MariaDB

Crash in create_ref_for_key with semijoin_with_cache=on

Bug #899777 reported by Elena Stepanova
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
MariaDB
Fix Released
Critical
Igor Babaev
MariaDB 5.3

Bug Description

#3 <signal handler called>
#4 0x0000000000781d52 in create_ref_for_key (join=0x1ce2450, j=0x1d3be40,
    org_keyuse=0x1cea738, used_tables=4611686018427387919)
    at sql_select.cc:7363
#5 0x00000000007811d2 in get_best_combination (join=0x1ce2450)
    at sql_select.cc:7124
#6 0x0000000000778986 in make_join_statistics (join=0x1ce2450,
    tables_list=..., conds=0x1cda8d8, keyuse_array=0x1cea308)
    at sql_select.cc:3554
#7 0x000000000076ff50 in JOIN::optimize (this=0x1ce2450) at sql_select.cc:1116
#8 0x0000000000776859 in mysql_select (thd=0x1c25818,
    rref_pointer_array=0x1c283f0, tables=0x1caa178, wild_num=1, fields=...,
    conds=0x1cd9460, og_num=0, order=0x0, group=0x0, having=0x0,
    proc_param=0x0, select_options=2147764736, result=0x1cd9640,
    unit=0x1c27cb8, select_lex=0x1c281a0) at sql_select.cc:2892
#9 0x000000000076d4c9 in handle_select (thd=0x1c25818, lex=0x1c27c18,
    result=0x1cd9640, setup_tables_done_option=0) at sql_select.cc:283
#10 0x00000000006fc648 in execute_sqlcom_select (thd=0x1c25818,
    all_tables=0x1caa178) at sql_parse.cc:5112
#11 0x00000000006f371e in mysql_execute_command (thd=0x1c25818)
    at sql_parse.cc:2250
#12 0x00000000006ff028 in mysql_parse (thd=0x1c25818,
    rawbuf=0x1ca9e40 "SELECT alias1.*\nFROM t1 alias1, t1 alias2 \nWHERE \n( alias1.b, alias2.b ) IN \n( SELECT alias3.b, alias4.b FROM t1 alias3, t1 alias4\nWHERE alias4.c = alias3.b ) \nAND alias1.a = 10", length=177,
    found_semicolon=0x7fc5990cfc98) at sql_parse.cc:6113
#13 0x00000000006f0f36 in dispatch_command (command=COM_QUERY, thd=0x1c25818,
    packet=0x1ca0b09 "SELECT alias1.*\nFROM t1 alias1, t1 alias2 \nWHERE \n( alias1.b, alias2.b ) IN \n( SELECT alias3.b, alias4.b FROM t1 alias3, t1 alias4\nWHERE alias4.c = alias3.b ) \nAND alias1.a = 10", packet_length=177)
    at sql_parse.cc:1221
#14 0x00000000006f026a in do_command (thd=0x1c25818) at sql_parse.cc:916
#15 0x00000000006ed1c0 in handle_one_connection (arg=0x1c25818)
    at sql_connect.cc:1191
#16 0x00007fc5a286da4f in start_thread () from /lib64/libpthread.so.0
#17 0x00007fc5a1c5782d in clone () from /lib64/libc.so.6

Minimal switch: semijoin_with_cache=on (included into the test case)

Full switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=off,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=off,table_elimination=on

EXPLAIN also crashes.

Reproducible with join_cache_level >= 3

revno: 3324
revision-id: <email address hidden>
branch nick: maria-5.3-bug898073
timestamp: Wed 2011-11-30 10:22:53 -0800

Also reproducible on 3315.

Test case:

SET optimizer_switch='semijoin_with_cache=on';
SET join_cache_level=3;

CREATE TABLE t1 ( a INTEGER, UNIQUE INDEX(a), b INTEGER, c INTEGER );
INSERT INTO t1 VALUES (1,8,6), (2,2,8);

SELECT alias1.*
FROM t1 alias1, t1 alias2
WHERE
     ( alias1.b, alias2.b ) IN
       ( SELECT alias3.b, alias4.b FROM t1 alias3, t1 alias4
           WHERE alias4.c = alias3.b )
     AND alias1.a = 10;

Revision history for this message
Elena Stepanova (elenst) wrote :

I checked previous crashes in create_ref_for_key that I found, but they seem to have been fixed, and test cases do not produce the problem.

Changed in maria:
milestone: none → 5.3
Igor Babaev (igorb-seattle)
Changed in maria:
importance: Undecided → Critical
status: New → Confirmed
assignee: nobody → Igor Babaev (igorb-seattle)
Igor Babaev (igorb-seattle)
Changed in maria:
status: Confirmed → In Progress
Igor Babaev (igorb-seattle)
Changed in maria:
status: In Progress → Fix Committed
Daniel Bartholomew (dbart)
Changed in maria:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.