Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-16104

Server crash in JOIN::fix_all_splittings_in_plan upon select with view and subqueries

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • 10.3
    • 10.3.7
    • Optimizer
    • None

    Description

      Note: if it doesn't crash, try ASAN.

      --source include/have_innodb.inc
      		 
       
      		 
      CREATE TABLE t (f INT PRIMARY KEY) ENGINE=InnoDB;
      		 
      CREATE ALGORITHM=MERGE VIEW v AS SELECT a2.* FROM ( SELECT f, COUNT(*) as c FROM t GROUP BY f ) AS a1 JOIN t AS a2 USING (f);
      		 
      SELECT * FROM ( SELECT STRAIGHT_JOIN  f, COUNT(*) as c FROM v GROUP BY f ) AS s;
      		 
       
      		 
      # Cleanup
      		 
      DROP VIEW v;
      		 
      DROP TABLE t;

      10.3 a22a339f8e04

      		 
      #3  <signal handler called>
      		 
      #4  0x000055dfee65ff95 in JOIN::fix_all_splittings_in_plan (this=0x7fbf80173a08) at /data/src/10.3/sql/opt_split.cc:1136
      		 
      #5  0x000055dfee4b59c3 in JOIN::get_best_combination (this=0x7fbf80173a08) at /data/src/10.3/sql/sql_select.cc:9373
      		 
      #6  0x000055dfee49fa2b in JOIN::optimize_stage2 (this=0x7fbf80173a08) at /data/src/10.3/sql/sql_select.cc:1882
      		 
      #7  0x000055dfee49e0d7 in JOIN::optimize (this=0x7fbf80173a08) at /data/src/10.3/sql/sql_select.cc:1424
      		 
      #8  0x000055dfee413fc5 in mysql_derived_optimize (thd=0x7fbf80000b00, lex=0x7fbf80004890, derived=0x7fbf80171b28) at /data/src/10.3/sql/sql_derived.cc:938
      		 
      #9  0x000055dfee412535 in mysql_handle_single_derived (lex=0x7fbf80004890, derived=0x7fbf80171b28, phases=4) at /data/src/10.3/sql/sql_derived.cc:197
      		 
      #10 0x000055dfee577dae in TABLE_LIST::handle_derived (this=0x7fbf80171b28, lex=0x7fbf80004890, phases=4) at /data/src/10.3/sql/table.cc:8020
      		 
      #11 0x000055dfee435800 in st_select_lex::handle_derived (this=0x7fbf800177e0, lex=0x7fbf80004890, phases=4) at /data/src/10.3/sql/sql_lex.cc:4092
      		 
      #12 0x000055dfee577d6f in TABLE_LIST::handle_derived (this=0x7fbf80015e70, lex=0x7fbf80004890, phases=4) at /data/src/10.3/sql/table.cc:8017
      		 
      #13 0x000055dfee435800 in st_select_lex::handle_derived (this=0x7fbf80014f98, lex=0x7fbf80004890, phases=4) at /data/src/10.3/sql/sql_lex.cc:4092
      		 
      #14 0x000055dfee577d6f in TABLE_LIST::handle_derived (this=0x7fbf80016688, lex=0x7fbf80004890, phases=4) at /data/src/10.3/sql/table.cc:8017
      		 
      #15 0x000055dfee435800 in st_select_lex::handle_derived (this=0x7fbf800050d0, lex=0x7fbf80004890, phases=4) at /data/src/10.3/sql/sql_lex.cc:4092
      		 
      #16 0x000055dfee49fa70 in JOIN::optimize_stage2 (this=0x7fbf801733b8) at /data/src/10.3/sql/sql_select.cc:1885
      		 
      #17 0x000055dfee49f93c in JOIN::optimize_inner (this=0x7fbf801733b8) at /data/src/10.3/sql/sql_select.cc:1861
      		 
      #18 0x000055dfee49e10b in JOIN::optimize (this=0x7fbf801733b8) at /data/src/10.3/sql/sql_select.cc:1431
      		 
      #19 0x000055dfee4a7896 in mysql_select (thd=0x7fbf80000b00, tables=0x7fbf80016688, wild_num=1, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7fbf8001ad20, unit=0x7fbf80004958, select_lex=0x7fbf800050d0) at /data/src/10.3/sql/sql_select.cc:4140
      		 
      #20 0x000055dfee499e52 in handle_select (thd=0x7fbf80000b00, lex=0x7fbf80004890, result=0x7fbf8001ad20, setup_tables_done_option=0) at /data/src/10.3/sql/sql_select.cc:382
      		 
      #21 0x000055dfee4650bd in execute_sqlcom_select (thd=0x7fbf80000b00, all_tables=0x7fbf80016688) at /data/src/10.3/sql/sql_parse.cc:6539
      		 
      #22 0x000055dfee45b81e in mysql_execute_command (thd=0x7fbf80000b00) at /data/src/10.3/sql/sql_parse.cc:3768
      		 
      #23 0x000055dfee468ace in mysql_parse (thd=0x7fbf80000b00, rawbuf=0x7fbf80014d68 "SELECT * FROM ( SELECT STRAIGHT_JOIN  f, COUNT(*) as c FROM v GROUP BY f ) AS s", length=79, parser_state=0x7fbfd4b895d0, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:8001
      		 
      #24 0x000055dfee4562b1 in dispatch_command (command=COM_QUERY, thd=0x7fbf80000b00, packet=0x7fbf80125fd1 "SELECT * FROM ( SELECT STRAIGHT_JOIN  f, COUNT(*) as c FROM v GROUP BY f ) AS s", packet_length=79, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:1846
      		 
      #25 0x000055dfee454cf0 in do_command (thd=0x7fbf80000b00) at /data/src/10.3/sql/sql_parse.cc:1391
      		 
      #26 0x000055dfee5b7ba5 in do_handle_one_connection (connect=0x55dff0c6d1f0) at /data/src/10.3/sql/sql_connect.cc:1402
      		 
      #27 0x000055dfee5b7932 in handle_one_connection (arg=0x55dff0c6d1f0) at /data/src/10.3/sql/sql_connect.cc:1308
      		 
      #28 0x000055dfeea3ba99 in pfs_spawn_thread (arg=0x55dff0c75670) at /data/src/10.3/storage/perfschema/pfs.cc:1862
      		 
      #29 0x00007fbfdd51a494 in start_thread (arg=0x7fbfd4b8a700) at pthread_create.c:333
      		 
      #30 0x00007fbfdb90093f in clone () from /lib/x86_64-linux-gnu/libc.so.6

      10.3 ASAN a22a339f8e0

      		 
      ASAN:SIGSEGV
      		 
      =================================================================
      		 
      ==19736==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x55d2f8a63002 sp 0x7f5c029fff50 bp 0x7f5c029fff90 T27)
      		 
          #0 0x55d2f8a63001 in JOIN::fix_all_splittings_in_plan() /data/src/10.3/sql/opt_split.cc:1136
      		 
          #1 0x55d2f866fe37 in JOIN::get_best_combination() /data/src/10.3/sql/sql_select.cc:9373
      		 
          #2 0x55d2f86372c2 in JOIN::optimize_stage2() /data/src/10.3/sql/sql_select.cc:1882
      		 
          #3 0x55d2f8632fe7 in JOIN::optimize() /data/src/10.3/sql/sql_select.cc:1424
      		 
          #4 0x55d2f84ee696 in mysql_derived_optimize(THD*, LEX*, TABLE_LIST*) /data/src/10.3/sql/sql_derived.cc:938
      		 
          #5 0x55d2f84ea450 in mysql_handle_single_derived(LEX*, TABLE_LIST*, unsigned int) /data/src/10.3/sql/sql_derived.cc:197
      		 
          #6 0x55d2f885e6c2 in TABLE_LIST::handle_derived(LEX*, unsigned int) /data/src/10.3/sql/table.cc:8020
      		 
