[MDEV-20437] mysqld got signal 11 in Item_field::fix_fields() Created: 2019-08-27  Updated: 2019-08-28  Resolved: 2019-08-28

Status: Closed
Project: MariaDB Server
Component/s: N/A
Affects Version/s: 10.3.14, 10.3.15, 10.3.16, 10.3.17
Fix Version/s: N/A

Type: Bug Priority: Major
Reporter: Joel Sonoda Assignee: Unassigned
Resolution: Duplicate Votes: 0
Labels: None
Environment:

docker run mariadb

Attachments: File segfault.log     File segfault.sql    
Issue Links:
Duplicate
duplicates MDEV-16549 Server crashes in Item_field::fix_fie... Closed

 Description   

When I try to do an insert with a select, I am always able to cause mariadb server to exit on signal 11.

I do `docker run mariadb:10.3.* ` and then run the segfault.sql script as the root user. This causes the server to exit with signal 11.

This is a simplified example of an issue I have encountered in the wild.

 Comments   
Comment by Marko Mäkelä [ 2019-08-28 ]

Here is the relevant part of segfault.log filtered through c++filt, so that it will show up in searches:

Server version: 10.3.17-MariaDB-1:10.3.17+maria~bionic
 
key_buffer_size=134217728
 
read_buffer_size=2097152
 
max_used_connections=1
 
max_threads=102
 
thread_count=7
 
It is possible that mysqld could use up to 
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 760034 K  bytes of memory
 
Hope that's ok; if not, decrease some variables in the equation.
 
 
 
Thread pointer: 0x7f1370000c08
 
Attempting backtrace. You can use the following information to find out
 
where mysqld died. If you see no messages after this, something went
 
terribly wrong...
 
stack_bottom = 0x7f13dc1d9dd8 thread_stack 0x49000
 
mysqld(my_print_stacktrace+0x2e)[0x5569b87e4e6e]
 
mysqld(handle_fatal_signal+0x515)[0x5569b827d885]
 
/lib/x86_64-linux-gnu/libpthread.so.0(+0x12890)[0x7f13e2f0f890]
 
mysqld(Item_field::fix_fields(THD*, Item**)+0x219)[0x5569b82a1089]
 
mysqld(Item_direct_view_ref::fix_fields(THD*, Item**)+0x113)[0x5569b82a2003]
 
mysqld(Item_func::fix_fields(THD*, Item**)+0x147)[0x5569b82da067]
 
mysqld(Item_cond::fix_fields(THD*, Item**)+0x424)[0x5569b82b18b4]
 
mysqld(JOIN::optimize_inner()+0x705)[0x5569b80f1dc5]
 
mysqld(JOIN::optimize()+0x37)[0x5569b80f3fb7]
 
mysqld(mysql_derived_optimize(THD*, LEX*, TABLE_LIST*)+0xef)[0x5569b8067ebf]
 
mysqld(mysql_handle_single_derived(LEX*, TABLE_LIST*, unsigned int)+0xb1)[0x5569b8067771]
 
mysqld(JOIN::optimize_inner()+0x63e)[0x5569b80f1cfe]
 
mysqld(JOIN::optimize()+0x37)[0x5569b80f3fb7]
 
mysqld(mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*)+0x856)[0x5569b80f5d86]
 
mysqld(handle_select(THD*, LEX*, select_result*, unsigned long)+0x14d)[0x5569b80f5f8d]
 
mysqld(mysql_execute_command(THD*)+0x7d57)[0x5569b80a5127]
 
mysqld(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool)+0x20a)[0x5569b80a56ba]
 
mysqld(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool)+0x1c57)[0x5569b80a8037]
 
mysqld(do_command(THD*)+0x178)[0x5569b80a8df8]
 
mysqld(do_handle_one_connection(CONNECT*)+0x33e)[0x5569b817b1de]
 
mysqld(handle_one_connection+0x3d)[0x5569b817b2ad]
 
/lib/x86_64-linux-gnu/libpthread.so.0(+0x76db)[0x7f13e2f046db]
 
/lib/x86_64-linux-gnu/libc.so.6(clone+0x3f)[0x7f13e250688f]
 
 
 
Trying to get some variables.
 
Some pointers may be invalid and cause the dump to abort.
 
Query (0x7f137000f5e0): insert into `table_d` (`name`, `uuid`, `c_id`) select distinct (     case         when (x2.x4 is null) then null         else (substring(x2.x4, 1, 100))     end),    case        when (x2.x16 is not null) then x2.x17        else null    end,    x2.x18 from (select x19.x23 as x18, x19.x32 as x33, x19.x81 as x4, x19.x90 as x16, x19.x139 as x17, x19.x140 as x141,           (case when (x216.`d_id` is null) then null else 1 end) as x217           from (               select x255.x258 as x23, x255.x264 as x32, x255.x267 as x37,                 x255.x293 as x81,                 x255.x298 as x90,                 x255.x323 as x139,                 (case when (x324.`d_id` is null) then null else 1 end) as x140             from (                 select                        x325.`c_id` as x258,                        x325.`a_id` as x264,                        x325.`uuid` as x267,                       x326.`name` as x293,                       (case when (x327.`uuid` is null) then null else 1 end) as x298,                       x327.`uuid` as x323                   from `table_c` x325                            inner join `table_a` x326 on x325.`a_id` = x326.`a_id`                            left outer join `table_b` x327 on x327.`uuid` = x326.`uuid`) x255                      left outer join `table_d` x324 on x324.`c_id` = x255.x258) x19                left outer join `table_d` x216 on (x19.x37 = x216.`uuid`) and false) x2          left outer join `table_d` x328 on (x2.x33 = x328.`a_id`) where (((x2.x141 is null) and (x2.x217 is null)) and (x328.`d_id` is null))
 
Connection ID (thread ID): 10
 
Status: NOT_KILLED
 
 
 
Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,engine_condition_pushdown=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=off,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on

A quick search for Item_field::fix_fields returned (among others) MDEV-16549 (a different crash for a debug build).

