[#MDEV-28621] eliminated subquery: Server crash in /sql/item_subselect.cc:766: virtual bool Item

[MDEV-28621] eliminated subquery: Server crash in /sql/item_subselect.cc:766: virtual bool Item_subselect::exec() Created: 2022-05-19 Updated: 2023-12-28
Status:	Confirmed
Project:	MariaDB Server
Component/s:	None
Affects Version/s:	10.3.35, 10.3, 10.4, 10.5, 10.6, 10.7, 10.8, 10.9, 10.10, 10.11, 11.4
Fix Version/s:	10.4, 10.5, 10.6, 10.11, 11.0, 11.1, 11.2, 11.3, 11.4

Type:

Bug

Priority:

Critical

Reporter:

Shihao Wen

Assignee:

Rex Johnston

Resolution:

Unresolved

Votes:

Labels:

fuzzer

Environment:

ubuntu 18.04

Attachments:

336_stack

Issue Links:

Duplicate
is duplicated by	~~MDEV-32309~~	Server crashes at Item_subselect::is_...	Closed
is duplicated by	~~MDEV-32311~~	Server crashes at st_select_lex_unit:...	Closed
is duplicated by	~~MDEV-32390~~	Segmentation fault at /mariadb-11.3.0...	Closed
is duplicated by	~~MDEV-32391~~	Segmentation fault at /mariadb-11.3.0...	Closed
is duplicated by	~~MDEV-32425~~	Segmentation fault at /mariadb-11.3.0...	Closed
is duplicated by	~~MDEV-33126~~	virtual bool Item_subselect::exec(): ...	Closed
PartOf
Relates
relates to	~~MDEV-24898~~	Server crashes in st_select_lex::next...	Closed
relates to	~~MDEV-28437~~	Assertion `!eliminated' failed in Ite...	Closed
relates to	MDEV-28620	Server crash in /sql/item_subselect.c...	Confirmed
relates to	MDEV-29411	SIGSEGV's st_select_lex_unit::set_lim...	Confirmed

Description

poc:

CREATE TABLE v1169 ( v1170 FLOAT NOT NULL ) ;

 INSERT INTO v1169 ( v1170 ) VALUES ( 40 ) ;

 UPDATE v1169 SET v1170 = -2147483648 WHERE v1170 = 5 ;

 INSERT INTO v1169 ( v1170 ) VALUES ( -128 ) , ( 52 ) ;

 WITH v1172 AS ( SELECT v1170 FROM ( SELECT v1170 FROM v1169 GROUP BY v1170 ) AS v1171 ) SELECT v1170 FROM v1172 WHERE v1170 BETWEEN FALSE AND ( ( ( v1170 OR NOT v1170 ) BETWEEN ( ( ( NOT ( ( 90778113.000000 ^ 90656932.000000 AND ( v1170 NOT IN ( NOT ( NOT ( 'x' = TRUE AND v1170 = 61 ) ) ) AND v1170 IN ( ( SELECT v1170 FROM v1169 WHERE ( FALSE <= -128 BETWEEN 10 AND 34 , v1170 ) IN ( WITH v1176 AS ( SELECT v1174 FROM ( SELECT ( SELECT v1170 FROM ( SELECT ( v1170 NOT IN ( 11097710.000000 , 12206111.000000 NOT BETWEEN 'x' AND 'x' ) AND v1170 NOT IN ( 2147483647 % v1170 ) ) , CASE WHEN v1170 % 30004927.000000 THEN 'x' ELSE v1170 END / 46 FROM v1169 UNION SELECT v1170 , v1170 FROM v1169 ) AS v1173 ) * 0 AS v1174 FROM v1169 ) AS v1175 ) SELECT ( v1174 NOT IN ( ( NOT ( 'x' / v1174 = v1174 + CASE v1174 WHEN 0 THEN v1174 ELSE ( WITH RECURSIVE v1177 ( v1178 ) AS ( SELECT v1170 FROM v1169 ) SELECT 81155100.000000 AS v1179 FROM v1177 ORDER BY v1178 DESC LIMIT 1 OFFSET 1 ) - 0 END AND v1174 = 'x' ) ) IS NULL ) AND v1174 NOT IN ( 33 ^ v1174 ) ) , v1174 + v1174 FROM v1176 GROUP BY v1174 ) ) * 2147483647 ) ) = -32768 ) * NULL ) ) ) ) AND 719937.000000 ) ) ;

