Bug #33151 creating temporary table with BIT causes free(): invalid next size (fast) crash
Submitted: 11 Dec 2007 19:43 Modified: 11 Jan 2008 20:32
Reporter: greg orlowski Email Updates:
Status: No Feedback Impact on me:
None 
Category:MySQL Server Severity:S1 (Critical)
Version:5.0.27 vanilla OS:Linux (compiled from vanilla 5.0.27 source on centos 5.0)
Assigned to: CPU Architecture:Any

[11 Dec 2007 19:43] greg orlowski
Description:
When I execute a query to create a temporary table that has a BIT(1) field and some other fields, the mysql server process hangs with:

 *** glibc detected *** /usr/local/mysql-server-5.0.27/libexec/mysqld: free(): invalid next size (fast): 0x0aa2cbb0 ***
======= Backtrace: =========
/lib/i686/nosegneg/libc.so.6[0x486a7cfd]
/lib/i686/nosegneg/libc.so.6(cfree+0x90)[0x486ab3b0]
/usr/local/mysql-server-5.0.27/libexec/mysqld(_Z16mysql_create_frmP3THDPcPKcS3_P24st_ha_create_informationR4ListI12create_fieldEjP6st_keyP7handler+0x97c)[0
x8221efc]
/usr/local/mysql-server-5.0.27/libexec/mysqld(_Z16rea_create_tableP3THDPcPKcS3_P24st_ha_create_informationR4ListI12create_fieldEjP6st_key+0x4c)[0x822263c]
/usr/local/mysql-server-5.0.27/libexec/mysqld(_Z18mysql_create_tableP3THDPKcS2_P24st_ha_create_informationR4ListI12create_fieldERS5_I3KeyEbj+0x3ad)[0x825780d]
/usr/local/mysql-server-5.0.27/libexec/mysqld(_ZN13select_create7prepareER4ListI4ItemEP18st_select_lex_unit+0x297)[0x81ed2a7]
/usr/local/mysql-server-5.0.27/libexec/mysqld(_ZN4JOIN7prepareEPPP4ItemP13st_table_listjS1_jP8st_orderS7_S1_S7_P13st_select_lexP18st_select_lex_unit+0x9d2)[0x81d7862]
/usr/local/mysql-server-5.0.27/libexec/mysqld(_Z12mysql_selectP3THDPPP4ItemP13st_table_listjR4ListIS1_ES2_jP8st_orderSB_S2_SB_mP13select_resultP18st_select_lex_unitP13st_select_lex+0x5d2)[0x81e86a2]
/usr/local/mysql-server-5.0.27/libexec/mysqld(_Z13handle_selectP3THDP6st_lexP13select_resultm+0x126)[0x81e8a36]
/usr/local/mysql-server-5.0.27/libexec/mysqld(_Z21mysql_execute_commandP3THD+0x99bf)[0x819e01f]
/usr/local/mysql-server-5.0.27/libexec/mysqld(_Z11mysql_parseP3THDPcj+0x231)[0x819e2c1]
/usr/local/mysql-server-5.0.27/libexec/mysqld(_Z16dispatch_command19enum_server_commandP3THDPcj+0x526)[0x819e8f6]
/usr/local/mysql-server-5.0.27/libexec/mysqld(handle_one_connection+0x8fc)[0x81a095c]
/lib/i686/nosegneg/libpthread.so.0[0x487b8302]
/lib/i686/nosegneg/libc.so.6(clone+0x5e)[0x4871038e]
======= Memory map: ========

After the error, my mysql client hangs. The mysql server process will not respond to a kill -TERM. uptime shows that there is no load on the system (0.00). I cannot log into mysql any more with my mysql client. I have to kill -9 the mysqld_safe and mysqld processes.

*** If I set my temporary table engine to InnoDB, the same error occurs. If I change the BIT(1) to a tinyint(1), the temp table is created successfully and there is no error.

