[MDEV-23213] Server crashes in opt_sum_query / (maria_status or heap_info) on 2nd execution of PS Created: 2020-07-18  Updated: 2023-04-27

Status: Open
Project: MariaDB Server
Component/s: Optimizer, Prepared Statements, Stored routines
Affects Version/s: 10.1, 10.2, 10.3, 10.4, 10.5
Fix Version/s: 10.4, 10.5

Type: Bug Priority: Major
Reporter: Elena Stepanova Assignee: Dmitry Shulga
Resolution: Unresolved Votes: 0
Labels: None

Issue Links:
Relates
relates to MDEV-27854 SIGSEGV in heap_info on second stored... Confirmed

 Description   

Note that 10.5 fails even without big_tables, so it's not a corner case in this sense. The test case and failure for 10.5 are at the end of the description.

SET big_tables= 1;
 
 
 
CREATE TABLE t1 (a INT);
 
INSERT INTO t1 VALUES (1),(2);
 
CREATE TABLE t2 (b INT);
 
INSERT INTO t2 VALUES (3),(4);
 
 
 
PREPARE stmt FROM "SELECT COUNT(*) FROM t1, (SELECT * FROM t2) AS sq WHERE t1.a = 1"; 
SET optimizer_switch= 'derived_merge=off';
 
EXECUTE stmt;
 
SET optimizer_switch= 'derived_merge=on';
 
EXECUTE stmt;
 
 
 
# Cleanup
 
DROP TABLE t1, t2;

10.2 a1e52e7f

 
#3  <signal handler called>
 
#4  0x000055b2029284f5 in maria_status (info=0x0, x=0x7fa47a7254c0, flag=18) at /data/src/10.2/storage/maria/ma_info.c:43
 
#5  0x000055b20293f71d in ha_maria::info (this=0x7fa468084928, flag=18) at /data/src/10.2/storage/maria/ha_maria.cc:2516
 
#6  0x000055b20251550f in opt_sum_query (thd=0x7fa468000af0, tables=..., all_fields=..., conds=0x7fa4680132f8) at /data/src/10.2/sql/opt_sum.cc:318
 
#7  0x000055b2021724e0 in JOIN::optimize_inner (this=0x7fa4680126a0) at /data/src/10.2/sql/sql_select.cc:1497
 
#8  0x000055b202170e81 in JOIN::optimize (this=0x7fa4680126a0) at /data/src/10.2/sql/sql_select.cc:1113
 
#9  0x000055b20217a3d8 in mysql_select (thd=0x7fa468000af0, tables=0x7fa468035e38, wild_num=0, fields=..., conds=0x7fa468037f28, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2416184064, result=0x7fa468038090, unit=0x7fa468034590, select_lex=0x7fa468034cd0) at /data/src/10.2/sql/sql_select.cc:3819
 
#10 0x000055b20216e626 in handle_select (thd=0x7fa468000af0, lex=0x7fa4680344d0, result=0x7fa468038090, setup_tables_done_option=0) at /data/src/10.2/sql/sql_select.cc:361
 
#11 0x000055b20213a070 in execute_sqlcom_select (thd=0x7fa468000af0, all_tables=0x7fa468035e38) at /data/src/10.2/sql/sql_parse.cc:6218
 
#12 0x000055b2021308f1 in mysql_execute_command (thd=0x7fa468000af0) at /data/src/10.2/sql/sql_parse.cc:3524
 
#13 0x000055b20215b783 in Prepared_statement::execute (this=0x7fa468082970, expanded_query=0x7fa47a7279b0, open_cursor=false) at /data/src/10.2/sql/sql_prepare.cc:4842
 
#14 0x000055b202159cbd in Prepared_statement::execute_loop (this=0x7fa468082970, expanded_query=0x7fa47a7279b0, open_cursor=false, packet=0x0, packet_end=0x0) at /data/src/10.2/sql/sql_prepare.cc:4271
 
#15 0x000055b202157a8c in mysql_sql_stmt_execute (thd=0x7fa468000af0) at /data/src/10.2/sql/sql_prepare.cc:3379
 
#16 0x000055b202130936 in mysql_execute_command (thd=0x7fa468000af0) at /data/src/10.2/sql/sql_parse.cc:3540
 
#17 0x000055b20213dda7 in mysql_parse (thd=0x7fa468000af0, rawbuf=0x7fa468012458 "EXECUTE stmt", length=12, parser_state=0x7fa47a728610, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:7733
 
#18 0x000055b20212c0d3 in dispatch_command (command=COM_QUERY, thd=0x7fa468000af0, packet=0x7fa46808cdb1 "EXECUTE stmt", packet_length=12, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:1824
 
#19 0x000055b20212ab4e in do_command (thd=0x7fa468000af0) at /data/src/10.2/sql/sql_parse.cc:1377
 
#20 0x000055b202280b29 in do_handle_one_connection (connect=0x55b204ff41a0) at /data/src/10.2/sql/sql_connect.cc:1336
 
#21 0x000055b202280894 in handle_one_connection (arg=0x55b204ff41a0) at /data/src/10.2/sql/sql_connect.cc:1241
 
#22 0x000055b202a97352 in pfs_spawn_thread (arg=0x55b204f40eb0) at /data/src/10.2/storage/perfschema/pfs.cc:1869
 
#23 0x00007fa48237d4a4 in start_thread (arg=0x7fa47a729700) at pthread_create.c:456
 
#24 0x00007fa4804b1d0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97

Reproducible on non-debug, debug and ASAN builds alike, at least on 10.1-10.5, with at least InnoDB, MyISAM, Aria.
Also fails with stored procedures instead of prepared statements.