output:
mysqld: /sql/item_subselect.cc:766: virtual bool Item_subselect::exec(): Assertion `!eliminated' failed.

The full error log is in the attachment.

Comments

Comment by Daniel Black [ 2022-05-19 ]

Confirmed on 10.3.35+c9b5a05341d7342db5f369493ea200b5fb9db243 . UPDATE not needed.

Comment by Alice Sherepa [ 2022-05-25 ]

repeatable on 10.2-10.9 with InnoDB/Myisam

CREATE TABLE t1 (i int) ;

INSERT INTO t1 VALUES (1),(2),(3);

SELECT 1 FROM t1

WHERE i in

(	SELECT  a+1

	FROM

 	(SELECT (SELECT i FROM (SELECT 1 FROM t1) dt) AS a FROM t1) dt2

 	GROUP BY a

);

10.3 7d3d3838c1b8af98a9704
mysqld: /10.3/src/sql/item_subselect.cc:766: virtual bool Item_subselect::exec(): Assertion `!eliminated' failed.
220525 10:31:53 [ERROR] mysqld got signal 6 ;

Server version: 10.3.36-MariaDB-debug-log

mysys/stacktrace.c:174(my_print_stacktrace)[0x556ab37f6af1]
sql/signal_handler.cc:221(handle_fatal_signal)[0x556ab2453742]
sql/item_subselect.cc:768(Item_subselect::exec())[0x556ab266b6fa]
sql/item_subselect.cc:1415(Item_singlerow_subselect::val_int())[0x556ab2671c77]
sql/item.cc:8646(Item_direct_ref::val_int())[0x556ab24e403f]
sql/item.h:5434(Item_direct_view_ref::val_int())[0x556ab250269b]
sql/item_func.cc:1212(Item_func_plus::int_op())[0x556ab25a4a4d]
sql/item_func.h:510(Item_func_hybrid_field_type::val_int_from_int_op())[0x556ab2204b98]
sql/sql_type.cc:3537(Type_handler_int_result::Item_func_hybrid_field_type_val_int(Item_func_hybrid_field_type*) const)[0x556ab21ee3f8]
sql/item_func.h:574(Item_func_hybrid_field_type::val_int())[0x556ab1ca2433]
sql/item.h:1629(Item::update_null_value())[0x556ab1a48bdc]
sql/item_func.h:185(Item_func::is_null())[0x556ab1bf8935]
sql/sql_select.cc:11811(end_sj_materialize(JOIN, st_join_table, bool))[0x556ab1ddb06f]
sql/sql_select.cc:20112(evaluate_join_record(JOIN, st_join_table, int))[0x556ab1e145b1]
sql/sql_select.cc:19885(sub_select(JOIN, st_join_table, bool))[0x556ab1e12ec9]
sql/opt_subselect.cc:5445(join_tab_execution_startup(st_join_table*))[0x556ab2189e25]
sql/sql_select.cc:19874(sub_select(JOIN, st_join_table, bool))[0x556ab1e12bc9]
sql/sql_select.cc:20112(evaluate_join_record(JOIN, st_join_table, int))[0x556ab1e145b1]
sql/sql_select.cc:19885(sub_select(JOIN, st_join_table, bool))[0x556ab1e12ec9]
sql/sql_select.cc:19423(do_select(JOIN, Procedure))[0x556ab1e10e88]
sql/sql_select.cc:4151(JOIN::exec_inner())[0x556ab1da3a6d]
sql/sql_select.cc:3946(JOIN::exec())[0x556ab1da13ea]
sql/sql_select.cc:4356(mysql_select(THD, TABLE_LIST, unsigned int, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex))[0x556ab1da4ee8]
sql/sql_select.cc:372(handle_select(THD, LEX, select_result*, unsigned long))[0x556ab1d7b449]
sql/sql_parse.cc:6339(execute_sqlcom_select(THD, TABLE_LIST))[0x556ab1cec191]
sql/sql_parse.cc:3870(mysql_execute_command(THD*))[0x556ab1cda1cc]
sql/sql_parse.cc:7870(mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool))[0x556ab1cf5eee]
sql/sql_parse.cc:1855(dispatch_command(enum_server_command, THD, char, unsigned int, bool, bool))[0x556ab1cccdcb]
sql/sql_parse.cc:1398(do_command(THD*))[0x556ab1cc990e]
sql/sql_connect.cc:1403(do_handle_one_connection(CONNECT*))[0x556ab209cef1]
sql/sql_connect.cc:1309(handle_one_connection)[0x556ab209c7ab]
perfschema/pfs.cc:1871(pfs_spawn_thread)[0x556ab36cc209]
nptl/pthread_create.c:478(start_thread)[0x7f794b8a2609]

