[MDEV-36611] SIGSEGV & UBASAN null-pointer-use in myrocks::Rdb_transaction_impl::get_write_batch on opt builds - Jira

Details

Type: Bug
Status: Open (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: 10.5, 10.6, 10.11, 11.4, 11.8, 12.0
Fix Version/s: 10.5, 10.6, 10.11, 11.4, 11.8
Component/s: Storage Engine - RocksDB, XA
Labels:
- UBSAN
- null-pointer-use

Description

Different from MDEV-24706 (which the below testcase also triggers, upon the CREATE TABLE but only in debug builds), we have:

INSTALL SONAME 'ha_rocksdb';

SET sql_mode='';

CREATE OR REPLACE TABLE mysql.general_log (c INT) ENGINE=RocksDB;

SET GLOBAL log_output='TABLE', GLOBAL general_log=TRUE;

CREATE TABLE t (c INT) ENGINE=RocksDB;  # Debug crash, i.e. MDEV-24706

XA START 'x';

INSERT INTO t VALUES (1);

XA END 'x';

SET autocommit=0;

XA COMMIT 'x' ONE PHASE;  # Optimized builds crash, i.e. the bug described in this ticket, MDEV-36611

Leading to (note optimized builds only):

CS 10.11.12 acd071f599f416ddb4821dec485c4d912844213f (Optimized) Build 12/04/2025
Core was generated by `/test/MD120425-mariadb-10.11.12-linux-x86_64-opt/bin/mariadbd --no-defaults --m'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007e7a7842620f in myrocks::Rdb_transaction_impl::get_write_batch (this=<optimized out>) at /test/10.11_opt/storage/rocksdb/ha_rocksdb.cc:3134
3134 bool is_two_phase() const { return m_is_two_phase; }
[Current thread is 1 (LWP 1134505)]
(gdb) bt
#0 0x00007e7a7842620f in myrocks::Rdb_transaction_impl::get_write_batch (this=<optimized out>) at /test/10.11_opt/storage/rocksdb/ha_rocksdb.cc:3134
#1 0x00007e7a7842d6fa in myrocks::Rdb_transaction::make_stmt_savepoint_permanent (this=0x0, this@entry=0x7e79b825e150)at /test/10.11_opt/storage/rocksdb/ha_rocksdb.cc:3071
#2 0x00007e7a7841573f in myrocks::rocksdb_commit (hton=<optimized out>, thd=0x7e79b8000c68, commit_tx=false)at /test/10.11_opt/storage/rocksdb/ha_rocksdb.cc:4247
#3 0x000065082eea19b0 in commit_one_phase_2 (thd=thd@entry=0x7e79b8000c68, all=false, trans=0x7e79b8004518, is_real_trans=true)at /test/10.11_opt/sql/handler.cc:2160
#4 0x000065082eea1464 in ha_commit_one_phase (thd=0x7e79b8000c68, all=false)at /test/10.11_opt/sql/handler.cc:2111
#5 ha_commit_trans (thd=thd@entry=0x7e79b8000c68, all=false)at /test/10.11_opt/sql/handler.cc:1903
#6 0x000065082ed8913a in trans_commit_stmt (thd=thd@entry=0x7e79b8000c68)at /test/10.11_opt/sql/transaction.cc:501
#7 0x000065082ec5be41 in mysql_execute_command (thd=thd@entry=0x7e79b8000c68, is_called_from_prepared_stmt=<optimized out>)at /test/10.11_opt/sql/sql_parse.cc:6225
#8 0x000065082ec53c11 in mysql_parse (thd=thd@entry=0x7e79b8000c68, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x7e7aa1bfe480)at /test/10.11_opt/sql/sql_parse.cc:8188
#9 0x000065082ec520cc in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x7e79b8000c68, packet=packet@entry=0x7e79b8008759 "XA COMMIT 'x' ONE PHASE", packet_length=packet_length@entry=23, blocking=true)at /test/10.11_opt/sql/sql_parse.cc:1905
#10 0x000065082ec54021 in do_command (thd=thd@entry=0x7e79b8000c68, blocking=true) at /test/10.11_opt/sql/sql_parse.cc:1418
#11 0x000065082ed781cd in do_handle_one_connection (connect=<optimized out>, connect@entry=0x6508323ba998, put_in_cache=true)at /test/10.11_opt/sql/sql_connect.cc:1386
#12 0x000065082ed77f93 in handle_one_connection (arg=arg@entry=0x6508323ba998)at /test/10.11_opt/sql/sql_connect.cc:1298
#13 0x000065082f0d664e in pfs_spawn_thread (arg=0x65083235a328)at /test/10.11_opt/storage/perfschema/pfs.cc:2201
#14 0x00007e7aa889ca94 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447
#15 0x00007e7aa8929c3c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

Bug Detection Matrix
Rel o/d Build Commit UniqueID observed
CS 10.5 dbg 120425 e6ea5d568c0fb972a391a8c64716846ddb7c57ef thd->transaction->stmt.is_empty() \|\| thd->in_sub_stmt\|SIGABRT\|mysql_execute_command\|mysql_parse\|dispatch_command\|do_command
CS 10.5 opt 120425 e6ea5d568c0fb972a391a8c64716846ddb7c57ef SIGSEGV\|myrocks::Rdb_transaction_impl::get_write_batch\|myrocks::Rdb_transaction::make_stmt_savepoint_permanent\|myrocks::rocksdb_commit\|commit_one_phase_2
CS 10.6 dbg 120425 690b2cf776faa2e1a6832077cec2246c86cd00bf thd->transaction->stmt.is_empty() \|\| thd->in_sub_stmt\|SIGABRT\|mysql_execute_command\|mysql_parse\|dispatch_command\|do_command
CS 10.6 opt 120425 690b2cf776faa2e1a6832077cec2246c86cd00bf SIGSEGV\|myrocks::Rdb_transaction_impl::get_write_batch\|myrocks::Rdb_transaction::make_stmt_savepoint_permanent\|myrocks::rocksdb_commit\|commit_one_phase_2
CS 10.11 dbg 120425 acd071f599f416ddb4821dec485c4d912844213f thd->transaction->stmt.is_empty() \|\| thd->in_sub_stmt\|SIGABRT\|mysql_execute_command\|mysql_parse\|dispatch_command\|do_command
CS 10.11 opt 120425 acd071f599f416ddb4821dec485c4d912844213f SIGSEGV\|myrocks::Rdb_transaction_impl::get_write_batch\|myrocks::Rdb_transaction::make_stmt_savepoint_permanent\|myrocks::rocksdb_commit\|commit_one_phase_2
CS 11.4 dbg 120425 4a701e8ce4a178faf955641caf59fc13fcc718e9 thd->transaction->stmt.is_empty() \|\| thd->in_sub_stmt\|SIGABRT\|mysql_execute_command\|mysql_parse\|dispatch_command\|do_command
CS 11.4 opt 120425 4a701e8ce4a178faf955641caf59fc13fcc718e9 SIGSEGV\|myrocks::Rdb_transaction_impl::get_write_batch\|myrocks::Rdb_transaction::make_stmt_savepoint_permanent\|myrocks::rocksdb_commit\|commit_one_phase_2
CS 11.8 dbg 120425 db5bb6f3339be5a49c0f397eb80a0f259f73f447 thd->transaction->stmt.is_empty() \|\| thd->in_sub_stmt\|SIGABRT\|mysql_execute_command\|mysql_parse\|dispatch_command\|do_command
CS 11.8 opt 120425 db5bb6f3339be5a49c0f397eb80a0f259f73f447 SIGSEGV\|myrocks::Rdb_transaction_impl::get_write_batch\|myrocks::Rdb_transaction::make_stmt_savepoint_permanent\|myrocks::rocksdb_commit\|commit_one_phase_2
CS 12.0 dbg 120425 22efc2c784e1b7199fb5804e6330168277ea7dce thd->transaction->stmt.is_empty() \|\| thd->in_sub_stmt\|SIGABRT\|mysql_execute_command\|mysql_parse\|dispatch_command\|do_command
CS 12.0 opt 120425 22efc2c784e1b7199fb5804e6330168277ea7dce SIGSEGV\|myrocks::Rdb_transaction_impl::get_write_batch\|myrocks::Rdb_transaction::make_stmt_savepoint_permanent\|myrocks::rocksdb_commit\|commit_one_phase_2
ES 10.5 dbg 120425 0d368ec0042a81d9549fc939fb742f82350b20ab thd->transaction->stmt.is_empty() \|\| thd->in_sub_stmt\|SIGABRT\|mysql_execute_command\|mysql_parse\|dispatch_command\|do_command
ES 10.5 opt 120425 0d368ec0042a81d9549fc939fb742f82350b20ab SIGSEGV\|myrocks::Rdb_transaction_impl::get_write_batch\|myrocks::Rdb_transaction::make_stmt_savepoint_permanent\|myrocks::rocksdb_commit\|commit_one_phase_2
ES 10.6 dbg 120425 74602d1b054ba6c9ee20af79d6e7807440a7a98e thd->transaction->stmt.is_empty() \|\| thd->in_sub_stmt\|SIGABRT\|mysql_execute_command\|mysql_parse\|dispatch_command\|do_command
ES 10.6 opt 120425 74602d1b054ba6c9ee20af79d6e7807440a7a98e SIGSEGV\|myrocks::Rdb_transaction_impl::get_write_batch\|myrocks::Rdb_transaction::make_stmt_savepoint_permanent\|myrocks::rocksdb_commit\|commit_one_phase_2
ES 11.4 dbg 120425 9cd12544ebfd0d52d2158af66b5aced58121cf1f thd->transaction->stmt.is_empty() \|\| thd->in_sub_stmt\|SIGABRT\|mysql_execute_command\|mysql_parse\|dispatch_command\|do_command
ES 11.4 opt 120425 9cd12544ebfd0d52d2158af66b5aced58121cf1f SIGSEGV\|myrocks::Rdb_transaction_impl::get_write_batch\|myrocks::Rdb_transaction::make_stmt_savepoint_permanent\|myrocks::rocksdb_commit\|commit_one_phase_2

