Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-30651

Crash after killing query while it is processed by test_quick_select



      Somewhat similar to MDEV-19720 (same assert) however the testcase from that bug no longer produces any crash (on any version - tested), while this crashes 10.5-11.0, and this testcase needs max_statement_time. Finally, this bug is present in 10.5+ only. Testcase is sporadic. Requires from 2 to 200 executions before triggering. Possible race, though it could just be the result of the timing.

      SET storage_engine=MyISAM, sql_mode='';
      CREATE TABLE t (c1 INT KEY,c2 INT,c3 TIME,INDEX (c2));
      INSERT INTO t VALUES (0,0,0),(1000,0,0);
      EXECUTE x;
      SET @@max_statement_time=0.0001;
      SELECT * FROM t WHERE c1 >='00:00:00' AND c1 <'23:00:00' AND c2='13:13:13';
      DROP TABLE t;

      Leads to:

      11.0.1 4d09050ca77a7efac4565d46e4bcd85a5f210c53 (Optimized)

      Core was generated by `/test/MD110223-mariadb-11.0.1-linux-x86_64-opt/bin/mysqld --no-defaults --core-'.
      Program terminated with signal SIGSEGV, Segmentation fault.
      #0  st_join_table::save_explain_data (this=0x148ee808be30, eta=0x148ee808d250, 
          prefix_tables=<optimized out>, distinct_arg=<optimized out>, 
          first_top_tab=0x148ee808be30) at /test/11.0_opt/sql/sql_select.cc:27921
      [Current thread is 1 (Thread 0x148f34b46640 (LWP 571587))]
      (gdb) bt
      #0  st_join_table::save_explain_data (this=0x148ee808be30, eta=0x148ee808d250, prefix_tables=<optimized out>, distinct_arg=<optimized out>, first_top_tab=0x148ee808be30) at /test/11.0_opt/sql/sql_select.cc:27921
      #1  0x000055ef3ec6d999 in JOIN::save_explain_data_intern (this=0x148ee8012b78, output=0x148ee8013160, need_tmp_table_arg=<optimized out>, need_order_arg=<optimized out>, distinct_arg=false, message=<optimized out>) at /test/11.0_opt/sql/sql_select.cc:28480
      #2  0x000055ef3ec6dc68 in JOIN::save_explain_data (this=0x148ee8012b78, output=0x148ee8013160, can_overwrite=<optimized out>, need_tmp_table=<optimized out>, need_order=<optimized out>, distinct=<optimized out>) at /test/11.0_opt/sql/sql_select.cc:4559
      #3  0x000055ef3ec6dd44 in JOIN::build_explain (this=this@entry=0x148ee8012b78) at /test/11.0_opt/sql/sql_select.cc:1816
      #4  0x000055ef3ec78a5a in JOIN::optimize (this=this@entry=0x148ee8012b78) at /test/11.0_opt/sql/sql_select.cc:1876
      #5  0x000055ef3ec78b5e in mysql_select (thd=0x148ee8000c68, tables=0x148ee8010e48, fields=@0x148ee8010b08: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x148ee8010e00, last = 0x148ee80136d0, elements = 3}, <No data fields>}, conds=0x148ee8011d38, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x148ee8012b50, unit=0x148ee8004ce8, select_lex=0x148ee8010868) at /test/11.0_opt/sql/sql_select.cc:5066
      #6  0x000055ef3ec792f4 in handle_select (thd=thd@entry=0x148ee8000c68, lex=lex@entry=0x148ee8004c10, result=result@entry=0x148ee8012b50, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/11.0_opt/sql/sql_select.cc:581
      #7  0x000055ef3ebf4725 in execute_sqlcom_select (thd=0x148ee8000c68, all_tables=0x148ee8010e48) at /test/11.0_opt/sql/sql_parse.cc:6265
      #8  0x000055ef3ec034c0 in mysql_execute_command (thd=0x148ee8000c68, is_called_from_prepared_stmt=<optimized out>) at /test/11.0_opt/sql/sql_parse.cc:3949
      #9  0x000055ef3ec04d54 in mysql_parse (rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, thd=0x148ee8000c68) at /test/11.0_opt/sql/sql_parse.cc:8000
      #10 mysql_parse (thd=0x148ee8000c68, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/11.0_opt/sql/sql_parse.cc:7922
      #11 0x000055ef3ec07332 in dispatch_command (command=COM_QUERY, thd=0x148ee8000c68, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/11.0_opt/sql/sql_parse.cc:1991
      #12 0x000055ef3ec08ad0 in do_command (thd=0x148ee8000c68, blocking=blocking@entry=true) at /test/11.0_opt/sql/sql_parse.cc:1407
      #13 0x000055ef3ed1eaa7 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55ef411c9f98, put_in_cache=put_in_cache@entry=true) at /test/11.0_opt/sql/sql_connect.cc:1416
      #14 0x000055ef3ed1ed7d in handle_one_connection (arg=0x55ef411c9f98) at /test/11.0_opt/sql/sql_connect.cc:1318
      #15 0x0000148f4dfeeb43 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
      #16 0x0000148f4e080a00 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

      11.0.1 4d09050ca77a7efac4565d46e4bcd85a5f210c53 (Debug)

      mysqld: /test/11.0_dbg/sql/sql_select.cc:1955: bool JOIN::make_range_rowid_filters(): Assertion `sel->quick' failed.

      11.0.1 4d09050ca77a7efac4565d46e4bcd85a5f210c53 (Debug)

      Core was generated by `/test/MD110223-mariadb-11.0.1-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
      Program terminated with signal SIGABRT, Aborted.
      #0  __pthread_kill_implementation (no_tid=0, signo=6, threadid=22476463277632)
          at ./nptl/pthread_kill.c:44
      [Current thread is 1 (Thread 0x1471359c0640 (LWP 571559))]
      (gdb) bt
      #0  __pthread_kill_implementation (no_tid=0, signo=6, threadid=22476463277632) at ./nptl/pthread_kill.c:44
      #1  __pthread_kill_internal (signo=6, threadid=22476463277632) at ./nptl/pthread_kill.c:78
      #2  __GI___pthread_kill (threadid=22476463277632, signo=signo@entry=6) at ./nptl/pthread_kill.c:89
      #3  0x000014715303d476 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
      #4  0x00001471530237f3 in __GI_abort () at ./stdlib/abort.c:79
      #5  0x000014715302371b in __assert_fail_base (fmt=0x1471531d8150 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x556e2b1da48d "sel->quick", file=0x556e2b192038 "/test/11.0_dbg/sql/sql_select.cc", line=1955, function=<optimized out>) at ./assert/assert.c:92
      #6  0x0000147153034e96 in __GI___assert_fail (assertion=0x556e2b1da48d "sel->quick", file=0x556e2b192038 "/test/11.0_dbg/sql/sql_select.cc", line=1955, function=0x556e2b192bc0 "bool JOIN::make_range_rowid_filters()") at ./assert/assert.c:101
      #7  0x0000556e2a6da7ab in JOIN::make_range_rowid_filters (this=this@entry=0x1470e4015538) at /test/11.0_dbg/sql/sql_select.cc:1955
      #8  0x0000556e2a70e83d in JOIN::optimize_stage2 (this=this@entry=0x1470e4015538) at /test/11.0_dbg/sql/sql_select.cc:2584
      #9  0x0000556e2a7122d2 in JOIN::optimize_inner (this=this@entry=0x1470e4015538) at /test/11.0_dbg/sql/sql_select.cc:2560
      #10 0x0000556e2a712770 in JOIN::optimize (this=this@entry=0x1470e4015538) at /test/11.0_dbg/sql/sql_select.cc:1870
      #11 0x0000556e2a712860 in mysql_select (thd=thd@entry=0x1470e4000d58, tables=0x1470e4013808, fields=@0x1470e40134c8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x1470e40137c0, last = 0x1470e40160a0, elements = 3}, <No data fields>}, conds=0x1470e40146f8, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2164525824, result=0x1470e4015510, unit=0x1470e4004f98, select_lex=0x1470e4013228) at /test/11.0_dbg/sql/sql_select.cc:5066
      #12 0x0000556e2a713026 in handle_select (thd=thd@entry=0x1470e4000d58, lex=lex@entry=0x1470e4004ec0, result=result@entry=0x1470e4015510, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/11.0_dbg/sql/sql_select.cc:581
      #13 0x0000556e2a67df31 in execute_sqlcom_select (thd=thd@entry=0x1470e4000d58, all_tables=0x1470e4013808) at /test/11.0_dbg/sql/sql_parse.cc:6265
      #14 0x0000556e2a6893d8 in mysql_execute_command (thd=thd@entry=0x1470e4000d58, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/11.0_dbg/sql/sql_parse.cc:3949
      #15 0x0000556e2a6906d0 in mysql_parse (thd=thd@entry=0x1470e4000d58, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x1471359bf2c0) at /test/11.0_dbg/sql/sql_parse.cc:8000
      #16 0x0000556e2a692864 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x1470e4000d58, packet=packet@entry=0x1470e400ae09 "SELECT * FROM t WHERE c1 >='00:00:00' AND c1 <'23:00:00' AND c2='13:13:13'", packet_length=packet_length@entry=74, blocking=blocking@entry=true) at /test/11.0_dbg/sql/sql_class.h:242
      #17 0x0000556e2a6946bd in do_command (thd=0x1470e4000d58, blocking=blocking@entry=true) at /test/11.0_dbg/sql/sql_parse.cc:1407
      #18 0x0000556e2a7df4e4 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x556e2d9bd9e8, put_in_cache=put_in_cache@entry=true) at /test/11.0_dbg/sql/sql_connect.cc:1416
      #19 0x0000556e2a7df743 in handle_one_connection (arg=0x556e2d9bd9e8) at /test/11.0_dbg/sql/sql_connect.cc:1318
      #20 0x000014715308fb43 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
      #21 0x0000147153121a00 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

      Bug confirmed present in:
      MariaDB: 10.5.20 (dbg), 10.5.20 (opt), 10.6.13 (dbg), 10.6.13 (opt), 10.7.8 (dbg), 10.7.8 (opt), 10.8.8 (dbg), 10.8.8 (opt), 10.9.6 (dbg), 10.9.6 (opt), 10.10.4 (dbg), 10.10.4 (opt), 10.11.2 (dbg), 10.11.2 (opt), 11.0.1 (dbg), 11.0.1 (opt)

      Bug (or feature/syntax) confirmed not present in:
      MariaDB: 10.3.38 (dbg), 10.3.38 (opt), 10.4.29 (dbg), 10.4.29 (opt)
      MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.40 (dbg), 5.7.40 (opt), 8.0.31 (dbg), 8.0.31 (opt)


        Issue Links


            Pushed into 10.5:

            2eda310b155 (HEAD -> 10.5, origin/bb-10.5-MDEV-30651, origin/10.5, bb-10.5-MDEV-30651) Restore test coverage for MDEV-18956
            0903276eaea MDEV-30651: Assertion `sel->quick' in make_range_rowid_filters, followup
            a2066b2400f MDEV-30651: Assertion `sel->quick' in make_range_rowid_filters

            and into 10.6:

            commit ef9e3e73ed52e55842e6ba40dfa94a78fb06cbee (origin/bb-10.6-MDEV-30651, origin/HEAD, origin/10.6)
            Author: Sergei Petrunia <sergey@mariadb.com>
            Date:   Tue Jun 11 16:20:00 2024 +0300
                MDEV-30651: Assertion `sel->quick' in make_range_rowid_filters
                (Variant for 10.6: return error code from SQL_SELECT::test_quick_select)

