Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Not a Bug
-
10.5
Description
INSTALL PLUGIN Spider SONAME 'ha_spider.so'; |
CREATE SERVER srv FOREIGN DATA WRAPPER MYSQL OPTIONS (SOCKET '../socket.sock',DATABASE'',USER'',PASSWORD''); |
CREATE TABLE t1 (c1 INT) ENGINE=InnoDB; |
CREATE TABLE t2 (c1 INT) ENGINE=Spider COMMENT='WRAPPER "mysql",SRV "srv",TABLE "t1"'; |
Leads to:
|
10.5.26 3c508d4c71c8bf27c6ecceba53ab9d4325a1bd6c (Optimized, UBASAN) |
2024-07-15 13:49:51 0 [Note] /test/UBASAN_MD150724-mariadb-10.5.26-linux-x86_64-opt/bin/mariadbd: ready for connections.
|
Version: '10.5.26-MariaDB-debug' socket: '/test/UBASAN_MD150724-mariadb-10.5.26-linux-x86_64-opt/socket.sock' port: 11212 MariaDB Server
|
/test/10.5_opt_san/storage/spider/spd_table.cc:82:34: runtime error: member access within null pointer of type 'struct st_my_thread_var'
|
#0 0x14e799988111 in spider_create_sys_thd(st_spider_thread*) /test/10.5_opt_san/storage/spider/spd_table.cc:82
|
#1 0x14e799988111 in spider_table_bg_sts_action(void*) /test/10.5_opt_san/storage/spider/spd_table.cc:9048
|
#2 0x14e7c1097ad9 in start_thread nptl/pthread_create.c:444
|
#3 0x14e7c112847b in clone3 ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
|
|
240715 13:49:59 [ERROR] mysqld got signal 11 ;
|
Sorry, we probably made a mistake, and this is a bug.
|
|
|
Your assistance in bug reporting will enable us to fix this for the next release.
|
To report this bug, see https://mariadb.com/kb/en/reporting-bugs
|
|
|
We will try our best to scrape up some info that will hopefully help
|
diagnose the problem, but since we have already crashed,
|
something is definitely wrong and this may fail.
|
|
|
Server version: 10.5.26-MariaDB-debug source revision: 3c508d4c71c8bf27c6ecceba53ab9d4325a1bd6c
|
key_buffer_size=134217728
|
read_buffer_size=131072
|
max_used_connections=1
|
max_threads=10002
|
thread_count=3
|
It is possible that mysqld could use up to
|
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 22155606 K bytes of memory
|
Hope that's ok; if not, decrease some variables in the equation.
|
|
|
Thread pointer: 0x62b0000af218
|
Attempting backtrace. You can use the following information to find out
|
where mysqld died. If you see no messages after this, something went
|
terribly wrong...
|
/test/10.5_opt_san/storage/spider/spd_table.cc:6867:23: runtime error: null pointer passed as argument 1, which is declared to never be null
|
stack_bottom = 0x14e798b6da70 thread_stack 0xb00000
|
#0 0x14e7997c321d in spider_create_table_name_string(char const*, char const*, char const*) /test/10.5_opt_san/storage/spider/spd_table.cc:6867
|
#1 0x14e799966359 in spider_set_connect_info_default(st_spider_share*, partition_element*, partition_element*, TABLE_SHARE*) /test/10.5_opt_san/storage/spider/spd_table.cc:3516
|
#2 0x14e79997741a in spider_parse_connect_info(st_spider_share*, TABLE_SHARE*, partition_info*, unsigned int) /test/10.5_opt_san/storage/spider/spd_table.cc:3076
|
#3 0x14e799a1c093 in ha_spider::create(char const*, TABLE*, HA_CREATE_INFO*) /test/10.5_opt_san/storage/spider/ha_spider.cc:10718
|
#4 0x557f62aafb00 in handler::ha_create(char const*, TABLE*, HA_CREATE_INFO*) /test/10.5_dbg_san/sql/handler.cc:5263
|
#5 0x557f62ab5441 in ha_create_table(THD*, char const*, char const*, char const*, HA_CREATE_INFO*, st_mysql_const_unsigned_lex_string*) /test/10.5_dbg_san/sql/handler.cc:5729
|
#6 0x557f61ae95a7 in create_table_impl /test/10.5_dbg_san/sql/sql_table.cc:5406
|
#7 0x557f61aea900 in mysql_create_table_no_lock(THD*, Table_specification_st*, Alter_info*, bool*, int, TABLE_LIST*) /test/10.5_dbg_san/sql/sql_table.cc:5491
|
#8 0x557f61aebf0d in mysql_create_table(THD*, TABLE_LIST*, Table_specification_st*, Alter_info*) /test/10.5_dbg_san/sql/sql_table.cc:5704
|
#9 0x557f61af7c72 in Sql_cmd_create_table_like::execute(THD*) /test/10.5_dbg_san/sql/sql_table.cc:12577
|
#10 0x557f61508432 in mysql_execute_command(THD*) /test/10.5_dbg_san/sql/sql_parse.cc:6167
|
#11 0x557f61511ce9 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /test/10.5_dbg_san/sql/sql_parse.cc:8221
|
#12 0x557f61522084 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /test/10.5_dbg_san/sql/sql_parse.cc:1892
|
#13 0x557f6153083a in do_command(THD*) /test/10.5_dbg_san/sql/sql_parse.cc:1376
|
#14 0x557f61e24735 in do_handle_one_connection(CONNECT*, bool) /test/10.5_dbg_san/sql/sql_connect.cc:1417
|
#15 0x557f61e25c50 in handle_one_connection /test/10.5_dbg_san/sql/sql_connect.cc:1319
|
#16 0x14e7c1097ad9 in start_thread nptl/pthread_create.c:444
|
#17 0x14e7c112847b in clone3 ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
This looks to be a new regression, not present in 10.5 of 25 May 2024 @ 736449d30ffb2ec71bd700ac84eb38ba30bb662c (UBSAN, opt), nor in a 11.6 build (UBSAN, opt) of 17 June @ 29e9ade269d803b6823ec57808e0b7fad28baf9e.
Attachments
Issue Links
- relates to
-
-
- Confirmed
-
Activity
This testcase produces the same issue:
SET sql_mode=''; |
INSTALL PLUGIN Spider SONAME 'ha_spider.so'; |
CREATE TABLE t1 (c INT) ENGINE=Spider; |
This testcase can also be used as-is in MTR.
I could not reproduce either testcase at 10.5 3c508d4c71c8bf27c6ecceba53ab9d4325a1bd6c with UBASAN debug, release or relwithdebinfo build, using cli or mtr.
In relwithdebinfo with the following flags
-DWITH_ASAN=ON
|
-DWITH_ASAN_SCOPE=ON
|
-DWITH_UBSAN=ON
|
-DWSREP_LIB_WITH_ASAN=ON
|
-DCMAKE_CXX_FLAGS=-static-libasan
|
-DMYSQL_MAINTAINER_MODE=OFF
|
I get weird warnings in sys_var.inl like the following when testing:
/home/ycp/source/mariadb-server/push-10.5/src/sql/sys_vars.inl:1405:26: runtime error: store to address 0x55e08f2941e0 with insufficient space for an object of type 'uchar'
|
0x55e08f2941e0: note: pointer points here
|
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
^
|
/home/ycp/source/mariadb-server/push-10.5/src/sql/sys_vars.inl:193:18: runtime error: store to address 0x55e08f2c00a4 with insufficient space for an object of type 'uchar'
|
0x55e08f2c00a4: note: pointer points here
|
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
worker[01] Using MTR_BUILD_THREAD 300, with reserved ports 19000..19029
|
SET sql_mode='';
|
INSTALL PLUGIN Spider SONAME 'ha_spider.so';
|
CREATE TABLE t1 (c INT) ENGINE=Spider;
|
spider/bugfix.mdev_34591 [ fail ] Found warnings/errors in server log file!
|
Test ended at 2024-07-15 14:45:24
|
line
|
/home/ycp/source/mariadb-server/push-10.5/src/sql/sys_vars.inl:458:24: runtime error: store to address 0x55f47ea2fb60 with insufficient space for an object of type 'uchar'
|
/home/ycp/source/mariadb-server/push-10.5/src/sql/sys_vars.inl:193:18: runtime error: store to address 0x55f47ea2fc08 with insufficient space for an object of type 'uchar'
|
/home/ycp/source/mariadb-server/push-10.5/src/sql/sys_vars.inl:193:18: runtime error: store to address 0x55f47ea2fb88 with insufficient space for an object of type 'uchar'
|
/home/ycp/source/mariadb-server/push-10.5/src/sql/sys_vars.inl:519:28: runtime error: store to address 0x55f47e175040 with insufficient space for an object of type 'uchar'
|
/home/ycp/source/mariadb-server/push-10.5/src/sql/sys_vars.inl:193:18: runtime error: store to address 0x55f47e17a160 with insufficient space for an object of type 'uchar'
|
/home/ycp/source/mariadb-server/push-10.5/src/sql/sys_vars.inl:1838:8: runtime error: load of address 0x55f47e179fe0 with insufficient space for an object of type 'uchar'
|
/home/ycp/source/mariadb-server/push-10.5/src/sql/sys_vars.inl:1838:26: runtime error: store to address 0x55f47e179fe0 with insufficient space for an object of type 'uchar'
|
/home/ycp/source/mariadb-server/push-10.5/src/sql/sys_vars.inl:389:22: runtime error: store to address 0x55f47d39a320 with insufficient space for an object of type 'uchar'
|
/home/ycp/source/mariadb-server/push-10.5/src/sql/sys_vars.inl:826:35: runtime error: store to address 0x55f47e17ba68 with insufficient space for an object of type 'size_t'
|
/home/ycp/source/mariadb-server/push-10.5/src/sql/sys_vars.inl:826:35: runtime error: store to address 0x55f47e17ba28 with insufficient space for an object of type 'size_t'
|
/home/ycp/source/mariadb-server/push-10.5/src/sql/sys_vars.inl:193:18: runtime error: store to address 0x55f47e17ab20 with insufficient space for an object of type 'uchar'
|
/home/ycp/source/mariadb-server/push-10.5/src/sql/sys_vars.inl:1405:26: runtime error: store to address 0x55f47e17a1e0 with insufficient space for an object of type 'uchar'
|
/home/ycp/source/mariadb-server/push-10.5/src/sql/sys_vars.inl:193:18: runtime error: store to address 0x55f47e1a60a4 with insufficient space for an object of type 'uchar'
|
/home/ycp/source/mariadb-server/push-10.5/src/sql/sys_vars.inl:428:18: runtime error: load of address 0x55f47e199cc0 with insufficient space for an object of type 'uchar'
|
/home/ycp/source/mariadb-server/push-10.5/src/sql/sys_vars.inl:2165:18: runtime error: load of address 0x55f47e176540 with insufficient space for an object of type 'uchar'
|
/home/ycp/source/mariadb-server/push-10.5/src/sql/sys_vars.inl:1493:18: runtime error: load of address 0x55f47e171ca0 with insufficient space for an object of type 'uchar'
|
/home/ycp/source/mariadb-server/push-10.5/src/sql/sys_vars.inl:1888:18: runtime error: load of address 0x55f47e179fe0 with insufficient space for an object of type 'uchar'
|
/home/ycp/source/mariadb-server/push-10.5/src/sql/sys_vars.inl:1730:18: runtime error: load of address 0x55f47e17bbe0 with insufficient space for an object of type 'uchar'
|
The source of the issue was a bad build. When the same version was rebuild, the issue was no longer reproducible.
Bisecting.