Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-32284

MariaDB server crashes in sub-select optimization

    XMLWordPrintable

Details

    • Bug
    • Status: Confirmed (View Workflow)
    • Major
    • Resolution: Unresolved
    • 10.4, 10.5, 10.6, 10.9, 10.10, 10.11, 11.0, 11.3
    • 10.4, 10.5, 10.6, 10.11, 11.1, 11.2
    • Server
    • None
    • Ubuntu Desktop 20.04 LTS
      Intel(R) Core(TM) i7-10700 CPU @ 2.90GHz

    Description

      The latest version of MariDB Server: Git commit hash: (905c3d61e18ae6222d0d195c43d335046eec65d9) crashes when executing the following query:

      drop database if exists test1;
      create database test1;
      use test1;
      create table v1099(c1100 INT);
      INSERT v1099 SET c1100 = DEFAULT ;
      ( SELECT * FROM v1099 LOCK IN SHARE MODE ) ORDER BY c1100 , EXISTS ( SELECT * UNION SELECT * ) = c1100 ;

      Here is the crashing stack trace from version: 905c3d61e18

      #0 0x000000000105ddcc in st_select_lex_unit::optimize (this=<optimized out>) at /home/mysql/mariadb/sql/sql_union.cc:2249
      #1 0x000000000105e6e4 in st_select_lex_unit::exec_inner (this=0xffff7f07a188) at /home/mysql/mariadb/sql/sql_union.cc:2310
      #2 0x000000000104f9e8 in st_select_lex_unit::exec (this=0xffff7f07a188) at /home/mysql/mariadb/sql/sql_union.cc:2292
      #3 0x0000000001accf54 in subselect_union_engine::exec (this=<optimized out>) at /home/mysql/mariadb/sql/item_subselect.cc:4187
      #4 0x0000000001aa5370 in Item_subselect::exec (this=0xffff7f07b498) at /home/mysql/mariadb/sql/item_subselect.cc:812
      #5 0x0000000001ab0770 in Item_exists_subselect::val_int (this=0xffff7f07b498) at /home/mysql/mariadb/sql/item_subselect.cc:1840
      #6 0x0000000001821df0 in Arg_comparator::compare_int_signed (this=0xffff7f07b880) at /home/mysql/mariadb/sql/item_cmpfunc.cc:944
      #7 0x000000000182be1c in Arg_comparator::compare (this=<optimized out>) at /home/mysql/mariadb/sql/item_cmpfunc.h:104
      #8 Item_func_eq::val_int (this=<optimized out>) at /home/mysql/mariadb/sql/item_cmpfunc.cc:1780
      #9 0x000000000170d210 in Type_handler_int_result::make_sort_key_part (this=<optimized out>, to=0xffff81814d1d '\276' <repeats 200 times>..., item=0xffff7f07b7c8,
      sort_field=0xffff7f0dd560, tmp_buffer=0xffff81368a88) at /home/mysql/mariadb/sql/filesort.cc:1245
      #10 0x000000000170ae1c in make_sortkey (param=<optimized out>, to=0xffff81814d1d '\276' <repeats 200 times>...) at /home/mysql/mariadb/sql/filesort.cc:2954
      #11 make_sortkey (param=<optimized out>, to=<optimized out>, ref_pos=<optimized out>, using_packed_sortkeys=<optimized out>) at /home/mysql/mariadb/sql/filesort.cc:1414
      #12 0x0000000001706558 in find_all_keys (thd=0xffff58662218, param=0xffff81368a10, select=0xffff7f0dad58, fs_info=0xffff7da09a40, buffpek_pointers=0xffff813688d0,
      tempfile=0xffff81368790, pq=0x0, found_rows=0xffff7da09bb8) at /home/mysql/mariadb/sql/filesort.cc:1030
      #13 filesort (thd=0xffff58662218, table=0x18, filesort=<optimized out>, tracker=0xffff7f0db110, join=<optimized out>, first_table_bit=<optimized out>)
      at /home/mysql/mariadb/sql/filesort.cc:408
      #14 0x0000000000e996e0 in create_sort_index (thd=0xffff58662218, join=0xffff7f0d3190, tab=0xffff7f0dc238, fsort=0xffff7f0daef0)
      at /home/mysql/mariadb/sql/sql_select.cc:26843
      #15 0x0000000000e991d0 in st_join_table::sort_table (this=0xffff7f0dc238) at /home/mysql/mariadb/sql/sql_select.cc:24485
