Bug #16805 Events: crash if procedure, function, and time
Submitted: 26 Jan 2006 14:41 Modified: 26 Jun 2006 18:35
Reporter: Peter Gulutzan Email Updates:
Status: Can't repeat Impact on me:
None 
Category:MySQL Server: Stored Routines Severity:S3 (Non-critical)
Version:5.1.6-alpha-debug OS:Linux (SUSE 10.0)
Assigned to: Andrey Hristov CPU Architecture:Any

[26 Jan 2006 14:41] Peter Gulutzan 
Description:
I create an event which invokes a procedure which invokes a function.
I leave it running for 2 to 12 hours.
Crash.
Stack trace:

0x819951a handle_segfault + 494
0xffffe420 _end + -140167152
(nil)
0x83094e7 _ZN7sp_head7executeEP3THD + 1119
0x830a7ec _ZN7sp_head17execute_procedureEP3THDP4ListI4ItemE + 1464
0x8322b12 _ZN11event_timed7executeEP3THDP11st_mem_root + 338
0x831c792 event_executor_worker + 814
0x40050297 _end + 933910151
0x4018b37e _end + 935200622

How to repeat:
  DELIMITER //
  CREATE TABLE t9 (s1 int)//

  CREATE FUNCTION `partition_exists`(p_p_name varchar(64))
  RETURNS int(11)
  return (select count(*) from information_schema.partitions where partition_name = p_p_name) //

  CREATE PROCEDURE p9 ()
  begin
    declare continue handler for sqlexception insert into t9 values (partiton_exists('p2'));
    insert into t9 values (partition_exists('p1'));
    end//
  create event ex on schedule every 1 second do call p9()//
  set global event_scheduler = 1//

Nothing is being inserted into t9; that's expected behaviour.
I'm not sure how long it ran before the crash. At least two hours,
but perhaps many more.
[26 Jan 2006 17:29] MySQL Verification Team 
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1121926064 (LWP 24665)]
0x081fdd14 in Item::delete_self (this=0x8f8f8f8f) at item.h:779
779         cleanup();
(gdb) bt full
#0  0x081fdd14 in Item::delete_self (this=0x8f8f8f8f) at item.h:779
No locals.
#1  0x081f74b9 in Query_arena::free_items (this=0x9241468) at sql_class.cc:1605
        _db_func_ = 0x0
        _db_file_ = 0x0
        next = (class Item *) 0x0
        _db_level_ = 143343420
        _db_framep_ = (char **) 0x924171c
#2  0x0836c4af in sp_head::destroy (this=0x9241468) at sp_head.cc:639
        i = (sp_instr *) 0x0
        lex = (LEX *) 0x91f73f4
        _db_func_ = 0x42df33a8 "è3ßBAG8\bh\024$\t\031[s\b÷\003"
[10 Mar 2006 15:56] Andrey Hristov 
I get this spurious crash too. No idea what is happening it. Maybe because the event's SP is firstly compiled in the connection that creates it, though the mem_root of thd is substituted
[10 Mar 2006 16:10] Andrey Hristov 
Good backtrace from Miguel, 8F means trashed memory, so it's a double free :(
[10 Mar 2006 17:48] Andrey Hristov 
Can't track down the problem because the server crashes with the scenario event without an event . See bug #18140
[25 May 2006 18:53] MySQL Verification Team 
I was unable to repeat anymore this issue running the test
case about 3 hours.

miguel@hegel:~/dbs/mysql-5.1-new> bk changes | head
ChangeSet@1.2188, 2006-05-25 17:58:52+05:00, gluh@eagle.intranet.mysql.r18.ru
  test fix

ChangeSet@1.2186.1.1, 2006-05-25 13:49:25+02:00, pekka@mysql.com
  Merge mysql.com:/space/pekka/ndb/version/my51
  into  mysql.com:/space/pekka/ndb/version/my51-bug14509

ChangeSet@1.2187, 2006-05-25 16:06:43+05:00, gluh@mysql.com
  after merge fix
[7 Jun 2006 22:15] Peter Gulutzan 
The crash does not repeat. However, mysqld is repeatedly displays:

060607 16:12:10 [Warning] SCHEDULER: [`root`@`localhost`][`db78`.`ex`] Out of range value for column 'NODEGROUP' at row -6510615555426900571]

Perhaps this is expected behaviour, but I believe it will make people wonder if something is wrong.
[8 Jun 2006 12:59] Andrey Hristov 
This is a partitioning problem. Reported as bug#20340.
[26 Jun 2006 18:35] Andrey Hristov 
Hello,
the actual cause of the second problem you have found has been found in the partitioning codebase and therefore a new bug report has been created, namely bug#20340 (Paritioning does not obey to column type). Please subscribe to it to keep track of the issue.

Thank you for your reports!