Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-33197

SIGSEGV and UBSAN member access [within/on] null pointer in spider_db_get_row_from_tmp_tbl, Assertion in spider_db_errorno and SIGSEGV in spider_db_store_result

Details

    Description

      INSTALL PLUGIN Spider SONAME 'ha_spider.so';
      		 
      CREATE SERVER srv FOREIGN DATA WRAPPER MYSQL OPTIONS (SOCKET '../socket.sock',DATABASE'',USER'',PASSWORD'');
      		 
      CREATE TABLE t (c INT KEY,c1 BLOB,c2 TEXT) ENGINE=InnoDB;
      		 
      INSERT INTO t VALUES (1,0,0),(2,0,0);
      		 
      CREATE TABLE t1 (c INT KEY,c1 BLOB,c2 TEXT) ENGINE=Spider COMMENT='WRAPPER "mysql",SRV "srv",TABLE "t"';
      		 
      SET spider_disable_group_by_handler=1, spider_quick_page_byte=0, spider_bgs_mode=1;
      		 
      SELECT * FROM t1;

      Leads to:

      11.4.0 9bd95e914f3f12d0d9d93e7a1f2c49e6e8841f17 (Optimized)

      		 
      Core was generated by `/test/MD271223-mariadb-11.4.0-linux-x86_64-opt/bin/mariadbd --no-defaults --cor'.
      		 
      Program terminated with signal SIGSEGV, Segmentation fault.
      		 
      #0  0x000014e33c0679e1 in spider_db_get_row_from_tmp_tbl (
      		 
          current=0x14e2a0015a48, row=row@entry=0x14e33c165938)
      		 
          at /test/11.4_opt/storage/spider/spd_db_conn.cc:2326
      		 
      [Current thread is 1 (Thread 0x14e33c168640 (LWP 1622666))]
      		 
      (gdb) bt
      		 
      #0  0x000014e33c0679e1 in spider_db_get_row_from_tmp_tbl (current=0x14e2a0015a48, row=row@entry=0x14e33c165938) at /test/11.4_opt/storage/spider/spd_db_conn.cc:2326
      		 
      #1  0x000014e33c0683c9 in spider_db_fetch_minimum_columns (spider=spider@entry=0x14e30c05cbe0, buf=0x14e30c212af8 "\374\002", table=0x14e30c2126e8, result_list=0x14e30c05d1a8) at /test/11.4_opt/storage/spider/spd_db_conn.cc:2655
      		 
      #2  0x000014e33c06b9ab in spider_db_fetch (buf=<optimized out>, spider=0x14e30c05cbe0, table=<optimized out>) at /test/11.4_opt/storage/spider/spd_db_conn.cc:3956
      		 
      #3  0x000014e33c06bc69 in spider_db_seek_next (buf=buf@entry=0x14e30c212af8 "\374\002", spider=spider@entry=0x14e30c05cbe0, link_idx=<optimized out>, table=0x14e30c212af8) at /test/11.4_opt/storage/spider/spd_db_conn.cc:4406
      		 
      #4  0x000014e33c0b6c90 in ha_spider::rnd_next_internal (this=0x14e30c05cbe0, buf=<optimized out>) at /test/11.4_opt/storage/spider/ha_spider.cc:5772
      		 
      #5  0x00005615b2311cf7 in handler::ha_rnd_next (this=0x14e30c05cbe0, buf=0x14e30c212af8 "\374\002") at /test/11.4_opt/sql/handler.cc:3627
      		 
      #6  0x00005615b1fb9144 in rr_sequential (info=0x14e30c023660) at /test/11.4_opt/sql/records.cc:513
      		 
      #7  0x00005615b20d89d7 in READ_RECORD::read_record (this=0x14e30c023660) at /test/11.4_opt/sql/records.h:81
      		 
      #8  sub_select (join=0x14e30c012330, join_tab=0x14e30c023590, end_of_records=false) at /test/11.4_opt/sql/sql_select.cc:23517
      		 
      #9  0x00005615b210ba9f in do_select (procedure=<optimized out>, join=0x14e30c012330) at /test/11.4_opt/sql/sql_select.cc:23017
      		 
      #10 JOIN::exec_inner (this=0x14e30c012330) at /test/11.4_opt/sql/sql_select.cc:4940
      		 
      #11 0x00005615b210beee in JOIN::exec (this=this@entry=0x14e30c012330) at /test/11.4_opt/sql/sql_select.cc:4726
      		 
      #12 0x00005615b2109e6c in mysql_select (thd=0x14e30c000c68, tables=0x14e30c0111a0, fields=<optimized out>, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x14e30c012308, unit=0x14e30c004f20, select_lex=0x14e30c010b80) at /test/11.4_opt/sql/sql_select.cc:5249
      		 
      #13 0x00005615b210a664 in handle_select (thd=thd@entry=0x14e30c000c68, lex=lex@entry=0x14e30c004e40, result=result@entry=0x14e30c012308, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/11.4_opt/sql/sql_select.cc:628
      		 
      #14 0x00005615b207edd5 in execute_sqlcom_select (thd=0x14e30c000c68, all_tables=0x14e30c0111a0) at /test/11.4_opt/sql/sql_parse.cc:6029
      		 
      #15 0x00005615b208df72 in mysql_execute_command (thd=0x14e30c000c68, is_called_from_prepared_stmt=<optimized out>) at /test/11.4_opt/sql/sql_parse.cc:3924
      		 
      #16 0x00005615b208f346 in mysql_parse (thd=0x14e30c000c68, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/11.4_opt/sql/sql_parse.cc:7748
      		 
      #17 0x00005615b2091aed in dispatch_command (command=COM_QUERY, thd=0x14e30c000c68, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/11.4_opt/sql/sql_parse.cc:1992
      		 
      #18 0x00005615b20938a0 in do_command (thd=0x14e30c000c68, blocking=blocking@entry=true) at /test/11.4_opt/sql/sql_parse.cc:1406
      		 
      #19 0x00005615b21bda1f in do_handle_one_connection (connect=<optimized out>, put_in_cache=true) at /test/11.4_opt/sql/sql_connect.cc:1418
      		 
      #20 0x00005615b21bdd6d in handle_one_connection (arg=arg@entry=0x5615b44b2188) at /test/11.4_opt/sql/sql_connect.cc:1320
      		 
      #21 0x00005615b2567561 in pfs_spawn_thread (arg=0x5615b44d9b38) at /test/11.4_opt/storage/perfschema/pfs.cc:2201
      		 
      #22 0x000014e354c94ac3 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
      		 
      #23 0x000014e354d26660 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

      11.4.0 9bd95e914f3f12d0d9d93e7a1f2c49e6e8841f17 (Debug)

      		 
      mariadbd: /test/11.4_dbg/storage/spider/spd_db_conn.cc:672: int spider_db_errorno(SPIDER_CONN*): Assertion `((&(&conn->mta_conn_mutex)->m_mutex)->count > 0 && pthread_equal(pthread_self(), (&(&conn->mta_conn_mutex)->m_mutex)->thread))' failed.

      11.4.0 9bd95e914f3f12d0d9d93e7a1f2c49e6e8841f17 (Debug)

      		 
      Core was generated by `/test/MD271223-mariadb-11.4.0-linux-x86_64-dbg/bin/mariadbd --no-defaults --max'.
      		 
