Details
Critical Description
The test cases below fail as described on 5.5-MDEV-7445-sanja revno 4426.
It's unclear whether the initial problem existed before bugfixes from the working tree, because
when the test cases are run on the main 5.5 tree (86f46a3da4a6d82cb510dc4c270d46cfd6a8965b), both fail at 'Assertion `in_subs->left_expr->fixed'' – that is, they hit MDEV-7445 or MDEV-7565. It might either mean that the bugfixes introduced a regression, or that the existing problem was masked by these two bugs and now, after they are fixed, it shows up.
|
Test case 1 -- causes crash on my build |
CREATE TABLE t1 (column1_name INT) ENGINE=MyISAM; |
INSERT INTO t1 VALUES (3),(9); |
|
|
CREATE TABLE t2 (column2_name INT) ENGINE=MyISAM; |
INSERT INTO t2 VALUES (1),(4); |
|
|
CREATE TABLE t3 (column3_name INT) ENGINE=MyISAM; |
INSERT INTO t3 VALUES (6),(8); |
|
|
CREATE TABLE t4 (column4_name INT) ENGINE=MyISAM; |
INSERT INTO t4 VALUES (2),(5); |
|
|
PREPARE stmt FROM " |
SELECT (
|
SELECT MAX( table1_name.column1_name ) AS field1_name
|
FROM t1 AS table1_name
|
WHERE table3_name.column3_name IN ( SELECT table2_name.column2_name AS field2_name FROM t2 AS table2_name )
|
) AS sq
|
FROM t3 AS table3_name, t4 AS table4_name GROUP BY sq
|
"; |
|
|
EXECUTE stmt; |
EXECUTE stmt; |
|
Stack trace from 5.5-MDEV-7445-sanja revno 4426 |
#2 0x00000000007f0ce3 in handle_fatal_signal (sig=11) at sql/signal_handler.cc:262
|
#3 <signal handler called>
|
#4 0x000000000084c84c in Item_func::fix_fields (this=0x7f75714451d8, thd=0x7f7572118000, ref=0x7f7571416c68) at sql/item_func.cc:204
|
#5 0x000000000082f0b1 in Item_cond::fix_fields (this=0x7f757147af18, thd=0x7f7572118000, ref=0x7f75714506a0) at sql/item_cmpfunc.cc:4352
|
#6 0x00000000005e24dd in setup_conds (thd=0x7f7572118000, tables=0x7f757144e418, leaves=..., conds=0x7f75714506a0) at sql/sql_base.cc:8891
|
#7 0x00000000006a5fb9 in setup_without_group (thd=0x7f7572118000, ref_pointer_array=0x7f757147add8, tables=0x7f757144e418, leaves=..., fields=..., all_fields=..., conds=0x7f75714506a0, order=0x0, group=0x0, hidden_group_fields=0x7f7571450548) at sql/sql_select.cc:577
|
#8 0x0000000000664b31 in JOIN::prepare (this=0x7f7571450218, rref_pointer_array=0x7f75715526d8, tables_init=0x7f757144e418, wild_num=0, conds_init=0x7f757147af18, og_num=0, order_init=0x0, skip_order_by=false, group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x7f7571552418, unit_arg=0x7f757157c018) at sql/sql_select.cc:727
|
#9 0x000000000088d8d8 in subselect_single_select_engine::prepare (this=0x7f75714142d8) at sql/item_subselect.cc:3032
|
#10 0x0000000000886181 in Item_subselect::fix_fields (this=0x7f757147ab58, thd_param=0x7f7572118000, ref=0x7f7571416ab8) at sql/item_subselect.cc:245
|
#11 0x00000000005e07f7 in setup_fields (thd=0x7f7572118000, ref_pointer_array=0x7f757140e918, fields=..., mark_used_columns=MARK_COLUMNS_READ, sum_func_list=0x7f757144ff78, allow_sum_func=true) at sql/sql_base.cc:8166
|
#12 0x0000000000664a79 in JOIN::prepare (this=0x7f757144fc18, rref_pointer_array=0x7f7571506a88, tables_init=0x7f757144f018, wild_num=0, conds_init=0x0, og_num=1, order_init=0x0, skip_order_by=false, group_init=0x7f7571414338, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x7f75715067c8, unit_arg=0x7f75715060c8) at sql/sql_select.cc:723
|
