Bug #84786 --performance-schema-digests-size=1 leads to SIGSEGV
Submitted: 2 Feb 2017 8:17 Modified: 3 Feb 2017 16:04
Reporter: Roel Van de Paar Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Performance Schema Severity:S1 (Critical)
Version:5.7.17-11 OS:Any
Assigned to: CPU Architecture:Any

[2 Feb 2017 8:17] Roel Van de Paar 
Description:
See attached Valgrind log, including;

valgrind: m_mallocfree.c:303 (get_bszB_as_is): Assertion 'bszB_lo == bszB_hi' failed.
valgrind: Heap block lo/hi size mismatch: lo = 640, hi = 0.
This is probably caused by your program erroneously writing past the
end of a heap block and corrupting heap metadata.  If you fix any
invalid writes reported by Memcheck, this assertion failure will
probably go away.  Please try that before reporting this as a bug.

How to repeat:
1) Build a standard DEBUG server
2) Start server with --no-defaults --performance-schema-digests-size=1 and under Valgrind (no -DWITH_VALGRIND=ON needed)
3) At mysql> prompt execute any query (for example SELECT 1;)
4) Check error log
[2 Feb 2017 8:18] Roel Van de Paar 
Error/Valgrind log

Attachment: master_ms.err (application/octet-stream, text), 37.09 KiB.
[2 Feb 2017 8:18] Roel Van de Paar 
Error/Valgrind log

Attachment: master_ms.err (application/octet-stream, text), 37.09 KiB.
[2 Feb 2017 8:18] Roel Van de Paar 
On PS, it crashes (https://bugs.launchpad.net/percona-server/+bug/1660828)
[2 Feb 2017 23:22] MySQL Verification Team 
Thank you for the bug report. Verified with most recent source server.

<CUT>

==16159==    by 0x161453B: std::vector<st_mysql_show_var, std::allocator<st_mysql_show_var> >::push_back(st_mysql_show_var const&) (stl_vector.h:926)
==16159==    by 0x15FDEBC: add_status_vars(st_mysql_show_var const*) (sql_show.cc:2606)
==16159==    by 0xF0A4F7: init_common_variables() (mysqld.cc:2764)
==16159==    by 0xF0E1AC: mysqld_main(int, char**) (mysqld.cc:4556)
==16159==    by 0xF06405: main (main.cc:25)
==16159== 

valgrind: m_mallocfree.c:303 (get_bszB_as_is): Assertion 'bszB_lo == bszB_hi' failed.
valgrind: Heap block lo/hi size mismatch: lo = 640, hi = 0.
This is probably caused by your program erroneously writing past the
end of a heap block and corrupting heap metadata.  If you fix any
invalid writes reported by Memcheck, this assertion failure will
probably go away.  Please try that before reporting this as a bug.

host stacktrace:
==16159==    at 0x38085208: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==16159==    by 0x38085324: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==16159==    by 0x380854B1: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==16159==    by 0x38092F44: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==16159==    by 0x3807E773: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==16159==    by 0x3807CFF3: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==16159==    by 0x3808124A: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==16159==    by 0x3807C36B: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==16159==    by 0x80BF2DF0D: ???
==16159==    by 0x80D856F1F: ???
<cut>
[2 Feb 2017 23:24] MySQL Verification Team 
valgrind log

Attachment: valgrind_bug_84786.txt (text/plain), 38.04 KiB.
[3 Feb 2017 16:04] Paul DuBois 
Posted by developer:
 
Noted in 5.6.36, 5.7.18, 8.0.1 changelogs.

Starting the server with --performance-schema-digests-size=1 caused
an abnormal exit.