Bug #6876 MySQL crashes during a SELECT statement with a sub-query
Submitted: 29 Nov 2004 14:55 Modified: 30 Nov 2004 19:54
Reporter: Olivier Armand Email Updates:
Status: Duplicate Impact on me:
None 
Category:MySQL Server Severity:S1 (Critical)
Version:4.1.7 OS:Windows (Windows 2000)
Assigned to: Assigned Account CPU Architecture:Any

[29 Nov 2004 14:55] Olivier Armand 
Description:
The MySQL client (Ver 12.22 Distrib 4.0.21) returns: "ERROR 2013 at line 6: Lost connection to MySQL server during query"
The MySQL server is run as a Windows service. The message returned by the Windows Event Viewer translated from French would be: "The service MySQL4.1 stopped unexpectedly."
Nothing is written to the "host_name.err" file about the crash.

All the elements of the test-case seem to be important: two tables, the ORDER BY keyword, a sub-query which uses a table (a SELECT (SELECT 1) doesn't make MySQL crash), and non-empty tables.

How to repeat:
CREATE TABLE test1 (a int);
CREATE TABLE test2 (a int);
INSERT INTO test1 (a) VALUES (0);
INSERT INTO test2(a) VALUES (0);
SELECT (SELECT DISTINCT 1 FROM test1)
FROM test1, test2
ORDER BY test1.a;
[29 Nov 2004 15:31] Heikki Tuuri 
Sanja,

this may be the same bug that I assigned to you a few days ago. Below is the gdb stack trace from a few days old 4.1 build.

Regards,

Heikki

heikki@hundin:~/mysql-4.1/sql> gdb mysqld
GNU gdb 6.0
Copyright 2003 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i686-pc-linux-gnu"...
(gdb) run
Starting program: /home/heikki/mysql-4.1/sql/mysqld
[New Thread 16384 (LWP 28794)]
[New Thread 32769 (LWP 28796)]
[New Thread 16386 (LWP 28797)]
[New Thread 32771 (LWP 28798)]
[New Thread 49156 (LWP 28799)]
[New Thread 65541 (LWP 28800)]
041129 17:00:02  InnoDB: Database was not shut down normally!
InnoDB: Starting crash recovery.
InnoDB: Reading tablespace information from the .ibd files...
InnoDB: Restoring possible half-written data pages from the doublewrite
InnoDB: buffer...
041129 17:00:03  InnoDB: Starting log scan based on checkpoint at
InnoDB: log sequence number 1 65303976.
InnoDB: Doing recovery: scanned up to log sequence number 1 65303976
InnoDB: Last MySQL binlog file position 0 334, file name ./binlog.000018
041129 17:00:03  InnoDB: Flushing modified pages from the buffer pool...
[New Thread 81926 (LWP 28801)]
[New Thread 98311 (LWP 28802)]
[New Thread 114696 (LWP 28803)]
041129 17:00:03  InnoDB: Started; log sequence number 1 65303976
[New Thread 131081 (LWP 28804)]
041129 17:00:03 [Warning] mysql.user table is not updated to new password format
; Disabling new password usage until mysql_fix_privilege_tables is run
/home/heikki/mysql-4.1/sql/mysqld: ready for connections.
Version: '4.1.8-debug-log'  socket: '/home/heikki/bugsocket'  port: 3307  Source
 distribution
[New Thread 147466 (LWP 28818)]
InnoDB: Error: MySQL is trying to perform a SELECT
InnoDB: but it has not locked any tables in ::external_lock()!
TRANSACTION 0 1644032, not started, process no 28818, OS thread id 147466, threa
d declared inside InnoDB 500
MySQL thread id 1, query id 1 localhost heikki Copying to tmp table
SELECT (SELECT DISTINCT 1 FROM test1) FROM test1, test2 ORDER BY test1.a

041129 17:00:11InnoDB: Assertion failure in thread 147466 in file row0sel.c line
 2851
InnoDB: Failing assertion: 0
InnoDB: We intentionally generate a memory trap.
InnoDB: Submit a detailed bug report to http://bugs.mysql.com.
InnoDB: If you get repeated assertion failures or crashes, even
InnoDB: immediately after the mysqld startup, there may be
InnoDB: corruption in the InnoDB tablespace. Please refer to
InnoDB: http://dev.mysql.com/doc/mysql/en/Forcing_recovery.html
InnoDB: about forcing recovery.

