[MDEV-25067] Server crashes in eliminate_tables upon multi-table DELETE from a view executed in PS Created: 2021-03-05  Updated: 2023-11-28

Status: Confirmed
Project: MariaDB Server
Component/s: Data Manipulation - Delete, Optimizer, Prepared Statements, Views
Affects Version/s: 10.2, 10.3, 10.4, 10.5, 10.6, 10.7, 10.8, 10.9, 10.10
Fix Version/s: 10.4, 10.5, 10.6

Type: Bug Priority: Major
Reporter: Elena Stepanova Assignee: Sergei Petrunia
Resolution: Unresolved Votes: 0
Labels: None


 Description    

CREATE TABLE t (a INT, b INT);
 
INSERT INTO t VALUES (1,2),(3,4); # Optional, fails either way
 
CREATE VIEW v AS SELECT * FROM t;
 
PREPARE stmt FROM 'DELETE v1.* FROM v AS v1 LEFT JOIN v AS v2 ON (v1.a = v2.b)';
 
EXECUTE stmt;

10.2 7759991a

 
#3  <signal handler called>
 
#4  0x000055be2cc32017 in eliminate_tables (join=0x7fa638012990) at /data/src/10.2/sql/opt_table_elimination.cc:661
 
#5  0x000055be2cac6d5d in make_join_statistics (join=0x7fa638012990, tables_list=..., keyuse_array=0x7fa638012c80) at /data/src/10.2/sql/sql_select.cc:4150
 
#6  0x000055be2cabe1fb in JOIN::optimize_inner (this=0x7fa638012990) at /data/src/10.2/sql/sql_select.cc:1588
 
#7  0x000055be2cabc6f2 in JOIN::optimize (this=0x7fa638012990) at /data/src/10.2/sql/sql_select.cc:1118
 
#8  0x000055be2cac5c48 in mysql_select (thd=0x7fa638000d90, tables=0x7fa63807f640, wild_num=0, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=3489926016, result=0x7fa638012930, unit=0x7fa63807d930, select_lex=0x7fa63807e070) at /data/src/10.2/sql/sql_select.cc:3826
 
#9  0x000055be2ca7ddc5 in mysql_execute_command (thd=0x7fa638000d90) at /data/src/10.2/sql/sql_parse.cc:4481
 
#10 0x000055be2caa6923 in Prepared_statement::execute (this=0x7fa638039320, expanded_query=0x7fa64a77ca00, open_cursor=false) at /data/src/10.2/sql/sql_prepare.cc:5053
 
#11 0x000055be2caa4e2c in Prepared_statement::execute_loop (this=0x7fa638039320, expanded_query=0x7fa64a77ca00, open_cursor=false, packet=0x0, packet_end=0x0) at /data/src/10.2/sql/sql_prepare.cc:4482
 
#12 0x000055be2caa2b2c in mysql_sql_stmt_execute (thd=0x7fa638000d90) at /data/src/10.2/sql/sql_prepare.cc:3574
 
#13 0x000055be2ca7b09e in mysql_execute_command (thd=0x7fa638000d90) at /data/src/10.2/sql/sql_parse.cc:3602
 
#14 0x000055be2ca8828d in mysql_parse (thd=0x7fa638000d90, rawbuf=0x7fa6380126f8 "EXECUTE stmt", length=12, parser_state=0x7fa64a77d5f0, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:7790
 
#15 0x000055be2ca764ca in dispatch_command (command=COM_QUERY, thd=0x7fa638000d90, packet=0x7fa638008b51 "EXECUTE stmt", packet_length=12, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:1827
 
#16 0x000055be2ca74fc5 in do_command (thd=0x7fa638000d90) at /data/src/10.2/sql/sql_parse.cc:1381
 
#17 0x000055be2cbcfa54 in do_handle_one_connection (connect=0x55be3055f120) at /data/src/10.2/sql/sql_connect.cc:1336
 
#18 0x000055be2cbcf7b9 in handle_one_connection (arg=0x55be3055f120) at /data/src/10.2/sql/sql_connect.cc:1241
 
#19 0x000055be2d3f8a26 in pfs_spawn_thread (arg=0x55be30542590) at /data/src/10.2/storage/perfschema/pfs.cc:1869
 
#20 0x00007fa650b34609 in start_thread (arg=<optimized out>) at pthread_create.c:477
 
#21 0x00007fa65070e293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Reproducible the same way on debug, release and ASAN builds.
Reproducible with at least MyISAM and InnoDB.

 Comments   
Comment by Alice Sherepa [ 2022-10-31 ]

reprodicible on 10.3-10.11, but fails on the 2nd execution of ps:

CREATE TABLE t (a INT, b INT);
 
INSERT INTO t VALUES (1,2),(3,4); # Optional, fails either way
 
CREATE VIEW v AS SELECT * FROM t;
 
PREPARE stmt FROM 'DELETE v1.* FROM v AS v1 LEFT JOIN v AS v2 ON (v1.a = v2.b)';
 
EXECUTE stmt;
 
EXECUTE stmt;


Version: '10.11.1-MariaDB-debug-log' 
221031 14:15:25 [ERROR] mysqld got signal 11 ;
 
 
 
 
 
Server version: 10.11.1-MariaDB-debug-log
 
 
 
mysys/stacktrace.c:212(my_print_stacktrace)[0x556711141b9b]
 
sql/signal_handler.cc:236(handle_fatal_signal)[0x55670fcc77c7]
 
sql/opt_table_elimination.cc:759(eliminate_tables(JOIN*))[0x55670f9ca95b]
 
sql/sql_select.cc:5501(make_join_statistics(JOIN*, List<TABLE_LIST>&, st_dynamic_array*))[0x55670f524fe2]
 
sql/sql_select.cc:2524(JOIN::optimize_inner())[0x55670f506d70]
 
sql/sql_select.cc:1863(JOIN::optimize())[0x55670f4ffd5c]
 
sql/sql_select.cc:5056(mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x55670f52141c]
 
sql/sql_parse.cc:4862(mysql_execute_command(THD*, bool))[0x55670f410b67]
 
sql/sql_prepare.cc:5225(Prepared_statement::execute(String*, bool))[0x55670f4b7251]
 
sql/sql_prepare.cc:4648(Prepared_statement::execute_loop(String*, bool, unsigned char*, unsigned char*))[0x55670f4b24f9]
 
sql/sql_prepare.cc:3691(mysql_sql_stmt_execute(THD*))[0x55670f4abd01]
 
sql/sql_parse.cc:3962(mysql_execute_command(THD*, bool))[0x55670f409bef]
 
sql/sql_parse.cc:8006(mysql_parse(THD*, char*, unsigned int, Parser_state*))[0x55670f425ec0]
 
sql/sql_parse.cc:1896(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool))[0x55670f3fc696]
 
sql/sql_parse.cc:1407(do_command(THD*, bool))[0x55670f3f93b3]
 
sql/sql_connect.cc:1416(do_handle_one_connection(CONNECT*, bool))[0x55670f89f677]
 
sql/sql_connect.cc:1320(handle_one_connection)[0x55670f89efcd]
 
perfschema/pfs.cc:2203(pfs_spawn_thread)[0x55671054541f]
 
nptl/pthread_create.c:487(start_thread)[0x7f198c40ffa3]
 
x86_64/clone.S:97(clone)[0x7f198c01906f]
 
 
 
Query (0x6290000e6340): DELETE v1.* FROM v AS v1 LEFT JOIN v AS v2 ON (v1.a = v2.b)

Generated at Thu Feb 08 09:34:53 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.