Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-30727

SIGSEGV's in spider_direct_sql_init_body, spider_direct_sql_body, my_hash_insert, thd_ha_data, thd_get_ha_data and safe_mutex_lock, heap-use-after-free in spider_direct_sql_body

Details

    Description

      CREATE FUNCTION spider_direct_sql RETURNS INT SONAME 'ha_spider.so';
      		 
      SELECT spider_direct_sql ('SELECT * FROM s','a','srv "b"');

      Leads to:

      11.0.1 f2dc4d4c10ac36a73b5c1eb765352d3aee808d66 (Debug)

      		 
      Core was generated by `/test/MD180223-mariadb-11.0.1-linux-x86_64-dbg/bin/mariadbd --no-defaults --cor'.
      		 
      Program terminated with signal SIGSEGV, Segmentation fault.
      		 
      #0  0x000015255cb023be in spider_direct_sql_body (initid=0x152510013a68, 
          args=0x152510013a28, is_null=<optimized out>, error=0x152510013a98 "", 
          bg=bg@entry=0 '\000')
      		 
          at /test/11.0_dbg/storage/spider/spd_direct_sql.cc:1516
      		 
      1516	  if (!(direct_sql = (SPIDER_DIRECT_SQL *)
      		 
      [Current thread is 1 (Thread 0x15255cbdd640 (LWP 2348034))]
      		 
      (gdb) bt
      		 
      #0  0x000015255cb023be in spider_direct_sql_body (initid=0x152510013a68, args=0x152510013a28, is_null=<optimized out>, error=0x152510013a98 "", bg=bg@entry=0 '\000') at /test/11.0_dbg/storage/spider/spd_direct_sql.cc:1516
      		 
      #1  0x000015255cb02dbd in spider_direct_sql (initid=<optimized out>, args=<optimized out>, is_null=<optimized out>, error=<optimized out>) at /test/11.0_dbg/storage/spider/spd_udf.cc:29
      		 
      #2  0x000055c3720494d7 in udf_handler::val_int (null_value=<synthetic pointer>, this=0x152510013a18) at /test/11.0_dbg/sql/sql_udf.h:108
      		 
      #3  Item_func_udf_int::val_int (this=0x152510013968) at /test/11.0_dbg/sql/item_func.cc:3818
      		 
      #4  0x000055c371ef1013 in Type_handler::Item_send_longlong (this=<optimized out>, item=0x152510013968, protocol=0x152510001368, buf=<optimized out>) at /test/11.0_dbg/sql/sql_type.cc:7496
      		 
      #5  0x000055c371ef7889 in Type_handler_longlong::Item_send (this=<optimized out>, item=<optimized out>, protocol=<optimized out>, buf=<optimized out>) at /test/11.0_dbg/sql/sql_type.h:5765
      		 
      #6  0x000055c371bcf5dc in Item::send (this=0x152510013968, protocol=0x152510001368, buffer=0x15255cbdaff0) at /test/11.0_dbg/sql/item.h:1235
      		 
      #7  0x000055c371c050f9 in Protocol::send_result_set_row (this=this@entry=0x152510001368, row_items=row_items@entry=0x1525100134d0) at /test/11.0_dbg/sql/protocol.cc:1332
      		 
      #8  0x000055c371c876d1 in select_send::send_data (this=0x152510014460, items=@0x1525100134d0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x152510013ae0, last = 0x152510013ae0, elements = 1}, <No data fields>}) at /test/11.0_dbg/sql/sql_class.cc:3102
      		 
      #9  0x000055c371d76d15 in select_result_sink::send_data_with_check (sent=0, u=<optimized out>, items=<optimized out>, this=<optimized out>) at /test/11.0_dbg/sql/sql_class.h:5748
      		 
      #10 JOIN::exec_inner (this=this@entry=0x152510014488) at /test/11.0_dbg/sql/sql_select.cc:4754
      		 
      #11 0x000055c371d77be0 in JOIN::exec (this=this@entry=0x152510014488) at /test/11.0_dbg/sql/sql_select.cc:4666
      		 
      #12 0x000055c371d75b18 in mysql_select (thd=thd@entry=0x152510000d58, tables=0x0, fields=@0x1525100134d0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x152510013ae0, last = 0x152510013ae0, elements = 1}, <No data fields>}, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2164525824, result=0x152510014460, unit=0x152510004fa0, select_lex=0x152510013218) at /test/11.0_dbg/sql/sql_select.cc:5146
      		 
      #13 0x000055c371d7628b in handle_select (thd=thd@entry=0x152510000d58, lex=lex@entry=0x152510004ec8, result=result@entry=0x152510014460, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/11.0_dbg/sql/sql_select.cc:608
      		 
      #14 0x000055c371cdbe8d in execute_sqlcom_select (thd=thd@entry=0x152510000d58, all_tables=0x0) at /test/11.0_dbg/sql/sql_parse.cc:6267
      		 
      #15 0x000055c371ce74af in mysql_execute_command (thd=thd@entry=0x152510000d58, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/11.0_dbg/sql/sql_parse.cc:3949
      		 
      #16 0x000055c371cee7cf in mysql_parse (thd=thd@entry=0x152510000d58, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x15255cbdc2c0) at /test/11.0_dbg/sql/sql_parse.cc:8002
      		 
      #17 0x000055c371cf0963 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x152510000d58, packet=packet@entry=0x15251000ae19 "", packet_length=packet_length@entry=58, blocking=blocking@entry=true) at /test/11.0_dbg/sql/sql_class.h:242
      		 
      #18 0x000055c371cf27bc in do_command (thd=0x152510000d58, blocking=blocking@entry=true) at /test/11.0_dbg/sql/sql_parse.cc:1407
      		 
      #19 0x000055c371e436e2 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55c3750d6b98, put_in_cache=put_in_cache@entry=true) at /test/11.0_dbg/sql/sql_connect.cc:1416
      		 
      #20 0x000055c371e43941 in handle_one_connection (arg=0x55c3750d6b98) at /test/11.0_dbg/sql/sql_connect.cc:1318
      		 
      #21 0x00001525760a3b43 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
      		 
      #22 0x0000152576135a00 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

      10.11.2 483ddb5684ad7e5b0ffd19d4b0cb81de56d776f8 (Debug)

      		 
      Core was generated by `/test/MD110223-mariadb-10.11.2-linux-x86_64-dbg/bin/mariadbd --no-defaults --co'.
      		 
      Program terminated with signal SIGSEGV, Segmentation fault.
      		 
      #0  0x000015104f0205f3 in spider_direct_sql_body (initid=0x15102c013a38, 
          args=0x15102c0139f8, is_null=<optimized out>, error=0x15102c013a68 "", 
          bg=bg@entry=0 '\000')
      		 
          at /test/10.11_dbg/storage/spider/spd_direct_sql.cc:1518
      		 
      [Current thread is 1 (Thread 0x15104f0fc640 (LWP 2347983))]
      		 
      (gdb) bt
      		 
      #0  0x000015104f0205f3 in spider_direct_sql_body (initid=0x15102c013a38, args=0x15102c0139f8, is_null=<optimized out>, error=0x15102c013a68 "", bg=bg@entry=0 '\000') at /test/10.11_dbg/storage/spider/spd_direct_sql.cc:1518
      		 
      #1  0x000015104f020ff2 in spider_direct_sql (initid=<optimized out>, args=<optimized out>, is_null=<optimized out>, error=<optimized out>) at /test/10.11_dbg/storage/spider/spd_udf.cc:29
      		 
      #2  0x0000558917c18b07 in udf_handler::val_int (null_value=<synthetic pointer>, this=0x15102c0139e8) at /test/10.11_dbg/sql/sql_udf.h:108
      		 
      #3  Item_func_udf_int::val_int (this=0x15102c013940) at /test/10.11_dbg/sql/item_func.cc:3818
      		 
      #4  0x0000558917ac1e3f in Type_handler::Item_send_longlong (this=<optimized out>, item=0x15102c013940, protocol=0x15102c001368, buf=<optimized out>) at /test/10.11_dbg/sql/sql_type.cc:7496
      		 
      #5  0x0000558917ac8649 in Type_handler_longlong::Item_send (this=<optimized out>, item=<optimized out>, protocol=<optimized out>, buf=<optimized out>) at /test/10.11_dbg/sql/sql_type.h:5769
      		 
      #6  0x00005589177a937c in Item::send (this=0x15102c013940, protocol=0x15102c001368, buffer=0x15104f0f9ff0) at /test/10.11_dbg/sql/item.h:1235
      		 
      #7  0x00005589177dd7bb in Protocol::send_result_set_row (this=this@entry=0x15102c001368, row_items=row_items@entry=0x15102c0134c0) at /test/10.11_dbg/sql/protocol.cc:1332
      		 
      #8  0x0000558917860685 in select_send::send_data (this=0x15102c014428, items=@0x15102c0134c0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x15102c013ab0, last = 0x15102c013ab0, elements = 1}, <No data fields>}) at /test/10.11_dbg/sql/sql_class.cc:3103
      		 
      #9  0x000055891794a92f in select_result_sink::send_data_with_check (sent=0, u=<optimized out>, items=<optimized out>, this=<optimized out>) at /test/10.11_dbg/sql/sql_class.h:5746
      		 
      #10 JOIN::exec_inner (this=this@entry=0x15102c014450) at /test/10.11_dbg/sql/sql_select.cc:4699
      		 
      #11 0x000055891794b7c8 in JOIN::exec (this=this@entry=0x15102c014450) at /test/10.11_dbg/sql/sql_select.cc:4611
      		 
      #12 0x0000558917949731 in mysql_select (thd=thd@entry=0x15102c000d58, tables=0x0, fields=@0x15102c0134c0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x15102c013ab0, last = 0x15102c013ab0, elements = 1}, <No data fields>}, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2164525824, result=0x15102c014428, unit=0x15102c004f98, select_lex=0x15102c013208) at /test/10.11_dbg/sql/sql_select.cc:5091
      		 
      #13 0x0000558917949ea4 in handle_select (thd=thd@entry=0x15102c000d58, lex=lex@entry=0x15102c004ec0, result=result@entry=0x15102c014428, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.11_dbg/sql/sql_select.cc:581
      		 
      #14 0x00005589178b4b69 in execute_sqlcom_select (thd=thd@entry=0x15102c000d58, all_tables=0x0) at /test/10.11_dbg/sql/sql_parse.cc:6267
      		 
      #15 0x00005589178c016a in mysql_execute_command (thd=thd@entry=0x15102c000d58, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.11_dbg/sql/sql_parse.cc:3949
      		 
      #16 0x00005589178c7484 in mysql_parse (thd=thd@entry=0x15102c000d58, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x15104f0fb2c0) at /test/10.11_dbg/sql/sql_parse.cc:8002
      		 
      #17 0x00005589178c9618 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x15102c000d58, packet=packet@entry=0x15102c00ae09 "", packet_length=packet_length@entry=58, blocking=blocking@entry=true) at /test/10.11_dbg/sql/sql_class.h:243
      		 
      #18 0x00005589178cb471 in do_command (thd=0x15102c000d58, blocking=blocking@entry=true) at /test/10.11_dbg/sql/sql_parse.cc:1407
      		 
      #19 0x0000558917a1653a in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55891aaedb98, put_in_cache=put_in_cache@entry=true) at /test/10.11_dbg/sql/sql_connect.cc:1416
      		 
      #20 0x0000558917a16799 in handle_one_connection (arg=0x55891aaedb98) at /test/10.11_dbg/sql/sql_connect.cc:1318
      		 
      #21 0x000015107f7f6b43 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
      		 
      #22 0x000015107f888a00 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

      The SIGSEGV's in thd_ha_data only shows in 10.3:

      10.3.38 2743a510a156456fe57429032bf41c0da0f11198 (Optimized)

      		 
      Core was generated by `/test/MD110223-mariadb-10.3.38-linux-x86_64-opt/bin/mysqld --no-defaults --core'.
      		 
      Program terminated with signal SIGSEGV, Segmentation fault.
      		 
      #0  thd_ha_data (thd=0x14c3ec000c58, hton=0x0)
      		 
          at /test/10.3_opt/sql/sql_class.cc:423
      		 
      [Current thread is 1 (Thread 0x14c4440cf640 (LWP 2348216))]
      		 
      (gdb) bt
      		 
      #0  thd_ha_data (thd=0x14c3ec000c58, hton=0x0) at /test/10.3_opt/sql/sql_class.cc:423
      		 
      #1  0x00005595be7d166d in thd_get_ha_data (thd=<optimized out>, hton=<optimized out>) at /test/10.3_opt/sql/sql_class.cc:438
      		 
      #2  0x000014c4218debb9 in spider_direct_sql_body (initid=0x14c3ec00f9d8, args=0x14c3ec00f998, is_null=<optimized out>, error=0x14c3ec00fa08 "", bg=<optimized out>) at /test/10.3_opt/storage/spider/spd_direct_sql.cc:1604
      		 
      #3  0x00005595bea795de in udf_handler::val_int (null_value=<synthetic pointer>, this=<optimized out>) at /test/10.3_opt/sql/sql_udf.h:107
      		 
      #4  udf_handler::val_int (null_value=<synthetic pointer>, this=0x14c3ec00f988) at /test/10.3_opt/sql/sql_udf.h:98
      		 
      #5  Item_func_udf_int::val_int (this=0x14c3ec00f8c8) at /test/10.3_opt/sql/item_func.cc:3608
      		 
      #6  0x00005595be95fb3d in Type_handler::Item_send_longlong (this=<optimized out>, item=0x14c3ec00f8c8, protocol=0x14c3ec0011b0, buf=<optimized out>) at /test/10.3_opt/sql/sql_type.cc:5454
      		 
      #7  0x00005595be769fbe in Protocol::send_result_set_row (this=this@entry=0x14c3ec0011b0, row_items=row_items@entry=0x14c3ec0050b8) at /test/10.3_opt/sql/protocol.cc:1000
      		 
      #8  0x00005595be7d8da7 in select_send::send_data (this=0x14c3ec00fb90, items=@0x14c3ec0050b8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14c3ec00fa50, last = 0x14c3ec00fa50, elements = 1}, <No data fields>}) at /test/10.3_opt/sql/sql_class.cc:3049
      		 
      #9  0x00005595be87cc22 in JOIN::exec_inner (this=this@entry=0x14c3ec00fbb8) at /test/10.3_opt/sql/sql_select.cc:4065
      		 
      #10 0x00005595be87d2b6 in JOIN::exec (this=this@entry=0x14c3ec00fbb8) at /test/10.3_opt/sql/sql_select.cc:3984
      		 
      #11 0x00005595be87d446 in mysql_select (thd=0x14c3ec000c58, tables=<optimized out>, wild_num=0, fields=<optimized out>, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x14c3ec00fb90, unit=0x14c3ec0047b8, select_lex=0x14c3ec004f78) at /test/10.3_opt/sql/sql_select.cc:4393
      		 
      #12 0x00005595be87dd43 in handle_select (thd=thd@entry=0x14c3ec000c58, lex=lex@entry=0x14c3ec0046f8, result=result@entry=0x14c3ec00fb90, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.3_opt/sql/sql_select.cc:372
      		 
      #13 0x00005595be811d9d in execute_sqlcom_select (thd=0x14c3ec000c58, all_tables=0x0) at /test/10.3_opt/sql/sql_parse.cc:6340
      		 
      #14 0x00005595be81f7cd in mysql_execute_command (thd=<optimized out>) at /test/10.3_opt/sql/sql_parse.cc:3871
      		 
      #15 0x00005595be8221a2 in mysql_parse (thd=0x14c3ec000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /test/10.3_opt/sql/sql_parse.cc:7855
      		 
      #16 0x00005595be8239e5 in dispatch_command (command=COM_QUERY, thd=0x14c3ec000c58, packet=<optimized out>, packet_length=<optimized out>, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /test/10.3_opt/sql/sql_parse.cc:1941
      		 
      #17 0x00005595be825bae in do_command (thd=0x14c3ec000c58) at /test/10.3_opt/sql/sql_parse.cc:1398
      		 
      #18 0x00005595be90867e in do_handle_one_connection (connect=<optimized out>) at /test/10.3_opt/sql/sql_connect.cc:1404
      		 
      #19 0x00005595be9086fd in handle_one_connection (arg=<optimized out>) at /test/10.3_opt/sql/sql_connect.cc:1309
      		 
      #20 0x000014c44813eb43 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
      		 
      #21 0x000014c4481d0a00 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

      10.3.38 2743a510a156456fe57429032bf41c0da0f11198 (Debug)

      		 
      Core was generated by `/test/MD110223-mariadb-10.3.38-linux-x86_64-dbg/bin/mysqld --no-defaults --core'.
      		 
      Program terminated with signal SIGSEGV, Segmentation fault.
      		 
      #0  thd_ha_data (thd=0x149fe4000d38, hton=0x0)
      		 
          at /test/10.3_dbg/sql/sql_class.cc:423
      		 
      [Current thread is 1 (Thread 0x14a0440ea640 (LWP 2348487))]
      		 
      (gdb) bt
      		 
      #0  thd_ha_data (thd=0x149fe4000d38, hton=0x0) at /test/10.3_dbg/sql/sql_class.cc:423
      		 
      #1  0x000055557392a26b in thd_get_ha_data (thd=<optimized out>, hton=<optimized out>) at /test/10.3_dbg/sql/sql_class.cc:438
      		 
      #2  0x000014a0219f5a1e in spider_direct_sql_body (initid=0x149fe4010e68, args=0x149fe4010e28, is_null=<optimized out>, error=0x149fe4010e98 "", bg=bg@entry=0 '\000') at /test/10.3_dbg/storage/spider/spd_direct_sql.cc:1604
      		 
      #3  0x000014a0219f63ab in spider_direct_sql (initid=<optimized out>, args=<optimized out>, is_null=<optimized out>, error=<optimized out>) at /test/10.3_dbg/storage/spider/spd_udf.cc:29
      		 
      #4  0x0000555573c511f7 in udf_handler::val_int (null_value=<synthetic pointer>, this=0x149fe4010e18) at /test/10.3_dbg/sql/sql_udf.h:107
      		 
      #5  Item_func_udf_int::val_int (this=0x149fe4010d58) at /test/10.3_dbg/sql/item_func.cc:3608
      		 
      #6  0x0000555573af9983 in Type_handler::Item_send_longlong (this=<optimized out>, item=0x149fe4010d58, protocol=0x149fe4001318, buf=<optimized out>) at /test/10.3_dbg/sql/sql_type.cc:5454
      		 
      #7  0x0000555573afd62d in Type_handler_longlong::Item_send (this=<optimized out>, item=<optimized out>, protocol=<optimized out>, buf=<optimized out>) at /test/10.3_dbg/sql/sql_type.h:2498
      		 
      #8  0x00005555738b7910 in Item::send (this=0x149fe4010d58, protocol=0x149fe4001318, buffer=0x14a0440e73a0) at /test/10.3_dbg/sql/item.h:886
      		 
      #9  0x00005555738b55d4 in Protocol::send_result_set_row (this=this@entry=0x149fe4001318, row_items=row_items@entry=0x149fe4005358) at /test/10.3_dbg/sql/protocol.cc:1000
      		 
      #10 0x000055557393308a in select_send::send_data (this=0x149fe4011020, items=@0x149fe4005358: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x149fe4010ee0, last = 0x149fe4010ee0, elements = 1}, <No data fields>}) at /test/10.3_dbg/sql/sql_class.cc:3049
      		 
      #11 0x00005555739e870c in JOIN::exec_inner (this=this@entry=0x149fe4011048) at /test/10.3_dbg/sql/sql_select.cc:4065
      		 
      #12 0x00005555739e9384 in JOIN::exec (this=this@entry=0x149fe4011048) at /test/10.3_dbg/sql/sql_select.cc:3984
      		 
      #13 0x00005555739e9576 in mysql_select (thd=thd@entry=0x149fe4000d38, tables=0x0, wild_num=0, fields=@0x149fe4005358: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x149fe4010ee0, last = 0x149fe4010ee0, elements = 1}, <No data fields>}, conds=0x0, og_num=<optimized out>, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x149fe4011020, unit=0x149fe4004a58, select_lex=0x149fe4005218) at /test/10.3_dbg/sql/sql_select.cc:4393
      		 
      #14 0x00005555739ea02b in handle_select (thd=thd@entry=0x149fe4000d38, lex=lex@entry=0x149fe4004998, result=result@entry=0x149fe4011020, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.3_dbg/sql/sql_select.cc:372
      		 
      #15 0x0000555573973fd7 in execute_sqlcom_select (thd=thd@entry=0x149fe4000d38, all_tables=0x0) at /test/10.3_dbg/sql/sql_parse.cc:6340
      		 
      #16 0x000055557397d9a1 in mysql_execute_command (thd=thd@entry=0x149fe4000d38) at /test/10.3_dbg/sql/sql_parse.cc:3871
      		 
      #17 0x0000555573986694 in mysql_parse (thd=thd@entry=0x149fe4000d38, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14a0440e9510, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.3_dbg/sql/sql_parse.cc:7855
      		 
      #18 0x0000555573988609 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x149fe4000d38, packet=packet@entry=0x149fe4018ae9 "", packet_length=packet_length@entry=58, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.3_dbg/sql/sql_class.h:200
      		 
      #19 0x000055557398a5cf in do_command (thd=0x149fe4000d38) at /test/10.3_dbg/sql/sql_parse.cc:1398
      		 
      #20 0x0000555573a8e01f in do_handle_one_connection (connect=<optimized out>) at /test/10.3_dbg/sql/sql_connect.cc:1404
      		 
      #21 0x0000555573a8e150 in handle_one_connection (arg=<optimized out>) at /test/10.3_dbg/sql/sql_connect.cc:1309
      		 
      #22 0x000014a0485a8b43 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
      		 
      #23 0x000014a04863aa00 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

      Bug confirmed present in:
      MariaDB: 10.3.38 (dbg), 10.3.38 (opt), 10.4.29 (dbg), 10.4.29 (opt), 10.5.20 (dbg), 10.5.20 (opt), 10.6.13 (dbg), 10.6.13 (opt), 10.7.8 (dbg), 10.7.8 (opt), 10.8.8 (dbg), 10.8.8 (opt), 10.9.6 (dbg), 10.9.6 (opt), 10.10.4 (dbg), 10.10.4 (opt), 10.11.2 (dbg), 10.11.2 (opt), 11.0.1 (dbg), 11.0.1 (opt)

      UniqueID/stacks summary:

      SIGSEGV|spider_direct_sql_body|spider_direct_sql|udf_handler::val_int|Item_func_udf_int::val_int
      		 
      SIGSEGV|spider_direct_sql_body|udf_handler::val_int|udf_handler::val_int|Item_func_udf_int::val_int
      		 
      SIGSEGV|thd_ha_data|thd_get_ha_data|spider_direct_sql_body|spider_direct_sql
      		 
      SIGSEGV|thd_ha_data|thd_get_ha_data|spider_direct_sql_body|udf_handler::val_int

      Attachments

        Issue Links

          causes

          Bug - A problem which impairs or prevents the functions of the product. MDEV-34036 spider/bugfix.mdev_30727 failing in ASAN builds

          • Major - Major loss of function.
          • Closed

          Activity

            Ascending order - Click to sort in descending order
            Roel Roel Van de Paar created issue -
            Roel Roel Van de Paar made changes -
            Field Original Value New Value
            Description {code:sql}
            CREATE FUNCTION spider_direct_sql RETURNS INT SONAME 'ha_spider.so';
            SELECT spider_direct_sql ('SELECT * FROM s','a','srv "b"');
            {code}

            Leads to:

            {noformat:title=11.0.1 f2dc4d4c10ac36a73b5c1eb765352d3aee808d66 (Debug)}
            Core was generated by `/test/MD180223-mariadb-11.0.1-linux-x86_64-dbg/bin/mariadbd --no-defaults --cor'.
            Program terminated with signal SIGSEGV, Segmentation fault.
            #0 0x000015255cb023be in spider_direct_sql_body (initid=0x152510013a68,
                args=0x152510013a28, is_null=<optimized out>, error=0x152510013a98 "",
                bg=bg@entry=0 '\000')
                at /test/11.0_dbg/storage/spider/spd_direct_sql.cc:1516
            1516 if (!(direct_sql = (SPIDER_DIRECT_SQL *)
            [Current thread is 1 (Thread 0x15255cbdd640 (LWP 2348034))]
            (gdb) bt
            #0 0x000015255cb023be in spider_direct_sql_body (initid=0x152510013a68, args=0x152510013a28, is_null=<optimized out>, error=0x152510013a98 "", bg=bg@entry=0 '\000') at /test/11.0_dbg/storage/spider/spd_direct_sql.cc:1516
            #1 0x000015255cb02dbd in spider_direct_sql (initid=<optimized out>, args=<optimized out>, is_null=<optimized out>, error=<optimized out>) at /test/11.0_dbg/storage/spider/spd_udf.cc:29
            #2 0x000055c3720494d7 in udf_handler::val_int (null_value=<synthetic pointer>, this=0x152510013a18) at /test/11.0_dbg/sql/sql_udf.h:108
            #3 Item_func_udf_int::val_int (this=0x152510013968) at /test/11.0_dbg/sql/item_func.cc:3818
            #4 0x000055c371ef1013 in Type_handler::Item_send_longlong (this=<optimized out>, item=0x152510013968, protocol=0x152510001368, buf=<optimized out>) at /test/11.0_dbg/sql/sql_type.cc:7496
            #5 0x000055c371ef7889 in Type_handler_longlong::Item_send (this=<optimized out>, item=<optimized out>, protocol=<optimized out>, buf=<optimized out>) at /test/11.0_dbg/sql/sql_type.h:5765
            #6 0x000055c371bcf5dc in Item::send (this=0x152510013968, protocol=0x152510001368, buffer=0x15255cbdaff0) at /test/11.0_dbg/sql/item.h:1235
            #7 0x000055c371c050f9 in Protocol::send_result_set_row (this=this@entry=0x152510001368, row_items=row_items@entry=0x1525100134d0) at /test/11.0_dbg/sql/protocol.cc:1332
            #8 0x000055c371c876d1 in select_send::send_data (this=0x152510014460, items=@0x1525100134d0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x152510013ae0, last = 0x152510013ae0, elements = 1}, <No data fields>}) at /test/11.0_dbg/sql/sql_class.cc:3102
            #9 0x000055c371d76d15 in select_result_sink::send_data_with_check (sent=0, u=<optimized out>, items=<optimized out>, this=<optimized out>) at /test/11.0_dbg/sql/sql_class.h:5748
            #10 JOIN::exec_inner (this=this@entry=0x152510014488) at /test/11.0_dbg/sql/sql_select.cc:4754
            #11 0x000055c371d77be0 in JOIN::exec (this=this@entry=0x152510014488) at /test/11.0_dbg/sql/sql_select.cc:4666
            #12 0x000055c371d75b18 in mysql_select (thd=thd@entry=0x152510000d58, tables=0x0, fields=@0x1525100134d0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x152510013ae0, last = 0x152510013ae0, elements = 1}, <No data fields>}, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2164525824, result=0x152510014460, unit=0x152510004fa0, select_lex=0x152510013218) at /test/11.0_dbg/sql/sql_select.cc:5146
            #13 0x000055c371d7628b in handle_select (thd=thd@entry=0x152510000d58, lex=lex@entry=0x152510004ec8, result=result@entry=0x152510014460, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/11.0_dbg/sql/sql_select.cc:608
            #14 0x000055c371cdbe8d in execute_sqlcom_select (thd=thd@entry=0x152510000d58, all_tables=0x0) at /test/11.0_dbg/sql/sql_parse.cc:6267
            #15 0x000055c371ce74af in mysql_execute_command (thd=thd@entry=0x152510000d58, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/11.0_dbg/sql/sql_parse.cc:3949
            #16 0x000055c371cee7cf in mysql_parse (thd=thd@entry=0x152510000d58, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x15255cbdc2c0) at /test/11.0_dbg/sql/sql_parse.cc:8002
            #17 0x000055c371cf0963 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x152510000d58, packet=packet@entry=0x15251000ae19 "", packet_length=packet_length@entry=58, blocking=blocking@entry=true) at /test/11.0_dbg/sql/sql_class.h:242
            #18 0x000055c371cf27bc in do_command (thd=0x152510000d58, blocking=blocking@entry=true) at /test/11.0_dbg/sql/sql_parse.cc:1407
            #19 0x000055c371e436e2 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55c3750d6b98, put_in_cache=put_in_cache@entry=true) at /test/11.0_dbg/sql/sql_connect.cc:1416
            #20 0x000055c371e43941 in handle_one_connection (arg=0x55c3750d6b98) at /test/11.0_dbg/sql/sql_connect.cc:1318
            #21 0x00001525760a3b43 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
            #22 0x0000152576135a00 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
            {noformat}

