Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-32463

SIGSEGV in __memmove_avx_unaligned_erms from a memcpy in xid_t::set (sql/handler.h:896) from Gtid_log_event::Gtid_log_event

    XMLWordPrintable

Details

    Description

      I saw the following stack during testing of MDEV-31949 on a debug build:

      bb-10.6-MDEV-31949 3455be1b4a925f43a1e7170029abf3304122409f (Debug)

      		 
      Core was generated by `/test/PATCH3_MD031023-mariadb-10.6.16-linux-x86_64-dbg/bin/mariadbd --no-defaul'.
      		 
      Program terminated with signal SIGSEGV, Segmentation fault.
      		 
      #0  0x000014953eba0ed0 in __memmove_avx_unaligned_erms ()
      		 
          at ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:866
      		 
      [Current thread is 1 (LWP 177135)]
      		 
      (gdb) bt
      		 
      #0  0x000014953eba0ed0 in __memmove_avx_unaligned_erms () at ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:866
      		 
      #1  0x000055d5c8977dfc in memcpy (__len=<optimized out>, __src=<optimized out>, __dest=0x149528751238) at /usr/include/x86_64-linux-gnu/bits/string_fortified.h:29
      		 
      #2  xid_t::set (xid=<optimized out>, this=0x149528751238) at /test/bb-10.6-MDEV-31949_PATCH3_dbg/sql/handler.h:896
      		 
      #3  Gtid_log_event::Gtid_log_event (this=this@entry=0x1495287511b0, thd_arg=thd_arg@entry=0x1494dc000d58, seq_no_arg=seq_no_arg@entry=271, domain_id_arg=domain_id_arg@entry=0, standalone=standalone@entry=false, flags_arg=flags_arg@entry=8, is_transactional=true, commit_id_arg=0, has_xid=false, ro_1pc=false) at /test/bb-10.6-MDEV-31949_PATCH3_dbg/sql/log_event_server.cc:3333
      		 
      #4  0x000055d5c8944175 in MYSQL_BIN_LOG::write_gtid_event (this=0x55d5c9aa3440 <mysql_bin_log>, thd=0x1494dc000d58, standalone=<optimized out>, is_transactional=<optimized out>, commit_id=0, has_xid=<optimized out>, is_ro_1pc=143) at /test/bb-10.6-MDEV-31949_PATCH3_dbg/sql/log.cc:6451
      		 
      #5  0x8f8f8f8f8f8f8f8f in ?? ()
      		 
      #6  0x8f8f8f8f8f8f8f8f in ?? ()
      		 
      #7  0x8f8f8f8f8f8f8f8f in ?? ()
      		 
      #8  0x8f8f8f8f8f8f8f8f in ?? ()
      		 
      #9  0x8f8f8f8f8f8f8f8f in ?? ()
      		 
      #10 0x8f8f8f8f8f8f8f8f in ?? ()
      		 
      #11 0x8f8f8f8f8f8f8f8f in ?? ()
      		 
      #12 0x8f8f8f8f8f8f8f8f in ?? ()
      		 
      #13 0x8f8f8f8f8f8f8f8f in ?? ()
      		 
      #14 0x8f8f8f8f8f8f8f8f in ?? ()
      		 
      #15 0x8f8f8f8f8f8f8f8f in ?? ()
      		 
      #16 0x8f8f8f8f8f8f8f8f in ?? ()
      		 
      #17 0x8f8f8f8f8f8f8f8f in ?? ()
      		 
      #18 0x8f8f8f8f8f8f8f8f in ?? ()
      		 
      #19 0x8f8f8f8f8f8f8f8f in ?? ()
      		 
      #20 0x8f8f8f8f8f8f8f8f in ?? ()
      		 
      #21 0x8f8f8f8f8f8f8f8f in ?? ()
      		 
      #22 0x8f8f8f8f8f8f8f8f in ?? ()
      		 
      #23 0x8f8f8f8f8f8f8f8f in ?? ()
      		 
      #24 0x8f8f8f8f8f8f8f8f in ?? ()
      		 
      #25 0x8f8f8f8f8f8f8f8f in ?? ()
      		 
      #26 0x8f8f8f8f8f8f8f8f in ?? ()
      		 
      #27 0x8f8f8f8f8f8f8f8f in ?? ()
      		 
      #28 0x8f8f8f8f8f8f8f8f in ?? ()
      		 
      #29 0x8f8f8f8f8f8f8f8f in ?? ()
      		 
      #30 0x8f8f8f8f8f8f8f8f in ?? ()
      		 
      #31 0x8f8f8f8f8f8f8f8f in ?? ()
      		 
      #32 0x8f8f8f8f8f8f8f8f in ?? ()
      		 
      #33 0x8f8f8f8f8f8f8f8f in ?? ()
      		 
      #34 0x8f8f8f8f8f8f8f8f in ?? ()
      		 
      #35 0x8f8f8f8f8f8f8f8f in ?? ()
      		 
      #36 0x8f8f8f8f8f8f8f8f in ?? ()
      		 
      #37 0x8f8f8f8f8f8f8f8f in ?? ()
      		 
      #38 0x8f8f8f8f8f8f8f8f in ?? ()
      		 
      #39 0x8f8f8f8f8f8f8f8f in ?? ()
      		 
      #40 0x8f8f8f8f8f8f8f8f in ?? ()
      		 
      #41 0x8f8f8f8f8f8f8f8f in ?? ()
      		 
      #42 0x8f8f8f8f8f8f8f8f in ?? ()
      		 
      #43 0x8f8f8f8f8f8f8f8f in ?? ()
      		 
      #44 0x8f8f8f8f8f8f8f8f in ?? ()
      		 
      #45 0x8f8f8f8f8f8f8f8f in ?? ()
      		 
      #46 0x0000000000000105 in ?? ()
      		 
      #47 0x0000000000000000 in ?? ()

      Replication was not enabled, binary logging was. All attempts at testcase reduction have failed. The issue was observed a number of times in various bb-10.6-MDEV-31949 tests, but was never seen in BASE. It is likely caused by MDEV-31949.

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. MDEV-32347 Stack smashing/looping, ASAN use-after-poison in xid_t::eq/event_xid_t::serialize, SIGSEGV in serialize_xid and Assertion `is_async_xac || thd->lex->xid->eq(thd->transaction->xid_state.get_xid())' failed in binlog_rollback_flush_trx_cache upon LOAD INDEX

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed
          is caused by

          Bug - A problem which impairs or prevents the functions of the product. MDEV-31949 slow parallel replication of user xa

          • Major - Major loss of function.
          • In Review
          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-31949 slow parallel replication of user xa

          • Major - Major loss of function.
          • In Review

          Bug - A problem which impairs or prevents the functions of the product. MDEV-32470 MDEV-31949: use-after-poison in xid_t::key_length()

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            People

              Elkin Andrei Elkin
              Roel Roel Van de Paar
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.