[MDEV-7116] Dynamic column hangs/segfaults - JIRA

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: 10.0
Fix Version/s: 10.0.15
Component/s: Dynamic Columns
Labels:
None
Environment:
Ubuntu 14.04

Description

I have reproducible segfaults and hangs with certain kinds of dynamic column queries. I was only able to reliable trigger this behavior in a master/slave scenario.

What happens is that a few queries are ran on the master which are then replicated to the slave. This seems to go well, both master and slave still respond and allow queries, until I run 'show tables' in the account the queries were ran in. The slave will then hang (the query never returns and the client needs to be killed with <Ctrl>+Z). The slave can only be killed by kill-9.

The master, meanwhile, stays up until the slave is killed with kill-9. At this point, the master segfaults and is restarted by the mysqld_safe script.

Interestingly, if you remove some columns from the queries the behavior sometimes changes so it works well the first time (even running 'show tables' on the slave), but then immediately running the queries again will hang the master, the same way the slave would otherwise hang. These queries are about as small as I could make them and still have the behavior reproduce reliably.

Gliffy Diagrams

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

query_from_hell.sql
6 kB
2014-11-14 16:46

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

Elena Stepanova added a comment - 2014-11-14 18:37

Thanks for the report and the test case.

The shortened version:

create table PxCDMEmailingTemplateStatistics (
  fk_template int not null,
  impressions mediumblob not null,
  primary key (fk_template)
) engine=myisam;

insert into PxCDMEmailingTemplateStatistics
            (fk_template)
values      (1),(2);

update  PxCDMEmailingTemplateStatistics
set     impressions = column_add(impressions,
            'total', 12,
            '2014-10-28 16:00:00', 3,
            '2014-10-30 15:00:00', 3,
            '2014-11-04 09:00:00', 6
        )
where   fk_template = 2;

In MTR on a release build, it hangs.
In a client on a release build, it crashes after the client disconnects.
In MTR or a client on a debug build, it produces

Error: Freeing unallocated data or underrun buffer mysys/safemalloc.c:191, mysys/my_malloc.c:218, mysys/ma_dyncol.c:3589, mysys/ma_dyncol.c:3280, sql/item_strfunc.cc:4673, sql/item.cc:6078, sql/sql_base.cc:8596, sql/sql_base.cc:8655

Show

Elena Stepanova added a comment - 2014-11-14 18:37 Thanks for the report and the test case. The shortened version: create table PxCDMEmailingTemplateStatistics ( fk_template int not null, impressions mediumblob not null, primary key (fk_template) ) engine=myisam; insert into PxCDMEmailingTemplateStatistics (fk_template) values (1),(2); update PxCDMEmailingTemplateStatistics set impressions = column_add(impressions, 'total', 12, '2014-10-28 16:00:00', 3, '2014-10-30 15:00:00', 3, '2014-11-04 09:00:00', 6 ) where fk_template = 2; In MTR on a release build, it hangs. In a client on a release build, it crashes after the client disconnects. In MTR or a client on a debug build, it produces Error: Freeing unallocated data or underrun buffer mysys/safemalloc.c:191, mysys/my_malloc.c:218, mysys/ma_dyncol.c:3589, mysys/ma_dyncol.c:3280, sql/item_strfunc.cc:4673, sql/item.cc:6078, sql/sql_base.cc:8596, sql/sql_base.cc:8655

Hide

Permalink

Oleksandr Byelkin added a comment - 2014-11-17 17:12

Valgrind shows problems.

Show

Oleksandr Byelkin added a comment - 2014-11-17 17:12 Valgrind shows problems.

Hide

Permalink

Oleksandr Byelkin added a comment - 2014-11-17 17:24

A bit more simple test suite:

create table t1 (
  impressions mediumblob
);

insert into t1 values ("");

update  t1
set     impressions = column_add(impressions,
            'total', 12,
            '2014-10-28 16:00:00', 3,
            '2014-10-30 15:00:00', 3,
            '2014-11-04 09:00:00', 6
        );

drop table t1;

Show

Oleksandr Byelkin added a comment - 2014-11-17 17:24 A bit more simple test suite: create table t1 ( impressions mediumblob ); insert into t1 values (""); update t1 set impressions = column_add(impressions, 'total', 12, '2014-10-28 16:00:00', 3, '2014-10-30 15:00:00', 3, '2014-11-04 09:00:00', 6 ); drop table t1;

Hide

Permalink

Oleksandr Byelkin added a comment - 2014-11-17 17:32

Problem is also repeatable with new symbol names format.

Show

Oleksandr Byelkin added a comment - 2014-11-17 17:32 Problem is also repeatable with new symbol names format.

Hide

Permalink

Oleksandr Byelkin added a comment - 2014-11-17 17:57

It was double freeing the same pointer.

Show

Oleksandr Byelkin added a comment - 2014-11-17 17:57 It was double freeing the same pointer.

Hide

Permalink

Oleksandr Byelkin added a comment - 2014-11-17 18:07

Original test suite checked - it works with my fix.

Show

Oleksandr Byelkin added a comment - 2014-11-17 18:07 Original test suite checked - it works with my fix.

Hide

Permalink

Sergei Petrunia added a comment - 2014-11-17 18:56

Ok to push.

Show

Sergei Petrunia added a comment - 2014-11-17 18:56 Ok to push.

People

Assignee:

Oleksandr Byelkin

Reporter:

Martijn Otto

Votes:

0 Vote for this issue

Watchers:

6 Start watching this issue

Dates

Created:

2014-11-14 16:46

Updated:

2014-11-17 18:58

Resolved:

2014-11-17 18:58

Agile

View on Board