Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Duplicate
-
10.0(EOL), 10.1(EOL), 10.2(EOL)
-
None
-
10.2.1-5
Description
|
Stack trace from 10.1 commit 2783fc7d14bc8ad16acfeb509d3b19615023f47a |
$ perl ./mtr connect.tbl --valgrind-mysqld
|
...
|
==4781== Invalid read of size 4
|
==4781== at 0xEE259E: vio_blocking (viosocket.c:364)
|
==4781== by 0xEE3771: vio_socket_connect (viosocket.c:1168)
|
==4781== by 0x800227: connect_sync_or_async (client.c:3021)
|
==4781== by 0x8009F7: mysql_real_connect (client.c:3225)
|
==4781== by 0xC34CE0C: MYSQLC::Open(_global*, char const*, char const*, char const*, char const*, int, char const*) (myconn.cpp:487)
|
==4781== by 0xC374C60: TDBMYSQL::OpenDB(_global*) (tabmysql.cpp:873)
|
==4781== by 0xC380C92: ThreadOpen (tabtbl.cpp:573)
|
==4781== by 0x4E3D0A3: start_thread (in /lib64/libpthread-2.19.so)
|
==4781== by 0x6CFF04C: clone (in /lib64/libc-2.19.so)
|
==4781== Address 0x126764e0 is 112 bytes inside a block of size 612 free'd
|
==4781== at 0x4C2A42C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
|
==4781== by 0xE9800A: free_memory (safemalloc.c:276)
|
==4781== by 0xE97CC6: sf_free (safemalloc.c:194)
|
==4781== by 0xE85902: my_free (my_malloc.c:216)
|
==4781== by 0xEE15F7: vio_delete (vio.c:377)
|
==4781== by 0x7FBCE7: end_server (client.c:933)
|
==4781== by 0x80279D: mysql_close_slow_part (client.c:3937)
|
==4781== by 0x802806: mysql_close (client.c:3948)
|
==4781== by 0xC34DDE6: MYSQLC::Close() (myconn.cpp:1011)
|
==4781== by 0xC375C18: TDBMYSQL::CloseDB(_global*) (tabmysql.cpp:1211)
|
==4781== by 0xC38154F: TDBTBM::ReadNextRemote(_global*) (tabtbl.cpp:780)
|
==4781== by 0xC38134B: TDBTBM::ReadDB(_global*) (tabtbl.cpp:745)
|
==4781== by 0xC305E0B: CntReadNext(_global*, TDB*) (connect.cc:465)
|
==4781== by 0xC2F98A9: ha_connect::rnd_next(unsigned char*) (ha_connect.cc:3768)
|
==4781== by 0x83E520: handler::ha_rnd_next(unsigned char*) (handler.cc:2577)
|
==4781== by 0x83404C: find_all_keys(THD*, Sort_param*, SQL_SELECT*, Filesort_info*, st_io_cache*, st_io_cache*, Bounded_queue<unsigned char, unsigned char>*, unsigned long long*) (filesort.cc:765)
|
...
|
...
|
==4781== Invalid read of size 8
|
==4781== at 0x80110B: mysql_real_connect (client.c:3392)
|
==4781== by 0xC34CE0C: MYSQLC::Open(_global*, char const*, char const*, char const*, char const*, int, char const*) (myconn.cpp:487)
|
==4781== by 0xC374C60: TDBMYSQL::OpenDB(_global*) (tabmysql.cpp:873)
|
==4781== by 0xC380C92: ThreadOpen (tabtbl.cpp:573)
|
==4781== by 0x4E3D0A3: start_thread (in /lib64/libpthread-2.19.so)
|
==4781== by 0x6CFF04C: clone (in /lib64/libc-2.19.so)
|
==4781== Address 0x12673c20 is 1,264 bytes inside a block of size 1,388 free'd
|
==4781== at 0x4C2A42C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
|
==4781== by 0xE9800A: free_memory (safemalloc.c:276)
|
==4781== by 0xE97CC6: sf_free (safemalloc.c:194)
|
==4781== by 0xE85902: my_free (my_malloc.c:216)
|
==4781== by 0x802852: mysql_close (client.c:3960)
|
==4781== by 0xC34DDE6: MYSQLC::Close() (myconn.cpp:1011)
|
==4781== by 0xC375C18: TDBMYSQL::CloseDB(_global*) (tabmysql.cpp:1211)
|
==4781== by 0xC38154F: TDBTBM::ReadNextRemote(_global*) (tabtbl.cpp:780)
|
==4781== by 0xC38134B: TDBTBM::ReadDB(_global*) (tabtbl.cpp:745)
|
==4781== by 0xC305E0B: CntReadNext(_global*, TDB*) (connect.cc:465)
|
==4781== by 0xC2F98A9: ha_connect::rnd_next(unsigned char*) (ha_connect.cc:3768)
|
==4781== by 0x83E520: handler::ha_rnd_next(unsigned char*) (handler.cc:2577)
|
==4781== by 0x83404C: find_all_keys(THD*, Sort_param*, SQL_SELECT*, Filesort_info*, st_io_cache*, st_io_cache*, Bounded_queue<unsigned char, unsigned char>*, unsigned long
|
long*) (filesort.cc:765)
|
==4781== by 0x832A88: filesort(THD*, TABLE*, st_sort_field*, unsigned int, SQL_SELECT*, unsigned long long, bool, unsigned long long*, unsigned long long*, Filesort_tracke
|
r*) (filesort.cc:301)
|
==4781== by 0x66D83D: create_sort_index(THD*, JOIN*, st_order*, unsigned long long, unsigned long long, bool) (sql_select.cc:21328)
|
==4781== by 0x640B3A: JOIN::exec_inner() (sql_select.cc:3198)
|
==4781==
|
==4781== Invalid read of size 8
|
==4781== at 0x801112: mysql_real_connect (client.c:3392)
|
==4781== by 0xC34CE0C: MYSQLC::Open(_global*, char const*, char const*, char const*, char const*, int, char const*) (myconn.cpp:487)
|
==4781== by 0xC374C60: TDBMYSQL::OpenDB(_global*) (tabmysql.cpp:873)
|
==4781== by 0xC380C92: ThreadOpen (tabtbl.cpp:573)
|
==4781== by 0x4E3D0A3: start_thread (in /lib64/libpthread-2.19.so)
|
==4781== by 0x6CFF04C: clone (in /lib64/libc-2.19.so)
|
==4781== Address 0x8f8f8f8f8f8f8fb7 is not stack'd, malloc'd or (recently) free'd
|
...
