Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-9690

concurrent queries with virtual columns crash in temporal code

Details

    Description

      MariaDB doesn't seem to be able to run a concurrent SELECT workload on randomly created tables having virtual columns.
      10.1.12 crash details:

      Invalid read of size 8
      at : val_temporal_packed (item.h:1252)
      by: get_datetime_value(THD*, Item***, Item**, enum_field_types, bool*) (item_cmpfunc.cc:742)
      by: Arg_comparator::compare_temporal(enum_field_types) (item_cmpfunc.cc:793)
      by: compare (item_cmpfunc.h:88)
      by: Item_func_le::val_int() (item_cmpfunc.cc:1781)
      by: Item::save_in_field(Field*, bool) (item.cc:5931)
      by: update_virtual_fields(THD*, TABLE*, enum_vcol_update_mode) (table.cc:6897)
      by: rr_sequential(READ_RECORD*) (records.cc:483)
      by: sub_select(JOIN*, st_join_table*, bool) (sql_select.cc:18312)
      by: do_select(JOIN*, List<Item>*, TABLE*, Procedure*) (sql_select.cc:17948)
      by: JOIN::exec_inner() (sql_select.cc:3228)
      by: exec (sql_select.cc:2518)
      by: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3451)
      by: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:384)
      by: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5936)
      by: mysql_execute_command(THD*) (sql_parse.cc:2962)
      by: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:7336)
      by: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1488)
      by: do_command(THD*) (sql_parse.cc:1109)
      by: do_handle_one_connection(THD*) (sql_connect.cc:1349)
      by: handle_one_connection (sql_connect.cc:1261)
      by: start_thread (pthread_create.c:308)
      by: clone (clone.S:113)
      Address 0x2f207463656c6763 is not stack'd, malloc'd or (recently) free'd
      

      On Windows, typical crash is:

      Version: '10.1.12-MariaDB'  socket: ''  port: 3306  mariadb.org binary distribution
      mysqld.exe!get_datetime_value()[item_cmpfunc.cc:746]
      mysqld.exe!Arg_comparator::compare_temporal()[item_cmpfunc.cc:794]
      mysqld.exe!Item_func_ne::val_int()[item_cmpfunc.cc:1759]
      mysqld.exe!Item::val_bool()[item.cc:84]
      mysqld.exe!Item_cond_and::val_int()[item_cmpfunc.cc:4911]
      mysqld.exe!Item::save_in_field()[item.cc:5931]
      mysqld.exe!update_virtual_fields()[table.cc:6888]
      mysqld.exe!rr_sequential()[records.cc:484]
      mysqld.exe!sub_select()[sql_select.cc:18290]
      mysqld.exe!do_select()[sql_select.cc:17948]
      mysqld.exe!JOIN::exec_inner()[sql_select.cc:3228]
      mysqld.exe!JOIN::exec()[sql_select.cc:2519]
      mysqld.exe!mysql_select()[sql_select.cc:3453]
      mysqld.exe!handle_select()[sql_select.cc:384]
      mysqld.exe!execute_sqlcom_select()[sql_parse.cc:5936]
      mysqld.exe!mysql_execute_command()[sql_parse.cc:2962]
      mysqld.exe!mysql_parse()[sql_parse.cc:7341]
      mysqld.exe!dispatch_command()[sql_parse.cc:1491]
      mysqld.exe!do_command()[sql_parse.cc:1109]
      

      How to repeat
      ------------------
      generic readonly test on multiple connections with virtual column tables.
      I will provide a sample of some tables I used, one have to run:

      SELECT * FROM <table>;

      in multiple connections and pick any table randomly.
      Try flushing tables or optimizing them (or recreating) during a run if it is not repeatable.

      Attachments

        1. schema.sql
          39 kB
        2. threads1
          39 kB

        Issue Links

          Activity

            sbester1 sbester1 added a comment -

            In the above valgrind output, "Address 0x2f207463656c6763" is an ascii string fragment.
            I don't have time to build from source and check in debugger what happens further.

            sbester1 sbester1 added a comment - In the above valgrind output, "Address 0x2f207463656c6763" is an ascii string fragment. I don't have time to build from source and check in debugger what happens further.
            elenst Elena Stepanova added a comment - - edited

            Thanks for the report.

            Stack trace from 5.5 commit ceba41c0951d1d8c9b4961772b4a088769814a66

            #3  <signal handler called>
            #4  0x00000000008050a5 in get_datetime_value (thd=0x7fb7a44dc160, item_arg=0x7fb7a1d312c0, cache_arg=0x7fb7a1d31308, warn_item=0x7fb7a1ea3f98, is_null=0x7fb7bc9fc0ee) at /src/5.5/sql/item_cmpfunc.cc:888
            #5  0x0000000000805401 in Arg_comparator::compare_datetime (this=0x7fb7a1d312b8) at /src/5.5/sql/item_cmpfunc.cc:960
            #6  0x000000000081621a in Arg_comparator::compare (this=0x7fb7a1d312b8) at /src/5.5/sql/item_cmpfunc.h:78
            #7  0x00000000008083d0 in Item_func_le::val_int (this=0x7fb7a1d311f0) at /src/5.5/sql/item_cmpfunc.cc:1951
            #8  0x00000000007f11ab in Item::save_in_field (this=0x7fb7a1d311f0, field=0x7fb7a1ea2a60, no_conversions=false) at /src/5.5/sql/item.cc:6119
            #9  0x00000000006f287e in update_virtual_fields (thd=0x7fb7a4fd1820, table=0x7fb79506a060, vcol_update_mode=VCOL_UPDATE_FOR_READ) at /src/5.5/sql/table.cc:6591
            #10 0x00000000008f6a44 in rr_sequential (info=0x7fb7a1e3e328) at /src/5.5/sql/records.cc:480
            #11 0x000000000067ac9e in sub_select (join=0x7fb7a1e39910, join_tab=0x7fb7a1e3e278, end_of_records=false) at /src/5.5/sql/sql_select.cc:16966
            #12 0x000000000067a459 in do_select (join=0x7fb7a1e39910, fields=0x7fb7a4fd5348, table=0x0, procedure=0x0) at /src/5.5/sql/sql_select.cc:16609
            #13 0x0000000000658e2a in JOIN::exec (this=0x7fb7a1e39910) at /src/5.5/sql/sql_select.cc:2873
            #14 0x0000000000659635 in mysql_select (thd=0x7fb7a4fd1820, rref_pointer_array=0x7fb7a4fd54a0, tables=0x7fb7a1e39268, wild_num=1, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7fb7a1e398f0, unit=0x7fb7a4fd4b50, select_lex=0x7fb7a4fd5230) at /src/5.5/sql/sql_select.cc:3094
            #15 0x000000000064fed1 in handle_select (thd=0x7fb7a4fd1820, lex=0x7fb7a4fd4aa0, result=0x7fb7a1e398f0, setup_tables_done_option=0) at /src/5.5/sql/sql_select.cc:319
            #16 0x0000000000629364 in execute_sqlcom_select (thd=0x7fb7a4fd1820, all_tables=0x7fb7a1e39268) at /src/5.5/sql/sql_parse.cc:4689
            #17 0x0000000000622697 in mysql_execute_command (thd=0x7fb7a4fd1820) at /src/5.5/sql/sql_parse.cc:2234
            #18 0x000000000062be44 in mysql_parse (thd=0x7fb7a4fd1820, rawbuf=0x7fb7a1e39078 "SELECT * FROM t0007", length=19, parser_state=0x7fb7bc9fd6a0) at /src/5.5/sql/sql_parse.cc:5914
            #19 0x000000000061fc36 in dispatch_command (command=COM_QUERY, thd=0x7fb7a4fd1820, packet=0x7fb7a4fdca21 "", packet_length=19) at /src/5.5/sql/sql_parse.cc:1079
            #20 0x000000000061edc9 in do_command (thd=0x7fb7a4fd1820) at /src/5.5/sql/sql_parse.cc:793
            #21 0x000000000072185f in do_handle_one_connection (thd_arg=0x7fb7a4fd1820) at /src/5.5/sql/sql_connect.cc:1269
            #22 0x00000000007215ec in handle_one_connection (arg=0x7fb7a4fd1820) at /src/5.5/sql/sql_connect.cc:1185
            #23 0x00007fb7bed7a0a4 in start_thread () from /lib64/libpthread.so.0
            #24 0x00007fb7bd76904d in clone () from /lib64/libc.so.6
            

            All threads' stack trace is attached.

            To reproduce, do as described in the report.
            For example,

            • start the server (all defaults will do);
            • feed the attached schema.sql to the test database;
            • run RQG test with this grammar and command line:

              perl ./gentest.pl --dsn="dbi:mysql:user=root:host=127.0.0.1:port=3306:database=test" --grammar=mdev9690.yy --threads=8 --duration=100 --queries=100M
              

              mdev9690.yy

              thread1:
                  select | select | select | select | select | select | select | select | select | 
                  flush | optimize ;    
               
              query:
                  select ;
               
              flush:
                  FLUSH TABLES;
               
              optimize:
                  OPTIMIZE TABLE my_table ;
               
              select:
              	SELECT * FROM my_table ;
               
              my_table:
              	t0000 | t0001 | t0002 | t0003 | t0004 | t0005 | t0006 | t0007 | t0008 | t0009 |
              	t0010 | t0011 | t0012 | t0013 | t0014 | t0015 | t0016 | t0018 | t0019 |
              	t0020 | t0021 | t0022 | t0023 | t0025 | t0026 | t0027 | t0028 | t0029
              ;
              

            The crash does not happen always, you might need to try several times, or maybe try to increase the duration of the test.

            If you want to try to catch valgrind warnings, run the server under valgrind, the rest is the same.
            I didn't get valgrind errors on some reason, neither on valgrind build, nor on debug non-valgrind build, nor on release build. Maybe it's the matter of luck too.

            elenst Elena Stepanova added a comment - - edited Thanks for the report. Stack trace from 5.5 commit ceba41c0951d1d8c9b4961772b4a088769814a66 #3 <signal handler called> #4 0x00000000008050a5 in get_datetime_value (thd=0x7fb7a44dc160, item_arg=0x7fb7a1d312c0, cache_arg=0x7fb7a1d31308, warn_item=0x7fb7a1ea3f98, is_null=0x7fb7bc9fc0ee) at /src/5.5/sql/item_cmpfunc.cc:888 #5 0x0000000000805401 in Arg_comparator::compare_datetime (this=0x7fb7a1d312b8) at /src/5.5/sql/item_cmpfunc.cc:960 #6 0x000000000081621a in Arg_comparator::compare (this=0x7fb7a1d312b8) at /src/5.5/sql/item_cmpfunc.h:78 #7 0x00000000008083d0 in Item_func_le::val_int (this=0x7fb7a1d311f0) at /src/5.5/sql/item_cmpfunc.cc:1951 #8 0x00000000007f11ab in Item::save_in_field (this=0x7fb7a1d311f0, field=0x7fb7a1ea2a60, no_conversions=false) at /src/5.5/sql/item.cc:6119 #9 0x00000000006f287e in update_virtual_fields (thd=0x7fb7a4fd1820, table=0x7fb79506a060, vcol_update_mode=VCOL_UPDATE_FOR_READ) at /src/5.5/sql/table.cc:6591 #10 0x00000000008f6a44 in rr_sequential (info=0x7fb7a1e3e328) at /src/5.5/sql/records.cc:480 #11 0x000000000067ac9e in sub_select (join=0x7fb7a1e39910, join_tab=0x7fb7a1e3e278, end_of_records=false) at /src/5.5/sql/sql_select.cc:16966 #12 0x000000000067a459 in do_select (join=0x7fb7a1e39910, fields=0x7fb7a4fd5348, table=0x0, procedure=0x0) at /src/5.5/sql/sql_select.cc:16609 #13 0x0000000000658e2a in JOIN::exec (this=0x7fb7a1e39910) at /src/5.5/sql/sql_select.cc:2873 #14 0x0000000000659635 in mysql_select (thd=0x7fb7a4fd1820, rref_pointer_array=0x7fb7a4fd54a0, tables=0x7fb7a1e39268, wild_num=1, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7fb7a1e398f0, unit=0x7fb7a4fd4b50, select_lex=0x7fb7a4fd5230) at /src/5.5/sql/sql_select.cc:3094 #15 0x000000000064fed1 in handle_select (thd=0x7fb7a4fd1820, lex=0x7fb7a4fd4aa0, result=0x7fb7a1e398f0, setup_tables_done_option=0) at /src/5.5/sql/sql_select.cc:319 #16 0x0000000000629364 in execute_sqlcom_select (thd=0x7fb7a4fd1820, all_tables=0x7fb7a1e39268) at /src/5.5/sql/sql_parse.cc:4689 #17 0x0000000000622697 in mysql_execute_command (thd=0x7fb7a4fd1820) at /src/5.5/sql/sql_parse.cc:2234 #18 0x000000000062be44 in mysql_parse (thd=0x7fb7a4fd1820, rawbuf=0x7fb7a1e39078 "SELECT * FROM t0007", length=19, parser_state=0x7fb7bc9fd6a0) at /src/5.5/sql/sql_parse.cc:5914 #19 0x000000000061fc36 in dispatch_command (command=COM_QUERY, thd=0x7fb7a4fd1820, packet=0x7fb7a4fdca21 "", packet_length=19) at /src/5.5/sql/sql_parse.cc:1079 #20 0x000000000061edc9 in do_command (thd=0x7fb7a4fd1820) at /src/5.5/sql/sql_parse.cc:793 #21 0x000000000072185f in do_handle_one_connection (thd_arg=0x7fb7a4fd1820) at /src/5.5/sql/sql_connect.cc:1269 #22 0x00000000007215ec in handle_one_connection (arg=0x7fb7a4fd1820) at /src/5.5/sql/sql_connect.cc:1185 #23 0x00007fb7bed7a0a4 in start_thread () from /lib64/libpthread.so.0 #24 0x00007fb7bd76904d in clone () from /lib64/libc.so.6 All threads' stack trace is attached. To reproduce, do as described in the report. For example, start the server (all defaults will do); feed the attached schema.sql to the test database; run RQG test with this grammar and command line: perl ./gentest.pl --dsn="dbi:mysql:user=root:host=127.0.0.1:port=3306:database=test" --grammar=mdev9690.yy --threads=8 --duration=100 --queries=100M mdev9690.yy thread1: select | select | select | select | select | select | select | select | select | flush | optimize ;   query: select ;   flush: FLUSH TABLES;   optimize: OPTIMIZE TABLE my_table ;   select: SELECT * FROM my_table ;   my_table: t0000 | t0001 | t0002 | t0003 | t0004 | t0005 | t0006 | t0007 | t0008 | t0009 | t0010 | t0011 | t0012 | t0013 | t0014 | t0015 | t0016 | t0018 | t0019 | t0020 | t0021 | t0022 | t0023 | t0025 | t0026 | t0027 | t0028 | t0029 ; The crash does not happen always, you might need to try several times, or maybe try to increase the duration of the test. If you want to try to catch valgrind warnings, run the server under valgrind, the rest is the same. I didn't get valgrind errors on some reason, neither on valgrind build, nor on debug non-valgrind build, nor on release build. Maybe it's the matter of luck too.
            sbester1 sbester1 added a comment -

