[MDEV-6830] Server crashes in best_access_path after a sequence of SELECTs invollving a temptable view Created: 2014-10-02  Updated: 2014-12-22  Resolved: 2014-12-18

Status: Closed
Project: MariaDB Server
Component/s: Optimizer
Affects Version/s: 5.3.12, 5.5.40, 10.0.14
Fix Version/s: 5.5.41, 10.0.16, 5.3.13

Type: Bug Priority: Critical
Reporter: Elena Stepanova Assignee: Sergei Petrunia
Resolution: Fixed Votes: 0
Labels: optimizer, regression
Environment:

cmake . -DCMAKE_BUILD_TYPE=RelWithDebInfo


 Description   

IMPORTANT: The crash only happens on a non-debug build (CMAKE_BUILD_TYPE-RelWithDebInfo), both on a handmade build and on release binaries. Reproduced on two mahines out of two that I tried (Debian and Windows).
On a debug build, there is no crash and no valgrind errors.

The problem appeared in 10.0 tree after this merge:

revno: 4404 [merge]
 
revision-id: sergii@pisem.net-20140916120805-z8w9eowbu0npzzt7
 
parent: jplindst@mariadb.org-20140916043700-0se7ircabn8z8ntx
 
parent: sergii@pisem.net-20140916120450-c892fq11sn6sqgdc
 
committer: Sergei Golubchik <sergii@pisem.net>
 
branch nick: 10.0
 
timestamp: Tue 2014-09-16 14:08:05 +0200
 
message:
 
  merge

which is a 5.5 merge, but I am not getting the crash on 5.5 tree (which doesn't mean the problem doesn't exist there).

Stack trace from revno 4426

 
#2  <signal handler called>
 
#3  best_access_path (join=join@entry=0x7f1235dcc020, s=s@entry=0x7f1235e6ca40, remaining_tables=remaining_tables@entry=2, idx=idx@entry=2, disable_jbuf=true, record_count=1, record_count@entry=<error reading variable: Could not find type for DW_OP_GNU_const_type>, pos=0x7f1235e6d4e0, loose_scan_pos=loose_scan_pos@entry=0x7f123fad38a0) at 10.0/sql/sql_select.cc:6003
 
#4  0x00000000005fe4e3 in best_extension_by_limited_search (join=join@entry=0x7f1235dcc020, remaining_tables=remaining_tables@entry=2, idx=idx@entry=2, record_count=1, read_time=0, read_time@entry=<error reading variable: Could not find type for DW_OP_GNU_const_type>, search_depth=search_depth@entry=62, prune_level=prune_level@entry=1, use_cond_selectivity=use_cond_selectivity@entry=1) at 10.0/sql/sql_select.cc:7661
 
#5  0x00000000005fe8ce in greedy_search (join=join@entry=0x7f1235dcc020, remaining_tables=remaining_tables@entry=2, search_depth=62, prune_level=prune_level@entry=1, use_cond_selectivity=1) at 10.0/sql/sql_select.cc:6902
 
#6  0x00000000005fed27 in choose_plan (join=join@entry=0x7f1235dcc020, join_tables=2) at 10.0/sql/sql_select.cc:6479
 
#7  0x000000000053fac4 in make_join_statistics (join=join@entry=0x7f1235dcc020, tables_list=..., conds=0x7f1235e6df00, keyuse_array=keyuse_array@entry=0x7f1235dcc328) at 10.0/sql/sql_select.cc:4023
 
#8  0x0000000000618044 in JOIN::optimize_inner (this=this@entry=0x7f1235dcc020) at 10.0/sql/sql_select.cc:1339
 
#9  0x000000000061a19d in JOIN::optimize (this=this@entry=0x7f1235dcc020) at 10.0/sql/sql_select.cc:1024
 
#10 0x000000000061a355 in mysql_select (thd=thd@entry=0x7f1238f31008, rref_pointer_array=rref_pointer_array@entry=0x7f1238f35540, tables=0x7f1235efc278, wild_num=<optimized out>, fields=..., conds=<optimized out>, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=result@entry=0x7f1235dd2b38, unit=unit@entry=0x7f1238f34be0, select_lex=select_lex@entry=0x7f1238f352c8) at 10.0/sql/sql_select.cc:3294
 
#11 0x000000000061d6b4 in handle_select (thd=0x7f1238f31008, lex=0x7f1238f34b18, result=0x7f1235dd2b38, setup_tables_done_option=0) at 10.0/sql/sql_select.cc:373
 
#12 0x00000000005cd03b in execute_sqlcom_select (thd=thd@entry=0x7f1238f31008, all_tables=0x7f1235efc278) at 10.0/sql/sql_parse.cc:5269
 
#13 0x00000000005d7d38 in mysql_execute_command (thd=thd@entry=0x7f1238f31008) at 10.0/sql/sql_parse.cc:2552
 
#14 0x00000000005da55c in mysql_parse (parser_state=0x7f123fad6160, thd=0x7f1238f31008, rawbuf=<optimized out>, length=<optimized out>) at 10.0/sql/sql_parse.cc:6415
 
#15 mysql_parse (thd=0x7f1238f31008, rawbuf=<optimized out>, length=76, parser_state=0x7f123fad6160) at 10.0/sql/sql_parse.cc:6336
 
#16 0x00000000005dbc25 in dispatch_command (command=COM_QUERY, thd=0x7f1238f31008, packet=<optimized out>, packet_length=<optimized out>) at 10.0/sql/sql_parse.cc:1307
 
#17 0x0000000000682bed in do_handle_one_connection (thd_arg=thd_arg@entry=0x7f1238f31008) at 10.0/sql/sql_connect.cc:1379
 
#18 0x0000000000682cb0 in handle_one_connection (arg=arg@entry=0x7f1238f31008) at 10.0/sql/sql_connect.cc:1293
 
#19 0x00000000009d0f24 in pfs_spawn_thread (arg=0x7f123d02d608) at 10.0/storage/perfschema/pfs.cc:1860
 
#20 0x00007f123f6c3b50 in start_thread (arg=<optimized out>) at pthread_create.c:304
 
#21 0x00007f123d97a20d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112

Test case is weird, but I couldn't remove anything else from it. All 3 selects seem to be important, as well as all multiple fields in the tables, even though they are not used.

This particular test case only causes a crash on 10.0, but I am getting similar crashes on 5.5.40 as well.

Test case

 
CREATE TABLE t1 (pk INT PRIMARY KEY) ENGINE=MyISAM;
 
 
 
CREATE TABLE t2 (
 
  f1 DATE,
 
  f2 VARCHAR(1024),
 
  f3 VARCHAR(10),
 
  f4 DATE,
 
  f5 VARCHAR(10),
 
  f6 VARCHAR(10),
 
  f7 VARCHAR(10),
 
  f8 DATETIME,
 
  f9 INT,
 
  f10 VARCHAR(1024),
 
  f11 VARCHAR(1024),
 
  f12 INT,
 
  f13 VARCHAR(1024)
 
) ENGINE=MyISAM;
 
 
 
CREATE OR REPLACE VIEW v2 AS SELECT * FROM t2;
 
 
 
CREATE TABLE t3 (
 
  f1 VARCHAR(1024),
 
  f2 VARCHAR(1024),
 
  f3 DATETIME,
 
  f4 VARCHAR(10),
 
  f5 INT,
 
  f6 VARCHAR(10),
 
  f7 VARCHAR(1024),
 
  f8 VARCHAR(10),
 
  f9 INT,
 
  f10 DATE,
 
  f11 INT,
 
  f12 VARCHAR(1024),
 
  f13 VARCHAR(10),
 
  f14 DATE,
 
  f15 DATETIME
 
) ENGINE=MyISAM;
 
 
 
CREATE OR REPLACE ALGORITHM=TEMPTABLE VIEW v3 AS SELECT * FROM t3;
 
 
 
INSERT INTO t3 VALUES  
  ('FOO','foo','2000-08-04 00:00:00','one',1,'1','FOO','foo',1,'2004-05-09',1,'one','one','2001-12-07','2001-10-17 08:25:04'),  
  ('BAR','bar','2001-01-01 04:52:37','two',2,'2','BAR','bar',2,'2008-01-01',2,'two','two','2006-06-19','2002-01-01 08:22:49');
 
 
 
CREATE TABLE t4 (f1 VARCHAR(10), f2 INT) ENGINE=MyISAM;
 
 
 
SELECT * FROM t1;
 
 
 
--error ER_BAD_FIELD_ERROR
 
SELECT non_existing FROM v2;
 
 
 
SELECT * FROM t1, v3, t4 WHERE v3.f1 = t4.f1 AND t4.f2 = 6 AND t1.pk = v3.f5;



 Comments   
Comment by Elena Stepanova [ 2014-11-04 ]

More stack traces that I am getting in buildbot presumably due to the same bug (for searching purposes).

on 5.5.40

 
mysqld.exe!store_key::store_key()[sql_select.h:1512]
 
mysqld.exe!create_ref_for_key()[sql_select.cc:8127]
 
mysqld.exe!get_best_combination()[sql_select.cc:7803]
 
mysqld.exe!make_join_statistics()[sql_select.cc:3817]
 
mysqld.exe!JOIN::optimize()[sql_select.cc:1230]
 
mysqld.exe!mysql_select()[sql_select.cc:3080]
 
mysqld.exe!handle_select()[sql_select.cc:319]
 
mysqld.exe!execute_sqlcom_select()[sql_parse.cc:4688]
 
mysqld.exe!mysql_execute_command()[sql_parse.cc:2233]
 
mysqld.exe!mysql_parse()[sql_parse.cc:5804]
 
mysqld.exe!dispatch_command()[sql_parse.cc:1082]
 
mysqld.exe!do_command()[sql_parse.cc:793]
 
mysqld.exe!threadpool_process_request()[threadpool_common.cc:233]
 
mysqld.exe!io_completion_callback()[threadpool_win.cc:568]
 
KERNEL32.DLL!GetThreadTimes()
 
ntdll.dll!RtlTryAcquireSRWLockShared()
 
ntdll.dll!RtlTryEnterCriticalSection()
 
KERNEL32.DLL!BaseThreadInitThunk()
 
ntdll.dll!RtlUserThreadStart()
 
 
 
Trying to get some variables.
 
Some pointers may be invalid and cause the dump to abort.
 
Query (0xa87c398): SELECT  alias1 . `col_varchar_1024_latin1_key` AS field1 , alias1 . `col_varchar_1024_latin1_key` AS field2 FROM  view_e AS alias1  LEFT  JOIN  n AS alias2  LEFT OUTER JOIN view_a AS alias3 ON  alias2 . `col_varchar_1024_utf8_key` =  alias3 . `col_varchar_10_latin1_key`  ON  alias1 . `col_varchar_1024_utf8` =  alias3 . `col_varchar_1024_utf8_key`  WHERE  alias3 . `col_int` >= 2 AND alias3 . `col_int` <= ( 2 + 10 ) OR alias3 . `col_int`  BETWEEN 2 AND (2 + 8 ) OR alias3 . `col_int` <> 6 AND  alias3 . `col_int` >= 5 OR alias3 . `col_int` >= 4 AND alias3 . `col_int` < ( 5 + 5 ) AND  alias3 . `col_int_key` IS  NULL OR alias3 . `col_int_key` > 2 AND alias3 . `col_int_key` < ( 6 + 4 )
 
Connection ID (thread ID): 10
 
Status: NOT_KILLED

on 5.5.40

 
mysqld.exe!store_key::store_key()[sql_select.h:1512]
 
mysqld.exe!store_key_const_item::store_key_const_item()[sql_select.h:1689]
 
mysqld.exe!get_store_key()[sql_select.cc:8197]
 
mysqld.exe!create_ref_for_key()[sql_select.cc:8136]
 
mysqld.exe!get_best_combination()[sql_select.cc:7803]
 
mysqld.exe!make_join_statistics()[sql_select.cc:3817]
 
mysqld.exe!JOIN::optimize()[sql_select.cc:1230]
 
mysqld.exe!mysql_select()[sql_select.cc:3080]
 
mysqld.exe!handle_select()[sql_select.cc:319]
 
mysqld.exe!execute_sqlcom_select()[sql_parse.cc:4688]
 
mysqld.exe!mysql_execute_command()[sql_parse.cc:2233]
 
mysqld.exe!mysql_parse()[sql_parse.cc:5804]
 
mysqld.exe!dispatch_command()[sql_parse.cc:1082]
 
mysqld.exe!do_command()[sql_parse.cc:793]
 
mysqld.exe!threadpool_process_request()[threadpool_common.cc:233]
 
mysqld.exe!io_completion_callback()[threadpool_win.cc:568]
 
kernel32.dll!BaseFormatTimeOut()
 
ntdll.dll!RtlEqualDomainName()
 
ntdll.dll!RtlValidateHeap()
 
kernel32.dll!BaseThreadInitThunk()
 
ntdll.dll!RtlUserThreadStart()
 
 
 
Trying to get some variables.
 
