Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Duplicate
-
11.3.0, 10.4(EOL), 10.5, 10.6, 10.9(EOL), 10.10(EOL), 10.11, 11.0(EOL), 11.1(EOL), 11.2(EOL)
-
None
-
Ubuntu 20.04
Description
Run these queries in release build:
CREATE TABLE t0 ( c38 DOUBLE ( 87 , 18 ) ) ;
INSERT INTO t0 VALUES ( DEFAULT ) , ( DEFAULT ) ;
CREATE INDEX i0 ON t0 ( c38 ) ;
INSERT INTO t0 VALUES ( 34 ) , ( -14 ) ;
SELECT t0 . c38 AS c5 FROM ( SELECT c38 AS c27 FROM t0 ) AS t1 JOIN t0 ON t0 . c38 >= LN ( c27 IS TRUE ) LIKE EXISTS ( SELECT SPACE ( c24 ) - UNHEX ( c38 ) + STD( ORD ( -26 ) & RADIANS ( 62 ) / TRIM( LEADING 110 FROM 'a4~mq;A825}$&%(C
.!
{S&pATQJb%F}qU@UH?VHFyU4%))Gx' ) AND -19.704435 | ACOS ( -69 IS TRUE ) ) % + RAND ( CONVERT ( -75 , UNSIGNED ) IN ( -64 , 10 , -118 ) XOR -85 = MAKE_SET ( 11 , ROUND ( -89 , -20 ) SOUNDS LIKE TRIM( TRAILING FROM 34 ) AND RAND ( ) ) ) AS c17 FROM ( SELECT t2 . c38 AS c24 FROM t0 LEFT OUTER JOIN t0 AS t2 USING ( c38 ) ) AS t3 JOIN t0 ON t3 . c24 = t0 . c38 GROUP BY c38 , c24 UNION SELECT c38 + 35 AS c48 FROM t0 WHERE c38 IN ( SELECT c38 AS c12 FROM t0 ) ) ;
Will trigger Segmentation fault.
GDB info:
Thread 16 "mariadbd" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffe011a700 (LWP 45648)]
join_read_next_same (info=0x7fff940a6658) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:24300
24300 JOIN_TAB *tab=table->reginfo.join_tab;
(gdb) p table
$14 = (TABLE *) 0x0
#0 join_read_next_same (info=0x7fff940a6658)
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:24300
#1 0x0000555555dbf837 in READ_RECORD::read_record (this=0x7fff940a6658)
at /home/wx/mariadb-11.3.0/sql/records.h:81
#2 sub_select (join=0x7fff9408bac0, join_tab=0x7fff940a6588, end_of_records=false)
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:23461
#3 0x0000555555dad6d4 in evaluate_join_record (join=join@entry=0x7fff9408bac0,
join_tab=join_tab@entry=0x7fff940a6110, error=<optimized out>)
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:23677
#4 0x0000555555dbf874 in sub_select (join=0x7fff9408bac0, join_tab=0x7fff940a6110,
end_of_records=false) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:23481
#5 0x0000555555df19b2 in do_select (procedure=<optimized out>, join=0x7fff9408bac0)
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:22961
#6 JOIN::exec_inner (this=this@entry=0x7fff9408bac0)
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4941
#7 0x0000555555df1d78 in JOIN::exec (this=0x7fff9408bac0)
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4718
#8 0x0000555555e444bc in st_select_lex_unit::exec_inner (this=0x7fff9407b198)
at /home/wx/mariadb-11.3.0/sql/sql_union.cc:2389
#9 0x0000555555e44821 in st_select_lex_unit::exec (this=<optimized out>)
at /home/wx/mariadb-11.3.0/sql/sql_union.cc:2292
#10 0x00005555560af942 in subselect_union_engine::exec (this=0x7fff9407e860)
at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:4187
#11 0x00005555560b040c in Item_subselect::exec (this=0x7fff9407e6b8)
at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:812
#12 0x00005555560af1a3 in Item_exists_subselect::val_str (this=0x7fff9407e6b8,
str=0x7fff9407ea38) at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:1865
#13 0x0000555556023f3d in Item_func_like::val_int (this=0x7fff9407e918)
at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.cc:5721
#14 0x00005555560464b2 in Item_int_func::val_real (this=<optimized out>)
at /home/wx/mariadb-11.3.0/sql/item_func.cc:753
#15 0x00005555560104d4 in Arg_comparator::compare_real_fixed (this=0x7fff9407eb18)
at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.cc:914
#16 0x0000555556010d2f in Arg_comparator::compare (this=<optimized out>)
at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.h:104
#17 Item_func_ge::val_int (this=<optimized out>)
at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.cc:1812
