[MDEV-32284] MariaDB server crashes in sub-select optimization Created: 2023-09-28  Updated: 2023-12-27

Status: Confirmed
Project: MariaDB Server
Component/s: Server
Affects Version/s: 10.4, 10.5, 10.6, 10.9, 10.10, 10.11, 11.0, 11.3
Fix Version/s: 10.4, 10.5, 10.6, 10.11, 11.0, 11.1, 11.2, 11.3

Type: Bug Priority: Major
Reporter: Yu Liang Assignee: Oleksandr Byelkin
Resolution: Unresolved Votes: 0
Labels: None
Environment:

Ubuntu Desktop 20.04 LTS
Intel(R) Core(TM) i7-10700 CPU @ 2.90GHz


 Description   

The latest version of MariDB Server: Git commit hash: (905c3d61e18ae6222d0d195c43d335046eec65d9) crashes when executing the following query:

drop database if exists test1;
create database test1;
use test1;
create table v1099(c1100 INT);
INSERT v1099 SET c1100 = DEFAULT ;
( SELECT * FROM v1099 LOCK IN SHARE MODE ) ORDER BY c1100 , EXISTS ( SELECT * UNION SELECT * ) = c1100 ;

Here is the crashing stack trace from version: 905c3d61e18

#0 0x000000000105ddcc in st_select_lex_unit::optimize (this=<optimized out>) at /home/mysql/mariadb/sql/sql_union.cc:2249
#1 0x000000000105e6e4 in st_select_lex_unit::exec_inner (this=0xffff7f07a188) at /home/mysql/mariadb/sql/sql_union.cc:2310
#2 0x000000000104f9e8 in st_select_lex_unit::exec (this=0xffff7f07a188) at /home/mysql/mariadb/sql/sql_union.cc:2292
#3 0x0000000001accf54 in subselect_union_engine::exec (this=<optimized out>) at /home/mysql/mariadb/sql/item_subselect.cc:4187
#4 0x0000000001aa5370 in Item_subselect::exec (this=0xffff7f07b498) at /home/mysql/mariadb/sql/item_subselect.cc:812
#5 0x0000000001ab0770 in Item_exists_subselect::val_int (this=0xffff7f07b498) at /home/mysql/mariadb/sql/item_subselect.cc:1840
#6 0x0000000001821df0 in Arg_comparator::compare_int_signed (this=0xffff7f07b880) at /home/mysql/mariadb/sql/item_cmpfunc.cc:944
#7 0x000000000182be1c in Arg_comparator::compare (this=<optimized out>) at /home/mysql/mariadb/sql/item_cmpfunc.h:104
#8 Item_func_eq::val_int (this=<optimized out>) at /home/mysql/mariadb/sql/item_cmpfunc.cc:1780
#9 0x000000000170d210 in Type_handler_int_result::make_sort_key_part (this=<optimized out>, to=0xffff81814d1d '\276' <repeats 200 times>..., item=0xffff7f07b7c8,
sort_field=0xffff7f0dd560, tmp_buffer=0xffff81368a88) at /home/mysql/mariadb/sql/filesort.cc:1245
#10 0x000000000170ae1c in make_sortkey (param=<optimized out>, to=0xffff81814d1d '\276' <repeats 200 times>...) at /home/mysql/mariadb/sql/filesort.cc:2954
#11 make_sortkey (param=<optimized out>, to=<optimized out>, ref_pos=<optimized out>, using_packed_sortkeys=<optimized out>) at /home/mysql/mariadb/sql/filesort.cc:1414
#12 0x0000000001706558 in find_all_keys (thd=0xffff58662218, param=0xffff81368a10, select=0xffff7f0dad58, fs_info=0xffff7da09a40, buffpek_pointers=0xffff813688d0,
tempfile=0xffff81368790, pq=0x0, found_rows=0xffff7da09bb8) at /home/mysql/mariadb/sql/filesort.cc:1030
#13 filesort (thd=0xffff58662218, table=0x18, filesort=<optimized out>, tracker=0xffff7f0db110, join=<optimized out>, first_table_bit=<optimized out>)
at /home/mysql/mariadb/sql/filesort.cc:408
#14 0x0000000000e996e0 in create_sort_index (thd=0xffff58662218, join=0xffff7f0d3190, tab=0xffff7f0dc238, fsort=0xffff7f0daef0)
at /home/mysql/mariadb/sql/sql_select.cc:26843
#15 0x0000000000e991d0 in st_join_table::sort_table (this=0xffff7f0dc238) at /home/mysql/mariadb/sql/sql_select.cc:24485
#16 0x0000000000e170c4 in join_init_read_record (tab=0xffff7f0dc238) at /home/mysql/mariadb/sql/sql_select.cc:24405
#17 0x0000000000da1a9c in sub_select (join=0xffff7f0d3190, join_tab=0xffff7f0dc238, end_of_records=<optimized out>) at /home/mysql/mariadb/sql/sql_select.cc:23441
#18 0x0000000000e1f3f8 in do_select (join=0xffff7f0d3190, procedure=0x0) at /home/mysql/mariadb/sql/sql_select.cc:22961
#19 JOIN::exec_inner (this=0xffff7f0d3190) at /home/mysql/mariadb/sql/sql_select.cc:4941
#20 0x0000000000e1c110 in JOIN::exec (this=0xffff7f0d3190) at /home/mysql/mariadb/sql/sql_select.cc:4718
#21 0x0000000000da4580 in mysql_select (thd=0xffff58662218, tables=<optimized out>, fields=..., conds=<optimized out>, og_num=<optimized out>, order=<optimized out>,
group=<optimized out>, having=<optimized out>, proc_param=0x0, select_options=<optimized out>, result=0xffff7f07c1d8, unit=0xffff58666590, select_lex=0xffff7f07ba98)
at /home/mysql/mariadb/sql/sql_select.cc:5249
#22 0x0000000000da36bc in handle_select (thd=0xffff58662218, lex=0xffff586664b0, result=0xffff7f07c1d8, setup_tables_done_option=0)
at /home/mysql/mariadb/sql/sql_select.cc:628
#23 0x0000000000cc9b24 in execute_sqlcom_select (thd=0xffff58662218, all_tables=<optimized out>) at /home/mysql/mariadb/sql/sql_parse.cc:6012
#24 0x0000000000cae820 in mysql_execute_command (thd=0xffff58662218, is_called_from_prepared_stmt=<optimized out>) at /home/mysql/mariadb/sql/sql_parse.cc:3911
#25 0x0000000000c9aa54 in mysql_parse (thd=0xffff58662218, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>)
at /home/mysql/mariadb/sql/sql_parse.cc:7732
#26 0x0000000000c8fb18 in dispatch_command (command=<optimized out>, thd=0xffff58662218, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>)
at /home/mysql/mariadb/sql/sql_parse.cc:1893
#27 0x0000000000c9b920 in do_command (thd=0xffff58662218, blocking=true) at /home/mysql/mariadb/sql/sql_parse.cc:1406
#28 0x00000000011d5160 in do_handle_one_connection (connect=<optimized out>, put_in_cache=<optimized out>) at /home/mysql/mariadb/sql/sql_connect.cc:1445
#29 0x00000000011d4a88 in handle_one_connection (arg=0xffff8024afb8) at /home/mysql/mariadb/sql/sql_connect.cc:1347
#30 0x00000000020a6ee8 in pfs_spawn_thread (arg=0xffff7ea10398) at /home/mysql/mariadb/storage/perfschema/pfs.cc:2201
#31 0x0000ffff85c11624 in start_thread (arg=0x816fa0 <asan_thread_start(void*)>) at pthread_create.c:477
#32 0x0000ffff8593349c in thread_start () at ../sysdeps/unix/sysv/linux/aarch64/clone.S:78

Some other useful information:

Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,engine_condition_pushdown=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on,not_null_range_scan=off,hash_join_cardinality=on,sargable_casefold=on

I am not sure whether the bug has the same root cause of MDEV-29411. It does share a different crash stack. And I believe the bug introduced commit is:

commit de745ecf29721795710910a19bd0ea3389da804c
Author: Oleksandr Byelkin <sanja@mariadb.com>
Date: Tue May 22 19:08:39 2018 +0200

MDEV-11953: support of brackets in UNION/EXCEPT/INTERSECT operations

 Comments   
Comment by Alice Sherepa [ 2023-09-29 ]

Thanks! I repeated as described on 10.4-11.2, with InnoDB/Aria/Myisam

--source include/have_innodb.inc
 
 
 
CREATE TABLE t1(a int)engine=innodb;
 
INSERT into t1 VALUES (1),(2),(3);
 
 
 
(SELECT 1 FROM t1 LOCK IN SHARE MODE) ORDER BY a>=any (SELECT 1 UNION SELECT 1)  ;
 
#(SELECT 1 FROM t1 LOCK IN SHARE MODE) ORDER BY a +(SELECT 1 UNION SELECT 1)  ;
 
#(SELECT 1 FROM t1 LOCK IN SHARE MODE) ORDER BY a =(SELECT 1 UNION SELECT 1)  ;
 
#(SELECT 1 FROM t1 LOCK IN SHARE MODE) ORDER BY exists(SELECT 1 UNION SELECT a)  ;
 
#(SELECT 1 FROM t1 LOCK IN SHARE MODE) ORDER BY exists(SELECT 1 except SELECT a)  ;


230929 10:44:02 [ERROR] mysqld got signal 11 ;
 
Server version: 10.4.32-MariaDB-debug-log source revision: 50a2e8b1892b6b8a276d4bd75a1a02148f9e6ff2
 
