[MDEV-22825] Server crashes in Bitmap<64u>::merge / add_key_field with condition_pushdown_for_subquery=on - Jira

XML

Word

Printable

Details

Type: Bug
Status: Confirmed (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: 10.4(EOL), 10.5, 10.6, 10.7(EOL), 10.8(EOL)
Fix Version/s: 10.5, 10.6, 10.11
Component/s: Optimizer
Labels:
None

Description

SET optimizer_switch= 'condition_pushdown_for_subquery=on';

CREATE TABLE t1 (f1 INT);

INSERT INTO t1 VALUES (1),(2);

CREATE TABLE t2 (f2 INT);

INSERT INTO t1 VALUES (3),(4);

SELECT * FROM t1, t2 WHERE f2 IN ( SELECT f1 FROM t1 HAVING f1 = 5 ) AND f1 = 6 AND ( 0 OR f1 = f2 );

# Cleanup

DROP TABLE t1, t2;

10.4 c7a2fb1e
#3 <signal handler called>
#4 0x0000562084daa6f6 in Bitmap<64u>::merge (this=0x190, map2=...) at /data/src/10.4/sql/sql_bitmap.h:341
#5 0x0000562084d6be6a in add_key_field (join=0x7f46040181a8, key_fields=0x7f4616034df8, and_level=0, cond=0x7f4604072d78, field=0x7f460406a8c0, eq_func=true, value=0x7f4616034d18, num_values=1, usable_tables=18446744073709551615, sargables=0x7f4616034f58, row_col_no=0) at /data/src/10.4/sql/sql_select.cc:5933
#6 0x0000562084d6d380 in Item_equal::add_key_fields (this=0x7f4604072d78, join=0x7f46040181a8, key_fields=0x7f4616034df8, and_level=0x7f4616034de8, usable_tables=18446744073709551615, sargables=0x7f4616034f58) at /data/src/10.4/sql/sql_select.cc:6379
#7 0x0000562084d6e744 in update_ref_and_keys (thd=0x7f4604000af0, keyuse=0x7f4604018498, join_tab=0x7f46040730c8, tables=1, cond=0x7f4604072d78, normal_tables=18446744073709551615, select_lex=0x7f4604014788, sargables=0x7f4616034f58) at /data/src/10.4/sql/sql_select.cc:6807
#8 0x0000562084d68de6 in make_join_statistics (join=0x7f46040181a8, tables_list=..., keyuse_array=0x7f4604018498) at /data/src/10.4/sql/sql_select.cc:5063
#9 0x0000562084d5ed4c in JOIN::optimize_inner (this=0x7f46040181a8) at /data/src/10.4/sql/sql_select.cc:2260
#10 0x0000562084d5c68c in JOIN::optimize (this=0x7f46040181a8) at /data/src/10.4/sql/sql_select.cc:1607
#11 0x000056208514a3b9 in Item_in_subselect::optimize (this=0x7f4604016010, out_rows=0x7f4616035388, cost=0x7f4616035390) at /data/src/10.4/sql/item_subselect.cc:784
#12 0x0000562084f03653 in setup_jtbm_semi_joins (join=0x7f4604017790, join_list=0x7f4604013488, eq_list=...) at /data/src/10.4/sql/opt_subselect.cc:6254
#13 0x0000562084d5e174 in JOIN::optimize_inner (this=0x7f4604017790) at /data/src/10.4/sql/sql_select.cc:2054
#14 0x0000562084d5c68c in JOIN::optimize (this=0x7f4604017790) at /data/src/10.4/sql/sql_select.cc:1607
#15 0x0000562084d67b34 in mysql_select (thd=0x7f4604000af0, tables=0x7f4604013888, wild_num=1, fields=..., conds=0x7f4604016660, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7f4604017768, unit=0x7f4604004a18, select_lex=0x7f46040132c8) at /data/src/10.4/sql/sql_select.cc:4670
#16 0x0000562084d576b0 in handle_select (thd=0x7f4604000af0, lex=0x7f4604004958, result=0x7f4604017768, setup_tables_done_option=0) at /data/src/10.4/sql/sql_select.cc:422
#17 0x0000562084d1e1da in execute_sqlcom_select (thd=0x7f4604000af0, all_tables=0x7f4604013888) at /data/src/10.4/sql/sql_parse.cc:6360
#18 0x0000562084d14867 in mysql_execute_command (thd=0x7f4604000af0) at /data/src/10.4/sql/sql_parse.cc:3898
#19 0x0000562084d22187 in mysql_parse (thd=0x7f4604000af0, rawbuf=0x7f4604013198 "SELECT * FROM t1, t2 WHERE f2 IN ( SELECT f1 FROM t1 HAVING f1 = 5 ) AND f1 = 6 AND ( 0 OR f1 = f2 )", length=100, parser_state=0x7f4616036570, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:7901
#20 0x0000562084d0e711 in dispatch_command (command=COM_QUERY, thd=0x7f4604000af0, packet=0x7f46040083a1 "SELECT * FROM t1, t2 WHERE f2 IN ( SELECT f1 FROM t1 HAVING f1 = 5 ) AND f1 = 6 AND ( 0 OR f1 = f2 )", packet_length=100, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:1842
#21 0x0000562084d0ceb3 in do_command (thd=0x7f4604000af0) at /data/src/10.4/sql/sql_parse.cc:1360
#22 0x0000562084e959b0 in do_handle_one_connection (connect=0x562087568cf0) at /data/src/10.4/sql/sql_connect.cc:1412
#23 0x0000562084e956ff in handle_one_connection (arg=0x562087568cf0) at /data/src/10.4/sql/sql_connect.cc:1316
#24 0x0000562085893b75 in pfs_spawn_thread (arg=0x562087584870) at /data/src/10.4/storage/perfschema/pfs.cc:1869
#25 0x00007f461de154a4 in start_thread (arg=0x7f4616037700) at pthread_create.c:456
#26 0x00007f461bf49d0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97

Reproducible on 10.4, 10.5, release- and debug builds alike, with at least MyISAM, InnoDB, Aria.

EXPLAIN also crashes.

The failure appeared in 10.4 tree after this commit:

commit 1c97cd339e9513b152727f386573c8c048db0281

Author: Igor Babaev

Date:   Fri Jan 3 11:15:00 2020 -0800

    MDEV-21184 Assertion `used_tables_cache == 0' failed in Item_func::fix_fields

               with condition_pushdown_from_having

Attachments

Issue Links

relates to

MDEV-28509 Server crash via Item_func_ne::add_key_fields in /sql/sql_bitmap.h:196, member access within null pointer of type 'struct JOIN_TAB' in add_key_field

In Review

MDEV-29017 SIGSEGV in Bitmap<64u>::merge on SELECT

Confirmed

MDEV-32085 Server crash in add_key_field

Closed

Activity

People

Assignee:: Igor Babaev

Reporter:: Elena Stepanova

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2020-06-07 16:19

Updated:: 2024-09-10 15:34

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.