[MDEV-32607] Server crash on query Created: 2023-10-27  Updated: 2023-11-09  Resolved: 2023-11-09

Status: Closed
Project: MariaDB Server
Component/s: Server
Affects Version/s: 11.1
Fix Version/s: N/A

Type: Bug Priority: Major
Reporter: csfuzz Assignee: Unassigned
Resolution: Duplicate Votes: 0
Labels: None

Issue Links:
Duplicate
duplicates MDEV-30711 The mysqld service core occurs when t... Confirmed

 Description    

CREATE TABLE v0 ( v1 TIMESTAMP NOT NULL PRIMARY KEY , c2 TIMESTAMP , c3 INT ) engine=innodb;
 
INSERT INTO v0 VALUES ( v1 IN ( SELECT v1 FROM v0 AS v2 WHERE v1 <= NULL ) , NULL , NULL , NULL ) , ( 'x' , 'x' , 20 ) ;
 
INSERT INTO v0 VALUES ( 'x' , 'x' , -1 ) , ( 'x' , 'x' , 16 ) ;
 
DELETE t1 , t2 FROM t1 , t2 WHERE t2 . c1 = t1 . c2 ;
 
SELECT * FROM t1 , t2 WHERE t2 . c1 = t1 . c2 ;
 
TRUNCATE TABLE t1 ;
 
TRUNCATE TABLE t2 ;
 
INSERT INTO v0 VALUES ( 'x' , 'x' , 51 ) , ( 'x' , 'x' , 127 ) ;
 
INSERT INTO v0 VALUES ( 'x' , 'x' , v1 IN ( SELECT v1 FROM ( SELECT v1 , v1 AS v5 FROM v0 GROUP BY v1 HAVING CASE WHEN v1 = 92 THEN v1 ELSE v1 + 2147483647 END > 'x' ) AS v3 NATURAL JOIN ( SELECT v1 FROM v0 WHERE 'x' < 77 ) AS v4 ) ) , ( 'x' , 'x' , 24 ) ;
 
DELETE FROM a1 , a2 USING t1 AS a1 INNER JOIN t2 AS a2 WHERE a2 . c1 = a1 . c2 ;
 
SELECT * FROM t1 , t2 WHERE t2 . c1 = t1 . c2 ;

stack trace:
Attempting backtrace. You can use the following information to find out
where mysqld died. If you see no messages after this, something went
terribly wrong...
stack_bottom = 0x7f6f88561880 thread_stack 0x5fc00
/usr/local/mysql/bin/mariadbd(__interceptor_backtrace+0x5b)[0x781b5b]
mysys/stacktrace.c:215(my_print_stacktrace)[0x228cfae]
sql/signal_handler.cc:0(handle_fatal_signal)[0x12bd0d2]
sigaction.c:0(__restore_rt)[0x7f6fac2fc420]
sql/sql_select.cc:7689(optimize_keyuse(JOIN*, st_dynamic_array*))[0xc553a0]
/usr/local/mysql/bin/mariadbd(_ZN4JOIN25add_keyuses_for_splittingEv+0x118f)[0x114605f]
/usr/local/mysql/bin/mariadbd(_ZN4JOIN14optimize_innerEv+0xa5aa)[0xc1deda]
/usr/local/mysql/bin/mariadbd(_ZN4JOIN8optimizeEv+0x176)[0xbffb46]
sql/sql_lex.cc:4847(st_select_lex::optimize_unflattened_subqueries(bool))[0xabbb11]
/usr/local/mysql/bin/mariadbd(_Z12mysql_insertP3THDP10TABLE_LISTR4ListI4ItemERS3_IS5_ES6_S6_15enum_duplicatesbP13select_result+0x138f)[0xa6fb5f]
sql/sql_parse.cc:4461(mysql_execute_command(THD*, bool))[0xb39328]
sql/sql_class.h:2830(THD::enter_stage(PSI_stage_info_v1 const*, char const*, char const*, unsigned int))[0xb24c79]
/usr/local/mysql/bin/mariadbd(_Z16dispatch_command19enum_server_commandP3THDPcjb+0x2cf8)[0xb1e648]
sql/sql_parse.cc:1407(do_command(THD*, bool))[0xb25971]
sql/sql_connect.cc:1416(do_handle_one_connection(CONNECT*, bool))[0xf0d066]
sql/sql_connect.cc:1322(handle_one_connection)[0xf0caa9]
perfschema/pfs.cc:2203(pfs_spawn_thread)[0x19d710b]
nptl/pthread_create.c:478(start_thread)[0x7f6fac2f0609]
addr2line: DWARF error: section .debug_info is larger than its filesize! (0x93ef57 vs 0x530f28)
/lib/x86_64-linux-gnu/libc.so.6(clone+0x43)[0x7f6fac008133]

