[MDEV-24269] SIGSEGV in __memset_avx2_erms AND in mach_write_to_4 AND InnoDB: Failing assertion: ptr != NULL, all FROM log_t::create Created: 2020-11-24  Updated: 2023-11-10  Resolved: 2021-04-12

Status: Closed
Project: MariaDB Server
Component/s: Storage Engine - InnoDB
Affects Version/s: 10.3, 10.4, 10.5, 10.6
Fix Version/s: 10.6.0

Type: Bug Priority: Major
Reporter: Roel Van de Paar Assignee: Vicențiu Ciorbaru
Resolution: Duplicate Votes: 0
Labels: not-10.2, regression

Issue Links:
Duplicate
duplicates MDEV-22219 negative values on system variables l... Closed
Relates
relates to MDEV-32364 Server crashes when starting server w... Closed

 Description    

# mysqld options required for replay: --innodb-log-buffer-size=-1125899906842624

Leads to:

10.6.0 5d4599f9750140f92cfdbbe4d292ae1b8dd456f8 (Debug)

 
Core was generated by `/test/MD211020-mariadb-10.6.0-linux-x86_64-dbg/bin/mysqld --no-defaults --lc-me'.
 
Program terminated with signal SIGSEGV, Segmentation fault.
 
#0  0x00001547f61a955b in kill () at ../sysdeps/unix/syscall-template.S:78
 
[Current thread is 1 (Thread 0x1547f5fcc800 (LWP 569152))]
 
(gdb) bt
 
#0  0x00001547f61a955b in kill () at ../sysdeps/unix/syscall-template.S:78
 
#1  0x000056491fccd28c in handle_fatal_signal (sig=11) at /test/10.6_dbg/sql/signal_handler.cc:342
 
#2  <signal handler called>
 
#3  __memset_avx2_erms () at ../sysdeps/x86_64/multiarch/memset-vec-unaligned-erms.S:151
 
#4  0x0000564920181f1b in memset (__len=<optimized out>, __ch=165, __dest=<optimized out>) at /usr/include/x86_64-linux-gnu/bits/string_fortified.h:71
 
#5  log_t::create (this=0x5649218c8600 <log_sys>) at /test/10.6_dbg/storage/innobase/log/log0log.cc:501
 
#6  0x00005649202df6dc in srv_start (create_new_db=<optimized out>) at /test/10.6_dbg/storage/innobase/srv/srv0start.cc:1332
 
#7  0x00005649200d7f78 in innodb_init (p=<optimized out>) at /test/10.6_dbg/storage/innobase/handler/ha_innodb.cc:3657
 
#8  0x000056491fcd15c2 in ha_initialize_handlerton (plugin=0x564922286fc0) at /test/10.6_dbg/sql/handler.cc:645
 
#9  0x000056491fa1a231 in plugin_initialize (tmp_root=tmp_root@entry=0x7fff2cb384d0, plugin=plugin@entry=0x564922286fc0, argc=argc@entry=0x564921023080 <remaining_argc>, argv=argv@entry=0x564922244498, options_only=<optimized out>) at /test/10.6_dbg/sql/sql_plugin.cc:1459
 
#10 0x000056491fa1bd83 in plugin_init (argc=argc@entry=0x564921023080 <remaining_argc>, argv=<optimized out>, flags=1) at /test/10.6_dbg/sql/sql_plugin.cc:1751
 
#11 0x000056491f8ef895 in init_server_components () at /test/10.6_dbg/sql/mysqld.cc:4953
 
#12 0x000056491f8f6234 in mysqld_main (argc=<optimized out>, argv=<optimized out>) at /test/10.6_dbg/sql/mysqld.cc:5541
 
#13 0x000056491f8e8b46 in main (argc=<optimized out>, argv=<optimized out>) at /test/10.6_dbg/sql/main.cc:25

Bug confirmed present in:
MariaDB: 10.3.26 (dbg), 10.3.26 (opt), 10.4.16 (dbg), 10.4.16 (opt), 10.5.7 (dbg), 10.5.7 (opt), 10.6.0 (dbg), 10.6.0 (opt)

Bug confirmed not present in:
MariaDB: 10.1.48 (dbg), 10.1.48 (opt), 10.2.35 (dbg), 10.2.35 (opt)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.50 (dbg), 5.6.50 (opt), 5.7.32 (dbg), 5.7.32 (opt), 8.0.22 (dbg), 8.0.22 (opt)

 Comments   
Comment by Roel Van de Paar [ 2020-11-24 ]

This also creates a few different stacks on different versions:

10.5.7 e3fc9c1db04bdc5566bcdafcc3d5159199089c00 (Optimized)

 
Core was generated by `/test/MD201020-mariadb-10.5.7-linux-x86_64-opt/bin/mysqld --no-defaults --lc-me'.
 
Program terminated with signal SIGSEGV, Segmentation fault.
 
#0  0x000014c07fb6255b in kill () at ../sysdeps/unix/syscall-template.S:78
 
[Current thread is 1 (Thread 0x14c07f985800 (LWP 579240))]
 
(gdb) bt
 
#0  0x000014c07fb6255b in kill () at ../sysdeps/unix/syscall-template.S:78
 
#1  0x000056276491425e in handle_fatal_signal (sig=11) at /test/10.5_opt/sql/signal_handler.cc:342
 
#2  <signal handler called>
 
#3  mach_write_to_4 (n=17, b=0x0) at /test/10.5_opt/storage/innobase/include/mach0data.ic:166
 
#4  log_block_set_hdr_no (n=17, log_block=0x0) at /test/10.5_opt/storage/innobase/include/log0log.ic:95
 
#5  log_block_init (lsn=8192, log_block=0x0) at /test/10.5_opt/storage/innobase/include/log0log.ic:240
 
#6  log_t::create (this=this@entry=0x5627660da000 <log_sys>) at /test/10.5_opt/storage/innobase/log/log0log.cc:528
 
#7  0x00005627645d1edd in srv_start (create_new_db=<optimized out>) at /test/10.5_opt/storage/innobase/srv/srv0start.cc:1277
 
#8  0x0000562764c36539 in innodb_init (p=<optimized out>) at /test/10.5_opt/storage/innobase/handler/ha_innodb.cc:3896
 
#9  0x0000562764917332 in ha_initialize_handlerton (plugin=0x5627672cc610) at /test/10.5_opt/sql/handler.cc:645
 
#10 0x0000562764716e6a in plugin_initialize (tmp_root=tmp_root@entry=0x7ffe3b6f8ba0, plugin=plugin@entry=0x5627672cc610, argc=argc@entry=0x56276583ba80 <remaining_argc>, argv=argv@entry=0x562767293bc8, options_only=options_only@entry=false) at /test/10.5_opt/sql/sql_plugin.cc:1459
 
#11 0x0000562764718145 in plugin_init (argc=argc@entry=0x56276583ba80 <remaining_argc>, argv=<optimized out>, flags=1) at /test/10.5_opt/sql/sql_plugin.cc:1751
 
#12 0x0000562764636b2b in init_server_components () at /test/10.5_opt/sql/mysqld.cc:4913
 
#13 0x000056276463c6f5 in mysqld_main (argc=<optimized out>, argv=<optimized out>) at /test/10.5_opt/sql/mysqld.cc:5496
 
#14 0x000014c07fb430b3 in __libc_start_main (main=0x562764600880 <main(int, char**)>, argc=13, argv=0x7ffe3b6fab38, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffe3b6fab28) at ../csu/libc-start.c:308
 
#15 0x000056276463129e in _start () at /test/10.5_opt/sql/mysqld.cc:4345

10.3.26 9b46d8e5c4108b0c55f8df3aa9abd8dd344d7688 (Debug)

 
InnoDB: Failing assertion: ptr != NULL

10.3.26 9b46d8e5c4108b0c55f8df3aa9abd8dd344d7688 (Debug)

 
Core was generated by `/test/MD211020-mariadb-10.3.26-linux-x86_64-dbg/bin/mysqld --no-defaults --lc-m'.
 
Program terminated with signal SIGABRT, Aborted.
 
#0  0x000014d8c587855b in kill () at ../sysdeps/unix/syscall-template.S:78
 
[Current thread is 1 (Thread 0x14d8c569b7c0 (LWP 579330))]
 
(gdb) bt
 
#0  0x000014d8c587855b in kill () at ../sysdeps/unix/syscall-template.S:78
 
#1  0x000055ac4ac4dd65 in handle_fatal_signal (sig=6) at /test/10.3_dbg/sql/signal_handler.cc:355
 
#2  <signal handler called>
 
#3  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
 
#4  0x000014d8c5857859 in __GI_abort () at abort.c:79
 
#5  0x000055ac4b0fa5eb in ut_dbg_assertion_failed (expr=expr@entry=0x55ac4b76acf6 "ptr != NULL", file=file@entry=0x55ac4b6f4a48 "/test/10.3_dbg/storage/innobase/include/ut0new.h", line=line@entry=248) at /test/10.3_dbg/storage/innobase/ut/ut0dbg.cc:60
 
#6  0x000055ac4af206b0 in ut_allocate_trace_dontdump (pfx=0x0, bytes=<optimized out>, ptr=<optimized out>) at /test/10.3_dbg/storage/innobase/include/ut0new.h:248
 
#7  ut_malloc_dontdump (n_bytes=<optimized out>) at /test/10.3_dbg/storage/innobase/include/ut0new.h:984
 
#8  log_t::create (this=0x55ac4bcfca00 <log_sys>) at /test/10.3_dbg/storage/innobase/log/log0log.cc:551
 
#9  0x000055ac4b095010 in srv_start (create_new_db=<optimized out>) at /test/10.3_dbg/storage/innobase/srv/srv0start.cc:1630
 
#10 0x000055ac4ae8699a in innodb_init (p=<optimized out>) at /test/10.3_dbg/storage/innobase/handler/ha_innodb.cc:4175
 
#11 0x000055ac4ac50a4a in ha_initialize_handlerton (plugin=0x55ac4d8c7940) at /test/10.3_dbg/sql/handler.cc:549
 
#12 0x000055ac4a9da154 in plugin_initialize (tmp_root=tmp_root@entry=0x7fff4427bb60, plugin=0x55ac4d8c7940, argc=argc@entry=0x55ac4bd863c8 <remaining_argc>, argv=argv@entry=0x55ac4d885038, options_only=options_only@entry=false) at /test/10.3_dbg/sql/sql_plugin.cc:1433
 
#13 0x000055ac4a9dbc10 in plugin_init (argc=argc@entry=0x55ac4bd863c8 <remaining_argc>, argv=0x55ac4d885038, flags=2) at /test/10.3_dbg/sql/sql_plugin.cc:1715
 
#14 0x000055ac4a8c4f56 in init_server_components () at /test/10.3_dbg/sql/mysqld.cc:5423
 
#15 0x000055ac4a8cd112 in mysqld_main (argc=<optimized out>, argv=<optimized out>) at /test/10.3_dbg/sql/mysqld.cc:6032
 
#16 0x000055ac4a8bd1e6 in main (argc=<optimized out>, argv=<optimized out>) at /test/10.3_dbg/sql/main.cc:25

Comment by Marko Mäkelä [ 2020-11-24 ]

I think that this report duplicates MDEV-22219. Basically, any unsigned configuration parameter will treat negative parameters as very large ones.

Comment by Roel Van de Paar [ 2021-04-12 ]

Test on recent build (proves it is a duplicate as Marko suggested)

10.6.0 f74704c7d963ddcd1109843a5861c6bd76409c8d (Debug)

 
2021-04-12 11:33:36 0 [ERROR] Incorrect unsigned value: '-1125899906842624' for innodb-log-buffer-size
 
2021-04-12 11:33:36 0 [Warning] option 'innodb-log-buffer-size': unsigned value 0 adjusted to 262144
 
2021-04-12 11:33:36 0 [ERROR] /test/MD120421-mariadb-10.6.0-linux-x86_64-dbg/bin/mysqld: Error while setting value '-1125899906842624' to 'innodb-log-buffer-size'
 
2021-04-12 11:33:36 0 [ERROR] Parsing options for plugin 'InnoDB' failed.
 
2021-04-12 11:33:36 0 [Note] Plugin 'FEEDBACK' is disabled.
 
2021-04-12 11:33:36 0 [ERROR] /test/MD120421-mariadb-10.6.0-linux-x86_64-dbg/bin/mysqld: unknown variable 'innodb-log-buffer-size=-1125899906842624'
 
2021-04-12 11:33:36 0 [ERROR] Aborting

Comment by Marko Mäkelä [ 2023-11-10 ]

The InnoDB crash was fixed in MDEV-32364.

Generated at Thu Feb 08 09:28:42 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.