[MDEV-16104] Server crash in JOIN::fix_all_splittings_in_plan upon select with view and subqueries Created: 2018-05-07  Updated: 2018-05-09  Resolved: 2018-05-09

Status: Closed
Project: MariaDB Server
Component/s: Optimizer
Affects Version/s: 10.3
Fix Version/s: 10.3.7

Type: Bug Priority: Major
Reporter: Elena Stepanova Assignee: Igor Babaev
Resolution: Fixed Votes: 0
Labels: None


 Description   

Note: if it doesn't crash, try ASAN.

--source include/have_innodb.inc
 
 
 
CREATE TABLE t (f INT PRIMARY KEY) ENGINE=InnoDB;
 
CREATE ALGORITHM=MERGE VIEW v AS SELECT a2.* FROM ( SELECT f, COUNT(*) as c FROM t GROUP BY f ) AS a1 JOIN t AS a2 USING (f);
 
SELECT * FROM ( SELECT STRAIGHT_JOIN  f, COUNT(*) as c FROM v GROUP BY f ) AS s;
 
 
 
# Cleanup
 
DROP VIEW v;
 
DROP TABLE t;

10.3 a22a339f8e04

 
#3  <signal handler called>
 
#4  0x000055dfee65ff95 in JOIN::fix_all_splittings_in_plan (this=0x7fbf80173a08) at /data/src/10.3/sql/opt_split.cc:1136
 
#5  0x000055dfee4b59c3 in JOIN::get_best_combination (this=0x7fbf80173a08) at /data/src/10.3/sql/sql_select.cc:9373
 
#6  0x000055dfee49fa2b in JOIN::optimize_stage2 (this=0x7fbf80173a08) at /data/src/10.3/sql/sql_select.cc:1882
 
#7  0x000055dfee49e0d7 in JOIN::optimize (this=0x7fbf80173a08) at /data/src/10.3/sql/sql_select.cc:1424
 
#8  0x000055dfee413fc5 in mysql_derived_optimize (thd=0x7fbf80000b00, lex=0x7fbf80004890, derived=0x7fbf80171b28) at /data/src/10.3/sql/sql_derived.cc:938
 
#9  0x000055dfee412535 in mysql_handle_single_derived (lex=0x7fbf80004890, derived=0x7fbf80171b28, phases=4) at /data/src/10.3/sql/sql_derived.cc:197
 
#10 0x000055dfee577dae in TABLE_LIST::handle_derived (this=0x7fbf80171b28, lex=0x7fbf80004890, phases=4) at /data/src/10.3/sql/table.cc:8020
 
#11 0x000055dfee435800 in st_select_lex::handle_derived (this=0x7fbf800177e0, lex=0x7fbf80004890, phases=4) at /data/src/10.3/sql/sql_lex.cc:4092
 
#12 0x000055dfee577d6f in TABLE_LIST::handle_derived (this=0x7fbf80015e70, lex=0x7fbf80004890, phases=4) at /data/src/10.3/sql/table.cc:8017
 
#13 0x000055dfee435800 in st_select_lex::handle_derived (this=0x7fbf80014f98, lex=0x7fbf80004890, phases=4) at /data/src/10.3/sql/sql_lex.cc:4092
 
#14 0x000055dfee577d6f in TABLE_LIST::handle_derived (this=0x7fbf80016688, lex=0x7fbf80004890, phases=4) at /data/src/10.3/sql/table.cc:8017
 
#15 0x000055dfee435800 in st_select_lex::handle_derived (this=0x7fbf800050d0, lex=0x7fbf80004890, phases=4) at /data/src/10.3/sql/sql_lex.cc:4092
 
#16 0x000055dfee49fa70 in JOIN::optimize_stage2 (this=0x7fbf801733b8) at /data/src/10.3/sql/sql_select.cc:1885
 
#17 0x000055dfee49f93c in JOIN::optimize_inner (this=0x7fbf801733b8) at /data/src/10.3/sql/sql_select.cc:1861
 