Some pointers may be invalid and cause the dump to abort.
 
Query (0xa55d958): SELECT  alias1 . `col_varchar_1024_utf8` AS field1 , alias1 . `col_varchar_10_latin1` AS field2 , alias1 . `col_date_key` AS field3 FROM  view_g AS alias1  LEFT  JOIN  f AS alias2  LEFT OUTER JOIN  view_a AS alias3  RIGHT  JOIN  view_e AS alias4  LEFT  JOIN l AS alias5 ON  alias4 . `col_varchar_1024_utf8_key` =  alias5 . `col_varchar_1024_latin1`  ON  alias3 . `col_varchar_10_latin1` =  alias5 . `col_varchar_1024_latin1_key`  ON  alias2 . `col_varchar_10_utf8` =  alias5 . `col_varchar_10_latin1_key`  ON  alias1 . `pk` =  alias5 . `col_int_key`  WHERE  alias2 . `col_int_key` > 't' AND alias2 . `col_int_key` <= 'zzzz' AND  alias1 . `pk` >= 'from' AND alias1 . `pk` < 'v' AND  alias4 . `pk`  BETWEEN 't' AND 'z' AND alias4 . `pk` >= 'y' AND alias4 . `pk` < 'z'
 
Connection ID (thread ID): 8
 
Status: NOT_KILLED

on 5.5.40

 
mysqld.exe!best_access_path()[sql_select.cc:5585]
 
mysqld.exe!optimize_straight_join()[sql_select.cc:6474]
 
mysqld.exe!choose_plan()[sql_select.cc:6202]
 
mysqld.exe!make_join_statistics()[sql_select.cc:3785]
 
mysqld.exe!JOIN::optimize()[sql_select.cc:1230]
 
mysqld.exe!mysql_select()[sql_select.cc:3080]
 
mysqld.exe!handle_select()[sql_select.cc:319]
 
mysqld.exe!execute_sqlcom_select()[sql_parse.cc:4688]
 
mysqld.exe!mysql_execute_command()[sql_parse.cc:2233]
 
mysqld.exe!mysql_parse()[sql_parse.cc:5804]
 
mysqld.exe!dispatch_command()[sql_parse.cc:1082]
 
mysqld.exe!do_command()[sql_parse.cc:793]
 
mysqld.exe!threadpool_process_request()[threadpool_common.cc:233]
 
mysqld.exe!io_completion_callback()[threadpool_win.cc:568]
 
kernel32.dll!BaseFormatTimeOut()
 
ntdll.dll!RtlEqualDomainName()
 
ntdll.dll!RtlValidateHeap()
 
kernel32.dll!BaseThreadInitThunk()
 
ntdll.dll!RtlUserThreadStart()
 
 
 
Trying to get some variables.
 
Some pointers may be invalid and cause the dump to abort.
 
Query (0xa4a2228): SELECT STRAIGHT_JOIN alias1 . `col_date_key` AS field1 FROM  view_d AS alias1  RIGHT  JOIN view_b AS alias2 ON  alias1 . `col_varchar_1024_utf8_key` =  alias2 . `col_varchar_10_utf8_key`  WHERE  alias1 . `col_varchar_10_utf8` > 'q' AND alias1 . `col_varchar_10_utf8` <= 'z' AND alias1 . `col_varchar_10_utf8` >= 'YMPHA' AND alias1 . `col_varchar_10_utf8` <= 't' AND  alias2 . `col_varchar_1024_utf8` > 'u' AND alias2 . `col_varchar_1024_utf8` < 'z'
 
