[MDEV-24269] SIGSEGV in __memset_avx2_erms AND in mach_write_to_4 AND InnoDB: Failing assertion: ptr != NULL, all FROM log_t::create - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Duplicate
Affects Version/s: 10.3(EOL), 10.4(EOL), 10.5, 10.6
Fix Version/s: 10.6.0
Component/s: Storage Engine - InnoDB
Labels:
- not-10.2
- regression

Description

# mysqld options required for replay: --innodb-log-buffer-size=-1125899906842624

Leads to:

10.6.0 5d4599f9750140f92cfdbbe4d292ae1b8dd456f8 (Debug)
Core was generated by `/test/MD211020-mariadb-10.6.0-linux-x86_64-dbg/bin/mysqld --no-defaults --lc-me'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00001547f61a955b in kill () at ../sysdeps/unix/syscall-template.S:78
[Current thread is 1 (Thread 0x1547f5fcc800 (LWP 569152))]
(gdb) bt
#0 0x00001547f61a955b in kill () at ../sysdeps/unix/syscall-template.S:78
#1 0x000056491fccd28c in handle_fatal_signal (sig=11) at /test/10.6_dbg/sql/signal_handler.cc:342
#2 <signal handler called>
#3 __memset_avx2_erms () at ../sysdeps/x86_64/multiarch/memset-vec-unaligned-erms.S:151
#4 0x0000564920181f1b in memset (__len=<optimized out>, __ch=165, __dest=<optimized out>) at /usr/include/x86_64-linux-gnu/bits/string_fortified.h:71
#5 log_t::create (this=0x5649218c8600 <log_sys>) at /test/10.6_dbg/storage/innobase/log/log0log.cc:501
#6 0x00005649202df6dc in srv_start (create_new_db=<optimized out>) at /test/10.6_dbg/storage/innobase/srv/srv0start.cc:1332
#7 0x00005649200d7f78 in innodb_init (p=<optimized out>) at /test/10.6_dbg/storage/innobase/handler/ha_innodb.cc:3657
#8 0x000056491fcd15c2 in ha_initialize_handlerton (plugin=0x564922286fc0) at /test/10.6_dbg/sql/handler.cc:645
#9 0x000056491fa1a231 in plugin_initialize (tmp_root=tmp_root@entry=0x7fff2cb384d0, plugin=plugin@entry=0x564922286fc0, argc=argc@entry=0x564921023080 <remaining_argc>, argv=argv@entry=0x564922244498, options_only=<optimized out>) at /test/10.6_dbg/sql/sql_plugin.cc:1459
#10 0x000056491fa1bd83 in plugin_init (argc=argc@entry=0x564921023080 <remaining_argc>, argv=<optimized out>, flags=1) at /test/10.6_dbg/sql/sql_plugin.cc:1751
#11 0x000056491f8ef895 in init_server_components () at /test/10.6_dbg/sql/mysqld.cc:4953
#12 0x000056491f8f6234 in mysqld_main (argc=<optimized out>, argv=<optimized out>) at /test/10.6_dbg/sql/mysqld.cc:5541
#13 0x000056491f8e8b46 in main (argc=<optimized out>, argv=<optimized out>) at /test/10.6_dbg/sql/main.cc:25

Bug confirmed present in:
MariaDB: 10.3.26 (dbg), 10.3.26 (opt), 10.4.16 (dbg), 10.4.16 (opt), 10.5.7 (dbg), 10.5.7 (opt), 10.6.0 (dbg), 10.6.0 (opt)

Bug confirmed not present in:
MariaDB: 10.1.48 (dbg), 10.1.48 (opt), 10.2.35 (dbg), 10.2.35 (opt)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.50 (dbg), 5.6.50 (opt), 5.7.32 (dbg), 5.7.32 (opt), 8.0.22 (dbg), 8.0.22 (opt)

Attachments

Issue Links

duplicates

MDEV-22219 negative values on system variables longer equate to their maximium value

Closed

relates to

MDEV-32364 Server crashes when starting server with high innodb_log_buffer_size

Closed

Activity

Ascending order - Click to sort in descending order

Roel Van de Paar added a comment - 2020-11-24 08:36

This also creates a few different stacks on different versions:

