[MDEV-6808] MariaDB 10.0.13 crash with optimizer_use_condition_selectivity > 1 Created: 2014-09-29  Updated: 2015-01-13  Resolved: 2014-09-30

Status: Closed
Project: MariaDB Server
Component/s: Optimizer
Affects Version/s: 10.0.14
Fix Version/s: 10.0.15

Type: Bug Priority: Major
Reporter: Andrew U. Assignee: Sergei Petrunia
Resolution: Fixed Votes: 0
Labels: eits, optimizer
Environment:

CentOS 6.5 64-bit

Issue Links:
Duplicate
is duplicated by MDEV-7182 server crash while testing optimizer_... Closed
Relates
relates to MDEV-7276 Mariadb 10.0.14 Crash Signal 11 Closed

 Description   

I got this bug with optimizer_use_condition_selectivity = 2

140929 14:15:15 [ERROR] mysqld got signal 11 ;
 
This could be because you hit a bug. It is also possible that this binary
 
or one of the libraries it was linked against is corrupt, improperly built,
 
or misconfigured. This error can also be caused by malfunctioning hardware.
 
 
 
To report this bug, see http://kb.askmonty.org/en/reporting-bugs
 
 
 
We will try our best to scrape up some info that will hopefully help
 
diagnose the problem, but since we have already crashed, 
something is definitely wrong and this may fail.
 
 
 
Server version: 10.0.13-MariaDB-log
 
key_buffer_size=268435456
 
read_buffer_size=8388608
 
max_used_connections=2
 
max_threads=402
 
thread_count=2
 
It is possible that mysqld could use up to 
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 10149994 K  bytes of memory
 
Hope that's ok; if not, decrease some variables in the equation.
 
 
 
Thread pointer: 0x0x7f7cbaad0008
 
Attempting backtrace. You can use the following information to find out
 
where mysqld died. If you see no messages after this, something went
 
terribly wrong...
 
stack_bottom = 0x7f7da527fd10 thread_stack 0x48000
 
/usr/sbin/mysqld(my_print_stacktrace+0x2b)[0xb7054b]
 
/usr/sbin/mysqld(handle_fatal_signal+0x398)[0x727588]
 
/lib64/libpthread.so.0(+0xf710)[0x7f7da4efa710]
 
/usr/sbin/mysqld[0x5f2d68]
 
/usr/sbin/mysqld[0x600b24]
 
/usr/sbin/mysqld[0x60114b]
 
/usr/sbin/mysqld(_Z11choose_planP4JOINy+0xf5)[0x6016b5]
 
/usr/sbin/mysqld[0x528e3d]
 
/usr/sbin/mysqld(_ZN4JOIN14optimize_innerEv+0x6de)[0x61c8de]
 
/usr/sbin/mysqld(_ZN4JOIN8optimizeEv+0x28)[0x61ed98]
 
/usr/sbin/mysqld(_ZN18st_select_lex_unit8optimizeEv+0x1e6)[0x660616]
 
/usr/sbin/mysqld(_Z22mysql_derived_optimizeP3THDP3LEXP10TABLE_LIST+0xe8)[0x5b1228]
 
/usr/sbin/mysqld(_Z27mysql_handle_single_derivedP3LEXP10TABLE_LISTj+0x1bd)[0x5b252d]
 
/usr/sbin/mysqld(_ZN13st_select_lex14handle_derivedEP3LEXj+0x47)[0x5c7457]
 
/usr/sbin/mysqld(_ZN4JOIN14optimize_innerEv+0x136)[0x61c336]
 
/usr/sbin/mysqld(_Z12mysql_selectP3THDPPP4ItemP10TABLE_LISTjR4ListIS1_ES2_jP8st_orderSB_S2_SB_yP13select_resultP18st_select_lex_unitP13st_select_lex+0xd8)[0x61efb8]
 
/usr/sbin/mysqld(_Z13handle_selectP3THDP3LEXP13select_resultm+0x28d)[0x62284d]
 
/usr/sbin/mysqld[0x5ca456]
 
/usr/sbin/mysqld(_Z21mysql_execute_commandP3THD+0x4c4f)[0x5d51af]
 
/usr/sbin/mysqld[0x5d6cc2]
 
/usr/sbin/mysqld(_Z16dispatch_command19enum_server_commandP3THDPcj+0x1b20)[0x5d8e80]
 
/usr/sbin/mysqld(_Z24do_handle_one_connectionP3THD+0x453)[0x696993]
 
/usr/sbin/mysqld(handle_one_connection+0x42)[0x696a62]
 
/lib64/libpthread.so.0(+0x79d1)[0x7f7da4ef29d1]
 
/lib64/libc.so.6(clone+0x6d)[0x7f7da360f86d]
 
 
 
Trying to get some variables.
 
