[MDEV-38256] SIGSEGV in __strcasecmp_l_evex from ha_connect::GetTDB on SELECT - Jira

Details

Type: Bug
Status: Open (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: 10.6, 10.11, 11.4, 12.2, 12.3, 11.8
Fix Version/s: 10.6, 10.11, 11.4, 12.2, 11.8
Component/s: Storage Engine - Connect, Views
Labels:
None

Bug Category:
Can result in hang or crash

Description

CREATE VIEW c AS SELECT * FROM information_schema.tables;

INSTALL SONAME 'ha_connect';

CREATE TABLE t (c INT KEY) ENGINE=Connect;

SELECT * FROM t JOIN c;

Leads to:

CS 12.2.0 fd15fd2765b53d0c070dd01d86fb231024b8f284 (Debug, Clang 21.1.3-20250923) Build 10/11/2025
Core was generated by `/test/MD101125-mariadb-12.2.0-linux-x86_64-dbg/bin/mariadbd --no-defaults --max'.
Program terminated with signal SIGSEGV, Segmentation fault.
Download failed: Invalid argument. Continuing without source file ./string/../sysdeps/x86_64/multiarch/strcmp-evex.S.
#0 __strcasecmp_l_evex () at ../sysdeps/x86_64/multiarch/strcmp-evex.S:314

[Current thread is 1 (LWP 4100780)]
(gdb) bt
#0 __strcasecmp_l_evex () at ../sysdeps/x86_64/multiarch/strcmp-evex.S:314
#1 0x000075ad2c4ef4a4 in ha_connect::GetTDB (this=0x75ac48046b78, g=0x75ac48049f30) at /test/12.2_dbg/storage/connect/ha_connect.cc:1958
#2 0x000075ad2c4ef5fb in ha_connect::OpenTable (this=0x75ac48046b78, g=0x75ac48049f30, del=false)at /test/12.2_dbg/storage/connect/ha_connect.cc:1987
#3 0x000075ad2c4f616a in ha_connect::rnd_init (this=0x75ac48046b78, scan=false) at /test/12.2_dbg/storage/connect/ha_connect.cc:4132
#4 0x000075ad2c4f5de7 in ha_connect::index_init (this=0x75ac48046b78, idx=0, sorted=true) at /test/12.2_dbg/storage/connect/ha_connect.cc:3820
#5 0x000057c835ccdb28 in handler::ha_index_init (this=0x75ac48046b78, idx=0, sorted=true) at /test/12.2_dbg/sql/handler.cc:3845
#6 0x000057c8361e2dbf in join_read_first (tab=0x75ac480c7868)at /test/12.2_dbg/sql/sql_select.cc:25697
#7 0x000057c83619185f in sub_select (join=0x75ac480545e8, join_tab=0x75ac480c7868, end_of_records=false)at /test/12.2_dbg/sql/sql_select.cc:24554
#8 0x000057c8361b56de in do_select (join=0x75ac480545e8, procedure=0x0)at /test/12.2_dbg/sql/sql_select.cc:24068
#9 0x000057c8361b4bc6 in JOIN::exec_inner (this=0x75ac480545e8)at /test/12.2_dbg/sql/sql_select.cc:5134
#10 0x000057c8361b3ee3 in JOIN::exec (this=0x75ac480545e8)at /test/12.2_dbg/sql/sql_select.cc:4922
#11 0x000057c836192113 in mysql_select (thd=0x75ac48000d58, tables=0x75ac4801a5b8, fields=@0x75ac4801a220: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x75ac4801a568, last = 0x75ac480c5320, elements = 24}, <No data fields>}, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2164525824, result=0x75ac480545c0, unit=0x75ac48005178, select_lex=0x75ac48019f68) at /test/12.2_dbg/sql/sql_select.cc:5450
#12 0x000057c836191c0d in handle_select (thd=0x75ac48000d58, lex=0x75ac48005098, result=0x75ac480545c0, setup_tables_done_option=0)at /test/12.2_dbg/sql/sql_select.cc:636
#13 0x000057c83613d93a in execute_sqlcom_select (thd=0x75ac48000d58, all_tables=0x75ac4801a5b8) at /test/12.2_dbg/sql/sql_parse.cc:6171
#14 0x000057c836133db3 in mysql_execute_command (thd=0x75ac48000d58, is_called_from_prepared_stmt=false) at /test/12.2_dbg/sql/sql_parse.cc:3951
#15 0x000057c83612ccf8 in mysql_parse (thd=0x75ac48000d58, rawbuf=0x75ac48019ee0 "SELECT * FROM t JOIN c", length=22, parser_state=0x75ad2cf6ea00) at /test/12.2_dbg/sql/sql_parse.cc:7888
#16 0x000057c83612a4d9 in dispatch_command (command=COM_QUERY, thd=0x75ac48000d58, packet=0x75ac4800b239 "", packet_length=22, blocking=true) at /test/12.2_dbg/sql/sql_parse.cc:1878
#17 0x000057c83612d77a in do_command (thd=0x75ac48000d58, blocking=true)at /test/12.2_dbg/sql/sql_parse.cc:1417
#18 0x000057c836320afe in do_handle_one_connection (connect=0x57c838f18218, put_in_cache=true) at /test/12.2_dbg/sql/sql_connect.cc:1503
#19 0x000057c8363208e1 in handle_one_connection (arg=0x57c838e579f8)at /test/12.2_dbg/sql/sql_connect.cc:1415
#20 0x000075ad3649ca94 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447
#21 0x000075ad36529c3c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

Bug Detection Matrix
Rel o/d Build Commit UniqueID observed
CS 10.6 dbg 101125 759e3523e3d832b174cf0a612704da38b2557b40 SIGSEGV\|__strcasecmp_l_evex\|ha_connect::GetTDB\|ha_connect::OpenTable\|ha_connect::rnd_init
CS 10.6 opt 101125 759e3523e3d832b174cf0a612704da38b2557b40 SIGSEGV\|__strcasecmp_l_evex\|ha_connect::GetTDB\|ha_connect::OpenTable\|ha_connect::rnd_init
CS 10.11 dbg 101125 536cd151f0370216d9ba4c15f40c7037060972a5 SIGSEGV\|__strcasecmp_l_evex\|ha_connect::GetTDB\|ha_connect::OpenTable\|ha_connect::rnd_init
CS 10.11 opt 101125 536cd151f0370216d9ba4c15f40c7037060972a5 SIGSEGV\|__strcasecmp_l_evex\|ha_connect::GetTDB\|ha_connect::OpenTable\|ha_connect::rnd_init
CS 11.4 dbg 101125 a1bb5c94fda453baa99e57e3927eaa7cd3c8bafe SIGSEGV\|__strcasecmp_l_evex\|ha_connect::GetTDB\|ha_connect::OpenTable\|ha_connect::rnd_init
CS 11.4 opt 101125 a1bb5c94fda453baa99e57e3927eaa7cd3c8bafe SIGSEGV\|__strcasecmp_l_evex\|ha_connect::GetTDB\|ha_connect::OpenTable\|ha_connect::rnd_init
CS 11.8 dbg 101125 e0428264d0095472c015eb58c46be68ca1a320ee SIGSEGV\|__strcasecmp_l_evex\|ha_connect::GetTDB\|ha_connect::OpenTable\|ha_connect::rnd_init
CS 11.8 opt 101125 e0428264d0095472c015eb58c46be68ca1a320ee SIGSEGV\|__strcasecmp_l_evex\|ha_connect::GetTDB\|ha_connect::OpenTable\|ha_connect::rnd_init
CS 12.1 dbg 101125 ba00960fdaee67a4efff6866e31f446bf486a1c2 SIGSEGV\|__strcasecmp_l_evex\|ha_connect::GetTDB\|ha_connect::OpenTable\|ha_connect::rnd_init
CS 12.1 opt 101125 ba00960fdaee67a4efff6866e31f446bf486a1c2 SIGSEGV\|__strcasecmp_l_evex\|ha_connect::GetTDB\|ha_connect::OpenTable\|ha_connect::rnd_init
CS 12.2 dbg 101125 fd15fd2765b53d0c070dd01d86fb231024b8f284 SIGSEGV\|__strcasecmp_l_evex\|ha_connect::GetTDB\|ha_connect::OpenTable\|ha_connect::rnd_init
CS 12.2 opt 101125 fd15fd2765b53d0c070dd01d86fb231024b8f284 SIGSEGV\|__strcasecmp_l_evex\|ha_connect::GetTDB\|ha_connect::OpenTable\|ha_connect::rnd_init
ES 10.6 dbg 101125 f0d4d34fb0314b03fddb71fb9dbde372744a8c13 SIGSEGV\|__strcasecmp_l_evex\|ha_connect::GetTDB\|ha_connect::OpenTable\|ha_connect::rnd_init
ES 10.6 opt 101125 f0d4d34fb0314b03fddb71fb9dbde372744a8c13 SIGSEGV\|__strcasecmp_l_evex\|ha_connect::GetTDB\|ha_connect::OpenTable\|ha_connect::rnd_init
ES 11.4 dbg 101125 b81ec4b57a5ddce88b8e2b2d16b64625ffdaa0e6 SIGSEGV\|__strcasecmp_l_evex\|ha_connect::GetTDB\|ha_connect::OpenTable\|ha_connect::rnd_init
ES 11.4 opt 101125 b81ec4b57a5ddce88b8e2b2d16b64625ffdaa0e6 SIGSEGV\|__strcasecmp_l_evex\|ha_connect::GetTDB\|ha_connect::OpenTable\|ha_connect::rnd_init
ES 11.8 dbg 101125 db36e8fb3bcdae26dd0acdcb2b52f7f4eb014df6 SIGSEGV\|__strcasecmp_l_evex\|ha_connect::GetTDB\|ha_connect::OpenTable\|ha_connect::rnd_init
ES 11.8 opt 101125 db36e8fb3bcdae26dd0acdcb2b52f7f4eb014df6 SIGSEGV\|__strcasecmp_l_evex\|ha_connect::GetTDB\|ha_connect::OpenTable\|ha_connect::rnd_init

Testcase is MTR and CLI compatible.

SIGSEGV in __strcasecmp_l_evex from ha_connect::GetTDB on SELECT

Details

Description

Attachments

Activity

People

Dates

Git Integration