[MDEV-25013] SIGSEGV in best_extension_by_limited_search | SIGSEGV in restore_prev_nj_state - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Duplicate
Affects Version/s: 10.4(EOL), 10.5, 10.6
Fix Version/s: 10.2.40, 10.3.31, 10.4.21, 10.5.12, 10.6.4
Component/s: Optimizer
Labels:
- regression

Description

SET join_cache_level=3;

CREATE TABLE t1 (TEXT1 TEXT,TEXT2 TEXT,TEXT3 TEXT,TEXT4 TEXT,TEXT5 TEXT,TEXT6 TEXT,TEXT7 TEXT,TEXT8 TEXT,TEXT9 TEXT,TEXT10 TEXT,TEXT11 TEXT,TEXT12 TEXT,TEXT13 TEXT,TEXT14 TEXT,TEXT15 TEXT,TEXT16 TEXT,TEXT17 TEXT,TEXT18 TEXT,TEXT19 TEXT,TEXT20 TEXT,TEXT21 TEXT,TEXT22 TEXT,TEXT23 TEXT,TEXT24 TEXT,TEXT25 TEXT,TEXT26 TEXT,TEXT27 TEXT,TEXT28 TEXT,TEXT29 TEXT,TEXT30 TEXT,TEXT31 TEXT,TEXT32 TEXT,TEXT33 TEXT,TEXT34 TEXT,TEXT35 TEXT,TEXT36 TEXT,TEXT37 TEXT,TEXT38 TEXT,TEXT39 TEXT,TEXT40 TEXT,TEXT41 TEXT,TEXT42 TEXT,TEXT43 TEXT,TEXT44 TEXT,TEXT45 TEXT,TEXT46 TEXT,TEXT47 TEXT,TEXT48 TEXT,TEXT49 TEXT,TEXT50 TEXT) ENGINE=InnoDB;

EXPLAIN SELECT 1 FROM t1 NATURAL JOIN t1 AS t2;

Leads to:

10.6.0 27d66d644cf2ebe9201e0362f2050036cce2908a (Debug)
Core was generated by `/test/MD260221-mariadb-10.6.0-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=11)
at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
[Current thread is 1 (Thread 0x151280136700 (LWP 2415085))]
(gdb) bt
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=11) at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
#1 0x0000561d945dcab8 in my_write_core (sig=sig@entry=11) at /test/10.6_dbg/mysys/stacktrace.c:424
#2 0x0000561d93d71317 in handle_fatal_signal (sig=11) at /test/10.6_dbg/sql/signal_handler.cc:331
#3 <signal handler called>
#4 0x0000561d93af3c7b in best_extension_by_limited_search (join=0x15122c010001, join@entry=0x15122c016788, remaining_tables=remaining_tables@entry=2, idx=idx@entry=1, record_count=record_count@entry=1, read_time=1.2, search_depth=search_depth@entry=61, prune_level=prune_level@entry=1, use_cond_selectivity=use_cond_selectivity@entry=4) at /test/10.6_dbg/sql/sql_select.cc:9692
#5 0x0000561d93af4032 in best_extension_by_limited_search (join=join@entry=0x15122c016788, remaining_tables=remaining_tables@entry=3, idx=idx@entry=0, record_count=record_count@entry=1, read_time=read_time@entry=0, search_depth=search_depth@entry=62, prune_level=prune_level@entry=1, use_cond_selectivity=use_cond_selectivity@entry=4) at /test/10.6_dbg/sql/sql_select.cc:9703
#6 0x0000561d93af52c9 in greedy_search (use_cond_selectivity=<optimized out>, prune_level=<optimized out>, search_depth=62, remaining_tables=3, join=0x15122c016788) at /test/10.6_dbg/sql/sql_select.cc:8820
#7 choose_plan (join=join@entry=0x15122c016788, join_tables=<optimized out>) at /test/10.6_dbg/sql/sql_select.cc:8385
#8 0x0000561d93b25111 in make_join_statistics (join=join@entry=0x15122c016788, tables_list=@0x15122c013e58: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x15122c016d00, last = 0x15122c016d10, elements = 2}, <No data fields>}, keyuse_array=keyuse_array@entry=0x15122c016a78) at /test/10.6_dbg/sql/sql_select.cc:5622
#9 0x0000561d93b2bfeb in JOIN::optimize_inner (this=this@entry=0x15122c016788) at /test/10.6_dbg/sql/sql_select.cc:2256
#10 0x0000561d93b2c2b6 in JOIN::optimize (this=this@entry=0x15122c016788) at /test/10.6_dbg/sql/sql_select.cc:1628
#11 0x0000561d93b2cc07 in mysql_select (thd=thd@entry=0x15122c000db8, tables=0x15122c014168, fields=@0x15122c013d68: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x15122c014120, last = 0x15122c014120, elements = 1}, <No data fields>}, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748612, result=0x15122c016068, unit=0x15122c004f88, select_lex=0x15122c013c18) at /test/10.6_dbg/sql/sql_select.cc:4716
#12 0x0000561d93b2d227 in mysql_explain_union (thd=thd@entry=0x15122c000db8, unit=unit@entry=0x15122c004f88, result=result@entry=0x15122c016068) at /test/10.6_dbg/sql/sql_select.cc:27263
#13 0x0000561d93a9f7fc in execute_sqlcom_select (thd=thd@entry=0x15122c000db8, all_tables=0x15122c014168) at /test/10.6_dbg/sql/sql_parse.cc:6143
#14 0x0000561d93aac791 in mysql_execute_command (thd=thd@entry=0x15122c000db8) at /test/10.6_dbg/sql/sql_parse.cc:3900
#15 0x0000561d93a98cdc in mysql_parse (thd=thd@entry=0x15122c000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x1512801353d0) at /test/10.6_dbg/sql/sql_parse.cc:7972
#16 0x0000561d93aa6b3b in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x15122c000db8, packet=packet@entry=0x15122c00b319 "", packet_length=packet_length@entry=46, blocking=blocking@entry=true) at /test/10.6_dbg/sql/sql_class.h:1295
#17 0x0000561d93aa9fbe in do_command (thd=0x15122c000db8, blocking=blocking@entry=true) at /test/10.6_dbg/sql/sql_parse.cc:1397
#18 0x0000561d93c05c2e in do_handle_one_connection (connect=<optimized out>, connect@entry=0x561d967bc1b8, put_in_cache=put_in_cache@entry=true) at /test/10.6_dbg/sql/sql_connect.cc:1410
#19 0x0000561d93c06331 in handle_one_connection (arg=arg@entry=0x561d967bc1b8) at /test/10.6_dbg/sql/sql_connect.cc:1312
#20 0x0000561d940ba9b9 in pfs_spawn_thread (arg=0x561d966edc98) at /test/10.6_dbg/storage/perfschema/pfs.cc:2201
#21 0x00001512816a7609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#22 0x0000151281296293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Bug confirmed present in:
MariaDB: 10.4.19 (dbg), 10.4.19 (opt), 10.5.10 (dbg), 10.5.10 (opt), 10.6.0 (dbg), 10.6.0 (opt)

Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.2.38 (dbg), 10.2.38 (opt), 10.3.29 (dbg), 10.3.29 (opt)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.29 (dbg), 5.7.30 (dbg), 5.7.33 (dbg), 5.7.33 (opt), 8.0.23 (dbg), 8.0.23 (opt)

Exactly 38 or more of the text fields are required. Having 37 does not crash anymore.

Attachments

Issue Links

relates to

MDEV-23937 SIGSEGV in looped best_extension_by_limited_search from greedy_search on NATURAL JOIN | SIGSEGV in restore_prev_nj_state

Closed

MDEV-17783 AddressSanitizer: stack-buffer-overflow in table_cond_selectivity with optimizer_use_condition_selectivity > 1, join_cache_level >2

Closed

Activity

Ascending order - Click to sort in descending order

Roel Van de Paar added a comment - 2021-06-21 14:28 - edited

Slightly different stack with this testcase:

# mysqld options required for replay:  --innodb_strict_mode=OFF

SET join_cache_level=6;

CREATE TABLE t1 (c01 CHAR(200), c02 CHAR(200), c03 CHAR(200), c04 CHAR(200), c05 CHAR(200), c06 CHAR(200), c07 CHAR(200), c08 CHAR(200), c09 CHAR(200), c10 CHAR(200), c11 CHAR(200), c12 CHAR(200), c13 CHAR(200), c14 CHAR(200), c15 CHAR(200), c16 CHAR(200), c17 CHAR(200), c18 CHAR(200), c19 CHAR(200), c20 CHAR(200), c21 CHAR(200), c22 CHAR(200), c23 CHAR(200), c24 CHAR(200), c25 CHAR(200), c26 CHAR(200), c27 CHAR(200), c28 CHAR(200), c29 CHAR(200), c30 CHAR(200), c31 CHAR(200), c32 CHAR(200), c33 CHAR(200), c34 CHAR(200), c35 CHAR(200), c36 CHAR(200), c37 CHAR(200), c38 CHAR(200), c39 CHAR(200), c40 CHAR(157)) ENGINE=InnoDB ROW_FORMAT=COMPRESSED;

CREATE TEMPORARY TABLE t3 LIKE t1;

SET optimizer_search_depth=1;

CREATE TABLE t4 (c1 INT NULL) ENGINE=InnoDB;

CREATE TABLE t2 (a INT NOT NULL, b INT, c INT, KEY(b), KEY(c), KEY(a)) ENGINE=InnoDB;

SELECT * FROM (t1 NATURAL JOIN t2) NATURAL LEFT JOIN (t3 NATURAL JOIN t4);

Leads to:

10.6.2 6c39eaeb126328e7813b146ecf652d51e4508981 (Optimized)
Core was generated by `/test/MD120621-mariadb-10.6.2-linux-x86_64-opt/bin/mysqld --no-defaults --core-'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 best_extension_by_limited_search (join=0x152f8c014bb8,
remaining_tables=12, idx=2, record_count=1, read_time=2.3999999999999999,
search_depth=1, prune_level=1, use_cond_selectivity=4)
at /test/10.6_opt/sql/sql_select.cc:9846
[Current thread is 1 (Thread 0x152fd4b28700 (LWP 2458123))]
(gdb) bt
#0 best_extension_by_limited_search (join=0x152f8c014bb8, remaining_tables=12, idx=2, record_count=1, read_time=2.3999999999999999, search_depth=1, prune_level=1, use_cond_selectivity=4) at /test/10.6_opt/sql/sql_select.cc:9846
#1 0x000055937caec5dc in greedy_search (use_cond_selectivity=<optimized out>, prune_level=<optimized out>, search_depth=1, remaining_tables=12, join=0x152f8c014bb8) at /test/10.6_opt/sql/sql_select.cc:9070
#2 choose_plan (join=0x152f8c014bb8, join_tables=<optimized out>) at /test/10.6_opt/sql/sql_select.cc:8635
#3 0x000055937cb18a8c in make_join_statistics (keyuse_array=0x152f8c014ed8, tables_list=@0x152f8c010b58: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x152f8c015160, last = 0x152f8c015190, elements = 4}, <No data fields>}, join=0x152f8c014bb8) at /test/10.6_opt/sql/sql_select.cc:5875
#4 JOIN::optimize_inner (this=0x152f8c014bb8) at /test/10.6_opt/sql/sql_select.cc:2451
#5 0x000055937cb18f93 in JOIN::optimize (this=this@entry=0x152f8c014bb8) at /test/10.6_opt/sql/sql_select.cc:1807
#6 0x000055937cb19057 in mysql_select (thd=0x152f8c000c58, tables=0x152f8c010f18, fields=<optimized out>, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x152f8c014b90, unit=0x152f8c004e10, select_lex=0x152f8c010940) at /test/10.6_opt/sql/sql_select.cc:4968
#7 0x000055937cb19877 in handle_select (thd=thd@entry=0x152f8c000c58, lex=lex@entry=0x152f8c004d48, result=result@entry=0x152f8c014b90, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.6_opt/sql/sql_select.cc:544
#8 0x000055937caaa3f1 in execute_sqlcom_select (thd=0x152f8c000c58, all_tables=0x152f8c010f18) at /test/10.6_opt/sql/sql_parse.cc:6242
#9 0x000055937cab8126 in mysql_execute_command (thd=0x152f8c000c58) at /test/10.6_opt/sql/sql_parse.cc:3937
#10 0x000055937caa53f4 in mysql_parse (thd=0x152f8c000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/10.6_opt/sql/sql_parse.cc:8016
#11 0x000055937cab1295 in dispatch_command (command=COM_QUERY, thd=0x152f8c000c58, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/10.6_opt/sql/sql_class.h:1340
#12 0x000055937cab31f7 in do_command (thd=0x152f8c000c58, blocking=blocking@entry=true) at /test/10.6_opt/sql/sql_parse.cc:1406
#13 0x000055937cbc1057 in do_handle_one_connection (connect=<optimized out>, put_in_cache=true) at /test/10.6_opt/sql/sql_connect.cc:1410
#14 0x000055937cbc13bd in handle_one_connection (arg=arg@entry=0x55937f7bcf48) at /test/10.6_opt/sql/sql_connect.cc:1312
#15 0x000055937cf4a8f8 in pfs_spawn_thread (arg=0x55937f76b8e8) at /test/10.6_opt/storage/perfschema/pfs.cc:2201
#16 0x0000152fde461609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#17 0x0000152fde050293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

And on debug:

10.6.2 6c39eaeb126328e7813b146ecf652d51e4508981 (Debug)
Core was generated by `/test/MD120621-mariadb-10.6.2-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 restore_prev_nj_state (last=last@entry=0x100010001)
at /test/10.6_dbg/sql/sql_select.cc:17232
[Current thread is 1 (Thread 0x1510ed6e6700 (LWP 2487890))]
(gdb) bt
#0 restore_prev_nj_state (last=last@entry=0x100010001) at /test/10.6_dbg/sql/sql_select.cc:17232
#1 0x000055b69c44bd27 in best_extension_by_limited_search (join=join@entry=0x1510b8018318, remaining_tables=remaining_tables@entry=12, idx=idx@entry=2, record_count=record_count@entry=1, read_time=read_time@entry=2.3999999999999999, search_depth=search_depth@entry=1, prune_level=prune_level@entry=1, use_cond_selectivity=use_cond_selectivity@entry=4) at /test/10.6_dbg/sql/sql_select.cc:9996
#2 0x000055b69c44ce79 in greedy_search (use_cond_selectivity=<optimized out>, prune_level=<optimized out>, search_depth=1, remaining_tables=12, join=0x1510b8018318) at /test/10.6_dbg/sql/sql_select.cc:9070
#3 choose_plan (join=join@entry=0x1510b8018318, join_tables=<optimized out>) at /test/10.6_dbg/sql/sql_select.cc:8635
#4 0x000055b69c47bd3d in make_join_statistics (join=join@entry=0x1510b8018318, tables_list=@0x1510b80142b8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x1510b80188c0, last = 0x1510b80188f0, elements = 4}, <No data fields>}, keyuse_array=keyuse_array@entry=0x1510b8018638) at /test/10.6_dbg/sql/sql_select.cc:5875
#5 0x000055b69c482ecb in JOIN::optimize_inner (this=this@entry=0x1510b8018318) at /test/10.6_dbg/sql/sql_select.cc:2451
#6 0x000055b69c483176 in JOIN::optimize (this=this@entry=0x1510b8018318) at /test/10.6_dbg/sql/sql_select.cc:1807
#7 0x000055b69c4837ef in mysql_select (thd=thd@entry=0x1510b8000db8, tables=0x1510b8014678, fields=@0x1510b8014340: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x1510b8014630, last = 0x1510b80c5738, elements = 44}, <No data fields>}, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x1510b80182f0, unit=0x1510b8005130, select_lex=0x1510b80140a0) at /test/10.6_dbg/sql/sql_select.cc:4968
#8 0x000055b69c483af3 in handle_select (thd=thd@entry=0x1510b8000db8, lex=lex@entry=0x1510b8005068, result=result@entry=0x1510b80182f0, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.6_dbg/sql/sql_select.cc:544
#9 0x000055b69c3f7460 in execute_sqlcom_select (thd=thd@entry=0x1510b8000db8, all_tables=0x1510b8014678) at /test/10.6_dbg/sql/sql_parse.cc:6242
#10 0x000055b69c404340 in mysql_execute_command (thd=thd@entry=0x1510b8000db8) at /test/10.6_dbg/sql/sql_parse.cc:3937
#11 0x000055b69c3f0890 in mysql_parse (thd=thd@entry=0x1510b8000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x1510ed6e5400) at /test/10.6_dbg/sql/sql_parse.cc:8016
#12 0x000055b69c3ff3fa in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x1510b8000db8, packet=packet@entry=0x1510b800b769 "SELECT * FROM (t1 NATURAL JOIN t2) NATURAL LEFT JOIN (t3 NATURAL JOIN t4)", packet_length=packet_length@entry=73, blocking=blocking@entry=true) at /test/10.6_dbg/sql/sql_class.h:1340
#13 0x000055b69c4027da in do_command (thd=0x1510b8000db8, blocking=blocking@entry=true) at /test/10.6_dbg/sql/sql_parse.cc:1406
#14 0x000055b69c566c8e in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55b6a024e408, put_in_cache=put_in_cache@entry=true) at /test/10.6_dbg/sql/sql_connect.cc:1410
#15 0x000055b69c567293 in handle_one_connection (arg=arg@entry=0x55b6a024e408) at /test/10.6_dbg/sql/sql_connect.cc:1312
#16 0x000055b69ca15166 in pfs_spawn_thread (arg=0x55b6a0136aa8) at /test/10.6_dbg/storage/perfschema/pfs.cc:2201
#17 0x0000151104aa7609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#18 0x0000151104696293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Bug confirmed present in:
MariaDB: 10.4.20 (dbg), 10.4.20 (opt), 10.5.11 (dbg), 10.5.11 (opt), 10.6.2 (dbg), 10.6.2 (opt)

Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.2.39 (dbg), 10.2.39 (opt), 10.3.30 (dbg), 10.3.30 (opt)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.34 (dbg), 5.7.34 (opt), 8.0.24 (dbg), 8.0.24 (opt)

Roel Van de Paar added a comment - 2021-06-21 14:28 - edited Slightly different stack with this testcase: # mysqld options required for replay: --innodb_strict_mode=OFF SET join_cache_level=6; CREATE TABLE t1 (c01 CHAR (200), c02 CHAR (200), c03 CHAR (200), c04 CHAR (200), c05 CHAR (200), c06 CHAR (200), c07 CHAR (200), c08 CHAR (200), c09 CHAR (200), c10 CHAR (200), c11 CHAR (200), c12 CHAR (200), c13 CHAR (200), c14 CHAR (200), c15 CHAR (200), c16 CHAR (200), c17 CHAR (200), c18 CHAR (200), c19 CHAR (200), c20 CHAR (200), c21 CHAR (200), c22 CHAR (200), c23 CHAR (200), c24 CHAR (200), c25 CHAR (200), c26 CHAR (200), c27 CHAR (200), c28 CHAR (200), c29 CHAR (200), c30 CHAR (200), c31 CHAR (200), c32 CHAR (200), c33 CHAR (200), c34 CHAR (200), c35 CHAR (200), c36 CHAR (200), c37 CHAR (200), c38 CHAR (200), c39 CHAR (200), c40 CHAR (157)) ENGINE=InnoDB ROW_FORMAT=COMPRESSED; CREATE TEMPORARY TABLE t3 LIKE t1; SET optimizer_search_depth=1; CREATE TABLE t4 (c1 INT NULL ) ENGINE=InnoDB; CREATE TABLE t2 (a INT NOT NULL , b INT , c INT , KEY (b), KEY (c), KEY (a)) ENGINE=InnoDB; SELECT * FROM (t1 NATURAL JOIN t2) NATURAL LEFT JOIN (t3 NATURAL JOIN t4); Leads to: 10.6.2 6c39eaeb126328e7813b146ecf652d51e4508981 (Optimized) Core was generated by `/test/MD120621-mariadb-10.6.2-linux-x86_64-opt/bin/mysqld --no-defaults --core-'. Program terminated with signal SIGSEGV, Segmentation fault. #0 best_extension_by_limited_search (join=0x152f8c014bb8, remaining_tables=12, idx=2, record_count=1, read_time=2.3999999999999999, search_depth=1, prune_level=1, use_cond_selectivity=4) at /test/10.6_opt/sql/sql_select.cc:9846 [Current thread is 1 (Thread 0x152fd4b28700 (LWP 2458123))] (gdb) bt #0 best_extension_by_limited_search (join=0x152f8c014bb8, remaining_tables=12, idx=2, record_count=1, read_time=2.3999999999999999, search_depth=1, prune_level=1, use_cond_selectivity=4) at /test/10.6_opt/sql/sql_select.cc:9846 #1 0x000055937caec5dc in greedy_search (use_cond_selectivity=<optimized out>, prune_level=<optimized out>, search_depth=1, remaining_tables=12, join=0x152f8c014bb8) at /test/10.6_opt/sql/sql_select.cc:9070 #2 choose_plan (join=0x152f8c014bb8, join_tables=<optimized out>) at /test/10.6_opt/sql/sql_select.cc:8635 #3 0x000055937cb18a8c in make_join_statistics (keyuse_array=0x152f8c014ed8, tables_list=@0x152f8c010b58: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x152f8c015160, last = 0x152f8c015190, elements = 4}, <No data fields>}, join=0x152f8c014bb8) at /test/10.6_opt/sql/sql_select.cc:5875 #4 JOIN::optimize_inner (this=0x152f8c014bb8) at /test/10.6_opt/sql/sql_select.cc:2451 #5 0x000055937cb18f93 in JOIN::optimize (this=this@entry=0x152f8c014bb8) at /test/10.6_opt/sql/sql_select.cc:1807 #6 0x000055937cb19057 in mysql_select (thd=0x152f8c000c58, tables=0x152f8c010f18, fields=<optimized out>, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x152f8c014b90, unit=0x152f8c004e10, select_lex=0x152f8c010940) at /test/10.6_opt/sql/sql_select.cc:4968 #7 0x000055937cb19877 in handle_select (thd=thd@entry=0x152f8c000c58, lex=lex@entry=0x152f8c004d48, result=result@entry=0x152f8c014b90, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.6_opt/sql/sql_select.cc:544 #8 0x000055937caaa3f1 in execute_sqlcom_select (thd=0x152f8c000c58, all_tables=0x152f8c010f18) at /test/10.6_opt/sql/sql_parse.cc:6242 #9 0x000055937cab8126 in mysql_execute_command (thd=0x152f8c000c58) at /test/10.6_opt/sql/sql_parse.cc:3937 #10 0x000055937caa53f4 in mysql_parse (thd=0x152f8c000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/10.6_opt/sql/sql_parse.cc:8016 #11 0x000055937cab1295 in dispatch_command (command=COM_QUERY, thd=0x152f8c000c58, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/10.6_opt/sql/sql_class.h:1340 #12 0x000055937cab31f7 in do_command (thd=0x152f8c000c58, blocking=blocking@entry=true) at /test/10.6_opt/sql/sql_parse.cc:1406 #13 0x000055937cbc1057 in do_handle_one_connection (connect=<optimized out>, put_in_cache=true) at /test/10.6_opt/sql/sql_connect.cc:1410 #14 0x000055937cbc13bd in handle_one_connection (arg=arg@entry=0x55937f7bcf48) at /test/10.6_opt/sql/sql_connect.cc:1312 #15 0x000055937cf4a8f8 in pfs_spawn_thread (arg=0x55937f76b8e8) at /test/10.6_opt/storage/perfschema/pfs.cc:2201 #16 0x0000152fde461609 in start_thread (arg=<optimized out>) at pthread_create.c:477 #17 0x0000152fde050293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 And on debug: 10.6.2 6c39eaeb126328e7813b146ecf652d51e4508981 (Debug) Core was generated by `/test/MD120621-mariadb-10.6.2-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'. Program terminated with signal SIGSEGV, Segmentation fault. #0 restore_prev_nj_state (last=last@entry=0x100010001) at /test/10.6_dbg/sql/sql_select.cc:17232 [Current thread is 1 (Thread 0x1510ed6e6700 (LWP 2487890))] (gdb) bt #0 restore_prev_nj_state (last=last@entry=0x100010001) at /test/10.6_dbg/sql/sql_select.cc:17232 #1 0x000055b69c44bd27 in best_extension_by_limited_search (join=join@entry=0x1510b8018318, remaining_tables=remaining_tables@entry=12, idx=idx@entry=2, record_count=record_count@entry=1, read_time=read_time@entry=2.3999999999999999, search_depth=search_depth@entry=1, prune_level=prune_level@entry=1, use_cond_selectivity=use_cond_selectivity@entry=4) at /test/10.6_dbg/sql/sql_select.cc:9996 #2 0x000055b69c44ce79 in greedy_search (use_cond_selectivity=<optimized out>, prune_level=<optimized out>, search_depth=1, remaining_tables=12, join=0x1510b8018318) at /test/10.6_dbg/sql/sql_select.cc:9070 #3 choose_plan (join=join@entry=0x1510b8018318, join_tables=<optimized out>) at /test/10.6_dbg/sql/sql_select.cc:8635 #4 0x000055b69c47bd3d in make_join_statistics (join=join@entry=0x1510b8018318, tables_list=@0x1510b80142b8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x1510b80188c0, last = 0x1510b80188f0, elements = 4}, <No data fields>}, keyuse_array=keyuse_array@entry=0x1510b8018638) at /test/10.6_dbg/sql/sql_select.cc:5875 #5 0x000055b69c482ecb in JOIN::optimize_inner (this=this@entry=0x1510b8018318) at /test/10.6_dbg/sql/sql_select.cc:2451 #6 0x000055b69c483176 in JOIN::optimize (this=this@entry=0x1510b8018318) at /test/10.6_dbg/sql/sql_select.cc:1807 #7 0x000055b69c4837ef in mysql_select (thd=thd@entry=0x1510b8000db8, tables=0x1510b8014678, fields=@0x1510b8014340: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x1510b8014630, last = 0x1510b80c5738, elements = 44}, <No data fields>}, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x1510b80182f0, unit=0x1510b8005130, select_lex=0x1510b80140a0) at /test/10.6_dbg/sql/sql_select.cc:4968 #8 0x000055b69c483af3 in handle_select (thd=thd@entry=0x1510b8000db8, lex=lex@entry=0x1510b8005068, result=result@entry=0x1510b80182f0, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.6_dbg/sql/sql_select.cc:544 #9 0x000055b69c3f7460 in execute_sqlcom_select (thd=thd@entry=0x1510b8000db8, all_tables=0x1510b8014678) at /test/10.6_dbg/sql/sql_parse.cc:6242 #10 0x000055b69c404340 in mysql_execute_command (thd=thd@entry=0x1510b8000db8) at /test/10.6_dbg/sql/sql_parse.cc:3937 #11 0x000055b69c3f0890 in mysql_parse (thd=thd@entry=0x1510b8000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x1510ed6e5400) at /test/10.6_dbg/sql/sql_parse.cc:8016 #12 0x000055b69c3ff3fa in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x1510b8000db8, packet=packet@entry=0x1510b800b769 "SELECT * FROM (t1 NATURAL JOIN t2) NATURAL LEFT JOIN (t3 NATURAL JOIN t4)", packet_length=packet_length@entry=73, blocking=blocking@entry=true) at /test/10.6_dbg/sql/sql_class.h:1340 #13 0x000055b69c4027da in do_command (thd=0x1510b8000db8, blocking=blocking@entry=true) at /test/10.6_dbg/sql/sql_parse.cc:1406 #14 0x000055b69c566c8e in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55b6a024e408, put_in_cache=put_in_cache@entry=true) at /test/10.6_dbg/sql/sql_connect.cc:1410 #15 0x000055b69c567293 in handle_one_connection (arg=arg@entry=0x55b6a024e408) at /test/10.6_dbg/sql/sql_connect.cc:1312 #16 0x000055b69ca15166 in pfs_spawn_thread (arg=0x55b6a0136aa8) at /test/10.6_dbg/storage/perfschema/pfs.cc:2201 #17 0x0000151104aa7609 in start_thread (arg=<optimized out>) at pthread_create.c:477 #18 0x0000151104696293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 Bug confirmed present in: MariaDB: 10.4.20 (dbg), 10.4.20 (opt), 10.5.11 (dbg), 10.5.11 (opt), 10.6.2 (dbg), 10.6.2 (opt) Bug (or feature/syntax) confirmed not present in: MariaDB: 10.2.39 (dbg), 10.2.39 (opt), 10.3.30 (dbg), 10.3.30 (opt) MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.34 (dbg), 5.7.34 (opt), 8.0.24 (dbg), 8.0.24 (opt)

Roel Van de Paar added a comment - 2021-06-21 14:29

Likely duplicate of ~~MDEV-23937~~. Few extra testcases here.

Roel Van de Paar added a comment - 2021-06-21 14:29 Likely duplicate of MDEV-23937 . Few extra testcases here.

Sergei Petrunia added a comment - 2021-07-03 09:40

Fixed by fix for ~~MDEV-17783~~. Testcase added.

Sergei Petrunia added a comment - 2021-07-03 09:40 Fixed by fix for MDEV-17783 . Testcase added.

MariaDB Server

SIGSEGV in best_extension_by_limited_search | SIGSEGV in restore_prev_nj_state

Details

Description

Attachments

Issue Links

Activity

People

Dates

Git Integration