[MDEV-24510] Assertion `tmp != ((long long) 0x8000000000000000LL)' failed in TIME_from_longlong_datetime_packed & UBSAN: runtime error: negation of -9223372036854775808 cannot be represented in type 'long long int' Created: 2021-01-01  Updated: 2022-05-07  Resolved: 2022-05-07

Status: Closed
Project: MariaDB Server
Component/s: Optimizer
Affects Version/s: 10.5, 10.6, 10.7
Fix Version/s: N/A

Type: Bug Priority: Major
Reporter: Roel Van de Paar Assignee: Sergei Golubchik
Resolution: Fixed Votes: 0
Labels: not-10.2, not-10.3, not-10.4, regression

Issue Links:
Blocks
is blocked by MDEV-27673 Warning after "select progress from i... Closed
Relates
relates to MDEV-26507 Assertion `tmp != ((long long) 0x8000... Closed
relates to MDEV-21406 Wrong result or Assertion `tmp != ((l... Confirmed
relates to MDEV-25454 Make MariaDB server UBSAN safe Confirmed

 Description   

Same assert as MDEV-21406, but different testcase. Bugs may or may not be related. Test may be (lightly) sporadic. Test may require CLI based replay. 

SET SESSION sql_mode='NO_ZERO_DATE';
 
SET SESSION sql_buffer_result=ON;
 
SELECT CREATED INTO @c FROM information_schema.routines WHERE routine_schema='test' AND routine_name='a';

Leads to:

10.6.0 9118fd360a3da0bba521caf2a35c424968235ac4 (Debug)

 
mysqld: /test/10.6_dbg/sql/compat56.cc:271: void TIME_from_longlong_datetime_packed(MYSQL_TIME*, longlong): Assertion `tmp != ((long long) 0x8000000000000000LL)' failed.

10.6.0 9118fd360a3da0bba521caf2a35c424968235ac4 (Debug)

 
Core was generated by `/test/MD010121-mariadb-10.6.0-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
 
Program terminated with signal SIGABRT, Aborted.
 
#0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=6)
 
    at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
 
[Current thread is 1 (Thread 0x14ebb8551700 (LWP 928788))]
 
(gdb) bt
 
#0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=6) at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
 
#1  0x00005651456d90d7 in my_write_core (sig=sig@entry=6) at /test/10.6_dbg/mysys/stacktrace.c:424
 
#2  0x0000565144e6dab1 in handle_fatal_signal (sig=6) at /test/10.6_dbg/sql/signal_handler.cc:330
 
#3  <signal handler called>
 
#4  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
 
#5  0x000014ebce3cb859 in __GI_abort () at abort.c:79
 
#6  0x000014ebce3cb729 in __assert_fail_base (fmt=0x14ebce561588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x5651459a6718 "tmp != ((long long) 0x8", '0' <repeats 15 times>, "LL)", file=0x5651459a6508 "/test/10.6_dbg/sql/compat56.cc", line=271, function=<optimized out>) at assert.c:92
 
#7  0x000014ebce3dcf36 in __GI___assert_fail (assertion=assertion@entry=0x5651459a6718 "tmp != ((long long) 0x8", '0' <repeats 15 times>, "LL)", file=file@entry=0x5651459a6508 "/test/10.6_dbg/sql/compat56.cc", line=line@entry=271, function=function@entry=0x5651459a66d8 "void TIME_from_longlong_datetime_packed(MYSQL_TIME*, longlong)") at assert.c:101
 
#8  0x0000565144e327d5 in TIME_from_longlong_datetime_packed (ltime=ltime@entry=0x14ebb854f210, tmp=tmp@entry=-9223372036854775808) at /test/10.6_dbg/sql/compat56.cc:271
 
#9  0x0000565144e427de in Field_datetimef::get_TIME (this=<optimized out>, ltime=0x14ebb854f210, pos=0x14eb88030224 "", fuzzydate={m_mode = date_mode_t::CONV_NONE}) at /test/10.6_dbg/sql/field.cc:7102
 
#10 0x0000565144e62e69 in Field_datetimef::get_date (this=<optimized out>, ltime=<optimized out>, fuzzydate=<optimized out>) at /test/10.6_dbg/sql/field.h:3923
 
#11 0x0000565144e5d4a8 in Field_temporal::save_in_field (this=0x14eb88020740, to=0x14eb88049550) at /test/10.6_dbg/sql/sql_basic_types.h:279
 
#12 0x0000565144ce7d9f in Field::store_field (this=<optimized out>, from=<optimized out>) at /test/10.6_dbg/sql/field.h:907
 
