MySQL Bugs: #46452: Crash in MDL, HANDLER OPEN + TRUNCATE TABLE

Bug #46452	Crash in MDL, HANDLER OPEN + TRUNCATE TABLE
Submitted:	29 Jul 2009 15:31	Modified:	7 Mar 2010 2:04
Reporter:	Matthias Leich	Email Updates:
Status:	Closed	Impact on me:	None
Category:	MySQL Server	Severity:	S3 (Non-critical)
Version:	5.4	OS:	Any
Assigned to:	Konstantin Osipov	CPU Architecture:	Any

Description:
Crash found when running a RQG test:
------------------------------------
Thread 1 (process 10555):
#0  0x00007f3ac5f0dce6 in pthread_kill () from /lib64/libpthread.so.0
#1  0x0000000000b5466c in my_write_core (sig=6) at stacktrace.c:309
#2  0x00000000006ecf81 in handle_segfault (sig=6) at mysqld.cc:2718
#3  <signal handler called>
#4  0x00007f3ac4e095c5 in raise () from /lib64/libc.so.6
#5  0x00007f3ac4e0abb3 in abort () from /lib64/libc.so.6
#6  0x00007f3ac4e021e9 in __assert_fail () from /lib64/libc.so.6
#7  0x000000000091e716 in notify_shared_lock (thd=0x1f76638, conflicting_ticket=0x1ff00c0) at mdl.cc:884
#8  0x000000000091eebb in MDL_context::acquire_exclusive_locks (this=0x1f76710) at mdl.cc:979
#9  0x00000000007ca555 in mysql_truncate (thd=0x1f76638, table_list=0x1fa55f8, dont_send_ok=false) at sql_delete.cc:1155
#10 0x000000000070203b in mysql_execute_command (thd=0x1f76638) at sql_parse.cc:3327
#11 0x000000000070743e in mysql_parse (thd=0x1f76638, inBuf=0x1fa5300 "TRUNCATE t1_0", length=13, found_semicolon=0x43c47f30) at sql_parse.cc:5942
#12 0x000000000070805c in dispatch_command (command=COM_QUERY, thd=0x1f76638, packet=0x1fe0db9 "TRUNCATE t1_0", packet_length=13) at sql_parse.cc:1061
#13 0x000000000070953a in do_command (thd=0x1f76638) at sql_parse.cc:743
#14 0x00000000006f68b3 in handle_one_connection (arg=0x1f76638) at sql_connect.cc:1158
#15 0x00007f3ac5f09040 in start_thread () from /lib64/libpthread.so.0
#16 0x00007f3ac4eaa08d in clone () from /lib64/libc.so.6
#17 0x0000000000000000 in ?? ()

My environment:
- MySQL azalea (5.4)
  ./BUILD/compile-pentium64-debug-max
- Linux OpenSuSE 11.0 (64 Bit)
- Intel Core2Duo

How to repeat:
I will come up with a replay test case soon.

--disable_warnings
DROP TABLE IF EXISTS t1;
--enable_warnings

CREATE TABLE t1 AS SELECT 1 AS f1;

HANDLER t1 OPEN;
# Here comes the crash.
TRUNCATE t1;

# Cleanup
DROP TABLE t1;

Behavior in mysql-5.1-bugteam July 2009:
mysqltest: At line 8: query 'TRUNCATE t1' failed: 1105: MyISAM table 't1' is in use (most likely by a MERGE table). Try FLUSH TABLES.

The result from queries just before the failure was:
DROP TABLE IF EXISTS t1;
CREATE TABLE t1 AS SELECT 1 AS f1;
HANDLER t1 OPEN;

Warnings from just before the error:
Error 1105 MyISAM table 't1' is in use (most likely by a MERGE table). Try FLUSH TABLES.

Very similar (if not a duplicate) of Bug#46224. Different scenarios of the same underlying problem.

Davi, disagree with your analysis. Bug#46224 needs concurrency. 
This is a duplicate of Bug#46456.

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/81083

2868 Konstantin Osipov	2009-08-19
      Bug#46452 "Crash in MDL, HANDLER OPEN + TRUNCATE TABLE".
      Flush open HANDLER tables before TRUNCATE, which is a DDL.
     @ mysql-test/r/truncate.result
        Update results (Bug#46452)
     @ mysql-test/t/truncate.test
        Add a test case for Bug#46452

Fixed by the fix for Bug#20667, add a test case.

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/81084

2869 Konstantin Osipov	2009-08-19
      Bug#46452 "Crash in MDL, HANDLER OPEN + TRUNCATE TABLE".
      Flush open HANDLER tables before TRUNCATE, which is a DDL.
     @ mysql-test/r/truncate.result
        Update results (Bug#46452)
     @ mysql-test/t/truncate.test
        Add a test case for Bug#46452

Test case queued into mysql-next-bugfixing

Pushed into 5.4.4-alpha (revid:alik@sun.com-20090824135126-2rngffvth14a8bpj) (version source revid:kostja@sun.com-20090819143931-2isw4q6hnt8vcn4j) (merge vers: 5.4.4-alpha) (pib:11)

Noted in 5.4.4 changelog.

HANDLER OPEN followed by TRUNCATE TABLE could cause a server crash.

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/93283

3010 Konstantin Osipov	2009-12-09
      ----------------------------------------------------------
      revno: 2617.69.33
      committer: Konstantin Osipov <kostja@sun.com>
      branch nick: mysql-next-46452
      timestamp: Wed 2009-08-19 18:39:31 +0400
      message:
        Bug#46452 "Crash in MDL, HANDLER OPEN + TRUNCATE TABLE".
        Flush open HANDLER tables before TRUNCATE, which is a DDL.
     @ mysql-test/r/truncate.result
        Update results for Bug#46452.
     @ mysql-test/t/truncate.test
        Add a test case for Bug#46452 "Crash in MDL, HANDLER OPEN + TRUNCATE TABLE".

Pushed into 6.0.14-alpha (revid:alik@sun.com-20100216101445-2ofzkh48aq2e0e8o) (version source revid:kostja@sun.com-20091211154405-c9yhiewr9o5d20rq) (merge vers: 6.0.14-alpha) (pib:16)

Pushed into mysql-next-mr (revid:alik@sun.com-20100216101208-33qkfwdr0tep3pf2) (version source revid:kostja@sun.com-20091209092936-s105zxtxd3rw2y8m) (pib:16)

Noted in 6.0.14 changelog.

Setting report to Need Merge pending push of Celosia into release tree.

Pushed into 5.5.3-m3 (revid:alik@sun.com-20100306103849-hha31z2enhh7jwt3) (version source revid:vvaintroub@mysql.com-20100216221947-luyhph0txl2c5tc8) (merge vers: 5.5.99-m3) (pib:16)

Noted in 5.5.3 changelog.

Correction: Not present in any 5.5.x release. 5.5.3 changelog entry removed.