Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-28625

Spider: SIGSEGV in _dl_lookup_symbol_x or SIGSEGV in do_lookup_x on CREATE FUNCTION

Details

    Description

      CREATE TABLE t (c INT) ENGINE=InnoDB;
      LOCK TABLE t READ;
      SELECT * FROM t;
      CREATE FUNCTION spider_bg_direct_sql RETURNS INT SONAME 'ha_spider.so';
      LOCK TABLES nonexisting READ;
      CREATE FUNCTION spider_direct_sql RETURNS INT SONAME 'ha_spider.so';
      

      Leads to:

      10.9.0 0b14dbd45b5a1c02616d611876158d44b92b77bf (Debug)

      Core was generated by `/test/MD030522-mariadb-10.9.0-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
      Program terminated with signal SIGSEGV, Segmentation fault.
      #0  0x0000152bd317237f in _dl_lookup_symbol_x (
          undef_name=0x152b84013cd8 "spider_direct_sql", undef_map=0x152b8406e9a0, 
          ref=0x152bba1c3328, symbol_scope=0x152b8406ed38, version=0x0, 
          type_class=0, flags=2, skip_map=0x0) at dl-lookup.c:873
      [Current thread is 1 (Thread 0x152bba1c5700 (LWP 116818))]
      (gdb) bt
      #0  0x0000152bd317237f in _dl_lookup_symbol_x (undef_name=0x152b84013cd8 "spider_direct_sql", undef_map=0x152b8406e9a0, ref=0x152bba1c3328, symbol_scope=0x152b8406ed38, version=0x0, type_class=0, flags=2, skip_map=0x0) at dl-lookup.c:873
      #1  0x0000152bd2c75373 in do_sym (flags=<optimized out>, vers=0x0, who=0x562b2079c960 <init_syms(udf_func*, char*)+31>, name=0x152b84013cd8 "spider_direct_sql", handle=<optimized out>) at dl-sym.c:165
      #2  _dl_sym (handle=<optimized out>, name=0x152b84013cd8 "spider_direct_sql", who=0x562b2079c960 <init_syms(udf_func*, char*)+31>) at dl-sym.c:274
      #3  0x0000152bd303b4a8 in dlsym_doit (a=a@entry=0x152bba1c3570) at dlsym.c:50
      #4  0x0000152bd2c75928 in __GI__dl_catch_exception (exception=exception@entry=0x152bba1c3500, operate=operate@entry=0x152bd303b490 <dlsym_doit>, args=args@entry=0x152bba1c3570) at dl-error-skeleton.c:208
      #5  0x0000152bd2c759f3 in __GI__dl_catch_error (objname=objname@entry=0x152b8401eeb0, errstring=errstring@entry=0x152b8401eeb8, mallocedp=mallocedp@entry=0x152b8401eea8, operate=operate@entry=0x152bd303b490 <dlsym_doit>, args=args@entry=0x152bba1c3570) at dl-error-skeleton.c:227
      #6  0x0000152bd303bb59 in _dlerror_run (operate=operate@entry=0x152bd303b490 <dlsym_doit>, args=args@entry=0x152bba1c3570) at dlerror.c:170
      #7  0x0000152bd303b525 in __dlsym (handle=<optimized out>, name=0x152b84013cd8 "spider_direct_sql") at dlsym.c:70
      #8  0x0000562b2079c960 in init_syms (tmp=tmp@entry=0x152b84006218, nm=nm@entry=0x152bba1c3600 "\240\260\257!+V") at /test/10.9_dbg/sql/sql_udf.cc:68
      #9  0x0000562b2079de71 in mysql_create_function (thd=thd@entry=0x152b84000db8, udf=udf@entry=0x152b84006218) at /test/10.9_dbg/sql/sql_udf.cc:601
      #10 0x0000562b206b5218 in mysql_execute_command (thd=thd@entry=0x152b84000db8, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.9_dbg/sql/sql_parse.cc:5317
      #11 0x0000562b2069f67b in mysql_parse (thd=thd@entry=0x152b84000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x152bba1c4470) at /test/10.9_dbg/sql/sql_parse.cc:8046
      #12 0x0000562b206acf79 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x152b84000db8, packet=packet@entry=0x152b8400b699 "CREATE FUNCTION spider_direct_sql RETURNS INT SONAME 'ha_spider.so'", packet_length=packet_length@entry=67, blocking=blocking@entry=true) at /test/10.9_dbg/sql/sql_class.h:1364
      #13 0x0000562b206af686 in do_command (thd=0x152b84000db8, blocking=blocking@entry=true) at /test/10.9_dbg/sql/sql_parse.cc:1408
      #14 0x0000562b2080cd02 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x562b229d9838, put_in_cache=put_in_cache@entry=true) at /test/10.9_dbg/sql/sql_connect.cc:1418
      #15 0x0000562b2080d20b in handle_one_connection (arg=0x562b229d9838) at /test/10.9_dbg/sql/sql_connect.cc:1312
      #16 0x0000152bd3048609 in start_thread (arg=<optimized out>) at pthread_create.c:477
      #17 0x0000152bd2c34133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
      

