|
Thanks for the full report and the test case.
Highly reduced test case derived from the initial one:
select * from (
|
select 1 as a
|
UNION
|
select 2 as a
|
ORDER BY RAND()
|
) as sq;
|
|
stack trace from 5.5 commit e126baafbc78f15c794082f0a93740d81041d038
|
#3 <signal handler called>
|
#4 0x000000000067fd5f in st_join_table::cleanup (this=0x7fb52312b278) at 5.5/sql/sql_select.cc:10512
|
#5 0x0000000000680c06 in JOIN::cleanup (this=0x7fb52312b968, full=true) at 5.5/sql/sql_select.cc:10931
|
#6 0x000000000066ceea in JOIN::destroy (this=0x7fb52312b968) at 5.5/sql/sql_select.cc:2933
|
#7 0x000000000066ceb6 in JOIN::destroy (this=0x7fb523283128) at 5.5/sql/sql_select.cc:2928
|
#8 0x00000000006e8289 in st_select_lex::cleanup (this=0x7fb523280078) at 5.5/sql/sql_union.cc:1015
|
#9 0x00000000006e7eef in st_select_lex_unit::cleanup (this=0x7fb523287c40) at 5.5/sql/sql_union.cc:891
|
#10 0x00000000006117d1 in mysql_derived_fill (thd=0x7fb524150060, lex=0x7fb5241532e0, derived=0x7fb5232803c0) at 5.5/sql/sql_derived.cc:935
|
#11 0x0000000000610178 in mysql_handle_single_derived (lex=0x7fb5241532e0, derived=0x7fb5232803c0, phases=96) at 5.5/sql/sql_derived.cc:194
|
#12 0x0000000000680307 in st_join_table::preread_init (this=0x7fb523282a10) at 5.5/sql/sql_select.cc:10666
|
#13 0x000000000068e894 in sub_select (join=0x7fb523280a28, join_tab=0x7fb523282a10, end_of_records=false) at 5.5/sql/sql_select.cc:16903
|
#14 0x000000000068e2a3 in do_select (join=0x7fb523280a28, fields=0x7fb524153b88, table=0x0, procedure=0x0) at 5.5/sql/sql_select.cc:16597
|
#15 0x000000000066cc3e in JOIN::exec (this=0x7fb523280a28) at 5.5/sql/sql_select.cc:2873
|
#16 0x000000000066d449 in mysql_select (thd=0x7fb524150060, rref_pointer_array=0x7fb524153ce0, tables=0x7fb5232803c0, wild_num=1, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7fb523288fe8, unit=0x7fb524153390, select_lex=0x7fb524153a70) at 5.5/sql/sql_select.cc:3094
|
#17 0x0000000000663dc1 in handle_select (thd=0x7fb524150060, lex=0x7fb5241532e0, result=0x7fb523288fe8, setup_tables_done_option=0) at 5.5/sql/sql_select.cc:319
|
#18 0x000000000063cfdc in execute_sqlcom_select (thd=0x7fb524150060, all_tables=0x7fb5232803c0) at 5.5/sql/sql_parse.cc:4689
|
#19 0x00000000006361be in mysql_execute_command (thd=0x7fb524150060) at 5.5/sql/sql_parse.cc:2234
|
#20 0x000000000063fb01 in mysql_parse (thd=0x7fb524150060, rawbuf=0x7fb523287078 "select * from ( \nselect 1 as a\nUNION \nselect 2 as a \nORDER BY RAND()\n) as sq", length=76, parser_state=0x7fb523bb5620) at 5.5/sql/sql_parse.cc:5914
|
#21 0x0000000000633705 in dispatch_command (command=COM_QUERY, thd=0x7fb524150060, packet=0x7fb524207061 "", packet_length=76) at 5.5/sql/sql_parse.cc:1079
|
#22 0x0000000000632891 in do_command (thd=0x7fb524150060) at 5.5/sql/sql_parse.cc:793
|
#23 0x0000000000735f1d in do_handle_one_connection (thd_arg=0x7fb524150060) at 5.5/sql/sql_connect.cc:1269
|
#24 0x0000000000735c97 in handle_one_connection (arg=0x7fb524150060) at 5.5/sql/sql_connect.cc:1185
|
#25 0x0000000000b71e25 in pfs_spawn_thread (arg=0x7fb524171c00) at 5.5/storage/perfschema/pfs.cc:1015
|
#26 0x00007fb52a59bb50 in start_thread (arg=<optimized out>) at pthread_create.c:304
|
#27 0x00007fb52885195d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
|
Apparently the problem was introduced by this revision:
commit e8b0b51966ae8b112c61650814af78530e8e7624
|
Author: Sergey Petrunya <psergey@askmonty.org>
|
Date: Thu Jul 11 19:27:39 2013 +0400
|
|
MDEV-4042: Assertion `table->key_read == 0' fails in close_thread_table on EXPLAIN
|
MDEV-4536: ...sql/sql_base.cc:1598: bool close_thread_table(THD*, TABLE**): Assertion
|
- Make JOIN::cleanup(full=true) always free join optimization tabs.
