Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Complex select crash #2835

Closed
5 tasks done
sanikolaev opened this issue Dec 10, 2024 · 0 comments · Fixed by #2856
Closed
5 tasks done

Complex select crash #2835

sanikolaev opened this issue Dec 10, 2024 · 0 comments · Fixed by #2856
Assignees
@klirichek
Labels
bug rel::7.0.0

Comments

@sanikolaev
Copy link
Collaborator

sanikolaev commented Dec 10, 2024
edited
Loading

Bug Description:

This script crashes after the select returns a result.

drop table if exists t; 

CREATE TABLE t(m multi); 

INSERT INTO t(m) VALUES ((1,2));

select count(*) from t where (m in (738) or m in (831) or m in (1128) or m in (1229) or m in (2154) or m in (2211) or m in (2437) or m in (2607) or m in (2636) or m in (4400) or m in (4410) or m in (4414) or m in (6280) or m in (6518) or m in (6523) or m in (6530) or m in (6835) or m in (6837) or m in (6842) or m in (6846) or m in (6855) or m in (6857) or m in (6859) or m in (6864) or m in (6890) or m in (6901) or m in (6913) or m in (6914) or m in (6921) or m in (6949) or m in (6961) or m in (6963) or m in (7717) or m in (9318) or m in (9320) or m in (9321) or m in (9322) or m in (9323) or m in (9324) or m in (9325) or m in (9326) or m in (9327) or m in (9328) or m in (9329) or m in (9330) or m in (9331) or m in (9332) or m in (9333) or m in (9334) or m in (9335) or m in (9336) or m in (9337) or m in (9338) or m in (9339) or m in (9340) or m in (9342) or m in (9343) or m in (9344) or m in (9345) or m in (9346) or m in (9347) or m in (9348) or m in (9350) or m in (9351) or m in (9352) or m in (9353) or m in (9354) or m in (9355) or m in (9356) or m in (9357) or m in (9358) or m in (9361) or m in (9362) or m in (9363) or m in (9364) or m in (9365) or m in (9366) or m in (9367) or m in (9368) or m in (9369) or m in (9373) or m in (9374) or m in (9375) or m in (9376) or m in (9377) or m in (9378) or m in (9379) or m in (9380) or m in (9381) or m in (9382) or m in (9383) or m in (9384) or m in (9385) or m in (9386) or m in (9387) or m in (9388) or m in (9389) or m in (9390) or m in (9391) or m in (9392) or m in (9393) or m in (9394) or m in (9395) or m in (9396) or m in (9397) or m in (9398) or m in (9399) or m in (9401) or m in (9402) or m in (9403) or m in (9404) or m in (9405) or m in (9406) or m in (9407) or m in (9408) or m in (9409) or m in (9410) or m in (9411) or m in (9412) or m in (9413) or m in (9414) or m in (9415) or m in (9416) or m in (9417) or m in (9418) or m in (9419) or m in (9420) or m in (9421) or m in (9422) or m in (9423) or m in (9424) or m in (9425) or m in (9426) or m in (9427) or m in (9428) or m in (9429) or m in (9430) or m in (9431) or m in (9432) or m in (9433) or m in (9434) or m in (9435) or m in (9436) or m in (9437) or m in (9439) or m in (9440) or m in (9441) or m in (9442) or m in (9443) or m in (9444) or m in (9445) or m in (9446) or m in (9447) or m in (9448) or m in (9449) or m in (9450) or m in (9451) or m in (9452) or m in (9453) or m in (9454) or m in (9455) or m in (9456) or m in (9457) or m in (9458) or m in (9459) or m in (9460) or m in (9461) or m in (9462) or m in (9463) or m in (9464) or m in (9465) or m in (9466) or m in (9467) or m in (9468) or m in (9469) or m in (9470) or m in (9471) or m in (9472) or m in (9473) or m in (9474) or m in (9475) or m in (9476) or m in (9477) or m in (9478) or m in (9479) or m in (9480) or m in (9481) or m in (9482) or m in (9483) or m in (9484) or m in (9485) or m in (9486) or m in (9487) or m in (9488) or m in (9489) or m in (9490) or m in (9491) or m in (9492) or m in (9493) or m in (9494) or m in (9495) or m in (9496) or m in (9497) or m in (9498) or m in (9499) or m in (9500) or m in (9501) or m in (9502) or m in (9503) or m in (9504) or m in (9505) or m in (9506) or m in (9507) or m in (9508) or m in (9509) or m in (9510) or m in (9511) or m in (9512) or m in (9514) or m in (9515) or m in (9516) or m in (9517) or m in (9518) or m in (9519) or m in (9520) or m in (9521) or m in (9522) or m in (9523) or m in (9524) or m in (9525) or m in (9526) or m in (9527) or m in (9528) or m in (9529) or m in (9530) or m in (9531) or m in (9532) or m in (9533) or m in (9534) or m in (9535) or m in (9536) or m in (9537) or m in (9538) or m in (9539) or m in (9540) or m in (9541) or m in (9542) or m in (9543) or m in (9544) or m in (9545) or m in (9546) or m in (9547) or m in (9548) or m in (9549) or m in (9550) or m in (9551) or m in (9552) or m in (9553) or m in (9554) or m in (9555) or m in (9556) or m in (9557) or m in (9558) or m in (9559) or m in (9560) or m in (9561) or m in (9562) or m in (9563) or m in (9564) or m in (9565) or m in (9566) or m in (9567) or m in (9568) or m in (9569) or m in (9570) or m in (9571) or m in (9573) or m in (9574) or m in (9575) or m in (9576) or m in (9577) or m in (9578) or m in (9579) or m in (9580) or m in (9581) or m in (9582) or m in (9583) or m in (9584) or m in (9585) or m in (9586) or m in (9587) or m in (9588) or m in (9589) or m in (9590) or m in (9591) or m in (9592) or m in (9593) or m in (9594) or m in (9595) or m in (9596) or m in (9597) or m in (9598) or m in (9599) or m in (9600) or m in (9601) or m in (9602) or m in (9603) or m in (9604) or m in (9605) or m in (9606) or m in (9607) or m in (9608) or m in (9609) or m in (9610) or m in (9611) or m in (9612) or m in (9613) or m in (9614) or m in (9615) or m in (9616) or m in (9617) or m in (9618) or m in (9620) or m in (9621) or m in (9622) or m in (9623) or m in (9624) or m in (9625) or m in (9626) or m in (9627) or m in (9628) or m in (9629) or m in (9630) or m in (9633) or m in (9634) or m in (9635) or m in (9636) or m in (9637) or m in (9638) or m in (9639) or m in (9640) or m in (9641) or m in (9642) or m in (9643) or m in (9644) or m in (9645) or m in (9646) or m in (9647) or m in (9648) or m in (9649) or m in (9650) or m in (9651) or m in (9652) or m in (9653) or m in (9654) or m in (9655) or m in (9656) or m in (9657) or m in (9658) or m in (9659) or m in (9660) or m in (9661) or m in (9662) or m in (9663) or m in (9664) or m in (9665) or m in (9666) or m in (9667) or m in (9668) or m in (9669) or m in (9670) or m in (9671) or m in (9674) or m in (9675) or m in (9676) or m in (9677) or m in (9678) or m in (9679) or m in (9680) or m in (9681) or m in (9682) or m in (9683) or m in (9685) or m in (9686) or m in (9687) or m in (9688) or m in (9689) or m in (9690) or m in (9691) or m in (9692) or m in (9693) or m in (9694) or m in (9695) or m in (9696) or m in (9697) or m in (9698) or m in (9699) or m in (9700) or m in (9701) or m in (9702) or m in (9704) or m in (9705) or m in (9706) or m in (9707) or m in (9708) or m in (9709) or m in (9710) or m in (9711) or m in (9712) or m in (9713) or m in (9714) or m in (9715) or m in (9716) or m in (9718) or m in (9719) or m in (9720) or m in (9721) or m in (9722) or m in (9723) or m in (9724) or m in (9725) or m in (9726) or m in (9727) or m in (9729) or m in (9730) or m in (9731) or m in (9732) or m in (9733) or m in (9734) or m in (9735) or m in (9736) or m in (9737) or m in (9738) or m in (9739) or m in (9740) or m in (9741) or m in (9743) or m in (9744) or m in (9745) or m in (9746) or m in (9747) or m in (9748) or m in (9749) or m in (9751) or m in (9752) or m in (9753) or m in (9754) or m in (9755) or m in (9756) or m in (9757) or m in (9758) or m in (9759) or m in (9760) or m in (9761)); 

