Numerous Valgrind errors in OpenSSL

Bug #1334743 reported by Laurynas Biveinis on 2014-06-26
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
MySQL Server
Unknown
Unknown
Percona Server moved to https://jira.percona.com/projects/PS
Invalid
Undecided
Unassigned
5.1
Won't Fix
Undecided
Unassigned
5.5
Fix Released
Medium
Laurynas Biveinis
5.6
Invalid
Undecided
Unassigned

Bug Description

Building server with system SSL produces numerous Valgrind errors on SSL code paths at least for 5.5:

cmake .. -DWITH_DEBUG=ON -DWITH_VALGRIND=ON -DCMAKE_C_FLAGS=-DHAVE_purify -DCMAKE_CXX_FLAGS=-DHAVE_purify -DWITH_SSL=system

...

$ ./mysql-test-run percona_ssl_connections_count --valgrind
...
main.percona_ssl_connections_count [ pass ] 1737
valgrind_report [ pass ]

Inspecting the error log we see tens of

==16997== 24 bytes in 1 blocks are still reachable in loss record 1 of 695
==16997== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==16997== by 0x5B6AD32: CRYPTO_malloc (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==16997== by 0x5BF0C2A: lh_insert (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==16997== by 0x5B6D829: OBJ_NAME_add (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==16997== by 0x5BFAF74: EVP_add_cipher (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==16997== by 0x58F0B80: SSL_library_init (in /lib/x86_64-linux-gnu/libssl.so.1.0.0)
==16997== by 0xC126F0: check_ssl_init (viosslfactories.c:155)
==16997== by 0xC127E8: new_VioSSLFd (viosslfactories.c:186)
==16997== by 0xC12C89: new_VioSSLAcceptorFd (viosslfactories.c:306)
==16997== by 0x555095: init_ssl() (mysqld.cc:3799)
==16997== by 0x556AB9: mysqld_main(int, char**) (mysqld.cc:4755)
==16997== by 0x54E27C: main (main.cc:25)

followed by hundreds of

==16997== 24 bytes in 1 blocks are still reachable in loss record 65 of 695
==16997== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==16997== by 0x5B6AD32: CRYPTO_malloc (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==16997== by 0x5B6D806: OBJ_NAME_add (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==16997== by 0x5BFAF74: EVP_add_cipher (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==16997== by 0x5BFEF00: OpenSSL_add_all_ciphers (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==16997== by 0x5BFEEDD: OPENSSL_add_all_algorithms_noconf (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==16997== by 0xC126F5: check_ssl_init (viosslfactories.c:156)
==16997== by 0xC127E8: new_VioSSLFd (viosslfactories.c:186)
==16997== by 0xC12C89: new_VioSSLAcceptorFd (viosslfactories.c:306)
==16997== by 0x555095: init_ssl() (mysqld.cc:3799)
==16997== by 0x556AB9: mysqld_main(int, char**) (mysqld.cc:4755)
==16997== by 0x54E27C: main (main.cc:25)

followed by tens of

==16997== 24 bytes in 1 blocks are still reachable in loss record 423 of 695
==16997== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==16997== by 0x5B6AD32: CRYPTO_malloc (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==16997== by 0x5B6D806: OBJ_NAME_add (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==16997== by 0x5BFAFC7: EVP_add_digest (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==16997== by 0x5BFF610: OpenSSL_add_all_digests (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==16997== by 0xC126F5: check_ssl_init (viosslfactories.c:156)
==16997== by 0xC127E8: new_VioSSLFd (viosslfactories.c:186)
==16997== by 0xC12C89: new_VioSSLAcceptorFd (viosslfactories.c:306)
==16997== by 0x555095: init_ssl() (mysqld.cc:3799)
==16997== by 0x556AB9: mysqld_main(int, char**) (mysqld.cc:4755)
==16997== by 0x54E27C: main (main.cc:25)

followed by a few of

==16997== 24 bytes in 1 blocks are still reachable in loss record 493 of 695
==16997== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==16997== by 0x5B6AD32: CRYPTO_malloc (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==16997== by 0x5B6C0A5: def_get_class (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==16997== by 0x5B6C1D3: int_get_new_index (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==16997== by 0x58E7264: SSL_get_ex_data_X509_STORE_CTX_idx (in /lib/x86_64-linux-gnu/libssl.so.1.0.0)
==16997== by 0x58E4336: SSL_CTX_new (in /lib/x86_64-linux-gnu/libssl.so.1.0.0)
==16997== by 0xC12837: new_VioSSLFd (viosslfactories.c:192)
==16997== by 0xC12C89: new_VioSSLAcceptorFd (viosslfactories.c:306)
==16997== by 0x555095: init_ssl() (mysqld.cc:3799)
==16997== by 0x556AB9: mysqld_main(int, char**) (mysqld.cc:4755)
==16997== by 0x54E27C: main (main.cc:25)

and

==16997== 24 bytes in 1 blocks are still reachable in loss record 499 of 695
==16997== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==16997== by 0x5B6AD32: CRYPTO_malloc (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==16997== by 0x5B6C0A5: def_get_class (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==16997== by 0x5B6CA4A: int_new_ex_data (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==16997== by 0x5BE74C3: BIO_set (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==16997== by 0x5BE7541: BIO_new (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==16997== by 0x5BE93B3: BIO_new_file (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==16997== by 0x5C2DA43: X509_load_cert_crl_file (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==16997== by 0x5C2DB8C: by_file_ctrl (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==16997== by 0x5C24F0E: X509_STORE_load_locations (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==16997== by 0xC12972: new_VioSSLFd (viosslfactories.c:220)
==16997== by 0xC12C89: new_VioSSLAcceptorFd (viosslfactories.c:306)
==16997== by 0x555095: init_ssl() (mysqld.cc:3799)
==16997== by 0x556AB9: mysqld_main(int, char**) (mysqld.cc:4755)
==16997== by 0x54E27C: main (main.cc:25)

etc.