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 147466 (LWP 28818)]
0x0827b99c in row_search_for_mysql (buf=0x862a958 "ÿ", mode=1,
    prebuilt=0x4027d668, match_mode=0, direction=0) at row0sel.c:2851
2851                    ut_a(0);
Current language:  auto; currently c
(gdb) bt
#0  0x0827b99c in row_search_for_mysql (buf=0x862a958 "ÿ", mode=1,
    prebuilt=0x4027d668, match_mode=0, direction=0) at row0sel.c:2851
#1  0x08201bca in ha_innobase::index_read(char*, char const*, unsigned, ha_rkey_
function) (this=0x862a850, buf=0x0, key_ptr=0x0, key_len=0,
    find_flag=HA_READ_AFTER_KEY) at ha_innodb.cc:3015
#2  0x082020a1 in ha_innobase::index_first(char*) (this=0x862a850, buf=0x0)
    at ha_innodb.cc:3254
#3  0x08202231 in ha_innobase::rnd_next(char*) (this=0x862a850,
    buf=0x862a958 "ÿ") at ha_innodb.cc:3346
#4  0x081f18c5 in rr_sequential (info=0x862b42c) at records.cc:206
#5  0x081b1d3f in join_init_read_record (tab=0x862b408) at sql_select.cc:6202
#6  0x081b0fea in sub_select (join=0x8619700, join_tab=0x862b408,
    end_of_records=false) at sql_select.cc:5766
#7  0x081b0cae in do_select (join=0x8619700, fields=0x862b408,
    table=0x8651258, procedure=0x0) at sql_select.cc:5674
#8  0x081a546a in JOIN::exec() (this=0x8619700) at sql_select.cc:1131
#9  0x08139eea in subselect_single_select_engine::exec() (this=0x8618990)
    at item_subselect.cc:1250
#10 0x081368e4 in Item_subselect::exec() (this=0x8618908)
    at item_subselect.cc:200
#11 0x0813741a in Item_singlerow_subselect::val_int() (this=0x8618908)
    at item_subselect.cc:456
#12 0x080e819c in Item::send(Protocol*, String*) (this=0x8618908,
    protocol=0x861b41c, buffer=0x4c2dd06c) at item.cc:1976
#13 0x0815395b in select_send::send_data(List<Item>&) (this=0x8618cf8,
    items=@0x0) at sql_class.cc:821
#14 0x081b21ab in end_send (join=0x8618d08, join_tab=0x862b198,
    end_of_records=false) at sql_select.cc:6366
#15 0x081b10a3 in sub_select (join=0x8618d08, join_tab=0x862b058,
    end_of_records=false) at sql_select.cc:5790
#16 0x081b0cae in do_select (join=0x8618d08, fields=0x862b058, table=0x0,
    procedure=0x0) at sql_select.cc:5674
#17 0x081a6513 in JOIN::exec() (this=0x8618d08) at sql_select.cc:1463
#18 0x081a6980 in mysql_select(THD*, Item***, st_table_list*, unsigned, List<Ite
m>&, Item*, unsigned, st_order*, st_order*, Item*, st_order*, unsigned long, sel
ect_result*, st_select_lex_unit*, st_select_lex*) (thd=0x861ac48,
    rref_pointer_array=0x861ae58, tables=0x8618a40, wild_num=0, fields=@0x0,
    conds=0x0, og_num=1, order=0x8618ba0, group=0x0, having=0x0,
    proc_param=0x0, select_options=8669696, result=0x8618cf8, unit=0x861ac90,
    select_lex=0x861ad70) at sql_select.cc:1584
#19 0x081a2c3f in handle_select(THD*, st_lex*, select_result*) (thd=0x861ac48,
    lex=0x861ac84, result=0x8618cf8) at sql_select.cc:182
#20 0x08179bdb in mysql_execute_command(THD*) (thd=0x861ac48)
    at sql_parse.cc:2009
#21 0x0817f087 in mysql_parse(THD*, char*, unsigned) (thd=0x861ac48,
    inBuf=0x86185b8 "SELECT (SELECT DISTINCT 1 FROM test1) FROM test1, test2 ORD
ER BY test1.a", length=140618884) at sql_parse.cc:4074
#22 0x08178560 in dispatch_command(enum_server_command, THD*, char*, unsigned)
    (command=COM_QUERY, thd=0x861ac48, packet=0x8614581 "", packet_length=73)
    at sql_parse.cc:1466
#23 0x08177e7f in do_command(THD*) (thd=0x861ac48) at sql_parse.cc:1280
#24 0x0817737b in handle_one_connection (arg=0x0) at sql_parse.cc:1024
#25 0x40062f60 in pthread_start_thread () from /lib/i686/libpthread.so.0
#26 0x400630fe in pthread_start_thread_event () from /lib/i686/libpthread.so.0
#27 0x401f5327 in clone () from /lib/i686/libc.so.6
(gdb)
[30 Nov 2004 19:54] Oleksandr Byelkin 
Thank you for bugreport!  
Heikki is right cause of this bug is the same as for bug #6841. 
You can track bugfixing progress using that bug record.