Description:
MySQL server could crash with crafted SELECT statement.
/usr/sbin/mysqld Ver 8.0.33-0ubuntu0.22.04.2 for Linux on x86_64 ((Ubuntu))
mysql Ver 8.0.33-0ubuntu0.22.04.2 for Linux on x86_64 ((Ubuntu))
As you may think they're the same bug. I'm posting every stacktrace of the bug. THE STACK TRACES ARE DIFFERENT.
Thank you
2023-06-02T19:38:28Z UTC - mysqld got signal 11 ;
Most likely, you have hit a bug, but this error can also be caused by malfunctioning hardware.
BuildID[sha1]=03172b8eeae9ab733eff94a4fc191f6acced9b6d
Thread pointer: 0x7f2564000fd0
Attempting backtrace. You can use the following information to find out
where mysqld died. If you see no messages after this, something went
terribly wrong...
stack_bottom = 7f25a4510c80 thread_stack 0x100000
/usr/sbin/mysqld(my_print_stacktrace(unsigned char const*, unsigned long)+0x41) [0x56311a50e961]
/usr/sbin/mysqld(print_fatal_signal(int)+0x3bc) [0x563119b30b9c]
/usr/sbin/mysqld(handle_fatal_signal+0x95) [0x563119b30c45]
/lib/x86_64-linux-gnu/libc.so.6(+0x42520) [0x7f25cfda8520]
/usr/sbin/mysqld(Query_expression::optimize(THD*, TABLE*, bool, bool)+0x1ac) [0x563119aa968c]
/usr/sbin/mysqld(Item_subselect::exec(THD*)+0x1a7) [0x563119d15f87]
/usr/sbin/mysqld(Item_singlerow_subselect::val_decimal(my_decimal*)+0x56) [0x563119cf8526]
/usr/sbin/mysqld(Item::evaluate(THD*, String*)+0x152) [0x563119c5c8d2]
/usr/sbin/mysqld(Item::update_null_value()+0x80) [0x563119c5c970]
/usr/sbin/mysqld(+0xa3ebb5) [0x563119977bb5]
/usr/sbin/mysqld(Item_func_isnotnull::val_int()+0x1b) [0x563119c58a0b]
/usr/sbin/mysqld(Item::val_bool()+0xcd) [0x563119c453bd]
/usr/sbin/mysqld(remove_eq_conds(THD*, Item*, Item**, Item::cond_result*)+0x168) [0x5631199dc598]
/usr/sbin/mysqld(remove_eq_conds(THD*, Item*, Item**, Item::cond_result*)+0xd6) [0x5631199dc506]
/usr/sbin/mysqld(optimize_cond(THD*, Item**, COND_EQUAL**, mem_root_deque<Table_ref*>*, Item::cond_result*)+0x292) [0x5631199ea312]
/usr/sbin/mysqld(JOIN::optimize(bool)+0x700) [0x5631199ced30]
/usr/sbin/mysqld(Query_block::optimize(THD*, bool)+0xc4) [0x563119a48744]
/usr/sbin/mysqld(Query_expression::optimize(THD*, TABLE*, bool, bool)+0xb9) [0x563119aa9599]
/usr/sbin/mysqld(Sql_cmd_dml::execute_inner(THD*)+0x34) [0x563119a3c084]
/usr/sbin/mysqld(Sql_cmd_dml::execute(THD*)+0x1c2) [0x563119a3b512]
/usr/sbin/mysqld(mysql_execute_command(THD*, bool)+0x9e8) [0x5631199f0a28]
/usr/sbin/mysqld(dispatch_sql_command(THD*, Parser_state*)+0x57c) [0x5631199f435c]
/usr/sbin/mysqld(dispatch_command(THD*, COM_DATA const*, enum_server_command)+0x1a5d) [0x5631199f655d]
/usr/sbin/mysqld(do_command(THD*)+0x24d) [0x5631199f70bd]
/usr/sbin/mysqld(+0xbf02a8) [0x563119b292a8]
/usr/sbin/mysqld(+0x19c2c5e) [0x56311a8fbc5e]
/lib/x86_64-linux-gnu/libc.so.6(+0x94b43) [0x7f25cfdfab43]
/lib/x86_64-linux-gnu/libc.so.6(clone+0x44) [0x7f25cfe8bbb4]
Trying to get some variables.
Some pointers may be invalid and cause the dump to abort.
Query (7f2564d98060): select subq_1.c4 as c0, subq_1.c8 as c1, subq_1.c7 as c2, subq_1.c0 as c3, subq_1.c7 as c4, subq_1.c8 as c5 from (select (select v1 from test.table18) as c0, ref_3.v1 as c1, ref_2.v1 as c2, ref_2.v1 as c3, subq_0.c0 as c4, ref_2.v0 as c5, ref_2.v0 as c6, ref_2.v1 as c7, subq_0.c0 as c8 from (select ref_0.v1 as c0 from test.table18 as ref_0 where (((true) or ((EXISTS ( select ref_0.v0 as c0, 98 as c1, 94 as c2, ref_1.v1 as c3, (select v1 from test.table18) as c4, ref_0.v0 as c5, ref_0.v1 as c6, ref_1.v1 as c7,
Connection ID (thread ID): 8
Status: NOT_KILLED
How to repeat:
1. Start MySQL Server Ver 8.0.33-0ubuntu0.22.04.2 for Linux on x86_64 ((Ubuntu))
2. Start MySQL Client Ver 8.0.33-0ubuntu0.22.04.2 for Linux on x86_64 ((Ubuntu))
3. Pipe init.sql into client
4. Pipe case 130.sql into client
5. Server crashed with stacktrace
(see the attached video)