 
 
mysys/stacktrace.c:174(my_print_stacktrace)[0x55d9c9d54603]
 
sql/signal_handler.cc:238(handle_fatal_signal)[0x55d9c88f57e9]
 
sigaction.c:0(__restore_rt)[0x7f9ecda62420]
 
sql/sql_union.cc:1486(st_select_lex_unit::optimize())[0x55d9c8402b3e]
 
sql/sql_union.cc:1524(st_select_lex_unit::exec())[0x55d9c8403382]
 
sql/item_subselect.cc:4049(subselect_union_engine::exec())[0x55d9c8b5114d]
 
sql/item_subselect.cc:758(Item_subselect::exec())[0x55d9c8b2b5aa]
 
sql/item_subselect.cc:938(Item_in_subselect::exec())[0x55d9c8b2cbae]
 
sql/item_subselect.cc:1868(Item_in_subselect::val_bool())[0x55d9c8b38067]
 
sql/item.h:1561(Item::val_bool_result())[0x55d9c7e7821a]
 
sql/item_cmpfunc.cc:1673(Item_in_optimizer::val_int())[0x55d9c89cfdc6]
 
sql/item_cmpfunc.cc:260(Item_func_nop_all::val_int())[0x55d9c89be7de]
 
sql/item.h:1557(Item::val_int_result())[0x55d9c7e780be]
 
sql/filesort.cc:1052(Type_handler_int_result::make_sort_key(unsigned char*, Item*, SORT_FIELD_ATTR const*, String*) const)[0x55d9c88eaa1c]
 
sql/filesort.cc:1207(make_sortkey(Sort_param*, unsigned char*, unsigned char*))[0x55d9c88ec168]
 
sql/filesort.cc:849(find_all_keys(THD*, Sort_param*, SQL_SELECT*, SORT_INFO*, st_io_cache*, st_io_cache*, Bounded_queue<unsigned char, unsigned char>*, unsigned long long*))[0x55d9c88e9496]
 
sql/filesort.cc:262(filesort(THD*, TABLE*, Filesort*, Filesort_tracker*, JOIN*, unsigned long long))[0x55d9c88e4d8d]
 
sql/sql_select.cc:24212(create_sort_index(THD*, JOIN*, st_join_table*, Filesort*))[0x55d9c829b7dc]
 
sql/sql_select.cc:21890(st_join_table::sort_table())[0x55d9c8289f3d]
 
sql/sql_select.cc:21829(join_init_read_record(st_join_table*))[0x55d9c828943f]
 
sql/sql_select.cc:20899(sub_select(JOIN*, st_join_table*, bool))[0x55d9c8282b58]
 
sql/sql_select.cc:20423(do_select(JOIN*, Procedure*))[0x55d9c8280aba]
 
sql/sql_select.cc:4605(JOIN::exec_inner())[0x55d9c820e602]
 
sql/sql_select.cc:4388(JOIN::exec())[0x55d9c820bc2e]
 
sql/sql_select.cc:4828(mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x55d9c820fe0e]
 
sql/sql_select.cc:442(handle_select(THD*, LEX*, select_result*, unsigned long))[0x55d9c81e0922]
 
sql/sql_parse.cc:6475(execute_sqlcom_select(THD*, TABLE_LIST*))[0x55d9c814c72c]
 
sql/sql_parse.cc:3978(mysql_execute_command(THD*))[0x55d9c8139ea3]
 
sql/sql_parse.cc:8012(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x55d9c8155c07]
 
sql/sql_parse.cc:1860(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x55d9c812c02d]
 
sql/sql_parse.cc:1378(do_command(THD*))[0x55d9c8128b58]
 
sql/sql_connect.cc:1420(do_handle_one_connection(CONNECT*))[0x55d9c85367fd]
 
sql/sql_connect.cc:1325(handle_one_connection)[0x55d9c85360a1]
 
perfschema/pfs.cc:1871(pfs_spawn_thread)[0x55d9c91e099a]
 
nptl/pthread_create.c:478(start_thread)[0x7f9ecda56609]
 
 
 
Query (0x62b0000a1290): (SELECT 1 FROM t1 LOCK IN SHARE MODE) ORDER BY a>=any (SELECT 1 UNION SELECT 1)
 
 
 
 
 
Version: '10.4.32-MariaDB-debug-log' 
230929 10:44:46 [ERROR] mysqld got signal 11 ;
 
 
 
Server version: 10.4.32-MariaDB-debug-log source revision: 50a2e8b1892b6b8a276d4bd75a1a02148f9e6ff2
 
