[MDEV-32085] Server crash in add_key_field - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Duplicate
Affects Version/s: 10.11.5, 10.4(EOL), 10.5, 10.6, 10.9(EOL), 10.10(EOL), 10.11, 11.0(EOL)
Fix Version/s: N/A
Component/s: Optimizer, Server
Labels:
None

Description

How to trigger

CREATE TABLE t0 ( c0 CHAR ( 10 ) ) ;

SELECT ra3 . c0 FROM t0 ra2 STRAIGHT_JOIN t0 ra3 WHERE ra3 . c0 > ra3 . c0 HAVING ra3 . c0 IN ( SELECT ra3 . c0 ca0 FROM t0 ra4 WHERE ra4 . c0 = ( ra3 . c0 ) ) ;

Server error log

Server version: 10.11.5-MariaDB source revision: 7875294b6b74b53dd3aaa723e6cc103d2bb47b2c

key_buffer_size=134217728

read_buffer_size=131072

max_used_connections=1

max_threads=153

thread_count=21

It is possible that mysqld could use up to

key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 468037 K  bytes of memory

Hope that's ok; if not, decrease some variables in the equation.

Thread pointer: 0x7f450c000c18

Attempting backtrace. You can use the following information to find out

where mysqld died. If you see no messages after this, something went

terribly wrong...

stack_bottom = 0x7f45d4082d98 thread_stack 0x49000

mysys/stacktrace.c:216(my_print_stacktrace)[0x55e9fb5dc25e]

sql/signal_handler.cc:241(handle_fatal_signal)[0x55e9fb14d765]

/lib/x86_64-linux-gnu/libpthread.so.0(+0x12980)[0x7f45eb688980]

sql/sql_bitmap.h:211(add_key_field(JOIN*, KEY_FIELD**, unsigned int, Item_bool_func*, Field*, bool, Item**, unsigned int, unsigned long long, SARGABLE_PARAM**, unsigned int))[0x55e9faf5622a]

sql/sql_list.h:441(Item_equal::add_key_fields(JOIN*, KEY_FIELD**, unsigned int*, unsigned long long, SARGABLE_PARAM**))[0x55e9faf5ca1f]

sql/sql_select.cc:7274(update_ref_and_keys(THD*, st_dynamic_array*, st_join_table*, unsigned int, Item*, unsigned long long, st_select_lex*, SARGABLE_PARAM**) [clone .isra.508])[0x55e9faf5cd2f]

sql/sql_select.cc:5520(make_join_statistics)[0x55e9faf8ea63]

sql/sql_select.cc:1897(JOIN::optimize())[0x55e9faf90af3]

sql/sql_lex.cc:4876(st_select_lex::optimize_unflattened_subqueries(bool))[0x55e9faf0016e]

sql/sql_select.cc:3382(JOIN::optimize_stage2())[0x55e9faf8a5da]

sql/sql_select.cc:2585(JOIN::optimize_inner())[0x55e9faf8e906]

sql/sql_select.cc:1897(JOIN::optimize())[0x55e9faf90af3]

sql/sql_select.cc:5098(mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x55e9faf90bd9]

sql/sql_select.cc:586(handle_select(THD*, LEX*, select_result*, unsigned long long))[0x55e9faf913be]

sql/sql_parse.cc:6289(execute_sqlcom_select(THD*, TABLE_LIST*))[0x55e9faf1ccee]

sql/sql_parse.cc:6025(mysql_execute_command(THD*, bool))[0x55e9faf263f1]

sql/sql_parse.cc:8051(mysql_parse(THD*, char*, unsigned int, Parser_state*))[0x55e9faf183af]

sql/sql_parse.cc:1865(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool))[0x55e9faf23104]

sql/sql_parse.cc:1407(do_command(THD*, bool))[0x55e9faf2460b]

sql/sql_connect.cc:1416(do_handle_one_connection(CONNECT*, bool))[0x55e9fb02ebbf]

sql/sql_connect.cc:1318(handle_one_connection)[0x55e9fb02eefd]

perfschema/pfs.cc:2204(pfs_spawn_thread)[0x55e9fb32ee85]

nptl/pthread_create.c:463(start_thread)[0x7f45eb67d6db]

x86_64/clone.S:97(clone)[0x7f45ea7df61f]

Trying to get some variables.

Some pointers may be invalid and cause the dump to abort.

Query (0x7f450c015390): SELECT ra3 . c0 FROM t0 ra2 STRAIGHT_JOIN t0 ra3 WHERE ra3 . c0 > ra3 . c0 HAVING ra3 . c0 IN ( SELECT ra3 . c0 ca0 FROM t0 ra4 WHERE ra4 . c0 = ( ra3 . c0 ) )

Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,engine_condition_pushdown=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on,not_null_range_scan=off,hash_join_cardinality=off

Attachments

Issue Links

duplicates

MDEV-28509 Server crash via Item_func_ne::add_key_fields in /sql/sql_bitmap.h:196, member access within null pointer of type 'struct JOIN_TAB' in add_key_field

In Review

relates to

MDEV-22825 Server crashes in Bitmap<64u>::merge / add_key_field with condition_pushdown_for_subquery=on

Confirmed

MDEV-29017 SIGSEGV in Bitmap<64u>::merge on SELECT

Confirmed

Activity

People

Assignee:: Sergei Petrunia

Reporter:: jiaqi

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2023-09-04 08:42

Updated:: 2023-10-04 09:32

Resolved:: 2023-10-04 09:32

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.