Bug #21397 ps test failure (sometimes)
Submitted: 1 Aug 2006 17:06 Modified: 16 Aug 2006 16:01
Reporter: Lars Thalmann Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S3 (Non-critical)
Version:5.0, 5.1 OS:
Assigned to: Konstantin Osipov CPU Architecture:Any

[1 Aug 2006 17:06] Lars Thalmann 
Description:
Guilhem noticed that the "ps" test crashed in pushbuild (rh-x86-32 Redhat
Opteron GCov).  I've noticed it sporadically on other platforms too.
Guilhem could not repeat the crash on his machine, but running with valgrind
he get a probable cause:

==3174== Thread 12:
==3174== Invalid read of size 8
==3174==    at 0x5F6F70: check_table_access(THD*, unsigned long, st_table_list*, bool) (sql_parse.cc:5605)
==3174==    by 0x5F721E: multi_delete_precheck(THD*, st_table_list*) (sql_parse.cc:7475)
==3174==    by 0x5FB4DE: mysql_execute_command(THD*) (sql_parse.cc:3529)
==3174==    by 0x65EBA8: Prepared_statement::execute(String*, bool) (sql_prepare.cc:2938)
==3174==    by 0x65EDEB: mysql_sql_stmt_execute(THD*) (sql_prepare.cc:2329)
==3174==    by 0x5F994F: mysql_execute_command(THD*) (sql_parse.cc:2643)
==3174==    by 0x5FF89F: mysql_parse(THD*, char*, unsigned) (sql_parse.cc:6103)
==3174==    by 0x6002D2: dispatch_command(enum_server_command, THD*, char*, unsigned) (sql_parse.cc:1830)
==3174==    by 0x6013A0: do_command(THD*) (sql_parse.cc:1614)
==3174==    by 0x601FA4: handle_one_connection (sql_parse.cc:1228)
==3174==    by 0x320070697B: start_thread (in /lib64/libpthread-2.3.5.so)
==3174==    by 0x31FFAC9C2D: clone (in /lib64/libc-2.3.5.so)
==3174==  Address 0x956FFE0 is 0 bytes inside a block of size 3,083 free'd
==3174==    at 0x4905785: free (vg_replace_malloc.c:233)
==3174==    by 0x976C0F: my_no_flags_free (my_malloc.c:60)
==3174==    by 0x629C34: close_temporary(st_table*, bool, bool) (sql_base.cc:1585)
==3174==    by 0x629D14: close_temporary_table(THD*, st_table*, bool, bool) (sql_base.cc:1561)
==3174==    by 0x629D40: close_temporary_table(THD*, st_table_list*) (sql_base.cc:1525)
==3174==    by 0x706CFC: mysql_rm_table_part2(THD*, st_table_list*, bool, bool, bool, bool) (sql_table.cc:1555)
==3174==    by 0x707501: mysql_rm_table(THD*, st_table_list*, char, char) (sql_table.cc:1411)
==3174==    by 0x5FB72A: mysql_execute_command(THD*) (sql_parse.cc:3592)
==3174==    by 0x5FF89F: mysql_parse(THD*, char*, unsigned) (sql_parse.cc:6103)
==3174==    by 0x6002D2: dispatch_command(enum_server_command, THD*, char*, unsigned) (sql_parse.cc:1830)
==3174==    by 0x6013A0: do_command(THD*) (sql_parse.cc:1614)
==3174==    by 0x601FA4: handle_one_connection (sql_parse.cc:1228)
==3174==    by 0x320070697B: start_thread (in /lib64/libpthread-2.3.5.so)
==3174==    by 0x31FFAC9C2D: clone (in /lib64/libc-2.3.5.so)

How to repeat:
See pushbuild for 5.1
[2 Aug 2006 9:59] Konstantin Osipov 
The bug is caused by a wrong merge of fix for Bug#19399 from 4.1 performed by Ian a while ago.
The fix is in 5.0-runtime tree.
[2 Aug 2006 19:26] Konstantin Osipov 
A fix was pushed into 5.0.25 tree.
[16 Aug 2006 16:01] Konstantin Osipov 
Merged into 5.1.12.
No documentation note is needed, a test suite failure.