|
160331 14:56:53 [ERROR] mysqld got signal 11 ;
|
...
|
Server version: 10.1.13-MariaDB-debug
|
key_buffer_size=1048576
|
read_buffer_size=131072
|
max_used_connections=3
|
max_threads=153
|
thread_count=2
|
It is possible that mysqld could use up to
|
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 62975 K bytes of memory
|
Hope that's ok; if not, decrease some variables in the equation.
|
|
|
Thread pointer: 0x0xe329ee0
|
Attempting backtrace. You can use the following information to find out
|
where mysqld died. If you see no messages after this, something went
|
terribly wrong...
|
stack_bottom = 0x4116230 thread_stack 0x48400
|
/bld/10.1/bin/mysqld(my_print_stacktrace+0x38)[0xe8b688]
|
/bld/10.1/bin/mysqld(handle_fatal_signal+0x390)[0x837f6f]
|
mysys/stacktrace.c:246(my_print_stacktrace)[0x4e44890]
|
sql-common/client.c:3392(mysql_real_connect)[0x801112]
|
/bld/10.1/lib/plugin/ha_connect.so(_ZN6MYSQLC4OpenEP7_globalPKcS3_S3_S3_iS3_+0x177)[0xc34ce0d]
|
/bld/10.1/lib/plugin/ha_connect.so(_ZN8TDBMYSQL6OpenDBEP7_global+0xd5)[0xc374c61]
|
/bld/10.1/lib/plugin/ha_connect.so(ThreadOpen+0x5f)[0xc380c93]
|
/lib64/libpthread.so.0(+0x80a4)[0x4e3d0a4]
|
/lib64/libc.so.6(clone+0x6d)[0x6cff04d]
|
|
|
Trying to get some variables.
|
Some pointers may be invalid and cause the dump to abort.
|
Query (0xe33ab28): SELECT * FROM total order by v desc
|
Attachments
Issue Links
- blocks
-
MDEV-7069 Fix buildbot failures in main server trees
-
- Stalled
-
- duplicates
-
-
- Closed
-
Activity
Working on Windows, I cannot reproduce these errors. Indeed they seem to happen when trying to connect to a local server using Unix socket.
All these errors, according to the valgrind out put, occur in the client program and the line numbers often match parts that are not enabled on Windows and dealing with Unix sockets.
Invalid read or write are flagged by Valgrind when using a memory that is not available, for instance reading in a block that has been freed. Here it seems to happen when reading or writhing to the mysql block, the one that is passed as first argument when calling mysql api functions.
Obviously it was not freed but there may be a problem if it belong to another thread heap?
In my code one suspect item is in myconn.cpp line 483:
// Don't know what this one do but FEDERATED does it
|
mysql_options(m_DB, MYSQL_OPT_USE_THREAD_SPECIFIC_MEMORY,
|
(char*)&my_true);
|
Elena, could you try removing it and see what happens?
Thanks.
Hi bertrandop,
It doesn't seem to help. I tried to remove the lines on current 10.0, but I'm still getting a crash (sporadically):
160606 23:18:01 [ERROR] mysqld got signal 11 ;
|
This could be because you hit a bug. It is also possible that this binary
|
or one of the libraries it was linked against is corrupt, improperly built,
|
or misconfigured. This error can also be caused by malfunctioning hardware.
|
|
|
To report this bug, see https://mariadb.com/kb/en/reporting-bugs
|
|
|
We will try our best to scrape up some info that will hopefully help
|
diagnose the problem, but since we have already crashed,
|
something is definitely wrong and this may fail.
|
|
|
Server version: 10.0.26-MariaDB-debug
|
key_buffer_size=1048576
|
read_buffer_size=131072
|
max_used_connections=4
|
max_threads=153
|
thread_count=2
|
It is possible that mysqld could use up to
|
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 62846 K bytes of memory
|
Hope that's ok; if not, decrease some variables in the equation.
|
|
|
Thread pointer: 0x0xc042990
|
Attempting backtrace. You can use the following information to find out
|
where mysqld died. If you see no messages after this, something went
|
terribly wrong...
