[MDEV-8114] server crash on updates with joins still on 10.0.18 Created: 2015-05-07  Updated: 2015-06-06  Resolved: 2015-06-06

Status: Closed
Project: MariaDB Server
Component/s: Data Manipulation - Subquery, Data Manipulation - Update
Affects Version/s: 5.5.43, 10.0.18
Fix Version/s: 5.5.44, 10.0.20

Type: Bug Priority: Critical
Reporter: Max Bubenick Assignee: Oleksandr Byelkin
Resolution: Fixed Votes: 0
Labels: crash, verified
Environment:

any

Issue Links:
Blocks
blocks MDEV-7892 server crash on updates with joins Closed
Sprint: 5.5.44

 Description   

The bug still on 10.0.18

Thread pointer: 0x0x7fd71c848008
 
Attempting backtrace. You can use the following information to find out
 
where mysqld died. If you see no messages after this, something went
 
terribly wrong...
 
stack_bottom = 0x7fd70cc47d30 thread_stack 0x48000
 
/usr/sbin/mysqld(my_print_stacktrace+0x2b)[0xb7bcbb]
 
/usr/sbin/mysqld(handle_fatal_signal+0x398)[0x72b3b8]
 
/lib64/libpthread.so.0[0x3aae20f710]
 
/usr/sbin/mysqld[0x601014]
 
/usr/sbin/mysqld[0x529d21]
 
/usr/sbin/mysqld(_ZN4JOIN14optimize_innerEv+0x6de)[0x6212ee]
 
/usr/sbin/mysqld(_ZN4JOIN8optimizeEv+0x28)[0x6237a8]
 
/usr/sbin/mysqld(_ZN13st_select_lex31optimize_unflattened_subqueriesEb+0x88)[0x5cae88]
 
/usr/sbin/mysqld(_ZN4JOIN14optimize_innerEv+0x1e59)[0x622a69]
 
/usr/sbin/mysqld(_Z12mysql_selectP3THDPPP4ItemP10TABLE_LISTjR4ListIS1_ES2_jP8st_orderSB_S2_SB_yP13select_resultP18st_select_lex_unitP13st_select_lex+0xd8)[0x6239c8]
 
/usr/sbin/mysqld(_Z18mysql_multi_updateP3THDP10TABLE_LISTP4ListI4ItemES6_PS4_y15enum_duplicatesbP18st_select_lex_unitP13st_select_lexPP12multi_update+0x1ba)[0x66994a]
 
/usr/sbin/mysqld(_Z21mysql_execute_commandP3THD+0x47f8)[0x5d8528]
 
/usr/sbin/mysqld[0x5da5e7]
 
/usr/sbin/mysqld(_Z16dispatch_command19enum_server_commandP3THDPcj+0x1c7c)[0x5dc9cc]
 
/usr/sbin/mysqld(_Z24do_handle_one_connectionP3THD+0x453)[0x699b53]
 
/usr/sbin/mysqld(handle_one_connection+0x42)[0x699c22]
 
/lib64/libpthread.so.0[0x3aae2079d1]
 
/lib64/libc.so.6(clone+0x6d)[0x3aadee886d]
 
 
 
Trying to get some variables.
 
Some pointers may be invalid and cause the dump to abort.
 
Query (0x7fd71c869020): UPDATE table_a a JOIN table_b b ON a.c1 = b.c1 JOIN view_vw vw ON b.c2 = vw.c1 JOIN table_t del ON vw.c2 = del.c2 SET a.c2 = ( SELECT max(t.c1) FROM table_t t, view_vw i WHERE del.c2 = t.c2 AND vw.c3 = i.c3 AND t.c3 = 4 ) WHERE a.c2 IS NULL OR a.c2 < '2011-05-01'
 
Connection ID (thread ID): 7
 
Status: NOT_KILLED
 
 
 
Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,engine_condition_pushdown=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=off,table_elimination=on,extended_keys=on,exists_to_in=on
 
 
 
The manual page at http://dev.mysql.com/doc/mysql/en/crashing.html contains
 
information that should help you find out what is causing the crash.
 
Writing a core file
 
150507 13:44:19 mysqld_safe Number of processes running now: 0
 
150507 13:44:19 mysqld_safe mysqld restarted
 
150507 13:44:19 [Note] /usr/sbin/mysqld (mysqld 10.0.18-MariaDB-log) starting as process 15051 ...



