Bug #60682 | deadlock from thd_security_context | ||
---|---|---|---|
Submitted: | 28 Mar 2011 21:25 | Modified: | 24 Jul 2012 14:44 |
Reporter: | Mark Callaghan | Email Updates: | |
Status: | Closed | Impact on me: | |
Category: | MySQL Server | Severity: | S1 (Critical) |
Version: | 5.1.47, 5.1.57 | OS: | Any |
Assigned to: | CPU Architecture: | Any | |
Tags: | Contribution, deadlock |
[28 Mar 2011 21:25]
Mark Callaghan
[28 Mar 2011 21:28]
Mark Callaghan
Thread stacks for the hang from poor mans profiler: 10 pthread_cond_wait@@GLIBC_2.3.2,safe_cond_wait,os_event_wait_low,os_aio_simulated_handle,fil_aio_wait,io_handler_thread,start_thread,clone 1 select,os_thread_sleep,srv_monitor_thread,start_thread,clone 1 select,handle_connections_sockets,main,select 1 read,vio_read,my_real_read,my_net_read,do_command,handle_one_connection,start_thread,clone 1 pthread_cond_wait@@GLIBC_2.3.2,safe_cond_wait,os_event_wait_low,sync_array_wait_event,mutex_spin_wait,mutex_enter_func,trx_allocate_for_mysql,innobase_trx_allocate,ha_innodb::delete_table,handler::ha_delete_table,ha_delete_table,mysql_rm_table_part2,mysql_rm_table,mysql_execute_command,mysql_parse,dispatch_command,do_command,handle_one_connection,start_thread,clone 1 pthread_cond_wait@@GLIBC_2.3.2,safe_cond_wait,os_event_wait_low,sync_array_wait_event,mutex_spin_wait,mutex_enter_func,srv_refresh_innodb_monitor_stats,srv_error_monitor_thread,start_thread,clone 1 pthread_cond_wait@@GLIBC_2.3.2,safe_cond_wait,os_event_wait_low,sync_array_wait_event,mutex_spin_wait,mutex_enter_func,srv_lock_timeout_thread,start_thread,clone 1 pthread_cond_wait@@GLIBC_2.3.2,safe_cond_wait,os_event_wait_low,sync_array_wait_event,mutex_spin_wait,mutex_enter_func,row_drop_tables_for_mysql_in_background,srv_master_thread,start_thread,clone 1 __lll_mutex_lock_wait,_L_mutex_lock_1133,pthread_mutex_lock,safe_mutex_lock,wait_for_condition,open_table,open_tables,open_and_lock_tables_derived,open_and_lock_tables,execute_sqlcom_select,mysql_execute_command,mysql_parse,dispatch_command,do_command,handle_one_connection,start_thread,clone 1 __lll_mutex_lock_wait,_L_mutex_lock_1133,pthread_mutex_lock,safe_mutex_lock,thd_security_context,innobase_mysql_print_thd,trx_print,lock_print_info_all_transactions,srv_printf_innodb_monitor,innodb_show_status,innobase_show_status,ha_show_status,mysql_execute_command,mysql_parse,dispatch_command,do_command,handle_one_connection,start_thread,clone 1 __lll_mutex_lock_wait,_L_mutex_lock_1133,pthread_mutex_lock,safe_mutex_lock,THD::awake,kill_one_thread,sql_kill,mysql_execute_command,mysql_parse,dispatch_command,do_command,handle_one_connection,start_thread,clone 1 do_sigwait,sigwait,signal_hand,start_thread,clone
[28 Mar 2011 21:36]
Mark Callaghan
