-
Thayumanavar S authored
(NOTE: This patch is based on the analysis and patch provided by Debarun Banerjee at http://rb.no.oracle.com/rb/r/9259/diff/1/#index_header) Problem : During shutdown, for windows, we are freeing the listener object in handle_shutdown() while the listener is running. handle_shutdown->close_connections [delete mysqld_socket_acceptor;] The listener thread [socket_conn_event_handler] comes out of blocking select call and overwrites freed memory buffer [m_read_fds] at about offset 136. connection_event_loop->listen_for_connection_event select(... &m_select_info.m_read_fds, ...); The memory block size freed here is about 1k. Innodb background threads and session threads allocating small memory heaps (<1024) gets the same block allocated and the end off the heap is[free_block and buf_block] are overwritten causing the ASSERT. This symptom is also reported in three other bugs hitting the ASSERT in stat, purge and session threads.[BUG-19812327 BUG-19786817 BUG-20393051] The exact issue is reproducible on windows with VC debugger attached to server and by breakpoint/sleep to control the execution of different threads. The MSVC RtlBreakPointHeap, however, is triggered by almost once in 2 runs if debugger is attached to server, indicating heap corruption. Solution : One way to solve the issue is to close the listener FDs instead of freeing the listener object and move the free to mysqld_main where it is ensured that listener threads have exited for all platforms.
Thayumanavar S authored(NOTE: This patch is based on the analysis and patch provided by Debarun Banerjee at http://rb.no.oracle.com/rb/r/9259/diff/1/#index_header) Problem : During shutdown, for windows, we are freeing the listener object in handle_shutdown() while the listener is running. handle_shutdown->close_connections [delete mysqld_socket_acceptor;] The listener thread [socket_conn_event_handler] comes out of blocking select call and overwrites freed memory buffer [m_read_fds] at about offset 136. connection_event_loop->listen_for_connection_event select(... &m_select_info.m_read_fds, ...); The memory block size freed here is about 1k. Innodb background threads and session threads allocating small memory heaps (<1024) gets the same block allocated and the end off the heap is[free_block and buf_block] are overwritten causing the ASSERT. This symptom is also reported in three other bugs hitting the ASSERT in stat, purge and session threads.[BUG-19812327 BUG-19786817 BUG-20393051] The exact issue is reproducible on windows with VC debugger attached to server and by breakpoint/sleep to control the execution of different threads. The MSVC RtlBreakPointHeap, however, is triggered by almost once in 2 runs if debugger is attached to server, indicating heap corruption. Solution : One way to solve the issue is to close the listener FDs instead of freeing the listener object and move the free to mysqld_main where it is ensured that listener threads have exited for all platforms.
Loading