#18 0x0000555555ec7e3c in SQL_SELECT::skip_record (this=<optimized out>, thd=0x7fff94000c58)
at /home/wx/mariadb-11.3.0/sql/opt_range.h:1914
#19 JOIN_CACHE::check_match (rec_ptr=0x7fff940253b3 <incomplete sequence \375>,
this=0x7fff94094060) at /home/wx/mariadb-11.3.0/sql/sql_join_cache.cc:2560
#20 JOIN_CACHE::generate_full_extensions (this=0x7fff94094060,
rec_ptr=0x7fff940253b3 <incomplete sequence \375>)
at /home/wx/mariadb-11.3.0/sql/sql_join_cache.cc:2503
#21 0x0000555555ec8297 in JOIN_CACHE::join_matching_records (this=0x7fff94094060,
skip_last=false) at /home/wx/mariadb-11.3.0/sql/sql_join_cache.cc:2403
#22 0x0000555555ec7bf3 in JOIN_CACHE::join_records (this=this@entry=0x7fff94094060,
skip_last=skip_last@entry=false) at /home/wx/mariadb-11.3.0/sql/sql_join_cache.cc:2158
#23 0x0000555555dbfcba in sub_select_cache (join=0x7fff9407fdd0, join_tab=0x7fff94092fc8,
end_of_records=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:23192
#24 0x0000555555df1814 in do_select (procedure=<optimized out>, join=0x7fff9407fdd0)
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:22963
#25 JOIN::exec_inner (this=this@entry=0x7fff9407fdd0)
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4941
#26 0x0000555555df1d78 in JOIN::exec (this=this@entry=0x7fff9407fdd0)
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4718
#27 0x0000555555defe1c in mysql_select (thd=thd@entry=0x7fff94000c58, tables=0x7fff94014e08,
fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0,
select_options=<optimized out>, result=0x7fff9407fda8, unit=0x7fff94004ee8,
select_lex=0x7fff94013210) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:5249
#28 0x0000555555df0607 in handle_select (thd=thd@entry=0x7fff94000c58,
lex=lex@entry=0x7fff94004e08, result=result@entry=0x7fff9407fda8,
setup_tables_done_option=setup_tables_done_option@entry=0)
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:628
#29 0x0000555555d6de41 in execute_sqlcom_select (thd=thd@entry=0x7fff94000c58,
all_tables=0x7fff94014e08) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:6013
#30 0x0000555555d7c2aa in mysql_execute_command (thd=thd@entry=0x7fff94000c58,
is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false)
at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:3912
#31 0x0000555555d68c27 in mysql_parse (thd=0x7fff94000c58, rawbuf=<optimized out>,
length=<optimized out>, parser_state=<optimized out>)
at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:7734
#32 0x0000555555d74fdd in dispatch_command (command=command@entry=COM_QUERY,
thd=thd@entry=0x7fff94000c58, packet=packet@entry=0x7fff94008509 "",
packet_length=packet_length@entry=696, blocking=blocking@entry=true)
at /home/wx/mariadb-11.3.0/sql/sql_class.h:251
#33 0x0000555555d7721e in do_command (thd=0x7fff94000c58, blocking=blocking@entry=true)
at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:1406
#34 0x0000555555e9a617 in do_handle_one_connection (connect=<optimized out>,
connect@entry=0x555557e0c5c8, put_in_cache=put_in_cache@entry=true)
at /home/wx/mariadb-11.3.0/sql/sql_connect.cc:1445
#35 0x0000555555e9a94d in handle_one_connection (arg=arg@entry=0x555557e0c5c8)
at /home/wx/mariadb-11.3.0/sql/sql_connect.cc:1347
#36 0x00005555561e658d in pfs_spawn_thread (arg=0x555557db5e18)
at /home/wx/mariadb-11.3.0/storage/perfschema/pfs.cc:2201
#37 0x00007ffff7b48609 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
#38 0x00007ffff7719133 in clone () from /lib/x86_64-linux-gnu/libc.so.6
Attachments
Issue Links
- relates to
-
-
- Closed
-
-
-
- In Review
-
Activity
For UNION queries, and when cleaning up the JOIN structure on the subquery within the LIKE clause, we invoke ha_end_keyread() on the underlying file for table t0. This wouldn't normally be an issue, but we're not done with table t0. During join_read_first we see that the keyread value is MAX_KEY (64) which is set during ha_end_keyread() and we fail the assertion.
