[MDEV-32571] A specific query crashes MariaDB in choose_best_splitting Created: 2023-10-25  Updated: 2023-10-30  Resolved: 2023-10-30

Status: Closed
Project: MariaDB Server
Component/s: Optimizer
Affects Version/s: 10.5.20, 10.5.21, 10.5.22
Fix Version/s: N/A

Type: Bug Priority: Major
Reporter: Sandro Kalatozishvili Assignee: Unassigned
Resolution: Duplicate Votes: 0
Labels: crash, regression-10.5

Issue Links:
Duplicate
duplicates MDEV-31440 choose_best_splitting: crash on updat... Confirmed
Problem/Incident
is caused by MDEV-26301 Split optimization refills temporary ... Closed

 Description   

A specific SELECT query crashes MariaDB 10.5.20/10.5.21/10.5.22. The issue is fixed when downgraded to 10.5.19.

Query:

SELECT SQL_CALC_FOUND_ROWS wpd8_posts.ID
 
FROM wpd8_posts
 
LEFT JOIN (
 
    SELECT post_meta.post_id, min( post_meta.meta_value + 0 ) as min_price
 
    FROM wpd8_postmeta post_meta
 
    GROUP BY post_meta.post_id
 
    ) wcpbc_price ON wpd8_posts.ID = wcpbc_price.post_id
 
WHERE 1=1 
AND NOT (50.000000<wcpbc_price.min_price)
 
AND (
 
    wpd8_posts.ID IN (
 
        SELECT product_or_parent_id
 
        FROM (
 
            SELECT product_or_parent_id
 
            FROM wpd8_wc_product_attributes_lookup lt 
        ) temp
 
    )
 
);

Not crashes if we remove any part from the query, for example: 

WHERE 1=1

or 

AND NOT (50.000000<wcpbc_price.min_price)

Full log:

2023-10-24 20:43:47 0 [Note] Starting MariaDB 10.5.22-MariaDB source revision 7e650253dc488debcb0898ebe6d385bf6dfa3656 as process 7788
 
2023-10-24 20:43:47 0 [Note] InnoDB: Uses event mutexes
 
2023-10-24 20:43:47 0 [Note] InnoDB: Compressed tables use zlib 1.2.11
 
2023-10-24 20:43:47 0 [Note] InnoDB: Number of pools: 1
 
2023-10-24 20:43:47 0 [Note] InnoDB: Using generic crc32 instructions
 
2023-10-24 20:43:47 0 [Note] InnoDB: Using Linux native AIO
 
2023-10-24 20:43:47 0 [Note] InnoDB: Initializing buffer pool, total size = 134217728, chunk size = 134217728
 
2023-10-24 20:43:47 0 [Note] InnoDB: Completed initialization of buffer pool
 
2023-10-24 20:43:47 0 [Note] InnoDB: 128 rollback segments are active.
 
2023-10-24 20:43:47 0 [Note] InnoDB: Creating shared tablespace for temporary tables
 
2023-10-24 20:43:47 0 [Note] InnoDB: Setting file './ibtmp1' size to 12 MB. Physically writing the file full; Please wait ...
 
2023-10-24 20:43:47 0 [Note] InnoDB: File './ibtmp1' size is now 12 MB.
 
2023-10-24 20:43:47 0 [Note] InnoDB: 10.5.22 started; log sequence number 777306; transaction id 128
 
2023-10-24 20:43:47 0 [Note] Plugin 'FEEDBACK' is disabled.
 
2023-10-24 20:43:47 0 [Note] Server socket created on IP: '::'.
 
2023-10-24 20:43:47 0 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool
 
2023-10-24 20:43:47 0 [Note] InnoDB: Buffer pool(s) load completed at 231024 20:43:47
 
2023-10-24 20:43:47 0 [Note] Reading of all Master_info entries succeeded
 
2023-10-24 20:43:47 0 [Note] Added new Master_info '' to hash table
 
2023-10-24 20:43:47 0 [Note] /usr/sbin/mariadbd: ready for connections.
 
Version: '10.5.22-MariaDB'  socket: '/var/lib/mysql/mysql.sock'  port: 3306  MariaDB Server
 
231024 20:43:53 [ERROR] mysqld got signal 11 ;
 
This could be because you hit a bug. It is also possible that this binary
 
or one of the libraries it was linked against is corrupt, improperly built,
 
or misconfigured. This error can also be caused by malfunctioning hardware.
 
 
 
To report this bug, see https://mariadb.com/kb/en/reporting-bugs 
 
 
We will try our best to scrape up some info that will hopefully help
 
diagnose the problem, but since we have already crashed,
 
something is definitely wrong and this may fail.
 
 
 
Server version: 10.5.22-MariaDB source revision: 7e650253dc488debcb0898ebe6d385bf6dfa3656
 
key_buffer_size=134217728
 
read_buffer_size=131072
 
max_used_connections=1
 
max_threads=153
 
thread_count=1
 
It is possible that mysqld could use up to
 
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 467889 K  bytes of memory
 
Hope that's ok; if not, decrease some variables in the equation.
 
 
 
Thread pointer: 0x7f611c0015f8
 
Attempting backtrace. You can use the following information to find out
 
where mysqld died. If you see no messages after this, something went
 
terribly wrong...
 
stack_bottom = 0x7f61485c4bd8 thread_stack 0x49000
 
/usr/sbin/mariadbd(my_print_stacktrace+0x2e)[0x55c78ed9c87e]
 
/usr/sbin/mariadbd(handle_fatal_signal+0x485)[0x55c78e818145]
 
/lib64/libpthread.so.0(+0x12cf0)[0x7f615c01ccf0]
 
/usr/sbin/mariadbd(_ZN13st_join_table21choose_best_splittingEjyPK8POSITIONPy+0x544)[0x55c78e790544]
 
/usr/sbin/mariadbd(Z16best_access_pathP4JOINP13st_join_tableyPK8POSITIONjbdPS3_S6+0x132)[0x55c78e641b02]
 
/usr/sbin/mariadbd(+0x7b21fd)[0x55c78e6451fd]
 
/usr/sbin/mariadbd(+0x7b24d9)[0x55c78e6454d9]
 
/usr/sbin/mariadbd(+0x7b24d9)[0x55c78e6454d9]
 
/usr/sbin/mariadbd(_Z11choose_planP4JOINy+0x262)[0x55c78e645c22]
 
/usr/sbin/mariadbd(_ZN4JOIN14optimize_innerEv+0x34b9)[0x55c78e66d3e9]
 
/usr/sbin/mariadbd(_ZN4JOIN8optimizeEv+0xa0)[0x55c78e66dab0]
 
/usr/sbin/mariadbd(_Z12mysql_selectP3THDP10TABLE_LISTR4ListI4ItemEPS4_jP8st_orderS9_S7_S9_yP13select_resultP18st_select_lex_unitP13st_select_lex+0xb3)[0x55c78e66db83]
 
/usr/sbin/mariadbd(_Z19mysql_explain_unionP3THDP18st_select_lex_unitP13select_result+0x22c)[0x55c78e66e81c]
 
/usr/sbin/mariadbd(+0x774cb3)[0x55c78e607cb3]
 
/usr/sbin/mariadbd(_Z21mysql_execute_commandP3THD+0x121a)[0x55c78e6108f6]
 
/usr/sbin/mariadbd(_Z11mysql_parseP3THDPcjP12Parser_statebb+0x247)[0x55c78e60264a]
 
/usr/sbin/mariadbd(_Z16dispatch_command19enum_server_commandP3THDPcjbb+0x1dc2)[0x55c78e60da61]
 
/usr/sbin/mariadbd(_Z10do_commandP3THD+0x11e)[0x55c78e60ec1f]
 
/usr/sbin/mariadbd(_Z24do_handle_one_connectionP7CONNECTb+0x501)[0x55c78e7069f1]
 
/usr/sbin/mariadbd(handle_one_connection+0x5d)[0x55c78e706d4d]
 
/usr/sbin/mariadbd(+0xbb2203)[0x55c78ea45203]
 
/lib64/libpthread.so.0(+0x81ca)[0x7f615c0121ca]
 
/lib64/libc.so.6(clone+0x43)[0x7f615b363e73]
 
 
 
Trying to get some variables.
 
Some pointers may be invalid and cause the dump to abort.
 
Query (0x7f611c0136b0): EXPLAIN SELECT SQL_CALC_FOUND_ROWS wpd8_posts.ID FROM wpd8_posts LEFT JOIN (     SELECT post_meta.post_id, min( post_meta.meta_value + 0 ) as min_price     FROM wpd8_postmeta post_meta     GROUP BY post_meta.post_id     ) wcpbc_price ON wpd8_posts.ID = wcpbc_price.post_id WHERE 1=1 AND NOT (50.000000<wcpbc_price.min_price) AND (     wpd8_posts.ID IN (         SELECT product_or_parent_id         FROM (             SELECT product_or_parent_id             FROM wpd8_wc_product_attributes_lookup lt          ) temp     ) )
 
 
 
Connection ID (thread ID): 3
 
Status: NOT_KILLED
 
 
 
Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,engine_condition_pushdown=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on,not_null_range_scan=off
 
 
 
The manual page at https://mariadb.com/kb/en/how-to-produce-a-full-stack-trace-for-mysqld/  contains
 
information that should help you find out what is causing the crash.
 
Writing a core file...
 
Working directory at /var/lib/mysql
 
Resource Limits:
 
Limit                     Soft Limit           Hard Limit           Units     
Max cpu time              unlimited            unlimited            seconds   
Max file size             unlimited            unlimited            bytes     
Max data size             unlimited            unlimited            bytes     
Max stack size            8388608              unlimited            bytes     
Max core file size        0                    unlimited            bytes     
Max resident set          unlimited            unlimited            bytes     
Max processes             30668                30668                processes
 
Max open files            32768                32768                files     
Max locked memory         65536                65536                bytes     
Max address space         unlimited            unlimited            bytes     
Max file locks            unlimited            unlimited            locks     
Max pending signals       30668                30668                signals   
Max msgqueue size         819200               819200               bytes     
Max nice priority         0                    0                    
Max realtime priority     0                    0                    
Max realtime timeout      unlimited            unlimited            us        
Core pattern: |/usr/lib/systemd/systemd-coredump %P %u %g %s %t %c %h %e
 
 
 
Kernel version: Linux version 4.18.0-477.15.1.lve.2.el8.x86_64 (mockbuild@buildfarm05-new.corp.cloudlinux.com) (gcc version 8.5.0 20210514 (Red Hat 8.5.0-18) (GCC)) #1 SMP Wed Aug 2 10:43:45 UTC 2023



 Comments   
Comment by Alice Sherepa [ 2023-10-30 ]

Thank you for the report! This is probably the same as MDEV-31440 - also regression after MDEV-26301.
In case the crash will appear even after that bug will be patched - please comment here and the case will be reopened.

Generated at Thu Feb 08 10:32:21 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.