Bug #53155 Crash in safe_mutex_init(), using uninitialized mutex attr
Submitted: 26 Apr 2010 10:58 Modified: 23 Oct 2010 6:12
Reporter: Vasil Dimov Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Cluster: Cluster (NDB) storage engine Severity:S1 (Critical)
Version:mysql-5.1 OS:FreeBSD (8.0-STABLE amd64)
Assigned to: CPU Architecture:Any
Tags: 5.1

[26 Apr 2010 10:58] Vasil Dimov 
Description:
When compiled with

./configure --enable-thread-safe-client --enable-local-infile --with-pic --with-client-ldflags=-static --with-mysqld-ldflags=-static --with-zlib-dir=bundled --without-ndb-debug --with-big-tables --with-ssl --with-readline --with-embedded-server --with-archive-storage-engine --with-blackhole-storage-engine --with-csv-storage-engine --with-example-storage-engine --with-federated-storage-engine --with-partition --with-extra-charsets=all --with-innodb --with-ndbcluster --with-debug

and with

gcc44 (GCC) 4.4.4 20100420 (prerelease)

then mysqld crashes right away when starting:

$ ./sql/mysqld 
Segmentation fault: 11 (core dumped)
$

(gdb) bt
#0  0x000000080129fd28 in pthread_mutexattr_init () from /lib/libthr.so.3
#1  0x0000000000b5343d in safe_mutex_init (mp=0x11aaee0, attr=0x11aae48, 
    file=0xd4bbe8 "dbug.c", line=334) at thr_mutex.c:61
#2  0x0000000000b55f53 in code_state () at dbug.c:334
#3  0x0000000000b575ec in _db_enter_ (_func_=0xd3d02c "NdbMutex_Create", 
    _file_=0xd3d021 "NdbMutex.c", _line_=27, _sfunc_=0x7fffffffe8f8, 
    _sfile_=0x7fffffffe8f0, _slevel_=0x7fffffffe8ec, _sframep_=0x7fffffffe8e0)
    at dbug.c:967
#4  0x0000000000afe34a in NdbMutex_Create () at NdbMutex.c:27
#5  0x0000000000afa8da in Logger (this=0x11a3858) at Logger.cpp:48
#6  0x0000000000ae16c6 in EventLogger (this=0x11a3840) at EventLogger.cpp:1021
#7  0x0000000000acb9ee in __static_initialization_and_destruction_0 (
    __initialize_p=1, __priority=65535) at ndb_cluster_connection.cpp:35
#8  0x0000000000acba21 in global constructors keyed to ndb_cluster_connection.cpp ()
    at ndb_cluster_connection.cpp:692
#9  0x0000000000bea1e6 in __do_global_ctors_aux ()
#10 0x00000000005919c6 in _init ()
#11 0x00000008018b4bd0 in __cxa_atexit () from /lib/libc.so.7
#12 0x0000000000592a01 in _start ()

(gdb) ins attr
$1 = (const pthread_mutexattr_t *) 0x11aae48

(gdb) ins &my_fast_mutexattr
$5 = (pthread_mutexattr_t *) 0x11aae48

my_fast_mutexattr is initialized in mysys/my_thr_init.c:131 in my_thread_global_init() but that code is not called before the above crash, so my_fast_mutexattr is not initialized.

my_thread_global_init() would be called later if the crash did not occur:

(gdb) bt
#0  my_thread_global_init () at my_thr_init.c:131
#1  0x0000000000b26cac in my_init () at my_init.c:81
#2  0x0000000000692a8a in main (argc=1, argv=0x7fffffffea20) at mysqld.cc:4283

How to repeat:
See "Description"
[26 Apr 2010 10:58] Vasil Dimov 
int safe_mutex_init(safe_mutex_t *mp,
                    const pthread_mutexattr_t *attr __attribute__((unused)),
                    const char *file,
                    uint line)
{
  bzero((char*) mp,sizeof(*mp));
  pthread_mutex_init(&mp->global,MY_MUTEX_INIT_ERRCHK);
  pthread_mutex_init(&mp->mutex,attr);

also the unused attribute should be removed because attr is actually used.
[26 Apr 2010 11:01] Vasil Dimov 
FreeBSD 8.0-STABLE amd64
[27 Apr 2010 11:36] Gustaf Thorslund 
Vasil,

What exact version of MySQL Cluster are you using?

/Gustaf
[27 Apr 2010 12:30] Vasil Dimov 
I am using /bzrroot/server/mysql-5.1
[27 Apr 2010 12:59] Gustaf Thorslund 
Vasil,

Please try mysql-5.1-telco-6.3, mysql-5.1-telco-7.0, and/or mysql-5.1-telco-7.1 instead. The cluster code have not been merged into mysql-5.1 for some years now.

/Gustaf
[27 Apr 2010 14:09] Vasil Dimov 
Gustaf,

What if this does not happen with any of the trees you mention?
[27 Apr 2010 14:17] Gustaf Thorslund 
Vasil, 

Then we know it only affect the cluster source in the mysql-5.1 tree and that's not something we recommend to use anyway.

/Gustaf
[27 Apr 2010 14:27] Vasil Dimov 
Users may get hurt if they enable --with-ndbcluster in mysql-5.1

Either --with-ndbcluster should be removed from ./configure if the code is unmaintained or the bug should be fixed in mysql-5.1.

Pushbuild is running with that option turned on.

Thanks!
[22 Oct 2010 5:46] Gustaf Thorslund 
Verified as described with:
* FreeBSD 8.1
* GCC  4.2.1
* revno 3364 from the mysql-5.1 tree (what was current when this bug was reported)

Works fine with:
* revno 3469 (current version some days ago)
[22 Oct 2010 6:00] Gustaf Thorslund 
Test case used:
-->
#!/bin/sh

REVNO=$(bzr version-info --custom --template="{revno}")

echo -n revno: $REVNO

./BUILD/autorun.sh > autorun.$REVNO.log 2>&1

./configure --enable-thread-safe-client --enable-local-infile --with-pic --with-client-ldflags=-static --with-mysqld-ldflags=-static --with-zlib-dir=bundled --without-ndb-debug --with-big-tables --with-ssl --with-readline --with-embedded-server --with-archive-storage-engine --with-blackhole-storage-engine --with-csv-storage-engine --with-example-storage-engine --with-federated-storage-engine --with-partition --with-extra-charsets=all --with-innodb --with-ndbcluster --with-debug > configure.$REVNO.log 2>&1

gmake > make.$REVNO.log 2>&1

cd mysql-test

./mysql-test-run 1st > test.$REVNO.log 2>&1

result=$?

echo , result: $result

return $result
-->
Will exit with 1 on failure and also create a mysql-test/mysqld.core.
[22 Oct 2010 19:54] Gustaf Thorslund 
bzr-bisect helped me find:
-->
No further bisection is possible.

On revision 3457.1.25 (davi.arnaut@sun.com-20100714131012-btyvcruo9ot6ddzc):
Bug#48327: Some crashes specific to FreeBSD ("embedded")

Backport fixes from ndb: Rework the constructors of some static
object's to not call dbug functions since the constructors will
be called before main, and consequently, before the dbug library
is initialized.
-->

So this could be a duplicate of Bug#48327, or some other mentioned there.
[23 Oct 2010 6:12] Vasil Dimov 
Has already been fixed