#13 0x0000565144e63665 in field_conv_incompatible (to=to@entry=0x14eb88049550, from=from@entry=0x14eb88020740) at /test/10.6_dbg/sql/field_conv.cc:850
 
#14 0x0000565144e64c65 in field_conv (to=to@entry=0x14eb88049550, from=from@entry=0x14eb88020740) at /test/10.6_dbg/sql/field_conv.cc:861
 
#15 0x0000565144c0178d in Create_tmp_table::finalize (this=this@entry=0x14ebb854f3c0, thd=thd@entry=0x14eb88000db8, table=table@entry=0x14eb88048870, param=param@entry=0x14eb88038618, do_not_open=do_not_open@entry=true, keep_row_order=keep_row_order@entry=false) at /test/10.6_dbg/sql/sql_select.cc:18795
 
#16 0x0000565144c02442 in create_tmp_table (thd=0x14eb88000db8, param=0x14eb88038618, fields=@0x14eb88015a50: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14eb88012da8, last = 0x14eb88012da8, elements = 1}, <No data fields>}, group=group@entry=0x0, distinct=distinct@entry=false, save_sum_fields=save_sum_fields@entry=false, select_options=2684750592, rows_limit=18446744073709551615, table_alias=0x565145f689e0 <empty_clex_str>, do_not_open=true, keep_row_order=false) at /test/10.6_dbg/sql/sql_select.cc:19169
 
#17 0x0000565144c128f6 in JOIN::create_postjoin_aggr_table (this=this@entry=0x14eb88015728, tab=tab@entry=0x14eb88017688, table_fields=table_fields@entry=0x14eb88015a50, table_group=0x0, save_sum_fields=<optimized out>, distinct=distinct@entry=false, keep_row_order=false) at /test/10.6_dbg/sql/sql_select.cc:3748
 
#18 0x0000565144c13cd9 in JOIN::make_aggr_tables_info (this=this@entry=0x14eb88015728) at /test/10.6_dbg/sql/sql_select.cc:3348
 
#19 0x0000565144c27355 in JOIN::optimize_stage2 (this=this@entry=0x14eb88015728) at /test/10.6_dbg/sql/sql_select.cc:2992
 
#20 0x0000565144c28e3b in JOIN::optimize_inner (this=this@entry=0x14eb88015728) at /test/10.6_dbg/sql/sql_select.cc:2277
 
#21 0x0000565144c2906c in JOIN::optimize (this=this@entry=0x14eb88015728) at /test/10.6_dbg/sql/sql_select.cc:1627
 
#22 0x0000565144c299ba in mysql_select (thd=thd@entry=0x14eb88000db8, tables=0x14eb88012ea0, fields=@0x14eb88012948: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14eb88012da8, last = 0x14eb88012da8, elements = 1}, <No data fields>}, conds=0x14eb88013df0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2684750592, result=0x14eb88012db8, unit=0x14eb88004f80, select_lex=0x14eb880127f8) at /test/10.6_dbg/sql/sql_select.cc:4654
 
#23 0x0000565144c29cd0 in handle_select (thd=thd@entry=0x14eb88000db8, lex=lex@entry=0x14eb88004eb8, result=result@entry=0x14eb88012db8, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.6_dbg/sql/sql_select.cc:417
 
#24 0x0000565144b9c19d in execute_sqlcom_select (thd=thd@entry=0x14eb88000db8, all_tables=0x14eb88012ea0) at /test/10.6_dbg/sql/sql_parse.cc:6116
 
#25 0x0000565144ba8c7c in mysql_execute_command (thd=thd@entry=0x14eb88000db8) at /test/10.6_dbg/sql/sql_parse.cc:3820
 
#26 0x0000565144b95072 in mysql_parse (thd=thd@entry=0x14eb88000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14ebb85503d0) at /test/10.6_dbg/sql/sql_parse.cc:7881
 
#27 0x0000565144ba31ec in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14eb88000db8, packet=packet@entry=0x14eb88008d39 "SELECT CREATED INTO @c FROM information_schema.routines WHERE routine_schema='test' AND routine_name='a'", packet_length=packet_length@entry=104) at /test/10.6_dbg/sql/sql_class.h:1293
 
#28 0x0000565144ba652d in do_command (thd=0x14eb88000db8) at /test/10.6_dbg/sql/sql_parse.cc:1348
 
#29 0x0000565144d027fc in do_handle_one_connection (connect=<optimized out>, connect@entry=0x565148aeb458, put_in_cache=put_in_cache@entry=true) at /test/10.6_dbg/sql/sql_connect.cc:1410
 
#30 0x0000565144d02f03 in handle_one_connection (arg=arg@entry=0x565148aeb458) at /test/10.6_dbg/sql/sql_connect.cc:1312
 
#31 0x00005651451b888f in pfs_spawn_thread (arg=0x565148a378b8) at /test/10.6_dbg/storage/perfschema/pfs.cc:2201
 
#32 0x000014ebce8d9609 in start_thread (arg=<optimized out>) at pthread_create.c:477
 
#33 0x000014ebce4c8293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Bug confirmed present in:
MariaDB: 10.5.9 (dbg), 10.6.0 (dbg)

Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.2.37 (dbg), 10.2.37 (opt), 10.3.28 (dbg), 10.3.28 (opt), 10.4.18 (dbg), 10.4.18 (opt), 10.5.9 (opt), 10.6.0 (opt)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.50 (dbg), 5.6.50 (opt), 5.7.32 (dbg), 5.7.32 (opt), 8.0.22 (dbg), 8.0.22 (opt)

Optimized 10.6 build output (and same result on 10.4 debug build):

10.6.0 9118fd360a3da0bba521caf2a35c424968235ac4 (Optimized)

 
10.6.0>show warnings;
 
+---------+------+-----------------------------------------------------+
 
| Level   | Code | Message                                             |
 
+---------+------+-----------------------------------------------------+
 
| Warning | 1329 | No data - zero rows fetched, selected, or processed |
 
+---------+------+-----------------------------------------------------+
 
1 row in set (0.000 sec)



 Comments   
Comment by Roel Van de Paar [ 2021-01-01 ]

Secondary testcase

SET SESSION sql_buffer_result=1;
 
SET SQL_MODE='traditional';
 
SELECT event_name, created, last_altered FROM information_schema.events;

Leads to:

10.6.0 9118fd360a3da0bba521caf2a35c424968235ac4 (Debug)

 
mysqld: /test/10.6_dbg/sql/compat56.cc:271: void TIME_from_longlong_datetime_packed(MYSQL_TIME*, longlong): Assertion `tmp != ((long long) 0x8000000000000000LL)' failed.

10.6.0 9118fd360a3da0bba521caf2a35c424968235ac4 (Debug)

 
Core was generated by `/test/MD010121-mariadb-10.6.0-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
 
Program terminated with signal SIGABRT, Aborted.
 
#0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=6)
 
    at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
 
[Current thread is 1 (Thread 0x145f201ad700 (LWP 4061036))]
 
(gdb) bt
 
#0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=6) at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
 
#1  0x0000563e5e5420d7 in my_write_core (sig=sig@entry=6) at /test/10.6_dbg/mysys/stacktrace.c:424
 
#2  0x0000563e5dcd6ab1 in handle_fatal_signal (sig=6) at /test/10.6_dbg/sql/signal_handler.cc:330
 
#3  <signal handler called>
 
#4  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
 
#5  0x0000145f34c2d859 in __GI_abort () at abort.c:79
 
#6  0x0000145f34c2d729 in __assert_fail_base (fmt=0x145f34dc3588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x563e5e80f718 "tmp != ((long long) 0x8", '0' <repeats 15 times>, "LL)", file=0x563e5e80f508 "/test/10.6_dbg/sql/compat56.cc", line=271, function=<optimized out>) at assert.c:92
 
#7  0x0000145f34c3ef36 in __GI___assert_fail (assertion=assertion@entry=0x563e5e80f718 "tmp != ((long long) 0x8", '0' <repeats 15 times>, "LL)", file=file@entry=0x563e5e80f508 "/test/10.6_dbg/sql/compat56.cc", line=line@entry=271, function=function@entry=0x563e5e80f6d8 "void TIME_from_longlong_datetime_packed(MYSQL_TIME*, longlong)") at assert.c:101
 
#8  0x0000563e5dc9b7d5 in TIME_from_longlong_datetime_packed (ltime=ltime@entry=0x145f201ab210, tmp=tmp@entry=-9223372036854775808) at /test/10.6_dbg/sql/compat56.cc:271
 
#9  0x0000563e5dcab7de in Field_datetimef::get_TIME (this=<optimized out>, ltime=0x145f201ab210, pos=0x145ee002e822 "", fuzzydate={m_mode = date_mode_t::CONV_NONE}) at /test/10.6_dbg/sql/field.cc:7102
 
