Description:
bugfix #52629 contains two diffs.
This one makes the server crash at exit (the bootstrap when running mtr)
For me the 5.1 server hangs (needs a kill -9)
For mysql-pe I get a call stack.
while ((discard= cs->stack))
{
if (discard == &init_settings)
+ {
+ FreeState (cs, discard, 0);
break;
+ }
cs->stack= discard->next;
FreeState(cs, discard, 1);
}
*** glibc detected *** /export/home/didrik/mysqldev51/5.1-bugteam-bug50087/sql/mysqld: corrupted double-linked list: 0x0000000002e41530 ***
*** glibc detected *** /export/home/didrik/mysqldev-pe/pe-bug50087/sql/mysqld: double free or corruption (!prev): 0x0000000001f43460 ***
======= Backtrace: =========
/lib64/libc.so.6[0x3f23874576]
/lib64/libc.so.6(fclose+0x14d)[0x3f23864ead]
/export/home/didrik/mysqldev-pe/pe-bug50087/sql/mysqld[0xa961e2]
/export/home/didrik/mysqldev-pe/pe-bug50087/sql/mysqld[0xa95987]
/export/home/didrik/mysqldev-pe/pe-bug50087/sql/mysqld(_db_end_+0x152)[0xa95b54]
/export/home/didrik/mysqldev-pe/pe-bug50087/sql/mysqld(my_end+0x362)[0xa780ab]
/export/home/didrik/mysqldev-pe/pe-bug50087/sql/mysqld[0x5583ad]
/export/home/didrik/mysqldev-pe/pe-bug50087/sql/mysqld[0x558344]
/export/home/didrik/mysqldev-pe/pe-bug50087/sql/mysqld(_Z11mysqld_mainiPPc+0x667)[0x55d36d]
/export/home/didrik/mysqldev-pe/pe-bug50087/sql/mysqld(main+0x20)[0x555fc4]
/lib64/libc.so.6(__libc_start_main+0xfd)[0x3f2381eb1d]
/export/home/didrik/mysqldev-pe/pe-bug50087/sql/mysqld[0x555ee9]
Commenting out the diff above, this diff gives lots of valgrind warnings:
rel= control[0] == '+' || control[0] == '-';
if ((!rel || (!stack->out_file && !stack->next)))
{
+ /*
+ We need to free what's already in init_settings, because unlike
+ the thread related stack frames there's a chance that something
+ is in these variables already.
+ */
+ if (stack == &init_settings)
+ FreeState(cs, stack, 0);
stack->flags= 0;
stack->delay= 0;
stack->maxdepth= 0;
==28270== Thread 3:
==28270== Invalid read of size 2
==28270== at 0x3F238652FD: fflush (in /lib64/libc-2.11.so)
==28270== by 0xB3911F: FreeState (dbug.c:1484)
==28270== by 0xB36F73: DbugParse (dbug.c:464)
==28270== by 0xB37A45: _db_set_init_ (dbug.c:752)
==28270== by 0x6C416D: sys_var_thd_dbug::update(THD*, set_var*) (set_var.cc:4243)
==28270== by 0x6C296A: set_var::update(THD*) (set_var.cc:3606)
==28270== by 0x6C23EF: sql_set_variables(THD*, List<set_var_base>*) (set_var.cc:3481)
==28270== by 0x6B04EF: mysql_execute_command(THD*) (sql_parse.cc:3493)
==28270== by 0x6B7C70: mysql_parse(THD*, char const*, unsigned int, char const**) (sql_parse.cc:5986)
==28270== by 0x6AA210: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1233)
==28270== by 0x6A91C7: do_command(THD*) (sql_parse.cc:874)
==28270== by 0x6A74C6: handle_one_connection (sql_connect.cc:1134)
==28270== by 0x3F24406A39: start_thread (in /lib64/libpthread-2.11.so)
==28270== Address 0x50cd750 is 0 bytes inside a block of size 568 free'd
==28270== at 0x4A04D72: free (vg_replace_malloc.c:325)
==28270== by 0x3F23864EAC: fclose@@GLIBC_2.2.5 (in /lib64/libc-2.11.so)
==28270== by 0xB39913: DBUGCloseFile (dbug.c:1963)
==28270== by 0xB3910B: FreeState (dbug.c:1483)
==28270== by 0xB36F73: DbugParse (dbug.c:464)
==28270== by 0xB37A45: _db_set_init_ (dbug.c:752)
==28270== by 0x6C416D: sys_var_thd_dbug::update(THD*, set_var*) (set_var.cc:4243)
==28270== by 0x6C296A: set_var::update(THD*) (set_var.cc:3606)
==28270== by 0x6C23EF: sql_set_variables(THD*, List<set_var_base>*) (set_var.cc:3481)
==28270== by 0x6B04EF: mysql_execute_command(THD*) (sql_parse.cc:3493)
==28270== by 0x6B7C70: mysql_parse(THD*, char const*, unsigned int, char const**) (sql_parse.cc:5986)
==28270== by 0x6AA210: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1233)
==28270== by 0x6A91C7: do_command(THD*) (sql_parse.cc:874)
==28270== by 0x6A74C6: handle_one_connection (sql_connect.cc:1134)
==28270== by 0x3F24406A39: start_thread (in /lib64/libpthread-2.11.so)
==28270== Invalid read of size 8
==28270== at 0x3F23865303: fflush (in /lib64/libc-2.11.so)
==28270== by 0xB3911F: FreeState (dbug.c:1484)
==28270== by 0xB36F73: DbugParse (dbug.c:464)
==28270== by 0xB37A45: _db_set_init_ (dbug.c:752)
==28270== by 0x6C416D: sys_var_thd_dbug::update(THD*, set_var*) (set_var.cc:4243)
==28270== by 0x6C296A: set_var::update(THD*) (set_var.cc:3606)
==28270== by 0x6C23EF: sql_set_variables(THD*, List<set_var_base>*) (set_var.cc:3481)
==28270== by 0x6B04EF: mysql_execute_command(THD*) (sql_parse.cc:3493)
==28270== by 0x6B7C70: mysql_parse(THD*, char const*, unsigned int, char const**) (sql_parse.cc:5986)
==28270== by 0x6AA210: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1233)
==28270== by 0x6A91C7: do_command(THD*) (sql_parse.cc:874)
==28270== by 0x6A74C6: handle_one_connection (sql_connect.cc:1134)
==28270== by 0x3F24406A39: start_thread (in /lib64/libpthread-2.11.so)
==28270== Address 0x50cd7d8 is 136 bytes inside a block of size 568 free'd
==28270== at 0x4A04D72: free (vg_replace_malloc.c:325)
==28270== by 0x3F23864EAC: fclose@@GLIBC_2.2.5 (in /lib64/libc-2.11.so)
==28270== by 0xB39913: DBUGCloseFile (dbug.c:1963)
==28270== by 0xB3910B: FreeState (dbug.c:1483)
==28270== by 0xB36F73: DbugParse (dbug.c:464)
==28270== by 0xB37A45: _db_set_init_ (dbug.c:752)
==28270== by 0x6C416D: sys_var_thd_dbug::update(THD*, set_var*) (set_var.cc:4243)
==28270== by 0x6C296A: set_var::update(THD*) (set_var.cc:3606)
==28270== by 0x6C23EF: sql_set_variables(THD*, List<set_var_base>*) (set_var.cc:3481)
==28270== by 0x6B04EF: mysql_execute_command(THD*) (sql_parse.cc:3493)
==28270== by 0x6B7C70: mysql_parse(THD*, char const*, unsigned int, char const**) (sql_parse.cc:5986)
==28270== by 0x6AA210: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1233)
==28270== by 0x6A91C7: do_command(THD*) (sql_parse.cc:874)
==28270== by 0x6A74C6: handle_one_connection (sql_connect.cc:1134)
==28270== by 0x3F24406A39: start_thread (in /lib64/libpthread-2.11.so)
(more warning omitted)
How to repeat:
./mtr --debug --valgrind-mysqld variables_debug
© 2024, Oracle Corporation and/or its affiliates
Description: bugfix #52629 contains two diffs. This one makes the server crash at exit (the bootstrap when running mtr) For me the 5.1 server hangs (needs a kill -9) For mysql-pe I get a call stack. while ((discard= cs->stack)) { if (discard == &init_settings) + { + FreeState (cs, discard, 0); break; + } cs->stack= discard->next; FreeState(cs, discard, 1); } *** glibc detected *** /export/home/didrik/mysqldev51/5.1-bugteam-bug50087/sql/mysqld: corrupted double-linked list: 0x0000000002e41530 *** *** glibc detected *** /export/home/didrik/mysqldev-pe/pe-bug50087/sql/mysqld: double free or corruption (!prev): 0x0000000001f43460 *** ======= Backtrace: ========= /lib64/libc.so.6[0x3f23874576] /lib64/libc.so.6(fclose+0x14d)[0x3f23864ead] /export/home/didrik/mysqldev-pe/pe-bug50087/sql/mysqld[0xa961e2] /export/home/didrik/mysqldev-pe/pe-bug50087/sql/mysqld[0xa95987] /export/home/didrik/mysqldev-pe/pe-bug50087/sql/mysqld(_db_end_+0x152)[0xa95b54] /export/home/didrik/mysqldev-pe/pe-bug50087/sql/mysqld(my_end+0x362)[0xa780ab] /export/home/didrik/mysqldev-pe/pe-bug50087/sql/mysqld[0x5583ad] /export/home/didrik/mysqldev-pe/pe-bug50087/sql/mysqld[0x558344] /export/home/didrik/mysqldev-pe/pe-bug50087/sql/mysqld(_Z11mysqld_mainiPPc+0x667)[0x55d36d] /export/home/didrik/mysqldev-pe/pe-bug50087/sql/mysqld(main+0x20)[0x555fc4] /lib64/libc.so.6(__libc_start_main+0xfd)[0x3f2381eb1d] /export/home/didrik/mysqldev-pe/pe-bug50087/sql/mysqld[0x555ee9] Commenting out the diff above, this diff gives lots of valgrind warnings: rel= control[0] == '+' || control[0] == '-'; if ((!rel || (!stack->out_file && !stack->next))) { + /* + We need to free what's already in init_settings, because unlike + the thread related stack frames there's a chance that something + is in these variables already. + */ + if (stack == &init_settings) + FreeState(cs, stack, 0); stack->flags= 0; stack->delay= 0; stack->maxdepth= 0; ==28270== Thread 3: ==28270== Invalid read of size 2 ==28270== at 0x3F238652FD: fflush (in /lib64/libc-2.11.so) ==28270== by 0xB3911F: FreeState (dbug.c:1484) ==28270== by 0xB36F73: DbugParse (dbug.c:464) ==28270== by 0xB37A45: _db_set_init_ (dbug.c:752) ==28270== by 0x6C416D: sys_var_thd_dbug::update(THD*, set_var*) (set_var.cc:4243) ==28270== by 0x6C296A: set_var::update(THD*) (set_var.cc:3606) ==28270== by 0x6C23EF: sql_set_variables(THD*, List<set_var_base>*) (set_var.cc:3481) ==28270== by 0x6B04EF: mysql_execute_command(THD*) (sql_parse.cc:3493) ==28270== by 0x6B7C70: mysql_parse(THD*, char const*, unsigned int, char const**) (sql_parse.cc:5986) ==28270== by 0x6AA210: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1233) ==28270== by 0x6A91C7: do_command(THD*) (sql_parse.cc:874) ==28270== by 0x6A74C6: handle_one_connection (sql_connect.cc:1134) ==28270== by 0x3F24406A39: start_thread (in /lib64/libpthread-2.11.so) ==28270== Address 0x50cd750 is 0 bytes inside a block of size 568 free'd ==28270== at 0x4A04D72: free (vg_replace_malloc.c:325) ==28270== by 0x3F23864EAC: fclose@@GLIBC_2.2.5 (in /lib64/libc-2.11.so) ==28270== by 0xB39913: DBUGCloseFile (dbug.c:1963) ==28270== by 0xB3910B: FreeState (dbug.c:1483) ==28270== by 0xB36F73: DbugParse (dbug.c:464) ==28270== by 0xB37A45: _db_set_init_ (dbug.c:752) ==28270== by 0x6C416D: sys_var_thd_dbug::update(THD*, set_var*) (set_var.cc:4243) ==28270== by 0x6C296A: set_var::update(THD*) (set_var.cc:3606) ==28270== by 0x6C23EF: sql_set_variables(THD*, List<set_var_base>*) (set_var.cc:3481) ==28270== by 0x6B04EF: mysql_execute_command(THD*) (sql_parse.cc:3493) ==28270== by 0x6B7C70: mysql_parse(THD*, char const*, unsigned int, char const**) (sql_parse.cc:5986) ==28270== by 0x6AA210: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1233) ==28270== by 0x6A91C7: do_command(THD*) (sql_parse.cc:874) ==28270== by 0x6A74C6: handle_one_connection (sql_connect.cc:1134) ==28270== by 0x3F24406A39: start_thread (in /lib64/libpthread-2.11.so) ==28270== Invalid read of size 8 ==28270== at 0x3F23865303: fflush (in /lib64/libc-2.11.so) ==28270== by 0xB3911F: FreeState (dbug.c:1484) ==28270== by 0xB36F73: DbugParse (dbug.c:464) ==28270== by 0xB37A45: _db_set_init_ (dbug.c:752) ==28270== by 0x6C416D: sys_var_thd_dbug::update(THD*, set_var*) (set_var.cc:4243) ==28270== by 0x6C296A: set_var::update(THD*) (set_var.cc:3606) ==28270== by 0x6C23EF: sql_set_variables(THD*, List<set_var_base>*) (set_var.cc:3481) ==28270== by 0x6B04EF: mysql_execute_command(THD*) (sql_parse.cc:3493) ==28270== by 0x6B7C70: mysql_parse(THD*, char const*, unsigned int, char const**) (sql_parse.cc:5986) ==28270== by 0x6AA210: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1233) ==28270== by 0x6A91C7: do_command(THD*) (sql_parse.cc:874) ==28270== by 0x6A74C6: handle_one_connection (sql_connect.cc:1134) ==28270== by 0x3F24406A39: start_thread (in /lib64/libpthread-2.11.so) ==28270== Address 0x50cd7d8 is 136 bytes inside a block of size 568 free'd ==28270== at 0x4A04D72: free (vg_replace_malloc.c:325) ==28270== by 0x3F23864EAC: fclose@@GLIBC_2.2.5 (in /lib64/libc-2.11.so) ==28270== by 0xB39913: DBUGCloseFile (dbug.c:1963) ==28270== by 0xB3910B: FreeState (dbug.c:1483) ==28270== by 0xB36F73: DbugParse (dbug.c:464) ==28270== by 0xB37A45: _db_set_init_ (dbug.c:752) ==28270== by 0x6C416D: sys_var_thd_dbug::update(THD*, set_var*) (set_var.cc:4243) ==28270== by 0x6C296A: set_var::update(THD*) (set_var.cc:3606) ==28270== by 0x6C23EF: sql_set_variables(THD*, List<set_var_base>*) (set_var.cc:3481) ==28270== by 0x6B04EF: mysql_execute_command(THD*) (sql_parse.cc:3493) ==28270== by 0x6B7C70: mysql_parse(THD*, char const*, unsigned int, char const**) (sql_parse.cc:5986) ==28270== by 0x6AA210: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1233) ==28270== by 0x6A91C7: do_command(THD*) (sql_parse.cc:874) ==28270== by 0x6A74C6: handle_one_connection (sql_connect.cc:1134) ==28270== by 0x3F24406A39: start_thread (in /lib64/libpthread-2.11.so) (more warning omitted) How to repeat: ./mtr --debug --valgrind-mysqld variables_debug