Bug #39195 Crash in movelink at hash.c:272
Submitted: 2 Sep 2008 16:51 Modified: 20 Feb 2009 11:50
Reporter: Philip Stoev Email Updates:
Status: Can't repeat Impact on me:
None 
Category:MySQL Server Severity:S1 (Critical)
Version:6.0-bzr OS:Any
Assigned to: Philip Stoev CPU Architecture:Any

[2 Sep 2008 16:51] Philip Stoev 
Description:
When executing a concurrent workload, mysqld crashed as follows:

#0  movelink (array=0x9e1a9f0, find=2, next_link=1013866853, newlink=4) at hash.c:272
#1  0x08664b37 in my_hash_insert (info=0x886b540, record=0xa3902c8 "╦,Д\t") at hash.c:437
#2  0x083d1e93 in mdl_acquire_shared_lock (context=0xa38df2c, lock_data=0x9e42cb8, retry=0xa80e4c8b) at mdl.cc:754
#3  0x082783ec in open_table_get_mdl_lock (thd=0xa38deb8, table_list=0xa80e53f8, mdl_lock_data=0x9e42cb8, flags=0, action=0xa80e5174) at sql_base.cc:2272
#4  0x0827956c in open_table (thd=0xa38deb8, table_list=0xa80e53f8, mem_root=0xa38f8b0, action=0xa80e5174, flags=0) at sql_base.cc:2530
#5  0x0827cf3d in open_ltable (thd=0xa38deb8, table_list=0xa80e53f8, lock_type=TL_WRITE_CONCURRENT_INSERT, lock_flags=27) at sql_base.cc:4012
#6  0x0827d1a4 in open_performance_schema_table (thd=0xa38deb8, one_table=0xa80e53f8, backup=0xa80e55f8) at sql_base.cc:7905
#7  0x082d5328 in Log_to_csv_event_handler::log_general (this=0x9e44948, thd=0xa38deb8, event_time=1220373711,
    user_host=0xa80e56bc "root[root] @ localhost []", user_host_len=25, thread_id=10, command_type=0x86f3899 "Connect", command_type_len=7,
    sql_text=0xa80e58e8 "root@localhost on test", sql_text_len=22, client_cs=0x885b2e0) at log.cc:391
#8  0x082d0a29 in LOGGER::general_log_write (this=0x8865300, thd=0xa38deb8, command=COM_CONNECT, query=0xa80e58e8 "root@localhost on test", query_length=22)
    at log.cc:1046
#9  0x082d0b2e in LOGGER::general_log_print (this=0x8865300, thd=0xa38deb8, command=COM_CONNECT, format=0x86f2e08 "%s@%s on %s",
    args=0xa80e5d2c "8L<\nR\200n\bБa\016╗\207W{\bЪЪЪ\037Д-o\b\\]\016╗\020") at log.cc:1065
#10 0x082d0b81 in general_log_print (thd=0xa38deb8, command=COM_CONNECT, format=0x86f2e08 "%s@%s on %s") at log.cc:4132
#11 0x0823403c in check_user (thd=0xa38deb8, command=COM_CONNECT, passwd=0xa40a276 "test", passwd_len=0, db=0x3c6e6165 <Address 0x3c6e6165 out of bounds>,
    check_count=true) at sql_connect.cc:439
#12 0x08234cd8 in check_connection (thd=0xa38deb8) at sql_connect.cc:925
#13 0x08234d8d in login_connection (thd=0xa38deb8) at sql_connect.cc:985
#14 0x0823509c in handle_one_connection (arg=0xa38deb8) at sql_connect.cc:1144
#15 0x0057d32f in start_thread () from /lib/libpthread.so.0
#16 0x0049a27e in clone () from /lib/libc.so.6

(gdb) list
267       HASH_LINK *old_link;
268       do
269       {
270         old_link=array+next_link;
271       }
272       while ((next_link=old_link->next) != find); <<<< HERE
273       old_link->next= newlink;
274       return;
275     }

(gdb) print old_link->next
Cannot access memory at address 0xed54b518

Other crashes in movelink have been reported in the context of XA transactions

How to repeat:
If this is repeatable, a test case will be provided.
[20 Feb 2009 11:28] Dmitry Lenev 
Hello Philip!

Could you please try repeating it with current snapshot 6.0?
[20 Feb 2009 11:50] Philip Stoev 
This bug was seen once and only once in the course of many dozens of test runs.

Executing the same test case agains the current 6.0 tree does not cause this issue.