Details
Major
Description
Certain datasets and queries result in a crash (segv) of the mysqld daemon.
I will attach a dataset that can be used to reproduce the issue.
The following query can then be run on the data to reproduce the crash:
SELECT COUNT(*) FROM points INNER JOIN entries USING(entry_id) WHERE point_valid AND element_id=2 AND Contains(PolyFromText('POLYGON((-0.32274092990144 52.153573199526,0.76983859527361 51.180702899733,-1.2134199194054 50.962667621632,-0.32274092990144 52.153573199526))'),point);
The following backtrace was generated (in 5.5.23):
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7f42f3621700 (LWP 22847)]
0x00007f42f182d7a0 in __memcpy_ssse3 () from /lib64/libc.so.6
(gdb) bt
#0 0x00007f42f182d7a0 in __memcpy_ssse3 () from /lib64/libc.so.6
#1 0x00000000006c9bf1 in Field_blob::get_key_image (this=<optimized out>, buff=0x7f429831e080 " ", length=32, type_arg=<optimized out>) at /usr/include/bits/string3.h:52
#2 0x000000000079df71 in key_copy (to_key=0x7f429831e080 " ", from_record=0x7f429827a3e8 "\251\004'34\222\262?\251\004'34\222\262?j\036\035<\001\vJ@j\036\035<\001\vJ@J\001",
key_info=<optimized out>, key_length=32, with_zerofill=false) at /usr/src/debug/mariadb-5.5.23/sql/key.cc:146
#3 0x00000000007e2d4d in QUICK_ROR_INTERSECT_SELECT::get_next (this=0x7f4298313b40) at /usr/src/debug/mariadb-5.5.23/sql/opt_range.cc:10738
#4 0x00000000007eadd6 in rr_quick (info=0x7f42983187b8) at /usr/src/debug/mariadb-5.5.23/sql/records.cc:339
#5 0x00000000005d6dd9 in sub_select (join=0x7f42982ede88, join_tab=0x7f4298318708, end_of_records=<optimized out>) at /usr/src/debug/mariadb-5.5.23/sql/sql_select.cc:15946
#6 0x00000000005df1cf in do_select (join=0x7f42982ede88, fields=0x0, table=0x7f4298314148, procedure=0x0) at /usr/src/debug/mariadb-5.5.23/sql/sql_select.cc:15619
#7 0x00000000005ef9f2 in JOIN::exec (this=0x7f42982ede88) at /usr/src/debug/mariadb-5.5.23/sql/sql_select.cc:2357
#8 0x00000000005f1472 in mysql_select (thd=0x42ee100, rref_pointer_array=<optimized out>, tables=<optimized out>, wild_num=1, fields=<optimized out>, conds=<optimized out>, og_num=3,
order=0x7f42982de038, group=0x7f42982ddd88, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7f42982de158, unit=0x42f02d8, select_lex=0x42f09b0)
at /usr/src/debug/mariadb-5.5.23/sql/sql_select.cc:3003
#9 0x00000000005f57c4 in handle_select (thd=0x42ee100, lex=0x42f0228, result=0x7f42982de158, setup_tables_done_option=0) at /usr/src/debug/mariadb-5.5.23/sql/sql_select.cc:310
#10 0x00000000005a3754 in execute_sqlcom_select (thd=0x42ee100, all_tables=0x7f42982c25c0) at /usr/src/debug/mariadb-5.5.23/sql/sql_parse.cc:4616
#11 0x00000000005abb16 in mysql_execute_command (thd=0x42ee100) at /usr/src/debug/mariadb-5.5.23/sql/sql_parse.cc:2184
#12 0x00000000005b0e16 in mysql_parse (parser_state=0x7f42f36209c0, thd=0x42ee100, rawbuf=<optimized out>, length=<optimized out>)
at /usr/src/debug/mariadb-5.5.23/sql/sql_parse.cc:5731
#13 mysql_parse (thd=0x42ee100, rawbuf=<optimized out>, length=<optimized out>, parser_state=0x7f42f36209c0) at /usr/src/debug/mariadb-5.5.23/sql/sql_parse.cc:5656
#14 0x00000000005b2363 in dispatch_command (command=COM_QUERY, thd=0x42ee100,
packet=0x42f1ab1 "SELECT suppliers.*, members.name, loc_tn6.tree_node_id AS loc_tree_node_id, (ACOS(\n SIN(RADIANS(Y(egep.point))) * SIN(RADIANS(51.428643469796))\n + COS(RADIANS(Y(egep.point))) * COS(RADIANS(51.4"..., packet_length=4083288744) at /usr/src/debug/mariadb-5.5.23/sql/sql_parse.cc:1055
#15 0x000000000065e9b7 in do_handle_one_connection (thd_arg=<optimized out>) at /usr/src/debug/mariadb-5.5.23/sql/sql_connect.cc:1253
#16 0x000000000065eac0 in handle_one_connection (arg=0x42ee100) at /usr/src/debug/mariadb-5.5.23/sql/sql_connect.cc:1168
#17 0x00007f42f2cc8b99 in start_thread () from /lib64/libpthread.so.0
#18 0x00007f42f17e50cd in clone () from /lib64/libc.so.6
#19 0x0000000000000000 in ?? ()
(gdb) bt full
#0 0x00007f42f182d7a0 in __memcpy_ssse3 () from /lib64/libc.so.6
No symbol table info available.
#1 0x00000000006c9bf1 in Field_blob::get_key_image (this=<optimized out>, buff=0x7f429831e080 " ", length=32, type_arg=<optimized out>) at /usr/include/bits/string3.h:52
def_temp = 32
blob_length = 32
blob = 0x3c1d1e6a3fb29234 <Address 0x3c1d1e6a3fb29234 out of bounds>
local_char_length = <optimized out>
#2 0x000000000079df71 in key_copy (to_key=0x7f429831e080 " ", from_record=0x7f429827a3e8 "\251\004'34\222\262?\251\004'34\222\262?j\036\035<\001\vJ@j\036\035<\001\vJ@J\001",
key_info=<optimized out>, key_length=32, with_zerofill=false) at /usr/src/debug/mariadb-5.5.23/sql/key.cc:146
bytes = <optimized out>
length = 32
key_part = 0x7f42982847c0
#3 0x00000000007e2d4d in QUICK_ROR_INTERSECT_SELECT::get_next (this=0x7f4298313b40) at /usr/src/debug/mariadb-5.5.23/sql/opt_range.cc:10738
quick = 0x7f42982cf200
last_rowid_count = <optimized out>
quick_it = {<base_list_iterator> = {list = 0x7f4298313b80, el = 0x7f429831b5b8, prev = <optimized out>, current = <optimized out>}, <No data fields>}
qr = <optimized out>
error = 0
cmp = <optimized out>
#4 0x00000000007eadd6 in rr_quick (info=0x7f42983187b8) at /usr/src/debug/mariadb-5.5.23/sql/records.cc:339
tmp = <optimized out>
#5 0x00000000005d6dd9 in sub_select (join=0x7f42982ede88, join_tab=0x7f4298318708, end_of_records=<optimized out>) at /usr/src/debug/mariadb-5.5.23/sql/sql_select.cc:15946
error = <optimized out>
rc = <optimized out>
info = 0x7f42983187b8
skip_over = <optimized out>
#6 0x00000000005df1cf in do_select (join=0x7f42982ede88, fields=0x0, table=0x7f4298314148, procedure=0x0) at /usr/src/debug/mariadb-5.5.23/sql/sql_select.cc:15619
rc = 0
error = NESTED_LOOP_OK
join_tab = 0x7f4298318708
end_select = 0x5e46c0 <end_write(JOIN*, JOIN_TAB*, bool)>
#7 0x00000000005ef9f2 in JOIN::exec (this=0x7f42982ede88) at /usr/src/debug/mariadb-5.5.23/sql/sql_select.cc:2357
save_proc = 0x0
columns_list = <optimized out>
__FUNCTION__ = "exec"
curr_join = 0x7f42982ede88
tmp_error = <optimized out>
curr_all_fields = 0x7f42982ee178
curr_fields_list = 0x42f0ac0
curr_tmp_table = 0x7f4298314148
#8 0x00000000005f1472 in mysql_select (thd=0x42ee100, rref_pointer_array=<optimized out>, tables=<optimized out>, wild_num=1, fields=<optimized out>, conds=<optimized out>, og_num=3,
order=0x7f42982de038, group=0x7f42982ddd88, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7f42982de158, unit=0x42f02d8, select_lex=0x42f09b0)
at /usr/src/debug/mariadb-5.5.23/sql/sql_select.cc:3003
err = <optimized out>
free_join = true
join = 0x7f42982ede88
__FUNCTION__ = "mysql_select"
#9 0x00000000005f57c4 in handle_select (thd=0x42ee100, lex=0x42f0228, result=0x7f42982de158, setup_tables_done_option=0) at /usr/src/debug/mariadb-5.5.23/sql/sql_select.cc:310
unit = 0x42f02d8
res = <optimized out>
select_lex = 0x42f09b0
#10 0x00000000005a3754 in execute_sqlcom_select (thd=0x42ee100, all_tables=0x7f42982c25c0) at /usr/src/debug/mariadb-5.5.23/sql/sql_parse.cc:4616
