[#MDEV-31632] Server crashes in Item_field::fix_outer_field place= prev_subselect_item->parsing_place (prev_subselect

query A crash 10.5.22-5f2a77cef1cced322d3a6e6a48f4f4e5480283dc
(gdb) bt -frame-arguments all full
#0 Item_field::fix_outer_field (this=this@entry=0x7fff70016d90, thd=thd@entry=0x7fff70000c68, from_field=from_field@entry=0x7ffff4189100, reference=reference@entry=0x7fff70016f70)
at /home/dan/repos/mariadb-server-10.5/sql/item.cc:5637
prev_subselect_item = 0x0
place = <optimized out>
upward_lookup = true
table_list = 0x0
last_checked_context = 0x7fff70014128
ref = 0x1warning: (Error: pc 0x1 in address map, but not in symtab.)

current_sel = <optimized out>
outer_context = 0x7fff70014128
select = 0x7fff700140d0
field_found = <optimized out>
#1 0x00000000008f7817 in Item_field::fix_fields (this=0x7fff70016d90, thd=0x7fff70000c68, reference=0x7fff70016f70) at /home/dan/repos/mariadb-server-10.5/sql/item.cc:6058
ret = <optimized out>
table_list = <optimized out>
from_field = 0x1warning: (Internal error: pc 0x1 in read in CU, but not in symtab.)
warning: (Error: pc 0x1 in address map, but not in symtab.)

outer_fixed = false
select = 0x7fff70015ed8
#2 0x0000000000938cb4 in Item::fix_fields_if_needed (this=0x7fff70016d90, thd=0x7fff70000c68, ref=0x7fff70016f70) at /home/dan/repos/mariadb-server-10.5/sql/item.h:990
No locals.
#3 Item_func::fix_fields (this=0x7fff70016ed0, thd=0x7fff70000c68, ref=<optimized out>) at /home/dan/repos/mariadb-server-10.5/sql/item_func.cc:355
item = <optimized out>
buff = "\350,\001p\377\177\000\000\000\000\000\000\000\000\000\000\260\221\030\364\377\177\000\000Z߆\000\000\000\000\000h\f\000p\377\177\000\000Й\030\364\377\177\000\000\001\000\000\000\000\000\000\000ȝ\030\364\377\177\000\0000\231\030\364\377\177\000\000'\261x\000\000\000\000\000\001\000\000\000\000\000\000\0008E\001p\377\177\000\000H-\001p\377\177\000\0008-\001p\377\177", '\000' <repeats 18 times>, "8-\001p\377\177\000\000H-\001p\377\177\000\000 \225\030\364\377\177\000\000\000\000\000\000\000\000\000\000\002\000\000\000\000\000\000\000@\001\000\000\000\000\000\000\001", '\000' <repeats 13 times>, "\360?\030e\001p\377\177\000\000\260\201\000\000"...
arg = 0x7fff70016f70
arg_end = <optimized out>
#4 0x00000000006a06e6 in Item::fix_fields_if_needed (this=0x7fff70016ed0, thd=0x7fff70000c68, ref=0x7fff70032290) at /home/dan/repos/mariadb-server-10.5/sql/item.h:990
No locals.
#5 Item::fix_fields_if_needed_for_scalar (this=0x7fff70016ed0, thd=0x7fff70000c68, ref=0x7fff70032290) at /home/dan/repos/mariadb-server-10.5/sql/item.h:994
No locals.
#6 Item::fix_fields_if_needed_for_bool (this=0x7fff70016ed0, thd=0x7fff70000c68, ref=0x7fff70032290) at /home/dan/repos/mariadb-server-10.5/sql/item.h:998
No locals.
#7 setup_conds (thd=0x7fff70000c68, tables=0x7fff70016518, leaves=<optimized out>, conds=conds@entry=0x7fff70032290) at /home/dan/repos/mariadb-server-10.5/sql/sql_base.cc:8476
select_lex = 0x7fff70015ed8
table = <optimized out>
it_is_update = false
save_is_item_list_lookup = true
derived = 0x0
save_resolve_in_select_list = true
#8 0x0000000000723ff7 in setup_without_group (thd=0x4, ref_pointer_array={m_array = 0x7fff700324a0, m_size = 5}, tables=0x7fff70016518,
leaves=@0x7fff70016d88: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x4449, last = 0x10e38a8 <vtable for Item_field+16>, elements = 0}, <No data fields>},
fields=@0x7fff70016040: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x7fff700164d0, last = 0x7fff700164d0, elements = 1}, <No data fields>},
all_fields=@0x7fff700321a8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x7fff700164d0, last = 0x7fff700164d0, elements = 1}, <No data fields>}, conds=0x7fff70032290, order=0x0,
group=0x0, win_specs=@0x7fff70016338: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x169bef0 <end_of_list>, last = 0x7fff70016338, elements = 0}, <No data fields>},
win_funcs=@0x7fff70016350: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x169bef0 <end_of_list>, last = 0x7fff70016350, elements = 0}, <No data fields>},
hidden_group_fields=0x7fff70032167, reserved=0x7fff70016214) at /home/dan/repos/mariadb-server-10.5/sql/sql_select.cc:753
select = 0x7fff70015ed8
save_allow_sum_func = {buffer = {0}}
res = <optimized out>
save_place = <optimized out>
saved_non_agg_field_used = <optimized out>
#9 0x000000000072342a in JOIN::prepare (this=0x7fff70031e80, tables_init=<optimized out>, conds_init=<optimized out>, og_num=<optimized out>, order_init=<optimized out>, skip_order_by=false,
group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x7fff70015ed8, unit_arg=0x7fff70017128) at /home/dan/repos/mariadb-server-10.5/sql/sql_select.cc:1340
trace_wrapper = {<Json_writer_struct> = {_vptr$Json_writer_struct = 0xf28b28 <vtable for Json_writer_object+16>, my_writer = 0x0, context = {writer = 0x0}, closed = false}, <No data fields>}
trace_prepare = {<Json_writer_struct> = {_vptr$Json_writer_struct = 0xf28b28 <vtable for Json_writer_object+16>, my_writer = 0x0, context = {writer = 0x0}, closed = false}, <No data fields>}
trace_steps = {<Json_writer_struct> = {_vptr$Json_writer_struct = 0xf28ba0 <vtable for Json_writer_array+16>, my_writer = 0x0, context = {writer = 0x0}, closed = false}, <No data fields>}
real_og_num = <optimized out>
save_place = <optimized out>
with_clause = <optimized out>
res = <optimized out>
with_elem = <optimized out>
#10 0x000000000098af11 in subselect_single_select_engine::prepare (this=0x7fff70017b20, thd=0x7fff70000c68) at /home/dan/repos/mariadb-server-10.5/sql/item_subselect.cc:3840
save_select = 0x7fff70014588
#11 0x00000000009831f4 in Item_subselect::fix_fields (this=0x7fff70017960, thd_param=<optimized out>, ref=0x7fff70017c98) at /home/dan/repos/mariadb-server-10.5/sql/item_subselect.cc:291
save_where = 0xf2c087 "on clause"
res = false
uncacheable = <optimized out>
#12 0x0000000000919135 in Item::fix_fields_if_needed (this=0x7fff70017960, thd=0x7fff70000c68, ref=0x7fff70017c98) at /home/dan/repos/mariadb-server-10.5/sql/item.h:990
No locals.
#13 Item::fix_fields_if_needed_for_scalar (this=0x7fff70017960, thd=0x7fff70000c68, ref=0x7fff70017c98) at /home/dan/repos/mariadb-server-10.5/sql/item.h:994
No locals.
