handle_fatal_signal (sig=11) in sql_digest_storage::copy

Bug #1660828 reported by Roel Van de Paar on 2017-01-31
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
MySQL Server
Unknown
Unknown
Percona Server moved to https://jira.percona.com/projects/PS
Status tracked in 5.7
5.5
New
Undecided
Unassigned
5.6
Fix Released
High
Unassigned
5.7
Fix Released
High
Unassigned

Bug Description

2017-01-31T21:58:09.430634Z 0 [Note] /sda/PS300117-percona-server-5.7.17-11-linux-x86_64-debug/bin/mysqld: ready for connections.
Version: '5.7.17-11-debug' socket: '/sda/PS300117-percona-server-5.7.17-11-linux-x86_64-debug/socket.sock' port: 12438 MySQL Community Server (GPL)
21:58:13 UTC - mysqld got signal 11 ;

Core was generated by `/sda/PS300117-percona-server-5.7.17-11-linux-x86_64-debug/bin/mysqld --no-defau'.
Program terminated with signal 11, Segmentation fault.
#0 0x00007fd808000741 in __pthread_kill (threadid=<optimized out>, signo=11) at ../nptl/sysdeps/unix/sysv/linux/pthread_kill.c:61
61 val = INTERNAL_SYSCALL (tgkill, err, 3, THREAD_GETMEM (THREAD_SELF, pid),
(gdb) bt
#0 0x00007fd808000741 in __pthread_kill (threadid=<optimized out>, signo=11) at ../nptl/sysdeps/unix/sysv/linux/pthread_kill.c:61
#1 0x000000000185027e in my_write_core (sig=11) at /git/PS-5.7.17_dbg/mysys/stacktrace.c:249
#2 0x0000000000e81bc1 in handle_fatal_signal (sig=11) at /git/PS-5.7.17_dbg/sql/signal_handler.cc:223
#3 <signal handler called>
#4 __memcpy_ssse3_back () at ../sysdeps/x86_64/multiarch/memcpy-ssse3-back.S:1809
#5 0x000000000188a298 in sql_digest_storage::copy (this=0x7fd8044326d8, from=0x7fd7c381afd8) at /git/PS-5.7.17_dbg/sql/sql_digest.h:94
#6 0x000000000188ebd4 in find_or_create_digest (thread=0x7fd801420480, digest_storage=0x7fd7c381afd8, schema_name=0x7fd7c381b0c0 "test", schema_name_length=4)
    at /git/PS-5.7.17_dbg/storage/perfschema/pfs_digest.cc:285
#7 0x0000000001885de7 in pfs_end_statement_v1 (locker=0x7fd7c381b018, stmt_da=0x7fd7c381c0b8) at /git/PS-5.7.17_dbg/storage/perfschema/pfs.cc:5407
#8 0x00000000015159a9 in inline_mysql_end_statement (locker=0x7fd7c381b018, stmt_da=0x7fd7c381c0b8) at /git/PS-5.7.17_dbg/include/mysql/psi/mysql_statement.h:228
#9 0x000000000151b031 in dispatch_command (thd=0x7fd7c3819000, com_data=0x7fd8085ecc90, command=COM_QUERY) at /git/PS-5.7.17_dbg/sql/sql_parse.cc:1952
#10 0x0000000001518849 in do_command (thd=0x7fd7c3819000) at /git/PS-5.7.17_dbg/sql/sql_parse.cc:1023
#11 0x0000000001656dfe in handle_connection (arg=0x7fd7ee01f6a0) at /git/PS-5.7.17_dbg/sql/conn_handler/connection_handler_per_thread.cc:312
#12 0x000000000187ee4d in pfs_spawn_thread (arg=0x7fd7fd791420) at /git/PS-5.7.17_dbg/storage/perfschema/pfs.cc:2188
#13 0x00007fd807ffbdc5 in start_thread (arg=0x7fd8085ed700) at pthread_create.c:308
#14 0x00007fd80645673d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113

Start server with --no-defaults --performance-schema-digests-size=1
Then execute any query like SELECT 1;
This testcase does NOT crash MS 5.7.17
Related to TokuDB PFS perhaps?

tags: added: qa

TokuDB PFS is not merged. Roel, can you please test PS and MySQL under Valgrind and/or ASan with this testcase?

Roel Van de Paar (roel11) wrote :

Tested with Valgrind. Discussing w/ Laurynas

Roel Van de Paar (roel11) wrote :
Roel Van de Paar (roel11) wrote :

Reproduced Valgrind SIGSEGV on MS also
Now dup of https://bugs.mysql.com/bug.php?id=84786

tags: added: upstream

Percona now uses JIRA for bug reports so this bug report is migrated to: https://jira.percona.com/browse/PS-1056

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.