[MDEV-17453] Crash during optimization for insert or create table with select Created: 2018-10-15  Updated: 2018-10-16  Resolved: 2018-10-16

Status: Closed
Project: MariaDB Server
Component/s: Optimizer
Affects Version/s: 10.3.8
Fix Version/s: 10.3.10

Type: Bug Priority: Major
Reporter: Wataru Matsumoto Assignee: Unassigned
Resolution: Fixed Votes: 0
Labels: None
Environment:

RedHat-6.5

Attachments: Text File stacktrace.txt    

 Description   

Following query causes the crash during optimization.

create table t1 (f1 int,f2 int, primary key (f1));
 
insert into t1 values(1,10),(2,20);
 
 
 
create table t2 (f1 int,f3 int, primary key (f1));
 
insert into t2 values(1,100),(2,200);
 
 
 
create table t3 (f1 int ,f2 int ,f3 int, primary key(f1,f2) );
 
insert into t3 values (1,10,100),(2,20,200);
 
 
 
create temporary table temp
 
(
 
select * from
 
(select  A.f1
 
   from  
     ( select f1 , f3   from t3 where  f2 in 
       ( select  t2.f3  from t1  ,t2  
          where  t1.f1 = t2.f1 ) 
       group by f1  ) A  ,
 
       t3     
 where  t3.f1=A.f1 
 group by A.f1) D
 
 ) ;

The crash happens on creating (temporary) table or inserting the data.
Select itself does not cause the crash.

 Comments   
Comment by Elena Stepanova [ 2018-10-15 ]

Thanks for the report and test case. The crash is still reproducible on 10.3.9, but not on 10.3.10. I could only find out that it was gone with the 10.2->10.3 merge 7830fb7f45b3824c0375c00ae2cab357165904cf, but not sure which exact commit fixed it.

sxsns243, could you please try to upgrade to 10.3.10 and make sure that it resolves the problem?

10.3 b805ebd7ed49868f83e6fd3fe72a11ddacdce452 ASAN build - latest revision where the crash is observed

 
==32104==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x5640671592b7 sp 0x7efffd6b2900 bp 0x7efffd6b2aa0 T27)
 
    #0 0x5640671592b6 in JOIN::add_keyuses_for_splitting() /data/src/10.3-bug/sql/opt_split.cc:759
 
    #1 0x564066abd6af in make_join_statistics /data/src/10.3-bug/sql/sql_select.cc:4845
 
    #2 0x564066e720cb in JOIN::optimize_inner() /data/src/10.3-bug/sql/sql_select.cc:1888
 
    #3 0x564066e731b4 in JOIN::optimize() /data/src/10.3-bug/sql/sql_select.cc:1448
 
    #4 0x564066ca6e8e in mysql_derived_optimize(THD*, LEX*, TABLE_LIST*) /data/src/10.3-bug/sql/sql_derived.cc:935
 
    #5 0x564066ca54b2 in mysql_handle_single_derived(LEX*, TABLE_LIST*, unsigned int) /data/src/10.3-bug/sql/sql_derived.cc:197
 
    #6 0x564066cfe721 in st_select_lex::handle_derived(LEX*, unsigned int) /data/src/10.3-bug/sql/sql_lex.cc:4073
 
    #7 0x564066e715c4 in JOIN::optimize_inner() /data/src/10.3-bug/sql/sql_select.cc:1720
 
    #8 0x564066e731b4 in JOIN::optimize() /data/src/10.3-bug/sql/sql_select.cc:1448
 
    #9 0x564066e7b714 in mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/10.3-bug/sql/sql_select.cc:4213
 
    #10 0x564066e7c1fb in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.3-bug/sql/sql_select.cc:382
 
    #11 0x564066d6b444 in mysql_execute_command(THD*) /data/src/10.3-bug/sql/sql_parse.cc:4241
 
    #12 0x564066d706d8 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.3-bug/sql/sql_parse.cc:8089
 
    #13 0x564066d776e7 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.3-bug/sql/sql_parse.cc:1850
 
    #14 0x564066d79846 in do_command(THD*) /data/src/10.3-bug/sql/sql_parse.cc:1395
 
    #15 0x56406701eae7 in do_handle_one_connection(CONNECT*) /data/src/10.3-bug/sql/sql_connect.cc:1402
 
    #16 0x56406701efea in handle_one_connection /data/src/10.3-bug/sql/sql_connect.cc:1308
 
    #17 0x5640679affa6 in pfs_spawn_thread /data/src/10.3-bug/storage/perfschema/pfs.cc:1862
 
    #18 0x7f0008e31493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
 
    #19 0x7f000721793e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e)

Comment by Wataru Matsumoto [ 2018-10-16 ]

Thank you for checking.
I confirmed it's fixed in 10.3.10.

Generated at Thu Feb 08 08:36:35 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.