[MDEV-38960] Server crash at update_used_tables - Jira

XML

Word

Printable

Details

Type: Bug
Status: Confirmed (View Workflow)
Priority: Critical
Resolution: Unresolved
Affects Version/s: 10.6, 10.11, 11.4, 11.8, 12.2.2
Fix Version/s: 10.11, 11.4, 11.8, 12.2
Component/s: Prepared Statements
Labels:
- crash
Environment:

Hide
Kernel version: Linux version 6.5.13-5-pve (build@proxmox) (gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40) #1 SMP PREEMPT_DYNAMIC PMX 6.5.13-5 (2024-04-05T11:03Z)

Docker: mariadb:12.2.2

Server version: 12.2.2-MariaDB-ubu2404

Source revision: d26a6f44c1f2119377e79a9540886c6d8c01472f

Show
Kernel version: Linux version 6.5.13-5-pve ( build@proxmox ) (gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40) #1 SMP PREEMPT_DYNAMIC PMX 6.5.13-5 (2024-04-05T11:03Z) Docker: mariadb:12.2.2 Server version: 12.2.2-MariaDB-ubu2404 Source revision: d26a6f44c1f2119377e79a9540886c6d8c01472f

Description

I encountered a server crash (Signal 11) on MariaDB 12.2.2.

How to repeat:

SET SESSION optimizer_switch='index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,duplicateweedout=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on,not_null_range_scan=off,hash_join_cardinality=on,cset_narrowing=on,sargable_casefold=on';

DROP TABLE IF EXISTS `t0`;

CREATE TABLE `t0` ( `c0` mediumint DEFAULT NULL, KEY `i1` (`c0`)  ) CHARSET=utf8mb4;

INSERT INTO `t0` VALUES (8388607),(8388607),(2),(0),(0),(NULL),(NULL);

DROP TABLE IF EXISTS `t2`;

CREATE TABLE `t2` ( `c0` decimal(10,0) unsigned zerofill DEFAULT NULL, UNIQUE KEY `c0` (`c0`), UNIQUE KEY `i0` (`c0`) USING BTREE  ) CHARSET=utf8mb4;

INSERT INTO `t2` VALUES (NULL),(NULL),(0000000000),(0000000001);

PREPARE stmt1 FROM "SELECT `t_derived_0`.`ref0` AS `ref0` FROM (SELECT DISTINCT NULL AS `ref0` FROM `t2` AS `t2` GROUP BY ((CAST(((`t2`.`c0`) XOR (`t2`.`c0`)) <> ((NULL) IS TRUE) AS SIGNED)) OR (EXISTS(SELECT 1 AS `1` WHERE FALSE))) < (GREATEST(((-(0.9975750852231501))) <= ((`t2`.`c0`) LIKE (`t2`.`c0`)), 1702408644))) AS `t_derived_0` INTERSECT ALL SELECT t_filter_sub_0.ref0 AS `ref0` FROM (SELECT t_restored_0.ref0 AS `ref0` FROM (SELECT * FROM (SELECT DISTINCT NULL AS `ref0` FROM `t2` AS `t2` GROUP BY ((CAST(((`t2`.`c0`) XOR (`t2`.`c0`)) <> ((NULL) IS TRUE) AS SIGNED)) OR (EXISTS(SELECT 1 AS `1` WHERE FALSE))) < (GREATEST(((-(0.9975750852231501))) <= ((`t2`.`c0`) LIKE (`t2`.`c0`)), 1702408644))) AS t_filter_sub_1 WHERE (CASE WHEN t_filter_sub_1.ref0 <> t_filter_sub_1.ref0 THEN CAST(t_filter_sub_1.ref0 BETWEEN 61 AND 0.9975750852231501 AS CHAR) ELSE CAST(NOT t_filter_sub_1.ref0 AS CHAR) END) IS NULL OR NOT (CASE WHEN t_filter_sub_1.ref0 <> t_filter_sub_1.ref0 THEN CAST(t_filter_sub_1.ref0 BETWEEN 61 AND 0.9975750852231501 AS CHAR) ELSE CAST(NOT t_filter_sub_1.ref0 AS CHAR) END) IS NULL OR 1702408644 AND ((t_filter_sub_1.ref0 IN (t_filter_sub_1.ref0)) BETWEEN (t_filter_sub_1.ref0 IN (0.9975750852231501, t_filter_sub_1.ref0, 'test')) AND t_filter_sub_1.ref0) AND (NOT (1702408644 AND ((t_filter_sub_1.ref0 IN (t_filter_sub_1.ref0)) BETWEEN (t_filter_sub_1.ref0 IN (0.9975750852231501, t_filter_sub_1.ref0, 'test')) AND t_filter_sub_1.ref0)) AND NOT (1702408644 AND ((t_filter_sub_1.ref0 IN (t_filter_sub_1.ref0)) BETWEEN (t_filter_sub_1.ref0 IN (0.9975750852231501, t_filter_sub_1.ref0, 'test')) AND t_filter_sub_1.ref0)) IS NULL)) AS t_restored_0) AS `t_filter_sub_0`";

