|
On 10.3 it fails with
mysqld: /git/10.3/sql/item.cc:6150: virtual bool Item_field::fix_fields(THD*, Item**): Assertion `context' failed.
|
10.3 5e7496e2eaf01d3be79fc
|
Thread 1 (Thread 0x7f3089216700 (LWP 17247)):
|
#0 __pthread_kill (threadid=<optimized out>, signo=6) at ../sysdeps/unix/sysv/linux/pthread_kill.c:62
|
#1 0x000055b5d8e9e6e0 in my_write_core (sig=6) at /git/10.3/mysys/stacktrace.c:481
|
#2 0x000055b5d86e24e9 in handle_fatal_signal (sig=6) at /git/10.3/sql/signal_handler.cc:305
|
#3 <signal handler called>
|
#4 0x00007f308fc20428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
|
#5 0x00007f308fc2202a in __GI_abort () at abort.c:89
|
#6 0x00007f308fc18bd7 in __assert_fail_base (fmt=<optimized out>, assertion=assertion@entry=0x55b5d90ce64c "context", file=file@entry=0x55b5d90cdad0 "/git/10.3/sql/item.cc", line=line@entry=6150, function=function@entry=0x55b5d90d1060 <Item_field::fix_fields(THD*, Item**)::__PRETTY_FUNCTION__> "virtual bool Item_field::fix_fields(THD*, Item**)") at assert.c:92
|
#7 0x00007f308fc18c82 in __GI___assert_fail (assertion=0x55b5d90ce64c "context", file=0x55b5d90cdad0 "/git/10.3/sql/item.cc", line=6150, function=0x55b5d90d1060 <Item_field::fix_fields(THD*, Item**)::__PRETTY_FUNCTION__> "virtual bool Item_field::fix_fields(THD*, Item**)") at assert.c:101
|
#8 0x000055b5d870ca69 in Item_field::fix_fields (this=0x7f303c132d70, thd=0x7f303c000b00, reference=0x7f303c132d68) at /git/10.3/sql/item.cc:6150
|
#9 0x000055b5d82fcb6a in Item::fix_fields_if_needed (this=0x7f303c132d70, thd=0x7f303c000b00, ref=0x7f303c132d68) at /git/10.3/sql/item.h:822
|
#10 0x000055b5d871546b in Item_direct_view_ref::fix_fields (this=0x7f303c132c50, thd=0x7f303c000b00, reference=0x7f303c1329e0) at /git/10.3/sql/item.cc:9043
|
#11 0x000055b5d82fcb6a in Item::fix_fields_if_needed (this=0x7f303c132c50, thd=0x7f303c000b00, ref=0x7f303c1329e0) at /git/10.3/sql/item.h:822
|
#12 0x000055b5d876281f in Item_func::fix_fields (this=0x7f303c132950, thd=0x7f303c000b00, ref=0x7f303c131ec0) at /git/10.3/sql/item_func.cc:363
|
#13 0x000055b5d843957b in JOIN::optimize_inner (this=0x7f303c131ab8) at /git/10.3/sql/sql_select.cc:1658
|
#14 0x000055b5d84389bd in JOIN::optimize (this=0x7f303c131ab8) at /git/10.3/sql/sql_select.cc:1448
|
#15 0x000055b5d83abe38 in mysql_derived_optimize (thd=0x7f303c000b00, lex=0x7f303c0048e0, derived=0x7f303c014f10) at /git/10.3/sql/sql_derived.cc:935
|
#16 0x000055b5d83aa400 in mysql_handle_single_derived (lex=0x7f303c0048e0, derived=0x7f303c014f10, phases=4) at /git/10.3/sql/sql_derived.cc:197
|
#17 0x000055b5d8439930 in JOIN::optimize_inner (this=0x7f303c019ad8) at /git/10.3/sql/sql_select.cc:1712
|
#18 0x000055b5d84389bd in JOIN::optimize (this=0x7f303c019ad8) at /git/10.3/sql/sql_select.cc:1448
|
#19 0x000055b5d84424ee in mysql_select (thd=0x7f303c000b00, tables=0x7f303c014f10, wild_num=1, fields=..., conds=0x7f303c015720, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7f303c019ab8, unit=0x7f303c0049a8, select_lex=0x7f303c005118) at /git/10.3/sql/sql_select.cc:4213
|
#20 0x000055b5d843450a in handle_select (thd=0x7f303c000b00, lex=0x7f303c0048e0, result=0x7f303c019ab8, setup_tables_done_option=0) at /git/10.3/sql/sql_select.cc:382
|
#21 0x000055b5d83fede6 in execute_sqlcom_select (thd=0x7f303c000b00, all_tables=0x7f303c014f10) at /git/10.3/sql/sql_parse.cc:6546
|
#22 0x000055b5d83f523f in mysql_execute_command (thd=0x7f303c000b00) at /git/10.3/sql/sql_parse.cc:3768
|
#23 0x000055b5d8402d6b in mysql_parse (thd=0x7f303c000b00, rawbuf=0x7f303c014d08 "SELECT * FROM v1 WHERE b > 0", length=28, parser_state=0x7f3089215470, is_com_multi=false, is_next_command=false) at /git/10.3/sql/sql_parse.cc:8088
|
#24 0x000055b5d83efd14 in dispatch_command (command=COM_QUERY, thd=0x7f303c000b00, packet=0x7f303c126501 "SELECT * FROM v1 WHERE b > 0", packet_length=28, is_com_multi=false, is_next_command=false) at /git/10.3/sql/sql_parse.cc:1850
|
#25 0x000055b5d83ee731 in do_command (thd=0x7f303c000b00) at /git/10.3/sql/sql_parse.cc:1395
|
#26 0x000055b5d8554c25 in do_handle_one_connection (connect=0x55b5dbaedf10) at /git/10.3/sql/sql_connect.cc:1402
|
#27 0x000055b5d8554976 in handle_one_connection (arg=0x55b5dbaedf10) at /git/10.3/sql/sql_connect.cc:1308
|
#28 0x000055b5d8e2ebc0 in pfs_spawn_thread (arg=0x55b5dbaf6280) at /git/10.3/storage/perfschema/pfs.cc:1862
|
#29 0x00007f309085d6ba in start_thread (arg=0x7f3089216700) at pthread_create.c:333
|
#30 0x00007f308fcf241d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109
|
|
|
Could MDEV-20437 be duplicating this report?
|
|
I was looking through revisions of mariadb to find at which point the script on MDEV-20437 started causing the server to crash, and it appears that it started with https://github.com/MariaDB/server/commit/862a97749d.
