create table select with binlog_format MIXED/STATEMENT crashes node

Bug #1160854 reported by Teemu Ollakka
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
MySQL patches by Codership
Confirmed
Medium
Seppo Jaakola
Percona XtraDB Cluster moved to https://jira.percona.com/projects/PXC
Status tracked in 5.6
5.5
Won't Fix
Undecided
Unassigned
5.6
Invalid
Undecided
Kenn Takara

Bug Description

The following sequence of commands causes segmentation fault:

create table t1 (a int primary key);
set binlog_format=STATEMENT;
create table t2 select * from t1;

Backtrace:

#0 __pthread_kill (threadid=<optimized out>, signo=<optimized out>) at ../nptl/sysdeps/unix/sysv/linux/pthread_kill.c:63
#1 0x00000000006a2359 in handle_fatal_signal (sig=11)
    at /home/teemu/codership/galera/bzr/codership-mysql/5.5-23/sql/signal_handler.cc:247
#2 <signal handler called>
#3 my_b_safe_tell (info=0x106e558) at /home/teemu/codership/galera/bzr/codership-mysql/5.5-23/mysys/mf_iocache2.c:122
#4 0x00000000007466d8 in Log_event::write_header (this=0x7f5aac03e750, file=0x106e558, event_data_length=<optimized out>)
    at /home/teemu/codership/galera/bzr/codership-mysql/5.5-23/sql/log_event.cc:1006
#5 0x00000000007474aa in Query_log_event::write (this=0x7f5aac03e750, file=0x106e558)
    at /home/teemu/codership/galera/bzr/codership-mysql/5.5-23/sql/log_event.cc:2464
#6 0x0000000000739b74 in MYSQL_BIN_LOG::write (this=<optimized out>, event_info=<optimized out>)
    at /home/teemu/codership/galera/bzr/codership-mysql/5.5-23/sql/log.cc:5235
#7 0x000000000056f08d in THD::binlog_query (this=0x32ae1b0, qtype=THD::ROW_QUERY_TYPE,
    query_arg=0x7f5a64004e90 "create table t2 select * from t1", query_len=32, is_trans=<optimized out>,
    direct=<optimized out>, suppress_use=false, errcode=0)
    at /home/teemu/codership/galera/bzr/codership-mysql/5.5-23/sql/sql_class.cc:5410
#8 0x000000000057acd5 in select_insert::send_eof (this=0x7f5a64005ce0)
    at /home/teemu/codership/galera/bzr/codership-mysql/5.5-23/sql/sql_insert.cc:3532
#9 0x000000000057af2f in select_create::send_eof (this=0x7f5a64005ce0)
    at /home/teemu/codership/galera/bzr/codership-mysql/5.5-23/sql/sql_insert.cc:4049
#10 0x00000000005c84b8 in do_select (join=0x7f5a6400ca30, fields=<optimized out>, table=0x0, procedure=0x0)
    at /home/teemu/codership/galera/bzr/codership-mysql/5.5-23/sql/sql_select.cc:11575
#11 0x00000000005d5d3d in JOIN::exec (this=0x7f5a6400ca30)
    at /home/teemu/codership/galera/bzr/codership-mysql/5.5-23/sql/sql_select.cc:2385
#12 0x00000000005d7825 in mysql_select (thd=0x32ae1b0, rref_pointer_array=<optimized out>, tables=<optimized out>,
    wild_num=<optimized out>, fields=..., conds=<optimized out>, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0,
    select_options=2416184064, result=0x7f5a64005ce0, unit=0x32afd18, select_lex=0x32b0338)
    at /home/teemu/codership/galera/bzr/codership-mysql/5.5-23/sql/sql_select.cc:2604
#13 0x00000000005d8295 in handle_select (thd=0x32ae1b0, lex=0x32afc68, result=0x7f5a64005ce0, setup_tables_done_option=0)
    at /home/teemu/codership/galera/bzr/codership-mysql/5.5-23/sql/sql_select.cc:297
#14 0x000000000059990e in mysql_execute_command (thd=0x32ae1b0)
    at /home/teemu/codership/galera/bzr/codership-mysql/5.5-23/sql/sql_parse.cc:2830
#15 0x0000000000599aa4 in mysql_parse (thd=0x32ae1b0, parser_state=0x7f5aac041210, length=<optimized out>,
    rawbuf=<optimized out>) at /home/teemu/codership/galera/bzr/codership-mysql/5.5-23/sql/sql_parse.cc:6203
#16 0x000000000059a3ab in mysql_parse (parser_state=0x7f5aac041210, length=32,
    rawbuf=0x7f5a64004e90 "create table t2 select * from t1", thd=0x32ae1b0)
    at /home/teemu/codership/galera/bzr/codership-mysql/5.5-23/sql/sql_parse.cc:6154
#17 wsrep_mysql_parse (thd=0x32ae1b0, rawbuf=0x7f5a64004e90 "create table t2 select * from t1", length=32,
    parser_state=0x7f5aac041210) at /home/teemu/codership/galera/bzr/codership-mysql/5.5-23/sql/sql_parse.cc:6036
#18 0x000000000059bff7 in dispatch_command (command=COM_QUERY, thd=0x32ae1b0, packet=<optimized out>,
    packet_length=2885948152) at /home/teemu/codership/galera/bzr/codership-mysql/5.5-23/sql/sql_parse.cc:1212
#19 0x000000000059c60d in do_command (thd=0x32ae1b0)
    at /home/teemu/codership/galera/bzr/codership-mysql/5.5-23/sql/sql_parse.cc:869
#20 0x000000000063eb95 in do_handle_one_connection (thd_arg=<optimized out>)
    at /home/teemu/codership/galera/bzr/codership-mysql/5.5-23/sql/sql_connect.cc:878
#21 0x000000000063edac in handle_one_connection (arg=0x32ae1b0)
    at /home/teemu/codership/galera/bzr/codership-mysql/5.5-23/sql/sql_connect.cc:790
#22 0x00007f5ab0596e9a in start_thread (arg=0x7f5aac042700) at pthread_create.c:308
#23 0x00007f5ab02c3cbd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#24 0x0000000000000000 in ?? ()
(gdb) f 4
#4 0x00000000007466d8 in Log_event::write_header (this=0x7f5aac03e750, file=0x106e558, event_data_length=<optimized out>)
    at /home/teemu/codership/galera/bzr/codership-mysql/5.5-23/sql/log_event.cc:1006
1006 log_pos= my_b_safe_tell(file)+data_written;
(gdb) p *file
$1 = {pos_in_file = 0, end_of_file = 0, read_pos = 0x0, read_end = 0x0, buffer = 0x0, request_pos = 0x0, write_buffer = 0x0,
  append_read_pos = 0x0, write_pos = 0x0, write_end = 0x0, current_pos = 0x0, current_end = 0x0, append_buffer_lock = {
    m_mutex = {__data = {__lock = 0, __count = 0, __owner = 0, __nusers = 0, __kind = 0, __spins = 0, __list = {__prev = 0x0,
          __next = 0x0}}, __size = '\000' <repeats 39 times>, __align = 0}, m_psi = 0x0}, share = 0x0, read_function = 0,
  write_function = 0, type = TYPE_NOT_SET, pre_read = 0, post_read = 0, pre_close = 0, disk_writes = 0, arg = 0x0,
  file_name = 0x0, dir = 0x0, prefix = 0x0, file = 0, seek_not_done = 0, error = 0, buffer_length = 0, read_length = 0,
  myflags = 0, alloced_buffer = 0 '\000'}

IO cache stays empty which causes null pointer dereference in my_b_safe_tell().

Tags: ctas statement
Revision history for this message
Alex Yurchenko (ayurchen) wrote :

some other people seem to have experienced the same crash. See https://bugs.launchpad.net/percona-xtradb-cluster/+bug/1126207 and comments in https://bugs.launchpad.net/percona-xtradb-cluster/+bug/1159837. Looks like binlog_format=STATEMENT has something to do with it.

Changed in codership-mysql:
assignee: nobody → Seppo Jaakola (seppo-jaakola)
importance: Undecided → Medium
milestone: none → 5.5.31-23.7.5
status: New → Confirmed
Changed in percona-xtradb-cluster:
milestone: none → 5.5.31-24.8
tags: added: ctas
Changed in percona-xtradb-cluster:
milestone: 5.5.31-23.7.5 → 5.5.31-25
Changed in codership-mysql:
milestone: 5.5.31-23.7.5 → 5.5.32-23.7.6
Changed in percona-xtradb-cluster:
milestone: 5.5.33-23.7.6 → future-5.5
Changed in codership-mysql:
milestone: 5.5.33-23.7.6 → 5.5.34-24.9
tags: added: statement
Changed in codership-mysql:
milestone: 5.5.34-25.9 → 5.5.34-25.10
Changed in codership-mysql:
milestone: 5.5.37-25.10 → 5.5.37-25.11
Revision history for this message
Nilnandan Joshi (nilnandan-joshi) wrote :
Download full text (4.0 KiB)

Checked with PXC 5.5, not sure if this is the same thing.