            Bug confirmed present in:
            MariaDB: 10.3.38 (dbg), 10.3.38 (opt), 10.4.29 (dbg), 10.4.29 (opt), 10.5.20 (dbg), 10.5.20 (opt), 10.6.13 (dbg), 10.6.13 (opt), 10.7.8 (dbg), 10.7.8 (opt), 10.8.8 (dbg), 10.8.8 (opt), 10.9.6 (dbg), 10.9.6 (opt), 10.10.4 (dbg), 10.10.4 (opt), 10.11.2 (dbg), 10.11.2 (opt), 11.0.1 (dbg), 11.0.1 (opt)

            Bug (or feature/syntax) confirmed not present in:
            MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.40 (dbg), 5.7.40 (opt), 8.0.31 (dbg), 8.0.31 (opt)             		{code:sql}
            CREATE FUNCTION spider_direct_sql RETURNS INT SONAME 'ha_spider.so';
            SELECT spider_direct_sql ('SELECT * FROM s','a','srv "b"');
            {code}

            Leads to:

            {noformat:title=11.0.1 f2dc4d4c10ac36a73b5c1eb765352d3aee808d66 (Debug)}
            Core was generated by `/test/MD180223-mariadb-11.0.1-linux-x86_64-dbg/bin/mariadbd --no-defaults --cor'.
            Program terminated with signal SIGSEGV, Segmentation fault.
            #0 0x000015255cb023be in spider_direct_sql_body (initid=0x152510013a68,
                args=0x152510013a28, is_null=<optimized out>, error=0x152510013a98 "",
                bg=bg@entry=0 '\000')
                at /test/11.0_dbg/storage/spider/spd_direct_sql.cc:1516
            1516 if (!(direct_sql = (SPIDER_DIRECT_SQL *)
            [Current thread is 1 (Thread 0x15255cbdd640 (LWP 2348034))]
            (gdb) bt
            #0 0x000015255cb023be in spider_direct_sql_body (initid=0x152510013a68, args=0x152510013a28, is_null=<optimized out>, error=0x152510013a98 "", bg=bg@entry=0 '\000') at /test/11.0_dbg/storage/spider/spd_direct_sql.cc:1516
            #1 0x000015255cb02dbd in spider_direct_sql (initid=<optimized out>, args=<optimized out>, is_null=<optimized out>, error=<optimized out>) at /test/11.0_dbg/storage/spider/spd_udf.cc:29
            #2 0x000055c3720494d7 in udf_handler::val_int (null_value=<synthetic pointer>, this=0x152510013a18) at /test/11.0_dbg/sql/sql_udf.h:108
            #3 Item_func_udf_int::val_int (this=0x152510013968) at /test/11.0_dbg/sql/item_func.cc:3818
            #4 0x000055c371ef1013 in Type_handler::Item_send_longlong (this=<optimized out>, item=0x152510013968, protocol=0x152510001368, buf=<optimized out>) at /test/11.0_dbg/sql/sql_type.cc:7496
            #5 0x000055c371ef7889 in Type_handler_longlong::Item_send (this=<optimized out>, item=<optimized out>, protocol=<optimized out>, buf=<optimized out>) at /test/11.0_dbg/sql/sql_type.h:5765
            #6 0x000055c371bcf5dc in Item::send (this=0x152510013968, protocol=0x152510001368, buffer=0x15255cbdaff0) at /test/11.0_dbg/sql/item.h:1235
            #7 0x000055c371c050f9 in Protocol::send_result_set_row (this=this@entry=0x152510001368, row_items=row_items@entry=0x1525100134d0) at /test/11.0_dbg/sql/protocol.cc:1332
            #8 0x000055c371c876d1 in select_send::send_data (this=0x152510014460, items=@0x1525100134d0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x152510013ae0, last = 0x152510013ae0, elements = 1}, <No data fields>}) at /test/11.0_dbg/sql/sql_class.cc:3102
            #9 0x000055c371d76d15 in select_result_sink::send_data_with_check (sent=0, u=<optimized out>, items=<optimized out>, this=<optimized out>) at /test/11.0_dbg/sql/sql_class.h:5748
            #10 JOIN::exec_inner (this=this@entry=0x152510014488) at /test/11.0_dbg/sql/sql_select.cc:4754
            #11 0x000055c371d77be0 in JOIN::exec (this=this@entry=0x152510014488) at /test/11.0_dbg/sql/sql_select.cc:4666
            #12 0x000055c371d75b18 in mysql_select (thd=thd@entry=0x152510000d58, tables=0x0, fields=@0x1525100134d0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x152510013ae0, last = 0x152510013ae0, elements = 1}, <No data fields>}, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2164525824, result=0x152510014460, unit=0x152510004fa0, select_lex=0x152510013218) at /test/11.0_dbg/sql/sql_select.cc:5146
            #13 0x000055c371d7628b in handle_select (thd=thd@entry=0x152510000d58, lex=lex@entry=0x152510004ec8, result=result@entry=0x152510014460, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/11.0_dbg/sql/sql_select.cc:608
            #14 0x000055c371cdbe8d in execute_sqlcom_select (thd=thd@entry=0x152510000d58, all_tables=0x0) at /test/11.0_dbg/sql/sql_parse.cc:6267
            #15 0x000055c371ce74af in mysql_execute_command (thd=thd@entry=0x152510000d58, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/11.0_dbg/sql/sql_parse.cc:3949
            #16 0x000055c371cee7cf in mysql_parse (thd=thd@entry=0x152510000d58, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x15255cbdc2c0) at /test/11.0_dbg/sql/sql_parse.cc:8002
            #17 0x000055c371cf0963 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x152510000d58, packet=packet@entry=0x15251000ae19 "", packet_length=packet_length@entry=58, blocking=blocking@entry=true) at /test/11.0_dbg/sql/sql_class.h:242
            #18 0x000055c371cf27bc in do_command (thd=0x152510000d58, blocking=blocking@entry=true) at /test/11.0_dbg/sql/sql_parse.cc:1407
            #19 0x000055c371e436e2 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55c3750d6b98, put_in_cache=put_in_cache@entry=true) at /test/11.0_dbg/sql/sql_connect.cc:1416
            #20 0x000055c371e43941 in handle_one_connection (arg=0x55c3750d6b98) at /test/11.0_dbg/sql/sql_connect.cc:1318
            #21 0x00001525760a3b43 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
            #22 0x0000152576135a00 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
            {noformat}
            {noformat:title=10.11.2 483ddb5684ad7e5b0ffd19d4b0cb81de56d776f8 (Debug)}
            Core was generated by `/test/MD110223-mariadb-10.11.2-linux-x86_64-dbg/bin/mariadbd --no-defaults --co'.
            Program terminated with signal SIGSEGV, Segmentation fault.
            #0 0x000015104f0205f3 in spider_direct_sql_body (initid=0x15102c013a38,
                args=0x15102c0139f8, is_null=<optimized out>, error=0x15102c013a68 "",
                bg=bg@entry=0 '\000')
                at /test/10.11_dbg/storage/spider/spd_direct_sql.cc:1518
            [Current thread is 1 (Thread 0x15104f0fc640 (LWP 2347983))]
            (gdb) bt
            #0 0x000015104f0205f3 in spider_direct_sql_body (initid=0x15102c013a38, args=0x15102c0139f8, is_null=<optimized out>, error=0x15102c013a68 "", bg=bg@entry=0 '\000') at /test/10.11_dbg/storage/spider/spd_direct_sql.cc:1518
            #1 0x000015104f020ff2 in spider_direct_sql (initid=<optimized out>, args=<optimized out>, is_null=<optimized out>, error=<optimized out>) at /test/10.11_dbg/storage/spider/spd_udf.cc:29
            #2 0x0000558917c18b07 in udf_handler::val_int (null_value=<synthetic pointer>, this=0x15102c0139e8) at /test/10.11_dbg/sql/sql_udf.h:108
            #3 Item_func_udf_int::val_int (this=0x15102c013940) at /test/10.11_dbg/sql/item_func.cc:3818
            #4 0x0000558917ac1e3f in Type_handler::Item_send_longlong (this=<optimized out>, item=0x15102c013940, protocol=0x15102c001368, buf=<optimized out>) at /test/10.11_dbg/sql/sql_type.cc:7496
            #5 0x0000558917ac8649 in Type_handler_longlong::Item_send (this=<optimized out>, item=<optimized out>, protocol=<optimized out>, buf=<optimized out>) at /test/10.11_dbg/sql/sql_type.h:5769
            #6 0x00005589177a937c in Item::send (this=0x15102c013940, protocol=0x15102c001368, buffer=0x15104f0f9ff0) at /test/10.11_dbg/sql/item.h:1235
            #7 0x00005589177dd7bb in Protocol::send_result_set_row (this=this@entry=0x15102c001368, row_items=row_items@entry=0x15102c0134c0) at /test/10.11_dbg/sql/protocol.cc:1332
            #8 0x0000558917860685 in select_send::send_data (this=0x15102c014428, items=@0x15102c0134c0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x15102c013ab0, last = 0x15102c013ab0, elements = 1}, <No data fields>}) at /test/10.11_dbg/sql/sql_class.cc:3103
            #9 0x000055891794a92f in select_result_sink::send_data_with_check (sent=0, u=<optimized out>, items=<optimized out>, this=<optimized out>) at /test/10.11_dbg/sql/sql_class.h:5746
            #10 JOIN::exec_inner (this=this@entry=0x15102c014450) at /test/10.11_dbg/sql/sql_select.cc:4699
            #11 0x000055891794b7c8 in JOIN::exec (this=this@entry=0x15102c014450) at /test/10.11_dbg/sql/sql_select.cc:4611
            #12 0x0000558917949731 in mysql_select (thd=thd@entry=0x15102c000d58, tables=0x0, fields=@0x15102c0134c0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x15102c013ab0, last = 0x15102c013ab0, elements = 1}, <No data fields>}, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2164525824, result=0x15102c014428, unit=0x15102c004f98, select_lex=0x15102c013208) at /test/10.11_dbg/sql/sql_select.cc:5091
            #13 0x0000558917949ea4 in handle_select (thd=thd@entry=0x15102c000d58, lex=lex@entry=0x15102c004ec0, result=result@entry=0x15102c014428, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.11_dbg/sql/sql_select.cc:581
            #14 0x00005589178b4b69 in execute_sqlcom_select (thd=thd@entry=0x15102c000d58, all_tables=0x0) at /test/10.11_dbg/sql/sql_parse.cc:6267
            #15 0x00005589178c016a in mysql_execute_command (thd=thd@entry=0x15102c000d58, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.11_dbg/sql/sql_parse.cc:3949
            #16 0x00005589178c7484 in mysql_parse (thd=thd@entry=0x15102c000d58, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x15104f0fb2c0) at /test/10.11_dbg/sql/sql_parse.cc:8002
            #17 0x00005589178c9618 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x15102c000d58, packet=packet@entry=0x15102c00ae09 "", packet_length=packet_length@entry=58, blocking=blocking@entry=true) at /test/10.11_dbg/sql/sql_class.h:243
            #18 0x00005589178cb471 in do_command (thd=0x15102c000d58, blocking=blocking@entry=true) at /test/10.11_dbg/sql/sql_parse.cc:1407
            #19 0x0000558917a1653a in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55891aaedb98, put_in_cache=put_in_cache@entry=true) at /test/10.11_dbg/sql/sql_connect.cc:1416
            #20 0x0000558917a16799 in handle_one_connection (arg=0x55891aaedb98) at /test/10.11_dbg/sql/sql_connect.cc:1318
            #21 0x000015107f7f6b43 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
            #22 0x000015107f888a00 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
            {noformat}
            The SIGSEGV in
            {noformat:title=10.3.38 2743a510a156456fe57429032bf41c0da0f11198 (Debug)}
            Core was generated by `/test/MD110223-mariadb-10.3.38-linux-x86_64-dbg/bin/mysqld --no-defaults --core'.
            Program terminated with signal SIGSEGV, Segmentation fault.
            #0 thd_ha_data (thd=0x149fe4000d38, hton=0x0)
                at /test/10.3_dbg/sql/sql_class.cc:423
            [Current thread is 1 (Thread 0x14a0440ea640 (LWP 2348487))]
            (gdb) bt
            #0 thd_ha_data (thd=0x149fe4000d38, hton=0x0) at /test/10.3_dbg/sql/sql_class.cc:423
            #1 0x000055557392a26b in thd_get_ha_data (thd=<optimized out>, hton=<optimized out>) at /test/10.3_dbg/sql/sql_class.cc:438
            #2 0x000014a0219f5a1e in spider_direct_sql_body (initid=0x149fe4010e68, args=0x149fe4010e28, is_null=<optimized out>, error=0x149fe4010e98 "", bg=bg@entry=0 '\000') at /test/10.3_dbg/storage/spider/spd_direct_sql.cc:1604
            #3 0x000014a0219f63ab in spider_direct_sql (initid=<optimized out>, args=<optimized out>, is_null=<optimized out>, error=<optimized out>) at /test/10.3_dbg/storage/spider/spd_udf.cc:29
            #4 0x0000555573c511f7 in udf_handler::val_int (null_value=<synthetic pointer>, this=0x149fe4010e18) at /test/10.3_dbg/sql/sql_udf.h:107
            #5 Item_func_udf_int::val_int (this=0x149fe4010d58) at /test/10.3_dbg/sql/item_func.cc:3608
            #6 0x0000555573af9983 in Type_handler::Item_send_longlong (this=<optimized out>, item=0x149fe4010d58, protocol=0x149fe4001318, buf=<optimized out>) at /test/10.3_dbg/sql/sql_type.cc:5454
            #7 0x0000555573afd62d in Type_handler_longlong::Item_send (this=<optimized out>, item=<optimized out>, protocol=<optimized out>, buf=<optimized out>) at /test/10.3_dbg/sql/sql_type.h:2498
            #8 0x00005555738b7910 in Item::send (this=0x149fe4010d58, protocol=0x149fe4001318, buffer=0x14a0440e73a0) at /test/10.3_dbg/sql/item.h:886
            #9 0x00005555738b55d4 in Protocol::send_result_set_row (this=this@entry=0x149fe4001318, row_items=row_items@entry=0x149fe4005358) at /test/10.3_dbg/sql/protocol.cc:1000
            #10 0x000055557393308a in select_send::send_data (this=0x149fe4011020, items=@0x149fe4005358: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x149fe4010ee0, last = 0x149fe4010ee0, elements = 1}, <No data fields>}) at /test/10.3_dbg/sql/sql_class.cc:3049
            #11 0x00005555739e870c in JOIN::exec_inner (this=this@entry=0x149fe4011048) at /test/10.3_dbg/sql/sql_select.cc:4065
            #12 0x00005555739e9384 in JOIN::exec (this=this@entry=0x149fe4011048) at /test/10.3_dbg/sql/sql_select.cc:3984
            #13 0x00005555739e9576 in mysql_select (thd=thd@entry=0x149fe4000d38, tables=0x0, wild_num=0, fields=@0x149fe4005358: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x149fe4010ee0, last = 0x149fe4010ee0, elements = 1}, <No data fields>}, conds=0x0, og_num=<optimized out>, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x149fe4011020, unit=0x149fe4004a58, select_lex=0x149fe4005218) at /test/10.3_dbg/sql/sql_select.cc:4393
            #14 0x00005555739ea02b in handle_select (thd=thd@entry=0x149fe4000d38, lex=lex@entry=0x149fe4004998, result=result@entry=0x149fe4011020, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.3_dbg/sql/sql_select.cc:372
            #15 0x0000555573973fd7 in execute_sqlcom_select (thd=thd@entry=0x149fe4000d38, all_tables=0x0) at /test/10.3_dbg/sql/sql_parse.cc:6340
            #16 0x000055557397d9a1 in mysql_execute_command (thd=thd@entry=0x149fe4000d38) at /test/10.3_dbg/sql/sql_parse.cc:3871
            #17 0x0000555573986694 in mysql_parse (thd=thd@entry=0x149fe4000d38, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14a0440e9510, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.3_dbg/sql/sql_parse.cc:7855
            #18 0x0000555573988609 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x149fe4000d38, packet=packet@entry=0x149fe4018ae9 "", packet_length=packet_length@entry=58, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.3_dbg/sql/sql_class.h:200
            #19 0x000055557398a5cf in do_command (thd=0x149fe4000d38) at /test/10.3_dbg/sql/sql_parse.cc:1398
            #20 0x0000555573a8e01f in do_handle_one_connection (connect=<optimized out>) at /test/10.3_dbg/sql/sql_connect.cc:1404
            #21 0x0000555573a8e150 in handle_one_connection (arg=<optimized out>) at /test/10.3_dbg/sql/sql_connect.cc:1309
            #22 0x000014a0485a8b43 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
            #23 0x000014a04863aa00 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
            {noformat}

            Bug confirmed present in:
            MariaDB: 10.3.38 (dbg), 10.3.38 (opt), 10.4.29 (dbg), 10.4.29 (opt), 10.5.20 (dbg), 10.5.20 (opt), 10.6.13 (dbg), 10.6.13 (opt), 10.7.8 (dbg), 10.7.8 (opt), 10.8.8 (dbg), 10.8.8 (opt), 10.9.6 (dbg), 10.9.6 (opt), 10.10.4 (dbg), 10.10.4 (opt), 10.11.2 (dbg), 10.11.2 (opt), 11.0.1 (dbg), 11.0.1 (opt)

            Bug (or feature/syntax) confirmed not present in:
            MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.40 (dbg), 5.7.40 (opt), 8.0.31 (dbg), 8.0.31 (opt)
            Roel Roel Van de Paar made changes -
            Description {code:sql}
            CREATE FUNCTION spider_direct_sql RETURNS INT SONAME 'ha_spider.so';
            SELECT spider_direct_sql ('SELECT * FROM s','a','srv "b"');
            {code}

            Leads to:

            {noformat:title=11.0.1 f2dc4d4c10ac36a73b5c1eb765352d3aee808d66 (Debug)}
            Core was generated by `/test/MD180223-mariadb-11.0.1-linux-x86_64-dbg/bin/mariadbd --no-defaults --cor'.
            Program terminated with signal SIGSEGV, Segmentation fault.
            #0 0x000015255cb023be in spider_direct_sql_body (initid=0x152510013a68,
                args=0x152510013a28, is_null=<optimized out>, error=0x152510013a98 "",
                bg=bg@entry=0 '\000')
                at /test/11.0_dbg/storage/spider/spd_direct_sql.cc:1516
            1516 if (!(direct_sql = (SPIDER_DIRECT_SQL *)
            [Current thread is 1 (Thread 0x15255cbdd640 (LWP 2348034))]
            (gdb) bt
            #0 0x000015255cb023be in spider_direct_sql_body (initid=0x152510013a68, args=0x152510013a28, is_null=<optimized out>, error=0x152510013a98 "", bg=bg@entry=0 '\000') at /test/11.0_dbg/storage/spider/spd_direct_sql.cc:1516
            #1 0x000015255cb02dbd in spider_direct_sql (initid=<optimized out>, args=<optimized out>, is_null=<optimized out>, error=<optimized out>) at /test/11.0_dbg/storage/spider/spd_udf.cc:29
            #2 0x000055c3720494d7 in udf_handler::val_int (null_value=<synthetic pointer>, this=0x152510013a18) at /test/11.0_dbg/sql/sql_udf.h:108
            #3 Item_func_udf_int::val_int (this=0x152510013968) at /test/11.0_dbg/sql/item_func.cc:3818
            #4 0x000055c371ef1013 in Type_handler::Item_send_longlong (this=<optimized out>, item=0x152510013968, protocol=0x152510001368, buf=<optimized out>) at /test/11.0_dbg/sql/sql_type.cc:7496
            #5 0x000055c371ef7889 in Type_handler_longlong::Item_send (this=<optimized out>, item=<optimized out>, protocol=<optimized out>, buf=<optimized out>) at /test/11.0_dbg/sql/sql_type.h:5765
            #6 0x000055c371bcf5dc in Item::send (this=0x152510013968, protocol=0x152510001368, buffer=0x15255cbdaff0) at /test/11.0_dbg/sql/item.h:1235
            #7 0x000055c371c050f9 in Protocol::send_result_set_row (this=this@entry=0x152510001368, row_items=row_items@entry=0x1525100134d0) at /test/11.0_dbg/sql/protocol.cc:1332
            #8 0x000055c371c876d1 in select_send::send_data (this=0x152510014460, items=@0x1525100134d0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x152510013ae0, last = 0x152510013ae0, elements = 1}, <No data fields>}) at /test/11.0_dbg/sql/sql_class.cc:3102
            #9 0x000055c371d76d15 in select_result_sink::send_data_with_check (sent=0, u=<optimized out>, items=<optimized out>, this=<optimized out>) at /test/11.0_dbg/sql/sql_class.h:5748
            #10 JOIN::exec_inner (this=this@entry=0x152510014488) at /test/11.0_dbg/sql/sql_select.cc:4754
            #11 0x000055c371d77be0 in JOIN::exec (this=this@entry=0x152510014488) at /test/11.0_dbg/sql/sql_select.cc:4666
            #12 0x000055c371d75b18 in mysql_select (thd=thd@entry=0x152510000d58, tables=0x0, fields=@0x1525100134d0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x152510013ae0, last = 0x152510013ae0, elements = 1}, <No data fields>}, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2164525824, result=0x152510014460, unit=0x152510004fa0, select_lex=0x152510013218) at /test/11.0_dbg/sql/sql_select.cc:5146
            #13 0x000055c371d7628b in handle_select (thd=thd@entry=0x152510000d58, lex=lex@entry=0x152510004ec8, result=result@entry=0x152510014460, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/11.0_dbg/sql/sql_select.cc:608
            #14 0x000055c371cdbe8d in execute_sqlcom_select (thd=thd@entry=0x152510000d58, all_tables=0x0) at /test/11.0_dbg/sql/sql_parse.cc:6267
            #15 0x000055c371ce74af in mysql_execute_command (thd=thd@entry=0x152510000d58, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/11.0_dbg/sql/sql_parse.cc:3949
            #16 0x000055c371cee7cf in mysql_parse (thd=thd@entry=0x152510000d58, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x15255cbdc2c0) at /test/11.0_dbg/sql/sql_parse.cc:8002
            #17 0x000055c371cf0963 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x152510000d58, packet=packet@entry=0x15251000ae19 "", packet_length=packet_length@entry=58, blocking=blocking@entry=true) at /test/11.0_dbg/sql/sql_class.h:242
            #18 0x000055c371cf27bc in do_command (thd=0x152510000d58, blocking=blocking@entry=true) at /test/11.0_dbg/sql/sql_parse.cc:1407
            #19 0x000055c371e436e2 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55c3750d6b98, put_in_cache=put_in_cache@entry=true) at /test/11.0_dbg/sql/sql_connect.cc:1416
            #20 0x000055c371e43941 in handle_one_connection (arg=0x55c3750d6b98) at /test/11.0_dbg/sql/sql_connect.cc:1318
            #21 0x00001525760a3b43 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
            #22 0x0000152576135a00 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
            {noformat}
            {noformat:title=10.11.2 483ddb5684ad7e5b0ffd19d4b0cb81de56d776f8 (Debug)}
            Core was generated by `/test/MD110223-mariadb-10.11.2-linux-x86_64-dbg/bin/mariadbd --no-defaults --co'.
            Program terminated with signal SIGSEGV, Segmentation fault.
            #0 0x000015104f0205f3 in spider_direct_sql_body (initid=0x15102c013a38,
                args=0x15102c0139f8, is_null=<optimized out>, error=0x15102c013a68 "",
                bg=bg@entry=0 '\000')
                at /test/10.11_dbg/storage/spider/spd_direct_sql.cc:1518
            [Current thread is 1 (Thread 0x15104f0fc640 (LWP 2347983))]
            (gdb) bt
            #0 0x000015104f0205f3 in spider_direct_sql_body (initid=0x15102c013a38, args=0x15102c0139f8, is_null=<optimized out>, error=0x15102c013a68 "", bg=bg@entry=0 '\000') at /test/10.11_dbg/storage/spider/spd_direct_sql.cc:1518
            #1 0x000015104f020ff2 in spider_direct_sql (initid=<optimized out>, args=<optimized out>, is_null=<optimized out>, error=<optimized out>) at /test/10.11_dbg/storage/spider/spd_udf.cc:29
            #2 0x0000558917c18b07 in udf_handler::val_int (null_value=<synthetic pointer>, this=0x15102c0139e8) at /test/10.11_dbg/sql/sql_udf.h:108
            #3 Item_func_udf_int::val_int (this=0x15102c013940) at /test/10.11_dbg/sql/item_func.cc:3818
            #4 0x0000558917ac1e3f in Type_handler::Item_send_longlong (this=<optimized out>, item=0x15102c013940, protocol=0x15102c001368, buf=<optimized out>) at /test/10.11_dbg/sql/sql_type.cc:7496
            #5 0x0000558917ac8649 in Type_handler_longlong::Item_send (this=<optimized out>, item=<optimized out>, protocol=<optimized out>, buf=<optimized out>) at /test/10.11_dbg/sql/sql_type.h:5769
            #6 0x00005589177a937c in Item::send (this=0x15102c013940, protocol=0x15102c001368, buffer=0x15104f0f9ff0) at /test/10.11_dbg/sql/item.h:1235
            #7 0x00005589177dd7bb in Protocol::send_result_set_row (this=this@entry=0x15102c001368, row_items=row_items@entry=0x15102c0134c0) at /test/10.11_dbg/sql/protocol.cc:1332
            #8 0x0000558917860685 in select_send::send_data (this=0x15102c014428, items=@0x15102c0134c0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x15102c013ab0, last = 0x15102c013ab0, elements = 1}, <No data fields>}) at /test/10.11_dbg/sql/sql_class.cc:3103
            #9 0x000055891794a92f in select_result_sink::send_data_with_check (sent=0, u=<optimized out>, items=<optimized out>, this=<optimized out>) at /test/10.11_dbg/sql/sql_class.h:5746
            #10 JOIN::exec_inner (this=this@entry=0x15102c014450) at /test/10.11_dbg/sql/sql_select.cc:4699
            #11 0x000055891794b7c8 in JOIN::exec (this=this@entry=0x15102c014450) at /test/10.11_dbg/sql/sql_select.cc:4611
            #12 0x0000558917949731 in mysql_select (thd=thd@entry=0x15102c000d58, tables=0x0, fields=@0x15102c0134c0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x15102c013ab0, last = 0x15102c013ab0, elements = 1}, <No data fields>}, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2164525824, result=0x15102c014428, unit=0x15102c004f98, select_lex=0x15102c013208) at /test/10.11_dbg/sql/sql_select.cc:5091
            #13 0x0000558917949ea4 in handle_select (thd=thd@entry=0x15102c000d58, lex=lex@entry=0x15102c004ec0, result=result@entry=0x15102c014428, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.11_dbg/sql/sql_select.cc:581
            #14 0x00005589178b4b69 in execute_sqlcom_select (thd=thd@entry=0x15102c000d58, all_tables=0x0) at /test/10.11_dbg/sql/sql_parse.cc:6267
            #15 0x00005589178c016a in mysql_execute_command (thd=thd@entry=0x15102c000d58, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.11_dbg/sql/sql_parse.cc:3949
            #16 0x00005589178c7484 in mysql_parse (thd=thd@entry=0x15102c000d58, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x15104f0fb2c0) at /test/10.11_dbg/sql/sql_parse.cc:8002
            #17 0x00005589178c9618 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x15102c000d58, packet=packet@entry=0x15102c00ae09 "", packet_length=packet_length@entry=58, blocking=blocking@entry=true) at /test/10.11_dbg/sql/sql_class.h:243
            #18 0x00005589178cb471 in do_command (thd=0x15102c000d58, blocking=blocking@entry=true) at /test/10.11_dbg/sql/sql_parse.cc:1407
            #19 0x0000558917a1653a in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55891aaedb98, put_in_cache=put_in_cache@entry=true) at /test/10.11_dbg/sql/sql_connect.cc:1416
            #20 0x0000558917a16799 in handle_one_connection (arg=0x55891aaedb98) at /test/10.11_dbg/sql/sql_connect.cc:1318
            #21 0x000015107f7f6b43 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
            #22 0x000015107f888a00 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
            {noformat}
            The SIGSEGV in
            {noformat:title=10.3.38 2743a510a156456fe57429032bf41c0da0f11198 (Debug)}
            Core was generated by `/test/MD110223-mariadb-10.3.38-linux-x86_64-dbg/bin/mysqld --no-defaults --core'.
            Program terminated with signal SIGSEGV, Segmentation fault.
            #0 thd_ha_data (thd=0x149fe4000d38, hton=0x0)
                at /test/10.3_dbg/sql/sql_class.cc:423
            [Current thread is 1 (Thread 0x14a0440ea640 (LWP 2348487))]
            (gdb) bt
            #0 thd_ha_data (thd=0x149fe4000d38, hton=0x0) at /test/10.3_dbg/sql/sql_class.cc:423
            #1 0x000055557392a26b in thd_get_ha_data (thd=<optimized out>, hton=<optimized out>) at /test/10.3_dbg/sql/sql_class.cc:438
            #2 0x000014a0219f5a1e in spider_direct_sql_body (initid=0x149fe4010e68, args=0x149fe4010e28, is_null=<optimized out>, error=0x149fe4010e98 "", bg=bg@entry=0 '\000') at /test/10.3_dbg/storage/spider/spd_direct_sql.cc:1604
            #3 0x000014a0219f63ab in spider_direct_sql (initid=<optimized out>, args=<optimized out>, is_null=<optimized out>, error=<optimized out>) at /test/10.3_dbg/storage/spider/spd_udf.cc:29
            #4 0x0000555573c511f7 in udf_handler::val_int (null_value=<synthetic pointer>, this=0x149fe4010e18) at /test/10.3_dbg/sql/sql_udf.h:107
            #5 Item_func_udf_int::val_int (this=0x149fe4010d58) at /test/10.3_dbg/sql/item_func.cc:3608
            #6 0x0000555573af9983 in Type_handler::Item_send_longlong (this=<optimized out>, item=0x149fe4010d58, protocol=0x149fe4001318, buf=<optimized out>) at /test/10.3_dbg/sql/sql_type.cc:5454
            #7 0x0000555573afd62d in Type_handler_longlong::Item_send (this=<optimized out>, item=<optimized out>, protocol=<optimized out>, buf=<optimized out>) at /test/10.3_dbg/sql/sql_type.h:2498
            #8 0x00005555738b7910 in Item::send (this=0x149fe4010d58, protocol=0x149fe4001318, buffer=0x14a0440e73a0) at /test/10.3_dbg/sql/item.h:886
            #9 0x00005555738b55d4 in Protocol::send_result_set_row (this=this@entry=0x149fe4001318, row_items=row_items@entry=0x149fe4005358) at /test/10.3_dbg/sql/protocol.cc:1000
            #10 0x000055557393308a in select_send::send_data (this=0x149fe4011020, items=@0x149fe4005358: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x149fe4010ee0, last = 0x149fe4010ee0, elements = 1}, <No data fields>}) at /test/10.3_dbg/sql/sql_class.cc:3049
            #11 0x00005555739e870c in JOIN::exec_inner (this=this@entry=0x149fe4011048) at /test/10.3_dbg/sql/sql_select.cc:4065
            #12 0x00005555739e9384 in JOIN::exec (this=this@entry=0x149fe4011048) at /test/10.3_dbg/sql/sql_select.cc:3984
            #13 0x00005555739e9576 in mysql_select (thd=thd@entry=0x149fe4000d38, tables=0x0, wild_num=0, fields=@0x149fe4005358: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x149fe4010ee0, last = 0x149fe4010ee0, elements = 1}, <No data fields>}, conds=0x0, og_num=<optimized out>, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x149fe4011020, unit=0x149fe4004a58, select_lex=0x149fe4005218) at /test/10.3_dbg/sql/sql_select.cc:4393
            #14 0x00005555739ea02b in handle_select (thd=thd@entry=0x149fe4000d38, lex=lex@entry=0x149fe4004998, result=result@entry=0x149fe4011020, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.3_dbg/sql/sql_select.cc:372
            #15 0x0000555573973fd7 in execute_sqlcom_select (thd=thd@entry=0x149fe4000d38, all_tables=0x0) at /test/10.3_dbg/sql/sql_parse.cc:6340
            #16 0x000055557397d9a1 in mysql_execute_command (thd=thd@entry=0x149fe4000d38) at /test/10.3_dbg/sql/sql_parse.cc:3871
            #17 0x0000555573986694 in mysql_parse (thd=thd@entry=0x149fe4000d38, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14a0440e9510, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.3_dbg/sql/sql_parse.cc:7855
            #18 0x0000555573988609 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x149fe4000d38, packet=packet@entry=0x149fe4018ae9 "", packet_length=packet_length@entry=58, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.3_dbg/sql/sql_class.h:200
            #19 0x000055557398a5cf in do_command (thd=0x149fe4000d38) at /test/10.3_dbg/sql/sql_parse.cc:1398
            #20 0x0000555573a8e01f in do_handle_one_connection (connect=<optimized out>) at /test/10.3_dbg/sql/sql_connect.cc:1404
            #21 0x0000555573a8e150 in handle_one_connection (arg=<optimized out>) at /test/10.3_dbg/sql/sql_connect.cc:1309
            #22 0x000014a0485a8b43 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
            #23 0x000014a04863aa00 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
            {noformat}

