Bug #39296 LOAD DATA LOCAL INFILE leads to crash in Bdb::mark()
Submitted: 7 Sep 2008 20:04 Modified: 9 Jan 2009 14:13
Reporter: Hakan Küçükyılmaz Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Falcon storage engine Severity:S1 (Critical)
Version:6.0-falcon-team bzr OS:Any
Assigned to: Kelly Long CPU Architecture:Any
Tags: falcon, LOAD DATA INFILE
Triage: Triaged: D1 (Critical)

[7 Sep 2008 20:04] Hakan Küçükyılmaz
Description:
Running a LOAD DATA INFILE ends in a crash in Bdb::mark(). I tried with latest mysql-6.0-falcon-team from bzr and compiled with:

    BUILD/compile-amd64-debug-max-no-ndb
and
    BUILD/compile-amd64-max-no-ndb

How to repeat:
Generate 100 million rows:
#!/usr/bin/perl

use strict;

my $i;
my $maxi = 100000000;

for ($i = 0; $i < $maxi ; $i++) {
        print "$i,xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxx\n";
}

This generate around 11GB of data.

CREATE TABLE bug (
  id int(11) NOT NULL,
  val text NOT NULL,
  UNIQUE KEY bug_id (id)
) ENGINE=Falcon;

load data local infile '/home/hakan/100_mio_rows.txt' into table bug fields terminated by ',';

When falcon_user.fts gets around 3.8GB we see a crash:

sql/mysqld(my_print_stacktrace+0x35)[0xac6475]
sql/mysqld(handle_segfault+0x336)[0x674596]
/lib/libpthread.so.0[0x7fd2c8589a90]
sql/mysqld(Bdb::mark(unsigned int)+0x71)[0x92bec1]
sql/mysqld(Cache::fakePage(Dbb*, int, PageType, unsigned int)+0x6e)[0x88d45e]
sql/mysqld(Dbb::allocPage(PageType, unsigned int)+0x11)[0x8a5be1]
sql/mysqld(Section::storeRecord(RecordLocatorPage*, int, RecordIndex*, Stream*, unsigned int, bool)+0x11c)[0x8f06dc]
sql/mysqld(Section::updateRecord(int, Stream*, unsigned int, bool)+0x1a4)[0x8f17f4]
sql/mysqld(Dbb::updateBlob(Section*, int, Stream*, Transaction*)+0xcd)[0x8a8f0d]
sql/mysqld(Table::storeBlob(Transaction*, unsigned int, unsigned char const*)+0x89)[0x868f99]
sql/mysqld(StorageInterface::encodeRecord(unsigned char*, bool)+0x736)[0x8545a6]
sql/mysqld(StorageInterface::write_row(unsigned char*)+0x5b)[0x856c5b]
sql/mysqld(handler::ha_write_row(unsigned char*)+0x80)[0x768030]
sql/mysqld(write_record(THD*, st_table*, st_copy_info*)+0x5d)[0x6f4a4d]
sql/mysqld(mysql_load(THD*, sql_exchange*, TABLE_LIST*, List<Item>&, List<Item>&, List<Item>&, enum_duplicates, bool, bool)+0x18d7)[0x788d37]
sql/mysqld(mysql_execute_command(THD*)+0x33e7)[0x687037]
sql/mysqld(mysql_parse(THD*, char const*, unsigned int, char const**)+0x3af)[0x689acf]
sql/mysqld(dispatch_command(enum_server_command, THD*, char*, unsigned int)+0xbbb)[0x68a69b]
sql/mysqld(handle_one_connection+0x1dd)[0x67d8ad]
/lib/libpthread.so.0[0x7fd2c8581fc7]
/lib/libc.so.6(clone+0x6d)[0x7fd2c70dd7cd]
[7 Sep 2008 20:41] Hakan Küçükyılmaz
Crash is at

void Bdb::mark(TransId transId)
{
	ASSERT(useCount > 0);
	ASSERT(lockType == Exclusive);
	ASSERT(!dbb->isReadOnly);

dbb is null
[9 Sep 2008 21:38] Kelly Long
Using hashTable array value without acquiring hashTableLock first in Cache.cpp code.
[9 Sep 2008 22:41] Kevin Lewis
Kelly committed and pushed this change;
revno: 2812
revision-id: klong@mysql.com-20080909205757-4muonehvc87iajya
parent: vvaintroub@mysql.com-20080906051438-pw74r0tusp0oyimy
committer: Kelly Long <klong@mysql.com>
branch nick: mysql-6.0-falcon-team-bug39296
timestamp: Tue 2008-09-09 14:57:57 -0600
message:
  Fix bug 39296.
  some code cleanup:
     don't do explicit unlock if just before return().
     fix white space - indenting
  Moved some code that was duplicated to be inside getFreeBuffer().  One copy.
[9 Sep 2008 22:43] Kevin Lewis
bzr diff -p1 -r2811..2812

Attachment: 39296.patch.txt (text/plain), 5.37 KiB.

[9 Sep 2008 22:44] Kevin Lewis
The code changes look good to me.
[9 Jan 2009 14:13] MC Brown
A note has been added to the 6.0.7 changelog: 

Running LOAD DATA INFILE on a large source data into a Falcon table with millions of rows, a crash could occur.