      Program terminated with signal SIGABRT, Aborted.
      		 
      #0  __pthread_kill_implementation (no_tid=0, signo=6, threadid=23427545036352)
      		 
          at ./nptl/pthread_kill.c:44
      		 
      [Current thread is 1 (Thread 0x154ea67ff640 (LWP 1630543))]
      		 
      (gdb) bt
      		 
      #0  __pthread_kill_implementation (no_tid=0, signo=6, threadid=23427545036352) at ./nptl/pthread_kill.c:44
      		 
      #1  __pthread_kill_internal (signo=6, threadid=23427545036352) at ./nptl/pthread_kill.c:78
      		 
      #2  __GI___pthread_kill (threadid=23427545036352, signo=signo@entry=6) at ./nptl/pthread_kill.c:89
      		 
      #3  0x0000154f11842476 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
      		 
      #4  0x0000154f118287f3 in __GI_abort () at ./stdlib/abort.c:79
      		 
      #5  0x0000154f1182871b in __assert_fail_base (fmt=0x154f119dd130 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x154efc1c88d0 "((&(&conn->mta_conn_mutex)->m_mutex)->count > 0 && pthread_equal(pthread_self(), (&(&conn->mta_conn_mutex)->m_mutex)->thread))", file=0x154efc1c87b0 "/test/11.4_dbg/storage/spider/spd_db_conn.cc", line=672, function=<optimized out>) at ./assert/assert.c:92
      		 
      #6  0x0000154f11839e96 in __GI___assert_fail (assertion=0x154efc1c88d0 "((&(&conn->mta_conn_mutex)->m_mutex)->count > 0 && pthread_equal(pthread_self(), (&(&conn->mta_conn_mutex)->m_mutex)->thread))", file=0x154efc1c87b0 "/test/11.4_dbg/storage/spider/spd_db_conn.cc", line=672, function=0x154efc1c89a8 "int spider_db_errorno(SPIDER_CONN*)") at ./assert/assert.c:101
      		 
      #7  0x0000154efc125cfb in spider_db_errorno (conn=conn@entry=0x154ec423ea58) at /test/11.4_dbg/storage/spider/spd_db_conn.cc:672
      		 
      #8  0x0000154efc12b642 in spider_db_store_result (spider=spider@entry=0x154ec40aaca0, link_idx=0, table=0x154ec40c0968) at /test/11.4_dbg/storage/spider/spd_db_conn.cc:3304
      		 
      #9  0x0000154efc1434af in spider_bg_conn_action (arg=0x154ec423ea58) at /test/11.4_dbg/storage/spider/spd_conn.cc:2672
      		 
      #10 0x0000154f11894ac3 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
      		 
      #11 0x0000154f11926660 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

      Bug confirmed present in:
      MariaDB: 10.11.7 (dbg), 10.11.7 (opt), 11.0.5 (dbg), 11.0.5 (opt), 11.1.4 (dbg), 11.1.4 (opt), 11.2.3 (dbg), 11.2.3 (opt), 11.3.2 (dbg), 11.3.2 (opt), 11.4.0 (dbg), 11.4.0 (opt)

      Attachments

        Issue Links

          relates to

          Task - A task that needs to be done. MDEV-32238 Add a switch to disable spider group by handler

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-35881 SIGSEGV in __strcmp_evex() from my_load_defaults on INSERT when using DEFAULT_GROUP and UBSAN: runtime error: member access within null pointer of type 'struct st_my_thread_var'

          • Major - Major loss of function.
          • Confirmed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-36325 Test spider/bg.spider_fixes segv when the group by handler is disabled

          • Critical - Crashes, loss of data, severe memory leak.
          • Open

          Bug - A problem which impairs or prevents the functions of the product. MDEV-34769 Spider: Assertions `status_var.local_memory_used == 0 || !debug_assert_on_not_freed_memory', `thd->status_var.tmp_space_used >= track->previous_file_size' and `!table || !table->in_use || table->in_use == _current_thd()' failed

          • Major - Major loss of function.
          • Confirmed

          Activity

            Ascending order - Click to sort in descending order
            View 4 older comments
            Roel Roel Van de Paar added a comment - - edited

            Additional testcase with different (and concerningly short) stack:

            INSTALL PLUGIN Spider SONAME 'ha_spider.so';
            		 
            SET spider_bgs_mode=1;
            		 
            CREATE SERVER srv FOREIGN DATA WRAPPER MYSQL OPTIONS (SOCKET '../socket.sock',DATABASE'',USER'',PASSWORD'');
            		 
            CREATE TABLE t1 (c INT KEY,c1 BLOB) ENGINE=InnoDB;
            		 
            CREATE TABLE t2 (c INT KEY,c1 BLOB) ENGINE=InnoDB;
            		 
            INSERT INTO t1 VALUES (0,0);
            		 
            CREATE TABLE t3 (c INT KEY,c1 BLOB,c2 TEXT) ENGINE=Spider COMMENT='WRAPPER "mysql",SRV "srv",TABLE "t2"';
            		 
            INSERT INTO t1 VALUES (1,1);
            		 
            INSERT INTO t2 VALUES (1,1),(2,2);
            		 
            SELECT * FROM t1 WHERE NOT EXISTS (SELECT * FROM t3 WHERE t1.c1=t3.c1);

            Leads to:

            CS 11.2.6 e91a79945822def1452787f825e6047c6a64dbd9 (Debug)

            		 
            Core was generated by `/test/MD090924-mariadb-11.2.6-linux-x86_64-dbg/bin/mariadbd --no-defaults --max'.
            		 
            Program terminated with signal SIGSEGV, Segmentation fault.
            		 
            #0  0x000014ef1c3322c2 in spider_db_store_result (spider=spider@entry=0x14eed40c14c0, link_idx=0, table=0x14eed405a5b8)at /test/11.2_dbg/storage/spider/spd_db_conn.cc:3141
            		 
             
            		 
            [Current thread is 1 (LWP 3458303)]
            		 
            (gdb) bt
            		 
            #0  0x000014ef1c3322c2 in spider_db_store_result (spider=spider@entry=0x14eed40c14c0, link_idx=0, table=0x14eed405a5b8)at /test/11.2_dbg/storage/spider/spd_db_conn.cc:3141
            		 
            #1  0x000014ef1c34af96 in spider_bg_conn_action (arg=0x14eed4090c38)at /test/11.2_dbg/storage/spider/spd_conn.cc:2610
            		 
            #2  0x000014ef30c9ca94 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447
            		 
            #3  0x000014ef30d29c3c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

            CS 11.7.0 5bbda9711131845ae6b4315a268b4d1710943a85 (Debug, UBASAN)

            		 
            /test/11.7_dbg_san/storage/spider/spd_db_conn.cc:3141:53: runtime error: member call on null pointer of type 'struct SPIDER_DB_RESULT'
            		 
                #0 0x14baebeb1dc4  (/test/UBASAN_MD090924-mariadb-11.7.0-linux-x86_64-dbg/lib/plugin/ha_spider.so+0x6b1dc4) (BuildId: 0505996a04cbcecf23f3da50bfc407f84294edad)
            		 
                #1 0x14baebf458b0  (/test/UBASAN_MD090924-mariadb-11.7.0-linux-x86_64-dbg/lib/plugin/ha_spider.so+0x7458b0) (BuildId: 0505996a04cbcecf23f3da50bfc407f84294edad)
            		 