            Bug confirmed present in:
            MariaDB: 10.3.38 (dbg), 10.3.38 (opt), 10.4.29 (dbg), 10.4.29 (opt), 10.5.20 (dbg), 10.5.20 (opt), 10.6.13 (dbg), 10.6.13 (opt), 10.7.8 (dbg), 10.7.8 (opt), 10.8.8 (dbg), 10.8.8 (opt), 10.9.6 (dbg), 10.9.6 (opt), 10.10.4 (dbg), 10.10.4 (opt), 10.11.2 (dbg), 10.11.2 (opt), 11.0.1 (dbg), 11.0.1 (opt)

            Bug (or feature/syntax) confirmed not present in:
            MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.40 (dbg), 5.7.40 (opt), 8.0.31 (dbg), 8.0.31 (opt)             		{code:sql}
            CREATE FUNCTION spider_direct_sql RETURNS INT SONAME 'ha_spider.so';
            SELECT spider_direct_sql ('SELECT * FROM s','a','srv "b"');
            {code}

            Leads to:

            {noformat:title=11.0.1 f2dc4d4c10ac36a73b5c1eb765352d3aee808d66 (Debug)}
            Core was generated by `/test/MD180223-mariadb-11.0.1-linux-x86_64-dbg/bin/mariadbd --no-defaults --cor'.
            Program terminated with signal SIGSEGV, Segmentation fault.
            #0 0x000015255cb023be in spider_direct_sql_body (initid=0x152510013a68,
                args=0x152510013a28, is_null=<optimized out>, error=0x152510013a98 "",
                bg=bg@entry=0 '\000')
                at /test/11.0_dbg/storage/spider/spd_direct_sql.cc:1516
            1516 if (!(direct_sql = (SPIDER_DIRECT_SQL *)
            [Current thread is 1 (Thread 0x15255cbdd640 (LWP 2348034))]
            (gdb) bt
            #0 0x000015255cb023be in spider_direct_sql_body (initid=0x152510013a68, args=0x152510013a28, is_null=<optimized out>, error=0x152510013a98 "", bg=bg@entry=0 '\000') at /test/11.0_dbg/storage/spider/spd_direct_sql.cc:1516
            #1 0x000015255cb02dbd in spider_direct_sql (initid=<optimized out>, args=<optimized out>, is_null=<optimized out>, error=<optimized out>) at /test/11.0_dbg/storage/spider/spd_udf.cc:29
            #2 0x000055c3720494d7 in udf_handler::val_int (null_value=<synthetic pointer>, this=0x152510013a18) at /test/11.0_dbg/sql/sql_udf.h:108
            #3 Item_func_udf_int::val_int (this=0x152510013968) at /test/11.0_dbg/sql/item_func.cc:3818
            #4 0x000055c371ef1013 in Type_handler::Item_send_longlong (this=<optimized out>, item=0x152510013968, protocol=0x152510001368, buf=<optimized out>) at /test/11.0_dbg/sql/sql_type.cc:7496
            #5 0x000055c371ef7889 in Type_handler_longlong::Item_send (this=<optimized out>, item=<optimized out>, protocol=<optimized out>, buf=<optimized out>) at /test/11.0_dbg/sql/sql_type.h:5765
            #6 0x000055c371bcf5dc in Item::send (this=0x152510013968, protocol=0x152510001368, buffer=0x15255cbdaff0) at /test/11.0_dbg/sql/item.h:1235
            #7 0x000055c371c050f9 in Protocol::send_result_set_row (this=this@entry=0x152510001368, row_items=row_items@entry=0x1525100134d0) at /test/11.0_dbg/sql/protocol.cc:1332
            #8 0x000055c371c876d1 in select_send::send_data (this=0x152510014460, items=@0x1525100134d0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x152510013ae0, last = 0x152510013ae0, elements = 1}, <No data fields>}) at /test/11.0_dbg/sql/sql_class.cc:3102
            #9 0x000055c371d76d15 in select_result_sink::send_data_with_check (sent=0, u=<optimized out>, items=<optimized out>, this=<optimized out>) at /test/11.0_dbg/sql/sql_class.h:5748
            #10 JOIN::exec_inner (this=this@entry=0x152510014488) at /test/11.0_dbg/sql/sql_select.cc:4754
            #11 0x000055c371d77be0 in JOIN::exec (this=this@entry=0x152510014488) at /test/11.0_dbg/sql/sql_select.cc:4666
            #12 0x000055c371d75b18 in mysql_select (thd=thd@entry=0x152510000d58, tables=0x0, fields=@0x1525100134d0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x152510013ae0, last = 0x152510013ae0, elements = 1}, <No data fields>}, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2164525824, result=0x152510014460, unit=0x152510004fa0, select_lex=0x152510013218) at /test/11.0_dbg/sql/sql_select.cc:5146
            #13 0x000055c371d7628b in handle_select (thd=thd@entry=0x152510000d58, lex=lex@entry=0x152510004ec8, result=result@entry=0x152510014460, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/11.0_dbg/sql/sql_select.cc:608
            #14 0x000055c371cdbe8d in execute_sqlcom_select (thd=thd@entry=0x152510000d58, all_tables=0x0) at /test/11.0_dbg/sql/sql_parse.cc:6267
            #15 0x000055c371ce74af in mysql_execute_command (thd=thd@entry=0x152510000d58, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/11.0_dbg/sql/sql_parse.cc:3949
            #16 0x000055c371cee7cf in mysql_parse (thd=thd@entry=0x152510000d58, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x15255cbdc2c0) at /test/11.0_dbg/sql/sql_parse.cc:8002
            #17 0x000055c371cf0963 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x152510000d58, packet=packet@entry=0x15251000ae19 "", packet_length=packet_length@entry=58, blocking=blocking@entry=true) at /test/11.0_dbg/sql/sql_class.h:242
            #18 0x000055c371cf27bc in do_command (thd=0x152510000d58, blocking=blocking@entry=true) at /test/11.0_dbg/sql/sql_parse.cc:1407
            #19 0x000055c371e436e2 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55c3750d6b98, put_in_cache=put_in_cache@entry=true) at /test/11.0_dbg/sql/sql_connect.cc:1416
            #20 0x000055c371e43941 in handle_one_connection (arg=0x55c3750d6b98) at /test/11.0_dbg/sql/sql_connect.cc:1318
            #21 0x00001525760a3b43 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
            #22 0x0000152576135a00 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
            {noformat}
            {noformat:title=10.11.2 483ddb5684ad7e5b0ffd19d4b0cb81de56d776f8 (Debug)}
            Core was generated by `/test/MD110223-mariadb-10.11.2-linux-x86_64-dbg/bin/mariadbd --no-defaults --co'.
            Program terminated with signal SIGSEGV, Segmentation fault.
            #0 0x000015104f0205f3 in spider_direct_sql_body (initid=0x15102c013a38,
                args=0x15102c0139f8, is_null=<optimized out>, error=0x15102c013a68 "",
                bg=bg@entry=0 '\000')
                at /test/10.11_dbg/storage/spider/spd_direct_sql.cc:1518
            [Current thread is 1 (Thread 0x15104f0fc640 (LWP 2347983))]
            (gdb) bt
            #0 0x000015104f0205f3 in spider_direct_sql_body (initid=0x15102c013a38, args=0x15102c0139f8, is_null=<optimized out>, error=0x15102c013a68 "", bg=bg@entry=0 '\000') at /test/10.11_dbg/storage/spider/spd_direct_sql.cc:1518
            #1 0x000015104f020ff2 in spider_direct_sql (initid=<optimized out>, args=<optimized out>, is_null=<optimized out>, error=<optimized out>) at /test/10.11_dbg/storage/spider/spd_udf.cc:29
            #2 0x0000558917c18b07 in udf_handler::val_int (null_value=<synthetic pointer>, this=0x15102c0139e8) at /test/10.11_dbg/sql/sql_udf.h:108
            #3 Item_func_udf_int::val_int (this=0x15102c013940) at /test/10.11_dbg/sql/item_func.cc:3818
            #4 0x0000558917ac1e3f in Type_handler::Item_send_longlong (this=<optimized out>, item=0x15102c013940, protocol=0x15102c001368, buf=<optimized out>) at /test/10.11_dbg/sql/sql_type.cc:7496
            #5 0x0000558917ac8649 in Type_handler_longlong::Item_send (this=<optimized out>, item=<optimized out>, protocol=<optimized out>, buf=<optimized out>) at /test/10.11_dbg/sql/sql_type.h:5769
            #6 0x00005589177a937c in Item::send (this=0x15102c013940, protocol=0x15102c001368, buffer=0x15104f0f9ff0) at /test/10.11_dbg/sql/item.h:1235
            #7 0x00005589177dd7bb in Protocol::send_result_set_row (this=this@entry=0x15102c001368, row_items=row_items@entry=0x15102c0134c0) at /test/10.11_dbg/sql/protocol.cc:1332
            #8 0x0000558917860685 in select_send::send_data (this=0x15102c014428, items=@0x15102c0134c0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x15102c013ab0, last = 0x15102c013ab0, elements = 1}, <No data fields>}) at /test/10.11_dbg/sql/sql_class.cc:3103
            #9 0x000055891794a92f in select_result_sink::send_data_with_check (sent=0, u=<optimized out>, items=<optimized out>, this=<optimized out>) at /test/10.11_dbg/sql/sql_class.h:5746
            #10 JOIN::exec_inner (this=this@entry=0x15102c014450) at /test/10.11_dbg/sql/sql_select.cc:4699
            #11 0x000055891794b7c8 in JOIN::exec (this=this@entry=0x15102c014450) at /test/10.11_dbg/sql/sql_select.cc:4611
            #12 0x0000558917949731 in mysql_select (thd=thd@entry=0x15102c000d58, tables=0x0, fields=@0x15102c0134c0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x15102c013ab0, last = 0x15102c013ab0, elements = 1}, <No data fields>}, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2164525824, result=0x15102c014428, unit=0x15102c004f98, select_lex=0x15102c013208) at /test/10.11_dbg/sql/sql_select.cc:5091
            #13 0x0000558917949ea4 in handle_select (thd=thd@entry=0x15102c000d58, lex=lex@entry=0x15102c004ec0, result=result@entry=0x15102c014428, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.11_dbg/sql/sql_select.cc:581
            #14 0x00005589178b4b69 in execute_sqlcom_select (thd=thd@entry=0x15102c000d58, all_tables=0x0) at /test/10.11_dbg/sql/sql_parse.cc:6267
            #15 0x00005589178c016a in mysql_execute_command (thd=thd@entry=0x15102c000d58, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.11_dbg/sql/sql_parse.cc:3949
            #16 0x00005589178c7484 in mysql_parse (thd=thd@entry=0x15102c000d58, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x15104f0fb2c0) at /test/10.11_dbg/sql/sql_parse.cc:8002
            #17 0x00005589178c9618 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x15102c000d58, packet=packet@entry=0x15102c00ae09 "", packet_length=packet_length@entry=58, blocking=blocking@entry=true) at /test/10.11_dbg/sql/sql_class.h:243
            #18 0x00005589178cb471 in do_command (thd=0x15102c000d58, blocking=blocking@entry=true) at /test/10.11_dbg/sql/sql_parse.cc:1407
            #19 0x0000558917a1653a in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55891aaedb98, put_in_cache=put_in_cache@entry=true) at /test/10.11_dbg/sql/sql_connect.cc:1416
            #20 0x0000558917a16799 in handle_one_connection (arg=0x55891aaedb98) at /test/10.11_dbg/sql/sql_connect.cc:1318
            #21 0x000015107f7f6b43 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
            #22 0x000015107f888a00 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
            {noformat}
            The SIGSEGV's in thd_ha_data only shows in 10.3:
            {noformat:title=10.3.38 2743a510a156456fe57429032bf41c0da0f11198 (Optimized)}
            Core was generated by `/test/MD110223-mariadb-10.3.38-linux-x86_64-opt/bin/mysqld --no-defaults --core'.
            Program terminated with signal SIGSEGV, Segmentation fault.
            #0 thd_ha_data (thd=0x14c3ec000c58, hton=0x0)
                at /test/10.3_opt/sql/sql_class.cc:423
            [Current thread is 1 (Thread 0x14c4440cf640 (LWP 2348216))]
            (gdb) bt
            #0 thd_ha_data (thd=0x14c3ec000c58, hton=0x0) at /test/10.3_opt/sql/sql_class.cc:423
            #1 0x00005595be7d166d in thd_get_ha_data (thd=<optimized out>, hton=<optimized out>) at /test/10.3_opt/sql/sql_class.cc:438
            #2 0x000014c4218debb9 in spider_direct_sql_body (initid=0x14c3ec00f9d8, args=0x14c3ec00f998, is_null=<optimized out>, error=0x14c3ec00fa08 "", bg=<optimized out>) at /test/10.3_opt/storage/spider/spd_direct_sql.cc:1604
            #3 0x00005595bea795de in udf_handler::val_int (null_value=<synthetic pointer>, this=<optimized out>) at /test/10.3_opt/sql/sql_udf.h:107
            #4 udf_handler::val_int (null_value=<synthetic pointer>, this=0x14c3ec00f988) at /test/10.3_opt/sql/sql_udf.h:98
            #5 Item_func_udf_int::val_int (this=0x14c3ec00f8c8) at /test/10.3_opt/sql/item_func.cc:3608
            #6 0x00005595be95fb3d in Type_handler::Item_send_longlong (this=<optimized out>, item=0x14c3ec00f8c8, protocol=0x14c3ec0011b0, buf=<optimized out>) at /test/10.3_opt/sql/sql_type.cc:5454
            #7 0x00005595be769fbe in Protocol::send_result_set_row (this=this@entry=0x14c3ec0011b0, row_items=row_items@entry=0x14c3ec0050b8) at /test/10.3_opt/sql/protocol.cc:1000
            #8 0x00005595be7d8da7 in select_send::send_data (this=0x14c3ec00fb90, items=@0x14c3ec0050b8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14c3ec00fa50, last = 0x14c3ec00fa50, elements = 1}, <No data fields>}) at /test/10.3_opt/sql/sql_class.cc:3049
            #9 0x00005595be87cc22 in JOIN::exec_inner (this=this@entry=0x14c3ec00fbb8) at /test/10.3_opt/sql/sql_select.cc:4065
            #10 0x00005595be87d2b6 in JOIN::exec (this=this@entry=0x14c3ec00fbb8) at /test/10.3_opt/sql/sql_select.cc:3984
            #11 0x00005595be87d446 in mysql_select (thd=0x14c3ec000c58, tables=<optimized out>, wild_num=0, fields=<optimized out>, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x14c3ec00fb90, unit=0x14c3ec0047b8, select_lex=0x14c3ec004f78) at /test/10.3_opt/sql/sql_select.cc:4393
            #12 0x00005595be87dd43 in handle_select (thd=thd@entry=0x14c3ec000c58, lex=lex@entry=0x14c3ec0046f8, result=result@entry=0x14c3ec00fb90, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.3_opt/sql/sql_select.cc:372
            #13 0x00005595be811d9d in execute_sqlcom_select (thd=0x14c3ec000c58, all_tables=0x0) at /test/10.3_opt/sql/sql_parse.cc:6340
            #14 0x00005595be81f7cd in mysql_execute_command (thd=<optimized out>) at /test/10.3_opt/sql/sql_parse.cc:3871
            #15 0x00005595be8221a2 in mysql_parse (thd=0x14c3ec000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /test/10.3_opt/sql/sql_parse.cc:7855
            #16 0x00005595be8239e5 in dispatch_command (command=COM_QUERY, thd=0x14c3ec000c58, packet=<optimized out>, packet_length=<optimized out>, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /test/10.3_opt/sql/sql_parse.cc:1941
            #17 0x00005595be825bae in do_command (thd=0x14c3ec000c58) at /test/10.3_opt/sql/sql_parse.cc:1398
            #18 0x00005595be90867e in do_handle_one_connection (connect=<optimized out>) at /test/10.3_opt/sql/sql_connect.cc:1404
            #19 0x00005595be9086fd in handle_one_connection (arg=<optimized out>) at /test/10.3_opt/sql/sql_connect.cc:1309
            #20 0x000014c44813eb43 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
            #21 0x000014c4481d0a00 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
            {noformat}
            {noformat:title=10.3.38 2743a510a156456fe57429032bf41c0da0f11198 (Debug)}
            Core was generated by `/test/MD110223-mariadb-10.3.38-linux-x86_64-dbg/bin/mysqld --no-defaults --core'.
            Program terminated with signal SIGSEGV, Segmentation fault.
            #0 thd_ha_data (thd=0x149fe4000d38, hton=0x0)
                at /test/10.3_dbg/sql/sql_class.cc:423
            [Current thread is 1 (Thread 0x14a0440ea640 (LWP 2348487))]
            (gdb) bt
            #0 thd_ha_data (thd=0x149fe4000d38, hton=0x0) at /test/10.3_dbg/sql/sql_class.cc:423
            #1 0x000055557392a26b in thd_get_ha_data (thd=<optimized out>, hton=<optimized out>) at /test/10.3_dbg/sql/sql_class.cc:438
            #2 0x000014a0219f5a1e in spider_direct_sql_body (initid=0x149fe4010e68, args=0x149fe4010e28, is_null=<optimized out>, error=0x149fe4010e98 "", bg=bg@entry=0 '\000') at /test/10.3_dbg/storage/spider/spd_direct_sql.cc:1604
            #3 0x000014a0219f63ab in spider_direct_sql (initid=<optimized out>, args=<optimized out>, is_null=<optimized out>, error=<optimized out>) at /test/10.3_dbg/storage/spider/spd_udf.cc:29
            #4 0x0000555573c511f7 in udf_handler::val_int (null_value=<synthetic pointer>, this=0x149fe4010e18) at /test/10.3_dbg/sql/sql_udf.h:107
            #5 Item_func_udf_int::val_int (this=0x149fe4010d58) at /test/10.3_dbg/sql/item_func.cc:3608
            #6 0x0000555573af9983 in Type_handler::Item_send_longlong (this=<optimized out>, item=0x149fe4010d58, protocol=0x149fe4001318, buf=<optimized out>) at /test/10.3_dbg/sql/sql_type.cc:5454
            #7 0x0000555573afd62d in Type_handler_longlong::Item_send (this=<optimized out>, item=<optimized out>, protocol=<optimized out>, buf=<optimized out>) at /test/10.3_dbg/sql/sql_type.h:2498
            #8 0x00005555738b7910 in Item::send (this=0x149fe4010d58, protocol=0x149fe4001318, buffer=0x14a0440e73a0) at /test/10.3_dbg/sql/item.h:886
            #9 0x00005555738b55d4 in Protocol::send_result_set_row (this=this@entry=0x149fe4001318, row_items=row_items@entry=0x149fe4005358) at /test/10.3_dbg/sql/protocol.cc:1000
            #10 0x000055557393308a in select_send::send_data (this=0x149fe4011020, items=@0x149fe4005358: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x149fe4010ee0, last = 0x149fe4010ee0, elements = 1}, <No data fields>}) at /test/10.3_dbg/sql/sql_class.cc:3049
            #11 0x00005555739e870c in JOIN::exec_inner (this=this@entry=0x149fe4011048) at /test/10.3_dbg/sql/sql_select.cc:4065
            #12 0x00005555739e9384 in JOIN::exec (this=this@entry=0x149fe4011048) at /test/10.3_dbg/sql/sql_select.cc:3984
            #13 0x00005555739e9576 in mysql_select (thd=thd@entry=0x149fe4000d38, tables=0x0, wild_num=0, fields=@0x149fe4005358: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x149fe4010ee0, last = 0x149fe4010ee0, elements = 1}, <No data fields>}, conds=0x0, og_num=<optimized out>, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x149fe4011020, unit=0x149fe4004a58, select_lex=0x149fe4005218) at /test/10.3_dbg/sql/sql_select.cc:4393
            #14 0x00005555739ea02b in handle_select (thd=thd@entry=0x149fe4000d38, lex=lex@entry=0x149fe4004998, result=result@entry=0x149fe4011020, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.3_dbg/sql/sql_select.cc:372
            #15 0x0000555573973fd7 in execute_sqlcom_select (thd=thd@entry=0x149fe4000d38, all_tables=0x0) at /test/10.3_dbg/sql/sql_parse.cc:6340
            #16 0x000055557397d9a1 in mysql_execute_command (thd=thd@entry=0x149fe4000d38) at /test/10.3_dbg/sql/sql_parse.cc:3871
            #17 0x0000555573986694 in mysql_parse (thd=thd@entry=0x149fe4000d38, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14a0440e9510, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.3_dbg/sql/sql_parse.cc:7855
            #18 0x0000555573988609 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x149fe4000d38, packet=packet@entry=0x149fe4018ae9 "", packet_length=packet_length@entry=58, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.3_dbg/sql/sql_class.h:200
            #19 0x000055557398a5cf in do_command (thd=0x149fe4000d38) at /test/10.3_dbg/sql/sql_parse.cc:1398
            #20 0x0000555573a8e01f in do_handle_one_connection (connect=<optimized out>) at /test/10.3_dbg/sql/sql_connect.cc:1404
            #21 0x0000555573a8e150 in handle_one_connection (arg=<optimized out>) at /test/10.3_dbg/sql/sql_connect.cc:1309
            #22 0x000014a0485a8b43 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
            #23 0x000014a04863aa00 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
            {noformat}