Some pointers may be invalid and cause the dump to abort.
 
Query (0x7f7cb9c1f020): is an invalid pointer
 
Connection ID (thread ID): 3
 
Status: NOT_KILLED
 
 
 
Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,engine_condition_pushdown=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=off,table_elimination=on,extended_keys=on,exists_to_in=on
 
 
 
The manual page at http://dev.mysql.com/doc/mysql/en/crashing.html contains
 
information that should help you find out what is causing the crash.
 
 
 

CREATE TABLE `engine4_event_membership` (
 
  `resource_id` int(11) unsigned NOT NULL,
 
  `user_id` int(11) unsigned NOT NULL,
 
  `active` tinyint(1) NOT NULL DEFAULT '0',
 
  `resource_approved` tinyint(1) NOT NULL DEFAULT '0',
 
  `user_approved` tinyint(1) NOT NULL DEFAULT '0',
 
  `message` text COLLATE utf8_unicode_ci,
 
  `rsvp` tinyint(3) NOT NULL DEFAULT '3',
 
  `title` text COLLATE utf8_unicode_ci,
 
  `behalf_guid` varchar(50) COLLATE utf8_unicode_ci DEFAULT NULL,
 
  `additional_member_count` int(11) NOT NULL DEFAULT '1',
 
  `come_with_count` int(11) NOT NULL DEFAULT '0',
 
  PRIMARY KEY (`resource_id`,`user_id`),
 
  KEY `REVERSE` (`user_id`),
 
  KEY `BEHALF` (`behalf_guid`),
 
  KEY `BEHALF_COMPOUND` (`resource_id`,`user_id`,`behalf_guid`)
 
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
 
 
 
CREATE TABLE `engine4_event_events` (
 
  `event_id` int(11) unsigned NOT NULL AUTO_INCREMENT,
 
  `title` varchar(128) COLLATE utf8_unicode_ci NOT NULL,
 
  `description` text COLLATE utf8_unicode_ci NOT NULL,
 
  `user_id` int(11) unsigned NOT NULL,
 
  `parent_type` varchar(64) COLLATE utf8_unicode_ci NOT NULL,
 
  `parent_id` int(11) unsigned NOT NULL,
 
  `search` tinyint(1) NOT NULL DEFAULT '1',
 
  `creation_date` datetime NOT NULL,
 
  `modified_date` datetime NOT NULL,
 
  `starttime` datetime NOT NULL,
 
  `endtime` datetime NOT NULL,
 
  `host` varchar(115) COLLATE utf8_unicode_ci NOT NULL,
 
  `location` varchar(115) COLLATE utf8_unicode_ci NOT NULL,
 
  `view_count` int(11) unsigned NOT NULL DEFAULT '0',
 
  `member_count` int(11) unsigned NOT NULL DEFAULT '0',
 
  `approval` tinyint(1) NOT NULL DEFAULT '0',
 
  `invite` tinyint(1) NOT NULL DEFAULT '0',
 
  `photo_id` int(11) unsigned NOT NULL,
 
  `category_id` int(11) unsigned NOT NULL DEFAULT '0',
 
  `is_private` tinyint(1) DEFAULT '0',
 
  `person` varchar(255) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
 
  `phone` varchar(255) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
 
  `email` varchar(255) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
 
  `country` int(11) NOT NULL DEFAULT '0',
 
  `region` int(11) NOT NULL DEFAULT '0',
 
  `city` int(11) NOT NULL DEFAULT '0',
 
  `adress` varchar(255) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
 
  `website` varchar(255) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
 
  `short_info` text COLLATE utf8_unicode_ci NOT NULL,
 
  `membership_privacy` enum('no_confirm','confirm','invite') COLLATE utf8_unicode_ci NOT NULL DEFAULT 'no_confirm',
 
  `membership_no_confirm` enum('all','friends','parent_members','friends_and_parent_members','nobody') COLLATE utf8_unicode_ci NOT NULL DEFAULT 'all',
 