                #2 0x55f474ac01e9 in asan_thread_start(void*) (/test/UBASAN_MD090924-mariadb-11.7.0-linux-x86_64-dbg/bin/mariadbd+0x7d1e1e9) (BuildId: 4b8c1741cf0d7a713ea5d94dcb62211d213957ae)
            		 
                #3 0x14bb2ec9ca93 in start_thread nptl/pthread_create.c:447
            		 
                #4 0x14bb2ed29c3b in clone3 ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
            		 
             
            		 
            /test/11.7_dbg_san/storage/spider/spd_db_conn.cc:3141:53: runtime error: member access within null pointer of type 'struct SPIDER_DB_RESULT'
            		 
                #0 0x14baebeb1dda  (/test/UBASAN_MD090924-mariadb-11.7.0-linux-x86_64-dbg/lib/plugin/ha_spider.so+0x6b1dda) (BuildId: 0505996a04cbcecf23f3da50bfc407f84294edad)
            		 
                #1 0x14baebf458b0  (/test/UBASAN_MD090924-mariadb-11.7.0-linux-x86_64-dbg/lib/plugin/ha_spider.so+0x7458b0) (BuildId: 0505996a04cbcecf23f3da50bfc407f84294edad)
            		 
                #2 0x55f474ac01e9 in asan_thread_start(void*) (/test/UBASAN_MD090924-mariadb-11.7.0-linux-x86_64-dbg/bin/mariadbd+0x7d1e1e9) (BuildId: 4b8c1741cf0d7a713ea5d94dcb62211d213957ae)
            		 
                #3 0x14bb2ec9ca93 in start_thread nptl/pthread_create.c:447
            		 
                #4 0x14bb2ed29c3b in clone3 ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

            MTR Testcase for the same:

            --source include/have_innodb.inc
            		 
            --source plugin/spider/spider/include/init_spider.inc
            		 
            SET spider_same_server_link=on;
            		 
            eval CREATE SERVER srv FOREIGN DATA WRAPPER MYSQL OPTIONS (HOST "127.0.0.1", DATABASE "test", USER "root", PORT $MASTER_MYPORT);
            		 
            SET spider_bgs_mode=1;
            		 
            CREATE TABLE t1 (c INT KEY,c1 BLOB) ENGINE=InnoDB;
            		 
            CREATE TABLE t2 (c INT KEY,c1 BLOB) ENGINE=InnoDB;
            		 
            INSERT INTO t1 VALUES (0,0);
            		 
            CREATE TABLE t3 (c INT KEY,c1 BLOB,c2 TEXT) ENGINE=Spider COMMENT='WRAPPER "mysql",SRV "srv",TABLE "t2"';
            		 
            INSERT INTO t1 VALUES (1,1);
            		 
            INSERT INTO t2 VALUES (1,1),(2,2);
            		 
            SELECT * FROM t1 WHERE NOT EXISTS (SELECT * FROM t3 WHERE t1.c1=t3.c1);

            Bug confirmed present in:
            MariaDB: 10.5.27 (dbg), 10.5.27 (opt), 10.6.20 (dbg), 10.6.20 (opt), 10.11.10 (dbg), 10.11.10 (opt), 11.2.6 (dbg), 11.2.6 (opt), 11.4.4 (dbg), 11.4.4 (opt), 11.6.2 (dbg), 11.6.2 (opt), 11.7.0 (dbg), 11.7.0 (opt)

            Roel Roel Van de Paar added a comment - - edited Additional testcase with different (and concerningly short) stack: INSTALL PLUGIN Spider SONAME 'ha_spider.so' ; SET spider_bgs_mode=1; CREATE SERVER srv FOREIGN DATA WRAPPER MYSQL OPTIONS (SOCKET '../socket.sock' , DATABASE '' , USER '' , PASSWORD '' ); CREATE TABLE t1 (c INT KEY ,c1 BLOB) ENGINE=InnoDB; CREATE TABLE t2 (c INT KEY ,c1 BLOB) ENGINE=InnoDB; INSERT INTO t1 VALUES (0,0); CREATE TABLE t3 (c INT KEY ,c1 BLOB,c2 TEXT) ENGINE=Spider COMMENT= 'WRAPPER "mysql",SRV "srv",TABLE "t2"' ; INSERT INTO t1 VALUES (1,1); INSERT INTO t2 VALUES (1,1),(2,2); SELECT * FROM t1 WHERE NOT EXISTS ( SELECT * FROM t3 WHERE t1.c1=t3.c1); Leads to: CS 11.2.6 e91a79945822def1452787f825e6047c6a64dbd9 (Debug) Core was generated by `/test/MD090924-mariadb-11.2.6-linux-x86_64-dbg/bin/mariadbd --no-defaults --max'. Program terminated with signal SIGSEGV, Segmentation fault. #0 0x000014ef1c3322c2 in spider_db_store_result (spider=spider@entry=0x14eed40c14c0, link_idx=0, table=0x14eed405a5b8)at /test/11.2_dbg/storage/spider/spd_db_conn.cc:3141   [Current thread is 1 (LWP 3458303)] (gdb) bt #0 0x000014ef1c3322c2 in spider_db_store_result (spider=spider@entry=0x14eed40c14c0, link_idx=0, table=0x14eed405a5b8)at /test/11.2_dbg/storage/spider/spd_db_conn.cc:3141 #1 0x000014ef1c34af96 in spider_bg_conn_action (arg=0x14eed4090c38)at /test/11.2_dbg/storage/spider/spd_conn.cc:2610 #2 0x000014ef30c9ca94 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447 #3 0x000014ef30d29c3c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78 CS 11.7.0 5bbda9711131845ae6b4315a268b4d1710943a85 (Debug, UBASAN) /test/11.7_dbg_san/storage/spider/spd_db_conn.cc:3141:53: runtime error: member call on null pointer of type 'struct SPIDER_DB_RESULT' #0 0x14baebeb1dc4 (/test/UBASAN_MD090924-mariadb-11.7.0-linux-x86_64-dbg/lib/plugin/ha_spider.so+0x6b1dc4) (BuildId: 0505996a04cbcecf23f3da50bfc407f84294edad) #1 0x14baebf458b0 (/test/UBASAN_MD090924-mariadb-11.7.0-linux-x86_64-dbg/lib/plugin/ha_spider.so+0x7458b0) (BuildId: 0505996a04cbcecf23f3da50bfc407f84294edad) #2 0x55f474ac01e9 in asan_thread_start(void*) (/test/UBASAN_MD090924-mariadb-11.7.0-linux-x86_64-dbg/bin/mariadbd+0x7d1e1e9) (BuildId: 4b8c1741cf0d7a713ea5d94dcb62211d213957ae) #3 0x14bb2ec9ca93 in start_thread nptl/pthread_create.c:447 #4 0x14bb2ed29c3b in clone3 ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78   /test/11.7_dbg_san/storage/spider/spd_db_conn.cc:3141:53: runtime error: member access within null pointer of type 'struct SPIDER_DB_RESULT' #0 0x14baebeb1dda (/test/UBASAN_MD090924-mariadb-11.7.0-linux-x86_64-dbg/lib/plugin/ha_spider.so+0x6b1dda) (BuildId: 0505996a04cbcecf23f3da50bfc407f84294edad) #1 0x14baebf458b0 (/test/UBASAN_MD090924-mariadb-11.7.0-linux-x86_64-dbg/lib/plugin/ha_spider.so+0x7458b0) (BuildId: 0505996a04cbcecf23f3da50bfc407f84294edad) #2 0x55f474ac01e9 in asan_thread_start(void*) (/test/UBASAN_MD090924-mariadb-11.7.0-linux-x86_64-dbg/bin/mariadbd+0x7d1e1e9) (BuildId: 4b8c1741cf0d7a713ea5d94dcb62211d213957ae) #3 0x14bb2ec9ca93 in start_thread nptl/pthread_create.c:447 #4 0x14bb2ed29c3b in clone3 ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78 MTR Testcase for the same: --source include/have_innodb.inc --source plugin/spider/spider/include/init_spider.inc SET spider_same_server_link= on ; eval CREATE SERVER srv FOREIGN DATA WRAPPER MYSQL OPTIONS (HOST "127.0.0.1" , DATABASE "test" , USER "root" , PORT $MASTER_MYPORT); SET spider_bgs_mode=1; CREATE TABLE t1 (c INT KEY ,c1 BLOB) ENGINE=InnoDB; CREATE TABLE t2 (c INT KEY ,c1 BLOB) ENGINE=InnoDB; INSERT INTO t1 VALUES (0,0); CREATE TABLE t3 (c INT KEY ,c1 BLOB,c2 TEXT) ENGINE=Spider COMMENT= 'WRAPPER "mysql",SRV "srv",TABLE "t2"' ; INSERT INTO t1 VALUES (1,1); INSERT INTO t2 VALUES (1,1),(2,2); SELECT * FROM t1 WHERE NOT EXISTS ( SELECT * FROM t3 WHERE t1.c1=t3.c1); Bug confirmed present in: MariaDB: 10.5.27 (dbg), 10.5.27 (opt), 10.6.20 (dbg), 10.6.20 (opt), 10.11.10 (dbg), 10.11.10 (opt), 11.2.6 (dbg), 11.2.6 (opt), 11.4.4 (dbg), 11.4.4 (opt), 11.6.2 (dbg), 11.6.2 (opt), 11.7.0 (dbg), 11.7.0 (opt)
            alice Alice Sherepa added a comment - 