220525  8:33:56 [ERROR] mysqld got signal 11 ;

Server version: 10.5.16-MariaDB

sql/signal_handler.cc:225(handle_fatal_signal)[0x55b05562d287]

sigaction.c:0(__restore_rt)[0x7f3cf0d17630]

sql/sql_lex.cc:3409(st_select_lex::get_offset())[0x55b0553f3f10]

sql/sql_lex.cc:4187(st_select_lex_unit::set_limit(st_select_lex*))[0x55b0553f5f6b]

sql/item_subselect.cc:4013(subselect_single_select_engine::exec())[0x55b0556e7c17]

sql/item_subselect.cc:842(Item_subselect::exec())[0x55b0556e640a]

sql/item_subselect.cc:1461(Item_singlerow_subselect::val_int())[0x55b0556e6c6e]

sql/item.cc:8571(Item_direct_ref::val_int())[0x55b05564225f]

sql/item_func.cc:1114(Item_func_plus::int_op())[0x55b05569f77d]

sql/item_func.h:185(Item_func::is_null())[0x55b0553d4075]

sql/sql_select.cc:12638(end_sj_materialize(JOIN*, st_join_table*, bool))[0x55b05545a449]

sql/sql_class.h:4115(THD::get_stmt_da())[0x55b05544badb]

sql/sql_select.cc:20929(sub_select(JOIN*, st_join_table*, bool))[0x55b05545121f]

sql/opt_subselect.cc:5677(join_tab_execution_startup(st_join_table*))[0x55b0555559a1]

sql/sql_select.cc:20905(sub_select(JOIN*, st_join_table*, bool))[0x55b0554511ad]

sql/sql_class.h:4115(THD::get_stmt_da())[0x55b05544badb]

sql/sql_select.cc:20929(sub_select(JOIN*, st_join_table*, bool))[0x55b05545121f]

sql/sql_select.cc:20454(do_select)[0x55b0554806d7]

sql/sql_select.cc:4321(JOIN::exec())[0x55b055480a83]

sql/sql_select.cc:4799(mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x55b05547e9ee]

sql/sql_select.cc:456(handle_select(THD*, LEX*, select_result*, unsigned long))[0x55b05547f5aa]

sql/sql_parse.cc:6315(execute_sqlcom_select(THD*, TABLE_LIST*))[0x55b0552decfd]

sql/sql_parse.cc:4005(mysql_execute_command(THD*))[0x55b055422c9e]

sql/sql_parse.cc:8100(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x55b05542540c]

sql/sql_audit.h:169(mysql_audit_general)[0x55b0554283a4]

sql/sql_parse.cc:1376(do_command(THD*))[0x55b055429c97]

sql/sql_connect.cc:1418(do_handle_one_connection(CONNECT*, bool))[0x55b055517082]

sql/sql_connect.cc:1318(handle_one_connection)[0x55b055517354]

perfschema/pfs.cc:2204(pfs_spawn_thread)[0x55b0558ae137]

pthread_create.c:0(start_thread)[0x7f3cf0d0fea5]

