Bug #52756 InnoDB Plugin 1.0.7 crashes on particular statement.
Submitted: 12 Apr 2010 8:22 Modified: 30 Apr 2010 6:00
Reporter: Sveta Smirnova Email Updates:
Status: Duplicate Impact on me:
None 
Category:MySQL Server: InnoDB Plugin storage engine Severity:S3 (Non-critical)
Version:5.1, Plugin 1.0.7 OS:Any
Assigned to: Assigned Account CPU Architecture:Any

[12 Apr 2010 8:22] Sveta Smirnova 
Description:
This is split from bug #52626

InnoDB Plugin 1.0.7 crashes with different trace:

0x00000034292c6952 in __select_nocancel () from /lib64/libc.so.6
(gdb) c
Continuing.

Program received signal SIGABRT, Aborted.
[Switching to Thread 1210108224 (LWP 10632)]
0x0000003429230015 in raise () from /lib64/libc.so.6
(gdb) bt
#0  0x0000003429230015 in raise () from /lib64/libc.so.6
#1  0x0000003429231980 in abort () from /lib64/libc.so.6
#2  0x00002aaaaab8ad94 in srv_error_monitor_thread (arg=0x0) at srv/srv0srv.c:2287
#3  0x0000003429e061b5 in start_thread () from /lib64/libpthread.so.0
#4  0x00000034292cd39d in clone () from /lib64/libc.so.6
#5  0x0000000000000000 in ?? ()
(gdb) bt full
#0  0x0000003429230015 in raise () from /lib64/libc.so.6
No symbol table info available.
#1  0x0000003429231980 in abort () from /lib64/libc.so.6
No symbol table info available.
#2  0x00002aaaaab8ad94 in srv_error_monitor_thread (arg=0x0) at srv/srv0srv.c:2287
        fatal_cnt = 11
        old_lsn = 6911444109
        new_lsn = 6911444109
#3  0x0000003429e061b5 in start_thread () from /lib64/libpthread.so.0
No symbol table info available.
#4  0x00000034292cd39d in clone () from /lib64/libc.so.6
No symbol table info available.
#5  0x0000000000000000 in ?? ()
No symbol table info available.
(gdb) c
Continuing.

Program terminated with signal SIGABRT, Aborted.
The program no longer exists.
(gdb) 

How to repeat:
See bug #52626
[12 Apr 2010 8:24] Marko Mäkelä 
Apparently, this is the 600-second InnoDB rw-lock or mutex wait watchdog killing the server.
[12 Apr 2010 10:34] MySQL Verification Team 
try with a 512M innodb_buffer_pool_size so that the statement doesn't run out of free pages...
[28 Apr 2010 15:07] MySQL Verification Team 
alas, 1.0.7 plugin hangs. on this testcase as described by sveta.
"LRU len: 9029, unzip_LRU len: 8368" keeps increasing until no pages are
free.

and, the hang is in code from btr_page_split_and_insert() and functions, plus btr_page_get_sure_split_rec() returns null, so this might be a duplicate of bug #52964 . I will test the fix for that using this testcase.
[29 Apr 2010 15:52] Ryan Mack 
Can someone test whether Marko's fix for bug 52964 fixes this (I'd be happy to if I can get access to the test data)?  That bug also caused an infinite loop in btr_page_get_sure_split_rec().
[29 Apr 2010 23:19] Ryan Mack 
OK, using the test data from the original report I reproduced the original bug in a clean 5.1.46 build.  Breaking into it in gdb shows an identical callstack to the infinite loop Marko fixed in bug 52756.  I build a second version of the community source with Marko's patch applied and the test completed successfully.  I believe his patch solves this particular issue.

I caution claiming the entire issue is resolved however.  I have seen other crashes in similar situations (uncompressable data in a compressed table) even with Marko's patch.  I would suggest using the test data from this bug as a starting point for trying to reproduce these other issues as I can't provide my repro case directly. (Please see my latest comments on support issue 46284).

Thanks, Ryan
[30 Apr 2010 6:00] MySQL Verification Team 
duplicate of bug#52964 based on Ryan's comments.  We should open new issues/bugs for subsequent problems found after the patch is applied, or else the patches/bugs/docs get very confusing.