Drizzle

Crash / segfault in in drizzled::optimizer::SqlSelect::cleanup (this=0x3f1) at drizzled/optimizer/range.cc:388

Bug #628419 reported by Patrick Crews on 2010-09-01

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Drizzle	Fix Released	High	Andrew Hutchings	Drizzle 2010-09-13
	7.0	Fix Released	High	Andrew Hutchings	Drizzle 2010-09-13

Bug Description

Crashing bug on this query:
SELECT X . `col_int_key` FROM `c` AS X LEFT JOIN `a` AS Y USING ( `col_enum_key` ) WHERE X . `col_enum_key` = ( SELECT `col_int_not_null_key` FROM `aa` WHERE `pk` = 5 ) LIMIT 8

Backtrace:

Program terminated with signal 11, Segmentation fault.
#0 0x0000000000733bbe in drizzled::optimizer::SqlSelect::cleanup (this=0x3f1) at drizzled/optimizer/range.cc:388
388 delete quick;
(gdb) backtrace
#0 0x0000000000733bbe in drizzled::optimizer::SqlSelect::cleanup (this=0x3f1) at drizzled/optimizer/range.cc:388
#1 0x0000000000733cb7 in ~SqlSelect (this=0x3f1, __in_chrg=<value optimized out>) at drizzled/optimizer/range.cc:402
#2 0x00000000007c118c in drizzled::JoinTable::cleanup (this=0x2a39568) at drizzled/sql_select.cc:1460
#3 0x00000000006f3e9b in drizzled::Join::cleanup (this=0x29d8b48, full=true) at drizzled/join.cc:1915
#4 0x00000000006f39f4 in drizzled::Join::destroy (this=0x29d8b48) at drizzled/join.cc:1736
#5 0x00000000007dde3b in drizzled::Select_Lex::cleanup (this=0x2963e38) at drizzled/sql_union.cc:711
#6 0x00000000007be835 in drizzled::mysql_select (session=0x29631c0, rref_pointer_array=0x2963ff0, tables=0x2918020, wild_num=0, fields=..., conds=0x29190e8, og_num=0,
    order=0x0, group=0x0, having=0x0, select_options=2147500032, result=0x29d8b28, unit=0x2963c38, select_lex=0x2963e38) at drizzled/sql_select.cc:439
#7 0x00000000007be071 in drizzled::handle_select (session=0x29631c0, lex=0x2963c18, result=0x29d8b28, setup_tables_done_option=0) at drizzled/sql_select.cc:146
#8 0x00000000007ba67b in drizzled::execute_sqlcom_select (session=0x29631c0, all_tables=0x2918020) at drizzled/sql_parse.cc:544
#9 0x0000000000813ebb in drizzled::statement::Select::execute (this=0x2921f30) at drizzled/statement/select.cc:32
#10 0x00000000007ba206 in mysql_execute_command (session=0x29631c0) at drizzled/sql_parse.cc:479
#11 0x00000000007bafc8 in drizzled::mysql_parse (session=0x29631c0,
    inBuf=0x28fc548 "SELECT X . `col_int_key` FROM `c` AS X LEFT JOIN `a` AS Y USING ( `col_enum_key` ) WHERE X . `col_enum_key` = ( SELECT `col_int_not_null_key` FROM `aa` WHERE `pk` = 5 ) LIMIT 8", length=176) at drizzled/sql_parse.cc:750
#12 0x00000000007b9b5a in drizzled::dispatch_command (command=drizzled::COM_QUERY, session=0x29631c0,
    packet=0x2956a01 "SELECT X . `col_int_key` FROM `c` AS X LEFT JOIN `a` AS Y USING ( `col_enum_key` ) WHERE X . `col_enum_key` = ( SELECT `col_int_not_null_key` FROM `aa` WHERE `pk` = 5 ) LIMIT 8", packet_length=176) at drizzled/sql_parse.cc:224
#13 0x000000000077d2e3 in drizzled::Session::executeStatement (this=0x29631c0) at drizzled/session.cc:666
#14 0x000000000077cb8f in drizzled::Session::run (this=0x29631c0) at drizzled/session.cc:522
#15 0x00007f80559c3b54 in MultiThreadScheduler::runSession (this=0x28dfdd0, session=0x29631c0) at ./plugin/multi_thread/multi_thread.h:67
#16 0x00007f80559c19e2 in session_thread (arg=0x29631c0) at plugin/multi_thread/multi_thread.cc:52
#17 0x00007f80596d19ca in start_thread (arg=<value optimized out>) at pthread_create.c:300
#18 0x00007f805942e6fd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#19 0x0000000000000000 in ?? ()

Related branches

lp:~linuxjedi/drizzle/drizzle-bug-628419

Merged into lp:~drizzle-trunk/drizzle/development at revision 1749

Patrick Crews: Approve on 2010-09-07

Revision history for this message

Patrick Crews (patrick-crews) wrote on 2010-09-01:

Strangely enough, this crashes every time with the randgen, but is not working when I try to produce a test case for the test-suite.
The same query and data produces this error (rather than full-on crash):

drizzletest: At line 135: query 'SELECT X . `col_int_key` FROM `c` AS X LEFT JOIN `a` AS Y USING ( `col_enum_key` ) WHERE X . `col_enum_key` = ( SELECT `col_int_not_null_key` FROM `aa` WHERE `pk` = 5 ) LIMIT 8 ' failed: 1691: Received an invalid enum value '1963982848'.

Revision history for this message

Patrick Crews (patrick-crews) wrote on 2010-09-01:

Download full text (9.1 KiB)

randgen command line:
./gentest.pl --dsn=dbi:drizzle:host=localhost:port=9306:user=root:password=:database=test --threads=1 --engine=Innodb --gendata=conf/drizzle/drizzle.zz --grammar=conf/engines/engine_stress.yy --debug --queries=100000 --threads=1

You can also put the offending query into a randgen grammar by itself and it will crash immediately (leave other values the same).

test-suite test case:

--disable_warnings
DROP TABLE IF EXISTS `a`;
DROP TABLE IF EXISTS `c`;
DROP TABLE IF EXISTS `aa`;
--enable_warnings

CREATE TABLE `a` (
  `col_bigint` bigint DEFAULT NULL,
  `col_enum_not_null` enum('a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z') NOT NULL,
  `col_enum_not_null_key` enum('a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z') NOT NULL,
  `col_int_key` int DEFAULT NULL,
  `col_bigint_not_null` bigint NOT NULL,
  `col_enum` enum('a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z') DEFAULT NULL,
  `col_text_not_null` text NOT NULL,
  `col_char_10_key` varchar(10) DEFAULT NULL,
  `col_int` int DEFAULT NULL,
  `col_char_1024` varchar(1024) DEFAULT NULL,
  `col_char_10_not_null_key` varchar(10) NOT NULL,
  `pk` int NOT NULL AUTO_INCREMENT,
  `col_enum_key` enum('a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z') DEFAULT NULL,
  `col_char_1024_not_null_key` varchar(1024) NOT NULL,
  `col_char_10` varchar(10) DEFAULT NULL,
  `col_char_1024_key` varchar(1024) DEFAULT NULL,
  `col_text` text,
  `col_text_not_null_key` text NOT NULL,
  `col_bigint_not_null_key` bigint NOT NULL,
  `col_char_1024_not_null` varchar(1024) NOT NULL,
  `col_int_not_null` int NOT NULL,
  `col_int_not_null_key` int NOT NULL,
  `col_char_10_not_null` varchar(10) NOT NULL,
  `col_text_key` text,
  `col_bigint_key` bigint DEFAULT NULL,
  PRIMARY KEY (`pk`),
  KEY `col_enum_not_null_key` (`col_enum_not_null_key`),
  KEY `col_int_key` (`col_int_key`),
  KEY `col_char_10_key` (`col_char_10_key`),
  KEY `col_char_10_not_null_key` (`col_char_10_not_null_key`),
  KEY `col_enum_key` (`col_enum_key`),
  KEY `col_char_1024_not_null_key` (`col_char_1024_not_null_key`(255)),
  KEY `col_char_1024_key` (`col_char_1024_key`(255)),
  KEY `col_text_not_null_key` (`col_text_not_null_key`(255)),
  KEY `col_bigint_not_null_key` (`col_bigint_not_null_key`),
  KEY `col_int_not_null_key` (`col_int_not_null_key`),
  KEY `col_text_key` (`col_text_key`(255)),
  KEY `col_bigint_key` (`col_bigint_key`)
) ENGINE=InnoDB COLLATE = utf8_general_ci;

ALTER TABLE `a` DISABLE KEYS;
ALTER TABLE `a` ENABLE KEYS;

randgen command line:
./gentest.pl --dsn=dbi:drizzle:host=localhost:port=9306:user=root:password=:database=test  --threads=1 --engine=Innodb --gendata=conf/drizzle/drizzle.zz --grammar=conf/engines/engine_stress.yy --debug --queries=100000 --threads=1

You can also put the offending query into a randgen grammar by itself and it will crash immediately (leave other values the same).

test-suite test case:

--disable_warnings
DROP TABLE IF EXISTS `a`;
DROP TABLE IF EXISTS `c`;
DROP TABLE IF EXISTS `aa`;
--enable_warnings

ALTER TABLE `a` DISABLE KEYS;
ALTER TABLE `a` ENABLE KEYS;

CREATE TABLE `c` (
  `pk` int NOT NULL AUTO_INCREMENT,
  `col_int_key` int DEFAULT NULL,
  `col_text_not_null_key` text NOT NULL,
  `col_bigint_key` bigint DEFAULT NULL,
  `col_char_10_not_null` varchar(10) NOT NULL,
  `col_text_key` text,
  `col_char_10_not_null_key` varchar(10) NOT NULL,
  `col_enum` enum('a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z') DEFAULT NULL,
  `col_text_not_null` text NOT NULL,
  `col_enum_key` enum('a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z') DEFAULT NULL,
  `col_bigint_not_null_key` bigint NOT NULL,
  `col_enum_not_null` enum('a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z') NOT NULL,
  `col_int_not_null_key` int NOT NULL,
  `col_char_1024` varchar(1024) DEFAULT NULL,
  `col_int` int DEFAULT NULL,
  `col_text` text,
  `col_enum_not_null_key` enum('a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z') NOT NULL,
  `col_char_10` varchar(10) DEFAULT NULL,
  `col_bigint_not_null` bigint NOT NULL,
  `col_int_not_null` int NOT NULL,
  `col_char_1024_not_null` varchar(1024) NOT NULL,
  `col_char_1024_not_null_key` varchar(1024) NOT NULL,
  `col_char_10_key` varchar(10) DEFAULT NULL,
  `col_char_1024_key` varchar(1024) DEFAULT NULL,
  `col_bigint` bigint DEFAULT NULL,
  PRIMARY KEY (`pk`),
  KEY `col_int_key` (`col_int_key`),
  KEY `col_text_not_null_key` (`col_text_not_null_key`(255)),
  KEY `col_bigint_key` (`col_bigint_key`),
  KEY `col_text_key` (`col_text_key`(255)),
  KEY `col_char_10_not_null_key` (`col_char_10_not_null_key`),
  KEY `col_enum_key` (`col_enum_key`),
  KEY `col_bigint_not_null_key` (`col_bigint_not_null_key`),
  KEY `col_int_not_null_key` (`col_int_not_null_key`),
  KEY `col_enum_not_null_key` (`col_enum_not_null_key`),
  KEY `col_char_1024_not_null_key` (`col_char_1024_not_null_key`(255)),
  KEY `col_char_10_key` (`col_char_10_key`),
  KEY `col_char_1024_key` (`col_char_1024_key`(255))
) ENGINE=InnoDB COLLATE = utf8_general_ci;

ALTER TABLE `c` DISABLE KEYS;
INSERT INTO `c` VALUES (1,NULL,'',2,'t',NULL,'d','v','','h',3251880405938208768,'v',0,'q',NULL,NULL,'n','h',1,6,'look','TYZGK','b','JRKMQ',NULL);
ALTER TABLE `c` ENABLE KEYS;

CREATE TABLE `aa` (
  `pk` int NOT NULL AUTO_INCREMENT,
  `col_char_10` varchar(10) DEFAULT NULL,
  `col_bigint` bigint DEFAULT NULL,
  `col_text` text,
  `col_char_10_key` varchar(10) DEFAULT NULL,
  `col_char_10_not_null` varchar(10) NOT NULL,
  `col_char_1024` varchar(1024) DEFAULT NULL,
  `col_int` int DEFAULT NULL,
  `col_enum_not_null_key` enum('a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z') NOT NULL,
  `col_enum` enum('a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z') DEFAULT NULL,
  `col_bigint_not_null_key` bigint NOT NULL,
  `col_char_1024_not_null_key` varchar(1024) NOT NULL,
  `col_int_not_null_key` int NOT NULL,
  `col_bigint_not_null` bigint NOT NULL,
  `col_char_1024_not_null` varchar(1024) NOT NULL,
  `col_char_10_not_null_key` varchar(10) NOT NULL,
  `col_int_key` int DEFAULT NULL,
  `col_text_not_null` text NOT NULL,
  `col_char_1024_key` varchar(1024) DEFAULT NULL,
  `col_enum_not_null` enum('a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z') NOT NULL,
  `col_bigint_key` bigint DEFAULT NULL,
  `col_text_key` text,
  `col_text_not_null_key` text NOT NULL,
  `col_int_not_null` int NOT NULL,
  `col_enum_key` enum('a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z') DEFAULT NULL,
  PRIMARY KEY (`pk`),
  KEY `col_char_10_key` (`col_char_10_key`),
  KEY `col_enum_not_null_key` (`col_enum_not_null_key`),
  KEY `col_bigint_not_null_key` (`col_bigint_not_null_key`),
  KEY `col_char_1024_not_null_key` (`col_char_1024_not_null_key`(255)),
  KEY `col_int_not_null_key` (`col_int_not_null_key`),
  KEY `col_char_10_not_null_key` (`col_char_10_not_null_key`),
  KEY `col_int_key` (`col_int_key`),
  KEY `col_char_1024_key` (`col_char_1024_key`(255)),
  KEY `col_bigint_key` (`col_bigint_key`),
  KEY `col_text_key` (`col_text_key`(255)),
  KEY `col_text_not_null_key` (`col_text_not_null_key`(255)),
  KEY `col_enum_key` (`col_enum_key`)
) ENGINE=InnoDB COLLATE = utf8_general_ci;

