[MDEV-14777] Crash in MariaDB 10.2.12 on query using VIEW and WITH RECURSIVE Created: 2017-12-26  Updated: 2020-08-25  Resolved: 2018-01-05

Status: Closed
Project: MariaDB Server
Component/s: Optimizer - CTE
Affects Version/s: 10.2
Fix Version/s: 10.2.12

Type: Bug Priority: Critical
Reporter: Chris Calender (Inactive) Assignee: Igor Babaev
Resolution: Fixed Votes: 0
Labels: None

Issue Links:
Relates
relates to MDEV-14755 Crash when executing prepared stateme... Closed

 Description    

171222 16:39:49 [ERROR] mysqld got signal 11 ;
 
This could be because you hit a bug. It is also possible that this binary
 
or one of the libraries it was linked against is corrupt, improperly built,
 
or misconfigured. This error can also be caused by malfunctioning hardware.
 
 
 
To report this bug, see https://mariadb.com/kb/en/reporting-bugs
 
 
 
We will try our best to scrape up some info that will hopefully help
 
diagnose the problem, but since we have already crashed, 
something is definitely wrong and this may fail.
 
 
 
Server version: 10.2.12-MariaDB-log
 
key_buffer_size=67108864
 
read_buffer_size=131072
 
max_used_connections=278
 
max_threads=2002
 
thread_count=284
 
It is possible that mysqld could use up to 
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 4465362 K  bytes of memory
 
Hope that's ok; if not, decrease some variables in the equation.
 
 
 
Thread pointer: 0x55c509602008
 
Attempting backtrace. You can use the following information to find out
 
where mysqld died. If you see no messages after this, something went
 
terribly wrong...
 
stack_bottom = 0x7efc135ffd30 thread_stack 0x40000
 
(my_addr_resolve failure: fork)
 
/usr/sbin/mysqld(my_print_stacktrace+0x2e) [0x55c2ca94b01e]
 
/usr/sbin/mysqld(handle_fatal_signal+0x30d) [0x55c2ca3e095d]
 
/lib64/libpthread.so.0(+0xf5e0) [0x7f10af1635e0]
 
/usr/sbin/mysqld(SQL_SELECT::cleanup()+0x17) [0x55c2ca4ebc47]
 
/usr/sbin/mysqld(st_join_table::cleanup()+0x2e) [0x55c2ca25cc3e]
 
/usr/sbin/mysqld(JOIN::cleanup(bool)+0x368) [0x55c2ca25d2a8]
 
/usr/sbin/mysqld(JOIN::destroy()+0x46) [0x55c2ca25d716]
 
/usr/sbin/mysqld(st_select_lex::cleanup()+0x60) [0x55c2ca2b53d0]
 
/usr/sbin/mysqld(subselect_single_select_engine::prepare(THD*)+0x44) [0x55c2ca490304]
 
/usr/sbin/mysqld(Item_subselect::fix_fields(THD*, Item**)+0xd4) [0x55c2ca48fd34]
 
/usr/sbin/mysqld(Item_in_subselect::fix_fields(THD*, Item**)+0x81) [0x55c2ca490051]
 
/usr/sbin/mysqld(Item_cond::fix_fields(THD*, Item**)+0x108) [0x55c2ca413b98]
 
/usr/sbin/mysqld(setup_conds(THD*, TABLE_LIST*, List<TABLE_LIST>&, Item**)+0x18b) [0x55c2ca1d4d9b]
 
/usr/sbin/mysqld(JOIN::prepare(TABLE_LIST*, unsigned int, Item*, unsigned int, st_order*, bool, st_order*, Item*, st_order*, st_select_lex*, st_select_lex_unit*)+0x46a) [0x55c2ca26644a]
 
/usr/sbin/mysqld(st_select_lex_unit::prepare_join(THD*, st_select_lex*, select_result*, unsigned long, bool)+0xf0) [0x55c2ca2b2f70]
 
/usr/sbin/mysqld(st_select_lex_unit::prepare(THD*, select_result*, unsigned long)+0x4cb) [0x55c2ca2b5b1b]
 
/usr/sbin/mysqld(mysql_derived_prepare(THD*, LEX*, TABLE_LIST*)+0x2c4) [0x55c2ca1f2a44]
 
/usr/sbin/mysqld(mysql_handle_single_derived(LEX*, TABLE_LIST*, unsigned int)+0xe4) [0x55c2ca1f37e4]
 
/usr/sbin/mysqld(st_select_lex::handle_derived(LEX*, unsigned int)+0x47) [0x55c2ca2096e7]
 
/usr/sbin/mysqld(TABLE_LIST::handle_derived(LEX*, unsigned int)+0x57) [0x55c2ca2ce617]
 
