Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-28625

Spider: SIGSEGV in _dl_lookup_symbol_x or SIGSEGV in do_lookup_x on CREATE FUNCTION

    XMLWordPrintable

Details

    Description

      CREATE TABLE t (c INT) ENGINE=InnoDB;
      		 
      LOCK TABLE t READ;
      		 
      SELECT * FROM t;
      		 
      CREATE FUNCTION spider_bg_direct_sql RETURNS INT SONAME 'ha_spider.so';
      		 
      LOCK TABLES nonexisting READ;
      		 
      CREATE FUNCTION spider_direct_sql RETURNS INT SONAME 'ha_spider.so';

      Leads to:

      10.9.0 0b14dbd45b5a1c02616d611876158d44b92b77bf (Debug)

      		 
      Core was generated by `/test/MD030522-mariadb-10.9.0-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
      		 
      Program terminated with signal SIGSEGV, Segmentation fault.
      		 
      #0  0x0000152bd317237f in _dl_lookup_symbol_x (
      		 
          undef_name=0x152b84013cd8 "spider_direct_sql", undef_map=0x152b8406e9a0, 
          ref=0x152bba1c3328, symbol_scope=0x152b8406ed38, version=0x0, 
          type_class=0, flags=2, skip_map=0x0) at dl-lookup.c:873
      		 
      [Current thread is 1 (Thread 0x152bba1c5700 (LWP 116818))]
      		 
      (gdb) bt
      		 
      #0  0x0000152bd317237f in _dl_lookup_symbol_x (undef_name=0x152b84013cd8 "spider_direct_sql", undef_map=0x152b8406e9a0, ref=0x152bba1c3328, symbol_scope=0x152b8406ed38, version=0x0, type_class=0, flags=2, skip_map=0x0) at dl-lookup.c:873
      		 
      #1  0x0000152bd2c75373 in do_sym (flags=<optimized out>, vers=0x0, who=0x562b2079c960 <init_syms(udf_func*, char*)+31>, name=0x152b84013cd8 "spider_direct_sql", handle=<optimized out>) at dl-sym.c:165
      		 
      #2  _dl_sym (handle=<optimized out>, name=0x152b84013cd8 "spider_direct_sql", who=0x562b2079c960 <init_syms(udf_func*, char*)+31>) at dl-sym.c:274
      		 
      #3  0x0000152bd303b4a8 in dlsym_doit (a=a@entry=0x152bba1c3570) at dlsym.c:50
      		 
      #4  0x0000152bd2c75928 in __GI__dl_catch_exception (exception=exception@entry=0x152bba1c3500, operate=operate@entry=0x152bd303b490 <dlsym_doit>, args=args@entry=0x152bba1c3570) at dl-error-skeleton.c:208
      		 
      #5  0x0000152bd2c759f3 in __GI__dl_catch_error (objname=objname@entry=0x152b8401eeb0, errstring=errstring@entry=0x152b8401eeb8, mallocedp=mallocedp@entry=0x152b8401eea8, operate=operate@entry=0x152bd303b490 <dlsym_doit>, args=args@entry=0x152bba1c3570) at dl-error-skeleton.c:227
      		 
      #6  0x0000152bd303bb59 in _dlerror_run (operate=operate@entry=0x152bd303b490 <dlsym_doit>, args=args@entry=0x152bba1c3570) at dlerror.c:170
      		 
      #7  0x0000152bd303b525 in __dlsym (handle=<optimized out>, name=0x152b84013cd8 "spider_direct_sql") at dlsym.c:70
      		 
      #8  0x0000562b2079c960 in init_syms (tmp=tmp@entry=0x152b84006218, nm=nm@entry=0x152bba1c3600 "\240\260\257!+V") at /test/10.9_dbg/sql/sql_udf.cc:68
      		 
      #9  0x0000562b2079de71 in mysql_create_function (thd=thd@entry=0x152b84000db8, udf=udf@entry=0x152b84006218) at /test/10.9_dbg/sql/sql_udf.cc:601
      		 
      #10 0x0000562b206b5218 in mysql_execute_command (thd=thd@entry=0x152b84000db8, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.9_dbg/sql/sql_parse.cc:5317
      		 
      #11 0x0000562b2069f67b in mysql_parse (thd=thd@entry=0x152b84000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x152bba1c4470) at /test/10.9_dbg/sql/sql_parse.cc:8046
      		 
      #12 0x0000562b206acf79 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x152b84000db8, packet=packet@entry=0x152b8400b699 "CREATE FUNCTION spider_direct_sql RETURNS INT SONAME 'ha_spider.so'", packet_length=packet_length@entry=67, blocking=blocking@entry=true) at /test/10.9_dbg/sql/sql_class.h:1364
      		 
      #13 0x0000562b206af686 in do_command (thd=0x152b84000db8, blocking=blocking@entry=true) at /test/10.9_dbg/sql/sql_parse.cc:1408
      		 
      #14 0x0000562b2080cd02 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x562b229d9838, put_in_cache=put_in_cache@entry=true) at /test/10.9_dbg/sql/sql_connect.cc:1418
      		 
      #15 0x0000562b2080d20b in handle_one_connection (arg=0x562b229d9838) at /test/10.9_dbg/sql/sql_connect.cc:1312
      		 
      #16 0x0000152bd3048609 in start_thread (arg=<optimized out>) at pthread_create.c:477
      		 
      #17 0x0000152bd2c34133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

      10.4.25 9c6135e81f29b3e3286d6b864c0fdafc2fea16ce (Optimized)

      		 
      Core was generated by `/test/MD160322-mariadb-10.4.25-linux-x86_64-opt/bin/mysqld --no-defaults --core'.
      		 
      Program terminated with signal SIGSEGV, Segmentation fault.
      		 
      #0  do_lookup_x (
      		 
          undef_name=undef_name@entry=0x146b6c0100d8 "spider_direct_sql", 
          new_hash=new_hash@entry=1553090389, 
          old_hash=old_hash@entry=0x146bc00ade60, ref=0x0, 
          result=result@entry=0x146bc00ade70, scope=<optimized out>, i=0, 
          version=0x0, flags=2, skip=<optimized out>, type_class=0, 
          undef_map=0x146b6c049aa0) at dl-lookup.c:390
      		 
      [Current thread is 1 (Thread 0x146bc00b1700 (LWP 116583))]
      		 
      (gdb) bt
      		 
      #0  do_lookup_x (undef_name=undef_name@entry=0x146b6c0100d8 "spider_direct_sql", new_hash=new_hash@entry=1553090389, old_hash=old_hash@entry=0x146bc00ade60, ref=0x0, result=result@entry=0x146bc00ade70, scope=<optimized out>, i=0, version=0x0, flags=2, skip=<optimized out>, type_class=0, undef_map=0x146b6c049aa0) at dl-lookup.c:390
      		 
      #1  0x0000146bd53731f1 in _dl_lookup_symbol_x (undef_name=0x146b6c0100d8 "spider_direct_sql", undef_map=0x146b6c049aa0, ref=0x146bc00adf18, symbol_scope=0x146b6c049e38, version=0x0, type_class=0, flags=2, skip_map=0x0) at dl-lookup.c:861
      		 
      #2  0x0000146bd4e78373 in do_sym (flags=<optimized out>, vers=0x0, who=0x558e13e8df3f <init_syms(udf_func*, char*)+31>, name=0x146b6c0100d8 "spider_direct_sql", handle=<optimized out>) at dl-sym.c:165
      		 
      #3  _dl_sym (handle=<optimized out>, name=0x146b6c0100d8 "spider_direct_sql", who=0x558e13e8df3f <init_syms(udf_func*, char*)+31>) at dl-sym.c:274
      		 
      #4  0x0000146bd523e4a8 in dlsym_doit (a=a@entry=0x146bc00ae160) at dlsym.c:50
      		 
      #5  0x0000146bd4e78928 in __GI__dl_catch_exception (exception=exception@entry=0x146bc00ae0f0, operate=operate@entry=0x146bd523e490 <dlsym_doit>, args=args@entry=0x146bc00ae160) at dl-error-skeleton.c:208
      		 
      #6  0x0000146bd4e789f3 in __GI__dl_catch_error (objname=objname@entry=0x146b6c049a80, errstring=errstring@entry=0x146b6c049a88, mallocedp=mallocedp@entry=0x146b6c049a78, operate=operate@entry=0x146bd523e490 <dlsym_doit>, args=args@entry=0x146bc00ae160) at dl-error-skeleton.c:227
      		 
      #7  0x0000146bd523eb59 in _dlerror_run (operate=operate@entry=0x146bd523e490 <dlsym_doit>, args=args@entry=0x146bc00ae160) at dlerror.c:170
      		 
      #8  0x0000146bd523e525 in __dlsym (handle=<optimized out>, name=0x146b6c0100d8 "spider_direct_sql") at dlsym.c:70
      		 
      #9  0x0000558e13e8df3f in init_syms (tmp=0x146b6c005c38, nm=0x146bc00ae230 "\360\342\n\300k\024") at /test/10.4_opt/sql/sql_udf.cc:68
      		 
      #10 0x0000558e13e8f3da in mysql_create_function (thd=thd@entry=0x146b6c000c48, udf=udf@entry=0x146b6c005c38) at /test/10.4_opt/sql/sql_udf.cc:590
      		 
      #11 0x0000558e13ddbc52 in mysql_execute_command (thd=0x146b6c000c48) at /test/10.4_opt/sql/sql_parse.cc:5289
      		 
      #12 0x0000558e13de2257 in mysql_parse (thd=0x146b6c000c48, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /test/10.4_opt/sql/sql_parse.cc:7995
      		 
      #13 0x0000558e13de48cd in dispatch_command (command=COM_QUERY, thd=0x146b6c000c48, packet=<optimized out>, packet_length=<optimized out>, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /test/10.4_opt/sql/sql_class.h:1201
      		 
      #14 0x0000558e13de6f3e in do_command (thd=0x146b6c000c48) at /test/10.4_opt/sql/sql_parse.cc:1373
      		 
      #15 0x0000558e13edcd3e in do_handle_one_connection (connect=connect@entry=0x558e17dec0b8) at /test/10.4_opt/sql/sql_connect.cc:1420
      		 
      #16 0x0000558e13edce6f in handle_one_connection (arg=0x558e17dec0b8) at /test/10.4_opt/sql/sql_connect.cc:1316
      		 
      #17 0x0000146bd524b609 in start_thread (arg=<optimized out>) at pthread_create.c:477
      		 
      #18 0x0000146bd4e37133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

      Bug confirmed present in:
      MariaDB: 10.2.44 (dbg), 10.2.44 (opt), 10.3.35 (dbg), 10.3.35 (opt), 10.4.25 (dbg), 10.4.25 (opt), 10.5.16 (dbg), 10.5.16 (opt), 10.6.8 (dbg), 10.6.8 (opt), 10.7.4 (dbg), 10.7.4 (opt), 10.8.3 (dbg), 10.8.3 (opt), 10.9.0 (dbg), 10.9.0 (opt)

      Bug (or feature/syntax) confirmed not present in:
      MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.37 (dbg), 5.7.37 (opt), 8.0.28 (dbg), 8.0.28 (opt)

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-29352 SIGSEGV's in strlen and unknown location on optimized builds at SHUTDOWN

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            People

              ycp Yuchen Pei
              Roel Roel Van de Paar
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.