Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-7846

Server crashes in Item_subselect::fix_fields or fails with Thread stack overrun


    • Sprint:
      5.5.44, 5.5.45, 10.1.8-3, 10.1.8-4


      The test cases below fail as described on 5.5-MDEV-7445-sanja revno 4426.

      It's unclear whether the initial problem existed before bugfixes from the working tree, because
      when the test cases are run on the main 5.5 tree (86f46a3da4a6d82cb510dc4c270d46cfd6a8965b), both fail at 'Assertion `in_subs->left_expr->fixed'' – that is, they hit MDEV-7445 or MDEV-7565. It might either mean that the bugfixes introduced a regression, or that the existing problem was masked by these two bugs and now, after they are fixed, it shows up.

      Test case 1 -- causes crash on my build

      CREATE TABLE t1 (column1_name INT) ENGINE=MyISAM;
      INSERT INTO t1 VALUES (3),(9);
      CREATE TABLE t2 (column2_name INT) ENGINE=MyISAM;
      INSERT INTO t2 VALUES (1),(4);
      CREATE TABLE t3 (column3_name INT) ENGINE=MyISAM;
      INSERT INTO t3 VALUES (6),(8);
      CREATE TABLE t4 (column4_name INT) ENGINE=MyISAM;
      INSERT INTO t4 VALUES (2),(5);
      PREPARE stmt FROM "
      SELECT ( 
        SELECT MAX( table1_name.column1_name ) AS field1_name 
        FROM t1 AS table1_name
        WHERE table3_name.column3_name IN ( SELECT table2_name.column2_name AS field2_name FROM t2 AS table2_name ) 
      ) AS sq
      FROM t3 AS table3_name, t4 AS table4_name GROUP BY sq
      EXECUTE stmt;
      EXECUTE stmt;