As such, setting the optimizer to `condition_pushdown_for_derived=off` could be considered as a temporary workaround for this issue.
|
|
Note: still fails with the fix for MDEV-25346
|
|
To be clear, this is a regression caused by the fix for MDEV-17011.
|
|
Apparently another representation of the same problem:
|
10.2 1a54cf62
|
mysqld: /home/vsts/src/sql/item.cc:5515: virtual bool Item_field::fix_fields(THD*, Item**): Assertion `field' failed.
|
211019 19:35:16 [ERROR] mysqld got signal 6 ;
|
|
#7 0x00007f4cea9ddf36 in __GI___assert_fail (assertion=0x55a87bfa0780 "field", file=0x55a87bf9cb80 "/home/vsts/src/sql/item.cc", line=5515, function=0x55a87bfa06e0 "virtual bool Item_field::fix_fields(THD*, Item**)") at assert.c:101
|
#8 0x000055a87aa58eaa in Item_field::fix_fields (this=0x62900dc6a430, thd=0x62a000228270, reference=0x62900dc6a420) at /home/vsts/src/sql/item.cc:5515
|
#9 0x000055a87aa75242 in Item_direct_view_ref::fix_fields (this=0x62900dc6a310, thd=0x62a000228270, reference=0x6290103731c8) at /home/vsts/src/sql/item.cc:8714
|
#10 0x000055a87ab22205 in Item_func::fix_fields (this=0x62900dc69b68, thd=0x62a000228270, ref=0x62900dc69cc0) at /home/vsts/src/sql/item_func.cc:201
|
#11 0x000055a87aacb3ad in Item_cond::fix_fields (this=0x62900dc696a8, thd=0x62a000228270, ref=0x629010370b40) at /home/vsts/src/sql/item_cmpfunc.cc:4639
|
#12 0x000055a87a45e052 in JOIN::optimize_inner (this=0x629010370738) at /home/vsts/src/sql/sql_select.cc:1365
|
#13 0x000055a87a45b846 in JOIN::optimize (this=0x629010370738) at /home/vsts/src/sql/sql_select.cc:1127
|
#14 0x000055a87a33b062 in mysql_derived_optimize (thd=0x62a000228270, lex=0x62a00022bda8, derived=0x62b000054898) at /home/vsts/src/sql/sql_derived.cc:920
|
#15 0x000055a87a336ac7 in mysql_handle_single_derived (lex=0x62a00022bda8, derived=0x62b000054898, phases=4) at /home/vsts/src/sql/sql_derived.cc:192
|
#16 0x000055a87a45e92a in JOIN::optimize_inner (this=0x62901036f290) at /home/vsts/src/sql/sql_select.cc:1413
|
#17 0x000055a87a45b846 in JOIN::optimize (this=0x62901036f290) at /home/vsts/src/sql/sql_select.cc:1127
|
#18 0x000055a87a476f4d in mysql_select (thd=0x62a000228270, tables=0x62b000054898, wild_num=0, fields=..., conds=0x62b000055b38, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=551903562496, result=0x62900f102e98, unit=0x62a00022be68, select_lex=0x62a00022c5b8) at /home/vsts/src/sql/sql_select.cc:3835
|
#19 0x000055a87a453b14 in handle_select (thd=0x62a000228270, lex=0x62a00022bda8, result=0x62900f102e98, setup_tables_done_option=0) at /home/vsts/src/sql/sql_select.cc:361
|
#20 0x000055a87a3ca757 in execute_sqlcom_select (thd=0x62a000228270, all_tables=0x62b000054898) at /home/vsts/src/sql/sql_parse.cc:6271
|
#21 0x000055a87a3b7ae0 in mysql_execute_command (thd=0x62a000228270) at /home/vsts/src/sql/sql_parse.cc:3582
|
#22 0x000055a87a3d3c6c in mysql_parse (thd=0x62a000228270, rawbuf=0x62b000054290 "SELECT /* QNO 25246 CON_ID 47 */ col_tinyint, `col_tinyint` FROM v1_trans_unsafe_for_sbr_13945 /* table1_int_autoinc table10_myisam_int_autoinc v2_trans_safe_for_sbr_13945 */ WHERE col_tinyint BETWEEN"..., length=304, parser_state=0x7f4c7d410b10, is_com_multi=false, is_next_command=false) at /home/vsts/src/sql/sql_parse.cc:7793
|
#23 0x000055a87a3ace71 in dispatch_command (command=COM_QUERY, thd=0x62a000228270, packet=0x629000163271 "SELECT /* QNO 25246 CON_ID 47 */ col_tinyint, `col_tinyint` FROM v1_trans_unsafe_for_sbr_13945 /* table1_int_autoinc table10_myisam_int_autoinc v2_trans_safe_for_sbr_13945 */ WHERE col_tinyint BETWEEN"..., packet_length=305, is_com_multi=false, is_next_command=false) at /home/vsts/src/sql/sql_parse.cc:1827
|
#24 0x000055a87a3a9c3c in do_command (thd=0x62a000228270) at /home/vsts/src/sql/sql_parse.cc:1381
|
#25 0x000055a87a83083f in threadpool_process_request (thd=0x62a000228270) at /home/vsts/src/sql/threadpool_common.cc:375
|
#26 0x000055a87a82fcc6 in tp_callback (c=0x608000000720) at /home/vsts/src/sql/threadpool_common.cc:191
|
#27 0x000055a87a942710 in worker_main (param=0x62e00000c5b0) at /home/vsts/src/sql/threadpool_generic.cc:1612
|
#28 0x000055a87bad5f9e in pfs_spawn_thread (arg=0x6160001ed8f0) at /home/vsts/src/storage/perfschema/pfs.cc:1869
|
#29 0x00007f4ceaeee609 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
#30 0x00007f4ceaac9293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
The assertion was added by this commit
commit 3690c549c6e72646ba74f6b4c83813ee4ac3aea4
|
Author: Oleksandr Byelkin
|
Date: Fri Jul 23 11:14:13 2021 +0200
|
|
MDEV-24454 Crash at change_item_tree
|
but the commit didn't introduce a new bug, it just makes the old one fail on the assertion instead of crashing with sigsegv.
|
|
setting optimizer_switch="condition_pushdown_for_derived=off" is a temporary workaround.
set optimizer_switch="condition_pushdown_for_derived=on";
|
CREATE TABLE t1 (a int);
|
SELECT 1 FROM (SELECT a FROM (SELECT a FROM t1 order by rand()) dt) dt2 where a;
|
explain is also crashing:
sql/item.cc:5873(Item_field::fix_fields(THD*, Item**))[0x563c47c06948]
|
sql/item.cc:9033(Item_direct_view_ref::fix_fields(THD*, Item**))[0x563c47c04aba]
|
sql/item_func.cc:347(Item_func::fix_fields(THD*, Item**))[0x563c47c486f9]
|
sql/sql_select.cc:2164(JOIN::optimize_inner())[0x563c47a1a19a]
|
sql/sql_select.cc:1811(JOIN::optimize())[0x563c47a1cfd5]
|
sql/sql_derived.cc:1064(mysql_derived_optimize(THD*, LEX*, TABLE_LIST*))[0x563c4797c7e7]
|
sql/sql_derived.cc:200(mysql_handle_single_derived(LEX*, TABLE_LIST*, unsigned int))[0x563c4797c0cd]
|
sql/sql_select.cc:2285(JOIN::optimize_inner())[0x563c47a1a68c]
|
sql/sql_select.cc:1811(JOIN::optimize())[0x563c47a1cfd5]
|
sql/sql_select.cc:4979(mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x563c47a1d098]
|
sql/sql_select.cc:27780(mysql_explain_union(THD*, st_select_lex_unit*, select_result*))[0x563c47a1dc12]
|
sql/sql_parse.cc:6198(execute_sqlcom_select(THD*, TABLE_LIST*))[0x563c47884e4e]
|
sql/sql_parse.cc:3946(mysql_execute_command(THD*, bool))[0x563c479c1612]
|
sql/sql_parse.cc:8031(mysql_parse(THD*, char*, unsigned int, Parser_state*))[0x563c479c3a6b]
|
sql/sql_parse.cc:1955(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool))[0x563c479c5cd7]
|
sql/sql_parse.cc:1406(do_command(THD*, bool))[0x563c479c7373]
|
sql/sql_connect.cc:1418(do_handle_one_connection(CONNECT*, bool))[0x563c47abbf97]
|
sql/sql_connect.cc:1318(handle_one_connection)[0x563c47abc234]
|
perfschema/pfs.cc:2204(pfs_spawn_thread)[0x563c47e438d2]
|
nptl/pthread_create.c:478(start_thread)[0x7f67c3a20609]
|
x86_64/clone.S:97(__GI___clone)[0x7f67c360e293]
|
|
Query (0x7f6760012d50): explain SELECT 1 FROM (SELECT a FROM (SELECT a FROM t1 order by rand()) dt) dt2 where a
|
|
|
I can confirm this with a different type of query.
Here someone tried to overcome the join limit of 61 tables by using WITH statements.
So instead of:
SELECT t1_1.v AS val1
|
,t1_2.v AS val2
|
,t1_3.v AS val3
|
,t1_4.v AS val4
|
,t1_5.v AS val5
|
...
|
,t1_60.v AS val60
|
,t1_61.v AS val61
|
,t1_62.v AS val62
|
FROM t1 AS t1_1
|
INNER JOIN t1 t1_2 ON t1_2.k = 2
|
INNER JOIN t1 t1_3 ON t1_3.k = 3
|
INNER JOIN t1 t1_4 ON t1_4.k = 4
|
...
|
INNER JOIN t1 t1_60 ON t1_60.k = 60
|
INNER JOIN t1 t1_61 ON t1_61.k = 61
|
INNER JOIN t1 t1_62 ON t1_62.k = 62
|
WHERE t1_1.k = 1
|
they made up something like this:
WITH with1 AS (
|
SELECT t1_1.v AS val1
|
,t1_2.v AS val2
|
,t1_3.v AS val3
|
...
|
,t1_48.v AS val48
|
,t1_49.v AS val49
|
,t1_50.v AS val50
|
FROM t1 AS t1_1
|
INNER JOIN t1 t1_2 ON t1_2.k = 2
|
INNER JOIN t1 t1_3 ON t1_3.k = 3
|
...
|
INNER JOIN t1 t1_48 ON t1_48.k = 48
|
INNER JOIN t1 t1_49 ON t1_49.k = 49
|
INNER JOIN t1 t1_50 ON t1_50.k = 50
|
), with2 AS (
|
SELECT with1.*
|
,t1_51.v AS val51
|
,t1_52.v AS val52
|
,t1_53.v AS val53
|
...
|
,t1_97.v AS val97
|
,t1_98.v AS val98
|
,t1_99.v AS val99
|
FROM with1
|
INNER JOIN t1 t1_51 ON t1_51.k = 51
|
INNER JOIN t1 t1_52 ON t1_52.k = 52
|
INNER JOIN t1 t1_53 ON t1_53.k = 53
|
...
|
INNER JOIN t1 t1_97 ON t1_97.k = 97
|
INNER JOIN t1 t1_98 ON t1_98.k = 98
|
INNER JOIN t1 t1_99 ON t1_99.k = 99
|
) SELECT * FROM with2 WHERE val1 = 10
|
And that actually works.
Except that in the production query some optimizer kicked in, and then the crash happened.
I tried to create a toy example with the above, but it looks I'm not triggering said optimizer.