*** My gcc:
gcc (GCC) 4.1.1 20070105 (Red Hat 4.1.1-52)

How to repeat:
I tried to execute this query:
----------
CREATE TEMPORARY TABLE STAGE.tmp_spell_discharge (
        resident_spell_id                       int(11) NOT NULL,
        livar_type_code                         varchar(3) NOT NULL,
        discharge_type_id                       tinyint(1) default NULL,
        disposition_type_id                     tinyint(1) default NULL,
        outcome_type_id                         tinyint(1) default NULL,
        discharge_completed_flg                 BIT(1) NOT NULL,
        INDEX                                   ( resident_spell_id ),
        INDEX                                   ( resident_spell_id, livar_type_code )
) ENGINE = MyISAM
AS
select
    rrs.resident_spell_id                               as resident_spell_id ,
    rrs.eff_livar_type_code                             as livar_type_code ,
    rlat.discharge_type_id                              as discharge_type_id ,
    rlat.disposition_type_id                            as disposition_type_id ,
    rlat.outcome_type_id                                as outcome_type_id ,
    IF ((
        rlat.discharge_type_id IS NOT NULL
        AND rlat.disposition_type_id IS NOT NULL
        AND rlat.outcome_type_id IS NOT NULL
        ), 1, 0)                                        as discharge_completed_flg
from
    rtos.rtos_resident_spell rrs
    LEFT OUTER JOIN rtos_resident_discharge rrd USING ( resident_spell_id )
    JOIN rtos_living_arrangement_type rlat ON ( rrs.eff_livar_type_code = rlat.livar_type_code )
WHERE
    rrs.spell_status = 'D'
    AND rrd.resident_discharge_id IS NULL
ORDER BY resident_spell_id ASC
;

-------------
Here are the tables from which I am selecting:
 show create table rtos_living_arrangement_type;

| rtos_living_arrangement_type | CREATE TABLE `rtos_living_arrangement_type` (
  `livar_type_code` varchar(3) NOT NULL,
  `livar_type_descr` varchar(40) default NULL,
  `interruption_type` varchar(50) default NULL,
  `outcome_type_id` tinyint(1) default NULL,
  `disposition_type_id` tinyint(1) default NULL,
  `discharge_type_id` tinyint(1) default NULL,
  PRIMARY KEY  (`livar_type_code`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 | 

--------------------
| rtos_resident_spell | CREATE TABLE `rtos_resident_spell` (
  `resident_spell_id` int(11) NOT NULL auto_increment,
  `client_id` int(11) NOT NULL,
  `agency_corp_id` int(11) NOT NULL,
  `resident_discharge_id` int(11) default NULL,
  `spell_status` char(1) NOT NULL,
  `admission_date` datetime NOT NULL,
  `interruption_date` datetime default NULL,
  `action_date` datetime default NULL,
  `discharge_date` datetime default NULL,
  `status_flg` char(1) NOT NULL default 'A',
  `updated_by` int(11) NOT NULL,
  `updated_date` timestamp NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP,
  `eff_placement_date` datetime NOT NULL,
  `eff_agency_id` int(11) NOT NULL,
  `outcomes_mgr_id` int(11) default NULL,
  `unit_id` int(11) default NULL,
  `eff_livar_type_code` varchar(3) NOT NULL,
  PRIMARY KEY  (`resident_spell_id`),
  KEY `idx_client_id` (`client_id`),
  KEY `fk_rrs_outcomes_mgr_id` (`outcomes_mgr_id`),
  KEY `fk_rrs_eff_agency_id` (`eff_agency_id`),
  CONSTRAINT `fk_rrs_client_id` FOREIGN KEY (`client_id`) REFERENCES `canscore`.`service_client` (`client_id`) ON UPDATE CASCADE,
  CONSTRAINT `fk_rrs_eff_agency_id` FOREIGN KEY (`eff_agency_id`) REFERENCES `canscore`.`cans_agency` (`agency_id`) ON UPDATE CASCADE,
  CONSTRAINT `fk_rrs_outcomes_mgr_id` FOREIGN KEY (`outcomes_mgr_id`) REFERENCES `canscore`.`cans_agency_personnel` (`person_id`) ON DELETE SET NULL ON UPDATE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=latin1 | 

----------------------
[11 Dec 2007 20:32] Valeriy Kravchuk
Thank you for a problem report. Please, try to repeat with a newer version, 5.0.51, and inform about the results.
[12 Jan 2008 0:00] Bugs System
No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".