Bug #38375 | Falcon crash in Record::isNull | ||
---|---|---|---|
Submitted: | 25 Jul 2008 14:28 | Modified: | 26 May 2010 17:46 |
Reporter: | Alexey Stroganov | Email Updates: | |
Status: | Unsupported | Impact on me: | |
Category: | MySQL Server: Falcon storage engine | Severity: | S1 (Critical) |
Version: | 6.0.6-alpha,6.0.8-falcon-team,6.0.11-falcon-team | OS: | Any |
Assigned to: | Christopher Powers | CPU Architecture: | Any |
Tags: | F_CHILL THAW |
[25 Jul 2008 14:28]
Alexey Stroganov
[31 Jul 2008 13:55]
Vladislav Vaintroub
corrected version of simulator program
Attachment: sysbench_limit.py (text/plain), 1.32 KiB.
[22 Sep 2008 23:00]
Bugs System
No feedback was provided for this bug for over a month, so it is being suspended automatically. If you are able to provide the information that was originally requested, please do so and change the status of the bug back to "Open".
[26 Sep 2008 4:43]
Hakan Küçükyılmaz
Ranger, can you still reproduce this bug?
[23 Oct 2008 4:15]
Alexey Stroganov
Got the crash with similar backtrace while testing the recent falcon tree with sysbench: Using host libthread_db library "/lib64/libthread_db.so.1". Core was generated by `/data0/ranger/mysql-6.0.8-alpha-pb130-linux-x86_64/bin/mysqld --no-defaults --p'. Program terminated with signal 11, Segmentation fault. #0 0x00002ab3ca7574c5 in pthread_kill () from /lib64/libpthread.so.0 #0 0x00002ab3ca7574c5 in pthread_kill () from /lib64/libpthread.so.0 #1 0x000000000068524e in handle_segfault (sig=11) at mysqld.cc:2671 #2 <signal handler called> #3 Record::isNull (this=0x2aaaf48dd6e8, fieldId=-192030893) at EncodedDataStream.h:350 #4 0x00000000008a1f13 in StorageTable::compareKey (this=0x2aaae5343960, key=<value optimized out>, keyLength=<value optimized out>) at StorageTable.cpp:432 #5 0x000000000089551b in StorageInterface::index_next_same (this=0x2aaae5029088, buf=0x2aaae5029468 "\001", key=0x2aaae4f50038 "\002", key_len=2) at ha_falcon.cpp:1715 #6 0x0000000000700a7f in join_read_next_same (info=<value optimized out>) at sql_select.cc:14476 #7 0x00000000006f2dfc in sub_select (join=0x2aaae5244698, join_tab=0x2aaae4f4fd98, end_of_records=<value optimized out>) at sql_select.cc:13726 #8 0x00000000006f33b4 in do_select (join=0x2aaae5244698, fields=0x2aaae4f3f210, table=0x0, procedure=0x0) at sql_select.cc:13455 #9 0x000000000070ac55 in JOIN::exec (this=0x2aaae5244698) at sql_select.cc:2829 #10 0x000000000070c840 in mysql_select (thd=0x1e8e070, rref_pointer_array=0x2aaae4f3f2f0, tables=0x2aaae4f3fdc8, wild_num=0, fields=@0x2aaae4f3f210, conds=0x2aaae4f40a70, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2416200192, result=0x2aaae4f40be8, unit=0x2aaae4f3eca8, select_lex=0x2aaae4f3f108) at sql_select.cc:3019 #11 0x000000000070d219 in handle_select (thd=0x1e8e070, lex=0x2aaae4f3ec08, result=0x2aaae4f40be8, setup_tables_done_option=0) at sql_select.cc:301 #12 0x0000000000690c99 in execute_sqlcom_select (thd=0x1e8e070, all_tables=0x2aaae4f3fdc8) at sql_parse.cc:4644 #13 0x0000000000695ead in mysql_execute_command (thd=0x1e8e070) at sql_parse.cc:2064 #14 0x0000000000717ff8 in Prepared_statement::execute (this=0x2aaae4f37490, expanded_query=<value optimized out>, open_cursor=false) at sql_prepare.cc:3577 #15 0x000000000071a440 in Prepared_statement::execute_loop (this=0x2aaae4f37490, expanded_query=0x40bef3d0, open_cursor=false, packet=<value optimized out>, packet_end=<value optimized out>) at sql_prepare.cc:3244 #16 0x000000000071a7dd in mysql_stmt_execute (thd=0x1e8e070, packet_arg=0x1e90a61 "4", packet_length=17) at sql_prepare.cc:2465 #17 0x000000000069a59d in dispatch_command (command=COM_STMT_EXECUTE, thd=0x1e8e070, packet=0x1e90a61 "4", packet_length=17) at sql_parse.cc:960 #18 0x000000000069aa86 in do_command (thd=0x1e8e070) at sql_parse.cc:689 #19 0x000000000068def4 in handle_one_connection (arg=0x1e8e070) at sql_connect.cc:1156 #20 0x00002ab3ca753193 in start_thread () from /lib64/libpthread.so.0 #21 0x00002ab3cad8645d in clone () from /lib64/libc.so.6 #22 0x0000000000000000 in ?? ()