#18 0x000055dfee49e10b in JOIN::optimize (this=0x7fbf801733b8) at /data/src/10.3/sql/sql_select.cc:1431
 
#19 0x000055dfee4a7896 in mysql_select (thd=0x7fbf80000b00, tables=0x7fbf80016688, wild_num=1, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7fbf8001ad20, unit=0x7fbf80004958, select_lex=0x7fbf800050d0) at /data/src/10.3/sql/sql_select.cc:4140
 
#20 0x000055dfee499e52 in handle_select (thd=0x7fbf80000b00, lex=0x7fbf80004890, result=0x7fbf8001ad20, setup_tables_done_option=0) at /data/src/10.3/sql/sql_select.cc:382
 
#21 0x000055dfee4650bd in execute_sqlcom_select (thd=0x7fbf80000b00, all_tables=0x7fbf80016688) at /data/src/10.3/sql/sql_parse.cc:6539
 
#22 0x000055dfee45b81e in mysql_execute_command (thd=0x7fbf80000b00) at /data/src/10.3/sql/sql_parse.cc:3768
 
#23 0x000055dfee468ace in mysql_parse (thd=0x7fbf80000b00, rawbuf=0x7fbf80014d68 "SELECT * FROM ( SELECT STRAIGHT_JOIN  f, COUNT(*) as c FROM v GROUP BY f ) AS s", length=79, parser_state=0x7fbfd4b895d0, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:8001
 
#24 0x000055dfee4562b1 in dispatch_command (command=COM_QUERY, thd=0x7fbf80000b00, packet=0x7fbf80125fd1 "SELECT * FROM ( SELECT STRAIGHT_JOIN  f, COUNT(*) as c FROM v GROUP BY f ) AS s", packet_length=79, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:1846
 
#25 0x000055dfee454cf0 in do_command (thd=0x7fbf80000b00) at /data/src/10.3/sql/sql_parse.cc:1391
 
#26 0x000055dfee5b7ba5 in do_handle_one_connection (connect=0x55dff0c6d1f0) at /data/src/10.3/sql/sql_connect.cc:1402
 
#27 0x000055dfee5b7932 in handle_one_connection (arg=0x55dff0c6d1f0) at /data/src/10.3/sql/sql_connect.cc:1308
 
#28 0x000055dfeea3ba99 in pfs_spawn_thread (arg=0x55dff0c75670) at /data/src/10.3/storage/perfschema/pfs.cc:1862
 
#29 0x00007fbfdd51a494 in start_thread (arg=0x7fbfd4b8a700) at pthread_create.c:333
 
#30 0x00007fbfdb90093f in clone () from /lib/x86_64-linux-gnu/libc.so.6

10.3 ASAN a22a339f8e0

 
ASAN:SIGSEGV
 
=================================================================
 
==19736==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x55d2f8a63002 sp 0x7f5c029fff50 bp 0x7f5c029fff90 T27)
 
    #0 0x55d2f8a63001 in JOIN::fix_all_splittings_in_plan() /data/src/10.3/sql/opt_split.cc:1136
 
    #1 0x55d2f866fe37 in JOIN::get_best_combination() /data/src/10.3/sql/sql_select.cc:9373
 
    #2 0x55d2f86372c2 in JOIN::optimize_stage2() /data/src/10.3/sql/sql_select.cc:1882
 
    #3 0x55d2f8632fe7 in JOIN::optimize() /data/src/10.3/sql/sql_select.cc:1424
 
    #4 0x55d2f84ee696 in mysql_derived_optimize(THD*, LEX*, TABLE_LIST*) /data/src/10.3/sql/sql_derived.cc:938
 
    #5 0x55d2f84ea450 in mysql_handle_single_derived(LEX*, TABLE_LIST*, unsigned int) /data/src/10.3/sql/sql_derived.cc:197
 
    #6 0x55d2f885e6c2 in TABLE_LIST::handle_derived(LEX*, unsigned int) /data/src/10.3/sql/table.cc:8020
 
