MySQL Bugs: #43941: SIGFPE in IndexRootPage::deleteIndex during 'drop database'

Bug #43941	SIGFPE in IndexRootPage::deleteIndex during 'drop database'
Submitted:	29 Mar 2009 18:47	Modified:	31 Mar 2009 8:10
Reporter:	Mark Callaghan	Email Updates:
Status:	Can't repeat	Impact on me:	None
Category:	MySQL Server: Falcon storage engine	Severity:	S2 (Serious)
Version:	6.0.10	OS:	Any
Assigned to:		CPU Architecture:	Any

Description:
The server crashes with signal 8 (SIGFPE) from this thread

/export/hda3/my6010bzr/libexec/mysqld(IndexRootPage::deleteIndex(Dbb*, int, unsigned int)+0x32) [0x6fb0a2]
/export/hda3/my6010bzr/libexec/mysqld(SRLDeleteIndex::commit()+0x99) [0x7289d9]
/export/hda3/my6010bzr/libexec/mysqld(SerialLogTransaction::commit()+0x131) [0x73f731]
/export/hda3/my6010bzr/libexec/mysqld(Gopher::gopherThread()+0x168) [0x75e6a8]
/export/hda3/my6010bzr/libexec/mysqld(Thread::thread()+0x43) [0x6be703]
/export/hda3/my6010bzr/libexec/mysqld(Thread::thread(void*)+0x11) [0x6be881]

And then on restart a different crash occurs

/export/hda3/my6010bzr/libexec/mysqld(IndexRootPage::setIndexRoot(Dbb*, int, int, unsigned int)+0x3b) [0x6fabdb]
/export/hda3/my6010bzr/libexec/mysqld(SerialLog::recover()+0x60c) [0x73994c]
/export/hda3/my6010bzr/libexec/mysqld(Database::openDatabase(char const*)+0x16b) [0x6ddf6b]
/export/hda3/my6010bzr/libexec/mysqld(Connection::getDatabase(char const*, char const*, Threads*)+0xe3) [0x6d4343]
/export/hda3/my6010bzr/libexec/mysqld(Connection::openDatabase(char const*, char const*, char const*, char const*, char const*, Threads*)+0xa4) [0x6d5c34]
/export/hda3/my6010bzr/libexec/mysqld(StorageDatabase::getOpenConnection()+0x77) [0x6a5e47]
/export/hda3/my6010bzr/libexec/mysqld(StorageHandler::initialize()+0x96) [0x6a7f66]
/export/hda3/my6010bzr/libexec/mysqld(StorageInterface::falcon_init(void*)+0x149) [0x69ad49]
/export/hda3/my6010bzr/libexec/mysqld(ha_initialize_handlerton(st_plugin_int*)+0x46) [0x5b1ef6]
/export/hda3/my6010bzr/libexec/mysqld [0x631932]
/export/hda3/my6010bzr/libexec/mysqld(plugin_init(int*, char**, int)+0x6dc) [0x633d6c]
/export/hda3/my6010bzr/libexec/mysqld [0x4bb39d]
/export/hda3/my6010bzr/libexec/mysqld(main+0x18d) [0x4bbd3d]

How to repeat:
Load database with 2 tables; A, B
each table has 2M rows, 2 columns and a primary key on one of the columns
contents of each table is (1,1), ... (2M, 2M)

restart mysql
run 'drop database'

All thread stacks from the first crash:

Thread 24 (process 12847):
#0  0x00002b7f33a86ab6 in select () from /usr/grte/v1/lib64/libc.so.6
#1  0x00000000004b75f0 in handle_connections_sockets () at mysqld.cc:5248
#2  0x00000000004bc05e in main (argc=<value optimized out>, argv=<value optimized out>) at mysqld.cc:4756