ALTER TABLE `aa` DISABLE KEYS;
INSERT INTO `aa` VALUES (1,'t',NULL,NULL,'ZDPHP','what','w',9,'s','u',-6388637546401759232,'well',-523436032,-8847321467969339392,'think','at',2071265280,'','LPUJD','o',NULL,NULL,'',-1974206464,'w');
INSERT INTO `aa` VALUES (2,'JULPJ',7,NULL,'AIJUR','of','n',-1692139520,'p','u',5,'on',1,4369336063479513088,'were','VDMDI',1,'','don\'t','j',NULL,NULL,'',3,'f');
INSERT INTO `aa` VALUES (3,'here',NULL,NULL,'NEMIU','a','r',4,'n','u',1,'ASUNK',621543424,-4336122016227655680,'SDQKX','WPTIG',NULL,'','think','i',-2842897264777625600,NULL,'',-274595840,'v');
INSERT INTO `aa` VALUES (4,'didn\'t',6,NULL,'HMHFF','BYTHJ','PUKQU',9,'o','n',-9123448420122492928,'d',880148480,-2739595948324814848,'TQVBJ','your',1734213632,'','on','o',NULL,NULL,'',295501824,'d');
INSERT INTO `aa` VALUES (5,'the',4,NULL,'XIXMV','w','not',-1091567616,'b','w',9,'m',1963982848,1417789457691574272,'t','q',1505558528,'','YTUNQ','v',3557843705622691840,NULL,'',9,'q');
INSERT INTO `aa` VALUES (6,'UYRFL',5333950808666931200,NULL,'k','QPWUT','NZDDR',126156800,'c','o',6,'to',8,7526922352219652096,'l','OOQXU',8,'','o','d',-4628011567076605952,NULL,'',2,'d');
INSERT INTO `aa` VALUES (7,'is',NULL,NULL,'GJZBY','as','have',534904832,'p','q',5,'t',1445462016,8631711635808976896,'just','RDODX',NULL,'','so','f',-5755881798756204544,NULL,'',-1601306624,'g');
INSERT INTO `aa` VALUES (8,'f',-941533797097144320,NULL,'UGMMS','hey','OGLVA',8,'i','j',5903374686552588288,'m',0,-840765755434729472,'we','e',-1685520384,'','get','c',NULL,NULL,'',-1770323968,'v');
INSERT INTO `aa` VALUES (9,'KKWBL',NULL,NULL,'p','TWEJA','didn\'t',NULL,'f','l',2,'USQVA',-747241472,-4598175219545276416,'v','FEKXH',NULL,'','l','e',NULL,NULL,'',256311296,'e');
INSERT INTO `aa` VALUES (10,'g',NULL,NULL,'RMZLQ','e','t',NULL,'p','g',-3207125884641214464,'FUBQO',6,8817766595414720512,'going','GTHOM',-1431502848,'','h','g',-5719290051783819264,NULL,'',4,'c');
ALTER TABLE `aa` ENABLE KEYS;

SELECT X . `col_int_key` FROM `c` AS X LEFT JOIN `a` AS Y USING ( `col_enum_key` ) WHERE X . `col_enum_key` = ( SELECT `col_int_not_null_key` FROM `aa` WHERE `pk` = 5 ) LIMIT 8 ;

DROP TABLE `a`,`c`,`aa`;

Changed in drizzle:
status:	New → Confirmed

Revision history for this message

Patrick Crews (patrick-crews) wrote on 2010-09-01:

It might be possible that this is due to an issue with dbd-drizzle.

Similar backtrace was seen for a different crash.

This doesn't explain the lack of dbd-drizzle crash output, but it would account for why test-run.pl is able to handle this query, but the randgen fails (possibly the error code isn't handled correctly?)

Revision history for this message

Andrew Hutchings (linuxjedi) wrote on 2010-09-06:

Most likely cause is session->is_error() has not been cleared from the previous query. Then an un-used join condition is cleared in mysql_select causing segfault.

If I'm right we need to find what is dbd-drizzle does differently so that errors are not cleared and make sure the 'quick' pointer is handled nicely, I see another (unlikely) case where a segfault with this variable can happen too..

Changed in drizzle:
assignee:	nobody → Andrew Hutchings (linuxjedi)
importance:	Undecided → High

Report a bug

This report contains Public information

Everyone can see this information.

Duplicates of this bug

Bug #632665

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.