            Bug confirmed present in:
            MariaDB: 10.3.38 (dbg), 10.3.38 (opt), 10.4.29 (dbg), 10.4.29 (opt), 10.5.20 (dbg), 10.5.20 (opt), 10.6.13 (dbg), 10.6.13 (opt), 10.7.8 (dbg), 10.7.8 (opt), 10.8.8 (dbg), 10.8.8 (opt), 10.9.6 (dbg), 10.9.6 (opt), 10.10.4 (dbg), 10.10.4 (opt), 10.11.2 (dbg), 10.11.2 (opt), 11.0.1 (dbg), 11.0.1 (opt)

            Bug (or feature/syntax) confirmed not present in:
            MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.40 (dbg), 5.7.40 (opt), 8.0.31 (dbg), 8.0.31 (opt)

            UniqueID/stacks summary:
            {noformat}
            SIGSEGV|spider_direct_sql_body|spider_direct_sql|udf_handler::val_int|Item_func_udf_int::val_int
            SIGSEGV|spider_direct_sql_body|udf_handler::val_int|udf_handler::val_int|Item_func_udf_int::val_int
            SIGSEGV|thd_ha_data|thd_get_ha_data|spider_direct_sql_body|spider_direct_sql
            SIGSEGV|thd_ha_data|thd_get_ha_data|spider_direct_sql_body|udf_handler::val_int
            {noformat}
            julien.fritsch Julien Fritsch made changes -
            Fix Version/s 10.7 [ 24805 ]
            julien.fritsch Julien Fritsch made changes -
            Fix Version/s 10.3 [ 22126 ]
            julien.fritsch Julien Fritsch made changes -
            Fix Version/s 10.8 [ 26121 ]
            Roel Roel Van de Paar made changes -
            julien.fritsch Julien Fritsch made changes -
            Fix Version/s 10.9 [ 26905 ]
            julien.fritsch Julien Fritsch made changes -
            Fix Version/s 10.10 [ 27530 ]
            Roel Roel Van de Paar made changes -
            Description {code:sql}
            CREATE FUNCTION spider_direct_sql RETURNS INT SONAME 'ha_spider.so';
            SELECT spider_direct_sql ('SELECT * FROM s','a','srv "b"');
            {code}

            Leads to:

            {noformat:title=11.0.1 f2dc4d4c10ac36a73b5c1eb765352d3aee808d66 (Debug)}
            Core was generated by `/test/MD180223-mariadb-11.0.1-linux-x86_64-dbg/bin/mariadbd --no-defaults --cor'.
            Program terminated with signal SIGSEGV, Segmentation fault.
            #0 0x000015255cb023be in spider_direct_sql_body (initid=0x152510013a68,
                args=0x152510013a28, is_null=<optimized out>, error=0x152510013a98 "",
                bg=bg@entry=0 '\000')
                at /test/11.0_dbg/storage/spider/spd_direct_sql.cc:1516
            1516 if (!(direct_sql = (SPIDER_DIRECT_SQL *)
            [Current thread is 1 (Thread 0x15255cbdd640 (LWP 2348034))]
            (gdb) bt
            #0 0x000015255cb023be in spider_direct_sql_body (initid=0x152510013a68, args=0x152510013a28, is_null=<optimized out>, error=0x152510013a98 "", bg=bg@entry=0 '\000') at /test/11.0_dbg/storage/spider/spd_direct_sql.cc:1516
            #1 0x000015255cb02dbd in spider_direct_sql (initid=<optimized out>, args=<optimized out>, is_null=<optimized out>, error=<optimized out>) at /test/11.0_dbg/storage/spider/spd_udf.cc:29
            #2 0x000055c3720494d7 in udf_handler::val_int (null_value=<synthetic pointer>, this=0x152510013a18) at /test/11.0_dbg/sql/sql_udf.h:108
            #3 Item_func_udf_int::val_int (this=0x152510013968) at /test/11.0_dbg/sql/item_func.cc:3818
            #4 0x000055c371ef1013 in Type_handler::Item_send_longlong (this=<optimized out>, item=0x152510013968, protocol=0x152510001368, buf=<optimized out>) at /test/11.0_dbg/sql/sql_type.cc:7496
            #5 0x000055c371ef7889 in Type_handler_longlong::Item_send (this=<optimized out>, item=<optimized out>, protocol=<optimized out>, buf=<optimized out>) at /test/11.0_dbg/sql/sql_type.h:5765
            #6 0x000055c371bcf5dc in Item::send (this=0x152510013968, protocol=0x152510001368, buffer=0x15255cbdaff0) at /test/11.0_dbg/sql/item.h:1235
            #7 0x000055c371c050f9 in Protocol::send_result_set_row (this=this@entry=0x152510001368, row_items=row_items@entry=0x1525100134d0) at /test/11.0_dbg/sql/protocol.cc:1332
            #8 0x000055c371c876d1 in select_send::send_data (this=0x152510014460, items=@0x1525100134d0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x152510013ae0, last = 0x152510013ae0, elements = 1}, <No data fields>}) at /test/11.0_dbg/sql/sql_class.cc:3102
            #9 0x000055c371d76d15 in select_result_sink::send_data_with_check (sent=0, u=<optimized out>, items=<optimized out>, this=<optimized out>) at /test/11.0_dbg/sql/sql_class.h:5748
            #10 JOIN::exec_inner (this=this@entry=0x152510014488) at /test/11.0_dbg/sql/sql_select.cc:4754
            #11 0x000055c371d77be0 in JOIN::exec (this=this@entry=0x152510014488) at /test/11.0_dbg/sql/sql_select.cc:4666
            #12 0x000055c371d75b18 in mysql_select (thd=thd@entry=0x152510000d58, tables=0x0, fields=@0x1525100134d0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x152510013ae0, last = 0x152510013ae0, elements = 1}, <No data fields>}, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2164525824, result=0x152510014460, unit=0x152510004fa0, select_lex=0x152510013218) at /test/11.0_dbg/sql/sql_select.cc:5146
            #13 0x000055c371d7628b in handle_select (thd=thd@entry=0x152510000d58, lex=lex@entry=0x152510004ec8, result=result@entry=0x152510014460, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/11.0_dbg/sql/sql_select.cc:608
            #14 0x000055c371cdbe8d in execute_sqlcom_select (thd=thd@entry=0x152510000d58, all_tables=0x0) at /test/11.0_dbg/sql/sql_parse.cc:6267
            #15 0x000055c371ce74af in mysql_execute_command (thd=thd@entry=0x152510000d58, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/11.0_dbg/sql/sql_parse.cc:3949
            #16 0x000055c371cee7cf in mysql_parse (thd=thd@entry=0x152510000d58, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x15255cbdc2c0) at /test/11.0_dbg/sql/sql_parse.cc:8002
            #17 0x000055c371cf0963 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x152510000d58, packet=packet@entry=0x15251000ae19 "", packet_length=packet_length@entry=58, blocking=blocking@entry=true) at /test/11.0_dbg/sql/sql_class.h:242
            #18 0x000055c371cf27bc in do_command (thd=0x152510000d58, blocking=blocking@entry=true) at /test/11.0_dbg/sql/sql_parse.cc:1407
            #19 0x000055c371e436e2 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55c3750d6b98, put_in_cache=put_in_cache@entry=true) at /test/11.0_dbg/sql/sql_connect.cc:1416
            #20 0x000055c371e43941 in handle_one_connection (arg=0x55c3750d6b98) at /test/11.0_dbg/sql/sql_connect.cc:1318
            #21 0x00001525760a3b43 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
            #22 0x0000152576135a00 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
            {noformat}
            {noformat:title=10.11.2 483ddb5684ad7e5b0ffd19d4b0cb81de56d776f8 (Debug)}
            Core was generated by `/test/MD110223-mariadb-10.11.2-linux-x86_64-dbg/bin/mariadbd --no-defaults --co'.
            Program terminated with signal SIGSEGV, Segmentation fault.
            #0 0x000015104f0205f3 in spider_direct_sql_body (initid=0x15102c013a38,
                args=0x15102c0139f8, is_null=<optimized out>, error=0x15102c013a68 "",
                bg=bg@entry=0 '\000')
                at /test/10.11_dbg/storage/spider/spd_direct_sql.cc:1518
            [Current thread is 1 (Thread 0x15104f0fc640 (LWP 2347983))]
            (gdb) bt
            #0 0x000015104f0205f3 in spider_direct_sql_body (initid=0x15102c013a38, args=0x15102c0139f8, is_null=<optimized out>, error=0x15102c013a68 "", bg=bg@entry=0 '\000') at /test/10.11_dbg/storage/spider/spd_direct_sql.cc:1518
            #1 0x000015104f020ff2 in spider_direct_sql (initid=<optimized out>, args=<optimized out>, is_null=<optimized out>, error=<optimized out>) at /test/10.11_dbg/storage/spider/spd_udf.cc:29
            #2 0x0000558917c18b07 in udf_handler::val_int (null_value=<synthetic pointer>, this=0x15102c0139e8) at /test/10.11_dbg/sql/sql_udf.h:108
            #3 Item_func_udf_int::val_int (this=0x15102c013940) at /test/10.11_dbg/sql/item_func.cc:3818
            #4 0x0000558917ac1e3f in Type_handler::Item_send_longlong (this=<optimized out>, item=0x15102c013940, protocol=0x15102c001368, buf=<optimized out>) at /test/10.11_dbg/sql/sql_type.cc:7496
            #5 0x0000558917ac8649 in Type_handler_longlong::Item_send (this=<optimized out>, item=<optimized out>, protocol=<optimized out>, buf=<optimized out>) at /test/10.11_dbg/sql/sql_type.h:5769
            #6 0x00005589177a937c in Item::send (this=0x15102c013940, protocol=0x15102c001368, buffer=0x15104f0f9ff0) at /test/10.11_dbg/sql/item.h:1235
            #7 0x00005589177dd7bb in Protocol::send_result_set_row (this=this@entry=0x15102c001368, row_items=row_items@entry=0x15102c0134c0) at /test/10.11_dbg/sql/protocol.cc:1332
            #8 0x0000558917860685 in select_send::send_data (this=0x15102c014428, items=@0x15102c0134c0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x15102c013ab0, last = 0x15102c013ab0, elements = 1}, <No data fields>}) at /test/10.11_dbg/sql/sql_class.cc:3103
            #9 0x000055891794a92f in select_result_sink::send_data_with_check (sent=0, u=<optimized out>, items=<optimized out>, this=<optimized out>) at /test/10.11_dbg/sql/sql_class.h:5746
            #10 JOIN::exec_inner (this=this@entry=0x15102c014450) at /test/10.11_dbg/sql/sql_select.cc:4699
            #11 0x000055891794b7c8 in JOIN::exec (this=this@entry=0x15102c014450) at /test/10.11_dbg/sql/sql_select.cc:4611
            #12 0x0000558917949731 in mysql_select (thd=thd@entry=0x15102c000d58, tables=0x0, fields=@0x15102c0134c0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x15102c013ab0, last = 0x15102c013ab0, elements = 1}, <No data fields>}, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2164525824, result=0x15102c014428, unit=0x15102c004f98, select_lex=0x15102c013208) at /test/10.11_dbg/sql/sql_select.cc:5091
            #13 0x0000558917949ea4 in handle_select (thd=thd@entry=0x15102c000d58, lex=lex@entry=0x15102c004ec0, result=result@entry=0x15102c014428, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.11_dbg/sql/sql_select.cc:581
            #14 0x00005589178b4b69 in execute_sqlcom_select (thd=thd@entry=0x15102c000d58, all_tables=0x0) at /test/10.11_dbg/sql/sql_parse.cc:6267
            #15 0x00005589178c016a in mysql_execute_command (thd=thd@entry=0x15102c000d58, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.11_dbg/sql/sql_parse.cc:3949
            #16 0x00005589178c7484 in mysql_parse (thd=thd@entry=0x15102c000d58, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x15104f0fb2c0) at /test/10.11_dbg/sql/sql_parse.cc:8002
            #17 0x00005589178c9618 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x15102c000d58, packet=packet@entry=0x15102c00ae09 "", packet_length=packet_length@entry=58, blocking=blocking@entry=true) at /test/10.11_dbg/sql/sql_class.h:243
            #18 0x00005589178cb471 in do_command (thd=0x15102c000d58, blocking=blocking@entry=true) at /test/10.11_dbg/sql/sql_parse.cc:1407
            #19 0x0000558917a1653a in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55891aaedb98, put_in_cache=put_in_cache@entry=true) at /test/10.11_dbg/sql/sql_connect.cc:1416
            #20 0x0000558917a16799 in handle_one_connection (arg=0x55891aaedb98) at /test/10.11_dbg/sql/sql_connect.cc:1318
            #21 0x000015107f7f6b43 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
            #22 0x000015107f888a00 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
            {noformat}
            The SIGSEGV's in thd_ha_data only shows in 10.3:
            {noformat:title=10.3.38 2743a510a156456fe57429032bf41c0da0f11198 (Optimized)}
            Core was generated by `/test/MD110223-mariadb-10.3.38-linux-x86_64-opt/bin/mysqld --no-defaults --core'.
            Program terminated with signal SIGSEGV, Segmentation fault.
            #0 thd_ha_data (thd=0x14c3ec000c58, hton=0x0)
                at /test/10.3_opt/sql/sql_class.cc:423
            [Current thread is 1 (Thread 0x14c4440cf640 (LWP 2348216))]
            (gdb) bt
            #0 thd_ha_data (thd=0x14c3ec000c58, hton=0x0) at /test/10.3_opt/sql/sql_class.cc:423
            #1 0x00005595be7d166d in thd_get_ha_data (thd=<optimized out>, hton=<optimized out>) at /test/10.3_opt/sql/sql_class.cc:438
            #2 0x000014c4218debb9 in spider_direct_sql_body (initid=0x14c3ec00f9d8, args=0x14c3ec00f998, is_null=<optimized out>, error=0x14c3ec00fa08 "", bg=<optimized out>) at /test/10.3_opt/storage/spider/spd_direct_sql.cc:1604
            #3 0x00005595bea795de in udf_handler::val_int (null_value=<synthetic pointer>, this=<optimized out>) at /test/10.3_opt/sql/sql_udf.h:107
            #4 udf_handler::val_int (null_value=<synthetic pointer>, this=0x14c3ec00f988) at /test/10.3_opt/sql/sql_udf.h:98
            #5 Item_func_udf_int::val_int (this=0x14c3ec00f8c8) at /test/10.3_opt/sql/item_func.cc:3608
            #6 0x00005595be95fb3d in Type_handler::Item_send_longlong (this=<optimized out>, item=0x14c3ec00f8c8, protocol=0x14c3ec0011b0, buf=<optimized out>) at /test/10.3_opt/sql/sql_type.cc:5454
            #7 0x00005595be769fbe in Protocol::send_result_set_row (this=this@entry=0x14c3ec0011b0, row_items=row_items@entry=0x14c3ec0050b8) at /test/10.3_opt/sql/protocol.cc:1000
            #8 0x00005595be7d8da7 in select_send::send_data (this=0x14c3ec00fb90, items=@0x14c3ec0050b8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14c3ec00fa50, last = 0x14c3ec00fa50, elements = 1}, <No data fields>}) at /test/10.3_opt/sql/sql_class.cc:3049
            #9 0x00005595be87cc22 in JOIN::exec_inner (this=this@entry=0x14c3ec00fbb8) at /test/10.3_opt/sql/sql_select.cc:4065
            #10 0x00005595be87d2b6 in JOIN::exec (this=this@entry=0x14c3ec00fbb8) at /test/10.3_opt/sql/sql_select.cc:3984
            #11 0x00005595be87d446 in mysql_select (thd=0x14c3ec000c58, tables=<optimized out>, wild_num=0, fields=<optimized out>, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x14c3ec00fb90, unit=0x14c3ec0047b8, select_lex=0x14c3ec004f78) at /test/10.3_opt/sql/sql_select.cc:4393
            #12 0x00005595be87dd43 in handle_select (thd=thd@entry=0x14c3ec000c58, lex=lex@entry=0x14c3ec0046f8, result=result@entry=0x14c3ec00fb90, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.3_opt/sql/sql_select.cc:372
            #13 0x00005595be811d9d in execute_sqlcom_select (thd=0x14c3ec000c58, all_tables=0x0) at /test/10.3_opt/sql/sql_parse.cc:6340
            #14 0x00005595be81f7cd in mysql_execute_command (thd=<optimized out>) at /test/10.3_opt/sql/sql_parse.cc:3871
            #15 0x00005595be8221a2 in mysql_parse (thd=0x14c3ec000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /test/10.3_opt/sql/sql_parse.cc:7855
            #16 0x00005595be8239e5 in dispatch_command (command=COM_QUERY, thd=0x14c3ec000c58, packet=<optimized out>, packet_length=<optimized out>, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /test/10.3_opt/sql/sql_parse.cc:1941
            #17 0x00005595be825bae in do_command (thd=0x14c3ec000c58) at /test/10.3_opt/sql/sql_parse.cc:1398
            #18 0x00005595be90867e in do_handle_one_connection (connect=<optimized out>) at /test/10.3_opt/sql/sql_connect.cc:1404
            #19 0x00005595be9086fd in handle_one_connection (arg=<optimized out>) at /test/10.3_opt/sql/sql_connect.cc:1309
            #20 0x000014c44813eb43 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
            #21 0x000014c4481d0a00 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
            {noformat}
            {noformat:title=10.3.38 2743a510a156456fe57429032bf41c0da0f11198 (Debug)}
            Core was generated by `/test/MD110223-mariadb-10.3.38-linux-x86_64-dbg/bin/mysqld --no-defaults --core'.
            Program terminated with signal SIGSEGV, Segmentation fault.
            #0 thd_ha_data (thd=0x149fe4000d38, hton=0x0)
                at /test/10.3_dbg/sql/sql_class.cc:423
            [Current thread is 1 (Thread 0x14a0440ea640 (LWP 2348487))]
            (gdb) bt
            #0 thd_ha_data (thd=0x149fe4000d38, hton=0x0) at /test/10.3_dbg/sql/sql_class.cc:423
            #1 0x000055557392a26b in thd_get_ha_data (thd=<optimized out>, hton=<optimized out>) at /test/10.3_dbg/sql/sql_class.cc:438
            #2 0x000014a0219f5a1e in spider_direct_sql_body (initid=0x149fe4010e68, args=0x149fe4010e28, is_null=<optimized out>, error=0x149fe4010e98 "", bg=bg@entry=0 '\000') at /test/10.3_dbg/storage/spider/spd_direct_sql.cc:1604
            #3 0x000014a0219f63ab in spider_direct_sql (initid=<optimized out>, args=<optimized out>, is_null=<optimized out>, error=<optimized out>) at /test/10.3_dbg/storage/spider/spd_udf.cc:29
            #4 0x0000555573c511f7 in udf_handler::val_int (null_value=<synthetic pointer>, this=0x149fe4010e18) at /test/10.3_dbg/sql/sql_udf.h:107
            #5 Item_func_udf_int::val_int (this=0x149fe4010d58) at /test/10.3_dbg/sql/item_func.cc:3608
            #6 0x0000555573af9983 in Type_handler::Item_send_longlong (this=<optimized out>, item=0x149fe4010d58, protocol=0x149fe4001318, buf=<optimized out>) at /test/10.3_dbg/sql/sql_type.cc:5454
            #7 0x0000555573afd62d in Type_handler_longlong::Item_send (this=<optimized out>, item=<optimized out>, protocol=<optimized out>, buf=<optimized out>) at /test/10.3_dbg/sql/sql_type.h:2498
            #8 0x00005555738b7910 in Item::send (this=0x149fe4010d58, protocol=0x149fe4001318, buffer=0x14a0440e73a0) at /test/10.3_dbg/sql/item.h:886
            #9 0x00005555738b55d4 in Protocol::send_result_set_row (this=this@entry=0x149fe4001318, row_items=row_items@entry=0x149fe4005358) at /test/10.3_dbg/sql/protocol.cc:1000
            #10 0x000055557393308a in select_send::send_data (this=0x149fe4011020, items=@0x149fe4005358: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x149fe4010ee0, last = 0x149fe4010ee0, elements = 1}, <No data fields>}) at /test/10.3_dbg/sql/sql_class.cc:3049
            #11 0x00005555739e870c in JOIN::exec_inner (this=this@entry=0x149fe4011048) at /test/10.3_dbg/sql/sql_select.cc:4065
            #12 0x00005555739e9384 in JOIN::exec (this=this@entry=0x149fe4011048) at /test/10.3_dbg/sql/sql_select.cc:3984
            #13 0x00005555739e9576 in mysql_select (thd=thd@entry=0x149fe4000d38, tables=0x0, wild_num=0, fields=@0x149fe4005358: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x149fe4010ee0, last = 0x149fe4010ee0, elements = 1}, <No data fields>}, conds=0x0, og_num=<optimized out>, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x149fe4011020, unit=0x149fe4004a58, select_lex=0x149fe4005218) at /test/10.3_dbg/sql/sql_select.cc:4393
            #14 0x00005555739ea02b in handle_select (thd=thd@entry=0x149fe4000d38, lex=lex@entry=0x149fe4004998, result=result@entry=0x149fe4011020, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.3_dbg/sql/sql_select.cc:372
            #15 0x0000555573973fd7 in execute_sqlcom_select (thd=thd@entry=0x149fe4000d38, all_tables=0x0) at /test/10.3_dbg/sql/sql_parse.cc:6340
            #16 0x000055557397d9a1 in mysql_execute_command (thd=thd@entry=0x149fe4000d38) at /test/10.3_dbg/sql/sql_parse.cc:3871
            #17 0x0000555573986694 in mysql_parse (thd=thd@entry=0x149fe4000d38, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14a0440e9510, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.3_dbg/sql/sql_parse.cc:7855
            #18 0x0000555573988609 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x149fe4000d38, packet=packet@entry=0x149fe4018ae9 "", packet_length=packet_length@entry=58, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.3_dbg/sql/sql_class.h:200
            #19 0x000055557398a5cf in do_command (thd=0x149fe4000d38) at /test/10.3_dbg/sql/sql_parse.cc:1398
            #20 0x0000555573a8e01f in do_handle_one_connection (connect=<optimized out>) at /test/10.3_dbg/sql/sql_connect.cc:1404
            #21 0x0000555573a8e150 in handle_one_connection (arg=<optimized out>) at /test/10.3_dbg/sql/sql_connect.cc:1309
            #22 0x000014a0485a8b43 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
            #23 0x000014a04863aa00 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
            {noformat}

            Bug confirmed present in:
            MariaDB: 10.3.38 (dbg), 10.3.38 (opt), 10.4.29 (dbg), 10.4.29 (opt), 10.5.20 (dbg), 10.5.20 (opt), 10.6.13 (dbg), 10.6.13 (opt), 10.7.8 (dbg), 10.7.8 (opt), 10.8.8 (dbg), 10.8.8 (opt), 10.9.6 (dbg), 10.9.6 (opt), 10.10.4 (dbg), 10.10.4 (opt), 10.11.2 (dbg), 10.11.2 (opt), 11.0.1 (dbg), 11.0.1 (opt)

            Bug (or feature/syntax) confirmed not present in:
            MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.40 (dbg), 5.7.40 (opt), 8.0.31 (dbg), 8.0.31 (opt)

            UniqueID/stacks summary:
            {noformat}
            SIGSEGV|spider_direct_sql_body|spider_direct_sql|udf_handler::val_int|Item_func_udf_int::val_int
            SIGSEGV|spider_direct_sql_body|udf_handler::val_int|udf_handler::val_int|Item_func_udf_int::val_int
            SIGSEGV|thd_ha_data|thd_get_ha_data|spider_direct_sql_body|spider_direct_sql
            SIGSEGV|thd_ha_data|thd_get_ha_data|spider_direct_sql_body|udf_handler::val_int
            {noformat}             		{code:sql}
            CREATE FUNCTION spider_direct_sql RETURNS INT SONAME 'ha_spider.so';
            SELECT spider_direct_sql ('SELECT * FROM s','a','srv "b"');
            {code}

            Leads to:

