Bug #19937 "double free or corruption" + crashes in YaSSL code
Submitted: 19 May 2006 10:45 Modified: 24 May 2006 7:52
Reporter: Sergey Petrunya Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S3 (Non-critical)
Version:5.1-bk OS:Linux (Linux x86)
Assigned to: Magnus Blåudd CPU Architecture:Any

[19 May 2006 10:45] Sergey Petrunya
Description:
When running 5.1 test suite every so often one gets the message:
mysql-test-run: *** ERROR: there where failing test cases

The causes of the message are crashes on server shutdown. Judging stack traces, the problem lies within YaSSL or our use of it. See below for names of tests that crash and resolved stack traces:

In normal mode: 

CURRENT_TEST: func_encrypt  
*** glibc detected *** double free or corruption (fasttop): 0x089e3690 ***
mysqld got signal 6;
This could be because you hit a bug. It is also possible that this binary
or one of the libraries it was linked against is corrupt, improperly built,
or misconfigured. This error can also be caused by malfunctioning hardware.
We will try our best to scrape up some info that will hopefully help diagnose
the problem, but since we have already crashed, something is definitely wrong
and this may fail.

key_buffer_size=2408550287
read_buffer_size=131072
max_used_connections=1
max_connections=100
threads_connected=0
It is possible that mysqld could use up to 
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_connections = 2390496 K
bytes of memory
Hope that's ok; if not, decrease some variables in the equation.

thd=(nil)
Attempting backtrace. You can use the following information to find out
where mysqld died. If you see no messages after this, something went
terribly wrong...
Cannot determine thread, fp=0xb66e46d8, backtrace may not be correct.
Stack range sanity check OK, backtrace follows:
0x823e9b3
0xb7edee55
0xb7d7e3e1
0xb7edc4ab
0xb7d7e174
0xb7d7f64d
0xb7dba030
0xb7db8cb9
0xb7db79af
0x871661f
0x870c943
0x871a421
0x86b302d
0x823d4ac
0x823d0e0
0x823cfe7
0x823d01f
0xb7ed913d
0xb7e0b1ba
New value of fp=(nil) failed sanity check, terminating stack trace!

Resolving the stack trace:
0x823e9b3 handle_segfault + 479
0xb7edee55 _end + -1353624091
0xb7d7e3e1 _end + -1355068559
0xb7edc4ab _end + -1353634757
0xb7d7e174 _end + -1355069180
0xb7d7f64d _end + -1355063843
0xb7dba030 _end + -1354823744
0xb7db8cb9 _end + -1354828727
0xb7db79af _end + -1354833601
0x871661f _ZdlPvN5yaSSL5new_tE + 35
0x870c943 _ZN5yaSSL8ysDeleteINS_13CryptProviderEEEvPT_ + 51
0x871a421 yaSSL_CleanUp + 37
0x86b302d vio_end + 11
0x823d4ac _Z8clean_upb + 744
0x823d0e0 _Z10unireg_endv + 18
0x823cfe7 _Z11kill_serverPv + 349
0x823d01f kill_server_thread + 23
0xb7ed913d _end + -1353647923
0xb7e0b1ba _end + -1354491574

CURRENT_TEST: rpl_redirect

0x8747357 _ZdlPvN8TaoCrypt5new_tE + 35
0x87473a8 _ZdaPvN8TaoCrypt5new_tE + 34
0x87507c2 _ZN8TaoCrypt13tcArrayDeleteIjEEvPT_ + 34
0x8722fe0 _ZN8TaoCrypt20AllocatorWithCleanupIjE10deallocateEPvj + 58
0x8722911 _ZN8TaoCrypt5BlockIjNS_20AllocatorWithCleanupIjEEED1Ev + 51
0x8721a4d _ZN8TaoCrypt7IntegerD1Ev + 29
0x8750679 _ZN8TaoCrypt8tcDeleteINS_7IntegerEEEvPT_ + 35
0x873e192 _ZN8TaoCrypt7CleanUpEv + 32
0x871a413 yaSSL_CleanUp + 23
0x86b302d vio_end + 11
0x823d4ac _Z8clean_upb + 744
0x823d0e0 _Z10unireg_endv + 18
0x823cfe7 _Z11kill_serverPv + 349
0x823d01f kill_server_thread + 23

In --ps-protocol --binlog --mysqld=--binlog-format=row  mode:

CURRENT_TEST: synchronization
0x8747357 _ZdlPvN8TaoCrypt5new_tE + 35
0x87473a8 _ZdaPvN8TaoCrypt5new_tE + 34
0x87507c2 _ZN8TaoCrypt13tcArrayDeleteIjEEvPT_ + 34
0x8722fe0 _ZN8TaoCrypt20AllocatorWithCleanupIjE10deallocateEPvj + 58
0x8722911 _ZN8TaoCrypt5BlockIjNS_20AllocatorWithCleanupIjEEED1Ev + 51
0x8721a4d _ZN8TaoCrypt7IntegerD1Ev + 29
0x8750679 _ZN8TaoCrypt8tcDeleteINS_7IntegerEEEvPT_ + 35
0x873e192 _ZN8TaoCrypt7CleanUpEv + 32
0x871a413 yaSSL_CleanUp + 23
0x86b302d vio_end + 11
0x823d4ac _Z8clean_upb + 744
0x823d0e0 _Z10unireg_endv + 18
0x823cfe7 _Z11kill_serverPv + 349
0x823d01f kill_server_thread + 23
0xb7f1c13d _end + -1353373491

How to repeat:
Run the test suite, examine var/log/*.err*
[19 May 2006 16:41] Miguel Solorzano
Thank you for the bug report.

*** glibc detected *** double free or corruption (fasttop): 0x089a4840 ***

060519 20:34:40  InnoDB: Shutdown completed; log sequence number 0 46403
mysqld got signal 6;
[24 May 2006 7:52] Magnus Blåudd
Thank you for your bug report. This issue has been committed to our
source repository of that product and will be incorporated into the
next release.

If necessary, you can access the source repository and build the latest
available version, including the bugfix, yourself. More information 
about accessing the source trees is available at
    http://www.mysql.com/doc/en/Installing_source_tree.html