Bug #46539 Various crashes on INSERT IGNORE SELECT + SELECT FOR UPDATE
Submitted: 4 Aug 2009 10:49 Modified: 12 Mar 2010 17:37
Reporter: Philip Stoev Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S2 (Serious)
Version:5.1,5.4 OS:Any
Assigned to: Magne Mæhre CPU Architecture:Any
Triage: Triaged: D1 (Critical)

[4 Aug 2009 10:49] Philip Stoev
Description:
The RQG grammar below that includes concurrent INSERT IGNORE SELECT and SELECT FOR UPDATE causes the following two assertions:

Assertion 1:

mysqld: sql_class.h:1149: uint Diagnostics_area::sql_errno() const: Assertion `m_status == DA_ERROR' failed.

# 13:44:39 #6  0x000000315a42bec9 in __assert_fail () from /lib64/libc.so.6
# 13:44:39 #7  0x000000000062faf0 in Diagnostics_area::sql_errno (this=0x34e4b08) at sql_class.h:1149
# 13:44:39 #8  0x0000000000787553 in ha_rollback_trans (thd=0x34e34d8, all=true) at handler.cc:1312
# 13:44:39 #9  0x000000000062b6ff in THD::cleanup (this=0x34e34d8) at sql_class.cc:875
# 13:44:39 #10 0x000000000064253f in unlink_thd (thd=0x34e34d8) at mysqld.cc:1824
# 13:44:39 #11 0x000000000064261e in one_thread_per_connection_end (thd=0x34e34d8, put_in_cache=true) at mysqld.cc:1911
# 13:44:39 #12 0x000000000064b597 in handle_one_connection (arg=0x34e34d8) at sql_connect.cc:1134
# 13:44:39 #13 0x000000315b0073da in start_thread () from /lib64/libpthread.so.0
# 13:44:39 #14 0x000000315a4e627d in clone () from /lib64/libc.so.6

Assertion 2:

mysqld: protocol.cc:485: void Protocol::end_statement(): Assertion `0' failed.

/lib64/libc.so.6(__assert_fail+0xe9) [0x315a42bec9]
/build/bzr/azalea/sql/mysqld(Protocol::end_statement()+0x225) [0x65b951]
/build/bzr/azalea/sql/mysqld(dispatch_command(enum_server_command, THD*, char*, unsigned int)+0x1ba9) [0x686680]
/build/bzr/azalea/sql/mysqld(do_command(THD*)+0x22b) [0x686a61]
/build/bzr/azalea/sql/mysqld(handle_one_connection+0x13d) [0x673b5f]

How to repeat:
Grammar:

query:
        START TRANSACTION |
        SELECT * FROM _table AS X LIMIT 5 FOR UPDATE |
        INSERT IGNORE INTO _table ( _field_no_pk ) SELECT X . `pk` FROM _table AS X LIMIT 5;

RQG Command line :

$ perl runall.pl \
  --basedir=/build/bzr/5.1-bugteam \
  --grammar=conf/protocol_bug.yy \
  --engine=Innodb \
  --mem \
  --mysqld=--innodb-lock-wait-timeout=1

10 threads, time to crash - 10 seconds.
[23 Sep 2009 19:45] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/84421

2883 Magne Mahre	2009-09-23
      Bug #46539 Various crashes on INSERT IGNORE SELECT + SELECT 
                 FOR UPDATE
      
      If there is an active row-modifying transaction running
      when the connection is terminated, the server will
      issue an implicit rollback.  Since this rollback
      shouldn't return a status to the client, the m_status in
      the diagnostics area is set to DA_DISABLED.
      
      Trying to read the sql_errno from the diag.area is only
      permitted when the m_status is set to DA_ERROR, since the
      field otherwise has an undeterminable value.  An assert
      is protecting the field, and caused the crash seen here.
      
      The bug was fixed refraining from reading the sql_errno if
      the diag.area status is set to DA_DISABLED.
      
      A deterministic test case has been difficult to produce,
      and is not available at this time.   The RQG test case
      mentioned in the bug report  triggers the crash
      routinely.
[27 Oct 2009 10:53] Konstantin Osipov
Regression test suite test case (no need for RQG):

--echo #
--echo # Bug#46539 Various crashes on INSERT IGNORE SELECT + SELECT
--echo #           FOR UPDATE
--echo #
--disable_warnings
drop table if exists t1;
--enable_warnings
create table t1 (a int primary key auto_increment,
                 b int, index(b)) engine=innodb;
insert into t1 (b) values (1), (2), (3), (4), (5), (6), (7), (8), (9), (10);
set autocommit=0;
begin;
select * from t1 where b=5 for update;
connect (con1, localhost, root,,);
connection con1;
insert ignore into t1 (b) select a as b from t1;
connection default;
--echo # Cleanup
--echo #
disconnect con1;
commit;
set autocommit=default;
drop table t1;

This crashes in INSERT IGNORE ... SELECT.

The backtrace:
#8  0xb7ecc5ce in __assert_fail () from /lib/tls/i686/cmov/libc.so.6
#9  0x082b9de9 in net_end_statement (thd=0x93f0c50) at protocol.cc:465
#10 0x082e4cf5 in dispatch_command (command=COM_QUERY, thd=0x93f0c50, 
    packet=0x93f2679 "insert ignore into t1 (b) select a as b from t1", 
    packet_length=47) at sql_parse.cc:1614
#11 0x082e511b in do_command (thd=0x93f0c50) at sql_parse.cc:865
#12 0x082d0205 in handle_one_connection (arg=0x93f0c50) at sql_connect.cc:1127
#13 0xb80874ff in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#14 0xb7f8c49e in clone () from /lib/tls/i686/cmov/libc.so.6
[27 Oct 2009 12:54] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/88343

3158 Konstantin Osipov	2009-10-27
      A patch and a test case for 
      Bug#46539 Various crashes on INSERT IGNORE SELECT + SELECT FOR UPDATE.
      
      A transaction was rolled back inside InnoDB due to a deadlock
      or lock wait timeout, and the statement had IGNORE clause,
      the server could crash at the end of the statement or on shutdown.
      
      This was caused by the error handling infrastructure attempt to ignore
      an non-ignorable error.
      
      When a transaction rollback request is raised, switch of 
      current_select->no_error flag, so that the following error
      won't be ignored.
     @ mysql-test/r/innodb_lock_wait_timeout_1.result
        Update results (Bug#46539).
     @ mysql-test/t/innodb_lock_wait_timeout_1.test
        Add a test case for Bug#46539
     @ sql/sql_class.cc
        When a transaction rollback request is raised, switch of 
        current_select->no_error flag, so that the following error
        won't be ignored.
[28 Oct 2009 14:50] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/88487

3163 Konstantin Osipov	2009-10-28
      A patch and a test case for 
      Bug#46539 Various crashes on INSERT IGNORE SELECT + SELECT FOR UPDATE.
      
      If a transaction was rolled back inside InnoDB due to a deadlock
      or lock wait timeout, and the statement had IGNORE clause,
      the server could crash at the end of the statement or on shutdown.
      
      This was caused by the error handling infrastructure's attempt to 
      ignore a non-ignorable error.
      
      When a transaction rollback request is raised, switch off 
      current_select->no_error flag, so that the following error
      won't be ignored.
      
      Instead, we could add !thd->is_fatal_sub_stmt_error to
      my_message_sql(), but since in write_record() we switch
      off no_error, the same approach is used in 
      thd_mark_transaction_to_rollback().
      
      @todo: call thd_mark_transaction_to_rollback() from 
      handler::print_error(), then we can easily make sure
      that the error reported by print_error is not ignored.
     @ mysql-test/r/innodb_lock_wait_timeout_1.result
        Update results (Bug#46539).
     @ mysql-test/t/innodb_lock_wait_timeout_1.test
        Add a test case for Bug#46539
     @ sql/sql_class.cc
        When a transaction rollback request is raised, switch of 
        current_select->no_error flag, so that the following error
        won't be ignored.
[28 Oct 2009 14:54] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/88490

3651 Konstantin Osipov	2009-10-28 [merge]
      Pull Bug#46539 from 5.1-bugteam.
[29 Oct 2009 9:40] Konstantin Osipov
Patch queued into 5.1-bugteam (5.1.41)
[4 Nov 2009 9:24] Bugs System
Pushed into 5.1.41 (revid:joro@sun.com-20091104092152-qz96bzlf2o1japwc) (version source revid:kristofer.pettersson@sun.com-20091103162305-08l4gkeuif2ozsoj) (merge vers: 5.1.41) (pib:13)
[11 Nov 2009 6:48] Bugs System
Pushed into 6.0.14-alpha (revid:alik@sun.com-20091110093407-rw5g8dys2baqkt67) (version source revid:alik@sun.com-20091109080109-7dxapd5y5pxlu08w) (merge vers: 6.0.14-alpha) (pib:13)
[11 Nov 2009 6:56] Bugs System
Pushed into 5.5.0-beta (revid:alik@sun.com-20091109115615-nuohp02h8mdrz8m2) (version source revid:alik@sun.com-20091105092355-jzukkw6wnd7hmgrj) (merge vers: 5.5.0-beta) (pib:13)
[11 Nov 2009 16:06] Paul Dubois
Noted in 5.1.41, 5.5.0, 6.0.14 changelogs.

If a transaction was rolled back inside InnoDB due to a deadlock or
lock wait timeout, and a statement in the transaction had an IGNORE
clause, the server could crash at the end of the statement or on 
shutdown.
[2 Dec 2009 8:07] Bugs System
Pushed into 5.1.42 (revid:joro@sun.com-20091202080033-mndu4sxwx19lz2zs) (version source revid:magne.mahre@sun.com-20091112114333-0ziiuhhc1m2pv7v4) (merge vers: 5.1.41) (pib:13)
[16 Dec 2009 8:41] Bugs System
Pushed into 6.0.14-alpha (revid:alik@sun.com-20091216083311-xorsasf5kopjxshf) (version source revid:alik@sun.com-20091214191830-wznm8245ku8xo702) (merge vers: 6.0.14-alpha) (pib:14)
[16 Dec 2009 8:47] Bugs System
Pushed into 5.5.0-beta (revid:alik@sun.com-20091216082430-s0gtzibcgkv4pqul) (version source revid:alexey.kopytov@sun.com-20091124083136-iqm136jm31sfdwg3) (merge vers: 5.5.0-beta) (pib:14)
[16 Dec 2009 8:54] Bugs System
Pushed into mysql-next-mr (revid:alik@sun.com-20091216083231-rp8ecpnvkkbhtb27) (version source revid:alik@sun.com-20091212203859-fx4rx5uab47wwuzd) (merge vers: 5.6.0-beta) (pib:14)
[18 Dec 2009 10:25] Bugs System
Pushed into 5.1.41-ndb-7.1.0 (revid:jonas@mysql.com-20091218102229-64tk47xonu3dv6r6) (version source revid:jonas@mysql.com-20091218095730-26gwjidfsdw45dto) (merge vers: 5.1.41-ndb-7.1.0) (pib:15)
[18 Dec 2009 10:41] Bugs System
Pushed into 5.1.41-ndb-6.2.19 (revid:jonas@mysql.com-20091218100224-vtzr0fahhsuhjsmt) (version source revid:jonas@mysql.com-20091217101452-qwzyaig50w74xmye) (merge vers: 5.1.41-ndb-6.2.19) (pib:15)
[18 Dec 2009 10:57] Bugs System
Pushed into 5.1.41-ndb-6.3.31 (revid:jonas@mysql.com-20091218100616-75d9tek96o6ob6k0) (version source revid:jonas@mysql.com-20091217154335-290no45qdins5bwo) (merge vers: 5.1.41-ndb-6.3.31) (pib:15)
[18 Dec 2009 11:11] Bugs System
Pushed into 5.1.41-ndb-7.0.11 (revid:jonas@mysql.com-20091218101303-ga32mrnr15jsa606) (version source revid:jonas@mysql.com-20091218064304-ezreonykd9f4kelk) (merge vers: 5.1.41-ndb-7.0.11) (pib:15)
[12 Mar 2010 14:16] Bugs System
Pushed into 5.1.44-ndb-7.0.14 (revid:jonas@mysql.com-20100312135944-t0z8s1da2orvl66x) (version source revid:jonas@mysql.com-20100312115609-woou0te4a6s4ae9y) (merge vers: 5.1.44-ndb-7.0.14) (pib:16)
[12 Mar 2010 14:32] Bugs System
Pushed into 5.1.44-ndb-6.2.19 (revid:jonas@mysql.com-20100312134846-tuqhd9w3tv4xgl3d) (version source revid:jonas@mysql.com-20100312060623-mx6407w2vx76h3by) (merge vers: 5.1.44-ndb-6.2.19) (pib:16)
[12 Mar 2010 14:48] Bugs System
Pushed into 5.1.44-ndb-6.3.33 (revid:jonas@mysql.com-20100312135724-xcw8vw2lu3mijrhn) (version source revid:jonas@mysql.com-20100312103652-snkltsd197l7q2yg) (merge vers: 5.1.44-ndb-6.3.33) (pib:16)