|
|
|
Hi,
We upgraded from 10.1.9 to 1.1.10 and it seems the problem has been fixed :
MariaDB [(none)]> select * from (
|
-> select 1 as a
|
-> UNION
|
-> select 2 as a
|
-> ORDER BY RAND()
|
-> ) as sq;
|
+---+
|
| a |
|
+---+
|
| 2 |
|
| 1 |
|
+---+
|
2 rows in set (0.00 sec)
|
|
|
I'm afraid it's just the matter of luck, as it often happens with SIGSEGV. Debug build still crashes, and valgrind on the release build still produces its warnings, so the bug is still there.
|
|
I'm raising the priority because we have another bug report which looks like the same problem, MDEV-9377.
|
|
While debugging this, I've run into an interesting situation. During the statement execution we create the following JOIN objects. The non-indented addresses are JOIN::init while the indented addresses are JOIN::cleanup calls.
init 0x00000001028105c0
init 0x0000000102810d20
init 0x0000000102811390
cleanup 0x0000000102810d20
cleanup 0x0000000102811390
init 0x0000000102828e88
cleanup 0x000000010282a4c0 (??) (full == false)
cleanup 0x000000010282a4c0 (??) (full == false)
cleanup 0x0000000102810d20
cleanup 0x0000000102811390
cleanup 0x000000010282a4c0 (??) (full == true)
Notice that the a4c0 address is never actually initialised. In fact, that JOIN object is not constructed by the JOIN::JOIN constructor either. The cleanup code actually fails for that particular object, not the first 2 times, but the 3rd time, when the full parameter is set to TRUE.
|
|
The "unkown" join comes from SELECT_LEX->join.
|
|
init_execution creates the tmp_join that overrides current join, during join->exec().
tmp_join now has table_access_tabs correctly marked, as a tmp table.
|
|
However, during the union execution cleanup, we free the tmp table:
frame #2: 0x0000000100b63a5e mysqld`free_memory(ptr=0x000000010a800070) + 382 at safemalloc.c:275
frame #3: 0x0000000100b63ac3 mysqld`sf_free(ptr=0x000000010a800070) + 67 at safemalloc.c:194
frame #4: 0x0000000100b4cdd6 mysqld`my_free(ptr=0x000000010a800070) + 150 at my_malloc.c:216
frame #5: 0x0000000100b3d7c4 mysqld`free_root(root=0x0000700000195618, MyFlags=0) + 260 at my_alloc.c:389
frame #6: 0x0000000100371b82 mysqld`free_tmp_table(thd=0x000000010402f470, entry=0x000000010a800088) + 626 at sql_select.cc:17736
frame #7: 0x0000000100400cd6 mysqld`st_select_lex_unit::cleanup(this=0x000000010410c848) + 230 at sql_union.cc:1031
frame #8: 0x00000001002c291b mysqld`mysql_derived_fill(thd=0x000000010402f470, lex=0x0000000104032db0, derived=0x000000010410df10) + 811 at sql_derived.cc:948
frame #9: 0x00000001002c2f57 mysqld`mysql_handle_single_derived(lex=0x0000000104032db0, derived=0x000000010410df10, phases=96) + 455 at sql_derived.cc:195