10.5.7 e3fc9c1db04bdc5566bcdafcc3d5159199089c00 (Optimized)
Core was generated by `/test/MD201020-mariadb-10.5.7-linux-x86_64-opt/bin/mysqld --no-defaults --lc-me'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x000014c07fb6255b in kill () at ../sysdeps/unix/syscall-template.S:78
[Current thread is 1 (Thread 0x14c07f985800 (LWP 579240))]
(gdb) bt
#0 0x000014c07fb6255b in kill () at ../sysdeps/unix/syscall-template.S:78
#1 0x000056276491425e in handle_fatal_signal (sig=11) at /test/10.5_opt/sql/signal_handler.cc:342
#2 <signal handler called>
#3 mach_write_to_4 (n=17, b=0x0) at /test/10.5_opt/storage/innobase/include/mach0data.ic:166
#4 log_block_set_hdr_no (n=17, log_block=0x0) at /test/10.5_opt/storage/innobase/include/log0log.ic:95
#5 log_block_init (lsn=8192, log_block=0x0) at /test/10.5_opt/storage/innobase/include/log0log.ic:240
#6 log_t::create (this=this@entry=0x5627660da000 <log_sys>) at /test/10.5_opt/storage/innobase/log/log0log.cc:528
#7 0x00005627645d1edd in srv_start (create_new_db=<optimized out>) at /test/10.5_opt/storage/innobase/srv/srv0start.cc:1277
#8 0x0000562764c36539 in innodb_init (p=<optimized out>) at /test/10.5_opt/storage/innobase/handler/ha_innodb.cc:3896
#9 0x0000562764917332 in ha_initialize_handlerton (plugin=0x5627672cc610) at /test/10.5_opt/sql/handler.cc:645
#10 0x0000562764716e6a in plugin_initialize (tmp_root=tmp_root@entry=0x7ffe3b6f8ba0, plugin=plugin@entry=0x5627672cc610, argc=argc@entry=0x56276583ba80 <remaining_argc>, argv=argv@entry=0x562767293bc8, options_only=options_only@entry=false) at /test/10.5_opt/sql/sql_plugin.cc:1459
#11 0x0000562764718145 in plugin_init (argc=argc@entry=0x56276583ba80 <remaining_argc>, argv=<optimized out>, flags=1) at /test/10.5_opt/sql/sql_plugin.cc:1751
#12 0x0000562764636b2b in init_server_components () at /test/10.5_opt/sql/mysqld.cc:4913
#13 0x000056276463c6f5 in mysqld_main (argc=<optimized out>, argv=<optimized out>) at /test/10.5_opt/sql/mysqld.cc:5496
#14 0x000014c07fb430b3 in __libc_start_main (main=0x562764600880 <main(int, char**)>, argc=13, argv=0x7ffe3b6fab38, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffe3b6fab28) at ../csu/libc-start.c:308
#15 0x000056276463129e in _start () at /test/10.5_opt/sql/mysqld.cc:4345

10.3.26 9b46d8e5c4108b0c55f8df3aa9abd8dd344d7688 (Debug)
InnoDB: Failing assertion: ptr != NULL

