[MDEV-7846] Server crashes in Item_subselect::fix_fields or fails with Thread stack overrun - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Critical
Resolution: Fixed
Affects Version/s: N/A
Fix Version/s: 5.5.46, 10.0.22, 10.1.8
Component/s: Optimizer
Labels:
- verified

Sprint:
5.5.44, 5.5.45, 10.1.8-3, 10.1.8-4

Description

The test cases below fail as described on 5.5-~~MDEV-7445~~-sanja revno 4426.

It's unclear whether the initial problem existed before bugfixes from the working tree, because
when the test cases are run on the main 5.5 tree (86f46a3da4a6d82cb510dc4c270d46cfd6a8965b), both fail at 'Assertion `in_subs->left_expr->fixed'' – that is, they hit ~~MDEV-7445~~ or ~~MDEV-7565~~. It might either mean that the bugfixes introduced a regression, or that the existing problem was masked by these two bugs and now, after they are fixed, it shows up.

Test case 1 -- causes crash on my build
CREATE TABLE t1 (column1_name INT) ENGINE=MyISAM;
INSERT INTO t1 VALUES (3),(9);

CREATE TABLE t2 (column2_name INT) ENGINE=MyISAM;
INSERT INTO t2 VALUES (1),(4);

CREATE TABLE t3 (column3_name INT) ENGINE=MyISAM;
INSERT INTO t3 VALUES (6),(8);

CREATE TABLE t4 (column4_name INT) ENGINE=MyISAM;
INSERT INTO t4 VALUES (2),(5);

PREPARE stmt FROM "
SELECT (
SELECT MAX( table1_name.column1_name ) AS field1_name
FROM t1 AS table1_name
WHERE table3_name.column3_name IN ( SELECT table2_name.column2_name AS field2_name FROM t2 AS table2_name )
) AS sq
FROM t3 AS table3_name, t4 AS table4_name GROUP BY sq
";

EXECUTE stmt;
EXECUTE stmt;

Stack trace from 5.5-MDEV-7445-sanja revno 4426
#2 0x00000000007f0ce3 in handle_fatal_signal (sig=11) at sql/signal_handler.cc:262
#3 <signal handler called>
#4 0x000000000084c84c in Item_func::fix_fields (this=0x7f75714451d8, thd=0x7f7572118000, ref=0x7f7571416c68) at sql/item_func.cc:204
#5 0x000000000082f0b1 in Item_cond::fix_fields (this=0x7f757147af18, thd=0x7f7572118000, ref=0x7f75714506a0) at sql/item_cmpfunc.cc:4352
#6 0x00000000005e24dd in setup_conds (thd=0x7f7572118000, tables=0x7f757144e418, leaves=..., conds=0x7f75714506a0) at sql/sql_base.cc:8891
#7 0x00000000006a5fb9 in setup_without_group (thd=0x7f7572118000, ref_pointer_array=0x7f757147add8, tables=0x7f757144e418, leaves=..., fields=..., all_fields=..., conds=0x7f75714506a0, order=0x0, group=0x0, hidden_group_fields=0x7f7571450548) at sql/sql_select.cc:577
#8 0x0000000000664b31 in JOIN::prepare (this=0x7f7571450218, rref_pointer_array=0x7f75715526d8, tables_init=0x7f757144e418, wild_num=0, conds_init=0x7f757147af18, og_num=0, order_init=0x0, skip_order_by=false, group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x7f7571552418, unit_arg=0x7f757157c018) at sql/sql_select.cc:727
#9 0x000000000088d8d8 in subselect_single_select_engine::prepare (this=0x7f75714142d8) at sql/item_subselect.cc:3032
#10 0x0000000000886181 in Item_subselect::fix_fields (this=0x7f757147ab58, thd_param=0x7f7572118000, ref=0x7f7571416ab8) at sql/item_subselect.cc:245
#11 0x00000000005e07f7 in setup_fields (thd=0x7f7572118000, ref_pointer_array=0x7f757140e918, fields=..., mark_used_columns=MARK_COLUMNS_READ, sum_func_list=0x7f757144ff78, allow_sum_func=true) at sql/sql_base.cc:8166
#12 0x0000000000664a79 in JOIN::prepare (this=0x7f757144fc18, rref_pointer_array=0x7f7571506a88, tables_init=0x7f757144f018, wild_num=0, conds_init=0x0, og_num=1, order_init=0x0, skip_order_by=false, group_init=0x7f7571414338, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x7f75715067c8, unit_arg=0x7f75715060c8) at sql/sql_select.cc:723
#13 0x000000000066d415 in mysql_select (thd=0x7f7572118000, rref_pointer_array=0x7f7571506a88, tables=0x7f757144f018, wild_num=0, fields=..., conds=0x0, og_num=1, order=0x0, group=0x7f7571414338, having=0x0, proc_param=0x0, select_options=2416184064, result=0x7f7571444058, unit=0x7f75715060c8, select_lex=0x7f75715067c8) at sql/sql_select.cc:3074
#14 0x0000000000663d47 in handle_select (thd=0x7f7572118000, lex=0x7f7571506018, result=0x7f7571444058, setup_tables_done_option=0) at sql/sql_select.cc:319
#15 0x000000000063c177 in execute_sqlcom_select (thd=0x7f7572118000, all_tables=0x7f757144f018) at sql/sql_parse.cc:4689
#16 0x0000000000635350 in mysql_execute_command (thd=0x7f7572118000) at sql/sql_parse.cc:2234
#17 0x00000000006569ff in Prepared_statement::execute (this=0x7f75714fc600, expanded_query=0x7f7571fb4c50, open_cursor=false) at sql/sql_prepare.cc:3928
#18 0x0000000000655b16 in Prepared_statement::execute_loop (this=0x7f75714fc600, expanded_query=0x7f7571fb4c50, open_cursor=false, packet=0x0, packet_end=0x0) at sql/sql_prepare.cc:3587
#19 0x0000000000653c3a in mysql_sql_stmt_execute (thd=0x7f7572118000) at sql/sql_prepare.cc:2737
#20 0x000000000063537e in mysql_execute_command (thd=0x7f7572118000) at sql/sql_parse.cc:2244
#21 0x000000000063ec7c in mysql_parse (thd=0x7f7572118000, rawbuf=0x7f757141c178 "EXECUTE stmt", length=12, parser_state=0x7f7571fb5610) at sql/sql_parse.cc:5909
#22 0x0000000000632897 in dispatch_command (command=COM_QUERY, thd=0x7f7572118000, packet=0x7f757218c001 "EXECUTE stmt", packet_length=12) at sql/sql_parse.cc:1079
#23 0x0000000000631a23 in do_command (thd=0x7f7572118000) at sql/sql_parse.cc:793
#24 0x0000000000739a04 in do_handle_one_connection (thd_arg=0x7f7572118000) at sql/sql_connect.cc:1266
#25 0x00000000007394c3 in handle_one_connection (arg=0x7f7572118000) at sql/sql_connect.cc:1181
#26 0x0000000000b83393 in pfs_spawn_thread (arg=0x7f75763ed850) at storage/perfschema/pfs.cc:1015
#27 0x00007f7577fd4b50 in start_thread (arg=<optimized out>) at pthread_create.c:304
#28 0x00007f75768e270d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112

The next test case differs from the first one only in names – instead of table1_name and such, it uses shorter names like table1 and such.

Test case 2 - causes Thread stack overrun on my build
CREATE TABLE t1 (column1 INT) ENGINE=MyISAM;
INSERT INTO t1 VALUES (3),(9);

CREATE TABLE t2 (column2 INT) ENGINE=MyISAM;

INSERT INTO t2 VALUES (1),(4);

CREATE TABLE t3 (column3 INT) ENGINE=MyISAM;
INSERT INTO t3 VALUES (6),(8);

CREATE TABLE t4 (column4 INT) ENGINE=MyISAM;
INSERT INTO t4 VALUES (2),(5);

PREPARE stmt FROM "
SELECT (
SELECT MAX( table1.column1 ) AS field1
FROM t1 AS table1
WHERE table3.column3 IN ( SELECT table2.column2 AS field2 FROM t2 AS table2 )
) AS sq
FROM t3 AS table3, t4 AS table4 GROUP BY sq
";

EXECUTE stmt;
EXECUTE stmt;

Results
MariaDB [test]> EXECUTE stmt;
+------+
\| sq \|
+------+
\| NULL \|
+------+
1 row in set (0.00 sec)

MariaDB [test]> EXECUTE stmt;
ERROR 1436 (HY000): Thread stack overrun: 263512 bytes used of a 294912 byte stack, and 32000 bytes needed. Use 'mysqld --thread_stack=#' to specify a bigger stack.

Attachments

Issue Links

relates to

MDEV-8833 Crash of server on prepared statement with conversion to semi-join

Closed

MDEV-8902 Row IN subquery with semi-join and PS re-execution

Closed

MDEV-7445 Server crash with Signal 6

Closed

MDEV-7565 Server crash with Signal 6 (part 2)

Closed

Activity

Transition	Time In Source Status	Execution Times

Oleksandr Byelkin made transition - 2015-03-27 16:05

Open

In Progress

1d 1h 40m

Oleksandr Byelkin made transition - 2015-04-14 14:11

In Progress

In Review

4d 3h 22m

Oleksandr Byelkin made transition - 2015-09-23 11:26

Stalled

In Progress

60d 16h 35m

Oleksandr Byelkin made transition - 2015-09-24 14:13

In Progress

Stalled

3d 2h 32m

Oleksandr Byelkin made transition - 2015-10-06 13:16

Stalled

In Review

17d 16h 47m

Oleksandr Byelkin made transition - 2015-10-06 14:50

In Review

Stalled

107d 7h 26m

Oleksandr Byelkin made transition - 2015-10-06 14:50

Stalled

Closed

21s

People

Assignee:: Oleksandr Byelkin

Reporter:: Elena Stepanova

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2015-03-26 14:25

Updated:: 2015-10-06 14:50

Resolved:: 2015-10-06 14:50

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server

Details

Description

Attachments

Issue Links

Activity

People

Dates

Git Integration