Bug #38269 pushbuild gives valgrind error in ha_statistic_increment for rpl_temporary
Submitted: 21 Jul 2008 18:56 Modified: 17 Oct 2008 17:53
Reporter: Sven Sandberg Email Updates:
Status: Closed Impact on me:
None 
Category:Tests: Replication Severity:S7 (Test Cases)
Version:5.1-bugteam OS:Any (valgrind)
Assigned to: Ramil Kalimullin CPU Architecture:Any
Tags: ha_statistic_increment, pushbuild, sr51test, test failure, tmp_table_repliication, valgrind
Triage: D2 (Serious)

[21 Jul 2008 18:56] Sven Sandberg
Description:
pushbuild gave the following warning for rpl_temporary in pb-valgrind-*:

VALGRIND: 'Invalid read of size 8'
    COUNT: 1
    FUNCTION: handler::ha_statistic_increment(unsigned    FILES:    slave.err
    TESTS:    rpl.rpl_temporary
    STACK: at 0x73CCEE: handler::ha_statistic_increment(unsigned long system_status_var::*) const (handler.cc:1952)
             by 0x92E7AD: ha_myisam::rnd_next(unsigned char*) (ha_myisam.cc:1695)
             by 0x742C2F: handler::read_first_row(unsigned char*, unsigned) (handler.cc:2045)
             by 0x6AC149: join_read_system(st_join_table*) (sql_select.cc:11458)
             by 0x6AC31D: join_read_const_table(st_join_table*, st_position*) (sql_select.cc:11383)
             by 0x6ACA34: make_join_statistics(JOIN*, TABLE_LIST*, Item*, st_dynamic_array*) (sql_select.cc:2609)
             by 0x6B3064: JOIN::optimize() (sql_select.cc:945)
             by 0x6BCBA4: mysql_select(THD*, Item***, TABLE_LIST*, unsigned, List<Item>&, Item*, unsigned, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2346)
             by 0x6BD76E: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:269)
             by 0x646D0B: mysql_execute_command(THD*) (sql_parse.cc:3009)
             by 0x64752A: mysql_parse(THD*, char const*, unsigned, char const**) (sql_parse.cc:5656)
             by 0x70C001: Query_log_event::do_apply_event(Relay_log_info const*, char const*, unsigned) (log_event.cc:2428)
             by 0x7954AF: apply_event_and_update_pos(Log_event*, THD*, Relay_log_info*, bool) (log_event.h:1011)
             by 0x79DA28: exec_relay_log_event(THD*, Relay_log_info*) (slave.cc:2058)
             by 0x79E642: handle_slave_sql (slave.cc:2717)
             by 0x4B2A192: start_thread (in /lib64/libpthread-2.4.so)
           Address 0x5E8A168 is 3,080 bytes inside a block of size 10,632 free'd
             at 0x4A2066B: free (vg_replace_malloc.c:233)
             by 0xA0A9FA: my_no_flags_free (my_malloc.c:59)
             by 0x61EA34: THD::~THD() (sql_list.h:459)
             by 0x79EBDE: handle_slave_sql (slave.cc:2832)
             by 0x4B2A192: start_thread (in /lib64/libpthread-2.4.so)
             by 0x51A147C: clone (in /lib64/libc-2.4.so)

VALGRIND: 'Invalid read of size 8'
    COUNT: 1
    FUNCTION: handler::read_first_row(unsigned    FILES:    slave.err
    TESTS:    rpl.rpl_temporary
    STACK: at 0x742B90: handler::read_first_row(unsigned char*, unsigned) (handler.cc:1952)
             by 0x6AC149: join_read_system(st_join_table*) (sql_select.cc:11458)
             by 0x6AC31D: join_read_const_table(st_join_table*, st_position*) (sql_select.cc:11383)
             by 0x6ACA34: make_join_statistics(JOIN*, TABLE_LIST*, Item*, st_dynamic_array*) (sql_select.cc:2609)
             by 0x6B3064: JOIN::optimize() (sql_select.cc:945)
             by 0x6BCBA4: mysql_select(THD*, Item***, TABLE_LIST*, unsigned, List<Item>&, Item*, unsigned, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2346)
             by 0x6BD76E: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:269)
             by 0x646D0B: mysql_execute_command(THD*) (sql_parse.cc:3009)
             by 0x64752A: mysql_parse(THD*, char const*, unsigned, char const**) (sql_parse.cc:5656)
             by 0x70C001: Query_log_event::do_apply_event(Relay_log_info const*, char const*, unsigned) (log_event.cc:2428)
             by 0x7954AF: apply_event_and_update_pos(Log_event*, THD*, Relay_log_info*, bool) (log_event.h:1011)
             by 0x79DA28: exec_relay_log_event(THD*, Relay_log_info*) (slave.cc:2058)
             by 0x79E642: handle_slave_sql (slave.cc:2717)
             by 0x4B2A192: start_thread (in /lib64/libpthread-2.4.so)
             by 0x51A147C: clone (in /lib64/libc-2.4.so)
           Address 0x5E8A138 is 3,032 bytes inside a block of size 10,632 free'd
             at 0x4A2066B: free (vg_replace_malloc.c:233)
             by 0xA0A9FA: my_no_flags_free (my_malloc.c:59)
             by 0x61EA34: THD::~THD() (sql_list.h:459)
             by 0x79EBDE: handle_slave_sql (slave.cc:2832)
             by 0x4B2A192: start_thread (in /lib64/libpthread-2.4.so)
             by 0x51A147C: clone (in /lib64/libc-2.4.so)

This is likely a bug in replication code, since the error happens in the slave SQL thread.

How to repeat:
https://intranet.mysql.com/secure/pushbuild/showpush.pl?dir=bzr_mysql-5.1-bugteam&order=71 , 'pb-valgrind-*' Valgrind, n_stm and ps_stm
[21 Jul 2008 18:59] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/50140

2709 Sven Sandberg	2008-07-21
      BUG#38269: pushbuild gives valgrind error in ha_statistic_increment for rpl_temporary
      This does not fix the bug. It only disables the failing test.
[21 Jul 2008 18:59] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/50141

2709 Sven Sandberg	2008-07-21
      BUG#38269: pushbuild gives valgrind error in ha_statistic_increment for rpl_temporary
      This does not fix the bug. It only disables the failing test.
[21 Jul 2008 19:04] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/50142

2709 Sven Sandberg	2008-07-21
      BUG#38269: pushbuild gives valgrind error in ha_statistic_increment for rpl_temporary
      This does not fix the bug. It only disables the failing test.
[22 Jul 2008 17:29] Sven Sandberg
See also BUG#38289.
[22 Jul 2008 17:59] Sven Sandberg
The following warnings were given by valgrind on https://intranet.mysql.com/secure/pushbuild/showpush.pl?dir=bzr_mysql-5.1-bugteam&order=72 valgrind/n_stm and valgrind/ps_stm :

slave.err: rpl.rpl_temporary: ==20763==    at 0x742BC0: handler::read_first_row(unsigned char*, unsigned) (handler.cc:1952)
slave.err: rpl.rpl_temporary: ==20763==    at 0x4A2066B: free (vg_replace_malloc.c:233)
slave.err: rpl.rpl_temporary: ==20763==    at 0x73CD1E: handler::ha_statistic_increment(unsigned long system_status_var::*) const (handler.cc:1952)
slave.err: rpl.rpl_temporary: ==20763==    at 0x4A2066B: free (vg_replace_malloc.c:233)
[22 Jul 2008 18:32] Bugs System
Pushed into 5.1.28
[28 Jul 2008 14:46] Bugs System
Pushed into 6.0.7-alpha  (revid:alik@mysql.com-20080725172155-fnc73o50e4tgl23k) (version source revid:alik@mysql.com-20080725172155-fnc73o50e4tgl23k) (pib:3)
[28 Jul 2008 16:45] Bugs System
Pushed into 5.1.28  (revid:davi.arnaut@sun.com-20080722182431-0i2f1yc4uocime9q) (version source revid:davi.arnaut@sun.com-20080722182431-0i2f1yc4uocime9q) (pib:3)
[14 Sep 2008 1:06] Bugs System
Pushed into 6.0.7-alpha  (revid:sven@mysql.com-20080721190506-dk52gik6ob2h7pjd) (version source revid:vvaintroub@mysql.com-20080804094710-jb2qpqxpf2ir2gf3) (pib:3)
[1 Oct 2008 14:01] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/54951

2755 Sven Sandberg	2008-10-01
      BUG#38269: pushbuild gives valgrind error in ha_statistic_increment for rpl_temporary
      Re-enabling failing test case because server logs were lost in pushbuild, so we need to run it again.
[1 Oct 2008 14:13] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/54955

2755 Sven Sandberg	2008-10-01
      BUG#38269: pushbuild gives valgrind error in ha_statistic_increment for rpl_temporary
      Re-enabling failing test case because server logs were lost in pushbuild, so we need to run it again.
[7 Oct 2008 11:06] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/55569

2692 Ramil Kalimullin	2008-10-07
      Fix for bug#38269: pushbuild gives valgrind error in 
      ha_statistic_increment for rpl_temporary
      
      Problem: in some cases master send a special event to reconnecting
      slave to keep slave's temporary tables (see #17284) and they still 
      have references to the "old" SQL slave thread and use them to access
      thread's data.
      
      Fix: set temporary tables thread references to the actual SQL slave
      thread in such cases.
[7 Oct 2008 13:22] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/55588

2760 Ramil Kalimullin	2008-10-07
      Fix for bug#38269: pushbuild gives valgrind error in 
      ha_statistic_increment for rpl_temporary
      
      Problem: in some cases master send a special event to reconnecting
      slave to keep slave's temporary tables (see #17284) and they still 
      have references to the "old" SQL slave thread and use them to access
      thread's data.
      
      Fix: set temporary tables thread references to the actual SQL slave
      thread in such cases.
[7 Oct 2008 18:20] Paul Dubois
Noted in 5.1.29 changelog.

In some cases, a replication master sent a special event to a
reconnecting slave to keep the slave's temporary tables, but they
still had references to the old slave SQL thread and used them to 
access that thread's data. 

Leaving report status unchanged; this is early documentation of an upcoming push into 5.1.29.
[9 Oct 2008 17:46] Bugs System
Pushed into 5.1.30  (revid:sven@mysql.com-20081001140204-8ztvsvmyqx0q547j) (version source revid:mats@sun.com-20081008113713-2vxny72m5w1tywoi) (pib:4)
[9 Oct 2008 18:27] Paul Dubois
Setting report to NDI pending push into 6.0.x.
[17 Oct 2008 16:46] Bugs System
Pushed into 6.0.8-alpha  (revid:ramil@mysql.com-20081007132117-8wxs7ghuxar1t31a) (version source revid:kgeorge@mysql.com-20081007153644-uypi14yjgque9obc) (pib:5)
[17 Oct 2008 17:53] Paul Dubois
Noted in 6.0.8 changelog.
[28 Oct 2008 21:06] Bugs System
Pushed into 5.1.29-ndb-6.2.17  (revid:sven@mysql.com-20081001140204-8ztvsvmyqx0q547j) (version source revid:tomas.ulin@sun.com-20081028140209-u4emkk1xphi5tkfb) (pib:5)
[28 Oct 2008 22:24] Bugs System
Pushed into 5.1.29-ndb-6.3.19  (revid:sven@mysql.com-20081001140204-8ztvsvmyqx0q547j) (version source revid:tomas.ulin@sun.com-20081028194045-0353yg8cvd2c7dd1) (pib:5)
[1 Nov 2008 9:50] Bugs System
Pushed into 5.1.29-ndb-6.4.0  (revid:sven@mysql.com-20081001140204-8ztvsvmyqx0q547j) (version source revid:jonas@mysql.com-20081101082305-qx5a1bj0z7i8ueys) (pib:5)