            {noformat:title=11.0.1 f2dc4d4c10ac36a73b5c1eb765352d3aee808d66 (Debug)}
            Core was generated by `/test/MD180223-mariadb-11.0.1-linux-x86_64-dbg/bin/mariadbd --no-defaults --cor'.
            Program terminated with signal SIGSEGV, Segmentation fault.
            #0 0x000015255cb023be in spider_direct_sql_body (initid=0x152510013a68,
                args=0x152510013a28, is_null=<optimized out>, error=0x152510013a98 "",
                bg=bg@entry=0 '\000')
                at /test/11.0_dbg/storage/spider/spd_direct_sql.cc:1516
            1516 if (!(direct_sql = (SPIDER_DIRECT_SQL *)
            [Current thread is 1 (Thread 0x15255cbdd640 (LWP 2348034))]
            (gdb) bt
            #0 0x000015255cb023be in spider_direct_sql_body (initid=0x152510013a68, args=0x152510013a28, is_null=<optimized out>, error=0x152510013a98 "", bg=bg@entry=0 '\000') at /test/11.0_dbg/storage/spider/spd_direct_sql.cc:1516
            #1 0x000015255cb02dbd in spider_direct_sql (initid=<optimized out>, args=<optimized out>, is_null=<optimized out>, error=<optimized out>) at /test/11.0_dbg/storage/spider/spd_udf.cc:29
            #2 0x000055c3720494d7 in udf_handler::val_int (null_value=<synthetic pointer>, this=0x152510013a18) at /test/11.0_dbg/sql/sql_udf.h:108
            #3 Item_func_udf_int::val_int (this=0x152510013968) at /test/11.0_dbg/sql/item_func.cc:3818
            #4 0x000055c371ef1013 in Type_handler::Item_send_longlong (this=<optimized out>, item=0x152510013968, protocol=0x152510001368, buf=<optimized out>) at /test/11.0_dbg/sql/sql_type.cc:7496
            #5 0x000055c371ef7889 in Type_handler_longlong::Item_send (this=<optimized out>, item=<optimized out>, protocol=<optimized out>, buf=<optimized out>) at /test/11.0_dbg/sql/sql_type.h:5765
            #6 0x000055c371bcf5dc in Item::send (this=0x152510013968, protocol=0x152510001368, buffer=0x15255cbdaff0) at /test/11.0_dbg/sql/item.h:1235
            #7 0x000055c371c050f9 in Protocol::send_result_set_row (this=this@entry=0x152510001368, row_items=row_items@entry=0x1525100134d0) at /test/11.0_dbg/sql/protocol.cc:1332
            #8 0x000055c371c876d1 in select_send::send_data (this=0x152510014460, items=@0x1525100134d0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x152510013ae0, last = 0x152510013ae0, elements = 1}, <No data fields>}) at /test/11.0_dbg/sql/sql_class.cc:3102
            #9 0x000055c371d76d15 in select_result_sink::send_data_with_check (sent=0, u=<optimized out>, items=<optimized out>, this=<optimized out>) at /test/11.0_dbg/sql/sql_class.h:5748
            #10 JOIN::exec_inner (this=this@entry=0x152510014488) at /test/11.0_dbg/sql/sql_select.cc:4754
            #11 0x000055c371d77be0 in JOIN::exec (this=this@entry=0x152510014488) at /test/11.0_dbg/sql/sql_select.cc:4666
            #12 0x000055c371d75b18 in mysql_select (thd=thd@entry=0x152510000d58, tables=0x0, fields=@0x1525100134d0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x152510013ae0, last = 0x152510013ae0, elements = 1}, <No data fields>}, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2164525824, result=0x152510014460, unit=0x152510004fa0, select_lex=0x152510013218) at /test/11.0_dbg/sql/sql_select.cc:5146
            #13 0x000055c371d7628b in handle_select (thd=thd@entry=0x152510000d58, lex=lex@entry=0x152510004ec8, result=result@entry=0x152510014460, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/11.0_dbg/sql/sql_select.cc:608
            #14 0x000055c371cdbe8d in execute_sqlcom_select (thd=thd@entry=0x152510000d58, all_tables=0x0) at /test/11.0_dbg/sql/sql_parse.cc:6267
            #15 0x000055c371ce74af in mysql_execute_command (thd=thd@entry=0x152510000d58, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/11.0_dbg/sql/sql_parse.cc:3949
            #16 0x000055c371cee7cf in mysql_parse (thd=thd@entry=0x152510000d58, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x15255cbdc2c0) at /test/11.0_dbg/sql/sql_parse.cc:8002
            #17 0x000055c371cf0963 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x152510000d58, packet=packet@entry=0x15251000ae19 "", packet_length=packet_length@entry=58, blocking=blocking@entry=true) at /test/11.0_dbg/sql/sql_class.h:242
            #18 0x000055c371cf27bc in do_command (thd=0x152510000d58, blocking=blocking@entry=true) at /test/11.0_dbg/sql/sql_parse.cc:1407
            #19 0x000055c371e436e2 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55c3750d6b98, put_in_cache=put_in_cache@entry=true) at /test/11.0_dbg/sql/sql_connect.cc:1416
            #20 0x000055c371e43941 in handle_one_connection (arg=0x55c3750d6b98) at /test/11.0_dbg/sql/sql_connect.cc:1318
            #21 0x00001525760a3b43 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
            #22 0x0000152576135a00 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
            {noformat}
            {noformat:title=10.11.2 483ddb5684ad7e5b0ffd19d4b0cb81de56d776f8 (Debug)}
            Core was generated by `/test/MD110223-mariadb-10.11.2-linux-x86_64-dbg/bin/mariadbd --no-defaults --co'.
            Program terminated with signal SIGSEGV, Segmentation fault.
            #0 0x000015104f0205f3 in spider_direct_sql_body (initid=0x15102c013a38,
                args=0x15102c0139f8, is_null=<optimized out>, error=0x15102c013a68 "",
                bg=bg@entry=0 '\000')
                at /test/10.11_dbg/storage/spider/spd_direct_sql.cc:1518
            [Current thread is 1 (Thread 0x15104f0fc640 (LWP 2347983))]
            (gdb) bt
            #0 0x000015104f0205f3 in spider_direct_sql_body (initid=0x15102c013a38, args=0x15102c0139f8, is_null=<optimized out>, error=0x15102c013a68 "", bg=bg@entry=0 '\000') at /test/10.11_dbg/storage/spider/spd_direct_sql.cc:1518
            #1 0x000015104f020ff2 in spider_direct_sql (initid=<optimized out>, args=<optimized out>, is_null=<optimized out>, error=<optimized out>) at /test/10.11_dbg/storage/spider/spd_udf.cc:29
            #2 0x0000558917c18b07 in udf_handler::val_int (null_value=<synthetic pointer>, this=0x15102c0139e8) at /test/10.11_dbg/sql/sql_udf.h:108
            #3 Item_func_udf_int::val_int (this=0x15102c013940) at /test/10.11_dbg/sql/item_func.cc:3818
            #4 0x0000558917ac1e3f in Type_handler::Item_send_longlong (this=<optimized out>, item=0x15102c013940, protocol=0x15102c001368, buf=<optimized out>) at /test/10.11_dbg/sql/sql_type.cc:7496
            #5 0x0000558917ac8649 in Type_handler_longlong::Item_send (this=<optimized out>, item=<optimized out>, protocol=<optimized out>, buf=<optimized out>) at /test/10.11_dbg/sql/sql_type.h:5769
            #6 0x00005589177a937c in Item::send (this=0x15102c013940, protocol=0x15102c001368, buffer=0x15104f0f9ff0) at /test/10.11_dbg/sql/item.h:1235
            #7 0x00005589177dd7bb in Protocol::send_result_set_row (this=this@entry=0x15102c001368, row_items=row_items@entry=0x15102c0134c0) at /test/10.11_dbg/sql/protocol.cc:1332
            #8 0x0000558917860685 in select_send::send_data (this=0x15102c014428, items=@0x15102c0134c0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x15102c013ab0, last = 0x15102c013ab0, elements = 1}, <No data fields>}) at /test/10.11_dbg/sql/sql_class.cc:3103
            #9 0x000055891794a92f in select_result_sink::send_data_with_check (sent=0, u=<optimized out>, items=<optimized out>, this=<optimized out>) at /test/10.11_dbg/sql/sql_class.h:5746
            #10 JOIN::exec_inner (this=this@entry=0x15102c014450) at /test/10.11_dbg/sql/sql_select.cc:4699
            #11 0x000055891794b7c8 in JOIN::exec (this=this@entry=0x15102c014450) at /test/10.11_dbg/sql/sql_select.cc:4611
            #12 0x0000558917949731 in mysql_select (thd=thd@entry=0x15102c000d58, tables=0x0, fields=@0x15102c0134c0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x15102c013ab0, last = 0x15102c013ab0, elements = 1}, <No data fields>}, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2164525824, result=0x15102c014428, unit=0x15102c004f98, select_lex=0x15102c013208) at /test/10.11_dbg/sql/sql_select.cc:5091
            #13 0x0000558917949ea4 in handle_select (thd=thd@entry=0x15102c000d58, lex=lex@entry=0x15102c004ec0, result=result@entry=0x15102c014428, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.11_dbg/sql/sql_select.cc:581
            #14 0x00005589178b4b69 in execute_sqlcom_select (thd=thd@entry=0x15102c000d58, all_tables=0x0) at /test/10.11_dbg/sql/sql_parse.cc:6267
            #15 0x00005589178c016a in mysql_execute_command (thd=thd@entry=0x15102c000d58, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.11_dbg/sql/sql_parse.cc:3949
            #16 0x00005589178c7484 in mysql_parse (thd=thd@entry=0x15102c000d58, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x15104f0fb2c0) at /test/10.11_dbg/sql/sql_parse.cc:8002
            #17 0x00005589178c9618 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x15102c000d58, packet=packet@entry=0x15102c00ae09 "", packet_length=packet_length@entry=58, blocking=blocking@entry=true) at /test/10.11_dbg/sql/sql_class.h:243
            #18 0x00005589178cb471 in do_command (thd=0x15102c000d58, blocking=blocking@entry=true) at /test/10.11_dbg/sql/sql_parse.cc:1407
            #19 0x0000558917a1653a in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55891aaedb98, put_in_cache=put_in_cache@entry=true) at /test/10.11_dbg/sql/sql_connect.cc:1416
            #20 0x0000558917a16799 in handle_one_connection (arg=0x55891aaedb98) at /test/10.11_dbg/sql/sql_connect.cc:1318
            #21 0x000015107f7f6b43 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
            #22 0x000015107f888a00 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
            {noformat}
            The SIGSEGV's in thd_ha_data only shows in 10.3:
            {noformat:title=10.3.38 2743a510a156456fe57429032bf41c0da0f11198 (Optimized)}
            Core was generated by `/test/MD110223-mariadb-10.3.38-linux-x86_64-opt/bin/mysqld --no-defaults --core'.
            Program terminated with signal SIGSEGV, Segmentation fault.
            #0 thd_ha_data (thd=0x14c3ec000c58, hton=0x0)
                at /test/10.3_opt/sql/sql_class.cc:423
            [Current thread is 1 (Thread 0x14c4440cf640 (LWP 2348216))]
            (gdb) bt
            #0 thd_ha_data (thd=0x14c3ec000c58, hton=0x0) at /test/10.3_opt/sql/sql_class.cc:423
            #1 0x00005595be7d166d in thd_get_ha_data (thd=<optimized out>, hton=<optimized out>) at /test/10.3_opt/sql/sql_class.cc:438
            #2 0x000014c4218debb9 in spider_direct_sql_body (initid=0x14c3ec00f9d8, args=0x14c3ec00f998, is_null=<optimized out>, error=0x14c3ec00fa08 "", bg=<optimized out>) at /test/10.3_opt/storage/spider/spd_direct_sql.cc:1604
            #3 0x00005595bea795de in udf_handler::val_int (null_value=<synthetic pointer>, this=<optimized out>) at /test/10.3_opt/sql/sql_udf.h:107
            #4 udf_handler::val_int (null_value=<synthetic pointer>, this=0x14c3ec00f988) at /test/10.3_opt/sql/sql_udf.h:98
            #5 Item_func_udf_int::val_int (this=0x14c3ec00f8c8) at /test/10.3_opt/sql/item_func.cc:3608
            #6 0x00005595be95fb3d in Type_handler::Item_send_longlong (this=<optimized out>, item=0x14c3ec00f8c8, protocol=0x14c3ec0011b0, buf=<optimized out>) at /test/10.3_opt/sql/sql_type.cc:5454
            #7 0x00005595be769fbe in Protocol::send_result_set_row (this=this@entry=0x14c3ec0011b0, row_items=row_items@entry=0x14c3ec0050b8) at /test/10.3_opt/sql/protocol.cc:1000
            #8 0x00005595be7d8da7 in select_send::send_data (this=0x14c3ec00fb90, items=@0x14c3ec0050b8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14c3ec00fa50, last = 0x14c3ec00fa50, elements = 1}, <No data fields>}) at /test/10.3_opt/sql/sql_class.cc:3049
            #9 0x00005595be87cc22 in JOIN::exec_inner (this=this@entry=0x14c3ec00fbb8) at /test/10.3_opt/sql/sql_select.cc:4065
            #10 0x00005595be87d2b6 in JOIN::exec (this=this@entry=0x14c3ec00fbb8) at /test/10.3_opt/sql/sql_select.cc:3984
            #11 0x00005595be87d446 in mysql_select (thd=0x14c3ec000c58, tables=<optimized out>, wild_num=0, fields=<optimized out>, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x14c3ec00fb90, unit=0x14c3ec0047b8, select_lex=0x14c3ec004f78) at /test/10.3_opt/sql/sql_select.cc:4393
            #12 0x00005595be87dd43 in handle_select (thd=thd@entry=0x14c3ec000c58, lex=lex@entry=0x14c3ec0046f8, result=result@entry=0x14c3ec00fb90, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.3_opt/sql/sql_select.cc:372
            #13 0x00005595be811d9d in execute_sqlcom_select (thd=0x14c3ec000c58, all_tables=0x0) at /test/10.3_opt/sql/sql_parse.cc:6340
            #14 0x00005595be81f7cd in mysql_execute_command (thd=<optimized out>) at /test/10.3_opt/sql/sql_parse.cc:3871
            #15 0x00005595be8221a2 in mysql_parse (thd=0x14c3ec000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /test/10.3_opt/sql/sql_parse.cc:7855
            #16 0x00005595be8239e5 in dispatch_command (command=COM_QUERY, thd=0x14c3ec000c58, packet=<optimized out>, packet_length=<optimized out>, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /test/10.3_opt/sql/sql_parse.cc:1941
            #17 0x00005595be825bae in do_command (thd=0x14c3ec000c58) at /test/10.3_opt/sql/sql_parse.cc:1398
            #18 0x00005595be90867e in do_handle_one_connection (connect=<optimized out>) at /test/10.3_opt/sql/sql_connect.cc:1404
            #19 0x00005595be9086fd in handle_one_connection (arg=<optimized out>) at /test/10.3_opt/sql/sql_connect.cc:1309
            #20 0x000014c44813eb43 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
            #21 0x000014c4481d0a00 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
            {noformat}
            {noformat:title=10.3.38 2743a510a156456fe57429032bf41c0da0f11198 (Debug)}
            Core was generated by `/test/MD110223-mariadb-10.3.38-linux-x86_64-dbg/bin/mysqld --no-defaults --core'.
            Program terminated with signal SIGSEGV, Segmentation fault.
            #0 thd_ha_data (thd=0x149fe4000d38, hton=0x0)
                at /test/10.3_dbg/sql/sql_class.cc:423
            [Current thread is 1 (Thread 0x14a0440ea640 (LWP 2348487))]
            (gdb) bt
            #0 thd_ha_data (thd=0x149fe4000d38, hton=0x0) at /test/10.3_dbg/sql/sql_class.cc:423
            #1 0x000055557392a26b in thd_get_ha_data (thd=<optimized out>, hton=<optimized out>) at /test/10.3_dbg/sql/sql_class.cc:438
            #2 0x000014a0219f5a1e in spider_direct_sql_body (initid=0x149fe4010e68, args=0x149fe4010e28, is_null=<optimized out>, error=0x149fe4010e98 "", bg=bg@entry=0 '\000') at /test/10.3_dbg/storage/spider/spd_direct_sql.cc:1604
            #3 0x000014a0219f63ab in spider_direct_sql (initid=<optimized out>, args=<optimized out>, is_null=<optimized out>, error=<optimized out>) at /test/10.3_dbg/storage/spider/spd_udf.cc:29
            #4 0x0000555573c511f7 in udf_handler::val_int (null_value=<synthetic pointer>, this=0x149fe4010e18) at /test/10.3_dbg/sql/sql_udf.h:107
            #5 Item_func_udf_int::val_int (this=0x149fe4010d58) at /test/10.3_dbg/sql/item_func.cc:3608
            #6 0x0000555573af9983 in Type_handler::Item_send_longlong (this=<optimized out>, item=0x149fe4010d58, protocol=0x149fe4001318, buf=<optimized out>) at /test/10.3_dbg/sql/sql_type.cc:5454
            #7 0x0000555573afd62d in Type_handler_longlong::Item_send (this=<optimized out>, item=<optimized out>, protocol=<optimized out>, buf=<optimized out>) at /test/10.3_dbg/sql/sql_type.h:2498
            #8 0x00005555738b7910 in Item::send (this=0x149fe4010d58, protocol=0x149fe4001318, buffer=0x14a0440e73a0) at /test/10.3_dbg/sql/item.h:886
            #9 0x00005555738b55d4 in Protocol::send_result_set_row (this=this@entry=0x149fe4001318, row_items=row_items@entry=0x149fe4005358) at /test/10.3_dbg/sql/protocol.cc:1000
            #10 0x000055557393308a in select_send::send_data (this=0x149fe4011020, items=@0x149fe4005358: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x149fe4010ee0, last = 0x149fe4010ee0, elements = 1}, <No data fields>}) at /test/10.3_dbg/sql/sql_class.cc:3049
            #11 0x00005555739e870c in JOIN::exec_inner (this=this@entry=0x149fe4011048) at /test/10.3_dbg/sql/sql_select.cc:4065
            #12 0x00005555739e9384 in JOIN::exec (this=this@entry=0x149fe4011048) at /test/10.3_dbg/sql/sql_select.cc:3984
            #13 0x00005555739e9576 in mysql_select (thd=thd@entry=0x149fe4000d38, tables=0x0, wild_num=0, fields=@0x149fe4005358: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x149fe4010ee0, last = 0x149fe4010ee0, elements = 1}, <No data fields>}, conds=0x0, og_num=<optimized out>, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x149fe4011020, unit=0x149fe4004a58, select_lex=0x149fe4005218) at /test/10.3_dbg/sql/sql_select.cc:4393
            #14 0x00005555739ea02b in handle_select (thd=thd@entry=0x149fe4000d38, lex=lex@entry=0x149fe4004998, result=result@entry=0x149fe4011020, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.3_dbg/sql/sql_select.cc:372
            #15 0x0000555573973fd7 in execute_sqlcom_select (thd=thd@entry=0x149fe4000d38, all_tables=0x0) at /test/10.3_dbg/sql/sql_parse.cc:6340
            #16 0x000055557397d9a1 in mysql_execute_command (thd=thd@entry=0x149fe4000d38) at /test/10.3_dbg/sql/sql_parse.cc:3871
            #17 0x0000555573986694 in mysql_parse (thd=thd@entry=0x149fe4000d38, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14a0440e9510, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.3_dbg/sql/sql_parse.cc:7855
            #18 0x0000555573988609 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x149fe4000d38, packet=packet@entry=0x149fe4018ae9 "", packet_length=packet_length@entry=58, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.3_dbg/sql/sql_class.h:200
            #19 0x000055557398a5cf in do_command (thd=0x149fe4000d38) at /test/10.3_dbg/sql/sql_parse.cc:1398
            #20 0x0000555573a8e01f in do_handle_one_connection (connect=<optimized out>) at /test/10.3_dbg/sql/sql_connect.cc:1404
            #21 0x0000555573a8e150 in handle_one_connection (arg=<optimized out>) at /test/10.3_dbg/sql/sql_connect.cc:1309
            #22 0x000014a0485a8b43 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
            #23 0x000014a04863aa00 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
            {noformat}

            Bug confirmed present in:
            MariaDB: 10.3.38 (dbg), 10.3.38 (opt), 10.4.29 (dbg), 10.4.29 (opt), 10.5.20 (dbg), 10.5.20 (opt), 10.6.13 (dbg), 10.6.13 (opt), 10.7.8 (dbg), 10.7.8 (opt), 10.8.8 (dbg), 10.8.8 (opt), 10.9.6 (dbg), 10.9.6 (opt), 10.10.4 (dbg), 10.10.4 (opt), 10.11.2 (dbg), 10.11.2 (opt), 11.0.1 (dbg), 11.0.1 (opt)

            UniqueID/stacks summary:
            {noformat}
            SIGSEGV|spider_direct_sql_body|spider_direct_sql|udf_handler::val_int|Item_func_udf_int::val_int
            SIGSEGV|spider_direct_sql_body|udf_handler::val_int|udf_handler::val_int|Item_func_udf_int::val_int
            SIGSEGV|thd_ha_data|thd_get_ha_data|spider_direct_sql_body|spider_direct_sql
            SIGSEGV|thd_ha_data|thd_get_ha_data|spider_direct_sql_body|udf_handler::val_int
            {noformat}
            Roel Roel Van de Paar made changes -
            Fix Version/s 11.0 [ 28320 ]
            Fix Version/s 11.1 [ 28549 ]
            Fix Version/s 11.2 [ 28603 ]
            Fix Version/s 11.3 [ 28565 ]
            Affects Version/s 11.1 [ 28549 ]
            Affects Version/s 11.2 [ 28603 ]
            Affects Version/s 11.3 [ 28565 ]
            Affects Version/s 11.4 [ 29301 ]
            Affects Version/s 10.7 [ 24805 ]
            Affects Version/s 10.8 [ 26121 ]
            Affects Version/s 10.9 [ 26905 ]
            Affects Version/s 10.10 [ 27530 ]
            Roel Roel Van de Paar added a comment - - edited

            Additional stacks with:

            INSTALL PLUGIN Spider SONAME 'ha_spider.so';
            		 
            UNINSTALL SONAME IF EXISTS "ha_spider";
            		 
            SELECT spider_direct_sql ('','tmp_a','SRV "s",DATABASE "test"');


            SIGSEGV|my_hash_insert|spider_get_trx|spider_direct_sql_body|udf_handler::val_int
            		 
            SIGSEGV|thd_get_ha_data|spider_direct_sql_body|spider_direct_sql|udf_handler::val_int

            Present in 10.4-11.4 in both opt and dbg builds.

            Roel Roel Van de Paar added a comment - - edited Additional stacks with: INSTALL PLUGIN Spider SONAME 'ha_spider.so' ; UNINSTALL SONAME IF EXISTS "ha_spider" ; SELECT spider_direct_sql ( '' , 'tmp_a' , 'SRV "s",DATABASE "test"' ); SIGSEGV|my_hash_insert|spider_get_trx|spider_direct_sql_body|udf_handler::val_int SIGSEGV|thd_get_ha_data|spider_direct_sql_body|spider_direct_sql|udf_handler::val_int Present in 10.4-11.4 in both opt and dbg builds.
            Roel Roel Van de Paar added a comment - - edited

            Additional stacks with:

            CREATE FUNCTION spider_bg_direct_sql RETURNS INT SONAME 'ha_spider.so';
            		 
            SELECT spider_bg_direct_sql ('SET SESSION AUTO_INCREMENT_OFFSET=3','','SRV "s"');


            SIGSEGV|spider_direct_sql_init_body|spider_bg_direct_sql_init|udf_handler::fix_fields|Item_udf_func::fix_fields
            		 
            SIGSEGV|spider_direct_sql_init_body|udf_handler::fix_fields|udf_handler::fix_fields|Item_udf_func::fix_fields

            Roel Roel Van de Paar added a comment - - edited Additional stacks with: CREATE FUNCTION spider_bg_direct_sql RETURNS INT SONAME 'ha_spider.so' ; SELECT spider_bg_direct_sql ( 'SET SESSION AUTO_INCREMENT_OFFSET=3' , '' , 'SRV "s"' ); SIGSEGV|spider_direct_sql_init_body|spider_bg_direct_sql_init|udf_handler::fix_fields|Item_udf_func::fix_fields SIGSEGV|spider_direct_sql_init_body|udf_handler::fix_fields|udf_handler::fix_fields|Item_udf_func::fix_fields
            Roel Roel Van de Paar made changes -
            Labels affects-tests
            Roel Roel Van de Paar added a comment -

            Additional stacks with:

            INSTALL PLUGIN Spider SONAME 'ha_spider.so';
            		 
            UNINSTALL SONAME IF EXISTS 'ha_spider';
            		 
            SELECT spider_copy_tables ('a','','');


            SIGSEGV|thd_get_ha_data|spider_copy_tables_body|spider_copy_tables|udf_handler::val_int
            		 
            SIGSEGV|my_hash_insert|spider_get_trx|spider_copy_tables_body|udf_handler::val_int

            Roel Roel Van de Paar added a comment - Additional stacks with: INSTALL PLUGIN Spider SONAME 'ha_spider.so' ; UNINSTALL SONAME IF EXISTS 'ha_spider' ; SELECT spider_copy_tables ( 'a' , '' , '' ); SIGSEGV|thd_get_ha_data|spider_copy_tables_body|spider_copy_tables|udf_handler::val_int SIGSEGV|my_hash_insert|spider_get_trx|spider_copy_tables_body|udf_handler::val_int
            Roel Roel Van de Paar added a comment -

            Additional stacks with:

            INSTALL PLUGIN Spider SONAME 'ha_spider.so';
            		 
            UNINSTALL SONAME IF EXISTS "ha_spider";
            		 
            SELECT spider_bg_direct_sql ('SET SESSION _offset=3','','SRV "s"');


            SIGSEGV|thd_get_ha_data|spider_direct_sql_init_body|spider_bg_direct_sql_init|udf_handler::fix_fields
            		 
            SIGSEGV|my_hash_insert|spider_get_trx|spider_direct_sql_body|udf_handler::add

            Roel Roel Van de Paar added a comment - Additional stacks with: INSTALL PLUGIN Spider SONAME 'ha_spider.so' ; UNINSTALL SONAME IF EXISTS "ha_spider" ; SELECT spider_bg_direct_sql ( 'SET SESSION _offset=3' , '' , 'SRV "s"' ); SIGSEGV|thd_get_ha_data|spider_direct_sql_init_body|spider_bg_direct_sql_init|udf_handler::fix_fields SIGSEGV|my_hash_insert|spider_get_trx|spider_direct_sql_body|udf_handler::add
            Roel Roel Van de Paar added a comment -

            Additional optimized build only stack with:

            INSTALL SONAME 'ha_spider';
            		 
            UNINSTALL SONAME IF EXISTS "ha_spider";
            		 
            CREATE TABLE t (a INT DEFAULT 1,b CHAR DEFAULT'',c DATE DEFAULT'') DEFAULT CHARSET=utf8;
            		 
            SELECT spider_direct_sql ('SET SESSION _increment=4','','SRV "s"');


            SIGSEGV|thd_get_ha_data|spider_direct_sql_body|udf_handler::val_int|udf_handler::val_int

            Debug crashes with previously seen 

            SIGSEGV|thd_get_ha_data|spider_direct_sql_body|spider_direct_sql|udf_handler::val_int

            Roel Roel Van de Paar added a comment - Additional optimized build only stack with: INSTALL SONAME 'ha_spider' ; UNINSTALL SONAME IF EXISTS "ha_spider" ; CREATE TABLE t (a INT DEFAULT 1,b CHAR DEFAULT '' ,c DATE DEFAULT '' ) DEFAULT CHARSET=utf8; SELECT spider_direct_sql ( 'SET SESSION _increment=4' , '' , 'SRV "s"' ); SIGSEGV|thd_get_ha_data|spider_direct_sql_body|udf_handler::val_int|udf_handler::val_int Debug crashes with previously seen SIGSEGV|thd_get_ha_data|spider_direct_sql_body|spider_direct_sql|udf_handler::val_int
            Roel Roel Van de Paar added a comment - - edited

            I saw a single occurrence of 

            Backtrace stopped: Cannot access memory at address

            In a SIGSEGV stack starting with the (previously seen) first frame my_hash_insert:

            11.4.0 f93c20081a8a505ac502850ec02630f95673dfba (Optimized)

            		 
            Core was generated by `/test/MDEV-28861_MD301223-mariadb-11.4.0-linux-x86_64-opt/bin/mariadbd --no-def'.
            		 
            Program terminated with signal SIGSEGV, Segmentation fault.
            		 
            #0  my_hash_insert (info=0x150b481716c0, 
                record=<error reading variable: Cannot access memory at address 0x150b481bdde0>) at /test/bb-11.4-mdev-28861_opt/mysys/hash.c:521
            		 
            521	    empty[0]= pos[0];
            		 
            [Current thread is 1 (LWP 1007995)]
            		 
            (gdb) bt
            		 
            #0  my_hash_insert (info=0x150b481716c0, record=<error reading variable: Cannot access memory at address 0x150b481bdde0>) at /test/bb-11.4-mdev-28861_opt/mysys/hash.c:521
            		 
            Backtrace stopped: Cannot access memory at address 0x150b481bde58

            So it is possible there is memory corruption and/or stack smashing.