??:0(__clone)[0x7f3cf022ab0d]

Query (0x7f3cb8010ae0): SELECT 1 FROM t1

WHERE i in

(SELECT  a+1

FROM

 (SELECT (SELECT i FROM (SELECT 1 FROM t1) dt) AS a FROM t1) dt2

 GROUP BY a

Comment by Alice Sherepa [ 2022-05-25 ]

~ ~~MDEV-24898~~

CREATE TABLE t1 (i int) ;

INSERT INTO t1 VALUES (1),(2),(3);

SELECT 1 FROM t1

WHERE i in

(	SELECT  a+1

	FROM

 	(SELECT (SELECT 1 FROM t1) AS a FROM t1) dt2

 	GROUP BY a

);

10.3 7d3d3838c1b8af98a9704
220525 10:37:18 [ERROR] mysqld got signal 11 ;

Server version: 10.3.36-MariaDB-debug-log

sql/signal_handler.cc:221(handle_fatal_signal)[0x564d33492742]
sql/sql_lex.h:1201(st_select_lex::next_select())[0x564d32c5c3e3]
sql/item_subselect.cc:610(Item_subselect::is_expensive())[0x564d336a90ed]
sql/item_subselect.h:256(Item_subselect::is_expensive_processor(void*))[0x564d336e3ab2]
sql/item_subselect.cc:756(Item_subselect::walk(bool (Item::)(void), bool, void*))[0x564d336aa394]
sql/item.h:5398(Item_direct_view_ref::walk(bool (Item::)(void), bool, void*))[0x564d335412cb]
sql/item.h:2278(Item_args::walk_args(bool (Item::)(void), bool, void*))[0x564d32bca77d]
sql/item.h:4825(Item_func_or_sum::walk(bool (Item::)(void), bool, void*))[0x564d32bcb67a]
sql/item.h:2080(Item::is_expensive())[0x564d32a88e46]
sql/sql_select.cc:14085(check_simple_equality(THD, Value_source::Context const&, Item, Item, COND_EQUAL))[0x564d32e2960a]
sql/sql_select.cc:14309(Item_func_eq::check_equality(THD, COND_EQUAL, List<Item>*))[0x564d32e2ac2a]
sql/sql_select.cc:14413(Item_cond_and::build_equal_items(THD, COND_EQUAL, bool, COND_EQUAL**))[0x564d32e2afdf]
sql/sql_select.cc:14695(build_equal_items(JOIN, Item, COND_EQUAL, List<TABLE_LIST>, bool, COND_EQUAL**, bool))[0x564d32e2d0d4]
sql/sql_select.cc:16341(optimize_cond(JOIN, Item, List<TABLE_LIST>, bool, Item::cond_result, COND_EQUAL**, int))[0x564d32e3684e]
sql/sql_select.cc:1764(JOIN::optimize_inner())[0x564d32dc9395]
sql/sql_select.cc:1519(JOIN::optimize())[0x564d32dc68b9]
sql/sql_select.cc:4340(mysql_select(THD, TABLE_LIST, unsigned int, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex))[0x564d32de3cf7]
sql/sql_select.cc:372(handle_select(THD, LEX, select_result*, unsigned long))[0x564d32dba449]
sql/sql_parse.cc:6339(execute_sqlcom_select(THD, TABLE_LIST))[0x564d32d2b191]
sql/sql_parse.cc:3870(mysql_execute_command(THD*))[0x564d32d191cc]
sql/sql_parse.cc:7870(mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool))[0x564d32d34eee]
sql/sql_parse.cc:1855(dispatch_command(enum_server_command, THD, char, unsigned int, bool, bool))[0x564d32d0bdcb]
sql/sql_parse.cc:1398(do_command(THD*))[0x564d32d0890e]
sql/sql_connect.cc:1403(do_handle_one_connection(CONNECT*))[0x564d330dbef1]
sql/sql_connect.cc:1309(handle_one_connection)[0x564d330db7ab]
perfschema/pfs.cc:1871(pfs_spawn_thread)[0x564d3470b209]
nptl/pthread_create.c:478(start_thread)[0x7f0ff2910609]
addr2line: DWARF error: section .debug_info is larger than its filesize! (0x93ef57 vs 0x530ea0)
/lib/x86_64-linux-gnu/libc.so.6(clone+0x43)[0x7f0ff2833133]