/usr/sbin/mysqld(st_select_lex::handle_derived(LEX*, unsigned int)+0x47) [0x55c2ca2096e7]
 
/usr/sbin/mysqld(TABLE_LIST::handle_derived(LEX*, unsigned int)+0x57) [0x55c2ca2ce617]
 
/usr/sbin/mysqld(st_select_lex::handle_derived(LEX*, unsigned int)+0x47) [0x55c2ca2096e7]
 
/usr/sbin/mysqld(TABLE_LIST::handle_derived(LEX*, unsigned int)+0x57) [0x55c2ca2ce617]
 
/usr/sbin/mysqld(st_select_lex::handle_derived(LEX*, unsigned int)+0x47) [0x55c2ca2096e7]
 
/usr/sbin/mysqld(TABLE_LIST::handle_derived(LEX*, unsigned int)+0x57) [0x55c2ca2ce617]
 
/usr/sbin/mysqld(st_select_lex::handle_derived(LEX*, unsigned int)+0x47) [0x55c2ca2096e7]
 
/usr/sbin/mysqld(TABLE_LIST::handle_derived(LEX*, unsigned int)+0x57) [0x55c2ca2ce617]
 
/usr/sbin/mysqld(st_select_lex::handle_derived(LEX*, unsigned int)+0x47) [0x55c2ca2096e7]
 
/usr/sbin/mysqld(JOIN::prepare(TABLE_LIST*, unsigned int, Item*, unsigned int, st_order*, bool, st_order*, Item*, st_order*, st_select_lex*, st_select_lex_unit*)+0xca) [0x55c2ca2660aa]
 
/usr/sbin/mysqld(mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*)+0x91a) [0x55c2ca2758aa]
 
/usr/sbin/mysqld(handle_select(THD*, LEX*, select_result*, unsigned long)+0x15e) [0x55c2ca275b1e]
 
/usr/sbin/mysqld(+0x484129) [0x55c2ca13f129]
 
/usr/sbin/mysqld(mysql_execute_command(THD*)+0x6eaa) [0x55c2ca224d8a]
 
/usr/sbin/mysqld(Prepared_statement::execute(String*, bool)+0x4de) [0x55c2ca239f0e]
 
/usr/sbin/mysqld(+0x57f09f) [0x55c2ca23a09f]
 
/usr/sbin/mysqld(+0x57fde7) [0x55c2ca23ade7]
 
/usr/sbin/mysqld(mysqld_stmt_execute(THD*, char*, unsigned int)+0x27) [0x55c2ca23ae77]
 
/usr/sbin/mysqld(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool)+0x14c5) [0x55c2ca229565]
 
/usr/sbin/mysqld(do_command(THD*)+0x149) [0x55c2ca22ad79]
 
/usr/sbin/mysqld(do_handle_one_connection(CONNECT*)+0x1aa) [0x55c2ca2f0e5a]
 
/usr/sbin/mysqld(handle_one_connection+0x3d) [0x55c2ca2f0f7d]
 
/lib64/libpthread.so.0(+0x7e25) [0x7f10af15be25]
 
/lib64/libc.so.6(clone+0x6d) [0x7f10ad7ae34d]
 
 
 
Trying to get some variables.
 
Some pointers may be invalid and cause the dump to abort.
 
Query (0x55c56c9d36b0): select ........
 
Connection ID (thread ID): 640379
 
Status: NOT_KILLED



 Comments   
Comment by Igor Babaev [ 2017-12-27 ]

Most probably the cause of this bug is the same as for the bug MDEV-14755.

Comment by Alice Sherepa [ 2017-12-28 ]

I can not reproduce with exactly the same stack in release version, but in debug version - there is
assirtion: sql_base.cc:862: void close_thread_table(THD*, TABLE**): Assertion `!table->file->keyread_enabled()' failed.
It is different assirtion, then in MDEV-14755 , but it looks like it was fixed also after the same commit bbb8c9d7731086 by Igor Babaev

testcase: 

--source include/have_sequence.inc
 
 
 
CREATE TABLE t1 (`i1` int NOT NULL, `i2` int);
 
CREATE TABLE t2 (`d1` int NOT NULL PRIMARY KEY);
 
CREATE TABLE t3 ( `i` int );
 
 
 
insert into t1 select seq,seq from seq_1_to_100000;
 
insert into t2 select seq from  seq_1000_to_100000;
 
insert into t3 select seq from seq_1_to_1000;
 
 
 
SELECT  * FROM (
 
    SELECT * FROM (
 
        WITH RECURSIVE rt AS
 
        (SELECT i2 P, i1 C FROM t1 WHERE i1 IN (SELECT d1 FROM t2)
 
