[MDEV-6830] Server crashes in best_access_path after a sequence of SELECTs invollving a temptable view - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Critical
Resolution: Fixed
Affects Version/s: 5.3.12, 5.5.40, 10.0.14
Fix Version/s: 5.5.41, 10.0.16, 5.3.13
Component/s: Optimizer
Labels:
- optimizer
- regression
Environment:
cmake . -DCMAKE_BUILD_TYPE=RelWithDebInfo

Description

IMPORTANT: The crash only happens on a non-debug build (CMAKE_BUILD_TYPE-RelWithDebInfo), both on a handmade build and on release binaries. Reproduced on two mahines out of two that I tried (Debian and Windows).
On a debug build, there is no crash and no valgrind errors.

The problem appeared in 10.0 tree after this merge:

revno: 4404 [merge]

revision-id: sergii@pisem.net-20140916120805-z8w9eowbu0npzzt7

parent: jplindst@mariadb.org-20140916043700-0se7ircabn8z8ntx

parent: sergii@pisem.net-20140916120450-c892fq11sn6sqgdc

committer: Sergei Golubchik <sergii@pisem.net>

branch nick: 10.0

timestamp: Tue 2014-09-16 14:08:05 +0200

message:

  merge

which is a 5.5 merge, but I am not getting the crash on 5.5 tree (which doesn't mean the problem doesn't exist there).

Stack trace from revno 4426
#2 <signal handler called>
#3 best_access_path (join=join@entry=0x7f1235dcc020, s=s@entry=0x7f1235e6ca40, remaining_tables=remaining_tables@entry=2, idx=idx@entry=2, disable_jbuf=true, record_count=1, record_count@entry=<error reading variable: Could not find type for DW_OP_GNU_const_type>, pos=0x7f1235e6d4e0, loose_scan_pos=loose_scan_pos@entry=0x7f123fad38a0) at 10.0/sql/sql_select.cc:6003
#4 0x00000000005fe4e3 in best_extension_by_limited_search (join=join@entry=0x7f1235dcc020, remaining_tables=remaining_tables@entry=2, idx=idx@entry=2, record_count=1, read_time=0, read_time@entry=<error reading variable: Could not find type for DW_OP_GNU_const_type>, search_depth=search_depth@entry=62, prune_level=prune_level@entry=1, use_cond_selectivity=use_cond_selectivity@entry=1) at 10.0/sql/sql_select.cc:7661
#5 0x00000000005fe8ce in greedy_search (join=join@entry=0x7f1235dcc020, remaining_tables=remaining_tables@entry=2, search_depth=62, prune_level=prune_level@entry=1, use_cond_selectivity=1) at 10.0/sql/sql_select.cc:6902
#6 0x00000000005fed27 in choose_plan (join=join@entry=0x7f1235dcc020, join_tables=2) at 10.0/sql/sql_select.cc:6479
#7 0x000000000053fac4 in make_join_statistics (join=join@entry=0x7f1235dcc020, tables_list=..., conds=0x7f1235e6df00, keyuse_array=keyuse_array@entry=0x7f1235dcc328) at 10.0/sql/sql_select.cc:4023
#8 0x0000000000618044 in JOIN::optimize_inner (this=this@entry=0x7f1235dcc020) at 10.0/sql/sql_select.cc:1339
#9 0x000000000061a19d in JOIN::optimize (this=this@entry=0x7f1235dcc020) at 10.0/sql/sql_select.cc:1024
#10 0x000000000061a355 in mysql_select (thd=thd@entry=0x7f1238f31008, rref_pointer_array=rref_pointer_array@entry=0x7f1238f35540, tables=0x7f1235efc278, wild_num=<optimized out>, fields=..., conds=<optimized out>, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=result@entry=0x7f1235dd2b38, unit=unit@entry=0x7f1238f34be0, select_lex=select_lex@entry=0x7f1238f352c8) at 10.0/sql/sql_select.cc:3294
#11 0x000000000061d6b4 in handle_select (thd=0x7f1238f31008, lex=0x7f1238f34b18, result=0x7f1235dd2b38, setup_tables_done_option=0) at 10.0/sql/sql_select.cc:373
#12 0x00000000005cd03b in execute_sqlcom_select (thd=thd@entry=0x7f1238f31008, all_tables=0x7f1235efc278) at 10.0/sql/sql_parse.cc:5269
#13 0x00000000005d7d38 in mysql_execute_command (thd=thd@entry=0x7f1238f31008) at 10.0/sql/sql_parse.cc:2552
#14 0x00000000005da55c in mysql_parse (parser_state=0x7f123fad6160, thd=0x7f1238f31008, rawbuf=<optimized out>, length=<optimized out>) at 10.0/sql/sql_parse.cc:6415
#15 mysql_parse (thd=0x7f1238f31008, rawbuf=<optimized out>, length=76, parser_state=0x7f123fad6160) at 10.0/sql/sql_parse.cc:6336
#16 0x00000000005dbc25 in dispatch_command (command=COM_QUERY, thd=0x7f1238f31008, packet=<optimized out>, packet_length=<optimized out>) at 10.0/sql/sql_parse.cc:1307
#17 0x0000000000682bed in do_handle_one_connection (thd_arg=thd_arg@entry=0x7f1238f31008) at 10.0/sql/sql_connect.cc:1379
#18 0x0000000000682cb0 in handle_one_connection (arg=arg@entry=0x7f1238f31008) at 10.0/sql/sql_connect.cc:1293
#19 0x00000000009d0f24 in pfs_spawn_thread (arg=0x7f123d02d608) at 10.0/storage/perfschema/pfs.cc:1860
#20 0x00007f123f6c3b50 in start_thread (arg=<optimized out>) at pthread_create.c:304
#21 0x00007f123d97a20d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112

Test case is weird, but I couldn't remove anything else from it. All 3 selects seem to be important, as well as all multiple fields in the tables, even though they are not used.

This particular test case only causes a crash on 10.0, but I am getting similar crashes on 5.5.40 as well.