|
stack_bottom = 0x4114e28 thread_stack 0x48000
|
mysys/stacktrace.c:246(my_print_stacktrace)[0xf65057]
|
sql/signal_handler.cc:155(handle_fatal_signal)[0x855197]
|
/lib64/libpthread.so.0(+0xf890)[0x4e44890]
|
sql-common/client.c:3393(mysql_real_connect)[0x822b26]
|
connect/myconn.cpp:487(MYSQLC::Open(_global*, char const*, char const*, char const*, char const*, int, char const*))[0xde3d2b]
|
connect/tabmysql.cpp:875(TDBMYSQL::OpenDB(_global*))[0xe0b0f4]
|
connect/tabtbl.cpp:573(ThreadOpen)[0xe16e27]
|
/lib64/libpthread.so.0(+0x80a4)[0x4e3d0a4]
|
/lib64/libc.so.6(clone+0x6d)[0x67e904d]
|
|
|
Trying to get some variables.
|
Some pointers may be invalid and cause the dump to abort.
|
Query (0xc083908): SELECT * FROM total order by v desc
|
Connection ID (thread ID): 111
|
Status: NOT_KILLED
|
==2866== Thread 6:
|
==2866== Invalid read of size 4
|
==2866== at 0xFB077D: vio_blocking (viosocket.c:364)
|
==2866== by 0xFB186E: vio_socket_connect (viosocket.c:1168)
|
==2866== by 0x821D18: connect_sync_or_async (client.c:3021)
|
==2866== by 0x8224A4: mysql_real_connect (client.c:3226)
|
==2866== by 0xDE3D2A: MYSQLC::Open(_global*, char const*, char const*, char const*, char const*, int, char const*) (myconn.cpp:487)
|
==2866== by 0xE0B0F3: TDBMYSQL::OpenDB(_global*) (tabmysql.cpp:875)
|
==2866== by 0xE16E26: ThreadOpen (tabtbl.cpp:573)
|
==2866== by 0x4E3D0A3: start_thread (in /lib64/libpthread-2.19.so)
|
==2866== by 0x67E904C: clone (in /lib64/libc-2.19.so)
|
==2866== Address 0x12f04030 is 112 bytes inside a block of size 612 free'd
|
==2866== at 0x4C2A42C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
|
==2866== by 0xF7056E: free_memory (safemalloc.c:276)
|
==2866== by 0xF70235: sf_free (safemalloc.c:194)
|
==2866== by 0xF5F6C2: my_free (my_malloc.c:216)
|
==2866== by 0xFAF7F5: vio_delete (vio.c:377)
|
==2866== by 0x81DCAF: end_server (client.c:933)
|
==2866== by 0x8240B5: mysql_close_slow_part (client.c:3938)
|
==2866== by 0x82411E: mysql_close (client.c:3949)
|
==2866== by 0xDE4D18: MYSQLC::Close() (myconn.cpp:1016)
|
==2866== by 0xE0C029: TDBMYSQL::CloseDB(_global*) (tabmysql.cpp:1213)
|
==2866== by 0xE176DD: TDBTBM::ReadNextRemote(_global*) (tabtbl.cpp:780)
|
==2866== by 0xE174D9: TDBTBM::ReadDB(_global*) (tabtbl.cpp:745)
|
==2866== by 0xDCEF3E: CntReadNext(_global*, TDB*) (connect.cc:465)
|
==2866== by 0xDC5360: ha_connect::rnd_next(unsigned char*) (ha_connect.cc:3771)
|
==2866== by 0x85B225: handler::ha_rnd_next(unsigned char*) (handler.cc:2597)
|
==2866== by 0x851464: find_all_keys(Sort_param*, SQL_SELECT*, Filesort_info*, st_io_cache*, st_io_cache*, Bounded_queue<unsigned char, unsigned char>*, unsigned long long*) (filesort.cc:754)
|
==2866==
|
==2866== Invalid read of size 8
|
==2866== at 0xFB077F: vio_blocking (viosocket.c:364)
|
==2866== by 0xFB186E: vio_socket_connect (viosocket.c:1168)
|
==2866== by 0x821D18: connect_sync_or_async (client.c:3021)
|
==2866== by 0x8224A4: mysql_real_connect (client.c:3226)
|
==2866== by 0xDE3D2A: MYSQLC::Open(_global*, char const*, char const*, char const*, char const*, int, char const*) (myconn.cpp:487)
|
==2866== by 0xE0B0F3: TDBMYSQL::OpenDB(_global*) (tabmysql.cpp:875)
|
==2866== by 0xE16E26: ThreadOpen (tabtbl.cpp:573)
|
==2866== by 0x4E3D0A3: start_thread (in /lib64/libpthread-2.19.so)
|
==2866== by 0x67E904C: clone (in /lib64/libc-2.19.so)
|
==2866== Address 0x12f04038 is 120 bytes inside a block of size 612 free'd
|
==2866== at 0x4C2A42C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
|
==2866== by 0xF7056E: free_memory (safemalloc.c:276)
|
==2866== by 0xF70235: sf_free (safemalloc.c:194)
|
==2866== by 0xF5F6C2: my_free (my_malloc.c:216)
|
==2866== by 0xFAF7F5: vio_delete (vio.c:377)
|
==2866== by 0x81DCAF: end_server (client.c:933)
|
==2866== by 0x8240B5: mysql_close_slow_part (client.c:3938)
|
==2866== by 0x82411E: mysql_close (client.c:3949)
|
==2866== by 0xDE4D18: MYSQLC::Close() (myconn.cpp:1016)
|
==2866== by 0xE0C029: TDBMYSQL::CloseDB(_global*) (tabmysql.cpp:1213)
|
==2866== by 0xE176DD: TDBTBM::ReadNextRemote(_global*) (tabtbl.cpp:780)
|
==2866== by 0xE174D9: TDBTBM::ReadDB(_global*) (tabtbl.cpp:745)
|
==2866== by 0xDCEF3E: CntReadNext(_global*, TDB*) (connect.cc:465)
|
==2866== by 0xDC5360: ha_connect::rnd_next(unsigned char*) (ha_connect.cc:3771)
|
==2866== by 0x85B225: handler::ha_rnd_next(unsigned char*) (handler.cc:2597)
|
==2866== by 0x851464: find_all_keys(Sort_param*, SQL_SELECT*, Filesort_info*, st_io_cache*, st_io_cache*, Bounded_queue<unsigned char, unsigned char>*, unsigned long long*) (filesort.cc:754)
|
==2866==
|
==2866== Invalid read of size 4
|
==2866== at 0xFB07B3: vio_blocking (viosocket.c:368)
|
==2866== by 0xFB186E: vio_socket_connect (viosocket.c:1168)
|
==2866== by 0x821D18: connect_sync_or_async (client.c:3021)
|
==2866== by 0x8224A4: mysql_real_connect (client.c:3226)
|
==2866== by 0xDE3D2A: MYSQLC::Open(_global*, char const*, char const*, char const*, char const*, int, char const*) (myconn.cpp:487)
|
==2866== by 0xE0B0F3: TDBMYSQL::OpenDB(_global*) (tabmysql.cpp:875)
|
==2866== by 0xE16E26: ThreadOpen (tabtbl.cpp:573)
|
==2866== by 0x4E3D0A3: start_thread (in /lib64/libpthread-2.19.so)
|
==2866== by 0x67E904C: clone (in /lib64/libc-2.19.so)
|
==2866== Address 0x12f04044 is 132 bytes inside a block of size 612 free'd
|
==2866== at 0x4C2A42C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
|
==2866== by 0xF7056E: free_memory (safemalloc.c:276)
|
==2866== by 0xF70235: sf_free (safemalloc.c:194)
|
==2866== by 0xF5F6C2: my_free (my_malloc.c:216)
|
==2866== by 0xFAF7F5: vio_delete (vio.c:377)
|
==2866== by 0x81DCAF: end_server (client.c:933)
|
==2866== by 0x8240B5: mysql_close_slow_part (client.c:3938)
|
==2866== by 0x82411E: mysql_close (client.c:3949)
|
==2866== by 0xDE4D18: MYSQLC::Close() (myconn.cpp:1016)
|
==2866== by 0xE0C029: TDBMYSQL::CloseDB(_global*) (tabmysql.cpp:1213)
|
==2866== by 0xE176DD: TDBTBM::ReadNextRemote(_global*) (tabtbl.cpp:780)
|
==2866== by 0xE174D9: TDBTBM::ReadDB(_global*) (tabtbl.cpp:745)
|
==2866== by 0xDCEF3E: CntReadNext(_global*, TDB*) (connect.cc:465)
|
==2866== by 0xDC5360: ha_connect::rnd_next(unsigned char*) (ha_connect.cc:3771)
|
==2866== by 0x85B225: handler::ha_rnd_next(unsigned char*) (handler.cc:2597)
|
==2866== by 0x851464: find_all_keys(Sort_param*, SQL_SELECT*, Filesort_info*, st_io_cache*, st_io_cache*, Bounded_queue<unsigned char, unsigned char>*, unsigned long long*) (filesort.cc:754)
|
==2866==
|
==2866== Invalid write of size 4
|
==2866== at 0x822545: mysql_real_connect (client.c:3239)
|
==2866== by 0xDE3D2A: MYSQLC::Open(_global*, char const*, char const*, char const*, char const*, int, char const*) (myconn.cpp:487)
|
==2866== by 0xE0B0F3: TDBMYSQL::OpenDB(_global*) (tabmysql.cpp:875)
|
==2866== by 0xE16E26: ThreadOpen (tabtbl.cpp:573)
|
==2866== by 0x4E3D0A3: start_thread (in /lib64/libpthread-2.19.so)
|
==2866== by 0x67E904C: clone (in /lib64/libc-2.19.so)
|
==2866== Address 0x12f03a10 is 1,040 bytes inside a block of size 1,388 free'd
|
==2866== at 0x4C2A42C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
|
==2866== by 0xF7056E: free_memory (safemalloc.c:276)
|
==2866== by 0xF70235: sf_free (safemalloc.c:194)
|
==2866== by 0xF5F6C2: my_free (my_malloc.c:216)
|
==2866== by 0x82416A: mysql_close (client.c:3961)
|
==2866== by 0xDE4D18: MYSQLC::Close() (myconn.cpp:1016)
|
==2866== by 0xE0C029: TDBMYSQL::CloseDB(_global*) (tabmysql.cpp:1213)
|
==2866== by 0xE176DD: TDBTBM::ReadNextRemote(_global*) (tabtbl.cpp:780)
|
==2866== by 0xE174D9: TDBTBM::ReadDB(_global*) (tabtbl.cpp:745)
|
==2866== by 0xDCEF3E: CntReadNext(_global*, TDB*) (connect.cc:465)
|
==2866== by 0xDC5360: ha_connect::rnd_next(unsigned char*) (ha_connect.cc:3771)
|
==2866== by 0x85B225: handler::ha_rnd_next(unsigned char*) (handler.cc:2597)
|
==2866== by 0x851464: find_all_keys(Sort_param*, SQL_SELECT*, Filesort_info*, st_io_cache*, st_io_cache*, Bounded_queue<unsigned char, unsigned char>*, unsigned long long*) (filesort.cc:754)
|
==2866== by 0x850058: filesort(THD*, TABLE*, st_sort_field*, unsigned int, SQL_SELECT*, unsigned long long, bool, unsigned long long*, unsigned long long*) (filesort.cc:297)
|
==2866== by 0x6CE10B: create_sort_index(THD*, JOIN*, st_order*, unsigned long long, unsigned long long, bool) (sql_select.cc:20838)
|
==2866== by 0x6A3572: JOIN::exec_inner() (sql_select.cc:3054)
|
==2866==
|
==2866== Invalid read of size 4
|
==2866== at 0x822567: mysql_real_connect (client.c:3270)
|
==2866== by 0xDE3D2A: MYSQLC::Open(_global*, char const*, char const*, char const*, char const*, int, char const*) (myconn.cpp:487)
|
==2866== by 0xE0B0F3: TDBMYSQL::OpenDB(_global*) (tabmysql.cpp:875)
|
==2866== by 0xE16E26: ThreadOpen (tabtbl.cpp:573)
|
==2866== by 0x4E3D0A3: start_thread (in /lib64/libpthread-2.19.so)
|
==2866== by 0x67E904C: clone (in /lib64/libc-2.19.so)
|
==2866== Address 0x12f03a10 is 1,040 bytes inside a block of size 1,388 free'd
|
==2866== at 0x4C2A42C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
|
==2866== by 0xF7056E: free_memory (safemalloc.c:276)
|
==2866== by 0xF70235: sf_free (safemalloc.c:194)
|
==2866== by 0xF5F6C2: my_free (my_malloc.c:216)
|
==2866== by 0x82416A: mysql_close (client.c:3961)
|
==2866== by 0xDE4D18: MYSQLC::Close() (myconn.cpp:1016)
|
==2866== by 0xE0C029: TDBMYSQL::CloseDB(_global*) (tabmysql.cpp:1213)
|
==2866== by 0xE176DD: TDBTBM::ReadNextRemote(_global*) (tabtbl.cpp:780)
|
==2866== by 0xE174D9: TDBTBM::ReadDB(_global*) (tabtbl.cpp:745)
|
==2866== by 0xDCEF3E: CntReadNext(_global*, TDB*) (connect.cc:465)
|
==2866== by 0xDC5360: ha_connect::rnd_next(unsigned char*) (ha_connect.cc:3771)
|
==2866== by 0x85B225: handler::ha_rnd_next(unsigned char*) (handler.cc:2597)
|
==2866== by 0x851464: find_all_keys(Sort_param*, SQL_SELECT*, Filesort_info*, st_io_cache*, st_io_cache*, Bounded_queue<unsigned char, unsigned char>*, unsigned long long*) (filesort.cc:754)
|
==2866== by 0x850058: filesort(THD*, TABLE*, st_sort_field*, unsigned int, SQL_SELECT*, unsigned long long, bool, unsigned long long*, unsigned long long*) (filesort.cc:297)
|
==2866== by 0x6CE10B: create_sort_index(THD*, JOIN*, st_order*, unsigned long long, unsigned long long, bool) (sql_select.cc:20838)
|
==2866== by 0x6A3572: JOIN::exec_inner() (sql_select.cc:3054)
|
==2866==
|
==2866== Invalid read of size 8
|
==2866== at 0x822571: mysql_real_connect (client.c:3270)
|
==2866== by 0xDE3D2A: MYSQLC::Open(_global*, char const*, char const*, char const*, char const*, int, char const*) (myconn.cpp:487)
|
==2866== by 0xE0B0F3: TDBMYSQL::OpenDB(_global*) (tabmysql.cpp:875)
|
==2866== by 0xE16E26: ThreadOpen (tabtbl.cpp:573)
|
==2866== by 0x4E3D0A3: start_thread (in /lib64/libpthread-2.19.so)
|
==2866== by 0x67E904C: clone (in /lib64/libc-2.19.so)
|
==2866== Address 0x12f03670 is 112 bytes inside a block of size 1,388 free'd
|
==2866== at 0x4C2A42C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
|
==2866== by 0xF7056E: free_memory (safemalloc.c:276)
|
==2866== by 0xF70235: sf_free (safemalloc.c:194)
|
==2866== by 0xF5F6C2: my_free (my_malloc.c:216)
|
==2866== by 0x82416A: mysql_close (client.c:3961)
|
==2866== by 0xDE4D18: MYSQLC::Close() (myconn.cpp:1016)
|
==2866== by 0xE0C029: TDBMYSQL::CloseDB(_global*) (tabmysql.cpp:1213)
|
==2866== by 0xE176DD: TDBTBM::ReadNextRemote(_global*) (tabtbl.cpp:780)
|
==2866== by 0xE174D9: TDBTBM::ReadDB(_global*) (tabtbl.cpp:745)
|
==2866== by 0xDCEF3E: CntReadNext(_global*, TDB*) (connect.cc:465)
|
==2866== by 0xDC5360: ha_connect::rnd_next(unsigned char*) (ha_connect.cc:3771)
|
==2866== by 0x85B225: handler::ha_rnd_next(unsigned char*) (handler.cc:2597)
|
==2866== by 0x851464: find_all_keys(Sort_param*, SQL_SELECT*, Filesort_info*, st_io_cache*, st_io_cache*, Bounded_queue<unsigned char, unsigned char>*, unsigned long long*) (filesort.cc:754)
|
==2866== by 0x850058: filesort(THD*, TABLE*, st_sort_field*, unsigned int, SQL_SELECT*, unsigned long long, bool, unsigned long long*, unsigned long long*) (filesort.cc:297)
|
==2866== by 0x6CE10B: create_sort_index(THD*, JOIN*, st_order*, unsigned long long, unsigned long long, bool) (sql_select.cc:20838)
