Details
-
Bug
-
Status: Open (View Workflow)
-
Major
-
Resolution: Unresolved
-
10.6, 10.11, 11.8, 12.2, 12.3
-
Unexpected results
Description
The issue could not be reproduced using MTR, so please replay through CLI. Sometimes we need to execute the SELECT query multiple times to reproduce the issue
SET NAMES utf8; |
CREATE OR REPLACE TABLE tp1(id INT)ENGINE=ARIA PARTITION BY RANGE (id) (PARTITION p0 VALUES LESS THAN (0),PARTITION p1 VALUES LESS THAN (100)); |
CREATE OR REPLACE TABLE t(a INT,b double precision,primary key(a),index (b)) partition by range (a) partitions 2 (partition x1 values less than (1),partition x2 values less than (100)); |
CREATE OR REPLACE TABLE tp1(id INT)ENGINE=INNODB PARTITION BY RANGE (id) (PARTITION p0 VALUES LESS THAN (0),PARTITION p1 VALUES LESS THAN (100),PARTITION p2 VALUES LESS THAN (200),PARTITION p3 VALUES LESS THAN (300),PARTITION p4 VALUES LESS THAN (400),PARTITION p5 VALUES LESS THAN (500)); |
SELECT MAX(a),a in (SELECT b FROM t) AS bb FROM t; |
SELECT MAX(a),a in (SELECT b FROM t) AS bb FROM t; |
SELECT MAX(a),a in (SELECT b FROM t) AS bb FROM t; |
Leads to:
|
CS 12.2.2 d26a6f44c1f2119377e79a9540886c6d8c01472f (Optimized, UBASAN, Clang 18.1.3-11) Build 12/02/2026 |
/test/12.2_opt_san/sql/item_subselect.h:1053:36: runtime error: load of value 222, which is not a valid value for type 'bool'
|
#0 0x5e679a2a88a3 in subselect_uniquesubquery_engine::no_rows() /test/12.2_opt_san/sql/item_subselect.h:1053:36
|
#1 0x5e679a10d568 in Item_in_optimizer::val_bool() /test/12.2_opt_san/sql/item_cmpfunc.cc:1782:32
|
#2 0x5e6799fd141b in Item_bool_func::val_int() /test/12.2_opt_san/sql/item_cmpfunc.h:245:12
|
#3 0x5e679b83b4d4 in Type_handler::Item_send_long(Item*, Protocol*, st_value*) const /test/12.2_opt_san/sql/sql_type.cc:7637:22
|
#4 0x5e679a68064e in Protocol::send_result_set_row(List<Item>*) /test/12.2_opt_san/sql/protocol.cc:1359:15
|
#5 0x5e679a93bc53 in select_send::send_data(List<Item>&) /test/12.2_opt_san/sql/sql_class.cc:3383:17
|
#6 0x5e679a93a232 in select_result_sink::send_data_with_check(List<Item>&, st_select_lex_unit*, unsigned long long) /test/12.2_opt_san/sql/sql_class.cc:3281:11
|
#7 0x5e679af3443f in return_zero_rows(JOIN*, select_result*, List<TABLE_LIST>*, List<Item>*, bool, unsigned long long, char const*, Item*, List<Item>*) /test/12.2_opt_san/sql/sql_select.cc:17972:27
|
#8 0x5e679af3443f in JOIN::exec_inner() /test/12.2_opt_san/sql/sql_select.cc:5055:14
|
#9 0x5e679af32080 in JOIN::exec() /test/12.2_opt_san/sql/sql_select.cc:4918:8
|
#10 0x5e679aead606 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/12.2_opt_san/sql/sql_select.cc:5444:21
|
#11 0x5e679aeab810 in handle_select(THD*, LEX*, select_result*, unsigned long long) /test/12.2_opt_san/sql/sql_select.cc:636:10
|
#12 0x5e679ad85d60 in execute_sqlcom_select(THD*, TABLE_LIST*) /test/12.2_opt_san/sql/sql_parse.cc:6203:12
|
#13 0x5e679ad66440 in mysql_execute_command(THD*, bool) /test/12.2_opt_san/sql/sql_parse.cc:3985:12
|
#14 0x5e679ad48370 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/12.2_opt_san/sql/sql_parse.cc:7925:18
|
#15 0x5e679ad3f6b5 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/12.2_opt_san/sql/sql_parse.cc:1896:7
|
#16 0x5e679ad4a636 in do_command(THD*, bool) /test/12.2_opt_san/sql/sql_parse.cc:1432:17
|
#17 0x5e679b4b179c in do_handle_one_connection(CONNECT*, bool) /test/12.2_opt_san/sql/sql_connect.cc:1503:11
|
#18 0x5e679b4b0ff6 in handle_one_connection /test/12.2_opt_san/sql/sql_connect.cc:1415:5
|
#19 0x5e6799b969cc in asan_thread_start(void*) crtstuff.c
|
#20 0x7a474ea9caa3 in start_thread nptl/pthread_create.c:447:8
|
#21 0x7a474eb29c6b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
 |
SUMMARY: UndefinedBehaviorSanitizer: invalid-bool-load /test/12.2_opt_san/sql/item_subselect.h:1053:36
|
Setup:
Compiled with a recent version of Clang and LLVM. Ubuntu instructions for Clang/LLVM 18:
|
# Note: It is strongly recommended to uninstall all old Clang & LLVM packages (ref dpkg --list | grep -iE 'clang|llvm' and use apt purge and dpkg --purge to remove the packages), before installing Clang/LLVM 18
|
sudo apt install clang llvm-18 llvm-18-linker-tools llvm-18-runtime llvm-18-tools llvm-18-dev libstdc++-14-dev llvm-dev lld-18