Test case
CREATE TABLE t1 (pk INT PRIMARY KEY) ENGINE=MyISAM;

CREATE TABLE t2 (
f1 DATE,
f2 VARCHAR(1024),
f3 VARCHAR(10),
f4 DATE,
f5 VARCHAR(10),
f6 VARCHAR(10),
f7 VARCHAR(10),
f8 DATETIME,
f9 INT,
f10 VARCHAR(1024),
f11 VARCHAR(1024),
f12 INT,
f13 VARCHAR(1024)
) ENGINE=MyISAM;

CREATE OR REPLACE VIEW v2 AS SELECT * FROM t2;

CREATE TABLE t3 (
f1 VARCHAR(1024),
f2 VARCHAR(1024),
f3 DATETIME,
f4 VARCHAR(10),
f5 INT,
f6 VARCHAR(10),
f7 VARCHAR(1024),
f8 VARCHAR(10),
f9 INT,
f10 DATE,
f11 INT,
f12 VARCHAR(1024),
f13 VARCHAR(10),
f14 DATE,
f15 DATETIME
) ENGINE=MyISAM;

CREATE OR REPLACE ALGORITHM=TEMPTABLE VIEW v3 AS SELECT * FROM t3;

INSERT INTO t3 VALUES
('FOO','foo','2000-08-04 00:00:00','one',1,'1','FOO','foo',1,'2004-05-09',1,'one','one','2001-12-07','2001-10-17 08:25:04'),
('BAR','bar','2001-01-01 04:52:37','two',2,'2','BAR','bar',2,'2008-01-01',2,'two','two','2006-06-19','2002-01-01 08:22:49');

CREATE TABLE t4 (f1 VARCHAR(10), f2 INT) ENGINE=MyISAM;

SELECT * FROM t1;

--error ER_BAD_FIELD_ERROR
SELECT non_existing FROM v2;

SELECT * FROM t1, v3, t4 WHERE v3.f1 = t4.f1 AND t4.f2 = 6 AND t1.pk = v3.f5;

Attachments

Activity

Ascending order - Click to sort in descending order

Elena Stepanova added a comment - 2014-11-04 14:02 - edited

More stack traces that I am getting in buildbot presumably due to the same bug (for searching purposes).

on 5.5.40
mysqld.exe!store_key::store_key()[sql_select.h:1512]
mysqld.exe!create_ref_for_key()[sql_select.cc:8127]
mysqld.exe!get_best_combination()[sql_select.cc:7803]
mysqld.exe!make_join_statistics()[sql_select.cc:3817]
mysqld.exe!JOIN::optimize()[sql_select.cc:1230]
mysqld.exe!mysql_select()[sql_select.cc:3080]
mysqld.exe!handle_select()[sql_select.cc:319]
mysqld.exe!execute_sqlcom_select()[sql_parse.cc:4688]
mysqld.exe!mysql_execute_command()[sql_parse.cc:2233]
mysqld.exe!mysql_parse()[sql_parse.cc:5804]
mysqld.exe!dispatch_command()[sql_parse.cc:1082]
mysqld.exe!do_command()[sql_parse.cc:793]
mysqld.exe!threadpool_process_request()[threadpool_common.cc:233]
mysqld.exe!io_completion_callback()[threadpool_win.cc:568]
KERNEL32.DLL!GetThreadTimes()
ntdll.dll!RtlTryAcquireSRWLockShared()
ntdll.dll!RtlTryEnterCriticalSection()
KERNEL32.DLL!BaseThreadInitThunk()
ntdll.dll!RtlUserThreadStart()

Trying to get some variables.
Some pointers may be invalid and cause the dump to abort.
Query (0xa87c398): SELECT alias1 . `col_varchar_1024_latin1_key` AS field1 , alias1 . `col_varchar_1024_latin1_key` AS field2 FROM view_e AS alias1 LEFT JOIN n AS alias2 LEFT OUTER JOIN view_a AS alias3 ON alias2 . `col_varchar_1024_utf8_key` = alias3 . `col_varchar_10_latin1_key` ON alias1 . `col_varchar_1024_utf8` = alias3 . `col_varchar_1024_utf8_key` WHERE alias3 . `col_int` >= 2 AND alias3 . `col_int` <= ( 2 + 10 ) OR alias3 . `col_int` BETWEEN 2 AND (2 + 8 ) OR alias3 . `col_int` <> 6 AND alias3 . `col_int` >= 5 OR alias3 . `col_int` >= 4 AND alias3 . `col_int` < ( 5 + 5 ) AND alias3 . `col_int_key` IS NULL OR alias3 . `col_int_key` > 2 AND alias3 . `col_int_key` < ( 6 + 4 )
Connection ID (thread ID): 10
Status: NOT_KILLED

on 5.5.40
mysqld.exe!store_key::store_key()[sql_select.h:1512]
mysqld.exe!store_key_const_item::store_key_const_item()[sql_select.h:1689]
mysqld.exe!get_store_key()[sql_select.cc:8197]
mysqld.exe!create_ref_for_key()[sql_select.cc:8136]
mysqld.exe!get_best_combination()[sql_select.cc:7803]
mysqld.exe!make_join_statistics()[sql_select.cc:3817]
mysqld.exe!JOIN::optimize()[sql_select.cc:1230]
mysqld.exe!mysql_select()[sql_select.cc:3080]
mysqld.exe!handle_select()[sql_select.cc:319]
mysqld.exe!execute_sqlcom_select()[sql_parse.cc:4688]
mysqld.exe!mysql_execute_command()[sql_parse.cc:2233]
mysqld.exe!mysql_parse()[sql_parse.cc:5804]
mysqld.exe!dispatch_command()[sql_parse.cc:1082]
mysqld.exe!do_command()[sql_parse.cc:793]
mysqld.exe!threadpool_process_request()[threadpool_common.cc:233]
mysqld.exe!io_completion_callback()[threadpool_win.cc:568]
kernel32.dll!BaseFormatTimeOut()
ntdll.dll!RtlEqualDomainName()
ntdll.dll!RtlValidateHeap()
kernel32.dll!BaseThreadInitThunk()
ntdll.dll!RtlUserThreadStart()

