[MDEV-22825] Server crashes in Bitmap<64u>::merge / add_key_field with condition_pushdown_for_subquery=on Created: 2020-06-07  Updated: 2023-11-28

Status: Confirmed
Project: MariaDB Server
Component/s: Optimizer
Affects Version/s: 10.4, 10.5, 10.6, 10.7, 10.8
Fix Version/s: 10.4, 10.5, 10.6, 10.11, 11.0, 11.1

Type: Bug Priority: Major
Reporter: Elena Stepanova Assignee: Igor Babaev
Resolution: Unresolved Votes: 0
Labels: None

Issue Links:
Relates
relates to MDEV-28509 Server crash via Item_func_ne::add_ke... In Review
relates to MDEV-29017 SIGSEGV in Bitmap<64u>::merge on SELECT Confirmed
relates to MDEV-32085 Server crash in add_key_field Closed

 Description    

SET optimizer_switch= 'condition_pushdown_for_subquery=on';
 
 
 
CREATE TABLE t1 (f1 INT);
 
INSERT INTO t1 VALUES (1),(2);
 
CREATE TABLE t2 (f2 INT);
 
INSERT INTO t1 VALUES (3),(4);
 
 
 
SELECT * FROM t1, t2 WHERE f2 IN ( SELECT f1 FROM t1 HAVING f1 = 5 ) AND f1 = 6 AND ( 0 OR f1 = f2 );
 
 
 
# Cleanup
 
DROP TABLE t1, t2;

10.4 c7a2fb1e

 
#3  <signal handler called>
 
#4  0x0000562084daa6f6 in Bitmap<64u>::merge (this=0x190, map2=...) at /data/src/10.4/sql/sql_bitmap.h:341
 
#5  0x0000562084d6be6a in add_key_field (join=0x7f46040181a8, key_fields=0x7f4616034df8, and_level=0, cond=0x7f4604072d78, field=0x7f460406a8c0, eq_func=true, value=0x7f4616034d18, num_values=1, usable_tables=18446744073709551615, sargables=0x7f4616034f58, row_col_no=0) at /data/src/10.4/sql/sql_select.cc:5933
 
#6  0x0000562084d6d380 in Item_equal::add_key_fields (this=0x7f4604072d78, join=0x7f46040181a8, key_fields=0x7f4616034df8, and_level=0x7f4616034de8, usable_tables=18446744073709551615, sargables=0x7f4616034f58) at /data/src/10.4/sql/sql_select.cc:6379
 
#7  0x0000562084d6e744 in update_ref_and_keys (thd=0x7f4604000af0, keyuse=0x7f4604018498, join_tab=0x7f46040730c8, tables=1, cond=0x7f4604072d78, normal_tables=18446744073709551615, select_lex=0x7f4604014788, sargables=0x7f4616034f58) at /data/src/10.4/sql/sql_select.cc:6807
 
#8  0x0000562084d68de6 in make_join_statistics (join=0x7f46040181a8, tables_list=..., keyuse_array=0x7f4604018498) at /data/src/10.4/sql/sql_select.cc:5063
 
#9  0x0000562084d5ed4c in JOIN::optimize_inner (this=0x7f46040181a8) at /data/src/10.4/sql/sql_select.cc:2260
 
#10 0x0000562084d5c68c in JOIN::optimize (this=0x7f46040181a8) at /data/src/10.4/sql/sql_select.cc:1607
 
#11 0x000056208514a3b9 in Item_in_subselect::optimize (this=0x7f4604016010, out_rows=0x7f4616035388, cost=0x7f4616035390) at /data/src/10.4/sql/item_subselect.cc:784
 
#12 0x0000562084f03653 in setup_jtbm_semi_joins (join=0x7f4604017790, join_list=0x7f4604013488, eq_list=...) at /data/src/10.4/sql/opt_subselect.cc:6254
 
#13 0x0000562084d5e174 in JOIN::optimize_inner (this=0x7f4604017790) at /data/src/10.4/sql/sql_select.cc:2054
 
#14 0x0000562084d5c68c in JOIN::optimize (this=0x7f4604017790) at /data/src/10.4/sql/sql_select.cc:1607
 
#15 0x0000562084d67b34 in mysql_select (thd=0x7f4604000af0, tables=0x7f4604013888, wild_num=1, fields=..., conds=0x7f4604016660, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7f4604017768, unit=0x7f4604004a18, select_lex=0x7f46040132c8) at /data/src/10.4/sql/sql_select.cc:4670
 
#16 0x0000562084d576b0 in handle_select (thd=0x7f4604000af0, lex=0x7f4604004958, result=0x7f4604017768, setup_tables_done_option=0) at /data/src/10.4/sql/sql_select.cc:422
 
#17 0x0000562084d1e1da in execute_sqlcom_select (thd=0x7f4604000af0, all_tables=0x7f4604013888) at /data/src/10.4/sql/sql_parse.cc:6360
 
#18 0x0000562084d14867 in mysql_execute_command (thd=0x7f4604000af0) at /data/src/10.4/sql/sql_parse.cc:3898
 
#19 0x0000562084d22187 in mysql_parse (thd=0x7f4604000af0, rawbuf=0x7f4604013198 "SELECT * FROM t1, t2 WHERE f2 IN ( SELECT f1 FROM t1 HAVING f1 = 5 ) AND f1 = 6 AND ( 0 OR f1 = f2 )", length=100, parser_state=0x7f4616036570, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:7901
 
#20 0x0000562084d0e711 in dispatch_command (command=COM_QUERY, thd=0x7f4604000af0, packet=0x7f46040083a1 "SELECT * FROM t1, t2 WHERE f2 IN ( SELECT f1 FROM t1 HAVING f1 = 5 ) AND f1 = 6 AND ( 0 OR f1 = f2 )", packet_length=100, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:1842
 
#21 0x0000562084d0ceb3 in do_command (thd=0x7f4604000af0) at /data/src/10.4/sql/sql_parse.cc:1360
 
#22 0x0000562084e959b0 in do_handle_one_connection (connect=0x562087568cf0) at /data/src/10.4/sql/sql_connect.cc:1412
 
#23 0x0000562084e956ff in handle_one_connection (arg=0x562087568cf0) at /data/src/10.4/sql/sql_connect.cc:1316
 
#24 0x0000562085893b75 in pfs_spawn_thread (arg=0x562087584870) at /data/src/10.4/storage/perfschema/pfs.cc:1869
 
#25 0x00007f461de154a4 in start_thread (arg=0x7f4616037700) at pthread_create.c:456
 
#26 0x00007f461bf49d0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97

Reproducible on 10.4, 10.5, release- and debug builds alike, with at least MyISAM, InnoDB, Aria.

EXPLAIN also crashes.

The failure appeared in 10.4 tree after this commit:

commit 1c97cd339e9513b152727f386573c8c048db0281
 
Author: Igor Babaev
 
Date:   Fri Jan 3 11:15:00 2020 -0800
 
 
 
    MDEV-21184 Assertion `used_tables_cache == 0' failed in Item_func::fix_fields
 
               with condition_pushdown_from_having


Generated at Thu Feb 08 09:17:45 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.