 Comments   
Comment by Alice Sherepa [ 2023-11-09 ]

Thanks! This is the same as MDEV-30711

 
 
231109 14:28:02 [ERROR] mysqld got signal 11 ;
 
 
 
Server version: 11.2.2-MariaDB-debug-log source revision: f7646d890b98e1ff5480f60c9d4795a4c9efa6ba
 
 
 
mysys/stacktrace.c:215(my_print_stacktrace)[0x56395837a503]
 
sql/signal_handler.cc:241(handle_fatal_signal)[0x563956f681b8]
 
sigaction.c:0(__restore_rt)[0x7ff4e5478420]
 
sql/sql_select.cc:7689(optimize_keyuse(JOIN*, st_dynamic_array*))[0x563956747004]
 
sql/opt_split.cc:849(JOIN::add_keyuses_for_splitting())[0x563956d93fc6]
 
sql/opt_split.cc:875(st_join_table::add_keyuses_for_splitting())[0x563956d94438]
 
sql/sql_select.cc:6028(make_join_statistics(JOIN*, List<TABLE_LIST>&, st_dynamic_array*))[0x56395673814c]
 
sql/sql_select.cc:2620(JOIN::optimize_inner())[0x563956715cab]
 
sql/sql_select.cc:1944(JOIN::optimize())[0x56395670ebfa]
 
sql/sql_lex.cc:4888(st_select_lex::optimize_unflattened_subqueries(bool))[0x563956597787]
 
sql/sql_insert.cc:877(mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicates, bool, select_result*))[0x563956546bf5]
 
sql/sql_parse.cc:4462(mysql_execute_command(THD*, bool))[0x563956615a8d]
 
sql/sql_parse.cc:7807(mysql_parse(THD*, char*, unsigned int, Parser_state*))[0x56395662cb13]
 
sql/sql_parse.cc:1895(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool))[0x563956604e7e]
 
sql/sql_parse.cc:1406(do_command(THD*, bool))[0x563956601bc8]
 
sql/sql_connect.cc:1418(do_handle_one_connection(CONNECT*, bool))[0x563956adfbfe]
 
sql/sql_connect.cc:1322(handle_one_connection)[0x563956adf55b]
 
perfschema/pfs.cc:2203(pfs_spawn_thread)[0x563957754ab6]
 
nptl/pthread_create.c:478(start_thread)[0x7ff4e546c609]
 
 
 
Query (0x6290001092a8): INSERT INTO v0 VALUES ( 'x' , 'x' , v1 IN ( SELECT v1 FROM ( SELECT v1 , v1 AS v5 FROM v0 GROUP BY v1 HAVING CASE WHEN v1 = 92 THEN v1 ELSE v1 + 2147483647 END > 'x' ) AS v3 NATURAL JOIN ( SELECT v1 FROM v0 WHERE 'x' < 77 ) AS v4 ) ) , ( 'x' , 'x' , 24 )

Generated at Thu Feb 08 10:32:38 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.