On 10.5, which claims that big_tables is deprecated, it also fails without big_tables, but slightly differently:

CREATE TABLE t1 (a INT);
 
INSERT INTO t1 VALUES (1),(2);
 
CREATE TABLE t2 (b INT);
 
INSERT INTO t2 VALUES (3),(4);
 
 
 
PREPARE stmt FROM "SELECT COUNT(*) FROM t1, (SELECT * FROM t2) AS sq WHERE t1.a = 1"; 
SET optimizer_switch= 'derived_merge=off';
 
EXECUTE stmt;
 
SET optimizer_switch= 'derived_merge=on';
 
EXECUTE stmt;
 
 
 
# Cleanup
 
DROP TABLE t1, t2;

10.5 054f1036

 
#3  <signal handler called>
 
#4  heap_info (info=0x0, x=0x7f2535217ea0, flag=18) at /data/src/10.5/storage/heap/hp_info.c:34
 
#5  0x00005623818a04d5 in ha_heap::info (this=0x7f2524075c90, flag=18) at /data/src/10.5/storage/heap/ha_heap.cc:377
 
#6  0x00005623816146c2 in opt_sum_query (thd=0x7f2524000b18, tables=..., all_fields=..., conds=0x7f25240147c0) at /data/src/10.5/sql/opt_sum.cc:318
 
#7  0x000056238114ce8b in JOIN::optimize_inner (this=0x7f2524013b18) at /data/src/10.5/sql/sql_select.cc:2153
 
#8  0x000056238114aee7 in JOIN::optimize (this=0x7f2524013b18) at /data/src/10.5/sql/sql_select.cc:1618
 
#9  0x00005623811561a3 in mysql_select (thd=0x7f2524000b18, tables=0x7f252406e780, fields=..., conds=0x7f2524070c68, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2201171004160, result=0x7f25240716d0, unit=0x7f252406c530, select_lex=0x7f252406e0d0) at /data/src/10.5/sql/sql_select.cc:4641
 
#10 0x0000562381145ee2 in handle_select (thd=0x7f2524000b18, lex=0x7f252406c468, result=0x7f25240716d0, setup_tables_done_option=0) at /data/src/10.5/sql/sql_select.cc:429
 
#11 0x000056238110b52c in execute_sqlcom_select (thd=0x7f2524000b18, all_tables=0x7f252406e780) at /data/src/10.5/sql/sql_parse.cc:6209
 
#12 0x00005623811027d3 in mysql_execute_command (thd=0x7f2524000b18) at /data/src/10.5/sql/sql_parse.cc:3931
 
#13 0x0000562381130315 in Prepared_statement::execute (this=0x7f252406bff8, expanded_query=0x7f2535219cc0, open_cursor=false) at /data/src/10.5/sql/sql_prepare.cc:4794
 
#14 0x000056238112e7ca in Prepared_statement::execute_loop (this=0x7f252406bff8, expanded_query=0x7f2535219cc0, open_cursor=false, packet=0x0, packet_end=0x0) at /data/src/10.5/sql/sql_prepare.cc:4283
 
#15 0x000056238112c237 in mysql_sql_stmt_execute (thd=0x7f2524000b18) at /data/src/10.5/sql/sql_prepare.cc:3395
 
#16 0x0000562381102818 in mysql_execute_command (thd=0x7f2524000b18) at /data/src/10.5/sql/sql_parse.cc:3947
 
#17 0x0000562381110379 in mysql_parse (thd=0x7f2524000b18, rawbuf=0x7f25240138d0 "EXECUTE stmt", length=12, parser_state=0x7f253521a520, is_com_multi=false, is_next_command=false) at /data/src/10.5/sql/sql_parse.cc:7993
 
#18 0x00005623810fc672 in dispatch_command (command=COM_QUERY, thd=0x7f2524000b18, packet=0x7f25241af209 "EXECUTE stmt", packet_length=12, is_com_multi=false, is_next_command=false) at /data/src/10.5/sql/sql_parse.cc:1867
 
#19 0x00005623810fadaa in do_command (thd=0x7f2524000b18) at /data/src/10.5/sql/sql_parse.cc:1348
 
#20 0x00005623812a0589 in do_handle_one_connection (connect=0x5623841ca398, put_in_cache=true) at /data/src/10.5/sql/sql_connect.cc:1411
 
#21 0x00005623812a02f1 in handle_one_connection (arg=0x5623841ca398) at /data/src/10.5/sql/sql_connect.cc:1313
 
#22 0x00005623817de3f6 in pfs_spawn_thread (arg=0x5623841c9fc8) at /data/src/10.5/storage/perfschema/pfs.cc:2201
 
#23 0x00007f253c6074a4 in start_thread (arg=0x7f253521b700) at pthread_create.c:456
 
#24 0x00007f253a73bd0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97



 Comments   
Comment by Alice Sherepa [ 2022-04-07 ]

currently not reproducible on 10.2-10.8 (10.2 75b9014fedd8bb85d15501a2 ; 10.8 5c69e936308b9b636d)

Generated at Thu Feb 08 09:20:43 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.