Details
-
Bug
-
Status: Closed (View Workflow)
-
Critical
-
Resolution: Fixed
-
10.5, 10.6, 10.2(EOL), 10.3(EOL), 10.4(EOL), 10.7(EOL)
Description
SET collation_connection='tis620_bin';
|
SET @@session.character_set_server='tis620';
|
CREATE DATABASE a;
|
USE a;
|
CREATE TABLE t(c TEXT,FULLTEXT KEY f(c)) ENGINE=InnoDB;
|
INSERT INTO t VALUES(100);
|
ALTER TABLE t ADD (c2 INT);
|
Leads to:
10.6.0 bfb4761ca04704d68dba51f76d7c9967f880a6ee (Debug) |
Core was generated by `/test/MD110221-mariadb-10.6.0-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 0x000014ed559bbc30 in ?? () from /lib/x86_64-linux-gnu/libgcc_s.so.1
|
[Current thread is 1 (Thread 0x14ed31bfd700 (LWP 1630450))]
|
(gdb) bt
|
#0 0x000014ed559bbc30 in ?? () from /lib/x86_64-linux-gnu/libgcc_s.so.1
|
#1 0x000014ed559bd76b in _Unwind_Backtrace () from /lib/x86_64-linux-gnu/libgcc_s.so.1
|
#2 0x000014ed55c4b136 in __GI___backtrace (array=array@entry=0x14ed31bfbde0, size=size@entry=128) at backtrace.c:116
|
#3 0x000055817622e76d in my_print_stacktrace (stack_bottom=0x0, thread_stack=299008, silent=silent@entry=0 '\000') at /test/10.6_dbg/mysys/stacktrace.c:212
|
#4 0x00005581759c6221 in handle_fatal_signal (sig=11) at /test/10.6_dbg/sql/signal_handler.cc:208
|
#5 <signal handler called>
|
#6 0x0000558175efb556 in row_merge_fts_doc_tokenize (t_ctx=0x14ed31bfca80, opt_doc_id_size=<optimized out>, merge_file=<optimized out>, doc=0x14ed31bfc9d0, doc_id=<optimized out>, sort_buf=<optimized out>) at /test/10.6_dbg/storage/innobase/row/row0ftsort.cc:577
|
#7 fts_parallel_tokenization (arg=<optimized out>) at /test/10.6_dbg/storage/innobase/row/row0ftsort.cc:839
|
#8 0xb7c336e496240000 in ?? ()
|
#9 0x112e0be826d694b3 in ?? ()
|
#10 0x00005581761b7cc7 in std::condition_variable::__wait_until_impl<std::chrono::duration<long, std::ratio<1l, 1000000000l> > > (__atime=<synthetic pointer>: <optimized out>, __lock=<error reading variable: Cannot access memory at address 0x166476a9e69be61c>, this=0x558178a5a230) at /usr/include/x86_64-linux-gnu/c++/9/bits/gthr-default.h:872
|
#11 std::condition_variable::wait_until<std::chrono::_V2::steady_clock, std::chrono::duration<long, std::ratio<1l, 1000000000l> > > (__atime=<optimized out>, __lock=<error reading variable: Cannot access memory at address 0x166476a9e69be61c>, this=0x558178a5a230) at /usr/include/c++/9/condition_variable:121
|
#12 std::condition_variable::wait_for<long, std::ratio<1l, 1000l> > (__rtime=@0x14ed31bfcea8: {__r = 0}, __lock=<error reading variable: Cannot access memory at address 0x166476a9e69be61c>, this=0x558178a5a230) at /usr/include/c++/9/condition_variable:152
|
#13 tpool::thread_pool_generic::wait_for_tasks (this=0x14ed31bfcd70, lk=<error reading variable: Cannot access memory at address 0x166476a9e69be61c>, thread_data=0x558178a5a230) at /test/10.6_dbg/tpool/tpool_generic.cc:446
|
Backtrace stopped: Cannot access memory at address 0x166476a9e69be674
|
10.2.37 (Debug) |
Core was generated by `/test/MD260121-mariadb-10.2.37-linux-x86_64-dbg/bin/mysqld --no-defaults --core'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=11)
|
at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
|
[Current thread is 1 (Thread 0x14d6d6cb5700 (LWP 1640311))]
|
(gdb) bt
|
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=11) at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
|
#1 0x000056162b81d087 in my_write_core (sig=sig@entry=11) at /data/builds/10.2_dbg/mysys/stacktrace.c:382
|
#2 0x000056162b114a91 in handle_fatal_signal (sig=11) at /data/builds/10.2_dbg/sql/signal_handler.cc:343
|
#3 <signal handler called>
|
#4 ib_vector_size (vec=0x0) at /data/builds/10.2_dbg/storage/innobase/include/ut0vec.ic:118
|
#5 fts_sync_write_words (unlock_cache=<optimized out>, index_cache=0x14d690046a10, trx=<optimized out>) at /data/builds/10.2_dbg/storage/innobase/fts/fts0fts.cc:4005
|
#6 fts_sync_index (sync=<optimized out>, index_cache=0x14d690046a10) at /data/builds/10.2_dbg/storage/innobase/fts/fts0fts.cc:4107
|
#7 0x000056162b81c033 in my_thread_var_dbug () at /data/builds/10.2_dbg/mysys/my_thr_init.c:444
|
#8 0x000056162b835054 in code_state () at /data/builds/10.2_dbg/dbug/dbug.c:375
|
#9 0x000014d690046680 in ?? ()
|
#10 0x0000000000000000 in ?? ()
|