            ./mtr spider/bg.basic_sql --view

            leads to sig 11 on 10.5-11.8

            250207 13:44:31 [ERROR] /10.5/bld/sql/mariadbd got signal 11 ;
            		 
             
            		 
            Server version: 10.5.28-MariaDB-debug-log source revision: 10fd2c207a8d79e038fba752a72129a3a0e94b6b
            		 
             
            		 
            sql/signal_handler.cc:229(handle_fatal_signal)[0x55a59414b8ba]
            		 
            sigaction.c:0(__restore_rt)[0x7f929d6f9420]
            		 
            spider/spd_db_conn.cc:3617(spider_db_store_result(ha_spider*, int, TABLE*))[0x7f9288a8ff6e]
            		 
            spider/spd_conn.cc:2628(spider_bg_conn_action(void*))[0x7f9288afdd4e]
            		 
            nptl/pthread_create.c:478(start_thread)[0x7f929d6ed609]
            		 
             
            		 
            Connection ID (thread ID): 9

            alice Alice Sherepa added a comment - ./mtr spider/bg.basic_sql --view leads to sig 11 on 10.5-11.8 250207 13:44:31 [ERROR] /10.5/bld/sql/mariadbd got signal 11 ;   Server version: 10.5.28-MariaDB-debug-log source revision: 10fd2c207a8d79e038fba752a72129a3a0e94b6b   sql/signal_handler.cc:229(handle_fatal_signal)[0x55a59414b8ba] sigaction.c:0(__restore_rt)[0x7f929d6f9420] spider/spd_db_conn.cc:3617(spider_db_store_result(ha_spider*, int, TABLE*))[0x7f9288a8ff6e] spider/spd_conn.cc:2628(spider_bg_conn_action(void*))[0x7f9288afdd4e] nptl/pthread_create.c:478(start_thread)[0x7f929d6ed609]   Connection ID (thread ID): 9
            Roel Roel Van de Paar added a comment - - edited

            Additional testcase:

            INSTALL PLUGIN Spider SONAME 'ha_spider.so';
            		 
            CREATE SERVER srv FOREIGN DATA WRAPPER mysql OPTIONS (SOCKET '../socket.sock',DATABASE'',USER'',PASSWORD'');
            		 
            CREATE TABLE t (c INT PRIMARY KEY,c1 BLOB,c2 TEXT) ENGINE=InnoDB;
            		 
            INSERT INTO t VALUES (1,'',''),(2,0,'');
            		 
            CREATE TABLE t2 (c INT PRIMARY KEY,c1 BLOB,c2 TEXT) ENGINE=Spider COMMENT='WRAPPER "mysql",SRV "srv",TABLE "t"';
            		 
            SET spider_bgs_mode=1;
            		 
            SET SESSION spider_quick_page_byte=0;
            		 
            ANALYZE TABLE t2 PERSISTENT FOR ALL;

            Leads to a variety of stacks, both SIGABRT's and UBSAN finds, including ones caused by this and by MDEV-34769.
            Full list of UniqueID's/stacks seen (one per line):

            ((&(&conn->mta_conn_mutex)->m_mutex)->count > 0 && pthread_equal(pthread_self(), (&(&conn->mta_conn_mutex)->m_mutex)->thread))|SIGABRT|spider_db_errorno|spider_db_store_result|spider_bg_conn_action|asan_thread_start
            		 
            ((&(&conn->mta_conn_mutex)->m_mutex)->count > 0 && pthread_equal(pthread_self(), (&(&conn->mta_conn_mutex)->m_mutex)->thread))|SIGABRT|temp_file_size_cb_func|_ma_update_tmp_file_size|ha_maria::drop_table|free_tmp_table
            		 
            UBSAN|member access within null pointer of type 'TABLE'|storage/spider/spd_db_conn.cc|spider_db_get_row_from_tmp_tbl|spider_db_fetch_minimum_columns|spider_db_fetch|ha_spider::rnd_next_internal
            		 
            UBSAN|member access within null pointer of type 'struct st_my_thread_var'|storage/spider/spd_table.cc|spider_create_sys_thd|spider_table_bg_sts_action|asan_thread_start|start_thread
            		 
            UBSAN|member access within null pointer of type 'struct st_my_thread_var'|storage/spider/spd_table.cc|spider_create_sys_thd|spider_table_bg_crd_action|asan_thread_start|start_thread

            I can detail these further if it will help.
            Note the spider_db_get_row_from_tmp_tbl issue (discussed in this MDEV) seemingly being distinct from the mutex issue.

