[MDEV-34591] UBSAN: runtime error: member access within null pointer of type 'struct st_my_thread_var' in spider_create_sys_thd and untime error: null pointer passed as argument 1, which is declared to never be null in spider_create_table_name_string - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Not a Bug
Affects Version/s: 10.5
Fix Version/s: N/A
Component/s: Storage Engine - Spider
Labels:

Description

INSTALL PLUGIN Spider SONAME 'ha_spider.so';

CREATE SERVER srv FOREIGN DATA WRAPPER MYSQL OPTIONS (SOCKET '../socket.sock',DATABASE'',USER'',PASSWORD'');

CREATE TABLE t1 (c1 INT) ENGINE=InnoDB;

CREATE TABLE t2 (c1 INT) ENGINE=Spider COMMENT='WRAPPER "mysql",SRV "srv",TABLE "t1"';

Leads to:

10.5.26 3c508d4c71c8bf27c6ecceba53ab9d4325a1bd6c (Optimized, UBASAN)
2024-07-15 13:49:51 0 [Note] /test/UBASAN_MD150724-mariadb-10.5.26-linux-x86_64-opt/bin/mariadbd: ready for connections.
Version: '10.5.26-MariaDB-debug' socket: '/test/UBASAN_MD150724-mariadb-10.5.26-linux-x86_64-opt/socket.sock' port: 11212 MariaDB Server
/test/10.5_opt_san/storage/spider/spd_table.cc:82:34: runtime error: member access within null pointer of type 'struct st_my_thread_var'
#0 0x14e799988111 in spider_create_sys_thd(st_spider_thread*) /test/10.5_opt_san/storage/spider/spd_table.cc:82
#1 0x14e799988111 in spider_table_bg_sts_action(void*) /test/10.5_opt_san/storage/spider/spd_table.cc:9048
#2 0x14e7c1097ad9 in start_thread nptl/pthread_create.c:444
#3 0x14e7c112847b in clone3 ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

240715 13:49:59 [ERROR] mysqld got signal 11 ;
Sorry, we probably made a mistake, and this is a bug.

Your assistance in bug reporting will enable us to fix this for the next release.
To report this bug, see https://mariadb.com/kb/en/reporting-bugs

We will try our best to scrape up some info that will hopefully help
diagnose the problem, but since we have already crashed,
something is definitely wrong and this may fail.

Server version: 10.5.26-MariaDB-debug source revision: 3c508d4c71c8bf27c6ecceba53ab9d4325a1bd6c
key_buffer_size=134217728
read_buffer_size=131072
max_used_connections=1
max_threads=10002
thread_count=3
It is possible that mysqld could use up to
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 22155606 K bytes of memory
Hope that's ok; if not, decrease some variables in the equation.

Thread pointer: 0x62b0000af218
Attempting backtrace. You can use the following information to find out
where mysqld died. If you see no messages after this, something went
terribly wrong...
/test/10.5_opt_san/storage/spider/spd_table.cc:6867:23: runtime error: null pointer passed as argument 1, which is declared to never be null
stack_bottom = 0x14e798b6da70 thread_stack 0xb00000
#0 0x14e7997c321d in spider_create_table_name_string(char const, char const, char const*) /test/10.5_opt_san/storage/spider/spd_table.cc:6867
#1 0x14e799966359 in spider_set_connect_info_default(st_spider_share, partition_element, partition_element, TABLE_SHARE) /test/10.5_opt_san/storage/spider/spd_table.cc:3516
#2 0x14e79997741a in spider_parse_connect_info(st_spider_share, TABLE_SHARE, partition_info*, unsigned int) /test/10.5_opt_san/storage/spider/spd_table.cc:3076
#3 0x14e799a1c093 in ha_spider::create(char const, TABLE, HA_CREATE_INFO*) /test/10.5_opt_san/storage/spider/ha_spider.cc:10718
#4 0x557f62aafb00 in handler::ha_create(char const, TABLE, HA_CREATE_INFO*) /test/10.5_dbg_san/sql/handler.cc:5263
#5 0x557f62ab5441 in ha_create_table(THD, char const, char const, char const, HA_CREATE_INFO, st_mysql_const_unsigned_lex_string) /test/10.5_dbg_san/sql/handler.cc:5729
#6 0x557f61ae95a7 in create_table_impl /test/10.5_dbg_san/sql/sql_table.cc:5406
#7 0x557f61aea900 in mysql_create_table_no_lock(THD, Table_specification_st, Alter_info, bool, int, TABLE_LIST*) /test/10.5_dbg_san/sql/sql_table.cc:5491
#8 0x557f61aebf0d in mysql_create_table(THD, TABLE_LIST, Table_specification_st, Alter_info) /test/10.5_dbg_san/sql/sql_table.cc:5704
#9 0x557f61af7c72 in Sql_cmd_create_table_like::execute(THD*) /test/10.5_dbg_san/sql/sql_table.cc:12577
#10 0x557f61508432 in mysql_execute_command(THD*) /test/10.5_dbg_san/sql/sql_parse.cc:6167
#11 0x557f61511ce9 in mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool) /test/10.5_dbg_san/sql/sql_parse.cc:8221
#12 0x557f61522084 in dispatch_command(enum_server_command, THD, char, unsigned int, bool, bool) /test/10.5_dbg_san/sql/sql_parse.cc:1892
#13 0x557f6153083a in do_command(THD*) /test/10.5_dbg_san/sql/sql_parse.cc:1376
#14 0x557f61e24735 in do_handle_one_connection(CONNECT*, bool) /test/10.5_dbg_san/sql/sql_connect.cc:1417
#15 0x557f61e25c50 in handle_one_connection /test/10.5_dbg_san/sql/sql_connect.cc:1319
#16 0x14e7c1097ad9 in start_thread nptl/pthread_create.c:444
#17 0x14e7c112847b in clone3 ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

This looks to be a new regression, not present in 10.5 of 25 May 2024 @ 736449d30ffb2ec71bd700ac84eb38ba30bb662c (UBSAN, opt), nor in a 11.6 build (UBSAN, opt) of 17 June @ 29e9ade269d803b6823ec57808e0b7fad28baf9e.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Roel Van de Paar

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2024-07-15 03:53

Updated:: 2024-08-05 04:58

Resolved:: 2024-07-15 07:10

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.