Drizzle

crash in drizzled::JoinTable::readCachedRecord

Bug #697726 reported by Andrew Hutchings
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Drizzle
Fix Released
High
Andrew Hutchings
Drizzle 2011-01-17
7.0
Fix Released
High
Andrew Hutchings
Drizzle 2011-01-17

Bug Description

Found after fixing bug #628398 and bug #697697 with the same randgen (several minutes in now):

./gentest.pl --dsn=dbi:drizzle:host=localhost:port=9306:user=root:password=:database=test --threads=1 --engine=Innodb --gendata=conf/drizzle/drizzle.zz --grammar=conf/drizzle/proclist_subquery_drizzle.yy --debug --queries=100000 --threads=2

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffdeffd700 (LWP 703)]
drizzled::JoinTable::readCachedRecord (this=0x7fffd07a2c38)
    at drizzled/join_table.cc:51
51 copy->blob_field->set_ptr(pos, pos+copy->length);
(gdb) bt
#0 drizzled::JoinTable::readCachedRecord (this=0x7fffd07a2c38)
    at drizzled/join_table.cc:51
#1 0x000000000062de00 in drizzled::flush_cached_records (join=0x7fffd0855578,
    join_tab=0x7fffd07a2c38, skip_last=false) at drizzled/join.cc:2700
#2 0x00000000006bb4a7 in drizzled::sub_select_cache (join=0x7fffd0855578,
    join_tab=0x7fffd07a2c38, end_of_records=<value optimized out>)
    at drizzled/sql_select.cc:3148
#3 0x00000000006bafa0 in drizzled::do_select (join=0x7fffd0855578,
    fields=0x7fffd0856bf0, table=0x0) at drizzled/sql_select.cc:3099
#4 0x000000000062c3f4 in drizzled::Join::exec (this=0x7fffd0855578)
    at drizzled/join.cc:1683
#5 0x000000000061d87c in drizzled::subselect_single_select_engine::exec (
    this=0x7fffd05269c0) at drizzled/item/subselect.cc:2225
#6 0x0000000000617bc1 in drizzled::Item_subselect::exec (this=0x7fffd0526878)
    at drizzled/item/subselect.cc:308
#7 0x00000000006183c7 in drizzled::Item_in_subselect::val_bool (
    this=0x7fffd0526878) at drizzled/item/subselect.cc:916
#8 0x00000000005f829c in drizzled::Item_in_optimizer::val_int (
    this=0x7fffd0864850) at drizzled/item/cmpfunc.cc:1603
#9 0x00000000006bf9b1 in drizzled::end_send_group (join=0x7fffd08616a8,
    end_of_records=true) at drizzled/sql_select.cc:3895
#10 0x00000000006bafa0 in drizzled::do_select (join=0x7fffd08616a8,
    fields=0x7fffd0862d20, table=0x0) at drizzled/sql_select.cc:3099
#11 0x000000000062c3f4 in drizzled::Join::exec (this=0x7fffd08616a8)
    at drizzled/join.cc:1683
#12 0x00000000006b7701 in drizzled::select_query (session=0x1968bd0,
    rref_pointer_array=0x19699a8, tables=0x7fffd0006850,
    wild_num=<value optimized out>, fields=<value optimized out>,
    conds=<value optimized out>, og_num=2, order=0x7fffd0526b00, group=0x0,
    having=0x7fffd0526878, select_options=2147500032, result=0x7fffd0587700,
    unit=0x19695f0, select_lex=0x19697f0) at drizzled/sql_select.cc:432
#13 0x00000000006b8028 in drizzled::handle_select (session=0x1968bd0,
    lex=0x19695d0, result=0x7fffd0587700, setup_tables_done_option=0)
    at drizzled/sql_select.cc:151
#14 0x00000000006b0a74 in drizzled::execute_sqlcom_select (session=0x1968bd0,
    all_tables=<value optimized out>) at drizzled/sql_parse.cc:544
#15 0x00000000006b3b25 in execute_command (session=0x1968bd0,
    inBuf=<value optimized out>, length=1318) at drizzled/sql_parse.cc:479
#16 drizzled::parse (session=0x1968bd0, inBuf=<value optimized out>,
    length=1318) at drizzled/sql_parse.cc:750
#17 0x00000000006b41fc in drizzled::dispatch_command (
    command=<value optimized out>, session=0x1968bd0, packet=0x196bfb1 "",
    packet_length=1321) at drizzled/sql_parse.cc:227
#18 0x0000000000689946 in drizzled::Session::executeStatement (this=0x1968bd0)
    at drizzled/session.cc:723
#19 0x000000000068cfc7 in drizzled::Session::run (this=0x1968bd0)
    at drizzled/session.cc:564
#20 0x00007ffff56728a6 in multi_thread::MultiThreadScheduler::runSession (
    this=0x19457f0, id=4) at plugin/multi_thread/multi_thread.cc:66
#21 0x00007ffff789ba55 in thread_proxy ()
   from /usr/lib64/libboost_thread-mt.so.1.44.0
#22 0x0000003755406d5b in start_thread () from /lib64/libpthread.so.0
#23 0x00000037550e4a7d in clone () from /lib64/libc.so.6

Related branches

lp:~linuxjedi/drizzle/trunk-bug-697726
Drizzle Developers: Pending requested
Diff: 498 lines (+477/-1)
3 files modified
drizzled/join.cc (+3/-1)
tests/suite/regression/r/697726.result (+239/-0)
tests/suite/regression/t/697726.test (+235/-0)
Revision history for this message
Andrew Hutchings (linuxjedi) wrote :
Revision history for this message
Andrew Hutchings (linuxjedi) wrote :

so, join_tab had had cleanup() called which frees the cache->buff allocation. The join_tab is then reused but the cache->buff has not been re-initialized.

Why/how this happens I haven't determined yet...

Revision history for this message
Andrew Hutchings (linuxjedi) wrote :

Looks like http://bugs.mysql.com/bug.php?id=37460 fixed it, but need to do more tests

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.