Details
-
Bug
-
Status: Closed (View Workflow)
-
Minor
-
Resolution: Cannot Reproduce
-
10.1.9
-
None
-
Fedora release 22 (Twenty Two)
MaxScale 1.3.0 built with MariaDB 10.1.9 embedded library
Description
When testing MaxScale with the 10.1.9 embedded library and running the attached PHP script with the data.sql loaded in and after a while MaxScale gets a segmentation fault in mysql_init. I ran it under valgrind and I'm getting first an invalid read then an invalid write:
==25870== Thread 8:
|
==25870== Invalid read of size 8
|
==25870== at 0x59519D: my_malloc_size_cb_func (in /home/markusjm/build/bin/maxscale)
|
==25870== by 0x58B46E: my_malloc (in /home/markusjm/build/bin/maxscale)
|
==25870== by 0x561A36: mysql_init (in /home/markusjm/build/bin/maxscale)
|
==25870== by 0x1CE3423E: parsing_info_init (query_classifier.cc:1406)
|
==25870== by 0x1CE320DC: parse_query (query_classifier.cc:158)
|
==25870== by 0x1CE34D98: query_classifier_get_operation (query_classifier.cc:1608)
|
==25870== by 0x1CC1F1A7: route_single_stmt (readwritesplit.c:2192)
|
==25870== by 0x1CC1E91B: routeQuery (readwritesplit.c:2039)
|
==25870== by 0x1DE75326: route_by_statement (mysql_client.c:1891)
|
==25870== by 0x1DE7304D: gw_read_client_event (mysql_client.c:1092)
|
==25870== by 0x54799F: process_pollq (poll.c:915)
|
==25870== by 0x547029: poll_waitevents (poll.c:669)
|
==25870== Address 0x1b738f38 is 4,344 bytes inside a block of size 20,240 free'd
|
==25870== at 0x4C29D6A: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
|
==25870== by 0x599F99: emb_free_embedded_thd (in /home/markusjm/build/bin/maxscale)
|
==25870== by 0x1CE34474: parsing_info_done (query_classifier.cc:1470)
|
==25870== by 0x52E537: gwbuf_remove_buffer_object (buffer.c:687)
|
==25870== by 0x52CFCA: gwbuf_free (buffer.c:256)
|
==25870== by 0x1CC2165F: clientReply (readwritesplit.c:2970)
|
==25870== by 0x20C8FBD6: gw_read_backend_event (mysql_backend.c:565)
|
==25870== by 0x54799F: process_pollq (poll.c:915)
|
==25870== by 0x547029: poll_waitevents (poll.c:669)
|
==25870== by 0x5BC5554: start_thread (in /usr/lib64/libpthread-2.21.so)
|
==25870== by 0x7614B9C: clone (in /usr/lib64/libc-2.21.so)
|
==25870== Invalid write of size 8
|
==25870== at 0x5951A7: my_malloc_size_cb_func (in /home/markusjm/build/bin/maxscale)
|
==25870== by 0x58B46E: my_malloc (in /home/markusjm/build/bin/maxscale)
|
==25870== by 0x561A36: mysql_init (in /home/markusjm/build/bin/maxscale)
|
==25870== by 0x1CE3423E: parsing_info_init (query_classifier.cc:1406)
|
==25870== by 0x1CE320DC: parse_query (query_classifier.cc:158)
|
==25870== by 0x1CE34D98: query_classifier_get_operation (query_classifier.cc:1608)
|
==25870== by 0x1CC1F1A7: route_single_stmt (readwritesplit.c:2192)
|
==25870== by 0x1CC1E91B: routeQuery (readwritesplit.c:2039)
|
==25870== by 0x1DE75326: route_by_statement (mysql_client.c:1891)
|
==25870== by 0x1DE7304D: gw_read_client_event (mysql_client.c:1092)
|
==25870== by 0x54799F: process_pollq (poll.c:915)
|
==25870== by 0x547029: poll_waitevents (poll.c:669)
|
==25870== Address 0x1b738f38 is 4,344 bytes inside a block of size 20,240 free'd
|
==25870== at 0x4C29D6A: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
|
==25870== by 0x599F99: emb_free_embedded_thd (in /home/markusjm/build/bin/maxscale)
|
==25870== by 0x1CE34474: parsing_info_done (query_classifier.cc:1470)
|
==25870== by 0x52E537: gwbuf_remove_buffer_object (buffer.c:687)
|
==25870== by 0x52CFCA: gwbuf_free (buffer.c:256)
|
==25870== by 0x1CC2165F: clientReply (readwritesplit.c:2970)
|
==25870== by 0x20C8FBD6: gw_read_backend_event (mysql_backend.c:565)
|
==25870== by 0x54799F: process_pollq (poll.c:915)
|
==25870== by 0x547029: poll_waitevents (poll.c:669)
|
==25870== by 0x5BC5554: start_thread (in /usr/lib64/libpthread-2.21.so)
|
==25870== by 0x7614B9C: clone (in /usr/lib64/libc-2.21.so)
|
==25870==
|
This does not occur with 10.0.22.
From MaxScale's point of view, we've ruled out concurrent usage and closing of the THD, it always seems to be a different THD which causes the segfault.
Attachments
Issue Links
- relates to
-
-
- Closed
-