[MDEV-38668] MariaDB crashes with subquery - Jira

XML

Word

Printable

Details

Type: Bug
Status: Confirmed (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: 10.6, 10.11, 11.4, 11.8, 12.2
Fix Version/s: 10.11, 11.4, 11.8, 12.2
Component/s: Optimizer
Labels:
None

Description

Hi,

I attached a script file which can crash MariaDB. I run the MariaDB with latest Docker.

This is the log:

260126  7:41:15 [ERROR] mariadbd got signal 11 ;

Sorry, we probably made a mistake, and this is a bug.

Your assistance in bug reporting will enable us to fix this for the next release.

To report this bug, see https://mariadb.com/kb/en/reporting-bugs about how to report

a bug on https://jira.mariadb.org/.

Please include the information from the server start above, to the end of the

information below.

Server version: 12.1.2-MariaDB-ubu2404 source revision: 70117463f032d59f8e328335e19b59157d34cf07

The information page at https://mariadb.com/kb/en/how-to-produce-a-full-stack-trace-for-mariadbd/

contains instructions to obtain a better version of the backtrace below.

Following these instructions will help MariaDB developers provide a fix quicker.

Attempting backtrace. Include this in the bug report.

(note: Retrieving this information may fail)

Thread pointer: 0x7fd9c0100268

stack_bottom = 0x7fda6ec7c000 thread_stack 0x49000

Printing to addr2line failed

mariadbd(my_print_stacktrace+0x30)[0x562e29c85660]

mariadbd(handle_fatal_signal+0x223)[0x562e297dfcf3]

/lib/x86_64-linux-gnu/libc.so.6(+0x45330)[0x7fda8c391330]

mariadbd(_ZN10JOIN_CACHE12alloc_bufferEv+0x274)[0x562e29684184]

mariadbd(_ZN10JOIN_CACHE4initEb+0x98)[0x562e296842c8]

mariadbd(_ZN4JOIN27init_join_cache_and_keyreadEv+0x111)[0x562e29553131]

mariadbd(_ZN4JOIN15optimize_stage2Ev+0x133b)[0x562e29512d2b]

mariadbd(_ZN4JOIN14optimize_innerEv+0x1570)[0x562e29515e20]

mariadbd(_ZN4JOIN8optimizeEv+0x103)[0x562e295161d3]

mariadbd(_Z12mysql_selectP3THDP10TABLE_LISTR4ListI4ItemEPS4_jP8st_orderS9_S7_S9_yP13select_resultP18st_select_lex_unitP13st_select_lex+0xcd)[0x562e295162fd]

mariadbd(_Z13handle_selectP3THDP3LEXP13select_resulty+0x17a)[0x562e29516e4a]

mariadbd(+0x887121)[0x562e294b7121]

mariadbd(_Z21mysql_execute_commandP3THDb+0x3957)[0x562e294c2d47]

mariadbd(_Z11mysql_parseP3THDPcjP12Parser_state+0x19a)[0x562e294cc86a]

mariadbd(_Z16dispatch_command19enum_server_commandP3THDPcjb+0x1064)[0x562e294bd664]

mariadbd(_Z10do_commandP3THDb+0x199)[0x562e294beb89]

mariadbd(_Z24do_handle_one_connectionP7CONNECTb+0x6b3)[0x562e2965caa3]

mariadbd(handle_one_connection+0x71)[0x562e2965cee1]

mariadbd(+0xde029e)[0x562e29a1029e]

/lib/x86_64-linux-gnu/libc.so.6(+0x9caa4)[0x7fda8c3e8aa4]

/lib/x86_64-linux-gnu/libc.so.6(__clone+0x44)[0x7fda8c475a64]

Connection ID (thread ID): 106581

Status: NOT_KILLED

Query (0x7fd9c02f15f0): SELECT t1.c0, CAST(1663007423 AS DECIMAL) FROM t0 INNER JOIN t1 ON (('' IN (LENGTHB((((CAST(1812394881 AS DECIMAL) NOT IN (LOCATE(t1.c0, t1.c0))) != ORD(false)) IS FALSE)))) IS NOT NULL) WHERE ((- t0.c0) IN ((SELECT t1.c0 FROM t1 STRAIGHT_JOIN t2 ON CAST(-1947995152 AS DECIMAL)))) GROUP BY t1.c0, CAST(1663007423 AS DECIMAL)

Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,duplicateweedout=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=off,table_elimination=off,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on,not_null_range_scan=off,hash_join_cardinality=on,cset_narrowing=on,sargable_casefold=on

Writing a core file...

Working directory at /var/lib/mysql

Resource Limits (excludes unlimited resources):

Limit                     Soft Limit           Hard Limit           Units

Max stack size            8388608              unlimited            bytes

Max processes             2062276              2062276              processes

Max open files            524288               524288               files

Max locked memory         8388608              8388608              bytes

Max pending signals       2062276              2062276              signals

Max msgqueue size         819200               819200               bytes

Max nice priority         0                    0

Max realtime priority     0                    0

Core pattern: core

Kernel version: Linux version 6.1.10-1-pve (build@proxmox) (gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2) #1 SMP PREEMPT_DYNAMIC PVE 6.1.10-1 (2023-02-07T00:00Z) ()

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

database2o-cur.log
1.93 MB
2026-01-26 13:21

Issue Links

relates to

MDEV-31935 ASAN errors in JOIN_CACHE::alloc_buffer when join_buffer_size cannot be allocated

Closed

Activity

People

Assignee:: Michael Widenius

Reporter:: Chi Zhang

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2026-01-26 13:21

Updated:: 2026-01-27 10:47

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.