Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-36750

SIGSEGV in Time_and_counter_tracker::incr_loop, different assertions in JOIN::save_explain_data, and UBSAN member access within null pointer of type 'Explain_select' in JOIN::exec upon SELECT

    XMLWordPrintable

Details

    Description

      SELECT (SELECT 1 FROM (SELECT 1 AS x) AS x) AS x GROUP BY (SELECT 1 IN (SELECT 1 AS x FROM (SELECT 1 IN (SELECT 1 AS x) FROM (SELECT 1 AS x) AS x) AS x WHERE x));

      Leads to:

      CS 10.5.29 e6ea5d568c0fb972a391a8c64716846ddb7c57ef (Optimized) Build 12/04/2025

      		 
      Core was generated by `/test/MD120425-mariadb-10.5.29-linux-x86_64-opt/bin/mariadbd --no-defaults --ma'.
      		 
      Program terminated with signal SIGSEGV, Segmentation fault.
      		 
      #0  Time_and_counter_tracker::incr_loops (this=0xa0)at /test/10.5_opt/sql/sql_analyze_stmt.h:139
      		 
       
      		 
      [Current thread is 1 (LWP 641573)]
      		 
      (gdb) bt
      		 
      #0  Time_and_counter_tracker::incr_loops (this=0xa0)at /test/10.5_opt/sql/sql_analyze_stmt.h:139
      		 
      #1  JOIN::exec (this=0x7ffdac045228) at /test/10.5_opt/sql/sql_select.cc:4443
      		 
      #2  0x0000555555f70140 in subselect_single_select_engine::exec (this=0x7ffdac0133e8) at /test/10.5_opt/sql/item_subselect.cc:4099
      		 
      #3  0x0000555555f6781c in Item_subselect::exec (this=0x7ffdac013240)at /test/10.5_opt/sql/item_subselect.cc:799
      		 
      #4  0x0000555555f68e73 in Item_singlerow_subselect::val_int (this=0x7ffdac013240) at /test/10.5_opt/sql/item_subselect.cc:1442
      		 
      #5  0x0000555555ed174c in Item_direct_ref::val_int (this=0x7ffdac021980)at /test/10.5_opt/sql/item.cc:8811
      		 
      #6  0x0000555555ed174c in Item_direct_ref::val_int (this=0x7ffdac044e10)at /test/10.5_opt/sql/item.cc:8811
      		 
      #7  0x0000555555ee5209 in Arg_comparator::compare_int_signed (this=0x7ffdac0450b8) at /test/10.5_opt/sql/item_cmpfunc.cc:946
      		 
      #8  0x0000555555ee713f in Arg_comparator::compare (this=<optimized out>)at /test/10.5_opt/sql/item_cmpfunc.h:117
      		 
      #9  Item_func_ne::val_int (this=0x7ffdac044fe8)at /test/10.5_opt/sql/item_cmpfunc.cc:1845
      		 
      #10 0x0000555555cdd732 in JOIN::exec_inner (this=this@entry=0x7ffdac01fa20)at /test/10.5_opt/sql/sql_select.cc:4526
      		 
      #11 0x0000555555cc4d3f in JOIN::exec (this=0x7ffdac01fa20)at /test/10.5_opt/sql/sql_select.cc:4444
      		 
      #12 mysql_select (thd=thd@entry=0x7ffdac000c68, tables=<optimized out>, fields=@0x7ffdac0156d8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x7ffdac015ae8, last = 0x7ffdac015ae8, elements = 1}, <No data fields>}, conds=<optimized out>, og_num=<optimized out>, order=<optimized out>, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x7ffdac01f940, unit=0x7ffdac015b10, select_lex=0x7ffdac015570)at /test/10.5_opt/sql/sql_select.cc:4921
      		 
      #13 0x0000555555c5c2ad in mysql_derived_fill (thd=thd@entry=0x7ffdac000c68, lex=lex@entry=0x7ffdac004b98, derived=derived@entry=0x7ffdac019d50)at /test/10.5_opt/sql/sql_derived.cc:1275
      		 
      #14 0x0000555555c5b7e6 in mysql_derived_optimize (thd=0x7ffdac000c68, lex=0x7ffdac004b98, derived=0x7ffdac019d50)at /test/10.5_opt/sql/sql_derived.cc:1049
      		 
      #15 0x0000555555c5c940 in mysql_handle_single_derived (lex=0x7ffdac004b98, derived=derived@entry=0x7ffdac019d50, phases=phases@entry=4)at /test/10.5_opt/sql/sql_derived.cc:200
      		 
      #16 0x0000555555ccc923 in JOIN::optimize_inner (this=this@entry=0x7ffdac01f3c0)at /test/10.5_opt/sql/sql_select.cc:2237
      		 
      #17 0x0000555555cca422 in JOIN::optimize (this=0x7ffdac01f3c0)at /test/10.5_opt/sql/sql_select.cc:1765
      		 
