[MCOL-4728] Query with unusual use of aggregate functions on ColumnStore table crashes MariaDB Server Created: 2021-05-18  Updated: 2021-12-10  Resolved: 2021-09-21

Status: Closed
Project: MariaDB ColumnStore
Component/s: None
Affects Version/s: 5.5.1
Fix Version/s: 6.2.1, 6.2.2

Type: Bug Priority: Major
Reporter: Edward Stoever Assignee: Daniel Lee (Inactive)
Resolution: Fixed Votes: 1
Labels: crash

Sprint: 2021-10, 2021-11

 Description   

A query was discovered that can kill the MariaDB process:

MariaDB [nn]> alter table t engine='innodb';
 
Query OK, 0 rows affected (0.118 sec)
 
Records: 0  Duplicates: 0  Warnings: 0
 
 
 
MariaDB [nn]> SELECT sum(0+0)-sum(0+0) from t;
 
+-------------------+
 
| sum(0+0)-sum(0+0) |
 
+-------------------+
 
|              NULL |
 
+-------------------+
 
1 row in set (0.000 sec)
 
 
 
MariaDB [nn]> alter table t engine='columnstore';
 
Query OK, 0 rows affected (0.094 sec)
 
Records: 0  Duplicates: 0  Warnings: 0
 
 
 
MariaDB [nn]> SELECT sum(0+0)-sum(0+0) from t;
 
ERROR 2013 (HY000): Lost connection to MySQL server during query
 
MariaDB [nn]>
 
 
 
Here are some variations on the same query:
 
MariaDB [nn]> select sum(null) from t;
 
+-----------+
 
| sum(null) |
 
+-----------+
 
|      NULL |
 
+-----------+
 
1 row in set (0.042 sec)
 
 
 
MariaDB [nn]> select sum(null)-sum(null) from t;
 
ERROR 2013 (HY000): Lost connection to MySQL server during query
 
 
 
MariaDB [nn]> select avg(null)-avg(null) from t;
 
ERROR 2013 (HY000): Lost connection to MySQL server during query

Looking in the mariadb.err file:

210518 12:38:21 [ERROR] mysqld got signal 11 ;
 
This could be because you hit a bug. It is also possible that this binary
 
...



 Comments   
Comment by Alexander Barkov [ 2021-09-03 ]

Reproducible with this script:

SET columnstore_select_handler=ON;
 
DROP TABLE IF EXISTS t1;
 
CREATE TABLE t1 (a INT) ENGINE=ColumnStore;
 
SELECT SUM(0+0)-SUM(0+0) FROM t1;

It also crashes with the following queries:

SELECT SUM(0) FROM t1;
 
SELECT COUNT(0) FROM t1;
 
SELECT MAX(0) FROM t1;

Comment by Alexander Barkov [ 2021-09-16 ]

More observations:

This query works fine:

SELECT SUM(1)+1 FROM t1;

This query crashes:

SELECT SUM(COALESCE(1))+1 FROM t1;

Comment by Alexander Barkov [ 2021-09-16 ]

Also crashes with this query:

SELECT sum(rand(0))+1 FROM t1;

Comment by Daniel Lee (Inactive) [ 2021-09-21 ]

Build verified: 6.2.1-1 (#3120)

Verified test cases in the ticket.

Generated at Thu Feb 08 02:52:32 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.