Assertion `thd == thd_param' failed at Item_subselect::fix_fields(THD*, Item**) on executing UPDATE with aggregate function in subselect
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
MariaDB |
Fix Released
|
Critical
|
Igor Babaev |
Bug Description
mysqld: item_subselect.
111230 16:17:49 [ERROR] mysqld got signal 6 ;
#8 0xb74c2014 in __assert_fail () from /lib/libc.so.6
#9 0x08278924 in Item_subselect:
at item_subselect.
#10 0x0833d204 in setup_fields (thd=0x93ee4a0, ref_pointer_
mark_
#11 0x083a9811 in mysql_update (thd=0x93ee4a0, table_list=
conds=0x0, order_num=0, order=0x0, limit=184467440
ignore=false) at sql_update.cc:317
#12 0x082e58bb in mysql_execute_
#13 0x084cee27 in sp_instr_
at sp_head.cc:2976
#14 0x084ce760 in sp_lex_
nextp=
#15 0x084cec04 in sp_instr_
at sp_head.cc:2919
#16 0x084cb188 in sp_head::execute (this=0x94c4af8, thd=0x93ee4a0) at sp_head.cc:1283
#17 0x084cbb0d in sp_head:
table_
#18 0x084deb58 in Table_triggers_
event=
at sql_trigger.cc:2132
#19 0x083aa9fd in mysql_update (thd=0x93ee4a0, table_list=
conds=0x0, order_num=0, order=0x0, limit=184467440
ignore=false) at sql_update.cc:719
#20 0x082e58bb in mysql_execute_
#21 0x082ee673 in mysql_parse (thd=0x93ee4a0, rawbuf=0x945d4a0 "UPDATE t1 SET a = 2", length=19,
found_
#22 0x082e1076 in dispatch_command (command=COM_QUERY, thd=0x93ee4a0,
packet=
#23 0x082e0520 in do_command (thd=0x93ee4a0) at sql_parse.cc:922
#24 0x082dd4e5 in handle_
#25 0xb7750b25 in start_thread () from /lib/libpthread
#26 0xb757134e in clone () from /lib/libc.so.6
Query (0x94b8ab8): UPDATE article SET amountImage = ( SELECT COUNT(*) FROM picture WHERE articleId = NEW.articleId ) WHERE id = NEW.articleId
Connection ID (thread ID): 2
Status: NOT_KILLED
bzr version-info
revision-id: <email address hidden>
date: 2011-12-28 12:12:48 +0400
build-date: 2011-12-30 16:34:16 +0400
revno: 3371
branch-nick: maria-5.3
Also reproducible on 5.3.2 and 5.3.3 releases (the original crash was reported in winqual for 5.3.2 release)
Could not reproduce on 5.2 and 5.5, but since the test case involves a race condition, it's not a definite sign it doesn't exist there.
On 5.3 release versions it generally requires more rows in the tables to hit the crash. When it happens, it represents with the following stack trace (for 5.3.3):
#3 0x0825ab96 in handle_segfault (sig=11) at mysqld.cc:2838
#4 <signal handler called>
#5 subselect_
#6 0x0820d9cf in Item_subselect:
at item_subselect.
#7 0x082ad2c0 in setup_fields (thd=0x91f63a8, ref_pointer_
mark_
#8 0x08307d8b in mysql_update (thd=0x91f63a8, table_list=
conds=0x0, order_num=0, order=0x0, limit=184467440
ignore=false) at sql_update.cc:317
#9 0x08266e53 in mysql_execute_
#10 0x083e4b01 in sp_instr_
at sp_head.cc:2976
#11 0x083e4dc9 in sp_lex_
nextp=
#12 0x083eb2cc in sp_instr_
at sp_head.cc:2919
#13 0x083e91c7 in sp_head::execute (this=0x92a3e58, thd=0x91f63a8) at sp_head.cc:1283
#14 0x083e9d43 in sp_head:
table_
#15 0x083f399e in Table_triggers_
event=
at sql_trigger.cc:2132
#16 0x08308aaa in mysql_update (thd=0x91f63a8, table_list=
conds=0x0, order_num=0, order=0x0, limit=184467440
ignore=false) at sql_update.cc:717
#17 0x08266e53 in mysql_execute_
#18 0x0826ec45 in mysql_parse (thd=0x91f63a8, rawbuf=0x924b398 "UPDATE t1 SET a = 2", length=19,
found_
#19 0x0826ff3d in dispatch_command (command=COM_QUERY, thd=0x91f63a8,
packet=
#20 0x082709ec in do_command (thd=0x91f63a8) at sql_parse.cc:922
#21 0x0825f8b9 in handle_
#22 0xb77c1b25 in start_thread () from /lib/libpthread
Also, some variations of the test case on release binaries produce this:
#3 0x0825ab96 in handle_segfault (sig=11) at mysqld.cc:2838
#4 <signal handler called>
#5 setup_tables (thd=0x9259890, context=0x929a91c, from_clause=
leaves=..., select_
#6 0x082b3263 in setup_tables_
from_
want_
#7 0x082d4b73 in JOIN::prepare (this=0x929d920, rref_pointer_
wild_num=0, conds_init=0x0, og_num=0, order_init=0x0, group_init=0x0, having_init=0x0,
proc_
#8 0x0820ecc5 in subselect_
#9 0x0820d9cf in Item_subselect:
at item_subselect.
