Bug #38016 Maria: trying to access freed memory when committing a transaction
Submitted: 10 Jul 2008 14:10 Modified: 7 Mar 2010 18:23
Reporter: Guilhem Bichot Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Maria storage engine Severity:S3 (Non-critical)
Version:5.1-maria OS:Linux
Assigned to: CPU Architecture:Any

[10 Jul 2008 14:10] Guilhem Bichot 
Description:
./mtr --mem --force --mysqld=--default-storage-engine=maria 
crashes in
main.alter_table
main.create
binlog.binlog_row_insert_select
binlog.binlog_stm_insert_select
The errors are similar to this:
/home/mysql_src/bzrrepos/mysql-maria-after-cs/sql/mysqld(safe_mutex_lock+0x1d6)[
0x8742b40]
/home/mysql_src/bzrrepos/mysql-maria-after-cs/sql/mysqld(_ma_trnman_end_trans_ho
ok+0x6a)[0x85f7099]
/home/mysql_src/bzrrepos/mysql-maria-after-cs/sql/mysqld(trnman_end_trn+0x2e6)[0
x85b523d]
/home/mysql_src/bzrrepos/mysql-maria-after-cs/sql/mysqld(ma_commit+0xdc)[0x865ce
04]
/home/mysql_src/bzrrepos/mysql-maria-after-cs/sql/mysqld(_ZN8ha_maria13external_
lockEP3THDi+0x30b)[0x85d9a7d]
/home/mysql_src/bzrrepos/mysql-maria-after-cs/sql/mysqld(_ZN7handler16ha_externa
l_lockEP3THDi+0x84)[0x83a33f4]
/home/mysql_src/bzrrepos/mysql-maria-after-cs/sql/mysqld[0x8280d11]
/home/mysql_src/bzrrepos/mysql-maria-after-cs/sql/mysqld(_Z19mysql_unlock_tables
P3THDP13st_mysql_lock+0x46)[0x8280fe4]
/home/mysql_src/bzrrepos/mysql-maria-after-cs/sql/mysqld(_Z19close_thread_tables
P3THD+0x276)[0x82e0b8c]
They don't happen always at the same line; Valgrind shows we're accessing freed memory

How to repeat:
run tests listed in "description".
[18 Aug 2008 22:21] Michael Widenius 
Thank you for your bug report. This issue has been committed to our source repository of that product and will be incorporated into the next release.

If necessary, you can access the source repository and build the latest available version, including the bug fix. More information about accessing the source trees is available at

    http://dev.mysql.com/doc/en/installing-source.html
[13 Sep 2008 22:34] Bugs System 
Pushed into 6.0.6-alpha  (revid:monty@mysql.com-20080818222122-pd3rj6et36y9a2jz) (version source revid:hakan@mysql.com-20080716105246-eg0utbybp122n2w9) (pib:3)
[11 Dec 2009 11:13] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/93656

3030 Konstantin Osipov	2009-12-11
      Partial backport of:
      -----------------------------------------------------------
      2497.392.1 Michael Widenius	2008-08-19
      Fixes for Bug #38016 Maria: trying to access freed memory when
      committing a transaction.
      Don't write out states if they haven't changed.
     @ sql/sql_table.cc
        Call extra(HA_EXTRA_PREPARE_FOR_RENAME) before renaming a table.
[16 Feb 2010 16:46] Bugs System 
Pushed into 6.0.14-alpha (revid:alik@sun.com-20100216101445-2ofzkh48aq2e0e8o) (version source revid:kostja@sun.com-20091211154405-c9yhiewr9o5d20rq) (merge vers: 6.0.14-alpha) (pib:16)
[16 Feb 2010 16:56] Bugs System 
Pushed into mysql-next-mr (revid:alik@sun.com-20100216101208-33qkfwdr0tep3pf2) (version source revid:kostja@sun.com-20091211111247-t26wfy88j1yuspxa) (pib:16)
[22 Feb 2010 10:00] MC Brown 
Internal change; no changelog entry required
[6 Mar 2010 11:01] Bugs System 
Pushed into 5.5.3-m3 (revid:alik@sun.com-20100306103849-hha31z2enhh7jwt3) (version source revid:vvaintroub@mysql.com-20100216221947-luyhph0txl2c5tc8) (merge vers: 5.5.99-m3) (pib:16)
[7 Mar 2010 18:23] Paul DuBois 
No changelog entry needed.