 #3 0x00001469b5c4526e in __GI_raise (sig=sig@entry=6)at ../sysdeps/posix/raise.c:26 #4 0x00001469b5c288ff in __GI_abort () at ./stdlib/abort.c:79 #5 0x00001469b5c2881b in __assert_fail_base (fmt=0x1469b5dd01e8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x5642c4706f8b "(engine->uncacheable() & ~8) || ! engine->is_executed() || with_recursive_reference", file=file@entry=0x5642c47067c1 "/test/10.5_dbg/sql/item_subselect.cc", line=line@entry=1927, function=function@entry=0x5642c4706efa "virtual bool Item_in_subselect::val_bool()") at ./assert/assert.c:94 #6 0x00001469b5c3b507 in __assert_fail (assertion=0x5642c4706f8b "(engine->uncacheable() & ~8) || ! engine->is_executed() || with_recursive_reference", file=0x5642c47067c1 "/test/10.5_dbg/sql/item_subselect.cc", line=1927, function=0x5642c4706efa "virtual bool Item_in_subselect::val_bool()")at ./assert/assert.c:103 #7 0x00005642c3bbc7e0 in Item_in_subselect::val_bool (this=0x146940015310)at /test/10.5_dbg/sql/item_subselect.cc:1926 #8 0x00005642c35f2119 in Item::val_bool_result (this=0x146940015310)at /test/10.5_dbg/sql/item.h:1598 #9 0x00005642c3b0bc9b in Item_in_optimizer::val_int (this=0x14694001f038)at /test/10.5_dbg/sql/item_cmpfunc.cc:1696 #10 0x00005642c3797c69 in JOIN::exec_inner (this=0x14694001d528)at /test/10.5_dbg/sql/sql_select.cc:4560 #11 0x00005642c37972ee in JOIN::exec (this=0x14694001d528)at /test/10.5_dbg/sql/sql_select.cc:4444 #12 0x00005642c3774de1 in mysql_select (thd=0x146940000d58, tables=0x1469400135e8, fields=@0x1469400130f0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x1469400135a0, last = 0x1469400135a0, elements = 1}, <No data fields>}, conds=0x146940015310, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x14694001d500, unit=0x146940004d10, select_lex=0x146940012f88)at /test/10.5_dbg/sql/sql_select.cc:4921 #13 0x00005642c37748a5 in handle_select (thd=0x146940000d58, lex=0x146940004c48, result=0x14694001d500, setup_tables_done_option=0)at /test/10.5_dbg/sql/sql_select.cc:449 #14 0x00005642c37385bd in execute_sqlcom_select (thd=0x146940000d58, all_tables=0x1469400135e8) at /test/10.5_dbg/sql/sql_parse.cc:6452 #15 0x00005642c372c0a2 in mysql_execute_command (thd=0x146940000d58)at /test/10.5_dbg/sql/sql_parse.cc:4043 #16 0x00005642c3724306 in mysql_parse (thd=0x146940000d58, rawbuf=0x146940012eb0 "SELECT a FROM t WHERE'' IN (SELECT''LIKE a HAVING a LIKE a)", length=59, parser_state=0x1469acaa2c38, is_com_multi=false, is_next_command=false) at /test/10.5_dbg/sql/sql_parse.cc:8252 #17 0x00005642c37211c0 in dispatch_command (command=COM_QUERY, thd=0x146940000d58, packet=0x14694000aa39 "SELECT a FROM t WHERE'' IN (SELECT''LIKE a HAVING a LIKE a)", packet_length=59, is_com_multi=false, is_next_command=false)at /test/10.5_dbg/sql/sql_parse.cc:1891 #18 0x00005642c3724cec in do_command (thd=0x146940000d58)at /test/10.5_dbg/sql/sql_parse.cc:1375 #19 0x00005642c38ccfd3 in do_handle_one_connection (connect=0x5642c6ad9278, put_in_cache=true) at /test/10.5_dbg/sql/sql_connect.cc:1386 #20 0x00005642c38ccd72 in handle_one_connection (arg=0x5642c6abf138)at /test/10.5_dbg/sql/sql_connect.cc:1298 #21 0x00001469b5c9ca94 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447 #22 0x00001469b5d29c3c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

Roel Van de Paar added a comment - 2025-04-05 00:32 - edited

On UBASAN builds (Clang 18.1) we see a slightly different stack. Additional testcase.

CREATE TABLE t (a CHAR KEY) ENGINE=MEMORY;

INSERT INTO t VALUES (0);

SELECT a FROM t WHERE'' IN (SELECT''LIKE a HAVING a LIKE a);

Setup:

Compiled with a recent version of Clang (I used Clang 18.1.3) with LLVM 18. Ubuntu instructions:

  # Note: It is strongly recommended to uninstall all old Clang & LLVM packages (ref  dpkg --list | grep -iE 'clang|llvm'  and use  apt purge  and  dpkg --purge  to remove the packages), before installing Clang/LLVM 18

     sudo apt install clang llvm-18 llvm-18-linker-tools llvm-18-runtime llvm-18-tools llvm-18-dev libstdc++-14-dev llvm-dev

Compiled with: "-DCMAKE_C_COMPILER=/usr/bin/clang -DCMAKE_CXX_COMPILER=/usr/bin/clang++ -DCMAKE_C{,XX}_FLAGS='-march=native -mtune=native'" and:

    -DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWSREP_LIB_WITH_ASAN=ON

Set before execution:

    export UBSAN_OPTIONS=print_stacktrace=1:report_error_type=1   # And you may also want to supress UBSAN startup issues using 'suppressions=UBSAN.filter' in UBSAN_OPTIONS. For an example of UBSAN.filter, which includes current startup issues see: https://github.com/mariadb-corporation/mariadb-qa/blob/master/UBSAN.filter

    export ASAN_OPTIONS=quarantine_size_mb=512:atexit=0:detect_invalid_pointer_pairs=3:dump_instruction_bytes=1:abort_on_error=1:allocator_may_return_null=1

SAN Bug Detection Matrix
Rel o/d Build Commit UniqueID observed
CS 10.5 dbg 150225 c43d0a015f974c5a0142e6779332089a7a979853 (engine->uncacheable() & ~8) \|\| ! engine->is_executed() \|\| with_recursive_reference\|SIGABRT\|Item_in_subselect::val_bool\|Item_in_optimizer::val_int\|JOIN::exec_inner\|JOIN::exec
CS 10.5 opt 150225 c43d0a015f974c5a0142e6779332089a7a979853 No bug found
CS 10.6 dbg 150225 f1d7e0c17e33f77278e6226dd94aeb30fc856bf0 (engine->uncacheable() & ~8) \|\| ! engine->is_executed() \|\| with_recursive_reference\|SIGABRT\|Item_in_subselect::val_bool\|Item_in_optimizer::val_bool\|JOIN::exec_inner\|JOIN::exec
CS 10.6 opt 150225 f1d7e0c17e33f77278e6226dd94aeb30fc856bf0 No bug found
CS 10.11 dbg 150225 43c5d1303f5c7c726db276815c459436110f342f (engine->uncacheable() & ~8) \|\| ! engine->is_executed() \|\| with_recursive_reference\|SIGABRT\|Item_in_subselect::val_bool\|Item_in_optimizer::val_bool\|JOIN::exec_inner\|JOIN::exec
CS 10.11 opt 150225 43c5d1303f5c7c726db276815c459436110f342f No bug found
CS 11.4 dbg 150225 ef966af801afc2a07222b5df65dddd52c77431dd (engine->uncacheable() & ~8) \|\| ! engine->is_executed() \|\| with_recursive_reference\|SIGABRT\|Item_in_subselect::val_bool\|Item_in_optimizer::val_bool\|JOIN::exec_inner\|JOIN::exec
CS 11.4 opt 150225 ef966af801afc2a07222b5df65dddd52c77431dd No bug found
CS 11.8 dbg 150225 33e0796e7a154e02a5e53c55cefc5d6feb4f5e6d (engine->uncacheable() & ~8) \|\| ! engine->is_executed() \|\| with_recursive_reference\|SIGABRT\|Item_in_subselect::val_bool\|Item_in_optimizer::val_bool\|JOIN::exec_inner\|JOIN::exec
CS 11.8 opt 150225 33e0796e7a154e02a5e53c55cefc5d6feb4f5e6d No bug found
CS 12.0 dbg 150225 c92add291e636c797e6d6ddca605905541b2a441 (engine->uncacheable() & ~8) \|\| ! engine->is_executed() \|\| with_recursive_reference\|SIGABRT\|Item_in_subselect::val_bool\|Item_in_optimizer::val_bool\|JOIN::exec_inner\|JOIN::exec
CS 12.0 opt 150225 c92add291e636c797e6d6ddca605905541b2a441 No bug found
ES 10.5 dbg 140325 6553c62369ab3606efc74295c902181f793fd6d1 (engine->uncacheable() & ~8) \|\| ! engine->is_executed() \|\| with_recursive_reference\|SIGABRT\|Item_in_subselect::val_bool\|Item_in_optimizer::val_int\|JOIN::exec_inner\|JOIN::exec
ES 10.5 opt 140325 6553c62369ab3606efc74295c902181f793fd6d1 No bug found
ES 10.6 dbg 140325 a99e9e4101f5d56a379577e6d81c829b7658df99 (engine->uncacheable() & ~8) \|\| ! engine->is_executed() \|\| with_recursive_reference\|SIGABRT\|Item_in_subselect::val_bool\|Item_in_optimizer::val_bool\|JOIN::exec_inner\|JOIN::exec
ES 10.6 opt 140325 a99e9e4101f5d56a379577e6d81c829b7658df99 (engine->uncacheable() & ~8) \|\| ! engine->is_executed() \|\| with_recursive_reference\|SIGABRT\|Item_in_subselect::val_bool\|Item_in_optimizer::val_bool\|JOIN::exec_inner\|JOIN::exec
ES 11.4 dbg 140325 26e39c99feaa4e6f9d3e1b13fd4a7d101059b7ba (engine->uncacheable() & ~8) \|\| ! engine->is_executed() \|\| with_recursive_reference\|SIGABRT\|Item_in_subselect::val_bool\|Item_in_optimizer::val_bool\|JOIN::exec_inner\|JOIN::exec
ES 11.4 opt 140325 26e39c99feaa4e6f9d3e1b13fd4a7d101059b7ba No bug found