    #7 0x55d2f854706e in st_select_lex::handle_derived(LEX*, unsigned int) /data/src/10.3/sql/sql_lex.cc:4092
 
    #8 0x55d2f885e66f in TABLE_LIST::handle_derived(LEX*, unsigned int) /data/src/10.3/sql/table.cc:8017
 
    #9 0x55d2f854706e in st_select_lex::handle_derived(LEX*, unsigned int) /data/src/10.3/sql/sql_lex.cc:4092
 
    #10 0x55d2f885e66f in TABLE_LIST::handle_derived(LEX*, unsigned int) /data/src/10.3/sql/table.cc:8017
 
    #11 0x55d2f854706e in st_select_lex::handle_derived(LEX*, unsigned int) /data/src/10.3/sql/sql_lex.cc:4092
 
    #12 0x55d2f863737d in JOIN::optimize_stage2() /data/src/10.3/sql/sql_select.cc:1885
 
    #13 0x55d2f8637040 in JOIN::optimize_inner() /data/src/10.3/sql/sql_select.cc:1861
 
    #14 0x55d2f863309b in JOIN::optimize() /data/src/10.3/sql/sql_select.cc:1431
 
    #15 0x55d2f864d011 in mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/10.3/sql/sql_select.cc:4140
 
    #16 0x55d2f862870b in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.3/sql/sql_select.cc:382
 
    #17 0x55d2f85ab02a in execute_sqlcom_select /data/src/10.3/sql/sql_parse.cc:6539
 
    #18 0x55d2f85994a0 in mysql_execute_command(THD*) /data/src/10.3/sql/sql_parse.cc:3768
 
    #19 0x55d2f85b35b8 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.3/sql/sql_parse.cc:8001
 
    #20 0x55d2f858de5e in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.3/sql/sql_parse.cc:1846
 
    #21 0x55d2f858aef5 in do_command(THD*) /data/src/10.3/sql/sql_parse.cc:1391
 
    #22 0x55d2f88f3c68 in do_handle_one_connection(CONNECT*) /data/src/10.3/sql/sql_connect.cc:1402
 
    #23 0x55d2f88f367d in handle_one_connection /data/src/10.3/sql/sql_connect.cc:1308
 
    #24 0x55d2f93f83db in pfs_spawn_thread /data/src/10.3/storage/perfschema/pfs.cc:1862
 
    #25 0x7f5c0e324493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
 
    #26 0x7f5c0c70a93e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e)
 
 
 
AddressSanitizer can not provide additional info.
 
SUMMARY: AddressSanitizer: SEGV /data/src/10.3/sql/opt_split.cc:1136 JOIN::fix_all_splittings_in_plan()
 
Thread T27 created by T0 here:
 
    #0 0x7f5c0e55dbba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)
 
    #1 0x55d2f93f89a3 in spawn_thread_v1 /data/src/10.3/storage/perfschema/pfs.cc:1912
 
    #2 0x55d2f82fc96e in inline_mysql_thread_create /data/src/10.3/include/mysql/psi/mysql_thread.h:1268
 
    #3 0x55d2f8312693 in create_thread_to_handle_connection(CONNECT*) /data/src/10.3/sql/mysqld.cc:6554
 
    #4 0x55d2f8312d98 in create_new_thread /data/src/10.3/sql/mysqld.cc:6624
 
    #5 0x55d2f8313da9 in handle_connections_sockets() /data/src/10.3/sql/mysqld.cc:6899
 
    #6 0x55d2f8311b50 in mysqld_main(int, char**) /data/src/10.3/sql/mysqld.cc:6176
 
    #7 0x55d2f82fad0f in main /data/src/10.3/sql/main.cc:25
 
    #8 0x7f5c0c6422b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
 
 
 
==19736==ABORTING



 Comments   
Comment by Igor Babaev [ 2018-05-09 ]

A fix for this bug was pushed into 10.3

Generated at Thu Feb 08 08:26:24 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.