Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TiDB panics on complex query #52687

Closed
bb7133 opened this issue Apr 17, 2024 · 1 comment · Fixed by #53108
Closed

TiDB panics on complex query #52687

bb7133 opened this issue Apr 17, 2024 · 1 comment · Fixed by #53108
Assignees
@winoros
Labels
affects-5.4 This bug affects the 5.4.x(LTS) versions. affects-6.1 This bug affects the 6.1.x(LTS) versions. affects-6.5 This bug affects the 6.5.x(LTS) versions. affects-7.1 This bug affects the 7.1.x(LTS) versions. affects-7.5 This bug affects the 7.5.x(LTS) versions. affects-8.1 This bug affects the 8.1.x(LTS) versions. severity/critical sig/planner SIG: Planner type/bug The issue is confirmed as a bug.

Comments

@bb7133
Copy link
Member

bb7133 commented Apr 17, 2024
edited
Loading

Bug Report

Please answer these questions before submitting your issue. Thanks!

1. Minimal reproduce step (Required)

CREATE TABLE `t_o9_7_f` (
  `c_ob5k0` int(11) NOT NULL,
  `c_r5axbk` tinyint(4) DEFAULT NULL,
  `c_fulsthp7e` text DEFAULT NULL,
  `c_nylhnz` double DEFAULT NULL,
  `c_fd7zeyfs49` int(11) NOT NULL,
  `c_wpmmiv` tinyint(4) DEFAULT NULL,
  PRIMARY KEY (`c_fd7zeyfs49`) /*T![clustered_index] CLUSTERED */,
  UNIQUE KEY `c_ob5k0` (`c_ob5k0`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_bin;

CREATE TABLE `t_q1` (
  `c__c_r38murv` int(11) NOT NULL,
  `c_i93u7f2yma` double NOT NULL,
  `c_v5mf4` double DEFAULT NULL,
  `c_gprkp` int(11) DEFAULT NULL,
  `c_ru` text NOT NULL,
  `c_nml` tinyint(4) DEFAULT NULL,
  `c_z` text DEFAULT NULL,
  `c_ok` double DEFAULT NULL,
  PRIMARY KEY (`c__c_r38murv`) /*T![clustered_index] CLUSTERED */,
  UNIQUE KEY `c__c_r38murv_2` (`c__c_r38murv`),
  UNIQUE KEY `c_nml` (`c_nml`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_bin;

CREATE TABLE `t_yzyyqbo2u` (
  `c_c4l` int(11) DEFAULT NULL,
  `c_yb_` text DEFAULT NULL,
  `c_pq4c1la6cv` int(11) NOT NULL,
  `c_kbcid` int(11) DEFAULT NULL,
  `c_um` double DEFAULT NULL,
  `c_zjmgh995_6` text DEFAULT NULL,
  `c_fujjmh8m2` double NOT NULL,
  `c_qkf4n` double DEFAULT NULL,
  `c__x9cqrnb0` double NOT NULL,
  `c_b5qjz_jj0` double DEFAULT NULL,
  PRIMARY KEY (`c_pq4c1la6cv`) /*T![clustered_index] NONCLUSTERED */,
  UNIQUE KEY `c__x9cqrnb0` (`c__x9cqrnb0`),
  UNIQUE KEY `c_b5qjz_jj0` (`c_b5qjz_jj0`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_bin /*T! SHARD_ROW_ID_BITS=4 PRE_SPLIT_REGIONS=2 */;

CREATE TABLE `t_kg74` (
  `c_a1tv2` int(11) NOT NULL,
  `c_eobbbypzbu` tinyint(4) DEFAULT NULL,
  `c_g` double NOT NULL,
  `c_ixy` tinyint(4) DEFAULT NULL,
  `c_if` text NOT NULL,
  `c_obnq8s7_s2` double DEFAULT NULL,
  `c_xrgd2snrop` tinyint(4) DEFAULT NULL,
  `c_vqafa6o6` text DEFAULT NULL,
  `c_ku44klry7o` double NOT NULL,
  `c_js835qkmjz` tinyint(4) DEFAULT NULL,
  PRIMARY KEY (`c_a1tv2`));