          UNION 
         SELECT t1.i2 P, rt.C C FROM t1, rt )
 
          SELECT  C , P FROM  ( SELECT  P, C FROM rt WHERE NOT EXISTS (SELECT 1 FROM t1 )) Y) X WHERE 1 = 1) K, t3 ;
 
 
 
 drop table t1,t2,t3;
 
 

Thread 1 (Thread 0x7f5c05e61700 (LWP 21757)):
 
#0  __pthread_kill (threadid=<optimized out>, signo=6) at ../sysdeps/unix/sysv/linux/pthread_kill.c:62
 
#1  0x0000558d9fbc053a in my_write_core (sig=6) at /home/alice/git/exp/10.2/mysys/stacktrace.c:477
 
#2  0x0000558d9f450a3a in handle_fatal_signal (sig=6) at /home/alice/git/exp/10.2/sql/signal_handler.cc:303
 
#3  <signal handler called>
 
#4  0x00007f5c0bb8e428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
 
#5  0x00007f5c0bb9002a in __GI_abort () at abort.c:89
 
#6  0x00007f5c0bb86bd7 in __assert_fail_base (fmt=<optimized out>, assertion=assertion@entry=0x558d9fc6ec50 "!table->file->keyread_enabled()", file=file@entry=0x558d9fc6e950 "/home/alice/git/exp/10.2/sql/sql_base.cc", line=line@entry=862, function=function@entry=0x558d9fc704c0 <close_thread_table(THD*, TABLE**)::__PRETTY_FUNCTION__> "void close_thread_table(THD*, TABLE**)") at assert.c:92
 
#7  0x00007f5c0bb86c82 in __GI___assert_fail (assertion=0x558d9fc6ec50 "!table->file->keyread_enabled()", file=0x558d9fc6e950 "/home/alice/git/exp/10.2/sql/sql_base.cc", line=862, function=0x558d9fc704c0 <close_thread_table(THD*, TABLE**)::__PRETTY_FUNCTION__> "void close_thread_table(THD*, TABLE**)") at assert.c:101
 
#8  0x0000558d9f16d170 in close_thread_table (thd=0x7f5bf4000b00, table_ptr=0x7f5bf4000bc0) at /home/alice/git/exp/10.2/sql/sql_base.cc:862
 
#9  0x0000558d9f16d07b in close_thread_tables (thd=0x7f5bf4000b00) at /home/alice/git/exp/10.2/sql/sql_base.cc:848
 
#10 0x0000558d9f1ea5ac in mysql_execute_command (thd=0x7f5bf4000b00) at /home/alice/git/exp/10.2/sql/sql_parse.cc:6283
 
#11 0x0000558d9f1eebff in mysql_parse (thd=0x7f5bf4000b00, rawbuf=0x7f5bf40124e8 "explain extended SELECT ALIAS1.GPIN,ALIAS1.TDS_CUST_ID \nFROM CIBP_TDS_VW_GLCIN_GPIN_REL ALIAS1 \nWHERE ALIAS1.TDS_CUST_ID='341644' \nORDER BY GPIN  LIMIT 20 OFFSET 0", length=163, parser_state=0x7f5c05e60200, is_com_multi=false, is_next_command=false) at /home/alice/git/exp/10.2/sql/sql_parse.cc:7900
 
#12 0x0000558d9f1dc814 in dispatch_command (command=COM_QUERY, thd=0x7f5bf4000b00, packet=0x7f5bf416bc11 "", packet_length=164, is_com_multi=false, is_next_command=false) at /home/alice/git/exp/10.2/sql/sql_parse.cc:1805
 
#13 0x0000558d9f1db16b in do_command (thd=0x7f5bf4000b00) at /home/alice/git/exp/10.2/sql/sql_parse.cc:1360
 
#14 0x0000558d9f328b3c in do_handle_one_connection (connect=0x558da1a39ed0) at /home/alice/git/exp/10.2/sql/sql_connect.cc:1335
 
#15 0x0000558d9f3288bc in handle_one_connection (arg=0x558da1a39ed0) at /home/alice/git/exp/10.2/sql/sql_connect.cc:1241
 
#16 0x0000558d9f6859dc in pfs_spawn_thread (arg=0x558da1984e60) at /home/alice/git/exp/10.2/storage/perfschema/pfs.cc:1863
 
#17 0x00007f5c0c7cb6ba in start_thread (arg=0x7f5c05e61700) at pthread_create.c:333
 
#18 0x00007f5c0bc603dd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Comment by Igor Babaev [ 2018-01-05 ]

Added the test case from mdev-14777.
The cause of this crash was the same as of the crash reported in mdev-14755

Generated at Thu Feb 08 08:16:12 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.