Argh, I posted these in the wrong bug There was another problem that shows up in a variation of this deadlock: connection doing row_drop_table_for_mysql -- has dictionary lock -- waiting for kernel_mutex connection doing SELECT from renamed table (without deadlock statement should error) -- has LOCK_open -- waiting for dictionary lock in dict_table_get connection doing SHOW INNODB STATUS -- has kernel_mutex -- waiting for LOCK_thd_data in thd_security_context connection doing KILL tid -- has LOCK_thd_data -- waiting for LOCK_open purge_thread -- waiting in row_mysql_free_data_dictionary pthread_cond_wait@@GLIBC_2.3.2,os_event_wait_low,sync_array_wait_event,rw_lock_s_lock_spin,row_mysql_freeze_data_dictionary_func,row_purge_step,que_run_threads,trx_purge,srv_master_thread,start_thread,clone -- waiting on rw_lock_s_lock_func(&dict_operation_lock, ... pthread_cond_wait@@GLIBC_2.3.2,os_event_wait_low,sync_array_wait_event,mutex_spin_wait,dict_table_get,ha_innobase::open_internal,handler::ha_open,open_table_from_share,open_unireg_entry,open_table,open_tables,open_and_lock_tables_derived,execute_sqlcom_select,mysql_execute_command,mysql_parse,dispatch_command,do_command,handle_one_connection,start_thread,clone -- waiting on dict->sys_mutex __lll_mutex_lock_wait,_L_mutex_lock_1133,pthread_mutex_lock,thd_security_context,innobase_mysql_print_thd,lock_print_info_all_transactions,srv_printf_innodb_transaction,innodb_show_status,innobase_show_status,ha_show_status,mysql_execute_command,mysql_parse,dispatch_command,do_command,handle_one_connection,start_thread,clone __lll_mutex_lock_wait,_L_mutex_lock_1133,pthread_mutex_lock,THD::awake,kill_one_thread,sql_kill,mysql_execute_command,mysql_parse,dispatch_command,do_command,handle_one_connection,start_thread,clone
[28 Mar 2011 21:37]
Mark Callaghan
These are from unmodified MySQL 5.1.47 Stack for thread stuck doing KILL Thread 2 (Thread 1230346560 (LWP 28363)): #0 0x00000031ef20c888 in __lll_mutex_lock_wait () from /lib64/libpthread.so.0 #1 0x00000031ef208911 in _L_mutex_lock_1133 () from /lib64/libpthread.so.0 #2 0x00000031ef20886a in pthread_mutex_lock () from /lib64/libpthread.so.0 #3 0x0000000000908301 in safe_mutex_lock (mp=0xebc780, try_lock=0 '\0', file=0x9fa378 "sql_class.cc", line=1154) at thr_mutex.c:149 #4 0x0000000000619ecf in THD::awake (this=0x3e686d0, state_to_set=THD::KILL_QUERY) at sql_class.cc:1154 #5 0x000000000063d7bf in kill_one_thread (thd=0x3eae310, id=3, only_kill_query=true) at sql_parse.cc:7038 #6 0x000000000063d866 in sql_kill (thd=0x3eae310, id=3, only_kill_query=true) at sql_parse.cc:7063 #7 0x0000000000649561 in mysql_execute_command (thd=0x3eae310) at sql_parse.cc:4031 #8 0x000000000064c899 in mysql_parse (thd=0x3eae310, inBuf=0x3e682c0 "KILL QUERY 3", length=12, found_semicolon=0x49558ee0) at sql_parse.cc:5986 #9 0x000000000064e155 in dispatch_command (command=COM_QUERY, thd=0x3eae310, packet=0x3eb0db1 "KILL QUERY 3", packet_length=12) at sql_parse.cc:1233 #10 0x000000000064f5b1 in do_command (thd=0x3eae310) at sql_parse.cc:874 #11 0x000000000063b89b in handle_one_connection (arg=0x3eae310) at sql_connect.cc:1134 #12 0x00000031ef2062f7 in start_thread () from /lib64/libpthread.so.0 #13 0x00000031ee6d1e3d in clone () from /lib64/libc.so.6 stack for thread running DROP TABLE Thread 3 (Thread 1230080320 (LWP 28362)): #0 0x00000031ef20a496 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0 #1 0x0000000000908674 in safe_cond_wait (cond=0x32d7648, mp=0x32d75d0, file=0x2aaaaadefa30 "os/os0sync.c", line=399) at thr_mutex.c:237 #2 0x00002aaaaad50235 