Bug #39873 Performing a simple scan read causes a segmentation fault
Submitted: 6 Oct 2008 9:15 Modified: 18 Mar 2009 12:20
Reporter: Alexander Yu Email Updates:
Status: No Feedback Impact on me:
None 
Category:Connectors: NDB/Bindings Severity:S1 (Critical)
Version:0.70 OS:Linux (2.6.24-19-generic #1 SMP Wed Aug 20 22:56:21 UTC 2008 i686 GNU/Linux)
Assigned to: CPU Architecture:Any

[6 Oct 2008 9:15] Alexander Yu 
Description:
Performing a simple scan read causes a segmentation fault. 
This code crashes on Ubuntu 8.04 but works on OS X 10.5.

NDB: mysql-5.1.27 ndb-6.3.17
OS: Ubuntu 8.04, 2.6.24-19-generic #1 SMP Wed Aug 20 22:56:21 UTC 2008 i686 GNU/Linux
Java: "1.6.0_06"
Java(TM) SE Runtime Environment (build 1.6.0_06-b02)
Java HotSpot(TM) Client VM (build 10.0-b22, mixed mode, sharing)

--
NdbScanOperation operation = transaction.getSelectScanOperation(NDBJUtil.SIMPLE_TABLE_NAME,
NdbScanFilter scanFilter = operation.getNdbScanFilter();
scanFilter.begin(NdbScanFilter.Group.AND);
scanFilter.gt("id", 25);
scanFilter.le("id", 75);
scanFilter.end();

operation.getValue("id");
operation.getValue("firstname");
operation.getValue("lastname");

transaction.execute(ExecType.Commit, AbortOption.AbortOnError, true);

NdbResultSet rs = operation.resultData();

while (rs.next()) {
  int id = rs.getInt("id");
  String firstName = rs.getString("firstname");
  String lastName = rs.getString("lastname");
  System.out.println("ID:" + id + ", FIRSTNAME: " + firstName + ", LASTNAME: " + lastName);
}

