Details
-
Bug
-
Status: Open (View Workflow)
-
Critical
-
Resolution: Unresolved
-
11.4, 11.8, 12.1, 12.2
-
Can result in hang or crash
Description
SET optimizer_max_sel_arg_weight=1; |
SET optimizer_trace=1; |
SELECT * FROM sys.privileges_by_table_by_level; |
Leads to:
|
CS 12.1.2 033471a367b4c60b7262e64f43f46b02e95b9d74 (Optimized, Clang) Build 13/08/2025 |
Core was generated by `/test/MD130825-mariadb-12.1.2-linux-x86_64-opt/bin/mariadbd --no-defaults --max'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 Json_writer_object::add (this=this@entry=0x73bfabcab7f8, name=<optimized out>, value=...) at /test/12.1_opt/sql/my_json_writer.h:536
|
 |
[Current thread is 1 (LWP 74707)]
|
(gdb) bt
|
#0 Json_writer_object::add (this=this@entry=0x73bfabcab7f8, name=<optimized out>, value=<error reading variable: Cannot access memory at address 0x2020202020202050>) at /test/12.1_opt/sql/my_json_writer.h:536
|
#1 0x00006259b97e8322 in sel_arg_and_weight_heuristic (param=<optimized out>, key1=key1@entry=0x73a888073028, key2=key2@entry=0x73a8880835e0)at /test/12.1_opt/sql/opt_range.cc:11733
|
#2 0x00006259b97e7bbf in key_and (param=0x73a888015d6c, param@entry=0x73bfabcabb90, key1=key1@entry=0x73a888073028, key2=key2@entry=0x73a8880835e0, clone_flag=clone_flag@entry=0)at /test/12.1_opt/sql/opt_range.cc:10618
|
#3 0x00006259b97cd453 in key_and_with_limit (param=0x73bfabcabb90, keyno=0, key1=0x73a888073028, key2=0x73a8880835e0, clone_flag=0)at /test/12.1_opt/sql/opt_range.cc:10816
|
#4 and_range_trees (param=0x73bfabcabb90, tree1=0x73a888072fa8, tree2=0x73a888083568, result=0x73a888072fa8)at /test/12.1_opt/sql/opt_range.cc:9897
|
#5 0x00006259b97d2046 in tree_and (param=param@entry=0x73bfabcabb90, tree1=tree1@entry=0x73a888072fa8, tree2=<optimized out>)at /test/12.1_opt/sql/opt_range.cc:10010
|
#6 0x00006259b97dd795 in Item_cond_and::get_mm_tree (this=<optimized out>, param=0x73bfabcabb90, cond_ptr=<optimized out>)at /test/12.1_opt/sql/opt_range.cc:8778
|
#7 0x00006259b97dd75c in Item_cond_and::get_mm_tree (this=<optimized out>, param=0x73bfabcabb90, cond_ptr=<optimized out>)at /test/12.1_opt/sql/opt_range.cc:8775
|
#8 0x00006259b97d143a in SQL_SELECT::test_quick_select (this=0x73a88809b490, thd=0x73a888000c68, keys_to_use=<optimized out>, prev_tables=<optimized out>, limit=18446744073709551615, force_quick_range=false, ordered_output=<optimized out>, remove_false_parts_of_where=<optimized out>, only_single_index_range_scan=<optimized out>, note_unusable_keys=Item_func::BITMAP_ALL)at /test/12.1_opt/sql/opt_range.cc:2943
|
#9 0x00006259b99083f4 in make_join_select (join=join@entry=0x73a88805a6a8, select=0x73a888090648, cond=0x73a88805d8c8)at /test/12.1_opt/sql/sql_select.cc:14767
|
#10 0x00006259b98fe417 in JOIN::optimize_stage2 (this=this@entry=0x73a88805a6a8) at /test/12.1_opt/sql/sql_select.cc:3036
|
#11 0x00006259b990018a in JOIN::optimize_inner (this=this@entry=0x73a88805a6a8)at /test/12.1_opt/sql/sql_select.cc:2769
|
#12 0x00006259b98fd974 in JOIN::optimize (this=0x73a88805a6a8)at /test/12.1_opt/sql/sql_select.cc:2023
|
#13 0x00006259b987d675 in mysql_derived_optimize (thd=0x73a888000c68, lex=0x73a888004fb0, derived=0x73a888017dc0)at /test/12.1_opt/sql/sql_derived.cc:1045
|
#14 0x00006259b987e7a0 in mysql_handle_single_derived (lex=0x73a888004fb0, derived=derived@entry=0x73a888017dc0, phases=phases@entry=4)at /test/12.1_opt/sql/sql_derived.cc:200
|
#15 0x00006259b98ffcfd in JOIN::optimize_inner (this=this@entry=0x73a888056608)at /test/12.1_opt/sql/sql_select.cc:2566
|
#16 0x00006259b98fd974 in JOIN::optimize (this=this@entry=0x73a888056608)at /test/12.1_opt/sql/sql_select.cc:2023
|
#17 0x00006259b98f78f2 in mysql_select (thd=thd@entry=0x73a888000c68, tables=<optimized out>, fields=@0x73a8880179f0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x73a888017d38, last = 0x73a88805c3f8, elements = 5}, <No data fields>}, conds=<optimized out>, og_num=<optimized out>, order=<optimized out>, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x73a8880565e0, unit=0x73a888005090, select_lex=0x73a888017738)at /test/12.1_opt/sql/sql_select.cc:5388
|
#18 0x00006259b98f7619 in handle_select (thd=thd@entry=0x73a888000c68, lex=lex@entry=0x73a888004fb0, result=result@entry=0x73a8880565e0, setup_tables_done_option=setup_tables_done_option@entry=0)at /test/12.1_opt/sql/sql_select.cc:634
|
#19 0x00006259b98c4ab7 in execute_sqlcom_select (thd=thd@entry=0x73a888000c68, all_tables=0x73a888017dc0) at /test/12.1_opt/sql/sql_parse.cc:6167
|
#20 0x00006259b98c35d1 in mysql_execute_command (thd=thd@entry=0x73a888000c68, is_called_from_prepared_stmt=false) at /test/12.1_opt/sql/sql_parse.cc:3950
|
#21 0x00006259b98bba21 in mysql_parse (thd=thd@entry=0x73a888000c68, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x73bfabcad420)at /test/12.1_opt/sql/sql_parse.cc:7883
|
#22 0x00006259b98b9f3f in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x73a888000c68, packet=packet@entry=0x73a8880089f9 "SELECT * FROM sys.privileges_by_table_by_level", packet_length=packet_length@entry=46, blocking=true)at /test/12.1_opt/sql/sql_parse.cc:1878
|
#23 0x00006259b98bbe31 in do_command (thd=thd@entry=0x73a888000c68, blocking=true) at /test/12.1_opt/sql/sql_parse.cc:1417
|
#24 0x00006259b99e8d0d in do_handle_one_connection (connect=<optimized out>, connect@entry=0x6259efaeda38, put_in_cache=true)at /test/12.1_opt/sql/sql_connect.cc:1414
|
#25 0x00006259b99e8acf in handle_one_connection (arg=arg@entry=0x6259efaeda38)at /test/12.1_opt/sql/sql_connect.cc:1326
|
#26 0x00006259b9d95f09 in pfs_spawn_thread (arg=0x6259efa93968)at /test/12.1_opt/storage/perfschema/pfs.cc:2198
|
#27 0x000073c391a9caa4 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447
|
#28 0x000073c391b29c3c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
|
Bug Detection Matrix |
Rel o/d Build Commit UniqueID observed
|
CS 10.6 dbg 040825 317f099ca56130a14a45b7250996c207cc95d461 No bug found
|
CS 10.6 opt 040825 317f099ca56130a14a45b7250996c207cc95d461 No bug found
|
CS 10.11 dbg 130825 e46c9a01529687401b0f82b1427855535d38c0c0 No bug found
|
CS 10.11 opt 130825 e46c9a01529687401b0f82b1427855535d38c0c0 No bug found
|
CS 11.4 dbg 130825 03b31c0bd99390c1984f19a19f22dd6e77b7692e No bug found
|
CS 11.4 opt 130825 03b31c0bd99390c1984f19a19f22dd6e77b7692e SIGSEGV|Json_writer_object::add|sel_arg_and_weight_heuristic|key_and|key_and_with_limit
|
CS 11.8 dbg 130825 1a446ccc48528e88a3cd6cd1d1ec9e7492d342ca No bug found
|
CS 11.8 opt 130825 1a446ccc48528e88a3cd6cd1d1ec9e7492d342ca SIGSEGV|Json_writer_object::add|sel_arg_and_weight_heuristic|key_and|key_and_with_limit
|
CS 12.1 dbg 130825 033471a367b4c60b7262e64f43f46b02e95b9d74 No bug found
|
CS 12.1 opt 130825 033471a367b4c60b7262e64f43f46b02e95b9d74 SIGSEGV|Json_writer_object::add|sel_arg_and_weight_heuristic|key_and|key_and_with_limit
|
CS 12.2 dbg 130825 e02f4d7e311e214ea62ff2e59599849e229f4165 No bug found
|
CS 12.2 opt 130825 e02f4d7e311e214ea62ff2e59599849e229f4165 SIGSEGV|Json_writer_object::add|sel_arg_and_weight_heuristic|key_and|key_and_with_limit
|
ES 10.5 dbg 040825 70586522eacf09d04d49962072e14325a75d8155 No bug found
|
ES 10.5 opt 040825 70586522eacf09d04d49962072e14325a75d8155 No bug found
|
ES 10.6 dbg 040825 9b794f34b48fb7eee490b6da44edc0f33a947447 No bug found
|
ES 10.6 opt 040825 9b794f34b48fb7eee490b6da44edc0f33a947447 No bug found
|
ES 11.4 dbg 040825 a1c03ccd54b582e75506687ee19b273ca897f261 No bug found
|
ES 11.4 opt 040825 a1c03ccd54b582e75506687ee19b273ca897f261 SIGSEGV|Json_writer_object::add|sel_arg_and_weight_heuristic|key_and|key_and_with_limit
|
No UB/ASAN issues observed.