[#MDEV-27165] crash in base_list

INSERT INTO

        `adWordsKeywordsStats`

        `keywordId`,

        `date`,

        `clicks`,

        `cost`,

        `conversions`

VALUES

                SELECT

                        `internalKeywordId`

                FROM

                        `webleads_merchantAccounts_adwords`.`adWordsKeywords`

                WHERE

                        `googleKeywordId` = ? AND

                        `accountId` = ? AND

                        `campaignId` =

                                SELECT

                                        `internalCampaignId`

                                FROM

                                        `webleads_merchantAccounts_adwords`.`adWordsCampaigns`

                                WHERE

                                        `googleCampaignId` = ?

                        ) AND

                        `adGroupId` =

                                SELECT

                                        `internalAdGroupId`

                                FROM

                                        `webleads_merchantAccounts_adwords`.`adWordsAdGroups`

                                WHERE

                                        `googleAdGroupId` = ? AND

                                        `campaignId` =

                                                SELECT

                                                        `internalCampaignId`

                                                FROM

                                                        `webleads_merchantAccounts_adwords`.`adWordsCampaigns`

                                                WHERE

                                                        `googleCampaignId` = ?

),

        CURRENT_DATE,

?,

?,

ON DUPLICATE KEY UPDATE

        `clicks` = VALUES(`clicks`),

        `cost` = VALUES(`cost`),

        `conversions` = VALUES(`conversions`)

RETURNING

        `keywordId`

In 10.5.13 CE this crashes, in 10.5.9 EE it just hangs in state "Executing" (although does not happen every time).

Program terminated with signal SIGSEGV, Segmentation fault.

#0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=11) at ../sysdeps/unix/sysv/linux/pthread_kill.c:56

56      ../sysdeps/unix/sysv/linux/pthread_kill.c: No such file or directory.

[Current thread is 1 (Thread 0x7f08b4338700 (LWP 24318))]

(gdb) bt

#0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=11) at ../sysdeps/unix/sysv/linux/pthread_kill.c:56

#1  0x000055beb6f00c1f in my_write_core (sig=sig@entry=11) at ./mysys/stacktrace.c:424

#2  0x000055beb69509c0 in handle_fatal_signal (sig=11) at ./sql/signal_handler.cc:344

#3  <signal handler called>

#4  base_list_iterator::next (this=<synthetic pointer>) at ./sql/sql_list.h:431

#5  List_iterator<TABLE_LIST>::operator++ (this=<synthetic pointer>) at ./sql/sql_list.h:596

#6  st_select_lex::cleanup (this=0x7f088013d2a8) at ./sql/sql_union.cc:2776

#7  0x000055beb6a1b48a in subselect_single_select_engine::prepare (this=0x7f088015b9b8, thd=0x7f08800015f8) at ./sql/item_subselect.cc:3852

#8  0x000055beb6a1ae76 in Item_subselect::fix_fields (this=0x7f088015b810, thd_param=<optimized out>, ref=0x7f088015ba00) at ./sql/item_subselect.cc:291

#9  0x000055beb66d6149 in Item::fix_fields_if_needed (ref=0x7f088015ba00, thd=0x7f08800015f8, this=0x7f088015b810) at ./sql/item.h:986

#10 Item::fix_fields_if_needed (ref=0x7f088015ba00, thd=0x7f08800015f8, this=0x7f088015b810) at ./sql/item.h:986

#11 Item::fix_fields_if_needed_for_scalar (ref=0x7f088015ba00, thd=0x7f08800015f8, this=0x7f088015b810) at ./sql/item.h:992

#12 setup_fields (thd=thd@entry=0x7f08800015f8, ref_pointer_array=..., fields=..., column_usage=column_usage@entry=MARK_COLUMNS_READ, sum_func_list=sum_func_list@entry=0x0, pre_fix=0x0, allow_sum_func=false) at ./sql/sql_base.cc:7650

#13 0x000055beb66ff38d in mysql_prepare_insert (thd=thd@entry=0x7f08800015f8, table_list=table_list@entry=0x7f088013c008, fields=..., values=values@entry=0x7f088013d290, update_fields=..., update_values=..., duplic=DUP_UPDATE,

    where=0x7f08b43368f8, select_insert=false) at ./sql/sql_array.h:38

#14 0x000055beb67059cf in mysql_insert (thd=thd@entry=0x7f08800015f8, table_list=0x7f088013c008, fields=..., values_list=..., update_fields=..., update_values=..., duplic=<optimized out>, ignore=<optimized out>, result=<optimized out>)

    at ./sql/sql_insert.cc:769

#15 0x000055beb674130d in mysql_execute_command (thd=0x7f08800015f8) at ./sql/sql_parse.cc:4624

#16 0x000055beb6755a05 in Prepared_statement::execute (this=0x7f0880162a48, expanded_query=<optimized out>, open_cursor=false) at ./sql/sql_prepare.cc:5065

#17 0x000055beb6755bd9 in Prepared_statement::execute_loop (packet=<optimized out>, packet_end=<optimized out>, open_cursor=<optimized out>, expanded_query=0x7f08b4337220, this=0x7f0880162a48) at ./sql/sql_prepare.cc:4509

#18 Prepared_statement::execute_loop (this=0x7f0880162a48, expanded_query=0x7f08b4337220, open_cursor=<optimized out>, packet=<optimized out>, packet_end=<optimized out>) at ./sql/sql_prepare.cc:4464

#19 0x000055beb6756a95 in mysql_stmt_execute_common (thd=0x7f08800015f8, stmt_id=<optimized out>, packet=0x7f0880008a12 "", packet_end=0x7f0880008a63 "", cursor_flags=0, bulk_op=<optimized out>, read_types=false)

    at ./sql/sql_prepare.cc:3470

#20 0x000055beb6756cd0 in mysqld_stmt_execute (thd=thd@entry=0x7f08800015f8, packet_arg=packet_arg@entry=0x7f0880008a09 "\a", packet_length=packet_length@entry=90) at ./sql/sql_prepare.cc:3244

#21 0x000055beb673d827 in dispatch_command (command=COM_STMT_EXECUTE, thd=0x7f08800015f8, packet=<optimized out>, packet_length=<optimized out>, is_com_multi=<optimized out>, is_next_command=<optimized out>) at ./sql/sql_parse.cc:1815

#22 0x000055beb673f28c in do_command (thd=0x7f08800015f8) at ./sql/sql_parse.cc:1370

#23 0x000055beb6846671 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55beb952aea8, put_in_cache=put_in_cache@entry=true) at ./sql/sql_connect.cc:1418

#24 0x000055beb6846aed in handle_one_connection (arg=arg@entry=0x55beb952aea8) at ./sql/sql_connect.cc:1312

#25 0x000055beb6baa876 in pfs_spawn_thread (arg=0x55beb9558ff8) at ./storage/perfschema/pfs.cc:2201

#26 0x00007f08bef85609 in start_thread (arg=<optimized out>) at pthread_create.c:477

#27 0x00007f08beb73293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

[MDEV-27165] crash in base_list_iterator::next Created: 2021-12-03 Updated: 2023-03-28 Resolved: 2022-10-03
Status:	Closed
Project:	MariaDB Server
Component/s:	Server
Affects Version/s:	10.5.13, 10.5, 10.6, 10.7
Fix Version/s:	10.5.18, 10.6.11, 10.7.7, 10.8.6, 10.9.4, 10.10.2

[MDEV-27165] crash in base_list_iterator::next Created: 2021-12-03 Updated: 2023-03-28 Resolved: 2022-10-03