--
...
*** glibc detected *** java: free(): invalid next size (fast): 0x082e9fc8 ***
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6[0xb7dfba85]
/lib/tls/i686/cmov/libc.so.6(cfree+0x90)[0xb7dff4f0]
/home/alyu/Projects/ext/ndbj/lib/libndbj.so.0.0.0(Java_com_mysql_cluster_ndbj_ndbjJNI_NdbRecAttrImpl_1getString+0xc8)[0xb564d12a]
[0xb5c95e9d]
[0xb5c8ed77]
[0xb5c8f253]
[0xb5c8f253]
[0xb5c8eedd]
[0xb5c8eedd]
[0xb5c8c249]
/usr/lib/jvm/java-6-sun-1.6.0.06/jre/lib/i386/client/libjvm.so[0x621c5cd]
/usr/lib/jvm/java-6-sun-1.6.0.06/jre/lib/i386/client/libjvm.so[0x6310748]
/usr/lib/jvm/java-6-sun-1.6.0.06/jre/lib/i386/client/libjvm.so[0x621c460]
/usr/lib/jvm/java-6-sun-1.6.0.06/jre/lib/i386/client/libjvm.so[0x6245a86]
/usr/lib/jvm/java-6-sun-1.6.0.06/jre/lib/i386/client/libjvm.so[0x6237288]
java(JavaMain+0x2c8)[0x8049b98]
/lib/tls/i686/cmov/libpthread.so.0[0xb7ef24fb]
/lib/tls/i686/cmov/libc.so.6(clone+0x5e)[0xb7e66e5e]
======= Memory map: ========
06000000-0641b000 r-xp 00000000 08:01 469735     
/usr/lib/jvm/java-6-sun-1.6.0.06/jre/lib/i386/client/libjvm.so
0641b000-06435000 rwxp 0041a000 08:01 469735     
/usr/lib/jvm/java-6-sun-1.6.0.06/jre/lib/i386/client/libjvm.so
06435000-06855000 rwxp 06435000 00:00 0
08048000-08052000 r-xp 00000000 08:01 444754     /usr/lib/jvm/java-6-sun-1.6.0.06/jre/bin/java
08052000-08053000 rwxp 00009000 08:01 444754     /usr/lib/jvm/java-6-sun-1.6.0.06/jre/bin/java
08053000-08350000 rwxp 08053000 00:00 0          [heap]
8bff0000-8c0f0000 rwxp 8bff0000 00:00 0
8c0f0000-8c4d0000 rwxp 8c0f0000 00:00 0
8c4d0000-8c8d0000 rwxp 8c4d0000 00:00 0
8c8d0000-8fff0000 rwxp 8c8d0000 00:00 0
8fff0000-90bf0000 rwxp 8fff0000 00:00 0
90bf0000-93ff0000 rwxp 90bf0000 00:00 0
93ff0000-945d4000 r-xs 00001000 08:01 469770     
/usr/lib/jvm/java-6-sun-1.6.0.06/jre/lib/i386/client/classes.jsa
945d4000-947f0000 rwxp 945d4000 00:00 0
947f0000-94ee9000 rwxp 005e5000 08:01 469770     
/usr/lib/jvm/java-6-sun-1.6.0.06/jre/lib/i386/client/classes.jsa
94ee9000-953f0000 rwxp 94ee9000 00:00 0
953f0000-954c9000 rwxp 00cde000 08:01 469770     
/usr/lib/jvm/java-6-sun-1.6.0.06/jre/lib/i386/client/classes.jsa
954c9000-957f0000 rwxp 954c9000 00:00 0
957f0000-957f4000 r-xs 00db7000 08:01 469770     
/usr/lib/jvm/java-6-sun-1.6.0.06/jre/lib/i386/client/classes.jsa
957f4000-95bf0000 rwxp 957f4000 00:00 0
b49c4000-b49c5000 ---p b49c4000 00:00 0
b49c5000-b49cc000 rwxp b49c5000 00:00 0
b49cc000-b49cd000 ---p b49cc000 00:00 0
b49cd000-b49d4000 rwxp b49cd000 00:00 0
b49d4000-b49d5000 ---p b49d4000 00:00 0
b49d5000-b49dc000 rwxp b49d5000 00:00 0
b49dc000-b49dd000 ---p b49dc000 00:00 0
b49dd000-b49e4000 rwxp b49dd000 00:00 0
b49e4000-b49e5000 ---p b49e4000 00:00 0
b49e5000-b4a6e000 rwxp b49e5000 00:00 0
b4a6e000-b4a6f000 ---p b4a6e000 00:00 0
b4a6f000-b526f000 rwxp b4a6f000 00:00 0
b526f000-b5279000 r-xp 00000000 08:01 524352     /lib/libgcc_s.so.1
b5279000-b527a000 rwxp 0000a000 08:01 524352     /lib/libgcc_s.so.1
b527a000-b5362000 r-xp 00000000 08:01 231764     /usr/lib/libstdc++.so.6.0.9
b5362000-b5365000 r-xp 000e8000 08:01 231764     /usr/lib/libstdc++.so.6.0.9
b5365000-b5367000 rwxp 000eb000 08:01 231764     /usr/lib/libstdc++.so.6.0.9
b5367000-b536d000 rwxp b5367000 00:00 0
b536d000-b54bb000 r-xp 00000000 08:01 1237026    
/home/alyu/Projects/db/mysql-cluster-gpl-6.3.17-linux-i686-glibc23/lib/libndbclient.so.4.0.0
b54bb000-b55dd000 rwxp 0014e000 08:01 1237026    
/home/alyu/Projects/db/mysql-cluster-gpl-6.3.17-linux-i686-glibc23/lib/libndbclient.so.4.0.0
b55dd000-b55e0000 rwxp b55dd000 00:00 0
b55e0000-b55e9000 r-xp 00000000 08:01 541669     /lib/tls/i686/cmov/libcrypt-2.7.so
b55e9000-b55eb000 rwxp 00008000 08:01 541669     /lib/tls/i686/cmov/libcrypt-2.7.so
b55eb000-b5612000 rwxp b55eb000 00:00 0
b561e000-b568d000 r-xp 00000000 08:01 106524     /home/alyu/Projects/ext/ndbj/lib/libndbj.so.0.0.0
b568d000-b568f000 rwxp 0006e000 08:01 106524     /home/alyu/Projects/ext/ndbj/lib/libndbj.so.0.0.0
b568f000-b5693000 r-xs 000ca000 08:01 444487     
/usr/lib/jvm/java-6-sun-1.6.0.06/jre/lib/ext/localedata.jar
...