|
==2866== by 0x6A3572: JOIN::exec_inner() (sql_select.cc:3054)
|
==2866==
|
==2866== Invalid read of size 8
|
==2866== at 0x82258C: mysql_real_connect (client.c:3272)
|
==2866== by 0xDE3D2A: MYSQLC::Open(_global*, char const*, char const*, char const*, char const*, int, char const*) (myconn.cpp:487)
|
==2866== by 0xE0B0F3: TDBMYSQL::OpenDB(_global*) (tabmysql.cpp:875)
|
==2866== by 0xE16E26: ThreadOpen (tabtbl.cpp:573)
|
==2866== by 0x4E3D0A3: start_thread (in /lib64/libpthread-2.19.so)
|
==2866== by 0x67E904C: clone (in /lib64/libc-2.19.so)
|
==2866== Address 0x12f03670 is 112 bytes inside a block of size 1,388 free'd
|
==2866== at 0x4C2A42C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
|
==2866== by 0xF7056E: free_memory (safemalloc.c:276)
|
==2866== by 0xF70235: sf_free (safemalloc.c:194)
|
==2866== by 0xF5F6C2: my_free (my_malloc.c:216)
|
==2866== by 0x82416A: mysql_close (client.c:3961)
|
==2866== by 0xDE4D18: MYSQLC::Close() (myconn.cpp:1016)
|
==2866== by 0xE0C029: TDBMYSQL::CloseDB(_global*) (tabmysql.cpp:1213)
|
==2866== by 0xE176DD: TDBTBM::ReadNextRemote(_global*) (tabtbl.cpp:780)
|
==2866== by 0xE174D9: TDBTBM::ReadDB(_global*) (tabtbl.cpp:745)
|
==2866== by 0xDCEF3E: CntReadNext(_global*, TDB*) (connect.cc:465)
|
==2866== by 0xDC5360: ha_connect::rnd_next(unsigned char*) (ha_connect.cc:3771)
|
==2866== by 0x85B225: handler::ha_rnd_next(unsigned char*) (handler.cc:2597)
|
==2866== by 0x851464: find_all_keys(Sort_param*, SQL_SELECT*, Filesort_info*, st_io_cache*, st_io_cache*, Bounded_queue<unsigned char, unsigned char>*, unsigned long long*) (filesort.cc:754)
|
==2866== by 0x850058: filesort(THD*, TABLE*, st_sort_field*, unsigned int, SQL_SELECT*, unsigned long long, bool, unsigned long long*, unsigned long long*) (filesort.cc:297)
|
==2866== by 0x6CE10B: create_sort_index(THD*, JOIN*, st_order*, unsigned long long, unsigned long long, bool) (sql_select.cc:20838)
|
==2866== by 0x6A3572: JOIN::exec_inner() (sql_select.cc:3054)
|
==2866==
|
==2866== Invalid read of size 8
|
==2866== at 0x822A8E: mysql_real_connect (client.c:3385)
|
==2866== by 0xDE3D2A: MYSQLC::Open(_global*, char const*, char const*, char const*, char const*, int, char const*) (myconn.cpp:487)
|
==2866== by 0xE0B0F3: TDBMYSQL::OpenDB(_global*) (tabmysql.cpp:875)
|
==2866== by 0xE16E26: ThreadOpen (tabtbl.cpp:573)
|
==2866== by 0x4E3D0A3: start_thread (in /lib64/libpthread-2.19.so)
|
==2866== by 0x67E904C: clone (in /lib64/libc-2.19.so)
|
==2866== Address 0x12f03670 is 112 bytes inside a block of size 1,388 free'd
|
==2866== at 0x4C2A42C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
|
==2866== by 0xF7056E: free_memory (safemalloc.c:276)
|
==2866== by 0xF70235: sf_free (safemalloc.c:194)
|
==2866== by 0xF5F6C2: my_free (my_malloc.c:216)
|
==2866== by 0x82416A: mysql_close (client.c:3961)
|
==2866== by 0xDE4D18: MYSQLC::Close() (myconn.cpp:1016)
|
==2866== by 0xE0C029: TDBMYSQL::CloseDB(_global*) (tabmysql.cpp:1213)
|
==2866== by 0xE176DD: TDBTBM::ReadNextRemote(_global*) (tabtbl.cpp:780)
|
==2866== by 0xE174D9: TDBTBM::ReadDB(_global*) (tabtbl.cpp:745)
|
==2866== by 0xDCEF3E: CntReadNext(_global*, TDB*) (connect.cc:465)
|
==2866== by 0xDC5360: ha_connect::rnd_next(unsigned char*) (ha_connect.cc:3771)
|
==2866== by 0x85B225: handler::ha_rnd_next(unsigned char*) (handler.cc:2597)
|
==2866== by 0x851464: find_all_keys(Sort_param*, SQL_SELECT*, Filesort_info*, st_io_cache*, st_io_cache*, Bounded_queue<unsigned char, unsigned char>*, unsigned long long*) (filesort.cc:754)
|
==2866== by 0x850058: filesort(THD*, TABLE*, st_sort_field*, unsigned int, SQL_SELECT*, unsigned long long, bool, unsigned long long*, unsigned long long*) (filesort.cc:297)
|
==2866== by 0x6CE10B: create_sort_index(THD*, JOIN*, st_order*, unsigned long long, unsigned long long, bool) (sql_select.cc:20838)
|
==2866== by 0x6A3572: JOIN::exec_inner() (sql_select.cc:3054)
|
==2866==
|
==2866== Invalid read of size 8
|
==2866== at 0x822AA9: mysql_real_connect (client.c:3386)
|
==2866== by 0xDE3D2A: MYSQLC::Open(_global*, char const*, char const*, char const*, char const*, int, char const*) (myconn.cpp:487)
|
==2866== by 0xE0B0F3: TDBMYSQL::OpenDB(_global*) (tabmysql.cpp:875)
|
==2866== by 0xE16E26: ThreadOpen (tabtbl.cpp:573)
|
==2866== by 0x4E3D0A3: start_thread (in /lib64/libpthread-2.19.so)
|
==2866== by 0x67E904C: clone (in /lib64/libc-2.19.so)
|
==2866== Address 0x12f03670 is 112 bytes inside a block of size 1,388 free'd
|
==2866== at 0x4C2A42C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
|
==2866== by 0xF7056E: free_memory (safemalloc.c:276)
|
==2866== by 0xF70235: sf_free (safemalloc.c:194)
|
==2866== by 0xF5F6C2: my_free (my_malloc.c:216)
|
==2866== by 0x82416A: mysql_close (client.c:3961)
|
==2866== by 0xDE4D18: MYSQLC::Close() (myconn.cpp:1016)
|
==2866== by 0xE0C029: TDBMYSQL::CloseDB(_global*) (tabmysql.cpp:1213)
|
==2866== by 0xE176DD: TDBTBM::ReadNextRemote(_global*) (tabtbl.cpp:780)
|
==2866== by 0xE174D9: TDBTBM::ReadDB(_global*) (tabtbl.cpp:745)
|
==2866== by 0xDCEF3E: CntReadNext(_global*, TDB*) (connect.cc:465)
|
==2866== by 0xDC5360: ha_connect::rnd_next(unsigned char*) (ha_connect.cc:3771)
|
==2866== by 0x85B225: handler::ha_rnd_next(unsigned char*) (handler.cc:2597)
|
==2866== by 0x851464: find_all_keys(Sort_param*, SQL_SELECT*, Filesort_info*, st_io_cache*, st_io_cache*, Bounded_queue<unsigned char, unsigned char>*, unsigned long long*) (filesort.cc:754)
|
==2866== by 0x850058: filesort(THD*, TABLE*, st_sort_field*, unsigned int, SQL_SELECT*, unsigned long long, bool, unsigned long long*, unsigned long long*) (filesort.cc:297)
|
==2866== by 0x6CE10B: create_sort_index(THD*, JOIN*, st_order*, unsigned long long, unsigned long long, bool) (sql_select.cc:20838)
|
==2866== by 0x6A3572: JOIN::exec_inner() (sql_select.cc:3054)
|
==2866==
|
==2866== Invalid read of size 8
|
==2866== at 0x822B0C: mysql_real_connect (client.c:3393)
|
==2866== by 0xDE3D2A: MYSQLC::Open(_global*, char const*, char const*, char const*, char const*, int, char const*) (myconn.cpp:487)
|
==2866== by 0xE0B0F3: TDBMYSQL::OpenDB(_global*) (tabmysql.cpp:875)
|
==2866== by 0xE16E26: ThreadOpen (tabtbl.cpp:573)
|
==2866== by 0x4E3D0A3: start_thread (in /lib64/libpthread-2.19.so)
|
==2866== by 0x67E904C: clone (in /lib64/libc-2.19.so)
|
==2866== Address 0x12f03af0 is 1,264 bytes inside a block of size 1,388 free'd
|
==2866== at 0x4C2A42C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
|
==2866== by 0xF7056E: free_memory (safemalloc.c:276)
|
==2866== by 0xF70235: sf_free (safemalloc.c:194)
|
==2866== by 0xF5F6C2: my_free (my_malloc.c:216)
|
==2866== by 0x82416A: mysql_close (client.c:3961)
|
==2866== by 0xDE4D18: MYSQLC::Close() (myconn.cpp:1016)
|
==2866== by 0xE0C029: TDBMYSQL::CloseDB(_global*) (tabmysql.cpp:1213)
|
==2866== by 0xE176DD: TDBTBM::ReadNextRemote(_global*) (tabtbl.cpp:780)
|
==2866== by 0xE174D9: TDBTBM::ReadDB(_global*) (tabtbl.cpp:745)
|
==2866== by 0xDCEF3E: CntReadNext(_global*, TDB*) (connect.cc:465)
|
==2866== by 0xDC5360: ha_connect::rnd_next(unsigned char*) (ha_connect.cc:3771)
|
==2866== by 0x85B225: handler::ha_rnd_next(unsigned char*) (handler.cc:2597)
|
==2866== by 0x851464: find_all_keys(Sort_param*, SQL_SELECT*, Filesort_info*, st_io_cache*, st_io_cache*, Bounded_queue<unsigned char, unsigned char>*, unsigned long long*) (filesort.cc:754)
|
==2866== by 0x850058: filesort(THD*, TABLE*, st_sort_field*, unsigned int, SQL_SELECT*, unsigned long long, bool, unsigned long long*, unsigned long long*) (filesort.cc:297)
|
==2866== by 0x6CE10B: create_sort_index(THD*, JOIN*, st_order*, unsigned long long, unsigned long long, bool) (sql_select.cc:20838)
|
==2866== by 0x6A3572: JOIN::exec_inner() (sql_select.cc:3054)
|
==2866==
|
==2866== Invalid read of size 8
|
==2866== at 0x822B1F: mysql_real_connect (client.c:3393)
|
==2866== by 0xDE3D2A: MYSQLC::Open(_global*, char const*, char const*, char const*, char const*, int, char const*) (myconn.cpp:487)
|
==2866== by 0xE0B0F3: TDBMYSQL::OpenDB(_global*) (tabmysql.cpp:875)
|
