Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-37386

SIGSEGV in close_thread_table, UBSAN null-pointer-use in close_thread_table and Assertion `thd->open_tables == table->table' failed in mysql_create_like_table on CREATE GTT ... LIKE

    XMLWordPrintable

Details

    • Not for Release Notes

    Description

      This bug only affects ES 11.8, not CS 12.0

      --source include/have_log_bin.inc
      		 
      CREATE GLOBAL TEMPORARY TABLE t1 (c INT) ON COMMIT PRESERVE ROWS;
      		 
      SELECT * FROM t1;
      		 
      CREATE GLOBAL TEMPORARY TABLE t2 LIKE t1;

      Leads to:

      MDEV-35915 ES 11.8.3-1 267fc98bf48033db5cf8b3bbffd9d3aea4e9ea8e (Optimized, Clang) Build 31/07/2025

      		 
      Core was generated by `/test/MDEV-35915_EMD310725-mariadb-11.8.3-1-linux-x86_64-opt/bin/mariadbd --no-'.
      		 
      Program terminated with signal SIGSEGV, Segmentation fault.
      		 
      #0  close_thread_table (thd=thd@entry=0x7b47f4000c68, table_ptr=table_ptr@entry=0x7b47f4000d60)at /test/11.8-enterprise-global-tmp_opt/sql/sql_base.cc:1030
      		 
      1030	  handler *file= table->file;
      		 
      [Current thread is 1 (LWP 2602027)]
      		 
      (gdb) bt
      		 
      #0  close_thread_table (thd=thd@entry=0x7b47f4000c68, table_ptr=table_ptr@entry=0x7b47f4000d60)at /test/11.8-enterprise-global-tmp_opt/sql/sql_base.cc:1030
      		 
      #1  0x00005d5711ea55a7 in mysql_create_like_table (thd=thd@entry=0x7b47f4000c68, table=0x7b47f4017748, src_table=src_table@entry=0x7b47f4017ec8, create_info=create_info@entry=0x7b4924167b30)at /test/11.8-enterprise-global-tmp_opt/sql/sql_table.cc:6029
      		 
      #2  0x00005d5711ea4771 in Sql_cmd_create_table_like::execute (this=<optimized out>, thd=0x7b47f4000c68)at /test/11.8-enterprise-global-tmp_opt/sql/sql_table.cc:13793
      		 
      #3  0x00005d5711dc990e in mysql_execute_command (thd=thd@entry=0x7b47f4000c68, is_called_from_prepared_stmt=false)at /test/11.8-enterprise-global-tmp_opt/sql/sql_parse.cc:5898
      		 
      #4  0x00005d5711dc4f51 in mysql_parse (thd=thd@entry=0x7b47f4000c68, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x7b4924168420)at /test/11.8-enterprise-global-tmp_opt/sql/sql_parse.cc:7947
      		 
      #5  0x00005d5711dc33c4 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x7b47f4000c68, packet=packet@entry=0x7b47f4008999 "CREATE GLOBAL TEMPORARY TABLE t2 LIKE t1", packet_length=packet_length@entry=40, blocking=true)at /test/11.8-enterprise-global-tmp_opt/sql/sql_parse.cc:1913
      		 
      #6  0x00005d5711dc5361 in do_command (thd=thd@entry=0x7b47f4000c68, blocking=true)at /test/11.8-enterprise-global-tmp_opt/sql/sql_parse.cc:1426
      		 
      #7  0x00005d5711f1aa9d in do_handle_one_connection (connect=<optimized out>, connect@entry=0x5d5713cb0db8, put_in_cache=true)at /test/11.8-enterprise-global-tmp_opt/sql/sql_connect.cc:1415
      		 
      #8  0x00005d5711f1a85f in handle_one_connection (arg=arg@entry=0x5d5713cb0db8)at /test/11.8-enterprise-global-tmp_opt/sql/sql_connect.cc:1327
      		 
      #9  0x00005d57120d2c09 in pfs_spawn_thread (arg=0x5d5713c50a68)at /test/11.8-enterprise-global-tmp_opt/storage/perfschema/pfs.cc:2198
      		 
      #10 0x00007b492709ca94 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447
      		 
      #11 0x00007b4927129c3c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

      MDEV-35915 ES 11.8.3-1 267fc98bf48033db5cf8b3bbffd9d3aea4e9ea8e (Debug, Clang) Build 31/07/2025

      		 
      mariadbd: /test/11.8-enterprise-global-tmp_dbg/sql/sql_table.cc:6023: bool mysql_create_like_table(THD *, TABLE_LIST *, TABLE_LIST *, Table_specification_st *): Assertion `thd->open_tables == table->table' failed.

      MDEV-35915 ES 11.8.3-1 267fc98bf48033db5cf8b3bbffd9d3aea4e9ea8e (Debug, Clang) Build 31/07/2025

      		 
      Core was generated by `/test/MDEV-35915_EMD310725-mariadb-11.8.3-1-linux-x86_64-dbg/bin/mariadbd --no-'.
      		 
      Program terminated with signal SIGABRT, Aborted.
      		 
      #0  __pthread_kill_implementation (no_tid=0, signo=6, threadid=<optimized out>)at ./nptl/pthread_kill.c:44
      		 
       
      		 
      [Current thread is 1 (LWP 2601345)]
      		 
      (gdb) bt
      		 
      #0  __pthread_kill_implementation (no_tid=0, signo=6, threadid=<optimized out>)at ./nptl/pthread_kill.c:44
      		 
      #1  __pthread_kill_internal (signo=6, threadid=<optimized out>)at ./nptl/pthread_kill.c:78
      		 
      #2  __GI___pthread_kill (threadid=<optimized out>, signo=signo@entry=6)at ./nptl/pthread_kill.c:89
      		 
      #3  0x000075fd7224526e in __GI_raise (sig=sig@entry=6)at ../sysdeps/posix/raise.c:26
      		 
      #4  0x000075fd722288ff in __GI_abort () at ./stdlib/abort.c:79
      		 
      #5  0x000075fd7222881b in __assert_fail_base (fmt=0x75fd723d01e8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x63ab299b4489 "thd->open_tables == table->table", file=file@entry=0x63ab2997b8d1 "/test/11.8-enterprise-global-tmp_dbg/sql/sql_table.cc", line=line@entry=6023, function=function@entry=0x63ab29a31155 "bool mysql_create_like_table(THD *, TABLE_LIST *, TABLE_LIST *, Table_specification_st *)") at ./assert/assert.c:94
      		 
      #6  0x000075fd7223b507 in __assert_fail (assertion=0x63ab299b4489 "thd->open_tables == table->table", file=0x63ab2997b8d1 "/test/11.8-enterprise-global-tmp_dbg/sql/sql_table.cc", line=6023, function=0x63ab29a31155 "bool mysql_create_like_table(THD *, TABLE_LIST *, TABLE_LIST *, Table_specification_st *)") at ./assert/assert.c:103
      		 
      #7  0x000063ab2a7ae500 in mysql_create_like_table (thd=0x75fc40000d58, table=0x75fc40019f48, src_table=0x75fc4001a6c8, create_info=0x75fd700e4f68)at /test/11.8-enterprise-global-tmp_dbg/sql/sql_table.cc:6023
      		 
      #8  0x000063ab2a7ad0de in Sql_cmd_create_table_like::execute (this=0x75fc40019ed0, thd=0x75fc40000d58)at /test/11.8-enterprise-global-tmp_dbg/sql/sql_table.cc:13793
      		 
      #9  0x000063ab2a65f9ef in mysql_execute_command (thd=0x75fc40000d58, is_called_from_prepared_stmt=false)at /test/11.8-enterprise-global-tmp_dbg/sql/sql_parse.cc:5898
      		 
      #10 0x000063ab2a64e444 in mysql_parse (thd=0x75fc40000d58, rawbuf=0x75fc40019e20 "CREATE GLOBAL TEMPORARY TABLE t2 LIKE t1", length=40, parser_state=0x75fd700e69f0)at /test/11.8-enterprise-global-tmp_dbg/sql/sql_parse.cc:7947
      		 