update t_kg74 set 
  c_eobbbypzbu = (t_kg74.c_js835qkmjz in (
    select  
          (ref_0.c_yb_ <> 'mlp40j') as c0
        from 
          t_yzyyqbo2u as ref_0
        where (89.25 && ref_0.c_pq4c1la6cv)
      union
      (select  
          ((cast(null as double) != 1382756095)) 
            and ((1=1 <> (EXISTS (
                  select distinct 
                      ref_2.c_zjmgh995_6 as c0, 
                      ref_2.c_zjmgh995_6 as c1, 
                      ref_2.c_kbcid as c2, 
                      ref_1.c_r5axbk as c3, 
                      -633150135 as c4, 
                      ref_2.c_c4l as c5, 
                      ref_1.c_fd7zeyfs49 as c6, 
                      ref_1.c_nylhnz as c7, 
                      ref_2.c_um as c8, 
                      ref_2.c_c4l as c9
                    from 
                      t_yzyyqbo2u as ref_2
                    where ((ref_1.c_ob5k0 <= ref_2.c_qkf4n)) 
                      and ((EXISTS (
                        select  
                            ref_3.c_qkf4n as c0, 
                            ref_3.c_kbcid as c1, 
                            ref_3.c_qkf4n as c2, 
                            ref_1.c_wpmmiv as c3, 
                            ref_1.c_fd7zeyfs49 as c4, 
                            ref_3.c_c4l as c5, 
                            ref_1.c_r5axbk as c6, 
                            ref_3.c_kbcid as c7
                          from 
                            t_yzyyqbo2u as ref_3
                          where ((ref_2.c_qkf4n >= ( 
                              select distinct 
                                    ref_4.c_b5qjz_jj0 as c0
                                  from 
                                    t_yzyyqbo2u as ref_4
                                  where (ref_3.c__x9cqrnb0 not in (
                                    select  
                                          ref_5.c_ok as c0
                                        from 
                                          t_q1 as ref_5
                                        where 1=1
                                      union
                                      (select  
                                          ref_6.c_b5qjz_jj0 as c0
                                        from 
                                          t_yzyyqbo2u as ref_6
                                        where (ref_6.c_qkf4n not in (
                                          select  
                                                ref_7.c_um as c0
                                              from 
                                                t_yzyyqbo2u as ref_7
                                              where 1=1
                                            union
                                            (select  
                                                ref_8.c_b5qjz_jj0 as c0
                                              from 
                                                t_yzyyqbo2u as ref_8
                                              where (ref_8.c_yb_ not like 'nrry%m')))))))
                                union
                                (select  
                                    ref_2.c_fujjmh8m2 as c0
                                  from 
                                    t_q1 as ref_9
                                  where (ref_2.c_zjmgh995_6 like 'v8%3xn%_uc'))
                                order by c0 limit 1))) 
                            or ((ref_1.c_fulsthp7e in (
                              select  
                                    ref_10.c_ru as c0
                                  from 
                                    t_q1 as ref_10
                                  where (55.34 >= 1580576276)
                                union
                                (select  
                                    ref_11.c_ru as c0
                                  from 
                                    t_q1 as ref_11
                                  where (ref_11.c_ru in (
                                    select distinct 
                                          ref_12.c_zjmgh995_6 as c0
                                        from 
                                          t_yzyyqbo2u as ref_12
                                        where 0<>0
                                      union
                                      (select  
                                          ref_13.c_zjmgh995_6 as c0
                                        from 
                                          t_yzyyqbo2u as ref_13
                                        where ('q2chm8gfsa' = ref_13.c_yb_))))))))))))))) as c0
        from 
          t_o9_7_f as ref_1
        where (-9186514464458010455 <> 62.67)))), 
  c_if = 'u1ah7', 
  c_vqafa6o6 = (t_kg74.c_a1tv2 + (((t_kg74.c_a1tv2 between t_kg74.c_a1tv2 and t_kg74.c_a1tv2)) 
        or (1=1)) 
      and ((1288561802 <= t_kg74.c_a1tv2))), 
  c_js835qkmjz = (t_kg74.c_vqafa6o6 in (
    select  
        ref_14.c_z as c0
      from 
        t_q1 as ref_14
      where (ref_14.c_z like 'o%fiah')))
where (t_kg74.c_obnq8s7_s2 = case when (t_kg74.c_a1tv2 is NULL) then t_kg74.c_g else t_kg74.c_obnq8s7_s2 end
      );

2. What did you expect to see? (Required)

Query executed succesfully.

3. What did you see instead (Required)

Query fails with the following error message:

ERROR 1105 (HY000): runtime error: invalid memory address or nil pointer dereference

The session will be disconnected due to panic happens, but the other sessions will not be affected because TiDB catches the panic internally.

The error stack:

github.com/pingcap/tidb/pkg/server.(*clientConn).Run.func1
	/Users/bb7133/Projects/gopath/src/github.com/pingcap/tidb/pkg/server/conn.go:1016
runtime.gopanic
	/Users/bb7133/Softwares/go/src/runtime/panic.go:914
github.com/pingcap/tidb/pkg/executor.(*Compiler).Compile.func1
	/Users/bb7133/Projects/gopath/src/github.com/pingcap/tidb/pkg/executor/compiler.go:57
runtime.gopanic
	/Users/bb7133/Softwares/go/src/runtime/panic.go:914
runtime.panicmem
	/Users/bb7133/Softwares/go/src/runtime/panic.go:261
runtime.sigpanic
	/Users/bb7133/Softwares/go/src/runtime/signal_unix.go:861
github.com/pingcap/tidb/pkg/planner/core.(*Update).ResolveIndices
	/Users/bb7133/Projects/gopath/src/github.com/pingcap/tidb/pkg/planner/core/resolve_indices.go:834
github.com/pingcap/tidb/pkg/planner/core.(*PlanBuilder).buildUpdate
	/Users/bb7133/Projects/gopath/src/github.com/pingcap/tidb/pkg/planner/core/logical_plan_builder.go:5830
github.com/pingcap/tidb/pkg/planner/core.(*PlanBuilder).Build
	/Users/bb7133/Projects/gopath/src/github.com/pingcap/tidb/pkg/planner/core/planbuilder.go:543
github.com/pingcap/tidb/pkg/planner.buildLogicalPlan
	/Users/bb7133/Projects/gopath/src/github.com/pingcap/tidb/pkg/planner/optimize.go:549
github.com/pingcap/tidb/pkg/planner.optimize
	/Users/bb7133/Projects/gopath/src/github.com/pingcap/tidb/pkg/planner/optimize.go:466
github.com/pingcap/tidb/pkg/planner.Optimize
	/Users/bb7133/Projects/gopath/src/github.com/pingcap/tidb/pkg/planner/optimize.go:334
github.com/pingcap/tidb/pkg/executor.(*Compiler).Compile
	/Users/bb7133/Projects/gopath/src/github.com/pingcap/tidb/pkg/executor/compiler.go:105
github.com/pingcap/tidb/pkg/session.(*session).ExecuteStmt
	/Users/bb7133/Projects/gopath/src/github.com/pingcap/tidb/pkg/session/session.go:2085
github.com/pingcap/tidb/pkg/server.(*TiDBContext).ExecuteStmt
	/Users/bb7133/Projects/gopath/src/github.com/pingcap/tidb/pkg/server/driver_tidb.go:294
github.com/pingcap/tidb/pkg/server.(*clientConn).handleStmt
	/Users/bb7133/Projects/gopath/src/github.com/pingcap/tidb/pkg/server/conn.go:2021
github.com/pingcap/tidb/pkg/server.(*clientConn).handleQuery
	/Users/bb7133/Projects/gopath/src/github.com/pingcap/tidb/pkg/server/conn.go:1774
github.com/pingcap/tidb/pkg/server.(*clientConn).dispatch
	/Users/bb7133/Projects/gopath/src/github.com/pingcap/tidb/pkg/server/conn.go:1348
github.com/pingcap/tidb/pkg/server.(*clientConn).Run
	/Users/bb7133/Projects/gopath/src/github.com/pingcap/tidb/pkg/server/conn.go:1114
github.com/pingcap/tidb/pkg/server.(*Server).onConn
	/Users/bb7133/Projects/gopath/src/github.com/pingcap/tidb/pkg/server/server.go:739

