Bug #12704 Server crashes during trigger execution
Submitted: 21 Aug 2005 17:15 Modified: 15 Sep 2005 17:27
Reporter: Alexey Stroganov Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S2 (Serious)
Version:the latest 5.0.13pre OS:Linux (Linux)
Assigned to: Dmitry Lenev CPU Architecture:Any

[21 Aug 2005 17:15] Alexey Stroganov 
Description:
Running following test case in multithread environment(stress test) for some time 
(less than 1-2 min) will lead to crash:

--disable_warnings
drop table if exists t1;
--enable_warnings
create table t1 (f59 INT) ;
CREATE TRIGGER tr1 BEFORE INSERT ON t1 FOR EACH ROW SET @a:=1 ;
insert into t1 values (1);

I got two different backtraces for this issue:

#1:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1119230896 (LWP 25685)]
0x0826fb7d in ha_myisam::write_row (this=0x8c58f70, buf=0x8c59050 "Щ\001") at ha_myisam.cc:297
297       statistic_increment(table->in_use->status_var.ha_write_count,&LOCK_status);
(gdb) bt
#0  0x0826fb7d in ha_myisam::write_row (this=0x8c58f70, buf=0x8c59050 "Щ\001")
    at ha_myisam.cc:297
#1  0x0820c08e in write_record (thd=0x42a44ea0, table=0x8c7d4c8, info=0x42b60a30)
    at sql_insert.cc:1144
#2  0x0820a8d7 in mysql_insert (thd=0x42a44ea0, table_list=0x8c9a060, fields=@0x42a45310,
    values_list=@0x42a45334, update_fields=@0x42a45328, update_values=@0x42a4531c,
    duplic=DUP_ERROR, ignore=false) at sql_insert.cc:530
#3  0x081acaf3 in mysql_execute_command (thd=0x42a44ea0) at sql_parse.cc:3229
#4  0x081b3235 in mysql_parse (thd=0x42a44ea0, inBuf=0x8c99fe8 "insert into t1 values (1)",
    length=25) at sql_parse.cc:5439
#5  0x081a8825 in dispatch_command (command=COM_QUERY, thd=0x42a44ea0,
    packet=0x42a4eeb1 "insert into t1 values (1)", packet_length=26) at sql_parse.cc:1659
#6  0x081a7ff2 in do_command (thd=0x42a44ea0) at sql_parse.cc:1458
#7  0x081a70d2 in handle_one_connection (arg=0x42a44ea0) at sql_parse.cc:1111
#8  0x4004aaa7 in start_thread () from /lib/tls/libpthread.so.0
#9  0x4017bc2e in clone () from /lib/tls/libc.so.6

#2:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1116535728 (LWP 17740)]
0x081a7830 in cleanup_items (item=0x8f8f8f8f) at sql_parse.cc:1272
1272        item->cleanup();
(gdb) bt
#0  0x081a7830 in cleanup_items (item=0x8f8f8f8f) at sql_parse.cc:1272
#1  0x082e1adc in sp_head::execute (this=0x8c89578, thd=0x42959a78) at sp_head.cc:732
#2  0x082e2114 in sp_head::execute_function (this=0x8c89578, thd=0x42959a78, argp=0x0,
    argcount=0, resp=0x0) at sp_head.cc:864
#3  0x082f0b9e in Table_triggers_list::process_triggers (this=0x8d829c0, thd=0x42959a78,
    event=TRG_EVENT_INSERT, time_type=TRG_ACTION_BEFORE, old_row_is_record1=true)
    at sql_trigger.cc:902
#4  0x081dcf63 in fill_record_n_invoke_before_triggers (thd=0x42959a78, ptr=0x8d828b8,
    values=@0x8ce4788, ignore_errors=false, triggers=0x8d829c0, event=TRG_EVENT_INSERT)
    at sql_base.cc:4764
#5  0x0820a7d3 in mysql_insert (thd=0x42959a78, table_list=0x8ce4620, fields=@0x42959ee8,
    values_list=@0x42959f0c, update_fields=@0x42959f00, update_values=@0x42959ef4,
    duplic=DUP_ERROR, ignore=false) at sql_insert.cc:497
#6  0x081acaf3 in mysql_execute_command (thd=0x42959a78) at sql_parse.cc:3229
#7  0x081b3235 in mysql_parse (thd=0x42959a78, inBuf=0x8ce45a8 "insert into t1 values (1)",
    length=25) at sql_parse.cc:5439
#8  0x081a8825 in dispatch_command (command=COM_QUERY, thd=0x42959a78,
    packet=0x42900489 "insert into t1 values (1)", packet_length=26) at sql_parse.cc:1659
#9  0x081a7ff2 in do_command (thd=0x42959a78) at sql_parse.cc:1458
#10 0x081a70d2 in handle_one_connection (arg=0x42959a78) at sql_parse.cc:1111
#11 0x4004aaa7 in start_thread () from /lib/tls/libpthread.so.0
#12 0x4017bc2e in clone () from /lib/tls/libc.so.6

How to repeat:
Run stress test with test case above.