in os_event_wait_low (event=0x32d75d0, reset_sig_count=1) at os/os0sync.c:399 #3 0x00002aaaaadb461a in sync_array_wait_event (arr=0x32d6920, index=2) at sync/sync0arr.c:451 #4 0x00002aaaaadb6777 in mutex_spin_wait (mutex=0x32d7588, file_name=0x2aaaaae000e8 "trx/trx0trx.c", line=200) at sync/sync0sync.c:609 #5 0x00002aaaaadcae46 in mutex_enter_func (mutex=0x32d7588, file_name=0x2aaaaae000e8 "trx/trx0trx.c", line=200) at ./include/sync0sync.ic:221 #6 0x00002aaaaadcad04 in trx_allocate_for_mysql () at trx/trx0trx.c:200 #7 0x00002aaaaad1dc14 in innobase_trx_allocate (thd=0x3e7dc50) at handler/ha_innodb.cc:1314 #8 0x00002aaaaad22cae in ha_innodb::delete_table (this=0x3e85370, name=0x49516090 "./test/t1") at handler/ha_innodb.cc:6906 #9 0x00000000007816fd in handler::ha_delete_table (this=0x3e85370, name=0x49516090 "./test/t1") at handler.cc:3373 #10 0x00000000007876f3 in ha_delete_table (thd=0x3e7dc50, table_type=0x32d9eb0, path=0x49516090 "./test/t1", db=0x3e85a60 "test", alias=0x3e8c910 "t1", generate_warning=true) at handler.cc :1996 #11 0x00000000007b27cc in mysql_rm_table_part2 (thd=0x3e7dc50, tables=0x3ec1310, if_exists=false, drop_temporary=false, drop_view=false, dont_log_query=false) at sql_table.cc:2059 #12 0x00000000007b2dc6 in mysql_rm_table (thd=0x3e7dc50, tables=0x3ec1310, if_exists=0 '\0', drop_temporary=0 '\0') at sql_table.cc:1833 #13 0x0000000000647318 in mysql_execute_command (thd=0x3e7dc50) at sql_parse.cc:3400 #14 0x000000000064c899 in mysql_parse (thd=0x3e7dc50, inBuf=0x3e81d40 "drop table t1", length=13, found_semicolon=0x49517ee0) at sql_parse.cc:5986 #15 0x000000000064e155 in dispatch_command (command=COM_QUERY, thd=0x3e7dc50, packet=0x3ea62f1 "drop table t1", packet_length=13) at sql_parse.cc:1233 #16 0x000000000064f5b1 in do_command (thd=0x3e7dc50) at sql_parse.cc:874 #17 0x000000000063b89b in handle_one_connection (arg=0x3e7dc50) at sql_connect.cc:1134 stack for SHOW INNODB STATUS Thread 4 (Thread 1229814080 (LWP 28361)): #0 0x00000031ef20c888 in __lll_mutex_lock_wait () from /lib64/libpthread.so.0 #1 0x00000031ef208911 in _L_mutex_lock_1133 () from /lib64/libpthread.so.0 #2 0x00000031ef20886a in pthread_mutex_lock () from /lib64/libpthread.so.0 #3 0x0000000000908301 in safe_mutex_lock (mp=0x3e69440, try_lock=0 '\0', file=0x9fa378 "sql_class.cc", line=413) at thr_mutex.c:149 #4 0x000000000061c350 in thd_security_context (thd=0x3e686d0, buffer=0x494d4800 "MySQL thread id 3, query id 17 localhost 127.0.0.1 root Waiting for table", length=1024, max_query_len=600 ) at sql_class.cc:413 #5 0x00002aaaaad21583 in innobase_mysql_print_thd (f=0x3885da0, thd=0x3e686d0, max_query_len=600) at handler/ha_innodb.cc:894 #6 0x00002aaaaadce313 in trx_print (f=0x3885da0, trx=0x3ebd818, max_query_len=600) at trx/trx0trx.c:1747 #7 0x00002aaaaad393cb in lock_print_info_all_transactions (file=0x3885da0) at lock/lock0lock.c:4462 #8 0x00002aaaaadae1a4 in srv_printf_innodb_monitor (file=0x3885da0, nowait=0, trx_start=0x494d5310, trx_end=0x494d5308) at srv/srv0srv.c:1761 #9 0x00002aaaaad1de0d in innodb_show_status (hton=0x32d9eb0, thd=0x3e73190, stat_print=0x77f52a <stat_print>) at handler/ha_innodb.cc:8671 #10 0x00002aaaaad1e104 in innobase_show_status (hton=0x32d9eb0, thd=0x3e73190, stat_print=0x77f52a <stat_print>, stat_type=HA_ENGINE_STATUS) at handler/ha_innodb.cc:8914 #11 0x0000000000780f12 in ha_show_status (thd=0x3e73190, db_type=0x32d9eb0, stat=HA_ENGINE_STATUS) at handler.cc:4448 #12 0x00000000006446a4 in mysql_execute_command (thd=0x3e73190) at sql_parse.cc:2482 #13 0x000000000064c899 in mysql_parse (thd=0x3e73190, inBuf=0x3ec1660 "SHOW INNODB STATUS", length=18, found_semicolon=0x494d6ee0) at sql_parse.cc:5986 #14 0x000000000064e155 in dispatch_command (command=COM_QUERY, thd=0x3e73190, packet=0x3e75c31 "", packet_length=18) at sql_parse.cc:1233 #15 0x000000000064f5b1 in do_command (thd=0x3e73190) at sql_parse.cc:874 #16 0x000000000063b89b in handle_one_connection (arg=0x3e73190) at sql_connect.cc:1134 Stack for SELECT Thread 5 (Thread 1229547840 (LWP 28360)): #0 0x00000031ef20c888 in __lll_mutex_lock_wait () from /lib64/libpthread.so.0 #1 0x00000031ef208911 in _L_mutex_lock_1133 () from /lib64/libpthread.so.0 #2 0x00000031ef20886a in pthread_mutex_lock () from /lib64/libpthread.so.0 #3 0x0000000000908301 in safe_mutex_lock (mp=0x3e66b88, try_lock=0 '\0', file=0xa5d235 "sql_base.cc", line=2195) at thr_mutex.c:149 #4 0x0000000000694f49 in wait_for_condition (thd=0x3e686d0, mutex=0xebc780, cond=0xebd280) at sql_base.cc:2195 #5 0x000000000069b324 in open_table (thd=0x3e686d0, table_list=0x3ec0ef0, mem_root=0x49493e30, refresh=0x49493ebf, flags=0) at sql_base.cc:2847 #6 0x000000000069c751 in open_tables (thd=0x3e686d0, start=0x49493f30, counter=0x49493f74, flags=0) at sql_base.cc:4605 #7 0x000000000069d0db in open_and_lock_tables_derived (thd=0x3e686d0, tables=0x3ec0ef0, derived=true) at sql_base.cc:5023 #8 0x0000000000650802 in open_and_lock_tables (thd=0x3e686d0, tables=0x3ec0ef0) at mysql_priv.h:1564 #9 0x0000000000642ee3 in execute_sqlcom_select (thd=0x3e686d0, all_tables=0x3ec0ef0) at sql_parse.cc:5032 #10 0x0000000000643dae in mysql_execute_command (thd=0x3e686d0) at sql_parse.cc:2263 #11 0x000000000064c899 in mysql_parse (thd=0x3e686d0, inBuf=0x3e66a90 "select i from t2", length=16, found_semicolon=0x49495ee0) at sql_parse.cc:5986 #12 0x000000000064e155 in dispatch_command (command=COM_QUERY, thd=0x3e686d0, packet=0x3e6b171 "select i from t2", packet_length=16) at sql_parse.cc:1233 #13 0x000000000064f5b1 in do_command (thd=0x3e686d0) at sql_parse.cc:874 #14 0x000000000063b89b in handle_one_connection (arg=0x3e686d0) at sql_connect.cc:1134
[28 Mar 2011 21:41]
Mark Callaghan
diff to add sleeps
Attachment: bd1 (application/octet-stream, text), 4.28 KiB.
[4 Apr 2011 18:56]
Mark Callaghan
suggested fix applied to facebook pached version of 5.1.52
Attachment: b60682.patch (application/octet-stream, text), 1.80 KiB.
[8 Jun 2011 10:18]
MySQL Verification Team
repeated a hangup., some info from my case. I'll migrate bug to oracle bugdb soon.
Attachment: bug60682_preliminary_info.txt (text/plain), 9.67 KiB.
[8 Jun 2011 10:28]
MySQL Verification Team
testcase. run against unpatched server to repeat in seconds. edit hardcoded ip, user, password in file.
Attachment: bug60682.c (text/plain), 7.07 KiB.
