MySQL patches by Codership

create table select with binlog_format MIXED/STATEMENT crashes node

Bug #1160854 reported by Teemu Ollakka on 2013-03-27

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
MySQL patches by Codership	Confirmed	Medium	Seppo Jaakola	MySQL patches by Codership 5.5.38-25.11
Percona XtraDB Cluster moved to https://jira.percona.com/projects/PXC	Status tracked in 5.6
5.5	Won't Fix	Undecided	Unassigned	Percona XtraDB Cluster moved to https://jira.percona.com/projects/PXC future-5.5
5.6	Invalid	Undecided	Kenn Takara	Percona XtraDB Cluster moved to https://jira.percona.com/projects/PXC future-5.6

Bug Description

The following sequence of commands causes segmentation fault:

create table t1 (a int primary key);
set binlog_format=STATEMENT;
create table t2 select * from t1;

Backtrace:

#0 __pthread_kill (threadid=<optimized out>, signo=<optimized out>) at ../nptl/sysdeps/unix/sysv/linux/pthread_kill.c:63
#1 0x00000000006a2359 in handle_fatal_signal (sig=11)
    at /home/teemu/codership/galera/bzr/codership-mysql/5.5-23/sql/signal_handler.cc:247
#2 <signal handler called>
#3 my_b_safe_tell (info=0x106e558) at /home/teemu/codership/galera/bzr/codership-mysql/5.5-23/mysys/mf_iocache2.c:122
#4 0x00000000007466d8 in Log_event::write_header (this=0x7f5aac03e750, file=0x106e558, event_data_length=<optimized out>)
    at /home/teemu/codership/galera/bzr/codership-mysql/5.5-23/sql/log_event.cc:1006
#5 0x00000000007474aa in Query_log_event::write (this=0x7f5aac03e750, file=0x106e558)
    at /home/teemu/codership/galera/bzr/codership-mysql/5.5-23/sql/log_event.cc:2464
#6 0x0000000000739b74 in MYSQL_BIN_LOG::write (this=<optimized out>, event_info=<optimized out>)
    at /home/teemu/codership/galera/bzr/codership-mysql/5.5-23/sql/log.cc:5235
#7 0x000000000056f08d in THD::binlog_query (this=0x32ae1b0, qtype=THD::ROW_QUERY_TYPE,
    query_arg=0x7f5a64004e90 "create table t2 select * from t1", query_len=32, is_trans=<optimized out>,
    direct=<optimized out>, suppress_use=false, errcode=0)
    at /home/teemu/codership/galera/bzr/codership-mysql/5.5-23/sql/sql_class.cc:5410
#8 0x000000000057acd5 in select_insert::send_eof (this=0x7f5a64005ce0)
    at /home/teemu/codership/galera/bzr/codership-mysql/5.5-23/sql/sql_insert.cc:3532
#9 0x000000000057af2f in select_create::send_eof (this=0x7f5a64005ce0)
    at /home/teemu/codership/galera/bzr/codership-mysql/5.5-23/sql/sql_insert.cc:4049
#10 0x00000000005c84b8 in do_select (join=0x7f5a6400ca30, fields=<optimized out>, table=0x0, procedure=0x0)
    at /home/teemu/codership/galera/bzr/codership-mysql/5.5-23/sql/sql_select.cc:11575
#11 0x00000000005d5d3d in JOIN::exec (this=0x7f5a6400ca30)
    at /home/teemu/codership/galera/bzr/codership-mysql/5.5-23/sql/sql_select.cc:2385
#12 0x00000000005d7825 in mysql_select (thd=0x32ae1b0, rref_pointer_array=<optimized out>, tables=<optimized out>,
    wild_num=<optimized out>, fields=..., conds=<optimized out>, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0,
    select_options=2416184064, result=0x7f5a64005ce0, unit=0x32afd18, select_lex=0x32b0338)
    at /home/teemu/codership/galera/bzr/codership-mysql/5.5-23/sql/sql_select.cc:2604
#13 0x00000000005d8295 in handle_select (thd=0x32ae1b0, lex=0x32afc68, result=0x7f5a64005ce0, setup_tables_done_option=0)
