Bug #68127 RACE CONDITION IN TABLE PERFORMANCE_SCHEMA.THREADS
Submitted: 20 Jan 2013 10:47 Modified: 22 Jan 2013 12:57
Reporter: erkan yanar Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Performance Schema Severity:S2 (Serious)
Version:5.6.9-rc OS:Linux (ubuntu 12.04)
Assigned to: Marc Alff CPU Architecture:Any

[20 Jan 2013 10:47] erkan yanar
Description:
You can easy crash mysqld by doing concurrent selects on the P_S.threads table.
The same query works on MariaDB 10.0. As it is based on 5.6.5 I suggest it is a regression bug.
Doing the queries on the I_S are working.

How to repeat:
root@mysql56a:~# mysqlslap -q 'SELECT * from threads' --create-schema=performance_schema --number-of-queries=100000 -c 4
mysqlslap: Cannot run query SELECT * from threads ERROR : Lost connection to MySQL server during query
mysqlslap: Cannot run query SELECT * from threads ERROR : Lost connection to MySQL server during query
root@mysql56a:~# 

key_buffer_size=8388608
read_buffer_size=131072
max_used_connections=6
max_threads=151  
thread_count=8   
connection_count=6
It is possible that mysqld could use up to
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 68215 K  bytes of memory
Hope that's ok; if not, decrease some variables in the equation.
Thread pointer: 0x282e800
Attempting backtrace. You can use the following information to find out
where mysqld died. If you see no messages after this, something went
terribly wrong...
stack_bottom = 7f6bb795ae28 thread_stack 0x40000
mysqld(my_print_stacktrace+0x35)[0x8de315]
mysqld(handle_fatal_signal+0x4a4)[0x6726c4]
/lib/x86_64-linux-gnu/libpthread.so.0(+0xfcb0)[0x7f6bcf246cb0]
mysqld[0xb315ce] 
mysqld(my_well_formed_len_mb+0x62)[0xb247d2]
mysqld(_Z23well_formed_copy_ncharsPK15charset_info_stPcjS1_PKcjjPS4_S5_S5_+0xb2)[0x72f132]
mysqld(_ZN10Field_blob14store_internalEPKcjPK15charset_info_st+0x22f)[0x7c2f0f]
mysqld(_ZN13table_threads15read_row_valuesEP5TABLEPhPP5Fieldb+0x114)[0x96ab64]
mysqld(_ZN13ha_perfschema8rnd_nextEPh+0x6a)[0x945f1a]
mysqld(_ZN7handler11ha_rnd_nextEPh+0x9c)[0x5b196c]
mysqld(_Z13rr_sequentialP11READ_RECORD+0x1e)[0x81706e]
mysqld(_Z10sub_selectP4JOINP13st_join_tableb+0x179)[0x6cceb9]
mysqld(_ZN4JOIN4execEv+0x2ba)[0x6cd9ba]
mysqld(_Z12mysql_selectP3THDP10TABLE_LISTjR4ListI4ItemEPS4_P10SQL_I_ListI8st_orderESB_S7_yP13select_resultP18st_select_lex_unitP13st_select_lex+0x258)[0x70d008]
mysqld(_Z13handle_selectP3THDP13select_resultm+0x187)[0x70d877]
mysqld[0x6eb43d] 
mysqld(_Z21mysql_execute_commandP3THD+0x112c)[0x6ecf7c]
mysqld(_Z11mysql_parseP3THDPcjP12Parser_state+0x32f)[0x6f0d0f]
mysqld(_Z16dispatch_command19enum_server_commandP3THDPcj+0xe6d)[0x6f270d]
mysqld(_Z24do_handle_one_connectionP3THD+0xcf)[0x6bf22f]
mysqld(handle_one_connection+0x47)[0x6bf357]
mysqld(pfs_spawn_thread+0x139)[0x970f79]
/lib/x86_64-linux-gnu/libpthread.so.0(+0x7e9a)[0x7f6bcf23ee9a]
/lib/x86_64-linux-gnu/libc.so.6(clone+0x6d)[0x7f6bcdf12cbd]
Trying to get some variables.
Some pointers may be invalid and cause the dump to abort.
Query (7f6b84004bc0): is an invalid pointer
Connection ID (thread ID): 7
Status: NOT_KILLED

The manual page at http://dev.mysql.com/doc/mysql/en/crashing.html contains
information that should help you find out what is causing the crash.
[20 Jan 2013 11:12] Valeriy Kravchuk
This is easy to verify:

[valerii.kravchuk@cisco1 mysql-5.6.9-rc-linux-glibc2.5-x86_64]$ bin/mysqlslap -uroot -q 'SELECT * from threads' --create-schema=performance_schema --number-of-queries=100000 -c 4
bin/mysqlslap: Cannot run query SELECT * from threads ERROR : Lost connection to MySQL server during query
bin/mysqlslap: Cannot run query SELECT * from threads ERROR : Lost connection to MySQL server during query
[valerii.kravchuk@cisco1 mysql-5.6.9-rc-linux-glibc2.5-x86_64]$ 130120 03:07:47 mysqld_safe Number of processes running now: 0
130120 03:07:47 mysqld_safe mysqld restarted

In the error log I see:

11:07:47 UTC - mysqld got signal 11 ;
This could be because you hit a bug. It is also possible that this binary
or one of the libraries it was linked against is corrupt, improperly built,
or misconfigured. This error can also be caused by malfunctioning hardware.
We will try our best to scrape up some info that will hopefully help
diagnose the problem, but since we have already crashed,
something is definitely wrong and this may fail.

key_buffer_size=8388608
read_buffer_size=131072
max_used_connections=5
max_threads=151
thread_count=5
connection_count=5
It is possible that mysqld could use up to
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 68215 K  bytes of memory
Hope that's ok; if not, decrease some variables in the equation.

Thread pointer: 0x2e98030
Attempting backtrace. You can use the following information to find out
where mysqld died. If you see no messages after this, something went
terribly wrong...
stack_bottom = 7fbbe36b3e10 thread_stack 0x40000
/home/valerii.kravchuk/mysql-5.6.9-rc-linux-glibc2.5-x86_64/bin/mysqld(my_print_stacktrace+0x35)[0x8edc75]
/home/valerii.kravchuk/mysql-5.6.9-rc-linux-glibc2.5-x86_64/bin/mysqld(handle_fatal_signal+0x3e8)[0x66a6e8]
/lib64/libpthread.so.0(+0xf4a0)[0x7fbbfbc5d4a0]
/home/valerii.kravchuk/mysql-5.6.9-rc-linux-glibc2.5-x86_64/bin/mysqld[0xb3d9be]
/home/valerii.kravchuk/mysql-5.6.9-rc-linux-glibc2.5-x86_64/bin/mysqld(my_well_formed_len_mb+0x61)[0xb31851]
/home/valerii.kravchuk/mysql-5.6.9-rc-linux-glibc2.5-x86_64/bin/mysqld(_Z23well_formed_copy_ncharsPK15charset_info_stPcjS1_PKcjjPS4_S5_S5_+0x1c6)[0x725be6]
/home/valerii.kravchuk/mysql-5.6.9-rc-linux-glibc2.5-x86_64/bin/mysqld(_ZN10Field_blob14store_internalEPKcjPK15charset_info_st+0x18b)[0x7cfdcb]
/home/valerii.kravchuk/mysql-5.6.9-rc-linux-glibc2.5-x86_64/bin/mysqld(_ZN13table_threads15read_row_valuesEP5TABLEPhPP5Fieldb+0x206)[0xb019c6]
/home/valerii.kravchuk/mysql-5.6.9-rc-linux-glibc2.5-x86_64/bin/mysqld(_ZN13ha_perfschema8rnd_nextEPh+0x68)[0xaddb18]
/home/valerii.kravchuk/mysql-5.6.9-rc-linux-glibc2.5-x86_64/bin/mysqld(_ZN7handler11ha_rnd_nextEPh+0x9c)[0x58637c]
/home/valerii.kravchuk/mysql-5.6.9-rc-linux-glibc2.5-x86_64/bin/mysqld(_Z13rr_sequentialP11READ_RECORD+0x37)[0x824ef7]
/home/valerii.kravchuk/mysql-5.6.9-rc-linux-glibc2.5-x86_64/bin/mysqld(_Z10sub_selectP4JOINP13st_join_tableb+0x181)[0x6c3451]
/home/valerii.kravchuk/mysql-5.6.9-rc-linux-glibc2.5-x86_64/bin/mysqld(_ZN4JOIN4execEv+0x26c)[0x6c121c]
/home/valerii.kravchuk/mysql-5.6.9-rc-linux-glibc2.5-x86_64/bin/mysqld[0x704a19]
/home/valerii.kravchuk/mysql-5.6.9-rc-linux-glibc2.5-x86_64/bin/mysqld(_Z12mysql_selectP3THDP10TABLE_LISTjR4ListI4ItemEPS4_P10SQL_I_ListI8st_orderESB_S7_yP13select_resultP18st_select_lex_unitP13st_select_lex+0xbc)[0x704f4c]
/home/valerii.kravchuk/mysql-5.6.9-rc-linux-glibc2.5-x86_64/bin/mysqld(_Z13handle_selectP3THDP13select_resultm+0x175)[0x705155]
/home/valerii.kravchuk/mysql-5.6.9-rc-linux-glibc2.5-x86_64/bin/mysqld[0x6e1ae9]
/home/valerii.kravchuk/mysql-5.6.9-rc-linux-glibc2.5-x86_64/bin/mysqld(_Z21mysql_execute_commandP3THD+0x3554)[0x6e6bd4]
/home/valerii.kravchuk/mysql-5.6.9-rc-linux-glibc2.5-x86_64/bin/mysqld(_Z11mysql_parseP3THDPcjP12Parser_state+0x318)[0x6ea2b8]
/home/valerii.kravchuk/mysql-5.6.9-rc-linux-glibc2.5-x86_64/bin/mysqld(_Z16dispatch_command19enum_server_commandP3THDPcj+0x848)[0x6eabf8]
/home/valerii.kravchuk/mysql-5.6.9-rc-linux-glibc2.5-x86_64/bin/mysqld(_Z10do_commandP3THD+0xd7)[0x6ebe37]
/home/valerii.kravchuk/mysql-5.6.9-rc-linux-glibc2.5-x86_64/bin/mysqld(_Z24do_handle_one_connectionP3THD+0x116)[0x6b6806]
/home/valerii.kravchuk/mysql-5.6.9-rc-linux-glibc2.5-x86_64/bin/mysqld(handle_one_connection+0x45)[0x6b68e5]
/home/valerii.kravchuk/mysql-5.6.9-rc-linux-glibc2.5-x86_64/bin/mysqld(pfs_spawn_thread+0x13b)[0xb072db]
/lib64/libpthread.so.0(+0x77f1)[0x7fbbfbc557f1]
/lib64/libc.so.6(clone+0x6d)[0x7fbbfa9bfccd]

Trying to get some variables.
Some pointers may be invalid and cause the dump to abort.
Query (7fbbc4004bc0): SELECT * from threads
Connection ID (thread ID): 4
Status: NOT_KILLED
[21 Jan 2013 6:26] Erlend Dahl
Thank you for the bug report. Verified as described, but I had to try several times before it crashed.
[22 Jan 2013 12:57] Paul Dubois
Noted in 5.6.11, 5.7.1 changelogs.

Due to a thread race condition, the server could exit while
attempting to read the Performance Schema threads.PROCESSLIST_INFO
column.
[22 Jan 2013 16:00] Paul Dubois
Noted in 5.6.10 (not 5.6.11) changelog.