SIGSEGV in inline_mysql_mutex_lock (10.6/10.7) and PolicyMutex (10.5) on FTS and innodb-force-recovery=2

# mysqld options required for replay: --log_bin --innodb-force-recovery=2

CREATE TABLE t (FTS_DOC_ID BIGINT UNSIGNED KEY,c CHAR(200),d TEXT) ENGINE=InnoDB;

ALTER TABLE t ADD FULLTEXT INDEX i(c);

Core was generated by `/test/MD200721-mariadb-10.7.0-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.

Program terminated with signal SIGSEGV, Segmentation fault.

#0  inline_mysql_mutex_lock (src_line=3008, 

    src_file=0x55d4e66fcfd0 "/test/10.7_dbg/storage/innobase/fts/fts0opt.cc", 

    that=0x0) at /test/10.7_dbg/include/mysql/psi/mysql_thread.h:745

[Current thread is 1 (Thread 0x1460004fd700 (LWP 1698933))]

(gdb) bt

#0  inline_mysql_mutex_lock (src_line=3008, src_file=0x55d4e66fcfd0 "/test/10.7_dbg/storage/innobase/fts/fts0opt.cc", that=0x0) at /test/10.7_dbg/include/mysql/psi/mysql_thread.h:745

#1  fts_sync_during_ddl (table=0x145fd801fb98) at /test/10.7_dbg/storage/innobase/fts/fts0opt.cc:3008

#2  0x000055d4e5e79880 in prepare_inplace_alter_table_dict (ha_alter_info=ha_alter_info@entry=0x1460004f8f50, altered_table=altered_table@entry=0x1460004f9010, old_table=<optimized out>, table_name=<optimized out>, flags=<optimized out>, flags2=<optimized out>, fts_doc_id_col=<optimized out>, add_fts_doc_id=<optimized out>, add_fts_doc_id_idx=<optimized out>) at /test/10.7_dbg/storage/innobase/handler/handler0alter.cc:7121

#3  0x000055d4e5e7e447 in ha_innobase::prepare_inplace_alter_table (this=<optimized out>, altered_table=<optimized out>, ha_alter_info=<optimized out>) at /test/10.7_dbg/storage/innobase/handler/ha_innodb.h:699

#4  0x000055d4e5ab28a1 in handler::ha_prepare_inplace_alter_table (this=0x145fd802a4d0, altered_table=altered_table@entry=0x1460004f9010, ha_alter_info=ha_alter_info@entry=0x1460004f8f50) at /test/10.7_dbg/sql/handler.cc:5157

#5  0x000055d4e5887b37 in mysql_inplace_alter_table (thd=thd@entry=0x145fd8000db8, table_list=0x145fd8013ea0, table=table@entry=0x145fd801b948, altered_table=altered_table@entry=0x1460004f9010, ha_alter_info=ha_alter_info@entry=0x1460004f8f50, target_mdl_request=target_mdl_request@entry=0x1460004f9810, ddl_log_state=0x1460004f8ea0, trigger_param=0x1460004f93e0, alter_ctx=0x1460004fa6b0) at /test/10.7_dbg/sql/sql_table.cc:7328

#6  0x000055d4e589ad45 in mysql_alter_table (thd=thd@entry=0x145fd8000db8, new_db=new_db@entry=0x145fd80059c8, new_name=new_name@entry=0x145fd8005de0, create_info=create_info@entry=0x1460004fb4d0, table_list=<optimized out>, table_list@entry=0x145fd8013ea0, alter_info=alter_info@entry=0x1460004fb3e0, order_num=<optimized out>, order=<optimized out>, ignore=<optimized out>, if_exists=<optimized out>) at /test/10.7_dbg/sql/sql_table.cc:10207

#7  0x000055d4e5929f3b in Sql_cmd_alter_table::execute (this=<optimized out>, thd=0x145fd8000db8) at /test/10.7_dbg/sql/structs.h:568

#8  0x000055d4e57b31c2 in mysql_execute_command (thd=thd@entry=0x145fd8000db8, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.7_dbg/sql/sql_parse.cc:5993

#9  0x000055d4e5799ead in mysql_parse (thd=thd@entry=0x145fd8000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x1460004fc400) at /test/10.7_dbg/sql/sql_parse.cc:8026

#10 0x000055d4e57a89f8 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x145fd8000db8, packet=packet@entry=0x145fd800b869 "ALTER TABLE t ADD FULLTEXT INDEX i(c)", packet_length=packet_length@entry=37, blocking=blocking@entry=true) at /test/10.7_dbg/sql/sql_class.h:1340

#11 0x000055d4e57abe05 in do_command (thd=0x145fd8000db8, blocking=blocking@entry=true) at /test/10.7_dbg/sql/sql_parse.cc:1404

#12 0x000055d4e5921f48 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55d4e856d868, put_in_cache=put_in_cache@entry=true) at /test/10.7_dbg/sql/sql_connect.cc:1410

#13 0x000055d4e592254d in handle_one_connection (arg=arg@entry=0x55d4e856d868) at /test/10.7_dbg/sql/sql_connect.cc:1312

#14 0x000055d4e5d8a5b2 in pfs_spawn_thread (arg=0x55d4e80c4be8) at /test/10.7_dbg/storage/perfschema/pfs.cc:2201

#15 0x0000146017310609 in start_thread (arg=<optimized out>) at pthread_create.c:477

#16 0x0000146016efe293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Core was generated by `/test/MD140621-mariadb-10.5.11-linux-x86_64-dbg/bin/mysqld --no-defaults --core'.