#14 Item::fix_fields_if_needed_for_bool (this=0x7fff70017960, thd=0x7fff70000c68, ref=0x7fff70017c98) at /home/dan/repos/mariadb-server-10.5/sql/item.h:998
No locals.
#15 Item_cond::fix_fields (this=0x7fff70017b60, thd=0x7fff70000c68, ref=<optimized out>) at /home/dan/repos/mariadb-server-10.5/sql/item_cmpfunc.cc:4902
type = <optimized out>
buff = "4\254\211\367\377\177\000"
li = {<base_list_iterator> = {list = 0x7fff70017c30, el = <synthetic pointer>, prev = <synthetic pointer>, current = <synthetic pointer>}, <No data fields>}
item = 0x7fff70017960
is_and_cond = <optimized out>
#16 0x00000000006a0443 in Item::fix_fields_if_needed (this=0x7fff70017b60, thd=0x7fff70000c68, ref=0x7fff700152c8) at /home/dan/repos/mariadb-server-10.5/sql/item.h:990
No locals.
#17 Item::fix_fields_if_needed_for_scalar (this=0x7fff70017b60, thd=0x7fff70000c68, ref=0x7fff700152c8) at /home/dan/repos/mariadb-server-10.5/sql/item.h:994
No locals.
#18 Item::fix_fields_if_needed_for_bool (this=0x7fff70017b60, thd=0x7fff70000c68, ref=0x7fff700152c8) at /home/dan/repos/mariadb-server-10.5/sql/item.h:998
No locals.
#19 setup_on_expr (thd=thd@entry=0x7fff70000c68, table=0x7fff70015268, table@entry=0x7fff70014b28, is_update=false) at /home/dan/repos/mariadb-server-10.5/sql/sql_base.cc:8365
embedding = 0x7fff70015268
embedded = 0x7fff70015268
buff = "h\f\000p\377\177\000\000\004\000\000\000\000\000\000\000\000\227\030\364\377\177\000\000\300\226\030\364\377\177\000\000h\f\000p\377\177\000\000\220K\000p\377\177\000\000\260\226\030\364\377\177\000\000\212\021n\000\000\000\000\000\020\227\030\364\377\177\000\000\000\227\030\364\377\177\000\000\020\246\030\364\377\177\000\000\220K\000p\377\177\000\000h\f\000p\377\177\000\000\210\301\004\002", '\000' <repeats 20 times>, "(q\001p\377\177\000\000h\f\000p\377\177\000\000\260\245\030\364\377\177\000\000\360\242\030\364\377\177\000\000\330^\001p\f\000\000\000\260\245\030\364\377\177\000\000h\f\000p\377\177\000\000E\000\000\000\000\000\000\0008\000\003p\377\177\000\000"...
#20 0x00000000006a070f in setup_conds (thd=0x7fff70000c68, tables=0x7fff70014b28, leaves=<optimized out>, conds=conds@entry=0x7fff70031b48) at /home/dan/repos/mariadb-server-10.5/sql/sql_base.cc:8484
select_lex = 0x7fff70014588
table = <optimized out>
it_is_update = false
save_is_item_list_lookup = true
derived = 0x0
save_resolve_in_select_list = true
#21 0x0000000000723ff7 in setup_without_group (thd=0x4, ref_pointer_array={m_array = 0x7fff70031ce0, m_size = 10}, tables=0x7fff70014b28,
leaves=@0x7fff70016d88: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x4449, last = 0x10e38a8 <vtable for Item_field+16>, elements = 0}, <No data fields>},
fields=@0x7fff700146f0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x7fff70014ae0, last = 0x7fff70014ae0, elements = 1}, <No data fields>},
all_fields=@0x7fff70031a60: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x7fff70014ae0, last = 0x7fff70014ae0, elements = 1}, <No data fields>}, conds=0x7fff70031b48, order=0x0,
group=0x0, win_specs=@0x7fff700149e8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x169bef0 <end_of_list>, last = 0x7fff700149e8, elements = 0}, <No data fields>},
win_funcs=@0x7fff70014a00: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x169bef0 <end_of_list>, last = 0x7fff70014a00, elements = 0}, <No data fields>},
hidden_group_fields=0x7fff70031a1f, reserved=0x7fff700148c4) at /home/dan/repos/mariadb-server-10.5/sql/sql_select.cc:753
select = 0x7fff70014588
save_allow_sum_func = {buffer = {0}}
res = <optimized out>
save_place = <optimized out>
saved_non_agg_field_used = <optimized out>
#22 0x000000000072342a in JOIN::prepare (this=0x7fff70031738, tables_init=<optimized out>, conds_init=<optimized out>, og_num=<optimized out>, order_init=<optimized out>, skip_order_by=true,
group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x7fff70014588, unit_arg=0x7fff70004c58) at /home/dan/repos/mariadb-server-10.5/sql/sql_select.cc:1340
trace_wrapper = {<Json_writer_struct> = {_vptr$Json_writer_struct = 0xf28b28 <vtable for Json_writer_object+16>, my_writer = 0x0, context = {writer = 0x0}, closed = false}, <No data fields>}
trace_prepare = {<Json_writer_struct> = {_vptr$Json_writer_struct = 0xf28b28 <vtable for Json_writer_object+16>, my_writer = 0x0, context = {writer = 0x0}, closed = false}, <No data fields>}
trace_steps = {<Json_writer_struct> = {_vptr$Json_writer_struct = 0xf28ba0 <vtable for Json_writer_array+16>, my_writer = 0x0, context = {writer = 0x0}, closed = false}, <No data fields>}
real_og_num = <optimized out>
save_place = <optimized out>
with_clause = <optimized out>
res = <optimized out>
with_elem = <optimized out>
#23 0x00000000007a3ef2 in st_select_lex_unit::prepare_join (this=0x7fff70004c58, thd_arg=0x7fff70000c68, sl=0x7fff70014588, tmp_result=<optimized out>, additional_options=<optimized out>,
is_union_select=true) at /home/dan/repos/mariadb-server-10.5/sql/sql_union.cc:1103
derived = 0x0
join = 0x7fff70031738
can_skip_order_by = true
#24 0x00000000007a0d8c in st_select_lex_unit::prepare (this=this@entry=0x7fff70004c58, derived_arg=0x0, sel_result=sel_result@entry=0x7fff700308e0, additional_options=140735072529800)
at /home/dan/repos/mariadb-server-10.5/sql/sql_union.cc:1576
lex_select_save = 0x7fff70012db8
first_sl = 0x7fff70012db8
is_recursive = false
is_rec_result_table_created = false
union_part_count = 2
have_except = <optimized out>
have_intersect = false
have_except_all_or_intersect_all = <optimized out>
instantiate_tmp_table = <optimized out>
single_tvc_wo_order = <optimized out>
sl = 0x7fff70016d80
is_union_select = <optimized out>
tmp_result = 0x7fff70030908
single_tvc = <optimized out>
#25 0x00000000007a0266 in mysql_union (thd=thd@entry=0x7fff70000c68, lex=lex@entry=0x7fff70004b90, result=0x7fff70016d80, result@entry=0x7fff700308e0, unit=unit@entry=0x7fff70004c58,
setup_tables_done_option=140735072529800, setup_tables_done_option@entry=0) at /home/dan/repos/mariadb-server-10.5/sql/sql_union.cc:40
res = <optimized out>
#26 0x00000000007200b9 in handle_select (thd=thd@entry=0x7fff70000c68, lex=lex@entry=0x7fff70004b90, result=result@entry=0x7fff700308e0, setup_tables_done_option=setup_tables_done_option@entry=0)
at /home/dan/repos/mariadb-server-10.5/sql/sql_select.cc:440
select_lex = 0x7fff70012db8
res = <optimized out>
#27 0x00000000006ffa7a in execute_sqlcom_select (thd=thd@entry=0x7fff70000c68, all_tables=0x7fff70014b28) at /home/dan/repos/mariadb-server-10.5/sql/sql_parse.cc:6331
save_protocol = 0x0
lex = 0x7fff70004b90
result = 0x7fff700308e0
res = <optimized out>
#28 0x00000000006fa7d1 in mysql_execute_command (thd=thd@entry=0x7fff70000c68) at /home/dan/repos/mariadb-server-10.5/sql/sql_parse.cc:4008
privileges_requested = <optimized out>
ots = {ctx = 0x7fff70004860, traceable = false}
trace_command = {<Json_writer_struct> = {_vptr$Json_writer_struct = 0xf28b28 <vtable for Json_writer_object+16>, my_writer = 0x0, context = {writer = 0x0}, closed = false}, <No data fields>}
trace_command_steps = {<Json_writer_struct> = {_vptr$Json_writer_struct = 0xf28ba0 <vtable for Json_writer_array+16>, my_writer = 0x0, context = {writer = 0x0},
closed = false}, <No data fields>}
res = 0
up_result = 0
lex = 0x7fff70004b90
select_lex = 0x7fff70012db8
first_table = 0x0
unit = 0x7fff70004c58
have_table_map_for_update = <optimized out>
all_tables = 0x7fff70016d80
rpl_filter = <optimized out>
orig_binlog_format = <optimized out>
orig_current_stmt_binlog_format = <optimized out>
error = <optimized out>
wsrep_error_label = <optimized out>
#29 0x00000000006f67be in mysql_parse (thd=thd@entry=0x7fff70000c68,
rawbuf=0x7fff70012c00 "SELECT 'A'\n\nUNION\n\nSELECT 'B'\n\nUNION\n\nSELECT DISTINCT 1\n\nFROM a\n\nINNER JOIN b\n\non a.ID = b.ID AND EXISTS (SELECT * FROM d WHERE b.ID = c.ID )\n\nINNER JOIN c\n\non b.ID = c.ID", length=<optimized out>, parser_state=parser_state@entry=0x7ffff418a5b0, is_com_multi=false, is_next_command=<optimized out>)
at /home/dan/repos/mariadb-server-10.5/sql/sql_parse.cc:8106
found_semicolon = <optimized out>
error = <optimized out>
lex = 0x7fff70004b90
err = <optimized out>
#30 0x00000000006f4b01 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x7fff70000c68,
packet=packet@entry=0x7fff700080c9 "SELECT 'A'\n\nUNION\n\nSELECT 'B'\n\nUNION\n\nSELECT DISTINCT 1\n\nFROM a\n\nINNER JOIN b\n\non a.ID = b.ID AND EXISTS (SELECT * FROM d WHERE b.ID = c.ID )\n\nINNER JOIN c\n\non b.ID = c.ID", packet_length=packet_length@entry=171, is_com_multi=false, is_next_command=false) at /home/dan/repos/mariadb-server-10.5/sql/sql_parse.cc:1891
parser_state = {m_lip = {lookahead_token = -1, lookahead_yylval = 0x0, m_thd = 0x7fff70000c68, m_ptr = 0x7fff70012cac "\004", m_tok_start = 0x7fff70012cac "\004",
m_tok_end = 0x7fff70012cac "\004", m_end_of_query = 0x7fff70012cab "", m_tok_start_prev = 0x7fff70012cab "",