mysql> create table t1 (a int primary key);
Query OK, 0 rows affected (0.07 sec)

mysql> set binlog_format=STATEMENT;
Query OK, 0 rows affected, 1 warning (0.00 sec)

mysql> show warnings;
+---------+------+-----------------------------------------------+
| Level | Code | Message |
+---------+------+-----------------------------------------------+
| Warning | 1105 | PXC does not support binlog format: STATEMENT |
+---------+------+-----------------------------------------------+
1 row in set (0.00 sec)

mysql> create table t2 select * from t1;
ERROR 2013 (HY000): Lost connection to MySQL server during query
mysql>
mysql> quit

140624 3:27:47 [ERROR] WSREP: PXC does not support binlog format : STATEMENT
21:57:55 UTC - mysqld got signal 11 ;
This could be because you hit a bug. It is also possible that this binary
or one of the libraries it was linked against is corrupt, improperly built,
or misconfigured. This error can also be caused by malfunctioning hardware.
We will try our best to scrape up some info that will hopefully help
diagnose the problem, but since we have already crashed,
something is definitely wrong and this may fail.
Please help us make Percona XtraDB Cluster better by reporting any
bugs at https://bugs.launchpad.net/percona-xtradb-cluster

key_buffer_size=8388608
read_buffer_size=131072
max_used_connections=3
max_threads=153
thread_count=3
connection_count=3
It is possible that mysqld could use up to
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 343074 K bytes of memory
Hope that's ok; if not, decrease some variables in the equation.

Thread pointer: 0x20b04d0
Attempting backtrace. You can use the following information to find out
where mysqld died. If you see no messages after this, something went
terribly wrong...
stack_bottom = 7f8cadd74d68 thread_stack 0x40000
/usr/sbin/mysqld(my_print_stacktrace+0x35)[0x7eca55]
/usr/sbin/mysqld(handle_fatal_signal+0x4b4)[0x6bf674]
/lib64/libpthread.so.0(+0xf710)[0x7f8cadb00710]
/usr/sbin/mysqld(my_b_safe_tell+0x11)[0x7d96e1]
/usr/sbin/mysqld(_ZN9Log_event12write_headerEP11st_io_cachem+0x138)[0x7639d8]
/usr/sbin/mysqld(_ZN15Query_log_event5writeEP11st_io_cache+0x34f)[0x766dff]
/usr/sbin/mysqld(_ZN13MYSQL_BIN_LOG5writeEP9Log_event+0x502)[0x7582f2]
/usr/sbin/mysqld(_ZN3THD12binlog_queryENS_22enum_binlog_query_typeEPKcmbbbi+0xc6)[0x579986]
/usr/sbin/mysqld(_ZN13select_insert8send_eofEv+0x150)[0x587f80]
/usr/sbin/mysqld(_ZN13select_create8send_eofEv+0x27)[0x58b2a7]
/usr/sbin/mysqld[0x5ca606]
/usr/sbin/mysqld(_ZN4JOIN4execEv+0xc43)[0x5e1bf3]
/usr/sbin/mysqld(_Z12mysql_selectP3THDPPP4ItemP10TABLE_LISTjR4ListIS1_ES2_jP8st_orderSB_S2_SB_yP13select_resultP18st_select_lex_unitP13st_select_lex+0x12c)[0x5e336c]
/usr/sbin/mysqld(_Z13handle_selectP3THDP3LEXP13select_resultm+0x1cd)[0x5e3e1d]
/usr/sbin/mysqld(_Z21mysql_execute_commandP3THD+0x59e2)[0x5a3982]
/usr/sbin/mysqld(_Z11mysql_parseP3THDPcjP12Parser_state+0x33b)[0x5a3cfb]
/usr/sbin/mysqld[0x5a3e62]
/usr/sbin/mysqld(_Z16dispatch_command19enum_server_commandP3THDPcj+0x254c)[0x5a731c]
/usr/sbin/mysqld(_Z10do_commandP3THD+0x1...

Read more...

Revision history for this message
Nilnandan Joshi (nilnandan-joshi) wrote :

With PXC 5.6.19, getting error while setting binlog_format variable.

mysql> set binlog_format=STATEMENT;
ERROR 1231 (42000): Variable 'binlog_format' can't be set to the value of 'STATEMENT'
mysql> set binlog_format='STATEMENT';
ERROR 1231 (42000): Variable 'binlog_format' can't be set to the value of 'STATEMENT'
mysql> set global binlog_format='STATEMENT';
ERROR 1231 (42000): Variable 'binlog_format' can't be set to the value of 'STATEMENT'
mysql> SET SESSION binlog_format=STATEMENT;
ERROR 1231 (42000): Variable 'binlog_format' can't be set to the value of 'STATEMENT'
mysql>

Revision history for this message
Shahriyar Rzayev (rzayev-sehriyar) wrote :

Percona now uses JIRA for bug reports so this bug report is migrated to: https://jira.percona.com/browse/PXC-1320

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.