---Type <return> to continue, or q <return> to quit---
lex = 0x42f0228
result = 0x7f42982de158
res = <optimized out>
#11 0x00000000005abb16 in mysql_execute_command (thd=0x42ee100) at /usr/src/debug/mariadb-5.5.23/sql/sql_parse.cc:2184
privileges_requested = <optimized out>
up_result = 0
lex = 0x42f0228
select_lex = 0x42f09b0
first_table = 0x7f42982c25c0
unit = 0x42f02d8
__FUNCTION__ = "mysql_execute_command"
res = <optimized out>
all_tables = 0x7f42982c25c0
have_table_map_for_update = false
#12 0x00000000005b0e16 in mysql_parse (parser_state=0x7f42f36209c0, thd=0x42ee100, rawbuf=<optimized out>, length=<optimized out>)
at /usr/src/debug/mariadb-5.5.23/sql/sql_parse.cc:5731
found_semicolon = <optimized out>
lex = 0x42f0228
err = <optimized out>
error = <optimized out>
#13 mysql_parse (thd=0x42ee100, rawbuf=<optimized out>, length=<optimized out>, parser_state=0x7f42f36209c0) at /usr/src/debug/mariadb-5.5.23/sql/sql_parse.cc:5656
No locals.
#14 0x00000000005b2363 in dispatch_command (command=COM_QUERY, thd=0x42ee100,
packet=0x42f1ab1 "SELECT suppliers.*, members.name, loc_tn6.tree_node_id AS loc_tree_node_id, (ACOS(\n SIN(RADIANS(Y(egep.point))) * SIN(RADIANS(51.428643469796))\n + COS(RADIANS(Y(egep.point))) * COS(RADIANS(51.4"..., packet_length=4083288744) at /usr/src/debug/mariadb-5.5.23/sql/sql_parse.cc:1055
packet_end = <optimized out>
parser_state = {m_lip = {m_thd = 0x42ee100, yylineno = 7, yytoklen = 1, yylval = 0x7f42f361f470, lookahead_token = -1, lookahead_yylval = 0x0, m_ptr = 0x7f4298005796 "\r",
m_tok_start = 0x7f4298005796 "\r", m_tok_end = 0x7f4298005796 "\r", m_end_of_query = 0x7f4298005795 "", m_tok_start_prev = 0x7f4298005795 "",
m_buf = 0x7f4298004c98 "SELECT suppliers.*, members.name, loc_tn6.tree_node_id AS loc_tree_node_id, (ACOS(\n SIN(RADIANS(Y(egep.point))) * SIN(RADIANS(51.428643469796))\n + COS(RADIANS(Y(egep.point))) * COS(RADIANS(51.4"..., m_buf_length = 2813, m_echo = true, m_echo_saved = false,
m_cpp_buf = 0x7f4298005800 "SELECT suppliers.*, members.name, loc_tn6.tree_node_id AS loc_tree_node_id, (ACOS(\n SIN(RADIANS(Y(egep.point))) * SIN(RADIANS(51.428643469796))\n + COS(RADIANS(Y(egep.point))) * COS(RADIANS(51.4"..., m_cpp_ptr = 0x7f42980062fd "", m_cpp_tok_start = 0x7f42980062fd "", m_cpp_tok_start_prev = 0x7f42980062fd "",
m_cpp_tok_end = 0x7f42980062fd "", m_body_utf8 = 0x0, m_body_utf8_ptr = 0x42ee100 "p\377\021\001", m_cpp_utf8_processed_ptr = 0x0, next_state = MY_LEX_END,
found_semicolon = 0x0, tok_bitmap = 127 '\177', ignore_space = false, stmt_prepare_mode = false, multi_statements = true, in_comment = NO_COMMENT,
in_comment_saved = 3112726272, m_cpp_text_start = 0x7f42980062fc "5", m_cpp_text_end = 0x7f42980062fd "", m_underscore_cs = 0x0}, m_yacc = {yacc_yyss = 0x0,
yacc_yyvs = 0x0, m_set_signal_info = {m_item = {0x0 <repeats 12 times>}}, m_lock_type = TL_READ_DEFAULT, m_mdl_type = MDL_SHARED_READ}}
net = 0x7f42f3620aa8
