Bug #33068 MySQL/Falcon crashes due to corruption of RecordLocatorPage
Submitted: 7 Dec 2007 18:02 Modified: 5 May 2008 14:52
Reporter: Alexey Stroganov Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Falcon storage engine Severity:S2 (Serious)
Version:6.0.4pre OS:Linux
Assigned to: Jim Starkey CPU Architecture:Any

[7 Dec 2007 18:02] Alexey Stroganov 
Description:
While testing of 6.0.4 with tests from mysql-bench suite I observe crash of MySQL/Falcon with following backtrace(for mysqld-debug):

(gdb) bt
#0  0x00002af48a5324c5 in pthread_kill () from /lib64/libpthread.so.0
#1  0x000000000064fe12 in handle_segfault (sig=4) at mysqld.cc:2313
#2  <signal handler called>
#3  0x00002af48a534fed in raise () from /lib64/libpthread.so.0
#4  0x0000000000852948 in Error::debugBreak () at Error.cpp:92
#5  0x000000000085285c in Error::error (string=0x0) at Error.cpp:69
#6  0x0000000000852932 in Error::assertionFailed (fileName=0x21da <Address 0x21da out of bounds>, line=8680)
    at Error.cpp:76
#7  0x00000000008be712 in RecordLocatorPage::corrupt (this=0x2aaaacd89000) at RecordLocatorPage.cpp:258
#8  0x00000000008be94c in RecordLocatorPage::unlinkSpaceSlot (this=0x2aaaacd89000, slot=166)
    at RecordLocatorPage.cpp:399
#9  0x00000000008be7b7 in RecordLocatorPage::setIndexSlot (this=0x2aaaacd89000, slot=166, pageNumber=0, line=0,
    availableSpace=0) at RecordLocatorPage.cpp:283
#10 0x00000000008be1ab in RecordLocatorPage::deleteLine (this=0x2aaaacd89000, line=8680, spaceAvailable=0)
    at RecordLocatorPage.cpp:56
#11 0x000000000088f56a in Section::updateRecord (this=0x2aaaaae1b520, recordNumber=166, stream=0x0,
    transId=995, earlyWrite=false) at Section.cpp:551
#12 0x000000000084c6f9 in Dbb::updateRecord (this=0x2aaaaacb4928, sectionId=8680, recordId=675, stream=0x0,
    transId=995, earlyWrite=false) at Dbb.cpp:337
#13 0x000000000088b070 in SRLUpdateRecords::redo (this=0x44085c48) at SRLUpdateRecords.cpp:278
#14 0x0000000000893fec in SerialLog::recover (this=0x2aaaaac42af0) at SerialLog.cpp:353
#15 0x0000000000844ae3 in Database::openDatabase (this=0x2aaaaaab3bb0,
    filename=0x44086000 "/data0/ranger/mysql-6.0.4-alpha-linux-x86_64-glibc23/data/falcon_master.fts")
    at Database.cpp:721
#16 0x0000000000841b56 in Connection::getDatabase (this=0x2aaaaacb4680, dbName=0x2aaaaacb434c "FALCON_MASTER",
    dbFileName=0x44086000 "/data0/ranger/mysql-6.0.4-alpha-linux-x86_64-glibc23/data/falcon_master.fts",
    threads=0x2aaaaacb43b8) at Connection.cpp:1653
#17 0x000000000083fb19 in Connection::openDatabase (this=0x2aaaaacb4680, dbName=0x2aaaaacb434c "FALCON_MASTER",
    filename=0x0, account=0xafd114 "mysql", password=0xafd114 "mysql", address=0x0, parent=0x2aaaaacb43b8)
    at Connection.cpp:931
#18 0x0000000000818016 in StorageDatabase::getOpenConnection (this=0x2aaaaacb41c8) at JString.h:141
#19 0x000000000081bdc5 in StorageHandler::initialize (this=0x2aaaaaab3048) at StorageHandler.cpp:899
#20 0x000000000081b226 in StorageHandler::preDeleteTable (this=0x2aaaaaab3048,
    pathname=0x440877c0 "./test/benchtabletest") at StorageHandler.cpp:558
#21 0x000000000080dfcb in StorageInterface::delete_table (this=0x1be3f30,
    tableName=0x440877c0 "./test/benchtabletest") at ha_falcon.cpp:848
#22 0x0000000000734651 in ha_delete_table (thd=0x1b9cd90, table_type=0x1291750,
    path=0x440877c0 "./test/benchtabletest", db=0x1be3f28 "test", alias=0x1be3b98 "benchtabletest",
    generate_warning=true) at handler.cc:1484
#23 0x0000000000748c66 in mysql_rm_table_part2 (thd=0x1b9cd90, tables=0x1be3be0, if_exists=true,
    drop_temporary=false, drop_view=false, dont_log_query=false) at sql_table.cc:1668
#24 0x0000000000748663 in mysql_rm_table (thd=0x1b9cd90, tables=0x1be3be0, if_exists=1 '\001',
    drop_temporary=0 '\0') at sql_table.cc:1457
#25 0x000000000065db2d in mysql_execute_command (thd=0x1b9cd90) at sql_parse.cc:2880
#26 0x0000000000662156 in mysql_parse (thd=0x1b9cd90, inBuf=0x1be3ae0 "drop table if exists benchtabletest",
    length=35, found_semicolon=0x44088620) at sql_parse.cc:5415
#27 0x000000000065a86d in dispatch_command (command=COM_QUERY, thd=0x1b9cd90, packet=0x1be3b03 "",
    packet_length=35) at sql_parse.cc:953
#28 0x000000000065a056 in do_command (thd=0x1b9cd90) at sql_parse.cc:697
#29 0x0000000000658e10 in handle_one_connection (arg=0x21da) at sql_connect.cc:1145
#30 0x00002af48a52e193 in start_thread () from /lib64/libpthread.so.0
#31 0x00002af48ae8c45d in clone () from /lib64/libc.so.6
#32 0x0000000000000000 in ?? ()

How to repeat:
Run mysql-bench test for 6.0.4-alpha.
[7 Dec 2007 19:56] Kevin Lewis 
Jim, The RecordLocatorPage is corrupt.  You recently made a change that self-heals the corrupted RecordLocatorPage if (slot < nextSlot).  

The assert that fails is;     VALIDIF(nextSlot == slot);  

So it must be that(nextSlot > slot);

Maybe this case can be self-healed as well.
[14 Dec 2007 20:27] Jim Starkey 
Probably was an apparent double recovery.  In any case, Falcon was
trying to delete a record from an empty record locator page, which
lead to bad things.
[14 Dec 2007 20:27] Jim Starkey 
Probably was an apparent double recovery.  In any case, Falcon was
trying to delete a record from an empty record locator page, which
lead to bad things.
[25 Feb 2008 19:32] Kevin Lewis 
Patch is in mysql-6.0-release version 6.0.4
[5 May 2008 14:52] Paul DuBois 
Noted in 6.0.4 changelog.

Falcon tried to delete a record from an empty record locator page, 
which could cause a server crash.