SIGSEGV and UBSAN member access within null pointer in spider_db_get_row_from_tmp_tbl, Assertion `((&(&conn->mta_conn_mutex)->m_mutex)->count > 0 && pthread_equal(pthread_self(), (&(&conn->mta_conn_mutex)->m_mutex)->thread))' failed in spider_db_errorno

INSTALL PLUGIN Spider SONAME 'ha_spider.so';

CREATE SERVER srv FOREIGN DATA WRAPPER MYSQL OPTIONS (SOCKET '../socket.sock',DATABASE'',USER'',PASSWORD'');

CREATE TABLE t (c INT KEY,c1 BLOB,c2 TEXT) ENGINE=InnoDB;

INSERT INTO t VALUES (1,0,0),(2,0,0);

CREATE TABLE t1 (c INT KEY,c1 BLOB,c2 TEXT) ENGINE=Spider COMMENT='WRAPPER "mysql",SRV "srv",TABLE "t"';

SET spider_disable_group_by_handler=1, spider_quick_page_byte=0, spider_bgs_mode=1;

SELECT * FROM t1;

Core was generated by `/test/MD271223-mariadb-11.4.0-linux-x86_64-opt/bin/mariadbd --no-defaults --cor'.

Program terminated with signal SIGSEGV, Segmentation fault.

#0  0x000014e33c0679e1 in spider_db_get_row_from_tmp_tbl (

    current=0x14e2a0015a48, row=row@entry=0x14e33c165938)

    at /test/11.4_opt/storage/spider/spd_db_conn.cc:2326

[Current thread is 1 (Thread 0x14e33c168640 (LWP 1622666))]

(gdb) bt

#0  0x000014e33c0679e1 in spider_db_get_row_from_tmp_tbl (current=0x14e2a0015a48, row=row@entry=0x14e33c165938) at /test/11.4_opt/storage/spider/spd_db_conn.cc:2326

#1  0x000014e33c0683c9 in spider_db_fetch_minimum_columns (spider=spider@entry=0x14e30c05cbe0, buf=0x14e30c212af8 "\374\002", table=0x14e30c2126e8, result_list=0x14e30c05d1a8) at /test/11.4_opt/storage/spider/spd_db_conn.cc:2655

#2  0x000014e33c06b9ab in spider_db_fetch (buf=<optimized out>, spider=0x14e30c05cbe0, table=<optimized out>) at /test/11.4_opt/storage/spider/spd_db_conn.cc:3956

#3  0x000014e33c06bc69 in spider_db_seek_next (buf=buf@entry=0x14e30c212af8 "\374\002", spider=spider@entry=0x14e30c05cbe0, link_idx=<optimized out>, table=0x14e30c212af8) at /test/11.4_opt/storage/spider/spd_db_conn.cc:4406

#4  0x000014e33c0b6c90 in ha_spider::rnd_next_internal (this=0x14e30c05cbe0, buf=<optimized out>) at /test/11.4_opt/storage/spider/ha_spider.cc:5772

#5  0x00005615b2311cf7 in handler::ha_rnd_next (this=0x14e30c05cbe0, buf=0x14e30c212af8 "\374\002") at /test/11.4_opt/sql/handler.cc:3627

#6  0x00005615b1fb9144 in rr_sequential (info=0x14e30c023660) at /test/11.4_opt/sql/records.cc:513

#7  0x00005615b20d89d7 in READ_RECORD::read_record (this=0x14e30c023660) at /test/11.4_opt/sql/records.h:81

#8  sub_select (join=0x14e30c012330, join_tab=0x14e30c023590, end_of_records=false) at /test/11.4_opt/sql/sql_select.cc:23517

#9  0x00005615b210ba9f in do_select (procedure=<optimized out>, join=0x14e30c012330) at /test/11.4_opt/sql/sql_select.cc:23017

#10 JOIN::exec_inner (this=0x14e30c012330) at /test/11.4_opt/sql/sql_select.cc:4940

#11 0x00005615b210beee in JOIN::exec (this=this@entry=0x14e30c012330) at /test/11.4_opt/sql/sql_select.cc:4726

#12 0x00005615b2109e6c in mysql_select (thd=0x14e30c000c68, tables=0x14e30c0111a0, fields=<optimized out>, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x14e30c012308, unit=0x14e30c004f20, select_lex=0x14e30c010b80) at /test/11.4_opt/sql/sql_select.cc:5249

#13 0x00005615b210a664 in handle_select (thd=thd@entry=0x14e30c000c68, lex=lex@entry=0x14e30c004e40, result=result@entry=0x14e30c012308, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/11.4_opt/sql/sql_select.cc:628

