[MDEV-35538] UBSAN: nullptr-with-offset: runtime error: applying zero offset to null pointer in check_rules and in init_weight_level - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Critical
Resolution: Fixed
Affects Version/s: 11.7(EOL), 11.8
Fix Version/s: 10.11.11, 11.4.5, 11.7.2, 11.8.1
Component/s: Character Sets
Labels:

Description

export UBSAN_OPTIONS=print_stacktrace=1:report_error_type=1

rm -Rf data tmp

mkdir tmp

./scripts/mariadb-install-db --no-defaults --force --auth-root-authentication-method=normal --basedir=${PWD} --tmpdir=${PWD}/tmp --datadir=${PWD}/data

Leads to:

CS 11.7.1 d4d5bce2da0d22b25485da3904f9f5fc11d7fcd4 (Debug, UBASAN)
/test/11.7_dbg_san/strings/ctype-uca.c:33746:43: runtime error: applying zero offset to null pointer
#0 0x55ab8028f70d in check_rules /test/11.7_dbg_san/strings/ctype-uca.c:33746:43
#1 0x55ab8028d7d6 in init_weight_level /test/11.7_dbg_san/strings/ctype-uca.c:34377:7
#2 0x55ab8028d402 in my_uca_init_levels /test/11.7_dbg_san/strings/ctype-uca.c:34573:9
#3 0x55ab80284ef2 in my_uca_info_init /test/11.7_dbg_san/strings/ctype-uca.c:34594:10
#4 0x55ab80284143 in create_tailoring /test/11.7_dbg_san/strings/ctype-uca.c:34675:13
#5 0x55ab80263752 in my_coll_init_uca /test/11.7_dbg_san/strings/ctype-uca.c:34492:10
#6 0x55ab80271ac4 in my_uca_coll_init_utf8mb4 /test/11.7_dbg_san/strings/ctype-uca.c:36579:7
#7 0x55ab7ffa246c in my_ci_init_collation /test/11.7_dbg_san/include/m_ctype.h:1388:10
#8 0x55ab7ff98604 in get_internal_charset /test/11.7_dbg_san/mysys/charset.c:902:13
#9 0x55ab7ff9892d in my_collation_get_by_name /test/11.7_dbg_san/mysys/charset.c:967:19
#10 0x55ab7b7975de in Charset_loader_mysys::get_exact_collation(char const*, unsigned long) /test/11.7_dbg_san/include/my_sys.h:1221:12
#11 0x55ab7b78d1a6 in Charset_loader_mysys::get_exact_collation_by_context_name(charset_info_st const, char const, unsigned long) /test/11.7_dbg_san/include/my_sys.h:1255:12
#12 0x55ab7b7977d6 in Charset_loader_mysys::get_context_collation(char const*, unsigned long) /test/11.7_dbg_san/include/my_sys.h:1236:12
#13 0x55ab7b79165f in Charset_loader_server::get_context_collation_or_error(char const*, unsigned long) /test/11.7_dbg_san/sql/lex_charset.h:91:23
#14 0x55ab7b7913b0 in Lex_extended_collation_st::set_by_name(char const*, unsigned long) /test/11.7_dbg_san/sql/lex_charset.cc:379:22
#15 0x55ab7b798fd9 in Charset_collation_map_st::insert_or_replace(st_mysql_const_lex_string const&, st_mysql_const_lex_string const&, bool, unsigned long) /test/11.7_dbg_san/sql/charset_collations.cc:72:11
#16 0x55ab7b799433 in Charset_collation_map_st::from_text(st_mysql_const_lex_string const&, unsigned long) /test/11.7_dbg_san/sql/charset_collations.cc:106:11
#17 0x55ab7911bda4 in init_common_variables() /test/11.7_dbg_san/sql/mysqld.cc:4303:35
#18 0x55ab79115397 in mysqld_main(int, char**) /test/11.7_dbg_san/sql/mysqld.cc:5938:7
#19 0x55ab791004a3 in main /test/11.7_dbg_san/sql/main.cc:34:10
#20 0x14f77a02a1c9 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#21 0x14f77a02a28a in __libc_start_main csu/../csu/libc-start.c:360:3
#22 0x55ab79024c74 in _start (/test/UBASAN_MD271124-mariadb-11.7.1-linux-x86_64-dbg/bin/mariadbd+0x420ac74) (BuildId: 4ffc5d87b420973421d7e440cab2c81981d3640e)

SUMMARY: UndefinedBehaviorSanitizer: nullptr-with-offset /test/11.7_dbg_san/strings/ctype-uca.c:33746:43

And:

CS 11.7.1 d4d5bce2da0d22b25485da3904f9f5fc11d7fcd4 (Debug, UBASAN)
/test/11.7_dbg_san/strings/ctype-uca.c:34395:43: runtime error: applying zero offset to null pointer
#0 0x55ab8028dfe9 in init_weight_level /test/11.7_dbg_san/strings/ctype-uca.c:34395:43
#1 0x55ab8028d402 in my_uca_init_levels /test/11.7_dbg_san/strings/ctype-uca.c:34573:9
#2 0x55ab80284ef2 in my_uca_info_init /test/11.7_dbg_san/strings/ctype-uca.c:34594:10
#3 0x55ab80284143 in create_tailoring /test/11.7_dbg_san/strings/ctype-uca.c:34675:13
#4 0x55ab80263752 in my_coll_init_uca /test/11.7_dbg_san/strings/ctype-uca.c:34492:10
#5 0x55ab80271ac4 in my_uca_coll_init_utf8mb4 /test/11.7_dbg_san/strings/ctype-uca.c:36579:7
#6 0x55ab7ffa246c in my_ci_init_collation /test/11.7_dbg_san/include/m_ctype.h:1388:10
#7 0x55ab7ff98604 in get_internal_charset /test/11.7_dbg_san/mysys/charset.c:902:13
#8 0x55ab7ff9892d in my_collation_get_by_name /test/11.7_dbg_san/mysys/charset.c:967:19
#9 0x55ab7b7975de in Charset_loader_mysys::get_exact_collation(char const*, unsigned long) /test/11.7_dbg_san/include/my_sys.h:1221:12
#10 0x55ab7b78d1a6 in Charset_loader_mysys::get_exact_collation_by_context_name(charset_info_st const, char const, unsigned long) /test/11.7_dbg_san/include/my_sys.h:1255:12
#11 0x55ab7b7977d6 in Charset_loader_mysys::get_context_collation(char const*, unsigned long) /test/11.7_dbg_san/include/my_sys.h:1236:12
#12 0x55ab7b79165f in Charset_loader_server::get_context_collation_or_error(char const*, unsigned long) /test/11.7_dbg_san/sql/lex_charset.h:91:23
#13 0x55ab7b7913b0 in Lex_extended_collation_st::set_by_name(char const*, unsigned long) /test/11.7_dbg_san/sql/lex_charset.cc:379:22
#14 0x55ab7b798fd9 in Charset_collation_map_st::insert_or_replace(st_mysql_const_lex_string const&, st_mysql_const_lex_string const&, bool, unsigned long) /test/11.7_dbg_san/sql/charset_collations.cc:72:11
#15 0x55ab7b799433 in Charset_collation_map_st::from_text(st_mysql_const_lex_string const&, unsigned long) /test/11.7_dbg_san/sql/charset_collations.cc:106:11
#16 0x55ab7911bda4 in init_common_variables() /test/11.7_dbg_san/sql/mysqld.cc:4303:35
#17 0x55ab79115397 in mysqld_main(int, char**) /test/11.7_dbg_san/sql/mysqld.cc:5938:7
#18 0x55ab791004a3 in main /test/11.7_dbg_san/sql/main.cc:34:10
#19 0x14f77a02a1c9 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#20 0x14f77a02a28a in __libc_start_main csu/../csu/libc-start.c:360:3
#21 0x55ab79024c74 in _start (/test/UBASAN_MD271124-mariadb-11.7.1-linux-x86_64-dbg/bin/mariadbd+0x420ac74) (BuildId: 4ffc5d87b420973421d7e440cab2c81981d3640e)

Observed using UBSAN with Clang and LLMV 18.1.3:

sudo apt install clang llvm-18 llvm-18-linker-tools llvm-18-runtime llvm-18-tools llvm-18-dev libstdc++-14-dev llvm-dev llvm-17-linker-tools  # llvm-17-linker-tools installs /usr/lib/llvm-17/lib/LLVMgold.so, which is needed for compilation, and LLVMgold.so is no longer included in LLVM 18

sudo ln -s /usr/lib/llvm-17/lib/LLVMgold.so /usr/lib/llvm-18/lib/LLVMgold.so

...

export UBSAN_OPTIONS=print_stacktrace=1:report_error_type=1

Attachments

Issue Links

is caused by

MDEV-27009 Add UCA-14.0.0 collations

Closed

is duplicated by

MDEV-35872 UBSAN: runtime error: applying zero offset to null pointer on CLI init in ctype-uca.c

Closed

is part of

MDEV-25454 Make MariaDB server UBSAN safe

Confirmed

Activity

Ascending order - Click to sort in descending order

Roel Van de Paar created issue - 2024-11-30 04:05

Roel Van de Paar made changes - 2024-11-30 04:05

Field	Original Value	New Value
Labels	not-10.11 regression	not-10.11 not-10.5 not-10.6 regression

