Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-5623

Valgrind warnings and data corruption on 2nd execution of PS with Aria, subqueries, index_merge

        Details

        • Type: Bug
        • Status: Open
        • Priority: Major
        • Resolution: Unresolved
        • Affects Version/s: 5.3.12
        • Fix Version/s: 5.3.13
        • Component/s: None
        • Labels:
          None

          Description

          Note: I can only reproduce it on 5.3 with the provided test case, not sure whether it was fixed in 5.5 or just masked somehow.

          SET optimizer_switch = 'index_merge=on,index_merge_sort_union=on,derived_merge=on,in_to_exists=on';

CREATE TABLE t1 (a INT, b INT, c VARCHAR(1), INDEX(a), INDEX(c)) ENGINE=Aria;
INSERT INTO t1 VALUES 
(5,6,'z'),(2,6,'c'),(0,8,'a'),(1,2,'q'),(8,6,'y'),
(1,8,'y'),(1,3,'r'),(9,3,'v'),(1,9,'z'),(5,6,'r');

CREATE TABLE t2 (d VARCHAR(1), INDEX(d)) ENGINE=Aria;
INSERT INTO t2 VALUES ('x'),('a');

CREATE TABLE t3 (e VARCHAR(1)) ENGINE=Aria;
INSERT INTO t3 VALUES ('x'),('d');

PREPARE stmt FROM "
SELECT t1.* FROM t1 
LEFT JOIN ( 
  SELECT * FROM t2 
  WHERE EXISTS ( SELECT * FROM t3 WHERE e != d ) 
) AS sq ON (sq.d = c ) 
WHERE c < 'p' OR a > 43 
ORDER BY t1.b
";

EXECUTE stmt;
EXECUTE stmt;

          Result:

          PREPARE stmt FROM "
SELECT t1.* FROM t1 
LEFT JOIN ( 
  SELECT * FROM t2 
  WHERE EXISTS ( SELECT * FROM t3 WHERE e != d ) 
) AS sq ON (sq.d = c ) 
WHERE c < 'p' OR a > 43 
ORDER BY t1.b
";
EXECUTE stmt;
a	b	c
2	6	c
0	8	a
EXECUTE stmt;
a	b	c
16842752	16777216	q
21	NULL	

          ==26834== Thread 4:
==26834== Invalid read of size 1
==26834==    at 0x4C2A760: memcpy (mc_replace_strmem.c:838)
==26834==    by 0x67318C: Field::unpack_int(unsigned char*, unsigned char const*, unsigned long) (field.h:651)
==26834==    by 0x6731F6: Field::unpack_int32(unsigned char*, unsigned char const*) (field.h:658)
==26834==    by 0x673ACD: Field_long::unpack(unsigned char*, unsigned char const*, unsigned char const*, unsigned int) (field.h:1029)
==26834==    by 0x8228FC: unpack_addon_fields(st_sort_addon_field*, unsigned char*, unsigned char*) (filesort.cc:1734)
==26834==    by 0x81D843: rr_unpack_from_buffer(READ_RECORD*) (records.cc:504)
==26834==    by 0x802F26: QUICK_INDEX_MERGE_SELECT::get_next() (opt_range.cc:10604)
==26834==    by 0x81D302: rr_quick(READ_RECORD*) (records.cc:327)
==26834==    by 0x74FA09: sub_select(JOIN*, st_join_table*, bool) (sql_select.cc:16290)
==26834==    by 0x74F042: do_select(JOIN*, List<Item>*, st_table*, Procedure*) (sql_select.cc:15923)
==26834==    by 0x72E434: JOIN::exec() (sql_select.cc:2786)
==26834==    by 0x72ECCE: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3007)
==26834==    by 0x725764: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:288)
==26834==    by 0x6B449B: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5172)
==26834==    by 0x6AB637: mysql_execute_command(THD*) (sql_parse.cc:2305)
==26834==    by 0x78679D: Prepared_statement::execute(String*, bool) (sql_prepare.cc:3764)
==26834==  Address 0xfa36566 is 0 bytes after a block of size 54 alloc'd
==26834==    at 0x4C28BED: malloc (vg_replace_malloc.c:263)
==26834==    by 0xB73C16: _mymalloc (safemalloc.c:140)
==26834==    by 0x7960C6: Unique::get(st_table*) (uniques.cc:721)
==26834==    by 0x802CC4: read_keys_and_merge_scans(THD*, st_table*, List<QUICK_RANGE_SELECT>, QUICK_RANGE_SELECT*, READ_RECORD*, bool, Bitmap<64u>*, Unique**) (opt_range.cc:10561)
==26834==    by 0x802E31: QUICK_INDEX_MERGE_SELECT::read_keys_and_merge() (opt_range.cc:10582)
==26834==    by 0x7EF13D: QUICK_INDEX_SORT_SELECT::reset() (opt_range.cc:1873)
==26834==    by 0x751932: join_init_read_record(st_join_table*) (sql_select.cc:17109)
==26834==    by 0x74F8D3: sub_select(JOIN*, st_join_table*, bool) (sql_select.cc:16267)
==26834==    by 0x74F042: do_select(JOIN*, List<Item>*, st_table*, Procedure*) (sql_select.cc:15923)
==26834==    by 0x72E434: JOIN::exec() (sql_select.cc:2786)
==26834==    by 0x72ECCE: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3007)
==26834==    by 0x725764: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:288)
==26834==    by 0x6B449B: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5172)
==26834==    by 0x6AB637: mysql_execute_command(THD*) (sql_parse.cc:2305)
==26834==    by 0x78679D: Prepared_statement::execute(String*, bool) (sql_prepare.cc:3764)
==26834==    by 0x7859EA: Prepared_statement::execute_loop(String*, bool, unsigned char*, unsigned char*) (sql_prepare.cc:3445)
==26834== Invalid read of size 1
==26834==    at 0x4C2A76E: memcpy (mc_replace_strmem.c:838)
==26834==    by 0x67318C: Field::unpack_int(unsigned char*, unsigned char const*, unsigned long) (field.h:651)
==26834==    by 0x6731F6: Field::unpack_int32(unsigned char*, unsigned char const*) (field.h:658)
==26834==    by 0x673ACD: Field_long::unpack(unsigned char*, unsigned char const*, unsigned char const*, unsigned int) (field.h:1029)
==26834==    by 0x8228FC: unpack_addon_fields(st_sort_addon_field*, unsigned char*, unsigned char*) (filesort.cc:1734)
==26834==    by 0x81D843: rr_unpack_from_buffer(READ_RECORD*) (records.cc:504)
==26834==    by 0x802F26: QUICK_INDEX_MERGE_SELECT::get_next() (opt_range.cc:10604)
==26834==    by 0x81D302: rr_quick(READ_RECORD*) (records.cc:327)
==26834==    by 0x74FA09: sub_select(JOIN*, st_join_table*, bool) (sql_select.cc:16290)
==26834==    by 0x74F042: do_select(JOIN*, List<Item>*, st_table*, Procedure*) (sql_select.cc:15923)
==26834==    by 0x72E434: JOIN::exec() (sql_select.cc:2786)
==26834==    by 0x72ECCE: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3007)
==26834==    by 0x725764: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:288)
==26834==    by 0x6B449B: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5172)
==26834==    by 0x6AB637: mysql_execute_command(THD*) (sql_parse.cc:2305)
==26834==    by 0x78679D: Prepared_statement::execute(String*, bool) (sql_prepare.cc:3764)
==26834==  Address 0xfa36567 is 1 bytes after a block of size 54 alloc'd
==26834==    at 0x4C28BED: malloc (vg_replace_malloc.c:263)
==26834==    by 0xB73C16: _mymalloc (safemalloc.c:140)
==26834==    by 0x7960C6: Unique::get(st_table*) (uniques.cc:721)
==26834==    by 0x802CC4: read_keys_and_merge_scans(THD*, st_table*, List<QUICK_RANGE_SELECT>, QUICK_RANGE_SELECT*, READ_RECORD*, bool, Bitmap<64u>*, Unique**) (opt_range.cc:10561)
==26834==    by 0x802E31: QUICK_INDEX_MERGE_SELECT::read_keys_and_merge() (opt_range.cc:10582)
==26834==    by 0x7EF13D: QUICK_INDEX_SORT_SELECT::reset() (opt_range.cc:1873)