      #18 0x0000555555c7623d in st_select_lex::optimize_unflattened_subqueries (this=0x7ffdac010a80, const_only=false)at /test/10.5_opt/sql/sql_lex.cc:4962
      		 
      #19 0x0000555555cca46d in JOIN::optimize_stage2 (this=this@entry=0x7ffdac01d3c8) at /test/10.5_opt/sql/sql_select.cc:3220
      		 
      #20 0x0000555555ccc9a7 in JOIN::optimize_inner (this=this@entry=0x7ffdac01d3c8)at /test/10.5_opt/sql/sql_select.cc:2445
      		 
      #21 0x0000555555cc4e38 in JOIN::optimize (this=0x7ffdac01d3c8)at /test/10.5_opt/sql/sql_select.cc:1765
      		 
      #22 mysql_select (thd=thd@entry=0x7ffdac000c68, tables=<optimized out>, fields=@0x7ffdac010be8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x7ffdac013430, last = 0x7ffdac013430, elements = 1}, <No data fields>}, conds=<optimized out>, og_num=<optimized out>, order=<optimized out>, group=0x7ffdac01ca38, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x7ffdac01d3a0, unit=0x7ffdac004c60, select_lex=0x7ffdac010a80)at /test/10.5_opt/sql/sql_select.cc:4907
      		 
      #23 0x0000555555cc48d9 in handle_select (thd=thd@entry=0x7ffdac000c68, lex=lex@entry=0x7ffdac004b98, result=result@entry=0x7ffdac01d3a0, setup_tables_done_option=setup_tables_done_option@entry=0)at /test/10.5_opt/sql/sql_select.cc:449
      		 
      #24 0x0000555555ca086f in execute_sqlcom_select (thd=thd@entry=0x7ffdac000c68, all_tables=0x7ffdac0122e8) at /test/10.5_opt/sql/sql_parse.cc:6452
      		 
      #25 0x0000555555c9ee99 in mysql_execute_command (thd=thd@entry=0x7ffdac000c68)at /test/10.5_opt/sql/sql_parse.cc:4043
      		 
      #26 0x0000555555c96a48 in mysql_parse (thd=thd@entry=0x7ffdac000c68, rawbuf=0x7ffdac0108e0 "SELECT (SELECT 1 FROM (SELECT 1 AS x) AS x) AS x GROUP BY (SELECT 1 IN (SELECT 1 AS x FROM (SELECT 1 IN (SELECT 1 AS x) FROM (SELECT 1 AS x) AS x) AS x WHERE x))", length=<optimized out>, parser_state=parser_state@entry=0x7fffe43b34f0, is_com_multi=false, is_next_command=<optimized out>) at /test/10.5_opt/sql/sql_parse.cc:8252
      		 
      #27 0x0000555555c94cbe in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x7ffdac000c68, packet=packet@entry=0x7ffdac008319 "SELECT (SELECT 1 FROM (SELECT 1 AS x) AS x) AS x GROUP BY (SELECT 1 IN (SELECT 1 AS x FROM (SELECT 1 IN (SELECT 1 AS x) FROM (SELECT 1 AS x) AS x) AS x WHERE x))", packet_length=packet_length@entry=161, is_com_multi=false, is_next_command=false) at /test/10.5_opt/sql/sql_parse.cc:1891
      		 
      #28 0x0000555555c96dfd in do_command (thd=thd@entry=0x7ffdac000c68)at /test/10.5_opt/sql/sql_parse.cc:1375
      		 
      #29 0x0000555555d9af68 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x555557f5d638, put_in_cache=true)at /test/10.5_opt/sql/sql_connect.cc:1386
      		 
      #30 0x0000555555d9ad63 in handle_one_connection (arg=arg@entry=0x555557f5d638)at /test/10.5_opt/sql/sql_connect.cc:1298
      		 
      #31 0x000055555610320f in pfs_spawn_thread (arg=0x555557f70318)at /test/10.5_opt/storage/perfschema/pfs.cc:2201
      		 
      #32 0x00007fffe6e9ca94 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447
      		 
      #33 0x00007fffe6f29c3c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

      CS 10.6.22 690b2cf776faa2e1a6832077cec2246c86cd00bf (Debug) Build 12/04/2025

      		 
      mariadbd: /test/10.6_dbg/sql/sql_select.cc:4660: bool JOIN::save_explain_data(Explain_query *, bool, bool, bool, bool): Assertion `select_lex->select_number == FAKE_SELECT_LEX_ID || !output || !output->get_select(select_lex->select_number) || output->get_select(select_lex->select_number)->select_lex == select_lex' failed.

      CS 10.6.22 690b2cf776faa2e1a6832077cec2246c86cd00bf (Debug) Build 12/04/2025

      		 
      Core was generated by `/test/MD120425-mariadb-10.6.22-linux-x86_64-dbg/bin/mariadbd --no-defaults --ma'.
      		 
      Program terminated with signal SIGABRT, Aborted.
      		 
      #0  __pthread_kill_implementation (no_tid=0, signo=6, threadid=<optimized out>)at ./nptl/pthread_kill.c:44
      		 
       
      		 
      [Current thread is 1 (LWP 641927)]
      		 
      (gdb) bt
      		 
      #0  __pthread_kill_implementation (no_tid=0, signo=6, threadid=<optimized out>)at ./nptl/pthread_kill.c:44
      		 
      #1  __pthread_kill_internal (signo=6, threadid=<optimized out>)at ./nptl/pthread_kill.c:78
      		 
      #2  __GI___pthread_kill (threadid=<optimized out>, signo=signo@entry=6)at ./nptl/pthread_kill.c:89
      		 
      #3  0x00007fffe6e4526e in __GI_raise (sig=sig@entry=6)at ../sysdeps/posix/raise.c:26
      		 
      #4  0x00007fffe6e288ff in __GI_abort () at ./stdlib/abort.c:79
      		 
      #5  0x00007fffe6e2881b in __assert_fail_base (fmt=0x7fffe6fd01e8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x555556e51e87 "select_lex->select_number == FAKE_SELECT_LEX_ID || !output || !output->get_select(select_lex->select_number) || output->get_select(select_lex->select_number)->select_lex == select_lex", file=file@entry=0x555556e5169b "/test/10.6_dbg/sql/sql_select.cc", line=line@entry=4660, function=function@entry=0x555556e51f3f "bool JOIN::save_explain_data(Explain_query *, bool, bool, bool, bool)") at ./assert/assert.c:94
      		 
      #6  0x00007fffe6e3b507 in __assert_fail (assertion=0x555556e51e87 "select_lex->select_number == FAKE_SELECT_LEX_ID || !output || !output->get_select(select_lex->select_number) || output->get_select(select_lex->select_number)->select_lex == select_lex", file=0x555556e5169b "/test/10.6_dbg/sql/sql_select.cc", line=4660, function=0x555556e51f3f "bool JOIN::save_explain_data(Explain_query *, bool, bool, bool, bool)") at ./assert/assert.c:103
      		 
      #7  0x0000555555f1fc3d in JOIN::save_explain_data (this=0x7ffed823ec70, output=0x7ffed8020358, can_overwrite=false, need_tmp_table=false, need_order=false, distinct=false) at /test/10.6_dbg/sql/sql_select.cc:4657
      		 
      #8  0x0000555555f1f816 in JOIN::build_explain (this=0x7ffed823ec70)at /test/10.6_dbg/sql/sql_select.cc:1868
      		 
      #9  0x0000555555f200e0 in JOIN::optimize (this=0x7ffed823ec70)at /test/10.6_dbg/sql/sql_select.cc:1933
      		 
      #10 0x0000555556395325 in subselect_single_select_engine::exec (this=0x7ffed8015f50) at /test/10.6_dbg/sql/item_subselect.cc:4054
      		 
      #11 0x00005555563863dd in Item_subselect::exec (this=0x7ffed8015dc8)at /test/10.6_dbg/sql/item_subselect.cc:816
      		 
      #12 0x00005555563887ab in Item_singlerow_subselect::val_int (this=0x7ffed8015dc8) at /test/10.6_dbg/sql/item_subselect.cc:1479
      		 
      #13 0x00005555562b4f97 in Item_direct_ref::val_int (this=0x7ffed80243b0)at /test/10.6_dbg/sql/item.cc:8900
      		 
      #14 0x00005555562b4f97 in Item_direct_ref::val_int (this=0x7ffed80266d0)at /test/10.6_dbg/sql/item.cc:8900
      		 
      #15 0x00005555562ce003 in Arg_comparator::compare_int_signed (this=0x7ffed823eb00) at /test/10.6_dbg/sql/item_cmpfunc.cc:993
      		 
      #16 0x00005555562e7c8f in Arg_comparator::compare (this=0x7ffed823eb00)at /test/10.6_dbg/sql/item_cmpfunc.h:117
      		 
      #17 0x00005555562d1471 in Item_func_ne::val_bool (this=0x7ffed823ea50)at /test/10.6_dbg/sql/item_cmpfunc.cc:1885
      		 
      #18 0x0000555555f3bc1a in JOIN::exec_inner (this=0x7ffed8022490)at /test/10.6_dbg/sql/sql_select.cc:4799
      		 
      #19 0x0000555555f3b57e in JOIN::exec (this=0x7ffed8022490)at /test/10.6_dbg/sql/sql_select.cc:4717
      		 
      #20 0x0000555555f181d1 in mysql_select (thd=0x7ffed8000d58, tables=0x0, fields=@0x7ffed80182e0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x7ffed8018578, last = 0x7ffed8018578, elements = 1}, <No data fields>}, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2201171004160, result=0x7ffed80223a8, unit=0x7ffed80185a0, select_lex=0x7ffed8018020) at /test/10.6_dbg/sql/sql_select.cc:5196
      		 
