Bug #97810 MySQL crash when compare with utf8mb4
Submitted: 27 Nov 2019 10:10 Modified: 7 Jan 2020 14:42
Reporter: chen zongzhi (OCA) Email Updates:
Status: Can't repeat Impact on me:
None 
Category:MySQL Server Severity:S3 (Non-critical)
Version:8.0.* OS:Any
Assigned to: CPU Architecture:Any

[27 Nov 2019 10:10] chen zongzhi
Description:
The version is MySQL 8.0.13

and this is the stack

#0  0x00007fe0822009b1 in pthread_kill () from /lib64/libpthread.so.0
#1  0x0000000000eca56c in handle_fatal_signal (sig=11) at /home/admin/28_20191105002214413_110335355_code/rpm_workspace/sql/signal_handler.cc:295
#2  <signal handler called>
#3  my_mb_wc_utf8_prototype<true, true> (e=0x7fda9ec0b8e0 <Address 0x7fda9ec0b8e0 out of bounds>, s=0x7fda9ec0b8ae <Address 0x7fda9ec0b8ae out of bounds>,
    pwc=<synthetic pointer>) at /home/admin/28_20191105002214413_110335355_code/rpm_workspace/strings/mb_wc.h:115
#4  my_mb_wc_utf8mb4 (e=0x7fda9ec0b8e0 <Address 0x7fda9ec0b8e0 out of bounds>, s=0x7fda9ec0b8ae <Address 0x7fda9ec0b8ae out of bounds>, pwc=<synthetic pointer>)
    at /home/admin/28_20191105002214413_110335355_code/rpm_workspace/strings/mb_wc.h:211
#5  operator() (e=0x7fda9ec0b8e0 <Address 0x7fda9ec0b8e0 out of bounds>, s=0x7fda9ec0b8ae <Address 0x7fda9ec0b8ae out of bounds>, pwc=<synthetic pointer>,
    this=0x7fdb6ec4ec98) at /home/admin/28_20191105002214413_110335355_code/rpm_workspace/strings/mb_wc.h:85
#6  next_raw (this=0x7fdb6ec4ec30) at /home/admin/28_20191105002214413_110335355_code/rpm_workspace/strings/ctype-uca.cc:139
#7  next (this=0x7fdb6ec4ec30) at /home/admin/28_20191105002214413_110335355_code/rpm_workspace/strings/ctype-uca.cc:1644
#8  my_strnncoll_uca<uca_scanner_900<Mb_wc_utf8mb4, 1>, 1, Mb_wc_utf8mb4> (cs=<optimized out>, s=<optimized out>, slen=<optimized out>, t=<optimized out>,
    tlen=<optimized out>, t_is_prefix=<optimized out>, mb_wc=...) at /home/admin/28_20191105002214413_110335355_code/rpm_workspace/strings/ctype-uca.cc:1714
#9  0x0000000001021b9a in compare (this=<optimized out>) at /home/admin/28_20191105002214413_110335355_code/rpm_workspace/sql/item_cmpfunc.h:133
#10 Item_func_eq::val_int (this=<optimized out>) at /home/admin/28_20191105002214413_110335355_code/rpm_workspace/sql/item_cmpfunc.cc:2261
#11 0x0000000000ffb6f5 in Item::save_in_field_inner (this=0x7fdb25c1d608, field=0x7fdc92f55ab0, no_conversions=<optimized out>)
    at /home/admin/28_20191105002214413_110335355_code/rpm_workspace/sql/item.cc:6367
#12 0x00000000010189a5 in Item::save_in_field (this=0x7fdb25c1d608, field=0x7fdc92f55ab0, no_conversions=<optimized out>)
    at /home/admin/28_20191105002214413_110335355_code/rpm_workspace/sql/item.cc:6252
#13 0x0000000000d4aa3e in copy_funcs (param=param@entry=0x7fdac0d07c50, thd=0x7fdb2589c000, type=type@entry=CFT_ALL)
    at /home/admin/28_20191105002214413_110335355_code/rpm_workspace/sql/sql_executor.cc:678
#14 0x0000000000d4e2f0 in end_update (join=0x7fdb25c1ec18, qep_tab=0x7fdac0d07618, end_of_records=<optimized out>)
    at /home/admin/28_20191105002214413_110335355_code/rpm_workspace/sql/sql_executor.cc:5516
#15 0x0000000000d4c518 in evaluate_join_record (join=join@entry=0x7fdb25c1ec18, qep_tab=qep_tab@entry=0x7fdac0d07370)
    at /home/admin/28_20191105002214413_110335355_code/rpm_workspace/sql/sql_executor.cc:1878
#16 0x0000000000d55064 in sub_select (join=0x7fdb25c1ec18, qep_tab=0x7fdac0d07370, end_of_records=<optimized out>)
    at /home/admin/28_20191105002214413_110335355_code/rpm_workspace/sql/sql_executor.cc:1572
#17 0x0000000000d51dcd in do_select (join=0x7fdb25c1ec18) at /home/admin/28_20191105002214413_110335355_code/rpm_workspace/sql/sql_executor.cc:1186
#18 JOIN::exec (this=this@entry=0x7fdb25c1ec18) at /home/admin/28_20191105002214413_110335355_code/rpm_workspace/sql/sql_executor.cc:283
#19 0x00000000010cf25f in subselect_single_select_engine::exec (this=<optimized out>)
    at /home/admin/28_20191105002214413_110335355_code/rpm_workspace/sql/item_subselect.cc:3046
#20 0x00000000010cfa57 in Item_subselect::exec (this=0x7fdb2623ce78) at /home/admin/28_20191105002214413_110335355_code/rpm_workspace/sql/item_subselect.cc:805
#21 0x00000000010ce965 in Item_in_subselect::val_bool (this=0x7fdb2623ce78) at /home/admin/28_20191105002214413_110335355_code/rpm_workspace/sql/item_subselect.cc:1747
#22 0x000000000101b25d in Item_in_optimizer::val_int (this=0x7fdb25c1d168) at /home/admin/28_20191105002214413_110335355_code/rpm_workspace/sql/item_cmpfunc.cc:2172
#23 0x0000000000d4c31b in evaluate_join_record (join=join@entry=0x7fdb25c1db78, qep_tab=qep_tab@entry=0x7fdb25c1e6c8)
    at /home/admin/28_20191105002214413_110335355_code/rpm_workspace/sql/sql_executor.cc:1741
#24 0x0000000000d55064 in sub_select (join=0x7fdb25c1db78, qep_tab=0x7fdb25c1e6c8, end_of_records=<optimized out>)
    at /home/admin/28_20191105002214413_110335355_code/rpm_workspace/sql/sql_executor.cc:1572
#25 0x0000000000d51dcd in do_select (join=0x7fdb25c1db78) at /home/admin/28_20191105002214413_110335355_code/rpm_workspace/sql/sql_executor.cc:1186
#26 JOIN::exec (this=0x7fdb25c1db78) at /home/admin/28_20191105002214413_110335355_code/rpm_workspace/sql/sql_executor.cc:283
#27 0x0000000000de4333 in Sql_cmd_dml::execute_inner (this=<optimized out>, thd=0x7fdb2589c000)
    at /home/admin/28_20191105002214413_110335355_code/rpm_workspace/sql/sql_select.cc:710
#28 0x0000000000def384 in Sql_cmd_dml::execute (this=0x7fdb25c1a220, thd=0x7fdb2589c000)
    at /home/admin/28_20191105002214413_110335355_code/rpm_workspace/sql/sql_select.cc:598
#29 0x0000000000d88f8e in mysql_execute_command (thd=thd@entry=0x7fdb2589c000, first_level=first_level@entry=true)
    at /home/admin/28_20191105002214413_110335355_code/rpm_workspace/sql/sql_parse.cc:4644
#30 0x0000000000d8e930 in mysql_parse (thd=thd@entry=0x7fdb2589c000, parser_state=parser_state@entry=0x7fdb6ec50bb0,
    force_primary_storage_engine=force_primary_storage_engine@entry=false) at /home/admin/28_20191105002214413_110335355_code/rpm_workspace/sql/sql_parse.cc:5396
#31 0x0000000000d91f90 in dispatch_command (thd=thd@entry=0x7fdb2589c000, com_data=com_data@entry=0x7fdb6ec51360, command=COM_QUERY)
    at /home/admin/28_20191105002214413_110335355_code/rpm_workspace/sql/sql_parse.cc:1794
#32 0x0000000000d92a70 in do_command (thd=thd@entry=0x7fdb2589c000) at /home/admin/28_20191105002214413_110335355_code/rpm_workspace/sql/sql_parse.cc:1288
#33 0x0000000000eba1a8 in handle_connection (arg=arg@entry=0x7fe070eae8c0)
    at /home/admin/28_20191105002214413_110335355_code/rpm_workspace/sql/conn_handler/connection_handler_per_thread.cc:316
#34 0x00000000022f41e0 in pfs_spawn_thread (arg=0x7fe06dd70920) at /home/admin/28_20191105002214413_110335355_code/rpm_workspace/storage/perfschema/pfs.cc:2879
#35 0x00007fe0821fbe25 in start_thread () from /lib64/libpthread.so.0
#36 0x00007fe08067234d in clone () from /lib64/libc.so.6

mysql>  show variables like '%char%';
+--------------------------+----------------------------------------+
| Variable_name            | Value                                  |
+--------------------------+----------------------------------------+
| character_set_client     | latin1                                 |
| character_set_connection | latin1                                 |
| character_set_database   | utf8                                   |
| character_set_filesystem | binary                                 |
| character_set_results    | latin1                                 |
| character_set_server     | utf8                                   |
| character_set_system     | utf8                                   |
| character_sets_dir       | /u01/polardb80_current/share/charsets/ |
+--------------------------+----------------------------------------+

How to repeat:
can't repeat
[28 Nov 2019 13:09] MySQL Verification Team
Hello Mr. zongzhi,

Thank you for your bug report.

First of all, there were so many crashing bugs fixed between 8.0.13 and 8.0.18, that we can't afford to hunt for the old bugs.

Hence, let us know how does this work with 8.0.18.

Next, if you manage to reproduce this behaviour with 8.0.18, we would need a repeatable test case. You can come by it if you analyse the core dump in debugger, where you can see the query itself.

Many thanks in advance.
[29 Dec 2019 1:00] Bugs System
No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".