|
Compiled with: "-DCMAKE_C_COMPILER=/usr/bin/clang -DCMAKE_CXX_COMPILER=/usr/bin/clang++ -DCMAKE_C{,XX}_FLAGS='-march=native -mtune=native'" and:
|
-DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWSREP_LIB_WITH_ASAN=ON
|
Set before execution:
|
export UBSAN_OPTIONS=print_stacktrace=1:report_error_type=1 # And you may also want to supress UBSAN startup issues using 'suppressions=UBSAN.filter' in UBSAN_OPTIONS. For an example of UBSAN.filter, which includes current startup issues see: https://github.com/mariadb-corporation/mariadb-qa/blob/master/UBSAN.filter
|
|
SAN Bug Detection Matrix |
Rel o/d Build Commit UniqueID observed
|
CS 10.6 dbg 050126 b64db51ad89d78e6a6f8bc238dd2e208b5f7aa92 UBSAN|load of value X, which is not a valid value for type 'bool'|sql/item_subselect.h|subselect_uniquesubquery_engine::no_rows|Item_in_optimizer::val_bool|Item_bool_func::val_int|Type_handler::Item_send_long
|
CS 10.6 opt 050126 b64db51ad89d78e6a6f8bc238dd2e208b5f7aa92 No bug found
|
CS 10.11 dbg 120226 67fceadfa45b3f14921114544734455ecbdd480e No bug found
|
CS 10.11 opt 120226 67fceadfa45b3f14921114544734455ecbdd480e UBSAN|load of value X, which is not a valid value for type 'bool'|sql/item_subselect.h|subselect_uniquesubquery_engine::no_rows|Item_in_optimizer::val_bool|Item_bool_func::val_int|Type_handler::Item_send_long
|
CS 11.4 dbg 120226 78201a41b5e88b94c27f5ecc16c9e5486e2e50c3 UBSAN|load of value X, which is not a valid value for type 'bool'|sql/item_subselect.h|subselect_uniquesubquery_engine::no_rows|Item_in_optimizer::val_bool|Item_bool_func::val_int|Type_handler::Item_send_long
|
CS 11.4 opt 120226 78201a41b5e88b94c27f5ecc16c9e5486e2e50c3 UBSAN|load of value X, which is not a valid value for type 'bool'|sql/item_subselect.h|subselect_uniquesubquery_engine::no_rows|Item_in_optimizer::val_bool|Item_bool_func::val_int|Type_handler::Item_send_long
|
CS 11.8 dbg 120226 65ee9a7b4694d1b6f366b5a7a3d1b0549e5a3671 UBSAN|load of value X, which is not a valid value for type 'bool'|sql/item_subselect.h|subselect_uniquesubquery_engine::no_rows|Item_in_optimizer::val_bool|Item_bool_func::val_int|Type_handler::Item_send_long
|
CS 11.8 opt 120226 65ee9a7b4694d1b6f366b5a7a3d1b0549e5a3671 UBSAN|load of value X, which is not a valid value for type 'bool'|sql/item_subselect.h|subselect_uniquesubquery_engine::no_rows|Item_in_optimizer::val_bool|Item_bool_func::val_int|Type_handler::Item_send_long
|
CS 12.2 dbg 120226 d26a6f44c1f2119377e79a9540886c6d8c01472f UBSAN|load of value X, which is not a valid value for type 'bool'|sql/item_subselect.h|subselect_uniquesubquery_engine::no_rows|Item_in_optimizer::val_bool|Item_bool_func::val_int|Type_handler::Item_send_long
|
CS 12.2 opt 120226 d26a6f44c1f2119377e79a9540886c6d8c01472f UBSAN|load of value X, which is not a valid value for type 'bool'|sql/item_subselect.h|subselect_uniquesubquery_engine::no_rows|Item_in_optimizer::val_bool|Item_bool_func::val_int|Type_handler::Item_send_long
|
CS 12.3 dbg 120226 21a0714a118614982d20bfa504763d7247800091 UBSAN|load of value X, which is not a valid value for type 'bool'|sql/item_subselect.h|subselect_uniquesubquery_engine::no_rows|Item_in_optimizer::val_bool|Item_bool_func::val_int|Type_handler::Item_send_long
|
CS 12.3 opt 120226 21a0714a118614982d20bfa504763d7247800091 No bug found
|
ES 10.6 dbg 170226 22e626b9c17e9969925c54f14d30e39e25320b22 No bug found
|
ES 10.6 opt 170226 22e626b9c17e9969925c54f14d30e39e25320b22 No bug found
|
ES 11.4 dbg 170226 34f616d5fd2c649d0c79acb4e2423c90b8f10436 UBSAN|load of value X, which is not a valid value for type 'bool'|sql/item_subselect.h|subselect_uniquesubquery_engine::no_rows|Item_in_optimizer::val_bool|Item_bool_func::val_int|Type_handler::Item_send_long
|
ES 11.4 opt 170226 34f616d5fd2c649d0c79acb4e2423c90b8f10436 No bug found
|
ES 11.8 dbg 170226 405ee76b60c4ab82155f339136ed20d3b7363717 UBSAN|load of value X, which is not a valid value for type 'bool'|sql/item_subselect.h|subselect_uniquesubquery_engine::no_rows|Item_in_optimizer::val_bool|Item_bool_func::val_int|Type_handler::Item_send_long
|
ES 11.8 opt 170226 405ee76b60c4ab82155f339136ed20d3b7363717 No bug found
|