            Roel Roel Van de Paar added a comment - - edited Additional testcase: INSTALL PLUGIN Spider SONAME 'ha_spider.so' ; CREATE SERVER srv FOREIGN DATA WRAPPER mysql OPTIONS (SOCKET '../socket.sock' , DATABASE '' , USER '' , PASSWORD '' ); CREATE TABLE t (c INT PRIMARY KEY ,c1 BLOB,c2 TEXT) ENGINE=InnoDB; INSERT INTO t VALUES (1, '' , '' ),(2,0, '' ); CREATE TABLE t2 (c INT PRIMARY KEY ,c1 BLOB,c2 TEXT) ENGINE=Spider COMMENT= 'WRAPPER "mysql",SRV "srv",TABLE "t"' ; SET spider_bgs_mode=1; SET SESSION spider_quick_page_byte=0; ANALYZE TABLE t2 PERSISTENT FOR ALL ; Leads to a variety of stacks, both SIGABRT's and UBSAN finds, including ones caused by this and by MDEV-34769 . Full list of UniqueID's/stacks seen (one per line): ((&(&conn->mta_conn_mutex)->m_mutex)->count > 0 && pthread_equal(pthread_self(), (&(&conn->mta_conn_mutex)->m_mutex)->thread))|SIGABRT|spider_db_errorno|spider_db_store_result|spider_bg_conn_action|asan_thread_start ((&(&conn->mta_conn_mutex)->m_mutex)->count > 0 && pthread_equal(pthread_self(), (&(&conn->mta_conn_mutex)->m_mutex)->thread))|SIGABRT|temp_file_size_cb_func|_ma_update_tmp_file_size|ha_maria::drop_table|free_tmp_table UBSAN|member access within null pointer of type 'TABLE'|storage/spider/spd_db_conn.cc|spider_db_get_row_from_tmp_tbl|spider_db_fetch_minimum_columns|spider_db_fetch|ha_spider::rnd_next_internal UBSAN|member access within null pointer of type 'struct st_my_thread_var'|storage/spider/spd_table.cc|spider_create_sys_thd|spider_table_bg_sts_action|asan_thread_start|start_thread UBSAN|member access within null pointer of type 'struct st_my_thread_var'|storage/spider/spd_table.cc|spider_create_sys_thd|spider_table_bg_crd_action|asan_thread_start|start_thread I can detail these further if it will help. Note the spider_db_get_row_from_tmp_tbl issue (discussed in this MDEV) seemingly being distinct from the mutex issue.
            Roel Roel Van de Paar added a comment -

            Additional testcase:

            INSTALL PLUGIN Spider SONAME 'ha_spider.so';
            		 
            CREATE SERVER srv FOREIGN DATA WRAPPER mysql OPTIONS (SOCKET '../socket.sock',DATABASE'',USER'',PASSWORD'');
            		 
            CREATE TABLE t (c INT,c1 BLOB,c2 TEXT) ENGINE=InnoDB;
            		 
            INSERT INTO t VALUES (0,0,0);
            		 
            CREATE TABLE t3 (c INT,c1 BLOB,c2 TEXT) ENGINE=Spider COMMENT='WRAPPER "mysql",SRV "srv",TABLE "t"';
            		 
            INSERT INTO t VALUES (0,0,0);
            		 
            START SLAVE UNTIL sql_after_gtids="a - b-c";
            		 
            SET spider_disable_group_by_handler=1,spider_quick_page_byte=0,spider_bgs_mode=1;
            		 
            SELECT * FROM t3;

            Which produces a offset SIGSEGV stack on an UBASAN opt build (NTS: after removing UBSAN failure):

            CS 11.8.1 a0b77eb806df51f15ef1f8d798f8d99187f9478a (Optimized, UBASAN, Clang) Build 26/04/2025

            		 
            Core was generated by `/test/UBASAN_MD260425-mariadb-11.8.1-linux-x86_64-opt/bin/mariadbd --no-default'.
            		 
            Program terminated with signal SIGSEGV, Segmentation fault.
            		 
            #0  __pthread_kill_implementation (no_tid=0, signo=11, threadid=<optimized out>) at ./nptl/pthread_kill.c:44
            		 
             
            		 
            [Current thread is 1 (LWP 142890)]
            		 
            (gdb) bt
            		 
            #0  __pthread_kill_implementation (no_tid=0, signo=11, threadid=<optimized out>) at ./nptl/pthread_kill.c:44
            		 
            #1  __pthread_kill_internal (signo=11, threadid=<optimized out>)at ./nptl/pthread_kill.c:78
            		 
            #2  __GI___pthread_kill (threadid=<optimized out>, signo=11)at ./nptl/pthread_kill.c:89
            		 
            #3  0x000061a6ca8d05e0 in handle_fatal_signal (sig=<optimized out>)at /test/11.8_opt_san/sql/signal_handler.cc:298
            		 
            #4  <signal handler called>
            		 
            #5  0x00007c63bec933c5 in spider_db_get_row_from_tmp_tbl (current=0x512000064868, row=row@entry=0x7c63bf2eb320)at /test/11.8_opt_san/storage/spider/spd_db_conn.cc:2278
            		 
            #6  0x00007c63bec98259 in spider_db_fetch_minimum_columns (spider=<optimized out>, buf=<optimized out>, table=0x5190000cf398, result_list=<optimized out>)at /test/11.8_opt_san/storage/spider/spd_db_conn.cc:2610
            		 
            #7  0x00007c63beca4ed9 in spider_db_fetch (buf=0x52500096fd00 <incomplete sequence \370>, spider=0x52500096f148, table=<optimized out>)at /test/11.8_opt_san/storage/spider/spd_db_conn.cc:3901
            		 
            #8  0x00007c63bee77589 in ha_spider::rnd_next_internal (this=0x52500096f148, buf=<optimized out>) at /test/11.8_opt_san/storage/spider/ha_spider.cc:4415
            		 
            #9  0x000061a6ca8f361d in handler::ha_rnd_next (this=0x52500096f148, buf=0x52500096fd00 <incomplete sequence \370>)at /test/11.8_opt_san/sql/handler.cc:3752
            		 
            #10 0x000061a6c96a93bd in rr_sequential (info=info@entry=0x52d0003c39b8)at /test/11.8_opt_san/sql/records.cc:509
            		 
            #11 0x000061a6c9c2d6e6 in READ_RECORD::read_record (this=<optimized out>)at /test/11.8_opt_san/sql/records.h:77
            		 
            #12 sub_select (join=<optimized out>, join_tab=join_tab@entry=0x52d0003c38e8, end_of_records=<optimized out>)at /test/11.8_opt_san/sql/sql_select.cc:24287
            		 
            #13 0x000061a6c9cbad14 in do_select (join=0x52d0003c1ce8, procedure=<optimized out>) at /test/11.8_opt_san/sql/sql_select.cc:23781
            		 
            #14 0x000061a6c9cb8127 in JOIN::exec_inner (this=0x52d0003c1ce8)at /test/11.8_opt_san/sql/sql_select.cc:5059
            		 
            #15 0x000061a6c9cb4e51 in JOIN::exec (this=0x52d0003c1ce8)at /test/11.8_opt_san/sql/sql_select.cc:4842
            		 
            #16 0x000061a6c9c315b7 in mysql_select (thd=0x52b000165218, tables=tables@entry=0x52d0003c0b40, fields=<optimized out>, conds=<optimized out>, og_num=og_num@entry=0, order=<optimized out>, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x52d0003c1cb8, unit=0x52b000169370, select_lex=0x52d0003c04c8)at /test/11.8_opt_san/sql/sql_select.cc:5375
            		 
            #17 0x000061a6c9c2fcf1 in handle_select (thd=thd@entry=0x52b000165218, lex=lex@entry=0x52b000169290, result=result@entry=0x52d0003c1cb8, setup_tables_done_option=setup_tables_done_option@entry=0)at /test/11.8_opt_san/sql/sql_select.cc:633
            		 
            #18 0x000061a6c9b1bbb2 in execute_sqlcom_select (thd=0x52b000165218, all_tables=<optimized out>) at /test/11.8_opt_san/sql/sql_parse.cc:6191
            		 
            #19 0x000061a6c9afccce in mysql_execute_command (thd=0x52b000165218, is_called_from_prepared_stmt=<optimized out>)at /test/11.8_opt_san/sql/sql_parse.cc:3979
            		 
            #20 0x000061a6c9ade121 in mysql_parse (thd=0x52b000165218, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/11.8_opt_san/sql/sql_parse.cc:7915
            		 
            #21 0x000061a6c9ad53e7 in dispatch_command (command=<optimized out>, thd=0x52b000165218, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/11.8_opt_san/sql/sql_parse.cc:1902
            		 
            #22 0x000061a6c9ae03e7 in do_command (thd=thd@entry=0x52b000165218, blocking=<optimized out>) at /test/11.8_opt_san/sql/sql_parse.cc:1415
            		 
            #23 0x000061a6ca1673bd in do_handle_one_connection (connect=<optimized out>, connect@entry=0x508000002638, put_in_cache=true)at /test/11.8_opt_san/sql/sql_connect.cc:1415
            		 
            #24 0x000061a6ca166c17 in handle_one_connection (arg=0x508000002638)at /test/11.8_opt_san/sql/sql_connect.cc:1327
            		 
            #25 0x000061a6c952292d in asan_thread_start(void*) ()
            		 
            #26 0x00007c64b2e9ca94 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447
            		 
            #27 0x00007c64b2f29c3c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

            Roel Roel Van de Paar added a comment - Additional testcase: INSTALL PLUGIN Spider SONAME 'ha_spider.so' ; CREATE SERVER srv FOREIGN DATA WRAPPER mysql OPTIONS (SOCKET '../socket.sock' , DATABASE '' , USER '' , PASSWORD '' ); CREATE TABLE t (c INT ,c1 BLOB,c2 TEXT) ENGINE=InnoDB; INSERT INTO t VALUES (0,0,0); CREATE TABLE t3 (c INT ,c1 BLOB,c2 TEXT) ENGINE=Spider COMMENT= 'WRAPPER "mysql",SRV "srv",TABLE "t"' ; INSERT INTO t VALUES (0,0,0); START SLAVE UNTIL sql_after_gtids= "a - b-c" ; SET spider_disable_group_by_handler=1,spider_quick_page_byte=0,spider_bgs_mode=1; SELECT * FROM t3; Which produces a offset SIGSEGV stack on an UBASAN opt build (NTS: after removing UBSAN failure): CS 11.8.1 a0b77eb806df51f15ef1f8d798f8d99187f9478a (Optimized, UBASAN, Clang) Build 26/04/2025 Core was generated by `/test/UBASAN_MD260425-mariadb-11.8.1-linux-x86_64-opt/bin/mariadbd --no-default'. Program terminated with signal SIGSEGV, Segmentation fault. #0 __pthread_kill_implementation (no_tid=0, signo=11, threadid=<optimized out>) at ./nptl/pthread_kill.c:44   [Current thread is 1 (LWP 142890)] (gdb) bt #0 __pthread_kill_implementation (no_tid=0, signo=11, threadid=<optimized out>) at ./nptl/pthread_kill.c:44 #1 __pthread_kill_internal (signo=11, threadid=<optimized out>)at ./nptl/pthread_kill.c:78 #2 __GI___pthread_kill (threadid=<optimized out>, signo=11)at ./nptl/pthread_kill.c:89 #3 0x000061a6ca8d05e0 in handle_fatal_signal (sig=<optimized out>)at /test/11.8_opt_san/sql/signal_handler.cc:298 #4 <signal handler called> #5 0x00007c63bec933c5 in spider_db_get_row_from_tmp_tbl (current=0x512000064868, row=row@entry=0x7c63bf2eb320)at /test/11.8_opt_san/storage/spider/spd_db_conn.cc:2278 #6 0x00007c63bec98259 in spider_db_fetch_minimum_columns (spider=<optimized out>, buf=<optimized out>, table=0x5190000cf398, result_list=<optimized out>)at /test/11.8_opt_san/storage/spider/spd_db_conn.cc:2610 #7 0x00007c63beca4ed9 in spider_db_fetch (buf=0x52500096fd00 <incomplete sequence \370>, spider=0x52500096f148, table=<optimized out>)at /test/11.8_opt_san/storage/spider/spd_db_conn.cc:3901 #8 0x00007c63bee77589 in ha_spider::rnd_next_internal (this=0x52500096f148, buf=<optimized out>) at /test/11.8_opt_san/storage/spider/ha_spider.cc:4415 #9 0x000061a6ca8f361d in handler::ha_rnd_next (this=0x52500096f148, buf=0x52500096fd00 <incomplete sequence \370>)at /test/11.8_opt_san/sql/handler.cc:3752 #10 0x000061a6c96a93bd in rr_sequential (info=info@entry=0x52d0003c39b8)at /test/11.8_opt_san/sql/records.cc:509 #11 0x000061a6c9c2d6e6 in READ_RECORD::read_record (this=<optimized out>)at /test/11.8_opt_san/sql/records.h:77 #12 sub_select (join=<optimized out>, join_tab=join_tab@entry=0x52d0003c38e8, end_of_records=<optimized out>)at /test/11.8_opt_san/sql/sql_select.cc:24287 #13 0x000061a6c9cbad14 in do_select (join=0x52d0003c1ce8, procedure=<optimized out>) at /test/11.8_opt_san/sql/sql_select.cc:23781 #14 0x000061a6c9cb8127 in JOIN::exec_inner (this=0x52d0003c1ce8)at /test/11.8_opt_san/sql/sql_select.cc:5059 #15 0x000061a6c9cb4e51 in JOIN::exec (this=0x52d0003c1ce8)at /test/11.8_opt_san/sql/sql_select.cc:4842 #16 0x000061a6c9c315b7 in mysql_select (thd=0x52b000165218, tables=tables@entry=0x52d0003c0b40, fields=<optimized out>, conds=<optimized out>, og_num=og_num@entry=0, order=<optimized out>, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x52d0003c1cb8, unit=0x52b000169370, select_lex=0x52d0003c04c8)at /test/11.8_opt_san/sql/sql_select.cc:5375 #17 0x000061a6c9c2fcf1 in handle_select (thd=thd@entry=0x52b000165218, lex=lex@entry=0x52b000169290, result=result@entry=0x52d0003c1cb8, setup_tables_done_option=setup_tables_done_option@entry=0)at /test/11.8_opt_san/sql/sql_select.cc:633 #18 0x000061a6c9b1bbb2 in execute_sqlcom_select (thd=0x52b000165218, all_tables=<optimized out>) at /test/11.8_opt_san/sql/sql_parse.cc:6191 #19 0x000061a6c9afccce in mysql_execute_command (thd=0x52b000165218, is_called_from_prepared_stmt=<optimized out>)at /test/11.8_opt_san/sql/sql_parse.cc:3979 #20 0x000061a6c9ade121 in mysql_parse (thd=0x52b000165218, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/11.8_opt_san/sql/sql_parse.cc:7915 #21 0x000061a6c9ad53e7 in dispatch_command (command=<optimized out>, thd=0x52b000165218, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/11.8_opt_san/sql/sql_parse.cc:1902 #22 0x000061a6c9ae03e7 in do_command (thd=thd@entry=0x52b000165218, blocking=<optimized out>) at /test/11.8_opt_san/sql/sql_parse.cc:1415 #23 0x000061a6ca1673bd in do_handle_one_connection (connect=<optimized out>, connect@entry=0x508000002638, put_in_cache=true)at /test/11.8_opt_san/sql/sql_connect.cc:1415 #24 0x000061a6ca166c17 in handle_one_connection (arg=0x508000002638)at /test/11.8_opt_san/sql/sql_connect.cc:1327 #25 0x000061a6c952292d in asan_thread_start(void*) () #26 0x00007c64b2e9ca94 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447 #27 0x00007c64b2f29c3c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
            Roel Roel Van de Paar added a comment -