[12 Mar 2009 9:52]
Alexey Stroganov
The issue is still here(6.0.11pre falcon-team tree): (gdb) bt #0 0x00002ae2364514c5 in pthread_kill () from /lib64/libpthread.so.0 #1 0x000000000069175e in handle_segfault (sig=11) at mysqld.cc:2690 #2 <signal handler called> #3 Record::isNull (this=0x2aaaed757710, fieldId=-308591173) at EncodedDataStream.h:350 #4 0x00000000008c5157 in StorageTable::compareKey (this=0x2aaaeae5a240, key=<value optimized out>, keyLength=<value optimized out>) at StorageTable.cpp:459 #5 0x00000000008b77ab in StorageInterface::index_next_same (this=0x2aaaea7303f8, buf=0x2aaaea7307d8 "\001", key=0x1d46dc8 "#", key_len=2) at ha_falcon.cpp:1910 #6 0x0000000000717d2f in join_read_next_same (info=<value optimized out>) at sql_select.cc:16957 #7 0x00000000007027c7 in sub_select (join=0x2aaaea0c7638, join_tab=0x1d46b28, end_of_records=<value optimized out>) at sql_select.cc:16245 #8 0x000000000070ee93 in do_select (join=0x2aaaea0c7638, fields=0x1d94f48, table=0x0, procedure=0x0) at sql_select.cc:15786 #9 0x000000000072331d in JOIN::exec (this=0x2aaaea0c7638) at sql_select.cc:2881 #10 0x0000000000724c3b in mysql_select (thd=0x2aaaea417770, rref_pointer_array=0x1d95028, tables=0x1d95b48, wild_num=0, fields=@0x1d94f48, conds=0x2aaaea508f28, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2417248768, result=0x1d96800, unit=0x1d949d8, select_lex=0x1d94e40) at sql_select.cc:3062 #11 0x000000000072563f in handle_select (thd=0x2aaaea417770, lex=0x1d94938, result=0x1d96800, setup_tables_done_option=0) at sql_select.cc:314 #12 0x000000000069d559 in execute_sqlcom_select (thd=0x2aaaea417770, all_tables=0x1d95b48) at sql_parse.cc:4768 #13 0x00000000006a350c in mysql_execute_command (thd=0x2aaaea417770) at sql_parse.cc:2069 #14 0x0000000000731157 in Prepared_statement::execute (this=0x1d81aa0, expanded_query=<value optimized out>, open_cursor=false) at sql_prepare.cc:3764 #15 0x00000000007339af in Prepared_statement::execute_loop (this=0x1d81aa0, expanded_query=0x407283b0, open_cursor=false, packet=<value optimized out>, packet_end=<value optimized out>) at sql_prepare.cc:3394 #16 0x0000000000733fab in mysql_stmt_execute (thd=0x2aaaea417770, packet_arg=0x2aaaea41ab71 "", packet_length=17) at sql_prepare.cc:2542 #17 0x00000000006a7770 in dispatch_command (command=COM_STMT_EXECUTE, thd=0x2aaaea417770, packet=0x2aaaea41ab71 "", packet_length=17) at sql_parse.cc:963 #18 0x00000000006a7de2 in do_command (thd=0x2aaaea417770) at sql_parse.cc:691 #19 0x000000000069a9b4 in handle_one_connection (arg=0x2aaaea417770) at sql_connect.cc:1146 #20 0x00002ae23644d193 in start_thread () from /lib64/libpthread.so.0 #21 0x00002ae236a8045d in clone () from /lib64/libc.so.6 #22 0x0000000000000000 in ?? ()
[13 Mar 2009 11:29]
Alexey Stroganov
One need to use following test-case to get the latest observed crash. prepare ------- mysql -uroot -e'drop database if exists phptest; create database phptest' sysbench \ --test=/tmp/phptest.lua \ --oltp-table-size=1000000 \ --oltp-table-name=phptest \ --rand-type=uniform \ --mysql-user=root \ --mysql-table-engine=falcon \ --mysql-db=phptest \ prepare run --- sysbench \ --oltp-table-size=1000000 \ --oltp-table-name=phptest \ --rand-type=uniform \ --mysql-user=root \ --mysql-socket=/tmp/mysql.sock \ --mysql-table-engine=falcon \ --mysql-db=phptest \ --trx-mode=0 \ --subtest=READ_KEY_POINT_NO_DATA \ --test=/tmp/phptest.lua \ --max-requests=0 \ --max-time=300 \ --num-threads=128 \ run
[13 Mar 2009 13:41]
Vladislav Vaintroub
