Bug #78250 | handle_fatal_signal (sig=11) in my_strtod_int | ||
---|---|---|---|
Submitted: | 28 Aug 2015 6:14 | Modified: | 2 Oct 2015 15:52 |
Reporter: | Roel Van de Paar | Email Updates: | |
Status: | Closed | Impact on me: | |
Category: | MySQL Server: Optimizer | Severity: | S1 (Critical) |
Version: | 5.7.8 (RC2), 5.7.9, 8.0.0 | OS: | Any |
Assigned to: | CPU Architecture: | Any | |
Tags: | opt |
[28 Aug 2015 6:14]
Roel Van de Paar
[28 Aug 2015 7:23]
MySQL Verification Team
Hello Roel, Thank you for the report and test case. Observed that 5.7.9 and 5.8.0 daily builds are affected. Thanks, Umesh
[28 Aug 2015 7:23]
MySQL Verification Team
// 5.7.9 bin/mysql_install_db --insecure --basedir=/export/umesh/server/binaries/mysql-advanced-5.7.9 --datadir=/export/umesh/server/binaries/mysql-advanced-5.7.9/78250 -v bin/mysqld --no-defaults --sql_mode=ONLY_FULL_GROUP_BY --basedir=/export/umesh/server/binaries/mysql-advanced-5.7.9 --datadir=/export/umesh/server/binaries/mysql-advanced-5.7.9/78250 --core-file --socket=/tmp/mysql_ushastry.sock --port=15000 --log-error=/export/umesh/server/binaries/mysql-advanced-5.7.9/78250/log.err 2>&1 & [umshastr@hod03]/export/umesh/server/binaries/mysql-advanced-5.7.9: cat docs/INFO_SRC commit: e4928d41773503a7b93ab0886a1f5efa88a4e4e4 date: 2015-08-26 21:01:11 +0530 build-date: 2015-08-26 18:05:18 +0200 short: e4928d4 branch: mysql-5.7 MySQL source 5.7.9 (gdb) bt #0 0x00007f953f1c1771 in pthread_kill () from /lib64/libpthread.so.0 #1 0x000000000079f125 in handle_fatal_signal (sig=11) at /export/home2/pb2/build/sb_0-16271286-1440606484.35/mysqlcom-pro-5.7.9/sql/signal_handler.cc:220 #2 <signal handler called> #3 my_strtod_int (buf_size=3680, buf=0x7f9511d35650 "", error=0x7f9511d364f0, se=0x7f9511d36500, s00=0x7f94d0020bd00000 <Address 0x7f94d0020bd00000 out of bounds>) at /export/home2/pb2/build/sb_0-16271286-1440606484.35/mysqlcom-pro-5.7.9/strings/dtoa.c:1378 #4 my_strtod (str=0x7f94d0020bd00000 <Address 0x7f94d0020bd00000 out of bounds>, end=0x7f9511d36500, error=0x7f9511d364f0) at /export/home2/pb2/build/sb_0-16271286-1440606484.35/mysqlcom-pro-5.7.9/strings/dtoa.c:472 #5 0x00000000007c8739 in Field_blob::val_real (this=0x7f94d0020858) at /export/home2/pb2/build/sb_0-16271286-1440606484.35/mysqlcom-pro-5.7.9/sql/field.cc:8205 #6 0x00000000007f53ff in Item_direct_ref::val_real (this=0x7f94d09803e8) at /export/home2/pb2/build/sb_0-16271286-1440606484.35/mysqlcom-pro-5.7.9/sql/item.cc:8552 #7 0x0000000000853468 in Item_func_plus::real_op (this=0x7f94d00060f0) at /export/home2/pb2/build/sb_0-16271286-1440606484.35/mysqlcom-pro-5.7.9/sql/item_func.cc:1710 #8 0x000000000084c779 in Item_func_numhybrid::val_real (this=0x7f94d00060f0) at /export/home2/pb2/build/sb_0-16271286-1440606484.35/mysqlcom-pro-5.7.9/sql/item_func.cc:1339 #9 0x0000000000b7b6d8 in Item_sum_sum::add (this=0x7f94d0006268) at /export/home2/pb2/build/sb_0-16271286-1440606484.35/mysqlcom-pro-5.7.9/sql/item_sum.cc:1513 #10 0x0000000000c2ca0f in aggregator_add (this=<optimized out>) at /export/home2/pb2/build/sb_0-16271286-1440606484.35/mysqlcom-pro-5.7.9/sql/item_sum.h:509 #11 reset_and_add (this=0x7f94d0006268) at /export/home2/pb2/build/sb_0-16271286-1440606484.35/mysqlcom-pro-5.7.9/sql/item_sum.h:414 #12 init_sum_functions (end_ptr=0x7f94d0022fe0, func_ptr=0x7f94d0022fd8) at /export/home2/pb2/build/sb_0-16271286-1440606484.35/mysqlcom-pro-5.7.9/sql/sql_executor.cc:514 #13 end_send_group (join=0x7f94d09806c8, qep_tab=<optimized out>, end_of_records=<optimized out>) at /export/home2/pb2/build/sb_0-16271286-1440606484.35/mysqlcom-pro-5.7.9/sql/sql_executor.cc:3069 #14 0x0000000000c28b7c in evaluate_join_record (join=join@entry=0x7f94d09806c8, qep_tab=qep_tab@entry=0x7f94d0982830) at /export/home2/pb2/build/sb_0-16271286-1440606484.35/mysqlcom-pro-5.7.9/sql/sql_executor.cc:1629 #15 0x0000000000c2dcb9 in sub_select (join=0x7f94d09806c8, qep_tab=0x7f94d0982830, end_of_records=<optimized out>) at /export/home2/pb2/build/sb_0-16271286-1440606484.35/mysqlcom-pro-5.7.9/sql/sql_executor.cc:1284 #16 0x0000000000c26ca7 in do_select (join=0x7f94d09806c8) at /export/home2/pb2/build/sb_0-16271286-1440606484.35/mysqlcom-pro-5.7.9/sql/sql_executor.cc:937 #17 JOIN::exec (this=0x7f94d09806c8) at /export/home2/pb2/build/sb_0-16271286-1440606484.35/mysqlcom-pro-5.7.9/sql/sql_executor.cc:199 #18 0x0000000000c9158d in handle_query (thd=thd@entry=0x7f94d0000b50, lex=lex@entry=0x7f94d0002c00, result=result@entry=0x7f94d0022ea8, added_options=added_options@entry=0, removed_options=removed_options@entry=0) at /export/home2/pb2/build/sb_0-16271286-1440606484.35/mysqlcom-pro-5.7.9/sql/sql_select.cc:184 #19 0x00000000007621d6 in execute_sqlcom_select (thd=thd@entry=0x7f94d0000b50, all_tables=<optimized out>) at /export/home2/pb2/build/sb_0-16271286-1440606484.35/mysqlcom-pro-5.7.9/sql/sql_parse.cc:4941 #20 0x0000000000c56c16 in mysql_execute_command (thd=thd@entry=0x7f94d0000b50, first_level=first_level@entry=true) at /export/home2/pb2/build/sb_0-16271286-1440606484.35/mysqlcom-pro-5.7.9/sql/sql_parse.cc:2597 #21 0x0000000000c5a515 in mysql_parse (thd=thd@entry=0x7f94d0000b50, parser_state=parser_state@entry=0x7f9511d377b0) at /export/home2/pb2/build/sb_0-16271286-1440606484.35/mysqlcom-pro-5.7.9/sql/sql_parse.cc:5350 #22 0x0000000000c5aeba in dispatch_command (thd=thd@entry=0x7f94d0000b50, com_data=com_data@entry=0x7f9511d37e00, command=COM_QUERY) at /export/home2/pb2/build/sb_0-16271286-1440606484.35/mysqlcom-pro-5.7.9/sql/sql_parse.cc:1284 #23 0x0000000000c5c72f in do_command (thd=thd@entry=0x7f94d0000b50) at /export/home2/pb2/build/sb_0-16271286-1440606484.35/mysqlcom-pro-5.7.9/sql/sql_parse.cc:852 #24 0x0000000000d126a0 in handle_connection (arg=arg@entry=0x3b49240) at /export/home2/pb2/build/sb_0-16271286-1440606484.35/mysqlcom-pro-5.7.9/sql/conn_handler/connection_handler_per_thread.cc:300 #25 0x0000000001172850 in pfs_spawn_thread (arg=0x3c386b0) at /export/home2/pb2/build/sb_0-16271286-1440606484.35/mysqlcom-pro-5.7.9/storage/perfschema/pfs.cc:2191 #26 0x00007f953f1bcdf3 in start_thread () from /lib64/libpthread.so.0 #27 0x00007f953dc7d47d in clone () from /lib64/libc.so.6
[28 Aug 2015 7:24]
MySQL Verification Team
// 5.8.0 bin/mysql_install_db --insecure --basedir=/export/umesh/server/binaries/mysql-advanced-5.8.0 --datadir=/export/umesh/server/binaries/mysql-advanced-5.8.0/78250 -v bin/mysqld --no-defaults --sql_mode=ONLY_FULL_GROUP_BY --basedir=/export/umesh/server/binaries/mysql-advanced-5.8.0 --datadir=/export/umesh/server/binaries/mysql-advanced-5.8.0/78250 --core-file --socket=/tmp/mysql_ushastry.sock --port=15000 --log-error=/export/umesh/server/binaries/mysql-advanced-5.8.0/78250/log.err 2>&1 & [umshastr@hod03]/export/umesh/server/binaries/mysql-advanced-5.8.0: cat docs/INFO_SRC commit: 60f15f33d5b04532c4e6d28e8133388fc512a0ff date: 2015-08-26 16:49:48 +0200 build-date: 2015-08-26 17:01:08 +0200 short: 60f15f3 branch: mysql-trunk MySQL source 5.8.0 (gdb) bt #0 0x00007f050ecab771 in pthread_kill () from /lib64/libpthread.so.0 #1 0x00000000008ac6d5 in handle_fatal_signal (sig=11) at /export/home2/pb2/build/sb_0-16270418-1440602177.1/mysqlcom-pro-5.8.0-m17/sql/signal_handler.cc:221 #2 <signal handler called> #3 my_strtod_int (buf_size=3680, buf=0x7f04e182e650 " \350\202\341\004\177", error=0x7f04e182f4f0, se=0x7f04e182f500, s00=0x7f049497f1000000 <Address 0x7f049497f1000000 out of bounds>) at /export/home2/pb2/build/sb_0-16270418-1440602177.1/mysqlcom-pro-5.8.0-m17/strings/dtoa.c:1376 #4 my_strtod (str=0x7f049497f1000000 <Address 0x7f049497f1000000 out of bounds>, end=0x7f04e182f500, error=0x7f04e182f4f0) at /export/home2/pb2/build/sb_0-16270418-1440602177.1/mysqlcom-pro-5.8.0-m17/strings/dtoa.c:472 #5 0x00000000009135d9 in Field_blob::val_real (this=0x7f04940264e8) at /export/home2/pb2/build/sb_0-16270418-1440602177.1/mysqlcom-pro-5.8.0-m17/sql/field.cc:8216 #6 0x000000000094380f in Item_direct_ref::val_real (this=0x7f0494980038) at /export/home2/pb2/build/sb_0-16270418-1440602177.1/mysqlcom-pro-5.8.0-m17/sql/item.cc:8560 #7 0x000000000099fb18 in Item_func_plus::real_op (this=0x7f0494006100) at /export/home2/pb2/build/sb_0-16270418-1440602177.1/mysqlcom-pro-5.8.0-m17/sql/item_func.cc:1716 #8 0x00000000009990b9 in Item_func_numhybrid::val_real (this=0x7f0494006100) at /export/home2/pb2/build/sb_0-16270418-1440602177.1/mysqlcom-pro-5.8.0-m17/sql/item_func.cc:1344 #9 0x0000000000cc9098 in Item_sum_sum::add (this=0x7f0494006278) at /export/home2/pb2/build/sb_0-16270418-1440602177.1/mysqlcom-pro-5.8.0-m17/sql/item_sum.cc:1519 #10 0x00000000007de4df in aggregator_add (this=<optimized out>) at /export/home2/pb2/build/sb_0-16270418-1440602177.1/mysqlcom-pro-5.8.0-m17/sql/item_sum.h:510 #11 reset_and_add (this=0x7f0494006278) at /export/home2/pb2/build/sb_0-16270418-1440602177.1/mysqlcom-pro-5.8.0-m17/sql/item_sum.h:415 #12 init_sum_functions (end_ptr=0x7f04940230f0, func_ptr=0x7f04940230e8) at /export/home2/pb2/build/sb_0-16270418-1440602177.1/mysqlcom-pro-5.8.0-m17/sql/sql_executor.cc:529 #13 end_send_group (join=0x7f0494980318, qep_tab=<optimized out>, end_of_records=<optimized out>) at /export/home2/pb2/build/sb_0-16270418-1440602177.1/mysqlcom-pro-5.8.0-m17/sql/sql_executor.cc:3077 #14 0x00000000007daf71 in evaluate_join_record (join=join@entry=0x7f0494980318, qep_tab=qep_tab@entry=0x7f0494981f10) at /export/home2/pb2/build/sb_0-16270418-1440602177.1/mysqlcom-pro-5.8.0-m17/sql/sql_executor.cc:1637 #15 0x00000000007df687 in sub_select (join=0x7f0494980318, qep_tab=0x7f0494981f10, end_of_records=<optimized out>) at /export/home2/pb2/build/sb_0-16270418-1440602177.1/mysqlcom-pro-5.8.0-m17/sql/sql_executor.cc:1292 #16 0x00000000007d9207 in do_select (join=0x7f0494980318) at /export/home2/pb2/build/sb_0-16270418-1440602177.1/mysqlcom-pro-5.8.0-m17/sql/sql_executor.cc:952 #17 JOIN::exec (this=0x7f0494980318) at /export/home2/pb2/build/sb_0-16270418-1440602177.1/mysqlcom-pro-5.8.0-m17/sql/sql_executor.cc:214 #18 0x00000000008227ed in handle_query (thd=thd@entry=0x7f0494000b50, lex=lex@entry=0x7f0494002c18, result=0x7f0494022fb8, added_options=added_options@entry=0, removed_options=removed_options@entry=0) at /export/home2/pb2/build/sb_0-16270418-1440602177.1/mysqlcom-pro-5.8.0-m17/sql/sql_select.cc:190 #19 0x000000000074f92b in execute_sqlcom_select (thd=thd@entry=0x7f0494000b50, all_tables=<optimized out>) at /export/home2/pb2/build/sb_0-16270418-1440602177.1/mysqlcom-pro-5.8.0-m17/sql/sql_parse.cc:4867 #20 0x00000000007f1cd6 in mysql_execute_command (thd=thd@entry=0x7f0494000b50, first_level=first_level@entry=true) at /export/home2/pb2/build/sb_0-16270418-1440602177.1/mysqlcom-pro-5.8.0-m17/sql/sql_parse.cc:2560 #21 0x00000000007f5a65 in mysql_parse (thd=thd@entry=0x7f0494000b50, parser_state=parser_state@entry=0x7f04e18307b0) at /export/home2/pb2/build/sb_0-16270418-1440602177.1/mysqlcom-pro-5.8.0-m17/sql/sql_parse.cc:5274 #22 0x00000000007f63aa in dispatch_command (thd=thd@entry=0x7f0494000b50, com_data=com_data@entry=0x7f04e1830e00, command=COM_QUERY) at /export/home2/pb2/build/sb_0-16270418-1440602177.1/mysqlcom-pro-5.8.0-m17/sql/sql_parse.cc:1247 #23 0x00000000007f7b9f in do_command (thd=thd@entry=0x7f0494000b50) at /export/home2/pb2/build/sb_0-16270418-1440602177.1/mysqlcom-pro-5.8.0-m17/sql/sql_parse.cc:815 #24 0x00000000008a24d8 in handle_connection (arg=arg@entry=0x4428410) at /export/home2/pb2/build/sb_0-16270418-1440602177.1/mysqlcom-pro-5.8.0-m17/sql/conn_handler/connection_handler_per_thread.cc:301 #25 0x000000000119dcb0 in pfs_spawn_thread (arg=0x4507160) at /export/home2/pb2/build/sb_0-16270418-1440602177.1/mysqlcom-pro-5.8.0-m17/storage/perfschema/pfs.cc:2210 #26 0x00007f050eca6df3 in start_thread () from /lib64/libpthread.so.0 #27 0x00007f050d76747d in clone () from /lib64/libc.so.6 (gdb)
[28 Aug 2015 7:26]
MySQL Verification Team
// Observed that 5.6.26/27 release builds are not affected
[28 Aug 2015 10:29]
MySQL Verification Team
Just to confirm I've verified on release builds of 5.7.9, 5.8.0
[31 Aug 2015 8:52]
Guilhem Bichot
Posted by developer: has nothing to do with only_full_group_by (check the testcase: it sets sql_mode to no_table_options).
[4 Sep 2015 3:06]
Roel Van de Paar
Updating title
[2 Oct 2015 15:52]
Paul DuBois
Noted in 5.7.9, 5.8.0 changelogs. Subqueries that used a derived table and contained a set function referring to a column from that derived table might be aggregated in the wrong query block.
[18 Jun 2016 21:27]
Omer Barnir
Posted by developer: Reported version value updated to reflect release name change from 5.8 to 8.0