            Roel Roel Van de Paar added a comment - - edited I saw a single occurrence of Backtrace stopped: Cannot access memory at address In a SIGSEGV stack starting with the (previously seen) first frame my_hash_insert : 11.4.0 f93c20081a8a505ac502850ec02630f95673dfba (Optimized) Core was generated by `/test/MDEV-28861_MD301223-mariadb-11.4.0-linux-x86_64-opt/bin/mariadbd --no-def'. Program terminated with signal SIGSEGV, Segmentation fault. #0 my_hash_insert (info=0x150b481716c0, record=<error reading variable: Cannot access memory at address 0x150b481bdde0>) at /test/bb-11.4-mdev-28861_opt/mysys/hash.c:521 521 empty[0]= pos[0]; [Current thread is 1 (LWP 1007995)] (gdb) bt #0 my_hash_insert (info=0x150b481716c0, record=<error reading variable: Cannot access memory at address 0x150b481bdde0>) at /test/bb-11.4-mdev-28861_opt/mysys/hash.c:521 Backtrace stopped: Cannot access memory at address 0x150b481bde58 So it is possible there is memory corruption and/or stack smashing.
            Roel Roel Van de Paar added a comment - 

            INSTALL PLUGIN Spider SONAME 'ha_spider.so';
            		 
            UNINSTALL SONAME IF EXISTS "ha_spider";
            		 
            CREATE TABLE t (a INT DEFAULT 1,b CHAR DEFAULT'',c DATE DEFAULT'') DEFAULT CHARSET=utf8;
            		 
            SELECT spider_bg_direct_sql ('SET SESSION _offset=1','','SRV "s"');

            11.4.0 9bd95e914f3f12d0d9d93e7a1f2c49e6e8841f17 (Optimized)

            		 
            SIGSEGV|thd_get_ha_data|spider_direct_sql_init_body|udf_handler::fix_fields|udf_handler::fix_fields

            Roel Roel Van de Paar added a comment - INSTALL PLUGIN Spider SONAME 'ha_spider.so' ; UNINSTALL SONAME IF EXISTS "ha_spider" ; CREATE TABLE t (a INT DEFAULT 1,b CHAR DEFAULT '' ,c DATE DEFAULT '' ) DEFAULT CHARSET=utf8; SELECT spider_bg_direct_sql ( 'SET SESSION _offset=1' , '' , 'SRV "s"' ); 11.4.0 9bd95e914f3f12d0d9d93e7a1f2c49e6e8841f17 (Optimized) SIGSEGV|thd_get_ha_data|spider_direct_sql_init_body|udf_handler::fix_fields|udf_handler::fix_fields
            ycp Yuchen Pei made changes -
            Summary SIGSEGV in spider_direct_sql_body and in thd_ha_data SIGSEGV in spider_direct_sql_body and in thd_get_ha_data
            ycp Yuchen Pei added a comment - - edited

            In 10.4 ca276a0f3fcb45ff0abc011e334c700e0c5d4315 the problem is that
            spider_hton_ptr is NULL but accessed in spider_current_trx:

            #define spider_current_trx \
            		 
              (current_thd && spider_hton_ptr->slot != HA_SLOT_UNDEF ? ((SPIDER_TRX *) thd_get_ha_data(current_thd, spider_hton_ptr)) : NULL)

            A simple fix would be just return failure when calling any spider udf
            without spider installed (spider_hton_ptr == 0).

            Here's a demo patch

            upstream/bb-10.4-mdev-30727-demo 10.4 3b1fbf9808c7c1a026ac67c0a093e0684a77b7f7
            		 
            MDEV-30727 [demo] Check spider_hton_ptr in spider udf
            		 
             
            		 
            This will output NULL in the test case. It may be better to simply not
            		 
            allow CREATE FUNCTION ... SONAME 'ha_spider'; without installing
            		 
            spider first, depending on the convention and expectations.

            ycp Yuchen Pei added a comment - - edited In 10.4 ca276a0f3fcb45ff0abc011e334c700e0c5d4315 the problem is that spider_hton_ptr is NULL but accessed in spider_current_trx : #define spider_current_trx \ (current_thd && spider_hton_ptr->slot != HA_SLOT_UNDEF ? ((SPIDER_TRX *) thd_get_ha_data(current_thd, spider_hton_ptr)) : NULL) A simple fix would be just return failure when calling any spider udf without spider installed ( spider_hton_ptr == 0 ). Here's a demo patch upstream/bb-10.4-mdev-30727-demo 10.4 3b1fbf9808c7c1a026ac67c0a093e0684a77b7f7 MDEV-30727 [demo] Check spider_hton_ptr in spider udf   This will output NULL in the test case. It may be better to simply not allow CREATE FUNCTION ... SONAME 'ha_spider'; without installing spider first, depending on the convention and expectations.
            ycp Yuchen Pei added a comment -

            After discussions with holyfoot, we agreed we could follow the idea in the demo patch above (because the user could execute an INSTALL SONAME after the CREATE FUNCTION in which case the function still functions afterwards), but it may be good to output an error. So I updated the patch with an error, but somehow it segfaults at the call to my_error():

            a2bc999190e bb-10.4-mdev-30727-demo MDEV-30727 [demo] Check spider_hton_ptr in spider udf

            ycp Yuchen Pei added a comment - After discussions with holyfoot , we agreed we could follow the idea in the demo patch above (because the user could execute an INSTALL SONAME after the CREATE FUNCTION in which case the function still functions afterwards), but it may be good to output an error. So I updated the patch with an error, but somehow it segfaults at the call to my_error(): a2bc999190e bb-10.4-mdev-30727-demo MDEV-30727 [demo] Check spider_hton_ptr in spider udf
            Roel Roel Van de Paar made changes -
            Roel Roel Van de Paar made changes -
            Roel Roel Van de Paar made changes -
            Labels affects-tests affects-tests stack-smashing
            Roel Roel Van de Paar added a comment - - edited

            Confirmed stack smashing:

            11.4.0 f93c20081a8a505ac502850ec02630f95673dfba (Optimized)

            		 
            Core was generated by `/test/MDEV-28861_MD301223-mariadb-11.4.0-linux-x86_64-opt/bin/mariadbd --no-def'.
            		 
            Program terminated with signal SIGSEGV, Segmentation fault.
            		 
            #0  0x0000559bd76ed87b in thd_get_ha_data (thd=0x14f550000c68, 
                hton=0x14f54c0317a8) at /test/bb-11.4-mdev-28861_opt/sql/sql_class.cc:455
            		 
            [Current thread is 1 (LWP 2958119)]
            		 
            (gdb) bt
            		 
            #0  0x0000559bd76ed87b in thd_get_ha_data (thd=0x14f550000c68, hton=0x14f54c0317a8) at /test/bb-11.4-mdev-28861_opt/sql/sql_class.cc:455
            		 
            #1  0x000014f5800a7510 in ?? ()
            		 
            #2  0x0000000000000010 in ?? ()
            		 
            #3  0x0000000000000010 in ?? ()
            		 
            #4  0x000014f5500115f8 in ?? ()
            		 
            #5  0x000014f550011550 in ?? ()
            		 
            #6  0x000014f550011440 in ?? ()
            		 
            #7  0x0000000000000010 in ?? ()
            		 
            #8  0x0000000000000000 in ?? ()

            And in an another occurrence (note end of stack)

            11.4.0 f93c20081a8a505ac502850ec02630f95673dfba (Optimized)

            		 
            (gdb) bt
            		 
            #0  0x000055f65f31487b in thd_get_ha_data (thd=0x1535f0000c68, hton=0x1535fc0317a8) at /test/bb-11.4-mdev-28861_opt/sql/sql_class.cc:455
            		 
            #1  0x000015362c10334d in spider_get_trx (thd=thd@entry=0x1535f0000c68, regist_allocated_thds=regist_allocated_thds@entry=true, error_num=error_num@entry=0x1536380ef648) at /test/bb-11.4-mdev-28861_opt/storage/spider/spd_trx.cc:1141
            		 
            #2  0x000015362c148644 in spider_copy_tables_body (initid=<optimized out>, args=0x1535f00113b8, is_null=<optimized out>, error=0x1535f0011428 "") at /test/bb-11.4-mdev-28861_opt/storage/spider/spd_copy_tables.cc:779
            		 
            #3  0x000055f65f67292e in udf_handler::val_int (null_value=<synthetic pointer>, this=<optimized out>) at /test/bb-11.4-mdev-28861_opt/sql/sql_udf.h:108
            		 
            #4  udf_handler::val_int (null_value=<synthetic pointer>, this=0x1535f00113a8) at /test/bb-11.4-mdev-28861_opt/sql/sql_udf.h:99
            		 
            #5  Item_func_udf_int::val_int (this=0x1535f00112f8) at /test/bb-11.4-mdev-28861_opt/sql/item_func.cc:3783
            		 
            #6  0x000055f65f54c2dd in Type_handler::Item_send_longlong (this=<optimized out>, item=0x1535f00112f8, protocol=0x1535f00011f0, buf=<optimized out>) at /test/bb-11.4-mdev-28861_opt/sql/sql_type.cc:7487
            		 
            #7  0x000055f65f2a1b7a in Protocol::send_result_set_row (this=this@entry=0x1535f00011f0, row_items=row_items@entry=0x1535f0010ea0) at /test/bb-11.4-mdev-28861_opt/sql/protocol.cc:1334
            		 
            #8  0x000055f65f312cf7 in select_send::send_data (this=0x1535f0011dc8, items=@0x1535f0010ea0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x1535f0011470, last = 0x1535f0011470, elements = 1}, <No data fields>}) at /test/bb-11.4-mdev-28861_opt/sql/sql_class.cc:3127
            		 
            #9  0x000055f65f3f66b0 in select_result_sink::send_data_with_check (u=<optimized out>, sent=0, items=<optimized out>, this=<optimized out>) at /test/bb-11.4-mdev-28861_opt/sql/sql_class.h:5945
            		 
            #10 select_result_sink::send_data_with_check (sent=0, u=<optimized out>, items=<optimized out>, this=<optimized out>) at /test/bb-11.4-mdev-28861_opt/sql/sql_class.h:5935
            		 
            #11 JOIN::exec_inner (this=0x1535f0011df0) at /test/bb-11.4-mdev-28861_opt/sql/sql_select.cc:4814
            		 
            #12 0x000055f65f3f6e5e in JOIN::exec (this=this@entry=0x1535f0011df0) at /test/bb-11.4-mdev-28861_opt/sql/sql_select.cc:4726
            		 
            #13 0x000055f65f3f4ddc in mysql_select (thd=0x1535f0000c68, tables=0x0, fields=<optimized out>, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x1535f0011dc8, unit=0x1535f0004f20, select_lex=0x1535f0010be8) at /test/bb-11.4-mdev-28861_opt/sql/sql_select.cc:5249
            		 
            #14 0x000055f65f3f55d4 in handle_select (thd=thd@entry=0x1535f0000c68, lex=lex@entry=0x1535f0004e40, result=result@entry=0x1535f0011dc8, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/bb-11.4-mdev-28861_opt/sql/sql_select.cc:628
            		 
            #15 0x000055f65f369d75 in execute_sqlcom_select (thd=0x1535f0000c68, all_tables=0x0) at /test/bb-11.4-mdev-28861_opt/sql/sql_parse.cc:6029
            		 
            #16 0x000055f65f378f12 in mysql_execute_command (thd=0x1535f0000c68, is_called_from_prepared_stmt=<optimized out>) at /test/bb-11.4-mdev-28861_opt/sql/sql_parse.cc:3924
            		 
            #17 0x000055f65f37a2e6 in mysql_parse (thd=0x1535f0000c68, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/bb-11.4-mdev-28861_opt/sql/sql_parse.cc:7748
            		 
            #18 0x000055f65f37ca8d in dispatch_command (command=COM_QUERY, thd=0x1535f0000c68, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/bb-11.4-mdev-28861_opt/sql/sql_parse.cc:1992
            		 
            #19 0x000055f65f37e840 in do_command (thd=0x1535f0000c68, blocking=blocking@entry=true) at /test/bb-11.4-mdev-28861_opt/sql/sql_parse.cc:1406
            		 
            #20 0x000055f65f4a898f in do_handle_one_connection (connect=<optimized out>, put_in_cache=true) at /test/bb-11.4-mdev-28861_opt/sql/sql_connect.cc:1418
            		 
            #21 0x000055f65f4a8cdd in handle_one_connection (arg=arg@entry=0x55f662612048) at /test/bb-11.4-mdev-28861_opt/sql/sql_connect.cc:1320
            		 
            #22 0x000055f65f852471 in pfs_spawn_thread (arg=0x55f6625cb408) at /test/bb-11.4-mdev-28861_opt/storage/perfschema/pfs.cc:2201
            		 
            #23 0x0000153642094ac3 in allocate_stack (stacksize=<synthetic pointer>, stack=<synthetic pointer>, pdp=<synthetic pointer>, attr=0xb) at ./nptl/allocatestack.c:490
            		 
            #24 __pthread_create_2_1 (newthread=0xb, attr=0x1536380f2640, start_routine=0x7fffe9708250, arg=0x4aa9bb0a052db5a0) at ./nptl/pthread_create.c:647
            		 
            #25 0x0000000000000000 in ?? ()

            The latter is also another stack variation:

            SIGSEGV|thd_get_ha_data|spider_get_trx|spider_copy_tables_body|udf_handler::val_int

            Roel Roel Van de Paar added a comment - - edited Confirmed stack smashing: 11.4.0 f93c20081a8a505ac502850ec02630f95673dfba (Optimized) Core was generated by `/test/MDEV-28861_MD301223-mariadb-11.4.0-linux-x86_64-opt/bin/mariadbd --no-def'. Program terminated with signal SIGSEGV, Segmentation fault. #0 0x0000559bd76ed87b in thd_get_ha_data (thd=0x14f550000c68, hton=0x14f54c0317a8) at /test/bb-11.4-mdev-28861_opt/sql/sql_class.cc:455 [Current thread is 1 (LWP 2958119)] (gdb) bt #0 0x0000559bd76ed87b in thd_get_ha_data (thd=0x14f550000c68, hton=0x14f54c0317a8) at /test/bb-11.4-mdev-28861_opt/sql/sql_class.cc:455 #1 0x000014f5800a7510 in ?? () #2 0x0000000000000010 in ?? () #3 0x0000000000000010 in ?? () #4 0x000014f5500115f8 in ?? () #5 0x000014f550011550 in ?? () #6 0x000014f550011440 in ?? () #7 0x0000000000000010 in ?? () #8 0x0000000000000000 in ?? () And in an another occurrence (note end of stack) 11.4.0 f93c20081a8a505ac502850ec02630f95673dfba (Optimized) (gdb) bt #0 0x000055f65f31487b in thd_get_ha_data (thd=0x1535f0000c68, hton=0x1535fc0317a8) at /test/bb-11.4-mdev-28861_opt/sql/sql_class.cc:455 #1 0x000015362c10334d in spider_get_trx (thd=thd@entry=0x1535f0000c68, regist_allocated_thds=regist_allocated_thds@entry=true, error_num=error_num@entry=0x1536380ef648) at /test/bb-11.4-mdev-28861_opt/storage/spider/spd_trx.cc:1141 #2 0x000015362c148644 in spider_copy_tables_body (initid=<optimized out>, args=0x1535f00113b8, is_null=<optimized out>, error=0x1535f0011428 "") at /test/bb-11.4-mdev-28861_opt/storage/spider/spd_copy_tables.cc:779 #3 0x000055f65f67292e in udf_handler::val_int (null_value=<synthetic pointer>, this=<optimized out>) at /test/bb-11.4-mdev-28861_opt/sql/sql_udf.h:108 #4 udf_handler::val_int (null_value=<synthetic pointer>, this=0x1535f00113a8) at /test/bb-11.4-mdev-28861_opt/sql/sql_udf.h:99 #5 Item_func_udf_int::val_int (this=0x1535f00112f8) at /test/bb-11.4-mdev-28861_opt/sql/item_func.cc:3783 #6 0x000055f65f54c2dd in Type_handler::Item_send_longlong (this=<optimized out>, item=0x1535f00112f8, protocol=0x1535f00011f0, buf=<optimized out>) at /test/bb-11.4-mdev-28861_opt/sql/sql_type.cc:7487 #7 0x000055f65f2a1b7a in Protocol::send_result_set_row (this=this@entry=0x1535f00011f0, row_items=row_items@entry=0x1535f0010ea0) at /test/bb-11.4-mdev-28861_opt/sql/protocol.cc:1334 #8 0x000055f65f312cf7 in select_send::send_data (this=0x1535f0011dc8, items=@0x1535f0010ea0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x1535f0011470, last = 0x1535f0011470, elements = 1}, <No data fields>}) at /test/bb-11.4-mdev-28861_opt/sql/sql_class.cc:3127 #9 0x000055f65f3f66b0 in select_result_sink::send_data_with_check (u=<optimized out>, sent=0, items=<optimized out>, this=<optimized out>) at /test/bb-11.4-mdev-28861_opt/sql/sql_class.h:5945 #10 select_result_sink::send_data_with_check (sent=0, u=<optimized out>, items=<optimized out>, this=<optimized out>) at /test/bb-11.4-mdev-28861_opt/sql/sql_class.h:5935 #11 JOIN::exec_inner (this=0x1535f0011df0) at /test/bb-11.4-mdev-28861_opt/sql/sql_select.cc:4814 #12 0x000055f65f3f6e5e in JOIN::exec (this=this@entry=0x1535f0011df0) at /test/bb-11.4-mdev-28861_opt/sql/sql_select.cc:4726 #13 0x000055f65f3f4ddc in mysql_select (thd=0x1535f0000c68, tables=0x0, fields=<optimized out>, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x1535f0011dc8, unit=0x1535f0004f20, select_lex=0x1535f0010be8) at /test/bb-11.4-mdev-28861_opt/sql/sql_select.cc:5249 #14 0x000055f65f3f55d4 in handle_select (thd=thd@entry=0x1535f0000c68, lex=lex@entry=0x1535f0004e40, result=result@entry=0x1535f0011dc8, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/bb-11.4-mdev-28861_opt/sql/sql_select.cc:628 #15 0x000055f65f369d75 in execute_sqlcom_select (thd=0x1535f0000c68, all_tables=0x0) at /test/bb-11.4-mdev-28861_opt/sql/sql_parse.cc:6029 #16 0x000055f65f378f12 in mysql_execute_command (thd=0x1535f0000c68, is_called_from_prepared_stmt=<optimized out>) at /test/bb-11.4-mdev-28861_opt/sql/sql_parse.cc:3924 #17 0x000055f65f37a2e6 in mysql_parse (thd=0x1535f0000c68, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/bb-11.4-mdev-28861_opt/sql/sql_parse.cc:7748 #18 0x000055f65f37ca8d in dispatch_command (command=COM_QUERY, thd=0x1535f0000c68, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/bb-11.4-mdev-28861_opt/sql/sql_parse.cc:1992 #19 0x000055f65f37e840 in do_command (thd=0x1535f0000c68, blocking=blocking@entry=true) at /test/bb-11.4-mdev-28861_opt/sql/sql_parse.cc:1406 #20 0x000055f65f4a898f in do_handle_one_connection (connect=<optimized out>, put_in_cache=true) at /test/bb-11.4-mdev-28861_opt/sql/sql_connect.cc:1418 #21 0x000055f65f4a8cdd in handle_one_connection (arg=arg@entry=0x55f662612048) at /test/bb-11.4-mdev-28861_opt/sql/sql_connect.cc:1320 #22 0x000055f65f852471 in pfs_spawn_thread (arg=0x55f6625cb408) at /test/bb-11.4-mdev-28861_opt/storage/perfschema/pfs.cc:2201 #23 0x0000153642094ac3 in allocate_stack (stacksize=<synthetic pointer>, stack=<synthetic pointer>, pdp=<synthetic pointer>, attr=0xb) at ./nptl/allocatestack.c:490 #24 __pthread_create_2_1 (newthread=0xb, attr=0x1536380f2640, start_routine=0x7fffe9708250, arg=0x4aa9bb0a052db5a0) at ./nptl/pthread_create.c:647 #25 0x0000000000000000 in ?? () The latter is also another stack variation: SIGSEGV|thd_get_ha_data|spider_get_trx|spider_copy_tables_body|udf_handler::val_int
            Roel Roel Van de Paar made changes -
            Priority Major [ 3 ] Critical [ 2 ]
            Roel Roel Van de Paar made changes -
            Status Open [ 1 ] Confirmed [ 10101 ]
            Roel Roel Van de Paar added a comment -

            Another variation seen

            SIGSEGV|thd_get_ha_data|spider_get_trx|spider_direct_sql_body|spider_direct_sql

            Roel Roel Van de Paar added a comment - Another variation seen SIGSEGV|thd_get_ha_data|spider_get_trx|spider_direct_sql_body|spider_direct_sql
            Roel Roel Van de Paar made changes -
            Component/s Locking [ 10900 ]
            Roel Roel Van de Paar made changes -
            Labels affects-tests stack-smashing affects-tests locking stack-smashing
            Roel Roel Van de Paar added a comment - - edited 

            CREATE TABLE t (a INT) ENGINE=InnoDB;
            		 
            INSTALL SONAME 'ha_spider';
            		 
            UNINSTALL SONAME 'ha_spider';
            		 
            SELECT * FROM t GROUP BY a;
            		 
            SELECT spider_copy_tables ('foota_l','','');

            Leads to:

            11.4.0 9b1ea6904965dd345478dedd80e181ad54c767da (Debug)

            		 
            SIGABRT|safe_mutex_lock|inline_mysql_mutex_lock|spider_alloc_mem_calc|spider_bulk_alloc_mem

            When removing only GROUP BY it leads to a stack seen earlier in this issue:

            SIGSEGV|thd_get_ha_data|spider_copy_tables_body|spider_copy_tables|udf_handler::val_int

            Full stack for the safe_mutex_lock issue:

            11.4.0 9b1ea6904965dd345478dedd80e181ad54c767da (Debug)

            		 
            Core was generated by `/test/MD060224-mariadb-11.4.0-linux-x86_64-dbg/bin/mariadbd --no-defaults --max'.
            		 
            Program terminated with signal SIGABRT, Aborted.
            		 
            #0  __pthread_kill_implementation (no_tid=0, signo=6, threadid=22886339290688)
            		 
                at ./nptl/pthread_kill.c:44
            		 
            [Current thread is 1 (LWP 2706942)]
            		 
            (gdb) bt
            		 
            #0  __pthread_kill_implementation (no_tid=0, signo=6, threadid=22886339290688) at ./nptl/pthread_kill.c:44
            		 
            #1  __pthread_kill_internal (signo=6, threadid=22886339290688) at ./nptl/pthread_kill.c:78
            		 
            #2  __GI___pthread_kill (threadid=22886339290688, signo=signo@entry=6) at ./nptl/pthread_kill.c:89
            		 
            #3  0x000014d0ba042476 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
            		 
            #4  0x000014d0ba0287f3 in __GI_abort () at ./stdlib/abort.c:79
            		 
            #5  0x000055ccbd45b33c in safe_mutex_lock (mp=<optimized out>, my_flags=0, file=0x14d0a41857c0 "/test/11.4_dbg/storage/spider/spd_malloc.cc", line=153) at /test/11.4_dbg/mysys/thr_mutex.c:245
            		 
            #6  0x000014d0a41293b2 in inline_mysql_mutex_lock (src_line=153, src_file=0x14d0a41857c0 "/test/11.4_dbg/storage/spider/spd_malloc.cc", that=0x14d0a41af300 <spider_mem_calc_mutex>) at /test/11.4_dbg/include/mysql/psi/mysql_thread.h:750
            		 
            #7  spider_alloc_mem_calc (trx=trx@entry=0x0, id=id@entry=1, func_name=func_name@entry=0x14d0a417d4a9 "<unknown>", file_name=file_name@entry=0x14d0a41854c0 "/test/11.4_dbg/storage/spider/spd_copy_tables.cc", line_no=line_no@entry=772, size=size@entry=1984) at /test/11.4_dbg/storage/spider/spd_malloc.cc:153
            		 
            #8  0x000014d0a4129748 in spider_bulk_alloc_mem (trx=0x0, id=id@entry=1, func_name=func_name@entry=0x14d0a417d4a9 "<unknown>", file_name=file_name@entry=0x14d0a41854c0 "/test/11.4_dbg/storage/spider/spd_copy_tables.cc", line_no=line_no@entry=772, my_flags=my_flags@entry=48) at /test/11.4_dbg/storage/spider/spd_malloc.cc:234
            		 
            #9  0x000014d0a4126d0e in spider_copy_tables_body (initid=<optimized out>, args=0x14d070019658, is_null=<optimized out>, error=0x14d0700196c8 "") at /test/11.4_dbg/storage/spider/spd_copy_tables.cc:771
            		 
            #10 0x000014d0a41207b4 in spider_copy_tables (initid=<optimized out>, args=<optimized out>, is_null=<optimized out>, error=<optimized out>) at /test/11.4_dbg/storage/spider/spd_udf.cc:137
            		 
            #11 0x000055ccbcdb564d in udf_handler::val_int (null_value=<synthetic pointer>, this=0x14d070019648) at /test/11.4_dbg/sql/sql_udf.h:108
            		 
            #12 Item_func_udf_int::val_int (this=0x14d070019598) at /test/11.4_dbg/sql/item_func.cc:3801
            		 
            #13 0x000055ccbcc55dc9 in Type_handler::Item_send_longlong (this=<optimized out>, item=0x14d070019598, protocol=0x14d070001370, buf=<optimized out>) at /test/11.4_dbg/sql/sql_type.cc:7510
            		 
            #14 0x000055ccbcc5c8af in Type_handler_longlong::Item_send (this=<optimized out>, item=<optimized out>, protocol=<optimized out>, buf=<optimized out>) at /test/11.4_dbg/sql/sql_type.h:5803
            		 
            #15 0x000055ccbc8f3036 in Item::send (this=0x14d070019598, protocol=0x14d070001370, buffer=0x14d0a41f7d70) at /test/11.4_dbg/sql/item.h:1241
            		 
            #16 0x000055ccbc92a82d in Protocol::send_result_set_row (this=this@entry=0x14d070001370, row_items=row_items@entry=0x14d070019160) at /test/11.4_dbg/sql/protocol.cc:1333
            		 
            #17 0x000055ccbc9a0f57 in select_send::send_data (this=0x14d07001a068, items=@0x14d070019160: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14d070019710, last = 0x14d070019710, elements = 1}, <No data fields>}) at /test/11.4_dbg/sql/sql_class.cc:3136
            		 
            #18 0x000055ccbcaa8418 in select_result_sink::send_data_with_check (sent=0, u=<optimized out>, items=<optimized out>, this=<optimized out>) at /test/11.4_dbg/sql/sql_class.h:5978
            		 
            #19 JOIN::exec_inner (this=this@entry=0x14d07001a090) at /test/11.4_dbg/sql/sql_select.cc:4862
            		 
            #20 0x000055ccbcaa926e in JOIN::exec (this=this@entry=0x14d07001a090) at /test/11.4_dbg/sql/sql_select.cc:4774
            		 
            #21 0x000055ccbcaa7079 in mysql_select (thd=thd@entry=0x14d070000d58, tables=0x0, fields=@0x14d070019160: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14d070019710, last = 0x14d070019710, elements = 1}, <No data fields>}, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2164525824, result=0x14d07001a068, unit=0x14d0700051d8, select_lex=0x14d070018ea8) at /test/11.4_dbg/sql/sql_select.cc:5304
            		 
            #22 0x000055ccbcaa78a2 in handle_select (thd=thd@entry=0x14d070000d58, lex=lex@entry=0x14d0700050f8, result=result@entry=0x14d07001a068, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/11.4_dbg/sql/sql_select.cc:630
            		 
            #23 0x000055ccbca067ee in execute_sqlcom_select (thd=thd@entry=0x14d070000d58, all_tables=0x0) at /test/11.4_dbg/sql/sql_parse.cc:6077
            		 
            #24 0x000055ccbca12866 in mysql_execute_command (thd=thd@entry=0x14d070000d58, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/11.4_dbg/sql/sql_parse.cc:3926
            		 
            #25 0x000055ccbca18e39 in mysql_parse (thd=thd@entry=0x14d070000d58, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14d0a41f91e0) at /test/11.4_dbg/sql/sql_parse.cc:7798
            		 
            #26 0x000055ccbca1b1fc in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14d070000d58, packet=packet@entry=0x14d07000b1c9 "", packet_length=packet_length@entry=43, blocking=blocking@entry=true) at /test/11.4_dbg/sql/sql_class.h:254
            		 
            #27 0x000055ccbca1d333 in do_command (thd=0x14d070000d58, blocking=blocking@entry=true) at /test/11.4_dbg/sql/sql_parse.cc:1406
            		 
            #28 0x000055ccbcb839fd in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55ccc09fc5a8, put_in_cache=put_in_cache@entry=true) at /test/11.4_dbg/sql/sql_connect.cc:1417
            		 
            #29 0x000055ccbcb83cf2 in handle_one_connection (arg=arg@entry=0x55ccc09fc5a8) at /test/11.4_dbg/sql/sql_connect.cc:1319
            		 
            #30 0x000055ccbcfd0e9a in pfs_spawn_thread (arg=0x55ccc09b4868) at /test/11.4_dbg/storage/perfschema/pfs.cc:2201
            		 
            #31 0x000014d0ba094ac3 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
            		 
            #32 0x000014d0ba126850 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

            The error log also shows:

            11.4.0 9b1ea6904965dd345478dedd80e181ad54c767da (Debug)

            		 
            safe_mutex: Trying to lock uninitialized mutex at /test/11.4_dbg/storage/spider/spd_malloc.cc, line 153

            It could be that this is a new/different issue, if so please let me know and I will create a new ticket for this.

            Roel Roel Van de Paar added a comment - - edited CREATE TABLE t (a INT ) ENGINE=InnoDB; INSTALL SONAME 'ha_spider' ; UNINSTALL SONAME 'ha_spider' ; SELECT * FROM t GROUP BY a; SELECT spider_copy_tables ( 'foota_l' , '' , '' ); Leads to: 11.4.0 9b1ea6904965dd345478dedd80e181ad54c767da (Debug) SIGABRT|safe_mutex_lock|inline_mysql_mutex_lock|spider_alloc_mem_calc|spider_bulk_alloc_mem When removing only GROUP BY it leads to a stack seen earlier in this issue: SIGSEGV|thd_get_ha_data|spider_copy_tables_body|spider_copy_tables|udf_handler::val_int Full stack for the safe_mutex_lock issue: 11.4.0 9b1ea6904965dd345478dedd80e181ad54c767da (Debug) Core was generated by `/test/MD060224-mariadb-11.4.0-linux-x86_64-dbg/bin/mariadbd --no-defaults --max'. Program terminated with signal SIGABRT, Aborted. #0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=22886339290688) at ./nptl/pthread_kill.c:44 [Current thread is 1 (LWP 2706942)] (gdb) bt #0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=22886339290688) at ./nptl/pthread_kill.c:44 #1 __pthread_kill_internal (signo=6, threadid=22886339290688) at ./nptl/pthread_kill.c:78 #2 __GI___pthread_kill (threadid=22886339290688, signo=signo@entry=6) at ./nptl/pthread_kill.c:89 #3 0x000014d0ba042476 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26 #4 0x000014d0ba0287f3 in __GI_abort () at ./stdlib/abort.c:79 #5 0x000055ccbd45b33c in safe_mutex_lock (mp=<optimized out>, my_flags=0, file=0x14d0a41857c0 "/test/11.4_dbg/storage/spider/spd_malloc.cc", line=153) at /test/11.4_dbg/mysys/thr_mutex.c:245 #6 0x000014d0a41293b2 in inline_mysql_mutex_lock (src_line=153, src_file=0x14d0a41857c0 "/test/11.4_dbg/storage/spider/spd_malloc.cc", that=0x14d0a41af300 <spider_mem_calc_mutex>) at /test/11.4_dbg/include/mysql/psi/mysql_thread.h:750 #7 spider_alloc_mem_calc (trx=trx@entry=0x0, id=id@entry=1, func_name=func_name@entry=0x14d0a417d4a9 "<unknown>", file_name=file_name@entry=0x14d0a41854c0 "/test/11.4_dbg/storage/spider/spd_copy_tables.cc", line_no=line_no@entry=772, size=size@entry=1984) at /test/11.4_dbg/storage/spider/spd_malloc.cc:153 #8 0x000014d0a4129748 in spider_bulk_alloc_mem (trx=0x0, id=id@entry=1, func_name=func_name@entry=0x14d0a417d4a9 "<unknown>", file_name=file_name@entry=0x14d0a41854c0 "/test/11.4_dbg/storage/spider/spd_copy_tables.cc", line_no=line_no@entry=772, my_flags=my_flags@entry=48) at /test/11.4_dbg/storage/spider/spd_malloc.cc:234 #9 0x000014d0a4126d0e in spider_copy_tables_body (initid=<optimized out>, args=0x14d070019658, is_null=<optimized out>, error=0x14d0700196c8 "") at /test/11.4_dbg/storage/spider/spd_copy_tables.cc:771 #10 0x000014d0a41207b4 in spider_copy_tables (initid=<optimized out>, args=<optimized out>, is_null=<optimized out>, error=<optimized out>) at /test/11.4_dbg/storage/spider/spd_udf.cc:137 #11 0x000055ccbcdb564d in udf_handler::val_int (null_value=<synthetic pointer>, this=0x14d070019648) at /test/11.4_dbg/sql/sql_udf.h:108 #12 Item_func_udf_int::val_int (this=0x14d070019598) at /test/11.4_dbg/sql/item_func.cc:3801 #13 0x000055ccbcc55dc9 in Type_handler::Item_send_longlong (this=<optimized out>, item=0x14d070019598, protocol=0x14d070001370, buf=<optimized out>) at /test/11.4_dbg/sql/sql_type.cc:7510 #14 0x000055ccbcc5c8af in Type_handler_longlong::Item_send (this=<optimized out>, item=<optimized out>, protocol=<optimized out>, buf=<optimized out>) at /test/11.4_dbg/sql/sql_type.h:5803 #15 0x000055ccbc8f3036 in Item::send (this=0x14d070019598, protocol=0x14d070001370, buffer=0x14d0a41f7d70) at /test/11.4_dbg/sql/item.h:1241 #16 0x000055ccbc92a82d in Protocol::send_result_set_row (this=this@entry=0x14d070001370, row_items=row_items@entry=0x14d070019160) at /test/11.4_dbg/sql/protocol.cc:1333 #17 0x000055ccbc9a0f57 in select_send::send_data (this=0x14d07001a068, items=@0x14d070019160: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14d070019710, last = 0x14d070019710, elements = 1}, <No data fields>}) at /test/11.4_dbg/sql/sql_class.cc:3136 #18 0x000055ccbcaa8418 in select_result_sink::send_data_with_check (sent=0, u=<optimized out>, items=<optimized out>, this=<optimized out>) at /test/11.4_dbg/sql/sql_class.h:5978 #19 JOIN::exec_inner (this=this@entry=0x14d07001a090) at /test/11.4_dbg/sql/sql_select.cc:4862 #20 0x000055ccbcaa926e in JOIN::exec (this=this@entry=0x14d07001a090) at /test/11.4_dbg/sql/sql_select.cc:4774 #21 0x000055ccbcaa7079 in mysql_select (thd=thd@entry=0x14d070000d58, tables=0x0, fields=@0x14d070019160: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14d070019710, last = 0x14d070019710, elements = 1}, <No data fields>}, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2164525824, result=0x14d07001a068, unit=0x14d0700051d8, select_lex=0x14d070018ea8) at /test/11.4_dbg/sql/sql_select.cc:5304 #22 0x000055ccbcaa78a2 in handle_select (thd=thd@entry=0x14d070000d58, lex=lex@entry=0x14d0700050f8, result=result@entry=0x14d07001a068, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/11.4_dbg/sql/sql_select.cc:630 #23 0x000055ccbca067ee in execute_sqlcom_select (thd=thd@entry=0x14d070000d58, all_tables=0x0) at /test/11.4_dbg/sql/sql_parse.cc:6077 #24 0x000055ccbca12866 in mysql_execute_command (thd=thd@entry=0x14d070000d58, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/11.4_dbg/sql/sql_parse.cc:3926 #25 0x000055ccbca18e39 in mysql_parse (thd=thd@entry=0x14d070000d58, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14d0a41f91e0) at /test/11.4_dbg/sql/sql_parse.cc:7798 #26 0x000055ccbca1b1fc in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14d070000d58, packet=packet@entry=0x14d07000b1c9 "", packet_length=packet_length@entry=43, blocking=blocking@entry=true) at /test/11.4_dbg/sql/sql_class.h:254 #27 0x000055ccbca1d333 in do_command (thd=0x14d070000d58, blocking=blocking@entry=true) at /test/11.4_dbg/sql/sql_parse.cc:1406 #28 0x000055ccbcb839fd in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55ccc09fc5a8, put_in_cache=put_in_cache@entry=true) at /test/11.4_dbg/sql/sql_connect.cc:1417 #29 0x000055ccbcb83cf2 in handle_one_connection (arg=arg@entry=0x55ccc09fc5a8) at /test/11.4_dbg/sql/sql_connect.cc:1319 #30 0x000055ccbcfd0e9a in pfs_spawn_thread (arg=0x55ccc09b4868) at /test/11.4_dbg/storage/perfschema/pfs.cc:2201 #31 0x000014d0ba094ac3 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442 #32 0x000014d0ba126850 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81 The error log also shows: 11.4.0 9b1ea6904965dd345478dedd80e181ad54c767da (Debug) safe_mutex: Trying to lock uninitialized mutex at /test/11.4_dbg/storage/spider/spd_malloc.cc, line 153 It could be that this is a new/different issue, if so please let me know and I will create a new ticket for this.
            Roel Roel Van de Paar made changes -
            Summary SIGSEGV in spider_direct_sql_body and in thd_get_ha_data SIGSEGV in spider_direct_sql_body, in thd_get_ha_data and in safe_mutex_lock
            Roel Roel Van de Paar made changes -
            Summary SIGSEGV in spider_direct_sql_body, in thd_get_ha_data and in safe_mutex_lock SIGSEGV's in spider_direct_sql_init_body, spider_direct_sql_body, my_hash_insert, thd_ha_data, thd_get_ha_data and safe_mutex_lock
            Roel Roel Van de Paar added a comment - - edited

            Looks related:

            INSTALL SONAME 'ha_spider';
            		 
            UNINSTALL SONAME IF EXISTS "ha_spider";
            		 
            SELECT spider_direct_sql('SELECT 1','a','SRV "s",DATABASE "test"');

            Leads to:

            ASAN|heap-use-after-free|storage/spider/spd_direct_sql.cc|spider_direct_sql_body|udf_handler::val_int|Item_func_udf_int::val_int|Type_handler::Item_send_longlong  # optimized builds
            		 
            ASAN|heap-use-after-free|storage/spider/spd_direct_sql.cc|spider_direct_sql_body|spider_direct_sql|udf_handler::val_int|Item_func_udf_int::val_int  # debug builds

            Full stacks:

            11.4.2 9b6e267bfd8fbed66807b8ca81a84d1faa84ff34 (Optimized, UBASAN)

            		 
            ==3331537==ERROR: AddressSanitizer: heap-use-after-free on address 0x615000031e1c at pc 0x1492701c0097 bp 0x149271703580 sp 0x149271703570
            		 
            READ of size 4 at 0x615000031e1c thread T12
            		 
                #0 0x1492701c0096 in spider_direct_sql_body(st_udf_init*, st_udf_args*, char*, char*, char) /test/11.4_opt_san/storage/spider/spd_direct_sql.cc:1440
            		 
                #1 0x555e2b183b01 in udf_handler::val_int(char*) /test/11.4_opt_san/sql/sql_udf.h:108
            		 
                #2 0x555e2b183b01 in Item_func_udf_int::val_int() /test/11.4_opt_san/sql/item_func.cc:3801
            		 
                #3 0x555e2a4fd037 in Type_handler::Item_send_longlong(Item*, Protocol*, st_value*) const /test/11.4_opt_san/sql/sql_type.cc:7538
            		 
                #4 0x555e28f362fc in Protocol::send_result_set_row(List<Item>*) /test/11.4_opt_san/sql/protocol.cc:1333
            		 
                #5 0x555e2923f3da in select_send::send_data(List<Item>&) /test/11.4_opt_san/sql/sql_class.cc:3187
            		 
                #6 0x555e29a256b1 in select_result_sink::send_data_with_check(List<Item>&, st_select_lex_unit*, unsigned long long) /test/11.4_opt_san/sql/sql_class.h:5995
            		 
                #7 0x555e29a256b1 in select_result_sink::send_data_with_check(List<Item>&, st_select_lex_unit*, unsigned long long) /test/11.4_opt_san/sql/sql_class.h:5985
            		 
                #8 0x555e29a256b1 in JOIN::exec_inner() /test/11.4_opt_san/sql/sql_select.cc:4862
            		 
                #9 0x555e29a2a163 in JOIN::exec() /test/11.4_opt_san/sql/sql_select.cc:4774
            		 
                #10 0x555e29a1778d in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/11.4_opt_san/sql/sql_select.cc:5304
            		 
                #11 0x555e29a1b390 in handle_select(THD*, LEX*, select_result*, unsigned long long) /test/11.4_opt_san/sql/sql_select.cc:630
            		 
                #12 0x555e2958df40 in execute_sqlcom_select /test/11.4_opt_san/sql/sql_parse.cc:6094
            		 
                #13 0x555e295f1e35 in mysql_execute_command(THD*, bool) /test/11.4_opt_san/sql/sql_parse.cc:3943
            		 
                #14 0x555e29600ba2 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.4_opt_san/sql/sql_parse.cc:7815
            		 
                #15 0x555e2960cbbb in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.4_opt_san/sql/sql_parse.cc:1893
            		 
                #16 0x555e29618608 in do_command(THD*, bool) /test/11.4_opt_san/sql/sql_parse.cc:1406
            		 
                #17 0x555e29f6fcbc in do_handle_one_connection(CONNECT*, bool) /test/11.4_opt_san/sql/sql_connect.cc:1437
            		 
                #18 0x555e29f722bc in handle_one_connection /test/11.4_opt_san/sql/sql_connect.cc:1339
            		 
                #19 0x149294c94ac2 in start_thread nptl/pthread_create.c:442
            		 
                #20 0x149294d2684f  (/lib/x86_64-linux-gnu/libc.so.6+0x12684f)
            		 
             
            		 
            0x615000031e1c is located 28 bytes inside of 504-byte region [0x615000031e00,0x615000031ff8)
            		 
            freed by thread T12 here:
            		 
                #0 0x555e28d3a247 in free (/test/UBASAN_MD190224-mariadb-11.4.2-linux-x86_64-opt/bin/mariadbd+0x7edb247)
            		 
                #1 0x555e2ac0624b in ha_finalize_handlerton(st_plugin_int*) /test/11.4_opt_san/sql/handler.cc:617
            		 
                #2 0x555e2968844c in plugin_deinitialize /test/11.4_opt_san/sql/sql_plugin.cc:1273
            		 
                #3 0x555e2968b975 in reap_plugins /test/11.4_opt_san/sql/sql_plugin.cc:1344
            		 
                #4 0x555e29695cb6 in mysql_uninstall_plugin(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*) /test/11.4_opt_san/sql/sql_plugin.cc:2502
            		 
                #5 0x555e295eba91 in mysql_execute_command(THD*, bool) /test/11.4_opt_san/sql/sql_parse.cc:5710
            		 
                #6 0x555e29600ba2 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.4_opt_san/sql/sql_parse.cc:7815
            		 
                #7 0x555e2960cbbb in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.4_opt_san/sql/sql_parse.cc:1893
            		 
                #8 0x555e29618608 in do_command(THD*, bool) /test/11.4_opt_san/sql/sql_parse.cc:1406
            		 
                #9 0x555e29f6fcbc in do_handle_one_connection(CONNECT*, bool) /test/11.4_opt_san/sql/sql_connect.cc:1437
            		 
                #10 0x555e29f722bc in handle_one_connection /test/11.4_opt_san/sql/sql_connect.cc:1339
            		 
                #11 0x149294c94ac2 in start_thread nptl/pthread_create.c:442
            		 
             
            		 
            previously allocated by thread T12 here:
            		 
                #0 0x555e28d3a597 in malloc (/test/UBASAN_MD190224-mariadb-11.4.2-linux-x86_64-opt/bin/mariadbd+0x7edb597)
            		 
                #1 0x555e2d2bd934 in my_malloc /test/11.4_opt_san/mysys/my_malloc.c:93
            		 
                #2 0x555e2ac06676 in ha_initialize_handlerton(st_plugin_int*) /test/11.4_opt_san/sql/handler.cc:671
            		 
                #3 0x555e296878b6 in plugin_do_initialize /test/11.4_opt_san/sql/sql_plugin.cc:1453
            		 
                #4 0x555e296a85a6 in plugin_initialize /test/11.4_opt_san/sql/sql_plugin.cc:1506
            		 
                #5 0x555e296a8b94 in finalize_install /test/11.4_opt_san/sql/sql_plugin.cc:2226
            		 
                #6 0x555e296aacbd in mysql_install_plugin(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*) /test/11.4_opt_san/sql/sql_plugin.cc:2334
            		 
                #7 0x555e295e768d in mysql_execute_command(THD*, bool) /test/11.4_opt_san/sql/sql_parse.cc:5705
            		 
                #8 0x555e29600ba2 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.4_opt_san/sql/sql_parse.cc:7815
            		 
                #9 0x555e2960cbbb in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.4_opt_san/sql/sql_parse.cc:1893
            		 
                #10 0x555e29618608 in do_command(THD*, bool) /test/11.4_opt_san/sql/sql_parse.cc:1406
            		 
                #11 0x555e29f6fcbc in do_handle_one_connection(CONNECT*, bool) /test/11.4_opt_san/sql/sql_connect.cc:1437
            		 
                #12 0x555e29f722bc in handle_one_connection /test/11.4_opt_san/sql/sql_connect.cc:1339
            		 
                #13 0x149294c94ac2 in start_thread nptl/pthread_create.c:442
            		 
             
            		 
            Thread T12 created by T0 here:
            		 
                #0 0x555e28cde3b5 in pthread_create (/test/UBASAN_MD190224-mariadb-11.4.2-linux-x86_64-opt/bin/mariadbd+0x7e7f3b5)
            		 
                #1 0x555e28d92e5e in create_thread_to_handle_connection(CONNECT*) /test/11.4_opt_san/sql/mysqld.cc:6074
            		 
                #2 0x555e28da5f3f in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /test/11.4_opt_san/sql/mysqld.cc:6198
            		 
                #3 0x555e28da7027 in handle_connections_sockets() /test/11.4_opt_san/sql/mysqld.cc:6311
            		 
                #4 0x555e28daa11d in mysqld_main(int, char**) /test/11.4_opt_san/sql/mysqld.cc:5969
            		 
                #5 0x149294c29d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
            		 
             
            		 
            SUMMARY: AddressSanitizer: heap-use-after-free /test/11.4_opt_san/storage/spider/spd_direct_sql.cc:1440 in spider_direct_sql_body(st_udf_init*, st_udf_args*, char*, char*, char)
            		 
            Shadow bytes around the buggy address:
            		 
              0x0c2a7fffe370: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
            		 
              0x0c2a7fffe380: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
            		 
              0x0c2a7fffe390: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
            		 
              0x0c2a7fffe3a0: fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa
            		 
              0x0c2a7fffe3b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
            		 
            =>0x0c2a7fffe3c0: fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd
            		 
              0x0c2a7fffe3d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
            		 
              0x0c2a7fffe3e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
            		 
              0x0c2a7fffe3f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa
            		 
              0x0c2a7fffe400: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
            		 
              0x0c2a7fffe410: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
            		 
            Shadow byte legend (one shadow byte represents 8 application bytes):
            		 
              Addressable:           00
            		 
              Partially addressable: 01 02 03 04 05 06 07 
              Heap left redzone:       fa
            		 
              Freed heap region:       fd
            		 
              Stack left redzone:      f1
            		 
              Stack mid redzone:       f2
            		 
              Stack right redzone:     f3
            		 
              Stack after return:      f5
            		 
              Stack use after scope:   f8
            		 
              Global redzone:          f9
            		 
              Global init order:       f6
            		 
              Poisoned by user:        f7
            		 
              Container overflow:      fc
            		 
              Array cookie:            ac
            		 
              Intra object redzone:    bb
            		 
              ASan internal:           fe
            		 
              Left alloca redzone:     ca
            		 
              Right alloca redzone:    cb
            		 
              Shadow gap:              cc
            		 
            ==3331537==ABORTING

            11.4.2 9b6e267bfd8fbed66807b8ca81a84d1faa84ff34 (Debug, UBASAN)

            		 
            ==3331569==ERROR: AddressSanitizer: heap-use-after-free on address 0x615000031e1c at pc 0x14b8019d8d53 bp 0x14b8030612b0 sp 0x14b8030612a0
            		 
            READ of size 4 at 0x615000031e1c thread T12
            		 
                #0 0x14b8019d8d52 in spider_direct_sql_body(st_udf_init*, st_udf_args*, char*, char*, char) /test/11.4_dbg_san/storage/spider/spd_direct_sql.cc:1440
            		 
                #1 0x14b8019dbab9 in spider_direct_sql /test/11.4_dbg_san/storage/spider/spd_udf.cc:29
            		 
                #2 0x55a18eec7fcf in udf_handler::val_int(char*) /test/11.4_dbg_san/sql/sql_udf.h:108
            		 
                #3 0x55a18eec7fcf in Item_func_udf_int::val_int() /test/11.4_dbg_san/sql/item_func.cc:3801
            		 
                #4 0x55a18e0a0406 in Type_handler::Item_send_longlong(Item*, Protocol*, st_value*) const /test/11.4_dbg_san/sql/sql_type.cc:7538
            		 
                #5 0x55a18e109210 in Type_handler_longlong::Item_send(Item*, Protocol*, st_value*) const /test/11.4_dbg_san/sql/sql_type.h:5872
            		 
                #6 0x55a18c757c94 in Item::send(Protocol*, st_value*) /test/11.4_dbg_san/sql/item.h:1254
            		 
                #7 0x55a18c91edf4 in Protocol::send_result_set_row(List<Item>*) /test/11.4_dbg_san/sql/protocol.cc:1333
            		 
                #8 0x55a18cc48c08 in select_send::send_data(List<Item>&) /test/11.4_dbg_san/sql/sql_class.cc:3187
            		 
                #9 0x55a18d454e3c in select_result_sink::send_data_with_check(List<Item>&, st_select_lex_unit*, unsigned long long) /test/11.4_dbg_san/sql/sql_class.h:5995
            		 
                #10 0x55a18d454e3c in JOIN::exec_inner() /test/11.4_dbg_san/sql/sql_select.cc:4862
            		 
                #11 0x55a18d45b44e in JOIN::exec() /test/11.4_dbg_san/sql/sql_select.cc:4774
            		 
                #12 0x55a18d449871 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/11.4_dbg_san/sql/sql_select.cc:5304
            		 
                #13 0x55a18d44dd82 in handle_select(THD*, LEX*, select_result*, unsigned long long) /test/11.4_dbg_san/sql/sql_select.cc:630
            		 
                #14 0x55a18cfb22f4 in execute_sqlcom_select /test/11.4_dbg_san/sql/sql_parse.cc:6094
            		 
                #15 0x55a18d017140 in mysql_execute_command(THD*, bool) /test/11.4_dbg_san/sql/sql_parse.cc:3943
            		 
                #16 0x55a18d03e40e in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.4_dbg_san/sql/sql_parse.cc:7815
            		 
                #17 0x55a18d04e252 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.4_dbg_san/sql/sql_parse.cc:1893
            		 
                #18 0x55a18d05c799 in do_command(THD*, bool) /test/11.4_dbg_san/sql/sql_parse.cc:1406
            		 
                #19 0x55a18da6e88b in do_handle_one_connection(CONNECT*, bool) /test/11.4_dbg_san/sql/sql_connect.cc:1437
            		 
                #20 0x55a18da6fda6 in handle_one_connection /test/11.4_dbg_san/sql/sql_connect.cc:1339
            		 
                #21 0x14b826694ac2 in start_thread nptl/pthread_create.c:442
            		 
                #22 0x14b82672684f  (/lib/x86_64-linux-gnu/libc.so.6+0x12684f)
            		 
             
            		 
            0x615000031e1c is located 28 bytes inside of 504-byte region [0x615000031e00,0x615000031ff8)
            		 
            freed by thread T12 here:
            		 
                #0 0x55a18c6e3087 in __interceptor_free (/test/UBASAN_MD190224-mariadb-11.4.2-linux-x86_64-dbg/bin/mariadbd+0x7e62087)
            		 
                #1 0x55a190fd6693 in my_free /test/11.4_dbg_san/mysys/my_malloc.c:221
            		 
                #2 0x55a18e86f93f in ha_finalize_handlerton(st_plugin_int*) /test/11.4_dbg_san/sql/handler.cc:617
            		 
                #3 0x55a18d0d0c9b in plugin_deinitialize /test/11.4_dbg_san/sql/sql_plugin.cc:1273
            		 
                #4 0x55a18d0d2823 in reap_plugins /test/11.4_dbg_san/sql/sql_plugin.cc:1344
            		 
                #5 0x55a18d0dc17b in mysql_uninstall_plugin(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*) /test/11.4_dbg_san/sql/sql_plugin.cc:2502
            		 
                #6 0x55a18d036f9e in mysql_execute_command(THD*, bool) /test/11.4_dbg_san/sql/sql_parse.cc:5710
            		 
                #7 0x55a18d03e40e in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.4_dbg_san/sql/sql_parse.cc:7815
            		 
                #8 0x55a18d04e252 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.4_dbg_san/sql/sql_parse.cc:1893
            		 
                #9 0x55a18d05c799 in do_command(THD*, bool) /test/11.4_dbg_san/sql/sql_parse.cc:1406
            		 
                #10 0x55a18da6e88b in do_handle_one_connection(CONNECT*, bool) /test/11.4_dbg_san/sql/sql_connect.cc:1437
            		 
                #11 0x55a18da6fda6 in handle_one_connection /test/11.4_dbg_san/sql/sql_connect.cc:1339
            		 
                #12 0x14b826694ac2 in start_thread nptl/pthread_create.c:442
            		 
             
            		 
            previously allocated by thread T12 here:
            		 
                #0 0x55a18c6e33d7 in __interceptor_malloc (/test/UBASAN_MD190224-mariadb-11.4.2-linux-x86_64-dbg/bin/mariadbd+0x7e623d7)
            		 
                #1 0x55a190fd6313 in my_malloc /test/11.4_dbg_san/mysys/my_malloc.c:93
            		 
                #2 0x55a18e86fdc5 in ha_initialize_handlerton(st_plugin_int*) /test/11.4_dbg_san/sql/handler.cc:671
            		 
                #3 0x55a18d0d3be4 in plugin_do_initialize /test/11.4_dbg_san/sql/sql_plugin.cc:1453
            		 
                #4 0x55a18d0eb9e2 in plugin_initialize /test/11.4_dbg_san/sql/sql_plugin.cc:1506
            		 
                #5 0x55a18d0ebd09 in finalize_install /test/11.4_dbg_san/sql/sql_plugin.cc:2226
            		 
                #6 0x55a18d0edee4 in mysql_install_plugin(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*) /test/11.4_dbg_san/sql/sql_plugin.cc:2334
            		 
                #7 0x55a18d036d81 in mysql_execute_command(THD*, bool) /test/11.4_dbg_san/sql/sql_parse.cc:5705
            		 
                #8 0x55a18d03e40e in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.4_dbg_san/sql/sql_parse.cc:7815
            		 
                #9 0x55a18d04e252 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.4_dbg_san/sql/sql_parse.cc:1893
            		 
                #10 0x55a18d05c799 in do_command(THD*, bool) /test/11.4_dbg_san/sql/sql_parse.cc:1406
            		 
                #11 0x55a18da6e88b in do_handle_one_connection(CONNECT*, bool) /test/11.4_dbg_san/sql/sql_connect.cc:1437
            		 
                #12 0x55a18da6fda6 in handle_one_connection /test/11.4_dbg_san/sql/sql_connect.cc:1339
            		 
                #13 0x14b826694ac2 in start_thread nptl/pthread_create.c:442
            		 
             
            		 
            Thread T12 created by T0 here:
            		 
                #0 0x55a18c6871f5 in pthread_create (/test/UBASAN_MD190224-mariadb-11.4.2-linux-x86_64-dbg/bin/mariadbd+0x7e061f5)
            		 
