[MDEV-36221] CREATE SERVER segfaults on wrong mysql.servers - Jira

Details

Type: Bug
Status: Confirmed (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: 10.5, 10.6, 10.11, 11.4, 11.8, 12.0
Fix Version/s: 10.11, 11.4, 11.8
Component/s: Server
Labels:
None

Description

SImilar to ~~MDEV-33783~~, seems the fix did not resolve the issue completely

--source include/have_innodb.inc

CREATE OR REPLACE TABLE mysql.servers (x INT) ENGINE=INNODB;

CREATE SERVER s FOREIGN DATA WRAPPER mariadb OPTIONS (USER 'test_user');

Leads to:

CS 10.11.12 6e6a1b316ca8df5116613fbe4ca2dc37b3c73bd1 (Optimized) Build 03/03/2025
Core was generated by `/test/MD030325-mariadb-10.11.12-linux-x86_64-opt/bin/mariadbd --no-defaults --m'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x0000561bedefa5f7 in TABLE::actual_n_key_parts (this=<optimized out>, keyinfo=<optimized out>) at /test/10.11_opt/sql/table.cc:8623

[Current thread is 1 (Thread 0x153d5ce466c0 (LWP 3000975))]
(gdb) bt
#0 0x0000561bedefa5f7 in TABLE::actual_n_key_parts (this=<optimized out>, keyinfo=<optimized out>) at /test/10.11_opt/sql/table.cc:8623
#1 calculate_key_len (table=<optimized out>, key=<optimized out>, buf=<optimized out>, keypart_map=18446744073709551615)at /test/10.11_opt/sql/table.cc:5177
#2 0x0000561bedfdd408 in handler::index_read_map (this=0x153d0404cb58, buf=0x153d0404d358 "\377", key=0x0, keypart_map=18446744073709551615, find_flag=HA_READ_KEY_EXACT) at /test/10.11_opt/sql/handler.h:3863
#3 0x0000561bee060899 in handler::index_read_idx_map (this=0x153d0404cb58, buf=0x153d0404d358 "\377", index=0, key=0x153d0404d359 "", keypart_map=18446744073709551615, find_flag=HA_READ_KEY_EXACT)at /test/10.11_opt/sql/handler.cc:6961
#4 0x0000561bee05a06b in handler::ha_index_read_idx_map (this=0x153d0404cb58, buf=0x153d0404d358 "\377", index=0, key=<optimized out>, keypart_map=<optimized out>, find_flag=<optimized out>)at /test/10.11_opt/sql/handler.cc:3623
#5 0x0000561bedf2a3f8 in insert_server_record (table=0x153d04045de8, server=0x153d04007a80) at /test/10.11_opt/sql/sql_servers.cc:648
#6 insert_server (thd=0x153d04000c68, server=0x153d04007a80)at /test/10.11_opt/sql/sql_servers.cc:484
#7 create_server (thd=thd@entry=0x153d04000c68, server_options=server_options@entry=0x153d04006698)at /test/10.11_opt/sql/sql_servers.cc:1140
#8 0x0000561bede0fed6 in mysql_execute_command (thd=thd@entry=0x153d04000c68, is_called_from_prepared_stmt=<optimized out>)at /test/10.11_opt/sql/sql_parse.cc:6096
#9 0x0000561bede09471 in mysql_parse (thd=thd@entry=0x153d04000c68, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x153d5ce45480)at /test/10.11_opt/sql/sql_parse.cc:8188
#10 0x0000561bede0792c in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x153d04000c68, packet=packet@entry=0x153d04008759 "CREATE SERVER s FOREIGN DATA WRAPPER mariadb OPTIONS (USER 'test_user')", packet_length=packet_length@entry=71, blocking=true) at /test/10.11_opt/sql/sql_parse.cc:1905
#11 0x0000561bede09881 in do_command (thd=thd@entry=0x153d04000c68, blocking=true) at /test/10.11_opt/sql/sql_parse.cc:1418
#12 0x0000561bedf2d92d in do_handle_one_connection (connect=<optimized out>, connect@entry=0x561c11ecbe98, put_in_cache=true)at /test/10.11_opt/sql/sql_connect.cc:1386
#13 0x0000561bedf2d6f3 in handle_one_connection (arg=arg@entry=0x561c11ecbe98)at /test/10.11_opt/sql/sql_connect.cc:1298
#14 0x0000561bee28629e in pfs_spawn_thread (arg=0x561c11ef3fa8)at /test/10.11_opt/storage/perfschema/pfs.cc:2201
#15 0x0000153d5d29caa4 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447
#16 0x0000153d5d329c3c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

Bug confirmed present in:
MariaDB: 10.6.21 (dbg), 10.6.21 (opt), 10.11.12 (dbg), 10.11.12 (opt), 11.4.6 (dbg), 11.4.6 (opt), 11.8.1 (dbg), 11.8.1 (opt), 12.0.0 (dbg), 12.0.0 (opt)

Attachments

Issue Links

relates to

MDEV-33783 CREATE SERVER segfaults on wrong mysql.servers

Closed

Activity

Ascending order - Click to sort in descending order

Yuchen Pei added a comment - 2025-03-11 05:50

In both 10.6 15139c88a8f14c535f6888892f3f6dc3765bc765 and 10.5 868bc463c04948b649d907c731ca126b7f68fe4c: crashes indeed, but fail with ER_CANT_FIND_SYSTEM_REC (1012) and no crash with myisam

Yuchen Pei added a comment - 2025-03-11 05:50 In both 10.6 15139c88a8f14c535f6888892f3f6dc3765bc765 and 10.5 868bc463c04948b649d907c731ca126b7f68fe4c: crashes indeed, but fail with ER_CANT_FIND_SYSTEM_REC (1012) and no crash with myisam

Yuchen Pei added a comment - 2025-03-11 06:49

ramesh Why is the fixversion 10.6+ instead of 10.5+ or 10.11+?

Yuchen Pei added a comment - 2025-03-11 06:49 ramesh Why is the fixversion 10.6+ instead of 10.5+ or 10.11+?

Ramesh Sivaraman added a comment - 2025-03-11 07:05 - edited

ycp Sorry I missed to verify it on 10.5, reproduced on 10.5 build

Ramesh Sivaraman added a comment - 2025-03-11 07:05 - edited ycp Sorry I missed to verify it on 10.5, reproduced on 10.5 build

Yuchen Pei added a comment - 2025-03-11 23:21

ramesh no worries and thanks for confirming. I think the fix should go to 10.11 since it is not a common query triggering the issue, not of high priority, and I suspect not a new bug either.

Yuchen Pei added a comment - 2025-03-11 23:21 ramesh no worries and thanks for confirming. I think the fix should go to 10.11 since it is not a common query triggering the issue, not of high priority, and I suspect not a new bug either.

People

Assignee:: Yuchen Pei

Reporter:: Ramesh Sivaraman

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2025-03-05 09:16

Updated:: 2025-03-11 23:39

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server