            psergei Sergei Petrunia added a comment - Pushed into 10.5: 2eda310b155 (HEAD -> 10.5, origin/bb-10.5-MDEV-30651, origin/10.5, bb-10.5-MDEV-30651) Restore test coverage for MDEV-18956 0903276eaea MDEV-30651: Assertion `sel->quick' in make_range_rowid_filters, followup a2066b2400f MDEV-30651: Assertion `sel->quick' in make_range_rowid_filters and into 10.6: commit ef9e3e73ed52e55842e6ba40dfa94a78fb06cbee (origin/bb-10.6-MDEV-30651, origin/HEAD, origin/10.6) Author: Sergei Petrunia <sergey@mariadb.com> Date: Tue Jun 11 16:20:00 2024 +0300   MDEV-30651: Assertion `sel->quick' in make_range_rowid_filters (Variant for 10.6: return error code from SQL_SELECT::test_quick_select)

            The following simple variant of the original test case could demonstrate the same problem:

            INSERT INTO t VALUES (0,0,0),(1000,0,0);
            EXPLAIN SELECT * FROM t WHERE c1 >= 0 AND c1 < 10 AND c2=13;
            SET @@max_statement_time=0.00001;
            --error 0,ER_STATEMENT_TIMEOUT
            EXPLAIN SELECT * FROM t WHERE c1 >= 0 AND c1 < 10 AND c2=13;
            DROP TABLE t;

            The test should be run as a separate mtr test repeatedly by the following command:

            ../mtr --force --max-test-fail=1000 --repeat=1000 --parallel 8 main.rowid_filter_kill{,,,,,,,}

            Usually the crash happens in less than 200 iterations.

            igor Igor Babaev (Inactive) added a comment - The following simple variant of the original test case could demonstrate the same problem: CREATE TABLE t (c1 INT PRIMARY KEY ,c2 INT , c3 INT , INDEX (c2)) ENGINE=MYISAM; INSERT INTO t VALUES (0,0,0),(1000,0,0); EXPLAIN SELECT * FROM t WHERE c1 >= 0 AND c1 < 10 AND c2=13; --disable_query_log SET @@max_statement_time=0.00001; --disable_result_log --error 0,ER_STATEMENT_TIMEOUT EXPLAIN SELECT * FROM t WHERE c1 >= 0 AND c1 < 10 AND c2=13; --enable_result_log --enable_query_log DROP TABLE t; The test should be run as a separate mtr test repeatedly by the following command: ../mtr --force --max-test-fail=1000 --repeat=1000 --parallel 8 main.rowid_filter_kill{,,,,,,,} Usually the crash happens in less than 200 iterations.

            psergei, monty: A possible problem that I see here for the patch pushed into 10.5 is that the 'killed' signal is not caught after the calls of SQL_SELECT::test_quick_select() within the code code of make_join_select(). Can it cause similar crashes when printing info for EXPLAIN?

            igor Igor Babaev (Inactive) added a comment - psergei , monty : A possible problem that I see here for the patch pushed into 10.5 is that the 'killed' signal is not caught after the calls of SQL_SELECT::test_quick_select() within the code code of make_join_select(). Can it cause similar crashes when printing info for EXPLAIN?

            igor no, it cannot. The code in make_join_select() does not have the property that "This call MUST produce a quick select, otherwise we end up in a logically incoherent state".

            psergei Sergei Petrunia added a comment - igor no, it cannot. The code in make_join_select() does not have the property that "This call MUST produce a quick select, otherwise we end up in a logically incoherent state".

            Notes for the changelog:
            A query that plans to use the Rowid Filter optimization could crash the server if some factor causes it to terminate abnormally at a certain specific point in query optimization. Examples of such causes of termination are: query being killed with KILL statement, statement execution exceeding @@max_statement_time limit.

            psergei Sergei Petrunia added a comment - Notes for the changelog: A query that plans to use the Rowid Filter optimization could crash the server if some factor causes it to terminate abnormally at a certain specific point in query optimization. Examples of such causes of termination are: query being killed with KILL statement, statement execution exceeding @@max_statement_time limit.


              psergei Sergei Petrunia
              Roel Roel Van de Paar
              1 Vote for this issue
              10 Start watching this issue



                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.