When using the production SQL example that crashed 10.3.25, I did find that:
- an explain indeed also crashes mysqld
- setting condition_pushdown_for_derived=off makes it not crash
Toy example generation script (that does not crash, probably because of nothing to optimize):
#!/bin/sh
|
|
setup() {
|
echo 'DROP TABLE IF EXISTS t1;'
|
echo 'CREATE TABLE t1 (k INT PRIMARY KEY, v INT);'
|
for x in $(seq 99); do
|
echo "INSERT INTO t1 VALUES ($x, ${x}0);"
|
done
|
}
|
|
query_n() {
|
local n="$1"
|
echo "SELECT t1_1.v AS val1"
|
for x in $(seq 2 $n); do
|
echo " ,t1_$x.v AS val$x"
|
done
|
echo "FROM t1 AS t1_1";
|
for x in $(seq 2 $n); do
|
echo "INNER JOIN t1 t1_$x ON t1_$x.k = $x"
|
done
|
echo "WHERE t1_1.k = 1";
|
echo "\\G"
|
}
|
|
query_hack() {
|
local n=$1
|
echo "WITH with1 AS ("
|
echo "SELECT t1_1.v AS val1"
|
for x in $(seq 2 50); do
|
echo " ,t1_$x.v AS val$x"
|
done
|
echo "FROM t1 AS t1_1";
|
for x in $(seq 2 50); do
|
echo "INNER JOIN t1 t1_$x ON t1_$x.k = $x"
|
done
|
echo "), with2 AS ("
|
echo "SELECT with1.*"
|
for x in $(seq 51 $n); do
|
echo " ,t1_$x.v AS val$x"
|
done
|
echo "FROM with1"
|
for x in $( seq 51 $n); do
|
echo "INNER JOIN t1 t1_$x ON t1_$x.k = $x"
|
done
|
echo ") SELECT * FROM with2 WHERE val1 = 10\\G"
|
}
|
|
setup
|
query_n 61 # works
|
query_n 62 # ERROR 1116 (HY000) at line 1: Too many tables; MariaDB can only use 61 tables in a join
|
query_hack 99 # also works, but might crash given the right optimizations
|
Stack trace:
(gdb) bt
|
#0 0x000055f6c6ba173e in Item_field::fix_fields (this=0x7ef35c30a568, thd=0x7ef35c01c818, reference=0x7ef35c30a560) at ./sql/item.cc:6077
|
#1 0x000055f6c6ba25e3 in Item::fix_fields_if_needed (ref=<optimized out>, thd=0x7ef35c01c818, this=<optimized out>) at ./sql/item.h:825
|
#2 Item::fix_fields_if_needed (ref=<optimized out>, thd=0x7ef35c01c818, this=<optimized out>) at ./sql/item.h:823
|
#3 Item_direct_view_ref::fix_fields (this=0x7ef35c30a448, thd=0x7ef35c01c818, reference=0x7ef35c30a370) at ./sql/item.cc:9015
|
#4 0x000055f6c6bdf60c in Item::fix_fields_if_needed (ref=0x7ef35c30a370, thd=0x7ef35c01c818, this=0x7ef35c30a448) at ./sql/item.h:823
|
#5 Item::fix_fields_if_needed (ref=0x7ef35c30a370, thd=0x7ef35c01c818, this=0x7ef35c30a448) at ./sql/item.h:823
|
#6 Item_func::fix_fields (ref=<optimized out>, thd=0x7ef35c01c818, this=0x7ef35c30a2e0) at ./sql/item_func.cc:352
|
#7 Item_func::fix_fields (this=0x7ef35c30a2e0, thd=0x7ef35c01c818, ref=<optimized out>) at ./sql/item_func.cc:319
|
#8 0x000055f6c69e604a in JOIN::optimize_inner (this=0x7ef35f7e0570) at ./sql/sql_select.cc:1708
|
#9 0x000055f6c69e6b02 in JOIN::optimize (this=this@entry=0x7ef35f7e0570) at ./sql/sql_select.cc:1497
|
#10 0x000055f6c6949c87 in mysql_derived_optimize (thd=0x7ef35c01c818, lex=0x7ef35c020460, derived=0x7ef35c2aa610) at ./sql/sql_derived.cc:939
|
#11 0x000055f6c69495ac in mysql_handle_single_derived (lex=0x7ef35c020460, derived=derived@entry=0x7ef35c2aa610, phases=phases@entry=4) at ./sql/sql_derived.cc:199
|
#12 0x000055f6c69e62fb in JOIN::optimize_inner (this=0x7ef35f7dc7e0) at ./sql/sql_select.cc:1774
|
#13 0x000055f6c69e6b02 in JOIN::optimize (this=this@entry=0x7ef35f7dc7e0) at ./sql/sql_select.cc:1497
|
#14 0x000055f6c69e7334 in mysql_select (thd=0x7ef35c01c818, tables=0x7ef35f7db658, wild_num=0, fields=..., conds=0x7ef35f7dbf30, og_num=0, order=0x0, group=0x0,
|
having=0x0, proc_param=0x0, select_options=551903562496, result=0x7ef35f7dc7b8, unit=0x7ef35c020520, select_lex=0x7ef35c020ca8) at ./sql/sql_select.cc:4301
|
#15 0x000055f6c69e757b in handle_select (thd=thd@entry=0x7ef35c01c818, lex=lex@entry=0x7ef35c020460, result=result@entry=0x7ef35f7dc7b8,
|
setup_tables_done_option=setup_tables_done_option@entry=0) at ./sql/sql_select.cc:370
|
#16 0x000055f6c6978e11 in execute_sqlcom_select (thd=0x7ef35c01c818, all_tables=0x7ef35f7db658) at ./sql/sql_parse.cc:6286
|
#17 0x000055f6c69868e6 in mysql_execute_command (thd=0x7ef35c01c818) at ./sql/sql_parse.cc:3812
|
#18 0x000055f6c6989683 in mysql_parse (thd=thd@entry=0x7ef35c01c818,
|
...
|
#19 0x000055f6c698a14a in wsrep_mysql_parse (thd=0x7ef35c01c818,
|
...
|
#20 0x000055f6c698be01 in dispatch_command (command=COM_QUERY, thd=0x7ef35c01c818, packet=<optimized out>, packet_length=<optimized out>, is_com_multi=<optimized out>,
|
is_next_command=<optimized out>) at ./sql/sql_parse.cc:1933
|
#21 0x000055f6c698da0d in do_command (thd=0x7ef35c01c818) at ./sql/sql_parse.cc:1393
|
#22 0x000055f6c6a74233 in do_handle_one_connection (connect=connect@entry=0x55f6f90fa2e8) at ./sql/sql_connect.cc:1403
|
#23 0x000055f6c6a7444f in handle_one_connection (arg=arg@entry=0x55f6f90fa2e8) at ./sql/sql_connect.cc:1308
|
#24 0x000055f6c7049fe6 in pfs_spawn_thread (arg=0x55f6f907d2f8) at ./storage/perfschema/pfs.cc:1869
|
#25 0x00007f0a0a80d609 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
#26 0x00007f0a0a401293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
(gdb) disass
|
Dump of assembler code for function Item_field::fix_fields(THD*, Item**):
|
...
|
0x000055f6c6ba1737 <+615>: movzbl %dl,%edx
|
--Type <RET> for more, q to quit, c to continue without paging--
|
0x000055f6c6ba173a <+618>: sete %r9b
|
=> 0x000055f6c6ba173e <+622>: mov 0x18(%rax),%rcx
|
0x000055f6c6ba1742 <+626>: mov 0x10(%rax),%r11
|
0x000055f6c6ba1746 <+630>: pushq $0x1
|
(gdb) print this->context->first_name_resolution_table
|
Cannot access memory at address 0x10
|
(gdb) print this->context->last_name_resolution_table
|
Cannot access memory at address 0x18
|
/*
|
In case of view, find_field_in_tables() write pointer to view field
|
expression to 'reference', i.e. it substitute that expression instead
|
of this Item_field
|
*/
|
DBUG_ASSERT(context);
|
if ((from_field= find_field_in_tables(thd, this,
|
context->first_name_resolution_table,
|
context->last_name_resolution_table,
|
reference,
|
thd->lex->use_only_table_context ?
|
REPORT_ALL_ERRORS :
|
IGNORE_EXCEPT_NON_UNIQUE,
|
!any_privileges,
|
TRUE)) ==
|
not_found_field)
|
|
|
This testcase, without directly defined views, will show SIGSEGV in Item_field::fix_fields, Assertion `context' failed and Assertion `field' failed across MariaDB versions.
CREATE TABLE c (c INT);
|
INSERT INTO c SELECT * FROM (SELECT * FROM (SELECT * FROM c AS d ORDER BY c,c) AS e NATURAL JOIN c AS f) AS g WHERE c=1;
|
Leads to:
|
10.11.0 bc563f1a4b0b38de3b41fd0f0d3d8b7f1aacbd8b (Optimized)
|
Core was generated by `/test/MD190822-mariadb-10.11.0-linux-x86_64-opt/bin/mysqld --no-defaults --core'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 0x000055c39686d86f in Item_field::fix_fields (this=0x15212c050af8, thd=
|
0x15212c000c58, reference=0x15212c050af0)
|
at /test/10.11_opt/sql/item.cc:6029
|
|
warning: Source file is more recent than executable.
|
6029 if ((from_field= find_field_in_tables(thd, this,
|
[Current thread is 1 (Thread 0x15217c73d700 (LWP 3152811))]
|
(gdb) bt
|
#0 0x000055c39686d86f in Item_field::fix_fields (this=0x15212c050af8, thd=0x15212c000c58, reference=0x15212c050af0) at /test/10.11_opt/sql/item.cc:6029
|
#1 0x000055c39686e8c3 in Item::fix_fields_if_needed (ref=<optimized out>, thd=0x15212c000c58, this=<optimized out>) at /test/10.11_opt/sql/item.h:1144
|
#2 Item::fix_fields_if_needed (ref=<optimized out>, thd=0x15212c000c58, this=<optimized out>) at /test/10.11_opt/sql/item.h:1142
|
#3 Item_direct_view_ref::fix_fields (this=0x15212c0509d8, thd=0x15212c000c58, reference=0x15212c050818) at /test/10.11_opt/sql/item.cc:9182
|
#4 0x000055c3968b0d7d in Item::fix_fields_if_needed (ref=0x15212c050818, thd=0x15212c000c58, this=0x15212c0509d8) at /test/10.11_opt/sql/item.h:1142
|
#5 Item::fix_fields_if_needed (ref=0x15212c050818, thd=0x15212c000c58, this=0x15212c0509d8) at /test/10.11_opt/sql/item.h:1142
|
#6 Item_func::fix_fields (ref=<optimized out>, thd=0x15212c000c58, this=0x15212c0507a0) at /test/10.11_opt/sql/item_func.cc:347
|
#7 Item_func::fix_fields (this=0x15212c0507a0, thd=0x15212c000c58, ref=<optimized out>) at /test/10.11_opt/sql/item_func.cc:314
|
#8 0x000055c39688515b in Item::fix_fields_if_needed (ref=0x15212c050d60, thd=0x15212c000c58, this=0x15212c0507a0) at /test/10.11_opt/sql/item.h:1142
|
#9 Item::fix_fields_if_needed (ref=0x15212c050d60, thd=0x15212c000c58, this=0x15212c0507a0) at /test/10.11_opt/sql/item.h:1142
|
#10 Item::fix_fields_if_needed_for_scalar (ref=0x15212c050d60, thd=0x15212c000c58, this=0x15212c0507a0) at /test/10.11_opt/sql/item.h:1148
|
#11 Item::fix_fields_if_needed_for_bool (ref=0x15212c050d60, thd=0x15212c000c58, this=0x15212c0507a0) at /test/10.11_opt/sql/item.h:1152
|
#12 Item_cond::fix_fields (this=0x15212c050c50, thd=0x15212c000c58, ref=<optimized out>) at /test/10.11_opt/sql/item_cmpfunc.cc:4906
|
#13 0x000055c396674927 in JOIN::optimize_inner (this=0x15212c01e080) at /test/10.11_opt/sql/sql_select.cc:2221
|
#14 0x000055c396678033 in JOIN::optimize (this=this@entry=0x15212c01e080) at /test/10.11_opt/sql/sql_select.cc:1863
|
#15 0x000055c3965bbd9b in mysql_derived_optimize (thd=0x15212c000c58, lex=0x15212c004bf8, derived=0x15212c01c690) at /test/10.11_opt/sql/sql_derived.cc:1064
|
#16 0x000055c3965bb5e8 in mysql_handle_single_derived (lex=0x15212c004bf8, derived=derived@entry=0x15212c01c690, phases=phases@entry=4) at /test/10.11_opt/sql/sql_derived.cc:200
|
#17 0x000055c396674d6c in JOIN::optimize_inner (this=0x15212c01f080) at /test/10.11_opt/sql/sql_select.cc:2342
|
#18 0x000055c396678033 in JOIN::optimize (this=this@entry=0x15212c01f080) at /test/10.11_opt/sql/sql_select.cc:1863
|
#19 0x000055c39667811e in mysql_select (thd=0x15212c000c58, tables=0x15212c01c690, fields=@0x15212c011240: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x15212c011530, last = 0x15212c011530, elements = 1}, <No data fields>}, conds=0x15212c0143c0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x15212c01efc0, unit=0x15212c004cd0, select_lex=0x15212c010fa0) at /test/10.11_opt/sql/sql_select.cc:5056
|
#20 0x000055c3966788b7 in handle_select (thd=thd@entry=0x15212c000c58, lex=lex@entry=0x15212c004bf8, result=result@entry=0x15212c01efc0, setup_tables_done_option=setup_tables_done_option@entry=1073741824) at /test/10.11_opt/sql/sql_select.cc:581
|
#21 0x000055c396609172 in mysql_execute_command (thd=0x15212c000c58, is_called_from_prepared_stmt=<optimized out>) at /test/10.11_opt/sql/sql_parse.cc:4709
|
#22 0x000055c3965f57b5 in mysql_parse (rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, thd=0x15212c000c58) at /test/10.11_opt/sql/sql_parse.cc:8035
|
#23 mysql_parse (thd=0x15212c000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/10.11_opt/sql/sql_parse.cc:7957
|
#24 0x000055c3966012ca in dispatch_command (command=COM_QUERY, thd=0x15212c000c58, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/10.11_opt/sql/sql_class.h:1339
|
#25 0x000055c3966031f2 in do_command (thd=0x15212c000c58, blocking=blocking@entry=true) at /test/10.11_opt/sql/sql_parse.cc:1407
|
#26 0x000055c39671b46f in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55c399a02f28, put_in_cache=put_in_cache@entry=true) at /test/10.11_opt/sql/sql_connect.cc:1418
|
#27 0x000055c39671b74d in handle_one_connection (arg=0x55c399a02f28) at /test/10.11_opt/sql/sql_connect.cc:1312
|
#28 0x0000152196385609 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
#29 0x0000152195f71133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
|
10.11.0 bc563f1a4b0b38de3b41fd0f0d3d8b7f1aacbd8b (Debug)
|
mysqld: /test/10.11_dbg/sql/item.cc:6009: virtual bool Item_field::fix_fields(THD*, Item**): Assertion `field' failed.
|
|
10.11.0 bc563f1a4b0b38de3b41fd0f0d3d8b7f1aacbd8b (Debug)
|
Core was generated by `/test/MD190822-mariadb-10.11.0-linux-x86_64-dbg/bin/mysqld --no-defaults --core'.
|
Program terminated with signal SIGABRT, Aborted.
|
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
|
[Current thread is 1 (Thread 0x14704bf69700 (LWP 3588082))]
|
(gdb) bt
|
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
|
#1 0x000014709471f859 in __GI_abort () at abort.c:79
|
#2 0x000014709471f729 in __assert_fail_base (fmt=0x1470948b5588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x55cd9019e258 "field", file=0x55cd903483c0 "/test/10.11_dbg/sql/item.cc", line=6009, function=<optimized out>) at assert.c:92
|
#3 0x0000147094730fd6 in __GI___assert_fail (assertion=assertion@entry=0x55cd9019e258 "field", file=file@entry=0x55cd903483c0 "/test/10.11_dbg/sql/item.cc", line=line@entry=6009, function=function@entry=0x55cd9034ae58 "virtual bool Item_field::fix_fields(THD*, Item**)") at assert.c:101
|
#4 0x000055cd8f8e0e00 in Item_field::fix_fields (this=0x14703c078670, thd=0x14703c000db8, reference=0x14703c078668) at /test/10.11_dbg/sql/item.cc:6009
|
#5 0x000055cd8f8e237a in Item::fix_fields_if_needed (ref=<optimized out>, thd=0x14703c000db8, this=<optimized out>) at /test/10.11_dbg/sql/item.h:1144
|
#6 Item_direct_view_ref::fix_fields (this=0x14703c078550, thd=0x14703c000db8, reference=0x14703c078390) at /test/10.11_dbg/sql/item.cc:9182
|
#7 0x000055cd8f9356c2 in Item::fix_fields_if_needed (ref=0x14703c078390, thd=0x14703c000db8, this=<optimized out>) at /test/10.11_dbg/sql/item.h:1144
|
#8 Item_func::fix_fields (this=0x14703c078318, thd=0x14703c000db8, ref=<optimized out>) at /test/10.11_dbg/sql/item_func.cc:347
|
#9 0x000055cd8f8fc78c in Item::fix_fields_if_needed (ref=0x14703c0788d8, thd=0x14703c000db8, this=0x14703c078318) at /test/10.11_dbg/sql/item.h:1152
|
#10 Item::fix_fields_if_needed_for_scalar (ref=0x14703c0788d8, thd=0x14703c000db8, this=0x14703c078318) at /test/10.11_dbg/sql/item.h:1148
|
#11 Item::fix_fields_if_needed_for_bool (ref=0x14703c0788d8, thd=0x14703c000db8, this=0x14703c078318) at /test/10.11_dbg/sql/item.h:1152
|
#12 Item_cond::fix_fields (this=0x14703c0787c8, thd=0x14703c000db8, ref=<optimized out>) at /test/10.11_dbg/sql/item_cmpfunc.cc:4906
|
#13 0x000055cd8f64eac1 in JOIN::optimize_inner (this=this@entry=0x14703c026a18) at /test/10.11_dbg/sql/sql_select.cc:2221
|
#14 0x000055cd8f64fa66 in JOIN::optimize (this=this@entry=0x14703c026a18) at /test/10.11_dbg/sql/sql_select.cc:1863
|
#15 0x000055cd8f5703f6 in mysql_derived_optimize (thd=0x14703c000db8, lex=0x14703c004f18, derived=0x14703c025020) at /test/10.11_dbg/sql/sql_derived.cc:1064
|
#16 0x000055cd8f56fb9d in mysql_handle_single_derived (lex=0x14703c004f18, derived=derived@entry=0x14703c025020, phases=phases@entry=4) at /test/10.11_dbg/sql/sql_derived.cc:200
|
#17 0x000055cd8f64f7f7 in JOIN::optimize_inner (this=this@entry=0x14703c027a20) at /test/10.11_dbg/sql/sql_select.cc:2342
|
#18 0x000055cd8f64fa66 in JOIN::optimize (this=this@entry=0x14703c027a20) at /test/10.11_dbg/sql/sql_select.cc:1863
|
#19 0x000055cd8f64fb59 in mysql_select (thd=thd@entry=0x14703c000db8, tables=0x14703c025020, fields=@0x14703c014760: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14703c014a50, last = 0x14703c014a50, elements = 1}, <No data fields>}, conds=0x14703c0178e0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2202261523200, result=0x14703c027960, unit=0x14703c004ff0, select_lex=0x14703c0144c0) at /test/10.11_dbg/sql/sql_select.cc:5056
|
#20 0x000055cd8f6503a2 in handle_select (thd=thd@entry=0x14703c000db8, lex=lex@entry=0x14703c004f18, result=result@entry=0x14703c027960, setup_tables_done_option=setup_tables_done_option@entry=1073741824) at /test/10.11_dbg/sql/sql_select.cc:581
|
#21 0x000055cd8f5c89e6 in mysql_execute_command (thd=thd@entry=0x14703c000db8, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.11_dbg/sql/sql_parse.cc:4709
|
#22 0x000055cd8f5b4882 in mysql_parse (thd=thd@entry=0x14703c000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14704bf68330) at /test/10.11_dbg/sql/sql_parse.cc:8035
|
#23 0x000055cd8f5c1e6a in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14703c000db8, packet=packet@entry=0x14703c00b6e9 "INSERT INTO c SELECT * FROM (SELECT * FROM (SELECT * FROM c AS d ORDER BY c,c) AS e NATURAL JOIN c AS f) AS g WHERE c=1", packet_length=packet_length@entry=119, blocking=blocking@entry=true) at /test/10.11_dbg/sql/sql_class.h:1339
|
#24 0x000055cd8f5c4574 in do_command (thd=0x14703c000db8, blocking=blocking@entry=true) at /test/10.11_dbg/sql/sql_parse.cc:1407
|
#25 0x000055cd8f7261da in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55cd918fc0c8, put_in_cache=put_in_cache@entry=true) at /test/10.11_dbg/sql/sql_connect.cc:1418
|
#26 0x000055cd8f7266e3 in handle_one_connection (arg=0x55cd918fc0c8) at /test/10.11_dbg/sql/sql_connect.cc:1312
|
#27 0x0000147094c30609 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
#28 0x000014709481c133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
|
10.4.27 3101751f505f39d2ccecd03a916ecdbf2f380740 (Debug)
|
mysqld: /test/10.4_dbg/sql/item.cc:5893: virtual bool Item_field::fix_fields(THD*, Item**): Assertion `context' failed.
|
|
10.4.27 3101751f505f39d2ccecd03a916ecdbf2f380740 (Debug)
|
Core was generated by `/test/MD200822-mariadb-10.4.27-linux-x86_64-dbg/bin/mysqld --no-defaults --core'.
|
Program terminated with signal SIGABRT, Aborted.
|
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
|
[Current thread is 1 (Thread 0x15271c7b9700 (LWP 3153373))]
|
(gdb) bt
|
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
|
#1 0x000015273727b859 in __GI_abort () at abort.c:79
|
#2 0x000015273727b729 in __assert_fail_base (fmt=0x152737411588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x55e544f81ea3 "context", file=0x55e5450f851a "/test/10.4_dbg/sql/item.cc", line=5893, function=<optimized out>) at assert.c:92
|
#3 0x000015273728cfd6 in __GI___assert_fail (assertion=assertion@entry=0x55e544f81ea3 "context", file=file@entry=0x55e5450f851a "/test/10.4_dbg/sql/item.cc", line=line@entry=5893, function=function@entry=0x55e5450faf88 "virtual bool Item_field::fix_fields(THD*, Item**)") at assert.c:101
|
#4 0x000055e54462d0d5 in Item_field::fix_fields (this=0x1526d80728e0, thd=0x1526d8000d90, reference=0x1526d80728d8) at /test/10.4_dbg/sql/item.cc:5893
|
#5 0x000055e54462e717 in Item::fix_fields_if_needed (ref=0x1526d80728d8, thd=0x1526d8000d90, this=0x1526d80728e0) at /test/10.4_dbg/sql/item.h:964
|
#6 Item_direct_view_ref::fix_fields (this=0x1526d80727c0, thd=0x1526d8000d90, reference=0x1526d8072600) at /test/10.4_dbg/sql/item.cc:9040
|
#7 0x000055e54468ae4f in Item::fix_fields_if_needed (ref=0x1526d8072600, thd=0x1526d8000d90, this=0x1526d80727c0) at /test/10.4_dbg/sql/item.h:964
|
#8 Item_func::fix_fields (this=0x1526d8072570, thd=0x1526d8000d90, ref=<optimized out>) at /test/10.4_dbg/sql/item_func.cc:352
|
#9 0x000055e544648526 in Item::fix_fields_if_needed (ref=0x1526d8072b60, thd=0x1526d8000d90, this=0x1526d8072570) at /test/10.4_dbg/sql/item.h:972
|
#10 Item::fix_fields_if_needed_for_scalar (ref=0x1526d8072b60, thd=0x1526d8000d90, this=0x1526d8072570) at /test/10.4_dbg/sql/item.h:968
|
#11 Item::fix_fields_if_needed_for_bool (ref=0x1526d8072b60, thd=0x1526d8000d90, this=0x1526d8072570) at /test/10.4_dbg/sql/item.h:972
|
#12 Item_cond::fix_fields (this=0x1526d8072a30, thd=0x1526d8000d90, ref=<optimized out>) at /test/10.4_dbg/sql/item_cmpfunc.cc:4864
|
#13 0x000055e5443ed3a1 in JOIN::optimize_inner (this=this@entry=0x1526d8070458) at /test/10.4_dbg/sql/sql_select.cc:2048
|
#14 0x000055e5443ee318 in JOIN::optimize (this=this@entry=0x1526d8070458) at /test/10.4_dbg/sql/sql_select.cc:1676
|
#15 0x000055e54432b9cd in mysql_derived_optimize (thd=0x1526d8000d90, lex=0x1526d8004a68, derived=0x1526d8017a68) at /test/10.4_dbg/sql/sql_derived.cc:1048
|