This can be fixed by backporting lp:mysql-server revisions 3902.124.81 and 3902.150.19.

Related branches

tags: added: ci low-hanging-fruit valgrind
tags: added: upstream
Download full text (4.2 KiB)

Same with 5.6 in a a sense that test fails formally:

...
worker[1] Valgrind report from /home/openxs/dbs/p5.6v/mysql-test/var/log/mysqld.1.err after tests:
 main.percona_ssl_connections_count
--------------------------------------------------------------------------
HEAP SUMMARY:
    in use at exit: 68,761,653 bytes in 1,160 blocks
  total heap usage: 94,927 allocs, 93,767 frees, 115,990,850 bytes allocated

LEAK SUMMARY:
   definitely lost: 0 bytes in 0 blocks
   indirectly lost: 0 bytes in 0 blocks
     possibly lost: 0 bytes in 0 blocks
   still reachable: 0 bytes in 0 blocks
        suppressed: 68,761,653 bytes in 1,160 blocks

For counts of detected and suppressed errors, rerun with: -v
Use --track-origins=yes to see where uninitialised values come from
ERROR SUMMARY: 276 errors from 37 contexts (suppressed: 313 from 313)

valgrind_report [ fail ]
        Test ended at 2014-06-26 19:16:59

Valgrind reported failures at shutdown, see above

--------------------------------------------------------------------------
The servers were restarted 0 times
Spent 0.000 of 113 seconds executing testcases
mysql-test-run: WARNING: Got errors/warnings while running tests, please examine '/home/openxs/dbs/p5.6v/mysql-test/var/log/warnings' for details.

Completed: Failed 2/2 tests, 0.00% were successful.

Failing test(s): main.percona_ssl_connections_count valgrind_report

The log files in var/log may give you some hint of what went wrong.

If you want to report this error, please read first the documentation
at http://dev.mysql.com/doc/mysql/en/mysql-test-suite.html

mysql-test-run: *** ERROR: there were failing test cases

But it fails differently:

openxs@ao756:~/dbs/p5.6v/mysql-test$ grep -ni ssl /home/openxs/dbs/p5.6v/mysql-test/var/log/mysqld.1.err
1:CURRENT_TEST: main.percona_ssl_connections_count
39:==5989== at 0x54A4E58: ??? (in /lib/x86_64-linux-gnu/libssl.so.1.0.0)
40:==5989== by 0x549B8D2: ??? (in /lib/x86_64-linux-gnu/libssl.so.1.0.0)
41:==5989== by 0x5498F03: ??? (in /lib/x86_64-linux-gnu/libssl.so.1.0.0)
42:==5989== by 0xF36446: vio_ssl_read (viossl.c:186)
145:==5989== at 0x549C446: ??? (in /lib/x86_64-linux-gnu/libssl.so.1.0.0)
146:==5989== by 0x5498F03: ??? (in /lib/x86_64-linux-gnu/libssl.so.1.0.0)
147:==5989== by 0xF36446: vio_ssl_read (viossl.c:186)
164:==5989== by 0x549C474: ??? (in /lib/x86_64-linux-gnu/libssl.so.1.0.0)
165:==5989== by 0x5498F03: ??? (in /lib/x86_64-linux-gnu/libssl.so.1.0.0)
166:==5989== by 0xF36446: vio_ssl_read (viossl.c:186)
182:==5989== by 0x549C474: ??? (in /lib/x86_64-linux-gnu/libssl.so.1.0.0)
183:==5989== by 0x5498F03: ??? (in /lib/x86_64-linux-gnu/libssl.so.1.0.0)
184:==5989== by 0xF36446: vio_ssl_read (viossl.c:186)
200:==5989== by 0x549C474: ??? (in /lib/x86_64-linux-gnu/libssl.so.1.0.0)
201:==5989== by 0x5498F03: ??? (in /lib/x86_64-linux-gnu/libssl.so.1.0.0)
202:==5989== by 0xF36446: vio_ssl_read (viossl.c:186)
218:==5989== by 0x549C474: ??? (in /lib/x86_64-linux-gnu/libssl.so.1.0.0)
219:==5989== by 0x5498F03: ??? (in /lib/x86_64-linux-gnu/libssl.so.1.0.0)
220:==5989== by 0xF36446: vio_ssl_read (viossl.c:186)
236:==598...

Read more...

Percona now uses JIRA for bug reports so this bug report is migrated to: https://jira.percona.com/browse/PS-3160

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.