[MDEV-5635] Server crashes in in Item_equal_iterator<List_iterator_fast, Item>::get_curr_field - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 10.0.8
Fix Version/s: 10.0.9
Component/s: None
Labels:
None

Description

The problem appeared on 10.0 tree with the following revision:

revno: 3969 [merge]

revision-id: psergey@askmonty.org-20140204093411-9vbu0o4aw9r15vpb

parent: bar@mnogosearch.org-20140204080500-hjlub3377pfzaxv8

parent: psergey@askmonty.org-20140204092710-2yt5ysa5ej3l2c03

committer: Sergey Petrunya <psergey@askmonty.org>

branch nick: 10.0-push

timestamp: Tue 2014-02-04 13:34:11 +0400

message:

  Merge

    ------------------------------------------------------------

    revno: 3966.1.1

    revision-id: psergey@askmonty.org-20140204092710-2yt5ysa5ej3l2c03

    parent: bar@mnogosearch.org-20140203051303-r0bmwq1x52wc0f65

    committer: Sergey Petrunya <psergey@askmonty.org>

    branch nick: 10.0

    timestamp: Tue 2014-02-04 13:27:10 +0400

    message:

      MDEV-5606: range optimizer: "x < y" is sargable, while "y > x" is not

      Port to mariadb-1.0 the following fix from mysql-5.6:

        Revision ID: jorgen.loland@oracle.com-20120314131055-ml54x9deueqfsff4

        BUG#13701206: WHERE A>=B DOES NOT GIVE SAME EXECUTION PLAN

                      AS WHERE B<=A (RANGE OPTIMIZER)

      that fix didn't have a public testcase, so I created one.

Test case:

CREATE TABLE t1 (a VARCHAR(3) NOT NULL) ENGINE=MyISAM;

INSERT INTO t1 VALUES ('foo');

CREATE TABLE t2 (b VARCHAR(3), c VARCHAR(3), INDEX(b)) ENGINE=MyISAM;

INSERT INTO t2 VALUES ('bar', 'bar'),( 'qux', 'qux');

SELECT STRAIGHT_JOIN * FROM t1, t2 AS t2_1, t2 AS t2_2

WHERE t2_2.c = t2_1.c AND t2_2.b = t2_1.b AND ( a IS NULL OR t2_1.c = a );

#2  0x0000000000850ff9 in handle_fatal_signal (sig=11) at 10.0/sql/signal_handler.cc:262

#3  <signal handler called>

#4  0x00000000006e35fa in Item_equal_iterator<List_iterator_fast, Item>::get_curr_field (this=0x7fdc1ac77a20) at 10.0/sql/item_cmpfunc.h:1939

#5  0x000000000096b5e9 in get_full_func_mm_tree (param=0x7fdc1ac77dd0, cond_func=0x7fdc1074deb0, field_item=0x7fdc1074c188, value=0x7fdc104606b0, inv=false) at 10.0/sql/opt_range.cc:7786

#6  0x000000000096c39c in get_mm_tree (param=0x7fdc1ac77dd0, cond=0x7fdc1074deb0) at 10.0/sql/opt_range.cc:7990

#7  0x0000000000961195 in SQL_SELECT::test_quick_select (this=0x7fdc1053ed90, thd=0x7fdc13335070, keys_to_use=..., prev_tables=13835058055282163713, limit=18446744073709551615, force_quick_range=false, ordered_output=false) at 10.0/sql/opt_range.cc:3071

#8  0x00000000006b8537 in make_join_select (join=0x7fdc1074c518, select=0x7fdc10754b78, cond=0x7fdc10460cb0) at 10.0/sql/sql_select.cc:9481

#9  0x00000000006a203b in JOIN::optimize_inner (this=0x7fdc1074c518) at 10.0/sql/sql_select.cc:1522

#10 0x00000000006a03a8 in JOIN::optimize (this=0x7fdc1074c518) at 10.0/sql/sql_select.cc:1013

#11 0x00000000006a7f13 in mysql_select (thd=0x7fdc13335070, rref_pointer_array=0x7fdc133396a0, tables=0x7fdc1045f348, wild_num=1, fields=..., conds=0x7fdc10460cb0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748610, result=0x7fdc1074c4f8, unit=0x7fdc13338d48, select_lex=0x7fdc13339428) at 10.0/sql/sql_select.cc:3278

#12 0x000000000069e6ff in handle_select (thd=0x7fdc13335070, lex=0x7fdc13338c88, result=0x7fdc1074c4f8, setup_tables_done_option=0) at 10.0/sql/sql_select.cc:372

#13 0x00000000006737b1 in execute_sqlcom_select (thd=0x7fdc13335070, all_tables=0x7fdc1045f348) at 10.0/sql/sql_parse.cc:5301

#14 0x000000000066bb5c in mysql_execute_command (thd=0x7fdc13335070) at 10.0/sql/sql_parse.cc:2587

#15 0x0000000000675f3b in mysql_parse (thd=0x7fdc13335070, rawbuf=0x7fdc1045f088 "SELECT STRAIGHT_JOIN * FROM t1, t2 AS t2_1, t2 AS t2_2\nWHERE t2_2.c = t2_1.c AND t2_2.b = t2_1.b AND ( a IS NULL OR t2_1.c = a )", length=128, parser_state=0x7fdc1ac7b630) at 10.0/sql/sql_parse.cc:6447

#16 0x0000000000668d09 in dispatch_command (command=COM_QUERY, thd=0x7fdc13335070, packet=0x7fdc1332b071 "SELECT STRAIGHT_JOIN * FROM t1, t2 AS t2_1, t2 AS t2_2\nWHERE t2_2.c = t2_1.c AND t2_2.b = t2_1.b AND ( a IS NULL OR t2_1.c = a )", packet_length=128) at 10.0/sql/sql_parse.cc:1308

#17 0x00000000006680ab in do_command (thd=0x7fdc13335070) at 10.0/sql/sql_parse.cc:1005

#18 0x0000000000782305 in do_handle_one_connection (thd_arg=0x7fdc13335070) at 10.0/sql/sql_connect.cc:1379

#19 0x0000000000782058 in handle_one_connection (arg=0x7fdc13335070) at 10.0/sql/sql_connect.cc:1293

#20 0x0000000000aa86f1 in pfs_spawn_thread (arg=0x7fdc13b75b70) at 10.0/storage/perfschema/pfs.cc:1853

#21 0x00007fdc1a9c9b50 in start_thread (arg=<optimized out>) at pthread_create.c:304

#22 0x00007fdc19518a7d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112

EXPLAIN also crashes. optimizer_switch does not matter, the crash happens with all OFF values as well as with the default set.

Attachments

Issue Links

relates to

MDEV-7865 Server crashes in Item_equal_iterator<List_iterator_fast, Item>::get_curr_field on query with impossible condition and OR/AND expressions

Closed

Activity

Ascending order - Click to sort in descending order

Elena Stepanova created issue - 2014-02-08 20:27

Elena Stepanova made changes - 2014-02-08 20:27

Field	Original Value	New Value
Link		This issue relates to TODO-224 [ TODO-224 ]

Jorge Manuel Silva added a comment - 2014-02-10 04:25

Not sure if this may be related with two solved bugs ~~MDEV-4274~~ and ~~MDEV-4944~~ but leaving comment here for future reference.

Jorge Manuel Silva added a comment - 2014-02-10 04:25 Not sure if this may be related with two solved bugs MDEV-4274 and MDEV-4944 but leaving comment here for future reference.

Sergei Petrunia made changes - 2014-02-10 15:28

Status

Open [ 1 ]

In Progress [ 3 ]

Sergei Petrunia added a comment - 2014-02-10 16:49

Debugging, I don't see anything apparently wrong in the code for ~~MDEV-5606~~.

I do see something wrong in Item_equal code, though:

Breakpoint 2, get_full_func_mm_tree (param=0x7ffff7f78a40, cond_func=0x7fffcbce1ba0, field_item=0x7fffcbcde188, value=0x7fffcbcd86b0, inv=false) at /home/psergey/dev2/10.0/sql/opt_range.cc:7783
(gdb) p field_item
$64 = (Item_field *) 0x7fffcbcde188
(gdb) p dbug_print_item(field_item)
$65 = 0x195cf60 "'foo'"
(gdb) p field_item
$66 = (Item_field *) 0x7fffcbcde188
(gdb)
(gdb) p item_equal
$67 = (Item_equal *) 0x7fffcbcdf9c0
(gdb) p item_equal->equal_items
$68 = {<base_list> = {<Sql_alloc> =

{<No data fields>}

, first = 0x7fffcbcdfba0, last = 0x7fffcbcdfba0, elements = 1}, <No data fields>}
(gdb) p item_equal->equal_items.head()
$69 = (Item *) 0x8f8f8f8f8f8f8f8f
(gdb) p item_equal->with_const
$70 = false

As far as I undersand, item_equal->equal_items has garbage values.

