Percona Server moved to https://jira.percona.com/projects/PS

  1. Bug #1206065
  2. Comment #19

Comment 19 for bug 1206065

Revision history for this message
Sergei Glushchenko (sergei.glushchenko) wrote : Re: *** glibc detected *** bin/mysqld: free(): corrupted unsorted chunks: 0x000000000321c4a0 *** AT SHUTDOWN | handle_fatal_signal (sig=6) in _int_free (libc) from Events::deinit at sql/events.cc:930

What happened here is concurrent vio_shutdown and vio_delete. So shutdown read from/write to memory which already has been released. Here is how it looks:

==30550== Thread 35:
==30550== Invalid read of size 4
==30550== at 0x8A70199: vio_shutdown (viosocket.c:468)
==30550== by 0x84AB73C: tp_post_kill_notification(THD*) (threadpool_unix.cc:1298)
==30550== by 0x81FFCE8: close_connections() (mysqld.cc:1420)
==30550== by 0x8200318: kill_server(void*) (mysqld.cc:1614)
==30550== by 0x8200368: kill_server_thread (mysqld.cc:1642)
==30550== by 0x87255B3: pfs_spawn_thread (pfs.cc:1855)
==30550== by 0x4A9851: start_thread (in /lib/libpthread-2.5.so)
==30550== by 0x413A8D: clone (in /lib/libc-2.5.so)
==30550== Address 0x1ab97444 is 4 bytes inside a block of size 396 free'd
==30550== at 0x400579D: free (vg_replace_malloc.c:325)
==30550== by 0x86AFA7E: my_free (my_malloc.c:137)
==30550== by 0x8A6F37D: vio_delete (vio.c:349)
==30550== by 0x837E07D: THD::release_resources() (sql_class.cc:1733)
==30550== by 0x84A970D: threadpool_remove_connection(THD*) (threadpool_common.cc:250)
==30550== by 0x84AB56D: connection_abort(connection_t*) (threadpool_unix.cc:1276)
==30550== by 0x84ACA8F: handle_event(connection_t*) (threadpool_unix.cc:1477)
==30550== by 0x84ACC89: worker_main(void*) (threadpool_unix.cc:1519)
==30550== by 0x87255B3: pfs_spawn_thread (pfs.cc:1855)
==30550== by 0x4A9851: start_thread (in /lib/libpthread-2.5.so)
==30550== by 0x413A8D: clone (in /lib/libc-2.5.so)

It's not fixed in lp:~sergei.glushchenko/percona-server/tp-fixes-summarized, but is very unlikely to hit there.
Starting to work on th fix.