[MDEV-7003] test-alter-table crashes debug build due to double free of plugin - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 10.0.14
Fix Version/s: 10.0.15
Component/s: Storage Engine - TokuDB
Labels:
None
Environment:
linux ubuntu 14 or centos 5

Description

running mariadb 10.0.14 debug build with tokudb plugin loaded.

when running sql-bench 'test-alter-table --create-options=engine=tokudb', mysqld hits buffer overrun assert. it appears that that a plugin is unlocked twice which causes a debug memory to be freed twice.

here is some gdb info:

(gdb) bt

#0  my_free (ptr=0x7ffda4020c70) at /home/rfp/maria/mysys/my_malloc.c:208

#1  0x000000000065c945 in intern_plugin_unlock (lex=0x0, plugin=0x7ffda4020c70) at /home/rfp/maria/sql/sql_plugin.cc:1275

#2  0x000000000065cb0c in plugin_unlock (thd=0x0, plugin=0x7ffda4020c70) at /home/rfp/maria/sql/sql_plugin.cc:1319

#3  0x0000000000725e57 in TABLE_SHARE::destroy (this=0x7ffda427ca00) at /home/rfp/maria/sql/table.cc:429

#4  0x0000000000725fe4 in free_table_share (share=0x7ffda427ca00) at /home/rfp/maria/sql/table.cc:470

#5  0x00000000005ec898 in open_table_uncached (thd=0x7ffd9b614070, hton=0x7ffdb5fc2670, path=0x7ffff7f63ffc "./test/#sql-3194_2", db=0x7ffda4022758 "test", table_name=0x7ffff7f63790 "#sql-3194_2", add_to\

_temporary_tables_list=true, open_in_engine=false) at /home/rfp/maria/sql/sql_base.cc:5606

#6  0x0000000000705679 in mysql_alter_table (thd=0x7ffd9b614070, new_db=0x7ffda4022758 "test", new_name=0x0, create_info=0x7ffff7f64350, table_list=0x7ffda4022180, alter_info=0x7ffff7f642c0, order_num=0,\

 order=0x0, ignore=false) at /home/rfp/maria/sql/sql_table.cc:8713

#7  0x000000000077195e in Sql_cmd_alter_table::execute (this=0x7ffda4022840, thd=0x7ffd9b614070) at /home/rfp/maria/sql/sql_alter.cc:312

#8  0x0000000000650440 in mysql_execute_command (thd=0x7ffd9b614070) at /home/rfp/maria/sql/sql_parse.cc:5077

#9  0x00000000006534fe in mysql_parse (thd=0x7ffd9b614070, rawbuf=0x7ffda4022088 "ALTER TABLE bench ADD  i230 integer", length=35, parser_state=0x7ffff7f65640) at /home/rfp/maria/sql/sql_parse.cc:6406

#10 0x000000000064602e in dispatch_command (command=COM_QUERY, thd=0x7ffd9b614070, packet=0x7ffd9b743071 "ALTER TABLE bench ADD  i230 integer", packet_length=35) at /home/rfp/maria/sql/sql_parse.cc:1299

#11 0x000000000064538c in do_command (thd=0x7ffd9b614070) at /home/rfp/maria/sql/sql_parse.cc:996

#12 0x000000000076ce84 in do_handle_one_connection (thd_arg=0x7ffd9b614070) at /home/rfp/maria/sql/sql_connect.cc:1379

#13 0x000000000076cbea in handle_one_connection (arg=0x7ffd9b614070) at /home/rfp/maria/sql/sql_connect.cc:1293

#14 0x00007ffff733c182 in start_thread (arg=0x7ffff7f66700) at pthread_create.c:312

#15 0x00007ffff6222fbd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

(gdb) up

#1  0x000000000065c945 in intern_plugin_unlock (lex=0x0, plugin=0x7ffda4020c70) at /home/rfp/maria/sql/sql_plugin.cc:1275

(gdb) c

Continuing.