                #1 0x55a18c73b77c in create_thread_to_handle_connection(CONNECT*) /test/11.4_dbg_san/sql/mysqld.cc:6074
            		 
                #2 0x55a18c74d10f in create_new_thread(CONNECT*) /test/11.4_dbg_san/sql/mysqld.cc:6136
            		 
                #3 0x55a18c74d98f in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /test/11.4_dbg_san/sql/mysqld.cc:6198
            		 
                #4 0x55a18c74ec14 in handle_connections_sockets() /test/11.4_dbg_san/sql/mysqld.cc:6311
            		 
                #5 0x55a18c75342f in mysqld_main(int, char**) /test/11.4_dbg_san/sql/mysqld.cc:5969
            		 
                #6 0x55a18c728f7a in main /test/11.4_dbg_san/sql/main.cc:34
            		 
                #7 0x14b826629d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
            		 
             
            		 
            SUMMARY: AddressSanitizer: heap-use-after-free /test/11.4_dbg_san/storage/spider/spd_direct_sql.cc:1440 in spider_direct_sql_body(st_udf_init*, st_udf_args*, char*, char*, char)
            		 
            Shadow bytes around the buggy address:
            		 
              0x0c2a7fffe370: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
            		 
              0x0c2a7fffe380: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
            		 
              0x0c2a7fffe390: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
            		 
              0x0c2a7fffe3a0: fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa
            		 
              0x0c2a7fffe3b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
            		 
            =>0x0c2a7fffe3c0: fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd
            		 
              0x0c2a7fffe3d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
            		 
              0x0c2a7fffe3e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
            		 
              0x0c2a7fffe3f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa
            		 
              0x0c2a7fffe400: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
            		 
              0x0c2a7fffe410: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
            		 
            Shadow byte legend (one shadow byte represents 8 application bytes):
            		 
              Addressable:           00
            		 
              Partially addressable: 01 02 03 04 05 06 07 
              Heap left redzone:       fa
            		 
              Freed heap region:       fd
            		 
              Stack left redzone:      f1
            		 
              Stack mid redzone:       f2
            		 
              Stack right redzone:     f3
            		 
              Stack after return:      f5
            		 
              Stack use after scope:   f8
            		 
              Global redzone:          f9
            		 
              Global init order:       f6
            		 
              Poisoned by user:        f7
            		 
              Container overflow:      fc
            		 
              Array cookie:            ac
            		 
              Intra object redzone:    bb
            		 
              ASan internal:           fe
            		 
              Left alloca redzone:     ca
            		 
              Right alloca redzone:    cb
            		 
              Shadow gap:              cc
            		 
            ==3331569==ABORTING

            Roel Roel Van de Paar added a comment - - edited Looks related: INSTALL SONAME 'ha_spider' ; UNINSTALL SONAME IF EXISTS "ha_spider" ; SELECT spider_direct_sql( 'SELECT 1' , 'a' , 'SRV "s",DATABASE "test"' ); Leads to: ASAN|heap-use-after-free|storage/spider/spd_direct_sql.cc|spider_direct_sql_body|udf_handler::val_int|Item_func_udf_int::val_int|Type_handler::Item_send_longlong # optimized builds ASAN|heap-use-after-free|storage/spider/spd_direct_sql.cc|spider_direct_sql_body|spider_direct_sql|udf_handler::val_int|Item_func_udf_int::val_int # debug builds Full stacks: 11.4.2 9b6e267bfd8fbed66807b8ca81a84d1faa84ff34 (Optimized, UBASAN) ==3331537==ERROR: AddressSanitizer: heap-use-after-free on address 0x615000031e1c at pc 0x1492701c0097 bp 0x149271703580 sp 0x149271703570 READ of size 4 at 0x615000031e1c thread T12 #0 0x1492701c0096 in spider_direct_sql_body(st_udf_init*, st_udf_args*, char*, char*, char) /test/11.4_opt_san/storage/spider/spd_direct_sql.cc:1440 #1 0x555e2b183b01 in udf_handler::val_int(char*) /test/11.4_opt_san/sql/sql_udf.h:108 #2 0x555e2b183b01 in Item_func_udf_int::val_int() /test/11.4_opt_san/sql/item_func.cc:3801 #3 0x555e2a4fd037 in Type_handler::Item_send_longlong(Item*, Protocol*, st_value*) const /test/11.4_opt_san/sql/sql_type.cc:7538 #4 0x555e28f362fc in Protocol::send_result_set_row(List<Item>*) /test/11.4_opt_san/sql/protocol.cc:1333 #5 0x555e2923f3da in select_send::send_data(List<Item>&) /test/11.4_opt_san/sql/sql_class.cc:3187 #6 0x555e29a256b1 in select_result_sink::send_data_with_check(List<Item>&, st_select_lex_unit*, unsigned long long) /test/11.4_opt_san/sql/sql_class.h:5995 #7 0x555e29a256b1 in select_result_sink::send_data_with_check(List<Item>&, st_select_lex_unit*, unsigned long long) /test/11.4_opt_san/sql/sql_class.h:5985 #8 0x555e29a256b1 in JOIN::exec_inner() /test/11.4_opt_san/sql/sql_select.cc:4862 #9 0x555e29a2a163 in JOIN::exec() /test/11.4_opt_san/sql/sql_select.cc:4774 #10 0x555e29a1778d in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/11.4_opt_san/sql/sql_select.cc:5304 #11 0x555e29a1b390 in handle_select(THD*, LEX*, select_result*, unsigned long long) /test/11.4_opt_san/sql/sql_select.cc:630 #12 0x555e2958df40 in execute_sqlcom_select /test/11.4_opt_san/sql/sql_parse.cc:6094 #13 0x555e295f1e35 in mysql_execute_command(THD*, bool) /test/11.4_opt_san/sql/sql_parse.cc:3943 #14 0x555e29600ba2 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.4_opt_san/sql/sql_parse.cc:7815 #15 0x555e2960cbbb in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.4_opt_san/sql/sql_parse.cc:1893 #16 0x555e29618608 in do_command(THD*, bool) /test/11.4_opt_san/sql/sql_parse.cc:1406 #17 0x555e29f6fcbc in do_handle_one_connection(CONNECT*, bool) /test/11.4_opt_san/sql/sql_connect.cc:1437 #18 0x555e29f722bc in handle_one_connection /test/11.4_opt_san/sql/sql_connect.cc:1339 #19 0x149294c94ac2 in start_thread nptl/pthread_create.c:442 #20 0x149294d2684f (/lib/x86_64-linux-gnu/libc.so.6+0x12684f)   0x615000031e1c is located 28 bytes inside of 504-byte region [0x615000031e00,0x615000031ff8) freed by thread T12 here: #0 0x555e28d3a247 in free (/test/UBASAN_MD190224-mariadb-11.4.2-linux-x86_64-opt/bin/mariadbd+0x7edb247) #1 0x555e2ac0624b in ha_finalize_handlerton(st_plugin_int*) /test/11.4_opt_san/sql/handler.cc:617 #2 0x555e2968844c in plugin_deinitialize /test/11.4_opt_san/sql/sql_plugin.cc:1273 #3 0x555e2968b975 in reap_plugins /test/11.4_opt_san/sql/sql_plugin.cc:1344 #4 0x555e29695cb6 in mysql_uninstall_plugin(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*) /test/11.4_opt_san/sql/sql_plugin.cc:2502 #5 0x555e295eba91 in mysql_execute_command(THD*, bool) /test/11.4_opt_san/sql/sql_parse.cc:5710 #6 0x555e29600ba2 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.4_opt_san/sql/sql_parse.cc:7815 #7 0x555e2960cbbb in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.4_opt_san/sql/sql_parse.cc:1893 #8 0x555e29618608 in do_command(THD*, bool) /test/11.4_opt_san/sql/sql_parse.cc:1406 #9 0x555e29f6fcbc in do_handle_one_connection(CONNECT*, bool) /test/11.4_opt_san/sql/sql_connect.cc:1437 #10 0x555e29f722bc in handle_one_connection /test/11.4_opt_san/sql/sql_connect.cc:1339 #11 0x149294c94ac2 in start_thread nptl/pthread_create.c:442   previously allocated by thread T12 here: #0 0x555e28d3a597 in malloc (/test/UBASAN_MD190224-mariadb-11.4.2-linux-x86_64-opt/bin/mariadbd+0x7edb597) #1 0x555e2d2bd934 in my_malloc /test/11.4_opt_san/mysys/my_malloc.c:93 #2 0x555e2ac06676 in ha_initialize_handlerton(st_plugin_int*) /test/11.4_opt_san/sql/handler.cc:671 #3 0x555e296878b6 in plugin_do_initialize /test/11.4_opt_san/sql/sql_plugin.cc:1453 #4 0x555e296a85a6 in plugin_initialize /test/11.4_opt_san/sql/sql_plugin.cc:1506 #5 0x555e296a8b94 in finalize_install /test/11.4_opt_san/sql/sql_plugin.cc:2226 #6 0x555e296aacbd in mysql_install_plugin(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*) /test/11.4_opt_san/sql/sql_plugin.cc:2334 #7 0x555e295e768d in mysql_execute_command(THD*, bool) /test/11.4_opt_san/sql/sql_parse.cc:5705 #8 0x555e29600ba2 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.4_opt_san/sql/sql_parse.cc:7815 #9 0x555e2960cbbb in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.4_opt_san/sql/sql_parse.cc:1893 #10 0x555e29618608 in do_command(THD*, bool) /test/11.4_opt_san/sql/sql_parse.cc:1406 #11 0x555e29f6fcbc in do_handle_one_connection(CONNECT*, bool) /test/11.4_opt_san/sql/sql_connect.cc:1437 #12 0x555e29f722bc in handle_one_connection /test/11.4_opt_san/sql/sql_connect.cc:1339 #13 0x149294c94ac2 in start_thread nptl/pthread_create.c:442   Thread T12 created by T0 here: #0 0x555e28cde3b5 in pthread_create (/test/UBASAN_MD190224-mariadb-11.4.2-linux-x86_64-opt/bin/mariadbd+0x7e7f3b5) #1 0x555e28d92e5e in create_thread_to_handle_connection(CONNECT*) /test/11.4_opt_san/sql/mysqld.cc:6074 #2 0x555e28da5f3f in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /test/11.4_opt_san/sql/mysqld.cc:6198 #3 0x555e28da7027 in handle_connections_sockets() /test/11.4_opt_san/sql/mysqld.cc:6311 #4 0x555e28daa11d in mysqld_main(int, char**) /test/11.4_opt_san/sql/mysqld.cc:5969 #5 0x149294c29d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58   SUMMARY: AddressSanitizer: heap-use-after-free /test/11.4_opt_san/storage/spider/spd_direct_sql.cc:1440 in spider_direct_sql_body(st_udf_init*, st_udf_args*, char*, char*, char) Shadow bytes around the buggy address: 0x0c2a7fffe370: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c2a7fffe380: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c2a7fffe390: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c2a7fffe3a0: fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa 0x0c2a7fffe3b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa =>0x0c2a7fffe3c0: fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd 0x0c2a7fffe3d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c2a7fffe3e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c2a7fffe3f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa 0x0c2a7fffe400: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c2a7fffe410: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==3331537==ABORTING 11.4.2 9b6e267bfd8fbed66807b8ca81a84d1faa84ff34 (Debug, UBASAN) ==3331569==ERROR: AddressSanitizer: heap-use-after-free on address 0x615000031e1c at pc 0x14b8019d8d53 bp 0x14b8030612b0 sp 0x14b8030612a0 READ of size 4 at 0x615000031e1c thread T12 #0 0x14b8019d8d52 in spider_direct_sql_body(st_udf_init*, st_udf_args*, char*, char*, char) /test/11.4_dbg_san/storage/spider/spd_direct_sql.cc:1440 #1 0x14b8019dbab9 in spider_direct_sql /test/11.4_dbg_san/storage/spider/spd_udf.cc:29 #2 0x55a18eec7fcf in udf_handler::val_int(char*) /test/11.4_dbg_san/sql/sql_udf.h:108 #3 0x55a18eec7fcf in Item_func_udf_int::val_int() /test/11.4_dbg_san/sql/item_func.cc:3801 #4 0x55a18e0a0406 in Type_handler::Item_send_longlong(Item*, Protocol*, st_value*) const /test/11.4_dbg_san/sql/sql_type.cc:7538 #5 0x55a18e109210 in Type_handler_longlong::Item_send(Item*, Protocol*, st_value*) const /test/11.4_dbg_san/sql/sql_type.h:5872 #6 0x55a18c757c94 in Item::send(Protocol*, st_value*) /test/11.4_dbg_san/sql/item.h:1254 #7 0x55a18c91edf4 in Protocol::send_result_set_row(List<Item>*) /test/11.4_dbg_san/sql/protocol.cc:1333 #8 0x55a18cc48c08 in select_send::send_data(List<Item>&) /test/11.4_dbg_san/sql/sql_class.cc:3187 #9 0x55a18d454e3c in select_result_sink::send_data_with_check(List<Item>&, st_select_lex_unit*, unsigned long long) /test/11.4_dbg_san/sql/sql_class.h:5995 #10 0x55a18d454e3c in JOIN::exec_inner() /test/11.4_dbg_san/sql/sql_select.cc:4862 #11 0x55a18d45b44e in JOIN::exec() /test/11.4_dbg_san/sql/sql_select.cc:4774 #12 0x55a18d449871 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/11.4_dbg_san/sql/sql_select.cc:5304 #13 0x55a18d44dd82 in handle_select(THD*, LEX*, select_result*, unsigned long long) /test/11.4_dbg_san/sql/sql_select.cc:630 #14 0x55a18cfb22f4 in execute_sqlcom_select /test/11.4_dbg_san/sql/sql_parse.cc:6094 #15 0x55a18d017140 in mysql_execute_command(THD*, bool) /test/11.4_dbg_san/sql/sql_parse.cc:3943 #16 0x55a18d03e40e in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.4_dbg_san/sql/sql_parse.cc:7815 #17 0x55a18d04e252 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.4_dbg_san/sql/sql_parse.cc:1893 #18 0x55a18d05c799 in do_command(THD*, bool) /test/11.4_dbg_san/sql/sql_parse.cc:1406 #19 0x55a18da6e88b in do_handle_one_connection(CONNECT*, bool) /test/11.4_dbg_san/sql/sql_connect.cc:1437 #20 0x55a18da6fda6 in handle_one_connection /test/11.4_dbg_san/sql/sql_connect.cc:1339 #21 0x14b826694ac2 in start_thread nptl/pthread_create.c:442 #22 0x14b82672684f (/lib/x86_64-linux-gnu/libc.so.6+0x12684f)   0x615000031e1c is located 28 bytes inside of 504-byte region [0x615000031e00,0x615000031ff8) freed by thread T12 here: #0 0x55a18c6e3087 in __interceptor_free (/test/UBASAN_MD190224-mariadb-11.4.2-linux-x86_64-dbg/bin/mariadbd+0x7e62087) #1 0x55a190fd6693 in my_free /test/11.4_dbg_san/mysys/my_malloc.c:221 #2 0x55a18e86f93f in ha_finalize_handlerton(st_plugin_int*) /test/11.4_dbg_san/sql/handler.cc:617 #3 0x55a18d0d0c9b in plugin_deinitialize /test/11.4_dbg_san/sql/sql_plugin.cc:1273 #4 0x55a18d0d2823 in reap_plugins /test/11.4_dbg_san/sql/sql_plugin.cc:1344 #5 0x55a18d0dc17b in mysql_uninstall_plugin(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*) /test/11.4_dbg_san/sql/sql_plugin.cc:2502 #6 0x55a18d036f9e in mysql_execute_command(THD*, bool) /test/11.4_dbg_san/sql/sql_parse.cc:5710 #7 0x55a18d03e40e in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.4_dbg_san/sql/sql_parse.cc:7815 #8 0x55a18d04e252 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.4_dbg_san/sql/sql_parse.cc:1893 #9 0x55a18d05c799 in do_command(THD*, bool) /test/11.4_dbg_san/sql/sql_parse.cc:1406 #10 0x55a18da6e88b in do_handle_one_connection(CONNECT*, bool) /test/11.4_dbg_san/sql/sql_connect.cc:1437 #11 0x55a18da6fda6 in handle_one_connection /test/11.4_dbg_san/sql/sql_connect.cc:1339 #12 0x14b826694ac2 in start_thread nptl/pthread_create.c:442   previously allocated by thread T12 here: #0 0x55a18c6e33d7 in __interceptor_malloc (/test/UBASAN_MD190224-mariadb-11.4.2-linux-x86_64-dbg/bin/mariadbd+0x7e623d7) #1 0x55a190fd6313 in my_malloc /test/11.4_dbg_san/mysys/my_malloc.c:93 #2 0x55a18e86fdc5 in ha_initialize_handlerton(st_plugin_int*) /test/11.4_dbg_san/sql/handler.cc:671 #3 0x55a18d0d3be4 in plugin_do_initialize /test/11.4_dbg_san/sql/sql_plugin.cc:1453 #4 0x55a18d0eb9e2 in plugin_initialize /test/11.4_dbg_san/sql/sql_plugin.cc:1506 #5 0x55a18d0ebd09 in finalize_install /test/11.4_dbg_san/sql/sql_plugin.cc:2226 #6 0x55a18d0edee4 in mysql_install_plugin(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*) /test/11.4_dbg_san/sql/sql_plugin.cc:2334 #7 0x55a18d036d81 in mysql_execute_command(THD*, bool) /test/11.4_dbg_san/sql/sql_parse.cc:5705 #8 0x55a18d03e40e in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.4_dbg_san/sql/sql_parse.cc:7815 #9 0x55a18d04e252 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.4_dbg_san/sql/sql_parse.cc:1893 #10 0x55a18d05c799 in do_command(THD*, bool) /test/11.4_dbg_san/sql/sql_parse.cc:1406 #11 0x55a18da6e88b in do_handle_one_connection(CONNECT*, bool) /test/11.4_dbg_san/sql/sql_connect.cc:1437 #12 0x55a18da6fda6 in handle_one_connection /test/11.4_dbg_san/sql/sql_connect.cc:1339 #13 0x14b826694ac2 in start_thread nptl/pthread_create.c:442   Thread T12 created by T0 here: #0 0x55a18c6871f5 in pthread_create (/test/UBASAN_MD190224-mariadb-11.4.2-linux-x86_64-dbg/bin/mariadbd+0x7e061f5) #1 0x55a18c73b77c in create_thread_to_handle_connection(CONNECT*) /test/11.4_dbg_san/sql/mysqld.cc:6074 #2 0x55a18c74d10f in create_new_thread(CONNECT*) /test/11.4_dbg_san/sql/mysqld.cc:6136 #3 0x55a18c74d98f in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /test/11.4_dbg_san/sql/mysqld.cc:6198 #4 0x55a18c74ec14 in handle_connections_sockets() /test/11.4_dbg_san/sql/mysqld.cc:6311 #5 0x55a18c75342f in mysqld_main(int, char**) /test/11.4_dbg_san/sql/mysqld.cc:5969 #6 0x55a18c728f7a in main /test/11.4_dbg_san/sql/main.cc:34 #7 0x14b826629d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58   SUMMARY: AddressSanitizer: heap-use-after-free /test/11.4_dbg_san/storage/spider/spd_direct_sql.cc:1440 in spider_direct_sql_body(st_udf_init*, st_udf_args*, char*, char*, char) Shadow bytes around the buggy address: 0x0c2a7fffe370: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c2a7fffe380: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c2a7fffe390: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c2a7fffe3a0: fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa 0x0c2a7fffe3b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa =>0x0c2a7fffe3c0: fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd 0x0c2a7fffe3d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c2a7fffe3e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c2a7fffe3f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa 0x0c2a7fffe400: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c2a7fffe410: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==3331569==ABORTING
            Roel Roel Van de Paar made changes -
            Labels affects-tests locking stack-smashing ASAN affects-tests locking stack-smashing
            Roel Roel Van de Paar made changes -
            Summary SIGSEGV's in spider_direct_sql_init_body, spider_direct_sql_body, my_hash_insert, thd_ha_data, thd_get_ha_data and safe_mutex_lock SIGSEGV's in spider_direct_sql_init_body, spider_direct_sql_body, my_hash_insert, thd_ha_data, thd_get_ha_data and safe_mutex_lock, heap-use-after-free in
            Roel Roel Van de Paar made changes -
            Summary SIGSEGV's in spider_direct_sql_init_body, spider_direct_sql_body, my_hash_insert, thd_ha_data, thd_get_ha_data and safe_mutex_lock, heap-use-after-free in SIGSEGV's in spider_direct_sql_init_body, spider_direct_sql_body, my_hash_insert, thd_ha_data, thd_get_ha_data and safe_mutex_lock, heap-use-after-free in thread
            Roel Roel Van de Paar made changes -
            Summary SIGSEGV's in spider_direct_sql_init_body, spider_direct_sql_body, my_hash_insert, thd_ha_data, thd_get_ha_data and safe_mutex_lock, heap-use-after-free in thread SIGSEGV's in spider_direct_sql_init_body, spider_direct_sql_body, my_hash_insert, thd_ha_data, thd_get_ha_data and safe_mutex_lock, heap-use-after-free in spider_direct_sql_body
            ycp Yuchen Pei added a comment -

            I am not sure how to call my_error without getting segv, so I opted for simply returning 0 from the udf.

            holyfoot ptal thanks:

            upstream/bb-10.4-mdev-30727 bb-10.4-ycp f2a7e0f902b1cf296d3cfd98956db486802beb4b
            		 
            MDEV-30727 Check spider_hton_ptr in spider direct sql udf
            		 
             
            		 
            I cannot call my_error() at the beginning of spider_direct_sql_body()
            		 
            without getting segv of my_error pointing to an invalid address.

            ycp Yuchen Pei added a comment - I am not sure how to call my_error without getting segv, so I opted for simply returning 0 from the udf. holyfoot ptal thanks: upstream/bb-10.4-mdev-30727 bb-10.4-ycp f2a7e0f902b1cf296d3cfd98956db486802beb4b MDEV-30727 Check spider_hton_ptr in spider direct sql udf   I cannot call my_error() at the beginning of spider_direct_sql_body() without getting segv of my_error pointing to an invalid address.
            ycp Yuchen Pei made changes -
            Assignee Yuchen Pei [ JIRAUSER52627 ] Alexey Botchkov [ holyfoot ]
            Status Confirmed [ 10101 ] In Review [ 10002 ]
            holyfoot Alexey Botchkov added a comment -

            see comment to the patch.
            As it's addressed, ok to push.

            holyfoot Alexey Botchkov added a comment - see comment to the patch. As it's addressed, ok to push.
            holyfoot Alexey Botchkov made changes -
            Assignee Alexey Botchkov [ holyfoot ] Yuchen Pei [ JIRAUSER52627 ]
            Status In Review [ 10002 ] Stalled [ 10000 ]
            ycp Yuchen Pei added a comment - - edited

            Thanks for the comments holyfoot, please see below for my response.

            Having the error message here seems nice.
            To do that i'd recommend adding these two lines before the
            spider_direct_sql_body() function:
            `+#undef my_error
            +extern void my_error(unsigned int nr, unsigned long MyFlags, ...);
            +
            long long spider_direct_sql_body(
            `
            Feel free to ask on Slack if you want an explanation

            I tried that, but got the following:

            CURRENT_TEST: spider/bugfix.mdev_30727
            		 
            mysqltest: At line 1: query 'CREATE FUNCTION spider_direct_sql RETURNS INT SONAME 'ha_spider.so'' failed: 1126: Can't open shared library 'ha_spider.so' (errno: 11, undefined symbol: _Z8my_errorjmz)

            Also i think we should set the 'spider_hton_ptr' to NULL in spider_db_done() so
            the UDF works same way after the plugin is unloaded.

            I could do it, but we can't test it because spider_db_done() is not called until server shutdown (MDEV-32796). I can open a ticket for this and block it with MDEV-32796, if needed.

            ycp Yuchen Pei added a comment - - edited Thanks for the comments holyfoot , please see below for my response. Having the error message here seems nice. To do that i'd recommend adding these two lines before the spider_direct_sql_body() function: `+#undef my_error +extern void my_error(unsigned int nr, unsigned long MyFlags, ...); + long long spider_direct_sql_body( ` Feel free to ask on Slack if you want an explanation I tried that, but got the following: CURRENT_TEST: spider/bugfix.mdev_30727 mysqltest: At line 1: query 'CREATE FUNCTION spider_direct_sql RETURNS INT SONAME 'ha_spider.so'' failed: 1126: Can't open shared library 'ha_spider.so' (errno: 11, undefined symbol: _Z8my_errorjmz) Also i think we should set the 'spider_hton_ptr' to NULL in spider_db_done() so the UDF works same way after the plugin is unloaded. I could do it, but we can't test it because spider_db_done() is not called until server shutdown ( MDEV-32796 ). I can open a ticket for this and block it with MDEV-32796 , if needed.
            ycp Yuchen Pei made changes -
            Assignee Yuchen Pei [ JIRAUSER52627 ] Alexey Botchkov [ holyfoot ]
            Status Stalled [ 10000 ] In Review [ 10002 ]
            ycp Yuchen Pei added a comment -

            Hi holyfoot, following up from today's call, after working more on the patch, it actually requires changes in other udfs, and I think we should signal the failure earlier, in udf init instead of body. ptal thanks:

            c6dd7a7dabf upstream/bb-10.4-mdev-30727 MDEV-30727 Check spider_hton_ptr in spider udfs

            ycp Yuchen Pei added a comment - Hi holyfoot , following up from today's call, after working more on the patch, it actually requires changes in other udfs, and I think we should signal the failure earlier, in udf init instead of body. ptal thanks: c6dd7a7dabf upstream/bb-10.4-mdev-30727 MDEV-30727 Check spider_hton_ptr in spider udfs
            holyfoot Alexey Botchkov added a comment -

            ok to push.

            holyfoot Alexey Botchkov added a comment - ok to push.
            holyfoot Alexey Botchkov made changes -
            Assignee Alexey Botchkov [ holyfoot ] Yuchen Pei [ JIRAUSER52627 ]
            Status In Review [ 10002 ] Stalled [ 10000 ]
            ycp Yuchen Pei added a comment -

            Pushed 267dd5a993d5432132c6479d766a6028b85f77fb to 10.5

            Considering the fix is a bit hacky, let's not risk 10.4 which will be EOL soon.

            ycp Yuchen Pei added a comment - Pushed 267dd5a993d5432132c6479d766a6028b85f77fb to 10.5 Considering the fix is a bit hacky, let's not risk 10.4 which will be EOL soon.
            ycp Yuchen Pei made changes -
            Fix Version/s 10.5.25 [ 29626 ]
            Fix Version/s 10.4 [ 22408 ]
            Fix Version/s 10.5 [ 23123 ]
            Fix Version/s 10.6 [ 24028 ]
            Fix Version/s 10.11 [ 27614 ]
            Fix Version/s 11.0 [ 28320 ]
            Fix Version/s 11.1 [ 28549 ]
            Fix Version/s 11.3 [ 28565 ]
            Fix Version/s 11.2 [ 28603 ]
            Resolution Fixed [ 1 ]
            Status Stalled [ 10000 ] Closed [ 6 ]
            JIraAutomate JiraAutomate made changes -
            Fix Version/s 10.6.18 [ 29627 ]
            Fix Version/s 10.11.8 [ 29630 ]
            Fix Version/s 11.0.6 [ 29628 ]
            Fix Version/s 11.1.5 [ 29629 ]
            Fix Version/s 11.2.4 [ 29631 ]
            Fix Version/s 11.4.2 [ 29633 ]
            ycp Yuchen Pei made changes -

            People

              ycp Yuchen Pei
              Roel Roel Van de Paar
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.