10.2.37 (Optimized) |
Core was generated by `/test/MD260121-mariadb-10.2.37-linux-x86_64-opt/bin/mysqld --no-defaults --core'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=11)
|
at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
|
[Current thread is 1 (Thread 0x14f24e86d700 (LWP 1639811))]
|
(gdb) bt
|
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=11) at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
|
#1 0x000055a6ea4cd57f in my_write_core (sig=sig@entry=11) at /data/builds/10.2_opt/mysys/stacktrace.c:382
|
#2 0x000055a6e9f748a8 in handle_fatal_signal (sig=11) at /data/builds/10.2_opt/sql/signal_handler.cc:343
|
#3 <signal handler called>
|
#4 __memmove_avx_unaligned_erms () at ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:440
|
#5 0x000055a6ea323b5a in memcpy (__len=18446721043960435969, __src=0x14f20803eb00, __dest=0x14f24e86c560) at /usr/include/x86_64-linux-gnu/bits/string_fortified.h:34
|
#6 fts_get_table_name (fts_table=fts_table@entry=0x14f24e86c7f0, table_name=table_name@entry=0x14f24e86c560 "", dict_locked=dict_locked@entry=false) at /data/builds/10.2_opt/storage/innobase/fts/fts0sql.cc:124
|
#7 0x000055a6ea30b662 in fts_write_node (trx=0x14f208039390, graph=0x14f2080393f0, fts_table=0x14f24e86c7f0, word=0x14f208057f10, node=0x14f208039900) at /data/builds/10.2_opt/storage/innobase/fts/fts0fts.cc:3857
|
#8 0x000055a6ea30b8d5 in fts_sync_write_words (unlock_cache=<optimized out>, index_cache=0x14f208039390, trx=<optimized out>) at /data/builds/10.2_opt/storage/innobase/fts/fts0fts.cc:4023
|
#9 fts_sync_index (sync=<optimized out>, index_cache=0x14f208039390) at /data/builds/10.2_opt/storage/innobase/fts/fts0fts.cc:4107
|
#10 0x0000000000000000 in ?? ()
|
10.4.18 e626f511f9dc4faee9ae98fb5a8c8c6ddd06679b (Optimized) |
Core was generated by `/test/MD260121-mariadb-10.4.18-linux-x86_64-opt/bin/mysqld --no-defaults --core'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 0x000055c0e45b6823 in my_read (Filedes=Filedes@entry=70,
|
Buffer=Buffer@entry=0x14bef8ee22f0 "Limit", ' ' <repeats 21 times>, "Soft Limit", ' ' <repeats 11 times>, "Hard Limit", ' ' <repeats 11 times>, "Units \nMax cpu time", ' ' <repeats 14 times>, "unlimited", ' ' <repeats 12 times>, "unlimited", ' ' <repeats 12 times>, "seconds \nMax file size", ' ' <repeats 13 times>, "unlimited "..., Count=Count@entry=4096, MyFlags=MyFlags@entry=0)
|
at /data/builds/10.4_opt/mysys/my_read.c:63
|
[Current thread is 1 (Thread 0x14bef8ee4700 (LWP 1644189))]
|
(gdb) bt
|
#0 0x000055c0e45b6823 in my_read (Filedes=Filedes@entry=70, Buffer=Buffer@entry=0x14bef8ee22f0 "Limit", ' ' <repeats 21 times>, "Soft Limit", ' ' <repeats 11 times>, "Hard Limit", ' ' <repeats 11 times>, "Units \nMax cpu time", ' ' <repeats 14 times>, "unlimited", ' ' <repeats 12 times>, "unlimited", ' ' <repeats 12 times>, "seconds \nMax file size", ' ' <repeats 13 times>, "unlimited "..., Count=Count@entry=4096, MyFlags=MyFlags@entry=0) at /data/builds/10.4_opt/mysys/my_read.c:63
|
#1 0x000055c0e3fc870a in output_core_info () at /data/builds/10.4_opt/sql/signal_handler.cc:66
|
#2 0x000055c0e3fc8b4e in handle_fatal_signal (sig=11) at /data/builds/10.4_opt/sql/signal_handler.cc:339
|
#3 <signal handler called>
|
#4 row_merge_fts_doc_tokenize (t_ctx=0x14bef8ee3b90, opt_doc_id_size=<optimized out>, merge_file=<optimized out>, doc=0x14bef8ee3ae0, doc_id=<optimized out>, sort_buf=<optimized out>) at /data/builds/10.4_opt/storage/innobase/row/row0ftsort.cc:586
|
#5 fts_parallel_tokenization (arg=<optimized out>) at /data/builds/10.4_opt/storage/innobase/row/row0ftsort.cc:854
|
#6 0x0000000000000000 in ?? ()
|
Note the various errors reading the backtrace. Some corruption going on.
Bug confirmed present in:
MariaDB: 10.2.37 (dbg), 10.2.37 (opt), 10.3.28 (dbg), 10.3.28 (opt), 10.4.18 (dbg), 10.4.18 (opt), 10.5.9 (dbg), 10.5.9 (opt), 10.6.0 (dbg), 10.6.0 (opt)
Bug (or feature/syntax) confirmed not present in:
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.33 (dbg), 5.7.33 (opt), 8.0.23 (dbg), 8.0.23 (opt)
Attachments
Issue Links
- relates to
-
MDEV-27164 UBSAN: strings/ctype-tis620.c:613:3: runtime error: null pointer passed as argument 2, which is declared to never be null in my_strnxfrm_tis620
- Confirmed