            Also crashes this version:
            Version: '10.2.1-MariaDB' socket: '' port: 3306 mariadb.org binary distribution
            160827 20:45:03 [ERROR] mysqld got exception 0xc0000005 ;
            mysqld.exe!Item_func_min_max::get_date()[item_func.cc:2881]
            mysqld.exe!Item::val_string_from_date()[item.cc:297]
            mysqld.exe!Item::save_in_field()[item.cc:5973]
            mysqld.exe!update_virtual_fields()[table.cc:7251]
            mysqld.exe!rr_sequential()[records.cc:488]
            mysqld.exe!sub_select()[sql_select.cc:18297]
            mysqld.exe!do_select()[sql_select.cc:17843]
            mysqld.exe!JOIN::exec_inner()[sql_select.cc:3343]
            mysqld.exe!JOIN::exec()[sql_select.cc:3154]
            mysqld.exe!mysql_select()[sql_select.cc:3539]
            mysqld.exe!handle_select()[sql_select.cc:377]
            mysqld.exe!execute_sqlcom_select()[sql_parse.cc:6309]
            mysqld.exe!mysql_execute_command()[sql_parse.cc:3352]
            mysqld.exe!mysql_parse()[sql_parse.cc:7746]
            mysqld.exe!dispatch_command()[sql_parse.cc:1793]
            mysqld.exe!do_command()[sql_parse.cc:1353]
            mysqld.exe!threadpool_process_request()[threadpool_common.cc:252]
            mysqld.exe!io_completion_callback()[threadpool_win.cc:462]

            Query (0x206d07e0): select * from t0027

            sbester1 sbester1 added a comment - Also crashes this version: Version: '10.2.1-MariaDB' socket: '' port: 3306 mariadb.org binary distribution 160827 20:45:03 [ERROR] mysqld got exception 0xc0000005 ; mysqld.exe!Item_func_min_max::get_date() [item_func.cc:2881] mysqld.exe!Item::val_string_from_date() [item.cc:297] mysqld.exe!Item::save_in_field() [item.cc:5973] mysqld.exe!update_virtual_fields() [table.cc:7251] mysqld.exe!rr_sequential() [records.cc:488] mysqld.exe!sub_select() [sql_select.cc:18297] mysqld.exe!do_select() [sql_select.cc:17843] mysqld.exe!JOIN::exec_inner() [sql_select.cc:3343] mysqld.exe!JOIN::exec() [sql_select.cc:3154] mysqld.exe!mysql_select() [sql_select.cc:3539] mysqld.exe!handle_select() [sql_select.cc:377] mysqld.exe!execute_sqlcom_select() [sql_parse.cc:6309] mysqld.exe!mysql_execute_command() [sql_parse.cc:3352] mysqld.exe!mysql_parse() [sql_parse.cc:7746] mysqld.exe!dispatch_command() [sql_parse.cc:1793] mysqld.exe!do_command() [sql_parse.cc:1353] mysqld.exe!threadpool_process_request() [threadpool_common.cc:252] mysqld.exe!io_completion_callback() [threadpool_win.cc:462] Query (0x206d07e0): select * from t0027

            People

              serg Sergei Golubchik
              sbester1 sbester1
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.