Bug #55627 segv in ut_free pars_lexer_close innobase_shutdown innodb-use-sys-malloc=0
Submitted: 29 Jul 2010 13:39 Modified: 14 Oct 2010 16:24
Reporter: Mikhail Izioumtchenko Email Updates:
Status: Closed Impact on me:
Category:MySQL Server: InnoDB Plugin storage engine Severity:S2 (Serious)
Version:5.1 OS:Any
Assigned to: Jimmy Yang CPU Architecture:Any

[29 Jul 2010 13:39] Mikhail Izioumtchenko
low reproducible crash in shutdown when innodb-use-system-malloc=0,
plugin. I believe it's fixed in 5.5.

 #2  0x00000000005e15e5 in handle_segfault (sig=11) at mysqld.cc:2605
 #3  <signal handler called>
 #4  0x00002aaaabccdae8 in ut_free (ptr=0x0) at ut/ut0mem.c:312
 #5  0x00002aaaabc71176 in yyfree (ptr=0x0) at lexyy.c:2741
 #6  0x00002aaaabc7111d in yylex_destroy () at lexyy.c:2692
 #7  0x00002aaaabc71181 in pars_lexer_close () at pars0lex.l:659
 #8  0x00002aaaabcaf133 in innobase_shutdown_for_mysql ()
     at srv/srv0start.c:2018
 #9  0x00002aaaabc20279 in innobase_end (hton=0x14cc19d0, type=HA_PANIC_CLOSE)
     at handler/ha_innodb.cc:2306
 #10 0x00000000006ffcb8 in ha_finalize_handlerton (plugin=0x14cb5aa0)
     at handler.cc:395
 #11 0x000000000079dac7 in plugin_deinitialize (plugin=0x14cb5aa0,
     ref_check=true) at sql_plugin.cc:828
 #12 0x000000000079de6c in reap_plugins () at sql_plugin.cc:916
 #13 0x000000000079fea5 in plugin_shutdown () at sql_plugin.cc:1551
 #14 0x00000000005e06cf in clean_up (print_message=true) at mysqld.cc:1332
 #15 0x00000000005e0cf2 in unireg_end () at mysqld.cc:1258
 #16 0x00000000005e4545 in kill_server (sig_ptr=0x0) at mysqld.cc:1193
 #17 0x00000000005e4569 in kill_server_thread (arg=0x40b50118) at mysqld.cc:1221
 #18 0x0000003acc80673d in start_thread () from /lib64/libpthread.so.0
 #19 0x0000003acbcd3d1d in clone () from /lib64/libc.so.6

How to repeat:
InnoDB internal stress/recovery testing
[4 Aug 2010 3:07] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:


3544 Jimmy Yang	2010-08-03
      Backport "NULL pointer check for ut_free()" from mysql-trunk-innodb to
      mysql-5.1-innodb plugin to fix bug #55627 segv in ut_free pars_lexer_close
      innobase_shutdown innodb-use-sys-malloc=0.
[28 Sep 2010 8:48] Bugs System
Pushed into mysql-5.1 5.1.52 (revid:sunanda.menon@sun.com-20100928083322-wangbv97uobu7g66) (version source revid:sunanda.menon@sun.com-20100928083322-wangbv97uobu7g66) (merge vers: 5.1.52) (pib:21)
[28 Sep 2010 15:39] Bugs System
Pushed into mysql-trunk 5.6.1-m4 (revid:alik@sun.com-20100928153607-tdsxkdm5cmuym5sq) (version source revid:alik@sun.com-20100928153508-0saa6v93dinqx1u7) (merge vers: 5.6.1-m4) (pib:21)
[28 Sep 2010 15:42] Bugs System
Pushed into mysql-next-mr (revid:alik@sun.com-20100928153646-pqp8o1a92mxtuj3h) (version source revid:alik@sun.com-20100928153532-lr3gtvnyp2en4y75) (pib:21)
[28 Sep 2010 15:44] Bugs System
Pushed into mysql-5.5 5.5.7-rc (revid:alik@sun.com-20100928153459-4nudf4zgzlou4s7q) (version source revid:alik@sun.com-20100928153459-4nudf4zgzlou4s7q) (merge vers: 5.5.7-rc) (pib:21)
[6 Oct 2010 17:34] John Russell
Added to change log:

The server could crash on shutdown, if started with --innodb-use-system-malloc=0.
[14 Oct 2010 8:27] Bugs System
Pushed into mysql-5.1-telco-7.0 5.1.51-ndb-7.0.20 (revid:martin.skold@mysql.com-20101014082627-jrmy9xbfbtrebw3c) (version source revid:martin.skold@mysql.com-20101014082627-jrmy9xbfbtrebw3c) (merge vers: 5.1.51-ndb-7.0.20) (pib:21)
[14 Oct 2010 8:42] Bugs System
Pushed into mysql-5.1-telco-6.3 5.1.51-ndb-6.3.39 (revid:martin.skold@mysql.com-20101014083757-5qo48b86d69zjvzj) (version source revid:martin.skold@mysql.com-20101014083757-5qo48b86d69zjvzj) (merge vers: 5.1.51-ndb-6.3.39) (pib:21)
[14 Oct 2010 8:57] Bugs System
Pushed into mysql-5.1-telco-6.2 5.1.51-ndb-6.2.19 (revid:martin.skold@mysql.com-20101014084420-y54ecj85j5we27oa) (version source revid:martin.skold@mysql.com-20101014084420-y54ecj85j5we27oa) (merge vers: 5.1.51-ndb-6.2.19) (pib:21)