m_buf = 0x7fff70012c00 "SELECT 'A'\n\nUNION\n\nSELECT 'B'\n\nUNION\n\nSELECT DISTINCT 1\n\nFROM a\n\nINNER JOIN b\n\non a.ID = b.ID AND EXISTS (SELECT * FROM d WHERE b.ID = c.ID )\n\nINNER JOIN c\n\non b.ID = c.ID", m_buf_length = 171, m_echo = true, m_echo_saved = false,
m_cpp_buf = 0x7fff70012d08 "SELECT 'A'\n\nUNION\n\nSELECT 'B'\n\nUNION\n\nSELECT DISTINCT 1\n\nFROM a\n\nINNER JOIN b\n\non a.ID = b.ID AND EXISTS (SELECT * FROM d WHERE b.ID = c.ID )\n\nINNER JOIN c\n\non b.ID = c.ID", m_cpp_ptr = 0x7fff70012db3 "", m_cpp_tok_start = 0x7fff70012db3 "", m_cpp_tok_start_prev = 0x7fff70012db3 "", m_cpp_tok_end = 0x7fff70012db3 "", m_body_utf8 = 0x0,
m_body_utf8_ptr = 0x0, m_cpp_utf8_processed_ptr = 0x0, next_state = MY_LEX_END, found_semicolon = 0x0, ignore_space = false, stmt_prepare_mode = false, multi_statements = true,
yylineno = 19, m_digest = 0x0, in_comment = NO_COMMENT, in_comment_saved = NO_COMMENT, m_cpp_text_start = 0x7fff70012db1 "ID", m_cpp_text_end = 0x7fff70012db3 "", m_underscore_cs = 0x0},
m_yacc = {yacc_yyss = 0x0, yacc_yyvs = 0x0, m_set_signal_info = {m_item = {0x0 <repeats 12 times>}}, m_lock_type = TL_READ_DEFAULT, m_mdl_type = MDL_SHARED_READ}, m_digest_psi = 0x0}
packet_end = <optimized out>
net = <optimized out>
error = false
do_end_of_statement = true
drop_more_results = <optimized out>
#31 0x00000000006f6ba2 in do_command (thd=0x7fff70000c68) at /home/dan/repos/mariadb-server-10.5/sql/sql_parse.cc:1375
packet = <optimized out>
net = 0x7fff70000f10
packet_length = 172
command = COM_QUERY
return_value = <optimized out>
#32 0x00000000007e8899 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x27fc0d8, put_in_cache=true) at /home/dan/repos/mariadb-server-10.5/sql/sql_connect.cc:1416
create_user = true
thr_create_utime = <optimized out>
thd = 0x4
#33 0x00000000007e870b in handle_one_connection (arg=arg@entry=0x27fc0d8) at /home/dan/repos/mariadb-server-10.5/sql/sql_connect.cc:1318
connect = 0x27fc0d8
#34 0x0000000000aec726 in pfs_spawn_thread (arg=0x2043118) at /home/dan/repos/mariadb-server-10.5/storage/perfschema/pfs.cc:2201
typed_arg = 0x2043118
klass = <optimized out>
pfs = <optimized out>
user_start_routine = 0x7e8690 <handle_one_connection(void*)>
user_arg = 0x27fc0d8
#35 0x00007ffff788a907 in start_thread () from /lib64/libc.so.6

query B - on 10.5.22 (as above) - also ERROR 1054 (42S22): Unknown column 'c.ID' in 'where clause'

[MDEV-31632] Server crashes in Item_field::fix_outer_field place= prev_subselect_item->parsing_place (prev_subselect_item=NULL) Created: 2023-07-05 Updated: 2023-10-09 Resolved: 2023-10-09
Status:	Closed
Project:	MariaDB Server
Component/s:	Data Manipulation - Subquery, Optimizer
Affects Version/s:	10.4, 10.6.12, 10.5, 10.6, 10.9, 10.10, 10.11, 11.0, 10.5.22, 10.6.15
Fix Version/s:	N/A

[MDEV-31632] Server crashes in Item_field::fix_outer_field place= prev_subselect_item->parsing_place (prev_subselect_item=NULL) Created: 2023-07-05 Updated: 2023-10-09 Resolved: 2023-10-09