 
 
sql/signal_handler.cc:238(handle_fatal_signal)[0x561da43fd7e9]
 
sigaction.c:0(__restore_rt)[0x7fa507c4c420]
 
sql/sql_union.cc:1486(st_select_lex_unit::optimize())[0x561da3f0ab3e]
 
sql/sql_union.cc:1524(st_select_lex_unit::exec())[0x561da3f0b382]
 
sql/item_subselect.cc:4049(subselect_union_engine::exec())[0x561da465914d]
 
sql/item_subselect.cc:758(Item_subselect::exec())[0x561da46335aa]
 
sql/item_subselect.cc:1382(Item_singlerow_subselect::val_int())[0x561da46393f1]
 
sql/item_func.cc:1118(Item_func_plus::int_op())[0x561da4562c3a]
 
sql/item_func.h:750(Item_func_hybrid_field_type::val_int_from_int_op())[0x561da41edd42]
 
sql/sql_type.cc:4931(Type_handler_int_result::Item_func_hybrid_field_type_val_int(Item_func_hybrid_field_type*) const)[0x561da41c2700]
 
sql/item_func.h:806(Item_func_hybrid_field_type::val_int())[0x561da3c048d9]
 
sql/item.h:1557(Item::val_int_result())[0x561da39800be]
 
sql/filesort.cc:1052(Type_handler_int_result::make_sort_key(unsigned char*, Item*, SORT_FIELD_ATTR const*, String*) const)[0x561da43f2a1c]
 
sql/filesort.cc:1207(make_sortkey(Sort_param*, unsigned char*, unsigned char*))[0x561da43f4168]
 
sql/filesort.cc:849(find_all_keys(THD*, Sort_param*, SQL_SELECT*, SORT_INFO*, st_io_cache*, st_io_cache*, Bounded_queue<unsigned char, unsigned char>*, unsigned long long*))[0x561da43f1496]
 
sql/filesort.cc:262(filesort(THD*, TABLE*, Filesort*, Filesort_tracker*, JOIN*, unsigned long long))[0x561da43ecd8d]
 
sql/sql_select.cc:24212(create_sort_index(THD*, JOIN*, st_join_table*, Filesort*))[0x561da3da37dc]
 
sql/sql_select.cc:21890(st_join_table::sort_table())[0x561da3d91f3d]
 
sql/sql_select.cc:21829(join_init_read_record(st_join_table*))[0x561da3d9143f]
 
sql/sql_select.cc:20899(sub_select(JOIN*, st_join_table*, bool))[0x561da3d8ab58]
 
sql/sql_select.cc:20423(do_select(JOIN*, Procedure*))[0x561da3d88aba]
 
sql/sql_select.cc:4605(JOIN::exec_inner())[0x561da3d16602]
 
sql/sql_select.cc:4388(JOIN::exec())[0x561da3d13c2e]
 
sql/sql_select.cc:4828(mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x561da3d17e0e]
 
sql/sql_select.cc:442(handle_select(THD*, LEX*, select_result*, unsigned long))[0x561da3ce8922]
 
sql/sql_parse.cc:6475(execute_sqlcom_select(THD*, TABLE_LIST*))[0x561da3c5472c]
 
sql/sql_parse.cc:3978(mysql_execute_command(THD*))[0x561da3c41ea3]
 
sql/sql_parse.cc:8012(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x561da3c5dc07]
 
sql/sql_parse.cc:1860(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x561da3c3402d]
 
sql/sql_parse.cc:1378(do_command(THD*))[0x561da3c30b58]
 
sql/sql_connect.cc:1420(do_handle_one_connection(CONNECT*))[0x561da403e7fd]
 
sql/sql_connect.cc:1325(handle_one_connection)[0x561da403e0a1]
 
perfschema/pfs.cc:1871(pfs_spawn_thread)[0x561da4ce899a]
 
nptl/pthread_create.c:478(start_thread)[0x7fa507c40609]
 
 
 
Query (0x62b0000a1290): (SELECT 1 FROM t1 LOCK IN SHARE MODE) ORDER BY a + (SELECT 1 UNION SELECT 1)
 
 
 
 
 
230929 10:45:58 [ERROR] mysqld got signal 11 ;
 
 
 
Server version: 10.4.32-MariaDB-debug-log source revision: 50a2e8b1892b6b8a276d4bd75a1a02148f9e6ff2
 
 
 
sql/signal_handler.cc:238(handle_fatal_signal)[0x55827693d7e9]
 
sigaction.c:0(__restore_rt)[0x7f308a506420]
 
sql/sql_union.cc:1486(st_select_lex_unit::optimize())[0x55827644ab3e]
 
sql/sql_union.cc:1524(st_select_lex_unit::exec())[0x55827644b382]
 
sql/item_subselect.cc:4049(subselect_union_engine::exec())[0x558276b9914d]
 
sql/item_subselect.cc:758(Item_subselect::exec())[0x558276b735aa]
 
sql/item_subselect.cc:1382(Item_singlerow_subselect::val_int())[0x558276b793f1]
 
sql/item_cmpfunc.cc:953(Arg_comparator::compare_int_signed())[0x558276a10258]
 
sql/item_cmpfunc.h:104(Arg_comparator::compare())[0x558276a51e9a]
 
sql/item_cmpfunc.cc:1790(Item_func_eq::val_int())[0x558276a19c51]
 