Trying to get some variables.
Some pointers may be invalid and cause the dump to abort.
Query (0xa55d958): SELECT alias1 . `col_varchar_1024_utf8` AS field1 , alias1 . `col_varchar_10_latin1` AS field2 , alias1 . `col_date_key` AS field3 FROM view_g AS alias1 LEFT JOIN f AS alias2 LEFT OUTER JOIN view_a AS alias3 RIGHT JOIN view_e AS alias4 LEFT JOIN l AS alias5 ON alias4 . `col_varchar_1024_utf8_key` = alias5 . `col_varchar_1024_latin1` ON alias3 . `col_varchar_10_latin1` = alias5 . `col_varchar_1024_latin1_key` ON alias2 . `col_varchar_10_utf8` = alias5 . `col_varchar_10_latin1_key` ON alias1 . `pk` = alias5 . `col_int_key` WHERE alias2 . `col_int_key` > 't' AND alias2 . `col_int_key` <= 'zzzz' AND alias1 . `pk` >= 'from' AND alias1 . `pk` < 'v' AND alias4 . `pk` BETWEEN 't' AND 'z' AND alias4 . `pk` >= 'y' AND alias4 . `pk` < 'z'
Connection ID (thread ID): 8
Status: NOT_KILLED

on 5.5.40
mysqld.exe!best_access_path()[sql_select.cc:5585]
mysqld.exe!optimize_straight_join()[sql_select.cc:6474]
mysqld.exe!choose_plan()[sql_select.cc:6202]
mysqld.exe!make_join_statistics()[sql_select.cc:3785]
mysqld.exe!JOIN::optimize()[sql_select.cc:1230]
mysqld.exe!mysql_select()[sql_select.cc:3080]
mysqld.exe!handle_select()[sql_select.cc:319]
mysqld.exe!execute_sqlcom_select()[sql_parse.cc:4688]
mysqld.exe!mysql_execute_command()[sql_parse.cc:2233]
mysqld.exe!mysql_parse()[sql_parse.cc:5804]
mysqld.exe!dispatch_command()[sql_parse.cc:1082]
mysqld.exe!do_command()[sql_parse.cc:793]
mysqld.exe!threadpool_process_request()[threadpool_common.cc:233]
mysqld.exe!io_completion_callback()[threadpool_win.cc:568]
kernel32.dll!BaseFormatTimeOut()
ntdll.dll!RtlEqualDomainName()
ntdll.dll!RtlValidateHeap()
kernel32.dll!BaseThreadInitThunk()
ntdll.dll!RtlUserThreadStart()

Trying to get some variables.
Some pointers may be invalid and cause the dump to abort.
Query (0xa4a2228): SELECT STRAIGHT_JOIN alias1 . `col_date_key` AS field1 FROM view_d AS alias1 RIGHT JOIN view_b AS alias2 ON alias1 . `col_varchar_1024_utf8_key` = alias2 . `col_varchar_10_utf8_key` WHERE alias1 . `col_varchar_10_utf8` > 'q' AND alias1 . `col_varchar_10_utf8` <= 'z' AND alias1 . `col_varchar_10_utf8` >= 'YMPHA' AND alias1 . `col_varchar_10_utf8` <= 't' AND alias2 . `col_varchar_1024_utf8` > 'u' AND alias2 . `col_varchar_1024_utf8` < 'z'
Connection ID (thread ID): 10
Status: NOT_KILLED

on 10.0.14
mysqld.exe!st_key::actual_rec_per_key()[table.cc:7163]
mysqld.exe!best_access_path()[sql_select.cc:5960]
mysqld.exe!best_extension_by_limited_search()[sql_select.cc:7660]
mysqld.exe!best_extension_by_limited_search()[sql_select.cc:7732]
mysqld.exe!best_extension_by_limited_search()[sql_select.cc:7732]
mysqld.exe!best_extension_by_limited_search()[sql_select.cc:7732]
mysqld.exe!best_extension_by_limited_search()[sql_select.cc:7732]
mysqld.exe!greedy_search()[sql_select.cc:6903]
mysqld.exe!choose_plan()[sql_select.cc:6479]
mysqld.exe!make_join_statistics()[sql_select.cc:4022]
mysqld.exe!JOIN::optimize_inner()[sql_select.cc:1339]
mysqld.exe!JOIN::optimize()[sql_select.cc:1023]
mysqld.exe!mysql_select()[sql_select.cc:3293]
mysqld.exe!handle_select()[sql_select.cc:372]
mysqld.exe!execute_sqlcom_select()[sql_parse.cc:5269]
mysqld.exe!mysql_execute_command()[sql_parse.cc:2552]
mysqld.exe!mysql_parse()[sql_parse.cc:6420]
mysqld.exe!dispatch_command()[sql_parse.cc:1310]
mysqld.exe!do_command()[sql_parse.cc:1011]
mysqld.exe!threadpool_process_request()[threadpool_common.cc:233]
mysqld.exe!io_completion_callback()[threadpool_win.cc:568]
KERNEL32.DLL!GetThreadTimes()
ntdll.dll!RtlTryAcquireSRWLockShared()
ntdll.dll!RtlTryEnterCriticalSection()
KERNEL32.DLL!BaseThreadInitThunk()
ntdll.dll!RtlUserThreadStart()

Trying to get some variables.
Some pointers may be invalid and cause the dump to abort.
Query (0x13a21fe0): SELECT alias1 . `col_varchar_1024_utf8` AS field1 , alias1 . `col_varchar_1024_latin1` AS field2 , alias1 . `col_datetime` AS field3 FROM view_j AS alias1 LEFT JOIN o AS alias2 LEFT OUTER JOIN view_f AS alias3 LEFT OUTER JOIN h AS alias4 LEFT JOIN g AS alias5 ON alias4 . `pk` = alias5 . `pk` ON alias3 . `col_int_key` = alias5 . `pk` LEFT JOIN n AS alias6 ON alias5 . `col_varchar_1024_latin1` = alias6 . `col_varchar_1024_latin1_key` ON alias2 . `col_varchar_1024_utf8_key` = alias4 . `col_varchar_1024_utf8` ON alias1 . `col_varchar_1024_latin1` = alias5 . `col_varchar_10_latin1_key` WHERE alias6 . `col_int_key` NOT IN (30, 75, 3) AND alias6 . `pk` > 1 AND alias6 . `pk` <= ( 5 + 9 ) AND alias1 . `col_varchar_1024_latin1_key` >= 'DBPHY' AND alias1 . `col_varchar_1024_latin1_key` <= 'l' ORDER BY field1
Connection ID (thread ID): 11
Status: NOT_KILLED

on 10.0.14
mysqld.exe!st_key::actual_rec_per_key()[table.cc:7163]
mysqld.exe!best_access_path()[sql_select.cc:5960]
mysqld.exe!optimize_straight_join()[sql_select.cc:6764]
mysqld.exe!choose_plan()[sql_select.cc:6490]
mysqld.exe!make_join_statistics()[sql_select.cc:4022]
mysqld.exe!JOIN::optimize_inner()[sql_select.cc:1339]
mysqld.exe!JOIN::optimize()[sql_select.cc:1023]
mysqld.exe!mysql_select()[sql_select.cc:3293]
mysqld.exe!handle_select()[sql_select.cc:372]
mysqld.exe!execute_sqlcom_select()[sql_parse.cc:5269]
mysqld.exe!mysql_execute_command()[sql_parse.cc:2552]
mysqld.exe!mysql_parse()[sql_parse.cc:6420]
mysqld.exe!dispatch_command()[sql_parse.cc:1310]
mysqld.exe!do_command()[sql_parse.cc:1011]
mysqld.exe!threadpool_process_request()[threadpool_common.cc:233]
mysqld.exe!io_completion_callback()[threadpool_win.cc:568]
KERNEL32.DLL!GetThreadTimes()
ntdll.dll!RtlTryAcquireSRWLockShared()
ntdll.dll!RtlTryEnterCriticalSection()
KERNEL32.DLL!BaseThreadInitThunk()
ntdll.dll!RtlUserThreadStart()

Trying to get some variables.
Some pointers may be invalid and cause the dump to abort.
Query (0x13c985f0): SELECT STRAIGHT_JOIN alias1 . `col_varchar_10_utf8` AS field1 FROM k AS alias1 LEFT JOIN e AS alias2 LEFT JOIN view_g AS alias3 ON alias2 . `col_int_key` = alias3 . `col_int_key` LEFT OUTER JOIN view_m AS alias4 LEFT JOIN view_h AS alias5 RIGHT JOIN m AS alias6 ON alias5 . `col_varchar_1024_latin1_key` = alias6 . `col_varchar_1024_latin1_key` LEFT JOIN b AS alias7 ON alias5 . `pk` = alias7 . `col_int_key` LEFT JOIN h AS alias8 ON alias7 . `col_varchar_10_latin1` = alias8 . `col_varchar_10_latin1_key` LEFT OUTER JOIN view_f AS alias9 ON alias8 . `col_varchar_1024_latin1_key` = alias9 . `col_varchar_1024_utf8_key` ON alias4 . `col_int_key` = alias8 . `col_int_key` RIGHT JOIN view_o AS alias10 ON alias4 . `pk` = alias10 . `pk` ON alias2 . `pk` = alias7 . `col_int_key` ON alias1 . `col_int_key` = alias4 . `pk` WHERE alias2 . `col_varchar_1024_utf8` > 'a' AND alias2 . `col_varchar_1024_utf8` <= 'z' AND alias2 . `col_varchar_10_utf8` >= 'v' AND alias2 . `col_varchar_10_utf8` <= 'w' AND alias2 . `col_varchar_10_utf8` IS NULL AND alias2 . `col_varchar_10_utf8` >= 'u' AND alias2 . `col_varchar_10_utf8` < 'z' AND alias9 . `col_varchar_1024_utf8` > 'v' AND alias9 . `col_varchar_1024_utf8` <= 'AXLDI' OR alias3 . `col_varchar_1024_utf8` >= 'm' AND alias3 . `col_varchar_1024_utf8` < 'z' OR alias4 . `col_varchar_10_utf8` >= 'g' AND alias4 . `col_varchar_10_utf8` <= 'z' OR alias7 . `col_varchar_10_utf8` >= 'h' AND alias7 . `col_varchar_10_utf8` < 'z' AND alias7 . `col_varchar_10_utf8` IN ('f') AND alias6 . `col_varchar_10_utf8` NOT LIKE ( '_' ) AND alias4 . `col_varchar_1024_latin1_key` < 'o'
Connection ID (thread ID): 10
Status: NOT_KILLED