Connection ID (thread ID): 10
 
Status: NOT_KILLED

on 10.0.14

 
mysqld.exe!st_key::actual_rec_per_key()[table.cc:7163]
 
mysqld.exe!best_access_path()[sql_select.cc:5960]
 
mysqld.exe!best_extension_by_limited_search()[sql_select.cc:7660]
 
mysqld.exe!best_extension_by_limited_search()[sql_select.cc:7732]
 
mysqld.exe!best_extension_by_limited_search()[sql_select.cc:7732]
 
mysqld.exe!best_extension_by_limited_search()[sql_select.cc:7732]
 
mysqld.exe!best_extension_by_limited_search()[sql_select.cc:7732]
 
mysqld.exe!greedy_search()[sql_select.cc:6903]
 
mysqld.exe!choose_plan()[sql_select.cc:6479]
 
mysqld.exe!make_join_statistics()[sql_select.cc:4022]
 
mysqld.exe!JOIN::optimize_inner()[sql_select.cc:1339]
 
mysqld.exe!JOIN::optimize()[sql_select.cc:1023]
 
mysqld.exe!mysql_select()[sql_select.cc:3293]
 
mysqld.exe!handle_select()[sql_select.cc:372]
 
mysqld.exe!execute_sqlcom_select()[sql_parse.cc:5269]
 
mysqld.exe!mysql_execute_command()[sql_parse.cc:2552]
 
mysqld.exe!mysql_parse()[sql_parse.cc:6420]
 
mysqld.exe!dispatch_command()[sql_parse.cc:1310]
 
mysqld.exe!do_command()[sql_parse.cc:1011]
 
mysqld.exe!threadpool_process_request()[threadpool_common.cc:233]
 
mysqld.exe!io_completion_callback()[threadpool_win.cc:568]
 
KERNEL32.DLL!GetThreadTimes()
 
ntdll.dll!RtlTryAcquireSRWLockShared()
 
ntdll.dll!RtlTryEnterCriticalSection()
 
KERNEL32.DLL!BaseThreadInitThunk()
 
ntdll.dll!RtlUserThreadStart()
 
 
 
Trying to get some variables.
 
Some pointers may be invalid and cause the dump to abort.
 
Query (0x13a21fe0): SELECT  alias1 . `col_varchar_1024_utf8` AS field1 , alias1 . `col_varchar_1024_latin1` AS field2 , alias1 . `col_datetime` AS field3 FROM  view_j AS alias1  LEFT  JOIN  o AS alias2  LEFT OUTER JOIN   view_f AS alias3  LEFT OUTER JOIN  h AS alias4  LEFT  JOIN g AS alias5 ON  alias4 . `pk` =  alias5 . `pk`  ON  alias3 . `col_int_key` =  alias5 . `pk`   LEFT  JOIN n AS alias6 ON  alias5 . `col_varchar_1024_latin1` =  alias6 . `col_varchar_1024_latin1_key`  ON  alias2 . `col_varchar_1024_utf8_key` =  alias4 . `col_varchar_1024_utf8`  ON  alias1 . `col_varchar_1024_latin1` =  alias5 . `col_varchar_10_latin1_key`  WHERE  alias6 . `col_int_key` NOT IN (30, 75, 3) AND  alias6 . `pk` > 1 AND alias6 . `pk` <= ( 5 + 9 ) AND  alias1 . `col_varchar_1024_latin1_key` >= 'DBPHY' AND alias1 . `col_varchar_1024_latin1_key` <= 'l'   ORDER BY field1
 
Connection ID (thread ID): 11
 
Status: NOT_KILLED

on 10.0.14

 
mysqld.exe!st_key::actual_rec_per_key()[table.cc:7163]
 
mysqld.exe!best_access_path()[sql_select.cc:5960]
 
mysqld.exe!optimize_straight_join()[sql_select.cc:6764]
 
mysqld.exe!choose_plan()[sql_select.cc:6490]
 
mysqld.exe!make_join_statistics()[sql_select.cc:4022]
 
mysqld.exe!JOIN::optimize_inner()[sql_select.cc:1339]
 
mysqld.exe!JOIN::optimize()[sql_select.cc:1023]
 
mysqld.exe!mysql_select()[sql_select.cc:3293]
 
mysqld.exe!handle_select()[sql_select.cc:372]
 
mysqld.exe!execute_sqlcom_select()[sql_parse.cc:5269]
 
mysqld.exe!mysql_execute_command()[sql_parse.cc:2552]
 
mysqld.exe!mysql_parse()[sql_parse.cc:6420]
 
mysqld.exe!dispatch_command()[sql_parse.cc:1310]
 
mysqld.exe!do_command()[sql_parse.cc:1011]
 
mysqld.exe!threadpool_process_request()[threadpool_common.cc:233]
 
mysqld.exe!io_completion_callback()[threadpool_win.cc:568]
 
KERNEL32.DLL!GetThreadTimes()
 
ntdll.dll!RtlTryAcquireSRWLockShared()
 
ntdll.dll!RtlTryEnterCriticalSection()
 
KERNEL32.DLL!BaseThreadInitThunk()
 
ntdll.dll!RtlUserThreadStart()
 
 
 
Trying to get some variables.
 
Some pointers may be invalid and cause the dump to abort.
 
Query (0x13c985f0): SELECT STRAIGHT_JOIN alias1 . `col_varchar_10_utf8` AS field1 FROM  k AS alias1  LEFT  JOIN   e AS alias2  LEFT  JOIN view_g AS alias3 ON  alias2 . `col_int_key` =  alias3 . `col_int_key`   LEFT OUTER JOIN   view_m AS alias4  LEFT  JOIN     view_h AS alias5  RIGHT  JOIN m AS alias6 ON  alias5 . `col_varchar_1024_latin1_key` =  alias6 . `col_varchar_1024_latin1_key`   LEFT  JOIN b AS alias7 ON  alias5 . `pk` =  alias7 . `col_int_key`   LEFT  JOIN h AS alias8 ON  alias7 . `col_varchar_10_latin1` =  alias8 . `col_varchar_10_latin1_key`   LEFT OUTER JOIN view_f AS alias9 ON  alias8 . `col_varchar_1024_latin1_key` =  alias9 . `col_varchar_1024_utf8_key`  ON  alias4 . `col_int_key` =  alias8 . `col_int_key`   RIGHT  JOIN view_o AS alias10 ON  alias4 . `pk` =  alias10 . `pk`  ON  alias2 . `pk` =  alias7 . `col_int_key`  ON  alias1 . `col_int_key` =  alias4 . `pk`  WHERE  alias2 . `col_varchar_1024_utf8` > 'a' AND alias2 . `col_varchar_1024_utf8` <= 'z' AND  alias2 . `col_varchar_10_utf8` >= 'v' AND alias2 . `col_varchar_10_utf8` <= 'w' AND alias2 . `col_varchar_10_utf8` IS  NULL AND alias2 . `col_varchar_10_utf8` >= 'u' AND alias2 . `col_varchar_10_utf8` < 'z' AND  alias9 . `col_varchar_1024_utf8` > 'v' AND alias9 . `col_varchar_1024_utf8` <= 'AXLDI' OR  alias3 . `col_varchar_1024_utf8` >= 'm' AND alias3 . `col_varchar_1024_utf8` < 'z' OR  alias4 . `col_varchar_10_utf8` >= 'g' AND alias4 . `col_varchar_10_utf8` <= 'z' OR  alias7 . `col_varchar_10_utf8` >= 'h' AND alias7 . `col_varchar_10_utf8` < 'z' AND alias7 . `col_varchar_10_utf8`  IN ('f') AND  alias6 . `col_varchar_10_utf8` NOT LIKE ( '_' ) AND alias4 . `col_varchar_1024_latin1_key` < 'o'
 
Connection ID (thread ID): 10
 
Status: NOT_KILLED

Comment by Sergei Petrunia [ 2014-12-17 ]

I can repeat. It crashes in best_access_path

(gdb) p keyinfo
 
  $1 = (KEY *) 0x7fffccc630c8
 
(gdb) p keyinfo->user_defined_key_parts
 
  $2 = 1
 
(gdb) p keyinfo->user_defined_key_parts - 1
 
  $3 = 0
 
(gdb) p keyinfo->rec_per_key
 
  $4 = (ulong *) 0x0
 
(gdb) p s->table->alias.Ptr
 
  $6 = 0x7fffccc1a898 "v3"
 
(gdb) p s->table->file
 
  $7 = (handler *) 0x7fffccc63a70
 
(gdb) set print obj
 
(gdb) p s->table->file
 
  $8 = (ha_heap *) 0x7fffccc63a70

It seems, we are looking at a key in temporary table.

Comment by Sergei Petrunia [ 2014-12-17 ]

Debugging

SELECT non_existing FROM v2

create_tmp_table() = (TABLE *) 0x7fffccd1d020
table->s->keys==0

SELECT * FROM t1, v3, t4 WHERE v3.f1 = t4.f1 AND t4.f2 = 6 AND t1.pk = v3.f5

create_tmp_table() = 0x7fffccd25020
table->s->keys==0
...
TABLE::add_tmp_key (this=0x7fffccd25020 ...)

