Skip to content

invalid memory address or nil pointer dereference in core.(*LogicalCTE).PredicatePushDown #53594

New issue
New issue
Closed
#53716
Closed
invalid memory address or nil pointer dereference in core.(*LogicalCTE).PredicatePushDown#53594
#53716
Assignees
YangKeao
Labels
affects-6.1This bug affects the 6.1.x(LTS) versions.affects-6.5This bug affects the 6.5.x(LTS) versions.affects-7.1This bug affects the 7.1.x(LTS) versions.affects-7.5This bug affects the 7.5.x(LTS) versions.affects-8.1This bug affects the 8.1.x(LTS) versions.impact/panicseverity/majorsig/plannerSIG: Plannertype/bugThe issue is confirmed as a bug.
@ycybfhb

Description

@ycybfhb
ycybfhb
opened on May 27, 2024

Bug Report

Please answer these questions before submitting your issue. Thanks!

1. Minimal reproduce step (Required)

First execute the following valid.sql
valid.txt
Then a crash occurs when executing the error.sql below
error.txt

2. What did you expect to see? (Required)

Expect no crashes

3. What did you see instead (Required)

runtime error: invalid memory address or nil pointer dereference

tidb.log:

[2024/05/27 13:02:21.580 +00:00] [ERROR] [conn.go:1013] ["connection running loop panic"] [conn=1776287804] [session_alias=] [err="runtime error: invalid memory address or nil pointer dereference"] [stack="github.com/pingcap/tidb/pkg/server.(*clientConn).Run.func1
	/workspace/source/tidb/pkg/server/conn.go:1016
runtime.gopanic
	/usr/local/go/src/runtime/panic.go:914
github.com/pingcap/tidb/pkg/executor.(*Compiler).Compile.func1
	/workspace/source/tidb/pkg/executor/compiler.go:57
runtime.gopanic
	/usr/local/go/src/runtime/panic.go:914
runtime.panicmem
	/usr/local/go/src/runtime/panic.go:261
runtime.sigpanic
	/usr/local/go/src/runtime/signal_unix.go:861
github.com/pingcap/tidb/pkg/planner/core.(*LogicalCTE).PredicatePushDown
	/workspace/source/tidb/pkg/planner/core/rule_predicate_push_down.go:967
github.com/pingcap/tidb/pkg/planner/core.(*baseLogicalPlan).PredicatePushDown
	/workspace/source/tidb/pkg/planner/core/rule_predicate_push_down.go:84
github.com/pingcap/tidb/pkg/planner/core.(*LogicalProjection).PredicatePushDown
	/workspace/source/tidb/pkg/planner/core/rule_predicate_push_down.go:425
github.com/pingcap/tidb/pkg/planner/core.(*LogicalSelection).PredicatePushDown
	/workspace/source/tidb/pkg/planner/core/rule_predicate_push_down.go:111
github.com/pingcap/tidb/pkg/planner/core.(*baseLogicalPlan).PredicatePushDown
	/workspace/source/tidb/pkg/planner/core/rule_predicate_push_down.go:84
github.com/pingcap/tidb/pkg/planner/core.(*LogicalProjection).PredicatePushDown
	/workspace/source/tidb/pkg/planner/core/rule_predicate_push_down.go:425
github.com/pingcap/tidb/pkg/planner/core.(*LogicalUnionAll).PredicatePushDown
	/workspace/source/tidb/pkg/planner/core/rule_predicate_push_down.go:434
github.com/pingcap/tidb/pkg/planner/core.(*LogicalJoin).PredicatePushDown
	/workspace/source/tidb/pkg/planner/core/rule_predicate_push_down.go:242
github.com/pingcap/tidb/pkg/planner/core.(*baseLogicalPlan).PredicatePushDown
	/workspace/source/tidb/pkg/planner/core/rule_predicate_push_down.go:84
github.com/pingcap/tidb/pkg/planner/core.(*LogicalAggregation).PredicatePushDown
	/workspace/source/tidb/pkg/planner/core/rule_predicate_push_down.go:555
github.com/pingcap/tidb/pkg/planner/core.(*baseLogicalPlan).PredicatePushDown
	/workspace/source/tidb/pkg/planner/core/rule_predicate_push_down.go:84
github.com/pingcap/tidb/pkg/planner/core.(*LogicalProjection).PredicatePushDown
	/workspace/source/tidb/pkg/planner/core/rule_predicate_push_down.go:425
github.com/pingcap/tidb/pkg/planner/core.(*ppdSolver).optimize
	/workspace/source/tidb/pkg/planner/core/rule_predicate_push_down.go:49
github.com/pingcap/tidb/pkg/planner/core.logicalOptimize
	/workspace/source/tidb/pkg/planner/core/optimizer.go:1005
github.com/pingcap/tidb/pkg/planner/core.doOptimize
	/workspace/source/tidb/pkg/planner/core/optimizer.go:289
github.com/pingcap/tidb/pkg/planner/core.DoOptimize
	/workspace/source/tidb/pkg/planner/core/optimizer.go:348
github.com/pingcap/tidb/pkg/planner.optimize
	/workspace/source/tidb/pkg/planner/optimize.go:503
github.com/pingcap/tidb/pkg/planner.Optimize
	/workspace/source/tidb/pkg/planner/optimize.go:334
github.com/pingcap/tidb/pkg/executor.(*Compiler).Compile
	/workspace/source/tidb/pkg/executor/compiler.go:99
github.com/pingcap/tidb/pkg/session.(*session).ExecuteStmt
	/workspace/source/tidb/pkg/session/session.go:2094
github.com/pingcap/tidb/pkg/server.(*TiDBContext).ExecuteStmt
	/workspace/source/tidb/pkg/server/driver_tidb.go:294
github.com/pingcap/tidb/pkg/server.(*clientConn).handleStmt
	/workspace/source/tidb/pkg/server/conn.go:2021
github.com/pingcap/tidb/pkg/server.(*clientConn).handleQuery
	/workspace/source/tidb/pkg/server/conn.go:1774
github.com/pingcap/tidb/pkg/server.(*clientConn).dispatch
	/workspace/source/tidb/pkg/server/conn.go:1348
github.com/pingcap/tidb/pkg/server.(*clientConn).Run
	/workspace/source/tidb/pkg/server/conn.go:1114
github.com/pingcap/tidb/pkg/server.(*Server).onConn
	/workspace/source/tidb/pkg/server/server.go:739"]

4. What is your TiDB version? (Required)

+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| tidb_version()                                                                                                                                                                                                                                                   |
+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Release Version: v8.2.0-alpha-216-gfe5858b
Edition: Community
Git Commit Hash: fe5858b00cd63808ac414c6e102a353778b0aaa7
Git Branch: HEAD
UTC Build Time: 2024-05-23 01:44:42
GoVersion: go1.21.10
Race Enabled: false
Check Table Before Drop: false
Store: tikv |
+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

We are the BASS team from the School of Cyber Science and Technology at Beihang University. Our main focus is on system software security, operating systems, and program analysis research, as well as the development of automated program testing frameworks for detecting software defects. Using our self-developed database vulnerability testing tool, we have identified the above-mentioned vulnerabilities in TiDB that may lead to database crashes.

Metadata

Metadata

Assignees

Labels

affects-6.1This bug affects the 6.1.x(LTS) versions.affects-6.5This bug affects the 6.5.x(LTS) versions.affects-7.1This bug affects the 7.1.x(LTS) versions.affects-7.5This bug affects the 7.5.x(LTS) versions.affects-8.1This bug affects the 8.1.x(LTS) versions.impact/panicseverity/majorsig/plannerSIG: Plannertype/bugThe issue is confirmed as a bug.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions