[MDEV-10693] Server crashes in in next_depth_first_tab Created: 2016-08-28  Updated: 2022-08-06  Resolved: 2017-04-25

Status: Closed
Project: MariaDB Server
Component/s: Optimizer
Affects Version/s: 5.5, 10.0, 10.1, 10.2
Fix Version/s: 5.5.56

Type: Bug Priority: Major
Reporter: Elena Stepanova Assignee: Igor Babaev
Resolution: Fixed Votes: 0
Labels: None

Issue Links:
Relates
relates to MDEV-29263 SIGSEGV in JOIN::get_partial_cost_and... Closed

 Description   

It seems that MDEV-7823 hasn't been completely fixed.

#3  <signal handler called>
 
#4  0x000000000064593b in next_depth_first_tab (join=0x7f1eef8ee930, tab=0x7f1eef933540) at /data/src/5.5/sql/sql_select.cc:7674
 
#5  0x00000000006438fc in JOIN::get_partial_cost_and_fanout (this=0x7f1eef8ee930, end_tab_idx=61, filter_map=18446744073709551615, read_time_arg=0x7f1f002456b8, record_count_arg=0x7f1f002456c0) at /data/src/5.5/sql/sql_select.cc:6736
 
#6  0x0000000000745c6b in JOIN::choose_subquery_plan (this=0x7f1eef907888, join_tables=1) at /data/src/5.5/sql/opt_subselect.cc:5495
 
#7  0x000000000063c626 in make_join_statistics (join=0x7f1eef907888, tables_list=..., conds=0x0, keyuse_array=0x7f1eef907ba0) at /data/src/5.5/sql/sql_select.cc:3826
 
#8  0x000000000063339a in JOIN::optimize (this=0x7f1eef907888) at /data/src/5.5/sql/sql_select.cc:1229
 
#9  0x000000000084cdb4 in subselect_single_select_engine::exec (this=0x7f1eef8ee058) at /data/src/5.5/sql/item_subselect.cc:3158
 
#10 0x0000000000845e7e in Item_subselect::exec (this=0x7f1eef8edea8) at /data/src/5.5/sql/item_subselect.cc:661
 
#11 0x00000000008463b6 in Item_in_subselect::exec (this=0x7f1eef8edea8) at /data/src/5.5/sql/item_subselect.cc:834
 
#12 0x000000000084881f in Item_in_subselect::val_bool (this=0x7f1eef8edea8) at /data/src/5.5/sql/item_subselect.cc:1660
 
#13 0x000000000056cb99 in Item::val_bool_result (this=0x7f1eef8edea8) at /data/src/5.5/sql/item.h:981
 
#14 0x00000000007e52ae in Item_in_optimizer::val_int (this=0x7f1eef907e40) at /data/src/5.5/sql/item_cmpfunc.cc:1791
 
#15 0x00000000007ce787 in Item::save_in_field (this=0x7f1eef907e40, field=0x7f1eef933870, no_conversions=true) at /data/src/5.5/sql/item.cc:6125
 
#16 0x0000000000671e2c in store_key_item::copy_inner (this=0x7f1f002462e0) at /data/src/5.5/sql/sql_select.h:1679
 
#17 0x0000000000671a19 in store_key::copy (this=0x7f1f002462e0) at /data/src/5.5/sql/sql_select.h:1569
 
#18 0x000000000064702a in create_ref_for_key (join=0x7f1eef8ee930, j=0x7f1eef933220, org_keyuse=0x7f1eef890660, allow_full_scan=true, used_tables=4611686018427387905) at /data/src/5.5/sql/sql_select.cc:8147
 
#19 0x0000000000645fc9 in get_best_combination (join=0x7f1eef8ee930) at /data/src/5.5/sql/sql_select.cc:7819
 
#20 0x000000000063c6a5 in make_join_statistics (join=0x7f1eef8ee930, tables_list=..., conds=0x7f1eef908c20, keyuse_array=0x7f1eef8eec48) at /data/src/5.5/sql/sql_select.cc:3832
 
#21 0x000000000063339a in JOIN::optimize (this=0x7f1eef8ee930) at /data/src/5.5/sql/sql_select.cc:1229
 