4. What is your TiDB version? (Required)

master: ba0ebc5
confirmed that it can be reproduced in v7.5.1 as well, so probably it exists in most of TiDB releases(If not all).
@bb7133 bb7133 added the type/bug The issue is confirmed as a bug. label Apr 17, 2024
@bb7133
Copy link
Member Author

bb7133 commented Apr 17, 2024

@winoros Provided in 'reproduce steps'.

It's sleep time for you.

@ti-chi-bot ti-chi-bot added affects-8.1 This bug affects the 8.1.x(LTS) versions. and removed may-affects-8.1 labels Apr 24, 2024
@winoros winoros mentioned this issue May 8, 2024
Merged
13 tasks
@winoros winoros added affects-5.4 This bug affects the 5.4.x(LTS) versions. affects-6.1 This bug affects the 6.1.x(LTS) versions. affects-6.5 This bug affects the 6.5.x(LTS) versions. affects-7.1 This bug affects the 7.1.x(LTS) versions. affects-7.5 This bug affects the 7.5.x(LTS) versions. and removed may-affects-5.4 This bug maybe affects 5.4.x versions. may-affects-6.1 may-affects-6.5 may-affects-7.1 may-affects-7.5 labels May 8, 2024
ti-chi-bot bot pushed a commit that referenced this issue May 9, 2024
@winoros
planner: resolve panic when the update lists contain complex subquery (
97d4705 
…#53108)

close #52687
@ti-chi-bot ti-chi-bot mentioned this issue May 9, 2024
Merged
13 tasks
ti-chi-bot bot pushed a commit that referenced this issue May 10, 2024
@ti-chi-bot
planner: resolve panic when the update lists contain complex subquery (
fe1f6ca 
…#53108) (#53144)

close #52687
This was referenced May 14, 2024
Merged
Merged
@ti-chi-bot ti-chi-bot mentioned this issue May 14, 2024
Merged
13 tasks
terry1purcell pushed a commit to terry1purcell/tidb that referenced this issue May 17, 2024
@winoros @terry1purcell
planner: resolve panic when the update lists contain complex subquery (
91a3d58 
…pingcap#53108)

close pingcap#52687
ti-chi-bot bot pushed a commit that referenced this issue May 21, 2024
@ti-chi-bot
planner: resolve panic when the update lists contain complex subquery (
4b80634 
…#53108) (#53271)

close #52687
RidRisR pushed a commit to RidRisR/tidb that referenced this issue May 23, 2024
@winoros @RidRisR
planner: resolve panic when the update lists contain complex subquery (
721bd9d 
…pingcap#53108)

close pingcap#52687
ti-chi-bot bot pushed a commit that referenced this issue Jun 9, 2024
@ti-chi-bot
planner: resolve panic when the update lists contain complex subquery (
b4f3a10 
…#53108) (#53269)

close #52687
ti-chi-bot bot pushed a commit that referenced this issue Nov 8, 2024
@ti-chi-bot
planner: resolve panic when the update lists contain complex subquery (
bb80e24 
…#53108) (#53270)

close #52687
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@winoros winoros

Labels
affects-5.4 This bug affects the 5.4.x(LTS) versions. affects-6.1 This bug affects the 6.1.x(LTS) versions. affects-6.5 This bug affects the 6.5.x(LTS) versions. affects-7.1 This bug affects the 7.1.x(LTS) versions. affects-7.5 This bug affects the 7.5.x(LTS) versions. affects-8.1 This bug affects the 8.1.x(LTS) versions. severity/critical sig/planner SIG: Planner type/bug The issue is confirmed as a bug.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

planner: resolve panic when the update lists contain complex subquery winoros/tidb
4 participants
@bb7133 @fixdb @winoros @ti-chi-bot