[MDEV-32487] SIGSEGV in ha_resolve_storage_engine_name, UBSAN: runtime error: index 4294967295 out of bounds for type 'st_plugin_int *[64]' - Jira

XML

Word

Printable

Details

Type: Bug
Status: In Review (View Workflow)
Priority: Critical
Resolution: Unresolved
Affects Version/s: 10.4, 10.5, 10.11, 11.2, 11.3, 11.4, 11.5
Fix Version/s: 10.4, 10.5, 10.11, 11.2, 11.3, 11.4
Component/s: Storage Engine - Spider
Labels:
- UBSAN
- affects-tests
- race
- sporadic

Description

The bug is seen very often in both optimized and debug builds, and yet any direct attempts at reproducing it always fail. Also, the SQL traces are at times empty, indicating that the issue can happen very close to startup. The issue stops many test runs short.

preview-11.3-preview 76e20f00772148fa928c6c6e42401f38ca89abf0 (Debug)
Core was generated by `/test/HEAD_preview_11.3_preview_MD171023-mariadb-11.3.0-linux-x86_64-dbg/bin/ma'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x000055e400f34711 in ha_resolve_storage_engine_name (
db_type=<optimized out>)
at /test/preview-11.3-preview_dbg/sql/handler.h:5546
5546 db_type == view_pseudo_hton ? "VIEW" : hton_name(db_type)->str);
[Current thread is 1 (Thread 0x14b940073640 (LWP 45814))]
(gdb) bt
#0 0x000055e400f34711 in ha_resolve_storage_engine_name (db_type=<optimized out>) at /test/preview-11.3-preview_dbg/sql/handler.h:5546
#1 check_engine (thd=thd@entry=0x14b8a4000d58, db_name=<optimized out>, table_name=0x14b8a4013590 "t1", create_info=create_info@entry=0x14b940070200) at /test/preview-11.3-preview_dbg/sql/sql_table.cc:12498
#2 0x000055e400f3dc30 in create_table_impl (thd=thd@entry=0x14b8a4000d58, ddl_log_state_create=ddl_log_state_create@entry=0x14b94006ff80, ddl_log_state_rm=<optimized out>, ddl_log_state_rm@entry=0x14b940070110, orig_db=@0x14b8a40135e0: {str = 0x14b8a4013cd8 "test", length = 4}, orig_table_name=@0x14b8a40135f0: {str = 0x14b8a4013590 "t1", length = 2}, db=@0x14b8a40135e0: {str = 0x14b8a4013cd8 "test", length = 4}, table_name=@0x14b8a40135f0: {str = 0x14b8a4013590 "t1", length = 2}, path=@0x14b94006fc40: {str = 0x14b94006fc60 "./test/t1", length = 9}, options=<optimized out>, create_info=0x14b940070200, alter_info=0x14b940070020, create_table_mode=0, is_trans=0x14b94006ff60, key_info=0x14b94006fc38, key_count=0x14b94006fc34, frm=0x14b94006fc50) at /test/preview-11.3-preview_dbg/sql/sql_table.cc:4576
#3 0x000055e400f3eae2 in mysql_create_table_no_lock (thd=thd@entry=0x14b8a4000d58, ddl_log_state_create=ddl_log_state_create@entry=0x14b94006ff80, ddl_log_state_rm=ddl_log_state_rm@entry=0x14b940070110, db=db@entry=0x14b8a40135e0, table_name=table_name@entry=0x14b8a40135f0, create_info=create_info@entry=0x14b940070200, alter_info=0x14b940070020, is_trans=0x14b94006ff60, create_table_mode=0, table_list=0x14b8a40135c8) at /test/preview-11.3-preview_dbg/sql/sql_table.cc:4766
#4 0x000055e400f409f2 in mysql_create_table (alter_info=0x14b940070020, create_info=0x14b940070200, create_table=0x14b8a40135c8, thd=0x14b8a4000d58) at /test/preview-11.3-preview_dbg/sql/sql_table.cc:4882
#5 Sql_cmd_create_table_like::execute (this=<optimized out>, thd=0x14b8a4000d58) at /test/preview-11.3-preview_dbg/sql/sql_table.cc:12819
#6 0x000055e400e5f0d2 in mysql_execute_command (thd=thd@entry=0x14b8a4000d58, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/preview-11.3-preview_dbg/sql/sql_parse.cc:5723
#7 0x000055e400e60433 in mysql_parse (thd=thd@entry=0x14b8a4000d58, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14b9400721e0) at /test/preview-11.3-preview_dbg/sql/sql_parse.cc:7734
#8 0x000055e400e627a9 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14b8a4000d58, packet=packet@entry=0x14b8a400b119 "CREATE TABLE t1 (a INT) ENGINE=Spider AUTO_INCREMENT_MODE=4;", packet_length=packet_length@entry=60, blocking=blocking@entry=true) at /test/preview-11.3-preview_dbg/sql/sql_class.h:251
#9 0x000055e400e648d6 in do_command (thd=0x14b8a4000d58, blocking=blocking@entry=true) at /test/preview-11.3-preview_dbg/sql/sql_parse.cc:1406
#10 0x000055e400fc46a3 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55e403b2ecf8, put_in_cache=put_in_cache@entry=true) at /test/preview-11.3-preview_dbg/sql/sql_connect.cc:1445
#11 0x000055e400fc4998 in handle_one_connection (arg=arg@entry=0x55e403b2ecf8) at /test/preview-11.3-preview_dbg/sql/sql_connect.cc:1347
#12 0x000055e4014073ba in pfs_spawn_thread (arg=0x55e403aaa618) at /test/preview-11.3-preview_dbg/storage/perfschema/pfs.cc:2201
#13 0x000014b958694ac3 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
#14 0x000014b958726a40 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

The crash always seems to happen on line 5546 in sql/handler.h:

db_type == view_pseudo_hton ? "VIEW" : hton_name(db_type)->str);

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

MDEV-32487_1.sql
25 kB
2024-01-17 00:44

Activity

People

Assignee:: Sergei Golubchik

Reporter:: Roel Van de Paar

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2023-10-17 06:41

Updated:: 2 days ago 23:09

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.