[MDEV-39636] Crash triggered by EXPLAIN statement - Jira

XML

Word

Printable

Details

Type: Bug
Status: Confirmed (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: 11.4, 11.8, 12.3
Fix Version/s: 11.4, 11.8, 12.3
Component/s: Optimizer - Window functions
Labels:
None

Description

Hi,

The following test case triggers a crash.

CREATE TABLE t (c INT);

EXPLAIN DELETE FROM t

WHERE EXISTS (SELECT * FROM t)

ORDER BY c = ROW_NUMBER() OVER t;

This is the log:

Sorry, we probably made a mistake, and this is a bug.

Your assistance in bug reporting will enable us to fix this for the next release.

To report this bug, see https://mariadb.com/kb/en/reporting-bugs about how to report

a bug on https://jira.mariadb.org/.

Please include the information from the server start above, to the end of the

information below.

Server version: 12.2.2-MariaDB-ubu2404 source revision: d26a6f44c1f2119377e79a9540886c6d8c01472f

The information page at https://mariadb.com/kb/en/how-to-produce-a-full-stack-trace-for-mariadbd/

contains instructions to obtain a better version of the backtrace below.

Following these instructions will help MariaDB developers provide a fix quicker.

Attempting backtrace. Include this in the bug report.

(note: Retrieving this information may fail)

Thread pointer: 0x75022c0354c8

stack_bottom = 0x75025c952000 thread_stack 0x49000

Printing to addr2line failed

mariadbd(my_print_stacktrace+0x30)[0x5ab3e9e1f960]

mariadbd(handle_fatal_signal+0x1f3)[0x5ab3e996b843]

/lib/x86_64-linux-gnu/libc.so.6(+0x45330)[0x75027378d330]

mariadbd(_ZN17Window_funcs_sort5setupEP3THDP10SQL_SELECTR13List_iteratorI16Item_window_funcEP13st_join_table+0x78)[0x5ab3e98bd1f8]

mariadbd(_ZN24Window_funcs_computation5setupEP3THDP4ListI16Item_window_funcEP13st_join_table+0xf4)[0x5ab3e98bd6f4]

mariadbd(_ZN4JOIN21make_aggr_tables_infoEv+0xc46)[0x5ab3e968f436]

mariadbd(_ZN4JOIN15optimize_stage2Ev+0xc0)[0x5ab3e9694c40]

mariadbd(_ZN4JOIN14optimize_innerEv+0x15fe)[0x5ab3e969a7de]

mariadbd(_ZN4JOIN8optimizeEv+0x103)[0x5ab3e969ab93]

mariadbd(_ZN11Sql_cmd_dml13execute_innerEP3THD+0x42)[0x5ab3e96d9f82]

mariadbd(_ZN14Sql_cmd_delete13execute_innerEP3THD+0x4c)[0x5ab3e95e068c]

mariadbd(_ZN11Sql_cmd_dml7executeEP3THD+0xcd)[0x5ab3e96d9c0d]

mariadbd(_Z21mysql_execute_commandP3THDb+0xee1)[0x5ab3e9646531]

mariadbd(_Z11mysql_parseP3THDPcjP12Parser_state+0x19a)[0x5ab3e9653aea]

mariadbd(_Z16dispatch_command19enum_server_commandP3THDPcjb+0x1304)[0x5ab3e9643b14]

mariadbd(_Z10do_commandP3THDb+0x199)[0x5ab3e9644de9]

mariadbd(_Z24do_handle_one_connectionP7CONNECTb+0x6b3)[0x5ab3e97e8d83]

mariadbd(handle_one_connection+0x71)[0x5ab3e97d1161]

mariadbd(+0xdfa91e)[0x5ab3e9ba691e]

/lib/x86_64-linux-gnu/libc.so.6(+0x9caa4)[0x7502737e4aa4]

/lib/x86_64-linux-gnu/libc.so.6(__clone+0x44)[0x750273871a64]

Connection ID (thread ID): 5

Status: NOT_KILLED

Query (0x75022c018ab0): EXPLAIN DELETE FROM t

WHERE EXISTS (SELECT * FROM t)

ORDER BY c = ROW_NUMBER() OVER t

Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,duplicateweedout=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on,not_null_range_scan=off,hash_join_cardinality=on,cset_narrowing=on,sargable_casefold=on

Writing a core file...

Working directory at /var/lib/mysql

Resource Limits (excludes unlimited resources):

Limit                     Soft Limit           Hard Limit           Units

Max stack size            8388608              unlimited            bytes

Max open files            32310                32310                files

Max locked memory         8388608              8388608              bytes

Max pending signals       804669               804669               signals

Max msgqueue size         819200               819200               bytes

Max nice priority         0                    0

Max realtime priority     0                    0

Core pattern: |/usr/share/apport/apport -p%p -s%s -c%c -d%d -P%P -u%u -g%g -F%F -- %E

Kernel version: Linux version 6.17.0-23-generic (buildd@lcy02-amd64-016) (x86_64-linux-gnu-gcc-13 (Ubuntu 13.3.0-6ubuntu2~24.04.1) 13.3.0, GNU ld (GNU Binutils for Ubuntu) 2.42) #23~24.04.1-Ubuntu SMP PREEMPT_DYNAMIC Tue Apr 14 16:11:48 UTC 2

I can reproduce this with the commit version f6e44c1b7819f9befa3824f07866822288231528 of MariaDB server in github repo.

Attachments

Activity

People

Assignee:: Sergei Petrunia

Reporter:: Chi Zhang

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2026-05-17 08:24

Updated:: 1 week ago 09:02

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.