Thread 23 (process 12850):
#0  0x00002b7f329bccfa in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/grte/v1/lib64/libpthread.so.0
#1  0x000000000074df7b in Synchronize::sleep (this=0x21569d60) at Synchronize.cpp:123
#2  0x0000000000757ac9 in Cache::ioThread (this=0x213942c0) at Cache.cpp:972
#3  0x00000000006be703 in Thread::thread (this=0x21569d60) at Thread.cpp:166
#4  0x00000000006be881 in Thread::thread (parameter=0x21569d7c) at Thread.cpp:145
#5  0x00002b7f329ba0ca in start_thread () from /usr/grte/v1/lib64/libpthread.so.0
#6  0x00002b7f33a8d4a2 in clone () from /usr/grte/v1/lib64/libc.so.6
#7  0x0000000000000000 in ?? ()

Thread 22 (process 12851):
#0  0x00002b7f329bccfa in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/grte/v1/lib64/libpthread.so.0
#1  0x000000000074df7b in Synchronize::sleep (this=0x21569e98) at Synchronize.cpp:123
#2  0x0000000000757ac9 in Cache::ioThread (this=0x213942c0) at Cache.cpp:972
#3  0x00000000006be703 in Thread::thread (this=0x21569e98) at Thread.cpp:166
#4  0x00000000006be881 in Thread::thread (parameter=0x21569eb4) at Thread.cpp:145
#5  0x00002b7f329ba0ca in start_thread () from /usr/grte/v1/lib64/libpthread.so.0
#6  0x00002b7f33a8d4a2 in clone () from /usr/grte/v1/lib64/libc.so.6
#7  0x0000000000000000 in ?? ()

Thread 21 (process 12852):
#0  0x00002b7f329bceef in pthread_cond_timedwait@@GLIBC_2.3.2 () from /usr/grte/v1/lib64/libpthread.so.0
#1  0x000000000074de28 in Synchronize::sleep (this=0x2156d5c0, milliseconds=<value optimized out>, callersMutex=0x0) at Synchronize.cpp:183
#2  0x00000000006da0f8 in Database::ticker (this=0x21369ba8) at Database.cpp:1923
#3  0x00000000006be703 in Thread::thread (this=0x2156d5c0) at Thread.cpp:166
#4  0x00000000006be881 in Thread::thread (parameter=0x2156d5dc) at Thread.cpp:145
#5  0x00002b7f329ba0ca in start_thread () from /usr/grte/v1/lib64/libpthread.so.0
#6  0x00002b7f33a8d4a2 in clone () from /usr/grte/v1/lib64/libc.so.6
#7  0x0000000000000000 in ?? ()

Thread 20 (process 12853):
#0  0x00002b7f329bccfa in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/grte/v1/lib64/libpthread.so.0
#1  0x000000000074df7b in Synchronize::sleep (this=0x215732a8) at Synchronize.cpp:123
#2  0x00000000006d944a in Database::cardinalityThreadMain (this=0x21369ba8) at Database.cpp:2449
#3  0x00000000006be703 in Thread::thread (this=0x215732a8) at Thread.cpp:166
#4  0x00000000006be881 in Thread::thread (parameter=0x215732c4) at Thread.cpp:145
#5  0x00002b7f329ba0ca in start_thread () from /usr/grte/v1/lib64/libpthread.so.0
#6  0x00002b7f33a8d4a2 in clone () from /usr/grte/v1/lib64/libc.so.6
#7  0x0000000000000000 in ?? ()

Thread 19 (process 12854):
#0  0x00002b7f329bccfa in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/grte/v1/lib64/libpthread.so.0
#1  0x000000000074df7b in Synchronize::sleep (this=0x215733e0) at Synchronize.cpp:123
#2  0x00000000006da710 in Database::scavengerThreadMain (this=0x21369ba8) at Database.cpp:1950
#3  0x00000000006be703 in Thread::thread (this=0x215733e0) at Thread.cpp:166
#4  0x00000000006be881 in Thread::thread (parameter=0x215733fc) at Thread.cpp:145
#5  0x00002b7f329ba0ca in start_thread () from /usr/grte/v1/lib64/libpthread.so.0
#6  0x00002b7f33a8d4a2 in clone () from /usr/grte/v1/lib64/libc.so.6
#7  0x0000000000000000 in ?? ()