Sergei Petrunia added a comment - 2014-02-10 16:49 Debugging, I don't see anything apparently wrong in the code for MDEV-5606 . I do see something wrong in Item_equal code, though: Breakpoint 2, get_full_func_mm_tree (param=0x7ffff7f78a40, cond_func=0x7fffcbce1ba0, field_item=0x7fffcbcde188, value=0x7fffcbcd86b0, inv=false) at /home/psergey/dev2/10.0/sql/opt_range.cc:7783 (gdb) p field_item $64 = (Item_field *) 0x7fffcbcde188 (gdb) p dbug_print_item(field_item) $65 = 0x195cf60 "'foo'" (gdb) p field_item $66 = (Item_field *) 0x7fffcbcde188 (gdb) (gdb) p item_equal $67 = (Item_equal *) 0x7fffcbcdf9c0 (gdb) p item_equal->equal_items $68 = {<base_list> = {<Sql_alloc> = {<No data fields>} , first = 0x7fffcbcdfba0, last = 0x7fffcbcdfba0, elements = 1}, <No data fields>} (gdb) p item_equal->equal_items.head() $69 = (Item *) 0x8f8f8f8f8f8f8f8f (gdb) p item_equal->with_const $70 = false As far as I undersand, item_equal->equal_items has garbage values.

Sergei Petrunia made changes - 2014-02-10 16:49

Assignee

Sergei Petrunia [ psergey ]

Igor Babaev [ igor ]

Sergei Petrunia added a comment - 2014-02-10 16:50

Igor, could you please take a look?

Sergei Petrunia added a comment - 2014-02-10 16:50 Igor, could you please take a look?

Jorge Manuel Silva added a comment - 2014-02-11 03:59

Another thing.

I can indeed reproduce this bug in 10.0.8 release packages in Windows 7.
If change ENGINE=MyISAM to ENGINE=Aria or ENGINE=InnoDB, the bug no longer happens.

Is there any way to workaround this bug in MyISAM or do I have to wait for 10.0.9 release?

Jorge Manuel Silva added a comment - 2014-02-11 03:59 Another thing. I can indeed reproduce this bug in 10.0.8 release packages in Windows 7. If change ENGINE=MyISAM to ENGINE=Aria or ENGINE=InnoDB, the bug no longer happens. Is there any way to workaround this bug in MyISAM or do I have to wait for 10.0.9 release?

Sergei Golubchik made changes - 2014-03-06 11:21

Resolution		Fixed [ 1 ]
Status	In Progress [ 3 ]	Closed [ 6 ]

Sergei Golubchik made changes - 2014-06-13 15:06

Workflow

defaullt [ 34224 ]

MariaDB v2 [ 43021 ]

Rasmus Johansson (Inactive) made changes - 2015-05-18 17:50

Workflow

MariaDB v2 [ 43021 ]

MariaDB v3 [ 62060 ]

Alice Sherepa made changes - 2018-07-11 10:03

Link

This issue relates to ~~MDEV-16727~~ [ ~~MDEV-16727~~ ]

Alice Sherepa made changes - 2018-07-11 10:12

Link

This issue relates to ~~MDEV-16727~~ [ ~~MDEV-16727~~ ]

Varun Gupta (Inactive) made changes - 2018-07-23 13:18

Link

This issue relates to ~~MDEV-7865~~ [ ~~MDEV-7865~~ ]

Sergei Golubchik made changes - 2021-12-06 21:39

Workflow

MariaDB v3 [ 62060 ]

MariaDB v4 [ 147482 ]

People

Assignee:: Igor Babaev (Inactive)

Reporter:: Elena Stepanova

Votes:: 1 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2014-02-08 20:27

Updated:: 2018-07-23 13:18

Resolved:: 2014-03-06 11:21

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server

Details

Description

Attachments

Issue Links

Activity

People

Dates

Git Integration