      #16 0x0000000000e170c4 in join_init_read_record (tab=0xffff7f0dc238) at /home/mysql/mariadb/sql/sql_select.cc:24405
      #17 0x0000000000da1a9c in sub_select (join=0xffff7f0d3190, join_tab=0xffff7f0dc238, end_of_records=<optimized out>) at /home/mysql/mariadb/sql/sql_select.cc:23441
      #18 0x0000000000e1f3f8 in do_select (join=0xffff7f0d3190, procedure=0x0) at /home/mysql/mariadb/sql/sql_select.cc:22961
      #19 JOIN::exec_inner (this=0xffff7f0d3190) at /home/mysql/mariadb/sql/sql_select.cc:4941
      #20 0x0000000000e1c110 in JOIN::exec (this=0xffff7f0d3190) at /home/mysql/mariadb/sql/sql_select.cc:4718
      #21 0x0000000000da4580 in mysql_select (thd=0xffff58662218, tables=<optimized out>, fields=..., conds=<optimized out>, og_num=<optimized out>, order=<optimized out>,
      group=<optimized out>, having=<optimized out>, proc_param=0x0, select_options=<optimized out>, result=0xffff7f07c1d8, unit=0xffff58666590, select_lex=0xffff7f07ba98)
      at /home/mysql/mariadb/sql/sql_select.cc:5249
      #22 0x0000000000da36bc in handle_select (thd=0xffff58662218, lex=0xffff586664b0, result=0xffff7f07c1d8, setup_tables_done_option=0)
      at /home/mysql/mariadb/sql/sql_select.cc:628
      #23 0x0000000000cc9b24 in execute_sqlcom_select (thd=0xffff58662218, all_tables=<optimized out>) at /home/mysql/mariadb/sql/sql_parse.cc:6012
      #24 0x0000000000cae820 in mysql_execute_command (thd=0xffff58662218, is_called_from_prepared_stmt=<optimized out>) at /home/mysql/mariadb/sql/sql_parse.cc:3911
      #25 0x0000000000c9aa54 in mysql_parse (thd=0xffff58662218, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>)
      at /home/mysql/mariadb/sql/sql_parse.cc:7732
      #26 0x0000000000c8fb18 in dispatch_command (command=<optimized out>, thd=0xffff58662218, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>)
      at /home/mysql/mariadb/sql/sql_parse.cc:1893
      #27 0x0000000000c9b920 in do_command (thd=0xffff58662218, blocking=true) at /home/mysql/mariadb/sql/sql_parse.cc:1406
      #28 0x00000000011d5160 in do_handle_one_connection (connect=<optimized out>, put_in_cache=<optimized out>) at /home/mysql/mariadb/sql/sql_connect.cc:1445
      #29 0x00000000011d4a88 in handle_one_connection (arg=0xffff8024afb8) at /home/mysql/mariadb/sql/sql_connect.cc:1347
      #30 0x00000000020a6ee8 in pfs_spawn_thread (arg=0xffff7ea10398) at /home/mysql/mariadb/storage/perfschema/pfs.cc:2201
      #31 0x0000ffff85c11624 in start_thread (arg=0x816fa0 <asan_thread_start(void*)>) at pthread_create.c:477
      #32 0x0000ffff8593349c in thread_start () at ../sysdeps/unix/sysv/linux/aarch64/clone.S:78

      Some other useful information:

      Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,engine_condition_pushdown=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on,not_null_range_scan=off,hash_join_cardinality=on,sargable_casefold=on

      I am not sure whether the bug has the same root cause of MDEV-29411. It does share a different crash stack. And I believe the bug introduced commit is:

      commit de745ecf29721795710910a19bd0ea3389da804c
      Author: Oleksandr Byelkin <sanja@mariadb.com>
      Date: Tue May 22 19:08:39 2018 +0200

      MDEV-11953: support of brackets in UNION/EXCEPT/INTERSECT operations

      Attachments

        Activity

          People

            sanja Oleksandr Byelkin
            luy70 Yu Liang
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.