Note: bug also present in bb-10.11.11-mdev16253-rocksdb-6.29fb. Testcase is CLI and MTR compatible.

Attachments

Activity

Ascending order - Click to sort in descending order

Roel Van de Paar added a comment - 2025-04-16 07:22

We also see a UBSAN error for this on optimized UBASAN builds:

CS 11.8.1 33e0796e7a154e02a5e53c55cefc5d6feb4f5e6d (Optimized, UBASAN, Clang) Build 15/02/2025
/test/11.8_opt_san/storage/rocksdb/ha_rocksdb.cc:3352:28: runtime error: member call on null pointer of type 'rocksdb::Transaction'
#0 0x75bc1dc137d1 in myrocks::Rdb_transaction_impl::get_write_batch() /test/11.8_opt_san/storage/rocksdb/ha_rocksdb.cc:3352:28
#1 0x75bc1dc3ad92 in myrocks::Rdb_transaction::make_stmt_savepoint_permanent() /test/11.8_opt_san/storage/rocksdb/ha_rocksdb.cc:3046:40
#2 0x75bc1dbe1f04 in myrocks::rocksdb_commit(THD*, bool) /test/11.8_opt_san/storage/rocksdb/ha_rocksdb.cc:4218:11
#3 0x58d28a2554d5 in commit_one_phase_2(THD, bool, THD_TRANS, bool) /test/11.8_opt_san/sql/handler.cc:2218:17
#4 0x58d28a252e7b in ha_commit_trans(THD*, bool) /test/11.8_opt_san/sql/handler.cc:1954:12
#5 0x58d289b321e7 in trans_commit_stmt(THD*) /test/11.8_opt_san/sql/transaction.cc:496:10
#6 0x58d289476d4f in mysql_execute_command(THD*, bool) /test/11.8_opt_san/sql/sql_parse.cc:5970:7
#7 0x58d28944e600 in mysql_parse(THD, char, unsigned int, Parser_state*) /test/11.8_opt_san/sql/sql_parse.cc:7915:18
#8 0x58d2894458c6 in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /test/11.8_opt_san/sql/sql_parse.cc:1902:7
#9 0x58d2894508c6 in do_command(THD*, bool) /test/11.8_opt_san/sql/sql_parse.cc:1415:17
#10 0x58d289ad6f5c in do_handle_one_connection(CONNECT*, bool) /test/11.8_opt_san/sql/sql_connect.cc:1415:11
#11 0x58d289ad67b6 in handle_one_connection /test/11.8_opt_san/sql/sql_connect.cc:1327:5
#12 0x58d288e9299c in asan_thread_start(void*) asan_interceptors.cpp.o
#13 0x75bcfaa9ca93 in start_thread nptl/pthread_create.c:447:8
#14 0x75bcfab29c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

SUMMARY: UndefinedBehaviorSanitizer: null-pointer-use /test/11.8_opt_san/storage/rocksdb/ha_rocksdb.cc:3352:28
250416 17:11:43 [ERROR] /test/UBASAN_MD150225-mariadb-11.8.1-linux-x86_64-opt/bin/mariadbd got signal 11 ;

Roel Van de Paar added a comment - 2025-04-16 07:22 We also see a UBSAN error for this on optimized UBASAN builds: CS 11.8.1 33e0796e7a154e02a5e53c55cefc5d6feb4f5e6d (Optimized, UBASAN, Clang) Build 15/02/2025 /test/11.8_opt_san/storage/rocksdb/ha_rocksdb.cc:3352:28: runtime error: member call on null pointer of type 'rocksdb::Transaction' #0 0x75bc1dc137d1 in myrocks::Rdb_transaction_impl::get_write_batch() /test/11.8_opt_san/storage/rocksdb/ha_rocksdb.cc:3352:28 #1 0x75bc1dc3ad92 in myrocks::Rdb_transaction::make_stmt_savepoint_permanent() /test/11.8_opt_san/storage/rocksdb/ha_rocksdb.cc:3046:40 #2 0x75bc1dbe1f04 in myrocks::rocksdb_commit(THD*, bool) /test/11.8_opt_san/storage/rocksdb/ha_rocksdb.cc:4218:11 #3 0x58d28a2554d5 in commit_one_phase_2(THD*, bool, THD_TRANS*, bool) /test/11.8_opt_san/sql/handler.cc:2218:17 #4 0x58d28a252e7b in ha_commit_trans(THD*, bool) /test/11.8_opt_san/sql/handler.cc:1954:12 #5 0x58d289b321e7 in trans_commit_stmt(THD*) /test/11.8_opt_san/sql/transaction.cc:496:10 #6 0x58d289476d4f in mysql_execute_command(THD*, bool) /test/11.8_opt_san/sql/sql_parse.cc:5970:7 #7 0x58d28944e600 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.8_opt_san/sql/sql_parse.cc:7915:18 #8 0x58d2894458c6 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.8_opt_san/sql/sql_parse.cc:1902:7 #9 0x58d2894508c6 in do_command(THD*, bool) /test/11.8_opt_san/sql/sql_parse.cc:1415:17 #10 0x58d289ad6f5c in do_handle_one_connection(CONNECT*, bool) /test/11.8_opt_san/sql/sql_connect.cc:1415:11 #11 0x58d289ad67b6 in handle_one_connection /test/11.8_opt_san/sql/sql_connect.cc:1327:5 #12 0x58d288e9299c in asan_thread_start(void*) asan_interceptors.cpp.o #13 0x75bcfaa9ca93 in start_thread nptl/pthread_create.c:447:8 #14 0x75bcfab29c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78 SUMMARY: UndefinedBehaviorSanitizer: null-pointer-use /test/11.8_opt_san/storage/rocksdb/ha_rocksdb.cc:3352:28 250416 17:11:43 [ERROR] /test/UBASAN_MD150225-mariadb-11.8.1-linux-x86_64-opt/bin/mariadbd got signal 11 ;

Roel Van de Paar added a comment - 2025-04-21 05:21 - edited

Also,

INSTALL SONAME 'ha_rocksdb';

SET autocommit=0;

SET GLOBAL log_output='TABLE';

SET default_storage_engine=RocksDB;

CREATE OR REPLACE TABLE mysql.general_log (a INT);

SET GLOBAL general_log=1;

CREATE TABLE t1 (a INT) ENGINE RocksDB;

INSERT INTO t1 VALUES ();

CREATE TABLE t (n INT,d DATE,KEY(n));

Leads to:

CS 10.11.12 acd071f599f416ddb4821dec485c4d912844213f (Optimized) Build 12/04/2025
Core was generated by `/test/MD120425-mariadb-10.11.12-linux-x86_64-opt/bin/mariadbd --no-defaults --m'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x000070d840e2620f in myrocks::Rdb_transaction_impl::get_write_batch (this=<optimized out>) at /test/10.11_opt/storage/rocksdb/ha_rocksdb.cc:3134

[Current thread is 1 (LWP 1703496)]
(gdb) bt
#0 0x000070d840e2620f in myrocks::Rdb_transaction_impl::get_write_batch (this=<optimized out>) at /test/10.11_opt/storage/rocksdb/ha_rocksdb.cc:3134
#1 0x000070d840e2d6fa in myrocks::Rdb_transaction::make_stmt_savepoint_permanent (this=0x0, this@entry=0x70d760234ff0)at /test/10.11_opt/storage/rocksdb/ha_rocksdb.cc:3071
#2 0x000070d840e1573f in myrocks::rocksdb_commit (hton=<optimized out>, thd=0x70d760000c68, commit_tx=false)at /test/10.11_opt/storage/rocksdb/ha_rocksdb.cc:4247
#3 0x00005b4a1cee49b0 in commit_one_phase_2 (thd=thd@entry=0x70d760000c68, all=false, trans=0x70d760004518, is_real_trans=true)at /test/10.11_opt/sql/handler.cc:2160
#4 0x00005b4a1cee4464 in ha_commit_one_phase (thd=0x70d760000c68, all=false)at /test/10.11_opt/sql/handler.cc:2111
#5 ha_commit_trans (thd=thd@entry=0x70d760000c68, all=false)at /test/10.11_opt/sql/handler.cc:1903
#6 0x00005b4a1cdcc13a in trans_commit_stmt (thd=thd@entry=0x70d760000c68)at /test/10.11_opt/sql/transaction.cc:501
#7 0x00005b4a1cc9ee41 in mysql_execute_command (thd=thd@entry=0x70d760000c68, is_called_from_prepared_stmt=<optimized out>)at /test/10.11_opt/sql/sql_parse.cc:6225
#8 0x00005b4a1cc96c11 in mysql_parse (thd=thd@entry=0x70d760000c68, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x70d870168480)at /test/10.11_opt/sql/sql_parse.cc:8188
#9 0x00005b4a1cc950cc in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x70d760000c68, packet=packet@entry=0x70d760008759 "CREATE TABLE t (n INT,d DATE,KEY(n))", packet_length=packet_length@entry=36, blocking=true)at /test/10.11_opt/sql/sql_parse.cc:1905
#10 0x00005b4a1cc97021 in do_command (thd=thd@entry=0x70d760000c68, blocking=true) at /test/10.11_opt/sql/sql_parse.cc:1418
#11 0x00005b4a1cdbb1cd in do_handle_one_connection (connect=<optimized out>, connect@entry=0x5b4a1fa7a808, put_in_cache=true)at /test/10.11_opt/sql/sql_connect.cc:1386
#12 0x00005b4a1cdbaf93 in handle_one_connection (arg=arg@entry=0x5b4a1fa7a808)at /test/10.11_opt/sql/sql_connect.cc:1298
#13 0x00005b4a1d11964e in pfs_spawn_thread (arg=0x5b4a1fa1a1c8)at /test/10.11_opt/storage/perfschema/pfs.cc:2201
#14 0x000070d87109ca94 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447
#15 0x000070d871129c3c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

CS 10.11.12 43c5d1303f5c7c726db276815c459436110f342f (Optimized, UBASAN, Clang) Build 15/02/2025
/test/10.11_opt_san/storage/rocksdb/ha_rocksdb.cc:3377:28: runtime error: member call on null pointer of type 'rocksdb::Transaction'
#0 0x7afe8d2110d1 in myrocks::Rdb_transaction_impl::get_write_batch() /test/10.11_opt_san/storage/rocksdb/ha_rocksdb.cc:3377:28
#1 0x7afe8d238792 in myrocks::Rdb_transaction::make_stmt_savepoint_permanent() /test/10.11_opt_san/storage/rocksdb/ha_rocksdb.cc:3071:40
#2 0x7afe8d1dff94 in myrocks::rocksdb_commit(handlerton, THD, bool) /test/10.11_opt_san/storage/rocksdb/ha_rocksdb.cc:4247:11
#3 0x63109db259f8 in commit_one_phase_2(THD, bool, THD_TRANS, bool) /test/10.11_opt_san/sql/handler.cc:2154:17
#4 0x63109db23492 in ha_commit_trans(THD*, bool) /test/10.11_opt_san/sql/handler.cc:1901:12
#5 0x63109d4a53e7 in trans_commit_stmt(THD*) /test/10.11_opt_san/sql/transaction.cc:501:10
#6 0x63109ce103c7 in mysql_execute_command(THD*, bool) /test/10.11_opt_san/sql/sql_parse.cc:6225:7
#7 0x63109cde6dc0 in mysql_parse(THD, char, unsigned int, Parser_state*) /test/10.11_opt_san/sql/sql_parse.cc:8188:18
#8 0x63109cdde0fd in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /test/10.11_opt_san/sql/sql_parse.cc:1905:7
#9 0x63109cde9086 in do_command(THD*, bool) /test/10.11_opt_san/sql/sql_parse.cc:1418:17
#10 0x63109d44ca9c in do_handle_one_connection(CONNECT*, bool) /test/10.11_opt_san/sql/sql_connect.cc:1386:11
#11 0x63109d44c2ea in handle_one_connection /test/10.11_opt_san/sql/sql_connect.cc:1298:5
#12 0x63109c82ddbc in asan_thread_start(void*) asan_interceptors.cpp.o
#13 0x7aff6369ca93 in start_thread nptl/pthread_create.c:447:8
#14 0x7aff63729c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

SUMMARY: UndefinedBehaviorSanitizer: null-pointer-use /test/10.11_opt_san/storage/rocksdb/ha_rocksdb.cc:3377:28

Roel Van de Paar added a comment - 2025-04-21 05:21 - edited Also, INSTALL SONAME 'ha_rocksdb' ; SET autocommit=0; SET GLOBAL log_output= 'TABLE' ; SET default_storage_engine=RocksDB; CREATE OR REPLACE TABLE mysql.general_log (a INT ); SET GLOBAL general_log=1; CREATE TABLE t1 (a INT ) ENGINE RocksDB; INSERT INTO t1 VALUES (); CREATE TABLE t (n INT ,d DATE , KEY (n)); Leads to: CS 10.11.12 acd071f599f416ddb4821dec485c4d912844213f (Optimized) Build 12/04/2025 Core was generated by `/test/MD120425-mariadb-10.11.12-linux-x86_64-opt/bin/mariadbd --no-defaults --m'. Program terminated with signal SIGSEGV, Segmentation fault. #0 0x000070d840e2620f in myrocks::Rdb_transaction_impl::get_write_batch (this=<optimized out>) at /test/10.11_opt/storage/rocksdb/ha_rocksdb.cc:3134 [Current thread is 1 (LWP 1703496)] (gdb) bt #0 0x000070d840e2620f in myrocks::Rdb_transaction_impl::get_write_batch (this=<optimized out>) at /test/10.11_opt/storage/rocksdb/ha_rocksdb.cc:3134 #1 0x000070d840e2d6fa in myrocks::Rdb_transaction::make_stmt_savepoint_permanent (this=0x0, this@entry=0x70d760234ff0)at /test/10.11_opt/storage/rocksdb/ha_rocksdb.cc:3071 #2 0x000070d840e1573f in myrocks::rocksdb_commit (hton=<optimized out>, thd=0x70d760000c68, commit_tx=false)at /test/10.11_opt/storage/rocksdb/ha_rocksdb.cc:4247 #3 0x00005b4a1cee49b0 in commit_one_phase_2 (thd=thd@entry=0x70d760000c68, all=false, trans=0x70d760004518, is_real_trans=true)at /test/10.11_opt/sql/handler.cc:2160 #4 0x00005b4a1cee4464 in ha_commit_one_phase (thd=0x70d760000c68, all=false)at /test/10.11_opt/sql/handler.cc:2111 #5 ha_commit_trans (thd=thd@entry=0x70d760000c68, all=false)at /test/10.11_opt/sql/handler.cc:1903 #6 0x00005b4a1cdcc13a in trans_commit_stmt (thd=thd@entry=0x70d760000c68)at /test/10.11_opt/sql/transaction.cc:501 #7 0x00005b4a1cc9ee41 in mysql_execute_command (thd=thd@entry=0x70d760000c68, is_called_from_prepared_stmt=<optimized out>)at /test/10.11_opt/sql/sql_parse.cc:6225 #8 0x00005b4a1cc96c11 in mysql_parse (thd=thd@entry=0x70d760000c68, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x70d870168480)at /test/10.11_opt/sql/sql_parse.cc:8188 #9 0x00005b4a1cc950cc in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x70d760000c68, packet=packet@entry=0x70d760008759 "CREATE TABLE t (n INT,d DATE,KEY(n))", packet_length=packet_length@entry=36, blocking=true)at /test/10.11_opt/sql/sql_parse.cc:1905 #10 0x00005b4a1cc97021 in do_command (thd=thd@entry=0x70d760000c68, blocking=true) at /test/10.11_opt/sql/sql_parse.cc:1418 #11 0x00005b4a1cdbb1cd in do_handle_one_connection (connect=<optimized out>, connect@entry=0x5b4a1fa7a808, put_in_cache=true)at /test/10.11_opt/sql/sql_connect.cc:1386 #12 0x00005b4a1cdbaf93 in handle_one_connection (arg=arg@entry=0x5b4a1fa7a808)at /test/10.11_opt/sql/sql_connect.cc:1298 #13 0x00005b4a1d11964e in pfs_spawn_thread (arg=0x5b4a1fa1a1c8)at /test/10.11_opt/storage/perfschema/pfs.cc:2201 #14 0x000070d87109ca94 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447 #15 0x000070d871129c3c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78 CS 10.11.12 43c5d1303f5c7c726db276815c459436110f342f (Optimized, UBASAN, Clang) Build 15/02/2025 /test/10.11_opt_san/storage/rocksdb/ha_rocksdb.cc:3377:28: runtime error: member call on null pointer of type 'rocksdb::Transaction' #0 0x7afe8d2110d1 in myrocks::Rdb_transaction_impl::get_write_batch() /test/10.11_opt_san/storage/rocksdb/ha_rocksdb.cc:3377:28 #1 0x7afe8d238792 in myrocks::Rdb_transaction::make_stmt_savepoint_permanent() /test/10.11_opt_san/storage/rocksdb/ha_rocksdb.cc:3071:40 #2 0x7afe8d1dff94 in myrocks::rocksdb_commit(handlerton*, THD*, bool) /test/10.11_opt_san/storage/rocksdb/ha_rocksdb.cc:4247:11 #3 0x63109db259f8 in commit_one_phase_2(THD*, bool, THD_TRANS*, bool) /test/10.11_opt_san/sql/handler.cc:2154:17 #4 0x63109db23492 in ha_commit_trans(THD*, bool) /test/10.11_opt_san/sql/handler.cc:1901:12 #5 0x63109d4a53e7 in trans_commit_stmt(THD*) /test/10.11_opt_san/sql/transaction.cc:501:10 #6 0x63109ce103c7 in mysql_execute_command(THD*, bool) /test/10.11_opt_san/sql/sql_parse.cc:6225:7 #7 0x63109cde6dc0 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/10.11_opt_san/sql/sql_parse.cc:8188:18 #8 0x63109cdde0fd in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/10.11_opt_san/sql/sql_parse.cc:1905:7 #9 0x63109cde9086 in do_command(THD*, bool) /test/10.11_opt_san/sql/sql_parse.cc:1418:17 #10 0x63109d44ca9c in do_handle_one_connection(CONNECT*, bool) /test/10.11_opt_san/sql/sql_connect.cc:1386:11 #11 0x63109d44c2ea in handle_one_connection /test/10.11_opt_san/sql/sql_connect.cc:1298:5 #12 0x63109c82ddbc in asan_thread_start(void*) asan_interceptors.cpp.o #13 0x7aff6369ca93 in start_thread nptl/pthread_create.c:447:8 #14 0x7aff63729c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78 SUMMARY: UndefinedBehaviorSanitizer: null-pointer-use /test/10.11_opt_san/storage/rocksdb/ha_rocksdb.cc:3377:28

MariaDB Server

SIGSEGV & UBASAN null-pointer-use in myrocks::Rdb_transaction_impl::get_write_batch on opt builds

Details

Description

Attachments

Activity

People

Dates

Git Integration