      10.4.25 9c6135e81f29b3e3286d6b864c0fdafc2fea16ce (Optimized)

      Core was generated by `/test/MD160322-mariadb-10.4.25-linux-x86_64-opt/bin/mysqld --no-defaults --core'.
      Program terminated with signal SIGSEGV, Segmentation fault.
      #0  do_lookup_x (
          undef_name=undef_name@entry=0x146b6c0100d8 "spider_direct_sql", 
          new_hash=new_hash@entry=1553090389, 
          old_hash=old_hash@entry=0x146bc00ade60, ref=0x0, 
          result=result@entry=0x146bc00ade70, scope=<optimized out>, i=0, 
          version=0x0, flags=2, skip=<optimized out>, type_class=0, 
          undef_map=0x146b6c049aa0) at dl-lookup.c:390
      [Current thread is 1 (Thread 0x146bc00b1700 (LWP 116583))]
      (gdb) bt
      #0  do_lookup_x (undef_name=undef_name@entry=0x146b6c0100d8 "spider_direct_sql", new_hash=new_hash@entry=1553090389, old_hash=old_hash@entry=0x146bc00ade60, ref=0x0, result=result@entry=0x146bc00ade70, scope=<optimized out>, i=0, version=0x0, flags=2, skip=<optimized out>, type_class=0, undef_map=0x146b6c049aa0) at dl-lookup.c:390
      #1  0x0000146bd53731f1 in _dl_lookup_symbol_x (undef_name=0x146b6c0100d8 "spider_direct_sql", undef_map=0x146b6c049aa0, ref=0x146bc00adf18, symbol_scope=0x146b6c049e38, version=0x0, type_class=0, flags=2, skip_map=0x0) at dl-lookup.c:861
      #2  0x0000146bd4e78373 in do_sym (flags=<optimized out>, vers=0x0, who=0x558e13e8df3f <init_syms(udf_func*, char*)+31>, name=0x146b6c0100d8 "spider_direct_sql", handle=<optimized out>) at dl-sym.c:165
      #3  _dl_sym (handle=<optimized out>, name=0x146b6c0100d8 "spider_direct_sql", who=0x558e13e8df3f <init_syms(udf_func*, char*)+31>) at dl-sym.c:274
      #4  0x0000146bd523e4a8 in dlsym_doit (a=a@entry=0x146bc00ae160) at dlsym.c:50
      #5  0x0000146bd4e78928 in __GI__dl_catch_exception (exception=exception@entry=0x146bc00ae0f0, operate=operate@entry=0x146bd523e490 <dlsym_doit>, args=args@entry=0x146bc00ae160) at dl-error-skeleton.c:208
      #6  0x0000146bd4e789f3 in __GI__dl_catch_error (objname=objname@entry=0x146b6c049a80, errstring=errstring@entry=0x146b6c049a88, mallocedp=mallocedp@entry=0x146b6c049a78, operate=operate@entry=0x146bd523e490 <dlsym_doit>, args=args@entry=0x146bc00ae160) at dl-error-skeleton.c:227
      #7  0x0000146bd523eb59 in _dlerror_run (operate=operate@entry=0x146bd523e490 <dlsym_doit>, args=args@entry=0x146bc00ae160) at dlerror.c:170
      #8  0x0000146bd523e525 in __dlsym (handle=<optimized out>, name=0x146b6c0100d8 "spider_direct_sql") at dlsym.c:70
      #9  0x0000558e13e8df3f in init_syms (tmp=0x146b6c005c38, nm=0x146bc00ae230 "\360\342\n\300k\024") at /test/10.4_opt/sql/sql_udf.cc:68
      #10 0x0000558e13e8f3da in mysql_create_function (thd=thd@entry=0x146b6c000c48, udf=udf@entry=0x146b6c005c38) at /test/10.4_opt/sql/sql_udf.cc:590
      #11 0x0000558e13ddbc52 in mysql_execute_command (thd=0x146b6c000c48) at /test/10.4_opt/sql/sql_parse.cc:5289
      #12 0x0000558e13de2257 in mysql_parse (thd=0x146b6c000c48, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /test/10.4_opt/sql/sql_parse.cc:7995
      #13 0x0000558e13de48cd in dispatch_command (command=COM_QUERY, thd=0x146b6c000c48, packet=<optimized out>, packet_length=<optimized out>, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /test/10.4_opt/sql/sql_class.h:1201
      #14 0x0000558e13de6f3e in do_command (thd=0x146b6c000c48) at /test/10.4_opt/sql/sql_parse.cc:1373
      #15 0x0000558e13edcd3e in do_handle_one_connection (connect=connect@entry=0x558e17dec0b8) at /test/10.4_opt/sql/sql_connect.cc:1420
      #16 0x0000558e13edce6f in handle_one_connection (arg=0x558e17dec0b8) at /test/10.4_opt/sql/sql_connect.cc:1316
      #17 0x0000146bd524b609 in start_thread (arg=<optimized out>) at pthread_create.c:477
      #18 0x0000146bd4e37133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
      