error = false
__FUNCTION__ = "dispatch_command"
#15 0x000000000065e9b7 in do_handle_one_connection (thd_arg=<optimized out>) at /usr/src/debug/mariadb-5.5.23/sql/sql_connect.cc:1253
create_user = true
thd = 0x42ee100
#16 0x000000000065eac0 in handle_one_connection (arg=0x42ee100) at /usr/src/debug/mariadb-5.5.23/sql/sql_connect.cc:1168
thd = 0x42ee100
#17 0x00007f42f2cc8b99 in start_thread () from /lib64/libpthread.so.0
No symbol table info available.
#18 0x00007f42f17e50cd in clone () from /lib64/libc.so.6
No symbol table info available.
#19 0x0000000000000000 in ?? ()
No symbol table info available.
Gliffy Diagrams
Attachments
Activity
- All
- Comments
- Work Log
- History
- Activity
- Transitions
Attached mdev-398.sql – somewhat reduced data in text format (can be used in MTR or in the client). Reducing it further changes the execution plan (no index_merge anymore), so the problem does not show up.
A shorter query which also reproduces the problem:
SELECT COUNT
FROM points WHERE element_id=2
AND Contains(PolyFromText('POLYGON((-0.32274092990144 52.153573199526,0.76983859527361 51.180702899733,-1.2134199194054 50.962667621632,-0.32274092990144 52.153573199526))'),point);
COUNT is not important here, SELECT * or even SELECT 1 works too – count just makes the output neater if the query didn't crash.
Minimal optimizer_switch: index_merge=on,index_merge_intersection=on
EXPLAIN:
id select_type table type possible_keys key key_len ref rows filtered Extra
1 SIMPLE points index_merge idx_eli,idx_p idx_p,idx_eli 34,4 NULL 4 75.00 Using intersect(idx_p,idx_eli); Using where; Using index
Warnings:
Note 1003 select count(0) AS `COUNT` from `test`.`points` where ((`test`.`points`.`element_id` = 2) and st_contains(st_geometryfromtext('POLYGON((-0.32274092990144 52.153573199526,0.76983859527361 51.180702899733,-1.2134199194054 50.962667621632,-0.32274092990144 52.153573199526))'),`test`.`points`.`point`))
SELECT COUNT FROM points WHERE element_id=2
AND Contains(PolyFromText('POLYGON((-0.32274092990144 52.153573199526,0.76983859527361 51.180702899733,-1.2134199194054 50.962667621632,-0.32274092990144 52.153573199526))'),point);
Reproducible on current maria/5.3 revno 3551 and maria/5.5 revno 3466.
It seems, index_merge/intersect (or a recent update of it?) is unable to work on GIS indexes. I'll need to discuss GIS indexes with Holyfoot: are GIS scans ROR-scans, do they meaningfully support index_only (ha_myisam::index_flags() code looks like they do, however, I am unable to construct an example where GIS range scan would use "Using index")
Fix pushed into 5.3 tree
That's awesome, thanks Sergei (and Holyfoot and Elena too!). Such a quick response for both triaging and fixing. So much better than previous experiences in the "old" days 
Note that tweaking the data set slightly can avoid the crash so the order of the data seems important.
e.g. running
Is enough to make things work properly.