Bug #71560 innodb_wl6501 and innodb_wl6501_debug crash with debug libstdc++
Submitted: 2 Feb 2014 13:23 Modified: 3 Apr 2014 20:11
Reporter: Laurynas Biveinis (OCA) Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Server: InnoDB storage engine Severity:S3 (Non-critical)
Version:5.7.3 OS:Linux
Assigned to: CPU Architecture:Any
Tags: debug, innodb, libstdc++

[2 Feb 2014 13:23] Laurynas Biveinis
Description:
innodb_wl6501 and innodb_wl6501_debug crash in standard C++ library if debug version of libstdc++ is enabled with an out-of-bound std::vector::operator[] access.

How to repeat:
Compile with a debug libstdc++ by adding _GLIBCXX_DEBUG and _GLIBCXX_DEBUG_PEDANTIC preprocessor defines:

$ cmake .. -DWITH_DEBUG=ON -DCMAKE_CXX_FLAGS="-D_GLIBCXX_DEBUG -D_GLIBCXX_DEBUG_PEDANTIC"
$ make
...
$ cd mysql-test
...
$ ./mysql-test-run innodb_wl6501
...
2014-02-02T09:37:40.500148Z 0 [Note] InnoDB: Completing truncate for table with id (38) residing in space with id (0)
/usr/include/c++/4.8/debug/vector:346:error: attempt to subscript container 
    with out-of-bounds index 0, but container only holds 0 elements.

Objects involved in the operation:
sequence "this" @ 0x0x35ac3f0 {
  type = NSt7__debug6vectorIhSaIhEEE;
}
09:37:40 UTC - mysqld got signal 6 ;
...
Program terminated with signal 6, Aborted.
#0  0x00007fb5383daf0c in __pthread_kill (threadid=<optimized out>, signo=6) at ../nptl/sysdeps/unix/sysv/linux/pthread_kill.c:62
62	../nptl/sysdeps/unix/sysv/linux/pthread_kill.c: No such file or directory.
#0  0x00007fb5383daf0c in __pthread_kill (threadid=<optimized out>, signo=6) at ../nptl/sysdeps/unix/sysv/linux/pthread_kill.c:62
#1  0x0000000000bc0b1b in my_write_core (sig=6) at /home/laurynas/percona/src/mysql-server/mysys/stacktrace.c:258
#2  0x0000000000716c26 in handle_fatal_signal (sig=6) at /home/laurynas/percona/src/mysql-server/sql/signal_handler.cc:216
#3  <signal handler called>
#4  0x00007fb53781ef77 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#5  0x00007fb5378225e8 in __GI_abort () at abort.c:90
#6  0x00007fb538179cf5 in __gnu_debug::_Error_formatter::_M_error() const () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#7  0x0000000000e02ed8 in std::__debug::vector<unsigned char, std::allocator<unsigned char> >::operator[] (this=0x35ac3f0, __n=0) at /usr/include/c++/4.8/debug/vector:346
#8  0x0000000000dff3f4 in truncate_t::create_indexes (this=0x35abff0, table_name=0x35ac0a0 "test/t1", space_id=0, zip_size=0, flags=0, format_flags=1) at /home/laurynas/percona/src/mysql-server/storage/innobase/row/row0trunc.cc:2626
#9  0x0000000000f3a999 in fil_recreate_table (space_id=0, format_flags=1, flags=0, name=0x35ac0a0 "test/t1", truncate=...) at /home/laurynas/percona/src/mysql-server/storage/innobase/fil/fil0fil.cc:2227
#10 0x0000000000dfdd8a in truncate_t::fixup_tables () at /home/laurynas/percona/src/mysql-server/storage/innobase/row/row0trunc.cc:2064
#11 0x0000000000e32db1 in innobase_start_or_create_for_mysql () at /home/laurynas/percona/src/mysql-server/storage/innobase/srv/srv0start.cc:2049
#12 0x0000000000cbff79 in innobase_init (p=0x3407d10) at /home/laurynas/percona/src/mysql-server/storage/innobase/handler/ha_innodb.cc:3199
#13 0x000000000076ea78 in ha_initialize_handlerton (plugin=0x3405a40) at /home/laurynas/percona/src/mysql-server/sql/handler.cc:667
#14 0x000000000096a461 in plugin_initialize (plugin=0x3405a40) at /home/laurynas/percona/src/mysql-server/sql/sql_plugin.cc:1123
#15 0x000000000096afe9 in plugin_init (argc=0x19f7d20 <remaining_argc>, argv=0x32e6ec0, flags=0) at /home/laurynas/percona/src/mysql-server/sql/sql_plugin.cc:1425
#16 0x00000000006ffee4 in init_server_components () at /home/laurynas/percona/src/mysql-server/sql/mysqld.cc:3916
#17 0x0000000000700e67 in mysqld_main (argc=82, argv=0x32e6ec0) at /home/laurynas/percona/src/mysql-server/sql/mysqld.cc:4437
#18 0x00000000006f900d in main (argc=7, argv=0x7fff5b8f8648) at /home/laurynas/percona/src/mysql-server/sql/main.cc:25

Suggested fix:
Have not analyzed it.
[3 Feb 2014 8:28] MySQL Verification Team
Hello Laurynas,

Thank you for the bug report.
Verified as described.

Thanks,
Umesh
[3 Apr 2014 20:11] Laurynas Biveinis
5.7.4 affected too.