Elena Stepanova added a comment - 2014-11-04 14:02 - edited More stack traces that I am getting in buildbot presumably due to the same bug (for searching purposes). on 5.5.40 mysqld.exe!store_key::store_key()[sql_select.h:1512] mysqld.exe!create_ref_for_key()[sql_select.cc:8127] mysqld.exe!get_best_combination()[sql_select.cc:7803] mysqld.exe!make_join_statistics()[sql_select.cc:3817] mysqld.exe!JOIN::optimize()[sql_select.cc:1230] mysqld.exe!mysql_select()[sql_select.cc:3080] mysqld.exe!handle_select()[sql_select.cc:319] mysqld.exe!execute_sqlcom_select()[sql_parse.cc:4688] mysqld.exe!mysql_execute_command()[sql_parse.cc:2233] mysqld.exe!mysql_parse()[sql_parse.cc:5804] mysqld.exe!dispatch_command()[sql_parse.cc:1082] mysqld.exe!do_command()[sql_parse.cc:793] mysqld.exe!threadpool_process_request()[threadpool_common.cc:233] mysqld.exe!io_completion_callback()[threadpool_win.cc:568] KERNEL32.DLL!GetThreadTimes() ntdll.dll!RtlTryAcquireSRWLockShared() ntdll.dll!RtlTryEnterCriticalSection() KERNEL32.DLL!BaseThreadInitThunk() ntdll.dll!RtlUserThreadStart() Trying to get some variables. Some pointers may be invalid and cause the dump to abort. Query (0xa87c398): SELECT alias1 . `col_varchar_1024_latin1_key` AS field1 , alias1 . `col_varchar_1024_latin1_key` AS field2 FROM view_e AS alias1 LEFT JOIN n AS alias2 LEFT OUTER JOIN view_a AS alias3 ON alias2 . `col_varchar_1024_utf8_key` = alias3 . `col_varchar_10_latin1_key` ON alias1 . `col_varchar_1024_utf8` = alias3 . `col_varchar_1024_utf8_key` WHERE alias3 . `col_int` >= 2 AND alias3 . `col_int` <= ( 2 + 10 ) OR alias3 . `col_int` BETWEEN 2 AND (2 + 8 ) OR alias3 . `col_int` <> 6 AND alias3 . `col_int` >= 5 OR alias3 . `col_int` >= 4 AND alias3 . `col_int` < ( 5 + 5 ) AND alias3 . `col_int_key` IS NULL OR alias3 . `col_int_key` > 2 AND alias3 . `col_int_key` < ( 6 + 4 ) Connection ID (thread ID): 10 Status: NOT_KILLED on 5.5.40 mysqld.exe!store_key::store_key()[sql_select.h:1512] mysqld.exe!store_key_const_item::store_key_const_item()[sql_select.h:1689] mysqld.exe!get_store_key()[sql_select.cc:8197] mysqld.exe!create_ref_for_key()[sql_select.cc:8136] mysqld.exe!get_best_combination()[sql_select.cc:7803] mysqld.exe!make_join_statistics()[sql_select.cc:3817] mysqld.exe!JOIN::optimize()[sql_select.cc:1230] mysqld.exe!mysql_select()[sql_select.cc:3080] mysqld.exe!handle_select()[sql_select.cc:319] mysqld.exe!execute_sqlcom_select()[sql_parse.cc:4688] mysqld.exe!mysql_execute_command()[sql_parse.cc:2233] mysqld.exe!mysql_parse()[sql_parse.cc:5804] mysqld.exe!dispatch_command()[sql_parse.cc:1082] mysqld.exe!do_command()[sql_parse.cc:793] mysqld.exe!threadpool_process_request()[threadpool_common.cc:233] mysqld.exe!io_completion_callback()[threadpool_win.cc:568] kernel32.dll!BaseFormatTimeOut() ntdll.dll!RtlEqualDomainName() ntdll.dll!RtlValidateHeap() kernel32.dll!BaseThreadInitThunk() ntdll.dll!RtlUserThreadStart() Trying to get some variables. Some pointers may be invalid and cause the dump to abort. Query (0xa55d958): SELECT alias1 . `col_varchar_1024_utf8` AS field1 , alias1 . `col_varchar_10_latin1` AS field2 , alias1 . `col_date_key` AS field3 FROM view_g AS alias1 LEFT JOIN f AS alias2 LEFT OUTER JOIN view_a AS alias3 RIGHT JOIN view_e AS alias4 LEFT JOIN l AS alias5 ON alias4 . `col_varchar_1024_utf8_key` = alias5 . `col_varchar_1024_latin1` ON alias3 . `col_varchar_10_latin1` = alias5 . `col_varchar_1024_latin1_key` ON alias2 . `col_varchar_10_utf8` = alias5 . `col_varchar_10_latin1_key` ON alias1 . `pk` = alias5 . `col_int_key` WHERE alias2 . `col_int_key` > 't' AND alias2 . `col_int_key` <= 'zzzz' AND alias1 . `pk` >= 'from' AND alias1 . `pk` < 'v' AND alias4 . `pk` BETWEEN 't' AND 'z' AND alias4 . `pk` >= 'y' AND alias4 . `pk` < 'z' Connection ID (thread ID): 8 Status: NOT_KILLED on 5.5.40 mysqld.exe!best_access_path()[sql_select.cc:5585] mysqld.exe!optimize_straight_join()[sql_select.cc:6474] mysqld.exe!choose_plan()[sql_select.cc:6202] mysqld.exe!make_join_statistics()[sql_select.cc:3785] mysqld.exe!JOIN::optimize()[sql_select.cc:1230] mysqld.exe!mysql_select()[sql_select.cc:3080] mysqld.exe!handle_select()[sql_select.cc:319] mysqld.exe!execute_sqlcom_select()[sql_parse.cc:4688] mysqld.exe!mysql_execute_command()[sql_parse.cc:2233] mysqld.exe!mysql_parse()[sql_parse.cc:5804] mysqld.exe!dispatch_command()[sql_parse.cc:1082] mysqld.exe!do_command()[sql_parse.cc:793] mysqld.exe!threadpool_process_request()[threadpool_common.cc:233] mysqld.exe!io_completion_callback()[threadpool_win.cc:568] kernel32.dll!BaseFormatTimeOut() ntdll.dll!RtlEqualDomainName() ntdll.dll!RtlValidateHeap() kernel32.dll!BaseThreadInitThunk() ntdll.dll!RtlUserThreadStart() Trying to get some variables. Some pointers may be invalid and cause the dump to abort. Query (0xa4a2228): SELECT STRAIGHT_JOIN alias1 . `col_date_key` AS field1 FROM view_d AS alias1 RIGHT JOIN view_b AS alias2 ON alias1 . `col_varchar_1024_utf8_key` = alias2 . `col_varchar_10_utf8_key` WHERE alias1 . `col_varchar_10_utf8` > 'q' AND alias1 . `col_varchar_10_utf8` <= 'z' AND alias1 . `col_varchar_10_utf8` >= 'YMPHA' AND alias1 . `col_varchar_10_utf8` <= 't' AND alias2 . `col_varchar_1024_utf8` > 'u' AND alias2 . `col_varchar_1024_utf8` < 'z' Connection ID (thread ID): 10 Status: NOT_KILLED on 10.0.14 mysqld.exe!st_key::actual_rec_per_key()[table.cc:7163] mysqld.exe!best_access_path()[sql_select.cc:5960] mysqld.exe!best_extension_by_limited_search()[sql_select.cc:7660] mysqld.exe!best_extension_by_limited_search()[sql_select.cc:7732] mysqld.exe!best_extension_by_limited_search()[sql_select.cc:7732] mysqld.exe!best_extension_by_limited_search()[sql_select.cc:7732] mysqld.exe!best_extension_by_limited_search()[sql_select.cc:7732] mysqld.exe!greedy_search()[sql_select.cc:6903] mysqld.exe!choose_plan()[sql_select.cc:6479] mysqld.exe!make_join_statistics()[sql_select.cc:4022] mysqld.exe!JOIN::optimize_inner()[sql_select.cc:1339] mysqld.exe!JOIN::optimize()[sql_select.cc:1023] mysqld.exe!mysql_select()[sql_select.cc:3293] mysqld.exe!handle_select()[sql_select.cc:372] mysqld.exe!execute_sqlcom_select()[sql_parse.cc:5269] mysqld.exe!mysql_execute_command()[sql_parse.cc:2552] mysqld.exe!mysql_parse()[sql_parse.cc:6420] mysqld.exe!dispatch_command()[sql_parse.cc:1310] mysqld.exe!do_command()[sql_parse.cc:1011] mysqld.exe!threadpool_process_request()[threadpool_common.cc:233] mysqld.exe!io_completion_callback()[threadpool_win.cc:568] KERNEL32.DLL!GetThreadTimes() ntdll.dll!RtlTryAcquireSRWLockShared() ntdll.dll!RtlTryEnterCriticalSection() KERNEL32.DLL!BaseThreadInitThunk() ntdll.dll!RtlUserThreadStart() Trying to get some variables. Some pointers may be invalid and cause the dump to abort. Query (0x13a21fe0): SELECT alias1 . `col_varchar_1024_utf8` AS field1 , alias1 . `col_varchar_1024_latin1` AS field2 , alias1 . `col_datetime` AS field3 FROM view_j AS alias1 LEFT JOIN o AS alias2 LEFT OUTER JOIN view_f AS alias3 LEFT OUTER JOIN h AS alias4 LEFT JOIN g AS alias5 ON alias4 . `pk` = alias5 . `pk` ON alias3 . `col_int_key` = alias5 . `pk` LEFT JOIN n AS alias6 ON alias5 . `col_varchar_1024_latin1` = alias6 . `col_varchar_1024_latin1_key` ON alias2 . `col_varchar_1024_utf8_key` = alias4 . `col_varchar_1024_utf8` ON alias1 . `col_varchar_1024_latin1` = alias5 . `col_varchar_10_latin1_key` WHERE alias6 . `col_int_key` NOT IN (30, 75, 3) AND alias6 . `pk` > 1 AND alias6 . `pk` <= ( 5 + 9 ) AND alias1 . `col_varchar_1024_latin1_key` >= 'DBPHY' AND alias1 . `col_varchar_1024_latin1_key` <= 'l' ORDER BY field1 Connection ID (thread ID): 11 Status: NOT_KILLED on 10.0.14 mysqld.exe!st_key::actual_rec_per_key()[table.cc:7163] mysqld.exe!best_access_path()[sql_select.cc:5960] mysqld.exe!optimize_straight_join()[sql_select.cc:6764] mysqld.exe!choose_plan()[sql_select.cc:6490] mysqld.exe!make_join_statistics()[sql_select.cc:4022] mysqld.exe!JOIN::optimize_inner()[sql_select.cc:1339] mysqld.exe!JOIN::optimize()[sql_select.cc:1023] mysqld.exe!mysql_select()[sql_select.cc:3293] mysqld.exe!handle_select()[sql_select.cc:372] mysqld.exe!execute_sqlcom_select()[sql_parse.cc:5269] mysqld.exe!mysql_execute_command()[sql_parse.cc:2552] mysqld.exe!mysql_parse()[sql_parse.cc:6420] mysqld.exe!dispatch_command()[sql_parse.cc:1310] mysqld.exe!do_command()[sql_parse.cc:1011] mysqld.exe!threadpool_process_request()[threadpool_common.cc:233] mysqld.exe!io_completion_callback()[threadpool_win.cc:568] KERNEL32.DLL!GetThreadTimes() ntdll.dll!RtlTryAcquireSRWLockShared() ntdll.dll!RtlTryEnterCriticalSection() KERNEL32.DLL!BaseThreadInitThunk() ntdll.dll!RtlUserThreadStart() Trying to get some variables. Some pointers may be invalid and cause the dump to abort. Query (0x13c985f0): SELECT STRAIGHT_JOIN alias1 . `col_varchar_10_utf8` AS field1 FROM k AS alias1 LEFT JOIN e AS alias2 LEFT JOIN view_g AS alias3 ON alias2 . `col_int_key` = alias3 . `col_int_key` LEFT OUTER JOIN view_m AS alias4 LEFT JOIN view_h AS alias5 RIGHT JOIN m AS alias6 ON alias5 . `col_varchar_1024_latin1_key` = alias6 . `col_varchar_1024_latin1_key` LEFT JOIN b AS alias7 ON alias5 . `pk` = alias7 . `col_int_key` LEFT JOIN h AS alias8 ON alias7 . `col_varchar_10_latin1` = alias8 . `col_varchar_10_latin1_key` LEFT OUTER JOIN view_f AS alias9 ON alias8 . `col_varchar_1024_latin1_key` = alias9 . `col_varchar_1024_utf8_key` ON alias4 . `col_int_key` = alias8 . `col_int_key` RIGHT JOIN view_o AS alias10 ON alias4 . `pk` = alias10 . `pk` ON alias2 . `pk` = alias7 . `col_int_key` ON alias1 . `col_int_key` = alias4 . `pk` WHERE alias2 . `col_varchar_1024_utf8` > 'a' AND alias2 . `col_varchar_1024_utf8` <= 'z' AND alias2 . `col_varchar_10_utf8` >= 'v' AND alias2 . `col_varchar_10_utf8` <= 'w' AND alias2 . `col_varchar_10_utf8` IS NULL AND alias2 . `col_varchar_10_utf8` >= 'u' AND alias2 . `col_varchar_10_utf8` < 'z' AND alias9 . `col_varchar_1024_utf8` > 'v' AND alias9 . `col_varchar_1024_utf8` <= 'AXLDI' OR alias3 . `col_varchar_1024_utf8` >= 'm' AND alias3 . `col_varchar_1024_utf8` < 'z' OR alias4 . `col_varchar_10_utf8` >= 'g' AND alias4 . `col_varchar_10_utf8` <= 'z' OR alias7 . `col_varchar_10_utf8` >= 'h' AND alias7 . `col_varchar_10_utf8` < 'z' AND alias7 . `col_varchar_10_utf8` IN ('f') AND alias6 . `col_varchar_10_utf8` NOT LIKE ( '_' ) AND alias4 . `col_varchar_1024_latin1_key` < 'o' Connection ID (thread ID): 10 Status: NOT_KILLED