Breakpoint 13, my_free (ptr=0x7ffda4020c70) at /home/rfp/maria/mysys/my_malloc.c:208

(gdb) bt

#0  my_free (ptr=0x7ffda4020c70) at /home/rfp/maria/mysys/my_malloc.c:208

#1  0x000000000065c945 in intern_plugin_unlock (lex=0x0, plugin=0x7ffda4020c70) at /home/rfp/maria/sql/sql_plugin.cc:1275

#2  0x000000000065cc09 in plugin_unlock_list (thd=0x0, list=0x7ffd9b6188e8, count=0) at /home/rfp/maria/sql/sql_plugin.cc:1336

#3  0x000000000063831b in lex_end (lex=0x7ffd9b617cb8) at /home/rfp/maria/sql/sql_lex.cc:559

#4  0x0000000000611a9b in THD::end_statement (this=0x7ffd9b614070) at /home/rfp/maria/sql/sql_class.cc:3394

#5  0x0000000000653628 in mysql_parse (thd=0x7ffd9b614070, rawbuf=0x7ffda4022088 "ALTER TABLE bench ADD  i230 integer", length=35, parser_state=0x7ffff7f65640) at /home/rfp/maria/sql/sql_parse.cc:6426

#6  0x000000000064602e in dispatch_command (command=COM_QUERY, thd=0x7ffd9b614070, packet=0x7ffd9b743071 "ALTER TABLE bench ADD  i230 integer", packet_length=35) at /home/rfp/maria/sql/sql_parse.cc:1299

#7  0x000000000064538c in do_command (thd=0x7ffd9b614070) at /home/rfp/maria/sql/sql_parse.cc:996

#8  0x000000000076ce84 in do_handle_one_connection (thd_arg=0x7ffd9b614070) at /home/rfp/maria/sql/sql_connect.cc:1379

#9  0x000000000076cbea in handle_one_connection (arg=0x7ffd9b614070) at /home/rfp/maria/sql/sql_connect.cc:1293

#10 0x00007ffff733c182 in start_thread (arg=0x7ffff7f66700) at pthread_create.c:312

#11 0x00007ffff6222fbd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Attachments

Activity

Elena Stepanova added a comment - 2014-11-04 12:53

230th column is a charm:

install soname 'ha_tokudb';

create table bench (

 i1 int, i2 int, i3 int, i4 int,

 i5 int, i6 int, i7 int, i8 int, i9 int, i10 int, i11 int, i12 int, i13 int,

 i14 int, i15 int, i16 int, i17 int, i18 int, i19 int, i20 int, i21 int,

 i22 int, i23 int, i24 int, i25 int, i26 int, i27 int, i28 int, i29 int,

 i30 int, i31 int, i32 int, i33 int, i34 int, i35 int, i36 int, i37 int,

 i38 int, i39 int, i40 int, i41 int, i42 int, i43 int, i44 int, i45 int,

 i46 int, i47 int, i48 int, i49 int, i50 int, i51 int, i52 int, i53 int,

 i54 int, i55 int, i56 int, i57 int, i58 int, i59 int, i60 int, i61 int,

 i62 int, i63 int, i64 int, i65 int, i66 int, i67 int, i68 int, i69 int,

 i70 int, i71 int, i72 int, i73 int, i74 int, i75 int, i76 int, i77 int,

 i78 int, i79 int, i80 int, i81 int, i82 int, i83 int, i84 int, i85 int,

 i86 int, i87 int, i88 int, i89 int, i90 int, i91 int, i92 int, i93 int,

 i94 int, i95 int, i96 int, i97 int, i98 int, i99 int, i100 int, i101 int,

 i102 int, i103 int, i104 int, i105 int, i106 int, i107 int, i108 int, i109 int,

 i110 int, i111 int, i112 int, i113 int, i114 int, i115 int, i116 int, i117 int,

 i118 int, i119 int, i120 int, i121 int, i122 int, i123 int, i124 int, i125 int,

 i126 int, i127 int, i128 int, i129 int, i130 int, i131 int, i132 int, i133 int,

 i134 int, i135 int, i136 int, i137 int, i138 int, i139 int, i140 int, i141 int,

 i142 int, i143 int, i144 int, i145 int, i146 int, i147 int, i148 int, i149 int,

 i150 int, i151 int, i152 int, i153 int, i154 int, i155 int, i156 int, i157 int,

 i158 int, i159 int, i160 int, i161 int, i162 int, i163 int, i164 int, i165 int,

 i166 int, i167 int, i168 int, i169 int, i170 int, i171 int, i172 int, i173 int,

 i174 int, i175 int, i176 int, i177 int, i178 int, i179 int, i180 int, i181 int,

 i182 int, i183 int, i184 int, i185 int, i186 int, i187 int, i188 int, i189 int,

 i190 int, i191 int, i192 int, i193 int, i194 int, i195 int, i196 int, i197 int,

 i198 int, i199 int, i200 int, i201 int, i202 int, i203 int, i204 int, i205 int,

 i206 int, i207 int, i208 int, i209 int, i210 int, i211 int, i212 int, i213 int,

 i214 int, i215 int, i216 int, i217 int, i218 int, i219 int, i220 int, i221 int,

 i222 int, i223 int, i224 int, i225 int, i226 int, i227 int, i228 int, i229 int

) engine=TokuDB;