Queries like the following
SELECT t0.a FROM ( SELECT a AS a1 FROM t0 ) dt
JOIN t0 ON a1 LIKE EXISTS ( SELECT a + RAND () FROM t0 UNION SELECT a FROM t0) ;
are uncacheable because the subquery found within the EXISTS clause calls RAND(). This means that we have to re-execute the subquery and cannot rely on prior cached results. The subquery, as well as the parent query, both refer to table t0. However, when the subquery finishes executing, it will invoke ha_end_keyread() and set keyread to MAX_KEY. This is done too early because the outer query still requires t0. To overcome this, I took a couple of different approaches before finding something that works:
Approach 1 (not using this approach): Compare with release build, which does not crash, and see if the keyread check is required. We assume that by the time we close tables, all keyread values have been reset to MAX_KEY. Such assertions aren't present during release builds and no ill behaviors appear.
Approach 2 (not using this approach): Do not all subquery engine to execute again for UNCACHEABLE_RAND queries. However, RAND() would not be re-evaluated in this case. This approach addresses the crash.
Approach 3 (this is the approach that I've implemented): Be smarter about when we invoke ha_end_keyread(), delaying it until the end of the outer query's execution.
The last approach, number three, involves checking to see if a table in the outer query is used in a subquery and marking it as used. If, when we are about to invoke ha_end_keyread() we see that the table is so marked (and we are running in a subselect), then we delay invoking ha_end_keyread().
Thank you! I repeated on 10.4-11.2
mysqld: /10.4/src/sql/sql_select.cc:21905: int join_read_first(JOIN_TAB*): Assertion `table->no_keyread || !table->covering_keys.is_set(tab->index) || table->file->keyread == tab->index' failed.231013 17:52:52 [ERROR] mysqld got signal 6 ;Server version: 10.4.32-MariaDB-debug-log source revision: 0c7af6a2a19343cb9d4fedbd7165b8f73bc4cf96/lib/x86_64-linux-gnu/libc.so.6(+0x33fd6)[0x7f5e93193fd6]sql/sql_select.cc:21908(join_read_first(st_join_table*))[0x564cb490295b]sql/sql_select.cc:20899(sub_select(JOIN*, st_join_table*, bool))[0x564cb48fb032]sql/sql_select.cc:20423(do_select(JOIN*, Procedure*))[0x564cb48f8f94]sql/sql_select.cc:4605(JOIN::exec_inner())[0x564cb4886adc]sql/sql_select.cc:4388(JOIN::exec())[0x564cb488410c]sql/sql_union.cc:1603(st_select_lex_unit::exec())[0x564cb4a7ca6a]sql/item_subselect.cc:4049(subselect_union_engine::exec())[0x564cb51c98d9]sql/item_subselect.cc:758(Item_subselect::exec())[0x564cb51a3d58]sql/item_subselect.cc:1742(Item_exists_subselect::val_str(String*))[0x564cb51ae80d]sql/item_cmpfunc.cc:5543(Item_func_like::val_int())[0x564cb506efc5]sql/sql_select.cc:20997(evaluate_join_record(JOIN*, st_join_table*, int))[0x564cb48fbeb4]sql/sql_select.cc:20941(sub_select(JOIN*, st_join_table*, bool))[0x564cb48fb854]sql/sql_select.cc:20423(do_select(JOIN*, Procedure*))[0x564cb48f8f94]sql/sql_select.cc:4605(JOIN::exec_inner())[0x564cb4886adc]sql/sql_select.cc:4388(JOIN::exec())[0x564cb488410c]sql/sql_select.cc:4828(mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x564cb48882e8]sql/sql_select.cc:442(handle_select(THD*, LEX*, select_result*, unsigned long))[0x564cb4858de0]sql/sql_parse.cc:6475(execute_sqlcom_select(THD*, TABLE_LIST*))[0x564cb47c4be4]sql/sql_parse.cc:3978(mysql_execute_command(THD*))[0x564cb47b235b]sql/sql_parse.cc:8012(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x564cb47ce0bf]sql/sql_parse.cc:1860(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x564cb47a44e5]sql/sql_parse.cc:1378(do_command(THD*))[0x564cb47a1010]sql/sql_connect.cc:1420(do_handle_one_connection(CONNECT*))[0x564cb4baedeb]sql/sql_connect.cc:1325(handle_one_connection)[0x564cb4bae68f]perfschema/pfs.cc:1871(pfs_spawn_thread)[0x564cb5859274]nptl/pthread_create.c:478(start_thread)[0x7f5e936ae609]Query (0x62b0000a1290): SELECT t0.a FROM ( SELECT a AS a1 FROM t0 ) dtJOIN t0 ON a1 LIKE EXISTS ( SELECT a + RAND () FROM t0 UNION SELECT a FROM t0)