Sergei Petrunia added a comment - 2014-12-17 14:32

I can repeat. It crashes in best_access_path

(gdb) p keyinfo

  $1 = (KEY *) 0x7fffccc630c8

(gdb) p keyinfo->user_defined_key_parts

  $2 = 1

(gdb) p keyinfo->user_defined_key_parts - 1

  $3 = 0

(gdb) p keyinfo->rec_per_key

  $4 = (ulong *) 0x0

(gdb) p s->table->alias.Ptr

  $6 = 0x7fffccc1a898 "v3"

(gdb) p s->table->file

  $7 = (handler *) 0x7fffccc63a70

(gdb) set print obj

(gdb) p s->table->file

  $8 = (ha_heap *) 0x7fffccc63a70

It seems, we are looking at a key in temporary table.

Sergei Petrunia added a comment - 2014-12-17 14:32 I can repeat. It crashes in best_access_path (gdb) p keyinfo $1 = (KEY *) 0x7fffccc630c8 (gdb) p keyinfo->user_defined_key_parts $2 = 1 (gdb) p keyinfo->user_defined_key_parts - 1 $3 = 0 (gdb) p keyinfo->rec_per_key $4 = (ulong *) 0x0 (gdb) p s->table->alias.Ptr $6 = 0x7fffccc1a898 "v3" (gdb) p s->table->file $7 = (handler *) 0x7fffccc63a70 (gdb) set print obj (gdb) p s->table->file $8 = (ha_heap *) 0x7fffccc63a70 It seems, we are looking at a key in temporary table.

Sergei Petrunia added a comment - 2014-12-17 19:27

Debugging

SELECT non_existing FROM v2

create_tmp_table() = (TABLE *) 0x7fffccd1d020
table->s->keys==0

SELECT * FROM t1, v3, t4 WHERE v3.f1 = t4.f1 AND t4.f2 = 6 AND t1.pk = v3.f5

create_tmp_table() = 0x7fffccd25020
table->s->keys==0
...
TABLE::add_tmp_key (this=0x7fffccd25020 ...)

Program received signal SIGSEGV, Segmentation fault.

(gdb) p s->table
$29 = (TABLE *) 0x7fffccd25020

(gdb) p s->table->s->keys
$30 = 1

(gdb) p s->table->key_info
$32 = (KEY *) 0x7fffccc63020
(gdb) p keyinfo
$33 = (KEY *) 0x7fffccc630c8

(gdb) p s->table->key_info - keyinfo
$39 = -1

(gdb) p key
$40 = 1

Why do we have key=1 (i.e. the second key) when the table has just one key?

Sergei Petrunia added a comment - 2014-12-17 19:27 Debugging SELECT non_existing FROM v2 create_tmp_table() = (TABLE *) 0x7fffccd1d020 table->s->keys==0 SELECT * FROM t1, v3, t4 WHERE v3.f1 = t4.f1 AND t4.f2 = 6 AND t1.pk = v3.f5 create_tmp_table() = 0x7fffccd25020 table->s->keys==0 ... TABLE::add_tmp_key (this=0x7fffccd25020 ...) Program received signal SIGSEGV, Segmentation fault. (gdb) p s->table $29 = (TABLE *) 0x7fffccd25020 (gdb) p s->table->s->keys $30 = 1 (gdb) p s->table->key_info $32 = (KEY *) 0x7fffccc63020 (gdb) p keyinfo $33 = (KEY *) 0x7fffccc630c8 (gdb) p s->table->key_info - keyinfo $39 = -1 (gdb) p key $40 = 1 Why do we have key=1 (i.e. the second key) when the table has just one key?

Sergei Petrunia added a comment - 2014-12-18 17:01

So there is a call to
generate_derived_keys_for_table( count=2, keys=2)

it calls
TABLE::check_tmp_key(key=0, key_parts=1) = true
(this means it's ok to add the key)
TABLE::add_tmp_key(key=0, key_parts=1) = false
(this means key was added)

TABLE::check_tmp_key(key=1, key_parts=1) = true
(this means it is NOT ok to add the key)

However, KEYUSE array still keeps the element with key=1:

(gdb) p use[0].table->alias.Ptr

  $33 = 0x7ffe9c00f130 "t1"

(gdb) p use[1].table->alias.Ptr

  $34 = 0x7ffe9c006cf0 "v3"

(gdb) p use[2].table->alias.Ptr

  $35 = 0x7ffe9c006cf0 "v3"

(gdb) p use[3].table->alias.Ptr

  Cannot access memory at address 0xe8

(gdb) p use[1].key

  $36 = 0

(gdb) p use[2].key

  $37 = 1

Note that key=1. That's the second key, while the table has only one key:

(gdb) p use[2].table->s->keys

  $39 = 1

Sergei Petrunia added a comment - 2014-12-18 17:01 So there is a call to generate_derived_keys_for_table( count=2, keys=2) it calls TABLE::check_tmp_key(key=0, key_parts=1) = true (this means it's ok to add the key) TABLE::add_tmp_key(key=0, key_parts=1) = false (this means key was added) TABLE::check_tmp_key(key=1, key_parts=1) = true (this means it is NOT ok to add the key) However, KEYUSE array still keeps the element with key=1: (gdb) p use[0].table->alias.Ptr $33 = 0x7ffe9c00f130 "t1" (gdb) p use[1].table->alias.Ptr $34 = 0x7ffe9c006cf0 "v3" (gdb) p use[2].table->alias.Ptr $35 = 0x7ffe9c006cf0 "v3" (gdb) p use[3].table->alias.Ptr Cannot access memory at address 0xe8 (gdb) p use[1].key $36 = 0 (gdb) p use[2].key $37 = 1 Note that key=1. That's the second key, while the table has only one key: (gdb) p use[2].table->s->keys $39 = 1

Sergei Petrunia added a comment - 2014-12-18 18:13

Ok the problem is in this pieced of code:

      KEYUSE *save_first_keyuse= first_keyuse;

      if (table->check_tmp_key(table->s->keys, parts,

                               get_next_field_for_derived_key_simple,

                               (uchar *) &first_keyuse))

        first_keyuse= save_first_keyuse;

        if (table->add_tmp_key(table->s->keys, parts,

                               get_next_field_for_derived_key,

                               (uchar *) &first_keyuse,

                               FALSE))

          return TRUE;

        table->reginfo.join_tab->keys.set_bit(table->s->keys);

      else

        /* Mark keyuses for this key to be excluded */

        for (KEYUSE *curr=save_first_keyuse; curr < first_keyuse; curr++)

          curr->key= MAX_KEY;

check_tmp_key() and add_tmp_key() use their "&first_keyuse" parameter as a loop variable. That is, these functions have a side effect of modifying this variable.

Suppose the call to table->check_tmp_key(...) returned TRUE (which means failure). We then go to this loop

        for (KEYUSE *curr=save_first_keyuse; curr < first_keyuse; curr++)

which uses first_keyuse. In our example, check_tmp_table() has set first_keyuse to NULL:

(gdb) print curr

  $116 = (KEYUSE *) 0x7ffe9c033f68

(gdb) print first_keyuse

  $117 = (KEYUSE *) 0x0

this will cause the loop not to execute.

Sergei Petrunia added a comment - 2014-12-18 18:13 Ok the problem is in this pieced of code: KEYUSE *save_first_keyuse= first_keyuse; if (table->check_tmp_key(table->s->keys, parts, get_next_field_for_derived_key_simple, (uchar *) &first_keyuse)) { first_keyuse= save_first_keyuse; if (table->add_tmp_key(table->s->keys, parts, get_next_field_for_derived_key, (uchar *) &first_keyuse, FALSE)) return TRUE; table->reginfo.join_tab->keys.set_bit(table->s->keys); } else { /* Mark keyuses for this key to be excluded */ for (KEYUSE *curr=save_first_keyuse; curr < first_keyuse; curr++) { curr->key= MAX_KEY; } } check_tmp_key() and add_tmp_key() use their "&first_keyuse" parameter as a loop variable. That is, these functions have a side effect of modifying this variable. Suppose the call to table->check_tmp_key(...) returned TRUE (which means failure). We then go to this loop for (KEYUSE *curr=save_first_keyuse; curr < first_keyuse; curr++) which uses first_keyuse. In our example, check_tmp_table() has set first_keyuse to NULL: (gdb) print curr $116 = (KEYUSE *) 0x7ffe9c033f68 (gdb) print first_keyuse $117 = (KEYUSE *) 0x0 this will cause the loop not to execute.

Sergei Petrunia added a comment - 2014-12-18 18:15

Btw one can crash a debug binary also. One needs to run with --debug, so that print_keyuse() is invoked. It will crash when trying to get the name of a non-existent key.

Sergei Petrunia added a comment - 2014-12-18 18:15 Btw one can crash a debug binary also. One needs to run with --debug, so that print_keyuse() is invoked. It will crash when trying to get the name of a non-existent key.

Sergei Petrunia added a comment - 2014-12-18 19:43

Pushed into 5.3 and merged into 5.5

Sergei Petrunia added a comment - 2014-12-18 19:43 Pushed into 5.3 and merged into 5.5

Patryk Pomykalski added a comment - 2014-12-18 21:45

I think it might be related to ~~MDEV-6745~~

Patryk Pomykalski added a comment - 2014-12-18 21:45 I think it might be related to MDEV-6745

Sergei Petrunia added a comment - 2014-12-19 00:36

Checked ~~MDEV-6745~~ with the fix for this bug. It still repeats, so these seem to be two different issues.

Sergei Petrunia added a comment - 2014-12-19 00:36 Checked MDEV-6745 with the fix for this bug. It still repeats, so these seem to be two different issues.

Patryk Pomykalski added a comment - 2014-12-19 00:44

Strange, for me this one fixed 6745 too...

Patryk Pomykalski added a comment - 2014-12-19 00:44 Strange, for me this one fixed 6745 too...

People

Assignee:: Sergei Petrunia

Reporter:: Elena Stepanova

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 2014-10-02 22:13

Updated:: 2014-12-22 13:10

Resolved:: 2014-12-18 19:43

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server