#10 0x0000563e5dccbe69 in Field_datetimef::get_date (this=<optimized out>, ltime=<optimized out>, fuzzydate=<optimized out>) at /test/10.6_dbg/sql/field.h:3923
 
#11 0x0000563e5dcc64a8 in Field_temporal::save_in_field (this=0x145ee001fbe8, to=0x145ee0043658) at /test/10.6_dbg/sql/sql_basic_types.h:279
 
#12 0x0000563e5db50d9f in Field::store_field (this=<optimized out>, from=<optimized out>) at /test/10.6_dbg/sql/field.h:907
 
#13 0x0000563e5dccc665 in field_conv_incompatible (to=to@entry=0x145ee0043658, from=from@entry=0x145ee001fbe8) at /test/10.6_dbg/sql/field_conv.cc:850
 
#14 0x0000563e5dccdc65 in field_conv (to=to@entry=0x145ee0043658, from=from@entry=0x145ee001fbe8) at /test/10.6_dbg/sql/field_conv.cc:861
 
#15 0x0000563e5da6a78d in Create_tmp_table::finalize (this=this@entry=0x145f201ab3c0, thd=thd@entry=0x145ee0000db8, table=table@entry=0x145ee0042770, param=param@entry=0x145ee0017da8, do_not_open=do_not_open@entry=true, keep_row_order=keep_row_order@entry=false) at /test/10.6_dbg/sql/sql_select.cc:18795
 
#16 0x0000563e5da6b442 in create_tmp_table (thd=0x145ee0000db8, param=0x145ee0017da8, fields=@0x145ee0014f70: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x145ee0012d68, last = 0x145ee0013020, elements = 3}, <No data fields>}, group=group@entry=0x0, distinct=distinct@entry=false, save_sum_fields=save_sum_fields@entry=false, select_options=2684750592, rows_limit=18446744073709551615, table_alias=0x563e5edd19e0 <empty_clex_str>, do_not_open=true, keep_row_order=false) at /test/10.6_dbg/sql/sql_select.cc:19169
 
#17 0x0000563e5da7b8f6 in JOIN::create_postjoin_aggr_table (this=this@entry=0x145ee0014c48, tab=tab@entry=0x145ee0016330, table_fields=table_fields@entry=0x145ee0014f70, table_group=0x0, save_sum_fields=<optimized out>, distinct=distinct@entry=false, keep_row_order=false) at /test/10.6_dbg/sql/sql_select.cc:3748
 
#18 0x0000563e5da7ccd9 in JOIN::make_aggr_tables_info (this=this@entry=0x145ee0014c48) at /test/10.6_dbg/sql/sql_select.cc:3348
 
#19 0x0000563e5da90355 in JOIN::optimize_stage2 (this=this@entry=0x145ee0014c48) at /test/10.6_dbg/sql/sql_select.cc:2992
 
#20 0x0000563e5da91e3b in JOIN::optimize_inner (this=this@entry=0x145ee0014c48) at /test/10.6_dbg/sql/sql_select.cc:2277
 
#21 0x0000563e5da9206c in JOIN::optimize (this=this@entry=0x145ee0014c48) at /test/10.6_dbg/sql/sql_select.cc:1627
 
#22 0x0000563e5da929ba in mysql_select (thd=thd@entry=0x145ee0000db8, tables=0x145ee0013080, fields=@0x145ee0012900: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x145ee0012d68, last = 0x145ee0013020, elements = 3}, <No data fields>}, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2684750592, result=0x145ee0014c20, unit=0x145ee0004f80, select_lex=0x145ee00127b0) at /test/10.6_dbg/sql/sql_select.cc:4654
 
#23 0x0000563e5da92cd0 in handle_select (thd=thd@entry=0x145ee0000db8, lex=lex@entry=0x145ee0004eb8, result=result@entry=0x145ee0014c20, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.6_dbg/sql/sql_select.cc:417
 
#24 0x0000563e5da0519d in execute_sqlcom_select (thd=thd@entry=0x145ee0000db8, all_tables=0x145ee0013080) at /test/10.6_dbg/sql/sql_parse.cc:6116
 
#25 0x0000563e5da11c7c in mysql_execute_command (thd=thd@entry=0x145ee0000db8) at /test/10.6_dbg/sql/sql_parse.cc:3820
 
#26 0x0000563e5d9fe072 in mysql_parse (thd=thd@entry=0x145ee0000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x145f201ac3d0) at /test/10.6_dbg/sql/sql_parse.cc:7881
 
