[MDEV-5623] Valgrind warnings and data corruption on 2nd execution of PS with Aria, subqueries, index_merge Created: 2014-02-06  Updated: 2020-06-28  Resolved: 2020-06-28

Status: Closed
Project: MariaDB Server
Component/s: OTHER
Affects Version/s: 5.3.12
Fix Version/s: N/A

Type: Bug Priority: Major
Reporter: Elena Stepanova Assignee: Sergei Petrunia
Resolution: Cannot Reproduce Votes: 0
Labels: None

Issue Links:
Relates

 Description   

Note: I can only reproduce it on 5.3 with the provided test case, not sure whether it was fixed in 5.5 or just masked somehow.

SET optimizer_switch = 'index_merge=on,index_merge_sort_union=on,derived_merge=on,in_to_exists=on';
 
 
 
CREATE TABLE t1 (a INT, b INT, c VARCHAR(1), INDEX(a), INDEX(c)) ENGINE=Aria;
 
INSERT INTO t1 VALUES 
(5,6,'z'),(2,6,'c'),(0,8,'a'),(1,2,'q'),(8,6,'y'),
 
(1,8,'y'),(1,3,'r'),(9,3,'v'),(1,9,'z'),(5,6,'r');
 
 
 
CREATE TABLE t2 (d VARCHAR(1), INDEX(d)) ENGINE=Aria;
 
INSERT INTO t2 VALUES ('x'),('a');
 
 
 
CREATE TABLE t3 (e VARCHAR(1)) ENGINE=Aria;
 
INSERT INTO t3 VALUES ('x'),('d');
 
 
 
PREPARE stmt FROM "
 
SELECT t1.* FROM t1 
LEFT JOIN ( 
  SELECT * FROM t2 
  WHERE EXISTS ( SELECT * FROM t3 WHERE e != d ) 
) AS sq ON (sq.d = c ) 
WHERE c < 'p' OR a > 43 
ORDER BY t1.b
 
";
 
 
 
EXECUTE stmt;
 
EXECUTE stmt;

Result:

PREPARE stmt FROM "
 
SELECT t1.* FROM t1 
LEFT JOIN ( 
  SELECT * FROM t2 
  WHERE EXISTS ( SELECT * FROM t3 WHERE e != d ) 
) AS sq ON (sq.d = c ) 
WHERE c < 'p' OR a > 43 
ORDER BY t1.b
 
";
 
EXECUTE stmt;
 
a	b	c
 
2	6	c
 
0	8	a
 
EXECUTE stmt;
 
a	b	c
 
16842752	16777216	q
 
21	NULL	

==26834== Thread 4:
 
==26834== Invalid read of size 1
 
==26834==    at 0x4C2A760: memcpy (mc_replace_strmem.c:838)
 
==26834==    by 0x67318C: Field::unpack_int(unsigned char*, unsigned char const*, unsigned long) (field.h:651)
 
==26834==    by 0x6731F6: Field::unpack_int32(unsigned char*, unsigned char const*) (field.h:658)
 
==26834==    by 0x673ACD: Field_long::unpack(unsigned char*, unsigned char const*, unsigned char const*, unsigned int) (field.h:1029)
 
==26834==    by 0x8228FC: unpack_addon_fields(st_sort_addon_field*, unsigned char*, unsigned char*) (filesort.cc:1734)
 
==26834==    by 0x81D843: rr_unpack_from_buffer(READ_RECORD*) (records.cc:504)
 
==26834==    by 0x802F26: QUICK_INDEX_MERGE_SELECT::get_next() (opt_range.cc:10604)
 
==26834==    by 0x81D302: rr_quick(READ_RECORD*) (records.cc:327)
 
==26834==    by 0x74FA09: sub_select(JOIN*, st_join_table*, bool) (sql_select.cc:16290)
 
==26834==    by 0x74F042: do_select(JOIN*, List<Item>*, st_table*, Procedure*) (sql_select.cc:15923)
 
==26834==    by 0x72E434: JOIN::exec() (sql_select.cc:2786)
 
==26834==    by 0x72ECCE: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3007)
 
==26834==    by 0x725764: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:288)
 
==26834==    by 0x6B449B: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5172)
 
==26834==    by 0x6AB637: mysql_execute_command(THD*) (sql_parse.cc:2305)
 
==26834==    by 0x78679D: Prepared_statement::execute(String*, bool) (sql_prepare.cc:3764)
 
==26834==  Address 0xfa36566 is 0 bytes after a block of size 54 alloc'd
 
==26834==    at 0x4C28BED: malloc (vg_replace_malloc.c:263)
 
==26834==    by 0xB73C16: _mymalloc (safemalloc.c:140)
 
==26834==    by 0x7960C6: Unique::get(st_table*) (uniques.cc:721)
 
==26834==    by 0x802CC4: read_keys_and_merge_scans(THD*, st_table*, List<QUICK_RANGE_SELECT>, QUICK_RANGE_SELECT*, READ_RECORD*, bool, Bitmap<64u>*, Unique**) (opt_range.cc:10561)
 
==26834==    by 0x802E31: QUICK_INDEX_MERGE_SELECT::read_keys_and_merge() (opt_range.cc:10582)
 
==26834==    by 0x7EF13D: QUICK_INDEX_SORT_SELECT::reset() (opt_range.cc:1873)
 
==26834==    by 0x751932: join_init_read_record(st_join_table*) (sql_select.cc:17109)
 
==26834==    by 0x74F8D3: sub_select(JOIN*, st_join_table*, bool) (sql_select.cc:16267)
 
==26834==    by 0x74F042: do_select(JOIN*, List<Item>*, st_table*, Procedure*) (sql_select.cc:15923)
 
==26834==    by 0x72E434: JOIN::exec() (sql_select.cc:2786)
 
==26834==    by 0x72ECCE: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3007)
 
==26834==    by 0x725764: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:288)
 
==26834==    by 0x6B449B: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5172)
 
==26834==    by 0x6AB637: mysql_execute_command(THD*) (sql_parse.cc:2305)
 
==26834==    by 0x78679D: Prepared_statement::execute(String*, bool) (sql_prepare.cc:3764)
 
==26834==    by 0x7859EA: Prepared_statement::execute_loop(String*, bool, unsigned char*, unsigned char*) (sql_prepare.cc:3445)
 
==26834== Invalid read of size 1
 
==26834==    at 0x4C2A76E: memcpy (mc_replace_strmem.c:838)
 
==26834==    by 0x67318C: Field::unpack_int(unsigned char*, unsigned char const*, unsigned long) (field.h:651)
 
==26834==    by 0x6731F6: Field::unpack_int32(unsigned char*, unsigned char const*) (field.h:658)
 
==26834==    by 0x673ACD: Field_long::unpack(unsigned char*, unsigned char const*, unsigned char const*, unsigned int) (field.h:1029)
 
==26834==    by 0x8228FC: unpack_addon_fields(st_sort_addon_field*, unsigned char*, unsigned char*) (filesort.cc:1734)
 
==26834==    by 0x81D843: rr_unpack_from_buffer(READ_RECORD*) (records.cc:504)
 
==26834==    by 0x802F26: QUICK_INDEX_MERGE_SELECT::get_next() (opt_range.cc:10604)
 
==26834==    by 0x81D302: rr_quick(READ_RECORD*) (records.cc:327)
 
==26834==    by 0x74FA09: sub_select(JOIN*, st_join_table*, bool) (sql_select.cc:16290)
 
==26834==    by 0x74F042: do_select(JOIN*, List<Item>*, st_table*, Procedure*) (sql_select.cc:15923)
 
==26834==    by 0x72E434: JOIN::exec() (sql_select.cc:2786)
 
==26834==    by 0x72ECCE: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3007)
 
==26834==    by 0x725764: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:288)
 
==26834==    by 0x6B449B: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5172)
 
==26834==    by 0x6AB637: mysql_execute_command(THD*) (sql_parse.cc:2305)
 
==26834==    by 0x78679D: Prepared_statement::execute(String*, bool) (sql_prepare.cc:3764)
 
==26834==  Address 0xfa36567 is 1 bytes after a block of size 54 alloc'd
 
==26834==    at 0x4C28BED: malloc (vg_replace_malloc.c:263)
 
==26834==    by 0xB73C16: _mymalloc (safemalloc.c:140)
 
==26834==    by 0x7960C6: Unique::get(st_table*) (uniques.cc:721)
 
==26834==    by 0x802CC4: read_keys_and_merge_scans(THD*, st_table*, List<QUICK_RANGE_SELECT>, QUICK_RANGE_SELECT*, READ_RECORD*, bool, Bitmap<64u>*, Unique**) (opt_range.cc:10561)
 
==26834==    by 0x802E31: QUICK_INDEX_MERGE_SELECT::read_keys_and_merge() (opt_range.cc:10582)
 
