Bug #19212 crash in EventBufData_list::add_gci_op (delete [] old_list) during DBT2
Submitted: 20 Apr 2006 6:49 Modified: 20 May 2006 17:12
Reporter: Stewart Smith Email Updates:
Status: No Feedback Impact on me:
None 
Category:MySQL Cluster: Replication Severity:S1 (Critical)
Version: OS:
Assigned to: CPU Architecture:Any

[20 Apr 2006 6:49] Stewart Smith 
Description:
stewart@faith:~/MySQL/5.1/bug18798/mysql-test$ gdb ../sql/mysqld
(gdb) core var/master-data/core.17517
Core was generated by `/home/stewart/MySQL/5.1/bug18798/sql/mysqld --no-defaults --console --basedir=/'.
Program terminated with signal 6, Aborted.

(gdb) bt
#0  0xffffe410 in __kernel_vsyscall ()
#1  0xb7edea98 in pthread_kill () from /lib/tls/i686/cmov/libpthread.so.0
#2  0x083a3015 in write_core (sig=6) at stacktrace.c:220
#3  0x0823c945 in handle_segfault (sig=6) at mysqld.cc:2134
#4  <signal handler called>
#5  0xffffe410 in __kernel_vsyscall ()
#6  0xb7c8b9a1 in raise () from /lib/tls/i686/cmov/libc.so.6
#7  0xb7c8d2b9 in abort () from /lib/tls/i686/cmov/libc.so.6
#8  0xb7cbf87a in __fsetlocking () from /lib/tls/i686/cmov/libc.so.6
#9  0xb7cc5fd4 in malloc_usable_size () from /lib/tls/i686/cmov/libc.so.6
#10 0xb7cc634a in free () from /lib/tls/i686/cmov/libc.so.6
#11 0xb7e678b1 in operator delete () from /usr/lib/libstdc++.so.6
#12 0xb7e678fd in operator delete[] () from /usr/lib/libstdc++.so.6
#13 0x085ebebb in EventBufData_list::add_gci_op (this=0xaaff19bc, g={op = 0x9370078, event_types = 1},
    del=false) at NdbEventOperationImpl.cpp:2218
#14 0x085f4898 in EventBufData_list::append_data (this=0xaaff19bc, data=0xab7de0d8)
    at NdbEventOperationImpl.hpp:207
#15 0x085f2921 in NdbEventBuffer::insertDataL (this=0x8a52ff0, op=0x9370078, sdata=0x8a21110,
    ptr=0xb3159c04) at NdbEventOperationImpl.cpp:1614
#16 0x085d25b7 in Ndb::handleReceivedSignal (this=0x8a499d0, aSignal=0xb3159adc, ptr=0xb3159c04)
    at Ndbif.cpp:751
#17 0x085d2d37 in Ndb::executeMessage (NdbObject=0x8a499d0, aSignal=0xb3159adc, ptr=0xb3159c04)
    at Ndbif.cpp:176
---Type <return> to continue, or q <return> to quit---q
Quit
(gdb) up 13
#13 0x085ebebb in EventBufData_list::add_gci_op (this=0xaaff19bc, g={op = 0x9370078, event_types = 1},
    del=false) at NdbEventOperationImpl.cpp:2218
2218            delete [] old_list;
(gdb) print old_list
$1 = (EventBufData_list::Gci_op *) 0xaf351d00
(gdb) print *old_list
$2 = {op = 0xaf3b0598, event_types = 1}
(gdb) print old_list[0]
$3 = {op = 0xaf3b0598, event_types = 1}
(gdb) print old_list[0].op
$4 = (NdbEventOperationImpl *) 0xaf3b0598
(gdb) print *old_list[0].op
$5 = {<NdbEventOperation> = {m_impl = @0x65}, m_facade = 0x15, m_magic_number = 0, m_error = {
    status = TemporaryError, classification = 2938626512, code = 37, mysql_code = 2990, message = 0x0,
    details = 0xaf02f448 "x"}, m_ndb = 0x0, m_eventImpl = 0x1, theFirstPkAttrs = {0xf85aec56, 0x20},
  theCurrentPkAttrs = {0x83d, 0x4c}, theFirstDataAttrs = {0xa4e, 0xd}, theCurrentDataAttrs = {0x0, 0x0},
  theBlobList = 0x0, theBlobOpList = 0x24, theMainOp = 0x4, m_state = 65540, mi_type = 131076,
  m_eventId = 196612, m_oid = 4, m_mergeEvents = 4, m_data_item = 0x20004, m_custom_data = 0x30004,
  m_has_error = 262148, m_fragmentId = 327684, m_buffer = {data = 0x60004, len = 458760,
    alloc_size = 524296}, m_change_mask = 589849, m_data_done_count = 934, m_data_count = 7,
  m_next = 0x1, m_prev = 0x4}
(gdb) up
#14 0x085f4898 in EventBufData_list::append_data (this=0xaaff19bc, data=0xab7de0d8)
    at NdbEventOperationImpl.hpp:207
207       add_gci_op(g);
(gdb) down
#13 0x085ebebb in EventBufData_list::add_gci_op (this=0xaaff19bc, g={op = 0x9370078, event_types = 1},
    del=false) at NdbEventOperationImpl.cpp:2218
2218            delete [] old_list;
(gdb) list
2213          Gci_op* old_list = m_gci_op_list;
2214          m_gci_op_list = new Gci_op [n];
2215          if (m_gci_op_alloc != 0) {
2216            Uint32 bytes = m_gci_op_alloc * sizeof(Gci_op);
2217            memcpy(m_gci_op_list, old_list, bytes);
2218            delete [] old_list;
2219          }
2220          m_gci_op_alloc = n;
2221        }
2222        assert(m_gci_op_count < m_gci_op_alloc);

(gdb) print this
$6 = (EventBufData_list * const) 0xaaff19bc
(gdb) print *this
$7 = {m_head = 0xab71695c, m_tail = 0xab7de10c, m_count = 120, m_sz = 59520, {m_gci_op_list = 0xaf351d10,
    m_gci_ops_list = 0xaf351d10}, {m_gci_op_count = 1, m_gci_ops_list_tail = 0x1}, {m_gci_op_alloc = 1,
    m_is_not_multi_list = 1}}

How to repeat:
I saved the backtrace but didn't write what on earth I was doing down.....

loading DBT2 IIRC though.

Suggested fix:
find why it's crashing and fix it.
[20 Apr 2006 17:12] Valeriy Kravchuk 
Thank you for a problem report. Please, specify the exact MySQL server version and OS used.
[20 May 2006 23:00] Bugs System 
No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".