Bug #97815 crash with signal 11 in eliminate_item_equal
Submitted: 27 Nov 2019 15:05 Modified: 27 Nov 2019 15:13
Reporter: andy zhang Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S2 (Serious)
Version:5.6 OS:Any
Assigned to: CPU Architecture:Any

[27 Nov 2019 15:05] andy zhang
Description:
update and delete statement crashes during predicate optimization phase.

Here is the stack:

#0  0x00007fe97851751d in read () from /lib64/libc.so.6
#1  0x00007fe9784adce8 in _IO_new_file_underflow () from /lib64/libc.so.6
#2  0x00007fe9784af7ee in _IO_default_uflow_internal () from /lib64/libc.so.6
#3  0x00007fe9784a3eca in _IO_getline_info_internal () from /lib64/libc.so.6
#4  0x00007fe9784a2d29 in fgets () from /lib64/libc.so.6
#5  0x000000000157a8e3 in rds_pstack () at /disk1/xianyong.zjw/projects/rds56/rds_5616/mysys/stacktrace.c:817
#6  0x0000000000df8428 in handle_fatal_signal (sig=11) at /disk1/xianyong.zjw/projects/rds56/rds_5616/sql/signal_handler.cc:263
#7  <signal handler called>
#8  0x0000000000cce94a in st_join_table::get_sj_strategy (this=0x0) at /disk1/xianyong.zjw/projects/rds56/rds_5616/sql/sql_select.h:854
#9  0x0000000001341022 in eliminate_item_equal (cond=0x0, upper_levels=0x7fe8b8007b08, item_equal=0x7fe8b80089e0) at /disk1/xianyong.zjw/projects/rds56/rds_5616/sql/sql_optimizer.cc:2065
#10 0x00000000013420a3 in substitute_for_best_equal_field (cond=0x7fe8b80089e0, cond_equal=0x7fe8b8007b08, table_join_idx=0x0) at /disk1/xianyong.zjw/projects/rds56/rds_5616/sql/sql_optimizer.cc:2247
#11 0x0000000001341b40 in substitute_for_best_equal_field (cond=0x7fe8b8008240, cond_equal=0x7fe8b8007b08, table_join_idx=0x0) at /disk1/xianyong.zjw/projects/rds56/rds_5616/sql/sql_optimizer.cc:2211
#12 0x0000000001341b40 in substitute_for_best_equal_field (cond=0x7fe8b8007a18, cond_equal=0x7fe8b8007b08, table_join_idx=0x0) at /disk1/xianyong.zjw/projects/rds56/rds_5616/sql/sql_optimizer.cc:2211
#13 0x000000000130b4c7 in mysql_delete (thd=0x595b200, table_list=0x7fe8b8006d88, conds=0x7fe8b8007a18, order_list=0x595e4c8, limit=18446744073709551615, options=0) at /disk1/xianyong.zjw/projects/rds56/rds_5616/sql/sql_delete.cc:209
#14 0x0000000000f7f97f in mysql_execute_command (thd=0x595b200) at /disk1/xianyong.zjw/projects/rds56/rds_5616/sql/sql_parse.cc:4432
#15 0x0000000000f911de in mysql_parse (thd=0x595b200, rawbuf=0x7fe8b8006c00 "delete from table1 where c2=c3 and c1 = 'JUMP' and (c2 = '191127144400192550' OR c3 = '191127144400192550')", length=107, parser_state=0x7fe91c2db1d0, async_commit=0x7fe91c2db91f "") at /disk1/xianyong.zjw/projects/rds56/rds_5616/sql/sql_parse.cc:7456
#16 0x0000000000f71474 in dispatch_command (command=COM_QUERY, thd=0x595b200, packet=0x5960e41 "delete from table1 where c2=c3 and c1 = 'JUMP' and (c2 = '191127144400192550' OR c3 = '191127144400192550')", packet_length=107) at /disk1/xianyong.zjw/projects/rds56/rds_5616/sql/sql_parse.cc:1677
#17 0x0000000000f6e39c in do_command (thd=0x595b200) at /disk1/xianyong.zjw/projects/rds56/rds_5616/sql/sql_parse.cc:1148
#18 0x0000000000ef9a20 in do_handle_one_connection (thd_arg=0x59e5810) at /disk1/xianyong.zjw/projects/rds56/rds_5616/sql/sql_connect.cc:1023
#19 0x0000000000ef90f5 in handle_one_connection (arg=0x59e5810) at /disk1/xianyong.zjw/projects/rds56/rds_5616/sql/sql_connect.cc:939
#20 0x0000000001ff6735 in pfs_spawn_thread (arg=0x594dd30) at /disk1/xianyong.zjw/projects/rds56/rds_5616/storage/perfschema/pfs.cc:1858
#21 0x00007fe9797bbaa1 in start_thread () from /lib64/libpthread.so.0
#22 0x00007fe97852493d in clone () from /lib64/libc.so.6

How to repeat:
create table table1(c1 varchar(16) not null, c2 bigint(18) default null, c3 bigint(18) default null);

delete from table1 where c2=c3 and c1 = 'JUMP' and (c2 = '191127144400192550' OR c3 = '191127144400192550');
[27 Nov 2019 15:13] andy zhang
I need to open another one for some reason.