    at /home/teemu/codership/galera/bzr/codership-mysql/5.5-23/sql/sql_select.cc:297
#14 0x000000000059990e in mysql_execute_command (thd=0x32ae1b0)
    at /home/teemu/codership/galera/bzr/codership-mysql/5.5-23/sql/sql_parse.cc:2830
#15 0x0000000000599aa4 in mysql_parse (thd=0x32ae1b0, parser_state=0x7f5aac041210, length=<optimized out>,
    rawbuf=<optimized out>) at /home/teemu/codership/galera/bzr/codership-mysql/5.5-23/sql/sql_parse.cc:6203
#16 0x000000000059a3ab in mysql_parse (parser_state=0x7f5aac041210, length=32,
    rawbuf=0x7f5a64004e90 "create table t2 select * from t1", thd=0x32ae1b0)
    at /home/teemu/codership/galera/bzr/codership-mysql/5.5-23/sql/sql_parse.cc:6154
#17 wsrep_mysql_parse (thd=0x32ae1b0, rawbuf=0x7f5a64004e90 "create table t2 select * from t1", length=32,
    parser_state=0x7f5aac041210) at /home/teemu/codership/galera/bzr/codership-mysql/5.5-23/sql/sql_parse.cc:6036
#18 0x000000000059bff7 in dispatch_command (command=COM_QUERY, thd=0x32ae1b0, packet=<optimized out>,
    packet_length=2885948152) at /home/teemu/codership/galera/bzr/codership-mysql/5.5-23/sql/sql_parse.cc:1212
#19 0x000000000059c60d in do_command (thd=0x32ae1b0)
    at /home/teemu/codership/galera/bzr/codership-mysql/5.5-23/sql/sql_parse.cc:869
#20 0x000000000063eb95 in do_handle_one_connection (thd_arg=<optimized out>)
    at /home/teemu/codership/galera/bzr/codership-mysql/5.5-23/sql/sql_connect.cc:878
#21 0x000000000063edac in handle_one_connection (arg=0x32ae1b0)
    at /home/teemu/codership/galera/bzr/codership-mysql/5.5-23/sql/sql_connect.cc:790
#22 0x00007f5ab0596e9a in start_thread (arg=0x7f5aac042700) at pthread_create.c:308
#23 0x00007f5ab02c3cbd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#24 0x0000000000000000 in ?? ()
(gdb) f 4
#4 0x00000000007466d8 in Log_event::write_header (this=0x7f5aac03e750, file=0x106e558, event_data_length=<optimized out>)
    at /home/teemu/codership/galera/bzr/codership-mysql/5.5-23/sql/log_event.cc:1006
1006 log_pos= my_b_safe_tell(file)+data_written;
(gdb) p *file
$1 = {pos_in_file = 0, end_of_file = 0, read_pos = 0x0, read_end = 0x0, buffer = 0x0, request_pos = 0x0, write_buffer = 0x0,
  append_read_pos = 0x0, write_pos = 0x0, write_end = 0x0, current_pos = 0x0, current_end = 0x0, append_buffer_lock = {
    m_mutex = {__data = {__lock = 0, __count = 0, __owner = 0, __nusers = 0, __kind = 0, __spins = 0, __list = {__prev = 0x0,
          __next = 0x0}}, __size = '\000' <repeats 39 times>, __align = 0}, m_psi = 0x0}, share = 0x0, read_function = 0,
  write_function = 0, type = TYPE_NOT_SET, pre_read = 0, post_read = 0, pre_close = 0, disk_writes = 0, arg = 0x0,
  file_name = 0x0, dir = 0x0, prefix = 0x0, file = 0, seek_not_done = 0, error = 0, buffer_length = 0, read_length = 0,
  myflags = 0, alloced_buffer = 0 '\000'}

IO cache stays empty which causes null pointer dereference in my_b_safe_tell().

Tags:

Revision history for this message

Alex Yurchenko (ayurchen) wrote on 2013-06-01:

some other people seem to have experienced the same crash. See https://bugs.launchpad.net/percona-xtradb-cluster/+bug/1126207 and comments in https://bugs.launchpad.net/percona-xtradb-cluster/+bug/1159837. Looks like binlog_format=STATEMENT has something to do with it.

Changed in codership-mysql:
assignee:	nobody → Seppo Jaakola (seppo-jaakola)
importance:	Undecided → Medium
milestone:	none → 5.5.31-23.7.5
status:	New → Confirmed

Raghavendra D Prabhu (raghavendra-prabhu) on 2013-06-10

Changed in percona-xtradb-cluster:
milestone:	none → 5.5.31-24.8

Raghavendra D Prabhu (raghavendra-prabhu) on 2013-06-10

tags:

added: ctas

Raghavendra D Prabhu (raghavendra-prabhu) on 2013-06-19

Changed in percona-xtradb-cluster:
milestone:	5.5.31-23.7.5 → 5.5.31-25

Alex Yurchenko (ayurchen) on 2013-06-29

Changed in codership-mysql:
milestone:	5.5.31-23.7.5 → 5.5.32-23.7.6

Raghavendra D Prabhu (raghavendra-prabhu) on 2013-08-28

Changed in percona-xtradb-cluster:
milestone:	5.5.33-23.7.6 → future-5.5

Alex Yurchenko (ayurchen) on 2013-09-22

Changed in codership-mysql:
milestone:	5.5.33-23.7.6 → 5.5.34-24.9

Alex Yurchenko (ayurchen) on 2013-09-26

tags:

added: statement

Teemu Ollakka (teemu-ollakka) on 2013-11-18

Changed in codership-mysql:
milestone:	5.5.34-25.9 → 5.5.34-25.10

Alex Yurchenko (ayurchen) on 2014-05-12

Changed in codership-mysql:
milestone:	5.5.37-25.10 → 5.5.37-25.11

Revision history for this message

Nilnandan Joshi (nilnandan-joshi) wrote on 2014-08-06:

Download full text (4.0 KiB)

Checked with PXC 5.5, not sure if this is the same thing.

mysql> create table t1 (a int primary key);
Query OK, 0 rows affected (0.07 sec)

mysql> set binlog_format=STATEMENT;
Query OK, 0 rows affected, 1 warning (0.00 sec)

mysql> create table t2 select * from t1;
ERROR 2013 (HY000): Lost connection to MySQL server during query
mysql>
mysql> quit

140624 3:27:47 [ERROR] WSREP: PXC does not support binlog format : STATEMENT
21:57:55 UTC - mysqld got signal 11 ;
This could be because you hit a bug. It is also possible that this binary
or one of the libraries it was linked against is corrupt, improperly built,
or misconfigured. This error can also be caused by malfunctioning hardware.
We will try our best to scrape up some info that will hopefully help
diagnose the problem, but since we have already crashed,
something is definitely wrong and this may fail.
Please help us make Percona XtraDB Cluster better by reporting any
bugs at https://bugs.launchpad.net/percona-xtradb-cluster

key_buffer_size=8388608
read_buffer_size=131072
max_used_connections=3
max_threads=153
thread_count=3
connection_count=3
It is possible that mysqld could use up to
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 343074 K bytes of memory
Hope that's ok; if not, decrease some variables in the equation.

Thread pointer: 0x20b04d0
Attempting backtrace. You can use the following information to find out
where mysqld died. If you see no messages after this, something went
terribly wrong...
stack_bottom = 7f8cadd74d68 thread_stack 0x40000
/usr/sbin/mysqld(my_print_stacktrace+0x35)[0x7eca55]
/usr/sbin/mysqld(handle_fatal_signal+0x4b4)[0x6bf674]
/lib64/libpthread.so.0(+0xf710)[0x7f8cadb00710]
/usr/sbin/mysqld(my_b_safe_tell+0x11)[0x7d96e1]
/usr/sbin/mysqld(_ZN9Log_event12write_headerEP11st_io_cachem+0x138)[0x7639d8]
/usr/sbin/mysqld(_ZN15Query_log_event5writeEP11st_io_cache+0x34f)[0x766dff]
/usr/sbin/mysqld(_ZN13MYSQL_BIN_LOG5writeEP9Log_event+0x502)[0x7582f2]
/usr/sbin/mysqld(_ZN3THD12binlog_queryENS_22enum_binlog_query_typeEPKcmbbbi+0xc6)[0x579986]
/usr/sbin/mysqld(_ZN13select_insert8send_eofEv+0x150)[0x587f80]
/usr/sbin/mysqld(_ZN13select_create8send_eofEv+0x27)[0x58b2a7]
/usr/sbin/mysqld[0x5ca606]
/usr/sbin/mysqld(_ZN4JOIN4execEv+0xc43)[0x5e1bf3]
/usr/sbin/mysqld(_Z12mysql_selectP3THDPPP4ItemP10TABLE_LISTjR4ListIS1_ES2_jP8st_orderSB_S2_SB_yP13select_resultP18st_select_lex_unitP13st_select_lex+0x12c)[0x5e336c]
/usr/sbin/mysqld(_Z13handle_selectP3THDP3LEXP13select_resultm+0x1cd)[0x5e3e1d]
/usr/sbin/mysqld(_Z21mysql_execute_commandP3THD+0x59e2)[0x5a3982]
/usr/sbin/mysqld(_Z11mysql_parseP3THDPcjP12Parser_state+0x33b)[0x5a3cfb]
/usr/sbin/mysqld[0x5a3e62]
/usr/sbin/mysqld(_Z16dispatch_command19enum_server_commandP3THDPcj+0x254c)[0x5a731c]
/usr/sbin/mysqld(_Z10do_commandP3THD+0x1...

Checked with PXC 5.5, not sure if this is the same thing.

mysql> create table t1 (a int primary key);
Query OK, 0 rows affected (0.07 sec)

mysql> set binlog_format=STATEMENT;
Query OK, 0 rows affected, 1 warning (0.00 sec)

mysql> create table t2 select * from t1;
ERROR 2013 (HY000): Lost connection to MySQL server during query
mysql> 
mysql> quit

140624  3:27:47 [ERROR] WSREP: PXC does not support binlog format : STATEMENT
21:57:55 UTC - mysqld got signal 11 ;
This could be because you hit a bug. It is also possible that this binary
or one of the libraries it was linked against is corrupt, improperly built,
or misconfigured. This error can also be caused by malfunctioning hardware.
We will try our best to scrape up some info that will hopefully help
diagnose the problem, but since we have already crashed,
something is definitely wrong and this may fail.
Please help us make Percona XtraDB Cluster better by reporting any
bugs at  https://bugs.launchpad.net/percona-xtradb-cluster

key_buffer_size=8388608
read_buffer_size=131072
max_used_connections=3
max_threads=153
thread_count=3
connection_count=3
It is possible that mysqld could use up to
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 343074 K  bytes of memory
Hope that's ok; if not, decrease some variables in the equation.

Trying to get some variables.
Some pointers may be invalid and cause the dump to abort.
Query (7f8c60004b60): is an invalid pointer
Connection ID (thread ID): 4
Status: NOT_KILLED

You may download the Percona XtraDB Cluster operations manual by visiting
http://www.percona.com/software/percona-xtradb-cluster/. You may find information
in the manual which will help you identify the cause of the crash.
140624 03:27:55 mysqld_safe Number of processes running now: 0
140624 03:27:55 mysqld_safe WSREP: not restarting wsrep node automatically
140624 03:27:55 mysqld_safe mysqld from pid file /var/lib/mysql/percona-pxc56-1.pid ended

Revision history for this message

Nilnandan Joshi (nilnandan-joshi) wrote on 2014-08-06:

With PXC 5.6.19, getting error while setting binlog_format variable.

mysql> set binlog_format=STATEMENT;
ERROR 1231 (42000): Variable 'binlog_format' can't be set to the value of 'STATEMENT'
mysql> set binlog_format='STATEMENT';
ERROR 1231 (42000): Variable 'binlog_format' can't be set to the value of 'STATEMENT'
mysql> set global binlog_format='STATEMENT';
ERROR 1231 (42000): Variable 'binlog_format' can't be set to the value of 'STATEMENT'
mysql> SET SESSION binlog_format=STATEMENT;
ERROR 1231 (42000): Variable 'binlog_format' can't be set to the value of 'STATEMENT'
mysql>

Revision history for this message

Shahriyar Rzayev (rzayev-sehriyar) wrote on 2018-01-18:

Percona now uses JIRA for bug reports so this bug report is migrated to: https://jira.percona.com/browse/PXC-1320

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.