[MDEV-7116] Dynamic column hangs/segfaults Created: 2014-11-14  Updated: 2014-11-17  Resolved: 2014-11-17

Status: Closed
Project: MariaDB Server
Component/s: Dynamic Columns
Affects Version/s: 10.0
Fix Version/s: 10.0.15

Type: Bug Priority: Critical
Reporter: Martijn Otto Assignee: Oleksandr Byelkin
Resolution: Fixed Votes: 0
Labels: None
Environment:

Ubuntu 14.04

Attachments: File query_from_hell.sql    

 Description   

I have reproducible segfaults and hangs with certain kinds of dynamic column queries. I was only able to reliable trigger this behavior in a master/slave scenario.

What happens is that a few queries are ran on the master which are then replicated to the slave. This seems to go well, both master and slave still respond and allow queries, until I run 'show tables' in the account the queries were ran in. The slave will then hang (the query never returns and the client needs to be killed with <Ctrl>+Z). The slave can only be killed by kill-9.

The master, meanwhile, stays up until the slave is killed with kill-9. At this point, the master segfaults and is restarted by the mysqld_safe script.

Interestingly, if you remove some columns from the queries the behavior sometimes changes so it works well the first time (even running 'show tables' on the slave), but then immediately running the queries again will hang the master, the same way the slave would otherwise hang. These queries are about as small as I could make them and still have the behavior reproduce reliably.

 Comments   
Comment by Elena Stepanova [ 2014-11-14 ]

Thanks for the report and the test case.

The shortened version:

create table PxCDMEmailingTemplateStatistics (
 
  fk_template int not null,
 
  impressions mediumblob not null,
 
  primary key (fk_template)
 
) engine=myisam;
 
 
 
insert into PxCDMEmailingTemplateStatistics
 
            (fk_template)
 
values      (1),(2);
 
 
 
update  PxCDMEmailingTemplateStatistics
 
set     impressions = column_add(impressions,
 
            'total', 12,
 
            '2014-10-28 16:00:00', 3,
 
            '2014-10-30 15:00:00', 3,
 
            '2014-11-04 09:00:00', 6
 
        )
 
where   fk_template = 2;

In MTR on a release build, it hangs.
In a client on a release build, it crashes after the client disconnects.
In MTR or a client on a debug build, it produces

Error: Freeing unallocated data or underrun buffer mysys/safemalloc.c:191, mysys/my_malloc.c:218, mysys/ma_dyncol.c:3589, mysys/ma_dyncol.c:3280, sql/item_strfunc.cc:4673, sql/item.cc:6078, sql/sql_base.cc:8596, sql/sql_base.cc:8655

Comment by Oleksandr Byelkin [ 2014-11-17 ]

Valgrind shows problems.

Comment by Oleksandr Byelkin [ 2014-11-17 ]

A bit more simple test suite:

create table t1 (
 
  impressions mediumblob
 
);
 
 
 
insert into t1 values ("");
 
 
 
update  t1
 
set     impressions = column_add(impressions,
 
            'total', 12,
 
            '2014-10-28 16:00:00', 3,
 
            '2014-10-30 15:00:00', 3,
 
            '2014-11-04 09:00:00', 6
 
        );
 
 
 
drop table t1;

Comment by Oleksandr Byelkin [ 2014-11-17 ]

Problem is also repeatable with new symbol names format.

Comment by Oleksandr Byelkin [ 2014-11-17 ]

It was double freeing the same pointer.

Comment by Oleksandr Byelkin [ 2014-11-17 ]

Original test suite checked - it works with my fix.

Comment by Sergei Petrunia [ 2014-11-17 ]

Ok to push.

Generated at Thu Feb 08 07:17:07 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.