show tables;

Config

searchd {
    listen = 127.0.0.1:9315:mysql
    # don't specify non-mysql listeners or it won't crash since it will enable Buddy
    log = searchd.log
    query_log = query.log
    pid_file = searchd.pid
    data_dir = data
    binlog_path =
}

Crash example

mysql> select ...

+----------+
| count(*) |
+----------+
|        0 |
+----------+
1 row in set, 1 warning (0.00 sec)
--- 0 out of 0 results in 0ms ---

mysql>
mysql> show tables;
ERROR 2013 (HY000): Lost connection to MySQL server during query
No connection. Trying to reconnect...
Connection id:    1
Current database: *** NONE ***

+-------+------+
| Table | Type |
+-------+------+
| t     | rt   |
+-------+------+
1 row in set (0.00 sec)

Crash log

[Tue Dec 10 17:09:46.087 2024] [3229376] accepting connections
------- FATAL: CRASH DUMP -------
[Tue Dec 10 17:09:51.593 2024] [3229376]

--- crashed SphinxQL request dump ---
select count(*) from t where (m in (738) or m in (831) or m in (1128) or m in (1229)
or m in (2154) or m in (2211) or m in (2437) or m in (2607) or m in (2636) or m in

...

or m in (9758) or m in (9759) or m in (9760) or m in (9761))
--- request dump end ---
--- local index:'
Manticore 6.3.9 1b26dba08@24120911 dev (columnar 2.3.1 edadc69@24112219) (secondary 2.3.1 edadc69@24112219) (knn 2.3.1 edadc69@24112219)
Handling signal 11
-------------- backtrace begins here ---------------
Program compiled with Clang 16.0.6
Configured with flags: Configured with these definitions: -DDISTR_BUILD=jammy -DUSE_SYSLOG=1 -DWITH_GALERA=1 -DWITH_RE2=1 -DWITH_RE2_FORCE_STATIC=1 -DWITH_STEMMER=1 -DWITH_STEMMER_FORCE_STATIC=1 -DWITH_NLJSON=1 -DWITH_UNIALGO=1 -DWITH_ICU=1 -DWITH_ICU_FORCE_STATIC=1 -DWITH_JIEBA=1 -DWITH_SSL=1 -DWITH_ZLIB=1 -DWITH_ZSTD=1 -DDL_ZSTD=1 -DZSTD_LIB=libzstd.so.1 -DWITH_CURL=1 -DDL_CURL=1 -DCURL_LIB=libcurl.so.4 -DWITH_ODBC=1 -DDL_ODBC=1 -DODBC_LIB=libodbc.so.2 -DWITH_EXPAT=1 -DDL_EXPAT=1 -DEXPAT_LIB=libexpat.so.1 -DWITH_ICONV=1 -DWITH_MYSQL=1 -DDL_MYSQL=1 -DMYSQL_LIB=libmysqlclient.so.21 -DWITH_POSTGRESQL=1 -DDL_POSTGRESQL=1 -DPOSTGRESQL_LIB=libpq.so.5 -DLOCALDATADIR=/var/lib/manticore -DFULL_SHARE_DIR=/usr/share/manticore
Built on Linux x86_64 (jammy) (cross-compiled)
Stack bottom = 0xc0023f80, thread stack size = 0x20000
Trying manual backtrace:
Stack looks OK, attempting backtrace.
[Tue Dec 10 17:09:52.042 2024] [3229375] watchdog: main process 3229376 killed dirtily with signal 11, core dumped, will be restarted
[Tue Dec 10 17:09:52.042 2024] [3229375] watchdog: main process 3230738 forked ok

Notes

  • It doesn't crash on macOS.
  • It doesn't crash if you remove some of the OR conditions.
  • It doesn't crash if you flush the document to a disk chunk.
  • It doesn't crash if Buddy is not disabled (either by setting buddy_path = or by not having an HTTP/binary listener).

Manticore Search Version:

Manticore 6.3.9 1b26dba08@24120911 dev (columnar 2.3.1 edadc69@24112219) (secondary 2.3.1 edadc69@24112219) (knn 2.3.1 edadc69@24112219)

Operating System Version:

Ubuntu Jammy (dev2)

Have you tried the latest development version?

Yes

Internal Checklist:

To be completed by the assignee. Check off tasks that have been completed or are not applicable.

  • Implementation completed
  • Tests developed (including testing on the data in /home/snikolaev/leo on dev2)
  • Documentation updated
  • Documentation reviewed
  • Changelog updated
@sanikolaev sanikolaev added the bug label Dec 10, 2024
klirichek added a commit that referenced this issue Dec 16, 2024
@klirichek
changed stack calculation routine
cacbb77 
It is related to #2835
klirichek added a commit that referenced this issue Dec 16, 2024
@klirichek
refactored stack calculation numbers
e289dbc 
That is related to #2835
@klirichek klirichek linked a pull request Dec 16, 2024 that will close this issue
2835 complex select crash #2856
Merged
klirichek added a commit that referenced this issue Dec 16, 2024
@klirichek
fixed deletion of filters
3ba2797 
it allocates extra stack, if necessary.
That fixes and adds test for #2835
@sanikolaev sanikolaev reopened this Dec 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@klirichek klirichek

Labels
bug rel::7.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

2835 complex select crash manticoresoftware/manticoresearch
2 participants
@klirichek @sanikolaev