Bug #59111 gis crashes when server is compiled without performance schema
Submitted: 22 Dec 2010 10:40 Modified: 9 Feb 2011 4:59
Reporter: Alfranio Junior Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: GIS Severity:S3 (Non-critical)
Version:5.6+ OS:Any
Assigned to: Tor Didriksen CPU Architecture:Any
Tags: crash, gis

[22 Dec 2010 10:40] Alfranio Junior 
Description:
main.gis-precise generates the following stacktrace:

1  0x00000000004f0a90 in handle_segfault (sig=11) at /home/acorreia/workspace.oracle/repository.mysql/bzrwork/bug-davi/mysql-trunk-bugfixing.merge/sql/mysqld.cc:2511
#2  <signal handler called>
#3  copy_core (this=0x291f570) at /home/acorreia/workspace.oracle/repository.mysql/bzrwork/bug-davi/mysql-trunk-bugfixing.merge/sql/gcalc_slicescan.h:285
#4  Gcalc_scan_iterator::intersection_scan (this=0x291f570) at /home/acorreia/workspace.oracle/repository.mysql/bzrwork/bug-davi/mysql-trunk-bugfixing.merge/sql/gcalc_slicescan.cc:742
#5  0x000000000070a775 in Gcalc_scan_iterator::normal_scan (this=0x291f570) at /home/acorreia/workspace.oracle/repository.mysql/bzrwork/bug-davi/mysql-trunk-bugfixing.merge/sql/gcalc_slicescan.cc:507
#6  0x000000000070b2e8 in step (this=0x291f630, scan_it=...) at /home/acorreia/workspace.oracle/repository.mysql/bzrwork/bug-davi/mysql-trunk-bugfixing.merge/sql/gcalc_slicescan.h:312
#7  Gcalc_function::find_function (this=0x291f630, scan_it=...) at /home/acorreia/workspace.oracle/repository.mysql/bzrwork/bug-davi/mysql-trunk-bugfixing.merge/sql/gcalc_tools.cc:177
#8  0x000000000067e046 in Item_func_spatial_rel::val_int (this=0x291f3a8) at /home/acorreia/workspace.oracle/repository.mysql/bzrwork/bug-davi/mysql-trunk-bugfixing.merge/sql/item_geofunc.cc:984
#9  0x000000000062eccc in Item::send (this=0x291f3a8, protocol=0x2909950, buffer=0x7f4ee91dae40) at /home/acorreia/workspace.oracle/repository.mysql/bzrwork/bug-davi/mysql-trunk-bugfixing.merge/sql/item.cc:5968
#10 0x00000000004fabde in Protocol::send_result_set_row (this=0x2909950, row_items=<value optimized out>) at /home/acorreia/workspace.oracle/repository.mysql/bzrwork/bug-davi/mysql-trunk-bugfixing.merge/sql/protocol.cc:848
#11 0x0000000000522881 in select_send::send_data (this=0x291f858, items=<value optimized out>) at /home/acorreia/workspace.oracle/repository.mysql/bzrwork/bug-davi/mysql-trunk-bugfixing.merge/sql/sql_class.cc:1866
#12 0x000000000057ff88 in JOIN::exec (this=0x291f878) at /home/acorreia/workspace.oracle/repository.mysql/bzrwork/bug-davi/mysql-trunk-bugfixing.merge/sql/sql_select.cc:2794
#13 0x0000000000581442 in mysql_select (thd=0x29094b0, rref_pointer_array=<value optimized out>, tables=0x0, wild_num=0, fields=<value optimized out>, conds=<value optimized out>, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x291f858, unit=0x290aec8, select_lex=0x290b500) at /home/acorreia/workspace.oracle/repository.mysql/bzrwork/bug-davi/mysql-trunk-bugfixing.merge/sql/sql_select.cc:3554
#14 0x0000000000581f54 in handle_select (thd=0x29094b0, lex=0x290ae18, result=0x291f858, setup_tables_done_option=0) at /home/acorreia/workspace.oracle/repository.mysql/bzrwork/bug-davi/mysql-trunk-bugfixing.merge/sql/sql_select.cc:323
#15 0x0000000000541c4f in execute_sqlcom_select (thd=0x29094b0, all_tables=0x0) at /home/acorreia/workspace.oracle/repository.mysql/bzrwork/bug-davi/mysql-trunk-bugfixing.merge/sql/sql_parse.cc:4513
#16 0x0000000000546241 in mysql_execute_command (thd=0x29094b0) at /home/acorreia/workspace.oracle/repository.mysql/bzrwork/bug-davi/mysql-trunk-bugfixing.merge/sql/sql_parse.cc:2096
#17 0x0000000000547c81 in mysql_parse (thd=0x29094b0, rawbuf=<value optimized out>, length=133, parser_state=0x7f4ee91dd400) at /home/acorreia/workspace.oracle/repository.mysql/bzrwork/bug-davi/mysql-trunk-bugfixing.merge/sql/sql_parse.cc:5550
#18 0x0000000000549388 in dispatch_command (command=COM_QUERY, thd=0x29094b0, packet=<value optimized out>, packet_length=<value optimized out>) at /home/acorreia/workspace.oracle/repository.mysql/bzrwork/bug-davi/mysql-trunk-bugfixing.merge/sql/sql_parse.cc:1078
#19 0x00000000005d1627 in do_handle_one_connection (thd_arg=<value optimized out>) at /home/acorreia/workspace.oracle/repository.mysql/bzrwork/bug-davi/mysql-trunk-bugfixing.merge/sql/sql_connect.cc:748
#20 0x00000000005d16b9 in handle_one_connection (arg=0x294d458) at /home/acorreia/workspace.oracle/repository.mysql/bzrwork/bug-davi/mysql-trunk-bugfixing.merge/sql/sql_connect.cc:684
#21 0x00007f4eee0e0971 in start_thread () from /lib/libpthread.so.0
#22 0x00007f4eece4092d in clone () from /lib/libc.so.6
#23 0x0000000000000000 in ?? ()

How to repeat:
Compile mysql-trunk-bugfixing as follows:

. cmake . -DWITHOUT_PERFSCHEMA_STORAGE_ENGINE=1
. make

Run main.gis-precise.
main.gis and innodb.innodb_gis fail with similar failures.
[22 Dec 2010 20:54] Sveta Smirnova 
Thank you for the report.

Verified as described.
[20 Jan 2011 11:35] Tor Didriksen 
These three tests crash consistently in optimized mode for me,
regardless of perf schema.

The problem seems to be pointer aliasing.
[20 Jan 2011 13:14] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/129276

3538 Tor Didriksen	2011-01-20
      Bug #59111 gis crashes when server is compiled without performance schema
      
      The crash was due to pointer aliasing, nothing to do with perf.schema.
     @ sql/gcalc_slicescan.cc
        Use proper type for result_hook in new_slice().
        Then static_cast<> before returning result (this was the bug).
        
        Cleanup some C-style casts, use reinterpret_cast instead.
        Move declarations closer to where they are actually needed.
        
        Remove the recursion between alloc_new_block() and new_item()
     @ sql/gcalc_slicescan.h
        Remove the recursion between alloc_new_block() and new_item()
        (it looked suspicious)
[31 Jan 2011 10:32] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/130030

3580 Tor Didriksen	2011-01-31
      Bug #59111 gis crashes when server is compiled without performance schema
      
      The crash was due to pointer aliasing, nothing to do with perf.schema.
     @ sql/gcalc_slicescan.cc
        Use proper type for result_hook in new_slice().
        Then static_cast<> before returning result (this was the bug).
        
        Cleanup some C-style casts, use reinterpret_cast instead.
        Move declarations closer to where they are actually needed.
        
        Remove the recursion between alloc_new_block() and new_item()
     @ sql/gcalc_slicescan.h
        Remove the recursion between alloc_new_block() and new_item()
        (it looked suspicious)
[3 Feb 2011 12:29] Alexander Barkov 
The patch looks Ok to push.

Consider  suggestion changing return type for alloc_new_blk()
to bool, to report errors to the caller:

>> bool Gcalc_dyn_list::alloc_new_blk()
>> {
>>   void *new_block= my_malloc(m_blk_size, MYF(MY_WME));
>>   if (!new_block)
>>     return true;
>>   *m_blk_hook= new_block;
>>   m_blk_hook= (void**)new_block;
>>   format_blk(new_block);
>>   return false;
>> }
>>
>> So new_item() can be easier to read:
>>
>>  Item *new_item()
>>  {
>>   if (!m_free && alloc_new_blk())
>>     return NULL;
>>    DBUG_ASSERT(m_free);
>>    Item *result= m_free;
>>    m_free= m_free->next;
>>    result->next= NULL;
>>    return result;
>> }
>>
[3 Feb 2011 12:30] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/130314

3596 Tor Didriksen	2011-02-03
      Bug #59111 gis crashes when server is compiled without performance schema
      
      The crash was due to pointer aliasing, nothing to do with perf.schema.
     @ sql/gcalc_slicescan.cc
        Use proper type for result_hook in new_slice().
        Then static_cast<> before returning result (this was the bug).
        
        Cleanup some C-style casts, use reinterpret_cast instead.
        Move declarations closer to where they are actually needed.
        
        Remove the recursion between alloc_new_block() and new_item()
     @ sql/gcalc_slicescan.h
        Remove the recursion between alloc_new_block() and new_item()
        (it looked suspicious)
[3 Feb 2011 13:51] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/130317

3597 Tor Didriksen	2011-02-03
      Bug #59111 gis crashes when server is compiled without performance schema
      
      The crash was due to pointer aliasing, nothing to do with perf.schema.
     @ sql/gcalc_slicescan.cc
        Use proper type for result_hook in new_slice().
        Then static_cast<> before returning result (this was the bug).
        
        Cleanup some C-style casts, use reinterpret_cast instead.
        Move declarations closer to where they are actually needed.
        
        Remove the recursion between alloc_new_block() and new_item()
     @ sql/gcalc_slicescan.h
        Remove the recursion between alloc_new_block() and new_item()
        (it looked suspicious)
[3 Feb 2011 13:51] Bugs System 
Pushed into mysql-trunk 5.6.2 (revid:tor.didriksen@oracle.com-20110203135102-4rjgomp399lulbk2) (version source revid:tor.didriksen@oracle.com-20110203135102-4rjgomp399lulbk2) (merge vers: 5.6.2) (pib:24)
[4 Feb 2011 8:23] Tor Didriksen 
The crash depends on compiler version and compiler flags and optimization level.
I don't think it is seen in released versions, because this patch

Bug#42733: Type-punning warnings when compiling MySQL -- strict aliasing violations.
[9 Feb 2011 4:59] Paul DuBois 
Not present in released versions - no changelog entry needed.