1. 22 Mar, 2018 1 commit
    • Eugene Kosov's avatar
      fix data races · 8d32959b
      Eugene Kosov authored
      srv_last_monitor_time: make all accesses relaxed atomical
      
      WARNING: ThreadSanitizer: data race (pid=12041)
        Write of size 8 at 0x000003949278 by thread T26 (mutexes: write M226445748578513120):
          #0 thd_destructor_proxy storage/innobase/handler/ha_innodb.cc:314:14 (mysqld+0x19b5505)
      
        Previous read of size 8 at 0x000003949278 by main thread:
          #0 innobase_init(void*) storage/innobase/handler/ha_innodb.cc:4180:11 (mysqld+0x1a03404)
          #1 ha_initialize_handlerton(st_plugin_int*) sql/handler.cc:522:31 (mysqld+0xc5ec73)
          #2 plugin_initialize(st_mem_root*, st_plugin_int*, int*, char**, bool) sql/sql_plugin.cc:1447:9 (mysqld+0x134908d)
          #3 plugin_init(int*, char**, int) sql/sql_plugin.cc:1729:15 (mysqld+0x13484f0)
          #4 init_server_components() sql/mysqld.cc:5345:7 (mysqld+0xbf720f)
          #5 mysqld_main(int, char**) sql/mysqld.cc:5940:7 (mysqld+0xbf107d)
          #6 main sql/main.cc:25:10 (mysqld+0xbe971b)
      
        Location is global 'srv_running' of size 8 at 0x000003949278 (mysqld+0x000003949278)
      
      WARNING: ThreadSanitizer: data race (pid=27869)
        Atomic write of size 4 at 0x7b4800000c00 by thread T8:
          #0 __tsan_atomic32_exchange llvm/projects/compiler-rt/lib/tsan/rtl/tsan_interface_atomic.cc:589 (mysqld+0xbd4eac)
          #1 TTASEventMutex<GenericPolicy>::exit() storage/innobase/include/ib0mutex.h:467:7 (mysqld+0x1a8d4cb)
          #2 PolicyMutex<TTASEventMutex<GenericPolicy> >::exit() storage/innobase/include/ib0mutex.h:609:10 (mysqld+0x1a7839e)
          #3 fil_validate() storage/innobase/fil/fil0fil.cc:5535:2 (mysqld+0x1abd913)
          #4 fil_validate_skip() storage/innobase/fil/fil0fil.cc:204:9 (mysqld+0x1aba601)
          #5 fil_aio_wait(unsigned long) storage/innobase/fil/fil0fil.cc:5296:2 (mysqld+0x1abbae6)
          #6 io_handler_thread storage/innobase/srv/srv0start.cc:340:3 (mysqld+0x21abe1e)
      