==26834==    by 0x7EF13D: QUICK_INDEX_SORT_SELECT::reset() (opt_range.cc:1873)
 
==26834==    by 0x751932: join_init_read_record(st_join_table*) (sql_select.cc:17109)
 
==26834==    by 0x74F8D3: sub_select(JOIN*, st_join_table*, bool) (sql_select.cc:16267)
 
==26834==    by 0x74F042: do_select(JOIN*, List<Item>*, st_table*, Procedure*) (sql_select.cc:15923)
 
==26834==    by 0x72E434: JOIN::exec() (sql_select.cc:2786)
 
==26834==    by 0x72ECCE: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3007)
 
==26834==    by 0x725764: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:288)
 
==26834==    by 0x6B449B: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5172)
 
==26834==    by 0x6AB637: mysql_execute_command(THD*) (sql_parse.cc:2305)
 
==26834==    by 0x78679D: Prepared_statement::execute(String*, bool) (sql_prepare.cc:3764)
 
==26834==    by 0x7859EA: Prepared_statement::execute_loop(String*, bool, unsigned char*, unsigned char*) (sql_prepare.cc:3445)
 
==26834== Invalid read of size 1
 
==26834==    at 0x66965A: Field_varstring::unpack(unsigned char*, unsigned char const*, unsigned char const*, unsigned int) (field.cc:7169)
 
==26834==    by 0x8228FC: unpack_addon_fields(st_sort_addon_field*, unsigned char*, unsigned char*) (filesort.cc:1734)
 
==26834==    by 0x81D843: rr_unpack_from_buffer(READ_RECORD*) (records.cc:504)
 
==26834==    by 0x802F26: QUICK_INDEX_MERGE_SELECT::get_next() (opt_range.cc:10604)
 
==26834==    by 0x81D302: rr_quick(READ_RECORD*) (records.cc:327)
 
==26834==    by 0x74FA09: sub_select(JOIN*, st_join_table*, bool) (sql_select.cc:16290)
 
==26834==    by 0x74F042: do_select(JOIN*, List<Item>*, st_table*, Procedure*) (sql_select.cc:15923)
 
==26834==    by 0x72E434: JOIN::exec() (sql_select.cc:2786)
 
==26834==    by 0x72ECCE: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3007)
 
==26834==    by 0x725764: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:288)
 
==26834==    by 0x6B449B: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5172)
 
==26834==    by 0x6AB637: mysql_execute_command(THD*) (sql_parse.cc:2305)
 
==26834==    by 0x78679D: Prepared_statement::execute(String*, bool) (sql_prepare.cc:3764)
 
==26834==    by 0x7859EA: Prepared_statement::execute_loop(String*, bool, unsigned char*, unsigned char*) (sql_prepare.cc:3445)
 
==26834==    by 0x783E41: mysql_sql_stmt_execute(THD*) (sql_prepare.cc:2670)
 
==26834==    by 0x6AB665: mysql_execute_command(THD*) (sql_parse.cc:2314)
 
==26834==  Address 0xfa3656d is 7 bytes after a block of size 54 alloc'd
 
==26834==    at 0x4C28BED: malloc (vg_replace_malloc.c:263)
 
==26834==    by 0xB73C16: _mymalloc (safemalloc.c:140)
 
==26834==    by 0x7960C6: Unique::get(st_table*) (uniques.cc:721)
 
==26834==    by 0x802CC4: read_keys_and_merge_scans(THD*, st_table*, List<QUICK_RANGE_SELECT>, QUICK_RANGE_SELECT*, READ_RECORD*, bool, Bitmap<64u>*, Unique**) (opt_range.cc:10561)
 
==26834==    by 0x802E31: QUICK_INDEX_MERGE_SELECT::read_keys_and_merge() (opt_range.cc:10582)
 
==26834==    by 0x7EF13D: QUICK_INDEX_SORT_SELECT::reset() (opt_range.cc:1873)
 
==26834==    by 0x751932: join_init_read_record(st_join_table*) (sql_select.cc:17109)
 
==26834==    by 0x74F8D3: sub_select(JOIN*, st_join_table*, bool) (sql_select.cc:16267)
 
==26834==    by 0x74F042: do_select(JOIN*, List<Item>*, st_table*, Procedure*) (sql_select.cc:15923)
 
==26834==    by 0x72E434: JOIN::exec() (sql_select.cc:2786)
 
==26834==    by 0x72ECCE: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3007)
 
==26834==    by 0x725764: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:288)
 
==26834==    by 0x6B449B: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5172)
 
