[MDEV-22121] server crashes in Item_field::print after query ANALYZE format=json Created: 2020-04-02  Updated: 2021-04-26  Resolved: 2020-08-04

Status: Closed
Project: MariaDB Server
Component/s: Optimizer - CTE
Affects Version/s: 10.2, 10.3, 10.4
Fix Version/s: N/A

Type: Bug Priority: Major
Reporter: Alice Sherepa Assignee: Varun Gupta (Inactive)
Resolution: Duplicate Votes: 1
Labels: None

Issue Links:
Relates
relates to MDEV-22042 Server crash in Item_field::print on ... Closed

 Description   

fails on 10.3, 10.4:

--source include/have_innodb.inc
 
 
 
create table t1 (a1 varchar(20),a2 varchar(20)) engine=innodb;
 
insert into t1 values (1,1),(2,2),(3,3);
 
 
 
create table t2 (a2 varchar(20) primary key, b1 varchar(20), key (b1)) engine=innodb ;
 
insert into t2 values (1,1),(2,2),(3,3);
 
 
 
delimiter $$;
 
create  function f1(id varchar(20)) returns varchar(50) 
begin
 
  declare res  varchar (50);                   
  select a2 into res from t2 where a2=id and b1=1 limit 1;
 
  return res;
 
end$$
 
delimiter ;$$
 
 
 
analyze format=json 
select fv
 
from (select t1.a1, f1(t1.a2) fv from t1) dt
 
where (dt.a1) in (with recursive cte as (select a2 from t2 where a2='2'
 
   union select tt2.a2 from t2 tt2 join cte on tt2.b1=cte.a2)
 
select a2 from cte);

10.3 b40b3720cbba133ee7

 
Version: '10.3.23-MariaDB-debug-log' 
200402 13:01:11 [ERROR] mysqld got signal 11 ;
 
 
 
mysys/stacktrace.c:269(my_print_stacktrace)[0x55c072cdf4b4]
 
sql/signal_handler.cc:209(handle_fatal_signal)[0x55c07245dbb9]
 
/lib/x86_64-linux-gnu/libpthread.so.0(+0x11390)[0x7f381459b390]
 
sql/item.cc:7743(Item_field::print(String*, enum_query_type))[0x55c0724916fc]
 
sql/item.cc:603(Item::print_parenthesised(String*, enum_query_type, precedence))[0x55c07247a609]
 
sql/item_cmpfunc.cc:5215(Item_func_isnotnull::print(String*, enum_query_type))[0x55c0724b5d1f]
 
sql/sql_explain.cc:1416(write_item(Json_writer*, Item*))[0x55c0722f1248]
 
sql/sql_explain.cc:1475(Explain_table_access::tag_to_json(Json_writer*, explain_extra_tag))[0x55c0722f1530]
 
sql/sql_explain.cc:1717(Explain_table_access::print_explain_json(Explain_query*, Json_writer*, bool))[0x55c0722f211c]
 
sql/sql_explain.cc:1065(Explain_basic_join::print_explain_json_interns(Explain_query*, Json_writer*, bool))[0x55c0722efe88]
 
sql/sql_explain.cc:964(Explain_select::print_explain_json(Explain_query*, Json_writer*, bool))[0x55c0722ef944]
 
sql/sql_explain.cc:614(Explain_union::print_explain_json(Explain_query*, Json_writer*, bool))[0x55c0722ee87e]
 
sql/sql_explain.cc:1760(Explain_table_access::print_explain_json(Explain_query*, Json_writer*, bool))[0x55c0722f23d4]
 
sql/sql_explain.cc:1065(Explain_basic_join::print_explain_json_interns(Explain_query*, Json_writer*, bool))[0x55c0722efe88]
 
sql/sql_explain.cc:1048(Explain_basic_join::print_explain_json(Explain_query*, Json_writer*, bool))[0x55c0722efdcb]
 
sql/sql_explain.cc:1778(Explain_table_access::print_explain_json(Explain_query*, Json_writer*, bool))[0x55c0722f2541]
 
sql/sql_explain.cc:1065(Explain_basic_join::print_explain_json_interns(Explain_query*, Json_writer*, bool))[0x55c0722efe88]
 
sql/sql_explain.cc:964(Explain_select::print_explain_json(Explain_query*, Json_writer*, bool))[0x55c0722ef944]
 
sql/sql_explain.cc:232(Explain_query::print_explain_json(select_result_sink*, bool))[0x55c0722ece8a]
 
sql/sql_explain.cc:172(Explain_query::send_explain(THD*))[0x55c0722ecbe5]
 
sql/sql_parse.cc:6305(execute_sqlcom_select(THD*, TABLE_LIST*))[0x55c07214944b]
 
sql/sql_parse.cc:3820(mysql_execute_command(THD*))[0x55c07213fdbe]
 
sql/sql_parse.cc:7817(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x55c07214d68a]
 
sql/sql_parse.cc:1858(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x55c07213a1b0]
 
sql/sql_parse.cc:1402(do_command(THD*))[0x55c072138abb]
 
sql/sql_connect.cc:1403(do_handle_one_connection(CONNECT*))[0x55c0722b18b0]
 
sql/sql_connect.cc:1309(handle_one_connection)[0x55c0722b15ec]
 
perfschema/pfs.cc:1871(pfs_spawn_thread)[0x55c072c65c20]
 
/lib/x86_64-linux-gnu/libpthread.so.0(+0x76ba)[0x7f38145916ba]
 
x86_64/clone.S:111(clone)[0x7f3813a2641d]
 
 
 
Query (0x7f37c4012818): analyze format=json  select fv from (select t1.a1, f1(t1.a2) fv from t1) dt where (dt.a1) in (with recursive cte as (select a2 from t2 where a2='2'    union select tt2.a2 from t2 tt2 join cte on tt2.b1=cte.a2) select a2 from cte)

if there is no key on table t2 or engine is not Innodb, but MyIsam, the stacktrace is slightly different:

#3  <signal handler called>
 
#4  0x000055652923d6c6 in Item_field::print (this=0x7fb684167770, str=0x7fb6ce8b8dd0, query_type=QT_EXPLAIN) at /10.3/sql/item.cc:7743
 
#5  0x00005565292265d3 in Item::print_parenthesised (this=0x7fb684167770, str=0x7fb6ce8b8dd0, query_type=QT_EXPLAIN, parent_prec=BITOR_PRECEDENCE) at /10.3/sql/item.cc:602
 
#6  0x0000556529292cbf in Item_func::print_op (this=0x7fb684058b18, str=0x7fb6ce8b8dd0, query_type=QT_EXPLAIN) at /10.3/sql/item_func.cc:625
 
#7  0x000055652926891f in Item_bool_rowready_func2::print (this=0x7fb684058b18, str=0x7fb6ce8b8dd0, query_type=QT_EXPLAIN) at /10.3/sql/item_cmpfunc.h:513
 
#8  0x000055652909d248 in write_item (writer=0x7fb6ce8b95d0, item=0x7fb684058b18) at /10.3/sql/sql_explain.cc:1414
 
#9  0x000055652909e2ce in Explain_table_access::print_explain_json (this=0x7fb6840596f8, query=0x7fb68404b708, writer=0x7fb6ce8b95d0, is_analyze=true) at /10.3/sql/sql_explain.cc:1740
 
#10 0x000055652909be88 in Explain_basic_join::print_explain_json_interns (this=0x7fb684059108, query=0x7fb68404b708, writer=0x7fb6ce8b95d0, is_analyze=true) at /10.3/sql/sql_explain.cc:1063
 
#11 0x000055652909b944 in Explain_select::print_explain_json (this=0x7fb684059108, query=0x7fb68404b708, writer=0x7fb6ce8b95d0, is_analyze=true) at /10.3/sql/sql_explain.cc:962
 
#12 0x000055652909a87e in Explain_union::print_explain_json (this=0x7fb6840603c8, query=0x7fb68404b708, writer=0x7fb6ce8b95d0, is_analyze=true) at /10.3/sql/sql_explain.cc:613
 
#13 0x000055652909e3d4 in Explain_table_access::print_explain_json (this=0x7fb68405fb30, query=0x7fb68404b708, writer=0x7fb6ce8b95d0, is_analyze=true) at /10.3/sql/sql_explain.cc:1759
 
#14 0x000055652909be88 in Explain_basic_join::print_explain_json_interns (this=0x7fb68405cf28, query=0x7fb68404b708, writer=0x7fb6ce8b95d0, is_analyze=true) at /10.3/sql/sql_explain.cc:1063
 
#15 0x000055652909bdcb in Explain_basic_join::print_explain_json (this=0x7fb68405cf28, query=0x7fb68404b708, writer=0x7fb6ce8b95d0, is_analyze=true) at /10.3/sql/sql_explain.cc:1046
 
#16 0x000055652909e541 in Explain_table_access::print_explain_json (this=0x7fb684060048, query=0x7fb68404b708, writer=0x7fb6ce8b95d0, is_analyze=true) at /10.3/sql/sql_explain.cc:1777
 
#17 0x000055652909be88 in Explain_basic_join::print_explain_json_interns (this=0x7fb68405caa0, query=0x7fb68404b708, writer=0x7fb6ce8b95d0, is_analyze=true) at /10.3/sql/sql_explain.cc:1063
 
#18 0x000055652909b944 in Explain_select::print_explain_json (this=0x7fb68405caa0, query=0x7fb68404b708, writer=0x7fb6ce8b95d0, is_analyze=true) at /10.3/sql/sql_explain.cc:962
 
#19 0x0000556529098e8a in Explain_query::print_explain_json (this=0x7fb68404b708, output=0x7fb6840605c0, is_analyze=true) at /10.3/sql/sql_explain.cc:229
 
#20 0x0000556529098be5 in Explain_query::send_explain (this=0x7fb68404b708, thd=0x7fb684000af0) at /10.3/sql/sql_explain.cc:172
 
#21 0x0000556528ef544b in execute_sqlcom_select (thd=0x7fb684000af0, all_tables=0x7fb684015530) at /10.3/sql/sql_parse.cc:6305
 
#22 0x0000556528eebdbe in mysql_execute_command (thd=0x7fb684000af0) at /10.3/sql/sql_parse.cc:3820
 
#23 0x0000556528ef968a in mysql_parse (thd=0x7fb684000af0, rawbuf=0x7fb684012818 "analyze format=json \nselect fv\nfrom (select t1.a1, f1(t1.a2) fv from t1) dt\nwhere (dt.a1) in (with recursive cte as (select a2 from t2 where a2='2'\n   union select tt2.a2 from t2 tt2 join cte on tt2.b"..., length=229, parser_state=0x7fb6ce8ba460, is_com_multi=false, is_next_command=false) at /10.3/sql/sql_parse.cc:7817
 
#24 0x0000556528ee61b0 in dispatch_command (command=COM_QUERY, thd=0x7fb684000af0, packet=0x7fb68409fc91 "", packet_length=229, is_com_multi=false, is_next_command=false) at /10.3/sql/sql_parse.cc:1856
 
#25 0x0000556528ee4abb in do_command (thd=0x7fb684000af0) at /10.3/sql/sql_parse.cc:1402
 
#26 0x000055652905d8b0 in do_handle_one_connection (connect=0x55652b949600) at /10.3/sql/sql_connect.cc:1403
 
#27 0x000055652905d5ec in handle_one_connection (arg=0x55652b949600) at /10.3/sql/sql_connect.cc:1308
 
#28 0x0000556529a11bea in pfs_spawn_thread (arg=0x55652b8ae090) at /10.3/storage/perfschema/pfs.cc:1869
 
#29 0x00007fb6d5e8c6ba in start_thread (arg=0x7fb6ce8bb700) at pthread_create.c:333
 
#30 0x00007fb6d532141d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109



 Comments   
Comment by Varun Gupta (Inactive) [ 2020-08-04 ]

Fixed by MDEV-22042

Generated at Thu Feb 08 09:12:21 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.