MariaDB

Crash/valgrind warning in JOIN_CACHE::write_record_data with semijoin=on

Bug #802860 reported by Philip Stoev on 2011-06-28

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	MariaDB	Fix Released	Critical	Igor Babaev	MariaDB 5.3

Bug Description

Repeatable with maria-5.3 , maria-5.3-subqueries-mwl90.

backtrace:

#3 <signal handler called>
#4 0x00000000006f0a4d in JOIN_CACHE::write_record_data (this=0x855bd88, link=0x0, is_full=0x41681217) at sql_join_cache.cc:1391
#5 0x00000000006f0fef in JOIN_CACHE::put_record (this=0x855bd88) at sql_join_cache.cc:1500
#6 0x00000000007338a8 in sub_select_cache (join=0x8552980, join_tab=0x855b4c0, end_of_records=false) at sql_select.cc:14698
#7 0x000000000072a2c6 in evaluate_join_record (join=0x8552980, join_tab=0x855b1a8, error=0) at sql_select.cc:15099
#8 0x0000000000733560 in sub_select (join=0x8552980, join_tab=0x855b1a8, end_of_records=false) at sql_select.cc:14904
#9 0x0000000000734894 in do_select (join=0x8552980, fields=0x8498b00, table=0x0, procedure=0x0) at sql_select.cc:14569
#10 0x0000000000754016 in JOIN::exec (this=0x8552980) at sql_select.cc:2665
#11 0x000000000074df6e in mysql_select (thd=0x8496098, rref_pointer_array=0x8498c18, tables=0x851d4a0, wild_num=1, fields=..., conds=0x8551550, og_num=0,
    order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147764736, result=0x851dc20, unit=0x8498510, select_lex=0x84989f8)
    at sql_select.cc:2886
#12 0x0000000000754348 in handle_select (thd=0x8496098, lex=0x8498470, result=0x851dc20, setup_tables_done_option=0) at sql_select.cc:283
#13 0x00000000006a1744 in execute_sqlcom_select (thd=0x8496098, all_tables=0x851d4a0) at sql_parse.cc:5082
#14 0x00000000006a33f7 in mysql_execute_command (thd=0x8496098) at sql_parse.cc:2227
#15 0x00000000006ac18f in mysql_parse (thd=0x8496098,
    rawbuf=0x851bc40 "SELECT *\nFROM ( \nSELECT DISTINCT *\nFROM t1\n) AS alias1\nWHERE alias1.f1 = ANY (\nSELECT t2.f1 FROM t2\n)", length=101,
    found_semicolon=0x41682f08) at sql_parse.cc:6083
#16 0x00000000006ad027 in dispatch_command (command=COM_QUERY, thd=0x8496098, packet=0x85128c9 "", packet_length=103) at sql_parse.cc:1206
#17 0x00000000006ae635 in do_command (thd=0x8496098) at sql_parse.cc:904
#18 0x00000000006990eb in handle_one_connection (arg=0x8496098) at sql_connect.cc:1178
#19 0x00000033b600673d in start_thread () from /lib64/libpthread.so.0
#20 0x00000033b58d40cd in clone () from /lib64/libc.so.6

optimizer switch in effect:

index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=off,loosescan=off,materialization=off,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=on,mrr_cost_based=off,mrr_sort_keys=on,outer_join_with_cache=off,semijoin_with_cache=off,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on

explain:

id select_type table type possible_keys key key_len ref rows Extra
1 PRIMARY <derived2> ALL key0 NULL NULL NULL 2 Start temporary
1 PRIMARY t2 ALL NULL NULL NULL NULL 2 Using where; End temporary; Using join buffer (flat, BNL join)
2 DERIVED t1 ALL NULL NULL NULL NULL 2 Using temporary

test case:

SET SESSION optimizer_switch='semijoin=on,materialization=off,firstmatch=off,loosescan=off';
SET SESSION join_cache_level = 1;

CREATE TABLE t2 ( f1 int) ;
INSERT IGNORE INTO t2 VALUES (0),(0);

CREATE TABLE t1 ( f1 int) ;
INSERT IGNORE INTO t1 VALUES (0),(0);

SELECT *
FROM (
        SELECT DISTINCT *
        FROM t1
) AS alias1
WHERE alias1.f1 = ANY (
        SELECT t2.f1 FROM t2
) ;

bzr version-info:

revision-id: <email address hidden>
date: 2011-06-28 11:11:26 +0400
build-date: 2011-06-28 11:03:34 +0300
revno: 3066
branch-nick: maria-5.3

Revision history for this message

Philip Stoev (pstoev-askmonty) wrote on 2011-06-28:

If it does not crash, look for valgrind warning:

==8349== Thread 4:
==8349== Invalid read of size 1
==8349== at 0x6F0A4D: JOIN_CACHE::write_record_data(unsigned char*, bool*) (sql_join_cache.cc:1391)
==8349== by 0x6F0FEE: JOIN_CACHE::put_record() (sql_join_cache.cc:1500)
==8349== by 0x7338A7: sub_select_cache(JOIN*, st_join_table*, bool) (sql_select.cc:14698)
==8349== by 0x72A2C5: evaluate_join_record(JOIN*, st_join_table*, int) (sql_select.cc:15099)
==8349== by 0x73355F: sub_select(JOIN*, st_join_table*, bool) (sql_select.cc:14904)
==8349== by 0x734893: do_select(JOIN*, List<Item>*, st_table*, Procedure*) (sql_select.cc:14569)
==8349== by 0x754015: JOIN::exec() (sql_select.cc:2665)
==8349== by 0x74DF6D: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsi
gned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2886)
==8349== by 0x754347: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:283)
==8349== by 0x6A1743: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5082)
==8349== by 0x6A33F6: mysql_execute_command(THD*) (sql_parse.cc:2227)
==8349== by 0x6AC18E: mysql_parse(THD*, char*, unsigned int, char const**) (sql_parse.cc:6083)
==8349== by 0x6AD026: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1206)
==8349== by 0x6AE634: do_command(THD*) (sql_parse.cc:904)
==8349== by 0x6990EA: handle_one_connection (sql_connect.cc:1178)
==8349== by 0x33B600673C: start_thread (in /lib64/libpthread-2.5.so)
==8349== Address 0x0 is not stack'd, malloc'd or (recently) free'd

Changed in maria:
milestone:	none → 5.3

Revision history for this message

Philip Stoev (pstoev-askmonty) wrote on 2011-06-28:

NOT reproducible with maria-5.3 before wl106

bzr version-info
revision-id: <email address hidden>
date: 2011-06-15 17:40:18 +0400
build-date: 2011-06-28 11:20:50 +0300
revno: 3048
branch-nick: maria-5.3-noviews

so I am assigning this to Igor

Changed in maria:
assignee:	nobody → Igor Babaev (igorb-seattle)

Igor Babaev (igorb-seattle) on 2011-06-28

Changed in maria:
status:	New → Confirmed
importance:	Undecided → Critical

Igor Babaev (igorb-seattle) on 2011-06-28

Changed in maria:
status:	Confirmed → In Progress

Igor Babaev (igorb-seattle) on 2011-06-29

Changed in maria:
status:	In Progress → Fix Committed

Daniel Bartholomew (dbart) on 2011-12-13

Changed in maria:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.