Comment by Alice Sherepa [ 2019-08-28 ]

Thanks for the report!

Reproduced as described on 10.3, it is indeed the same bug as MDEV-16549:

10.3 e41eb044f19e3ee9b8

 
/git/10.3/sql/item.cc:6052: virtual bool Item_field::fix_fields(THD*, Item**): Assertion `context' failed.
 
190828 11:01:19 [ERROR] mysqld got signal 6 ;
 
 
 
linux/raise.c:54(__GI_raise)[0x7f2db8a73428]
 
stdlib/abort.c:91(__GI_abort)[0x7f2db8a7502a]
 
assert/assert.c:92(__assert_fail_base)[0x7f2db8a6bbd7]
 
/lib/x86_64-linux-gnu/libc.so.6(+0x2dc82)[0x7f2db8a6bc82]
 
sql/item.cc:6060(Item_field::fix_fields(THD*, Item**))[0x55766ee0b705]
 
sql/item.h:824(Item::fix_fields_if_needed(THD*, Item**))[0x55766ee14241]
 
sql/item.cc:8973(Item_direct_view_ref::fix_fields(THD*, Item**))[0x55766e9e72b0]
 
sql/item.h:824(Item::fix_fields_if_needed(THD*, Item**))[0x55766ee618f1]
 
sql/item_func.cc:351(Item_func::fix_fields(THD*, Item**))[0x55766e9e72b0]
 
sql/item.h:824(Item::fix_fields_if_needed(THD*, Item**))[0x55766e9e72dd]
 
sql/item.h:827(Item::fix_fields_if_needed_for_scalar(THD*, Item**))[0x55766ea6118b]
 
sql/item.h:832(Item::fix_fields_if_needed_for_bool(THD*, Item**))[0x55766ee30bf4]
 
sql/item_cmpfunc.cc:4605(Item_cond::fix_fields(THD*, Item**))[0x55766eb253fd]
 
sql/sql_select.cc:1664(JOIN::optimize_inner())[0x55766eb24829]
 
sql/sql_select.cc:1453(JOIN::optimize())[0x55766ea974df]
 
sql/sql_derived.cc:907(mysql_derived_optimize(THD*, LEX*, TABLE_LIST*))[0x55766ea95b1e]
 
sql/sql_derived.cc:199(mysql_handle_single_derived(LEX*, TABLE_LIST*, unsigned int))[0x55766eb25789]
 
sql/sql_select.cc:1717(JOIN::optimize_inner())[0x55766eb24829]
 
sql/sql_select.cc:1453(JOIN::optimize())[0x55766eb2e424]
 
sql/sql_select.cc:4229(mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x55766eb20400]
 
sql/sql_select.cc:386(handle_select(THD*, LEX*, select_result*, unsigned long))[0x55766eae3f56]
 
sql/sql_parse.cc:4566(mysql_execute_command(THD*))[0x55766eaee804]
 
sql/sql_parse.cc:7829(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x55766eadc348]
 
sql/sql_parse.cc:1858(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x55766eadad29]
 
sql/sql_parse.cc:1402(do_command(THD*))[0x55766ec45ca4]
 
sql/sql_connect.cc:1403(do_handle_one_connection(CONNECT*))[0x55766ec459e0]
 
sql/sql_connect.cc:1309(handle_one_connection)[0x55766f51e3ae]
 
/lib/x86_64-linux-gnu/libpthread.so.0(+0x76ba)[0x7f2db96b06ba]
 
x86_64/clone.S:111(clone)[0x7f2db8b4541d]
 
 
 
Trying to get some variables.
 
Some pointers may be invalid and cause the dump to abort.
 
Query (0x7f2d60012818): insert into `table_d` (`name`, `uuid`, `c_id`) select distinct ( case when (x2.x4 is null) then null else (substring(x2.x4, 1, 100)) end), case when (x2.x16 is not null) then x2.x17 else null end, x2.x18 from (select x19.x23 as x18, x19.x32 as x33, x19.x81 as x4, x19.x90 as x16, x19.x139 as x17, x19.x140 as x141, (case when (x216.`d_id` is null) then null else 1 end) as x217 from ( select x255.x258 as x23, x255.x264 as x32, x255.x267 as x37, x255.x293 as x81, x255.x298 as x90, x255.x323 as x139, (case when (x324.`d_id` is null) then null else 1 end) as x140 from ( select x325.`c_id` as x258, x325.`a_id` as x264, x325.`uuid` as x267, x326.`name` as x293, (case when (x327.`uuid` is null) then null else 1 end) as x298, x327.`uuid` as x323 from `table_c` x325 inner join `table_a` x326 on x325.`a_id` = x326.`a_id`                            left outer join `table_b` x327 on x327.`uuid` = x326.`uuid`) x255 left outer join `table_d` x324 on x324.`c_id` = x255.x258) x19 left outer join `table_d` x216 on (x19.x37 = x216.`uuid`) and false) x2 left outer join `table_d` x328 on (x2.x33 = x328.`a_id`) where (((x2.x141 is null) and (x2.x217 is null)) and (x328.`d_id` is null))

if you'd like to follow the progress, please, watch MDEV-16549

Generated at Thu Feb 08 08:59:28 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.