==26834==    by 0x751932: join_init_read_record(st_join_table*) (sql_select.cc:17109)
==26834==    by 0x74F8D3: sub_select(JOIN*, st_join_table*, bool) (sql_select.cc:16267)
==26834==    by 0x74F042: do_select(JOIN*, List<Item>*, st_table*, Procedure*) (sql_select.cc:15923)
==26834==    by 0x72E434: JOIN::exec() (sql_select.cc:2786)
==26834==    by 0x72ECCE: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3007)
==26834==    by 0x725764: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:288)
==26834==    by 0x6B449B: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5172)
==26834==    by 0x6AB637: mysql_execute_command(THD*) (sql_parse.cc:2305)
==26834==    by 0x78679D: Prepared_statement::execute(String*, bool) (sql_prepare.cc:3764)
==26834==    by 0x7859EA: Prepared_statement::execute_loop(String*, bool, unsigned char*, unsigned char*) (sql_prepare.cc:3445)
==26834== Invalid read of size 1
==26834==    at 0x66965A: Field_varstring::unpack(unsigned char*, unsigned char const*, unsigned char const*, unsigned int) (field.cc:7169)
==26834==    by 0x8228FC: unpack_addon_fields(st_sort_addon_field*, unsigned char*, unsigned char*) (filesort.cc:1734)
==26834==    by 0x81D843: rr_unpack_from_buffer(READ_RECORD*) (records.cc:504)
==26834==    by 0x802F26: QUICK_INDEX_MERGE_SELECT::get_next() (opt_range.cc:10604)
==26834==    by 0x81D302: rr_quick(READ_RECORD*) (records.cc:327)
==26834==    by 0x74FA09: sub_select(JOIN*, st_join_table*, bool) (sql_select.cc:16290)
==26834==    by 0x74F042: do_select(JOIN*, List<Item>*, st_table*, Procedure*) (sql_select.cc:15923)
==26834==    by 0x72E434: JOIN::exec() (sql_select.cc:2786)
==26834==    by 0x72ECCE: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3007)
==26834==    by 0x725764: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:288)
==26834==    by 0x6B449B: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5172)
==26834==    by 0x6AB637: mysql_execute_command(THD*) (sql_parse.cc:2305)
==26834==    by 0x78679D: Prepared_statement::execute(String*, bool) (sql_prepare.cc:3764)
==26834==    by 0x7859EA: Prepared_statement::execute_loop(String*, bool, unsigned char*, unsigned char*) (sql_prepare.cc:3445)
==26834==    by 0x783E41: mysql_sql_stmt_execute(THD*) (sql_prepare.cc:2670)
==26834==    by 0x6AB665: mysql_execute_command(THD*) (sql_parse.cc:2314)
==26834==  Address 0xfa3656d is 7 bytes after a block of size 54 alloc'd
==26834==    at 0x4C28BED: malloc (vg_replace_malloc.c:263)
==26834==    by 0xB73C16: _mymalloc (safemalloc.c:140)
==26834==    by 0x7960C6: Unique::get(st_table*) (uniques.cc:721)
==26834==    by 0x802CC4: read_keys_and_merge_scans(THD*, st_table*, List<QUICK_RANGE_SELECT>, QUICK_RANGE_SELECT*, READ_RECORD*, bool, Bitmap<64u>*, Unique**) (opt_range.cc:10561)
==26834==    by 0x802E31: QUICK_INDEX_MERGE_SELECT::read_keys_and_merge() (opt_range.cc:10582)
==26834==    by 0x7EF13D: QUICK_INDEX_SORT_SELECT::reset() (opt_range.cc:1873)
==26834==    by 0x751932: join_init_read_record(st_join_table*) (sql_select.cc:17109)
==26834==    by 0x74F8D3: sub_select(JOIN*, st_join_table*, bool) (sql_select.cc:16267)
==26834==    by 0x74F042: do_select(JOIN*, List<Item>*, st_table*, Procedure*) (sql_select.cc:15923)
==26834==    by 0x72E434: JOIN::exec() (sql_select.cc:2786)
==26834==    by 0x72ECCE: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3007)
==26834==    by 0x725764: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:288)
==26834==    by 0x6B449B: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5172)
==26834==    by 0x6AB637: mysql_execute_command(THD*) (sql_parse.cc:2305)
==26834==    by 0x78679D: Prepared_statement::execute(String*, bool) (sql_prepare.cc:3764)
==26834==    by 0x7859EA: Prepared_statement::execute_loop(String*, bool, unsigned char*, unsigned char*) (sql_prepare.cc:3445)
==26834== Syscall param write(buf) points to uninitialised byte(s)
==26834==    at 0x58EE12D: ??? (syscall-template.S:82)
==26834==    by 0xB65495: vio_write (viosocket.c:121)
==26834==    by 0x68925D: net_real_write (net_serv.cc:620)
==26834==    by 0x6888C4: net_flush (net_serv.cc:346)
==26834==    by 0x68B011: net_send_eof(THD*, unsigned int, unsigned int) (protocol.cc:291)
==26834==    by 0x68B4EC: net_end_statement(THD*) (protocol.cc:495)
==26834==    by 0x6AA14A: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1635)
==26834==    by 0x6A8103: do_command(THD*) (sql_parse.cc:923)
==26834==    by 0x6A4F8C: handle_one_connection (sql_connect.cc:1231)
==26834==    by 0x58E6B4F: start_thread (pthread_create.c:304)
==26834==    by 0x657DA7C: clone (clone.S:112)
==26834==  Address 0xf8dfbca is 186 bytes inside a block of size 16,436 alloc'd
==26834==    at 0x4C28BED: malloc (vg_replace_malloc.c:263)
==26834==    by 0xB73C16: _mymalloc (safemalloc.c:140)
==26834==    by 0x68839D: my_net_init (net_serv.cc:118)
==26834==    by 0x69BDDA: handle_connections_sockets (mysqld.cc:5436)
==26834==    by 0x69AD43: main (mysqld.cc:4757)
^ Found warnings in /data/repo/5.3/mysql-test/var/log/mysqld.1.err
ok