sql/item.h:1557(Item::val_int_result())[0x558275ec00be]
 
sql/filesort.cc:1052(Type_handler_int_result::make_sort_key(unsigned char*, Item*, SORT_FIELD_ATTR const*, String*) const)[0x558276932a1c]
 
sql/filesort.cc:1207(make_sortkey(Sort_param*, unsigned char*, unsigned char*))[0x558276934168]
 
sql/filesort.cc:849(find_all_keys(THD*, Sort_param*, SQL_SELECT*, SORT_INFO*, st_io_cache*, st_io_cache*, Bounded_queue<unsigned char, unsigned char>*, unsigned long long*))[0x558276931496]
 
sql/filesort.cc:262(filesort(THD*, TABLE*, Filesort*, Filesort_tracker*, JOIN*, unsigned long long))[0x55827692cd8d]
 
sql/sql_select.cc:24212(create_sort_index(THD*, JOIN*, st_join_table*, Filesort*))[0x5582762e37dc]
 
sql/sql_select.cc:21890(st_join_table::sort_table())[0x5582762d1f3d]
 
sql/sql_select.cc:21829(join_init_read_record(st_join_table*))[0x5582762d143f]
 
sql/sql_select.cc:20899(sub_select(JOIN*, st_join_table*, bool))[0x5582762cab58]
 
sql/sql_select.cc:20423(do_select(JOIN*, Procedure*))[0x5582762c8aba]
 
sql/sql_select.cc:4605(JOIN::exec_inner())[0x558276256602]
 
sql/sql_select.cc:4388(JOIN::exec())[0x558276253c2e]
 
sql/sql_select.cc:4828(mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x558276257e0e]
 
sql/sql_select.cc:442(handle_select(THD*, LEX*, select_result*, unsigned long))[0x558276228922]
 
sql/sql_parse.cc:6475(execute_sqlcom_select(THD*, TABLE_LIST*))[0x55827619472c]
 
sql/sql_parse.cc:3978(mysql_execute_command(THD*))[0x558276181ea3]
 
sql/sql_parse.cc:8012(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x55827619dc07]
 
sql/sql_parse.cc:1860(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x55827617402d]
 
sql/sql_parse.cc:1378(do_command(THD*))[0x558276170b58]
 
sql/sql_connect.cc:1420(do_handle_one_connection(CONNECT*))[0x55827657e7fd]
 
sql/sql_connect.cc:1325(handle_one_connection)[0x55827657e0a1]
 
perfschema/pfs.cc:1871(pfs_spawn_thread)[0x55827722899a]
 
nptl/pthread_create.c:478(start_thread)[0x7f308a4fa609]
 
/lib/x86_64-linux-gnu/libc.so.6(clone+0x43)[0x7f308a0cb133]
 
 
 
Query (0x62b0000a1290): (SELECT 1 FROM t1 LOCK IN SHARE MODE) ORDER BY a =(SELECT 1 UNION SELECT 1)
 
 
 
230929 10:47:51 [ERROR] mysqld got signal 11 ;
 
 
 
Server version: 10.4.32-MariaDB-debug-log source revision: 50a2e8b1892b6b8a276d4bd75a1a02148f9e6ff2
 
 
 
sigaction.c:0(__restore_rt)[0x7f21e9967420]
 
sql/sql_union.cc:1486(st_select_lex_unit::optimize())[0x56173f147b3e]
 
sql/sql_union.cc:1524(st_select_lex_unit::exec())[0x56173f148382]
 
sql/item_subselect.cc:4049(subselect_union_engine::exec())[0x56173f89614d]
 
sql/item_subselect.cc:758(Item_subselect::exec())[0x56173f8705aa]
 
sql/item_subselect.cc:1717(Item_exists_subselect::val_int())[0x56173f87adfd]
 
sql/item.h:1557(Item::val_int_result())[0x56173ebbd0be]
 
sql/filesort.cc:1052(Type_handler_int_result::make_sort_key(unsigned char*, Item*, SORT_FIELD_ATTR const*, String*) const)[0x56173f62fa1c]
 
sql/filesort.cc:1207(make_sortkey(Sort_param*, unsigned char*, unsigned char*))[0x56173f631168]
 
sql/filesort.cc:849(find_all_keys(THD*, Sort_param*, SQL_SELECT*, SORT_INFO*, st_io_cache*, st_io_cache*, Bounded_queue<unsigned char, unsigned char>*, unsigned long long*))[0x56173f62e496]
 
sql/filesort.cc:262(filesort(THD*, TABLE*, Filesort*, Filesort_tracker*, JOIN*, unsigned long long))[0x56173f629d8d]
 
sql/sql_select.cc:24212(create_sort_index(THD*, JOIN*, st_join_table*, Filesort*))[0x56173efe07dc]
 
sql/sql_select.cc:21890(st_join_table::sort_table())[0x56173efcef3d]
 
sql/sql_select.cc:21829(join_init_read_record(st_join_table*))[0x56173efce43f]
 
sql/sql_select.cc:20899(sub_select(JOIN*, st_join_table*, bool))[0x56173efc7b58]
 
sql/sql_select.cc:20423(do_select(JOIN*, Procedure*))[0x56173efc5aba]
 
sql/sql_select.cc:4605(JOIN::exec_inner())[0x56173ef53602]
 
sql/sql_select.cc:4388(JOIN::exec())[0x56173ef50c2e]
 
sql/sql_select.cc:4828(mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x56173ef54e0e]
 
sql/sql_select.cc:442(handle_select(THD*, LEX*, select_result*, unsigned long))[0x56173ef25922]
 
sql/sql_parse.cc:6475(execute_sqlcom_select(THD*, TABLE_LIST*))[0x56173ee9172c]
 
sql/sql_parse.cc:3978(mysql_execute_command(THD*))[0x56173ee7eea3]
 
sql/sql_parse.cc:8012(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x56173ee9ac07]
 
sql/sql_parse.cc:1860(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x56173ee7102d]
 
sql/sql_parse.cc:1378(do_command(THD*))[0x56173ee6db58]
 
sql/sql_connect.cc:1420(do_handle_one_connection(CONNECT*))[0x56173f27b7fd]
 
sql/sql_connect.cc:1325(handle_one_connection)[0x56173f27b0a1]
 
perfschema/pfs.cc:1871(pfs_spawn_thread)[0x56173ff2599a]
 
nptl/pthread_create.c:478(start_thread)[0x7f21e995b609]
 
/lib/x86_64-linux-gnu/libc.so.6(clone+0x43)[0x7f21e952c133]
 
 
 
Query (0x62b0000a1290): (SELECT 1 FROM t1 LOCK IN SHARE MODE) ORDER BY exists(SELECT 1 UNION SELECT a)


Version: '11.1.2-MariaDB'
 
230929 11:08:23 [ERROR] mysqld got signal 11 ;
 
 
 
Server version: 11.1.2-MariaDB source revision: 9bc25d98209df6810f7a7d5e7dd3ae677a313ab5
 
 
 
sql/signal_handler.cc:241(handle_fatal_signal)[0x55ffdb0b21f7]
 
sigaction.c:0(__restore_rt)[0x7fb25232b420]
 
sql/sql_union.cc:2251(st_select_lex_unit::optimize())[0x55ffdaf1fe16]
 
sql/sql_union.cc:2310(st_select_lex_unit::exec_inner())[0x55ffdaf20015]
 
sql/item_subselect.cc:4188(subselect_union_engine::exec())[0x55ffdb18196e]
 
sql/item_subselect.cc:817(Item_subselect::exec())[0x55ffdb1811aa]
 
sql/item_subselect.cc:1462(Item_singlerow_subselect::val_int())[0x55ffdb181d5e]
 
sql/item.cc:6849(Item::save_int_in_field(Field*, bool))[0x55ffdb0d906f]
 
sql/item.cc:6859(Item::save_in_field(Field*, bool))[0x55ffdb0ca9c6]
 
sql/sql_class.h:4432(copy_funcs(Item**, THD const*))[0x55ffdaeb0fc1]
 
sql/sql_select.cc:24974(end_write(JOIN*, st_join_table*, bool))[0x55ffdaeb1060]
 
sql/sql_class.h:4442(THD::get_stmt_da())[0x55ffdae9b29b]
 
sql/sql_select.cc:23445(sub_select(JOIN*, st_join_table*, bool))[0x55ffdaea1986]
 
sql/sql_select.cc:22957(JOIN::exec_inner())[0x55ffdaed4fc2]
 
sql/sql_select.cc:4713(JOIN::exec())[0x55ffdaed5323]
 
sql/sql_select.cc:5243(mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x55ffdaed33f6]
 
sql/sql_select.cc:640(handle_select(THD*, LEX*, select_result*, unsigned long long))[0x55ffdaed3cc4]
 
sql/sql_parse.cc:6041(execute_sqlcom_select(THD*, TABLE_LIST*))[0x55ffdacf55f1]
 
sql/sql_parse.cc:3954(mysql_execute_command(THD*, bool))[0x55ffdae63910]
 
sql/sql_parse.cc:7787(mysql_parse(THD*, char*, unsigned int, Parser_state*))[0x55ffdae6591b]
 
sql/sql_parse.cc:1951(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool))[0x55ffdae67d58]
 
sql/sql_parse.cc:1407(do_command(THD*, bool))[0x55ffdae69283]
 
sql/sql_connect.cc:1416(do_handle_one_connection(CONNECT*, bool))[0x55ffdaf760c7]
 
sql/sql_connect.cc:1324(handle_one_connection)[0x55ffdaf76364]
 
perfschema/pfs.cc:2204(pfs_spawn_thread)[0x55ffdb301e5c]
 
nptl/pthread_create.c:478(start_thread)[0x7fb25231f609]
 