Thread 18 (process 12855):
#0  0x00002b7f329bccfa in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/grte/v1/lib64/libpthread.so.0
#1  0x000000000074df7b in Synchronize::sleep (this=0x21573518) at Synchronize.cpp:123
#2  0x0000000000710754 in PageWriter::writer (this=0x2aaad2eb2b68) at PageWriter.cpp:171
#3  0x00000000006be703 in Thread::thread (this=0x21573518) at Thread.cpp:166
#4  0x00000000006be881 in Thread::thread (parameter=0x21573534) at Thread.cpp:145
#5  0x00002b7f329ba0ca in start_thread () from /usr/grte/v1/lib64/libpthread.so.0
#6  0x00002b7f33a8d4a2 in clone () from /usr/grte/v1/lib64/libc.so.6
#7  0x0000000000000000 in ?? ()

Thread 17 (process 12859):
#0  0x00002b7f329bccfa in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/grte/v1/lib64/libpthread.so.0
#1  0x000000000074df7b in Synchronize::sleep (this=0x21577998) at Synchronize.cpp:123
#2  0x000000000075e603 in Gopher::gopherThread (this=0x2156a7e8) at Gopher.cpp:58
#3  0x00000000006be703 in Thread::thread (this=0x21577998) at Thread.cpp:166
#4  0x00000000006be881 in Thread::thread (parameter=0x215779b4) at Thread.cpp:145
#5  0x00002b7f329ba0ca in start_thread () from /usr/grte/v1/lib64/libpthread.so.0
#6  0x00002b7f33a8d4a2 in clone () from /usr/grte/v1/lib64/libc.so.6
#7  0x0000000000000000 in ?? ()

Thread 16 (process 12860):
#0  0x00002b7f329bccfa in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/grte/v1/lib64/libpthread.so.0
#1  0x000000000074df7b in Synchronize::sleep (this=0x21577ad0) at Synchronize.cpp:123
#2  0x000000000075e603 in Gopher::gopherThread (this=0x2156a7b0) at Gopher.cpp:58
#3  0x00000000006be703 in Thread::thread (this=0x21577ad0) at Thread.cpp:166
#4  0x00000000006be881 in Thread::thread (parameter=0x21577aec) at Thread.cpp:145
#5  0x00002b7f329ba0ca in start_thread () from /usr/grte/v1/lib64/libpthread.so.0
#6  0x00002b7f33a8d4a2 in clone () from /usr/grte/v1/lib64/libc.so.6
#7  0x0000000000000000 in ?? ()

Thread 15 (process 12861):
#0  0x00002b7f329bccfa in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/grte/v1/lib64/libpthread.so.0
#1  0x000000000074df7b in Synchronize::sleep (this=0x21577c08) at Synchronize.cpp:123
#2  0x000000000075e603 in Gopher::gopherThread (this=0x2156a778) at Gopher.cpp:58
#3  0x00000000006be703 in Thread::thread (this=0x21577c08) at Thread.cpp:166
#4  0x00000000006be881 in Thread::thread (parameter=0x21577c24) at Thread.cpp:145
#5  0x00002b7f329ba0ca in start_thread () from /usr/grte/v1/lib64/libpthread.so.0
#6  0x00002b7f33a8d4a2 in clone () from /usr/grte/v1/lib64/libc.so.6
#7  0x0000000000000000 in ?? ()

all thread stacks from the first crash part 2

All thread stacks from the first crash:

Thread 14 (process 12862):
#0  0x00002b7f329bccfa in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/grte/v1/lib64/libpthread.so.0
#1  0x000000000074df7b in Synchronize::sleep (this=0x21577d40) at Synchronize.cpp:123
#2  0x000000000075e603 in Gopher::gopherThread (this=0x21569668) at Gopher.cpp:58
#3  0x00000000006be703 in Thread::thread (this=0x21577d40) at Thread.cpp:166
#4  0x00000000006be881 in Thread::thread (parameter=0x21577d5c) at Thread.cpp:145
#5  0x00002b7f329ba0ca in start_thread () from /usr/grte/v1/lib64/libpthread.so.0
#6  0x00002b7f33a8d4a2 in clone () from /usr/grte/v1/lib64/libc.so.6
#7  0x0000000000000000 in ?? ()

Thread 13 (process 12863):
#0  0x00002b7f329bceef in pthread_cond_timedwait@@GLIBC_2.3.2 () from /usr/grte/v1/lib64/libpthread.so.0
#1  0x000000000074de28 in Synchronize::sleep (this=0x2158a990, milliseconds=<value optimized out>, callersMutex=0x0) at Synchronize.cpp:183
#2  0x000000000072e401 in Scheduler::schedule (this=0x21572698) at Scheduler.cpp:150
#3  0x00000000006be703 in Thread::thread (this=0x2158a990) at Thread.cpp:166
#4  0x00000000006be881 in Thread::thread (parameter=0x2158a9ac) at Thread.cpp:145
#5  0x00002b7f329ba0ca in start_thread () from /usr/grte/v1/lib64/libpthread.so.0
#6  0x00002b7f33a8d4a2 in clone () from /usr/grte/v1/lib64/libc.so.6
#7  0x0000000000000000 in ?? ()

Thread 12 (process 12864):
#0  0x00002b7f329bccfa in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/grte/v1/lib64/libpthread.so.0
#1  0x000000000074df7b in Synchronize::sleep (this=0x2158b098) at Synchronize.cpp:123
#2  0x000000000072e410 in Scheduler::schedule (this=0x215725b8) at Scheduler.cpp:152
#3  0x00000000006be703 in Thread::thread (this=0x2158b098) at Thread.cpp:166
#4  0x00000000006be881 in Thread::thread (parameter=0x2158b0b4) at Thread.cpp:145
#5  0x00002b7f329ba0ca in start_thread () from /usr/grte/v1/lib64/libpthread.so.0
#6  0x00002b7f33a8d4a2 in clone () from /usr/grte/v1/lib64/libc.so.6
#7  0x0000000000000000 in ?? ()

Thread 2 (process 12889):
#0  0x00002b7f329bceef in pthread_cond_timedwait@@GLIBC_2.3.2 () from /usr/grte/v1/lib64/libpthread.so.0
#1  0x000000000074de28 in Synchronize::sleep (this=0x215908a8, milliseconds=<value optimized out>, callersMutex=0x2aaad2eafe38) at Synchronize.cpp:183
#2  0x00000000006b0aa4 in SyncObject::wait (this=0x2aaad2eafe28, type=<value optimized out>, thread=0x215908a8, sync=0xffffffffffffffff, timeout=0)
    at SyncObject.cpp:662
#3  0x00000000006afa99 in Sync::lock (this=0x4b092f00, type=Exclusive) at Sync.cpp:58
#4  0x0000000000728b8e in SRLDeleteIndex::append (this=0x2aaad2eb2818, dbb=0x214a5828, transId=8, id=1, idxVersion=1) at SRLDeleteIndex.cpp:48
#5  0x00000000006b39cb in Table::drop (this=0x214ce4a8, transaction=<value optimized out>) at Table.cpp:1650
#6  0x00000000006db390 in Database::dropTable (this=0x21369ba8, table=0x214ce4a8, transaction=0x0) at Database.cpp:1471
#7  0x000000000074c940 in Nfs::Statement::executeDDL (this=0x2156a8c0) at Statement.cpp:837
#8  0x000000000074cbc8 in Nfs::Statement::execute (this=0x2156a8c0, sqlString=0x4b093330 "drop table TEST.\"T2\"", isQuery=false) at Statement.cpp:2725
#9  0x00000000006a5178 in StorageDatabase::deleteTable (this=<value optimized out>, storageConnection=0x215932e8, tableShare=<value optimized out>)
    at StorageDatabase.cpp:529
#10 0x00000000006ac730 in StorageTableShare::deleteTable (this=0x215906a8, storageConnection=0x215908f0) at StorageTableShare.cpp:251
#11 0x00000000006aa5b9 in StorageTable::deleteTable (this=0x214c8a90) at StorageTable.cpp:88
#12 0x0000000000698437 in StorageInterface::delete_table (this=0x2aaae9ebf340, tableName=0x4b094870 "./test/T2") at ha_falcon.cpp:1068
#13 0x00000000005b4773 in ha_delete_table (thd=0x2aaae9e48000, table_type=<value optimized out>, path=0x4b094870 "./test/T2", db=0x2aaae9ebebb0 "test", 
    alias=0x2aaae9ebebb5 "T2", generate_warning=false) at handler.cc:1929
#14 0x00000000005c48d3 in mysql_rm_table_part2 (thd=0x2aaae9e48000, tables=0x2aaae9ebe4b8, if_exists=true, drop_temporary=false, drop_view=true, 
    dont_log_query=true) at sql_table.cc:1763
#15 0x00000000005be2a0 in mysql_rm_known_files (thd=0x2aaae9e48000, dirp=0x1b2cf60, db=0x2aaae9ebe4b0 "test", org_path=0x4b095000 "./test/", level=0, 
    dropped_tables=0x4b0952e8) at sql_db.cc:1170
#16 0x00000000005bf531 in mysql_rm_db (thd=0x2aaae9e48000, db=0x2aaae9ebe4b0 "test", if_exists=false, silent=false) at sql_db.cc:935
#17 0x00000000004c7067 in mysql_execute_command (thd=0x2aaae9e48000) at sql_parse.cc:3622
#18 0x00000000004cbc52 in mysql_parse (thd=0x2aaae9e48000, inBuf=0x2aaae9ebe418 "drop database test", length=18, found_semicolon=0x4b097160) at sql_parse.cc:5752
#19 0x00000000004ccc48 in dispatch_command (command=COM_QUERY, thd=0x2aaae9e48000, packet=0x2aaae9e8c001 "drop database test", 
    packet_length=<value optimized out>) at sql_parse.cc:1009
#20 0x00000000004bfb9a in handle_one_connection (arg=<value optimized out>) at sql_connect.cc:1146
#21 0x00002b7f329ba0ca in start_thread () from /usr/grte/v1/lib64/libpthread.so.0

Thread 1 (process 12858):
#0  0x00002b7f329bd9a3 in pthread_kill () from /usr/grte/v1/lib64/libpthread.so.0
#1  0x00000000004b96ba in handle_segfault (sig=8) at mysqld.cc:2689
#2  <signal handler called>
#3  0x00000000006fb0a2 in IndexRootPage::deleteIndex (dbb=0x214a5828, indexId=0, transId=3) at IndexRootPage.cpp:668
#4  0x00000000007289d9 in SRLDeleteIndex::commit (this=0x43805dc8) at SRLDeleteIndex.cpp:122
#5  0x000000000073f731 in SerialLogTransaction::commit (this=0x21595978) at SerialLogTransaction.cpp:92
#6  0x000000000075e6a8 in Gopher::gopherThread (this=0x2156a820) at Gopher.cpp:71
#7  0x00000000006be703 in Thread::thread (this=0x21577860) at Thread.cpp:166
#8  0x00000000006be881 in Thread::thread (parameter=0x214a5828) at Thread.cpp:145
#9  0x00002b7f329ba0ca in start_thread () from /usr/grte/v1/lib64/libpthread.so.0
#10 0x00002b7f33a8d4a2 in clone () from /usr/grte/v1/lib64/libc.so.6
#11 0x0000000000000000 in ?? ()

Thank you for the report.

I can not repeat described behavior with current development sources, although bug was repeatable with version 6.0.10 for me. Please wait next release.