[MDEV-5410] Server crashes in Bitmap<64u>::intersect on a FROM SQ with UNION, PS protocol - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 5.1.67, 5.2.14, 5.3.12, 5.5.34, 10.0.6
Fix Version/s: 5.5.35, 10.0.7, 5.1.73, 5.2.15, 5.3.13
Component/s: None
Labels:
None

Description

The problem was revealed by the test case introduced in revno 3733 on 5.3 tree, but the bug existed before, in all of MariaDB 5.1-10.0. It is also repeatable on MySQL 5.1 and 5.5, but not 5.6.

Test case (taken from main.union of revno 3733, unchanged):

CREATE TABLE t1 (a int DEFAULT NULL);

INSERT INTO t1 VALUES (2), (4);

CREATE TABLE t2 (b int DEFAULT NULL);

INSERT INTO t2 VALUES (1), (3);

SELECT c1 FROM (SELECT (SELECT a FROM t1 WHERE t1.a <= t2.b

                         UNION ALL

                         SELECT a FROM t1 WHERE t1.a+3<= t2.b

                         ORDER BY a DESC) AS c1 FROM t2) t3;

DROP TABLE t1,t2;

Stack trace from 5.1:

#3  <signal handler called>

#4  0x00000000005d6e87 in Bitmap<64u>::intersect (this=0x7f7747f7cad0, map2=...) at sql_bitmap.h:153

#5  0x000000000073baba in test_if_skip_sort_order (tab=0x3573240, order=0x3523670, select_limit=18446744073709551615, no_changes=false, map=0x3525bd8) at sql_select.cc:13794

#6  0x000000000073d56d in create_sort_index (thd=0x7f774001f2f8, join=0x357c060, order=0x3523670, filesort_limit=18446744073709551615, select_limit=18446744073709551615, is_order_by=false) at sql_select.cc:14368

#7  0x000000000071e7f7 in JOIN::exec (this=0x357c060) at sql_select.cc:2310

#8  0x0000000000866c17 in st_select_lex_unit::exec (this=0x3521b70) at sql_union.cc:652

#9  0x000000000064e82d in subselect_union_engine::exec (this=0x35237d0) at item_subselect.cc:2052

#10 0x0000000000648e95 in Item_subselect::exec (this=0x35236b0) at item_subselect.cc:292

#11 0x0000000000649cc9 in Item_singlerow_subselect::val_int (this=0x35236b0) at item_subselect.cc:606

#12 0x00000000005cef05 in Item::save_in_field (this=0x35236b0, field=0x3527500, no_conversions=false) at item.cc:5206

#13 0x000000000070671a in fill_record (thd=0x7f774001f2f8, ptr=0x352cbc0, values=..., ignore_errors=true) at sql_base.cc:8480

#14 0x0000000000864b6b in select_union::send_data (this=0x3505ff0, values=...) at sql_union.cc:61

#15 0x0000000000738a77 in end_send (join=0x35060d8, join_tab=0x3529b28, end_of_records=false) at sql_select.cc:12742

#16 0x000000000073691e in evaluate_join_record (join=0x35060d8, join_tab=0x35298c8, error=0) at sql_select.cc:11910

#17 0x00000000007365b7 in sub_select (join=0x35060d8, join_tab=0x35298c8, end_of_records=false) at sql_select.cc:11786

#18 0x0000000000736067 in do_select (join=0x35060d8, fields=0x3514240, table=0x0, procedure=0x0) at sql_select.cc:11531

#19 0x000000000071eb16 in JOIN::exec (this=0x35060d8) at sql_select.cc:2361

#20 0x000000000071f33f in mysql_select (thd=0x7f774001f2f8, rref_pointer_array=0x3514308, tables=0x3523b60, wild_num=0, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2416200192, result=0x3505ff0, unit=0x35143f0, select_lex=0x3514130) at sql_select.cc:2576

#21 0x0000000000867d7c in mysql_derived_filling (thd=0x7f774001f2f8, lex=0x3512be0, orig_table_list=0x3524200) at sql_derived.cc:295

#22 0x0000000000867652 in mysql_handle_derived (lex=0x3512be0, processor=0x867bae <mysql_derived_filling(THD*, st_lex*, TABLE_LIST*)>) at sql_derived.cc:58

#23 0x00000000006ff336 in open_and_lock_tables_derived (thd=0x7f774001f2f8, tables=0x3524200, derived=true) at sql_base.cc:5182

#24 0x00000000006bded8 in open_and_lock_tables (thd=0x7f774001f2f8, tables=0x3524200) at mysql_priv.h:1637

#25 0x00000000006b6ca8 in execute_sqlcom_select (thd=0x7f774001f2f8, all_tables=0x3524200) at sql_parse.cc:5212

#26 0x00000000006ae141 in mysql_execute_command (thd=0x7f774001f2f8) at sql_parse.cc:2386

#27 0x000000000075e5e8 in Prepared_statement::execute (this=0x356ae18, expanded_query=0x7f7747f7e770, open_cursor=false) at sql_prepare.cc:3664

#28 0x000000000075d84b in Prepared_statement::execute_loop (this=0x356ae18, expanded_query=0x7f7747f7e770, open_cursor=false, packet=0x7f774008f222 "", packet_end=0x7f774008f222 "") at sql_prepare.cc:3345

#29 0x000000000075baa6 in mysqld_stmt_execute (thd=0x7f774001f2f8, packet_arg=0x7f774008f219 "\005", packet_length=9) at sql_prepare.cc:2519

#30 0x00000000006ab7ab in dispatch_command (command=COM_STMT_EXECUTE, thd=0x7f774001f2f8, packet=0x7f774008f219 "\005", packet_length=9) at sql_parse.cc:1249

#31 0x00000000006aa951 in do_command (thd=0x7f774001f2f8) at sql_parse.cc:906

#32 0x00000000006a78e6 in handle_one_connection (arg=0x7f774001f2f8) at sql_connect.cc:1238

#33 0x00007f7750fdbb50 in start_thread (arg=<optimized out>) at pthread_create.c:304

#34 0x00007f7750d25a7d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112

revision-id: sergii@pisem.net-20131129192105-0excqx2i9sj6wt8l

revno: 3210

branch-nick: 5.1

Failure in buildbot on 5.3 tree:
http://buildbot.askmonty.org/buildbot/builders/kvm-dgcov-jaunty-i386/builds/3408/steps/test_3/logs/stdio

Attachments

Activity

People

Assignee:: Igor Babaev

Reporter:: Elena Stepanova

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2013-12-07 22:59

Updated:: 2014-01-29 19:31

Resolved:: 2013-12-14 20:38

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.