Bug #38933 | Falcon crash in Transaction::hasRecords during concurrent DDL | ||
---|---|---|---|
Submitted: | 21 Aug 2008 9:56 | Modified: | 30 Sep 2008 14:13 |
Reporter: | Philip Stoev | Email Updates: | |
Status: | Closed | Impact on me: | |
Category: | MySQL Server: Falcon storage engine | Severity: | S1 (Critical) |
Version: | 6.0 | OS: | Any |
Assigned to: | Vladislav Vaintroub | CPU Architecture: | Any |
[21 Aug 2008 9:56]
Philip Stoev
[21 Aug 2008 10:12]
Vladislav Vaintroub
Philip, could you please publish the full stack trace of all threads? thanks
[21 Aug 2008 10:31]
Philip Stoev
Stack threads for bug 38933
Attachment: bug38933.stacks.txt (text/plain), 34.90 KiB.
[21 Aug 2008 13:18]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/commits/52206 2792 Vladislav Vaintroub 2008-08-21 Bug #38933 - crash if rollback and concurrent DDL operations Problem : Transaction record list is modified and entries of the list are freed during Transaction::rollback.If there is a parallel execution of DDL statement, DDL will traverse the list and can crash accessing freed memory Fix: protect record list on Transaction::rollback. The syncObject for this purpose has always been syncIndexes and it is used here once again. syncIndexes usage is possibly a hack. TODO: have dedicated syncObject for protecting the list.
[22 Aug 2008 20:34]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/commits/52356 2798 Vladislav Vaintroub 2008-08-22 Bug#38933 - Falcon crash in Transaction::hasRecords during concurrent DDL The problem is that Transaction::hasRecords traverses transaction's record list while a concurrent operation (rollback, writeComplete,addRecord) may concurrently modify it. This patch removed whacko-reuse of the Transaction::syncIndexes to protect the record list and introduces new lock Transaction::syncRecords for exactly this purpose. (hopefully) all places where the list is read or modified are now protected by this lock. When the list is freed, firstRecord is set to NULL to prevent crash in parallel Transaction::hasRecords() can crash.
[25 Aug 2008 18:25]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/commits/52482 2798 Vladislav Vaintroub 2008-08-25 Bug#38933 - Falcon crash in Transaction::hasRecords during concurrent DDL The problem is that Transaction::hasRecords traverses transaction's record list while a concurrent operation (rollback, writeComplete,addRecord) may concurrently modify it. This patch removed whacko-reuse of the Transaction::syncIndexes to protect the record list and introduces new lock Transaction::syncRecords for exactly this purpose. Hopefully all places where the list is read or modified are now protected by this lock,except Transaction destructor, where there should be nobody accessing the list concurrently. When the list is freed, firstRecord is set to NULL to prevent crash in parallel Transaction::hasRecords().
[25 Aug 2008 18:31]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/commits/52484 2798 Vladislav Vaintroub 2008-08-25 Bug#38933 - Falcon crash in Transaction::hasRecords during concurrent DDL The problem is that Transaction::hasRecords traverses transaction's record list while a concurrent operation (rollback, writeComplete,addRecord) may concurrently modify it. This patch removed whacko-reuse of the Transaction::syncIndexes to protect the record list and introduces new lock Transaction::syncRecords for exactly this purpose. Hopefully all places where the list is read or modified are now protected by this lock,except Transaction destructor, where there should be nobody accessing the list concurrently. When the list is freed, firstRecord is set to NULL to prevent crash in parallel Transaction::hasRecords().
[28 Aug 2008 4:29]
Bugs System
Pushed into 6.0.7-alpha (revid:vvaintroub@mysql.com-20080825182459-owxl767xkqe4jkf9) (version source revid:vvaintroub@mysql.com-20080827094944-sh582y3m7duhzrpj) (pib:3)
[13 Sep 2008 21:58]
Bugs System
Pushed into 6.0.6-alpha (revid:vvaintroub@mysql.com-20080825182459-owxl767xkqe4jkf9) (version source revid:hakan@mysql.com-20080716105246-eg0utbybp122n2w9) (pib:3)
[30 Sep 2008 14:13]
Jon Stephens
Documented as follows in the 6.0.6 changelog: Trying to execute a DDL statement while a transaction was being rolled back could cause the server to crash.