MariaDB 10.0.21 crashes during PREPARE

Description

MariaDB 10.0.21 crashes during preparation of an UPDATE statement with a SELECT subquery in combination with ONLY_FULL_GROUP_BY.

One can reproduce the issue using docker as follows:

First start the MariaDB database container:

1 docker run -it --rm --name crasher -e MYSQL_ROOT_PASSWORD=root mariadb:10.0.21

Afterwards connect with the MariaDB command line client:

1 docker run -ti --rm --link crasher:mariadb mariadb mysql --host=mariadb -proot

Inside the command line client perform the following querys:

1 2 3 4 5 6 7 8 9 10 -- create test database CREATE DATABASE IF NOT EXISTS db; use db; -- drop test tables DROP TABLE IF EXISTS t1; DROP TABLE IF EXISTS t2; -- create test tables CREATE TABLE t1 ( id INT(10), value INT(10) ); CREATE TABLE t2 ( id INT(10) ); -- enable full group by SET SESSION sql_mode = 'ONLY_FULL_GROUP_BY'; -- try to prepare query PREPARE stmt FROM 'UPDATE t1 t1 SET value = (SELECT 1 FROM t2 WHERE id = t1.id)';

The last query will return:

1 ERROR 2013 (HY000): Lost connection to MySQL server during query

And the server crashes because of signal 11. The stack trace is a follows:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 Thread pointer: 0x0x7fa1d3641008 Attempting backtrace. You can use the following information to find out where mysqld died. If you see no messages after this, something went terribly wrong... stack_bottom = 0x7fa1f779ce70 thread_stack 0x48000 mysqld(my_print_stacktrace+0x3d)[0x7fa1f7195a2d] mysqld(handle_fatal_signal+0x31a)[0x7fa1f6cd375a] /lib/x86_64-linux-gnu/libpthread.so.0(+0xf8d0)[0x7fa1f633d8d0] mysqld(_ZN10Item_field15fix_outer_fieldEP3THDPP5FieldPP4Item+0x14c)[0x7fa1f6cf8a1c] mysqld(_ZN10Item_field10fix_fieldsEP3THDPP4Item+0x4f2)[0x7fa1f6cf9742] mysqld(_ZN9Item_func10fix_fieldsEP3THDPP4Item+0x1b3)[0x7fa1f6d2f3a3] mysqld(_Z11setup_condsP3THDP10TABLE_LISTR4ListIS1_EPP4Item+0x1c3)[0x7fa1f6b09573] mysqld(+0x42f111)[0x7fa1f6b9d111] mysqld(_ZN30subselect_single_select_engine7prepareEv+0x688)[0x7fa1f6d62788] mysqld(_ZN14Item_subselect10fix_fieldsEP3THDPP4Item+0xed)[0x7fa1f6d60aed] mysqld(_Z12setup_fieldsP3THDPP4ItemR4ListIS1_E17enum_mark_columnsPS5_b+0x184)[0x7fa1f6b07594] mysqld(+0x3f7f7a)[0x7fa1f6b65f7a] mysqld(_ZN18Prepared_statement7prepareEPKcj+0x6dd)[0x7fa1f6b6771d] mysqld(_Z22mysql_sql_stmt_prepareP3THD+0x39f)[0x7fa1f6b67caf] mysqld(_Z21mysql_execute_commandP3THD+0x90e)[0x7fa1f6b4edfe] mysqld(_Z11mysql_parseP3THDPcjP12Parser_state+0x1e2)[0x7fa1f6b551d2] mysqld(_Z16dispatch_command19enum_server_commandP3THDPcj+0x1787)[0x7fa1f6b56f87] mysqld(_Z24do_handle_one_connectionP3THD+0x28b)[0x7fa1f6c2da5b] mysqld(handle_one_connection+0x40)[0x7fa1f6c2dac0] /lib/x86_64-linux-gnu/libpthread.so.0(+0x80a4)[0x7fa1f63360a4] /lib/x86_64-linux-gnu/libc.so.6(clone+0x6d)[0x7fa1f493e04d] Trying to get some variables. Some pointers may be invalid and cause the dump to abort. Query (0x7fa1be042408): is an invalid pointer Connection ID (thread ID): 2 Status: NOT_KILLED

Environment

MariaDB 10.0.21 Docker Container running on Ubuntu 15.04.

Status

Assignee

Oleksandr Byelkin

Reporter

Tim Düsterhus

Labels

None

External issue ID

None

External issue ID

None

Sprint

None

Fix versions

Affects versions

10.0
10.1
5.5

Priority

Major