ALTER TABLE bench ADD i230 integer;

If the table is created with 230 columns right away, it causes the error instead:

1033: Incorrect information in file: './test/bench.frm'

Same error with ALTER on a release build.

Neither crash nor error happens with MyISAM or InnoDB.

Elena Stepanova added a comment - 2014-11-04 12:53 230th column is a charm: install soname 'ha_tokudb' ; create table bench ( i1 int , i2 int , i3 int , i4 int , i5 int , i6 int , i7 int , i8 int , i9 int , i10 int , i11 int , i12 int , i13 int , i14 int , i15 int , i16 int , i17 int , i18 int , i19 int , i20 int , i21 int , i22 int , i23 int , i24 int , i25 int , i26 int , i27 int , i28 int , i29 int , i30 int , i31 int , i32 int , i33 int , i34 int , i35 int , i36 int , i37 int , i38 int , i39 int , i40 int , i41 int , i42 int , i43 int , i44 int , i45 int , i46 int , i47 int , i48 int , i49 int , i50 int , i51 int , i52 int , i53 int , i54 int , i55 int , i56 int , i57 int , i58 int , i59 int , i60 int , i61 int , i62 int , i63 int , i64 int , i65 int , i66 int , i67 int , i68 int , i69 int , i70 int , i71 int , i72 int , i73 int , i74 int , i75 int , i76 int , i77 int , i78 int , i79 int , i80 int , i81 int , i82 int , i83 int , i84 int , i85 int , i86 int , i87 int , i88 int , i89 int , i90 int , i91 int , i92 int , i93 int , i94 int , i95 int , i96 int , i97 int , i98 int , i99 int , i100 int , i101 int , i102 int , i103 int , i104 int , i105 int , i106 int , i107 int , i108 int , i109 int , i110 int , i111 int , i112 int , i113 int , i114 int , i115 int , i116 int , i117 int , i118 int , i119 int , i120 int , i121 int , i122 int , i123 int , i124 int , i125 int , i126 int , i127 int , i128 int , i129 int , i130 int , i131 int , i132 int , i133 int , i134 int , i135 int , i136 int , i137 int , i138 int , i139 int , i140 int , i141 int , i142 int , i143 int , i144 int , i145 int , i146 int , i147 int , i148 int , i149 int , i150 int , i151 int , i152 int , i153 int , i154 int , i155 int , i156 int , i157 int , i158 int , i159 int , i160 int , i161 int , i162 int , i163 int , i164 int , i165 int , i166 int , i167 int , i168 int , i169 int , i170 int , i171 int , i172 int , i173 int , i174 int , i175 int , i176 int , i177 int , i178 int , i179 int , i180 int , i181 int , i182 int , i183 int , i184 int , i185 int , i186 int , i187 int , i188 int , i189 int , i190 int , i191 int , i192 int , i193 int , i194 int , i195 int , i196 int , i197 int , i198 int , i199 int , i200 int , i201 int , i202 int , i203 int , i204 int , i205 int , i206 int , i207 int , i208 int , i209 int , i210 int , i211 int , i212 int , i213 int , i214 int , i215 int , i216 int , i217 int , i218 int , i219 int , i220 int , i221 int , i222 int , i223 int , i224 int , i225 int , i226 int , i227 int , i228 int , i229 int ) engine=TokuDB; ALTER TABLE bench ADD i230 integer ; If the table is created with 230 columns right away, it causes the error instead: 1033: Incorrect information in file: './test/bench.frm' Same error with ALTER on a release build. Neither crash nor error happens with MyISAM or InnoDB.

MariaDB Server

test-alter-table crashes debug build due to double free of plugin

Details

Description

Attachments

Activity

People

Dates

Git Integration