Roel Van de Paar made changes - 2024-11-30 04:06

Labels

not-10.11 not-10.5 not-10.6 regression

not-10.11 not-10.5 not-10.6 nullptr-with-offset regression

Roel Van de Paar made changes - 2024-11-30 04:08

Description

{code:bash}
export UBSAN_OPTIONS=print_stacktrace=1:report_error_type=1
rm -Rf data tmp
mkdir tmp
./scripts/mariadb-install-db --no-defaults --force --auth-root-authentication-method=normal --basedir=${PWD} --tmpdir=${PWD}/tmp --datadir=${PWD}/data
{code}
Leads to:
{noformat:title=CS 11.7.1 d4d5bce2da0d22b25485da3904f9f5fc11d7fcd4 (Debug, UBASAN)}
/test/11.7_dbg_san/strings/ctype-uca.c:33746:43: runtime error: applying zero offset to null pointer
    #0 0x55ab8028f70d in check_rules /test/11.7_dbg_san/strings/ctype-uca.c:33746:43
    #1 0x55ab8028d7d6 in init_weight_level /test/11.7_dbg_san/strings/ctype-uca.c:34377:7
    #2 0x55ab8028d402 in my_uca_init_levels /test/11.7_dbg_san/strings/ctype-uca.c:34573:9
    #3 0x55ab80284ef2 in my_uca_info_init /test/11.7_dbg_san/strings/ctype-uca.c:34594:10
    #4 0x55ab80284143 in create_tailoring /test/11.7_dbg_san/strings/ctype-uca.c:34675:13
    #5 0x55ab80263752 in my_coll_init_uca /test/11.7_dbg_san/strings/ctype-uca.c:34492:10
    #6 0x55ab80271ac4 in my_uca_coll_init_utf8mb4 /test/11.7_dbg_san/strings/ctype-uca.c:36579:7
    #7 0x55ab7ffa246c in my_ci_init_collation /test/11.7_dbg_san/include/m_ctype.h:1388:10
    #8 0x55ab7ff98604 in get_internal_charset /test/11.7_dbg_san/mysys/charset.c:902:13
    #9 0x55ab7ff9892d in my_collation_get_by_name /test/11.7_dbg_san/mysys/charset.c:967:19
    #10 0x55ab7b7975de in Charset_loader_mysys::get_exact_collation(char const*, unsigned long) /test/11.7_dbg_san/include/my_sys.h:1221:12
    #11 0x55ab7b78d1a6 in Charset_loader_mysys::get_exact_collation_by_context_name(charset_info_st const*, char const*, unsigned long) /test/11.7_dbg_san/include/my_sys.h:1255:12
    #12 0x55ab7b7977d6 in Charset_loader_mysys::get_context_collation(char const*, unsigned long) /test/11.7_dbg_san/include/my_sys.h:1236:12
    #13 0x55ab7b79165f in Charset_loader_server::get_context_collation_or_error(char const*, unsigned long) /test/11.7_dbg_san/sql/lex_charset.h:91:23
    #14 0x55ab7b7913b0 in Lex_extended_collation_st::set_by_name(char const*, unsigned long) /test/11.7_dbg_san/sql/lex_charset.cc:379:22
    #15 0x55ab7b798fd9 in Charset_collation_map_st::insert_or_replace(st_mysql_const_lex_string const&, st_mysql_const_lex_string const&, bool, unsigned long) /test/11.7_dbg_san/sql/charset_collations.cc:72:11
    #16 0x55ab7b799433 in Charset_collation_map_st::from_text(st_mysql_const_lex_string const&, unsigned long) /test/11.7_dbg_san/sql/charset_collations.cc:106:11
    #17 0x55ab7911bda4 in init_common_variables() /test/11.7_dbg_san/sql/mysqld.cc:4303:35
    #18 0x55ab79115397 in mysqld_main(int, char**) /test/11.7_dbg_san/sql/mysqld.cc:5938:7
    #19 0x55ab791004a3 in main /test/11.7_dbg_san/sql/main.cc:34:10
    #20 0x14f77a02a1c9 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #21 0x14f77a02a28a in __libc_start_main csu/../csu/libc-start.c:360:3
    #22 0x55ab79024c74 in _start (/test/UBASAN_MD271124-mariadb-11.7.1-linux-x86_64-dbg/bin/mariadbd+0x420ac74) (BuildId: 4ffc5d87b420973421d7e440cab2c81981d3640e)

SUMMARY: UndefinedBehaviorSanitizer: nullptr-with-offset /test/11.7_dbg_san/strings/ctype-uca.c:33746:43
{noformat}
And:
{noformat:title=CS 11.7.1 d4d5bce2da0d22b25485da3904f9f5fc11d7fcd4 (Debug, UBASAN)}
/test/11.7_dbg_san/strings/ctype-uca.c:34395:43: runtime error: applying zero offset to null pointer
    #0 0x55ab8028dfe9 in init_weight_level /test/11.7_dbg_san/strings/ctype-uca.c:34395:43
    #1 0x55ab8028d402 in my_uca_init_levels /test/11.7_dbg_san/strings/ctype-uca.c:34573:9
    #2 0x55ab80284ef2 in my_uca_info_init /test/11.7_dbg_san/strings/ctype-uca.c:34594:10
    #3 0x55ab80284143 in create_tailoring /test/11.7_dbg_san/strings/ctype-uca.c:34675:13
    #4 0x55ab80263752 in my_coll_init_uca /test/11.7_dbg_san/strings/ctype-uca.c:34492:10
    #5 0x55ab80271ac4 in my_uca_coll_init_utf8mb4 /test/11.7_dbg_san/strings/ctype-uca.c:36579:7
    #6 0x55ab7ffa246c in my_ci_init_collation /test/11.7_dbg_san/include/m_ctype.h:1388:10
    #7 0x55ab7ff98604 in get_internal_charset /test/11.7_dbg_san/mysys/charset.c:902:13
    #8 0x55ab7ff9892d in my_collation_get_by_name /test/11.7_dbg_san/mysys/charset.c:967:19
    #9 0x55ab7b7975de in Charset_loader_mysys::get_exact_collation(char const*, unsigned long) /test/11.7_dbg_san/include/my_sys.h:1221:12
    #10 0x55ab7b78d1a6 in Charset_loader_mysys::get_exact_collation_by_context_name(charset_info_st const*, char const*, unsigned long) /test/11.7_dbg_san/include/my_sys.h:1255:12
    #11 0x55ab7b7977d6 in Charset_loader_mysys::get_context_collation(char const*, unsigned long) /test/11.7_dbg_san/include/my_sys.h:1236:12
    #12 0x55ab7b79165f in Charset_loader_server::get_context_collation_or_error(char const*, unsigned long) /test/11.7_dbg_san/sql/lex_charset.h:91:23
    #13 0x55ab7b7913b0 in Lex_extended_collation_st::set_by_name(char const*, unsigned long) /test/11.7_dbg_san/sql/lex_charset.cc:379:22
    #14 0x55ab7b798fd9 in Charset_collation_map_st::insert_or_replace(st_mysql_const_lex_string const&, st_mysql_const_lex_string const&, bool, unsigned long) /test/11.7_dbg_san/sql/charset_collations.cc:72:11
    #15 0x55ab7b799433 in Charset_collation_map_st::from_text(st_mysql_const_lex_string const&, unsigned long) /test/11.7_dbg_san/sql/charset_collations.cc:106:11
    #16 0x55ab7911bda4 in init_common_variables() /test/11.7_dbg_san/sql/mysqld.cc:4303:35
    #17 0x55ab79115397 in mysqld_main(int, char**) /test/11.7_dbg_san/sql/mysqld.cc:5938:7
    #18 0x55ab791004a3 in main /test/11.7_dbg_san/sql/main.cc:34:10
    #19 0x14f77a02a1c9 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #20 0x14f77a02a28a in __libc_start_main csu/../csu/libc-start.c:360:3
    #21 0x55ab79024c74 in _start (/test/UBASAN_MD271124-mariadb-11.7.1-linux-x86_64-dbg/bin/mariadbd+0x420ac74) (BuildId: 4ffc5d87b420973421d7e440cab2c81981d3640e)
{noformat}
Observed using UBSAN with Clang and LLMV 18.1.3:
{code:bash}
sudo apt install clang llvm-18 llvm-18-linker-tools llvm-18-runtime llvm-18-tools llvm-18-dev libstdc++-14-dev llvm-dev llvm-17-linker-tools # llvm-17-linker-tools installs /usr/lib/llvm-17/lib/LLVMgold.so, which is needed for compilation, and LLVMgold.so is no longer included in LLVM 18
sudo ln -s /usr/lib/llvm-17/lib/LLVMgold.so /usr/lib/llvm-18/lib/LLVMgold.so
...
export UBSAN_OPTIONS=print_stacktrace=1:report_error_type=1
{code}

Roel Van de Paar made changes - 2024-11-30 04:08

Summary

UBSAN: nullptr-with-offset: runtime error: applying zero offset to null pointer in check_rules from init_weight_level

UBSAN: nullptr-with-offset: runtime error: applying zero offset to null pointer in check_rules and in init_weight_level

Roel Van de Paar made changes - 2024-11-30 04:13

Labels

not-10.11 not-10.5 not-10.6 nullptr-with-offset regression

not-10.11 not-10.5 not-10.6 nullptr-with-offset pointer-overflow regression

Roel Van de Paar made changes - 2024-11-30 04:17

Comment

[ A global UBSAN supression filter for {{pointer-overflow:check_rules}} was added for this issue. Oddly, that filters the second stack also (whereas it should not).
]

Roel Van de Paar made changes - 2024-11-30 04:20

Comment

[ A global UBSAN supression filter for {{pointer-overflow:check_rules}} was added for this issue.
Oddly, that filters the second stack also (whereas it should not). ]

Roel Van de Paar added a comment - 2024-11-30 04:26

Two global UBSAN supression filters were added for this issue: pointer-overflow:check_rules and pointer-overflow:init_weight_level.
The init_weight_level stack may be lightly sporadic.

Roel Van de Paar added a comment - 2024-11-30 04:26 Two global UBSAN supression filters were added for this issue: pointer-overflow:check_rules and pointer-overflow:init_weight_level . The init_weight_level stack may be lightly sporadic.

Roel Van de Paar made changes - 2024-11-30 04:26

Comment

[ Two global UBSAN supression filters were added for thsi issue: {{pointer-overflow:check_rules}} and {{pointer-overflow:init_weight_level}}.
The init_weight_level stack may be lightly sporadic. ]

Roel Van de Paar made changes - 2024-12-01 19:25

Link

This issue is part of ~~MDEV-34348~~ [ ~~MDEV-34348~~ ]

Roel Van de Paar made changes - 2024-12-01 19:27

Link

This issue is part of ~~MDEV-34348~~ [ ~~MDEV-34348~~ ]

Roel Van de Paar added a comment - 2024-12-02 19:11

Issue remains present in 11.8 after the merge that brought ~~MDEV-34348~~ to 11.8. Re-tested at commit f0961301c81c7f5b009c012c076abc326b203b4a (Debug, UBASAN, Clang).

Roel Van de Paar added a comment - 2024-12-02 19:11 Issue remains present in 11.8 after the merge that brought MDEV-34348 to 11.8. Re-tested at commit f0961301c81c7f5b009c012c076abc326b203b4a (Debug, UBASAN, Clang).

Alexander Barkov added a comment - 2025-01-22 12:35

It's repeatable with mtr as well:

bar@unicorns:~/maria-git/11.4.m35538.ubsa/BUILD-UBSAN/mysql-test$ ./mtr ctype_latin1

Logging: /home/bar/maria-git/11.4.m35538.ubsa/mysql-test/mariadb-test-run.pl  ctype_latin1

VS config:

vardir: /home/bar/maria-git/11.4.m35538.ubsa/BUILD-UBSAN/mysql-test/var

Removing old var directory...

Creating var directory '/home/bar/maria-git/11.4.m35538.ubsa/BUILD-UBSAN/mysql-test/var'...

Checking supported features...

/home/bar/maria-git/11.4.m35538.ubsa/strings/ctype-uca.c:33872:43: runtime error: applying zero offset to null pointer

    #0 0x5f286cd in check_rules /home/bar/maria-git/11.4.m35538.ubsa/strings/ctype-uca.c:33872:43

    #1 0x5f26796 in init_weight_level /home/bar/maria-git/11.4.m35538.ubsa/strings/ctype-uca.c:34503:7

    #2 0x5f263c2 in my_uca_init_levels /home/bar/maria-git/11.4.m35538.ubsa/strings/ctype-uca.c:34699:9

    #3 0x5f1dcc2 in my_uca_info_init /home/bar/maria-git/11.4.m35538.ubsa/strings/ctype-uca.c:34720:10

    #4 0x5f1cee5 in create_tailoring /home/bar/maria-git/11.4.m35538.ubsa/strings/ctype-uca.c:34801:13

    #5 0x5eff752 in my_coll_init_uca /home/bar/maria-git/11.4.m35538.ubsa/strings/ctype-uca.c:34618:10

    #6 0x5f0ba94 in my_uca_coll_init_utf8mb4 /home/bar/maria-git/11.4.m35538.ubsa/strings/ctype-uca.c:36705:7

    #7 0x5c001cc in my_ci_init_collation /home/bar/maria-git/11.4.m35538.ubsa/include/m_ctype.h:1303:10

    #8 0x5bff1ab in add_alias_for_collation /home/bar/maria-git/11.4.m35538.ubsa/mysys/charset.c:676:7

    #9 0x5f1a501 in mysql_utf8mb4_0900_collation_definitions_add /home/bar/maria-git/11.4.m35538.ubsa/strings/ctype-uca.c:39687:11

    #10 0x5e38386 in init_compiled_charsets /home/bar/maria-git/11.4.m35538.ubsa/mysys/charset-def.c:546:7

    #11 0x5c03c5a in init_available_charsets /home/bar/maria-git/11.4.m35538.ubsa/mysys/charset.c:823:3

    #12 0x7f0c944b1b82 in __pthread_once_slow (/lib64/libc.so.6+0x93b82) (BuildId: 1cd2d1016ef987f11f5709c2aa0deb4520dcc851)

    #13 0x5c06f78 in my_charset_get_by_name /home/bar/maria-git/11.4.m35538.ubsa/mysys/charset.c:1112:3

    #14 0x5c0727c in get_charset_by_csname /home/bar/maria-git/11.4.m35538.ubsa/mysys/charset.c:1133:10

    #15 0x984e71 in init_common_variables() /home/bar/maria-git/11.4.m35538.ubsa/sql/mysqld.cc:4224:11

    #16 0x97fd4e in mysqld_main(int, char**) /home/bar/maria-git/11.4.m35538.ubsa/sql/mysqld.cc:5836:7

    #17 0x973109 in main /home/bar/maria-git/11.4.m35538.ubsa/sql/main.cc:34:10

    #18 0x7f0c94446149 in __libc_start_call_main (/lib64/libc.so.6+0x28149) (BuildId: 1cd2d1016ef987f11f5709c2aa0deb4520dcc851)

    #19 0x7f0c9444620a in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x2820a) (BuildId: 1cd2d1016ef987f11f5709c2aa0deb4520dcc851)

    #20 0x894bc4 in _start (/home/bar/maria-git/11.4.m35538.ubsa/BUILD-UBSAN/sql/mariadbd+0x894bc4) (BuildId: 944dcc87e716934bf78bf158395cd893df4d1e9c)

SUMMARY: UndefinedBehaviorSanitizer: nullptr-with-offset /home/bar/maria-git/11.4.m35538.ubsa/strings/ctype-uca.c:33872:43 in

MariaDB Version 11.4.5-MariaDB-debug

 - SSL connections supported

 - binaries are debug compiled

 - binaries built with wsrep patch

Collecting tests...

Installing system database...

==============================================================================

TEST                                      RESULT   TIME (ms) or COMMENT

--------------------------------------------------------------------------

worker[01] Using MTR_BUILD_THREAD 300, with reserved ports 19000..19029

main.ctype_latin1                        [ fail ]  Found warnings/errors in server log file!

        Test ended at 2025-01-22 16:34:49

line

/home/bar/maria-git/11.4.m35538.ubsa/strings/ctype-uca.c:33872:43: runtime error: applying zero offset to null pointer

SUMMARY: UndefinedBehaviorSanitizer: nullptr-with-offset /home/bar/maria-git/11.4.m35538.ubsa/strings/ctype-uca.c:33872:43 in

/home/bar/maria-git/11.4.m35538.ubsa/strings/ctype-bin.c:205:10: runtime error: applying zero offset to null pointer

SUMMARY: UndefinedBehaviorSanitizer: nullptr-with-offset /home/bar/maria-git/11.4.m35538.ubsa/strings/ctype-bin.c:205:10 in

^ Found warnings in /home/bar/maria-git/11.4.m35538.ubsa/BUILD-UBSAN/mysql-test/var/log/mysqld.1.err

ok

 - saving '/home/bar/maria-git/11.4.m35538.ubsa/BUILD-UBSAN/mysql-test/var/log/main.ctype_latin1/' to '/home/bar/maria-git/11.4.m35538.ubsa/BUILD-UBSAN/mysql-test/var/log/main.ctype_latin1/'

--------------------------------------------------------------------------

The servers were restarted 0 times

Spent 0.000 of 24 seconds executing testcases

mysql-test-run: WARNING: Got errors/warnings while running tests, please examine '/home/bar/maria-git/11.4.m35538.ubsa/BUILD-UBSAN/mysql-test/var/log/warnings' for details.

Failure: Failed 1/1 tests, 0.00% were successful.

Failing test(s): main.ctype_latin1

The log files in var/log may give you some hint of what went wrong.

If you want to report this error, MariaDB's bug tracker is found at

https://jira.mariadb.org

mysql-test-run: *** ERROR: there were failing test cases

Alexander Barkov added a comment - 2025-01-22 12:35 It's repeatable with mtr as well: bar@unicorns:~/maria-git/11.4.m35538.ubsa/BUILD-UBSAN/mysql-test$ ./mtr ctype_latin1 Logging: /home/bar/maria-git/11.4.m35538.ubsa/mysql-test/mariadb-test-run.pl ctype_latin1 VS config: vardir: /home/bar/maria-git/11.4.m35538.ubsa/BUILD-UBSAN/mysql-test/var Removing old var directory... Creating var directory '/home/bar/maria-git/11.4.m35538.ubsa/BUILD-UBSAN/mysql-test/var'... Checking supported features... /home/bar/maria-git/11.4.m35538.ubsa/strings/ctype-uca.c:33872:43: runtime error: applying zero offset to null pointer #0 0x5f286cd in check_rules /home/bar/maria-git/11.4.m35538.ubsa/strings/ctype-uca.c:33872:43 #1 0x5f26796 in init_weight_level /home/bar/maria-git/11.4.m35538.ubsa/strings/ctype-uca.c:34503:7 #2 0x5f263c2 in my_uca_init_levels /home/bar/maria-git/11.4.m35538.ubsa/strings/ctype-uca.c:34699:9 #3 0x5f1dcc2 in my_uca_info_init /home/bar/maria-git/11.4.m35538.ubsa/strings/ctype-uca.c:34720:10 #4 0x5f1cee5 in create_tailoring /home/bar/maria-git/11.4.m35538.ubsa/strings/ctype-uca.c:34801:13 #5 0x5eff752 in my_coll_init_uca /home/bar/maria-git/11.4.m35538.ubsa/strings/ctype-uca.c:34618:10 #6 0x5f0ba94 in my_uca_coll_init_utf8mb4 /home/bar/maria-git/11.4.m35538.ubsa/strings/ctype-uca.c:36705:7 #7 0x5c001cc in my_ci_init_collation /home/bar/maria-git/11.4.m35538.ubsa/include/m_ctype.h:1303:10 #8 0x5bff1ab in add_alias_for_collation /home/bar/maria-git/11.4.m35538.ubsa/mysys/charset.c:676:7 #9 0x5f1a501 in mysql_utf8mb4_0900_collation_definitions_add /home/bar/maria-git/11.4.m35538.ubsa/strings/ctype-uca.c:39687:11 #10 0x5e38386 in init_compiled_charsets /home/bar/maria-git/11.4.m35538.ubsa/mysys/charset-def.c:546:7 #11 0x5c03c5a in init_available_charsets /home/bar/maria-git/11.4.m35538.ubsa/mysys/charset.c:823:3 #12 0x7f0c944b1b82 in __pthread_once_slow (/lib64/libc.so.6+0x93b82) (BuildId: 1cd2d1016ef987f11f5709c2aa0deb4520dcc851) #13 0x5c06f78 in my_charset_get_by_name /home/bar/maria-git/11.4.m35538.ubsa/mysys/charset.c:1112:3 #14 0x5c0727c in get_charset_by_csname /home/bar/maria-git/11.4.m35538.ubsa/mysys/charset.c:1133:10 #15 0x984e71 in init_common_variables() /home/bar/maria-git/11.4.m35538.ubsa/sql/mysqld.cc:4224:11 #16 0x97fd4e in mysqld_main(int, char**) /home/bar/maria-git/11.4.m35538.ubsa/sql/mysqld.cc:5836:7 #17 0x973109 in main /home/bar/maria-git/11.4.m35538.ubsa/sql/main.cc:34:10 #18 0x7f0c94446149 in __libc_start_call_main (/lib64/libc.so.6+0x28149) (BuildId: 1cd2d1016ef987f11f5709c2aa0deb4520dcc851) #19 0x7f0c9444620a in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x2820a) (BuildId: 1cd2d1016ef987f11f5709c2aa0deb4520dcc851) #20 0x894bc4 in _start (/home/bar/maria-git/11.4.m35538.ubsa/BUILD-UBSAN/sql/mariadbd+0x894bc4) (BuildId: 944dcc87e716934bf78bf158395cd893df4d1e9c) SUMMARY: UndefinedBehaviorSanitizer: nullptr-with-offset /home/bar/maria-git/11.4.m35538.ubsa/strings/ctype-uca.c:33872:43 in MariaDB Version 11.4.5-MariaDB-debug - SSL connections supported - binaries are debug compiled - binaries built with wsrep patch Collecting tests... Installing system database... ============================================================================== TEST RESULT TIME (ms) or COMMENT -------------------------------------------------------------------------- worker[01] Using MTR_BUILD_THREAD 300, with reserved ports 19000..19029 main.ctype_latin1 [ fail ] Found warnings/errors in server log file! Test ended at 2025-01-22 16:34:49 line /home/bar/maria-git/11.4.m35538.ubsa/strings/ctype-uca.c:33872:43: runtime error: applying zero offset to null pointer SUMMARY: UndefinedBehaviorSanitizer: nullptr-with-offset /home/bar/maria-git/11.4.m35538.ubsa/strings/ctype-uca.c:33872:43 in /home/bar/maria-git/11.4.m35538.ubsa/strings/ctype-bin.c:205:10: runtime error: applying zero offset to null pointer SUMMARY: UndefinedBehaviorSanitizer: nullptr-with-offset /home/bar/maria-git/11.4.m35538.ubsa/strings/ctype-bin.c:205:10 in ^ Found warnings in /home/bar/maria-git/11.4.m35538.ubsa/BUILD-UBSAN/mysql-test/var/log/mysqld.1.err ok - saving '/home/bar/maria-git/11.4.m35538.ubsa/BUILD-UBSAN/mysql-test/var/log/main.ctype_latin1/' to '/home/bar/maria-git/11.4.m35538.ubsa/BUILD-UBSAN/mysql-test/var/log/main.ctype_latin1/' -------------------------------------------------------------------------- The servers were restarted 0 times Spent 0.000 of 24 seconds executing testcases mysql-test-run: WARNING: Got errors/warnings while running tests, please examine '/home/bar/maria-git/11.4.m35538.ubsa/BUILD-UBSAN/mysql-test/var/log/warnings' for details. Failure: Failed 1/1 tests, 0.00% were successful. Failing test(s): main.ctype_latin1 The log files in var/log may give you some hint of what went wrong. If you want to report this error, MariaDB's bug tracker is found at https://jira.mariadb.org mysql-test-run: *** ERROR: there were failing test cases

Alexander Barkov added a comment - 2025-01-22 12:37 - edited

The problem is also repeatable with 11.4.

The problem is alsi repeatable with 10.11 with mtr, but one needs to use a test with uca1400_ai_ci collation, for example:

./mtr ctype_utf8mb4_uca_allkeys1400

It returns the following output:

EST                                      RESULT   TIME (ms) or COMMENT

--------------------------------------------------------------------------

worker[01] Using MTR_BUILD_THREAD 300, with reserved ports 19000..19029

main.ctype_utf8mb4_uca_allkeys1400       [ fail ]  Found warnings/errors in server log file!

        Test ended at 2025-01-22 17:04:11

line

/home/bar/maria-git/10.11.m35538.ub/strings/ctype-uca.c:33871:43: runtime error: applying zero offset to null pointer

SUMMARY: UndefinedBehaviorSanitizer: nullptr-with-offset /home/bar/maria-git/10.11.m35538.ub/strings/ctype-uca.c:33871:43 in

^ Found warnings in /home/bar/maria-git/10.11.m35538.ub/BUILD-UBSAN/mysql-test/var/log/mysqld.1.err

ok

 - saving '/home/bar/maria-git/10.11.m35538.ub/BUILD-UBSAN/mysql-test/var/log/main.ctype_utf8mb4_uca_allkeys1400/' to '/home/bar/maria-git/10.11.m35538.ub/BUILD-UBSAN/mysql-test/var/log/main.ctype_utf8mb4_uca_allkeys1400/'

--------------------------------------------------------------------------

The servers were restarted 0 times

Spent 0.000 of 71 seconds executing testcases

mysql-test-run: WARNING: Got errors/warnings while running tests, please examine '/home/bar/maria-git/10.11.m35538.ub/BUILD-UBSAN/mysql-test/var/log/warnings' for details.

Failure: Failed 1/1 tests, 0.00% were successful.

Failing test(s): main.ctype_utf8mb4_uca_allkeys1400

with this stack

    #0 0x5e59bbd in check_rules /home/bar/maria-git/10.11.m35538.ub/strings/ctype-uca.c:33871:43

    #1 0x5e57c86 in init_weight_level /home/bar/maria-git/10.11.m35538.ub/strings/ctype-uca.c:34502:7

    #2 0x5e578b2 in my_uca_init_levels /home/bar/maria-git/10.11.m35538.ub/strings/ctype-uca.c:34698:9

    #3 0x5e4f1b2 in my_uca_info_init /home/bar/maria-git/10.11.m35538.ub/strings/ctype-uca.c:34719:10

    #4 0x5e4e3d5 in create_tailoring /home/bar/maria-git/10.11.m35538.ub/strings/ctype-uca.c:34800:13

    #5 0x5e31792 in my_coll_init_uca /home/bar/maria-git/10.11.m35538.ub/strings/ctype-uca.c:34617:10

    #6 0x5e3dad4 in my_uca_coll_init_utf8mb4 /home/bar/maria-git/10.11.m35538.ub/strings/ctype-uca.c:36704:7

    #7 0x5b3e48c in my_ci_init_collation /home/bar/maria-git/10.11.m35538.ub/include/m_ctype.h:1302:10

    #8 0x5b344f4 in get_internal_charset /home/bar/maria-git/10.11.m35538.ub/mysys/charset.c:901:13

    #9 0x5b3481d in my_collation_get_by_name /home/bar/maria-git/10.11.m35538.ub/mysys/charset.c:966:19

    #10 0x24fec96 in Charset_loader_mysys::get_exact_collation(char const*, unsigned long) /home/bar/maria-git/10.11.m35538.ub/include/my_sys.h:1157:12

    #11 0x24fe116 in Charset_loader_server::get_exact_collation_or_error(char const*, unsigned long) /home/bar/maria-git/10.11.m35538.ub/sql/lex_charset.h:45:23

    #12 0x24f9ec1 in Lex_extended_collation_st::set_by_name(char const*, unsigned long) /home/bar/maria-git/10.11.m35538.ub/sql/lex_charset.cc:382:20

    #13 0x280afa7 in MYSQLparse(THD*) /home/bar/maria-git/10.11.m35538.ub/sql/sql_yacc.yy:6608:48

    #14 0x148e0b6 in parse_sql(THD*, Parser_state*, Object_creation_ctx*, bool) /home/bar/maria-git/10.11.m35538.ub/sql/sql_parse.cc:10582:46

    #15 0x13e2c51 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /home/bar/maria-git/10.11.m35538.ub/sql/sql_parse.cc:8139:15

    #16 0x13cd7d9 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /home/bar/maria-git/10.11.m35538.ub/sql/sql_parse.cc:1905:7

    #17 0x13eb4b8 in do_command(THD*, bool) /home/bar/maria-git/10.11.m35538.ub/sql/sql_parse.cc:1418:17

    #18 0x2077fe8 in do_handle_one_connection(CONNECT*, bool) /home/bar/maria-git/10.11.m35538.ub/sql/sql_connect.cc:1386:11

    #19 0x2076db5 in handle_one_connection /home/bar/maria-git/10.11.m35538.ub/sql/sql_connect.cc:1298:5

    #20 0x90e77e in asan_thread_start(void*) asan_interceptors.cpp.o

    #21 0x7f0e2aeac906 in start_thread (/lib64/libc.so.6+0x8e906) (BuildId: 1cd2d1016ef987f11f5709c2aa0deb4520dcc851)

    #22 0x7f0e2af33adb in __GI___clone3 (/lib64/libc.so.6+0x115adb) (BuildId: 1cd2d1016ef987f11f5709c2aa0deb4520dcc851)

Alexander Barkov added a comment - 2025-01-22 12:37 - edited The problem is also repeatable with 11.4. The problem is alsi repeatable with 10.11 with mtr, but one needs to use a test with uca1400_ai_ci collation, for example: ./mtr ctype_utf8mb4_uca_allkeys1400 It returns the following output: EST RESULT TIME (ms) or COMMENT -------------------------------------------------------------------------- worker[01] Using MTR_BUILD_THREAD 300, with reserved ports 19000..19029 main.ctype_utf8mb4_uca_allkeys1400 [ fail ] Found warnings/errors in server log file! Test ended at 2025-01-22 17:04:11 line /home/bar/maria-git/10.11.m35538.ub/strings/ctype-uca.c:33871:43: runtime error: applying zero offset to null pointer SUMMARY: UndefinedBehaviorSanitizer: nullptr-with-offset /home/bar/maria-git/10.11.m35538.ub/strings/ctype-uca.c:33871:43 in ^ Found warnings in /home/bar/maria-git/10.11.m35538.ub/BUILD-UBSAN/mysql-test/var/log/mysqld.1.err ok - saving '/home/bar/maria-git/10.11.m35538.ub/BUILD-UBSAN/mysql-test/var/log/main.ctype_utf8mb4_uca_allkeys1400/' to '/home/bar/maria-git/10.11.m35538.ub/BUILD-UBSAN/mysql-test/var/log/main.ctype_utf8mb4_uca_allkeys1400/' -------------------------------------------------------------------------- The servers were restarted 0 times Spent 0.000 of 71 seconds executing testcases mysql-test-run: WARNING: Got errors/warnings while running tests, please examine '/home/bar/maria-git/10.11.m35538.ub/BUILD-UBSAN/mysql-test/var/log/warnings' for details. Failure: Failed 1/1 tests, 0.00% were successful. Failing test(s): main.ctype_utf8mb4_uca_allkeys1400 with this stack #0 0x5e59bbd in check_rules /home/bar/maria-git/10.11.m35538.ub/strings/ctype-uca.c:33871:43 #1 0x5e57c86 in init_weight_level /home/bar/maria-git/10.11.m35538.ub/strings/ctype-uca.c:34502:7 #2 0x5e578b2 in my_uca_init_levels /home/bar/maria-git/10.11.m35538.ub/strings/ctype-uca.c:34698:9 #3 0x5e4f1b2 in my_uca_info_init /home/bar/maria-git/10.11.m35538.ub/strings/ctype-uca.c:34719:10 #4 0x5e4e3d5 in create_tailoring /home/bar/maria-git/10.11.m35538.ub/strings/ctype-uca.c:34800:13 #5 0x5e31792 in my_coll_init_uca /home/bar/maria-git/10.11.m35538.ub/strings/ctype-uca.c:34617:10 #6 0x5e3dad4 in my_uca_coll_init_utf8mb4 /home/bar/maria-git/10.11.m35538.ub/strings/ctype-uca.c:36704:7 #7 0x5b3e48c in my_ci_init_collation /home/bar/maria-git/10.11.m35538.ub/include/m_ctype.h:1302:10 #8 0x5b344f4 in get_internal_charset /home/bar/maria-git/10.11.m35538.ub/mysys/charset.c:901:13 #9 0x5b3481d in my_collation_get_by_name /home/bar/maria-git/10.11.m35538.ub/mysys/charset.c:966:19 #10 0x24fec96 in Charset_loader_mysys::get_exact_collation(char const*, unsigned long) /home/bar/maria-git/10.11.m35538.ub/include/my_sys.h:1157:12 #11 0x24fe116 in Charset_loader_server::get_exact_collation_or_error(char const*, unsigned long) /home/bar/maria-git/10.11.m35538.ub/sql/lex_charset.h:45:23 #12 0x24f9ec1 in Lex_extended_collation_st::set_by_name(char const*, unsigned long) /home/bar/maria-git/10.11.m35538.ub/sql/lex_charset.cc:382:20 #13 0x280afa7 in MYSQLparse(THD*) /home/bar/maria-git/10.11.m35538.ub/sql/sql_yacc.yy:6608:48 #14 0x148e0b6 in parse_sql(THD*, Parser_state*, Object_creation_ctx*, bool) /home/bar/maria-git/10.11.m35538.ub/sql/sql_parse.cc:10582:46 #15 0x13e2c51 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /home/bar/maria-git/10.11.m35538.ub/sql/sql_parse.cc:8139:15 #16 0x13cd7d9 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /home/bar/maria-git/10.11.m35538.ub/sql/sql_parse.cc:1905:7 #17 0x13eb4b8 in do_command(THD*, bool) /home/bar/maria-git/10.11.m35538.ub/sql/sql_parse.cc:1418:17 #18 0x2077fe8 in do_handle_one_connection(CONNECT*, bool) /home/bar/maria-git/10.11.m35538.ub/sql/sql_connect.cc:1386:11 #19 0x2076db5 in handle_one_connection /home/bar/maria-git/10.11.m35538.ub/sql/sql_connect.cc:1298:5 #20 0x90e77e in asan_thread_start(void*) asan_interceptors.cpp.o #21 0x7f0e2aeac906 in start_thread (/lib64/libc.so.6+0x8e906) (BuildId: 1cd2d1016ef987f11f5709c2aa0deb4520dcc851) #22 0x7f0e2af33adb in __GI___clone3 (/lib64/libc.so.6+0x115adb) (BuildId: 1cd2d1016ef987f11f5709c2aa0deb4520dcc851)

Alexander Barkov made changes - 2025-01-22 12:39

Link

This issue is caused by ~~MDEV-27009~~ [ ~~MDEV-27009~~ ]

Alexander Barkov made changes - 2025-01-22 13:01

Fix Version/s

10.11 [ 27614 ]

Alexander Barkov made changes - 2025-01-23 14:44

Fix Version/s		10.11.11 [ 29954 ]
Fix Version/s		11.2.7 [ 29955 ]
Fix Version/s		11.4.5 [ 29956 ]
Fix Version/s		11.7.2 [ 29914 ]
Fix Version/s		11.8.1 [ 29961 ]
Fix Version/s	10.11 [ 27614 ]
Fix Version/s	11.7 [ 29815 ]
Resolution		Fixed [ 1 ]
Status	Open [ 1 ]	Closed [ 6 ]

Daniel Black made changes - 2025-04-15 03:58

Link

This issue is part of MDEV-25454 [ MDEV-25454 ]

Daniel Black made changes - 2025-04-15 04:00

Link

This issue is duplicated by ~~MDEV-35872~~ [ ~~MDEV-35872~~ ]

Sergei Golubchik made changes - 2025-04-15 17:51

Fix Version/s

11.2.7 [ 29955 ]

People

Assignee:: Alexander Barkov

Reporter:: Roel Van de Paar

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2024-11-30 04:05

Updated:: 2025-04-15 17:51

Resolved:: 2025-01-23 14:44

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server

Details

Description

Attachments

Issue Links

Activity

People

Dates

Git Integration