Bug #35685 Crash in JOIN_CACHE::init when using the SONY Query
Submitted: 30 Mar 2008 15:53 Modified: 20 Nov 2010 23:25
Reporter: Jonathan Miller Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Optimizer Severity:S1 (Critical)
Version:6.0-BKA OS:Linux
Assigned to: Igor Babaev CPU Architecture:Any

[30 Mar 2008 15:53] Jonathan Miller 
Description:
Been trying to get the Sony queries to run using Mysqlchoke. They seem to not be returing anything, so while the test was running I decided to run the query manually through mysql client. When I did this the MySQLD cored. I have not repeated this.

Crash:

#0  0x0000003a39209737 in pthread_kill () from /lib64/tls/libpthread.so.0
(gdb) bt
#0  0x0000003a39209737 in pthread_kill () from /lib64/tls/libpthread.so.0
#1  0x000000000066b734 in handle_segfault (sig=11) at mysqld.cc:2421
#2  <signal handler called>
#3  JOIN_CACHE::init (this=0x137ce70) at sql_select.cc:16701
#4  0x00000000006eae77 in JOIN::optimize (this=0x2a96ce3cb0) at sql_select.h:486
#5  0x00000000006f0135 in mysql_select (thd=0x2a95679460, rref_pointer_array=0x2a9567b238,
    tables=0x2a96ccb110, wild_num=0, fields=@0x2a9567b158, conds=0x2a96ce10b0, og_num=0,
    order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=0, result=0x2a96ce3aa0,
    unit=0x2a9567ac10, select_lex=dwarf2_read_address: Corrupted DWARF expression.
) at sql_select.cc:2930
#6  0x00000000006f09e9 in handle_select (thd=0x2a95679460, lex=0x2a9567ab70,
    result=0x2a96ce3aa0, setup_tables_done_option=0) at sql_select.cc:272
#7  0x0000000000677b9f in execute_sqlcom_select (thd=0x2a95679460, all_tables=0x2a96ccb110)
    at sql_parse.cc:4639
#8  0x000000000067e777 in mysql_execute_command (thd=0x2a95679460) at sql_parse.cc:1957
#9  0x0000000000683673 in mysql_parse (thd=0x2a95679460,
    inBuf=0x1385d10 "SELECT affiliatestometa.uniquekey, affiliatestometa.xml AS affiliateXml, artists.name AS artistName, artists.artistid, genres.name AS genreName, genres.genreid, genres.priority AS genrePriority, subge"..., length=1347, found_semicolon=0x40bda500)
    at sql_parse.cc:5513
#10 0x00000000006843ff in dispatch_command (command=COM_QUERY, thd=0x2a95679460, packet=Variable "packet" is not available.
)
    at sql_parse.cc:1022
#11 0x0000000000684b90 in do_command (thd=0x2a95679460) at sql_parse.cc:714
#12 0x000000000067572e in handle_one_connection (arg=0x2a95679460) at sql_connect.cc:1137
#13 0x0000003a3920610a in start_thread () from /lib64/tls/libpthread.so.0
#14 0x0000003a389c68b3 in clone () from /lib64/tls/libc.so.6
#15 0x0000000000000000 in ?? ()
(gdb) f 3
#3  JOIN_CACHE::init (this=0x137ce70) at sql_select.cc:16701
16701         for (tab= cache->join_tab-cache->tables; tab < cache->join_tab ; tab++)
(gdb) l
16696       */
16697       JOIN_CACHE *cache= this;
16698       while (gl_key_arg_fields)
16699       {
16700         cache= cache->prev_cache;
16701         for (tab= cache->join_tab-cache->tables; tab < cache->join_tab ; tab++)
16702         {
16703           CACHE_FIELD *cache_copy;
16704           MY_BITMAP *key_read_set= &tab->table->tmp_set;
16705           if (bitmap_is_clear_all(key_read_set))
(gdb) f 4
#4  0x00000000006eae77 in JOIN::optimize (this=0x2a96ce3cb0) at sql_select.h:486
486           prev->next_cache= this;
481         join= j;
482         join_tab= tab;
483         prev_cache= prev;
484         next_cache= 0;
485         if (prev)
486           prev->next_cache= this;
487       }
488       uint pack_length()
489       { return JOIN_CACHE::pack_length() + sizeof(uint32); }
490       uint addon_length()
(gdb) f 5
#5  0x00000000006f0135 in mysql_select (thd=0x2a95679460, rref_pointer_array=0x2a9567b238,
    tables=0x2a96ccb110, wild_num=0, fields=@0x2a9567b158, conds=0x2a96ce10b0, og_num=0,
    order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=0, result=0x2a96ce3aa0,
    unit=0x2a9567ac10, select_lex=dwarf2_read_address: Corrupted DWARF expression.
) at sql_select.cc:2930
2930      if ((err= join->optimize()))
(gdb) l
2925        err= 1;
2926        goto err;
2927      }
2928      /* dump_TABLE_LIST_struct(select_lex, select_lex->leaf_tables); */
2929
2930      if ((err= join->optimize()))
2931      {
2932        goto err;                                   // 1
2933      }

How to repeat:
Not easy:

Start ATRT run using mysqlchoke and the Sony query.

open a mysql client and issue same query on the sony db
[24 Apr 2008 0:27] Jonathan Miller 
Hi,

Eventhough the code has changed some... The crash has not :-(

#0  0x0000003a39209737 in pthread_kill () from /lib64/tls/libpthread.so.0
#1  0x000000000067a2c6 in handle_segfault (sig=11) at mysqld.cc:2622
#2  <signal handler called>
#3  JOIN_CACHE_BKA::init (this=0x1450730) at sql_select.cc:17085
#4  0x00000000006e078e in check_join_cache_usage (tab=0x144bb30, join=Variable "join" is not available.
) at sql_select.h:837
#5  0x00000000006fafb0 in JOIN::optimize (this=0x143ae90) at sql_select.cc:8394
#6  0x0000000000701435 in mysql_select (thd=0x13fd070, rref_pointer_array=0x13ff080,
    tables=0x134bf40, wild_num=0, fields=@0x13fefa0, conds=0x13d6490, og_num=0, order=0x0,
    group=0x0, having=0x0, proc_param=0x0, select_options=0, result=0x143ac90, unit=0x13fea58,
    select_lex=0x13fee98) at sql_select.cc:2944
#7  0x0000000000701ce9 in handle_select (thd=0x13fd070, lex=0x13fe9b8, result=0x143ac90,
    setup_tables_done_option=0) at sql_select.cc:275
#8  0x0000000000686922 in execute_sqlcom_select (thd=0x13fd070, all_tables=0x134bf40)
    at sql_parse.cc:4789
#9  0x000000000068bec4 in mysql_execute_command (thd=0x13fd070) at sql_parse.cc:1975
#10 0x00000000006928f3 in mysql_parse (thd=0x13fd070,
    inBuf=0x1436d10 "SELECT affiliatestometa.uniquekey, affiliatestometa.xml AS affiliateXml, artists.name AS artistName, artists.artistid, genres.name AS genreName, genres.genreid, genres.priority AS genrePriority, subge"..., length=1347, found_semicolon=0x46fe44e0)
    at sql_parse.cc:5745
#11 0x00000000006938f5 in dispatch_command (command=COM_QUERY, thd=0x13fd070,
    packet=0x13a8d31 "SELECT affiliatestometa.uniquekey, affiliatestometa.xml AS affiliateXml, artists.name AS artistName, artists.artistid, genres.name AS genreName, genres.genreid, genres.priority AS genrePriority, subge"..., packet_length=Variable "packet_length" is not available.
) at sql_parse.cc:1030
#12 0x0000000000693fd0 in do_command (thd=0x13fd070) at sql_parse.cc:722
#13 0x0000000000684487 in handle_one_connection (arg=0x13fd070) at sql_connect.cc:1125
#14 0x0000003a3920610a in start_thread () from /lib64/tls/libpthread.so.0
#15 0x0000003a389c68b3 in clone () from /lib64/tls/libc.so.6
#16 0x0000000000000000 in ?? ()
(gdb) f 3
#3  JOIN_CACHE_BKA::init (this=0x1450730) at sql_select.cc:17085
17085       for (tab= cache->join_tab-cache->tables; tab < cache->join_tab ; tab++)
(gdb) l
17080     CACHE_FIELD *copy;
17081     CACHE_FIELD **copy_ptr= blob_ptr;
17082     while (ext_key_arg_cnt)
17083     {
17084       cache= cache->prev_cache;
17085       for (tab= cache->join_tab-cache->tables; tab < cache->join_tab ; tab++)
17086       {
17087         CACHE_FIELD *copy_end;
17088         MY_BITMAP *key_read_set= &tab->table->tmp_set;
17089         /* key_read_set contains the bitmap of tab's fields referenced by ref */
[15 May 2008 21:03] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/46751

ChangeSet@1.2628, 2008-05-15 14:09:05-07:00, igor@olga.mysql.com +3 -0
  Fixed bug #35685.
  
  This bug in the function JOIN_CACHE_BKA::init could manifest itself
  when key expressions for a ref access depended on columns not only
  from the previous join table. The bug usually caused an assertion
  abort for the debug version.
  
  Some cosmetic change to the function make_join_readinfo was added.
[14 Dec 2008 11:07] Bugs System 
Pushed into 6.0.5-alpha  (revid:sp1r-igor@olga.mysql.com-20080515210905-25310) (version source revid:sp1r-igor@olga.mysql.com-20080515210905-25310) (pib:5)
[14 Dec 2008 11:18] Jon Stephens 
Is Cluster the correct category for this bug? Shouldn't it perhaps be Optimizer?

Thanks.
[11 Jan 2009 4:56] Igor Babaev 
Yes, 'Optimizer' would be a proper category for this bug.
[13 Jan 2009 1:55] Paul DuBois 
Noted in 6.0.5 changelog.

Queries executed using the batched-key access method could cause an
assertion fail when key expressions for a ref access depended on
columns not only from the previous join table.
[14 Jan 2009 0:38] Paul DuBois 
Correction: This is pushed into 6.0.9.
[16 Aug 2010 6:37] Bugs System 
Pushed into mysql-next-mr (revid:alik@sun.com-20100816062819-bluwgdq8q4xysmlg) (version source revid:alik@sun.com-20100816062612-enatdwnv809iw3s9) (pib:20)
[13 Nov 2010 16:09] Bugs System 
Pushed into mysql-trunk 5.6.99-m5 (revid:alexander.nozdrin@oracle.com-20101113155825-czmva9kg4n31anmu) (version source revid:vasil.dimov@oracle.com-20100629074804-359l9m9gniauxr94) (merge vers: 5.6.99-m4) (pib:21)
[20 Nov 2010 23:25] Paul DuBois 
Noted in 5.6.1 changelog.
[23 Nov 2010 2:13] Paul DuBois 
Correction: No 5.6.1 changelog entry. Bug does not appear in any released 5.6.x version.