Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-28957

Assertion `table->no_keyread || !table->covering_keys.is_set(tab->index) || table->file->keyread == tab->index' failed and SIGSEGV in JOIN_CACHE::reset_join

    XMLWordPrintable

Details

    Description

      Whilst this bug looks very closely related to MDEV-28799 and likely MDEV-28515, there are some significant differences. On optimized builds, this testcase crashes with a stack quite similar to the stack seen for optimized builds in MDEV-28799. However, the debug assert is different. Then again, when the testcase is changed only minimally, the same assert can be seen as in MDEV-28799. Additionally, 10.3 does not look to be affected by this testcase (invalid SQL).

      CREATE TABLE t(c INT,v2 INT,v3 INT UNIQUE) ENGINE=InnoDB;
      		 
      INSERT INTO t(v2)VALUES ((v2,c,v2)=(0,(SELECT 1 FROM (SELECT 1 FROM t AS v8) AS v6 JOIN t AS v5 WINDOW v4 AS(PARTITION BY c AND 1 BETWEEN(SELECT v2 GROUP BY c WINDOW v9 AS(PARTITION BY c)) AND 1)),0));

      Leads to:

      10.10.0 081a284712bb661349e2e3802077b12211cede3e (Optimized)

      		 
      Core was generated by `/test/MD310522-mariadb-10.10.0-linux-x86_64-opt/bin/mysqld --no-defaults --core'.
      		 
      Program terminated with signal SIGSEGV, Segmentation fault.
      		 
      #0  JOIN_CACHE::reset_join (this=0x0, j=0x14c1f801fbe8)
      		 
          at /test/10.10_opt/sql/sql_join_cache.h:682
      		 
      [Current thread is 1 (Thread 0x14c22cd27700 (LWP 3913816))]
      		 
      (gdb) bt
      		 
      #0  JOIN_CACHE::reset_join (this=0x0, j=0x14c1f801fbe8) at /test/10.10_opt/sql/sql_join_cache.h:682
      		 
      #1  sub_select_cache (join=0x14c1f801fbe8, join_tab=0x14c1f8051628, end_of_records=true) at /test/10.10_opt/sql/sql_select.cc:20961
      		 
      #2  0x000055a1740784df in do_select (procedure=<optimized out>, join=0x14c1f801fbe8) at /test/10.10_opt/sql/sql_select.cc:20738
      		 
      #3  JOIN::exec_inner (this=0x14c1f801fbe8) at /test/10.10_opt/sql/sql_select.cc:4786
      		 
      #4  0x000055a174078a48 in JOIN::exec (this=0x14c1f801fbe8) at /test/10.10_opt/sql/sql_select.cc:4564
      		 
      #5  0x000055a174319d46 in subselect_single_select_engine::exec (this=0x14c1f801ebf0) at /test/10.10_opt/sql/item_subselect.cc:4144
      		 
      #6  0x000055a17431939c in Item_subselect::exec (this=0x14c1f801ea68) at /test/10.10_opt/sql/item_subselect.cc:854
      		 
      #7  0x000055a17431a887 in Item_singlerow_subselect::bring_value (this=0x14c1f801ea68) at /test/10.10_opt/sql/item_subselect.cc:1462
      		 
      #8  0x000055a1742e1f66 in Item_row::bring_value (this=0x14c1f801ecf8) at /test/10.10_opt/sql/item_row.cc:179
      		 
      #9  0x000055a174277e27 in Arg_comparator::compare_row (this=0x14c1f801ee68) at /test/10.10_opt/sql/item_cmpfunc.cc:1050
      		 
      #10 0x000055a1742780ff in Arg_comparator::compare (this=<optimized out>) at /test/10.10_opt/sql/item_cmpfunc.h:103
      		 
      #11 Item_func_eq::val_int (this=<optimized out>) at /test/10.10_opt/sql/item_cmpfunc.cc:1762
      		 
      #12 0x000055a174267ff3 in Item::save_int_in_field (this=0x14c1f801edb8, field=0x14c1f80207a0, no_conversions=<optimized out>) at /test/10.10_opt/sql/item.cc:6826
      		 
      #13 0x000055a174257df7 in Item::save_in_field (this=0x14c1f801edb8, field=0x14c1f80207a0, no_conversions=<optimized out>) at /test/10.10_opt/sql/item.cc:6836
      		 
      #14 0x000055a173f9abcb in fill_record (thd=thd@entry=0x14c1f8000c58, table_arg=table_arg@entry=0x14c1f8017c28, fields=@0x14c1f8005b70: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14c1f8011158, last = 0x14c1f8011158, elements = 1}, <No data fields>}, values=@0x14c1f80115e0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14c1f801efe0, last = 0x14c1f801efe0, elements = 1}, <No data fields>}, ignore_errors=ignore_errors@entry=false, update=update@entry=false) at /test/10.10_opt/sql/sql_base.cc:8814
      		 
      #15 0x000055a173f9af3e in fill_record_n_invoke_before_triggers (thd=thd@entry=0x14c1f8000c58, table=table@entry=0x14c1f8017c28, fields=@0x14c1f8005b70: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14c1f8011158, last = 0x14c1f8011158, elements = 1}, <No data fields>}, values=@0x14c1f80115e0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14c1f801efe0, last = 0x14c1f801efe0, elements = 1}, <No data fields>}, ignore_errors=ignore_errors@entry=false, event=event@entry=TRG_EVENT_INSERT) at /test/10.10_opt/sql/sql_base.cc:8992
      		 
      #16 0x000055a173fcb3c4 in mysql_insert (thd=thd@entry=0x14c1f8000c58, table_list=<optimized out>, fields=@0x14c1f8005b70: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14c1f8011158, last = 0x14c1f8011158, elements = 1}, <No data fields>}, values_list=@0x14c1f8005bb8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14c1f801f0f0, last = 0x14c1f801f0f0, elements = 1}, <No data fields>}, update_fields=@0x14c1f8005ba0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x55a1750844d0 <end_of_list>, last = 0x14c1f8005ba0, elements = 0}, <No data fields>}, update_values=@0x14c1f8005b88: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x55a1750844d0 <end_of_list>, last = 0x14c1f8005b88, elements = 0}, <No data fields>}, duplic=<optimized out>, ignore=<optimized out>, result=<optimized out>) at /test/10.10_opt/sql/sql_insert.cc:1029
      		 
      #17 0x000055a17400581f in mysql_execute_command (thd=0x14c1f8000c58, is_called_from_prepared_stmt=<optimized out>) at /test/10.10_opt/sql/sql_parse.cc:4562
      		 
      #18 0x000055a173ff5bb5 in mysql_parse (rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, thd=0x14c1f8000c58) at /test/10.10_opt/sql/sql_parse.cc:8036
      		 
      #19 mysql_parse (thd=0x14c1f8000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/10.10_opt/sql/sql_parse.cc:7958
      		 
      #20 0x000055a1740016ca in dispatch_command (command=COM_QUERY, thd=0x14c1f8000c58, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/10.10_opt/sql/sql_class.h:1364
      		 
      #21 0x000055a1740035f2 in do_command (thd=0x14c1f8000c58, blocking=blocking@entry=true) at /test/10.10_opt/sql/sql_parse.cc:1407
      		 
      #22 0x000055a1741198af in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55a175e263d8, put_in_cache=put_in_cache@entry=true) at /test/10.10_opt/sql/sql_connect.cc:1418
      		 
      #23 0x000055a174119b8d in handle_one_connection (arg=0x55a175e263d8) at /test/10.10_opt/sql/sql_connect.cc:1312
      		 
      #24 0x000014c245b55609 in start_thread (arg=<optimized out>) at pthread_create.c:477
      		 
      #25 0x000014c245741133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

      10.10.0 081a284712bb661349e2e3802077b12211cede3e (Debug)

      		 
      mysqld: /test/10.10_dbg/sql/sql_select.cc:22217: int join_read_first(JOIN_TAB*): Assertion `table->no_keyread || !table->covering_keys.is_set(tab->index) || table->file->keyread == tab->index' failed.

      10.10.0 081a284712bb661349e2e3802077b12211cede3e (Debug)

      		 
      Core was generated by `/test/MD310522-mariadb-10.10.0-linux-x86_64-dbg/bin/mysqld --no-defaults --core'.
      		 
      Program terminated with signal SIGABRT, Aborted.
      		 
