Bug #25396 Valgrind leak in closecon_handlerton
Submitted: 3 Jan 2007 20:26 Modified: 24 Jan 2007 20:28
Reporter: Mads Martin Joergensen Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S1 (Critical)
Version:5.1 OS:
Assigned to: Antony Curtis CPU Architecture:Any

[3 Jan 2007 20:26] Mads Martin Joergensen
Description:
Pushbuild show's the following Valgrind errors:

VALGRIND: 'Invalid read of size 4'
    COUNT: 2
    FUNCTION: closecon_handlerton(THD*,    FILES:    master.err
    TESTS:    ndbapi
    STACK: at 0x6FF41B: closecon_handlerton(THD*, st_plugin_int*, void*) (handler.cc:553)
             by 0x7D77CB: plugin_foreach_with_mask(THD*, char (*)(THD*, st_plugin_int*, void*), int, unsigned, void*) (sql_plugin.cc:990)
             by 0x602185: THD::~THD() (sql_class.cc:476)
             by 0x7301CC: ndb_util_thread_func (ha_ndbcluster.cc:8576)
             by 0x4D44192: start_thread (in /lib64/libpthread-2.4.so)
             by 0x52B745C: clone (in /lib64/libc-2.4.so)
           Address 0x545A960 is 0 bytes inside a block of size 288 free'd
             at 0x4A2046E: free (vg_replace_malloc.c:233)
             by 0x9A935A: my_no_flags_free (my_malloc.c:59)
             by 0x700B12: ha_finalize_handlerton(st_plugin_int*) (handler.cc:398)
             by 0x7D7E7E: plugin_deinitialize(st_plugin_int*) (sql_plugin.cc:508)
             by 0x7D7F88: plugin_shutdown() (sql_plugin.cc:805)
             by 0x611810: clean_up(bool) (mysqld.cc:1202)
             by 0x6161AC: kill_server(void*) (mysqld.cc:1134)
             by 0x61620F: kill_server_thread (mysqld.cc:1094)
             by 0x4D44192: start_thread (in /lib64/libpthread-2.4.so)
             by 0x52B745C: clone (in /lib64/libc-2.4.so)

VALGRIND: 'Invalid read of size 8'
    COUNT: 1
    FUNCTION: closecon_handlerton(THD*,    FILES:    master.err
    TESTS:    ndbapi
    STACK: at 0x6FF421: closecon_handlerton(THD*, st_plugin_int*, void*) (handler.cc:553)
             by 0x7D77CB: plugin_foreach_with_mask(THD*, char (*)(THD*, st_plugin_int*, void*), int, unsigned, void*) (sql_plugin.cc:990)
             by 0x602185: THD::~THD() (sql_class.cc:476)
             by 0x7301CC: ndb_util_thread_func (ha_ndbcluster.cc:8576)
             by 0x4D44192: start_thread (in /lib64/libpthread-2.4.so)
             by 0x52B745C: clone (in /lib64/libc-2.4.so)
           Address 0x545A970 is 16 bytes inside a block of size 288 free'd
             at 0x4A2046E: free (vg_replace_malloc.c:233)
             by 0x9A935A: my_no_flags_free (my_malloc.c:59)
             by 0x700B12: ha_finalize_handlerton(st_plugin_int*) (handler.cc:398)
             by 0x7D7E7E: plugin_deinitialize(st_plugin_int*) (sql_plugin.cc:508)
             by 0x7D7F88: plugin_shutdown() (sql_plugin.cc:805)
             by 0x611810: clean_up(bool) (mysqld.cc:1202)
             by 0x6161AC: kill_server(void*) (mysqld.cc:1134)
             by 0x61620F: kill_server_thread (mysqld.cc:1094)
             by 0x4D44192: start_thread (in /lib64/libpthread-2.4.so)
             by 0x52B745C: clone (in /lib64/libc-2.4.so)

How to repeat:
https://intranet.mysql.com/~knielsen/pb/getlog.pl?dir=mysql-5.1&entry=jbruehe@trift2.-2007...
[4 Jan 2007 21:22] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/17642

ChangeSet@1.2371, 2007-01-04 13:22:10-08:00, acurtis@xiphis.org +2 -0
  Bug#25396
    "Valgrind leak in closecon_handlerton"
    Added a new plugin state to fix ndb shutdown issue found by valgrind
[4 Jan 2007 21:24] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/17644

ChangeSet@1.2371, 2007-01-04 13:24:03-08:00, acurtis@xiphis.org +3 -0
  Bug#25396
    "Valgrind leak in closecon_handlerton"
    Added a new plugin state to fix ndb shutdown issue found by valgrind
[10 Jan 2007 10:43] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/17840

ChangeSet@1.2379, 2007-01-10 02:42:37-08:00, acurtis@xiphis.org +2 -0
  BUG#25396
    "Valgrind leak in closecon_handlerton"
    Properly NULL pointers when freeing handlerton
[11 Jan 2007 22:31] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/18001

ChangeSet@1.2379, 2007-01-11 14:31:20-08:00, acurtis@xiphis.org +3 -0
  Bug#25396
    "Valgrind leak in closecon_handlerton"
    plugin_shutdown() calls plugin_deinitialize() which calls ha_finalize_handlerton().
    ndbcluster_end() fails to wait for the ndb utility thread to exit which results in
    the handlerton struct being freed before the ndb utility thread has destroyed it's THD
    but before the plugin has been marked as UNINITIALIZED
  
  Bug is caused by misuse of abort_loops variable and not locking mutex during calls to
  pthread condition variable functions.
[23 Jan 2007 11:28] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/18612

ChangeSet@1.2379, 2007-01-23 03:27:46-08:00, acurtis@xiphis.org +3 -0
  Bug#25396
    "Valgrind leak in closecon_handlerton"
    plugin_shutdown() calls plugin_deinitialize() which calls ha_finalize_handlerton().
    ndbcluster_end() fails to wait for the ndb utility thread to exit which results in
    the handlerton struct being freed before the ndb utility thread has destroyed it's THD
    but before the plugin has been marked as UNINITIALIZED
  
  Bug is caused by misuse of abort_loops variable and not locking mutex during calls to
  pthread condition variable functions causing a race in valgrind's pthread_cond_wait
  implementation.
[23 Jan 2007 13:09] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/18622

ChangeSet@1.2379, 2007-01-23 05:09:14-08:00, acurtis@xiphis.org +3 -0
  Bug#25396
    "Valgrind leak in closecon_handlerton"
    plugin_shutdown() calls plugin_deinitialize() which calls ha_finalize_handlerton().
    ndbcluster_end() fails to wait for the ndb utility thread to exit which results in
    the handlerton struct being freed before the ndb utility thread has destroyed it's THD
    but before the plugin has been marked as UNINITIALIZED
  
  Bug is caused by misuse of abort_loops variable and not locking mutex during calls to
  pthread condition variable functions causing a race in valgrind's pthread_cond_wait
  implementation.
[23 Jan 2007 16:37] Antony Curtis
pushed to mysql-5.1-build tree
[24 Jan 2007 15:56] Daniel Fischer
Pushed to 5.1.15.
[24 Jan 2007 20:28] Paul DuBois
Noted in 5.1.15 changelog.