Bug #30251 Falcon corrupts memory, guard bytes overwritten
Submitted: 6 Aug 2007 9:35 Modified: 29 Aug 2007 11:27
Reporter: Christoffer Hall Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Falcon storage engine Severity:S2 (Serious)
Version: OS:Linux
Assigned to: Christoffer Hall CPU Architecture:Any

[6 Aug 2007 9:35] Christoffer Hall 
Description:
When I run Falcon on my laptop memory corruption occurs. This has been verified with the pull from today and on the binary created by bteam. 

The error shows up during shutdown. The log states:

Memory pool corrupted: guard bytes overwritten
Memory

Module  Line    In Use  Space in Use    Deleted Space deleted
Table.cpp       2550    0       0       2971301 273359692
RecordGroup.cpp 100     0       0       29712   15093696
Bitmap.cpp      674     0       0       4805    749580

[SNIP memory output]
Free space:     0
Exception: memory is corrupt: guard bytes overwritten
070806 11:15:36 - mysqld got signal 6;

The backtrace looks this:
Stack range sanity check OK, backtrace follows:
0x8237963 handle_segfault + 443
0xffffe410 _end + -143280608
0xb7cd3641 _end + -1354561455
0xb7f0bc87 _end + -1352233321
0xb7f0bcc4 _end + -1352233260
0xb7f0bce7 _end + -1352233225
0xb7f0bba5 _end + -1352233547
0x8417d0b SerialLog::~SerialLog() + 635
0x83bde5b Database::~Database() + 787
0x83bb8ed Connection::shutdownDatabase() + 89
0x8393246 StorageDatabase::close() + 34
0x8393f61 StorageHandler::shutdownHandler() + 45
0x8386a02 StorageInterface::panic(handlerton*, ha_panic_function) + 18
0x82eb68c ha_finalize_handlerton(st_plugin_int*) + 84
0x8377afa plugin_deinitialize(st_plugin_int*, bool) + 110
0x8377bba reap_plugins() + 138
0x837657f plugin_shutdown() + 763
0x823948c clean_up(bool) + 208
0x823938c kill_server(void*) + 192
0x823740d kill_server_thread + 21
0xb7e6331b _end + -1352923861
0xb7d7757e _end + -1353889906

How to repeat:
Start server.

Load dbt2 data (w 10) into falcon.

Shutdown server.
[6 Aug 2007 11:08] Christoffer Hall 
Easiest way to recreate:

****************************************
create database dbt2;
use dbt2;

create table test (test int) engine = falcon;
load data infile '/tmp/test.data' into table test;
****************************************

Data in /tmp/test.data is created like:

*****************************************
#!/usr/bin/python

import sys

count = int(sys.argv[1])

for i in range(count):

    print i

*****************************************

If I generate 85000 entries and load then no crash. If I load 90000 then crash. The input data file size are 488K and 517K. The size of the file may indicate that it is when a sencond section is needed, that the error occurs. But there is naturally a difference between the falcon encoded size and the text size. So it may be coincidence.
[13 Aug 2007 14:26] Christoffer Hall 
Patch to fix bug.

Attachment: corruptionfix.patch (text/x-patch), 660 bytes.
[14 Aug 2007 8:49] Christoffer Hall 
Code pushed.
[29 Aug 2007 11:27] MC Brown 
A note has been added to the 6.0.1 changelog: 

When loading large datasets into a Falcon table mysqld could crash.