 
 
Query (0x7fb1c0010c40): (SELECT 1 FROM t1 LOCK IN SHARE MODE) ORDER BY (SELECT a union values(1))


MariaDB [test]> explain extended (SELECT 1 FROM t1 LOCK IN SHARE MODE) ORDER BY exists(SELECT 1 union all SELECT a)  ;
 
+------+----------------------+------------+------+---------------+------+---------+------+------+----------+----------------+
 
| id   | select_type          | table      | type | possible_keys | key  | key_len | ref  | rows | filtered | Extra          |
 
+------+----------------------+------------+------+---------------+------+---------+------+------+----------+----------------+
 
|    1 | PRIMARY              | <derived2> | ALL  | NULL          | NULL | NULL    | NULL | 3    |   100.00 | Using filesort |
 
|    2 | DERIVED              | t1         | ALL  | NULL          | NULL | NULL    | NULL | 3    |   100.00 |                |
 
|    3 | UNCACHEABLE SUBQUERY | NULL       | NULL | NULL          | NULL | NULL    | NULL | NULL |     NULL | No tables used |
 
|    4 | DEPENDENT UNION      | NULL       | NULL | NULL          | NULL | NULL    | NULL | NULL |     NULL | No tables used |
 
+------+----------------------+------------+------+---------------+------+---------+------+------+----------+----------------+
 
4 rows in set, 2 warnings (0,001 sec)
 
 
 
Note (Code 1276): Field or reference 'test.t1.a' of SELECT #4 was resolved in SELECT #2
 
Note (Code 1003): /* select#1 */ select `__4`.`1` AS `1` from ((/* select#2 */ select 1 AS `1` from `test`.`t1` lock in share mode)) `__4` order by exists(/* select#3 */ select 1 union all /* select#4 */ select `test`.`t1`.`a` limit 1)
 
MariaDB [test]> explain extended (SELECT 1 FROM t1 LOCK IN SHARE MODE) ORDER BY a>=any (SELECT 1 UNION SELECT 1)  ;
 
+------+--------------------+------------+------+---------------+------+---------+------+------+----------+----------------+
 
| id   | select_type        | table      | type | possible_keys | key  | key_len | ref  | rows | filtered | Extra          |
 
+------+--------------------+------------+------+---------------+------+---------+------+------+----------+----------------+
 
|    1 | PRIMARY            | <derived2> | ALL  | NULL          | NULL | NULL    | NULL | 3    |   100.00 | Using filesort |
 
|    2 | DERIVED            | t1         | ALL  | NULL          | NULL | NULL    | NULL | 3    |   100.00 |                |
 
|    3 | DEPENDENT SUBQUERY | NULL       | NULL | NULL          | NULL | NULL    | NULL | NULL |     NULL | No tables used |
 
|    4 | DEPENDENT UNION    | NULL       | NULL | NULL          | NULL | NULL    | NULL | NULL |     NULL | No tables used |
 
| NULL | UNION RESULT       | <union3,4> | ALL  | NULL          | NULL | NULL    | NULL | NULL |     NULL |                |
 
+------+--------------------+------------+------+---------------+------+---------+------+------+----------+----------------+
 
5 rows in set, 1 warning (0,001 sec)
 
 
 
Note (Code 1003): /* select#1 */ select `__4`.`1` AS `1` from ((/* select#2 */ select 1 AS `1` from `test`.`t1` lock in share mode)) `__4` order by <nop>(<in_optimizer>(`test`.`t1`.`a`,<exists>(/* select#3 */ select 1 having trigcond(<cache>(`test`.`t1`.`a`) >= <ref_null_helper>(1)) union /* select#4 */ select 1 having trigcond(<cache>(`test`.`t1`.`a`) >= <ref_null_helper>(1)))))
 
 
 
MariaDB [test]> explain extended (SELECT 1 FROM t1 LOCK IN SHARE MODE) ORDER BY a +(SELECT 1 UNION SELECT 1);
 
+------+--------------+------------+------+---------------+------+---------+------+------+----------+----------------+
 
| id   | select_type  | table      | type | possible_keys | key  | key_len | ref  | rows | filtered | Extra          |
 
+------+--------------+------------+------+---------------+------+---------+------+------+----------+----------------+
 
|    1 | PRIMARY      | <derived2> | ALL  | NULL          | NULL | NULL    | NULL | 3    |   100.00 | Using filesort |
 
|    2 | DERIVED      | t1         | ALL  | NULL          | NULL | NULL    | NULL | 3    |   100.00 |                |
 
|    3 | SUBQUERY     | NULL       | NULL | NULL          | NULL | NULL    | NULL | NULL |     NULL | No tables used |
 
|    4 | UNION        | NULL       | NULL | NULL          | NULL | NULL    | NULL | NULL |     NULL | No tables used |
 
| NULL | UNION RESULT | <union3,4> | ALL  | NULL          | NULL | NULL    | NULL | NULL |     NULL |                |
 
+------+--------------+------------+------+---------------+------+---------+------+------+----------+----------------+
 
5 rows in set, 1 warning (0,001 sec)
 
 
 
Note (Code 1003): /* select#1 */ select `__4`.`1` AS `1` from ((/* select#2 */ select 1 AS `1` from `test`.`t1` lock in share mode)) `__4` order by `test`.`t1`.`a` + (/* select#3 */ select 1 union /* select#4 */ select 1)

Comment by Alice Sherepa [ 2023-12-27 ]

some selects are not crashing now, but some are still reproducible:

Version: '10.4.33-MariaDB-debug-log'  socket: '/home/alice/am/_depot/m-branch/m4-10.4-bld/mysql-test/var/tmp/mysqld.1.sock'  port: 16000  Source distribution
 
231227 14:01:20 [ERROR] mysqld got signal 11 ;
 
 
 
Server version: 10.4.33-MariaDB-debug-log source revision: 1b747ffd05dd524f8d43b35a2b583dc4c00d767b
 
 
 
sql/signal_handler.cc:235(handle_fatal_signal)[0x55bcaddc017f]
 
sigaction.c:0(__restore_rt)[0x7f6b18dac420]
 
sql/sql_union.cc:1486(st_select_lex_unit::optimize())[0x55bcad8cc73e]
 
sql/sql_union.cc:1524(st_select_lex_unit::exec())[0x55bcad8ccf82]
 
sql/item_subselect.cc:4064(subselect_union_engine::exec())[0x55bcae01d1d1]
 
sql/item_subselect.cc:758(Item_subselect::exec())[0x55bcadff75f8]
 
sql/item_subselect.cc:1735(Item_exists_subselect::val_int())[0x55bcae001f6d]
 
sql/item.h:1558(Item::val_int_result())[0x55bcad336806]
 
sql/filesort.cc:1052(Type_handler_int_result::make_sort_key(unsigned char*, Item*, SORT_FIELD_ATTR const*, String*) const)[0x55bcaddb53ca]
 
sql/filesort.cc:1207(make_sortkey(Sort_param*, unsigned char*, unsigned char*))[0x55bcaddb6b16]
 
sql/filesort.cc:849(find_all_keys(THD*, Sort_param*, SQL_SELECT*, SORT_INFO*, st_io_cache*, st_io_cache*, Bounded_queue<unsigned char, unsigned char>*, unsigned long long*))[0x55bcaddb3e44]
 
sql/filesort.cc:262(filesort(THD*, TABLE*, Filesort*, Filesort_tracker*, JOIN*, unsigned long long))[0x55bcaddaf73b]
 
sql/sql_select.cc:24246(create_sort_index(THD*, JOIN*, st_join_table*, Filesort*))[0x55bcad7636d7]
 
sql/sql_select.cc:21910(st_join_table::sort_table())[0x55bcad751af5]
 
sql/sql_select.cc:21849(join_init_read_record(st_join_table*))[0x55bcad750ff7]
 
sql/sql_select.cc:20919(sub_select(JOIN*, st_join_table*, bool))[0x55bcad74a710]
 
sql/sql_select.cc:20443(do_select(JOIN*, Procedure*))[0x55bcad748672]
 
sql/sql_select.cc:4625(JOIN::exec_inner())[0x55bcad6d627c]
 
sql/sql_select.cc:4408(JOIN::exec())[0x55bcad6d38ac]
 
sql/sql_select.cc:4848(mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x55bcad6d7a88]
 
sql/sql_select.cc:442(handle_select(THD*, LEX*, select_result*, unsigned long))[0x55bcad6a82fe]
 
sql/sql_parse.cc:6523(execute_sqlcom_select(THD*, TABLE_LIST*))[0x55bcad60f303]
 
sql/sql_parse.cc:3980(mysql_execute_command(THD*))[0x55bcad5fc923]
 
sql/sql_parse.cc:8062(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x55bcad61887f]
 
sql/sql_parse.cc:1860(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x55bcad5eea2b]
 
sql/sql_parse.cc:1378(do_command(THD*))[0x55bcad5eb556]
 
sql/sql_connect.cc:1419(do_handle_one_connection(CONNECT*))[0x55bcada005cc]
 
sql/sql_connect.cc:1324(handle_one_connection)[0x55bcad9ffe70]
 
perfschema/pfs.cc:1871(pfs_spawn_thread)[0x55bcae69e0d4]
 
nptl/pthread_create.c:478(start_thread)[0x7f6b18da0609]
 
 
 
Query (0x62b0000a1290): (SELECT 1 FROM t1 LOCK IN SHARE MODE) ORDER BY exists(SELECT 1 UNION SELECT a)

Generated at Thu Feb 08 10:30:13 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.