            This null-pointer-use in spider_db_store_result also looks related:

            INSTALL PLUGIN spider SONAME 'ha_spider.so';
            		 
            CREATE server srv FOREIGN DATA wrapper mysql options (socket '../socket.sock', DATABASE 'test', USER 'spider', PASSWORD '');
            		 
            CREATE TABLE tm (c INT KEY,c1 BLOB, c2 TEXT) ENGINE=MyISAM;
            		 
            INSERT INTO tm VALUES (0,NULL,'a'),(1,'B','b'),(2,0,'c');
            		 
            CREATE TABLE t2 (c INT KEY,c1 BLOB, c2 TEXT) ENGINE=Spider COMMENT='wrapper "mysql", srv "srv", TABLE "tm"';
            		 
            SET Spider_bgs_mode=1;
            		 
            SELECT * FROM t2 WHERE c1 NOT IN (SELECT DISTINCT c1 FROM t2 UNION SELECT DISTINCT c1 FROM t2);

            Leads to:

            CS 12.0.0 c92add291e636c797e6d6ddca605905541b2a441 (Optimized, UBASAN, Clang) Build 15/02/2025

            		 
            /test/12.0_opt_san/storage/spider/spd_db_conn.cc:3099:43: runtime error: member call on null pointer of type 'spider_db_result'
            		 
                #0 0x7bdf00a84d80 in spider_db_store_result(ha_spider*, int, TABLE*) /test/12.0_opt_san/storage/spider/spd_db_conn.cc:3099:43
            		 
                #1 0x7bdf00b26054 in spider_bg_conn_action(void*) /test/12.0_opt_san/storage/spider/spd_conn.cc:2604:23
            		 
                #2 0x5e2fc642999c in asan_thread_start(void*) asan_interceptors.cpp.o
            		 
                #3 0x7bdff469ca93 in start_thread nptl/pthread_create.c:447:8
            		 
                #4 0x7bdff4729c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
            		 
             
            		 
            SUMMARY: UndefinedBehaviorSanitizer: null-pointer-use /test/12.0_opt_san/storage/spider/spd_db_conn.cc:3099:43

            SAN Bug Detection Matrix

            		 
                Rel    o/d  Build   Commit                                    UniqueID observed             
            CS  10.5   dbg  150225  c43d0a015f974c5a0142e6779332089a7a979853  UBSAN|member call on null pointer of type 'spider_db_result'|storage/spider/spd_db_conn.cc|spider_db_store_result|spider_bg_conn_action|asan_thread_start|start_thread
            		 
            CS  10.5   opt  150225  c43d0a015f974c5a0142e6779332089a7a979853  UBSAN|member call on null pointer of type 'spider_db_result'|storage/spider/spd_db_conn.cc|spider_db_store_result|spider_bg_conn_action|asan_thread_start|start_thread
            		 
            CS  10.6   dbg  150225  f1d7e0c17e33f77278e6226dd94aeb30fc856bf0  UBSAN|member call on null pointer of type 'spider_db_result'|storage/spider/spd_db_conn.cc|spider_db_store_result|spider_bg_conn_action|asan_thread_start|start_thread
            		 
            CS  10.6   opt  150225  f1d7e0c17e33f77278e6226dd94aeb30fc856bf0  UBSAN|member call on null pointer of type 'spider_db_result'|storage/spider/spd_db_conn.cc|spider_db_store_result|spider_bg_conn_action|asan_thread_start|start_thread
            		 
            CS  10.11  dbg  150225  43c5d1303f5c7c726db276815c459436110f342f  UBSAN|member call on null pointer of type 'spider_db_result'|storage/spider/spd_db_conn.cc|spider_db_store_result|spider_bg_conn_action|asan_thread_start|start_thread
            		 
            CS  10.11  opt  150225  43c5d1303f5c7c726db276815c459436110f342f  UBSAN|member call on null pointer of type 'spider_db_result'|storage/spider/spd_db_conn.cc|spider_db_store_result|spider_bg_conn_action|asan_thread_start|start_thread
            		 
            CS  11.4   dbg  150225  ef966af801afc2a07222b5df65dddd52c77431dd  UBSAN|member call on null pointer of type 'spider_db_result'|storage/spider/spd_db_conn.cc|spider_db_store_result|spider_bg_conn_action|asan_thread_start|start_thread
            		 
            CS  11.4   opt  150225  ef966af801afc2a07222b5df65dddd52c77431dd  UBSAN|member call on null pointer of type 'spider_db_result'|storage/spider/spd_db_conn.cc|spider_db_store_result|spider_bg_conn_action|asan_thread_start|start_thread
            		 
            CS  11.8   dbg  150225  33e0796e7a154e02a5e53c55cefc5d6feb4f5e6d  UBSAN|member call on null pointer of type 'spider_db_result'|storage/spider/spd_db_conn.cc|spider_db_store_result|spider_bg_conn_action|asan_thread_start|start_thread
            		 
            CS  11.8   opt  150225  33e0796e7a154e02a5e53c55cefc5d6feb4f5e6d  UBSAN|member call on null pointer of type 'spider_db_result'|storage/spider/spd_db_conn.cc|spider_db_store_result|spider_bg_conn_action|asan_thread_start|start_thread
            		 
            CS  12.0   dbg  150225  c92add291e636c797e6d6ddca605905541b2a441  UBSAN|member call on null pointer of type 'spider_db_result'|storage/spider/spd_db_conn.cc|spider_db_store_result|spider_bg_conn_action|asan_thread_start|start_thread
            		 
            CS  12.0   opt  150225  c92add291e636c797e6d6ddca605905541b2a441  UBSAN|member call on null pointer of type 'spider_db_result'|storage/spider/spd_db_conn.cc|spider_db_store_result|spider_bg_conn_action|asan_thread_start|start_thread
            		 
            ES  10.5   dbg  140325  6553c62369ab3606efc74295c902181f793fd6d1  UBSAN|load of value X, which is not a valid value for type 'bool'|sql/sql_table.cc|mysql_alter_table|Sql_cmd_alter_table::execute|mysql_execute_command|execute_server_code
            		 