==26834==    by 0x6AB637: mysql_execute_command(THD*) (sql_parse.cc:2305)
 
==26834==    by 0x78679D: Prepared_statement::execute(String*, bool) (sql_prepare.cc:3764)
 
==26834==    by 0x7859EA: Prepared_statement::execute_loop(String*, bool, unsigned char*, unsigned char*) (sql_prepare.cc:3445)
 
==26834== Syscall param write(buf) points to uninitialised byte(s)
 
==26834==    at 0x58EE12D: ??? (syscall-template.S:82)
 
==26834==    by 0xB65495: vio_write (viosocket.c:121)
 
==26834==    by 0x68925D: net_real_write (net_serv.cc:620)
 
==26834==    by 0x6888C4: net_flush (net_serv.cc:346)
 
==26834==    by 0x68B011: net_send_eof(THD*, unsigned int, unsigned int) (protocol.cc:291)
 
==26834==    by 0x68B4EC: net_end_statement(THD*) (protocol.cc:495)
 
==26834==    by 0x6AA14A: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1635)
 
==26834==    by 0x6A8103: do_command(THD*) (sql_parse.cc:923)
 
==26834==    by 0x6A4F8C: handle_one_connection (sql_connect.cc:1231)
 
==26834==    by 0x58E6B4F: start_thread (pthread_create.c:304)
 
==26834==    by 0x657DA7C: clone (clone.S:112)
 
==26834==  Address 0xf8dfbca is 186 bytes inside a block of size 16,436 alloc'd
 
==26834==    at 0x4C28BED: malloc (vg_replace_malloc.c:263)
 
==26834==    by 0xB73C16: _mymalloc (safemalloc.c:140)
 
==26834==    by 0x68839D: my_net_init (net_serv.cc:118)
 
==26834==    by 0x69BDDA: handle_connections_sockets (mysqld.cc:5436)
 
==26834==    by 0x69AD43: main (mysqld.cc:4757)
 
^ Found warnings in /data/repo/5.3/mysql-test/var/log/mysqld.1.err
 
ok
 
 
 
 - saving '/data/repo/5.3/mysql-test/var/log/bug.t3b/' to '/data/repo/5.3/mysql-test/var/log/bug.t3b/'
 
***Warnings generated in error logs during shutdown after running tests: bug.t3b
 
 
 
==26834== Thread 1:
 
==26834== 68 bytes in 1 blocks are still reachable in loss record 2 of 4
 
==26834==    at 0x4C28BED: malloc (vg_replace_malloc.c:263)
 
==26834==    by 0xB73C16: _mymalloc (safemalloc.c:140)
 
==26834==    by 0x820DAF: save_index(st_sort_param*, unsigned char**, unsigned int, st_filesort_info*) (filesort.cc:1067)
 
==26834==    by 0x81E98F: filesort(THD*, st_table*, st_sort_field*, unsigned int, SQL_SELECT*, unsigned long long, bool, unsigned long long*) (filesort.cc:256)
 
==26834==    by 0x757C46: create_sort_index(THD*, JOIN*, st_order*, unsigned long long, unsigned long long, bool) (sql_select.cc:19341)
 
==26834==    by 0x72E107: JOIN::exec() (sql_select.cc:2735)
 
==26834==    by 0x72ECCE: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3007)
 
==26834==    by 0x725764: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:288)
 
==26834==    by 0x6B449B: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5172)
 
==26834==    by 0x6AB637: mysql_execute_command(THD*) (sql_parse.cc:2305)
 
==26834==    by 0x78679D: Prepared_statement::execute(String*, bool) (sql_prepare.cc:3764)
 
==26834==    by 0x7859EA: Prepared_statement::execute_loop(String*, bool, unsigned char*, unsigned char*) (sql_prepare.cc:3445)
 
==26834==    by 0x783E41: mysql_sql_stmt_execute(THD*) (sql_prepare.cc:2670)
 
==26834==    by 0x6AB665: mysql_execute_command(THD*) (sql_parse.cc:2314)
 
==26834==    by 0x6B6E02: mysql_parse(THD*, char*, unsigned int, char const**) (sql_parse.cc:6173)
 
==26834==    by 0x6A8E17: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1243)

Stack traces from:

revision-id: igor@askmonty.org-20140206014738-psis7gfarq2ozdtg
 
revno: 3748
 
branch-nick: 5.3



 Comments   
Comment by Elena Stepanova [ 2020-06-28 ]

Not reproducible on current 10.x.

Generated at Thu Feb 08 07:05:47 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.