==2866== by 0xE16E26: ThreadOpen (tabtbl.cpp:573)
|
==2866== by 0x4E3D0A3: start_thread (in /lib64/libpthread-2.19.so)
|
==2866== by 0x67E904C: clone (in /lib64/libc-2.19.so)
|
==2866== Address 0x12f03af0 is 1,264 bytes inside a block of size 1,388 free'd
|
==2866== at 0x4C2A42C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
|
==2866== by 0xF7056E: free_memory (safemalloc.c:276)
|
==2866== by 0xF70235: sf_free (safemalloc.c:194)
|
==2866== by 0xF5F6C2: my_free (my_malloc.c:216)
|
==2866== by 0x82416A: mysql_close (client.c:3961)
|
==2866== by 0xDE4D18: MYSQLC::Close() (myconn.cpp:1016)
|
==2866== by 0xE0C029: TDBMYSQL::CloseDB(_global*) (tabmysql.cpp:1213)
|
==2866== by 0xE176DD: TDBTBM::ReadNextRemote(_global*) (tabtbl.cpp:780)
|
==2866== by 0xE174D9: TDBTBM::ReadDB(_global*) (tabtbl.cpp:745)
|
==2866== by 0xDCEF3E: CntReadNext(_global*, TDB*) (connect.cc:465)
|
==2866== by 0xDC5360: ha_connect::rnd_next(unsigned char*) (ha_connect.cc:3771)
|
==2866== by 0x85B225: handler::ha_rnd_next(unsigned char*) (handler.cc:2597)
|
==2866== by 0x851464: find_all_keys(Sort_param*, SQL_SELECT*, Filesort_info*, st_io_cache*, st_io_cache*, Bounded_queue<unsigned char, unsigned char>*, unsigned long long*) (filesort.cc:754)
|
==2866== by 0x850058: filesort(THD*, TABLE*, st_sort_field*, unsigned int, SQL_SELECT*, unsigned long long, bool, unsigned long long*, unsigned long long*) (filesort.cc:297)
|
==2866== by 0x6CE10B: create_sort_index(THD*, JOIN*, st_order*, unsigned long long, unsigned long long, bool) (sql_select.cc:20838)
|
==2866== by 0x6A3572: JOIN::exec_inner() (sql_select.cc:3054)
|
==2866==
|
==2866== Invalid read of size 8
|
==2866== at 0x822B26: mysql_real_connect (client.c:3393)
|
==2866== by 0xDE3D2A: MYSQLC::Open(_global*, char const*, char const*, char const*, char const*, int, char const*) (myconn.cpp:487)
|
==2866== by 0xE0B0F3: TDBMYSQL::OpenDB(_global*) (tabmysql.cpp:875)
|
==2866== by 0xE16E26: ThreadOpen (tabtbl.cpp:573)
|
==2866== by 0x4E3D0A3: start_thread (in /lib64/libpthread-2.19.so)
|
==2866== by 0x67E904C: clone (in /lib64/libc-2.19.so)
|
==2866== Address 0x8f8f8f8f8f8f8fb7 is not stack'd, malloc'd or (recently) free'd
|
==2866==
|
The log from Valgrind clearly shows that one tried to read or write in blocks that were previously freed.
The way Connect handles its memory is to suballoc in a heap that is cleared only at the end of each query. Standard allocations by MariaDB are only done when initialyzing the MYSQL block send as first parameter to all MySQL API calls and the result block used to get result. None of them have a size corresponding to the sizes indicated in the Valgring log.
In addition, these invalid read or write do not happen in Connect code but in Client code executed after calling the API functions for connecting or closing MySQL local connection via Unix socket.
What seems strange to me is why crashes happen only in Valgring tests. If things such as invalid address 0x8f8f8f8f8f8f8fb7 cause the crash, it should happen whether or not controled by Valgrind.
Now it's connect.tbl_thread, but still crashes, see MDEV-13598 (closed as a duplicate).
10.0 also has a problem. Sometimes it hangs, sometimes it fails with this:
connect.tbl w5 [ fail ]Test ended at 2016-05-28 21:34:09CURRENT_TEST: connect.tblmysqltest: At line 66: query 'SELECT * FROM total order by v desc' failed: 1158: Got an error reading communication packetsThe result from queries just before the failure was:< snip >t2 2 NULLt2 3 t2DROP TABLE total;DROP TABLE t1;DROP TABLE t2;DROP TABLE t3;DROP TABLE t4;## Checking thread TBL tables#CREATE TABLE t1 ENGINE=CONNECT TABLE_TYPE=MYSQL SRCDEF='select 11 as v';SELECT * FROM t1;v11CREATE TABLE t2 ENGINE=CONNECT TABLE_TYPE=MYSQL SRCDEF='select 22 as v';SELECT * FROM t2;v22CREATE TABLE total (v BIGINT(20) UNSIGNED NOT NULL) ENGINE=CONNECT TABLE_TYPE=TBL TABLE_LIST='t1,t2' OPTION_LIST='thread=yes,port=PORT';;SELECT * FROM total order by v desc;http://buildbot.askmonty.org/buildbot/builders/work-amd64-valgrind/builds/8842/steps/test/logs/stdio