#27 0x0000563e5da0c1ec in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x145ee0000db8, packet=packet@entry=0x145ee0008d39 "SELECT event_name, created, last_altered FROM information_schema.events", packet_length=packet_length@entry=71) at /test/10.6_dbg/sql/sql_class.h:1293
 
#28 0x0000563e5da0f52d in do_command (thd=0x145ee0000db8) at /test/10.6_dbg/sql/sql_parse.cc:1348
 
#29 0x0000563e5db6b7fc in do_handle_one_connection (connect=<optimized out>, connect@entry=0x563e60256998, put_in_cache=put_in_cache@entry=true) at /test/10.6_dbg/sql/sql_connect.cc:1410
 
#30 0x0000563e5db6bf03 in handle_one_connection (arg=arg@entry=0x563e60256998) at /test/10.6_dbg/sql/sql_connect.cc:1312
 
#31 0x0000563e5e02188f in pfs_spawn_thread (arg=0x563e601a2898) at /test/10.6_dbg/storage/perfschema/pfs.cc:2201
 
#32 0x0000145f3513b609 in start_thread (arg=<optimized out>) at pthread_create.c:477
 
#33 0x0000145f34d2a293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Bug confirmed present in:
MariaDB: 10.5.9 (dbg), 10.6.0 (dbg)

Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.2.37 (dbg), 10.2.37 (opt), 10.3.28 (dbg), 10.3.28 (opt), 10.4.18 (dbg), 10.4.18 (opt), 10.5.9 (opt), 10.6.0 (opt)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.50 (dbg), 5.6.50 (opt), 5.7.32 (dbg), 5.7.32 (opt), 8.0.22 (dbg), 8.0.22 (opt)

Comment by Roel Van de Paar [ 2021-01-02 ] 

SET SESSION sql_buffer_result = 1;
 
SET @@session.sql_mode = NO_ZERO_IN_DATE;
 
SELECT event_name, created, last_altered FROM information_schema.events;

Also crashes

Comment by Roel Van de Paar [ 2021-06-28 ]

Minimal testcase

SET sql_buffer_result=1;
 
SET sql_mode=traditional;
 
SELECT created FROM information_schema.events;

Comment by Roel Van de Paar [ 2021-10-14 ]

On debug 10.6/10.7:

SET @@sql_mode='no_zero_date';
 
SELECT * FROM sys.innodb_lock_waits;

Leads to:

10.7.1 b4911f5a34f8dcfb642c6f14535bc9d5d97ade44 (Debug)

 
mysqld: /test/10.7_dbg/sql/compat56.cc:271: void TIME_from_longlong_datetime_packed(MYSQL_TIME*, longlong): Assertion `tmp != ((long long) 0x8000000000000000LL)' failed.

10.7.1 b4911f5a34f8dcfb642c6f14535bc9d5d97ade44 (Debug)

 
Core was generated by `/test/MD141021-mariadb-10.7.1-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
 
Program terminated with signal SIGABRT, Aborted.
 
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
 
[Current thread is 1 (Thread 0x153c8c066700 (LWP 1782690))]
 
(gdb) bt
 
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
 
#1  0x0000153c8cee9859 in __GI_abort () at abort.c:79
 
#2  0x0000153c8cee9729 in __assert_fail_base (fmt=0x153c8d07f588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x55b4e107a6f8 "tmp != ((long long) 0x8", '0' <repeats 15 times>, "LL)", file=0x55b4e107a4e8 "/test/10.7_dbg/sql/compat56.cc", line=271, function=<optimized out>) at assert.c:92
 
#3  0x0000153c8cefaf36 in __GI___assert_fail (assertion=assertion@entry=0x55b4e107a6f8 "tmp != ((long long) 0x8", '0' <repeats 15 times>, "LL)", file=file@entry=0x55b4e107a4e8 "/test/10.7_dbg/sql/compat56.cc", line=line@entry=271, function=function@entry=0x55b4e107a6b8 "void TIME_from_longlong_datetime_packed(MYSQL_TIME*, longlong)") at assert.c:101
 
#4  0x000055b4e05144fe in TIME_from_longlong_datetime_packed (ltime=ltime@entry=0x153c8c064080, tmp=tmp@entry=-9223372036854775808) at /test/10.7_dbg/sql/compat56.cc:271
 
#5  0x000055b4e052448b in Field_datetimef::get_TIME (this=<optimized out>, ltime=0x153c8c064080, pos=0x153c4003d4fa "", fuzzydate={m_mode = date_mode_t::CONV_NONE}) at /test/10.7_dbg/sql/field.cc:7122
 
