Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-39305

SIGSEGV in handler::keyread_enabled | handler::ha_end_keyread | st_join_table::cleanup

    XMLWordPrintable

Details

    • Can result in hang or crash

    Description

      --source include/have_innodb.inc
      		 
       
      		 
      SET sql_mode=ORACLE;
      		 
      CREATE OR REPLACE TABLE t (c INT);
      		 
      LOCK TABLE t WRITE;
      		 
      CREATE OR REPLACE TABLE t (PRIMARY KEY(a)) ENGINE=INNODB (SELECT 1 AS a) UNION ALL (SELECT 1 AS a);

      Leads to:

      CS 12.3.2 669e7aa798f984c0c4178c20f6926b956c8f095e (Optimized, Clang 18.1.3-11) Build 02/04/2026

      		 
      Core was generated by `/test/MD020426-mariadb-12.3.2-linux-x86_64-opt/bin/mariadbd --no-defaults --max'.
      		 
      Program terminated with signal SIGSEGV, Segmentation fault.
      		 
      #0  handler::keyread_enabled (this=0x0, this@entry=0x6e364806a540)at /test/12.3_opt/sql/handler.h:3778
      		 
       
      		 
      [Current thread is 1 (LWP 4118108)]
      		 
      (gdb) bt
      		 
      #0  handler::keyread_enabled (this=0x0, this@entry=0x6e364806a540)at /test/12.3_opt/sql/handler.h:3778
      		 
      #1  handler::ha_end_keyread (this=0x0, this@entry=0x6e364806a540)at /test/12.3_opt/sql/handler.h:3787
      		 
      #2  st_join_table::cleanup (this=this@entry=0x6e364806a540)at /test/12.3_opt/sql/sql_select.cc:16795
      		 
      #3  0x000061b284b3514e in JOIN::cleanup (this=0x6e364801c4b0, full=true)at /test/12.3_opt/sql/sql_select.cc:17348
      		 
      #4  0x000061b284b34ab7 in JOIN::destroy (this=0x0)at /test/12.3_opt/sql/sql_select.cc:5155
      		 
      #5  0x000061b284bb566d in st_select_lex::cleanup (this=0x6e3648019ef8)at /test/12.3_opt/sql/sql_union.cc:2982
      		 
      #6  0x000061b284b19c25 in mysql_select (thd=thd@entry=0x6e3648000c68, tables=<optimized out>, fields=@0x6e364801a1b0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x6e364801b240, last = 0x6e364801b240, elements = 1}, <No data fields>}, conds=<optimized out>, og_num=<optimized out>, order=<optimized out>, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x6e364801c368, unit=0x6e36480051b8, select_lex=0x6e3648019ef8)at /test/12.3_opt/sql/sql_select.cc:5458
      		 
      #7  0x000061b284b19740 in handle_select (thd=thd@entry=0x6e3648000c68, lex=lex@entry=0x6e36480050d8, result=result@entry=0x6e364801c368, setup_tables_done_option=setup_tables_done_option@entry=0)at /test/12.3_opt/sql/sql_select.cc:636
      		 
      #8  0x000061b284ba3fd4 in Sql_cmd_create_table_like::execute (this=<optimized out>, thd=0x6e3648000c68)at /test/12.3_opt/sql/sql_table.cc:13845
      		 
      #9  0x000061b284ae0191 in mysql_execute_command (thd=thd@entry=0x6e3648000c68, is_called_from_prepared_stmt=false) at /test/12.3_opt/sql/sql_parse.cc:5905
      		 
      #10 0x000061b284adb5f1 in mysql_parse (thd=thd@entry=0x6e3648000c68, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x76375b2ba4d0)at /test/12.3_opt/sql/sql_parse.cc:7944
      		 
      #11 0x000061b284ad9a6b in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x6e3648000c68, packet=packet@entry=0x6e3648008cc9 "CREATE OR REPLACE TABLE t (PRIMARY KEY(a)) (SELECT 1 AS a) UNION ALL (SELECT 1 AS a)", packet_length=packet_length@entry=84, blocking=true)at /test/12.3_opt/sql/sql_parse.cc:1898
      		 
      #12 0x000061b284adba01 in do_command (thd=thd@entry=0x6e3648000c68, blocking=true) at /test/12.3_opt/sql/sql_parse.cc:1432
      		 
      #13 0x000061b284c0cc2d in do_handle_one_connection (connect=<optimized out>, connect@entry=0x61b2a7864b08, put_in_cache=true)at /test/12.3_opt/sql/sql_connect.cc:1503
      		 
      #14 0x000061b284c0c9ef in handle_one_connection (arg=arg@entry=0x61b2a7864b08)at /test/12.3_opt/sql/sql_connect.cc:1415
      		 
      #15 0x000061b284fcdbe9 in pfs_spawn_thread (arg=0x61b2a7864b78)at /test/12.3_opt/storage/perfschema/pfs.cc:2198
      		 
      #16 0x0000763764a9caa4 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447
      		 
      #17 0x0000763764b29c6c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

      Bug Detection Matrix

      		 
          Rel    o/d  Build   Commit                                    UniqueID observed
      		 
      CS  10.6   dbg  060426  6ffb219883725fabda83d77d68df88e16b3760ad  No bug found
      		 
      CS  10.6   opt  060426  6ffb219883725fabda83d77d68df88e16b3760ad  No bug found
      		 
      CS  10.11  dbg  060426  fb9d6e444c370bcce5f00047ad335953f174897a  SIGSEGV|handler::keyread_enabled|handler::ha_end_keyread|st_join_table::cleanup|JOIN::cleanup
      		 
      CS  10.11  opt  060426  fb9d6e444c370bcce5f00047ad335953f174897a  SIGSEGV|handler::keyread_enabled|handler::ha_end_keyread|st_join_table::cleanup|JOIN::cleanup
      		 
      CS  11.4   dbg  060426  3b206b9cc6ac3e8a975c7e1c0b5fd72024544fe7  SIGSEGV|handler::keyread_enabled|handler::ha_end_keyread|st_join_table::cleanup|JOIN::cleanup
      		 
      CS  11.4   opt  060426  3b206b9cc6ac3e8a975c7e1c0b5fd72024544fe7  SIGSEGV|handler::keyread_enabled|handler::ha_end_keyread|st_join_table::cleanup|JOIN::cleanup
      		 
      CS  11.8   dbg  060426  e47db94aea7f0d6e0177e948486fc8860331f05f  SIGSEGV|handler::keyread_enabled|handler::ha_end_keyread|st_join_table::cleanup|JOIN::cleanup
      		 
      CS  11.8   opt  060426  e47db94aea7f0d6e0177e948486fc8860331f05f  SIGSEGV|handler::keyread_enabled|handler::ha_end_keyread|st_join_table::cleanup|JOIN::cleanup
      		 
      CS  12.2   dbg  060426  d26a6f44c1f2119377e79a9540886c6d8c01472f  SIGSEGV|handler::keyread_enabled|handler::ha_end_keyread|st_join_table::cleanup|JOIN::cleanup
      		 
      CS  12.2   opt  060426  d26a6f44c1f2119377e79a9540886c6d8c01472f  SIGSEGV|handler::keyread_enabled|handler::ha_end_keyread|st_join_table::cleanup|JOIN::cleanup
      		 
      CS  12.3   dbg  060426  620733d35db2108dc34ad74f35f6b4cb2722b594  SIGSEGV|handler::keyread_enabled|handler::ha_end_keyread|st_join_table::cleanup|JOIN::cleanup
      		 
      CS  12.3   opt  060426  620733d35db2108dc34ad74f35f6b4cb2722b594  SIGSEGV|handler::keyread_enabled|handler::ha_end_keyread|st_join_table::cleanup|JOIN::cleanup
      		 
      CS  13.0   dbg  070426  90f8178f33f6ecd33767a79b0f5b9b4c5a1367e5  SIGSEGV|handler::keyread_enabled|handler::ha_end_keyread|st_join_table::cleanup|JOIN::cleanup
      		 
      CS  13.0   opt  070426  90f8178f33f6ecd33767a79b0f5b9b4c5a1367e5  SIGSEGV|handler::keyread_enabled|handler::ha_end_keyread|st_join_table::cleanup|JOIN::cleanup
      		 
      ES  10.5   dbg  040825  70586522eacf09d04d49962072e14325a75d8155  No bug found
      		 
      ES  10.5   opt  040825  70586522eacf09d04d49962072e14325a75d8155  No bug found
      		 
      ES  10.6   dbg  040825  9b794f34b48fb7eee490b6da44edc0f33a947447  No bug found
      		 
      ES  10.6   opt  040825  9b794f34b48fb7eee490b6da44edc0f33a947447  No bug found
      		 
      ES  11.4   dbg  040825  a1c03ccd54b582e75506687ee19b273ca897f261  No bug found
      		 
      ES  11.4   opt  040825  a1c03ccd54b582e75506687ee19b273ca897f261  No bug found
      		 
      ES  11.8   dbg  151025  780565c207e9ce0ebf7d8e3d59f223801447b619  No bug found
      		 
      ES  11.8   opt  151025  780565c207e9ce0ebf7d8e3d59f223801447b619  No bug found

      Attachments

        Activity

          People

            sanja Oleksandr Byelkin
            ramesh Ramesh Sivaraman
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.