#16 0x000055e54432b177 in mysql_handle_single_derived (lex=0x1526d8004a68, derived=derived@entry=0x1526d8017a68, phases=phases@entry=4) at /test/10.4_dbg/sql/sql_derived.cc:200
|
#17 0x000055e5443ee0ba in JOIN::optimize_inner (this=this@entry=0x1526d80713c8) at /test/10.4_dbg/sql/sql_select.cc:2166
|
#18 0x000055e5443ee318 in JOIN::optimize (this=this@entry=0x1526d80713c8) at /test/10.4_dbg/sql/sql_select.cc:1676
|
#19 0x000055e5443eecbc in mysql_select (thd=thd@entry=0x1526d8000d90, tables=0x1526d8017a68, wild_num=1, fields=@0x1526d8013a50: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x1526d8013ea0, last = 0x1526d8013ea0, elements = 1}, <No data fields>}, conds=0x1526d80182f0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x1526d8071318, unit=0x1526d8004b28, select_lex=0x1526d8013908) at /test/10.4_dbg/sql/sql_select.cc:4772
|
#20 0x000055e5443eefbd in handle_select (thd=thd@entry=0x1526d8000d90, lex=lex@entry=0x1526d8004a68, result=result@entry=0x1526d8071318, setup_tables_done_option=setup_tables_done_option@entry=1073741824) at /test/10.4_dbg/sql/sql_select.cc:436
|
#21 0x000055e544377184 in mysql_execute_command (thd=thd@entry=0x1526d8000d90) at /test/10.4_dbg/sql/sql_parse.cc:4713
|
#22 0x000055e54437df3d in mysql_parse (thd=thd@entry=0x1526d8000d90, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x15271c7b83f0, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.4_dbg/sql/sql_parse.cc:7996
|
#23 0x000055e544380a63 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x1526d8000d90, packet=packet@entry=0x1526d801a1d1 "INSERT INTO c SELECT * FROM (SELECT * FROM (SELECT * FROM c AS d ORDER BY c,c) AS e NATURAL JOIN c AS f) AS g WHERE c=1", packet_length=packet_length@entry=119, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.4_dbg/sql/sql_class.h:1201
|
#24 0x000055e544383524 in do_command (thd=0x1526d8000d90) at /test/10.4_dbg/sql/sql_parse.cc:1378
|
#25 0x000055e5444a486b in do_handle_one_connection (connect=<optimized out>) at /test/10.4_dbg/sql/sql_connect.cc:1420
|
#26 0x000055e5444a492b in handle_one_connection (arg=<optimized out>) at /test/10.4_dbg/sql/sql_connect.cc:1316
|
#27 0x000015273778c609 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
#28 0x0000152737378133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
Bug confirmed present in:
MariaDB: 10.3.37 (dbg), 10.3.37 (opt), 10.4.27 (dbg), 10.4.27 (opt), 10.5.18 (dbg), 10.5.18 (opt), 10.6.10 (dbg), 10.6.10 (opt), 10.7.6 (dbg), 10.7.6 (opt), 10.8.5 (dbg), 10.8.5 (opt), 10.9.2 (dbg), 10.9.2 (opt), 10.10.2 (dbg), 10.10.2 (opt), 10.11.0 (dbg), 10.11.0 (opt)
Bug (or feature/syntax) confirmed not present in:
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.38 (dbg), 5.7.38 (opt), 8.0.29 (dbg), 8.0.29 (opt)
UniqueID's seen across MariaDB versions:
SIGSEGV|Item_field::fix_fields|Item::fix_fields_if_needed|Item::fix_fields_if_needed|Item_direct_view_ref::fix_fields
|
context|SIGABRT|Item_field::fix_fields|Item::fix_fields_if_needed|Item_direct_view_ref::fix_fields|Item::fix_fields_if_needed
|
field|SIGABRT|Item_field::fix_fields|Item::fix_fields_if_needed|Item_direct_view_ref::fix_fields|Item::fix_fields_if_needed
|
I confirmed that the original testcase also generates these same three outcomes across current MariaDB versions.
|
|
pushdown_cond_for_derived creates Items which should be resolved, but without name resolution context.
|
|
The cause of above is cloning temporary table field which never supposed to be resolved.
|
|
The Item was cloned from the other one (created for materialized derived table TABLE_LIST::change_refs_to_fields() ) had no context, because it should not be resolved. But the condition push-down procedure first cleanup items then prepare them again (why?).
|
|
commit edf0449cfd955516391e874ca8a4846ce7cd8f1a (HEAD -> bb-10.3-MDEV-16549, origin/bb-10.3-MDEV-16549)
|
Author: Oleksandr Byelkin <sanja@mariadb.com>
|
Date: Fri Oct 21 13:47:17 2022 +0200
|
|
MDEV-16549 Server crashes in Item_field::fix_fields on query with view and subquery, Assertion `context' failed, Assertion `field' failed
|
|
Add one-table-resolve context for items created to switching to
|
temporary table because thex can be cloned in push-down-condition.
|
|
|
commit c369335918759b7ea8423ae86aef4a1b5950ef2d (HEAD -> bb-10.3-MDEV-16549, origin/bb-10.3-MDEV-16549)
|
Author: Oleksandr Byelkin <sanja@mariadb.com>
|
Date: Fri Oct 21 13:47:17 2022 +0200
|
|
MDEV-16549 Server crashes in Item_field::fix_fields on query with view and subquery, Assertion `context' failed, Assertion `field' failed
|
|
Add one-table-resolve context for items created to switching to
|
temporary table because thex can be cloned in push-down-condition.
|
|
|
The test case revealed that the MDEV-25202 Name_resolution_context::ignored_tables was not being initialized in the non-default constructor nor the init() member function. I fixed that on the merge to 10.6.
|