 - saving '/data/repo/5.3/mysql-test/var/log/bug.t3b/' to '/data/repo/5.3/mysql-test/var/log/bug.t3b/'
***Warnings generated in error logs during shutdown after running tests: bug.t3b

==26834== Thread 1:
==26834== 68 bytes in 1 blocks are still reachable in loss record 2 of 4
==26834==    at 0x4C28BED: malloc (vg_replace_malloc.c:263)
==26834==    by 0xB73C16: _mymalloc (safemalloc.c:140)
==26834==    by 0x820DAF: save_index(st_sort_param*, unsigned char**, unsigned int, st_filesort_info*) (filesort.cc:1067)
==26834==    by 0x81E98F: filesort(THD*, st_table*, st_sort_field*, unsigned int, SQL_SELECT*, unsigned long long, bool, unsigned long long*) (filesort.cc:256)
==26834==    by 0x757C46: create_sort_index(THD*, JOIN*, st_order*, unsigned long long, unsigned long long, bool) (sql_select.cc:19341)
==26834==    by 0x72E107: JOIN::exec() (sql_select.cc:2735)
==26834==    by 0x72ECCE: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3007)
==26834==    by 0x725764: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:288)
==26834==    by 0x6B449B: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5172)
==26834==    by 0x6AB637: mysql_execute_command(THD*) (sql_parse.cc:2305)
==26834==    by 0x78679D: Prepared_statement::execute(String*, bool) (sql_prepare.cc:3764)
==26834==    by 0x7859EA: Prepared_statement::execute_loop(String*, bool, unsigned char*, unsigned char*) (sql_prepare.cc:3445)
==26834==    by 0x783E41: mysql_sql_stmt_execute(THD*) (sql_prepare.cc:2670)
==26834==    by 0x6AB665: mysql_execute_command(THD*) (sql_parse.cc:2314)
==26834==    by 0x6B6E02: mysql_parse(THD*, char*, unsigned int, char const**) (sql_parse.cc:6173)
==26834==    by 0x6A8E17: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1243)

          Stack traces from:

          revision-id: igor@askmonty.org-20140206014738-psis7gfarq2ozdtg
revno: 3748
branch-nick: 5.3

            Gliffy Diagrams

              Attachments

                Activity

                There are no comments yet on this issue.

                  People

                  • Assignee:
                    psergey Sergei Petrunia
                    Reporter:
                    elenst Elena Stepanova
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    2 Start watching this issue

                    Dates

                    • Created:
                      Updated: