[MDEV-2664] LP:830993 - Crash in end_read_record with derived table Created: 2011-08-22  Updated: 2015-02-02  Resolved: 2012-10-04

Status: Closed
Project: MariaDB Server
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Critical
Reporter: Philip Stoev (Inactive) Assignee: Sergei Petrunia
Resolution: Fixed Votes: 0
Labels: Launchpad

Attachments: XML File LPexportBug830993.xml     File LPexportBug830993_bug830993.yy    

 Description   

Queries such as:

SELECT alias1 . `col_int_key` AS field1 FROM ( ( SELECT SQ1_alias1 . * FROM ( C AS SQ1_alias1 INNER JOIN ( C AS SQ1_alias2 INNER JOIN C AS SQ1_alias3 ON (SQ1_alias3 . `col_varchar_key` = SQ1_alias2 . `col_varchar_key` ) ) ON (SQ1_alias3 . `col_varchar_key` = SQ1_alias2 . `col_varchar_key` ) ) ) AS alias1 , CC AS alias2 ) WHERE ( EXISTS ( ( SELECT 7 FROM DUAL ) ) ) OR ( alias1 . `col_int_key` = alias1 . `pk` OR alias1 . `col_varchar_key` LIKE CONCAT( 'x' , '%') ) GROUP BY field1 HAVING field1 > 's' ORDER BY alias1 . `col_varchar_key` DESC , CONCAT ( alias2 . `col_varchar_nokey`, alias1 . `col_varchar_key` )

sporadically cause the following crash:

  1. 2011-08-22T13:18:06 #3 <signal handler called>
  2. 2011-08-22T13:18:06 #4 0x000000000080e828 in end_read_record (info=0x87da988) at records.cc:294
  3. 2011-08-22T13:18:06 #5 0x0000000000735c7a in st_join_table::cleanup (this=0x87da8d8) at sql_select.cc:9586
  4. 2011-08-22T13:18:06 #6 0x0000000000735d7b in JOIN::cleanup (this=0x85f2a40, full=true) at sql_select.cc:9858
  5. 2011-08-22T13:18:06 #7 0x000000000073ecb6 in JOIN::destroy (this=0x85f2a40) at sql_select.cc:2740
  6. 2011-08-22T13:18:06 #8 0x000000000089e350 in st_select_lex::cleanup (this=0x2aaac10c6388) at sql_union.cc:929
  7. 2011-08-22T13:18:06 #9 0x0000000000750629 in mysql_select (thd=0x2aaac10c39f8, rref_pointer_array=0x2aaac10c65d8, tables=0x84346c0, wild_num=0, fields=..., conds=0x85b4fc0,
  8. 2011-08-22T13:18:06 og_num=3, order=0x85b5650, group=0x85b51c0, having=0x85b5398, proc_param=0x0, select_options=2147764736, result=0x85b5b40, unit=0x2aaac10c5ea0,
  9. 2011-08-22T13:18:06 select_lex=0x2aaac10c6388) at sql_select.cc:2923
  10. 2011-08-22T13:18:06 #10 0x0000000000756972 in handle_select (thd=0x2aaac10c39f8, lex=0x2aaac10c5e00, result=0x85b5b40, setup_tables_done_option=0) at sql_select.cc:283
  11. 2011-08-22T13:18:06 #11 0x00000000006a331e in execute_sqlcom_select (thd=0x2aaac10c39f8, all_tables=0x84346c0) at sql_parse.cc:5090
  12. 2011-08-22T13:18:06 #12 0x00000000006a4ffc in mysql_execute_command (thd=0x2aaac10c39f8) at sql_parse.cc:2234
  13. 2011-08-22T13:18:06 #13 0x00000000006add95 in mysql_parse (thd=0x2aaac10c39f8,
  14. 2011-08-22T13:18:06 rawbuf=0x86d5fb0 "/* 6 */ SELECT alias1 . `col_int_key` AS field1 FROM ( ( SELECT SQ1_alias1 . * FROM ( C AS SQ1_alias1 INNER JOIN ( C AS SQ1_alias2 INNER JOIN C AS SQ1_alias3 ON (SQ1_alias3 . `col_varchar_key` = SQ1_alias2 . `col_varchar_key` ) ) ON (SQ1_alias3 . `col_varchar_key` = SQ1_alias2 . `col_varchar_key` ) ) ) AS alias1 , CC AS alias2 ) WHERE ( EXISTS ( ( SELECT 7 FROM DUAL ) ) ) OR ( alias1 . `col_int_key` = alias1 . `pk` OR alias1 . `col_varchar_key` LIKE CONCAT( 'x' , '%') ) GROUP BY field1 HAVING field1 > 's' ORDER BY alias1 . `col_varchar_key` DESC , CONCAT ( alias2 . `col_varchar_nokey`, alias1 . `col_varchar_key` )", length=635, found_semicolon=0x4ec09f08) at sql_parse.cc:6091
  15. 2011-08-22T13:18:06 #14 0x00000000006aec65 in dispatch_command (command=COM_QUERY, thd=0x2aaac10c39f8,
  16. 2011-08-22T13:18:06 packet=0x2aaac10c76c9 "/* 6 */ SELECT alias1 . `col_int_key` AS field1 FROM ( ( SELECT SQ1_alias1 . * FROM ( C AS SQ1_alias1 INNER JOIN ( C AS SQ1_alias2 INNER JOIN C AS SQ1_alias3 ON (SQ1_alias3 . `col_varchar_key` = SQ1_alias2 . `col_varchar_key` ) ) ON (SQ1_alias3 . `col_varchar_key` = SQ1_alias2 . `col_varchar_key` ) ) ) AS alias1 , CC AS alias2 ) WHERE ( EXISTS ( ( SELECT 7 FROM DUAL ) ) ) OR ( alias1 . `col_int_key` = alias1 . `pk` OR alias1 . `col_varchar_key` LIKE CONCAT( 'x' , '%') ) GROUP BY field1 HAVING field1 > 's' ORDER BY alias1 . `col_varchar_key` DESC , CONCAT ( alias2 . `col_varchar_nokey`, alias1 . `col_varchar_key` )", packet_length=635) at sql_parse.cc:1211
  17. 2011-08-22T13:18:06 #15 0x00000000006b0273 in do_command (thd=0x2aaac10c39f8) at sql_parse.cc:906
  18. 2011-08-22T13:18:06 #16 0x000000000069aba7 in handle_one_connection (arg=0x2aaac10c39f8) at sql_connect.cc:1186
  19. 2011-08-22T13:18:06 #17 0x00000033b600673d in start_thread () from /lib64/libpthread.so.0
  20. 2011-08-22T13:18:06 #18 0x00000033b58d40cd in clone () from /lib64/libc.so.6

The crash happens repeatably inside RQG but is difficult to reproduce outside of it, so concurrency or some other inter-query interaction may be present.

 Comments   
Comment by Philip Stoev (Inactive) [ 2011-08-22 ]

Re: Crash in end_read_record
Valgrind warning:

==4530== Thread 30:
==4530== Invalid read of size 8
==4530== at 0x80E828: end_read_record(READ_RECORD*) (records.cc:294)
==4530== by 0x735C79: st_join_table::cleanup() (sql_select.cc:9586)
==4530== by 0x735D7A: JOIN::cleanup(bool) (sql_select.cc:9858)
==4530== by 0x73ECB5: JOIN::destroy() (sql_select.cc:2740)
==4530== by 0x89E34F: st_select_lex::cleanup() (sql_union.cc:929)
==4530== by 0x750628: mysql_select(THD*, Item**, TABLE_LIST, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsi
gned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2923)
==4530== by 0x756971: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:283)
==4530== by 0x6A331D: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5090)
==4530== by 0x6A4FFB: mysql_execute_command(THD*) (sql_parse.cc:2234)
==4530== by 0x6ADD94: mysql_parse(THD*, char*, unsigned int, char const**) (sql_parse.cc:6091)
==4530== by 0x6AEC64: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1211)
==4530== by 0x6B0272: do_command(THD*) (sql_parse.cc:906)
==4530== by 0x69ABA6: handle_one_connection (sql_connect.cc:1186)
==4530== by 0x33B600673C: start_thread (in /lib64/libpthread-2.5.so)
==4530== by 0x33B58D40CC: clone (in /lib64/libc-2.5.so)
==4530== Address 0x8f8f8f8f8f8f912f is not stack'd, malloc'd or (recently) free'd

Comment by Philip Stoev (Inactive) [ 2011-08-22 ]

Re: Crash in end_read_record

To reproduce with the RQG:

perl runall.pl -queries=100M --duration=180 --threads=6 --views --reporter=QueryTimeout,Backtrace,ErrorLog,Deadlock --basedir1=/home/philips/bzr/maria-5.3 --mysqld1=optimizer_switch=semijoin=ON,materialization=OFF --notnull --grammar=bug830993.yy --skip-gendata --mysqld1=-init-file=`pwd`/conf/optimizer/world.sql --seed=1313772755 --valgrind --duration=900

Comment by Philip Stoev (Inactive) [ 2011-08-22 ]

To reproduce with the RQG:

perl runall.pl -queries=100M --duration=180 --threads=6 --views --reporter=QueryTimeout,Backtrace,ErrorLog,Deadlock --basedir1=/home/philips/bzr/maria-5.3 --mysqld1=optimizer_switch=semijoin=ON,materialization=OFF --notnull --grammar=bug830993.yy --skip-gendata --mysqld1=-init-file=`pwd`/conf/optimizer/world.sql --seed=1313772755 --valgrind --duration=900
bug830993.yy
LPexportBug830993_bug830993.yy

Comment by Philip Stoev (Inactive) [ 2011-08-23 ]

Re: Crash in end_read_record
Additional information from the error log:

Error: Memory allocated at sql_join_cache.cc:910 was overrun, discovered at 'sql_join_cache.h:650'

and another related backtrace:

  1. 2011-08-23T08:15:04 #3 <signal handler called>
  2. 2011-08-23T08:15:04 #4 0x00000033b5830265 in raise () from /lib64/libc.so.6
  3. 2011-08-23T08:15:04 #5 0x00000033b5831d10 in abort () from /lib64/libc.so.6
  4. 2011-08-23T08:15:04 #6 0x00000033b586a99b in __libc_message () from /lib64/libc.so.6
  5. 2011-08-23T08:15:04 #7 0x00000033b5872555 in _int_free () from /lib64/libc.so.6
  6. 2011-08-23T08:15:04 #8 0x00000033b58728bb in free () from /lib64/libc.so.6
  7. 2011-08-23T08:15:04 #9 0x0000000000bdd26a in _myfree (ptr=0x2c51a78, filename=0xd8d388 "sql_join_cache.h", lineno=650, myflags=88) at safemalloc.c:335
  8. 2011-08-23T08:15:04 #10 0x00000000006f61f0 in JOIN_CACHE::free (this=0x2aa3f50) at sql_join_cache.h:650
  9. 2011-08-23T08:15:04 #11 0x0000000000735b80 in st_join_table::cleanup (this=0x2a62b98) at sql_select.cc:9563
  10. 2011-08-23T08:15:04 #12 0x0000000000735d7b in JOIN::cleanup (this=0x2b40bb0, full=true) at sql_select.cc:9858
  11. 2011-08-23T08:15:04 #13 0x0000000000735fce in JOIN::join_free (this=0x2b40bb0) at sql_select.cc:9778
  12. 2011-08-23T08:15:04 #14 0x00000000007556bd in JOIN::exec (this=0x2b40bb0) at sql_select.cc:2454
  13. 2011-08-23T08:15:04 #15 0x0000000000750558 in mysql_select (thd=0x2aaabd48ab18, rref_pointer_array=0x2aaabd48d6f8, tables=0x2ca2660, wild_num=0, fields=...$
  14. 2011-08-23T08:15:04 og_num=3, order=0x2bddbc8, group=0x2bdda30, having=0x0, proc_param=0x0, select_options=2147764736, result=0x2bdde18, unit=0x2aaabd4$
  15. 2011-08-23T08:15:04 select_lex=0x2aaabd48d4a8) at sql_select.cc:2901
  16. 2011-08-23T08:15:04 #16 0x0000000000756972 in handle_select (thd=0x2aaabd48ab18, lex=0x2aaabd48cf20, result=0x2bdde18, setup_tables_done_option=0) at sql_s$
  17. 2011-08-23T08:15:04 #17 0x00000000006a331e in execute_sqlcom_select (thd=0x2aaabd48ab18, all_tables=0x2ca2660) at sql_parse.cc:5090
  18. 2011-08-23T08:15:04 #18 0x00000000006a4ffc in mysql_execute_command (thd=0x2aaabd48ab18) at sql_parse.cc:2234
  19. 2011-08-23T08:15:04 #19 0x00000000006add95 in mysql_parse (thd=0x2aaabd48ab18,
  20. 2011-08-23T08:15:04 rawbuf=0x2a5c320 "/* 6 */ SELECT alias2 . `pk` AS field1 FROM ( ( SELECT SQ1_alias1 . * FROM C AS SQ1_alias1 ) AS alias1 ,$
  21. 2011-08-23T08:15:04 #20 0x00000000006aec65 in dispatch_command (command=COM_QUERY, thd=0x2aaabd48ab18,
  22. 2011-08-23T08:15:04 packet=0x2aaabd490f69 "/* 6 */ SELECT alias2 . `pk` AS field1 FROM ( ( SELECT SQ1_alias1 . * FROM C AS SQ1_alias1 ) AS ali$
  23. 2011-08-23T08:15:04 #21 0x00000000006b0273 in do_command (thd=0x2aaabd48ab18) at sql_parse.cc:906
  24. 2011-08-23T08:15:04 #22 0x000000000069aba7 in handle_one_connection (arg=0x2aaabd48ab18) at sql_connect.cc:1186
  25. 2011-08-23T08:15:04 #23 0x00000033b600673d in start_thread () from /lib64/libpthread.so.0
  26. 2011-08-23T08:15:04 #24 0x00000033b58d40cd in clone () from /lib64/libc.so.6
  27. 2011-08-23T08:15:04 #5 0x00000033b5831d10 in abort () from /lib64/libc.so.6
Comment by Philip Stoev (Inactive) [ 2011-08-24 ]

Re: Crash in end_read_record
A non-concurrent test case. Not reproducible with maria-5.3 before views

SET SESSION optimizer_switch = 'index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,index_condition_pushdown=off,derived_merge=off,derived_with_keys=off,firstmatch=off,loosescan=off,materialization=off,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=off,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=off,semijoin_with_cache=off,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=off,table_elimination=on';
--disable_warnings
DROP TABLE /*! IF EXISTS */ t1;
DROP TABLE /*! IF EXISTS */ t2;
--enable_warnings

CREATE TABLE t1 ( a int(11) NOT NULL AUTO_INCREMENT, b int(11) DEFAULT NULL, c int(11) DEFAULT NULL, d time DEFAULT NULL, e varchar(1) DEFAULT NULL, f varchar(1) DEFAULT NULL, PRIMARY KEY (a), KEY c (c), KEY d (d), KEY e (e,c));
INSERT INTO t1 VALUES (10,NULL,8,'22:55:23','x','x'),(11,8,7,'10:19:31','d','d'),(12,1,1,'14:40:36','r','r'),(13,9,7,'04:37:47','f','f'),(14,4,9,'19:34:06','y','y'),(15,3,NULL,'20:35:33','u','u'),(16,2,1,NULL,'m','m'),(17,NULL,9,'14:43:37',NULL,NULL),(18,2,2,'02:23:09','o','o'),(19,NULL,9,'01:22:45','w','w'),(20,6,2,'00:00:00','m','m'),(21,7,4,'00:13:25','q','q'),(22,2,0,'03:47:16',NULL,NULL),(23,5,4,'01:41:48','d','d'),(24,7,8,'00:00:00','g','g'),(25,6,NULL,'22:32:04','x','x'),(26,6,NULL,'16:44:14','f','f'),(27,2,0,'17:38:37','p','p'),(28,9,NULL,'08:46:48','j','j'),(29,6,8,'14:11:27','c','c');
CREATE TABLE t2 ( a int(11) NOT NULL AUTO_INCREMENT, b int(11) DEFAULT NULL, c int(11) DEFAULT NULL, d time DEFAULT NULL, e varchar(1) DEFAULT NULL, f varchar(1) DEFAULT NULL, PRIMARY KEY (a), KEY c (c), KEY d (d), KEY e (e,c));
INSERT INTO t2 VALUES (1,2,4,'22:34:09','v','v'),(2,150,62,'14:26:02','v','v'),(3,NULL,7,'14:03:03','c','c'),(4,2,1,'01:46:09',NULL,NULL),(5,5,0,'16:21:18','x','x'),(6,3,7,'18:56:33','i','i'),(7,1,7,NULL,'e','e'),(8,4,1,'09:29:08','p','p'),(9,NULL,7,'19:11:10','s','s'),(10,2,1,'11:57:26','j','j'),(11,6,5,'00:39:46','z','z'),(12,6,2,'03:28:15','c','c'),(13,8,0,'06:44:18','a','a'),(14,2,1,'14:36:39','q','q'),(15,6,8,'18:42:45','y','y'),(16,8,1,'02:57:29',NULL,NULL),(17,3,1,'16:46:13','r','r'),(18,3,9,'19:39:02','v','v'),(19,9,1,NULL,NULL,NULL),(20,6,5,'20:58:33','r','r');

SELECT *
FROM (
SELECT *
FROM t2 ) AS alias1 ,
t1 AS alias2 , t2
WHERE alias1.c = SOME
(
SELECT SQ3_alias1.b
FROM t2 AS SQ3_alias1 STRAIGHT_JOIN t2 AS SQ3_alias2
);

If you run it with MTR without --valgrind, it will report:

Error: Memory allocated at sql_join_cache.cc:910 was overrun, discovered at 'sq_join_cache.h:650'

With --valgrind , you will get:

==17182== Thread 4:
==17182== Invalid write of size 1
==17182== at 0x6F2806: JOIN_CACHE::write_record_data(unsigned char*, bool*) (sql_join_cache.cc:1409)
==17182== by 0x6F2DBC: JOIN_CACHE::put_record() (sql_join_cache.cc:1517)
==17182== by 0x735885: sub_select_cache(JOIN*, st_join_table*, bool) (sql_select.cc:14855)
==17182== by 0x6F0D6D: JOIN_CACHE::generate_full_extensions(unsigned char*) (sql_join_cache.cc:2339)
==17182== by 0x6F127B: JOIN_CACHE::join_matching_records(bool) (sql_join_cache.cc:2232)
==17182== by 0x6EEFF8: JOIN_CACHE::join_records(bool) (sql_join_cache.cc:2031)
==17182== by 0x7357CB: sub_select_cache(JOIN*, st_join_table*, bool) (sql_select.cc:14842)
==17182== by 0x735297: sub_select(JOIN*, st_join_table*, bool) (sql_select.cc:15004)
==17182== by 0x7357EE: sub_select_cache(JOIN*, st_join_table*, bool) (sql_select.cc:14844)
==17182== by 0x735297: sub_select(JOIN*, st_join_table*, bool) (sql_select.cc:15004)
==17182== by 0x736774: do_select(JOIN*, List<Item>, st_table, Procedure*) (sql_select.cc:14728)
==17182== by 0x7566FF: JOIN::exec() (sql_select.cc:2680)
==17182== by 0x750617: mysql_select(THD*, Item**, TABLE_LIST, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2901)
==17182== by 0x756A31: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:283)
==17182== by 0x6A33DD: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5090)
==17182== by 0x6A50BB: mysql_execute_command(THD*) (sql_parse.cc:2234)
==17182== Address 0xe39d22c is 0 bytes after a block of size 131,116 alloc'd
==17182== at 0x4A05E1C: malloc (vg_replace_malloc.c:195)
==17182== by 0xBDC9FD: _mymalloc (safemalloc.c:138)
==17182== by 0x6F3261: JOIN_CACHE::alloc_buffer() (sql_join_cache.cc:910)
==17182== by 0x6F42EA: JOIN_CACHE::init() (sql_join_cache.cc:1039)
==17182== by 0x6F4645: JOIN_CACHE_BNL::init() (sql_join_cache.cc:3529)
==17182== by 0x7375B7: check_join_cache_usage(st_join_table*, unsigned long long, unsigned int, unsigned int, st_join_table*) (sql_select.cc:9036)
==17182== by 0x737C7F: check_join_cache_usage_for_tables(JOIN*, unsigned long long, unsigned int) (sql_select.cc:9193)
==17182== by 0x74ADD8: make_join_readinfo(JOIN*, unsigned long long, unsigned int) (sql_select.cc:9278)
==17182== by 0x74E320: JOIN::optimize() (sql_select.cc:1497)
==17182== by 0x750572: mysql_select(THD*, Item**, TABLE_LIST, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2887)
==17182== by 0x756A31: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:283)
==17182== by 0x6A33DD: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5090)
==17182== by 0x6A50BB: mysql_execute_command(THD*) (sql_parse.cc:2234)
==17182== by 0x6ADE54: mysql_parse(THD*, char*, unsigned int, char const**) (sql_parse.cc:6091)
==17182== by 0x6AED24: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1211)
==17182== by 0x6B0332: do_command(THD*) (sql_parse.cc:906)
==17182== Invalid read of size 1
==17182== at 0x6F15C9: JOIN_CACHE::read_record_field(st_cache_field*, bool) (sql_join_cache.cc:1804)
==17182== by 0x6F1E0B: JOIN_CACHE::read_all_record_fields() (sql_join_cache.cc:1692)
==17182== by 0x6F1F8C: JOIN_CACHE::get_record() (sql_join_cache.cc:1559)
==17182== by 0x6EEA53: JOIN_CACHE_BNL::read_next_candidate_for_match(unsigned char*) (sql_join_cache.cc:3499)
==17182== by 0x6F126E: JOIN_CACHE::join_matching_records(bool) (sql_join_cache.cc:2231)
==17182== by 0x6EEFF8: JOIN_CACHE::join_records(bool) (sql_join_cache.cc:2031)
==17182== by 0x7358BC: sub_select_cache(JOIN*, st_join_table*, bool) (sql_select.cc:14862)
==17182== by 0x6F0D6D: JOIN_CACHE::generate_full_extensions(unsigned char*) (sql_join_cache.cc:2339)
==17182== by 0x6F127B: JOIN_CACHE::join_matching_records(bool) (sql_join_cache.cc:2232)
==17182== by 0x6EEFF8: JOIN_CACHE::join_records(bool) (sql_join_cache.cc:2031)
==17182== by 0x7357CB: sub_select_cache(JOIN*, st_join_table*, bool) (sql_select.cc:14842)
==17182== by 0x735297: sub_select(JOIN*, st_join_table*, bool) (sql_select.cc:15004)
==17182== by 0x7357EE: sub_select_cache(JOIN*, st_join_table*, bool) (sql_select.cc:14844)
==17182== by 0x735297: sub_select(JOIN*, st_join_table*, bool) (sql_select.cc:15004)
==17182== by 0x736774: do_select(JOIN*, List<Item>, st_table, Procedure*) (sql_select.cc:14728)
==17182== by 0x7566FF: JOIN::exec() (sql_select.cc:2680)
==17182== Address 0xe39d22c is 0 bytes after a block of size 131,116 alloc'd
==17182== at 0x4A05E1C: malloc (vg_replace_malloc.c:195)
==17182== by 0xBDC9FD: _mymalloc (safemalloc.c:138)
==17182== by 0x6F3261: JOIN_CACHE::alloc_buffer() (sql_join_cache.cc:910)
==17182== by 0x6F42EA: JOIN_CACHE::init() (sql_join_cache.cc:1039)
==17182== by 0x6F4645: JOIN_CACHE_BNL::init() (sql_join_cache.cc:3529)
==17182== by 0x7375B7: check_join_cache_usage(st_join_table*, unsigned long long, unsigned int, unsigned int, st_join_table*) (sql_select.cc:9036)
==17182== by 0x737C7F: check_join_cache_usage_for_tables(JOIN*, unsigned long long, unsigned int) (sql_select.cc:9193)
==17182== by 0x74ADD8: make_join_readinfo(JOIN*, unsigned long long, unsigned int) (sql_select.cc:9278)
==17182== by 0x74E320: JOIN::optimize() (sql_select.cc:1497)
==17182== by 0x750572: mysql_select(THD*, Item**, TABLE_LIST, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2887)
==17182== by 0x756A31: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:283)
==17182== by 0x6A33DD: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5090)
==17182== by 0x6A50BB: mysql_execute_command(THD*) (sql_parse.cc:2234)
==17182== by 0x6ADE54: mysql_parse(THD*, char*, unsigned int, char const**) (sql_parse.cc:6091)
==17182== by 0x6AED24: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1211)
==17182== by 0x6B0332: do_command(THD*) (sql_parse.cc:906)
==17182== Invalid read of size 1
==17182== at 0x6F15C9: JOIN_CACHE::read_record_field(st_cache_field*, bool) (sql_join_cache.cc:1804)
==17182== by 0x6F1E0B: JOIN_CACHE::read_all_record_fields() (sql_join_cache.cc:1692)