#22 0x0000000000639d1f in mysql_select (thd=0x7f1ef7b60060, rref_pointer_array=0x7f1ef7b63ce0, tables=0x7f1eef991318, wild_num=1, fields=..., conds=0x7f1eef8ee670, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7f1eef8ee910, unit=0x7f1ef7b63390, select_lex=0x7f1ef7b63a70) at /data/src/5.5/sql/sql_select.cc:3080
 
#23 0x000000000063069a in handle_select (thd=0x7f1ef7b60060, lex=0x7f1ef7b632e0, result=0x7f1eef8ee910, setup_tables_done_option=0) at /data/src/5.5/sql/sql_select.cc:319
 
#24 0x0000000000609b9d in execute_sqlcom_select (thd=0x7f1ef7b60060, all_tables=0x7f1eef991318) at /data/src/5.5/sql/sql_parse.cc:4689
 
#25 0x0000000000602eee in mysql_execute_command (thd=0x7f1ef7b60060) at /data/src/5.5/sql/sql_parse.cc:2234
 
#26 0x000000000060c768 in mysql_parse (thd=0x7f1ef7b60060, rawbuf=0x7f1eef991078 "SELECT * FROM t1\nWHERE NULL IN ( SELECT i2 FROM t2 WHERE i1 IN ( i2 IN ( SELECT i3 FROM t3 ) ) AND i2 = 2 )", length=107, parser_state=0x7f1f00247650) at /data/src/5.5/sql/sql_parse.cc:5934
 
#27 0x000000000060047d in dispatch_command (command=COM_QUERY, thd=0x7f1ef7b60060, packet=0x7f1ef7a06061 "SELECT * FROM t1\nWHERE NULL IN ( SELECT i2 FROM t2 WHERE i1 IN ( i2 IN ( SELECT i3 FROM t3 ) ) AND i2 = 2 ) ", packet_length=108) at /data/src/5.5/sql/sql_parse.cc:1079
 
#28 0x00000000005ff637 in do_command (thd=0x7f1ef7b60060) at /data/src/5.5/sql/sql_parse.cc:793
 
#29 0x00000000007018a3 in do_handle_one_connection (thd_arg=0x7f1ef7b60060) at /data/src/5.5/sql/sql_connect.cc:1270
 
#30 0x0000000000701630 in handle_one_connection (arg=0x7f1ef7b60060) at /data/src/5.5/sql/sql_connect.cc:1186
 
#31 0x0000000000943ad7 in pfs_spawn_thread (arg=0x7f1ef7bffde0) at /data/src/5.5/storage/perfschema/pfs.cc:1015
 
#32 0x00007f1effe8e0a4 in start_thread (arg=0x7f1f00248700) at pthread_create.c:309
 
#33 0x00007f1efe2b487d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111


--source include/have_innodb.inc
 
 
 
CREATE TABLE t1 (i1 INT PRIMARY KEY) ENGINE=InnoDB;
 
INSERT INTO t1 VALUES (1),(2);
 
 
 
CREATE TABLE t2 (i2 INT) ENGINE=InnoDB;
 
 
 
CREATE TABLE t3 (i3 INT PRIMARY KEY) ENGINE=InnoDB;
 
INSERT INTO t3 VALUES (3);
 
 
 
SELECT * FROM t1
 
WHERE NULL IN ( SELECT i2 FROM t2 WHERE i1 IN ( i2 IN ( SELECT i3 FROM t3 ) ) AND i2 = 2 ) ;

5.5.51, 10.0.27, 10.1.17, 10.2.1 are affected.

 Comments   
Comment by Elena Stepanova [ 2017-03-15 ]

Still reproducible as of 5.5.54+ ... 10.2.4+

Comment by Oleksandr Byelkin [ 2017-04-24 ]

OK to push

Comment by Igor Babaev [ 2017-04-25 ]

The fix for this bug was pushed into the 5.5 tree.
The patch should be merged as it is upstream ASAP. This big might cause crashes in
many practical cases.

Generated at Thu Feb 08 07:44:12 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.