Until stress test will be integrated to regular mysql-test suite please contact me and I
will provide all necessary information.
[24 Aug 2005 22:08] Alexey Stroganov 
During further testing I found that several similar test cases lead to crashes of server in many various places. Below is backtrace for one that have load data infile instead of insert:

0x0810d419 in Item_trigger_field::fix_fields (this=0x8cadcd0, thd=0x4292dcb8, items=0x0)
    at item.cc:5025
5025        field= (row_version == OLD_ROW) ? triggers->old_field[field_idx] :
(gdb) bt
#0  0x0810d419 in Item_trigger_field::fix_fields (this=0x8cadcd0, thd=0x4292dcb8, items=0x0)
    at item.cc:5025
#1  0x082e44cc in sp_instr_set_trigger_field::exec_core (this=0x8cadd68, thd=0x4292dcb8,
    nextp=0x42cab580) at sp_head.cc:1740
#2  0x082e3f30 in sp_lex_keeper::reset_lex_and_exec_core (this=0x8cadd90, thd=0x4292dcb8,
    nextp=0x42cab580, open_tables=true, instr=0x8cadd68) at sp_head.cc:1586
#3  0x082e446c in sp_instr_set_trigger_field::execute (this=0x8cadd68, thd=0x4292dcb8,
    nextp=0x42cab580) at sp_head.cc:1731
#4  0x082e1a6d in sp_head::execute (this=0x8cad4f8, thd=0x4292dcb8) at sp_head.cc:715
#5  0x082e20bf in sp_head::execute_function (this=0x8cad4f8, thd=0x4292dcb8, argp=0x0,
    argcount=0, resp=0x0) at sp_head.cc:858
#6  0x082f0bd6 in Table_triggers_list::process_triggers (this=0x8c827f0, thd=0x4292dcb8,
    event=TRG_EVENT_INSERT, time_type=TRG_ACTION_BEFORE, old_row_is_record1=true)
    at sql_trigger.cc:902
#7  0x081dce01 in fill_record_n_invoke_before_triggers (thd=0x4292dcb8, fields=@0x4292e140,
    values=@0x4292e134, ignore_errors=false, triggers=0x8c827f0, event=TRG_EVENT_INSERT)
    at sql_base.cc:4679
#8  0x082906ef in read_sep_field (thd=0x4292dcb8, info=@0x42cab9b0, table_list=0x8c98560,
    fields_vars=@0x4292e128, set_fields=@0x4292e140, set_values=@0x4292e134,
    read_info=@0x42cab880, enclosed=@0x86015c0, skip_lines=0,
    ignore_check_option_errors=false) at sql_load.cc:743
#9  0x0828f898 in mysql_load (thd=0x4292dcb8, ex=0x8c98518, table_list=0x8c98560,
    fields_vars=@0x4292e128, set_fields=@0x4292e140, set_values=@0x4292e134,
    handle_duplicates=DUP_ERROR, ignore=false, read_file_from_client=false) at sql_load.cc:370
#10 0x081ad5b2 in mysql_execute_command (thd=0x4292dcb8) at sql_parse.cc:3462
#11 0x081b3269 in mysql_parse (thd=0x4292dcb8,
    inBuf=0x8c98368 "load data infile '/data0/ranger/stress/mysql-test//suite/funcs_1/data/myisam_tb3.txt' into table tb3", length=100) at sql_parse.cc:5445
#12 0x081a8859 in dispatch_command (command=COM_QUERY, thd=0x4292dcb8,
    packet=0x42968319 "load data infile '/data0/ranger/stress/mysql-test//suite/funcs_1/data/myisam_tb3.txt' into table tb3 ", packet_length=102) at sql_parse.cc:1665
#13 0x081a8026 in do_command (thd=0x4292dcb8) at sql_parse.cc:1464
#14 0x081a7106 in handle_one_connection (arg=0x4292dcb8) at sql_parse.cc:1116
#15 0x4004aaa7 in start_thread () from /lib/tls/libpthread.so.0
#16 0x4017bc2e in clone () from /lib/tls/libc.so.6

Also I would note that problems above arised only for trigger with BEFORE INSERT clause. For other clauses test cases passed ok for me.
[13 Sep 2005 22:26] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/internals/29773
[14 Sep 2005 17:47] Michael Widenius 
Patch approved. Ok to push after some minor changes is done (as dicussed on IRC)
[14 Sep 2005 23:55] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/internals/29874
[15 Sep 2005 1:10] Dmitry Lenev 
Fixed in 5.0.13

Simultaneous execution of DML statements and CREATE TRIGGER/DROP TRIGGER  statements on the same table may cause crashes or errors.
[15 Sep 2005 17:27] Paul DuBois 
Noted in 5.0.13 changelog.