Roel Van de Paar added a comment - 2025-04-05 00:32 - edited On UBASAN builds (Clang 18.1) we see a slightly different stack. Additional testcase. CREATE TABLE t (a CHAR KEY ) ENGINE=MEMORY; INSERT INTO t VALUES (0); SELECT a FROM t WHERE '' IN ( SELECT '' LIKE a HAVING a LIKE a); Setup: Compiled with a recent version of Clang (I used Clang 18.1.3) with LLVM 18. Ubuntu instructions: # Note: It is strongly recommended to uninstall all old Clang & LLVM packages (ref dpkg --list | grep -iE 'clang|llvm' and use apt purge and dpkg --purge to remove the packages), before installing Clang/LLVM 18 sudo apt install clang llvm-18 llvm-18-linker-tools llvm-18-runtime llvm-18-tools llvm-18-dev libstdc++-14-dev llvm-dev Compiled with: "-DCMAKE_C_COMPILER=/usr/bin/clang -DCMAKE_CXX_COMPILER=/usr/bin/clang++ -DCMAKE_C{,XX}_FLAGS='-march=native -mtune=native'" and: -DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWSREP_LIB_WITH_ASAN=ON Set before execution: export UBSAN_OPTIONS=print_stacktrace=1:report_error_type=1 # And you may also want to supress UBSAN startup issues using 'suppressions=UBSAN.filter' in UBSAN_OPTIONS. For an example of UBSAN.filter, which includes current startup issues see: https://github.com/mariadb-corporation/mariadb-qa/blob/master/UBSAN.filter export ASAN_OPTIONS=quarantine_size_mb=512:atexit=0:detect_invalid_pointer_pairs=3:dump_instruction_bytes=1:abort_on_error=1:allocator_may_return_null=1 SAN Bug Detection Matrix Rel o/d Build Commit UniqueID observed CS 10.5 dbg 150225 c43d0a015f974c5a0142e6779332089a7a979853 (engine->uncacheable() & ~8) || ! engine->is_executed() || with_recursive_reference|SIGABRT|Item_in_subselect::val_bool|Item_in_optimizer::val_int|JOIN::exec_inner|JOIN::exec CS 10.5 opt 150225 c43d0a015f974c5a0142e6779332089a7a979853 No bug found CS 10.6 dbg 150225 f1d7e0c17e33f77278e6226dd94aeb30fc856bf0 (engine->uncacheable() & ~8) || ! engine->is_executed() || with_recursive_reference|SIGABRT|Item_in_subselect::val_bool|Item_in_optimizer::val_bool|JOIN::exec_inner|JOIN::exec CS 10.6 opt 150225 f1d7e0c17e33f77278e6226dd94aeb30fc856bf0 No bug found CS 10.11 dbg 150225 43c5d1303f5c7c726db276815c459436110f342f (engine->uncacheable() & ~8) || ! engine->is_executed() || with_recursive_reference|SIGABRT|Item_in_subselect::val_bool|Item_in_optimizer::val_bool|JOIN::exec_inner|JOIN::exec CS 10.11 opt 150225 43c5d1303f5c7c726db276815c459436110f342f No bug found CS 11.4 dbg 150225 ef966af801afc2a07222b5df65dddd52c77431dd (engine->uncacheable() & ~8) || ! engine->is_executed() || with_recursive_reference|SIGABRT|Item_in_subselect::val_bool|Item_in_optimizer::val_bool|JOIN::exec_inner|JOIN::exec CS 11.4 opt 150225 ef966af801afc2a07222b5df65dddd52c77431dd No bug found CS 11.8 dbg 150225 33e0796e7a154e02a5e53c55cefc5d6feb4f5e6d (engine->uncacheable() & ~8) || ! engine->is_executed() || with_recursive_reference|SIGABRT|Item_in_subselect::val_bool|Item_in_optimizer::val_bool|JOIN::exec_inner|JOIN::exec CS 11.8 opt 150225 33e0796e7a154e02a5e53c55cefc5d6feb4f5e6d No bug found CS 12.0 dbg 150225 c92add291e636c797e6d6ddca605905541b2a441 (engine->uncacheable() & ~8) || ! engine->is_executed() || with_recursive_reference|SIGABRT|Item_in_subselect::val_bool|Item_in_optimizer::val_bool|JOIN::exec_inner|JOIN::exec CS 12.0 opt 150225 c92add291e636c797e6d6ddca605905541b2a441 No bug found ES 10.5 dbg 140325 6553c62369ab3606efc74295c902181f793fd6d1 (engine->uncacheable() & ~8) || ! engine->is_executed() || with_recursive_reference|SIGABRT|Item_in_subselect::val_bool|Item_in_optimizer::val_int|JOIN::exec_inner|JOIN::exec ES 10.5 opt 140325 6553c62369ab3606efc74295c902181f793fd6d1 No bug found ES 10.6 dbg 140325 a99e9e4101f5d56a379577e6d81c829b7658df99 (engine->uncacheable() & ~8) || ! engine->is_executed() || with_recursive_reference|SIGABRT|Item_in_subselect::val_bool|Item_in_optimizer::val_bool|JOIN::exec_inner|JOIN::exec ES 10.6 opt 140325 a99e9e4101f5d56a379577e6d81c829b7658df99 (engine->uncacheable() & ~8) || ! engine->is_executed() || with_recursive_reference|SIGABRT|Item_in_subselect::val_bool|Item_in_optimizer::val_bool|JOIN::exec_inner|JOIN::exec ES 11.4 dbg 140325 26e39c99feaa4e6f9d3e1b13fd4a7d101059b7ba (engine->uncacheable() & ~8) || ! engine->is_executed() || with_recursive_reference|SIGABRT|Item_in_subselect::val_bool|Item_in_optimizer::val_bool|JOIN::exec_inner|JOIN::exec ES 11.4 opt 140325 26e39c99feaa4e6f9d3e1b13fd4a7d101059b7ba No bug found

People

Assignee:: Sergei Petrunia

Reporter:: Oleg Smirnov

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2024-12-16 08:08

Updated:: 2025-04-05 00:34

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server