[9 Apr 2012 18:52]
MySQL Verification Team
https://github.com/twitter/mysql/wiki/Change-History#wiki-5.5.21.t4 "Bug#60682: deadlock from thd_security_context In order to avoid a deadlock-prone lock order, the query of a session associated with an active transaction is no longer displayed in the output of SHOW ENGINE INNODB STATUS. "
[18 Apr 2012 5:41]
zhai weixiang
hi, Shane i had run your testcase on mysql5.5.18,and server was crashed here is part of error log: 1584376 connection_count=31 1584377 It is possible that mysqld could use up to 1584378 key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 180418 K 1584379 bytes of memory 1584380 Hope that's ok; if not, decrease some variables in the equation. 1584381 1584382 Thread pointer: 0x7fbf18060dd0 1584383 Attempting backtrace. You can use the following information to find out 1584384 where mysqld died. If you see no messages after this, something went 1584385 terribly wrong... 1584386 stack_bottom = 0x4c22a0f8 thread_stack 0x80000 1584387 /u01/mysql/bin/mysqld(my_print_stacktrace+0x39)[0x7cac19] 1584388 /u01/mysql/bin/mysqld(handle_segfault+0x36d)[0x4ebf5d] 1584389 /lib64/libpthread.so.0[0x3e6380e7c0] 1584390 /lib64/libc.so.6(memcpy+0xa0)[0x3e6307be50] 1584391 /u01/mysql/bin/mysqld(_mi_rec_pack+0x2bc)[0x93b42c] 1584392 /u01/mysql/bin/mysqld(_mi_write_blob_record+0x9d)[0x93e23d] 1584393 /u01/mysql/bin/mysqld(mi_write+0x86f)[0x95719f] 1584394 /u01/mysql/bin/mysqld(_ZN9ha_myisam9write_rowEPh+0x43)[0x925b43] 1584395 /u01/mysql/bin/mysqld(_ZN7handler12ha_write_rowEPh+0x5f)[0x689c7f] 1584396 /u01/mysql/bin/mysqld(_Z23fill_schema_processlistP3THDP10TABLE_LISTP4Item+0x44d)[0x5c000d] 1584397 /u01/mysql/bin/mysqld(_Z24get_schema_tables_resultP4JOIN23enum_schema_table_state+0x211)[0x5ac7a1] 1584398 /u01/mysql/bin/mysqld(_ZN4JOIN4execEv+0x406)[0x5a7a16] 1584399 /u01/mysql/bin/mysqld(_Z12mysql_selectP3THDPPP4ItemP10TABLE_LISTjR4ListIS1_ES2_jP8st_orderSB_S2_SB_yP13select_resultP18st_select_lex_unitP13st_select_lex+0x192) [0x5a9d52] 1584400 /u01/mysql/bin/mysqld(_Z13handle_selectP3THDP3LEXP13select_resultm+0x1cb)[0x5aa77b] 1584401 /u01/mysql/bin/mysqld[0x566370] 1584402 /u01/mysql/bin/mysqld(_Z21mysql_execute_commandP3THD+0x17b0)[0x569130] 1584403 /u01/mysql/bin/mysqld(_Z11mysql_parseP3THDPcjP12Parser_state+0x3ad)[0x56e63d] 1584404 /u01/mysql/bin/mysqld(_Z16dispatch_command19enum_server_commandP3THDPcj+0x13ca)[0x56fa1a] 1584405 /u01/mysql/bin/mysqld(_Z10do_commandP3THD+0x106)[0x56fd76] 1584406 /u01/mysql/bin/mysqld(_Z24do_handle_one_connectionP3THD+0x125)[0x60c8a5] 1584407 /u01/mysql/bin/mysqld(handle_one_connection+0x4c)[0x60c9cc] 1584408 /lib64/libpthread.so.0[0x3e638064a7] 1584409 /lib64/libc.so.6(clone+0x6d)[0x3e630d3c2d] 1584410 1584411 Trying to get some variables. 1584412 Some pointers may be invalid and cause the dump to abort. 1584413 Query (0x7fbf1402a6c0): select id from information_schema.processlist where id<>connection_id() and info like 'select%' order by rand() limit 1 into @a 1584414 Connection ID (thread ID): 535231 1584415 Status: NOT_KILLED
[18 Apr 2012 5:59]
MySQL Verification Team
Then it seems bugs like http://bugs.mysql.com/bug.php?id=53822 are still in the wild..
[18 Apr 2012 6:01]
MySQL Verification Team
But i'll not trust 5.5.18. Let's wait until this bug is fixed and test 5.5.24 or 5.5.25..
[7 May 2012 14:25]
MySQL Verification Team
Still repeatable on 5.1.62 builtin innodb, even when running in valgrind. I haven't repeated this in 5.5.23 yet.
[24 Jul 2012 14:44]
Paul DuBois
Noted in 5.1.64, 5.5.26, 5.6.6 changelogs. Sessions could end up deadlocked when executing a combination of SELECT, DROP TABLE, KILL, and SHOW ENGINE INNODB STATUS.
[14 Aug 2012 13:17]
zhai weixiang
hi Shane I've tested MySQL5.5.27 using your test case and the server was crashed again. part of backtrace: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fff90439700 (LWP 28546)] 0x00000038888885d0 in memcpy () from /lib64/libc.so.6 Missing separate debuginfos, use: debuginfo-install glibc-2.12-1.25.el6.x86_64 libgcc-4.4.5-6.el6.x86_64 nss-softokn-freebl-3.12.9-3.el6.x86_64 (gdb) bt #0 0x00000038888885d0 in memcpy () from /lib64/libc.so.6 #1 0x00000000008df488 in _mi_rec_pack (info=0x7fff6400d660, to=0x7ffec396821b "Writ", from=0x7fff6400cff2 "Writing to net") at /u01/project/mysql-5.5.27/storage/myisam/mi_dynrec.c:997 #2 0x00000000008e26ad in _mi_write_blob_record (info=0x7fff6400d660, record=0x7fff6400ce00 "\374\022\251\002") at /u01/project/mysql-5.5.27/storage/myisam/mi_dynrec.c:289 #3 0x00000000008fb3d3 in mi_write (info=0x7fff6400d660, record=<value optimized out>) at /u01/project/mysql-5.5.27/storage/myisam/mi_write.c:142 #4 0x000000000067fc29 in handler::ha_write_row (this=0x7fff640057d8, buf=0x7fff6400ce00 "\374\022\251\002") at /u01/project/mysql-5.5.27/sql/handler.cc:5128 #5 0x00000000005c7ede in schema_table_store_record (thd=0x40f9990, tables=<value optimized out>, cond=<value optimized out>) at /u01/project/mysql-5.5.27/sql/sql_show.cc:2403 #6 fill_schema_processlist (thd=0x40f9990, tables=<value optimized out>, cond=<value optimized out>) at /u01/project/mysql-5.5.27/sql/sql_show.cc:1981 #7 0x00000000005b9c1e in do_fill_table (join=0x7fff64010970, executed_place=PROCESSED_BY_JOIN_EXEC) at /u01/project/mysql-5.5.27/sql/sql_show.cc:6851 #8 get_schema_tables_result (join=0x7fff64010970, executed_place=PROCESSED_BY_JOIN_EXEC) at /u01/project/mysql-5.5.27/sql/sql_show.cc:6957 #9 0x00000000005b54bd in JOIN::exec (this=0x7fff64010970) at /u01/project/mysql-5.5.27/sql/sql_select.cc:1911 #10 0x00000000005b1839 in mysql_select (thd=0x40f9990, rref_pointer_array=<value optimized out>, tables=<value optimized out>, wild_num=0, fields=<value optimized out>, conds=<value optimized out>, og_num=1, order=0x7fff64001b48, group=0x0, having=0x0, proc_param=0x0, select_options=2684619520, result=0x7fff64001c10, unit=0x40fb380, select_lex=0x40fb9a0) at /u01/project/mysql-5.5.27/sql/sql_select.cc:2585 #11 0x00000000005b73d5 in handle_select (thd=0x40f9990, lex=0x40fb2d0, result=0x7fff64001c10, setup_tables_done_option=0) at /u01/project/mysql-5.5.27/sql/sql_select.cc:297 #12 0x00000000005753b8 in execute_sqlcom_select (thd=0x40f9990, all_tables=0x7fff64000ce8) at /u01/project/mysql-5.5.27/sql/sql_parse.cc:4590 #13 0x0000000000579612 in mysql_execute_command (thd=0x40f9990) at /u01/project/mysql-5.5.27/sql/sql_parse.cc:2151 #14 0x000000000057cbfb in mysql_parse (thd=0x40f9990, rawbuf=<value optimized out>, length=128, parser_state=0x7fff90438bd0) at /u01/project/mysql-5.5.27/sql/sql_parse.cc:5627 #15 0x000000000057dfa8 in dispatch_command (command=COM_QUERY, thd=0x40f9990, packet=<value optimized out>, packet_length=2420346040) at /u01/project/mysql-5.5.27/sql/sql_parse.cc:1037 #16 0x0000000000618d8d in do_handle_one_connection (thd_arg=<value optimized out>) at /u01/project/mysql-5.5.27/sql/sql_connect.cc:840 #17 0x0000000000618eac in handle_one_connection (arg=0x4100b80) at /u01/project/mysql-5.5.27/sql/sql_connect.cc:759 #18 0x0000003888c077e1 in start_thread () from /lib64/libpthread.so.0 #19 0x00000038888e68ed in clone () from /lib64/libc.so.6
[14 Aug 2012 13:25]
MySQL Verification Team
I'll have to retest current sources with that testcase and report back... Most likely I'll file a new bug report, it looks like another problem.
[30 Aug 2012 5:49]
Laurynas Biveinis
5.5.26 change log notes that this bug was fixed in this version, but bzr history shows only a null-merge from 5.1 (5.1 rev 2661.810.18 and 5.5 rev 3835). Bzr history search does not show any other results for neither public nor internal bug number. So was 5.5 fixed in some other revision that did not mention the bug number? Or is this a case similar to bug 64432 where null merge lost a fix of bug 54330?
[14 Sep 2012 8:33]
zhai weixiang
hi, Shane, I've filed the bug here(http://bugs.mysql.com/bug.php?id=66412) and it was verified recently
[9 Sep 2013 11:46]
Przemyslaw Malkowski
I can repeat similar crash on MySQL 5.5.33 community, official tarball, after about 20 minutes running the test case provided in bug60682.c. Thread pointer: 0x27ada80 Attempting backtrace. You can use the following information to find out where mysqld died. If you see no messages after this, something went terribly wrong... stack_bottom = 7f1349cf2e58 thread_stack 0x40000 /home/sandbox/tarballs/oracle5.5.33/bin/mysqld(my_print_stacktrace+0x35)[0x7a2e65] /home/sandbox/tarballs/oracle5.5.33/bin/mysqld(handle_fatal_signal+0x403)[0x671393] /lib64/libpthread.so.0[0x31b960f000] /lib64/libc.so.6[0x31b934b100] /home/sandbox/tarballs/oracle5.5.33/bin/mysqld(_mi_rec_pack+0x323)[0x905973] /home/sandbox/tarballs/oracle5.5.33/bin/mysqld(_mi_write_blob_record+0x53)[0x906eb3] /home/sandbox/tarballs/oracle5.5.33/bin/mysqld(mi_write+0x848)[0x920df8] /home/sandbox/tarballs/oracle5.5.33/bin/mysqld(_ZN7handler12ha_write_rowEPh+0x5c)[0x6766ec] /home/sandbox/tarballs/oracle5.5.33/bin/mysqld(_Z25schema_table_store_recordP3THDP5TABLE+0x23)[0x5bb1e3] /home/sandbox/tarballs/oracle5.5.33/bin/mysqld(_Z23fill_schema_processlistP3THDP10TABLE_LISTP4Item+0x5db)[0x5cb36b] /home/sandbox/tarballs/oracle5.5.33/bin/mysqld(_Z24get_schema_tables_resultP4JOIN23enum_schema_table_state+0x256)[0x5baac6] /home/sandbox/tarballs/oracle5.5.33/bin/mysqld(_ZN4JOIN4execEv+0x5ed)[0x5b588d] /home/sandbox/tarballs/oracle5.5.33/bin/mysqld(_Z12mysql_selectP3THDPPP4ItemP10TABLE_LISTjR4ListIS1_ES2_jP8st_orderSB_S2_SB_yP13select_resultP18st_select_lex_unitP13st_select_lex+0x1c3)[0x5b1913] /home/sandbox/tarballs/oracle5.5.33/bin/mysqld(_Z13handle_selectP3THDP3LEXP13select_resultm+0x179)[0x5b76a9] /home/sandbox/tarballs/oracle5.5.33/bin/mysqld[0x574b51] /home/sandbox/tarballs/oracle5.5.33/bin/mysqld(_Z21mysql_execute_commandP3THD+0x250b)[0x57a50b] /home/sandbox/tarballs/oracle5.5.33/bin/mysqld(_Z11mysql_parseP3THDPcjP12Parser_state+0x18a)[0x57c84a] /home/sandbox/tarballs/oracle5.5.33/bin/mysqld(_Z16dispatch_command19enum_server_commandP3THDPcj+0x1363)[0x57e433] /home/sandbox/tarballs/oracle5.5.33/bin/mysqld(_Z24do_handle_one_connectionP3THD+0x167)[0x6161a7] /home/sandbox/tarballs/oracle5.5.33/bin/mysqld(handle_one_connection+0x54)[0x616214] /lib64/libpthread.so.0[0x31b9607d15] /lib64/libc.so.6(clone+0x6d)[0x31b92f253d] Trying to get some variables. Some pointers may be invalid and cause the dump to abort. Query (7f12f80008d0): select id from information_schema.processlist where id<>connection_id() and info like 'select%' order by rand() limit 1 into @a Connection ID (thread ID): 1045965 Status: NOT_KILLED The other bug #66412 is already not visible, so how can I follow it's progress for 5.5.x?
[23 Sep 2014 16:00]
MySQL Verification Team
I can not repeat any problems with the testcase on 5.6.20.
[26 Sep 2014 8:02]
Laurynas Biveinis
Something has been fixed in 5.7.5: revno: 7646 committer: Jon Olav Hauglid <jon.hauglid@oracle.com> branch nick: mysql-trunk-bug17606098 timestamp: Thu 2014-03-06 12:15:07 +0100 message: Bug#17606098: DEADLOCK INVOLVING SRV_MONITOR_THREAD AND LOCK_THD_DATA This deadlock involved LOCK_thd_data and InnoDB's trx_sys mutex. It could occur if InnoDB code (e.g. the srv_monitor_thread) called thd_security_context() while having trx_sys locked and at the same time the server tried to notify InnoDB about a deadlock (which involves calling mysql_lock_abort_for_thread() while holding LOCK_thd_data). This could lead to deadlock if mysql_lock_abort_for_thread() lead to trx_allocate_for_mysql() being called inside InnoDB. This very rarely happens - the problem was found with RQG and is very difficult to reproduce. This patch solves the problem by splitting LOCK_thd_data so that a separate new mutex LOCK_thd_query protects the query string accessed by thd_security_context(). The patch also strengthens the protection of the query string by enforcing that it can only be set by the owner thread and that this requires locking of LOCK_thd_query. Reading the query string can be done by the owner thread without holding LOCK_thd_query but other threads reading the query string have to have LOCK_thd_query locked. This also solves a separate problem where other threads could read the query string while it was being deleted by the owner thread. Finally, the patch updates the performance schema mutex heuristics - including correcting an issue introduced by WL#6369.
[23 Dec 2014 17:54]
MySQL Verification Team
A few months ago I wrote "I can not repeat any problems with the testcase on 5.6.20." however this is not true. I got a crash on 5.6.20+ASAN today. I will need to test latest 5.6.23 next. ==17860==ERROR: AddressSanitizer: heap-use-after-free on address 0x6020000df270 at pc 0x7ffff7156118 bp 0x7fffb877a790 sp 0x7fffb877a768 READ of size 2 at 0x6020000df270 thread T1275 #0 0x7ffff7156117 in __interceptor_strlen ../../.././libsanitizer/asan/asan_interceptors.cc:518 #1 0xadda69 in fill_schema_processlist(THD*, TABLE_LIST*, Item*) ./mysqlcom-pro-5.6.20/sql/sql_show.cc:2215 #2 0xad9d2f in do_fill_table ./mysqlcom-pro-5.6.20/sql/sql_show.cc:7330 #3 0xad9d2f in get_schema_tables_result(JOIN*, enum_schema_table_state) ./mysqlcom-pro-5.6.20/sql/sql_show.cc:7431 #4 0xa75cb4 in JOIN::prepare_result(List<Item>**) ./mysqlcom-pro-5.6.20/sql/sql_select.cc:823 #5 0x994b3b in JOIN::exec() ./mysqlcom-pro-5.6.20/sql/sql_executor.cc:116 #6 0xcf8372 in subselect_single_select_engine::exec() ./mysqlcom-pro-5.6.20/sql/item_subselect.cc:2819 #7 0xcfd0b3 in Item_subselect::exec() ./mysqlcom-pro-5.6.20/sql/item_subselect.cc:642 #8 0xcfaaea in Item_singlerow_subselect::val_int() ./mysqlcom-pro-5.6.20/sql/item_subselect.cc:1081 #9 0x751a85 in Item_func_set_user_var::check(bool) ./mysqlcom-pro-5.6.20/sql/item_func.cc:4951 #10 0x88dfa2 in set_var_user::check(THD*) ./mysqlcom-pro-5.6.20/sql/set_var.cc:706 #11 0x891837 in sql_set_variables(THD*, List<set_var_base>*) ./mysqlcom-pro-5.6.20/sql/set_var.cc:566 #12 0xa1268c in mysql_execute_command(THD*) ./mysqlcom-pro-5.6.20/sql/sql_parse.cc:3713 #13 0xa1e607 in mysql_parse(THD*, char*, unsigned int, Parser_state*) ./mysqlcom-pro-5.6.20/sql/sql_parse.cc:6245 #14 0xa22439 in dispatch_command(enum_server_command, THD*, char*, unsigned int) ./mysqlcom-pro-5.6.20/sql/sql_parse.cc:1332 #15 0x979601 in do_handle_one_connection(THD*) ./mysqlcom-pro-5.6.20/sql/sql_connect.cc:982 #16 0x979830 in handle_one_connection ./mysqlcom-pro-5.6.20/sql/sql_connect.cc:898 #17 0x1595267 in pfs_spawn_thread ./mysqlcom-pro-5.6.20/storage/perfschema/pfs.cc:1860 #18 0x3537607d13 in start_thread (/lib64/libpthread.so.0+0x3537607d13) #19 0x35372f168c in clone (/lib64/libc.so.6+0x35372f168c)