MariaDB

Valgrind warning / sporadic crash in evaluate_join_record sql_select.cc:14099 with semijoin

Bug #751484 reported by Philip Stoev
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
MariaDB
Invalid
Undecided
Sergey Petrunia
MariaDB 5.3

Bug Description

Repeatable with maria-5.3, maria-5.3-mwl89 . Not repeatable with maria-5.2 .

valgrind warnings:

==19646== Conditional jump or move depends on uninitialised value(s)
==19646== at 0x832A44F: evaluate_join_record(JOIN*, st_join_table*, int) (sql_select.cc:14099)
==19646== by 0x832A0CD: sub_select(JOIN*, st_join_table*, bool) (sql_select.cc:14006)
==19646== by 0x8329AD0: sub_select_sjm(JOIN*, st_join_table*, bool) (sql_select.cc:13726)
==19646== by 0x832949F: do_select(JOIN*, List<Item>*, st_table*, Procedure*) (sql_select.cc:13541)
==19646== by 0x830FCCA: JOIN::exec() (sql_select.cc:2530)
==19646== by 0x83104E7: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2749)
==19646== by 0x8451213: mysql_derived_filling(THD*, st_lex*, TABLE_LIST*) (sql_derived.cc:296)
==19646== by 0x8450B1E: mysql_handle_derived(st_lex*, bool (*)(THD*, st_lex*, TABLE_LIST*)) (sql_derived.cc:56)
==19646== by 0x82F11E1: open_and_lock_tables_derived(THD*, TABLE_LIST*, bool) (sql_base.cc:5125)
==19646== by 0x82AC8E0: open_and_lock_tables(THD*, TABLE_LIST*) (mysql_priv.h:1650)
==19646== by 0x82A5C00: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5056)
==19646== by 0x829CC86: mysql_execute_command(THD*) (sql_parse.cc:2235)
==19646== by 0x82A83B7: mysql_parse(THD*, char*, unsigned int, char const**) (sql_parse.cc:6090)
==19646== by 0x829A90F: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1211)
==19646== by 0x8299DBC: do_command(THD*) (sql_parse.cc:904)
==19646== by 0x8296E6F: handle_one_connection (sql_connect.cc:1154)
==19646== Conditional jump or move depends on uninitialised value(s)
==19646== at 0x832A4AE: evaluate_join_record(JOIN*, st_join_table*, int) (sql_select.cc:14108)
==19646== by 0x832A0CD: sub_select(JOIN*, st_join_table*, bool) (sql_select.cc:14006)
==19646== by 0x8329AD0: sub_select_sjm(JOIN*, st_join_table*, bool) (sql_select.cc:13726)
==19646== by 0x832949F: do_select(JOIN*, List<Item>*, st_table*, Procedure*) (sql_select.cc:13541)
==19646== by 0x830FCCA: JOIN::exec() (sql_select.cc:2530)
==19646== by 0x83104E7: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2749)
==19646== by 0x8451213: mysql_derived_filling(THD*, st_lex*, TABLE_LIST*) (sql_derived.cc:296)
==19646== by 0x8450B1E: mysql_handle_derived(st_lex*, bool (*)(THD*, st_lex*, TABLE_LIST*)) (sql_derived.cc:56)
==19646== by 0x82F11E1: open_and_lock_tables_derived(THD*, TABLE_LIST*, bool) (sql_base.cc:5125)
==19646== by 0x82AC8E0: open_and_lock_tables(THD*, TABLE_LIST*) (mysql_priv.h:1650)
==19646== by 0x82A5C00: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5056)
==19646== by 0x829CC86: mysql_execute_command(THD*) (sql_parse.cc:2235)
==19646== by 0x82A83B7: mysql_parse(THD*, char*, unsigned int, char const**) (sql_parse.cc:6090)
==19646== by 0x829A90F: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1211)
==19646== by 0x8299DBC: do_command(THD*) (sql_parse.cc:904)
==19646== by 0x8296E6F: handle_one_connection (sql_connect.cc:1154)
==19646== Conditional jump or move depends on uninitialised value(s)
==19646== at 0x832A4FE: evaluate_join_record(JOIN*, st_join_table*, int) (sql_select.cc:14139)
==19646== by 0x832A0CD: sub_select(JOIN*, st_join_table*, bool) (sql_select.cc:14006)
==19646== by 0x8329AD0: sub_select_sjm(JOIN*, st_join_table*, bool) (sql_select.cc:13726)
==19646== by 0x832949F: do_select(JOIN*, List<Item>*, st_table*, Procedure*) (sql_select.cc:13541)
==19646== by 0x830FCCA: JOIN::exec() (sql_select.cc:2530)
==19646== by 0x83104E7: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2749)
==19646== by 0x8451213: mysql_derived_filling(THD*, st_lex*, TABLE_LIST*) (sql_derived.cc:296)
==19646== by 0x8450B1E: mysql_handle_derived(st_lex*, bool (*)(THD*, st_lex*, TABLE_LIST*)) (sql_derived.cc:56)
==19646== by 0x82F11E1: open_and_lock_tables_derived(THD*, TABLE_LIST*, bool) (sql_base.cc:5125)
==19646== by 0x82AC8E0: open_and_lock_tables(THD*, TABLE_LIST*) (mysql_priv.h:1650)
==19646== by 0x82A5C00: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5056)
==19646== by 0x829CC86: mysql_execute_command(THD*) (sql_parse.cc:2235)
==19646== by 0x82A83B7: mysql_parse(THD*, char*, unsigned int, char const**) (sql_parse.cc:6090)
==19646== by 0x829A90F: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1211)
==19646== by 0x8299DBC: do_command(THD*) (sql_parse.cc:904)
==19646== by 0x8296E6F: handle_one_connection (sql_connect.cc:1154)