#6  0x000055b4e0544719 in Field_datetimef::get_date (this=<optimized out>, ltime=<optimized out>, fuzzydate=<optimized out>) at /test/10.7_dbg/sql/field.h:3930
 
#7  0x000055b4e053ef80 in Field_temporal::save_in_field (this=0x153c40039520, to=0x153c4015d5b8) at /test/10.7_dbg/sql/sql_basic_types.h:281
 
#8  0x000055b4e03b3d47 in Field::store_field (this=<optimized out>, from=<optimized out>) at /test/10.7_dbg/sql/field.h:908
 
#9  0x000055b4e0544f1e in field_conv_incompatible (to=to@entry=0x153c4015d5b8, from=from@entry=0x153c40039520) at /test/10.7_dbg/sql/field_conv.cc:850
 
#10 0x000055b4e05464bf in field_conv (to=to@entry=0x153c4015d5b8, from=from@entry=0x153c40039520) at /test/10.7_dbg/sql/field_conv.cc:861
 
#11 0x000055b4e02c2f4e in Create_tmp_table::finalize (this=this@entry=0x153c8c064230, thd=thd@entry=0x153c40000db8, table=table@entry=0x153c4015b3f0, param=param@entry=0x153c40155b70, do_not_open=do_not_open@entry=true, keep_row_order=keep_row_order@entry=false) at /test/10.7_dbg/sql/sql_select.cc:19239
 
#12 0x000055b4e02c3b54 in create_tmp_table (thd=0x153c40000db8, param=0x153c40155b70, fields=@0x153c400aded8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x153c400174c8, last = 0x153c40024598, elements = 26}, <No data fields>}, group=group@entry=0x0, distinct=distinct@entry=false, save_sum_fields=save_sum_fields@entry=false, select_options=2201707875072, rows_limit=18446744073709551615, table_alias=0x55b4e164ad40 <empty_clex_str>, do_not_open=true, keep_row_order=false) at /test/10.7_dbg/sql/sql_select.cc:19614
 
#13 0x000055b4e02d3ba5 in JOIN::create_postjoin_aggr_table (this=this@entry=0x153c400adb80, tab=tab@entry=0x153c401545d0, table_fields=table_fields@entry=0x153c400aded8, table_group=0x0, save_sum_fields=<optimized out>, distinct=distinct@entry=false, keep_row_order=false) at /test/10.7_dbg/sql/sql_select.cc:4010
 
#14 0x000055b4e02d4e0c in JOIN::make_aggr_tables_info (this=this@entry=0x153c400adb80) at /test/10.7_dbg/sql/sql_select.cc:3589
 
#15 0x000055b4e02e80b6 in JOIN::optimize_stage2 (this=this@entry=0x153c400adb80) at /test/10.7_dbg/sql/sql_select.cc:3225
 
#16 0x000055b4e02e9d43 in JOIN::optimize_inner (this=this@entry=0x153c400adb80) at /test/10.7_dbg/sql/sql_select.cc:2479
 
#17 0x000055b4e02e9f4e in JOIN::optimize (this=this@entry=0x153c400adb80) at /test/10.7_dbg/sql/sql_select.cc:1809
 
#18 0x000055b4e01fc327 in mysql_derived_optimize (thd=0x153c40000db8, lex=0x153c40005048, derived=0x153c40014318) at /test/10.7_dbg/sql/sql_derived.cc:1064
 
#19 0x000055b4e01fb96e in mysql_handle_single_derived (lex=0x153c40005048, derived=derived@entry=0x153c40014318, phases=phases@entry=4) at /test/10.7_dbg/sql/sql_derived.cc:200
 
#20 0x000055b4e02e9dc1 in JOIN::optimize_inner (this=this@entry=0x153c400ad4f0) at /test/10.7_dbg/sql/sql_select.cc:2285
 
#21 0x000055b4e02e9f4e in JOIN::optimize (this=this@entry=0x153c400ad4f0) at /test/10.7_dbg/sql/sql_select.cc:1809
 
#22 0x000055b4e02ea5d3 in mysql_select (thd=thd@entry=0x153c40000db8, tables=0x153c40014318, fields=@0x153c40013fb8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x153c400142a8, last = 0x153c40149280, elements = 26}, <No data fields>}, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x153c400ad4c8, unit=0x153c40005110, select_lex=0x153c40013d18) at /test/10.7_dbg/sql/sql_select.cc:4978
 
#23 0x000055b4e02ea8d7 in handle_select (thd=thd@entry=0x153c40000db8, lex=lex@entry=0x153c40005048, result=result@entry=0x153c400ad4c8, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.7_dbg/sql/sql_select.cc:545
 
#24 0x000055b4e024bab8 in execute_sqlcom_select (thd=thd@entry=0x153c40000db8, all_tables=0x153c40014318) at /test/10.7_dbg/sql/sql_parse.cc:6253
 
#25 0x000055b4e0258b69 in mysql_execute_command (thd=thd@entry=0x153c40000db8, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.7_dbg/sql/sql_parse.cc:3944
 
#26 0x000055b4e0244caa in mysql_parse (thd=thd@entry=0x153c40000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x153c8c065400) at /test/10.7_dbg/sql/sql_parse.cc:8028
 
#27 0x000055b4e0253945 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x153c40000db8, packet=packet@entry=0x153c4000b729 "SELECT * FROM sys.innodb_lock_waits", packet_length=packet_length@entry=35, blocking=blocking@entry=true) at /test/10.7_dbg/sql/sql_class.h:1358
 
#28 0x000055b4e0256d86 in do_command (thd=0x153c40000db8, blocking=blocking@entry=true) at /test/10.7_dbg/sql/sql_parse.cc:1402
 
#29 0x000055b4e03cda36 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55b4e42667a8, put_in_cache=put_in_cache@entry=true) at /test/10.7_dbg/sql/sql_connect.cc:1418
 
#30 0x000055b4e03ce03b in handle_one_connection (arg=arg@entry=0x55b4e42667a8) at /test/10.7_dbg/sql/sql_connect.cc:1312
 
#31 0x000055b4e084d008 in pfs_spawn_thread (arg=0x55b4e4157fe8) at /test/10.7_dbg/storage/perfschema/pfs.cc:2201
 
#32 0x0000153c8d3f8609 in start_thread (arg=<optimized out>) at pthread_create.c:477
 
#33 0x0000153c8cfe6293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Bug confirmed present in:
MariaDB: 10.6.5 (dbg), 10.7.1 (dbg)

Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.2.41 (dbg), 10.2.41 (opt), 10.3.32 (dbg), 10.3.32 (opt), 10.4.22 (dbg), 10.4.22 (opt), 10.5.13 (dbg), 10.5.13 (opt), 10.6.5 (opt), 10.7.1 (opt)

And an optimized (same testcase, UB+ASAN build):

10.7.1 8dd4794c4e11b8790fadf0c203bcd118e7b755e8 (Optimized)

 
/test/10.7_opt_san/sql/compat56.cc:274:8: runtime error: negation of -9223372036854775808 cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself

10.7.1 8dd4794c4e11b8790fadf0c203bcd118e7b755e8 (Optimized)

 
    #0 0x564b783ef930 in TIME_from_longlong_datetime_packed(st_mysql_time*, long long) /test/10.7_opt_san/sql/compat56.cc:274
 
    #1 0x564b7844f2fc in Field_datetimef::get_TIME(st_mysql_time*, unsigned char const*, date_mode_t) const /test/10.7_opt_san/sql/field.cc:7122
 
    #2 0x564b7851774b in Field_temporal::save_in_field(Field*) /test/10.7_opt_san/sql/field.h:3063
 
    #3 0x564b773f7761 in Create_tmp_table::finalize(THD*, TABLE*, TMP_TABLE_PARAM*, bool, bool) /test/10.7_opt_san/sql/sql_select.cc:19238
 
    #4 0x564b77401fd9 in create_tmp_table(THD*, TMP_TABLE_PARAM*, List<Item>&, st_order*, bool, bool, unsigned long long, unsigned long long, st_mysql_const_lex_string const*, bool, bool) /test/10.7_opt_san/sql/sql_select.cc:19615
 
    #5 0x564b774470b1 in JOIN::create_postjoin_aggr_table(st_join_table*, List<Item>*, st_order*, bool, bool, bool) /test/10.7_opt_san/sql/sql_select.cc:4010
 
    #6 0x564b7744b3e6 in JOIN::make_aggr_tables_info() /test/10.7_opt_san/sql/sql_select.cc:3589
 
    #7 0x564b774e2a65 in JOIN::optimize_stage2() /test/10.7_opt_san/sql/sql_select.cc:3225
 
    #8 0x564b774f5ee9 in JOIN::optimize_inner() /test/10.7_opt_san/sql/sql_select.cc:2479
 
    #9 0x564b7750e6df in JOIN::optimize() /test/10.7_opt_san/sql/sql_select.cc:1809
 
    #10 0x564b76efe0e5 in mysql_derived_optimize /test/10.7_opt_san/sql/sql_derived.cc:1064
 