Could not reproduce the same crash on Windows. Instead got [Falcon] Error: assertion (vector[index] < size) failed at line 679 in file .\Record.cpp with the callstack. 000000013FC24EC5 mysqld.exe!Error::debugBreak()[error.cpp:94] 000000013FC24FC8 mysqld.exe!Error::error()[error.cpp:73] 000000013FC25006 mysqld.exe!Error::assertionFailed()[error.cpp:78] 000000013FC488F9 mysqld.exe!Record::getEncodedValue()[record.cpp:679] 000000013FC499E5 mysqld.exe!Record::getValue()[record.cpp:335] 000000013FC24801 mysqld.exe!StorageTable::compareKey()[storagetable.cpp:467] 000000013FC18C66 mysqld.exe!StorageInterface::index_next_same()[ha_falcon.cpp:1912] 000000013F9E8FEF mysqld.exe!join_read_next_same()[sql_select.cc:16959] 000000013FA08554 mysqld.exe!sub_select()[sql_select.cc:16245] 000000013FA09779 mysqld.exe!do_select()[sql_select.cc:15786] 000000013FA0F122 mysqld.exe!JOIN::exec()[sql_select.cc:2882] 000000013FA127C1 mysqld.exe!mysql_select()[sql_select.cc:3064] 000000013FA12D26 mysqld.exe!handle_select()[sql_select.cc:314] 000000013F9BFDD3 mysqld.exe!execute_sqlcom_select()[sql_parse.cc:4768] 000000013F9C281A mysqld.exe!mysql_execute_command()[sql_parse.cc:2069] 000000013F9DC78B mysqld.exe!Prepared_statement::execute()[sql_prepare.cc:3764] ...
[13 Mar 2009 22:37]
Kevin Lewis
It looks like this call stack shows a code path in which a pending but chilled record is accessed without making a call to Record::hasRecord().
[20 Mar 2009 16:16]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/commits/69934 3069 Christopher Powers 2009-03-20 Bug #42131, "falcon_backlog test crashes in Record::getEncodedValue" Bug #38375, "Falcon crash in Record::isNull" For sequential operations such as index and table scans, StorageTable caches the current record in StorageTable::record. In rare cases, it is possible that StorageTable::record may have been chilled. This is a problem if an attempt is made to examine the contents of the record. Calls from the server directly into the storage interface, such as StorageInterface::rnd_next, bypass the internal checks in Falcon that ensure a record is thawed before examining it.To avoid crashes in this circumstance, StorageTable::compareKey() now thaws StorageTable::record if necessary before examining it. Note that it is not necessary to always thaw StorageTable::record, e.g. in StorageTable::setRecord(), because the contents of the record is not always examined as it is in compareKey(). modified: storage/falcon/StorageTable.cpp
[28 Mar 2009 18:09]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/commits/70771 3085 Christopher Powers 2009-03-28 Bug #42131, "falcon_backlog test crashes in Record::getEncodedValue" Bug #38375, "Falcon crash in Record::isNull" For sequential operations such as index and table scans, StorageTable caches the current record in StorageTable::record. In rare cases, it is possible that StorageTable::record may have been chilled. This is a problem if an attempt is made to examine the contents of the record. Calls from the server directly into the storage interface, such as StorageInterface::rnd_next, bypass the internal checks in Falcon that ensure a record is thawed before examining it.To avoid crashes in this circumstance, StorageTable::compareKey() now thaws StorageTable::record if necessary before examining it. Note that it is not necessary to always thaw StorageTable::record, for example in StorageTable::setRecord(), because the contents of the record is not always examined as it is in compareKey(). If a thaw is necessary, and if the thaw fails, then compareKey() throws an INTERNAL_ERROR exception. modified: storage/falcon/StorageTable.cpp storage/falcon/StorageTableShare.h
[2 Apr 2009 17:38]
Bugs System
Pushed into 6.0.11-alpha (revid:hky@sun.com-20090402144811-yc5kp8g0rjnhz7vy) (version source revid:christopher.powers@sun.com-20090328181017-hadhr0dt1a389301) (merge vers: 6.0.11-alpha) (pib:6)