 Comments   
Comment by Elena Stepanova [ 2015-05-07 ]

Sorry about that.
What was said in MDEV-7892 is true, the bugfix for MDEV-7613 (commit b9a75862) did fix this crash on 5.5 tree, I just re-checked it; but then the following patch broke it again:

commit 8cbaafd22b145512cc91f7b512290320849e77bd
 
Author: Oleksandr Byelkin <sanja@mariadb.com>
 
Date:   Wed Apr 22 10:14:11 2015 +0200
 
 
 
    MDEV-8018: main.multi_update fails with --ps-protocol
 
    
    save_prep_leaf_tables() made recursive to work with underlying view
 
    
    Arena restoiring fixed in case of EOM.
 
 

sanja,

The test case is in MDEV-7892.

Comment by Moshe L [ 2015-06-01 ]

I am using the last version (10.0.19) and from times to times see this error message on the slave.
the problem not seen on master (10.1.16).

I am thinking that is the same error, but not sure.

150601  7:10:26 [ERROR] mysqld got signal 11 ;
 
This could be because you hit a bug. It is also possible that this binary
 
or one of the libraries it was linked against is corrupt, improperly built,
 
or misconfigured. This error can also be caused by malfunctioning hardware.
 
 
 
To report this bug, see http://kb.askmonty.org/en/reporting-bugs
 
 
 
We will try our best to scrape up some info that will hopefully help
 
diagnose the problem, but since we have already crashed, 
something is definitely wrong and this may fail.
 
 
 
Server version: 10.0.19-MariaDB-1~wheezy-log
 
key_buffer_size=33554432
 
read_buffer_size=2097152
 
max_used_connections=85
 
max_threads=5002
 
thread_count=70
 
It is possible that mysqld could use up to 
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 30863942 K  bytes of memory
 
Hope that's ok; if not, decrease some variables in the equation.
 
 
 
Thread pointer: 0x0x7fe78ecda008
 
Attempting backtrace. You can use the following information to find out
 
where mysqld died. If you see no messages after this, something went
 
terribly wrong...
 
stack_bottom = 0x7fe98649ddf0 thread_stack 0x80000
 
/usr/sbin/mysqld(my_print_stacktrace+0x2b)[0x7fe98a49b90b]
 
/usr/sbin/mysqld(handle_fatal_signal+0x422)[0x7fe98a025c42]
 
/lib/x86_64-linux-gnu/libpthread.so.0(+0xf8d0)[0x7fe9896708d0]
 
/usr/sbin/mysqld(+0x452730)[0x7fe989ef3730]
 
/usr/sbin/mysqld(+0x373796)[0x7fe989e14796]
 
/usr/sbin/mysqld(_ZN4JOIN14optimize_innerEv+0x84a)[0x7fe989f142fa]
 
/usr/sbin/mysqld(_ZN4JOIN8optimizeEv+0x28)[0x7fe989f16738]
 
/usr/sbin/mysqld(_ZN13st_select_lex31optimize_unflattened_subqueriesEb+0x88)[0x7fe989ebbf58]
 
/usr/sbin/mysqld(_ZN4JOIN28optimize_constant_subqueriesEv+0x3a)[0x7fe989fc009a]
 
/usr/sbin/mysqld(_ZN4JOIN14optimize_innerEv+0x2a0)[0x7fe989f13d50]
 
/usr/sbin/mysqld(_Z12mysql_selectP3THDPPP4ItemP10TABLE_LISTjR4ListIS1_ES2_jP8st_orderSB_S2_SB_yP13select_resultP18st_select_lex_unitP13st_select_lex+0xd8)[0x7fe989f16958]
 
/usr/sbin/mysqld(_Z18mysql_multi_updateP3THDP10TABLE_LISTP4ListI4ItemES6_PS4_y15enum_duplicatesbP18st_select_lex_unitP13st_select_lexPP12multi_update+0x1c0)[0x7fe989f5e450]
 
/usr/sbin/mysqld(_Z21mysql_execute_commandP3THD+0x4704)[0x7fe989ec9894]
 
/usr/sbin/mysqld(+0x42aa03)[0x7fe989ecba03]
 
/usr/sbin/mysqld(_ZN15Query_log_event14do_apply_eventEP14rpl_group_infoPKcj+0xffe)[0x7fe98a0eb5ae]
 
/usr/sbin/mysqld(_Z26apply_event_and_update_posP9Log_eventP3THDP14rpl_group_infoP19rpl_parallel_thread+0x18d)[0x7fe989e562bd]
 
/usr/sbin/mysqld(handle_rpl_parallel_thread+0xb9e)[0x7fe989fcf4ae]
 
/lib/x86_64-linux-gnu/libpthread.so.0(+0x80a4)[0x7fe9896690a4]
 
/lib/x86_64-linux-gnu/libc.so.6(clone+0x6d)[0x7fe987c6804d]
 
 
 
Trying to get some variables.
 
Some pointers may be invalid and cause the dump to abort.
 
Query (0x7fe7695ee792): is an invalid pointer
 
Connection ID (thread ID): 8
 
Status: NOT_KILLED
 
 
 
Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,engine_condition_pushdown=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=off,table_elimination=on,extended_keys=on,exists_to_in=on
 
 
 
The manual page at http://dev.mysql.com/doc/mysql/en/crashing.html contains
 
information that should help you find out what is causing the crash.
 
150601 07:10:26 mysqld_safe Number of processes running now: 0
 
150601 07:10:26 mysqld_safe mysqld restarted

Comment by Oleksandr Byelkin [ 2015-06-03 ]

join_tab has somehow unassigned reference to JOIN (valgrund?)

Comment by Oleksandr Byelkin [ 2015-06-04 ]

valgrind shows several problems but they looks like part of bigger problem of using something uninitialiyed...

The interesting moment is only check of unsigned of fixed Item which has uninitialized value...

Comment by Oleksandr Byelkin [ 2015-06-04 ]

One of the problem is that leaf list stored before preparing subqueries
because subqueries in SET part prepared later

Comment by Oleksandr Byelkin [ 2015-06-04 ]

--source include/have_innodb.inc

CREATE TABLE `t1` (
`c1` int(11) NOT NULL,
`c2` datetime DEFAULT NULL,
PRIMARY KEY (`c1`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

CREATE TABLE `t2` (
`c0` varchar(10) NOT NULL,
`c1` int(11) NOT NULL,
`c2` int(11) NOT NULL,
PRIMARY KEY (`c0`,`c1`),
KEY `c1` (`c1`),
KEY `c2` (`c2`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

CREATE TABLE `t3` (
`id` int(11) unsigned NOT NULL AUTO_INCREMENT,
`c1` datetime NOT NULL,
`c2` bigint(20) NOT NULL,
`c3` int(4) unsigned NOT NULL,
PRIMARY KEY (`id`),
KEY `c2` (`c2`),
KEY `c3` (`c3`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

CREATE TABLE `t4` (
`c1` int(11) NOT NULL,
`c2` bigint(20) DEFAULT NULL,
`c3` int(11) NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

CREATE ALGORITHM=UNDEFINED VIEW `v1` AS select `t4`.`c1` AS `c1`,`t4`.`c2` AS `c2`,`t4`.`c3` AS `c3` from `t4`;

UPDATE t1 a JOIN t2 b ON a.c1 = b.c1 JOIN v1 vw ON b.c2 = vw.c1 JOIN t3 del ON vw.c2 = del.c2 SET a.c2 = ( SELECT max(t.c1) FROM t3 t, v1 i WHERE del.c2 = t.c2 AND vw.c3 = i.c3 AND t.c3 = 4 ) WHERE a.c2 IS NULL OR a.c2 < '2011-05-01';

drop view v1;
drop table t1,t2,t3,t4;

Comment by Oleksandr Byelkin [ 2015-06-04 ]

revision-id: d4b5dd21a91085cf434c5838d28f3436b50c6719
parent(s): 6bd76f8b7e086ab7cf0249a05277ff552e564554
committer: Oleksandr Byelkin
branch nick: server
timestamp: 2015-06-04 19:07:34 +0200
message:

MDEV-8114: server crash on updates with joins still on 10.0.18

Check that leaf table list is really built before storing it.

Comment by Sergei Petrunia [ 2015-06-05 ]

Ok to push.

Generated at Thu Feb 08 07:24:44 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.