Program terminated with signal SIGSEGV, Segmentation fault.

#0  PolicyMutex<TTASEventMutex<GenericPolicy> >::pfs_begin_lock (line=3040, 

    name=0x55aee9455210 "/test/10.5_dbg/storage/innobase/fts/fts0opt.cc", 

    state=0x1486d86c7400, this=0x0)

    at /test/10.5_dbg/storage/innobase/include/ib0mutex.h:700

[Current thread is 1 (Thread 0x1486d86cc700 (LWP 1732873))]

(gdb) bt

#0  PolicyMutex<TTASEventMutex<GenericPolicy> >::pfs_begin_lock (line=3040, name=0x55aee9455210 "/test/10.5_dbg/storage/innobase/fts/fts0opt.cc", state=0x1486d86c7400, this=0x0) at /test/10.5_dbg/storage/innobase/include/ib0mutex.h:700

#1  PolicyMutex<TTASEventMutex<GenericPolicy> >::enter (this=0x0, n_spins=30, n_delay=4, name=0x55aee9455210 "/test/10.5_dbg/storage/innobase/fts/fts0opt.cc", line=3040) at /test/10.5_dbg/storage/innobase/include/ib0mutex.h:585

#2  0x000055aee8f444f7 in fts_sync_during_ddl (table=0x1486a401f568) at /test/10.5_dbg/storage/innobase/fts/fts0opt.cc:3040

#3  0x000055aee8b9c2fc in prepare_inplace_alter_table_dict (ha_alter_info=ha_alter_info@entry=0x1486d86c8770, altered_table=altered_table@entry=0x1486d86c8810, old_table=<optimized out>, table_name=<optimized out>, flags=<optimized out>, flags2=<optimized out>, fts_doc_id_col=<optimized out>, add_fts_doc_id=<optimized out>, add_fts_doc_id_idx=<optimized out>) at /test/10.5_dbg/storage/innobase/handler/handler0alter.cc:7131

#4  0x000055aee8ba049b in ha_innobase::prepare_inplace_alter_table (this=<optimized out>, altered_table=<optimized out>, ha_alter_info=0x1486d86c8770) at /test/10.5_dbg/storage/innobase/handler/ha_innodb.h:709

#5  0x000055aee8769b65 in handler::ha_prepare_inplace_alter_table (this=0x1486a4028d70, altered_table=altered_table@entry=0x1486d86c8810, ha_alter_info=ha_alter_info@entry=0x1486d86c8770) at /test/10.5_dbg/sql/handler.cc:4837

#6  0x000055aee855c62d in mysql_inplace_alter_table (thd=thd@entry=0x1486a4000db8, table_list=0x1486a4013f10, table=table@entry=0x1486a401d638, altered_table=altered_table@entry=0x1486d86c8810, ha_alter_info=ha_alter_info@entry=0x1486d86c8770, target_mdl_request=target_mdl_request@entry=0x1486d86c8d60, alter_ctx=0x1486d86c98b0) at /test/10.5_dbg/sql/sql_table.cc:8079

#7  0x000055aee8570971 in mysql_alter_table (thd=thd@entry=0x1486a4000db8, new_db=new_db@entry=0x1486a4005828, new_name=new_name@entry=0x1486a4005c48, create_info=create_info@entry=0x1486d86ca4c0, table_list=<optimized out>, table_list@entry=0x1486a4013f10, alter_info=alter_info@entry=0x1486d86ca3f0, order_num=0, order=0x0, ignore=false, if_exists=false) at /test/10.5_dbg/sql/sql_table.cc:10727

#8  0x000055aee85f66c3 in Sql_cmd_alter_table::execute (this=<optimized out>, thd=0x1486a4000db8) at /test/10.5_dbg/sql/structs.h:559

#9  0x000055aee8499999 in mysql_execute_command (thd=thd@entry=0x1486a4000db8) at /test/10.5_dbg/sql/sql_parse.cc:6052

#10 0x000055aee847f59d in mysql_parse (thd=thd@entry=0x1486a4000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x1486d86cb3d0, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_dbg/sql/sql_parse.cc:8096

#11 0x000055aee848e80e in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x1486a4000db8, packet=packet@entry=0x1486a400b5d9 "ALTER TABLE t ADD FULLTEXT INDEX i(c)", packet_length=packet_length@entry=37, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_dbg/sql/sql_class.h:1271

#12 0x000055aee8492097 in do_command (thd=0x1486a4000db8) at /test/10.5_dbg/sql/sql_parse.cc:1370

#13 0x000055aee85ee8d7 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55aeeb8c8ed8, put_in_cache=put_in_cache@entry=true) at /test/10.5_dbg/sql/sql_connect.cc:1410

#14 0x000055aee85eefdb in handle_one_connection (arg=arg@entry=0x55aeeb8c8ed8) at /test/10.5_dbg/sql/sql_connect.cc:1312

#15 0x000055aee8aa8955 in pfs_spawn_thread (arg=0x55aeeb7e3b88) at /test/10.5_dbg/storage/perfschema/pfs.cc:2201

#16 0x00001486e208b609 in start_thread (arg=<optimized out>) at pthread_create.c:477

#17 0x00001486e1c79293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Core was generated by `/test/MD140621-mariadb-10.5.11-linux-x86_64-opt/bin/mysqld --no-defaults --core'.

Program terminated with signal SIGSEGV, Segmentation fault.

#0  0x0000564d526cbccd in PolicyMutex<TTASEventMutex<GenericPolicy> >::enter (

    line=<optimized out>, name=<optimized out>, n_delay=<optimized out>, 

    n_spins=<optimized out>, this=<optimized out>)

    at /test/10.5_opt/storage/innobase/fts/fts0opt.cc:3040

[Current thread is 1 (Thread 0x14f864637700 (LWP 1732144))]

(gdb) bt

#0  0x0000564d526cbccd in PolicyMutex<TTASEventMutex<GenericPolicy> >::enter (line=<optimized out>, name=<optimized out>, n_delay=<optimized out>, n_spins=<optimized out>, this=<optimized out>) at /test/10.5_opt/storage/innobase/fts/fts0opt.cc:3040

#1  fts_sync_during_ddl (table=0x14f838007630) at /test/10.5_opt/storage/innobase/fts/fts0opt.cc:3040

#2  0x0000564d524e75a6 in prepare_inplace_alter_table_dict (ha_alter_info=<optimized out>, altered_table=<optimized out>, old_table=<optimized out>, table_name=<optimized out>, flags=<optimized out>, flags2=<optimized out>, fts_doc_id_col=<optimized out>, add_fts_doc_id=<optimized out>, add_fts_doc_id_idx=<optimized out>) at /test/10.5_opt/storage/innobase/handler/handler0alter.cc:7131

#3  0x0000564d524ecfdd in ha_innobase::prepare_inplace_alter_table (this=<optimized out>, altered_table=<optimized out>, ha_alter_info=<optimized out>) at /test/10.5_opt/storage/innobase/handler/ha_innodb.h:709

#4  0x0000564d52026cab in mysql_inplace_alter_table (thd=0x14f838000c58, table_list=0x14f838010590, table=0x14f838017568, altered_table=0x14f8646339e0, ha_alter_info=0x14f864633940, alter_ctx=0x14f864634980, target_mdl_request=<optimized out>) at /test/10.5_opt/sql/sql_table.cc:8079

#5  0x0000564d52033d8f in mysql_alter_table (thd=thd@entry=0x14f838000c58, new_db=new_db@entry=0x14f838005508, new_name=new_name@entry=0x14f838005928, create_info=create_info@entry=0x14f864635590, table_list=<optimized out>, table_list@entry=0x14f838010590, alter_info=alter_info@entry=0x14f8646354c0, order_num=0, order=0x0, ignore=false, if_exists=false) at /test/10.5_opt/sql/sql_table.cc:10727

#6  0x0000564d52094667 in Sql_cmd_alter_table::execute (this=<optimized out>, thd=0x14f838000c58) at /test/10.5_opt/sql/structs.h:559

#7  0x0000564d51f8bbde in mysql_execute_command (thd=0x14f838000c58) at /test/10.5_opt/sql/sql_parse.cc:6052

#8  0x0000564d51f7b163 in mysql_parse (thd=0x14f838000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /test/10.5_opt/sql/sql_parse.cc:8096

#9  0x0000564d51f87945 in dispatch_command (command=COM_QUERY, thd=0x14f838000c58, packet=<optimized out>, packet_length=<optimized out>, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /test/10.5_opt/sql/sql_class.h:1271

#10 0x0000564d51f89ed2 in do_command (thd=0x14f838000c58) at /test/10.5_opt/sql/sql_parse.cc:1370

#11 0x0000564d5208f9a1 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x564d553a26b8, put_in_cache=put_in_cache@entry=true) at /test/10.5_opt/sql/sql_connect.cc:1410

#12 0x0000564d5208fe1d in handle_one_connection (arg=arg@entry=0x564d553a26b8) at /test/10.5_opt/sql/sql_connect.cc:1312

#13 0x0000564d5241ea99 in pfs_spawn_thread (arg=0x564d55336fd8) at /test/10.5_opt/storage/perfschema/pfs.cc:2201

#14 0x000014f87aa25609 in start_thread (arg=<optimized out>) at pthread_create.c:477

#15 0x000014f87a613293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95