      Stack trace from 5.5-MDEV-7445-sanja revno 4426

      #2  0x00000000007f0ce3 in handle_fatal_signal (sig=11) at sql/signal_handler.cc:262
      #3  <signal handler called>
      #4  0x000000000084c84c in Item_func::fix_fields (this=0x7f75714451d8, thd=0x7f7572118000, ref=0x7f7571416c68) at sql/item_func.cc:204
      #5  0x000000000082f0b1 in Item_cond::fix_fields (this=0x7f757147af18, thd=0x7f7572118000, ref=0x7f75714506a0) at sql/item_cmpfunc.cc:4352
      #6  0x00000000005e24dd in setup_conds (thd=0x7f7572118000, tables=0x7f757144e418, leaves=..., conds=0x7f75714506a0) at sql/sql_base.cc:8891
      #7  0x00000000006a5fb9 in setup_without_group (thd=0x7f7572118000, ref_pointer_array=0x7f757147add8, tables=0x7f757144e418, leaves=..., fields=..., all_fields=..., conds=0x7f75714506a0, order=0x0, group=0x0, hidden_group_fields=0x7f7571450548) at sql/sql_select.cc:577
      #8  0x0000000000664b31 in JOIN::prepare (this=0x7f7571450218, rref_pointer_array=0x7f75715526d8, tables_init=0x7f757144e418, wild_num=0, conds_init=0x7f757147af18, og_num=0, order_init=0x0, skip_order_by=false, group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x7f7571552418, unit_arg=0x7f757157c018) at sql/sql_select.cc:727
      #9  0x000000000088d8d8 in subselect_single_select_engine::prepare (this=0x7f75714142d8) at sql/item_subselect.cc:3032
      #10 0x0000000000886181 in Item_subselect::fix_fields (this=0x7f757147ab58, thd_param=0x7f7572118000, ref=0x7f7571416ab8) at sql/item_subselect.cc:245
      #11 0x00000000005e07f7 in setup_fields (thd=0x7f7572118000, ref_pointer_array=0x7f757140e918, fields=..., mark_used_columns=MARK_COLUMNS_READ, sum_func_list=0x7f757144ff78, allow_sum_func=true) at sql/sql_base.cc:8166
      #12 0x0000000000664a79 in JOIN::prepare (this=0x7f757144fc18, rref_pointer_array=0x7f7571506a88, tables_init=0x7f757144f018, wild_num=0, conds_init=0x0, og_num=1, order_init=0x0, skip_order_by=false, group_init=0x7f7571414338, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x7f75715067c8, unit_arg=0x7f75715060c8) at sql/sql_select.cc:723
      #13 0x000000000066d415 in mysql_select (thd=0x7f7572118000, rref_pointer_array=0x7f7571506a88, tables=0x7f757144f018, wild_num=0, fields=..., conds=0x0, og_num=1, order=0x0, group=0x7f7571414338, having=0x0, proc_param=0x0, select_options=2416184064, result=0x7f7571444058, unit=0x7f75715060c8, select_lex=0x7f75715067c8) at sql/sql_select.cc:3074
      #14 0x0000000000663d47 in handle_select (thd=0x7f7572118000, lex=0x7f7571506018, result=0x7f7571444058, setup_tables_done_option=0) at sql/sql_select.cc:319
      #15 0x000000000063c177 in execute_sqlcom_select (thd=0x7f7572118000, all_tables=0x7f757144f018) at sql/sql_parse.cc:4689
      #16 0x0000000000635350 in mysql_execute_command (thd=0x7f7572118000) at sql/sql_parse.cc:2234
      #17 0x00000000006569ff in Prepared_statement::execute (this=0x7f75714fc600, expanded_query=0x7f7571fb4c50, open_cursor=false) at sql/sql_prepare.cc:3928
      #18 0x0000000000655b16 in Prepared_statement::execute_loop (this=0x7f75714fc600, expanded_query=0x7f7571fb4c50, open_cursor=false, packet=0x0, packet_end=0x0) at sql/sql_prepare.cc:3587
      #19 0x0000000000653c3a in mysql_sql_stmt_execute (thd=0x7f7572118000) at sql/sql_prepare.cc:2737
      #20 0x000000000063537e in mysql_execute_command (thd=0x7f7572118000) at sql/sql_parse.cc:2244
      #21 0x000000000063ec7c in mysql_parse (thd=0x7f7572118000, rawbuf=0x7f757141c178 "EXECUTE stmt", length=12, parser_state=0x7f7571fb5610) at sql/sql_parse.cc:5909
      #22 0x0000000000632897 in dispatch_command (command=COM_QUERY, thd=0x7f7572118000, packet=0x7f757218c001 "EXECUTE stmt", packet_length=12) at sql/sql_parse.cc:1079
      #23 0x0000000000631a23 in do_command (thd=0x7f7572118000) at sql/sql_parse.cc:793
      #24 0x0000000000739a04 in do_handle_one_connection (thd_arg=0x7f7572118000) at sql/sql_connect.cc:1266
      #25 0x00000000007394c3 in handle_one_connection (arg=0x7f7572118000) at sql/sql_connect.cc:1181
      #26 0x0000000000b83393 in pfs_spawn_thread (arg=0x7f75763ed850) at storage/perfschema/pfs.cc:1015
      #27 0x00007f7577fd4b50 in start_thread (arg=<optimized out>) at pthread_create.c:304
      #28 0x00007f75768e270d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112

      The next test case differs from the first one only in names – instead of table1_name and such, it uses shorter names like table1 and such.

      Test case 2 - causes Thread stack overrun on my build

      CREATE TABLE t1 (column1 INT) ENGINE=MyISAM;
      INSERT INTO t1 VALUES (3),(9);
      CREATE TABLE t2 (column2 INT) ENGINE=MyISAM;
      INSERT INTO t2 VALUES (1),(4);
      CREATE TABLE t3 (column3 INT) ENGINE=MyISAM;
      INSERT INTO t3 VALUES (6),(8);
      CREATE TABLE t4 (column4 INT) ENGINE=MyISAM;
      INSERT INTO t4 VALUES (2),(5);
      PREPARE stmt FROM "
      SELECT ( 
        SELECT MAX( table1.column1 ) AS field1 
        FROM t1 AS table1
        WHERE table3.column3 IN ( SELECT table2.column2 AS field2 FROM t2 AS table2 ) 
      ) AS sq
      FROM t3 AS table3, t4 AS table4 GROUP BY sq
      EXECUTE stmt;
      EXECUTE stmt;


      MariaDB [test]> EXECUTE stmt;
      | sq   |
      | NULL |
      1 row in set (0.00 sec)
      MariaDB [test]> EXECUTE stmt;
      ERROR 1436 (HY000): Thread stack overrun:  263512 bytes used of a 294912 byte stack, and 32000 bytes needed.  Use 'mysqld --thread_stack=#' to specify a bigger stack.


          Issue Links



              • Assignee:
                sanja Oleksandr Byelkin
                elenst Elena Stepanova
              • Votes:
                0 Vote for this issue
                3 Start watching this issue


                • Created: