Uploaded image for project: 'MariaDB Server'
  1. MDEV-5607

Query cache destroys uninitialized rwlock

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 5.5.35, 10.0.8
    • Fix Version/s: 5.5.36, 10.0.9
    • Component/s: None
    • Labels:
      None

      Description

      The following tests crashes the server when compiled with -DUSE_MUTEX_INSTEAD_OF_RW_LOCKS:
      main.cache_innodb
      main.mysql_client_test
      main.mysql_client_test_nonblock
      main.partition_cache
      main.query_cache
      main.query_cache_debug
      main.query_cache_notembedded
      main.query_cache_ps_no_prot
      perfschema.query_cache
      rpl.rpl_row_basic_11bugs
      sys_vars.query_cache_limit_func
      sys_vars.query_cache_type_func

      A simpler way to reproduce crash is to compile with the following patch:

      === modified file 'sql/sql_cache.cc'
      --- sql/sql_cache.cc	2013-11-19 12:16:25 +0000
      +++ sql/sql_cache.cc	2014-02-04 13:30:20 +0000
      @@ -976,6 +976,7 @@ void Query_cache_query::unlock_n_destroy
         */
         this->unlock_writing();
         mysql_rwlock_destroy(&lock);
      +  memset(&lock, 0xA5, sizeof(lock));
         DBUG_VOID_RETURN;
       }
      

      Test case:

      SET @global_query_cache_size = @@global.query_cache_size;
      SET @global_query_cache_type = @@global.query_cache_type;
      SET GLOBAL query_cache_type = ON;
      SET GLOBAL query_cache_size = 131072;
      
      CREATE TABLE t1(a INT);
      SELECT * FROM t1;
      
      SET GLOBAL query_cache_size = @global_query_cache_size;
      SET GLOBAL query_cache_type = @global_query_cache_type;
      DROP TABLE t1;
      

      Stack trace:

      Thread 1 (Thread 0x7f3e5307a700 (LWP 9804)):
      #0  0x00007f3e52657f0c in __pthread_kill (threadid=<optimized out>, signo=11) at ../nptl/sysdeps/unix/sysv/linux/pthread_kill.c:62
      #1  0x0000000000cbc3ac in my_write_core (sig=11) at /home/svoj/devel/maria/5.5-mdev5089-test/mysys/stacktrace.c:457
      #2  0x00000000007c28ba in handle_fatal_signal (sig=11) at /home/svoj/devel/maria/5.5-mdev5089-test/sql/signal_handler.cc:262
      #3  <signal handler called>
      #4  0x0000000000b8c885 in pfs_lock::allocated_to_free (this=0xa5a5a5a5a5a5a5a5) at /home/svoj/devel/maria/5.5-mdev5089-test/storage/perfschema/pfs_lock.h:145
      #5  0x0000000000b8b124 in destroy_rwlock (pfs=0xa5a5a5a5a5a5a5a5) at /home/svoj/devel/maria/5.5-mdev5089-test/storage/perfschema/pfs_instr.cc:668
      #6  0x0000000000b98a3d in destroy_rwlock_v1 (rwlock=0xa5a5a5a5a5a5a5a5) at /home/svoj/devel/maria/5.5-mdev5089-test/storage/perfschema/pfs.cc:895
      #7  0x00000000005b5f79 in inline_mysql_rwlock_destroy (that=0x7f3e4c93f1b0) at /home/svoj/devel/maria/5.5-mdev5089-test/include/mysql/psi/mysql_thread.h:720
      #8  0x00000000005bc6b3 in Query_cache::free_cache (this=0x1504960 <query_cache>) at /home/svoj/devel/maria/5.5-mdev5089-test/sql/sql_cache.cc:2698
      #9  0x00000000005b873d in Query_cache::resize (this=0x1504960 <query_cache>, query_cache_size_arg=0) at /home/svoj/devel/maria/5.5-mdev5089-test/sql/sql_cache.cc:1331
      #10 0x0000000000720032 in fix_query_cache_size (self=0x1513ac0 <Sys_query_cache_size>, thd=0x7f3e4d67e060, type=OPT_GLOBAL) at /home/svoj/devel/maria/5.5-mdev5089-test/sql/sys_vars.cc:1864
      #11 0x000000000056af06 in sys_var::update (this=0x1513ac0 <Sys_query_cache_size>, thd=0x7f3e4d67e060, var=0x7f3e4c81a270) at /home/svoj/devel/maria/5.5-mdev5089-test/sql/set_var.cc:200
      #12 0x000000000056c022 in set_var::update (this=0x7f3e4c81a270, thd=0x7f3e4d67e060) at /home/svoj/devel/maria/5.5-mdev5089-test/sql/set_var.cc:667
      #13 0x000000000056bbe9 in sql_set_variables (thd=0x7f3e4d67e060, var_list=0x7f3e4d682040) at /home/svoj/devel/maria/5.5-mdev5089-test/sql/set_var.cc:570
      #14 0x0000000000605771 in mysql_execute_command (thd=0x7f3e4d67e060) at /home/svoj/devel/maria/5.5-mdev5089-test/sql/sql_parse.cc:3253
      #15 0x000000000060c6bf in mysql_parse (thd=0x7f3e4d67e060, rawbuf=0x7f3e4c81a078 "SET GLOBAL query_cache_size = @global_query_cache_size", length=54, parser_state=0x7f3e530795d0) at /home/svoj/devel/maria/5.5-mdev5089-test/sql/sql_parse.cc:5799
      #16 0x00000000005fff3c in dispatch_command (command=COM_QUERY, thd=0x7f3e4d67e060, packet=0x7f3e4d7d8061 "SET GLOBAL query_cache_size = @global_query_cache_size", packet_length=54) at /home/svoj/devel/maria/5.5-mdev5089-test/sql/sql_parse.cc:1078
      #17 0x00000000005ff0a3 in do_command (thd=0x7f3e4d67e060) at /home/svoj/devel/maria/5.5-mdev5089-test/sql/sql_parse.cc:793
      #18 0x000000000070af5d in do_handle_one_connection (thd_arg=0x7f3e4d67e060) at /home/svoj/devel/maria/5.5-mdev5089-test/sql/sql_connect.cc:1266
      #19 0x000000000070aa2f in handle_one_connection (arg=0x7f3e4d67e060) at /home/svoj/devel/maria/5.5-mdev5089-test/sql/sql_connect.cc:1181
      #20 0x0000000000b98ddc in pfs_spawn_thread (arg=0x7f3e4d685760) at /home/svoj/devel/maria/5.5-mdev5089-test/storage/perfschema/pfs.cc:1015
      #21 0x00007f3e52652f6e in start_thread (arg=0x7f3e5307a700) at pthread_create.c:311
      #22 0x00007f3e51d759cd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
      

        Attachments

          Issue links

            Activity

              People

              • Assignee:
                sanja Oleksandr Byelkin
                Reporter:
                svoj Sergey Vojtovich
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: