Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-21102

Server crashes in JOIN_CACHE::write_record_data upon EXPLAIN with subqueries and constant tables

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 10.1, 10.2, 10.3, 10.4
    • Fix Version/s: 10.1, 10.2, 10.3, 10.4
    • Component/s: Optimizer
    • Labels:
      None

      Description

      CREATE TABLE t1 (a int, b int) ENGINE=MyISAM;
       
      CREATE TABLE t2 (c int, d int) ENGINE=MyISAM;
      INSERT INTO t2 VALUES (1,10);
       
      CREATE TABLE t3 (e int, key (e)) ENGINE=MyISAM;
      INSERT INTO t3 VALUES (2),(3);
       
      EXPLAIN
      SELECT * FROM t1
      WHERE a > b OR a IN (
          SELECT c FROM t2 WHERE EXISTS (
              SELECT * FROM t3 t3a JOIN t3 t3b WHERE t3a.e < d
          )
      );
      

      10.4 589a1235

      #3  <signal handler called>
      #4  __memmove_avx_unaligned_erms () at ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:268
      #5  0x00005601ae862f52 in JOIN_CACHE::write_record_data (this=0x7f82bc19d010, link=0x0, is_full=0x7f82d8093347) at /data/src/10.4/sql/sql_join_cache.cc:1361
      #6  0x00005601ae863ce2 in JOIN_CACHE::put_record (this=0x7f82bc19d010) at /data/src/10.4/sql/sql_join_cache.cc:1568
      #7  0x00005601ae714331 in sub_select_cache (join=0x7f82bc07b9b8, join_tab=0x7f82bc19c6f0, end_of_records=false) at /data/src/10.4/sql/sql_select.cc:19978
      #8  0x00005601ae714dea in evaluate_join_record (join=0x7f82bc07b9b8, join_tab=0x7f82bc19c348, error=0) at /data/src/10.4/sql/sql_select.cc:20407
      #9  0x00005601ae7146d0 in sub_select (join=0x7f82bc07b9b8, join_tab=0x7f82bc19c348, end_of_records=false) at /data/src/10.4/sql/sql_select.cc:20187
      #10 0x00005601ae713b5f in do_select (join=0x7f82bc07b9b8, procedure=0x0) at /data/src/10.4/sql/sql_select.cc:19725
      #11 0x00005601ae6e8d69 in JOIN::exec_inner (this=0x7f82bc07b9b8) at /data/src/10.4/sql/sql_select.cc:4386
      #12 0x00005601ae6e7ea6 in JOIN::exec (this=0x7f82bc07b9b8) at /data/src/10.4/sql/sql_select.cc:4168
      #13 0x00005601aeadd632 in subselect_single_select_engine::exec (this=0x7f82bc017a40) at /data/src/10.4/sql/item_subselect.cc:3935
      #14 0x00005601aead08fd in Item_subselect::exec (this=0x7f82bc0178a0) at /data/src/10.4/sql/item_subselect.cc:746
      #15 0x00005601aead3cb1 in Item_exists_subselect::val_int (this=0x7f82bc0178a0) at /data/src/10.4/sql/item_subselect.cc:1652
      #16 0x00005601aea3d0ee in Item_in_optimizer::val_int (this=0x7f82bc07c160) at /data/src/10.4/sql/item_cmpfunc.cc:1561
      #17 0x00005601ae8b3113 in Type_handler_int_result::Item_val_bool (this=0x5601afe30b70 <type_handler_bool>, item=0x7f82bc07c160) at /data/src/10.4/sql/sql_type.cc:4416
      #18 0x00005601ae57294e in Item::val_bool (this=0x7f82bc07c160) at /data/src/10.4/sql/item.h:1458
      #19 0x00005601ae72d869 in Item::eval_const_cond (this=0x7f82bc07c160) at /data/src/10.4/sql/item.h:1466
      #20 0x00005601aea492aa in Item_cond::eval_not_null_tables (this=0x7f82bc199848, opt_arg=0x0) at /data/src/10.4/sql/item_cmpfunc.cc:4914
      #21 0x00005601ae604003 in Item_func_or_sum::walk (this=0x7f82bc199848, processor=&virtual table offset 976, walk_subquery=false, arg=0x0) at /data/src/10.4/sql/item.h:5095
      #22 0x00005601aea49597 in Item_cond::walk (this=0x7f82bc199848, processor=&virtual table offset 976, walk_subquery=false, arg=0x0) at /data/src/10.4/sql/item_cmpfunc.cc:4986
      #23 0x00005601ae663835 in st_select_lex::update_used_tables (this=0x7f82bc0144b0) at /data/src/10.4/sql/sql_lex.cc:4586
      #24 0x00005601ae662b12 in st_select_lex::optimize_unflattened_subqueries (this=0x7f82bc0132a8, const_only=false) at /data/src/10.4/sql/sql_lex.cc:4189
      #25 0x00005601ae88206e in JOIN::optimize_unflattened_subqueries (this=0x7f82bc07a908) at /data/src/10.4/sql/opt_subselect.cc:5512
      #26 0x00005601ae6e324f in JOIN::optimize_stage2 (this=0x7f82bc07a908) at /data/src/10.4/sql/sql_select.cc:2962
      #27 0x00005601ae6e08b0 in JOIN::optimize_inner (this=0x7f82bc07a908) at /data/src/10.4/sql/sql_select.cc:2214
      #28 0x00005601ae6de3a2 in JOIN::optimize (this=0x7f82bc07a908) at /data/src/10.4/sql/sql_select.cc:1557
      #29 0x00005601ae6e9522 in mysql_select (thd=0x7f82bc000af0, tables=0x7f82bc013868, wild_num=1, fields=..., conds=0x7f82bc0184d8, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748612, result=0x7f82bc018fa0, unit=0x7f82bc004a20, select_lex=0x7f82bc0132a8) at /data/src/10.4/sql/sql_select.cc:4586
      #30 0x00005601ae726761 in mysql_explain_union (thd=0x7f82bc000af0, unit=0x7f82bc004a20, result=0x7f82bc018fa0) at /data/src/10.4/sql/sql_select.cc:26763
      #31 0x00005601ae69f872 in execute_sqlcom_select (thd=0x7f82bc000af0, all_tables=0x7f82bc013868) at /data/src/10.4/sql/sql_parse.cc:6296
      #32 0x00005601ae695389 in mysql_execute_command (thd=0x7f82bc000af0) at /data/src/10.4/sql/sql_parse.cc:3899
      #33 0x00005601ae6a3daf in mysql_parse (thd=0x7f82bc000af0, rawbuf=0x7f82bc013138 "EXPLAIN\nSELECT * FROM t1\nWHERE a > b OR a IN (\nSELECT c FROM t2 WHERE EXISTS (\nSELECT * FROM t3 t3a JOIN t3 t3b WHERE t3a.e < d\n)\n)", length=131, parser_state=0x7f82d8095170, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:7898
      #34 0x00005601ae68ef8c in dispatch_command (command=COM_QUERY, thd=0x7f82bc000af0, packet=0x7f82bc008341 "", packet_length=131, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:1842
      #35 0x00005601ae68d619 in do_command (thd=0x7f82bc000af0) at /data/src/10.4/sql/sql_parse.cc:1360
      #36 0x00005601ae8158d1 in do_handle_one_connection (connect=0x5601b0e1fed0) at /data/src/10.4/sql/sql_connect.cc:1412
      #37 0x00005601ae815620 in handle_one_connection (arg=0x5601b0e1fed0) at /data/src/10.4/sql/sql_connect.cc:1316
      #38 0x00005601af217137 in pfs_spawn_thread (arg=0x5601b0d44730) at /data/src/10.4/storage/perfschema/pfs.cc:1862
      #39 0x00007f82dea934a4 in start_thread (arg=0x7f82d8096700) at pthread_create.c:456
      #40 0x00007f82dcfdad0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97
      

      All of debug, non-debug and ASAN builds crash the same way.
      Reproducible on 10.1-10.5. Not reproducible on 5.5.
      Couldn't reproduce with non-constant tables.
      The query itself doesn't crash.

        Attachments

          Activity

            People

            Assignee:
            igor Igor Babaev
            Reporter:
            elenst Elena Stepanova
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: