Drizzle

segfault in drizzled::TransactionServices::ha_rollback_to_savepoint

Bug #542299 reported by Eric Day
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Drizzle
Fix Released
Critical
Jay Pipes
Drizzle 2010-04-26
Cherry
Fix Released
Critical
Jay Pipes
Drizzle 2010-04-26

Bug Description

This is hit while running randgen:

(gdb) bt full
#0 0x00007fd71a42af87 in *__GI_memmove (dest=0x0, src=0x1c003a0,
    len=140561193390928) at memmove.c:79
        __x = 64 '@'
        __nbytes = 8
        dstp = 0
        srcp = 29361057
#1 0x0000000000668ed4 in __copy_m<drizzled::ResourceContext*> (
    this=<value optimized out>, session=0x1c32e40, sv=...)
    at /usr/include/c++/4.4/bits/stl_algobase.h:378
No locals.
#2 __copy_move_a<false, drizzled::ResourceContext**, drizzled::ResourceContext**> (this=<value optimized out>, session=0x1c32e40, sv=...)
    at /usr/include/c++/4.4/bits/stl_algobase.h:397
No locals.
#3 __copy_move_a2<false, __gnu_cxx::__normal_iterator<drizzled::ResourceContext**, std::vector<drizzled::ResourceContext*, std::allocator<drizzled::ResourceContext*> > >, __gnu_cxx::__normal_iterator<drizzled::ResourceContext**, std::vector<drizzled::ResourceContext*, std::allocator<drizzled::ResourceContext*> > > >
    (this=<value optimized out>, session=0x1c32e40, sv=...)
    at /usr/include/c++/4.4/bits/stl_algobase.h:436
No locals.
#4 copy<__gnu_cxx::__normal_iterator<drizzled::ResourceContext**, std::vector<drizzled::ResourceContext*, std::allocator<drizzled::ResourceContext*> > >, __gnu_cxx::__normal_iterator<drizzled::ResourceContext**, std::vector<drizzled::ResourceContext*, std::allocator<drizzled::ResourceContext*> > > > (
    this=<value optimized out>, session=0x1c32e40, sv=...)
    at /usr/include/c++/4.4/bits/stl_algobase.h:468
No locals.
#5 set_difference<__gnu_cxx::__normal_iterator<drizzled::ResourceContext**, std::vector<drizzled::ResourceContext*, std::allocator<drizzled::ResourceContext*> > >, __gnu_cxx::__normal_iterator<drizzled::ResourceContext**, std::vector<drizzled::ResourceContext*, std::allocator<drizzled::ResourceContext*> > >, __gnu_cxx::__normal_iterator<drizzled::ResourceContext**, std::vector<drizzled::ResourceContext*, std::allocator<drizzled::ResourceContext*> > >, drizzled::ResourceContextCompare> (this=<value optimized out>, session=0x1c32e40, sv=...)
    at /usr/include/c++/4.4/bits/stl_algo.h:5841
No locals.
#6 drizzled::TransactionServices::ha_rollback_to_savepoint (
    this=<value optimized out>, session=0x1c32e40, sv=...)
    at drizzled/transaction_services.cc:885
        error = 0
#7 0x0000000000647279 in drizzled::statement::RollbackToSavepoint::execute (
    this=0x1bfe9f0) at drizzled/statement/rollback_to_savepoint.cc:76
        found = <value optimized out>
        copy_savepoints = {<std::_Deque_base<drizzled::NamedSavepoint, std::allocator<drizzled::NamedSavepoint> >> = {
            _M_impl = {<std::allocator<drizzled::NamedSavepoint>> = {<__gnu_cxx::new_allocator<drizzled::NamedSavepoint>> = {<No data fields>}, <No data fields>}, _M_map = 0x0, _M_map_size = 0, _M_start = {_M_cur = 0x0, _M_first = 0x0,
                _M_last = 0x0, _M_node = 0x0}, _M_finish = {_M_cur = 0x0,
                _M_first = 0x0, _M_last = 0x0,
                _M_node = 0x0}}}, <No data fields>}
        new_savepoints = {<std::_Deque_base<drizzled::NamedSavepoint, std::allocator<drizzled::NamedSavepoint> >> = {
            _M_impl = {<std::allocator<drizzled::NamedSavepoint>> = {<__gnu_cxx::new_allocator<drizzled::NamedSavepoint>> = {<No data fields>}, <No data fields>}, _M_map = 0x726157202030203a, _M_map_size = 3467835980406221166, _M_start = {
                _M_cur = 0x27206e6d756c6f63, _M_first = 0x696769625f6c6f63,
                _M_last = 0x27206e692027746e, _M_node = 0x696c20646c656966},
              _M_finish = {_M_cur = 0x277473, _M_first = 0x0, _M_last = 0x0,
                _M_node = 0x0}}}, <No data fields>}
#8 0x000000000060e224 in mysql_execute_command (session=0x1c32e40)
    at drizzled/sql_parse.cc:479
        lex = 0x1c33978
        proc_info_len = 23
        __PRETTY_FUNCTION__ = "int drizzled::mysql_execute_command(drizzled::Session*)"
        res = <value optimized out>
        all_tables = <value optimized out>
#9 0x000000000060fa65 in drizzled::mysql_parse (session=0x1c32e40,
    inBuf=0x1c34bd8 "ROLLBACK TO SAVEPOINT A", length=23)
    at drizzled/sql_parse.cc:734
        lex = 0x1c33978
        lip = {m_session = 0x1c32e40, yylineno = 1, yytoklen = 1,
          yylval = 0x7fd70362abb0, lookahead_token = 366,
          lookahead_yylval = 0x0,
          m_ptr = 0x1c34bf0 "nodb_int_autoinc` WHERE 1 = 1 LIMIT 8",
          m_tok_start = 0x1c34bf0 "nodb_int_autoinc` WHERE 1 = 1 LIMIT 8",
          m_tok_end = 0x1c34bf0 "nodb_int_autoinc` WHERE 1 = 1 LIMIT 8",
          m_end_of_query = 0x1c34bef "", m_tok_start_prev = 0x1c34bef "",
          m_buf = 0x1c34bd8 "ROLLBACK TO SAVEPOINT A", m_buf_length = 23,
          m_echo = true, m_cpp_buf = 0x1c3a078 "ROLLBACK TO SAVEPOINT A",
          m_cpp_ptr = 0x1c3a08f "", m_cpp_tok_start = 0x1c3a08f "",
          m_cpp_tok_start_prev = 0x1c3a08f "", m_cpp_tok_end = 0x1c3a08f "",
          m_body_utf8 = 0x0,
          m_body_utf8_ptr = 0x17 <Address 0x17 out of bounds>,
          m_cpp_utf8_processed_ptr = 0x0, next_state = drizzled::MY_LEX_END,
          tok_bitmap = 0 '\000', ignore_space = true,
          in_comment = drizzled::NO_COMMENT, m_cpp_text_start = 0x1c3a08e "A",
          m_cpp_text_end = 0x1c3a08f ""}
        __PRETTY_FUNCTION__ = "void drizzled::mysql_parse(drizzled::Session*, co---Type <return> to continue, or q <return> to quit---
nst char*, uint32_t)"
#10 0x000000000060fec5 in drizzled::dispatch_command (
    command=<value optimized out>, session=0x1c32e40,
    packet=0x1c2ee31 "ROLLBACK TO SAVEPOINT A", packet_length=23)
    at drizzled/sql_parse.cc:222
        error = false
        __PRETTY_FUNCTION__ = "bool drizzled::dispatch_command(drizzled::enum_server_command, drizzled::Session*, char*, uint32_t)"
#11 0x00000000005e1f4f in drizzled::Session::executeStatement (this=0x1c32e40)
    at drizzled/session.cc:730
        l_packet = 0x1c2ee30 "\003ROLLBACK TO SAVEPOINT A"
        packet_length = 24
        __PRETTY_FUNCTION__ = "bool drizzled::Session::executeStatement()"
#12 0x00000000005e4052 in drizzled::Session::run (this=0x1c32e40)
    at drizzled/session.cc:592
No locals.
#13 0x00007fd707703372 in MultiThreadScheduler::runSession (
    arg=<value optimized out>) at ./plugin/multi_thread/multi_thread.h:67
No locals.
#14 session_thread (arg=<value optimized out>)
    at plugin/multi_thread/multi_thread.cc:43
        sched = 0x1b5e9f0
#15 0x00007fd71a71fa04 in start_thread (arg=<value optimized out>)
    at pthread_create.c:300
        __res = <value optimized out>
        pd = 0x7fd70362b910
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140561451497744,
                4086542486774430272, 28699176, 140561451497744, 0, 3,
                -4100432383518754240, -4100417103948989888},
              mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0},
            data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <value optimized out>
        robust = <value optimized out>