          #7 0x55d2f854706e in st_select_lex::handle_derived(LEX*, unsigned int) /data/src/10.3/sql/sql_lex.cc:4092
      		 
          #8 0x55d2f885e66f in TABLE_LIST::handle_derived(LEX*, unsigned int) /data/src/10.3/sql/table.cc:8017
      		 
          #9 0x55d2f854706e in st_select_lex::handle_derived(LEX*, unsigned int) /data/src/10.3/sql/sql_lex.cc:4092
      		 
          #10 0x55d2f885e66f in TABLE_LIST::handle_derived(LEX*, unsigned int) /data/src/10.3/sql/table.cc:8017
      		 
          #11 0x55d2f854706e in st_select_lex::handle_derived(LEX*, unsigned int) /data/src/10.3/sql/sql_lex.cc:4092
      		 
          #12 0x55d2f863737d in JOIN::optimize_stage2() /data/src/10.3/sql/sql_select.cc:1885
      		 
          #13 0x55d2f8637040 in JOIN::optimize_inner() /data/src/10.3/sql/sql_select.cc:1861
      		 
          #14 0x55d2f863309b in JOIN::optimize() /data/src/10.3/sql/sql_select.cc:1431
      		 
          #15 0x55d2f864d011 in mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/10.3/sql/sql_select.cc:4140
      		 
          #16 0x55d2f862870b in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.3/sql/sql_select.cc:382
      		 
          #17 0x55d2f85ab02a in execute_sqlcom_select /data/src/10.3/sql/sql_parse.cc:6539
      		 
          #18 0x55d2f85994a0 in mysql_execute_command(THD*) /data/src/10.3/sql/sql_parse.cc:3768
      		 
          #19 0x55d2f85b35b8 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.3/sql/sql_parse.cc:8001
      		 
          #20 0x55d2f858de5e in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.3/sql/sql_parse.cc:1846
      		 
          #21 0x55d2f858aef5 in do_command(THD*) /data/src/10.3/sql/sql_parse.cc:1391
      		 
          #22 0x55d2f88f3c68 in do_handle_one_connection(CONNECT*) /data/src/10.3/sql/sql_connect.cc:1402
      		 
          #23 0x55d2f88f367d in handle_one_connection /data/src/10.3/sql/sql_connect.cc:1308
      		 
          #24 0x55d2f93f83db in pfs_spawn_thread /data/src/10.3/storage/perfschema/pfs.cc:1862
      		 
          #25 0x7f5c0e324493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
      		 
          #26 0x7f5c0c70a93e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e)
      		 
       
      		 
      AddressSanitizer can not provide additional info.
      		 
      SUMMARY: AddressSanitizer: SEGV /data/src/10.3/sql/opt_split.cc:1136 JOIN::fix_all_splittings_in_plan()
      		 
      Thread T27 created by T0 here:
      		 
          #0 0x7f5c0e55dbba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)
      		 
          #1 0x55d2f93f89a3 in spawn_thread_v1 /data/src/10.3/storage/perfschema/pfs.cc:1912
      		 
          #2 0x55d2f82fc96e in inline_mysql_thread_create /data/src/10.3/include/mysql/psi/mysql_thread.h:1268
      		 
          #3 0x55d2f8312693 in create_thread_to_handle_connection(CONNECT*) /data/src/10.3/sql/mysqld.cc:6554
      		 
          #4 0x55d2f8312d98 in create_new_thread /data/src/10.3/sql/mysqld.cc:6624
      		 
          #5 0x55d2f8313da9 in handle_connections_sockets() /data/src/10.3/sql/mysqld.cc:6899
      		 
          #6 0x55d2f8311b50 in mysqld_main(int, char**) /data/src/10.3/sql/mysqld.cc:6176
      		 
          #7 0x55d2f82fad0f in main /data/src/10.3/sql/main.cc:25
      		 
          #8 0x7f5c0c6422b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
      		 
       
      		 
      ==19736==ABORTING

      Attachments

        Activity

          People

            igor Igor Babaev
            elenst Elena Stepanova
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.