MariaDB

Crash in store_key::store_key with semijoin + view + union (WL#106)

Bug #803410 reported by Philip Stoev
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
MariaDB
Fix Released
Critical
Igor Babaev
MariaDB 5.3

Bug Description

Repeatable in maria-5.3, maria-5.3-subqueries-mwl90. Not repeatable in maria-5.3 before WL#106. Explain also crashes.

Backtrace:

#3 <signal handler called>
#4 0x0000000000756aa4 in store_key::store_key (this=0x2aa75e0, thd=0x297d098, field_arg=0x3179656b, ptr=0x2aa742c "", null=0x2aa7600 "", length=0)
    at sql_select.h:1227
#5 0x0000000000756e63 in store_key_field::store_key_field (this=0x2aa75e0, thd=0x297d098, to_field_arg=0x3179656b, ptr=0x2aa742c "", null_ptr_arg=0x0,
    length=0, from_field=0x2a3bcb0, name_arg=0x2aa75d0 "test.t3.f2") at sql_select.h:1290
#6 0x000000000072d2ea in get_store_key (thd=0x297d098, keyuse=0x2aa8fb8, used_tables=1, key_part=0x2aa48a8, key_buff=0x2aa742c "", maybe_null=0)
    at sql_select.cc:7368
#7 0x000000000073db30 in create_ref_for_key (join=0x2a891f0, j=0x2aa7110, org_keyuse=0x2aa8f68, used_tables=4611686018427387911) at sql_select.cc:7297
#8 0x0000000000745f80 in get_best_combination (join=0x2a891f0) at sql_select.cc:7063
#9 0x0000000000748103 in make_join_statistics (join=0x2a891f0, tables_list=..., conds=0x2a42b88, keyuse_array=0x2a8f1a0) at sql_select.cc:3511
#10 0x000000000074a49e in JOIN::optimize (this=0x2a891f0) at sql_select.cc:1101
#11 0x000000000074dfbd in mysql_select (thd=0x297d098, rref_pointer_array=0x297fc18, tables=0x2a02eb0, wild_num=1, fields=..., conds=0x2a3f048, og_num=0,
    order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147764736, result=0x2a40df8, unit=0x297f510, select_lex=0x297f9f8)
    at sql_select.cc:2872
#12 0x000000000075443c in handle_select (thd=0x297d098, lex=0x297f470, result=0x2a40df8, setup_tables_done_option=0) at sql_select.cc:283
#13 0x00000000006a1744 in execute_sqlcom_select (thd=0x297d098, all_tables=0x2a02eb0) at sql_parse.cc:5082
#14 0x00000000006a33f7 in mysql_execute_command (thd=0x297d098) at sql_parse.cc:2227
#15 0x00000000006ac18f in mysql_parse (thd=0x297d098,
    rawbuf=0x2a02c40 "SELECT *\nFROM t2 , t3\nWHERE t3.f2 = t2.f2\nAND ( t3.f2 , t3.f2 ) IN ( SELECT * FROM v1 )", length=88, found_semicolon=0x426ebf08)
    at sql_parse.cc:6083
#16 0x00000000006ad027 in dispatch_command (command=COM_QUERY, thd=0x297d098,
    packet=0x29f98c9 "SELECT *\nFROM t2 , t3\nWHERE t3.f2 = t2.f2\nAND ( t3.f2 , t3.f2 ) IN ( SELECT * FROM v1 )", packet_length=88) at sql_parse.cc:1206
#17 0x00000000006ae635 in do_command (thd=0x297d098) at sql_parse.cc:904
#18 0x00000000006990eb in handle_one_connection (arg=0x297d098) at sql_connect.cc:1178
#19 0x00000033b600673d in start_thread () from /lib64/libpthread.so.0
#20 0x00000033b58d40cd in clone () from /lib64/libc.so.6

minimal optimizer switch required: semijoin=on

full optimizer switch in effect: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=off,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=on,mrr_cost_based=off,mrr_sort_keys=on,outer_join_with_cache=off,semijoin_with_cache=off,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on

test case:

CREATE TABLE t1 ( f1 int, f2 varchar(1)) ;
INSERT INTO t1 VALUES (9,NULL),(6,'r');

CREATE TABLE t2 ( f2 varchar(1) );
INSERT INTO t2 VALUES ('x');

CREATE TABLE t3 ( f2 varchar(1) , KEY (f2) ) ;
INSERT INTO t3 VALUES (NULL),('r');

CREATE VIEW v1 AS SELECT 'e', 'c' UNION SELECT 'c' , 'r' ;

SELECT *
FROM t2 , t3
WHERE t3.f2 = t2.f2
AND ( t3.f2 , t3.f2 ) IN ( SELECT * FROM v1 );

bzr version-info

revision-id: <email address hidden>
date: 2011-06-28 19:56:30 -0700
build-date: 2011-06-29 14:29:37 +0300
revno: 3068
branch-nick: maria-5.3

Philip Stoev (pstoev-askmonty)
Changed in maria:
milestone: none → 5.3
assignee: nobody → Igor Babaev (igorb-seattle)
Igor Babaev (igorb-seattle)
Changed in maria:
status: New → Confirmed
importance: Undecided → Critical
Igor Babaev (igorb-seattle)
Changed in maria:
status: Confirmed → In Progress
Revision history for this message
Igor Babaev (igorb-seattle) wrote :
Download full text (3.2 KiB)

The following test case, constructed from the reported one, but using neither semijoins nor unions,
crashes the server with the same stack as in the report above:

CREATE TABLE t1 (f2 varchar(1));
INSERT INTO t1 VALUES ('x');

CREATE TABLE t2 (f2 varchar(1) , KEY (f2)) ;
INSERT INTO t2 VALUES (NULL),('r');

CREATE TABLE t3 (f1 varchar(1), f2 varchar(1));
INSERT INTO t3 VALUES ('e', 'c'), ('c', 'r');

CREATE VIEW v1 AS SELECT f1, MIN(f2) AS f2 FROM t3 GROUP BY f1;

SELECT * FROM t1, t2, v1 WHERE t2.f2=t1.f2 AND t2.f2=v1.f1 AND t2.f2=v1.f2;

The state of the stack at the crash is;

#0 0x00007f7b9ca8b5ec in pthread_kill () from /lib64/libpthread.so.0
#0 0x00007f7b9ca8b5ec in pthread_kill () from /lib64/libpthread.so.0
#1 0x0000000000c27ede in my_write_core (sig=11) at stacktrace.c:426
#2 0x00000000006cba40 in handle_segfault (sig=11) at mysqld.cc:2812
#3 <signal handler called>
#4 0x000000000079119a in store_key::store_key (this=0x1d077c8, thd=0x1be8598, field_arg=0x8f8f8f003179656b, ptr=0x1d09f76 "",
    null=0x1d09f75 "", length=36751) at sql_select.h:1227
#5 0x00000000007913bd in store_key_field::store_key_field (this=0x1d077c8, thd=0x1be8598, to_field_arg=0x8f8f8f003179656b,
    ptr=0x1d09f76 "", null_ptr_arg=0x1d09f75 "", length=36751, from_field=0x1c9ef60, name_arg=0x1d077b8 "test.t2.f2")
    at sql_select.h:1290
#6 0x000000000076c4d9 in get_store_key (thd=0x1be8598, keyuse=0x1caeb28, used_tables=1, key_part=0x1c95f58,
    key_buff=0x1d09f75 "", maybe_null=1) at sql_select.cc:7368
#7 0x000000000076c0ba in create_ref_for_key (join=0x1cf9b60, j=0x1d071d8, org_keyuse=0x1caead8,
    used_tables=4611686018427387911) at sql_select.cc:7297
#8 0x000000000076b3cb in get_best_combination (join=0x1cf9b60) at sql_select.cc:7063
#9 0x0000000000762cfc in make_join_statistics (join=0x1cf9b60, tables_list=..., conds=0x1cadd20, keyuse_array=0x1cffb10)
    at sql_select.cc:3511
#10 0x000000000075a624 in JOIN::optimize (this=0x1cf9b60) at sql_select.cc:1101
#11 0x0000000000760cb0 in mysql_select (thd=0x1be8598, rref_pointer_array=0x1beb118, tables=0x1c6d240, wild_num=1, fields=...,
    conds=0x1c6e5a0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147764736, result=0x1cac198,
    unit=0x1beaa10, select_lex=0x1beaef8) at sql_select.cc:2872
#12 0x0000000000757d47 in handle_select (thd=0x1be8598, lex=0x1bea970, result=0x1cac198, setup_tables_done_option=0)
    at sql_select.cc:283
#13 0x00000000006e8128 in execute_sqlcom_select (thd=0x1be8598, all_tables=0x1c6d240) at sql_parse.cc:5082
#14 0x00000000006df20f in mysql_execute_command (thd=0x1be8598) at sql_parse.cc:2227
#15 0x00000000006eab06 in mysql_parse (thd=0x1be8598,
    rawbuf=0x1c6cff0 "SELECT * FROM t1, t2, v1 WHERE t2.f2=t1.f2 AND t2.f2=v1.f1 AND t2.f2=v1.f2", length=74,
    found_semicolon=0x7f7b932e7c98) at sql_parse.cc:6083
#16 0x00000000006dcac0 in dispatch_command (command=COM_QUERY, thd=0x1be8598,
    packet=0x1c63b89 "SELECT * FROM t1, t2, v1 WHERE t2.f2=t1.f2 AND t2.f2=v1.f1 AND t2.f2=v1.f2", packet_length=74)
    at sql_parse.cc:1206
#17 0x00000000006dbe36 in do_command (thd=0x1be8598) at sql_parse.cc:904
#18 0x00000000006d8e4c in handle_one_co...

Read more...

Igor Babaev (igorb-seattle)
Changed in maria:
status: In Progress → Fix Committed
Daniel Bartholomew (dbart)
Changed in maria:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.