#10 0x082ad2c0 in setup_fields (thd=0x91f6320, ref_pointer_
mark_
#11 0x08307d8b in mysql_update (thd=0x91f6320, table_list=
conds=0x0, order_num=0, order=0x0, limit=184467440
ignore=false) at sql_update.cc:317
#12 0x08266e53 in mysql_execute_
#13 0x083e4b01 in sp_instr_
at sp_head.cc:2976
#14 0x083e4dc9 in sp_lex_
nextp=
#15 0x083eb2cc in sp_instr_
at sp_head.cc:2919
#16 0x083e91c7 in sp_head::execute (this=0x9299760, thd=0x91f6320) at sp_head.cc:1283
#17 0x083e9d43 in sp_head:
table_
#18 0x083f399e in Table_triggers_
event=
at sql_trigger.cc:2132
#19 0x08308aaa in mysql_update (thd=0x91f6320, table_list=
conds=0x0, order_num=0, order=0x0, limit=184467440
ignore=false) at sql_update.cc:717
#20 0x08266e53 in mysql_execute_
#21 0x0826ec45 in mysql_parse (thd=0x91f6320, rawbuf=0x924b400 "UPDATE t1 SET a = 2", length=19,
found_
#22 0x0826ff3d in dispatch_command (command=COM_QUERY, thd=0x91f6320,
packet=
#23 0x082709ec in do_command (thd=0x91f6320) at sql_parse.cc:922
#24 0x0825f8b9 in handle_
#25 0xb77e6b25 in start_thread () from /lib/libpthread
#26 0xb762634e in clone () from /lib/libc.so.6
or this:
#3 0x0825ab96 in handle_segfault (sig=11) at mysqld.cc:2838
#4 <signal handler called>
#5 build_equal_
#6 0x082d450b in build_equal_items (thd=0x925d890, cond=0x92b6e40, inherited=0x0,
join_
#7 0x082d4669 in optimize_cond (join=<value optimized out>, conds=0x1,
join_
at sql_select.cc:12615
#8 0x082e4b32 in JOIN::optimize (this=0x1) at sql_select.cc:1008
#9 0x08187d5f in st_select_
#10 0x08307e04 in mysql_update (thd=0x91f6320, table_list=
conds=
ignore=false) at sql_update.cc:324
#11 0x08266e53 in mysql_execute_
#12 0x083e4b01 in sp_instr_
at sp_head.cc:2976
#13 0x083e4dc9 in sp_lex_
nextp=
#14 0x083eb2cc in sp_instr_
at sp_head.cc:2919
#15 0x083e91c7 in sp_head::execute (this=0x92b50d8, thd=0x91f6320) at sp_head.cc:1283
#16 0x083e9d43 in sp_head:
table_
#17 0x083f399e in Table_triggers_
event=
at sql_trigger.cc:2132
#18 0x08308aaa in mysql_update (thd=0x91f6320, table_list=
conds=0x0, order_num=0, order=0x0, limit=184467440
ignore=false) at sql_update.cc:717
#19 0x08266e53 in mysql_execute_
#20 0x0826ec45 in mysql_parse (thd=0x91f6320,
rawbuf=
found_
#21 0x0826ff3d in dispatch_command (command=COM_QUERY, thd=0x91f6320,
packet=
at sql_parse.cc:1227
#22 0x082709ec in do_command (thd=0x91f6320) at sql_parse.cc:922
#23 0x0825f8b9 in handle_
#24 0xb7688b25 in start_thread () from /lib/libpthread
#25 0xb74c834e in clone () from /lib/libc.so.6
I assume all of them have the same root cause
Changed in maria: | |
importance: | Undecided → Critical |
status: | New → Confirmed |
Changed in maria: | |
assignee: | Timour Katchaounov (timour) → Igor Babaev (igorb-seattle) |
status: | Confirmed → In Progress |
Changed in maria: | |
status: | In Progress → Fix Committed |
Changed in maria: | |
status: | Fix Committed → Fix Released |
Minimal optimizer_switch: materialization=on on,index_ merge_union= on,index_ merge_sort_ union=on, index_merge_ intersection= on,index_ merge_sort_ intersection= off,index_ condition_ pushdown= on,derived_ merge=on, derived_ with_keys= on,firstmatch= on,loosescan= on,materializat ion=on, in_to_exists= on,semijoin= on,partial_ match_rowid_ merge=on, partial_ match_table_ scan=on, subquery_ cache=on, mrr=off, mrr_cost_ based=off, mrr_sort_ keys=off, outer_join_ with_cache= on,semijoin_ with_cache= on,join_ cache_increment al=on,join_ cache_hashed= on,join_ cache_bka= on,optimize_ join_buffer_ size=off, table_eliminati on=on
Full optimizer_switch: index_merge=
# The test case involves a concurrency element,
# so it's not 100% deterministic.
# It fails regularly on current maria-5.3 debug build for me,
# but if you are not getting the failure,
# try to increase the number of rows in the tables, it seems to help.
# With more knowledge about possible problem
# it might be possible to create a deterministic test case with sync points,
# and maybe even get rid of the trigger.
# Test case:
SET optimizer_switch = 'materializatio n=on';
CREATE TABLE t1 ( a INT );
CREATE TABLE t2 ( b INT );
CREATE TRIGGER tr AFTER UPDATE ON t1 FOR EACH ROW
UPDATE t2 SET b = ( SELECT COUNT(a) FROM t1 );
INSERT INTO t1 ,(3),(4) ,(5),(6) ,(7),(8) ,(9);
VALUES (1),(2)
INSERT INTO t2 ,(0),(0) ,(0),(0) ,(0),(0) ,(0);
VALUES (0),(0)
send
UPDATE t1 SET a = 3;
connect( con1,localhost, root,,) ;
SELECT COUNT(*) FROM t1;
disconnect con1;
connection default;
reap;
UPDATE t1 SET a = 2;
# Cleanup
DROP TABLE t1, t2;
# End of test case