[MDEV-19132] Strange combination of JOIN with NULL crash the server Created: 2019-04-02  Updated: 2023-04-27

Status: Confirmed
Project: MariaDB Server
Component/s: Data Manipulation - Subquery, Platform RedHat, Platform Windows, Server, Storage Engine - InnoDB
Affects Version/s: 10.3.11, 10.3.12, 10.3.13, 10.3, 10.4, 10.5
Fix Version/s: 10.4, 10.5

Type: Bug Priority: Major
Reporter: David Rodrigues Assignee: Igor Babaev
Resolution: Unresolved Votes: 1
Labels: crash, innodb
Environment:

CentOS 6.10 x64, Windows 10 x64

Attachments: File my.err    
Issue Links:
Duplicate
is duplicated by MDEV-21575 Server crashes with SIGSEGV during SE... Closed
Relates
relates to MDEV-18479 Assertion `join->best_read < double(1... Closed
relates to MDEV-18980 Assertion `join->best_read < double(1... Stalled
relates to MDEV-21883 Server crashes when joining a subsele... Closed

 Description   

I had updated from MariaDB 10.1.38 to MariaDB 10.3.13 via WHM. In the process it updated to MariaDB 10.2.23 first. After the process ends, a single application has bugged. After dig a lot I discover what happen, but not why.

Run this code:

# SETUP
 
CREATE TABLE IF NOT EXISTS `test` (
 
    `id` INT(10) UNSIGNED NOT NULL,
 
    PRIMARY KEY (`id`)
 
)
 
ENGINE=InnoDB;
 
 
 
# CRASHER CODE
 
SELECT test.id
 
FROM   test
 
 
 
LEFT JOIN test AS join2
 
     LEFT JOIN test AS join3
 
             LEFT JOIN test AS join4
 
                  ON NULL AND
 
                     join4.id
 
          ON FALSE
 
     ON FALSE
 
 
 
LEFT JOIN test AS join1
 
     ON FALSE;
 
 
 
# CLEAN
 
DROP TABLE `test`;

The original query is very long, so I tried to simplificate this test case to the best that as I could.

If you run this code the server will crash with the following error:

SQL Error (2013): Lost connection to MySQL server during query

And the my.err will be (full log is attached):

Thread pointer: 0x151f73f5d98
 
mysqld.exe!JOIN::fix_all_splittings_in_plan()[opt_split.cc:1152]
 
mysqld.exe!JOIN::optimize_inner()[sql_select.cc:1905]
 
mysqld.exe!JOIN::optimize()[sql_select.cc:1453]
 
mysqld.exe!mysql_select()[sql_select.cc:4225]
 
mysqld.exe!handle_select()[sql_select.cc:373]
 
mysqld.exe!execute_sqlcom_select()[sql_parse.cc:6551]
 
mysqld.exe!mysql_execute_command()[sql_parse.cc:3772]

I just run the server with: mysqld without any additional parameters.

I did it based on my original code that crashes, so please consider the following changes (I did it to simplificate, but crashes happen anyway):

  • The original code have five tables and is used at ON clauses to make sense. But set all ON to FALSE still will crashes;
  • The original code have only a single AS because the join1 and join2 tables are the same. All other tables are not aliases because are differents tables;

I did a lot of tests based on this simplified code that solves the crash, but will change the behaviour of query:

  • Dropping the PRIMARY_KEY from id will solve;
  • Dropping any JOIN or unwrapper it will solve;
  • Dropping NULL AND will solve;
  • Replacing NULL AND with NULL OR will solve;
  • Replacing join4.id to join3.id will solve;
  • Replacing NULL with any other value will solve;
  • Moving join1 over join2 will solve;
  • Moving join1 to inside of join2, join3 or join4 will solve;
  • Moving join2, join3 or join4 to inside of join1 will solve;
  • Using other engines than not InnoDB or MRG_MyISAM will solve;
  • Adding parentheses to JOIN will not solve;
  • Adding PRIMARY_KEY to id will not solve;
  • Swapping join4.id with NULL will not solve;
  • Replacing NULL with NOT NULL will not solve;

I test some previous versions, and the problems starts in MariaDB 10.3.11 and still affects MariaDB 10.3.12 and MariaDB 10.3.13 (current).

Actually, the problem seems to be related with the `NULL AND`. For some reason it crashes the server.

 Comments   
Comment by David Rodrigues [ 2019-04-02 ]

Maybe related to MDEV-18467, and possibly fixed with https://github.com/MariaDB/server/commit/8f4de38f65ba89c6273c15c9adb50ab762d03f59. Someone can confirm it for me?

Comment by Alice Sherepa [ 2019-04-02 ]

Thanks a lot for the report and test case.
Reproducible on current 10.3-10.4, with InnoDB, not with MyIsam

10.3 7b42d892de6acc04490f5c

 
Version: '10.3.14-MariaDB-debug-log' 
mysqld: /10.3/sql/sql_select.cc:8022: bool greedy_search(JOIN*, table_map, uint, uint, uint): Assertion `join->best_read < double(1.79769313486231570815e+308L)' failed.
 
190402 11:53:57 [ERROR] mysqld got signal 6 ;
 
 
 
linux/raise.c:54(__GI_raise)[0x7fc79fae802a]
 
stdlib/abort.c:91(__GI_abort)[0x7fc79fadebd7]
 
assert/assert.c:92(__assert_fail_base)[0x7fc79fadec82]
 
/10.3/sql/mysqld(+0x108d876)[0x555a8c8a8876]
 
/10.3/sql/mysqld(_Z11choose_planP4JOINy+0x532)[0x555a8c8a6b3f]
 
/10.3/sql/mysqld(+0x107a55b)[0x555a8c89555b]
 
sql/sql_select.cc:8024(greedy_search(JOIN*, unsigned long long, unsigned int, unsigned int, unsigned int))[0x555a8c877ad0]
 
sql/sql_select.cc:7592(choose_plan(JOIN*, unsigned long long))[0x555a8c873838]
 
sql/sql_select.cc:5085(make_join_statistics(JOIN*, List<TABLE_LIST>&, st_dynamic_array*))[0x555a8c88dae9]
 
sql/sql_select.cc:1888(JOIN::optimize_inner())[0x555a8c86907f]
 
sql/sql_select.cc:1451(JOIN::optimize())[0x555a8c7efdba]
 
sql/sql_select.cc:4225(mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x555a8c7de913]
 
sql/sql_select.cc:385(handle_select(THD*, LEX*, select_result*, unsigned long))[0x555a8c7f873a]
 
sql/sql_parse.cc:6548(execute_sqlcom_select(THD*, TABLE_LIST*))[0x555a8c7d325b]
 
sql/sql_parse.cc:3821(mysql_execute_command(THD*))[0x555a8c7d03c1]
 
sql/sql_parse.cc:8091(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x555a8cb255ec]
 
sql/sql_parse.cc:1859(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x555a8cb24fc9]
 
sql/sql_parse.cc:1403(do_command(THD*))[0x555a8de58161]
 
/lib/x86_64-linux-gnu/libpthread.so.0(+0x76ba)[0x7fc7a07236ba]
 
x86_64/clone.S:111(clone)[0x7fc79fbb841d]
 
 
 
Query (0x62b000000288): SELECT test.id FROM test LEFT JOIN test AS join2 LEFT JOIN test AS join3 LEFT JOIN test AS join4 ON NULL AND join4.id ON FALSE ON FALSE LEFT JOIN test AS join1 ON FALSE

Generated at Thu Feb 08 08:49:18 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.