      #0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
      		 
      [Current thread is 1 (Thread 0x14b5e2ce7700 (LWP 3914021))]
      		 
      (gdb) bt
      		 
      #0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
      		 
      #1  0x000014b5ff459859 in __GI_abort () at abort.c:79
      		 
      #2  0x000014b5ff459729 in __assert_fail_base (fmt=0x14b5ff5ef588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x5602bc3f6c60 "table->no_keyread || !table->covering_keys.is_set(tab->index) || table->file->keyread == tab->index", file=0x5602bc3f3768 "/test/10.10_dbg/sql/sql_select.cc", line=22217, function=<optimized out>) at assert.c:92
      		 
      #3  0x000014b5ff46afd6 in __GI___assert_fail (assertion=assertion@entry=0x5602bc3f6c60 "table->no_keyread || !table->covering_keys.is_set(tab->index) || table->file->keyread == tab->index", file=file@entry=0x5602bc3f3768 "/test/10.10_dbg/sql/sql_select.cc", line=line@entry=22217, function=function@entry=0x5602bc3f6cc8 "int join_read_first(JOIN_TAB*)") at assert.c:101
      		 
      #4  0x00005602bb8801b9 in join_read_first (tab=0x14b5b4078478) at /test/10.10_dbg/sql/sql_select.cc:22217
      		 
      #5  0x00005602bb854967 in sub_select (join=0x14b5b40286a0, join_tab=0x14b5b4078478, end_of_records=false) at /test/10.10_dbg/sql/sql_select.cc:21188
      		 
      #6  0x00005602bb88827b in do_select (procedure=<optimized out>, join=0x14b5b40286a0) at /test/10.10_dbg/sql/sql_select.cc:20736
      		 
      #7  JOIN::exec_inner (this=this@entry=0x14b5b40286a0) at /test/10.10_dbg/sql/sql_select.cc:4786
      		 
      #8  0x00005602bb888814 in JOIN::exec (this=0x14b5b40286a0) at /test/10.10_dbg/sql/sql_select.cc:4564
      		 
      #9  0x00005602bbbeee22 in subselect_single_select_engine::exec (this=0x14b5b40276a0) at /test/10.10_dbg/sql/item_subselect.cc:4144
      		 
      #10 0x00005602bbbee470 in Item_subselect::exec (this=0x14b5b4027518) at /test/10.10_dbg/sql/item_subselect.cc:854
      		 
      #11 0x00005602bbbec35d in Item_singlerow_subselect::bring_value (this=0x14b5b4027518) at /test/10.10_dbg/sql/item_subselect.cc:1462
      		 
      #12 0x00005602bbbb292a in Item_row::bring_value (this=0x14b5b40277a8) at /test/10.10_dbg/sql/item_row.cc:179
      		 
      #13 0x00005602bbb28b4f in Arg_comparator::compare_row (this=0x14b5b4027918) at /test/10.10_dbg/sql/item_cmpfunc.cc:1050
      		 
      #14 0x00005602bbb28cf8 in Arg_comparator::compare (this=0x14b5b4027918) at /test/10.10_dbg/sql/item_cmpfunc.h:103
      		 
      #15 Item_func_eq::val_int (this=0x14b5b4027868) at /test/10.10_dbg/sql/item_cmpfunc.cc:1762
      		 
      #16 0x00005602bbb12179 in Item::save_int_in_field (this=0x14b5b4027868, field=0x14b5b401f100, no_conversions=<optimized out>) at /test/10.10_dbg/sql/item.cc:6826
      		 
      #17 0x00005602bb9f1640 in Type_handler_int_result::Item_save_in_field (this=<optimized out>, item=<optimized out>, field=<optimized out>, no_conversions=<optimized out>) at /test/10.10_dbg/sql/sql_type.cc:4359
      		 
      #18 0x00005602bbaf88d3 in Item::save_in_field (this=0x14b5b4027868, field=0x14b5b401f100, no_conversions=<optimized out>) at /test/10.10_dbg/sql/item.cc:6836
      		 
      #19 0x00005602bb77aaec in fill_record (thd=thd@entry=0x14b5b4000db8, table_arg=table_arg@entry=0x14b5b401b888, fields=@0x14b5b4005e90: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14b5b4014678, last = 0x14b5b4014678, elements = 1}, <No data fields>}, values=@0x14b5b4014b00: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14b5b4027a90, last = 0x14b5b4027a90, elements = 1}, <No data fields>}, ignore_errors=ignore_errors@entry=false, update=update@entry=false) at /test/10.10_dbg/sql/sql_base.cc:8814
      		 
      #20 0x00005602bb77ac96 in fill_record_n_invoke_before_triggers (thd=thd@entry=0x14b5b4000db8, table=table@entry=0x14b5b401b888, fields=@0x14b5b4005e90: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14b5b4014678, last = 0x14b5b4014678, elements = 1}, <No data fields>}, values=@0x14b5b4014b00: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14b5b4027a90, last = 0x14b5b4027a90, elements = 1}, <No data fields>}, ignore_errors=ignore_errors@entry=false, event=event@entry=TRG_EVENT_INSERT) at /test/10.10_dbg/sql/sql_base.cc:8992
      		 
      #21 0x00005602bb7bcbf8 in mysql_insert (thd=thd@entry=0x14b5b4000db8, table_list=<optimized out>, fields=@0x14b5b4005e90: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14b5b4014678, last = 0x14b5b4014678, elements = 1}, <No data fields>}, values_list=@0x14b5b4005ed8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14b5b4027ba0, last = 0x14b5b4027ba0, elements = 1}, <No data fields>}, update_fields=@0x14b5b4005ec0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x5602bccd5a00 <end_of_list>, last = 0x14b5b4005ec0, elements = 0}, <No data fields>}, update_values=@0x14b5b4005ea8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x5602bccd5a00 <end_of_list>, last = 0x14b5b4005ea8, elements = 0}, <No data fields>}, duplic=DUP_ERROR, ignore=false, result=0x0) at /test/10.10_dbg/sql/sql_insert.cc:1029
      		 
      #22 0x00005602bb800803 in mysql_execute_command (thd=thd@entry=0x14b5b4000db8, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.10_dbg/sql/sql_parse.cc:4562
      		 
      #23 0x00005602bb7ece3a in mysql_parse (thd=thd@entry=0x14b5b4000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14b5e2ce6470) at /test/10.10_dbg/sql/sql_parse.cc:8036
      		 
      #24 0x00005602bb7fa422 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14b5b4000db8, packet=packet@entry=0x14b5b400b6d9 "INSERT INTO t(v2)VALUES ((v2,c,v2)=(0,(SELECT 1 FROM (SELECT 1 FROM t AS v8) AS v6 JOIN t AS v5 WINDOW v4 AS(PARTITION BY c AND 1 BETWEEN(SELECT v2 GROUP BY c WINDOW v9 AS(PARTITION BY c)) AND 1)),0))", packet_length=packet_length@entry=200, blocking=blocking@entry=true) at /test/10.10_dbg/sql/sql_class.h:1364
      		 
      #25 0x00005602bb7fcb2c in do_command (thd=0x14b5b4000db8, blocking=blocking@entry=true) at /test/10.10_dbg/sql/sql_parse.cc:1407
      		 
      #26 0x00005602bb95c3c0 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x5602bf8c1a28, put_in_cache=put_in_cache@entry=true) at /test/10.10_dbg/sql/sql_connect.cc:1418
      		 
      #27 0x00005602bb95c8c9 in handle_one_connection (arg=0x5602bf8c1a28) at /test/10.10_dbg/sql/sql_connect.cc:1312
      		 
      #28 0x000014b5ff96a609 in start_thread (arg=<optimized out>) at pthread_create.c:477
      		 
      #29 0x000014b5ff556133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

      Bug confirmed present in:
      MariaDB: 10.4.26 (dbg), 10.4.26 (opt), 10.5.17 (dbg), 10.5.17 (opt), 10.6.9 (dbg), 10.6.9 (opt), 10.7.5 (dbg), 10.7.5 (opt), 10.8.4 (dbg), 10.8.4 (opt), 10.9.2 (dbg), 10.9.2 (opt), 10.10.0 (dbg), 10.10.0 (opt)

      Bug (or feature/syntax) confirmed not present in:
      MariaDB: 10.3.36 (dbg), 10.3.36 (opt)
      MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.38 (dbg), 5.7.38 (opt), 8.0.29 (dbg), 8.0.29 (opt)

      This is the slightly modified testcase which leads to MDEV-28799:

      CREATE TABLE t(c INT,c2 INT,c3 INT);
      		 
      INSERT INTO t(c2)VALUES ((c2,c,c2)=(0,(SELECT 1 FROM (SELECT 1 FROM t AS v8) AS v6 JOIN t AS v5 WINDOW v4 AS(PARTITION BY c AND 1 BETWEEN(SELECT c2 GROUP BY c WINDOW v9 AS(PARTITION BY c)) AND 1)),0));

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-28515 Assertion `field->table == table' failed in Create_tmp_table::finalize and create_tmp_table and SIGSEGV in hp_rec_hashnr

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-28799 SIGSEGV in JOIN_CACHE::reset_join and Assertion `cache != __null' failed in sub_select_cache on SELECT

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            People

              Unassigned Unassigned
              Roel Roel Van de Paar
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.