frame #10: 0x000000010037cf9f mysqld`st_join_table::preread_init(this=0x0000000104110aa8) + 143 at sql_select.cc:11694
frame #11: 0x00000001003866d9 mysqld`sub_select(join=0x000000010410e5c0, join_tab=0x0000000104110aa8, end_of_records=false) + 377 at sql_select.cc:18249
frame #12: 0x000000010036f5c5 mysqld`do_select(join=0x000000010410e5c0, fields=0x0000000104033680, table=0x0000000000000000, procedure=0x0000000000000000) + 1573 at sql_select.cc:17936
frame #13: 0x000000010036e5c2 mysqld`JOIN::exec_inner(this=0x000000010410e5c0) + 11490 at sql_select.cc:3228
frame #14: 0x000000010036b82b mysqld`JOIN::exec(this=0x000000010410e5c0) + 251 at sql_select.cc:2518
frame #15: 0x0000000100352b3d mysqld`mysql_select(thd=0x000000010402f470, rref_pointer_array=0x00000001040337e0, tables=0x000000010410df10, wild_num=1, fields=0x0000000104033680, conds=0x0000000000000000, og_num=0, order=0x0000000000000000, group=0x0000000000000000, having=0x0000000000000000, proc_param=0x0000000000000000, select_options=2147748608, result=0x000000010410e5a0, unit=0x0000000104032e78, select_lex=0x0000000104033568) + 1309 at sql_select.cc:3451
frame #16: 0x0000000100352482 mysqld`handle_select(thd=0x000000010402f470, lex=0x0000000104032db0, result=0x000000010410e5a0, setup_tables_done_option=0) + 546 at sql_select.cc:372
frame #17: 0x00000001003099c2 mysqld`execute_sqlcom_select(thd=0x000000010402f470, all_tables=0x000000010410df10) + 1634 at sql_parse.cc:5902
frame #18: 0x00000001002fd31b mysqld`mysql_execute_command(thd=0x000000010402f470) + 7739 at sql_parse.cc:2961
frame #19: 0x00000001002f9b5d mysqld`mysql_parse(thd=0x000000010402f470, rawbuf="select * from (\nselect 1 as a\nUNION\nselect 2 as a\norder by RAND()\n) as sq", length=73, parser_state=0x0000700000199e90) + 781 at sql_parse.cc:7302
frame #20: 0x00000001002f524c mysqld`dispatch_command(command=COM_QUERY, thd=0x000000010402f470, packet="", packet_length=73) + 3868 at sql_parse.cc:1487
frame #21: 0x00000001002f831e mysqld`do_command(thd=0x000000010402f470) + 2174 at sql_parse.cc:1109
frame #22: 0x000000010047bcfe mysqld`do_handle_one_connection(thd_arg=0x000000010402f470) + 558 at sql_connect.cc:1349
frame #23: 0x000000010047ba6d mysqld`::handle_one_connection(arg=0x000000010402f470) + 45 at sql_connect.cc:1261
frame #24: 0x000000010070d8b4 mysqld`::pfs_spawn_thread(arg=0x0000000103237e00) + 388 at pfs.cc:1860
frame #25: 0x00007fff84cbcc13 libsystem_pthread.dylib`_pthread_body + 131
frame #26: 0x00007fff84cbcb90 libsystem_pthread.dylib`_pthread_start + 168
frame #27: 0x00007fff84cba375 libsystem_pthread.dylib`thread_start + 13
|
|
And now, during the cleanup of the new tmp_join, we attempt to double-free the tmp table, which leads to the crash.