Related branches

lp://staging/~jaypipes/drizzle/bug542299
Stewart Smith (community): Approve
Brian Aker: Pending requested
Diff: 147 lines (+42/-21)
3 files modified
drizzled/transaction_services.cc (+7/-0)
tests/r/savepoints.result (+13/-0)
tests/t/savepoints.test (+22/-21)
Lee Bieber (kalebral-deactivatedaccount)
Changed in drizzle:
assignee: nobody → Jay Pipes (jaypipes)
Revision history for this message
Jay Pipes (jaypipes) wrote :

Through much hair-pulling, here is the reproduceable test case. This is only reproduceable on intel05, though...not sure why, but it's reproduceable there at least...

#
# Test for Bug #542299
#
# segfault on ROLLBACK TO SAVEPOINT A - during randgen
#
--echo Start Test of Bug 542299

CREATE TABLE t1 (a int,id integer auto_increment,b int,/*Indices*/key (a ),primary key (id)) ENGINE=innodb;
INSERT INTO t1 VALUES (100, NULL, 100) , (100, NULL, 100) , (100, NULL, 100) , (100, NULL, 100) , (100, NULL, 100) , (100, NULL, 100) , (100, NULL, 100) , (100, NULL, 100);
SET AUTOCOMMIT=OFF;
DELETE FROM t1 WHERE 1 = 1 LIMIT 1;
COMMIT; /* OR ROLLBACK... */
SAVEPOINT A;
INSERT INTO t1 ( a, b ) VALUES ( 1 , 9 );
ROLLBACK TO SAVEPOINT A;

--echo End Test of Bug 542299

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.