#14 0x00005615b207edd5 in execute_sqlcom_select (thd=0x14e30c000c68, all_tables=0x14e30c0111a0) at /test/11.4_opt/sql/sql_parse.cc:6029

#15 0x00005615b208df72 in mysql_execute_command (thd=0x14e30c000c68, is_called_from_prepared_stmt=<optimized out>) at /test/11.4_opt/sql/sql_parse.cc:3924

#16 0x00005615b208f346 in mysql_parse (thd=0x14e30c000c68, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/11.4_opt/sql/sql_parse.cc:7748

#17 0x00005615b2091aed in dispatch_command (command=COM_QUERY, thd=0x14e30c000c68, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/11.4_opt/sql/sql_parse.cc:1992

#18 0x00005615b20938a0 in do_command (thd=0x14e30c000c68, blocking=blocking@entry=true) at /test/11.4_opt/sql/sql_parse.cc:1406

#19 0x00005615b21bda1f in do_handle_one_connection (connect=<optimized out>, put_in_cache=true) at /test/11.4_opt/sql/sql_connect.cc:1418

#20 0x00005615b21bdd6d in handle_one_connection (arg=arg@entry=0x5615b44b2188) at /test/11.4_opt/sql/sql_connect.cc:1320

#21 0x00005615b2567561 in pfs_spawn_thread (arg=0x5615b44d9b38) at /test/11.4_opt/storage/perfschema/pfs.cc:2201

#22 0x000014e354c94ac3 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442

#23 0x000014e354d26660 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

mariadbd: /test/11.4_dbg/storage/spider/spd_db_conn.cc:672: int spider_db_errorno(SPIDER_CONN*): Assertion `((&(&conn->mta_conn_mutex)->m_mutex)->count > 0 && pthread_equal(pthread_self(), (&(&conn->mta_conn_mutex)->m_mutex)->thread))' failed.

Core was generated by `/test/MD271223-mariadb-11.4.0-linux-x86_64-dbg/bin/mariadbd --no-defaults --max'.

Program terminated with signal SIGABRT, Aborted.

#0  __pthread_kill_implementation (no_tid=0, signo=6, threadid=23427545036352)

    at ./nptl/pthread_kill.c:44

[Current thread is 1 (Thread 0x154ea67ff640 (LWP 1630543))]

(gdb) bt

#0  __pthread_kill_implementation (no_tid=0, signo=6, threadid=23427545036352) at ./nptl/pthread_kill.c:44

#1  __pthread_kill_internal (signo=6, threadid=23427545036352) at ./nptl/pthread_kill.c:78

#2  __GI___pthread_kill (threadid=23427545036352, signo=signo@entry=6) at ./nptl/pthread_kill.c:89

#3  0x0000154f11842476 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26

#4  0x0000154f118287f3 in __GI_abort () at ./stdlib/abort.c:79

#5  0x0000154f1182871b in __assert_fail_base (fmt=0x154f119dd130 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x154efc1c88d0 "((&(&conn->mta_conn_mutex)->m_mutex)->count > 0 && pthread_equal(pthread_self(), (&(&conn->mta_conn_mutex)->m_mutex)->thread))", file=0x154efc1c87b0 "/test/11.4_dbg/storage/spider/spd_db_conn.cc", line=672, function=<optimized out>) at ./assert/assert.c:92

#6  0x0000154f11839e96 in __GI___assert_fail (assertion=0x154efc1c88d0 "((&(&conn->mta_conn_mutex)->m_mutex)->count > 0 && pthread_equal(pthread_self(), (&(&conn->mta_conn_mutex)->m_mutex)->thread))", file=0x154efc1c87b0 "/test/11.4_dbg/storage/spider/spd_db_conn.cc", line=672, function=0x154efc1c89a8 "int spider_db_errorno(SPIDER_CONN*)") at ./assert/assert.c:101

#7  0x0000154efc125cfb in spider_db_errorno (conn=conn@entry=0x154ec423ea58) at /test/11.4_dbg/storage/spider/spd_db_conn.cc:672

#8  0x0000154efc12b642 in spider_db_store_result (spider=spider@entry=0x154ec40aaca0, link_idx=0, table=0x154ec40c0968) at /test/11.4_dbg/storage/spider/spd_db_conn.cc:3304

#9  0x0000154efc1434af in spider_bg_conn_action (arg=0x154ec423ea58) at /test/11.4_dbg/storage/spider/spd_conn.cc:2672

#10 0x0000154f11894ac3 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442

#11 0x0000154f11926660 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81