      Bug confirmed present in:
      MariaDB: 10.2.44 (dbg), 10.2.44 (opt), 10.3.35 (dbg), 10.3.35 (opt), 10.4.25 (dbg), 10.4.25 (opt), 10.5.16 (dbg), 10.5.16 (opt), 10.6.8 (dbg), 10.6.8 (opt), 10.7.4 (dbg), 10.7.4 (opt), 10.8.3 (dbg), 10.8.3 (opt), 10.9.0 (dbg), 10.9.0 (opt)

      Bug (or feature/syntax) confirmed not present in:
      MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.37 (dbg), 5.7.37 (opt), 8.0.28 (dbg), 8.0.28 (opt)

      Attachments

        Issue Links

          Activity

            Roel Roel Van de Paar added a comment - - edited

            UniqueID's/stack's seen so far

            SIGSEGV|_dl_lookup_symbol_x|do_sym|_dl_sym|dlsym_doit   # 10.5-10.6 (opt only) and 10.7+ (dbg+opt)
            SIGSEGV|do_lookup_x|_dl_lookup_symbol_x|do_sym|_dl_sym  # 10.2-10.4 (dbg+opt)  and 10.5-10.6 (debug only) 
            

            The 10.5 and 10.6 versions are interesting as they produce different SIGSEGV locations between optimized and debug, as described above.

            Roel Roel Van de Paar added a comment - - edited UniqueID's/stack's seen so far SIGSEGV|_dl_lookup_symbol_x|do_sym|_dl_sym|dlsym_doit # 10.5-10.6 (opt only) and 10.7+ (dbg+opt) SIGSEGV|do_lookup_x|_dl_lookup_symbol_x|do_sym|_dl_sym # 10.2-10.4 (dbg+opt) and 10.5-10.6 (debug only) The 10.5 and 10.6 versions are interesting as they produce different SIGSEGV locations between optimized and debug, as described above.

            People

              ycp Yuchen Pei
              Roel Roel Van de Paar
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.