Bug #51084 | Batched key access crashes for SELECT with derived table and LEFT JOIN | ||
---|---|---|---|
Submitted: | 11 Feb 2010 10:26 | Modified: | 23 Nov 2010 3:16 |
Reporter: | Guilhem Bichot | Email Updates: | |
Status: | Closed | Impact on me: | |
Category: | MySQL Server: Optimizer | Severity: | S3 (Non-critical) |
Version: | 6.0-codebase-bugfixing | OS: | Linux |
Assigned to: | Jørgen Løland | CPU Architecture: | Any |
Tags: | BKA, join_cache_level, LooseScan, optimizer_switch, semijoin |
[11 Feb 2010 10:26]
Guilhem Bichot
[11 Feb 2010 10:36]
Sveta Smirnova
Thank you for the report. Verified as described.
[11 Feb 2010 13:57]
Guilhem Bichot
goes away with optimizer_switch=loosescan=off or optimizer_switch=semijoin=off
[15 Mar 2010 10:05]
Jørgen Løland
Simplified test case: CREATE TABLE t1 ( carrier int, id int PRIMARY KEY ); INSERT INTO t1 VALUES (1,11),(1,12),(2,13); CREATE TABLE t2 ( scan_date int, package_id int ); INSERT INTO t2 VALUES (2008,21),(2008,22); CREATE TABLE t3 ( carrier int PRIMARY KEY, id int ); INSERT INTO t3 VALUES (1,31); CREATE TABLE t4 ( carrier_id int, INDEX carrier_id(carrier_id) ); INSERT INTO t4 VALUES (31),(32); --echo SELECT * FROM (t2 JOIN t1 ) LEFT JOIN (t3 JOIN t4 ON t3.id = t4.carrier_id) ON t3.carrier = t1.carrier; DROP TABLE t1,t2,t3,t4;
[15 Mar 2010 10:25]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/commits/103207 3822 Jorgen Loland 2010-03-15 Bug#51084: "Batched key access crashes for SELECT with derived table and LEFT JOIN" JOIN::optimize() may decide to use a join cache to join a table, but may have to revise this decision later, e.g. if an incompatible access method is chosen. If it is decided that a join cache cannot be employed after all, set_join_cache_denial() is called to destroy the cache object. However, if linked join buffers are in use, a join cache for another table may link to the cache being removed through the next_cache pointer. The crash happened when the destroyed object was tried accessed through this link. The fix is to remove the next_cache pointer from the previous cache if the cache being removed has a previous cache. @ mysql-test/r/join_cache.result Add test for BUG#51084 @ mysql-test/t/join_cache.test Add test for BUG#51084 @ sql/sql_select.cc When removing join cache from a table, the next_cache pointer from the previous cache needs to be reset so that it does not point to a destroyed object.
[17 Mar 2010 12:25]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/commits/103574 3829 Jorgen Loland 2010-03-17 Bug#51084: "Batched key access crashes for SELECT with derived table and LEFT JOIN" JOIN::optimize() may decide to use a join cache to join a table, but may have to revise this decision later, e.g. if an incompatible access method is chosen. If it is decided that a join cache cannot be employed after all, set_join_cache_denial() is called to destroy the cache object. However, if linked join buffers are in use, a join cache for another table may link to the cache being removed through the next_cache pointer. The crash happened when the destroyed object was tried accessed through this link. The fix is to remove the next_cache pointer from the previous cache if the cache being removed has a previous cache. @ mysql-test/r/join_cache.result Add test for BUG#51084 @ mysql-test/t/join_cache.test Add test for BUG#51084 @ sql/sql_select.cc When removing join cache from a table, the next_cache pointer from the previous cache needs to be reset so that it does not point to a destroyed object.
[17 Mar 2010 12:39]
Jørgen Løland
Pushed to 6.0-codebase-bugfixing
[24 Mar 2010 8:14]
Bugs System
Pushed into 6.0.14-alpha (revid:alik@sun.com-20100324081249-yfwol7qtcek6dh7w) (version source revid:alik@sun.com-20100324081113-kc7x1iytnplww91u) (merge vers: 6.0.14-alpha) (pib:16)
[12 Apr 2010 22:09]
Paul DuBois
Noted in 6.0.14 changelog.
[10 May 2010 20:24]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/commits/107893 3163 oystein.grovlen@sun.com 2010-05-10 Bug#51084: "Batched key access crashes for SELECT with derived table and LEFT JOIN" (Backporting of revid:jorgen.loland@sun.com-20100317122515-qrhfyp5xhqy07wr9) JOIN::optimize() may decide to use a join cache to join a table, but may have to revise this decision later, e.g. if an incompatible access method is chosen. If it is decided that a join cache cannot be employed after all, set_join_cache_denial() is called to destroy the cache object. However, if linked join buffers are in use, a join cache for another table may link to the cache being removed through the next_cache pointer. The crash happened when the destroyed object was tried accessed through this link. The fix is to remove the next_cache pointer from the previous cache if the cache being removed has a previous cache. @ mysql-test/r/join_cache.result Add test for BUG#51084 @ mysql-test/t/join_cache.test Add test for BUG#51084 @ sql/sql_select.cc When removing join cache from a table, the next_cache pointer from the previous cache needs to be reset so that it does not point to a destroyed object.
[10 May 2010 20:26]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/commits/107894 3165 oystein.grovlen@sun.com 2010-05-10 Bug#51084: "Batched key access crashes for SELECT with derived table and LEFT JOIN" (Backporting of revid:jorgen.loland@sun.com-20100317122515-qrhfyp5xhqy07wr9) JOIN::optimize() may decide to use a join cache to join a table, but may have to revise this decision later, e.g. if an incompatible access method is chosen. If it is decided that a join cache cannot be employed after all, set_join_cache_denial() is called to destroy the cache object. However, if linked join buffers are in use, a join cache for another table may link to the cache being removed through the next_cache pointer. The crash happened when the destroyed object was tried accessed through this link. The fix is to remove the next_cache pointer from the previous cache if the cache being removed has a previous cache. @ mysql-test/r/join_cache.result Add test for BUG#51084 @ mysql-test/t/join_cache.test Add test for BUG#51084 @ sql/sql_select.cc When removing join cache from a table, the next_cache pointer from the previous cache needs to be reset so that it does not point to a destroyed object.
[16 Aug 2010 6:40]
Bugs System
Pushed into mysql-next-mr (revid:alik@sun.com-20100816062819-bluwgdq8q4xysmlg) (version source revid:alik@sun.com-20100816062612-enatdwnv809iw3s9) (pib:20)
[13 Nov 2010 16:15]
Bugs System
Pushed into mysql-trunk 5.6.99-m5 (revid:alexander.nozdrin@oracle.com-20101113155825-czmva9kg4n31anmu) (version source revid:vasil.dimov@oracle.com-20100629074804-359l9m9gniauxr94) (merge vers: 5.6.99-m4) (pib:21)
[23 Nov 2010 3:16]
Paul DuBois
Bug does not appear in any released 5.6.x version. No 5.6.1 changelog entry needed.