Crash / segfault in drizzled::message::Table::type (this=0x0) at ./drizzled/message/table.pb.h:3884

Bug #628860 reported by Patrick Crews
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Drizzle
Fix Released
Medium
Andrew Hutchings
7.0
Fix Released
Medium
Andrew Hutchings

Bug Description

Crashing bug / segfault in a two-connection scenario:

Connection 1 query:
# 2010-09-01T19:20:41 Running Query--> SELECT table2 . `col_varchar_10_utf8_key` AS field1 FROM c AS table1 LEFT JOIN h AS table2 ON table1 . `col_int_key` = table2 . `col_int_key` WHERE table2 . `col_varchar_10_utf8_key` > 'KBXDG' AND table2 . `col_varchar_10_utf8_key` < 'the'
# 2010-09-01T19:20:41 Running Query--> ALTER TABLE b ADD INDEX `test_idx` USING HASH (`col_int_key` , `col_int`, `pk` )
# 2010-09-01T19:20:41 Running Query--> SELECT table1 . `col_varchar_1024_utf8` AS field1 , table1 . `col_int` AS field2 FROM b AS table1 RIGHT JOIN e AS table2 ON table1 . `pk` = table2 . `col_int_key` WHERE table1 . `col_int` > 6 AND table1 . `col_int` <= ( 8 + 5 ) AND table2 . `pk` IN (6, 6) OR table2 . `pk` >= 4 AND table2 . `pk` < ( 0 + 2 ) AND table2 . `col_int` IN (7, 3) OR ( table2 . `col_varchar_10_utf8_key` > 'd' AND table2 . `col_varchar_10_utf8_key` < 'o' OR table1 . `col_int_key` >= 0 AND table1 . `col_int_key` <= ( 0 + 2 ) OR table1 . `col_varchar_1024_utf8_key` IN ('e') OR table2 . `col_varchar_1024_utf8_key` <= 'j' ) ORDER BY field1 , field1 ASC , field1 ASC

Connection 2 query:
# 2010-09-01T19:20:41 Running Query--> SHOW TABLE STATUS

Backtrace:

Program terminated with signal 11, Segmentation fault.
#0 0x0000000000692ffe in drizzled::message::Table::type (this=0x0) at ./drizzled/message/table.pb.h:3884
3884 return static_cast< ::drizzled::message::Table_TableType >(type_);
(gdb) backtrace
#0 0x0000000000692ffe in drizzled::message::Table::type (this=0x0) at ./drizzled/message/table.pb.h:3884
#1 0x0000000000a557bd in drizzled::Table::operator< (this=0x7f9148054a60, right=...) at ./drizzled/table.h:613
#2 0x0000000000a5581a in drizzled::Table::compare (a=0x7f9148054a60, b=0x7f9148054a60) at ./drizzled/table.h:621
#3 0x0000000000a566a4 in std::__unguarded_partition<__gnu_cxx::__normal_iterator<drizzled::Table**, std::vector<drizzled::Table*, std::allocator<drizzled::Table*> > >, drizzled::Table*, bool (*)(drizzled::Table const*, drizzled::Table const*)> (__first=..., __last=..., __pivot=0x7f9148054a60,
    __comp=0xa557f7 <drizzled::Table::compare(drizzled::Table const*, drizzled::Table const*)>) at /usr/include/c++/4.4/bits/stl_algo.h:2233
#4 0x0000000000a560bc in std::__introsort_loop<__gnu_cxx::__normal_iterator<drizzled::Table**, std::vector<drizzled::Table*, std::allocator<drizzled::Table*> > >, long, bool (*)(drizzled::Table const*, drizzled::Table const*)> (__first=..., __last=..., __depth_limit=11,
    __comp=0xa557f7 <drizzled::Table::compare(drizzled::Table const*, drizzled::Table const*)>) at /usr/include/c++/4.4/bits/stl_algo.h:2301
#5 0x0000000000a55a47 in std::sort<__gnu_cxx::__normal_iterator<drizzled::Table**, std::vector<drizzled::Table*, std::allocator<drizzled::Table*> > >, bool (*)(drizzled::Table const*, drizzled::Table const*)> (__first=..., __last=..., __comp=0xa557f7 <drizzled::Table::compare(drizzled::Table const*, drizzled::Table const*)>)
    at /usr/include/c++/4.4/bits/stl_algo.h:5258
#6 0x0000000000a54969 in Generator (this=0x28d0a40, arg=0x7f9150086d68) at plugin/show_dictionary/show_table_status.cc:78
#7 0x0000000000a55850 in ShowTableStatus::generator(drizzled::Field**) ()
#8 0x00000000008be216 in FunctionCursor::doStartTableScan (this=0x7f9150086b90) at plugin/function_engine/cursor.cc:70
#9 0x0000000000614039 in drizzled::Cursor::startTableScan (this=0x7f9150086b90, scan=true) at drizzled/cursor.cc:150
#10 0x0000000000774e99 in drizzled::ReadRecord::init_read_record (this=0x2926c30, session_arg=0x295a8a0, table_arg=0x7f915007f1e0, select_arg=0x2926f80,
    use_record_cache=1, print_error_arg=true) at drizzled/records.cc:156
#11 0x00000000007c6b25 in drizzled::join_init_read_record (tab=0x2926ba8) at drizzled/sql_select.cc:3967
#12 0x00000000007c5962 in drizzled::sub_select (join=0x2935f48, join_tab=0x2926ba8, end_of_records=false) at drizzled/sql_select.cc:3563
#13 0x00000000007c5561 in drizzled::do_select (join=0x2935f48, fields=0x295b610, table=0x0) at drizzled/sql_select.cc:3333
#14 0x00000000006f37c7 in drizzled::Join::exec (this=0x2935f48) at drizzled/join.cc:1695
#15 0x00000000007be7bd in drizzled::mysql_select (session=0x295a8a0, rref_pointer_array=0x295b6d0, tables=0x2935c90, wild_num=1, fields=..., conds=0x0, og_num=0,
    order=0x0, group=0x0, having=0x0, select_options=2147500032, result=0x2935f28, unit=0x295b318, select_lex=0x295b518) at drizzled/sql_select.cc:427
#16 0x00000000007be071 in drizzled::handle_select (session=0x295a8a0, lex=0x295b2f8, result=0x2935f28, setup_tables_done_option=0) at drizzled/sql_select.cc:146
#17 0x00000000007ba67b in drizzled::execute_sqlcom_select (session=0x295a8a0, all_tables=0x2935c90) at drizzled/sql_parse.cc:544
#18 0x0000000000813ebb in drizzled::statement::Select::execute (this=0x287ff10) at drizzled/statement/select.cc:32
#19 0x00000000007ba206 in mysql_execute_command (session=0x295a8a0) at drizzled/sql_parse.cc:479
#20 0x00000000007bafc8 in drizzled::mysql_parse (session=0x295a8a0, inBuf=0x2930628 "SHOW TABLE STATUS", length=17) at drizzled/sql_parse.cc:750
#21 0x00000000007b9b5a in drizzled::dispatch_command (command=drizzled::COM_QUERY, session=0x295a8a0, packet=0x28ca4a1 "", packet_length=17) at drizzled/sql_parse.cc:224
#22 0x000000000077d2e3 in drizzled::Session::executeStatement (this=0x295a8a0) at drizzled/session.cc:666
#23 0x000000000077cb8f in drizzled::Session::run (this=0x295a8a0) at drizzled/session.cc:522
#24 0x00007f91692a7b54 in MultiThreadScheduler::runSession (this=0x282ddd0, session=0x295a8a0) at ./plugin/multi_thread/multi_thread.h:67
#25 0x00007f91692a59e2 in session_thread (arg=0x295a8a0) at plugin/multi_thread/multi_thread.cc:52
#26 0x00007f916cfb59ca in start_thread (arg=<value optimized out>) at pthread_create.c:300
#27 0x00007f916cd126fd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#28 0x0000000000000000 in ?? ()

Tags: crash
Revision history for this message
Patrick Crews (patrick-crews) wrote :

Was able to trigger this via the randgen - using two different randgen processes:

randgen1:
./gentest.pl --dsn=dbi:drizzle:host=localhost:port=9306:user=root:password=:database=test --threads=1 --engine=Innodb --gendata=conf/drizzle/range_access_drizzle.zz --grammar=conf/drizzle/range_access_drizzle.yy --debug --queries=100000 --threads=1

randgen2:
./gentest.pl --dsn=dbi:drizzle:host=localhost:port=9306:user=root:password=:database=test --threads=1 --engine=Innodb --grammar=conf/drizzle/data_dict_concurrent_drizzle.yy --debug --queries=10000 --threads=3

I initiated randgen1 first and let it run for a second or two before kicking off randgen2.
Crash isn't necessarily deterministic as it relies on timing, but with high enough values for --queries in each command line, you are certain to run into this collision / race condition.

Changed in drizzle:
status: New → Confirmed
importance: Undecided → Medium
Revision history for this message
Patrick Crews (patrick-crews) wrote :

Repeated and these were the last non-data-dict queries on this run:

# 2010-09-02T12:09:03 Running Query--> SELECT table1 . `col_varchar_10_utf8_key` AS field1 FROM b AS table1 LEFT OUTER JOIN b AS table2 ON table1 . `col_int` = table2 . `pk` WHERE table2 . `pk` BETWEEN 7 AND (7 + 0 ) OR table1 . `col_int` BETWEEN 7 AND (7 + 75 ) OR table1 . `col_int` >= 7 AND table1 . `col_int` <= ( 7 + 6 )
# 2010-09-02T12:09:03 Running Query--> SELECT table1 . `col_varchar_1024_utf8` AS field1 FROM b AS table1 LEFT JOIN a AS table2 LEFT JOIN b AS table3 ON table2 . `col_int_key` = table3 . `pk` ON table1 . `col_varchar_1024_utf8` = table2 . `col_varchar_1024_utf8_key` WHERE table2 . `col_int` IN (4, 2, 25, 9) OR table2 . `pk` >= 6 AND table2 . `pk` <= ( 7 + 3 ) OR table2 . `pk` BETWEEN 7 AND (7 + 65 ) OR table3 . `col_int` IS NULL
# 2010-09-02T12:09:03 Running Query--> DROP INDEX `test_idx` ON b
# 2010-09-02T12:09:03 Running Query--> ALTER TABLE d ADD INDEX `test_idx` USING HASH (`pk`, `col_int_key`, `col_int` )

It seems like the ADD INDEX operation might be the key. Will try to refine the conditions to make this happen more regularly / quickly.

tags: added: crash
Revision history for this message
Andrew Hutchings (linuxjedi) wrote :

bug #698092 is a blocker to reproducing this

Revision history for this message
Andrew Hutchings (linuxjedi) wrote :

Can no longer reproduce this using randgen

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.