Program received signal SIGSEGV, Segmentation fault.

(gdb) p s->table
$29 = (TABLE *) 0x7fffccd25020

(gdb) p s->table->s->keys
$30 = 1

(gdb) p s->table->key_info
$32 = (KEY *) 0x7fffccc63020
(gdb) p keyinfo
$33 = (KEY *) 0x7fffccc630c8

(gdb) p s->table->key_info - keyinfo
$39 = -1

(gdb) p key
$40 = 1

Why do we have key=1 (i.e. the second key) when the table has just one key?

Comment by Sergei Petrunia [ 2014-12-18 ]

So there is a call to
generate_derived_keys_for_table( count=2, keys=2)

it calls
TABLE::check_tmp_key(key=0, key_parts=1) = true
(this means it's ok to add the key)
TABLE::add_tmp_key(key=0, key_parts=1) = false
(this means key was added)

TABLE::check_tmp_key(key=1, key_parts=1) = true
(this means it is NOT ok to add the key)

However, KEYUSE array still keeps the element with key=1:

(gdb) p use[0].table->alias.Ptr
 
  $33 = 0x7ffe9c00f130 "t1"
 
(gdb) p use[1].table->alias.Ptr
 
  $34 = 0x7ffe9c006cf0 "v3"
 
(gdb) p use[2].table->alias.Ptr
 
  $35 = 0x7ffe9c006cf0 "v3"
 
(gdb) p use[3].table->alias.Ptr
 
  Cannot access memory at address 0xe8
 

(gdb) p use[1].key
 
  $36 = 0
 
(gdb) p use[2].key
 
  $37 = 1

Note that key=1. That's the second key, while the table has only one key:

(gdb) p use[2].table->s->keys
 
  $39 = 1

Comment by Sergei Petrunia [ 2014-12-18 ]

Ok the problem is in this pieced of code:

      KEYUSE *save_first_keyuse= first_keyuse;
 
      if (table->check_tmp_key(table->s->keys, parts,
 
                               get_next_field_for_derived_key_simple, 
                               (uchar *) &first_keyuse))
 
 
      {
 
        first_keyuse= save_first_keyuse;
 
        if (table->add_tmp_key(table->s->keys, parts, 
                               get_next_field_for_derived_key, 
                               (uchar *) &first_keyuse,
 
                               FALSE))
 
          return TRUE;
 
        table->reginfo.join_tab->keys.set_bit(table->s->keys);
 
      }
 
      else
 
      {
 
        /* Mark keyuses for this key to be excluded */
 
        for (KEYUSE *curr=save_first_keyuse; curr < first_keyuse; curr++)
 
	{
 
          curr->key= MAX_KEY;
 
        }
 
      }

check_tmp_key() and add_tmp_key() use their "&first_keyuse" parameter as a loop variable. That is, these functions have a side effect of modifying this variable.

Suppose the call to table->check_tmp_key(...) returned TRUE (which means failure). We then go to this loop

        for (KEYUSE *curr=save_first_keyuse; curr < first_keyuse; curr++)

which uses first_keyuse. In our example, check_tmp_table() has set first_keyuse to NULL:

(gdb) print curr
 
  $116 = (KEYUSE *) 0x7ffe9c033f68
 
(gdb) print first_keyuse
 
  $117 = (KEYUSE *) 0x0

this will cause the loop not to execute.

Comment by Sergei Petrunia [ 2014-12-18 ]

Btw one can crash a debug binary also. One needs to run with --debug, so that print_keyuse() is invoked. It will crash when trying to get the name of a non-existent key.

Comment by Sergei Petrunia [ 2014-12-18 ]

Pushed into 5.3 and merged into 5.5

Comment by Patryk Pomykalski [ 2014-12-18 ]

I think it might be related to MDEV-6745

Comment by Sergei Petrunia [ 2014-12-19 ]

Checked MDEV-6745 with the fix for this bug. It still repeats, so these seem to be two different issues.

Comment by Patryk Pomykalski [ 2014-12-19 ]

Strange, for me this one fixed 6745 too...

Generated at Thu Feb 08 07:14:54 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.