Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-39180

Server crash at Item_func_null_predicate

    XMLWordPrintable

Details

    • Bug
    • Status: Open (View Workflow)
    • Critical
    • Resolution: Unresolved
    • 11.8, 12.3, 12.2.2
    • 11.8, 12.3
    • Optimizer, Prepared Statements, Server

    Description

      I encountered a server crash (Signal 11) on MariaDB 12.2.2.

      How to repeat:

      SET SESSION optimizer_switch='index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,duplicateweedout=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on,not_null_range_scan=off,hash_join_cardinality=on,cset_narrowing=on,sargable_casefold=on';


      DROP TABLE IF EXISTS `t0`;
      		 
      CREATE TABLE `t0` ( `c0` longtext, KEY `i0` (`c0`(3))  ) CHARSET=utf8mb4;
      		 
      INSERT INTO `t0` VALUES ('F'),('0.4052030369559373'),('1450916685');
      		 
      DROP TABLE IF EXISTS `t6`;
      		 
      CREATE TABLE `t6` ( `c0` mediumtext , `c1` float unsigned NOT NULL , `c2` double unsigned  DEFAULT NULL COMMENT 'asdf', PRIMARY KEY (`c1`) ) CHARSET=utf8mb4;
      		 
      INSERT INTO `t6` VALUES ('^',000000000000,00000.3218786430527655),('0.4670477444427631',00000.431952,0000000000000000000000),(' 蕙',00000.908187,00000.1921893437987836);

      PoC:

      PREPARE stmt1 FROM "(SELECT `ref_0`.`c0` AS `c0`, `ref_0`.`c0` AS `c1` FROM `t0` AS `ref_0` WHERE (((FALSE) OR (TRUE)) OR ((TRUE) AND (TRUE))) OR (((FALSE) AND ((FALSE) AND (FALSE))) AND (FALSE))) UNION (SELECT `t_align_0`.`c1` AS `c0`, `t_align_0`.`c1` AS `c1` FROM (SELECT `t_restored_0`.`c0` AS `c0`, `t_restored_0`.`c0` AS `c1` FROM (SELECT `t_restored_1`.`c2` AS `c2`, `t_restored_1`.`c0` AS `c0` FROM (SELECT `t_filter_sub_1`.`c2` AS `c2`, `t_filter_sub_1`.`c0` AS `c0` FROM (SELECT t_derived_0.c2 AS `c2`, t_derived_0.c0 AS `c0` FROM (SELECT t_filter_sub_0.c0 AS c0, t_filter_sub_0.c1 AS c1, t_filter_sub_0.c2 AS c2 FROM (SELECT * FROM `t6` AS t_filter_sub_0 WHERE EXISTS(SELECT 1 FROM t6 AS t_exists_expr)) AS t_filter_sub_0 UNION ALL SELECT t_filter_sub_2.c0 AS c0, t_filter_sub_2.c1 AS c1, t_filter_sub_2.c2 AS c2 FROM (SELECT * FROM `t6` AS t_filter_sub_2 WHERE NOT EXISTS(SELECT 1 FROM t6 AS t_exists_expr)) AS t_filter_sub_2) AS t_derived_0 WHERE TRUE) AS `t_filter_sub_1` WHERE (NOT `t_filter_sub_1`.`c2` IS NULL OR ((CAST(TRUE AS DECIMAL(65, 30)) * CAST(FALSE AS DECIMAL(65, 30))) BETWEEN TRUE AND `t_filter_sub_1`.`c2`) % (54 BETWEEN `t_filter_sub_1`.`c2` AND (CAST(-89.8 AS DECIMAL))) AND (NOT (((CAST(TRUE AS DECIMAL(65, 30)) * CAST(FALSE AS DECIMAL(65, 30))) BETWEEN TRUE AND `t_filter_sub_1`.`c2`) % (54 BETWEEN `t_filter_sub_1`.`c2` AND (CAST(-89.8 AS DECIMAL)))) AND NOT ((CAST(TRUE AS DECIMAL(65, 30)) * CAST(FALSE AS DECIMAL(65, 30))) BETWEEN TRUE AND `t_filter_sub_1`.`c2`) % (54 BETWEEN `t_filter_sub_1`.`c2` AND (CAST(-89.8 AS DECIMAL))) IS NULL)) AND (((CASE WHEN `t_filter_sub_1`.`c2` THEN CAST(`t_filter_sub_1`.`c0` AS CHAR) ELSE CAST(25.61 AS CHAR) END) IN (CAST(`t_filter_sub_1`.`c2` AS DECIMAL(65, 30)) + CAST(`t_filter_sub_1`.`c0` AS DECIMAL(65, 30)), CAST(FALSE AS DECIMAL(65, 30)) * CAST(30 AS DECIMAL(65, 30)), SCHEMA())) IN ((`t_filter_sub_1`.`c2` <> 52) BETWEEN (CAST(`t_filter_sub_1`.`c2` AS DECIMAL(65, 30)) - CAST(`t_filter_sub_1`.`c2` AS DECIMAL(65, 30))) AND ('a' IN ('123', `t_filter_sub_1`.`c2`, `t_filter_sub_1`.`c0`))) OR (NOT (((CASE WHEN `t_filter_sub_1`.`c2` THEN CAST(`t_filter_sub_1`.`c0` AS CHAR) ELSE CAST(25.61 AS CHAR) END) IN (CAST(`t_filter_sub_1`.`c2` AS DECIMAL(65, 30)) + CAST(`t_filter_sub_1`.`c0` AS DECIMAL(65, 30)), CAST(FALSE AS DECIMAL(65, 30)) * CAST(30 AS DECIMAL(65, 30)), SCHEMA())) IN ((`t_filter_sub_1`.`c2` <> 52) BETWEEN (CAST(`t_filter_sub_1`.`c2` AS DECIMAL(65, 30)) - CAST(`t_filter_sub_1`.`c2` AS DECIMAL(65, 30))) AND ('a' IN ('123', `t_filter_sub_1`.`c2`, `t_filter_sub_1`.`c0`)))) OR ((CASE WHEN `t_filter_sub_1`.`c2` THEN CAST(`t_filter_sub_1`.`c0` AS CHAR) ELSE CAST(25.61 AS CHAR) END) IN (CAST(`t_filter_sub_1`.`c2` AS DECIMAL(65, 30)) + CAST(`t_filter_sub_1`.`c0` AS DECIMAL(65, 30)), CAST(FALSE AS DECIMAL(65, 30)) * CAST(30 AS DECIMAL(65, 30)), SCHEMA())) IN ((`t_filter_sub_1`.`c2` <> 52) BETWEEN (CAST(`t_filter_sub_1`.`c2` AS DECIMAL(65, 30)) - CAST(`t_filter_sub_1`.`c2` AS DECIMAL(65, 30))) AND ('a' IN ('123', `t_filter_sub_1`.`c2`, `t_filter_sub_1`.`c0`))) IS NULL))) AS `t_restored_1`) AS `t_restored_0`) AS `t_align_0`)";
      		 
       
      		 
      EXECUTE stmt1;

      Docker log:

      mariadbd(my_print_stacktrace+0x30)[0x5cde1ac39960]
      		 
      mariadbd(handle_fatal_signal+0x1f3)[0x5cde1a785843]
      		 
      /lib/x86_64-linux-gnu/libc.so.6(+0x45330)[0x7e19e9fcb330]
      		 
      mariadbd(+0x11b2f06)[0x5cde1ad78f06]
      		 
      mariadbd(+0x11b3169)[0x5cde1ad79169]
      		 
      mariadbd(_ZN24Item_func_null_predicate14add_key_fieldsEP4JOINPP9KEY_FIELDPjyPP14SARGABLE_PARAM+0x138)[0x5cde1a4badf8]
      		 
      mariadbd(_ZN9Item_cond14add_key_fieldsEP4JOINPP9KEY_FIELDPjyPP14SARGABLE_PARAM+0x4f)[0x5cde1a4b59af]
      		 
      mariadbd(_ZN13Item_cond_and14add_key_fieldsEP4JOINPP9KEY_FIELDPjyPP14SARGABLE_PARAM+0x5b)[0x5cde1a4b592b]
      		 
      mariadbd(+0x8f5033)[0x5cde1a4bb033]
      		 
      mariadbd(+0x904053)[0x5cde1a4ca053]
      		 
      mariadbd(_ZN4JOIN14optimize_innerEv+0x13b0)[0x5cde1a4b4590]
      		 
      mariadbd(_ZN4JOIN8optimizeEv+0x103)[0x5cde1a4b4b93]
      		 
      mariadbd(_ZN18st_select_lex_unit8optimizeEv+0x3c2)[0x5cde1a57b602]
      		 
      mariadbd(_ZN18st_select_lex_unit10exec_innerEv+0x78)[0x5cde1a583a38]
      		 
      mariadbd(_Z13handle_selectP3THDP3LEXP13select_resulty+0x208)[0x5cde1a4b58b8]
      		 
      mariadbd(+0x891ea1)[0x5cde1a457ea1]
      		 
      mariadbd(_Z21mysql_execute_commandP3THDb+0x37ca)[0x5cde1a462e1a]
      		 
      mariadbd(_ZN18Prepared_statement7executeEP6Stringb+0xa5d)[0x5cde1a49aead]
      		 
      mariadbd(_ZN18Prepared_statement12execute_loopEP6StringbPhS2_+0xf1)[0x5cde1a49b0a1]
      		 
      mariadbd(+0x8c2302)[0x5cde1a488302]
      		 
      mariadbd(_Z16dispatch_command19enum_server_commandP3THDPcjb+0x1763)[0x5cde1a45df73]
      		 
      mariadbd(_Z10do_commandP3THDb+0x199)[0x5cde1a45ede9]
      		 
      mariadbd(_Z24do_handle_one_connectionP7CONNECTb+0x6b3)[0x5cde1a602d83]
      		 
      mariadbd(handle_one_connection+0x71)[0x5cde1a5eb161]
      		 
      mariadbd(+0xdfa91e)[0x5cde1a9c091e]
      		 
      /lib/x86_64-linux-gnu/libc.so.6(+0x9caa4)[0x7e19ea022aa4]
      		 
      /lib/x86_64-linux-gnu/libc.so.6(__clone+0x44)[0x7e19ea0afa64]

      Attachments

        Activity

          People

            psergei Sergei Petrunia
            Yuxiao Guo Yuxiao Guo
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.