  `unique_name` varchar(128) COLLATE utf8_unicode_ci DEFAULT NULL,
 
  `region_part` int(11) NOT NULL DEFAULT '0',
 
  PRIMARY KEY (`event_id`),
 
  UNIQUE KEY `PROFILE_ADRESS` (`unique_name`),
 
  KEY `user_id` (`user_id`),
 
  KEY `parent_type` (`parent_type`,`parent_id`),
 
  KEY `starttime` (`starttime`),
 
  KEY `search` (`search`)
 
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
 
 
 
 CREATE TABLE `engine4_activity_reposts` (
 
  `repost_id` int(11) unsigned NOT NULL AUTO_INCREMENT,
 
  `user_id` int(11) unsigned NOT NULL,
 
  `subject_type` varchar(24) CHARACTER SET latin1 COLLATE latin1_general_ci NOT NULL,
 
  `subject_id` int(11) unsigned NOT NULL,
 
  `object_type` varchar(24) CHARACTER SET latin1 COLLATE latin1_general_ci NOT NULL,
 
  `object_id` int(11) unsigned NOT NULL,
 
  `params` text COLLATE utf8_unicode_ci,
 
  `date` datetime NOT NULL,
 
  `order` int(11) NOT NULL DEFAULT '0',
 
  `autoposted` varchar(255) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
 
  `is_private` int(1) NOT NULL DEFAULT '0',
 
  PRIMARY KEY (`repost_id`),
 
  UNIQUE KEY `BETWEEN` (`subject_type`,`subject_id`,`object_type`,`object_id`,`is_private`),
 
  KEY `SUBJECT` (`subject_type`,`subject_id`),
 
  KEY `OBJECT` (`object_type`,`object_id`)
 
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;

Query:

SELECT 
   COUNT(1) AS `zend_paginator_row_count` 
FROM 
(
 
   (
 
    SELECT 
      `engine4_event_events`.*, 
      0 AS is_reposted 
    FROM 
      `engine4_event_events` 
    WHERE 
      ((engine4_event_events.is_private = 0)) AND 
      ((event_id in (SELECT 
                       `engine4_event_membership`.`resource_id` 
                     FROM 
                       `engine4_event_membership` 
                     WHERE 
                        (user_id = 127994) AND (active = 1)
 
                    )
 
       ))
 
    ) 
 
 
     UNION 
 
 
    (
 
     SELECT 
       `engine4_event_events`.*, 
        repost_id AS is_reposted 
     FROM 
        `engine4_activity_reposts` INNER JOIN `engine4_event_events` 
     WHERE 
         (engine4_activity_reposts.object_type = 'event') AND 
         (engine4_activity_reposts.object_id = engine4_event_events.event_id) AND 
         (engine4_activity_reposts.is_private = 0) AND 
         (engine4_activity_reposts.subject_id = 127994) AND 
         (engine4_activity_reposts.subject_type in ('user'))
 
    )
 
) AS `t`;



 Comments   
Comment by Elena Stepanova [ 2014-09-29 ]

Debug stack trace from 10.0 revno 4419

 
#3  <signal handler called>
 
#4  0x00000000006c1f9f in table_multi_eq_cond_selectivity (join=0x7f72545681b8, idx=0, s=0x7f72545394f0, rem_tables=2, keyparts=3, ref_keyuse_steps=0x7f72692868a0) at 10.0/sql/sql_select.cc:7228
 
#5  0x00000000006c279a in table_cond_selectivity (join=0x7f72545681b8, idx=0, s=0x7f72545394f0, rem_tables=2) at 10.0/sql/sql_select.cc:7470
 
#6  0x00000000006c2ed1 in best_extension_by_limited_search (join=0x7f72545681b8, remaining_tables=3, idx=0, record_count=1, read_time=0, search_depth=62, prune_level=1, use_cond_selectivity=2) at 10.0/sql/sql_select.cc:7718
 
#7  0x00000000006c144e in greedy_search (join=0x7f72545681b8, remaining_tables=3, search_depth=62, prune_level=1, use_cond_selectivity=2) at 10.0/sql/sql_select.cc:6901
 
#8  0x00000000006c0a36 in choose_plan (join=0x7f72545681b8, join_tables=3) at 10.0/sql/sql_select.cc:6478
 
#9  0x00000000006ba4f5 in make_join_statistics (join=0x7f72545681b8, tables_list=..., conds=0x7f72544185f8, keyuse_array=0x7f72545684c0) at 10.0/sql/sql_select.cc:4022
 
#10 0x00000000006b1217 in JOIN::optimize_inner (this=0x7f72545681b8) at 10.0/sql/sql_select.cc:1338
 
#11 0x00000000006b01ae in JOIN::optimize (this=0x7f72545681b8) at 10.0/sql/sql_select.cc:1023
 
#12 0x0000000000740178 in st_select_lex_unit::optimize (this=0x7f725461e988) at 10.0/sql/sql_union.cc:611
 
#13 0x0000000000654dfb in mysql_derived_optimize (thd=0x7f7260df0070, lex=0x7f7260df3cb8, derived=0x7f72544141f8) at 10.0/sql/sql_derived.cc:782
 
#14 0x0000000000653db2 in mysql_handle_single_derived (lex=0x7f7260df3cb8, derived=0x7f72544141f8, phases=4) at 10.0/sql/sql_derived.cc:192
 
#15 0x000000000075f817 in TABLE_LIST::handle_derived (this=0x7f72544141f8, lex=0x7f7260df3cb8, phases=4) at 10.0/sql/table.cc:6875
 
#16 0x00000000006705de in st_select_lex::handle_derived (this=0x7f7260df4468, lex=0x7f7260df3cb8, phases=4) at 10.0/sql/sql_lex.cc:3549
 
#17 0x00000000006b0414 in JOIN::optimize_inner (this=0x7f7254414860) at 10.0/sql/sql_select.cc:1081
 
#18 0x00000000006b01ae in JOIN::optimize (this=0x7f7254414860) at 10.0/sql/sql_select.cc:1023
 
#19 0x00000000006b7d33 in mysql_select (thd=0x7f7260df0070, rref_pointer_array=0x7f7260df46e0, tables=0x7f72544141f8, wild_num=0, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7f7254419018, unit=0x7f7260df3d80, select_lex=0x7f7260df4468) at 10.0/sql/sql_select.cc:3293
 
#20 0x00000000006ae3bd in handle_select (thd=0x7f7260df0070, lex=0x7f7260df3cb8, result=0x7f7254419018, setup_tables_done_option=0) at 10.0/sql/sql_select.cc:372
 
#21 0x00000000006830ad in execute_sqlcom_select (thd=0x7f7260df0070, all_tables=0x7f72544141f8) at 10.0/sql/sql_parse.cc:5269
 
#22 0x000000000067b3ab in mysql_execute_command (thd=0x7f7260df0070) at 10.0/sql/sql_parse.cc:2552
 
#23 0x0000000000685837 in mysql_parse (thd=0x7f7260df0070, rawbuf=0x7f725461d088 "SELECT \nCOUNT(1) AS `zend_paginator_row_count` \nFROM \n(\n(\nSELECT \n`engine4_event_events`.*, \n0 AS is_reposted \nFROM \n`engine4_event_events` \nWHERE \n((engine4_event_events.is_private = 0)) AND \n((event"..., length=777, parser_state=0x7f7269288630) at 10.0/sql/sql_parse.cc:6415
 
#24 0x000000000067864c in dispatch_command (command=COM_QUERY, thd=0x7f7260df0070, packet=0x7f725baaa071 "SELECT \nCOUNT(1) AS `zend_paginator_row_count` \nFROM \n(\n(\nSELECT \n`engine4_event_events`.*, \n0 AS is_reposted \nFROM \n`engine4_event_events` \nWHERE \n((engine4_event_events.is_private = 0)) AND \n((event"..., packet_length=777) at 10.0/sql/sql_parse.cc:1307
 
#25 0x00000000006779f1 in do_command (thd=0x7f7260df0070) at 10.0/sql/sql_parse.cc:1004
 
#26 0x0000000000794226 in do_handle_one_connection (thd_arg=0x7f7260df0070) at 10.0/sql/sql_connect.cc:1379
 
#27 0x0000000000793f79 in handle_one_connection (arg=0x7f7260df0070) at 10.0/sql/sql_connect.cc:1293
 
#28 0x0000000000cc9ee2 in pfs_spawn_thread (arg=0x7f725baa20f0) at 10.0/storage/perfschema/pfs.cc:1860
 
#29 0x00007f7268ec1b50 in start_thread (arg=<optimized out>) at pthread_create.c:304
 
#30 0x00007f72673b920d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112

MTR test case (same as in the description, but MTR-friendly)

 
--source include/have_innodb.inc
 
 
 
SET optimizer_use_condition_selectivity = 2;
 
 
 
CREATE TABLE `engine4_event_membership` (
 
  `resource_id` int(11) unsigned NOT NULL,
 
  `user_id` int(11) unsigned NOT NULL,
 
  `active` tinyint(1) NOT NULL DEFAULT '0',
 
  `resource_approved` tinyint(1) NOT NULL DEFAULT '0',
 
  `user_approved` tinyint(1) NOT NULL DEFAULT '0',
 
  `message` text COLLATE utf8_unicode_ci,
 
  `rsvp` tinyint(3) NOT NULL DEFAULT '3',
 
  `title` text COLLATE utf8_unicode_ci,
 
  `behalf_guid` varchar(50) COLLATE utf8_unicode_ci DEFAULT NULL,
 
  `additional_member_count` int(11) NOT NULL DEFAULT '1',
 
  `come_with_count` int(11) NOT NULL DEFAULT '0',
 
  PRIMARY KEY (`resource_id`,`user_id`),
 
  KEY `REVERSE` (`user_id`),
 
  KEY `BEHALF` (`behalf_guid`),
 
  KEY `BEHALF_COMPOUND` (`resource_id`,`user_id`,`behalf_guid`)
 
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
 
 
 
CREATE TABLE `engine4_event_events` (
 
  `event_id` int(11) unsigned NOT NULL AUTO_INCREMENT,
 
  `title` varchar(128) COLLATE utf8_unicode_ci NOT NULL,
 
  `description` text COLLATE utf8_unicode_ci NOT NULL,
 
  `user_id` int(11) unsigned NOT NULL,
 
  `parent_type` varchar(64) COLLATE utf8_unicode_ci NOT NULL,
 
  `parent_id` int(11) unsigned NOT NULL,
 
  `search` tinyint(1) NOT NULL DEFAULT '1',
 
  `creation_date` datetime NOT NULL,
 
  `modified_date` datetime NOT NULL,
 
  `starttime` datetime NOT NULL,
 
  `endtime` datetime NOT NULL,
 
  `host` varchar(115) COLLATE utf8_unicode_ci NOT NULL,
 
  `location` varchar(115) COLLATE utf8_unicode_ci NOT NULL,
 
  `view_count` int(11) unsigned NOT NULL DEFAULT '0',
 
  `member_count` int(11) unsigned NOT NULL DEFAULT '0',
 
  `approval` tinyint(1) NOT NULL DEFAULT '0',
 
  `invite` tinyint(1) NOT NULL DEFAULT '0',
 
  `photo_id` int(11) unsigned NOT NULL,
 
  `category_id` int(11) unsigned NOT NULL DEFAULT '0',
 
  `is_private` tinyint(1) DEFAULT '0',
 
  `person` varchar(255) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
 
  `phone` varchar(255) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
 
  `email` varchar(255) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
 
  `country` int(11) NOT NULL DEFAULT '0',
 
  `region` int(11) NOT NULL DEFAULT '0',
 
  `city` int(11) NOT NULL DEFAULT '0',
 
  `adress` varchar(255) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
 
  `website` varchar(255) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
 
  `short_info` text COLLATE utf8_unicode_ci NOT NULL,
 
  `membership_privacy` enum('no_confirm','confirm','invite') COLLATE utf8_unicode_ci NOT NULL DEFAULT 'no_confirm',
 
  `membership_no_confirm` enum('all','friends','parent_members','friends_and_parent_members','nobody') COLLATE utf8_unicode_ci NOT NULL DEFAULT 'all',
 
  `unique_name` varchar(128) COLLATE utf8_unicode_ci DEFAULT NULL,
 
  `region_part` int(11) NOT NULL DEFAULT '0',
 
  PRIMARY KEY (`event_id`),
 
  UNIQUE KEY `PROFILE_ADRESS` (`unique_name`),
 
  KEY `user_id` (`user_id`),
 
  KEY `parent_type` (`parent_type`,`parent_id`),
 
  KEY `starttime` (`starttime`),
 
  KEY `search` (`search`)
 
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
 
 
 
 CREATE TABLE `engine4_activity_reposts` (
 
  `repost_id` int(11) unsigned NOT NULL AUTO_INCREMENT,
 
  `user_id` int(11) unsigned NOT NULL,
 
  `subject_type` varchar(24) CHARACTER SET latin1 COLLATE latin1_general_ci NOT NULL,
 
  `subject_id` int(11) unsigned NOT NULL,
 
  `object_type` varchar(24) CHARACTER SET latin1 COLLATE latin1_general_ci NOT NULL,
 
  `object_id` int(11) unsigned NOT NULL,
 
  `params` text COLLATE utf8_unicode_ci,
 
  `date` datetime NOT NULL,
 
  `order` int(11) NOT NULL DEFAULT '0',
 
  `autoposted` varchar(255) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
 
  `is_private` int(1) NOT NULL DEFAULT '0',
 
  PRIMARY KEY (`repost_id`),
 
  UNIQUE KEY `BETWEEN` (`subject_type`,`subject_id`,`object_type`,`object_id`,`is_private`),
 
  KEY `SUBJECT` (`subject_type`,`subject_id`),
 
  KEY `OBJECT` (`object_type`,`object_id`)
 
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
 
 
 
SELECT 
   COUNT(1) AS `zend_paginator_row_count` 
FROM 
(
 
   (
 
    SELECT 
      `engine4_event_events`.*, 
      0 AS is_reposted 
    FROM 
      `engine4_event_events` 
    WHERE 
      ((engine4_event_events.is_private = 0)) AND 
      ((event_id in (SELECT 
                       `engine4_event_membership`.`resource_id` 
                     FROM 
                       `engine4_event_membership` 
                     WHERE 
                        (user_id = 127994) AND (active = 1)
 
                    )
 
       ))
 
    ) 
 
 
     UNION 
 
 
    (
 
     SELECT 
       `engine4_event_events`.*, 
        repost_id AS is_reposted 
     FROM 
        `engine4_activity_reposts` INNER JOIN `engine4_event_events` 
     WHERE 
         (engine4_activity_reposts.object_type = 'event') AND 
         (engine4_activity_reposts.object_id = engine4_event_events.event_id) AND 
         (engine4_activity_reposts.is_private = 0) AND 
         (engine4_activity_reposts.subject_id = 127994) AND 
         (engine4_activity_reposts.subject_type in ('user'))
 
    )
 
) AS `t`;

Comment by Sergei Petrunia [ 2014-09-30 ]

The part of the query that causes the crash is: 

SET optimizer_use_condition_selectivity = 2;
 
SELECT 
  engine4_event_events.*, 
  repost_id AS is_reposted 
FROM 
   engine4_activity_reposts, 
   engine4_event_events 
WHERE 
    (engine4_activity_reposts.object_type = 'event') AND 
    (engine4_activity_reposts.object_id = engine4_event_events.event_id) AND 
    (engine4_activity_reposts.is_private = 0) AND 
    (engine4_activity_reposts.subject_id = 127994) AND 
    (engine4_activity_reposts.subject_type in ('user'))
 
;

Comment by Sergei Petrunia [ 2014-09-30 ]

The crash happens in table_multi_eq_cond_selectivity()

  • table= engine4_activity_reposts
  • item_equal= multiple equal(engine4_activity_reposts.object_id, engine4_event_events.event_id)

when we're here:

          adjust_sel= TRUE;
 
          for (uint j= 0; j < keyparts && adjust_sel; j++)
 
	  {
 
            if (j > 0)
 
              keyuse+= ref_keyuse_steps[j-1];  
            Item *ref_item= keyuse->val;

we have

(gdb) p ref_keyuse_steps[j-1]
 
  $64 = 55996

which is obviously a garbage value.

Comment by Sergei Petrunia [ 2014-09-30 ]

Another interesting thing: there is this piece of code:

        for (i= 0; i < keyparts; i++) 
	{
 
          uint fldno;
 
          if (is_hash_join_key_no(key))
 
	    fldno= keyuse->keypart;
 
          else
 
            fldno= table->key_info[key].key_part[keyparts-1].fieldnr - 1;        
          if (fld->field_index == fldno)
 
            break;
 
        }

this a loop on variable 'i' that doesn't use the variable. Something is apparently wrong. fldno must get different value, in both branches of the if-else statement.

Comment by Sergei Petrunia [ 2014-09-30 ]

Fixed the crash, also fixed the apparently-wrong code. It's interesting that test coverage wasn't sufficient to detect the latter.

Generated at Thu Feb 08 07:14:44 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.