test case. Unfortunately, simplification is not available for Valgrind:

SET SESSION optimizer_switch='materialization=on,in_to_exists=on';
CREATE TABLE t1 ( pk int(11) NOT NULL AUTO_INCREMENT, col_int_nokey int(11) DEFAULT NULL, col_int_key int(11) DEFAULT NULL, col_date_key date DEFAULT NUL$
INSERT INTO t1 VALUES (10,7,8,NULL,NULL,'01:27:35','01:27:35','2002-02-26 06:14:37','2002-02-26 06:14:37','v','v'),(11,1,9,'2006-06-14','2006-06-14','19:48:3$
CREATE TABLE t2 ( pk int(11) NOT NULL AUTO_INCREMENT, col_int_nokey int(11) DEFAULT NULL, col_int_key int(11) DEFAULT NULL, col_date_key date DEFAULT NUL$
INSERT INTO t2 VALUES (10,8,8,'2002-02-21','2002-02-21','18:27:58','18:27:58','1900-01-01 00:00:00','1900-01-01 00:00:00',NULL,NULL);
CREATE TABLE t3 ( pk int(11) NOT NULL AUTO_INCREMENT, col_int_nokey int(11) DEFAULT NULL, col_int_key int(11) DEFAULT NULL, col_date_key date DEFAULT NUL$
INSERT INTO t3 VALUES (1,1,7,'1900-01-01','1900-01-01','01:13:38','01:13:38','2005-02-05 00:00:00','2005-02-05 00:00:00','f','f');

EXPLAIN SELECT alias1.col_time_key AS field1
FROM
(
(
SELECT SQ1_alias1.*
FROM t1 AS SQ1_alias1
WHERE SQ1_alias1.col_varchar_nokey IN
(
SELECT C_SQ1_alias1.col_varchar_nokey AS C_SQ1_field1
FROM
( t1 AS C_SQ1_alias1
RIGHT JOIN t3 AS C_SQ1_alias2 ON
(C_SQ1_alias2.col_varchar_key = C_SQ1_alias1.col_varchar_key )
 )
 )
 )
 AS alias1
LEFT JOIN t2 AS alias2 ON
(alias2.col_varchar_nokey = alias1.col_varchar_key )
 )

WHERE
( alias2.col_int_nokey >= SOME
(
SELECT 2 UNION
SELECT 104 )
 )
 AND alias1.pk = 4
ORDER BY alias1.col_datetime_key ASC , field1 ;

Revision history for this message
Philip Stoev (pstoev-askmonty) wrote : Re: Valgrind warning / sporadic crash in evaluate_join_record sql_select.cc:14099

Explain:

+----+--------------------+--------------+--------+-----------------+-----------------+---------+-------+------+----------------------------------------------------------------+
| id | select_type | table | type | possible_keys | key | key_len | ref | rows | Extra |
 +----+--------------------+--------------+--------+-----------------+-----------------+---------+-------+------+----------------------------------------------------------------+
| 1 | PRIMARY | NULL | NULL | NULL | NULL | NULL | NULL | NULL | Impossible WHERE noticed after reading const tables |
| 4 | DEPENDENT SUBQUERY | NULL | NULL | NULL | NULL | NULL | NULL | NULL | No tables used |
| 5 | DEPENDENT UNION | NULL | NULL | NULL | NULL | NULL | NULL | NULL | No tables used |
| NULL | UNION RESULT | <union4,5> | ALL | NULL | NULL | NULL | NULL | NULL | |
| 2 | DERIVED | C_SQ1_alias2 | system | NULL | NULL | NULL | NULL | 1 | |
| 2 | DERIVED | C_SQ1_alias1 | ref | col_varchar_key | col_varchar_key | 4 | const | 1 | Using where; Start temporary |
| 2 | DERIVED | SQ1_alias1 | ALL | NULL | NULL | NULL | NULL | 20 | Using where; End temporary; Using join buffer (flat, BNL join) |
 +----+--------------------+--------------+--------+-----------------+-----------------+---------+-------+------+----------------------------------------------------------------+

Changed in maria:
milestone: none → 5.3
summary: - Valgrind warning in evaluate_join_record sql_select.cc:14099
+ Valgrind warning / sporadic crash in evaluate_join_record
+ sql_select.cc:14099
Philip Stoev (pstoev-askmonty)
Changed in maria:
assignee: nobody → Philip Stoev (pstoev-askmonty)
status: New → In Progress
Revision history for this message
Philip Stoev (pstoev-askmonty) wrote :

The above test case is corrupt. This is a semijoin bug. A new, simplified test case:

SET SESSION optimizer_switch='semijoin=on';
CREATE TABLE t1 ( f10 int, f11 int, KEY (f10));
INSERT IGNORE INTO t1 VALUES (0, 0),(0, 0);

CREATE TABLE t3 ( f10 int);
INSERT IGNORE INTO t3 VALUES (0);

SELECT * FROM t1
WHERE f11 IN (
        SELECT C_SQ1_alias1.f11
        FROM t1 AS C_SQ1_alias1
        JOIN t3 AS C_SQ1_alias2
        ON C_SQ1_alias2.f10 = C_SQ1_alias1.f10
);

backtrace:

#4 <signal handler called>
#5 0x08329494 in evaluate_join_record (join=0xae623910, join_tab=0xae62ee54, error=0) at sql_select.cc:14041
#6 0x0832910e in sub_select (join=0xae623910, join_tab=0xae62ee54, end_of_records=false) at sql_select.cc:13946
#7 0x08328b11 in sub_select_sjm (join=0xae623910, join_tab=0xae62ee54, end_of_records=false) at sql_select.cc:13666
#8 0x083284e0 in do_select (join=0xae623910, fields=0xaa576ac, table=0x0, procedure=0x0) at sql_select.cc:13481
#9 0x0830eece in JOIN::exec (this=0xae623910) at sql_select.cc:2482
#10 0x0830f6ea in mysql_select (thd=0xaa55c80, rref_pointer_array=0xaa5771c, tables=0xae613128, wild_num=1, fields=..., conds=0xae614280, og_num=0,
    order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147764736, result=0xae614418, unit=0xaa5737c, select_lex=0xaa57618)
    at sql_select.cc:2701
#11 0x08307f47 in handle_select (thd=0xaa55c80, lex=0xaa57320, result=0xae614418, setup_tables_done_option=0) at sql_select.cc:282
#12 0x082a5324 in execute_sqlcom_select (thd=0xaa55c80, all_tables=0xae613128) at sql_parse.cc:5094
#13 0x0829c18a in mysql_execute_command (thd=0xaa55c80) at sql_parse.cc:2239
#14 0x082a78c7 in mysql_parse (thd=0xaa55c80,
    rawbuf=0xae612ee8 "SELECT * FROM t1\nWHERE f11 IN (\nSELECT C_SQ1_alias1.f11\nFROM t1 AS C_SQ1_alias1\nJOIN t3 AS C_SQ1_alias2\nON C_SQ1_alias2.f10 = C_SQ1_alias1.f10\n)", length=144, found_semicolon=0xb6d54228) at sql_parse.cc:6094
#15 0x08299e13 in dispatch_command (command=COM_QUERY, thd=0xaa55c80, packet=0xaab0961 "", packet_length=144) at sql_parse.cc:1215
#16 0x08299271 in do_command (thd=0xaa55c80) at sql_parse.cc:904
#17 0x08296324 in handle_one_connection (arg=0xaa55c80) at sql_connect.cc:1154
#18 0x00821919 in start_thread () from /lib/libpthread.so.0
#19 0x0076acce in clone () from /lib/libc.so.6

Changed in maria:
assignee: Philip Stoev (pstoev-askmonty) → Sergey Petrunia (sergefp)
status: In Progress → Confirmed
Philip Stoev (pstoev-askmonty)
summary: Valgrind warning / sporadic crash in evaluate_join_record
- sql_select.cc:14099
+ sql_select.cc:14099 with semijoin
Revision history for this message
Sergey Petrunia (sergefp) wrote :

Added testcase to 5.3-main. The bug most likely has been fixed by MWL#90 code.

Changed in maria:
status: Confirmed → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.