audit plugin + MB collation connection + PREPARE stmt parse error crash | handle_fatal_signal (sig=11) in read_token from digest_add_token

Bug #1688698 reported by Roel Van de Paar on 2017-05-06
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
MySQL Server
Unknown
Unknown
Percona Server moved to https://jira.percona.com/projects/PS
Status tracked in 5.7
5.5
Invalid
Undecided
Unassigned
5.6
Fix Released
High
Laurynas Biveinis
5.7
Fix Released
High
Laurynas Biveinis

Bug Description

(gdb) bt
#0 0x00007fb82c852741 in __pthread_kill (threadid=<optimized out>, signo=11) at ../nptl/sysdeps/unix/sysv/linux/pthread_kill.c:61
#1 0x0000000000ac6ee2 in my_write_core (sig=11) at /git/PS-5.6.36_dbg/mysys/stacktrace.c:424
#2 0x00000000007387a3 in handle_fatal_signal (sig=11) at /git/PS-5.6.36_dbg/sql/signal_handler.cc:236
#3 <signal handler called>
#4 0x00000000007b7bcb in read_token (digest_storage=0x7fb82ce3cf88, index=4294967294, tok=0x7fb82ce3a01c)
    at /git/PS-5.6.36_dbg/sql/sql_digest.cc:70
#5 0x00000000007b79e0 in digest_add_token (state=0x7fb82ce3cf80, token=0, yylval=0x7fb82ce3afe0)
    at /git/PS-5.6.36_dbg/sql/sql_digest.cc:603
#6 0x00000000007d8279 in Lex_input_stream::add_digest_token (this=0x7fb82ce3d068, token=0, yylval=0x7fb82ce3afe0)
    at /git/PS-5.6.36_dbg/sql/sql_lex.cc:393
#7 0x00000000007d967b in MYSQLlex (yylval=0x7fb82ce3afe0, thd=0x7fb801b4c000) at /git/PS-5.6.36_dbg/sql/sql_lex.cc:988
#8 0x00000000008ec765 in MYSQLparse (YYTHD=0x7fb801b4c000) at /git/PS-5.6.36_dbg/sql/sql_yacc.cc:18959
#9 0x00000000007fc560 in parse_sql (thd=0x7fb801b4c000, parser_state=0x7fb82ce3d060, creation_ctx=0x0)
    at /git/PS-5.6.36_dbg/sql/sql_parse.cc:9091
#10 0x000000000080f8a5 in Prepared_statement::prepare (this=0x7fb7b4c89280, packet=0x7fb7b4c1f120 "", packet_len=8)
    at /git/PS-5.6.36_dbg/sql/sql_prepare.cc:3754
#11 0x000000000080ca71 in mysql_sql_stmt_prepare (thd=0x7fb801b4c000) at /git/PS-5.6.36_dbg/sql/sql_prepare.cc:2554
#12 0x00000000007ed71e in mysql_execute_command (thd=0x7fb801b4c000) at /git/PS-5.6.36_dbg/sql/sql_parse.cc:3060
#13 0x00000000007f81fc in mysql_parse (thd=0x7fb801b4c000,
    rawbuf=0x7fb7b4c1f010 "PREPARE create_zip_dict_stmt FROM @create_zip_dict_sql", length=54, parser_state=0x7fb82ce3e4f0)
    at /git/PS-5.6.36_dbg/sql/sql_parse.cc:7058
#14 0x00000000007e9d0e in dispatch_command (command=COM_QUERY, thd=0x7fb801b4c000,
    packet=0x7fb7f47dc001 "PREPARE create_zip_dict_stmt FROM @create_zip_dict_sql", packet_length=54)
    at /git/PS-5.6.36_dbg/sql/sql_parse.cc:1485
#15 0x00000000007e8b0c in do_command (thd=0x7fb801b4c000) at /git/PS-5.6.36_dbg/sql/sql_parse.cc:1062
#16 0x00000000007aff9f in do_handle_one_connection (thd_arg=0x7fb801b4c000) at /git/PS-5.6.36_dbg/sql/sql_connect.cc:1550
#17 0x00000000007afca6 in handle_one_connection (arg=0x7fb801b4c000) at /git/PS-5.6.36_dbg/sql/sql_connect.cc:1454
#18 0x0000000000b15be1 in pfs_spawn_thread (arg=0x7fb80fbfb6a0) at /git/PS-5.6.36_dbg/storage/perfschema/pfs.cc:1860
#19 0x00007fb82c84ddc5 in start_thread (arg=0x7fb82ce3f700) at pthread_create.c:308
#20 0x00007fb82aca873d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113

DROP DATABASE test;
INSTALL PLUGIN QUERY_RESPONSE_TIME_AUDIT SONAME 'query_response_time.so';
SET collation_connection='ucs2_general_ci';
PREPARE create_zip_dict_stmt FROM @create_zip_dict_sql;

Roel Van de Paar (roel11) wrote :

Likely not related but see bug 1206014

tags: added: qa query-response-time
Roel Van de Paar (roel11) wrote :

This bug is a screenfiller in 5.6.36

Roel Van de Paar (roel11) wrote :

Given the very high frequency of this crash, I reduced 4 additional testcases;

DROP DATABASE test;
INSTALL PLUGIN audit_log SONAME 'audit_log.so';
set collation_connection=utf32_unicode_ci;
PREPARE stmt FROM @str;

DROP DATABASE test;
INSTALL PLUGIN audit_log SONAME 'audit_log.so';
SET collation_connection=utf16_general_ci;
prepare stmt2 from @var2;

DROP DATABASE test;
INSTALL PLUGIN audit_log SONAME 'audit_log.so';
set collation_connection=utf32_unicode_ci;
prepare stmt from @insert_sql;

DROP DATABASE test;
INSTALL PLUGIN audit_log SONAME 'audit_log.so';
SET collation_connection='utf32_bin';
prepare stmt1 from @fvar;

Roel Van de Paar (roel11) wrote :

This bug is a screenfiller in 5.7.18

tags: added: qablock
Roel Van de Paar (roel11) wrote :

A 5.7.18 testcase below (all others above are from 5.6). Looks the same.

DROP DATABASE test;
INSTALL PLUGIN audit_log SONAME 'audit_log.so';
SET collation_connection=utf16_unicode_520_ci;
PREPARE create_t_referencing_zip_dict_stmt FROM @create_t_referencing_zip_dict_sql;

tags: removed: query-response-time
tags: added: upstream
summary: - handle_fatal_signal (sig=11) in read_token from digest_add_token
+ audit plugin + MB collation connection + PREPARE stmt parse error crash
+ | handle_fatal_signal (sig=11) in read_token from digest_add_token

The upstream merged the fix in 5.6.39, 5.7.21, 8.0.4, 9.0.0.

Percona now uses JIRA for bug reports so this bug report is migrated to: https://jira.percona.com/browse/PS-1089

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.