Bug #46452 Crash in MDL, HANDLER OPEN + TRUNCATE TABLE
Submitted: 29 Jul 2009 17:31 Modified: 26 Aug 2009 4:20
Reporter: Matthias Leich
Status: Closed
Category:Server Severity:S3 (Non-critical)
Version:5.4 OS:Any
Assigned to: Konstantin Osipov Target Version:5.4+
Triage: Triaged: D1 (Critical)

[29 Jul 2009 17:31] Matthias Leich 
Description:
Crash found when running a RQG test:
------------------------------------
Thread 1 (process 10555):
#0  0x00007f3ac5f0dce6 in pthread_kill () from /lib64/libpthread.so.0
#1  0x0000000000b5466c in my_write_core (sig=6) at stacktrace.c:309
#2  0x00000000006ecf81 in handle_segfault (sig=6) at mysqld.cc:2718
#3  <signal handler called>
#4  0x00007f3ac4e095c5 in raise () from /lib64/libc.so.6
#5  0x00007f3ac4e0abb3 in abort () from /lib64/libc.so.6
#6  0x00007f3ac4e021e9 in __assert_fail () from /lib64/libc.so.6
#7  0x000000000091e716 in notify_shared_lock (thd=0x1f76638,
conflicting_ticket=0x1ff00c0) at mdl.cc:884
#8  0x000000000091eebb in MDL_context::acquire_exclusive_locks (this=0x1f76710) at
mdl.cc:979
#9  0x00000000007ca555 in mysql_truncate (thd=0x1f76638, table_list=0x1fa55f8,
dont_send_ok=false) at sql_delete.cc:1155
#10 0x000000000070203b in mysql_execute_command (thd=0x1f76638) at sql_parse.cc:3327
#11 0x000000000070743e in mysql_parse (thd=0x1f76638, inBuf=0x1fa5300 "TRUNCATE t1_0",
length=13, found_semicolon=0x43c47f30) at sql_parse.cc:5942
#12 0x000000000070805c in dispatch_command (command=COM_QUERY, thd=0x1f76638,
packet=0x1fe0db9 "TRUNCATE t1_0", packet_length=13) at sql_parse.cc:1061
#13 0x000000000070953a in do_command (thd=0x1f76638) at sql_parse.cc:743
#14 0x00000000006f68b3 in handle_one_connection (arg=0x1f76638) at sql_connect.cc:1158
#15 0x00007f3ac5f09040 in start_thread () from /lib64/libpthread.so.0
#16 0x00007f3ac4eaa08d in clone () from /lib64/libc.so.6
#17 0x0000000000000000 in ?? ()

My environment:
- MySQL azalea (5.4)
  ./BUILD/compile-pentium64-debug-max
- Linux OpenSuSE 11.0 (64 Bit)
- Intel Core2Duo

How to repeat:
I will come up with a replay test case soon.
[29 Jul 2009 17:57] Matthias Leich 
--disable_warnings
DROP TABLE IF EXISTS t1;
--enable_warnings

CREATE TABLE t1 AS SELECT 1 AS f1;

HANDLER t1 OPEN;
# Here comes the crash.
TRUNCATE t1;

# Cleanup
DROP TABLE t1;

Behavior in mysql-5.1-bugteam July 2009:
mysqltest: At line 8: query 'TRUNCATE t1' failed: 1105: MyISAM table 't1' is in use (most
likely by a MERGE table). Try FLUSH TABLES.

The result from queries just before the failure was:
DROP TABLE IF EXISTS t1;
CREATE TABLE t1 AS SELECT 1 AS f1;
HANDLER t1 OPEN;

Warnings from just before the error:
Error 1105 MyISAM table 't1' is in use (most likely by a MERGE table). Try FLUSH TABLES.
[29 Jul 2009 20:12] Davi Arnaut 
Very similar (if not a duplicate) of Bug#46224. Different scenarios of the same underlying
problem.
[14 Aug 2009 16:36] Konstantin Osipov 
Davi, disagree with your analysis. Bug#46224 needs concurrency. 
This is a duplicate of Bug#46456.
[19 Aug 2009 16:34] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/81083

2868 Konstantin Osipov	2009-08-19
      Bug#46452 "Crash in MDL, HANDLER OPEN + TRUNCATE TABLE".
      Flush open HANDLER tables before TRUNCATE, which is a DDL.
     @ mysql-test/r/truncate.result
        Update results (Bug#46452)
     @ mysql-test/t/truncate.test
        Add a test case for Bug#46452
[19 Aug 2009 16:34] Konstantin Osipov 
Fixed by the fix for Bug#20667, add a test case.
[19 Aug 2009 16:41] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/81084

2869 Konstantin Osipov	2009-08-19
      Bug#46452 "Crash in MDL, HANDLER OPEN + TRUNCATE TABLE".
      Flush open HANDLER tables before TRUNCATE, which is a DDL.
     @ mysql-test/r/truncate.result
        Update results (Bug#46452)
     @ mysql-test/t/truncate.test
        Add a test case for Bug#46452
[19 Aug 2009 16:41] Konstantin Osipov 
Test case queued into mysql-next-bugfixing
[24 Aug 2009 15:53] Bugs System 
Pushed into 5.4.4-alpha (revid:alik@sun.com-20090824135126-2rngffvth14a8bpj) (version
source revid:kostja@sun.com-20090819143931-2isw4q6hnt8vcn4j) (merge vers: 5.4.4-alpha)
(pib:11)
[26 Aug 2009 4:20] Paul DuBois 
Noted in 5.4.4 changelog.

HANDLER OPEN followed by TRUNCATE TABLE could cause a server crash.
[9 Dec 2009 10:30] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/93283

3010 Konstantin Osipov	2009-12-09
      ----------------------------------------------------------
      revno: 2617.69.33
      committer: Konstantin Osipov <kostja@sun.com>
      branch nick: mysql-next-46452
      timestamp: Wed 2009-08-19 18:39:31 +0400
      message:
        Bug#46452 "Crash in MDL, HANDLER OPEN + TRUNCATE TABLE".
        Flush open HANDLER tables before TRUNCATE, which is a DDL.
     @ mysql-test/r/truncate.result
        Update results for Bug#46452.
     @ mysql-test/t/truncate.test
        Add a test case for Bug#46452 "Crash in MDL, HANDLER OPEN + TRUNCATE TABLE".