      #11 0x000063ab2a64b7af in dispatch_command (command=COM_QUERY, thd=0x75fc40000d58, packet=0x75fc4000b199 "CREATE GLOBAL TEMPORARY TABLE t2 LIKE t1", packet_length=40, blocking=true)at /test/11.8-enterprise-global-tmp_dbg/sql/sql_parse.cc:1913
      		 
      #12 0x000063ab2a64f00d in do_command (thd=0x75fc40000d58, blocking=true)at /test/11.8-enterprise-global-tmp_dbg/sql/sql_parse.cc:1426
      		 
      #13 0x000063ab2a86c6b9 in do_handle_one_connection (connect=0x63ab2db0a208, put_in_cache=true)at /test/11.8-enterprise-global-tmp_dbg/sql/sql_connect.cc:1415
      		 
      #14 0x000063ab2a86c45e in handle_one_connection (arg=0x63ab2db0a3a8)at /test/11.8-enterprise-global-tmp_dbg/sql/sql_connect.cc:1327
      		 
      #15 0x000075fd7229ca94 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447
      		 
      #16 0x000075fd72329c3c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

      And UBSAN sees a null-pointer-use:

      MDEV-35915 ES 11.8.3-1 267fc98bf48033db5cf8b3bbffd9d3aea4e9ea8e (Optimized, UBASAN, Clang) Build 31/07/2025

      		 
      /test/11.8-enterprise-global-tmp_opt_san/sql/sql_base.cc:1030:25: runtime error: member access within null pointer of type 'TABLE'
      		 
          #0 0x6517fd1fa8b6 in close_thread_table(THD*, TABLE**) /test/11.8-enterprise-global-tmp_opt_san/sql/sql_base.cc:1030:25
      		 
          #1 0x6517fdb4d251 in mysql_create_like_table(THD*, TABLE_LIST*, TABLE_LIST*, Table_specification_st*) /test/11.8-enterprise-global-tmp_opt_san/sql/sql_table.cc:6029:13
      		 
          #2 0x6517fdb49893 in Sql_cmd_create_table_like::execute(THD*) /test/11.8-enterprise-global-tmp_opt_san/sql/sql_table.cc:13793:12
      		 
          #3 0x6517fd696119 in mysql_execute_command(THD*, bool) /test/11.8-enterprise-global-tmp_opt_san/sql/sql_parse.cc:5898:26
      		 
          #4 0x6517fd674650 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.8-enterprise-global-tmp_opt_san/sql/sql_parse.cc:7947:18
      		 
          #5 0x6517fd66b99d in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.8-enterprise-global-tmp_opt_san/sql/sql_parse.cc:1913:7
      		 
          #6 0x6517fd676a92 in do_command(THD*, bool) /test/11.8-enterprise-global-tmp_opt_san/sql/sql_parse.cc:1426:17
      		 
          #7 0x6517fddd139c in do_handle_one_connection(CONNECT*, bool) /test/11.8-enterprise-global-tmp_opt_san/sql/sql_connect.cc:1415:11
      		 
          #8 0x6517fddd0bf6 in handle_one_connection /test/11.8-enterprise-global-tmp_opt_san/sql/sql_connect.cc:1327:5
      		 
          #9 0x6517fc594ccc in asan_thread_start(void*) crtstuff.c
      		 
          #10 0x78df2a49ca93 in start_thread nptl/pthread_create.c:447:8
      		 
          #11 0x78df2a529c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
      		 
       
      		 
      SUMMARY: UndefinedBehaviorSanitizer: null-pointer-use /test/11.8-enterprise-global-tmp_opt_san/sql/sql_base.cc:1030:25 
      250805 16:38:23 [ERROR] /test/MDEV-35915_UBASAN_EMD310725-mariadb-11.8.3-1-linux-x86_64-opt/bin/mariadbd got signal 11 ;

      Attachments

        Activity

          People

            nikitamalyavin Nikita Malyavin
            Roel Roel Van de Paar
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.