10.3.26 9b46d8e5c4108b0c55f8df3aa9abd8dd344d7688 (Debug)
Core was generated by `/test/MD211020-mariadb-10.3.26-linux-x86_64-dbg/bin/mysqld --no-defaults --lc-m'.
Program terminated with signal SIGABRT, Aborted.
#0 0x000014d8c587855b in kill () at ../sysdeps/unix/syscall-template.S:78
[Current thread is 1 (Thread 0x14d8c569b7c0 (LWP 579330))]
(gdb) bt
#0 0x000014d8c587855b in kill () at ../sysdeps/unix/syscall-template.S:78
#1 0x000055ac4ac4dd65 in handle_fatal_signal (sig=6) at /test/10.3_dbg/sql/signal_handler.cc:355
#2 <signal handler called>
#3 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#4 0x000014d8c5857859 in __GI_abort () at abort.c:79
#5 0x000055ac4b0fa5eb in ut_dbg_assertion_failed (expr=expr@entry=0x55ac4b76acf6 "ptr != NULL", file=file@entry=0x55ac4b6f4a48 "/test/10.3_dbg/storage/innobase/include/ut0new.h", line=line@entry=248) at /test/10.3_dbg/storage/innobase/ut/ut0dbg.cc:60
#6 0x000055ac4af206b0 in ut_allocate_trace_dontdump (pfx=0x0, bytes=<optimized out>, ptr=<optimized out>) at /test/10.3_dbg/storage/innobase/include/ut0new.h:248
#7 ut_malloc_dontdump (n_bytes=<optimized out>) at /test/10.3_dbg/storage/innobase/include/ut0new.h:984
#8 log_t::create (this=0x55ac4bcfca00 <log_sys>) at /test/10.3_dbg/storage/innobase/log/log0log.cc:551
#9 0x000055ac4b095010 in srv_start (create_new_db=<optimized out>) at /test/10.3_dbg/storage/innobase/srv/srv0start.cc:1630
#10 0x000055ac4ae8699a in innodb_init (p=<optimized out>) at /test/10.3_dbg/storage/innobase/handler/ha_innodb.cc:4175
#11 0x000055ac4ac50a4a in ha_initialize_handlerton (plugin=0x55ac4d8c7940) at /test/10.3_dbg/sql/handler.cc:549
#12 0x000055ac4a9da154 in plugin_initialize (tmp_root=tmp_root@entry=0x7fff4427bb60, plugin=0x55ac4d8c7940, argc=argc@entry=0x55ac4bd863c8 <remaining_argc>, argv=argv@entry=0x55ac4d885038, options_only=options_only@entry=false) at /test/10.3_dbg/sql/sql_plugin.cc:1433
#13 0x000055ac4a9dbc10 in plugin_init (argc=argc@entry=0x55ac4bd863c8 <remaining_argc>, argv=0x55ac4d885038, flags=2) at /test/10.3_dbg/sql/sql_plugin.cc:1715
#14 0x000055ac4a8c4f56 in init_server_components () at /test/10.3_dbg/sql/mysqld.cc:5423
#15 0x000055ac4a8cd112 in mysqld_main (argc=<optimized out>, argv=<optimized out>) at /test/10.3_dbg/sql/mysqld.cc:6032
#16 0x000055ac4a8bd1e6 in main (argc=<optimized out>, argv=<optimized out>) at /test/10.3_dbg/sql/main.cc:25

Roel Van de Paar added a comment - 2020-11-24 08:36 This also creates a few different stacks on different versions: 10.5.7 e3fc9c1db04bdc5566bcdafcc3d5159199089c00 (Optimized) Core was generated by `/test/MD201020-mariadb-10.5.7-linux-x86_64-opt/bin/mysqld --no-defaults --lc-me'. Program terminated with signal SIGSEGV, Segmentation fault. #0 0x000014c07fb6255b in kill () at ../sysdeps/unix/syscall-template.S:78 [Current thread is 1 (Thread 0x14c07f985800 (LWP 579240))] (gdb) bt #0 0x000014c07fb6255b in kill () at ../sysdeps/unix/syscall-template.S:78 #1 0x000056276491425e in handle_fatal_signal (sig=11) at /test/10.5_opt/sql/signal_handler.cc:342 #2 <signal handler called> #3 mach_write_to_4 (n=17, b=0x0) at /test/10.5_opt/storage/innobase/include/mach0data.ic:166 #4 log_block_set_hdr_no (n=17, log_block=0x0) at /test/10.5_opt/storage/innobase/include/log0log.ic:95 #5 log_block_init (lsn=8192, log_block=0x0) at /test/10.5_opt/storage/innobase/include/log0log.ic:240 #6 log_t::create (this=this@entry=0x5627660da000 <log_sys>) at /test/10.5_opt/storage/innobase/log/log0log.cc:528 #7 0x00005627645d1edd in srv_start (create_new_db=<optimized out>) at /test/10.5_opt/storage/innobase/srv/srv0start.cc:1277 #8 0x0000562764c36539 in innodb_init (p=<optimized out>) at /test/10.5_opt/storage/innobase/handler/ha_innodb.cc:3896 #9 0x0000562764917332 in ha_initialize_handlerton (plugin=0x5627672cc610) at /test/10.5_opt/sql/handler.cc:645 #10 0x0000562764716e6a in plugin_initialize (tmp_root=tmp_root@entry=0x7ffe3b6f8ba0, plugin=plugin@entry=0x5627672cc610, argc=argc@entry=0x56276583ba80 <remaining_argc>, argv=argv@entry=0x562767293bc8, options_only=options_only@entry=false) at /test/10.5_opt/sql/sql_plugin.cc:1459 #11 0x0000562764718145 in plugin_init (argc=argc@entry=0x56276583ba80 <remaining_argc>, argv=<optimized out>, flags=1) at /test/10.5_opt/sql/sql_plugin.cc:1751 #12 0x0000562764636b2b in init_server_components () at /test/10.5_opt/sql/mysqld.cc:4913 #13 0x000056276463c6f5 in mysqld_main (argc=<optimized out>, argv=<optimized out>) at /test/10.5_opt/sql/mysqld.cc:5496 #14 0x000014c07fb430b3 in __libc_start_main (main=0x562764600880 <main(int, char**)>, argc=13, argv=0x7ffe3b6fab38, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffe3b6fab28) at ../csu/libc-start.c:308 #15 0x000056276463129e in _start () at /test/10.5_opt/sql/mysqld.cc:4345 10.3.26 9b46d8e5c4108b0c55f8df3aa9abd8dd344d7688 (Debug) InnoDB: Failing assertion: ptr != NULL 10.3.26 9b46d8e5c4108b0c55f8df3aa9abd8dd344d7688 (Debug) Core was generated by `/test/MD211020-mariadb-10.3.26-linux-x86_64-dbg/bin/mysqld --no-defaults --lc-m'. Program terminated with signal SIGABRT, Aborted. #0 0x000014d8c587855b in kill () at ../sysdeps/unix/syscall-template.S:78 [Current thread is 1 (Thread 0x14d8c569b7c0 (LWP 579330))] (gdb) bt #0 0x000014d8c587855b in kill () at ../sysdeps/unix/syscall-template.S:78 #1 0x000055ac4ac4dd65 in handle_fatal_signal (sig=6) at /test/10.3_dbg/sql/signal_handler.cc:355 #2 <signal handler called> #3 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 #4 0x000014d8c5857859 in __GI_abort () at abort.c:79 #5 0x000055ac4b0fa5eb in ut_dbg_assertion_failed (expr=expr@entry=0x55ac4b76acf6 "ptr != NULL", file=file@entry=0x55ac4b6f4a48 "/test/10.3_dbg/storage/innobase/include/ut0new.h", line=line@entry=248) at /test/10.3_dbg/storage/innobase/ut/ut0dbg.cc:60 #6 0x000055ac4af206b0 in ut_allocate_trace_dontdump (pfx=0x0, bytes=<optimized out>, ptr=<optimized out>) at /test/10.3_dbg/storage/innobase/include/ut0new.h:248 #7 ut_malloc_dontdump (n_bytes=<optimized out>) at /test/10.3_dbg/storage/innobase/include/ut0new.h:984 #8 log_t::create (this=0x55ac4bcfca00 <log_sys>) at /test/10.3_dbg/storage/innobase/log/log0log.cc:551 #9 0x000055ac4b095010 in srv_start (create_new_db=<optimized out>) at /test/10.3_dbg/storage/innobase/srv/srv0start.cc:1630 #10 0x000055ac4ae8699a in innodb_init (p=<optimized out>) at /test/10.3_dbg/storage/innobase/handler/ha_innodb.cc:4175 #11 0x000055ac4ac50a4a in ha_initialize_handlerton (plugin=0x55ac4d8c7940) at /test/10.3_dbg/sql/handler.cc:549 #12 0x000055ac4a9da154 in plugin_initialize (tmp_root=tmp_root@entry=0x7fff4427bb60, plugin=0x55ac4d8c7940, argc=argc@entry=0x55ac4bd863c8 <remaining_argc>, argv=argv@entry=0x55ac4d885038, options_only=options_only@entry=false) at /test/10.3_dbg/sql/sql_plugin.cc:1433 #13 0x000055ac4a9dbc10 in plugin_init (argc=argc@entry=0x55ac4bd863c8 <remaining_argc>, argv=0x55ac4d885038, flags=2) at /test/10.3_dbg/sql/sql_plugin.cc:1715 #14 0x000055ac4a8c4f56 in init_server_components () at /test/10.3_dbg/sql/mysqld.cc:5423 #15 0x000055ac4a8cd112 in mysqld_main (argc=<optimized out>, argv=<optimized out>) at /test/10.3_dbg/sql/mysqld.cc:6032 #16 0x000055ac4a8bd1e6 in main (argc=<optimized out>, argv=<optimized out>) at /test/10.3_dbg/sql/main.cc:25

Marko Mäkelä added a comment - 2020-11-24 08:41

I think that this report duplicates ~~MDEV-22219~~. Basically, any unsigned configuration parameter will treat negative parameters as very large ones.

Marko Mäkelä added a comment - 2020-11-24 08:41 I think that this report duplicates MDEV-22219 . Basically, any unsigned configuration parameter will treat negative parameters as very large ones.

Roel Van de Paar added a comment - 2021-04-12 00:40 - edited

Test on recent build (proves it is a duplicate as Marko suggested)

10.6.0 f74704c7d963ddcd1109843a5861c6bd76409c8d (Debug)
2021-04-12 11:33:36 0 [ERROR] Incorrect unsigned value: '-1125899906842624' for innodb-log-buffer-size
2021-04-12 11:33:36 0 [Warning] option 'innodb-log-buffer-size': unsigned value 0 adjusted to 262144
2021-04-12 11:33:36 0 [ERROR] /test/MD120421-mariadb-10.6.0-linux-x86_64-dbg/bin/mysqld: Error while setting value '-1125899906842624' to 'innodb-log-buffer-size'
2021-04-12 11:33:36 0 [ERROR] Parsing options for plugin 'InnoDB' failed.
2021-04-12 11:33:36 0 [Note] Plugin 'FEEDBACK' is disabled.
2021-04-12 11:33:36 0 [ERROR] /test/MD120421-mariadb-10.6.0-linux-x86_64-dbg/bin/mysqld: unknown variable 'innodb-log-buffer-size=-1125899906842624'
2021-04-12 11:33:36 0 [ERROR] Aborting

Roel Van de Paar added a comment - 2021-04-12 00:40 - edited Test on recent build (proves it is a duplicate as Marko suggested) 10.6.0 f74704c7d963ddcd1109843a5861c6bd76409c8d (Debug) 2021-04-12 11:33:36 0 [ERROR] Incorrect unsigned value: '-1125899906842624' for innodb-log-buffer-size 2021-04-12 11:33:36 0 [Warning] option 'innodb-log-buffer-size': unsigned value 0 adjusted to 262144 2021-04-12 11:33:36 0 [ERROR] /test/MD120421-mariadb-10.6.0-linux-x86_64-dbg/bin/mysqld: Error while setting value '-1125899906842624' to 'innodb-log-buffer-size' 2021-04-12 11:33:36 0 [ERROR] Parsing options for plugin 'InnoDB' failed. 2021-04-12 11:33:36 0 [Note] Plugin 'FEEDBACK' is disabled. 2021-04-12 11:33:36 0 [ERROR] /test/MD120421-mariadb-10.6.0-linux-x86_64-dbg/bin/mysqld: unknown variable 'innodb-log-buffer-size=-1125899906842624' 2021-04-12 11:33:36 0 [ERROR] Aborting

Marko Mäkelä added a comment - 2023-11-10 12:02

The InnoDB crash was fixed in ~~MDEV-32364~~.

Marko Mäkelä added a comment - 2023-11-10 12:02 The InnoDB crash was fixed in MDEV-32364 .

MariaDB Server

SIGSEGV in __memset_avx2_erms AND in mach_write_to_4 AND InnoDB: Failing assertion: ptr != NULL, all FROM log_t::create

Details

Description

Attachments

Issue Links

Activity

People

Dates

Git Integration