==17182== by 0x6F1E6E: JOIN_CACHE::get_record_by_pos(unsigned char*) (sql_join_cache.cc:1591)
==17182== by 0x6EE626: JOIN_CACHE::restore_last_record() (sql_join_cache.cc:1980)
==17182== by 0x6EF221: JOIN_CACHE::join_records(bool) (sql_join_cache.cc:2103)
==17182== by 0x7358BC: sub_select_cache(JOIN*, st_join_table*, bool) (sql_select.cc:14862)
==17182== by 0x6F0D6D: JOIN_CACHE::generate_full_extensions(unsigned char*) (sql_join_cache.cc:2339)
==17182== by 0x6F127B: JOIN_CACHE::join_matching_records(bool) (sql_join_cache.cc:2232)
==17182== by 0x6EEFF8: JOIN_CACHE::join_records(bool) (sql_join_cache.cc:2031)
==17182== by 0x7357CB: sub_select_cache(JOIN*, st_join_table*, bool) (sql_select.cc:14842)
==17182== by 0x735297: sub_select(JOIN*, st_join_table*, bool) (sql_select.cc:15004)
==17182== by 0x7357EE: sub_select_cache(JOIN*, st_join_table*, bool) (sql_select.cc:14844)
==17182== by 0x735297: sub_select(JOIN*, st_join_table*, bool) (sql_select.cc:15004)
==17182== by 0x736774: do_select(JOIN*, List<Item>, st_table, Procedure*) (sql_select.cc:14728)
==17182== by 0x7566FF: JOIN::exec() (sql_select.cc:2680)
==17182== by 0x750617: mysql_select(THD*, Item**, TABLE_LIST, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2901)
==17182== Address 0xe39d22c is 0 bytes after a block of size 131,116 alloc'd
==17182== at 0x4A05E1C: malloc (vg_replace_malloc.c:195)
==17182== by 0xBDC9FD: _mymalloc (safemalloc.c:138)
==17182== by 0x6F3261: JOIN_CACHE::alloc_buffer() (sql_join_cache.cc:910)
==17182== by 0x6F42EA: JOIN_CACHE::init() (sql_join_cache.cc:1039)
==17182== by 0x6F4645: JOIN_CACHE_BNL::init() (sql_join_cache.cc:3529)
==17182== by 0x7375B7: check_join_cache_usage(st_join_table*, unsigned long long, unsigned int, unsigned int, st_join_table*) (sql_select.cc:9036)
==17182== by 0x737C7F: check_join_cache_usage_for_tables(JOIN*, unsigned long long, unsigned int) (sql_select.cc:9193)
==17182== by 0x74ADD8: make_join_readinfo(JOIN*, unsigned long long, unsigned int) (sql_select.cc:9278)
==17182== by 0x74E320: JOIN::optimize() (sql_select.cc:1497)
==17182== by 0x750572: mysql_select(THD*, Item**, TABLE_LIST, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2887)
==17182== by 0x756A31: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:283)
==17182== by 0x6A33DD: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5090)
==17182== by 0x6A50BB: mysql_execute_command(THD*) (sql_parse.cc:2234)
==17182== by 0x6ADE54: mysql_parse(THD*, char*, unsigned int, char const**) (sql_parse.cc:6091)
==17182== by 0x6AED24: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1211)
==17182== by 0x6B0332: do_command(THD*) (sql_parse.cc:906)
Error: Memory allocated at sql_join_cache.cc:910 was overrun, discovered at 'sql_join_cache.h:650'

Comment by Sergei Petrunia [ 2011-09-05 ]

Re: Crash in end_read_record with derived table
I did not get any valgrind warnings when running testcase from comment #4 on a 32-bit system. I could repeat them on 64-bit system.

Comment by Rasmus Johansson (Inactive) [ 2011-12-13 ]

Launchpad bug id: 830993

Generated at Thu Feb 08 06:43:23 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.