      #21 0x0000555555e69123 in mysql_derived_fill (thd=0x7ffed8000d58, lex=0x7ffed8004e70, derived=0x7ffed8018e00)at /test/10.6_dbg/sql/sql_derived.cc:1291
      		 
      #22 0x0000555555e67d19 in mysql_derived_optimize (thd=0x7ffed8000d58, lex=0x7ffed8004e70, derived=0x7ffed8018e00)at /test/10.6_dbg/sql/sql_derived.cc:1065
      		 
      #23 0x0000555555e69836 in mysql_handle_single_derived (lex=0x7ffed8004e70, derived=0x7ffed8018e00, phases=4) at /test/10.6_dbg/sql/sql_derived.cc:200
      		 
      #24 0x0000555555f2419f in JOIN::optimize_inner (this=0x7ffed8021df0)at /test/10.6_dbg/sql/sql_select.cc:2429
      		 
      #25 0x0000555555f20099 in JOIN::optimize (this=0x7ffed8021df0)at /test/10.6_dbg/sql/sql_select.cc:1927
      		 
      #26 0x0000555555e90fbe in st_select_lex::optimize_unflattened_subqueries (this=0x7ffed8013670, const_only=false)at /test/10.6_dbg/sql/sql_lex.cc:5019
      		 
      #27 0x00005555560ed10e in JOIN::optimize_unflattened_subqueries (this=0x7ffed801fda0) at /test/10.6_dbg/sql/opt_subselect.cc:5684
      		 
      #28 0x0000555555f226e4 in JOIN::optimize_stage2 (this=0x7ffed801fda0)at /test/10.6_dbg/sql/sql_select.cc:3460
      		 
      #29 0x0000555555f24c86 in JOIN::optimize_inner (this=0x7ffed801fda0)at /test/10.6_dbg/sql/sql_select.cc:2639
      		 
      #30 0x0000555555f20099 in JOIN::optimize (this=0x7ffed801fda0)at /test/10.6_dbg/sql/sql_select.cc:1927
      		 
      #31 0x0000555555f1811d in mysql_select (thd=0x7ffed8000d58, tables=0x0, fields=@0x7ffed8013930: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x7ffed8015f98, last = 0x7ffed8015f98, elements = 1}, <No data fields>}, conds=0x0, og_num=1, order=0x0, group=0x7ffed801f448, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7ffed801fd78, unit=0x7ffed8004f38, select_lex=0x7ffed8013670)at /test/10.6_dbg/sql/sql_select.cc:5182
      		 
      #32 0x0000555555f17c95 in handle_select (thd=0x7ffed8000d58, lex=0x7ffed8004e70, result=0x7ffed801fd78, setup_tables_done_option=0)at /test/10.6_dbg/sql/sql_select.cc:573
      		 
      #33 0x0000555555ed974d in execute_sqlcom_select (thd=0x7ffed8000d58, all_tables=0x7ffed8014e80) at /test/10.6_dbg/sql/sql_parse.cc:6422
      		 
      #34 0x0000555555ecd23d in mysql_execute_command (thd=0x7ffed8000d58, is_called_from_prepared_stmt=false) at /test/10.6_dbg/sql/sql_parse.cc:4013
      		 
      #35 0x0000555555ec5414 in mysql_parse (thd=0x7ffed8000d58, rawbuf=0x7ffed80134d0 "SELECT (SELECT 1 FROM (SELECT 1 AS x) AS x) AS x GROUP BY (SELECT 1 IN (SELECT 1 AS x FROM (SELECT 1 IN (SELECT 1 AS x) FROM (SELECT 1 AS x) AS x) AS x WHERE x))", length=161, parser_state=0x7fffe4aa2a48)at /test/10.6_dbg/sql/sql_parse.cc:8209
      		 
      #36 0x0000555555ec28d4 in dispatch_command (command=COM_QUERY, thd=0x7ffed8000d58, packet=0x7ffed800ade9 "SELECT (SELECT 1 FROM (SELECT 1 AS x) AS x) AS x GROUP BY (SELECT 1 IN (SELECT 1 AS x FROM (SELECT 1 IN (SELECT 1 AS x) FROM (SELECT 1 AS x) AS x) AS x WHERE x))", packet_length=161, blocking=true)at /test/10.6_dbg/sql/sql_parse.cc:1908
      		 
      #37 0x0000555555ec5fc3 in do_command (thd=0x7ffed8000d58, blocking=true)at /test/10.6_dbg/sql/sql_parse.cc:1421
      		 
      #38 0x00005555560823e9 in do_handle_one_connection (connect=0x5555583e1978, put_in_cache=true) at /test/10.6_dbg/sql/sql_connect.cc:1386
      		 
      #39 0x0000555556082182 in handle_one_connection (arg=0x5555584a7fc8)at /test/10.6_dbg/sql/sql_connect.cc:1298
      		 
      #40 0x00007fffe6e9ca94 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447
      		 
      #41 0x00007fffe6f29c3c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

      CS 11.4.6 4a701e8ce4a178faf955641caf59fc13fcc718e9 (Debug) Build 12/04/2025

      		 
      mariadbd: /test/11.4_dbg/sql/sql_select.cc:4780: bool JOIN::save_explain_data(Explain_query *, bool, bool, bool, bool): Assertion `select_lex->select_number == (2147483647 *2U +1U) || !output || !output->get_select(select_lex->select_number) || output->get_select(select_lex->select_number)->select_lex == select_lex' failed.

      CS 11.4.6 4a701e8ce4a178faf955641caf59fc13fcc718e9 (Debug) Build 12/04/2025

      		 
      Core was generated by `/test/MD120425-mariadb-11.4.6-linux-x86_64-dbg/bin/mariadbd --no-defaults --max'.
      		 
      Program terminated with signal SIGABRT, Aborted.
      		 
      Download failed: Invalid argument.  Continuing without source file ./nptl/./nptl/pthread_kill.c.
      		 
      #0  __pthread_kill_implementation (no_tid=0, signo=6, threadid=<optimized out>)at ./nptl/pthread_kill.c:44
      		 
       
      		 
      [Current thread is 1 (LWP 642310)]
      		 
      (gdb) bt
      		 
      #0  __pthread_kill_implementation (no_tid=0, signo=6, threadid=<optimized out>)at ./nptl/pthread_kill.c:44
      		 
      #1  __pthread_kill_internal (signo=6, threadid=<optimized out>)at ./nptl/pthread_kill.c:78
      		 
      #2  __GI___pthread_kill (threadid=<optimized out>, signo=signo@entry=6)at ./nptl/pthread_kill.c:89
      		 
      #3  0x00007fffe6e4526e in __GI_raise (sig=sig@entry=6)at ../sysdeps/posix/raise.c:26
      		 
      #4  0x00007fffe6e288ff in __GI_abort () at ./stdlib/abort.c:79
      		 
      #5  0x00007fffe6e2881b in __assert_fail_base (fmt=0x7fffe6fd01e8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x555556f8a90a "select_lex->select_number == (2147483647 *2U +1U) || !output || !output->get_select(select_lex->select_number) || output->get_select(select_lex->select_number)->select_lex == select_lex", file=file@entry=0x555556f8a01b "/test/11.4_dbg/sql/sql_select.cc", line=line@entry=4780, function=function@entry=0x555556f8a9c4 "bool JOIN::save_explain_data(Explain_query *, bool, bool, bool, bool)") at ./assert/assert.c:94
      		 
      #6  0x00007fffe6e3b507 in __assert_fail (assertion=0x555556f8a90a "select_lex->select_number == (2147483647 *2U +1U) || !output || !output->get_select(select_lex->select_number) || output->get_select(select_lex->select_number)->select_lex == select_lex", file=0x555556f8a01b "/test/11.4_dbg/sql/sql_select.cc", line=4780, function=0x555556f8a9c4 "bool JOIN::save_explain_data(Explain_query *, bool, bool, bool, bool)") at ./assert/assert.c:103
      		 
      #7  0x0000555555ffb62d in JOIN::save_explain_data (this=0x7ffe94242758, output=0x7ffe94023610, can_overwrite=false, need_tmp_table=false, need_order=false, distinct=false) at /test/11.4_dbg/sql/sql_select.cc:4777
      		 
      #8  0x0000555555ffb206 in JOIN::build_explain (this=0x7ffe94242758)at /test/11.4_dbg/sql/sql_select.cc:1940
      		 
      #9  0x0000555555ffbb6f in JOIN::optimize (this=0x7ffe94242758)at /test/11.4_dbg/sql/sql_select.cc:2009
      		 
      #10 0x00005555564dce19 in subselect_single_select_engine::exec (this=0x7ffe9401c6f8) at /test/11.4_dbg/sql/item_subselect.cc:4118
      		 
      #11 0x00005555564cda5d in Item_subselect::exec (this=0x7ffe9401c568)at /test/11.4_dbg/sql/item_subselect.cc:817
      		 
      #12 0x00005555564cfe5b in Item_singlerow_subselect::val_int (this=0x7ffe9401c568) at /test/11.4_dbg/sql/item_subselect.cc:1486
      		 
      #13 0x00005555563d5e47 in Item_direct_ref::val_int (this=0x7ffe94027a08)at /test/11.4_dbg/sql/item.cc:8958
      		 
      #14 0x00005555563d5e47 in Item_direct_ref::val_int (this=0x7ffe94242390)at /test/11.4_dbg/sql/item.cc:8958
      		 
