Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-29352

SIGSEGV's in strlen and unknown location on optimized builds at SHUTDOWN

    XMLWordPrintable

Details

    Description

      This issue may potentially be at the core of, or close to, the many 'Cannot access memory at address' stacks I have observed in the last few months.

      SHOW CREATE TABLE t;
      		 
      FLUSH TABLES WITH READ LOCK;
      		 
      CREATE FUNCTION spider_bg_direct_sql RETURNS INT SONAME 'ha_spider.so';
      		 
      SELECT * FROM t;
      		 
      SHUTDOWN;

      Leads to:

      10.11.0 bc563f1a4b0b38de3b41fd0f0d3d8b7f1aacbd8b (Optimized)

      		 
      Core was generated by `/test/MD190822-mariadb-10.11.0-linux-x86_64-opt/bin/mysqld --no-defaults --core'.
      		 
      Program terminated with signal SIGSEGV, Segmentation fault.
      		 
      #0  0x000014f6a8f94e4a in ?? ()
      		 
      [Current thread is 1 (LWP 710596)]
      		 
      (gdb) bt
      		 
      #0  0x000014f6a8f94e4a in ?? ()
      		 
      Backtrace stopped: Cannot access memory at address 0x7ffcf60b68b8

      10.10.2 87e8463e0454a04c2bbaa38d44227c491fb07dc1 (Optimized)

      		 
      Core was generated by `/test/MD200822-mariadb-10.10.2-linux-x86_64-opt/bin/mysqld --no-defaults --core'.
      		 
      Program terminated with signal SIGSEGV, Segmentation fault.
      		 
      #0  strlen () at ../sysdeps/x86_64/multiarch/../strlen.S:120
      		 
      [Current thread is 1 (Thread 0x14f409a0c800 (LWP 710789))]
      		 
      (gdb) bt
      		 
      #0  strlen () at ../sysdeps/x86_64/multiarch/../strlen.S:120
      		 
      #1  0x000014f40a22cce5 in __GI__dl_exception_create (exception=0x7ffe61c688a0, objname=0x4c8 <error: Cannot access memory at address 0x4c8>, errstring=errstring@entry=0x14f40a239b69 "shared object not open") at dl-exception.c:74
      		 
      #2  0x000014f409d23878 in __GI__dl_signal_error (errcode=errcode@entry=0, objname=<optimized out>, occation=occation@entry=0x0, errstring=errstring@entry=0x14f40a239b69 "shared object not open") at dl-error-skeleton.c:117
      		 
      #3  0x000014f40a22bf61 in _dl_close (_map=0x14f39c023590) at dl-close.c:856
      		 
      #4  0x000014f409d23928 in __GI__dl_catch_exception (exception=exception@entry=0x7ffe61c688a0, operate=operate@entry=0x14f40a0e9420 <dlclose_doit>, args=args@entry=0x14f39c023590) at dl-error-skeleton.c:208
      		 
      #5  0x000014f409d239f3 in __GI__dl_catch_error (objname=objname@entry=0x55753a399c50, errstring=errstring@entry=0x55753a399c58, mallocedp=mallocedp@entry=0x55753a399c48, operate=operate@entry=0x14f40a0e9420 <dlclose_doit>, args=args@entry=0x14f39c023590) at dl-error-skeleton.c:227
      		 
      #6  0x000014f40a0e9b59 in _dlerror_run (operate=operate@entry=0x14f40a0e9420 <dlclose_doit>, args=0x14f39c023590) at dlerror.c:170
      		 
      #7  0x000014f40a0e9468 in __dlclose (handle=<optimized out>) at dlclose.c:46
      		 
      #8  0x00005575388f11e7 in udf_free () at /test/10.10_opt/sql/sql_udf.cc:302
      		 
      #9  0x000055753872913a in clean_up (print_message=print_message@entry=true) at /test/10.10_opt/sql/mysqld.cc:1989
      		 
      #10 0x00005575387313da in clean_up (print_message=true) at /test/10.10_opt/sql/mysqld.cc:5940
      		 
      #11 mysqld_main (argc=<optimized out>, argv=<optimized out>) at /test/10.10_opt/sql/mysqld.cc:5940
      		 
      #12 0x000014f409be7083 in __libc_start_main (main=0x5575386e55c0 <main(int, char**)>, argc=10, argv=0x7ffe61c68fc8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffe61c68fb8) at ../csu/libc-start.c:308
      		 
      #13 0x00005575387274be in _start () at /test/10.10_opt/sql/mysqld.cc:4558

      10.6.10 75c416d3627650a5b43c70a8150292990206e3e0 (Optimized)

      		 
      Core was generated by `/test/MD200822-mariadb-10.6.10-linux-x86_64-opt/bin/mysqld --no-defaults --core'.
      		 
      Program terminated with signal SIGSEGV, Segmentation fault.
      		 
      #0  strlen () at ../sysdeps/x86_64/multiarch/../strlen.S:120
      		 
      [Current thread is 1 (Thread 0x147534425800 (LWP 711485))]
      		 
      (gdb) bt
      		 
      #0  strlen () at ../sysdeps/x86_64/multiarch/../strlen.S:120
      		 
      #1  0x0000147534c45ce5 in __GI__dl_exception_create (exception=0x7ffcd97bf6d0, objname=0x4c8 <error: Cannot access memory at address 0x4c8>, errstring=errstring@entry=0x147534c52b69 "shared object not open") at dl-exception.c:74
      		 
      #2  0x000014753473c878 in __GI__dl_signal_error (errcode=errcode@entry=0, objname=<optimized out>, occation=occation@entry=0x0, errstring=errstring@entry=0x147534c52b69 "shared object not open") at dl-error-skeleton.c:117
      		 
      #3  0x0000147534c44f61 in _dl_close (_map=0x1474580232e0) at dl-close.c:856
      		 
      #4  0x000014753473c928 in __GI__dl_catch_exception (exception=exception@entry=0x7ffcd97bf6d0, operate=operate@entry=0x147534b02420 <dlclose_doit>, args=args@entry=0x1474580232e0) at dl-error-skeleton.c:208
      		 
      #5  0x000014753473c9f3 in __GI__dl_catch_error (objname=objname@entry=0x562f1c459c50, errstring=errstring@entry=0x562f1c459c58, mallocedp=mallocedp@entry=0x562f1c459c48, operate=operate@entry=0x147534b02420 <dlclose_doit>, args=args@entry=0x1474580232e0) at dl-error-skeleton.c:227
      		 
      #6  0x0000147534b02b59 in _dlerror_run (operate=operate@entry=0x147534b02420 <dlclose_doit>, args=0x1474580232e0) at dlerror.c:170
      		 
      #7  0x0000147534b02468 in __dlclose (handle=<optimized out>) at dlclose.c:46
      		 
      #8  0x0000562f19eac487 in udf_free () at /test/10.6_opt/sql/sql_udf.cc:302
      		 
      #9  0x0000562f19d2418a in clean_up (print_message=print_message@entry=true) at /test/10.6_opt/sql/mysqld.cc:1958
      		 
      #10 0x0000562f19d2c42a in clean_up (print_message=true) at /test/10.6_opt/sql/mysqld.cc:5895
      		 
      #11 mysqld_main (argc=<optimized out>, argv=<optimized out>) at /test/10.6_opt/sql/mysqld.cc:5895
      		 
      #12 0x0000147534600083 in __libc_start_main (main=0x562f19ce1a80 <main(int, char**)>, argc=10, argv=0x7ffcd97bfdf8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffcd97bfde8) at ../csu/libc-start.c:308
      		 
      #13 0x0000562f19d2263e in _start () at /test/10.6_opt/sql/mysqld.cc:4521

      Bug confirmed present in:
      MariaDB: 10.6.10 (opt), 10.7.6 (opt), 10.8.5 (opt), 10.9.2 (opt), 10.10.2 (opt), 10.11.0 (opt)

      Bug (or feature/syntax) confirmed not present in:
      MariaDB: 10.3.37 (dbg), 10.3.37 (opt), 10.4.27 (dbg), 10.4.27 (opt), 10.5.18 (dbg), 10.5.18 (opt), 10.6.10 (dbg), 10.7.6 (dbg), 10.8.5 (dbg), 10.9.2 (dbg), 10.10.2 (dbg), 10.11.0 (dbg)
      MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.38 (dbg), 5.7.38 (opt), 8.0.29 (dbg), 8.0.29 (opt)

      UniqueID's seen in connection with this testcase:

      SIGSEGV|Backtrace stopped: Cannot access memory at address
      		 
      SIGSEGV|strlen|Backtrace stopped: Cannot access memory at address
      		 
      SIGSEGV|strlen|__GI__dl_exception_create|__GI__dl_signal_error|_dl_close

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-28625 Spider: SIGSEGV in _dl_lookup_symbol_x or SIGSEGV in do_lookup_x on CREATE FUNCTION

          • Major - Major loss of function.
          • Open

          Activity

            People

              nayuta-yanagisawa Nayuta Yanagisawa (Inactive)
              Roel Roel Van de Paar
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.