Query (0x62b000000290): SELECT 1 FROM t1
WHERE i in
( SELECT a+1
FROM
(SELECT (SELECT 1 FROM t1) AS a FROM t1) dt2
GROUP BY a
)

Comment by Rex Johnston [ 2023-06-27 ]

This/these queries undergo a series of optimizations resulting in the eliminated flag being set in subqueries.

Will be fixed in MDEV-28622.

Comment by Alice Sherepa [ 2023-10-03 ]

Test case from ~~MDEV-32311~~

SELECT ( ( WITH x ( x ) AS ( SELECT ( SELECT 'x' UNION SELECT 'x' ) FROM ( SELECT ( 'x' ) ) x ) SELECT x FROM x WHERE x IN ( ( SELECT 'x' AND x GROUP BY x ) ) ) ) ;

Version: '10.4.32-MariaDB-debug-log'

mysqld: /10.4/src/sql/item_subselect.cc:733: virtual bool Item_subselect::exec(): Assertion `!eliminated' failed.

231003 15:33:13 [ERROR] mysqld got signal 6 ;

Server version: 10.4.32-MariaDB-debug-log source revision: 50a2e8b1892b6b8a276d4bd75a1a02148f9e6ff2

/lib/x86_64-linux-gnu/libc.so.6(+0x22729)[0x7fba7d088729]

/lib/x86_64-linux-gnu/libc.so.6(+0x33fd6)[0x7fba7d099fd6]

sql/item_subselect.cc:735(Item_subselect::exec())[0x5622c94590f0]

sql/item_subselect.cc:1404(Item_singlerow_subselect::val_str(String*))[0x5622c945f991]

sql/item.h:1558(Item::str_result(String*))[0x5622c87a6135]

sql/item.cc:9381(Item_direct_view_ref::str_result(String*))[0x5622c92c60e2]

sql/item.cc:10367(Item_cache_str::cache_value())[0x5622c92cf0ee]

sql/item_cmpfunc.cc:1371(Item_in_optimizer::fix_left(THD*))[0x5622c92fb02e]

sql/item_subselect.cc:3340(Item_in_subselect::select_in_like_transformer(JOIN*))[0x5622c9477bff]

sql/item_subselect.cc:2649(Item_in_subselect::select_transformer(JOIN*))[0x5622c947057f]

sql/opt_subselect.cc:742(check_and_do_in_subquery_rewrites(JOIN*))[0x5622c8f410e4]

sql/sql_select.cc:1434(JOIN::prepare(TABLE_LIST*, unsigned int, Item*, unsigned int, st_order*, bool, st_order*, Item*, st_order*, st_select_lex*, st_select_lex_unit*))[0x5622c8b1947d]

sql/item_subselect.cc:3804(subselect_single_select_engine::prepare(THD*))[0x5622c947c280]

sql/item_subselect.cc:289(Item_subselect::fix_fields(THD*, Item**))[0x5622c9455cd3]

sql/item_subselect.cc:3466(Item_in_subselect::fix_fields(THD*, Item**))[0x5622c9479047]

sql/item.h:966(Item::fix_fields_if_needed(THD*, Item**))[0x5622c87c45cd]

sql/item.h:970(Item::fix_fields_if_needed_for_scalar(THD*, Item**))[0x5622c87c4607]

sql/item.h:975(Item::fix_fields_if_needed_for_bool(THD*, Item**))[0x5622c88fca05]

sql/sql_base.cc:8545(setup_conds(THD*, TABLE_LIST*, List<TABLE_LIST>&, Item**))[0x5622c88f3e94]

sql/sql_select.cc:744(setup_without_group(THD*, Bounds_checked_array<Item*>, TABLE_LIST*, List<TABLE_LIST>&, List<Item>&, List<Item>&, Item**, st_order*, st_order*, List<Window_spec>&, List<Item_window_func>&, bool*))[0x5622c8b10955]

sql/sql_select.cc:1335(JOIN::prepare(TABLE_LIST*, unsigned int, Item*, unsigned int, st_order*, bool, st_order*, Item*, st_order*, st_select_lex*, st_select_lex_unit*))[0x5622c8b180b9]

sql/item_subselect.cc:3804(subselect_single_select_engine::prepare(THD*))[0x5622c947c280]

sql/item_subselect.cc:289(Item_subselect::fix_fields(THD*, Item**))[0x5622c9455cd3]

sql/item.h:966(Item::fix_fields_if_needed(THD*, Item**))[0x5622c87c45cd]

sql/item.h:970(Item::fix_fields_if_needed_for_scalar(THD*, Item**))[0x5622c87c4607]

sql/sql_base.cc:7744(setup_fields(THD*, Bounds_checked_array<Item*>, List<Item>&, enum_column_usage, List<Item>*, List<Item>*, bool))[0x5622c88ede03]

sql/sql_select.cc:1330(JOIN::prepare(TABLE_LIST*, unsigned int, Item*, unsigned int, st_order*, bool, st_order*, Item*, st_order*, st_select_lex*, st_select_lex_unit*))[0x5622c8b17d8d]

sql/sql_select.cc:4789(mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x5622c8b3d98d]

sql/sql_select.cc:442(handle_select(THD*, LEX*, select_result*, unsigned long))[0x5622c8b0e922]

sql/sql_parse.cc:6475(execute_sqlcom_select(THD*, TABLE_LIST*))[0x5622c8a7a72c]

sql/sql_parse.cc:3978(mysql_execute_command(THD*))[0x5622c8a67ea3]

sql/sql_parse.cc:8012(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x5622c8a83c07]

sql/sql_parse.cc:1860(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x5622c8a5a02d]

sql/sql_parse.cc:1378(do_command(THD*))[0x5622c8a56b58]

sql/sql_connect.cc:1420(do_handle_one_connection(CONNECT*))[0x5622c8e647fd]

sql/sql_connect.cc:1325(handle_one_connection)[0x5622c8e640a1]

perfschema/pfs.cc:1871(pfs_spawn_thread)[0x5622c9b0e99a]

nptl/pthread_create.c:478(start_thread)[0x7fba7d5b4609]

Query (0x62b0000a1420): SELECT ( ( WITH x ( x ) AS ( SELECT ( SELECT 'x' UNION SELECT 'x' ) FROM ( SELECT ( 'x' ) ) x ) SELECT x FROM x WHERE x IN ( ( SELECT 'x' AND x GROUP BY x ) ) ) )

test from ~~MDEV-32390~~:

CREATE TABLE t0 ( c43 DECIMAL ( 31 ) DEFAULT ( 45 ) ) ;

INSERT INTO t0 VALUES ( 13 ) , ( 29 ) ;

ALTER TABLE t0 ADD COLUMN c24 INT AFTER c43 ;

INSERT INTO t0 VALUES ( DEFAULT , DEFAULT ) , ( DEFAULT , DEFAULT ) ;

SELECT t1 . c22 AS c9 FROM ( SELECT ( SELECT + EXISTS ( SELECT -128 AS c29 ) << LOCATE ( t0 . c43 , t0 . c24 <= t0 . c24 NOT BETWEEN 4642475734208631537 AND -108 , NULLIF ( 57 , -8 ) SOUNDS LIKE TRIM( TRAILING FROM 6107036197732405580 ) ) - t0 . c43 AS c57 FROM t0 LIMIT 1 ) AS c22 FROM t0 ) AS t1 HAVING TRIM( CASE t1 . c22 WHEN -16 THEN RAND ( ) % HEX ( t1 . c22 ) - SUBSTRING_INDEX ( t1 . c22 , ':A9SEZxtjN,fKN*zR' , 'V*vhJb}&c%Op,[T[S,j`F9NDsK;\'8 4;m"

P,ce}1r"3ID1DN' ) >> NULLIF ( t1 . c22 , -95 ) ELSE -2 END IS TRUE FROM t1 . c22 >= EXISTS ( SELECT t2 . c57 AS c59 FROM ( SELECT CASE c24 WHEN -103 THEN 85 ELSE 22 END IS TRUE AS c57 FROM t0 ) AS t2 WHERE MOD ( 64 , 46 ) = CONVERT ( 73 , BINARY ) % RAND ( ) IS NOT NULL = -65 GROUP BY c57 , c22 , c22 WINDOW w0 AS ( PARTITION BY t2 . c57 ) ) & PI ( ) ) ;

Version: '10.4.32-MariaDB-debug-log'

mysqld: /10.4/src/sql/item_subselect.cc:733: virtual bool Item_subselect::exec(): Assertion `!eliminated' failed.

231010 16:22:18 [ERROR] mysqld got signal 6 ;

Server version: 10.4.32-MariaDB-debug-log source revision: 0c7af6a2a19343cb9d4fedbd7165b8f73bc4cf96

/lib/x86_64-linux-gnu/libc.so.6(+0x33fd6)[0x7f5e60504fd6]

sql/item_subselect.cc:735(Item_subselect::exec())[0x56093e7de89e]

sql/item_subselect.cc:1382(Item_singlerow_subselect::val_int())[0x56093e7e4b9f]

sql/item.h:1557(Item::val_int_result())[0x56093db2b0be]

sql/item.cc:9373(Item_direct_view_ref::val_int_result())[0x56093e64b6a3]

sql/item.cc:8380(Item_ref::val_int())[0x56093e640050]

sql/item_cmpfunc.cc:969(Arg_comparator::compare_int_unsigned())[0x56093e67bc65]

sql/item_cmpfunc.h:104(Arg_comparator::compare())[0x56093e6bd64e]

sql/item_cmpfunc.cc:1821(Item_func_ge::val_int())[0x56093e685867]

sql/item_func.cc:763(Item_int_func::val_str(String*))[0x56093e70a2c6]

sql/item_strfunc.cc:2096(Item_func_trim::val_str(String*))[0x56093e7a6539]

sql/item_strfunc.cc:159(Item_str_func::val_int())[0x56093e79383c]

sql/sql_select.cc:22086(end_send(JOIN*, st_join_table*, bool))[0x56093df3f25e]

sql/sql_select.cc:21129(evaluate_join_record(JOIN*, st_join_table*, int))[0x56093df378b9]

sql/sql_select.cc:20902(sub_select(JOIN*, st_join_table*, bool))[0x56093df361ee]

sql/sql_select.cc:20423(do_select(JOIN*, Procedure*))[0x56093df33f94]

sql/sql_select.cc:4605(JOIN::exec_inner())[0x56093dec1adc]

sql/sql_select.cc:4388(JOIN::exec())[0x56093debf10c]

sql/sql_select.cc:4828(mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x56093dec32e8]

sql/sql_select.cc:442(handle_select(THD*, LEX*, select_result*, unsigned long))[0x56093de93de0]

sql/sql_parse.cc:6475(execute_sqlcom_select(THD*, TABLE_LIST*))[0x56093ddffbe4]

sql/sql_parse.cc:3978(mysql_execute_command(THD*))[0x56093dded35b]

sql/sql_parse.cc:8012(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x56093de090bf]

sql/sql_parse.cc:1860(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x56093dddf4e5]

sql/sql_parse.cc:1378(do_command(THD*))[0x56093dddc010]

sql/sql_connect.cc:1420(do_handle_one_connection(CONNECT*))[0x56093e1e9deb]

sql/sql_connect.cc:1325(handle_one_connection)[0x56093e1e968f]

perfschema/pfs.cc:1871(pfs_spawn_thread)[0x56093ee94274]

nptl/pthread_create.c:478(start_thread)[0x7f5e60a1f609]

Query (0x62b0000a1290): SELECT t1 . c22 AS c9 FROM ( SELECT ( SELECT + EXISTS ( SELECT -128 AS c29 ) << LOCATE ( t0 . c43 , t0 . c24 <= t0 . c24 NOT BETWEEN 4642475734208631537 AND -108 , NULLIF ( 57 , -8 ) SOUNDS LIKE TRIM( TRAILING FROM 6107036197732405580 ) ) - t0 . c43 AS c57 FROM t0 LIMIT 1 ) AS c22 FROM t0 ) AS t1 HAVING TRIM( CASE t1 . c22 WHEN -16 THEN RAND ( ) % HEX ( t1 . c22 ) - SUBSTRING_INDEX ( t1 . c22 , ':A9SEZxtjN,fKN*zR' , 'V*vhJb}&c%Op,[T[S,j`F9NDsK;\'8 4;m"

P,ce}1r"3ID1DN' ) >> NULLIF ( t1 . c22 , -95 ) ELSE -2 END IS TRUE FROM t1 . c22 >= EXISTS ( SELECT t2 . c57 AS c59 FROM ( SELECT CASE c24 WHEN -103 THEN 85 ELSE 22 END IS TRUE AS c57 FROM t0 ) AS t2 WHERE MOD ( 64 , 46 ) = CONVERT ( 73 , BINARY ) % RAND ( ) IS NOT NULL = -65 GROUP BY c57 , c22 , c22 WINDOW w0 AS ( PARTITION BY t2 . c57 ) ) & PI ( ) )

~~MDEV-32309~~

SELECT ( WITH x ( x ) AS ( WITH x ( x ) AS ( SELECT 1 ) SELECT ( SELECT x ) FROM x ) SELECT x FROM x WHERE x IN ( SELECT NULL GROUP BY x ) ) ;

~~MDEV-32391~~

CREATE TABLE t0 ( c15 INT , c33 INT ) engine=innodb;

INSERT INTO t0 ( c15 ) WITH t1 AS ( SELECT SQRT ( 123 ) NOT REGEXP MOD ( 91 , -121 ) = ALL ( SELECT c15 AS c33 FROM t0 ) AS c49 FROM t0 ) SELECT t1 . c49 IS UNKNOWN AS c59 FROM t1 CROSS JOIN t0 AS t2 WHERE t1 . c49 = + EXISTS ( SELECT -5839312620871436105 AS c17 GROUP BY c49 ) BETWEEN -109 AND CHAR_LENGTH ( 2694839150676403988 ) - - LOWER ( -13 ) ;

Generated at Thu Feb 08 10:02:11 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MDEV-28621] eliminated subquery: Server crash in /sql/item_subselect.cc:766: virtual bool Item_subselect::exec() Created: 2022-05-19 Updated: 2023-12-28