Details
-
Bug
-
Status: Closed (View Workflow)
-
Minor
-
Resolution: Fixed
-
1.4.1
-
None
Description
When MaxScale is compiled against the 10.0 or 10.1 versions of MariaDB, MaxScale randomly crashes in my_malloc_size_cb_func. Valgrind output shows that this is due to a write into freed memory.
==775== Invalid write of size 8
|
==775== at 0xD000B97: my_malloc_size_cb_func (in /home/markusjm/build/lib64/maxscale/libqc_mysqlembedded.so.1.0.0)
|
==775== by 0xCFFDE4C: my_malloc (in /home/markusjm/build/lib64/maxscale/libqc_mysqlembedded.so.1.0.0)
|
==775== by 0xD284C20: init_dynamic_array2 (in /home/markusjm/build/lib64/maxscale/libqc_mysqlembedded.so.1.0.0)
|
==775== by 0xD12761E: Statement_map::Statement_map() (in /home/markusjm/build/lib64/maxscale/libqc_mysqlembedded.so.1.0.0)
|
==775== by 0xD127FA1: THD::THD(bool) (in /home/markusjm/build/lib64/maxscale/libqc_mysqlembedded.so.1.0.0)
|
==775== by 0xD0055A0: create_embedded_thd (in /home/markusjm/build/lib64/maxscale/libqc_mysqlembedded.so.1.0.0)
|
==775== by 0xCFFB1F3: get_or_create_thd_for_parsing(st_mysql*, char*) (qc_mysqlembedded.cc:303)
|
==775== by 0xCFFAF81: parse_query(gwbuf*) (qc_mysqlembedded.cc:232)
|
==775== by 0xCFFAB41: ensure_query_is_parsed(gwbuf*) (qc_mysqlembedded.cc:116)
|
==775== by 0xCFFAC1D: qc_get_type (qc_mysqlembedded.cc:149)
|
==775== by 0x4E81F38: qc_get_type (query_classifier.c:102)
|
==775== by 0xBB6616D: route_single_stmt (readwritesplit.c:2127)
|
==775== Address 0x22b46b80 is 4,352 bytes inside a block of size 20,272 free'd
|
==775== at 0x4C29CF0: free (vg_replace_malloc.c:530)
|
==775== by 0xD005A19: emb_free_embedded_thd (in /home/markusjm/build/lib64/maxscale/libqc_mysqlembedded.so.1.0.0)
|
==775== by 0xCFFD04B: parsing_info_done(void*) (qc_mysqlembedded.cc:1557)
|
==775== by 0x4E5AFD5: gwbuf_remove_buffer_object (buffer.c:742)
|
==775== by 0x4E59A3B: gwbuf_free_one (buffer.c:296)
|
==775== by 0x4E5A6BF: gwbuf_consume (buffer.c:538)
|
==775== by 0x4E69C94: dcb_drain_writeq (dcb.c:1535)
|
==775== by 0x4E694CE: dcb_write (dcb.c:1317)
|
==775== by 0x2243FBCF: backend_write_delayqueue (mysql_backend.c:1259)
|
==775== by 0x2243D859: gw_read_backend_event (mysql_backend.c:433)
|
==775== by 0x4E847BF: process_pollq (poll.c:999)
|
==775== by 0x4E83DD7: poll_waitevents (poll.c:722)
|
==775== Block was alloc'd at
|
==775== at 0x4C28BF6: malloc (vg_replace_malloc.c:299)
|
==775== by 0xCFFDE15: my_malloc (in /home/markusjm/build/lib64/maxscale/libqc_mysqlembedded.so.1.0.0)
|
==775== by 0xD00558E: create_embedded_thd (in /home/markusjm/build/lib64/maxscale/libqc_mysqlembedded.so.1.0.0)
|
==775== by 0xCFFB1F3: get_or_create_thd_for_parsing(st_mysql*, char*) (qc_mysqlembedded.cc:303)
|
==775== by 0xCFFAF81: parse_query(gwbuf*) (qc_mysqlembedded.cc:232)
|
==775== by 0xCFFAB41: ensure_query_is_parsed(gwbuf*) (qc_mysqlembedded.cc:116)
|
==775== by 0xCFFAC1D: qc_get_type (qc_mysqlembedded.cc:149)
|
==775== by 0x4E81F38: qc_get_type (query_classifier.c:102)
|
==775== by 0xBB6616D: route_single_stmt (readwritesplit.c:2127)
|
==775== by 0xBB659A8: routeQuery (readwritesplit.c:2016)
|
==775== by 0x1F622EC0: route_by_statement (mysql_client.c:1526)
|
==775== by 0x1F620B7C: gw_read_client_event (mysql_client.c:671)
|
Calling set_malloc_size_cb(NULL) seems to fix the problem.