            ES  10.5   opt  140325  6553c62369ab3606efc74295c902181f793fd6d1  No bug found                  
            ES  10.6   dbg  140325  a99e9e4101f5d56a379577e6d81c829b7658df99  No bug found                  
            ES  10.6   opt  140325  a99e9e4101f5d56a379577e6d81c829b7658df99  UBSAN|member access within null pointer of type 'struct st_my_thread_var'|storage/spider/spd_table.cc|spider_create_sys_thd|spider_table_bg_crd_action|asan_thread_start|start_thread
            		 
            ES  11.4   dbg  140325  26e39c99feaa4e6f9d3e1b13fd4a7d101059b7ba  No bug found                  
            ES  11.4   opt  140325  26e39c99feaa4e6f9d3e1b13fd4a7d101059b7ba  No bug found

            Roel Roel Van de Paar added a comment - This null-pointer-use in spider_db_store_result also looks related: INSTALL PLUGIN spider SONAME 'ha_spider.so' ; CREATE server srv FOREIGN DATA wrapper mysql options (socket '../socket.sock' , DATABASE 'test' , USER 'spider' , PASSWORD '' ); CREATE TABLE tm (c INT KEY ,c1 BLOB, c2 TEXT) ENGINE=MyISAM; INSERT INTO tm VALUES (0, NULL , 'a' ),(1, 'B' , 'b' ),(2,0, 'c' ); CREATE TABLE t2 (c INT KEY ,c1 BLOB, c2 TEXT) ENGINE=Spider COMMENT= 'wrapper "mysql", srv "srv", TABLE "tm"' ; SET Spider_bgs_mode=1; SELECT * FROM t2 WHERE c1 NOT IN ( SELECT DISTINCT c1 FROM t2 UNION SELECT DISTINCT c1 FROM t2); Leads to: CS 12.0.0 c92add291e636c797e6d6ddca605905541b2a441 (Optimized, UBASAN, Clang) Build 15/02/2025 /test/12.0_opt_san/storage/spider/spd_db_conn.cc:3099:43: runtime error: member call on null pointer of type 'spider_db_result' #0 0x7bdf00a84d80 in spider_db_store_result(ha_spider*, int, TABLE*) /test/12.0_opt_san/storage/spider/spd_db_conn.cc:3099:43 #1 0x7bdf00b26054 in spider_bg_conn_action(void*) /test/12.0_opt_san/storage/spider/spd_conn.cc:2604:23 #2 0x5e2fc642999c in asan_thread_start(void*) asan_interceptors.cpp.o #3 0x7bdff469ca93 in start_thread nptl/pthread_create.c:447:8 #4 0x7bdff4729c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78   SUMMARY: UndefinedBehaviorSanitizer: null-pointer-use /test/12.0_opt_san/storage/spider/spd_db_conn.cc:3099:43 SAN Bug Detection Matrix Rel o/d Build Commit UniqueID observed CS 10.5 dbg 150225 c43d0a015f974c5a0142e6779332089a7a979853 UBSAN|member call on null pointer of type 'spider_db_result'|storage/spider/spd_db_conn.cc|spider_db_store_result|spider_bg_conn_action|asan_thread_start|start_thread CS 10.5 opt 150225 c43d0a015f974c5a0142e6779332089a7a979853 UBSAN|member call on null pointer of type 'spider_db_result'|storage/spider/spd_db_conn.cc|spider_db_store_result|spider_bg_conn_action|asan_thread_start|start_thread CS 10.6 dbg 150225 f1d7e0c17e33f77278e6226dd94aeb30fc856bf0 UBSAN|member call on null pointer of type 'spider_db_result'|storage/spider/spd_db_conn.cc|spider_db_store_result|spider_bg_conn_action|asan_thread_start|start_thread CS 10.6 opt 150225 f1d7e0c17e33f77278e6226dd94aeb30fc856bf0 UBSAN|member call on null pointer of type 'spider_db_result'|storage/spider/spd_db_conn.cc|spider_db_store_result|spider_bg_conn_action|asan_thread_start|start_thread CS 10.11 dbg 150225 43c5d1303f5c7c726db276815c459436110f342f UBSAN|member call on null pointer of type 'spider_db_result'|storage/spider/spd_db_conn.cc|spider_db_store_result|spider_bg_conn_action|asan_thread_start|start_thread CS 10.11 opt 150225 43c5d1303f5c7c726db276815c459436110f342f UBSAN|member call on null pointer of type 'spider_db_result'|storage/spider/spd_db_conn.cc|spider_db_store_result|spider_bg_conn_action|asan_thread_start|start_thread CS 11.4 dbg 150225 ef966af801afc2a07222b5df65dddd52c77431dd UBSAN|member call on null pointer of type 'spider_db_result'|storage/spider/spd_db_conn.cc|spider_db_store_result|spider_bg_conn_action|asan_thread_start|start_thread CS 11.4 opt 150225 ef966af801afc2a07222b5df65dddd52c77431dd UBSAN|member call on null pointer of type 'spider_db_result'|storage/spider/spd_db_conn.cc|spider_db_store_result|spider_bg_conn_action|asan_thread_start|start_thread CS 11.8 dbg 150225 33e0796e7a154e02a5e53c55cefc5d6feb4f5e6d UBSAN|member call on null pointer of type 'spider_db_result'|storage/spider/spd_db_conn.cc|spider_db_store_result|spider_bg_conn_action|asan_thread_start|start_thread CS 11.8 opt 150225 33e0796e7a154e02a5e53c55cefc5d6feb4f5e6d UBSAN|member call on null pointer of type 'spider_db_result'|storage/spider/spd_db_conn.cc|spider_db_store_result|spider_bg_conn_action|asan_thread_start|start_thread CS 12.0 dbg 150225 c92add291e636c797e6d6ddca605905541b2a441 UBSAN|member call on null pointer of type 'spider_db_result'|storage/spider/spd_db_conn.cc|spider_db_store_result|spider_bg_conn_action|asan_thread_start|start_thread CS 12.0 opt 150225 c92add291e636c797e6d6ddca605905541b2a441 UBSAN|member call on null pointer of type 'spider_db_result'|storage/spider/spd_db_conn.cc|spider_db_store_result|spider_bg_conn_action|asan_thread_start|start_thread ES 10.5 dbg 140325 6553c62369ab3606efc74295c902181f793fd6d1 UBSAN|load of value X, which is not a valid value for type 'bool'|sql/sql_table.cc|mysql_alter_table|Sql_cmd_alter_table::execute|mysql_execute_command|execute_server_code ES 10.5 opt 140325 6553c62369ab3606efc74295c902181f793fd6d1 No bug found ES 10.6 dbg 140325 a99e9e4101f5d56a379577e6d81c829b7658df99 No bug found ES 10.6 opt 140325 a99e9e4101f5d56a379577e6d81c829b7658df99 UBSAN|member access within null pointer of type 'struct st_my_thread_var'|storage/spider/spd_table.cc|spider_create_sys_thd|spider_table_bg_crd_action|asan_thread_start|start_thread ES 11.4 dbg 140325 26e39c99feaa4e6f9d3e1b13fd4a7d101059b7ba No bug found ES 11.4 opt 140325 26e39c99feaa4e6f9d3e1b13fd4a7d101059b7ba No bug found

            People

              ycp Yuchen Pei
              Roel Roel Van de Paar
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.