      #15 0x00005555563ef113 in Arg_comparator::compare_int_signed (this=0x7ffe942425e8) at /test/11.4_dbg/sql/item_cmpfunc.cc:1032
      		 
      #16 0x0000555556408ccf in Arg_comparator::compare (this=0x7ffe942425e8)at /test/11.4_dbg/sql/item_cmpfunc.h:118
      		 
      #17 0x00005555563f2571 in Item_func_ne::val_bool (this=0x7ffe94242530)at /test/11.4_dbg/sql/item_cmpfunc.cc:1919
      		 
      #18 0x0000555556018fde in JOIN::exec_inner (this=0x7ffe94025948)at /test/11.4_dbg/sql/sql_select.cc:4920
      		 
      #19 0x000055555601892e in JOIN::exec (this=0x7ffe94025948)at /test/11.4_dbg/sql/sql_select.cc:4838
      		 
      #20 0x0000555555ff3b7d in mysql_select (thd=0x7ffe94000d58, tables=0x0, fields=@0x7ffe9401eaa0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x7ffe9401ed40, last = 0x7ffe9401ed40, elements = 1}, <No data fields>}, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2201187781376, result=0x7ffe94025858, unit=0x7ffe9401ed68, select_lex=0x7ffe9401e7e8) at /test/11.4_dbg/sql/sql_select.cc:5368
      		 
      #21 0x0000555555f2b70d in mysql_derived_fill (thd=0x7ffe94000d58, lex=0x7ffe94004f20, derived=0x7ffe9401f5e0)at /test/11.4_dbg/sql/sql_derived.cc:1283
      		 
      #22 0x0000555555f2a32f in mysql_derived_optimize (thd=0x7ffe94000d58, lex=0x7ffe94004f20, derived=0x7ffe9401f5e0)at /test/11.4_dbg/sql/sql_derived.cc:1057
      		 
      #23 0x0000555555f2be26 in mysql_handle_single_derived (lex=0x7ffe94004f20, derived=0x7ffe9401f5e0, phases=4) at /test/11.4_dbg/sql/sql_derived.cc:200
      		 
      #24 0x0000555555fffd87 in JOIN::optimize_inner (this=0x7ffe94025260)at /test/11.4_dbg/sql/sql_select.cc:2524
      		 
      #25 0x0000555555ffbb28 in JOIN::optimize (this=0x7ffe94025260)at /test/11.4_dbg/sql/sql_select.cc:2003
      		 
      #26 0x0000555555f52eae in st_select_lex::optimize_unflattened_subqueries (this=0x7ffe94019de0, const_only=false)at /test/11.4_dbg/sql/sql_lex.cc:5006
      		 
      #27 0x00005555561dfc0e in JOIN::optimize_unflattened_subqueries (this=0x7ffe94023018) at /test/11.4_dbg/sql/opt_subselect.cc:5874
      		 
      #28 0x0000555555ffe1b3 in JOIN::optimize_stage2 (this=0x7ffe94023018)at /test/11.4_dbg/sql/sql_select.cc:3559
      		 
      #29 0x000055555600086e in JOIN::optimize_inner (this=0x7ffe94023018)at /test/11.4_dbg/sql/sql_select.cc:2734
      		 
      #30 0x0000555555ffbb28 in JOIN::optimize (this=0x7ffe94023018)at /test/11.4_dbg/sql/sql_select.cc:2003
      		 
      #31 0x0000555555ff3ac9 in mysql_select (thd=0x7ffe94000d58, tables=0x0, fields=@0x7ffe9401a098: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x7ffe9401c740, last = 0x7ffe9401c740, elements = 1}, <No data fields>}, conds=0x0, og_num=1, order=0x0, group=0x7ffe940226a0, having=0x0, proc_param=0x0, select_options=2164525824, result=0x7ffe94022ff0, unit=0x7ffe94005000, select_lex=0x7ffe94019de0)at /test/11.4_dbg/sql/sql_select.cc:5354
      		 
      #32 0x0000555555ff3605 in handle_select (thd=0x7ffe94000d58, lex=0x7ffe94004f20, result=0x7ffe94022ff0, setup_tables_done_option=0)at /test/11.4_dbg/sql/sql_select.cc:642
      		 
      #33 0x0000555555f9b651 in execute_sqlcom_select (thd=0x7ffe94000d58, all_tables=0x7ffe9401b600) at /test/11.4_dbg/sql/sql_parse.cc:6183
      		 
      #34 0x0000555555f905e0 in mysql_execute_command (thd=0x7ffe94000d58, is_called_from_prepared_stmt=false) at /test/11.4_dbg/sql/sql_parse.cc:3975
      		 
      #35 0x0000555555f88744 in mysql_parse (thd=0x7ffe94000d58, rawbuf=0x7ffe94019c40 "SELECT (SELECT 1 FROM (SELECT 1 AS x) AS x) AS x GROUP BY (SELECT 1 IN (SELECT 1 AS x FROM (SELECT 1 IN (SELECT 1 AS x) FROM (SELECT 1 AS x) AS x) AS x WHERE x))", length=161, parser_state=0x7fffe04b8a30)at /test/11.4_dbg/sql/sql_parse.cc:7907
      		 
      #36 0x0000555555f85bf4 in dispatch_command (command=COM_QUERY, thd=0x7ffe94000d58, packet=0x7ffe9400afd9 "SELECT (SELECT 1 FROM (SELECT 1 AS x) AS x) AS x GROUP BY (SELECT 1 IN (SELECT 1 AS x FROM (SELECT 1 IN (SELECT 1 AS x) FROM (SELECT 1 AS x) AS x) AS x WHERE x))", packet_length=161, blocking=true)at /test/11.4_dbg/sql/sql_parse.cc:1904
      		 
      #37 0x0000555555f892f3 in do_command (thd=0x7ffe94000d58, blocking=true)at /test/11.4_dbg/sql/sql_parse.cc:1417
      		 
      #38 0x000055555616b619 in do_handle_one_connection (connect=0x5555590a6228, put_in_cache=true) at /test/11.4_dbg/sql/sql_connect.cc:1408
      		 
      #39 0x000055555616b3b2 in handle_one_connection (arg=0x555559109cd8)at /test/11.4_dbg/sql/sql_connect.cc:1320
      		 
      #40 0x00007fffe6e9ca94 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447
      		 
      #41 0x00007fffe6f29c3c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

      Bug Detection Matrix

      		 
          Rel    o/d  Build   Commit                                    UniqueID observed             
      CS  10.5   dbg  120425  e6ea5d568c0fb972a391a8c64716846ddb7c57ef  select_lex->select_number == (2147483647 *2U +1U) || select_lex->select_number == 2147483647 || !output || !output->get_select(select_lex->select_number) || output->get_select(select_lex->select_number)->select_lex == select_lex|SIGABRT|JOIN::save_explain_data|JOIN::build_explain|JOIN::optimize|subselect_single_select_engine::exec
      		 
      CS  10.5   opt  120425  e6ea5d568c0fb972a391a8c64716846ddb7c57ef  SIGSEGV|Time_and_counter_tracker::incr_loops|JOIN::exec|subselect_single_select_engine::exec|Item_subselect::exec
      		 
      CS  10.6   dbg  120425  690b2cf776faa2e1a6832077cec2246c86cd00bf  select_lex->select_number == FAKE_SELECT_LEX_ID || !output || !output->get_select(select_lex->select_number) || output->get_select(select_lex->select_number)->select_lex == select_lex|SIGABRT|JOIN::save_explain_data|JOIN::build_explain|JOIN::optimize|subselect_single_select_engine::exec
      		 
      CS  10.6   opt  120425  690b2cf776faa2e1a6832077cec2246c86cd00bf  SIGSEGV|Time_and_counter_tracker::incr_loops|JOIN::exec|subselect_single_select_engine::exec|Item_subselect::exec
      		 
      CS  10.11  dbg  120425  acd071f599f416ddb4821dec485c4d912844213f  select_lex->select_number == (2147483647 *2U +1U) || !output || !output->get_select(select_lex->select_number) || output->get_select(select_lex->select_number)->select_lex == select_lex|SIGABRT|JOIN::save_explain_data|JOIN::build_explain|JOIN::optimize|subselect_single_select_engine::exec
      		 
      CS  10.11  opt  120425  acd071f599f416ddb4821dec485c4d912844213f  SIGSEGV|Time_and_counter_tracker::incr_loops|JOIN::exec|subselect_single_select_engine::exec|Item_subselect::exec
      		 
      CS  11.4   dbg  120425  4a701e8ce4a178faf955641caf59fc13fcc718e9  select_lex->select_number == (2147483647 *2U +1U) || !output || !output->get_select(select_lex->select_number) || output->get_select(select_lex->select_number)->select_lex == select_lex|SIGABRT|JOIN::save_explain_data|JOIN::build_explain|JOIN::optimize|subselect_single_select_engine::exec
      		 
      CS  11.4   opt  120425  4a701e8ce4a178faf955641caf59fc13fcc718e9  SIGSEGV|Time_and_counter_tracker::incr_loops|JOIN::exec|subselect_single_select_engine::exec|Item_subselect::exec
      		 
      CS  11.8   dbg  030525  865b05bf4acf10e0d4b3359019ed7b2efe0be81d  select_lex->select_number == (2147483647 *2U +1U) || !output || !output->get_select(select_lex->select_number) || output->get_select(select_lex->select_number)->select_lex == select_lex|SIGABRT|JOIN::save_explain_data|JOIN::build_explain|JOIN::optimize|subselect_single_select_engine::exec
      		 
      CS  11.8   dbg  120425  db5bb6f3339be5a49c0f397eb80a0f259f73f447  select_lex->select_number == (2147483647 *2U +1U) || !output || !output->get_select(select_lex->select_number) || output->get_select(select_lex->select_number)->select_lex == select_lex|SIGABRT|JOIN::save_explain_data|JOIN::build_explain|JOIN::optimize|subselect_single_select_engine::exec
      		 
      CS  11.8   opt  120425  db5bb6f3339be5a49c0f397eb80a0f259f73f447  SIGSEGV|Time_and_counter_tracker::incr_loops|JOIN::exec|subselect_single_select_engine::exec|Item_subselect::exec
      		 
      CS  12.0   dbg  120425  22efc2c784e1b7199fb5804e6330168277ea7dce  select_lex->select_number == (2147483647 *2U +1U) || !output || !output->get_select(select_lex->select_number) || output->get_select(select_lex->select_number)->select_lex == select_lex|SIGABRT|JOIN::save_explain_data|JOIN::build_explain|JOIN::optimize|subselect_single_select_engine::exec
      		 
      CS  12.0   opt  120425  22efc2c784e1b7199fb5804e6330168277ea7dce  SIGSEGV|Time_and_counter_tracker::incr_loops|JOIN::exec|subselect_single_select_engine::exec|Item_subselect::exec
      		 
      ES  10.5   dbg  210425  0d368ec0042a81d9549fc939fb742f82350b20ab  select_lex->select_number == (2147483647 *2U +1U) || select_lex->select_number == 2147483647 || !output || !output->get_select(select_lex->select_number) || output->get_select(select_lex->select_number)->select_lex == select_lex|SIGABRT|JOIN::save_explain_data|JOIN::build_explain|JOIN::optimize|subselect_single_select_engine::exec
      		 
      ES  10.5   opt  210425  0d368ec0042a81d9549fc939fb742f82350b20ab  SIGSEGV|Time_and_counter_tracker::incr_loops|JOIN::exec|subselect_single_select_engine::exec|Item_subselect::exec
      		 
      ES  10.6   dbg  210425  74602d1b054ba6c9ee20af79d6e7807440a7a98e  select_lex->select_number == FAKE_SELECT_LEX_ID || !output || !output->get_select(select_lex->select_number) || output->get_select(select_lex->select_number)->select_lex == select_lex|SIGABRT|JOIN::save_explain_data|JOIN::build_explain|JOIN::optimize|subselect_single_select_engine::exec
      		 
      ES  10.6   opt  210425  74602d1b054ba6c9ee20af79d6e7807440a7a98e  SIGSEGV|Time_and_counter_tracker::incr_loops|JOIN::exec|subselect_single_select_engine::exec|Item_subselect::exec
      		 
      ES  11.4   dbg  210425  9cd12544ebfd0d52d2158af66b5aced58121cf1f  select_lex->select_number == (2147483647 *2U +1U) || !output || !output->get_select(select_lex->select_number) || output->get_select(select_lex->select_number)->select_lex == select_lex|SIGABRT|JOIN::save_explain_data|JOIN::build_explain|JOIN::optimize|subselect_single_select_engine::exec
      		 
      ES  11.4   opt  210425  9cd12544ebfd0d52d2158af66b5aced58121cf1f  SIGSEGV|Time_and_counter_tracker::incr_loops|JOIN::exec|subselect_single_select_engine::exec|Item_subselect::exec
      		 
      MS  5.5    dbg  070123  bac287c315b1792e7ae33f91add6a60292f9bae8  No bug found                  
      MS  5.5    opt  070123  bac287c315b1792e7ae33f91add6a60292f9bae8  No bug found                  
      MS  5.6    dbg  070123  dab95781a1244104d6b87020ac2fc4d190ba2946  No bug found                  
      MS  5.6    opt  070123  dab95781a1244104d6b87020ac2fc4d190ba2946  No bug found                  
      MS  5.7    dbg  060224  f7680e98b6bbe3500399fbad465d08a6b75d7a5c  No bug found                  
      MS  5.7    opt  060224  f7680e98b6bbe3500399fbad465d08a6b75d7a5c  No bug found                  
      MS  8.0    dbg  060224  49ef33f7edadef3ae04665e73d1babd40179a4f1  No bug found                  
      MS  8.0    opt  060224  49ef33f7edadef3ae04665e73d1babd40179a4f1  No bug found                  
      MS  9.1    dbg  211024  61a3a1d8ef15512396b4c2af46e922a19bf2b174  No bug found                  
      MS  9.1    opt  211024  61a3a1d8ef15512396b4c2af46e922a19bf2b174  No bug found

      Testcase is MTR and CLI compatible. Note the different assertions.

      Attachments

        Activity

          People

            psergei Sergei Petrunia
            Roel Roel Van de Paar
            Votes:
            1 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.