Details
-
Bug
-
Status: Closed (View Workflow)
-
Critical
-
Resolution: Fixed
-
11.7(EOL), 11.8
Description
export UBSAN_OPTIONS=print_stacktrace=1:report_error_type=1 |
rm -Rf data tmp |
mkdir tmp |
./scripts/mariadb-install-db --no-defaults --force --auth-root-authentication-method=normal --basedir=${PWD} --tmpdir=${PWD}/tmp --datadir=${PWD}/data |
Leads to:
|
CS 11.7.1 d4d5bce2da0d22b25485da3904f9f5fc11d7fcd4 (Debug, UBASAN) |
/test/11.7_dbg_san/strings/ctype-uca.c:33746:43: runtime error: applying zero offset to null pointer
|
#0 0x55ab8028f70d in check_rules /test/11.7_dbg_san/strings/ctype-uca.c:33746:43
|
#1 0x55ab8028d7d6 in init_weight_level /test/11.7_dbg_san/strings/ctype-uca.c:34377:7
|
#2 0x55ab8028d402 in my_uca_init_levels /test/11.7_dbg_san/strings/ctype-uca.c:34573:9
|
#3 0x55ab80284ef2 in my_uca_info_init /test/11.7_dbg_san/strings/ctype-uca.c:34594:10
|
#4 0x55ab80284143 in create_tailoring /test/11.7_dbg_san/strings/ctype-uca.c:34675:13
|
#5 0x55ab80263752 in my_coll_init_uca /test/11.7_dbg_san/strings/ctype-uca.c:34492:10
|
#6 0x55ab80271ac4 in my_uca_coll_init_utf8mb4 /test/11.7_dbg_san/strings/ctype-uca.c:36579:7
|
#7 0x55ab7ffa246c in my_ci_init_collation /test/11.7_dbg_san/include/m_ctype.h:1388:10
|
#8 0x55ab7ff98604 in get_internal_charset /test/11.7_dbg_san/mysys/charset.c:902:13
|
#9 0x55ab7ff9892d in my_collation_get_by_name /test/11.7_dbg_san/mysys/charset.c:967:19
|
#10 0x55ab7b7975de in Charset_loader_mysys::get_exact_collation(char const*, unsigned long) /test/11.7_dbg_san/include/my_sys.h:1221:12
|
#11 0x55ab7b78d1a6 in Charset_loader_mysys::get_exact_collation_by_context_name(charset_info_st const*, char const*, unsigned long) /test/11.7_dbg_san/include/my_sys.h:1255:12
|
#12 0x55ab7b7977d6 in Charset_loader_mysys::get_context_collation(char const*, unsigned long) /test/11.7_dbg_san/include/my_sys.h:1236:12
|
#13 0x55ab7b79165f in Charset_loader_server::get_context_collation_or_error(char const*, unsigned long) /test/11.7_dbg_san/sql/lex_charset.h:91:23
|
#14 0x55ab7b7913b0 in Lex_extended_collation_st::set_by_name(char const*, unsigned long) /test/11.7_dbg_san/sql/lex_charset.cc:379:22
|
#15 0x55ab7b798fd9 in Charset_collation_map_st::insert_or_replace(st_mysql_const_lex_string const&, st_mysql_const_lex_string const&, bool, unsigned long) /test/11.7_dbg_san/sql/charset_collations.cc:72:11
|
#16 0x55ab7b799433 in Charset_collation_map_st::from_text(st_mysql_const_lex_string const&, unsigned long) /test/11.7_dbg_san/sql/charset_collations.cc:106:11
|
#17 0x55ab7911bda4 in init_common_variables() /test/11.7_dbg_san/sql/mysqld.cc:4303:35
|
#18 0x55ab79115397 in mysqld_main(int, char**) /test/11.7_dbg_san/sql/mysqld.cc:5938:7
|
#19 0x55ab791004a3 in main /test/11.7_dbg_san/sql/main.cc:34:10
|
#20 0x14f77a02a1c9 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
|
#21 0x14f77a02a28a in __libc_start_main csu/../csu/libc-start.c:360:3
|
#22 0x55ab79024c74 in _start (/test/UBASAN_MD271124-mariadb-11.7.1-linux-x86_64-dbg/bin/mariadbd+0x420ac74) (BuildId: 4ffc5d87b420973421d7e440cab2c81981d3640e)
|
|
|
SUMMARY: UndefinedBehaviorSanitizer: nullptr-with-offset /test/11.7_dbg_san/strings/ctype-uca.c:33746:43
|
And:
|
CS 11.7.1 d4d5bce2da0d22b25485da3904f9f5fc11d7fcd4 (Debug, UBASAN) |
/test/11.7_dbg_san/strings/ctype-uca.c:34395:43: runtime error: applying zero offset to null pointer
|
#0 0x55ab8028dfe9 in init_weight_level /test/11.7_dbg_san/strings/ctype-uca.c:34395:43
|
#1 0x55ab8028d402 in my_uca_init_levels /test/11.7_dbg_san/strings/ctype-uca.c:34573:9
|
#2 0x55ab80284ef2 in my_uca_info_init /test/11.7_dbg_san/strings/ctype-uca.c:34594:10
|
#3 0x55ab80284143 in create_tailoring /test/11.7_dbg_san/strings/ctype-uca.c:34675:13
|
#4 0x55ab80263752 in my_coll_init_uca /test/11.7_dbg_san/strings/ctype-uca.c:34492:10
|
#5 0x55ab80271ac4 in my_uca_coll_init_utf8mb4 /test/11.7_dbg_san/strings/ctype-uca.c:36579:7
|
#6 0x55ab7ffa246c in my_ci_init_collation /test/11.7_dbg_san/include/m_ctype.h:1388:10
|
#7 0x55ab7ff98604 in get_internal_charset /test/11.7_dbg_san/mysys/charset.c:902:13
|
#8 0x55ab7ff9892d in my_collation_get_by_name /test/11.7_dbg_san/mysys/charset.c:967:19
|
#9 0x55ab7b7975de in Charset_loader_mysys::get_exact_collation(char const*, unsigned long) /test/11.7_dbg_san/include/my_sys.h:1221:12
|
#10 0x55ab7b78d1a6 in Charset_loader_mysys::get_exact_collation_by_context_name(charset_info_st const*, char const*, unsigned long) /test/11.7_dbg_san/include/my_sys.h:1255:12
|
#11 0x55ab7b7977d6 in Charset_loader_mysys::get_context_collation(char const*, unsigned long) /test/11.7_dbg_san/include/my_sys.h:1236:12
|
#12 0x55ab7b79165f in Charset_loader_server::get_context_collation_or_error(char const*, unsigned long) /test/11.7_dbg_san/sql/lex_charset.h:91:23
|
#13 0x55ab7b7913b0 in Lex_extended_collation_st::set_by_name(char const*, unsigned long) /test/11.7_dbg_san/sql/lex_charset.cc:379:22
|
#14 0x55ab7b798fd9 in Charset_collation_map_st::insert_or_replace(st_mysql_const_lex_string const&, st_mysql_const_lex_string const&, bool, unsigned long) /test/11.7_dbg_san/sql/charset_collations.cc:72:11
|
#15 0x55ab7b799433 in Charset_collation_map_st::from_text(st_mysql_const_lex_string const&, unsigned long) /test/11.7_dbg_san/sql/charset_collations.cc:106:11
|
#16 0x55ab7911bda4 in init_common_variables() /test/11.7_dbg_san/sql/mysqld.cc:4303:35
|
#17 0x55ab79115397 in mysqld_main(int, char**) /test/11.7_dbg_san/sql/mysqld.cc:5938:7
|
#18 0x55ab791004a3 in main /test/11.7_dbg_san/sql/main.cc:34:10
|
#19 0x14f77a02a1c9 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
|
#20 0x14f77a02a28a in __libc_start_main csu/../csu/libc-start.c:360:3
|
#21 0x55ab79024c74 in _start (/test/UBASAN_MD271124-mariadb-11.7.1-linux-x86_64-dbg/bin/mariadbd+0x420ac74) (BuildId: 4ffc5d87b420973421d7e440cab2c81981d3640e)
|
Observed using UBSAN with Clang and LLMV 18.1.3:
sudo apt install clang llvm-18 llvm-18-linker-tools llvm-18-runtime llvm-18-tools llvm-18-dev libstdc++-14-dev llvm-dev llvm-17-linker-tools # llvm-17-linker-tools installs /usr/lib/llvm-17/lib/LLVMgold.so, which is needed for compilation, and LLVMgold.so is no longer included in LLVM 18 |
sudo ln -s /usr/lib/llvm-17/lib/LLVMgold.so /usr/lib/llvm-18/lib/LLVMgold.so |
...
|
export UBSAN_OPTIONS=print_stacktrace=1:report_error_type=1 |
Attachments
Issue Links
- is caused by
-
MDEV-27009 Add UCA-14.0.0 collations
-
- Closed
-
Activity
Issue remains present in 11.8 after the merge that brought MDEV-34348 to 11.8. Re-tested at commit f0961301c81c7f5b009c012c076abc326b203b4a (Debug, UBASAN, Clang).
It's repeatable with mtr as well:
bar@unicorns:~/maria-git/11.4.m35538.ubsa/BUILD-UBSAN/mysql-test$ ./mtr ctype_latin1
|
Logging: /home/bar/maria-git/11.4.m35538.ubsa/mysql-test/mariadb-test-run.pl ctype_latin1
|
VS config:
|
vardir: /home/bar/maria-git/11.4.m35538.ubsa/BUILD-UBSAN/mysql-test/var
|
Removing old var directory...
|
Creating var directory '/home/bar/maria-git/11.4.m35538.ubsa/BUILD-UBSAN/mysql-test/var'...
|
Checking supported features...
|
/home/bar/maria-git/11.4.m35538.ubsa/strings/ctype-uca.c:33872:43: runtime error: applying zero offset to null pointer
|
#0 0x5f286cd in check_rules /home/bar/maria-git/11.4.m35538.ubsa/strings/ctype-uca.c:33872:43
|
#1 0x5f26796 in init_weight_level /home/bar/maria-git/11.4.m35538.ubsa/strings/ctype-uca.c:34503:7
|
#2 0x5f263c2 in my_uca_init_levels /home/bar/maria-git/11.4.m35538.ubsa/strings/ctype-uca.c:34699:9
|
#3 0x5f1dcc2 in my_uca_info_init /home/bar/maria-git/11.4.m35538.ubsa/strings/ctype-uca.c:34720:10
|
#4 0x5f1cee5 in create_tailoring /home/bar/maria-git/11.4.m35538.ubsa/strings/ctype-uca.c:34801:13
|
#5 0x5eff752 in my_coll_init_uca /home/bar/maria-git/11.4.m35538.ubsa/strings/ctype-uca.c:34618:10
|
#6 0x5f0ba94 in my_uca_coll_init_utf8mb4 /home/bar/maria-git/11.4.m35538.ubsa/strings/ctype-uca.c:36705:7
|
#7 0x5c001cc in my_ci_init_collation /home/bar/maria-git/11.4.m35538.ubsa/include/m_ctype.h:1303:10
|
#8 0x5bff1ab in add_alias_for_collation /home/bar/maria-git/11.4.m35538.ubsa/mysys/charset.c:676:7
|
#9 0x5f1a501 in mysql_utf8mb4_0900_collation_definitions_add /home/bar/maria-git/11.4.m35538.ubsa/strings/ctype-uca.c:39687:11
|
#10 0x5e38386 in init_compiled_charsets /home/bar/maria-git/11.4.m35538.ubsa/mysys/charset-def.c:546:7
|
#11 0x5c03c5a in init_available_charsets /home/bar/maria-git/11.4.m35538.ubsa/mysys/charset.c:823:3
|
#12 0x7f0c944b1b82 in __pthread_once_slow (/lib64/libc.so.6+0x93b82) (BuildId: 1cd2d1016ef987f11f5709c2aa0deb4520dcc851)
|
#13 0x5c06f78 in my_charset_get_by_name /home/bar/maria-git/11.4.m35538.ubsa/mysys/charset.c:1112:3
|
#14 0x5c0727c in get_charset_by_csname /home/bar/maria-git/11.4.m35538.ubsa/mysys/charset.c:1133:10
|
#15 0x984e71 in init_common_variables() /home/bar/maria-git/11.4.m35538.ubsa/sql/mysqld.cc:4224:11
|
#16 0x97fd4e in mysqld_main(int, char**) /home/bar/maria-git/11.4.m35538.ubsa/sql/mysqld.cc:5836:7
|
#17 0x973109 in main /home/bar/maria-git/11.4.m35538.ubsa/sql/main.cc:34:10
|
#18 0x7f0c94446149 in __libc_start_call_main (/lib64/libc.so.6+0x28149) (BuildId: 1cd2d1016ef987f11f5709c2aa0deb4520dcc851)
|
#19 0x7f0c9444620a in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x2820a) (BuildId: 1cd2d1016ef987f11f5709c2aa0deb4520dcc851)
|
#20 0x894bc4 in _start (/home/bar/maria-git/11.4.m35538.ubsa/BUILD-UBSAN/sql/mariadbd+0x894bc4) (BuildId: 944dcc87e716934bf78bf158395cd893df4d1e9c)
|
|
|
SUMMARY: UndefinedBehaviorSanitizer: nullptr-with-offset /home/bar/maria-git/11.4.m35538.ubsa/strings/ctype-uca.c:33872:43 in
|
MariaDB Version 11.4.5-MariaDB-debug
|
- SSL connections supported
|
- binaries are debug compiled
|
- binaries built with wsrep patch
|
Collecting tests...
|
Installing system database...
|
|
|
==============================================================================
|
|
|
TEST RESULT TIME (ms) or COMMENT
|
--------------------------------------------------------------------------
|
|
|
worker[01] Using MTR_BUILD_THREAD 300, with reserved ports 19000..19029
|
main.ctype_latin1 [ fail ] Found warnings/errors in server log file!
|
Test ended at 2025-01-22 16:34:49
|
line
|
/home/bar/maria-git/11.4.m35538.ubsa/strings/ctype-uca.c:33872:43: runtime error: applying zero offset to null pointer
|
SUMMARY: UndefinedBehaviorSanitizer: nullptr-with-offset /home/bar/maria-git/11.4.m35538.ubsa/strings/ctype-uca.c:33872:43 in
|
/home/bar/maria-git/11.4.m35538.ubsa/strings/ctype-bin.c:205:10: runtime error: applying zero offset to null pointer
|
SUMMARY: UndefinedBehaviorSanitizer: nullptr-with-offset /home/bar/maria-git/11.4.m35538.ubsa/strings/ctype-bin.c:205:10 in
|
^ Found warnings in /home/bar/maria-git/11.4.m35538.ubsa/BUILD-UBSAN/mysql-test/var/log/mysqld.1.err
|
ok
|
|
|
- saving '/home/bar/maria-git/11.4.m35538.ubsa/BUILD-UBSAN/mysql-test/var/log/main.ctype_latin1/' to '/home/bar/maria-git/11.4.m35538.ubsa/BUILD-UBSAN/mysql-test/var/log/main.ctype_latin1/'
|
--------------------------------------------------------------------------
|
The servers were restarted 0 times
|
Spent 0.000 of 24 seconds executing testcases
|
mysql-test-run: WARNING: Got errors/warnings while running tests, please examine '/home/bar/maria-git/11.4.m35538.ubsa/BUILD-UBSAN/mysql-test/var/log/warnings' for details.
|
|
|
Failure: Failed 1/1 tests, 0.00% were successful.
|
|
|
Failing test(s): main.ctype_latin1
|
|
|
The log files in var/log may give you some hint of what went wrong.
|
|
|
If you want to report this error, MariaDB's bug tracker is found at
|
https://jira.mariadb.org
|
|
|
mysql-test-run: *** ERROR: there were failing test cases
|
The problem is also repeatable with 11.4.
The problem is alsi repeatable with 10.11 with mtr, but one needs to use a test with uca1400_ai_ci collation, for example:
./mtr ctype_utf8mb4_uca_allkeys1400
|
It returns the following output:
EST RESULT TIME (ms) or COMMENT
|
--------------------------------------------------------------------------
|
|
|
worker[01] Using MTR_BUILD_THREAD 300, with reserved ports 19000..19029
|
main.ctype_utf8mb4_uca_allkeys1400 [ fail ] Found warnings/errors in server log file!
|
Test ended at 2025-01-22 17:04:11
|
line
|
/home/bar/maria-git/10.11.m35538.ub/strings/ctype-uca.c:33871:43: runtime error: applying zero offset to null pointer
|
SUMMARY: UndefinedBehaviorSanitizer: nullptr-with-offset /home/bar/maria-git/10.11.m35538.ub/strings/ctype-uca.c:33871:43 in
|
^ Found warnings in /home/bar/maria-git/10.11.m35538.ub/BUILD-UBSAN/mysql-test/var/log/mysqld.1.err
|
ok
|
|
|
- saving '/home/bar/maria-git/10.11.m35538.ub/BUILD-UBSAN/mysql-test/var/log/main.ctype_utf8mb4_uca_allkeys1400/' to '/home/bar/maria-git/10.11.m35538.ub/BUILD-UBSAN/mysql-test/var/log/main.ctype_utf8mb4_uca_allkeys1400/'
|
--------------------------------------------------------------------------
|
The servers were restarted 0 times
|
Spent 0.000 of 71 seconds executing testcases
|
mysql-test-run: WARNING: Got errors/warnings while running tests, please examine '/home/bar/maria-git/10.11.m35538.ub/BUILD-UBSAN/mysql-test/var/log/warnings' for details.
|
|
|
Failure: Failed 1/1 tests, 0.00% were successful.
|
|
|
Failing test(s): main.ctype_utf8mb4_uca_allkeys1400
|
with this stack
#0 0x5e59bbd in check_rules /home/bar/maria-git/10.11.m35538.ub/strings/ctype-uca.c:33871:43
|
#1 0x5e57c86 in init_weight_level /home/bar/maria-git/10.11.m35538.ub/strings/ctype-uca.c:34502:7
|
#2 0x5e578b2 in my_uca_init_levels /home/bar/maria-git/10.11.m35538.ub/strings/ctype-uca.c:34698:9
|
#3 0x5e4f1b2 in my_uca_info_init /home/bar/maria-git/10.11.m35538.ub/strings/ctype-uca.c:34719:10
|
#4 0x5e4e3d5 in create_tailoring /home/bar/maria-git/10.11.m35538.ub/strings/ctype-uca.c:34800:13
|
#5 0x5e31792 in my_coll_init_uca /home/bar/maria-git/10.11.m35538.ub/strings/ctype-uca.c:34617:10
|
#6 0x5e3dad4 in my_uca_coll_init_utf8mb4 /home/bar/maria-git/10.11.m35538.ub/strings/ctype-uca.c:36704:7
|
#7 0x5b3e48c in my_ci_init_collation /home/bar/maria-git/10.11.m35538.ub/include/m_ctype.h:1302:10
|
#8 0x5b344f4 in get_internal_charset /home/bar/maria-git/10.11.m35538.ub/mysys/charset.c:901:13
|
#9 0x5b3481d in my_collation_get_by_name /home/bar/maria-git/10.11.m35538.ub/mysys/charset.c:966:19
|
#10 0x24fec96 in Charset_loader_mysys::get_exact_collation(char const*, unsigned long) /home/bar/maria-git/10.11.m35538.ub/include/my_sys.h:1157:12
|
#11 0x24fe116 in Charset_loader_server::get_exact_collation_or_error(char const*, unsigned long) /home/bar/maria-git/10.11.m35538.ub/sql/lex_charset.h:45:23
|
#12 0x24f9ec1 in Lex_extended_collation_st::set_by_name(char const*, unsigned long) /home/bar/maria-git/10.11.m35538.ub/sql/lex_charset.cc:382:20
|
#13 0x280afa7 in MYSQLparse(THD*) /home/bar/maria-git/10.11.m35538.ub/sql/sql_yacc.yy:6608:48
|
#14 0x148e0b6 in parse_sql(THD*, Parser_state*, Object_creation_ctx*, bool) /home/bar/maria-git/10.11.m35538.ub/sql/sql_parse.cc:10582:46
|
#15 0x13e2c51 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /home/bar/maria-git/10.11.m35538.ub/sql/sql_parse.cc:8139:15
|
#16 0x13cd7d9 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /home/bar/maria-git/10.11.m35538.ub/sql/sql_parse.cc:1905:7
|
#17 0x13eb4b8 in do_command(THD*, bool) /home/bar/maria-git/10.11.m35538.ub/sql/sql_parse.cc:1418:17
|
#18 0x2077fe8 in do_handle_one_connection(CONNECT*, bool) /home/bar/maria-git/10.11.m35538.ub/sql/sql_connect.cc:1386:11
|
#19 0x2076db5 in handle_one_connection /home/bar/maria-git/10.11.m35538.ub/sql/sql_connect.cc:1298:5
|
#20 0x90e77e in asan_thread_start(void*) asan_interceptors.cpp.o
|
#21 0x7f0e2aeac906 in start_thread (/lib64/libc.so.6+0x8e906) (BuildId: 1cd2d1016ef987f11f5709c2aa0deb4520dcc851)
|
#22 0x7f0e2af33adb in __GI___clone3 (/lib64/libc.so.6+0x115adb) (BuildId: 1cd2d1016ef987f11f5709c2aa0deb4520dcc851)
|
Two global UBSAN supression filters were added for this issue: pointer-overflow:check_rules and pointer-overflow:init_weight_level.
The init_weight_level stack may be lightly sporadic.