#13 0x000000000066d415 in mysql_select (thd=0x7f7572118000, rref_pointer_array=0x7f7571506a88, tables=0x7f757144f018, wild_num=0, fields=..., conds=0x0, og_num=1, order=0x0, group=0x7f7571414338, having=0x0, proc_param=0x0, select_options=2416184064, result=0x7f7571444058, unit=0x7f75715060c8, select_lex=0x7f75715067c8) at sql/sql_select.cc:3074
|
#14 0x0000000000663d47 in handle_select (thd=0x7f7572118000, lex=0x7f7571506018, result=0x7f7571444058, setup_tables_done_option=0) at sql/sql_select.cc:319
|
#15 0x000000000063c177 in execute_sqlcom_select (thd=0x7f7572118000, all_tables=0x7f757144f018) at sql/sql_parse.cc:4689
|
#16 0x0000000000635350 in mysql_execute_command (thd=0x7f7572118000) at sql/sql_parse.cc:2234
|
#17 0x00000000006569ff in Prepared_statement::execute (this=0x7f75714fc600, expanded_query=0x7f7571fb4c50, open_cursor=false) at sql/sql_prepare.cc:3928
|
#18 0x0000000000655b16 in Prepared_statement::execute_loop (this=0x7f75714fc600, expanded_query=0x7f7571fb4c50, open_cursor=false, packet=0x0, packet_end=0x0) at sql/sql_prepare.cc:3587
|
#19 0x0000000000653c3a in mysql_sql_stmt_execute (thd=0x7f7572118000) at sql/sql_prepare.cc:2737
|
#20 0x000000000063537e in mysql_execute_command (thd=0x7f7572118000) at sql/sql_parse.cc:2244
|
#21 0x000000000063ec7c in mysql_parse (thd=0x7f7572118000, rawbuf=0x7f757141c178 "EXECUTE stmt", length=12, parser_state=0x7f7571fb5610) at sql/sql_parse.cc:5909
|
#22 0x0000000000632897 in dispatch_command (command=COM_QUERY, thd=0x7f7572118000, packet=0x7f757218c001 "EXECUTE stmt", packet_length=12) at sql/sql_parse.cc:1079
|
#23 0x0000000000631a23 in do_command (thd=0x7f7572118000) at sql/sql_parse.cc:793
|
#24 0x0000000000739a04 in do_handle_one_connection (thd_arg=0x7f7572118000) at sql/sql_connect.cc:1266
|
#25 0x00000000007394c3 in handle_one_connection (arg=0x7f7572118000) at sql/sql_connect.cc:1181
|
#26 0x0000000000b83393 in pfs_spawn_thread (arg=0x7f75763ed850) at storage/perfschema/pfs.cc:1015
|
#27 0x00007f7577fd4b50 in start_thread (arg=<optimized out>) at pthread_create.c:304
|
#28 0x00007f75768e270d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
|
The next test case differs from the first one only in names – instead of table1_name and such, it uses shorter names like table1 and such.
|
Test case 2 - causes Thread stack overrun on my build |
CREATE TABLE t1 (column1 INT) ENGINE=MyISAM; |
INSERT INTO t1 VALUES (3),(9); |
|
|
CREATE TABLE t2 (column2 INT) ENGINE=MyISAM; |
|
|
INSERT INTO t2 VALUES (1),(4); |
|
|
CREATE TABLE t3 (column3 INT) ENGINE=MyISAM; |
INSERT INTO t3 VALUES (6),(8); |
|
|
CREATE TABLE t4 (column4 INT) ENGINE=MyISAM; |
INSERT INTO t4 VALUES (2),(5); |
|
|
PREPARE stmt FROM " |
SELECT (
|
SELECT MAX( table1.column1 ) AS field1
|
FROM t1 AS table1
|
WHERE table3.column3 IN ( SELECT table2.column2 AS field2 FROM t2 AS table2 )
|
) AS sq
|
FROM t3 AS table3, t4 AS table4 GROUP BY sq
|
"; |
|
|
EXECUTE stmt; |
EXECUTE stmt; |
|
Results |
MariaDB [test]> EXECUTE stmt;
|
+------+
|
| sq |
|
+------+
|
| NULL |
|
+------+
|
1 row in set (0.00 sec)
|
|
|
MariaDB [test]> EXECUTE stmt;
|
ERROR 1436 (HY000): Thread stack overrun: 263512 bytes used of a 294912 byte stack, and 32000 bytes needed. Use 'mysqld --thread_stack=#' to specify a bigger stack.
|
Attachments
Issue Links
Activity
| Status | Open [ 1 ] | In Progress [ 3 ] |
| Status | In Progress [ 3 ] | Stalled [ 10000 ] |
| Status | Stalled [ 10000 ] | In Progress [ 3 ] |
Prohibiting SemiJoins (semijoin=off) lead to crash on the very first run (try to use freed variable). So problem can be deeper than I am trying to find (or it is other problem).
There was 2 bugs:
1) with no semijoins (fixed now in the local tree)
2) wrong second execution of semijoin (it looks like it try to resolve the query without semijoin second time)
convert_subq_to_sj() creates '=' which then use left expression which reverted.
revno: 4427
revision-id: sanja@askmonty.org-20150414110944-3risvtoe466tcdqe
parent: sanja@askmonty.org-20150322144316-hcqa7sfvn871p06l
committer: sanja@askmonty.org
branch nick: work-maria-MDEV-7445
timestamp: Tue 2015-04-14 13:09:44 +0200
message:
MDEV-7846: Server crashes in Item_subselect::fix_fields or fails with Thread stack overrun
Substitute into transformed subselects original left expression and than register its change in case it was substituted.
patch-4427.diff
| Assignee | Oleksandr Byelkin [ sanja ] | Sergei Petrunia [ psergey ] |
| Status | In Progress [ 3 ] | In Review [ 10002 ] |
| Workflow | MariaDB v2 [ 60237 ] | MariaDB v3 [ 66090 ] |
| Sprint | Sprint 1 [ 4 ] |
| Assignee | Sergei Petrunia [ psergey ] | Sergei Golubchik [ serg ] |
| Sprint | 5.5.44 [ 4 ] | 5.5.44, 10.0.20 [ 4, 5 ] |
| Rank | Ranked higher |
| Sprint | 5.5.44, 10.0.20 [ 4, 5 ] | 5.5.44 [ 4 ] |
| Rank | Ranked lower |
| Priority | Major [ 3 ] | Critical [ 2 ] |
| Link | This issue blocks TODO-713 [ TODO-713 ] |
| Sprint | 5.5.44 [ 4 ] | 5.5.44, 5.5.45 [ 4, 9 ] |
| Rank | Ranked lower |
| Assignee | Sergei Golubchik [ serg ] | Oleksandr Byelkin [ sanja ] |
| Status | In Review [ 10002 ] | Stalled [ 10000 ] |
| Sprint | 5.5.44, 5.5.45 [ 4, 9 ] | 5.5.44, 5.5.45, 10.1.7-1 [ 4, 9, 10 ] |
| Rank | Ranked higher |
revision-id: ee656a4aabb5ebbe973b7e4c99be83eb5dc8c0ce
parent(s): 9f8a458fb2d07298810bb5d9824ce728017bfb32
committer: Oleksandr Byelkin
branch nick: server
timestamp: 2015-08-05 11:57:35 +0200
message:
MDEV-7846: postreview fix
—
2. On prepare we do only changes which should be done in any case, everything else belong to optimization (it is general rule).
| Assignee | Oleksandr Byelkin [ sanja ] | Sergei Golubchik [ serg ] |
| Status | Stalled [ 10000 ] | In Review [ 10002 ] |
| Sprint | 5.5.44, 5.5.45, 10.1.7-1 [ 4, 9, 10 ] | 5.5.44, 5.5.45 [ 4, 9 ] |
| Assignee | Sergei Golubchik [ serg ] | Oleksandr Byelkin [ sanja ] |
| Status | In Review [ 10002 ] | Stalled [ 10000 ] |
| Status | Stalled [ 10000 ] | In Progress [ 3 ] |
| Sprint | 5.5.44, 5.5.45 [ 4, 9 ] | 5.5.44, 5.5.45, 10.1.8-3 [ 4, 9, 15 ] |
| Rank | Ranked lower |
| Status | In Progress [ 3 ] | Stalled [ 10000 ] |
| Rank | Ranked higher |
| Sprint | 5.5.44, 5.5.45, 10.1.8-3 [ 4, 9, 15 ] | 5.5.44, 5.5.45, 10.1.8-3, 10.1.8-4 [ 4, 9, 15, 16 ] |
| Rank | Ranked higher |
revision-id: 74f1ae282f9395dd704f94c5f21acbee35de898c (mariadb-5.5.45-15-g74f1ae2)
parent(s): e3ad2f4e545101bd1f48001225df03bab6865e5c
committer: Oleksandr Byelkin
timestamp: 2015-10-06 12:07:46 +0200
message:
MDEV-7846: postreview fix
—
(Also see e-mail, pls.)
| Assignee | Oleksandr Byelkin [ sanja ] | Sergei Golubchik [ serg ] |
| Status | Stalled [ 10000 ] | In Review [ 10002 ] |
revision-id: fda299c0ef718adf2724155991507e390dc697a4 (mariadb-5.5.45-15-gfda299c)
parent(s): e3ad2f4e545101bd1f48001225df03bab6865e5c
committer: Oleksandr Byelkin
timestamp: 2015-10-06 13:01:44 +0200
message:
MDEV-7846: postreview fix
—
| Assignee | Sergei Golubchik [ serg ] | Oleksandr Byelkin [ sanja ] |
| Status | In Review [ 10002 ] | Stalled [ 10000 ] |
| Fix Version/s | 10.0.22 [ 19700 ] | |
| Fix Version/s | 10.1.8 [ 19605 ] | |
| Fix Version/s | 5.5.46 [ 19603 ] | |
| Fix Version/s | 10.0 [ 16000 ] | |
| Fix Version/s | 5.5 [ 15800 ] | |
| Fix Version/s | 10.1 [ 16100 ] | |
| Resolution | Fixed [ 1 ] | |
| Status | Stalled [ 10000 ] | Closed [ 6 ] |
| Workflow | MariaDB v3 [ 66090 ] | MariaDB v4 [ 148945 ] |
Maybe I was wrong about nature of this bug.
Item_in_subselect::single_value_transformer called only on the second run...