Bug #111474 hypergraph_optimizer SEGV
Submitted: 18 Jun 2023 12:52 Modified: 28 Sep 2023 20:18
Reporter: Pedro Ferreira Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Optimizer Severity:S6 (Debug Builds)
Version:8.0.33 OS:Ubuntu (22.04)
Assigned to: CPU Architecture:x86 (x86_64)
Tags: hypergraph_optimizer

[18 Jun 2023 12:52] Pedro Ferreira 
Description:
With this configuration file:

[mysqld]
server_id=1
skip-log-bin
innodb_buffer_pool_size=4G
performance_schema=off
explicit_defaults_for_timestamp=OFF
character_set_server=utf8mb4
sql_mode='ONLY_FULL_GROUP_BY,STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION'
completion_type=NO_CHAIN
event_scheduler=ON
explicit_defaults_for_timestamp=OFF
transaction_isolation=REPEATABLE-READ
autocommit=ON
innodb_strict_mode=OFF
secure_file_priv=
innodb_adaptive_hash_index=OFF
max_prepared_stmt_count=1048576
slow_query_log = ON
long_query_time = 5

Create the server directory and start it, then run these queries:

CREATE TABLE t0 (c0 INT);
INSERT INTO t0 (c0) (VALUES ROW(2));
SET @@SESSION.OPTIMIZER_SWITCH = 'hypergraph_optimizer=on';
INSERT INTO t0 (c0) ((VALUES ROW(1),ROW(row_count())) EXCEPT (VALUES ROW(row_count()),ROW(3)));

The SELECT query will trigger a SEGV sql/item.cc:10508:
res = m_value_ref->save_in_field(to, no_conversions);

The compilation parameters are the same as issue 108148:

-DWITH_DEBUG=1 -DWITH_ASAN=ON -DWITH_UBSAN=ON and boost library version 1.77

How to repeat:
Run the queries above.
[18 Jun 2023 13:53] MySQL Verification Team 
Hello Pedro Ferreira,

Thank you for the report and test case.
Observed that 8.0.33 debug build is affected.

regards,
Umesh
[18 Jun 2023 13:55] MySQL Verification Team 
- 8.0.33 debug build (The hypergraph optimizer does not yet support 'use in non-debug builds')

rm -rf 111474/
bin/mysqld --defaults-file=bug111474.cnf --initialize-insecure --basedir=$PWD --datadir=$PWD/111474 --log-error-verbosity=3
bin/mysqld_safe --defaults-file=bug111474.cnf --mysqld-version=debug --basedir=$PWD --datadir=$PWD/111474 --core-file --socket=/tmp/mysql.sock  --port=3306 --log-error=$PWD/111474/log.err --mysqlx-port=33330 --mysqlx-socket=/tmp/mysql_x_ushastry.sock --log-error-verbosity=3  --secure-file-priv="" --local-infile=1  2>&1 &

Your MySQL connection id is 8
Server version: 8.0.33-debug MySQL Community Server - GPL - Debug

Copyright (c) 2000, 2023, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> create database test;
Query OK, 1 row affected (0.00 sec)

mysql> use test
Database changed
mysql> CREATE TABLE t0 (c0 INT);
Query OK, 0 rows affected (0.13 sec)

mysql> INSERT INTO t0 (c0) (VALUES ROW(2));
Query OK, 1 row affected (0.00 sec)

mysql> SET @@SESSION.OPTIMIZER_SWITCH = 'hypergraph_optimizer=on';
Query OK, 0 rows affected, 1 warning (0.00 sec)

mysql> INSERT INTO t0 (c0) ((VALUES ROW(1),ROW(row_count())) EXCEPT (VALUES ROW(row_count()),ROW(3)));
ERROR 2013 (HY000): Lost connection to MySQL server during query

-bt
#0  0x00007f5d47813aa1 in pthread_kill () from /lib64/libpthread.so.0
#1  0x0000000003f9296e in my_write_core(int) ()
#2  0x00000000032365f5 in handle_fatal_signal ()
#3  <signal handler called>
#4  0x00000000033925a7 in Item::save_in_field(Field*, bool) ()
#5  0x00000000033928d1 in Item_values_column::save_in_field_inner(Field*, bool) ()
#6  0x000000000307f07d in Item::save_in_field_no_error_check(Field*, bool) ()
#7  0x0000000003075644 in copy_funcs(Temp_table_param*, THD const*, Copy_func_type) ()
#8  0x00000000035d1d54 in MaterializeIterator<DummyIteratorProfiler>::MaterializeQueryBlock(materialize_iterator::QueryBlock const&, unsigned long long*) ()
#9  0x00000000035d47e6 in MaterializeIterator<DummyIteratorProfiler>::Init() ()
#10 0x0000000003190957 in Query_expression::ExecuteIteratorQuery(THD*) ()
#11 0x0000000003190b92 in Query_expression::execute(THD*) ()
#12 0x000000000311a12a in Sql_cmd_dml::execute_inner(THD*) ()
#13 0x0000000003123873 in Sql_cmd_dml::execute(THD*) ()
#14 0x00000000030c24af in mysql_execute_command(THD*, bool) ()
#15 0x00000000030c5dc9 in dispatch_sql_command(THD*, Parser_state*) ()
#16 0x00000000030c752b in dispatch_command(THD*, COM_DATA const*, enum_server_command) ()
#17 0x00000000030c926e in do_command(THD*) ()
#18 0x0000000003227bb7 in handle_connection ()
#19 0x0000000004743af9 in pfs_spawn_thread ()
#20 0x00007f5d4780eea5 in start_thread () from /lib64/libpthread.so.0
#21 0x00007f5d45b15b2d in clone () from /lib64/libc.so.6
(gdb)
[28 Sep 2023 20:18] Jon Stephens 
Fixed in MySQL 8.3.0.

Issue is specific to HG, no changelog entry needed.

Closed.