How to repeat:
NdbScanOperation operation = transaction.getSelectScanOperation(NDBJUtil.SIMPLE_TABLE_NAME,
NdbScanFilter scanFilter = operation.getNdbScanFilter();
scanFilter.begin(NdbScanFilter.Group.AND);
scanFilter.gt("id", 25);
scanFilter.le("id", 75);
scanFilter.end();

operation.getValue("id");
operation.getValue("firstname");
operation.getValue("lastname");

transaction.execute(ExecType.Commit, AbortOption.AbortOnError, true);

NdbResultSet rs = operation.resultData();

while (rs.next()) {
  int id = rs.getInt("id");
  String firstName = rs.getString("firstname");
  String lastName = rs.getString("lastname");
  System.out.println("ID:" + id + ", FIRSTNAME: " + firstName + ", LASTNAME: " + lastName);
}
[11 Nov 2008 14:45] Dastagiri Komali 
Hi
I got same bug when I used NDBScanIndexOperation. But only difference is I did not used filter. For ex. ref my code.
NdbIndexScanOperation opSelect = trans.getSelectIndexScanOperation("PRIMARY", "userdata", NdbOperation.LockMode.LM_Read,
	             NdbScanOperation.ScanFlag.DESCENDING, 0, 0);
	            opSelect.equalString("id", "id01");
	            opSelect.equalString("name", "fin");
            
	            opSelect.getValue("lastModified");
	            NdbResultSet rs = opSelect.resultData();
	            trans.execute(ExecType.NoCommit, AbortOption.AbortOnError, true);

I am running this operation under concurrent threads context, ensured no two threads share a single Ndb instance. Here is my bug 
==============================================================================
*** glibc detected *** java: free(): invalid next size (fast): 0x087bcba0 ***
======= Backtrace: =========
/lib/libc.so.6[0x6a8f7d]
/lib/libc.so.6(cfree+0x90)[0x6ac5d0]
/usr/local/lib/libndbj.so.0.0.0(Java_com_mysql_cluster_ndbj_ndbjJNI_NdbRecAttrImpl_1getString+0xc5)[0x912e3e17]
[0xb5e8767e]
[0xb5e7fd37]
[0xb5e80213]
[0xb5e80213]
[0xb5e7fe9d]
[0xb5e80379]
[0xb5e7d207]
/opt/SDK/jdk/jre/lib/i386/client/libjvm.so[0x620967d]
/opt/SDK/jdk/jre/lib/i386/client/libjvm.so[0x63057d8]
/opt/SDK/jdk/jre/lib/i386/client/libjvm.so[0x6208f90]
/opt/SDK/jdk/jre/lib/i386/client/libjvm.so[0x620901d]
/opt/SDK/jdk/jre/lib/i386/client/libjvm.so[0x6279215]
/opt/SDK/jdk/jre/lib/i386/client/libjvm.so[0x638035f]
/opt/SDK/jdk/jre/lib/i386/client/libjvm.so[0x63066b3]
/lib/libpthread.so.0[0x7b62db]
/lib/libc.so.6(clone+0x5e)[0x71014e]

========================================================

Br,
Giri,
IXONOS OYJ, Finland
[19 Dec 2008 16:41] Jess Balint 
Can you try running this against 0.7.1?
[19 Mar 2009 0:00] Bugs System 
No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".