    #11 0x564b76efa2c7 in mysql_handle_single_derived(LEX*, TABLE_LIST*, unsigned int) /test/10.7_opt_san/sql/sql_derived.cc:200
 
    #12 0x564b774f59ac in JOIN::optimize_inner() /test/10.7_opt_san/sql/sql_select.cc:2285
 
    #13 0x564b7750e6df in JOIN::optimize() /test/10.7_opt_san/sql/sql_select.cc:1809
 
    #14 0x564b7751d413 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/10.7_opt_san/sql/sql_select.cc:4977
 
    #15 0x564b775215b3 in handle_select(THD*, LEX*, select_result*, unsigned long) /test/10.7_opt_san/sql/sql_select.cc:545
 
    #16 0x564b7715df4f in execute_sqlcom_select /test/10.7_opt_san/sql/sql_parse.cc:6253
 
    #17 0x564b7719da53 in mysql_execute_command(THD*, bool) /test/10.7_opt_san/sql/sql_parse.cc:3944
 
    #18 0x564b7712dfe8 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/10.7_opt_san/sql/sql_parse.cc:8028
 
    #19 0x564b77183655 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/10.7_opt_san/sql/sql_parse.cc:1894
 
    #20 0x564b7718ee52 in do_command(THD*, bool) /test/10.7_opt_san/sql/sql_parse.cc:1402
 
    #21 0x564b77a3a7bd in do_handle_one_connection(CONNECT*, bool) /test/10.7_opt_san/sql/sql_connect.cc:1418
 
    #22 0x564b77a3d2b4 in handle_one_connection /test/10.7_opt_san/sql/sql_connect.cc:1312
 
    #23 0x564b79a05ce1 in pfs_spawn_thread /test/10.7_opt_san/storage/perfschema/pfs.cc:2201
 
    #24 0x1469de8bb608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477
 
    #25 0x1469ddb31292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)

Setup:

Compiled with GCC >=7.5.0 (I use GCC 9.3.0) and:
 
    -DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWITH_RAPID=OFF -DWSREP_LIB_WITH_ASAN=ON
 
Set before execution:
 
    export UBSAN_OPTIONS=print_stacktrace=1

Bug confirmed present in:
MariaDB: 10.6.5 (opt), 10.7.1 (opt)

Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.2.41 (dbg), 10.2.41 (opt), 10.3.32 (dbg), 10.3.32 (opt), 10.4.22 (dbg), 10.4.22 (opt), 10.5.13 (dbg), 10.5.13 (opt), 10.6.5 (dbg), 10.7.1 (dbg)

10.5.13 4eb7217ec33fef8d23f2dda0c97b442508c81b1d (Debug)

 
10.5.13-dbg>SELECT * FROM sys.innodb_lock_waits;
 
ERROR 1146 (42S02): Table 'sys.innodb_lock_waits' doesn't exist

Comment by Sergei Golubchik [ 2022-03-24 ]

This is likely a duplicate of MDEV-27673 (queries on I_S tables) and MDEV-26507 (queries on sys schema)

Comment by Roel Van de Paar [ 2022-05-07 ]

Confirmed. Tested on a new build of 10.7 today and no crash was observed.

10.7.4 56fd0d7b0613be431b287cff37f0f20d41f9f153 (Debug)

 
10.7.4-dbg>SET SESSION sql_mode='NO_ZERO_DATE';
 
Query OK, 0 rows affected (0.000 sec)
 
 
 
10.7.4-dbg>SET SESSION sql_buffer_result=ON;
 
Query OK, 0 rows affected (0.000 sec)
 
 
 
10.7.4-dbg>SELECT CREATED INTO @c FROM information_schema.routines WHERE routine_schema='test' AND routine_name='a';
 
Query OK, 0 rows affected, 1 warning (0.003 sec)
 
 
 
10.7.4-dbg>SHOW WARNINGS;
 
+---------+------+-----------------------------------------------------+
 
| Level   | Code | Message                                             |
 
+---------+------+-----------------------------------------------------+
 
| Warning | 1329 | No data - zero rows fetched, selected, or processed |
 
+---------+------+-----------------------------------------------------+
 
1 row in set (0.000 sec)
 
 
 
10.7.4-dbg>SELECT CREATED FROM information_schema.routines WHERE routine_schema='test' AND routine_name='a';
 
Empty set (0.004 sec)

All other testcases passed as well. Also tested 10.9 with same outcome. Closing bug.

Generated at Thu Feb 08 09:30:32 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.