EXECUTE stmt1;

Docker log:

mariadbd(my_print_stacktrace+0x30)[0x5b56a605d960]

mariadbd(handle_fatal_signal+0x1f3)[0x5b56a5ba9843]

/lib/x86_64-linux-gnu/libc.so.6(+0x45330)[0x70bfd5a2c330]

mariadbd(_ZN8Item_ref18update_used_tablesEv+0x17)[0x5b56a5bd7ba7]

mariadbd(+0x71e294)[0x5b56a5708294]

mariadbd(+0x71e294)[0x5b56a5708294]

mariadbd(+0x71e294)[0x5b56a5708294]

mariadbd(+0x71f68c)[0x5b56a570968c]

mariadbd(+0x71f68c)[0x5b56a570968c]

mariadbd(_ZN4JOIN15optimize_stage2Ev+0x5a4)[0x5b56a58d3124]

mariadbd(_ZN4JOIN14optimize_innerEv+0x15fe)[0x5b56a58d87de]

mariadbd(_ZN4JOIN8optimizeEv+0x103)[0x5b56a58d8b93]

mariadbd(_ZN18st_select_lex_unit8optimizeEv+0x3c2)[0x5b56a599f602]

mariadbd(_ZN18st_select_lex_unit10exec_innerEv+0x78)[0x5b56a59a7a38]

mariadbd(_Z13handle_selectP3THDP3LEXP13select_resulty+0x208)[0x5b56a58d98b8]

mariadbd(+0x891ea1)[0x5b56a587bea1]

mariadbd(_Z21mysql_execute_commandP3THDb+0x37ca)[0x5b56a5886e1a]

mariadbd(_ZN18Prepared_statement7executeEP6Stringb+0xa5d)[0x5b56a58beead]

mariadbd(_ZN18Prepared_statement12execute_loopEP6StringbPhS2_+0xf1)[0x5b56a58bf0a1]

mariadbd(+0x8c2302)[0x5b56a58ac302]

mariadbd(_Z16dispatch_command19enum_server_commandP3THDPcjb+0x1763)[0x5b56a5881f73]

mariadbd(_Z10do_commandP3THDb+0x199)[0x5b56a5882de9]

mariadbd(_Z24do_handle_one_connectionP7CONNECTb+0x6b3)[0x5b56a5a26d83]

mariadbd(handle_one_connection+0x71)[0x5b56a5a0f161]

mariadbd(+0xdfa91e)[0x5b56a5de491e]

/lib/x86_64-linux-gnu/libc.so.6(+0x9caa4)[0x70bfd5a83aa4]

/lib/x86_64-linux-gnu/libc.so.6(__clone+0x44)[0x70bfd5b10a64]

Attachments

Issue Links

relates to

MDEV-31909 Server crashes in Item_ref::const_item / Item::cache_const_expr_analyzer

Confirmed

MDEV-38959 Server Crash at cache_const_expr_analyzer

Confirmed

Activity

People

Assignee:: Sergei Petrunia

Reporter:: Yuxiao Guo

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2026-03-04 05:27

Updated:: 2026-03-04 15:39

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.