Bug #52336 | Segfault / crash in 5.1 copy_fields (param=0x9872980) at sql_select.cc:15355 | ||
---|---|---|---|
Submitted: | 24 Mar 2010 16:00 | Modified: | 20 Jun 2010 22:45 |
Reporter: | Patrick Crews | Email Updates: | |
Status: | Closed | Impact on me: | |
Category: | MySQL Server: Optimizer | Severity: | S3 (Non-critical) |
Version: | 5.1-bugteam, 5.5,next-mr,6.0 | OS: | Any |
Assigned to: | Sergei Glukhov | CPU Architecture: | Any |
Tags: | crash, regression, segfault |
[24 Mar 2010 16:00]
Patrick Crews
[24 Mar 2010 16:01]
Patrick Crews
Full backtrace output from this crash
Attachment: bug52336_backtrace.txt (text/plain), 12.06 KiB.
[24 Mar 2010 16:42]
Valeriy Kravchuk
Crash is NOT repeatable for me with recent 5.1.46-debug from mysql-5.1 tree: ... mysql> INSERT INTO `B` VALUES (1,1,7,'2005-02-05 00:00:00','f'); Query OK, 1 row affected (0.01 sec) mysql> SELECT MIN( table1 . `col_int_key` ) AS field1 -> FROM ( CC AS table1 RIGHT JOIN C AS table2 ON (table2 . `col_int_key` = table1 . -> `col_int_nokey` ) ) -> WHERE ( ( 'k', 'c' ) IN ( -> SELECT 'e' , 'l' UNION -> SELECT 'j' , 't' ) ) OR ( table1 . `col_int_key` = table1 . `col_int_key` AND table1 . -> `pk` = 232 ) OR ( table1 . `col_varchar_key` IN ( -> SELECT SUBQUERY2_t2 . `col_varchar_key` AS SUBQUERY2_field1 -> FROM ( B AS SUBQUERY2_t1 LEFT JOIN B AS SUBQUERY2_t2 ON (SUBQUERY2_t2 . `pk` = -> SUBQUERY2_t1 . `col_int_key` ) ) -> WHERE SUBQUERY2_t1 . `col_varchar_key` <> table1 . `col_varchar_key` AND SUBQUERY2_t1 . -> `col_varchar_key` < table2 . `col_varchar_key` ) OR table1 . `col_int_key` >= table2 . -> `col_int_key` ) -> HAVING ( 7, 7 ) IN ( -> SELECT DISTINCT SQL_SMALL_RESULT SUBQUERY3_t1 . `col_int_nokey` AS SUBQUERY3_field1 , -> SUBQUERY3_t1 . `col_int_nokey` AS SUBQUERY3_field2 -> FROM C AS SUBQUERY3_t1 -> WHERE SUBQUERY3_t1 . `col_varchar_key` < 'y' ) -> ORDER BY table1 . `col_datetime_key` , field1 -> LIMIT 2 -> ; +--------+ | field1 | +--------+ | 5 | +--------+ 1 row in set (0.01 sec) mysql> select version(); +--------------+ | version() | +--------------+ | 5.1.46-debug | +--------------+ 1 row in set (0.00 sec)
[24 Mar 2010 20:41]
MySQL Verification Team
Thank you for the bug report. Verified as described: [miguel@hegel ~]$ dbs/5.1-bugteam/libexec/mysqld 100324 17:35:13 [Note] Plugin 'FEDERATED' is disabled. 100324 17:35:13 [Note] Plugin 'ndbcluster' is disabled. InnoDB: The first specified data file ./ibdata1 did not exist: InnoDB: a new database to be created! 100324 17:35:13 InnoDB: Setting file ./ibdata1 size to 10 MB InnoDB: Database physically writes the file full: wait... 100324 17:35:13 InnoDB: Log file ./ib_logfile0 did not exist: new to be created InnoDB: Setting log file ./ib_logfile0 size to 5 MB InnoDB: Database physically writes the file full: wait... 100324 17:35:13 InnoDB: Log file ./ib_logfile1 did not exist: new to be created InnoDB: Setting log file ./ib_logfile1 size to 5 MB InnoDB: Database physically writes the file full: wait... InnoDB: Doublewrite buffer not found: creating new InnoDB: Doublewrite buffer created InnoDB: Creating foreign key constraint system tables InnoDB: Foreign key constraint system tables created 100324 17:35:14 InnoDB: Started; log sequence number 0 0 100324 17:35:14 [Note] Event Scheduler: Loaded 0 events 100324 17:35:14 [Note] dbs/5.1-bugteam/libexec/mysqld: ready for connections. Version: '5.1.46-debug' socket: '/tmp/mysql.sock' port: 3306 Source distribution 100324 17:38:43 - mysqld got signal 11 ; This could be because you hit a bug. It is also possible that this binary or one of the libraries it was linked against is corrupt, improperly built, or misconfigured. This error can also be caused by malfunctioning hardware. We will try our best to scrape up some info that will hopefully help diagnose the problem, but since we have already crashed, something is definitely wrong and this may fail. key_buffer_size=8384512 read_buffer_size=131072 max_used_connections=1 max_threads=151 threads_connected=1 It is possible that mysqld could use up to key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 338309 K bytes of memory Hope that's ok; if not, decrease some variables in the equation. thd: 0x1e84cc8 Attempting backtrace. You can use the following information to find out where mysqld died. If you see no messages after this, something went terribly wrong... stack_bottom = 0x7f02defe5eb8 thread_stack 0x40000 dbs/5.1-bugteam/libexec/mysqld(my_print_stacktrace+0x35)[0xb21539] dbs/5.1-bugteam/libexec/mysqld(handle_segfault+0x288)[0x6b2586] /lib64/libpthread.so.0[0x3d6ec0f0f0] dbs/5.1-bugteam/libexec/mysqld(_Z11copy_fieldsP15TMP_TABLE_PARAM+0x2a)[0x758b09] dbs/5.1-bugteam/libexec/mysqld[0x750acc] dbs/5.1-bugteam/libexec/mysqld[0x74e00f] dbs/5.1-bugteam/libexec/mysqld(_Z10sub_selectP4JOINP13st_join_tableb+0x179)[0x74dcb5] dbs/5.1-bugteam/libexec/mysqld[0x74d7c0] dbs/5.1-bugteam/libexec/mysqld(_ZN4JOIN4execEv+0xbc0)[0x734bba] dbs/5.1-bugteam/libexec/mysqld(_ZN30subselect_single_select_engine4execEv+0x63d)[0x666d61] dbs/5.1-bugteam/libexec/mysqld(_ZN14Item_subselect4execEv+0x8e)[0x6611a4] dbs/5.1-bugteam/libexec/mysqld(_ZN17Item_in_subselect8val_boolEv+0x52)[0x662b86] dbs/5.1-bugteam/libexec/mysqld(_ZN4Item15val_bool_resultEv+0x25)[0x5f4117] dbs/5.1-bugteam/libexec/mysqld(_ZN17Item_in_optimizer7val_intEv+0x29e)[0x625a5c] dbs/5.1-bugteam/libexec/mysqld[0x750614] dbs/5.1-bugteam/libexec/mysqld(_Z10sub_selectP4JOINP13st_join_tableb+0x4d)[0x74db89] dbs/5.1-bugteam/libexec/mysqld[0x74d7ea] dbs/5.1-bugteam/libexec/mysqld(_ZN4JOIN4execEv+0x26bb)[0x7366b5] dbs/5.1-bugteam/libexec/mysqld(_Z12mysql_selectP3THDPPP4ItemP10TABLE_LISTjR4ListIS1_ES2_jP8st_orderSB_S2_SB_yP13select_resultP18st_select_lex_unitP13st_select_lex+0x343)[0x736e77] dbs/5.1-bugteam/libexec/mysqld(_Z13handle_selectP3THDP6st_lexP13select_resultm+0x1c6)[0x72eaac] dbs/5.1-bugteam/libexec/mysqld[0x6cd65d] dbs/5.1-bugteam/libexec/mysqld(_Z21mysql_execute_commandP3THD+0x8de)[0x6c4779] dbs/5.1-bugteam/libexec/mysqld(_Z11mysql_parseP3THDPKcjPS2_+0x2c2)[0x6cfa67] dbs/5.1-bugteam/libexec/mysqld(_Z16dispatch_command19enum_server_commandP3THDPcj+0xd52)[0x6c20a5] dbs/5.1-bugteam/libexec/mysqld(_Z10do_commandP3THD+0x27e)[0x6c105c] dbs/5.1-bugteam/libexec/mysqld(handle_one_connection+0x14c)[0x6bf3b1] /lib64/libpthread.so.0[0x3d6ec06a3a] /lib64/libc.so.6(clone+0x6d)[0x3d6e4de67d] Trying to get some variables. Some pointers may be invalid and cause the dump to abort... thd->query at 0x7f02d0008b48 is an invalid pointer thd->thread_id=2 thd->killed=NOT_KILLED The manual page at http://dev.mysql.com/doc/mysql/en/crashing.html contains information that should help you find out what is causing the crash. [miguel@hegel ~]$
[29 Mar 2010 11:52]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/commits/104549 3426 Sergey Glukhov 2010-03-29 Bug#52336 Segfault / crash in 5.1 copy_fields (param=0x9872980) at sql_select.cc:15355 Two problems fixed: -make_cond_for_table erroneously extracted conditions as a const cond if there is no const tables. -having_value which affectes return_zero_rows() function was not set properly in case of impossible where. @ mysql-test/r/having.result test result @ mysql-test/t/having.test test case @ sql/sql_select.cc Two problems fixed: -make_cond_for_table erroneously extracted conditions as a const cond if there is no const tables. -having_value which affectes return_zero_rows() function was not set properly in case of impossible where.
[31 Mar 2010 6:13]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/commits/104671 3433 Sergey Glukhov 2010-03-30 Bug#52336 Segfault / crash in 5.1 copy_fields (param=0x9872980) at sql_select.cc:15355 The problem is that we can not use make_cond_for_table(). This function relies on used_tables() condition which is not set properly for subqueries. As result subquery is not filtered out. The fix is to use remove_eq_conds() function instead of make_cond_for_table() func. 'remove_eq_conds()' algorithm relies on const_item() value and it allows to handle subqueries in right way @ mysql-test/r/having.result test case @ mysql-test/t/having.test test case @ sql/sql_select.cc The fix is to use remove_eq_conds() function instead of make_cond_for_table() function.
[31 Mar 2010 14:39]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/commits/104726 3433 Sergey Glukhov 2010-03-30 Bug#52336 Segfault / crash in 5.1 copy_fields (param=0x9872980) at sql_select.cc:15355 The problem is that we can not use make_cond_for_table(). This function relies on used_tables() condition which is not set properly for subqueries. As result subquery is not filtered out. The fix is to use remove_eq_conds() function instead of make_cond_for_table() func. 'remove_eq_conds()' algorithm relies on const_item() value and it allows to handle subqueries in right way. @ mysql-test/r/having.result test result @ mysql-test/t/having.test test case @ sql/sql_select.cc The fix is to use remove_eq_conds() function instead of make_cond_for_table() function.
[5 Apr 2010 12:09]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/commits/105021 3443 Sergey Glukhov 2010-04-05 Bug#52336 Segfault / crash in 5.1 copy_fields (param=0x9872980) at sql_select.cc:15355 The problem is that we can not use make_cond_for_table(). This function relies on used_tables() condition which is not set properly for subqueries. As result subquery is not filtered out. The fix is to use remove_eq_conds() function instead of make_cond_for_table() func. 'remove_eq_conds()' algorithm relies on const_item() value and it allows to handle subqueries in right way. @ mysql-test/r/having.result test case @ mysql-test/t/having.test test case @ sql/sql_select.cc The fix is to use remove_eq_conds() function instead of make_cond_for_table() function.
[6 Apr 2010 8:00]
Bugs System
Pushed into 5.1.46 (revid:sergey.glukhov@sun.com-20100405111026-7kz1p8qlzglqgfmu) (version source revid:sergey.glukhov@sun.com-20100405111026-7kz1p8qlzglqgfmu) (merge vers: 5.1.46) (pib:16)
[16 Apr 2010 17:25]
Paul DuBois
Not in any released version. No changelog entry needed.
[28 May 2010 6:13]
Bugs System
Pushed into mysql-next-mr (revid:alik@sun.com-20100524190136-egaq7e8zgkwb9aqi) (version source revid:alik@sun.com-20100422150750-vp0n37kp9ywq5ghf) (pib:16)
[28 May 2010 6:41]
Bugs System
Pushed into 6.0.14-alpha (revid:alik@sun.com-20100524190941-nuudpx60if25wsvx) (version source revid:alik@sun.com-20100422150658-fkhgnwwkyugtxrmu) (merge vers: 6.0.14-alpha) (pib:16)
[28 May 2010 7:09]
Bugs System
Pushed into 5.5.5-m3 (revid:alik@sun.com-20100524185725-c8k5q7v60i5nix3t) (version source revid:alexey.kopytov@sun.com-20100411071742-a2o2anlcrj2bq14q) (merge vers: 5.5.4-m3) (pib:16)
[17 Jun 2010 12:19]
Bugs System
Pushed into 5.1.47-ndb-7.0.16 (revid:martin.skold@mysql.com-20100617114014-bva0dy24yyd67697) (version source revid:vasil.dimov@oracle.com-20100331130613-8ja7n0vh36a80457) (merge vers: 5.1.46) (pib:16)
[17 Jun 2010 13:07]
Bugs System
Pushed into 5.1.47-ndb-6.2.19 (revid:martin.skold@mysql.com-20100617115448-idrbic6gbki37h1c) (version source revid:martin.skold@mysql.com-20100609211156-tsac5qhw951miwtt) (merge vers: 5.1.46-ndb-6.2.19) (pib:16)
[17 Jun 2010 13:47]
Bugs System
Pushed into 5.1.47-ndb-6.3.35 (revid:martin.skold@mysql.com-20100617114611-61aqbb52j752y116) (version source revid:vasil.dimov@oracle.com-20100331130613-8ja7n0vh36a80457) (merge vers: 5.1.46) (pib:16)