        Previous read of size 4 at 0x7b4800000c00 by main thread (mutexes: write M1273, write M1271):
          #0 TTASEventMutex<GenericPolicy>::state() const storage/innobase/include/ib0mutex.h:530:10 (mysqld+0x21c66e2)
          #1 sync_array_detect_deadlock(sync_array_t*, sync_cell_t*, sync_cell_t*, unsigned long) storage/innobase/sync/sync0arr.cc:746:14 (mysqld+0x21c1c7a)
          #2 sync_array_wait_event(sync_array_t*, sync_cell_t*&) storage/innobase/sync/sync0arr.cc:465:6 (mysqld+0x21c1708)
          #3 TTASEventMutex<GenericPolicy>::enter(unsigned int, unsigned int, char const*, unsigned int) storage/innobase/include/ib0mutex.h:516:6 (mysqld+0x1a8c206)
          #4 PolicyMutex<TTASEventMutex<GenericPolicy> >::enter(unsigned int, unsigned int, char const*, unsigned int) storage/innobase/include/ib0mutex.h:635:10 (mysqld+0x1a782c3)
          #5 fil_mutex_enter_and_prepare_for_io(unsigned long) storage/innobase/fil/fil0fil.cc:1131:3 (mysqld+0x1a9a92e)
          #6 fil_io(IORequest const&, bool, page_id_t const&, page_size_t const&, unsigned long, unsigned long, void*, void*, bool) storage/innobase/fil/fil0fil.cc:5082:2 (mysqld+0x1ab8de2)
          #7 buf_flush_write_block_low(buf_page_t*, buf_flush_t, bool) storage/innobase/buf/buf0flu.cc:1112:3 (mysqld+0x1cb970a)
          #8 buf_flush_page(buf_pool_t*, buf_page_t*, buf_flush_t, bool) storage/innobase/buf/buf0flu.cc:1270:3 (mysqld+0x1cb7d70)
          #9 buf_flush_try_neighbors(page_id_t const&, buf_flush_t, unsigned long, unsigned long) storage/innobase/buf/buf0flu.cc:1493:9 (mysqld+0x1cc9674)
          #10 buf_flush_page_and_try_neighbors(buf_page_t*, buf_flush_t, unsigned long, unsigned long*) storage/innobase/buf/buf0flu.cc:1565:13 (mysqld+0x1cbadf3)
          #11 buf_do_flush_list_batch(buf_pool_t*, unsigned long, unsigned long) storage/innobase/buf/buf0flu.cc:1825:3 (mysqld+0x1cbbcb8)
          #12 buf_flush_batch(buf_pool_t*, buf_flush_t, unsigned long, unsigned long, flush_counters_t*) storage/innobase/buf/buf0flu.cc:1895:16 (mysqld+0x1cbb459)
          #13 buf_flush_do_batch(buf_pool_t*, buf_flush_t, unsigned long, unsigned long, flush_counters_t*) storage/innobase/buf/buf0flu.cc:2065:2 (mysqld+0x1cbcfe1)
          #14 buf_flush_lists(unsigned long, unsigned long, unsigned long*) storage/innobase/buf/buf0flu.cc:2167:8 (mysqld+0x1cbd5a3)
          #15 log_preflush_pool_modified_pages(unsigned long) storage/innobase/log/log0log.cc:1400:13 (mysqld+0x1eefc3b)
          #16 log_make_checkpoint_at(unsigned long, bool) storage/innobase/log/log0log.cc:1751:10 (mysqld+0x1eefb16)
          #17 buf_dblwr_create() storage/innobase/buf/buf0dblwr.cc:335:2 (mysqld+0x1cd2141)
          #18 innobase_start_or_create_for_mysql() storage/innobase/srv/srv0start.cc:2539:10 (mysqld+0x21b4d8e)
          #19 innobase_init(void*) storage/innobase/handler/ha_innodb.cc:4193:8 (mysqld+0x1a5e3d7)
          #20 ha_initialize_handlerton(st_plugin_int*) sql/handler.cc:522:31 (mysqld+0xc74d33)
          #21 plugin_initialize(st_mem_root*, st_plugin_int*, int*, char**, bool) sql/sql_plugin.cc:1447:9 (mysqld+0x1376d5d)
          #22 plugin_init(int*, char**, int) sql/sql_plugin.cc:1729:15 (mysqld+0x13761c0)
          #23 init_server_components() sql/mysqld.cc:5348:7 (mysqld+0xc0d0ff)
          #24 mysqld_main(int, char**) sql/mysqld.cc:5943:7 (mysqld+0xc06f9d)
          #25 main sql/main.cc:25:10 (mysqld+0xbff71b)
      
      WARNING: ThreadSanitizer: data race (pid=29031)
        Write of size 8 at 0x0000039e48e0 by thread T15:
          #0 srv_monitor_thread storage/innobase/srv/srv0srv.cc:1699:24 (mysqld+0x21a254e)
      
        Previous write of size 8 at 0x0000039e48e0 by thread T14:
          #0 srv_refresh_innodb_monitor_stats() storage/innobase/srv/srv0srv.cc:1165:24 (mysqld+0x21a3124)
          #1 srv_error_monitor_thread storage/innobase/srv/srv0srv.cc:1836:3 (mysqld+0x21a2d40)
      
        Location is global 'srv_last_monitor_time' of size 8 at 0x0000039e48e0 (mysqld+0x0000039e48e0)
      8d32959b
  2. 21 Mar, 2018 8 commits
  3. 20 Mar, 2018 17 commits
  4. 19 Mar, 2018 7 commits
    • Jacob Mathew's avatar
      MDEV-10991: Server crashes in spider_udf_direct_sql_create_conn - tests in... · 7cf2428d
      Jacob Mathew authored
      MDEV-10991: Server crashes in spider_udf_direct_sql_create_conn - tests in spider/oracle* suites crash the server
      
      The crash occurs due to code that is #ifdef'd out with HAVE_ORACLE_OCI that
      pertains to the use of Spider with an Oracle data tier. Enabling this code
      eliminates the crash.
      
      The reason that MariaDB needs to support Oracle storage at the data tier is
      to help customers migrate from Oracle. It is necessary to build Spider with
      the additional build flag -DHAVE_ORACLE_OCI, and install and start Oracle
      before running the Oracle test suite or any tests within it. Nevertheless,
      if Spider is built normally and Oracle has not been started, these tests
      should not cause the MariaDB server to crash. The bug fix replaces the
      crash with the following error:
        ERROR 12501 (HY000) at line 4: The connect info 'ORACLE' is invalid
      
      Author:
        Jacob Mathew.
      
      Reviewer:
        Kentoku Shiba.
      7cf2428d
    • Vicențiu Ciorbaru's avatar
      Merge branch '10.0-galera' into 10.1 · 24b35316
      Vicențiu Ciorbaru authored
      24b35316
    • Eugene Kosov's avatar
      MDEV-15030 Add ASAN instrumentation · 75c76dbb
      Eugene Kosov authored
      Learn both valgrind and asan to catch this bug:
      
        mem_heap_t* heap = mem_heap_create(1024);
        byte* p = reinterpret_cast<byte*>(heap) + sizeof(mem_heap_t);
        *p = 123;
      
      Overflows of the last allocation in a block will be catched too.
      
      mem_heap_create_block(): poison newly allocated memory
      75c76dbb
    • Alexander Barkov's avatar
      MDEV-15005 ASAN: stack-buffer-overflow in my_strnncollsp_simple · f538a648
      Alexander Barkov authored
      cmp_item_sort_string::store_value() did not cache the string returned
      from item->val_str(), whose result can point to various private members
      such as Item_char_typecast::tmp_value.
      
      - cmp_item_sort_string::store_value() remembered the pointer returned
        from item->val_str() poiting to tmp_value into cmp_item_string::value_res.
      - Later, cmp_item_real::store_value() was called, which called
        Item_str_func::val_real(), which called Item_char_typecast::val_str(&tmp)
        using a local stack variable "String tmp". Item_char_typecast::tmp_value
        was overwritten and become a link to "tmp":
        tmp_value.Ptr freed its own buffer and set to point to the buffer
        owned by "tmp".
      - On return from Item_str_func::val_real(), "String tmp" was destructed,
        but "tmp_value" still pointed to the buffer owned by "tmp",
        So tmp_value.Ptr became invalid.
      - Then cmp_item_sort_string() passed cmp_item_string::value_res to sortcmp().
        At this point, value_res still pointed to an invalid value of
        Item_char_typecast::tmp_value.
      
      Fix:
      changing cmp_item_sort_string::store_value() to force copying
      to cmp_item_string::value if item->val_str(&value) returned
      a different pointer (instead of &value).
      f538a648
    • Jan Lindström's avatar
      MDEV-13549: Galera test failures · 31e2ab51
      Jan Lindström authored
      Fix test failure on galera_flush_local.
      31e2ab51
    • Jan Lindström's avatar
      MDEV-13549: Galera test failures · f46155a3
      Jan Lindström authored
      Fix test failure on galera_concurrent_ctas
      f46155a3
    • Jan Lindström's avatar
      MDEV-14875: galera_new_cluster crashes mysqld when existing server contains databases · e5e83249
      Jan Lindström authored
          Fortify wsrep_hton so that wsrep calls are not done to NULL-pointers.
      e5e83249
  5. 18 Mar, 2018 2 commits
  6. 17 Mar, 2018 1 commit
    • Varun Gupta's avatar
      MDEV-6736: Valgrind warnings 'Invalid read' in... · e3dd9a95
      Varun Gupta authored
      MDEV-6736: Valgrind warnings 'Invalid read' in subselect_engine::calc_const_tables with SQ in WHERE and
                 HAVING, ORDER BY, materialization+semijoin
      
      During cleanup a pointer to the materialised table that was freed was not set to NULL
      e3dd9a95
  7. 16 Mar, 2018 4 commits