rame #0: 0x000000010037145a mysqld`JOIN::cleanup(this=0x00000001038e9ac0, full=true) + 474 at sql_select.cc:11974
frame #1: 0x0000000100370eef mysqld`JOIN::destroy(this=0x00000001038e9ac0) + 319 at sql_select.cc:3295
frame #2: 0x0000000100370eb9 mysqld`JOIN::destroy(this=0x00000001038e8488) + 265 at sql_select.cc:3290
frame #3: 0x00000001004020d6 mysqld`st_select_lex::cleanup(this=0x000000010410d9a0) + 166 at sql_union.cc:1172
frame #4: 0x0000000100400d99 mysqld`st_select_lex_unit::cleanup(this=0x000000010410c848) + 425 at sql_union.cc:1047
frame #5: 0x00000001002c291b mysqld`mysql_derived_fill(thd=0x000000010402f470, lex=0x0000000104032db0, derived=0x000000010410df10) + 811 at sql_derived.cc:948
frame #6: 0x00000001002c2f57 mysqld`mysql_handle_single_derived(lex=0x0000000104032db0, derived=0x000000010410df10, phases=96) + 455 at sql_derived.cc:195
frame #7: 0x000000010037cf9f mysqld`st_join_table::preread_init(this=0x0000000104110aa8) + 143 at sql_select.cc:11694
frame #8: 0x00000001003866d9 mysqld`sub_select(join=0x000000010410e5c0, join_tab=0x0000000104110aa8, end_of_records=false) + 377 at sql_select.cc:18249
frame #9: 0x000000010036f5c5 mysqld`do_select(join=0x000000010410e5c0, fields=0x0000000104033680, table=0x0000000000000000, procedure=0x0000000000000000) + 1573 at sql_select.cc:17936
frame #10: 0x000000010036e5c2 mysqld`JOIN::exec_inner(this=0x000000010410e5c0) + 11490 at sql_select.cc:3228
frame #11: 0x000000010036b82b mysqld`JOIN::exec(this=0x000000010410e5c0) + 251 at sql_select.cc:2518
frame #12: 0x0000000100352b3d mysqld`mysql_select(thd=0x000000010402f470, rref_pointer_array=0x00000001040337e0, tables=0x000000010410df10, wild_num=1, fields=0x0000000104033680, conds=0x0000000000000000, og_num=0, order=0x0000000000000000, group=0x0000000000000000, having=0x0000000000000000, proc_param=0x0000000000000000, select_options=2147748608, result=0x000000010410e5a0, unit=0x0000000104032e78, select_lex=0x0000000104033568) + 1309 at sql_select.cc:3451
frame #13: 0x0000000100352482 mysqld`handle_select(thd=0x000000010402f470, lex=0x0000000104032db0, result=0x000000010410e5a0, setup_tables_done_option=0) + 546 at sql_select.cc:372
frame #14: 0x00000001003099c2 mysqld`execute_sqlcom_select(thd=0x000000010402f470, all_tables=0x000000010410df10) + 1634 at sql_parse.cc:5902
frame #15: 0x00000001002fd31b mysqld`mysql_execute_command(thd=0x000000010402f470) + 7739 at sql_parse.cc:2961
frame #16: 0x00000001002f9b5d mysqld`mysql_parse(thd=0x000000010402f470, rawbuf="select * from (\nselect 1 as a\nUNION\nselect 2 as a\norder by RAND()\n) as sq", length=73, parser_state=0x0000700000199e90) + 781 at sql_parse.cc:7302
frame #17: 0x00000001002f524c mysqld`dispatch_command(command=COM_QUERY, thd=0x000000010402f470, packet="", packet_length=73) + 3868 at sql_parse.cc:1487
frame #18: 0x00000001002f831e mysqld`do_command(thd=0x000000010402f470) + 2174 at sql_parse.cc:1109
frame #19: 0x000000010047bcfe mysqld`do_handle_one_connection(thd_arg=0x000000010402f470) + 558 at sql_connect.cc:1349
frame #20: 0x000000010047ba6d mysqld`::handle_one_connection(arg=0x000000010402f470) + 45 at sql_connect.cc:1261
frame #21: 0x000000010070d8b4 mysqld`::pfs_spawn_thread(arg=0x0000000103237e00) + 388 at pfs.cc:1860
frame #22: 0x00007fff84cbcc13 libsystem_pthread.dylib`_pthread_body + 131
frame #23: 0x00007fff84cbcb90 libsystem_pthread.dylib`_pthread_start + 168
frame #24: 0x00007fff84cba375 libsystem_pthread.dylib`thread_start + 13
|
|
After discussing with Sergey Petrunia, we've come up with a fix that makes the crash go away, but we are not confident that it does not break anything else. The patch might introduce memory leaks. elenst after the buildbot here http://buildbot.askmonty.org/buildbot/grid?category=main&branch=bb-10.1-mdev-9304 finishes checking, can you run a valgrind suite with some randomly generated queries using UNION?
|
|
cvicentiu, can you also check the original testcase? AFAIU we were working with the "Highly reduced test case derived from the initial one" made by Elena... Let's also check the original one...
|
|
cvicentiu, psergey, please check if MDEV-9513 is the same or different issue. It does not get fixed by this patch.
|
|
cvicentiu, psergey, please check if MDEV-9514 is related to this issue. It does not get fixed by this patch.
|
|
I haven't got any memory leaks so far, but my testing is limited due to the problems mentioned above. Could you please check if they are supposed to be fixed in the scope of this bug?
|
database_dump.zip
mariadb_query_logs.txt
my.cnf