Details
-
Bug
-
Status: Closed (View Workflow)
-
Blocker
-
Resolution: Fixed
-
12.3, 13.0
-
Can result in hang or crash
-
Q2/2026 Server Development
Description
This is a new regression in 12.3
INSTALL SONAME 'ha_sphinx'; |
CREATE TABLE t (c BIGINT,c2 BIGINT,c3 TEXT NOT NULL,KEY k (c3)) ENGINE=sphinx; |
CREATE TABLE t1 LIKE t; |
TRUNCATE t1; |
Leads to:
|
CS 13.0.1 3a2f8e27981b76b99d2b87cc3bcec5ef022b2b23 (Debug, Clang 21.1.3-20250923) Build 10/04/2026 |
Core was generated by `/test/MD100426-mariadb-13.0.1-linux-x86_64-dbg/bin/mariadbd --no-defaults --max'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 0x00007f9667eff8d1 in ha_sphinx::create (this=0x77952c091728, name=0x7f9667f65cd0 "./test/t1", table_arg=0x7f9667f64280)at /test/13.0_dbg/storage/sphinx/ha_sphinx.cc:3198
|
 |
[Current thread is 1 (LWP 3224220)]
|
(gdb) bt
|
#0 0x00007f9667eff8d1 in ha_sphinx::create (this=0x77952c091728, name=0x7f9667f65cd0 "./test/t1", table_arg=0x7f9667f64280)at /test/13.0_dbg/storage/sphinx/ha_sphinx.cc:3198
|
#1 0x00005e39c4d27a32 in handler::ha_create (this=0x77952c091728, name=0x7f9667f65cd0 "./test/t1", form=0x7f9667f64280, info_arg=0x7f9667f65ee0) at /test/13.0_dbg/sql/handler.cc:6232
|
#2 0x00005e39c4d298d0 in ha_create_table_from_share (thd=0x77952c000d58, share=0x7f9667f655f0, create_info=0x7f9667f65ee0, ref_length=0x7f9667f64754) at /test/13.0_dbg/sql/handler.cc:6692
|
#3 0x00005e39c4d291e5 in ha_create_table (thd=0x77952c000d58, path=0x7f9667f65cd0 "./test/t1", db=0x77952c01a1b8 "test", table_name=0x77952c01a188 "t1", create_info=0x7f9667f65ee0, frm=0x0, skip_frm_file=false) at /test/13.0_dbg/sql/handler.cc:6759
|
#4 0x00005e39c53f3c29 in dd_recreate_table (thd=0x77952c000d58, db=0x77952c01a1b8 "test", table_name=0x77952c01a188 "t1")at /test/13.0_dbg/sql/datadict.cc:211
|
#5 0x00005e39c53f2782 in Sql_cmd_truncate_table::truncate_table (this=0x77952c01a918, thd=0x77952c000d58, table_ref=0x77952c01a1c8)at /test/13.0_dbg/sql/sql_truncate.cc:520
|
#6 0x00005e39c53f29e7 in Sql_cmd_truncate_table::execute (this=0x77952c01a918, thd=0x77952c000d58)at /test/13.0_dbg/sql/sql_truncate.cc:602
|
#7 0x00005e39c51ab835 in mysql_execute_command (thd=0x77952c000d58, is_called_from_prepared_stmt=false) at /test/13.0_dbg/sql/sql_parse.cc:5902
|
#8 0x00005e39c519c9c8 in mysql_parse (thd=0x77952c000d58, rawbuf=0x77952c01a110 "TRUNCATE t1", length=11, parser_state=0x7f9667f679f0) at /test/13.0_dbg/sql/sql_parse.cc:7941
|
#9 0x00005e39c519a11e in dispatch_command (command=COM_QUERY, thd=0x77952c000d58, packet=0x77952c00b4b9 "TRUNCATE t1", packet_length=11, blocking=true) at /test/13.0_dbg/sql/sql_parse.cc:1898
|
#10 0x00005e39c519d44a in do_command (thd=0x77952c000d58, blocking=true)at /test/13.0_dbg/sql/sql_parse.cc:1432
|
#11 0x00005e39c53a070e in do_handle_one_connection (connect=0x5e39c7d71828, put_in_cache=true) at /test/13.0_dbg/sql/sql_connect.cc:1503
|
#12 0x00005e39c53a04f1 in handle_one_connection (arg=0x5e39c7d35b58)at /test/13.0_dbg/sql/sql_connect.cc:1415
|
#13 0x00007f966fe9ca94 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447
|
#14 0x00007f966ff29c3c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
|
Bug Detection Matrix |
Rel o/d Build Commit UniqueID observed
|
CS 10.6 dbg 100426 f39b634db715cd9dc1835653d1ce544df2aa1613 No bug found
|
CS 10.6 opt 100426 f39b634db715cd9dc1835653d1ce544df2aa1613 No bug found
|
CS 10.11 dbg 100426 ba774a0a90fac0163babe9d7a964aa36503e1711 No bug found
|
CS 10.11 opt 100426 ba774a0a90fac0163babe9d7a964aa36503e1711 No bug found
|
CS 11.4 dbg 100426 dc89915ad9bf3dcb67e66d2844c77ec0403373de No bug found
|
CS 11.4 opt 100426 dc89915ad9bf3dcb67e66d2844c77ec0403373de No bug found
|
CS 11.8 dbg 100426 e47db94aea7f0d6e0177e948486fc8860331f05f No bug found
|
CS 11.8 opt 100426 e47db94aea7f0d6e0177e948486fc8860331f05f No bug found
|
CS 12.3 dbg 100426 f5bb9922107672e88f7b5cbdb3d25151cc5744bb SIGSEGV|ha_sphinx::create|handler::ha_create|ha_create_table_from_share|ha_create_table
|
CS 12.3 opt 100426 f5bb9922107672e88f7b5cbdb3d25151cc5744bb SIGSEGV|ha_sphinx::create|handler::ha_create|ha_create_table_from_share|ha_create_table
|
CS 13.0 dbg 100426 3a2f8e27981b76b99d2b87cc3bcec5ef022b2b23 SIGSEGV|ha_sphinx::create|handler::ha_create|ha_create_table_from_share|ha_create_table
|
CS 13.0 opt 100426 3a2f8e27981b76b99d2b87cc3bcec5ef022b2b23 SIGSEGV|ha_sphinx::create|handler::ha_create|ha_create_table_from_share|ha_create_table
|
ES 10.6 dbg 100426 84a80c8b38208d362225496da08d86d8d454e453 No bug found
|
ES 10.6 opt 100426 84a80c8b38208d362225496da08d86d8d454e453 No bug found
|
ES 11.4 dbg 100426 8b2bf17b733262409422ce7d039a0c021fc47077 No bug found
|
ES 11.4 opt 100426 8b2bf17b733262409422ce7d039a0c021fc47077 No bug found
|
ES 11.8 dbg 100426 854cae81f52e477c7777a51db26ba640d8755b81 No bug found
|
ES 11.8 opt 100426 854cae81f52e477c7777a51db26ba640d8755b81 No bug found
|
ES 12.3 dbg 220426 613a6253fe9efc12e166f83a97663ba263db8317 SIGSEGV|ha_sphinx::create|handler::ha_create|ha_create_table_from_share|ha_create_table
|
ES 12.3 opt 220426 613a6253fe9efc12e166f83a97663ba263db8317 SIGSEGV|ha_sphinx::create|handler::ha_create|ha_create_table_from_share|ha_create_table
|
MS 5.5 dbg 070123 bac287c315b1792e7ae33f91add6a60292f9bae8 No bug found
|
MS 5.5 opt 070123 bac287c315b1792e7ae33f91add6a60292f9bae8 No bug found
|
MS 5.6 dbg 070123 dab95781a1244104d6b87020ac2fc4d190ba2946 No bug found
|
MS 5.6 opt 070123 dab95781a1244104d6b87020ac2fc4d190ba2946 No bug found
|
MS 5.7 dbg 070525 f7680e98b6bbe3500399fbad465d08a6b75d7a5c No bug found
|
MS 5.7 opt 070525 f7680e98b6bbe3500399fbad465d08a6b75d7a5c No bug found
|
MS 8.0 dbg 060224 49ef33f7edadef3ae04665e73d1babd40179a4f1 No bug found
|
MS 8.0 opt 060224 49ef33f7edadef3ae04665e73d1babd40179a4f1 No bug found
|
MS 9.1 dbg 211024 61a3a1d8ef15512396b4c2af46e922a19bf2b174 No bug found
|
MS 9.1 opt 211024 61a3a1d8ef15512396b4c2af46e922a19bf2b174 No bug found
|
And:
|
CS 13.0.1 3a2f8e27981b76b99d2b87cc3bcec5ef022b2b23 (Debug, UBASAN, Clang 21.1.3-20250923) Build 10/04/2026 |
/test/13.0_dbg_san/storage/sphinx/ha_sphinx.cc:3198:53: runtime error: member access within null pointer of type 'ha_table_option_struct'
|
#0 0x66f3e6fbe504 in ha_sphinx::create(char const*, TABLE*, HA_CREATE_INFO*) /test/13.0_dbg_san/storage/sphinx/ha_sphinx.cc:3198:53
|
#1 0x58b1d39e7077 in handler::ha_create(char const*, TABLE*, HA_CREATE_INFO*) /test/13.0_dbg_san/sql/handler.cc:6232:14
|
#2 0x58b1d39f0f18 in ha_create_table_from_share(THD*, TABLE_SHARE*, HA_CREATE_INFO*, unsigned int*) /test/13.0_dbg_san/sql/handler.cc:6692:26
|
#3 0x58b1d39ef826 in ha_create_table(THD*, char const*, char const*, char const*, HA_CREATE_INFO*, st_mysql_const_unsigned_lex_string*, bool) /test/13.0_dbg_san/sql/handler.cc:6759:15
|
#4 0x58b1d5285eca in dd_recreate_table(THD*, char const*, char const*) /test/13.0_dbg_san/sql/datadict.cc:211:3
|
#5 0x58b1d5283549 in Sql_cmd_truncate_table::truncate_table(THD*, TABLE_LIST*) /test/13.0_dbg_san/sql/sql_truncate.cc:520:14
|
#6 0x58b1d52840cc in Sql_cmd_truncate_table::execute(THD*) /test/13.0_dbg_san/sql/sql_truncate.cc:602:15
|
#7 0x58b1d4998379 in mysql_execute_command(THD*, bool) /test/13.0_dbg_san/sql/sql_parse.cc:5902:26
|
#8 0x58b1d497b21d in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/13.0_dbg_san/sql/sql_parse.cc:7941:18
|
#9 0x58b1d4972fee in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/13.0_dbg_san/sql/sql_parse.cc:1898:7
|
#10 0x58b1d497d5c4 in do_command(THD*, bool) /test/13.0_dbg_san/sql/sql_parse.cc:1432:17
|
#11 0x58b1d51b584c in do_handle_one_connection(CONNECT*, bool) /test/13.0_dbg_san/sql/sql_connect.cc:1503:11
|
#12 0x58b1d51b5355 in handle_one_connection /test/13.0_dbg_san/sql/sql_connect.cc:1415:5
|
#13 0x58b1d38736ca in asan_thread_start(void*) crtstuff.c
|
#14 0x72f4d009ca93 in start_thread nptl/pthread_create.c:447:8
|
#15 0x72f4d0129c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
 |
SUMMARY: UndefinedBehaviorSanitizer: null-pointer-use /test/13.0_dbg_san/storage/sphinx/ha_sphinx.cc:3198:53
|
/test/13.0_dbg_san/storage/sphinx/ha_sphinx.cc:3198:53: runtime error: load of null pointer of type 'char *'
|
#0 0x66f3e6fbe513 in ha_sphinx::create(char const*, TABLE*, HA_CREATE_INFO*) /test/13.0_dbg_san/storage/sphinx/ha_sphinx.cc:3198:53
|
#1 0x58b1d39e7077 in handler::ha_create(char const*, TABLE*, HA_CREATE_INFO*) /test/13.0_dbg_san/sql/handler.cc:6232:14
|
#2 0x58b1d39f0f18 in ha_create_table_from_share(THD*, TABLE_SHARE*, HA_CREATE_INFO*, unsigned int*) /test/13.0_dbg_san/sql/handler.cc:6692:26
|
#3 0x58b1d39ef826 in ha_create_table(THD*, char const*, char const*, char const*, HA_CREATE_INFO*, st_mysql_const_unsigned_lex_string*, bool) /test/13.0_dbg_san/sql/handler.cc:6759:15
|
#4 0x58b1d5285eca in dd_recreate_table(THD*, char const*, char const*) /test/13.0_dbg_san/sql/datadict.cc:211:3
|
#5 0x58b1d5283549 in Sql_cmd_truncate_table::truncate_table(THD*, TABLE_LIST*) /test/13.0_dbg_san/sql/sql_truncate.cc:520:14
|
#6 0x58b1d52840cc in Sql_cmd_truncate_table::execute(THD*) /test/13.0_dbg_san/sql/sql_truncate.cc:602:15
|
#7 0x58b1d4998379 in mysql_execute_command(THD*, bool) /test/13.0_dbg_san/sql/sql_parse.cc:5902:26
|
#8 0x58b1d497b21d in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/13.0_dbg_san/sql/sql_parse.cc:7941:18
|
#9 0x58b1d4972fee in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/13.0_dbg_san/sql/sql_parse.cc:1898:7
|
#10 0x58b1d497d5c4 in do_command(THD*, bool) /test/13.0_dbg_san/sql/sql_parse.cc:1432:17
|
#11 0x58b1d51b584c in do_handle_one_connection(CONNECT*, bool) /test/13.0_dbg_san/sql/sql_connect.cc:1503:11
|
#12 0x58b1d51b5355 in handle_one_connection /test/13.0_dbg_san/sql/sql_connect.cc:1415:5
|
#13 0x58b1d38736ca in asan_thread_start(void*) crtstuff.c
|
#14 0x72f4d009ca93 in start_thread nptl/pthread_create.c:447:8
|
#15 0x72f4d0129c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
 |
SUMMARY: UndefinedBehaviorSanitizer: null-pointer-use /test/13.0_dbg_san/storage/sphinx/ha_sphinx.cc:3198:53
|
Setup:
Compiled with a recent version of Clang and LLVM. Ubuntu instructions for Clang/LLVM 18:
|
# Note: It is strongly recommended to uninstall all old Clang & LLVM packages (ref dpkg --list | grep -iE 'clang|llvm' and use apt purge and dpkg --purge to remove the packages), before installing Clang/LLVM 18
|
sudo apt install clang llvm-18 llvm-18-linker-tools llvm-18-runtime llvm-18-tools llvm-18-dev libstdc++-14-dev llvm-dev lld-18
|
Compiled with: "-DCMAKE_C_COMPILER=/usr/bin/clang -DCMAKE_CXX_COMPILER=/usr/bin/clang++ -DCMAKE_C{,XX}_FLAGS='-march=native -mtune=native'" and:
|
-DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWSREP_LIB_WITH_ASAN=ON
|
Set before execution:
|
export UBSAN_OPTIONS=print_stacktrace=1:report_error_type=1 # And you may also want to supress UBSAN startup issues using 'suppressions=UBSAN.filter' in UBSAN_OPTIONS. For an example of UBSAN.filter, which includes current startup issues see: https://github.com/mariadb-corporation/mariadb-qa/blob/master/UBSAN.filter
|
|
SAN Bug Detection Matrix |
Rel o/d Build Commit UniqueID observed
|
CS 10.6 dbg 100426 f39b634db715cd9dc1835653d1ce544df2aa1613 No bug found
|
CS 10.6 opt 100426 f39b634db715cd9dc1835653d1ce544df2aa1613 No bug found
|
CS 10.11 dbg 100426 ba774a0a90fac0163babe9d7a964aa36503e1711 No bug found
|
CS 10.11 opt 100426 ba774a0a90fac0163babe9d7a964aa36503e1711 No bug found
|
CS 11.4 dbg 100426 dc89915ad9bf3dcb67e66d2844c77ec0403373de No bug found
|
CS 11.4 opt 100426 dc89915ad9bf3dcb67e66d2844c77ec0403373de No bug found
|
CS 11.8 dbg 100426 e47db94aea7f0d6e0177e948486fc8860331f05f No bug found
|
CS 11.8 opt 100426 e47db94aea7f0d6e0177e948486fc8860331f05f No bug found
|
CS 12.3 dbg 100426 f5bb9922107672e88f7b5cbdb3d25151cc5744bb UBSAN|member access within null pointer of type 'ha_table_option_struct'|storage/sphinx/ha_sphinx.cc|ha_sphinx::create|handler::ha_create|ha_create_table_from_share|ha_create_table
|
CS 12.3 opt 100426 f5bb9922107672e88f7b5cbdb3d25151cc5744bb UBSAN|member access within null pointer of type 'ha_table_option_struct'|storage/sphinx/ha_sphinx.cc|ha_sphinx::create|handler::ha_create|ha_create_table_from_share|ha_create_table
|
CS 13.0 dbg 100426 3a2f8e27981b76b99d2b87cc3bcec5ef022b2b23 UBSAN|member access within null pointer of type 'ha_table_option_struct'|storage/sphinx/ha_sphinx.cc|ha_sphinx::create|handler::ha_create|ha_create_table_from_share|ha_create_table
|
CS 13.0 opt 100426 3a2f8e27981b76b99d2b87cc3bcec5ef022b2b23 UBSAN|member access within null pointer of type 'ha_table_option_struct'|storage/sphinx/ha_sphinx.cc|ha_sphinx::create|handler::ha_create|ha_create_table_from_share|ha_create_table
|
ES 10.6 dbg 100426 84a80c8b38208d362225496da08d86d8d454e453 No bug found
|
ES 10.6 opt 100426 84a80c8b38208d362225496da08d86d8d454e453 No bug found
|
ES 11.4 dbg 100426 8b2bf17b733262409422ce7d039a0c021fc47077 No bug found
|
ES 11.4 opt 100426 8b2bf17b733262409422ce7d039a0c021fc47077 No bug found
|
ES 11.8 dbg 100426 854cae81f52e477c7777a51db26ba640d8755b81 No bug found
|
ES 11.8 opt 100426 854cae81f52e477c7777a51db26ba640d8755b81 No bug found
|
ES 12.3 dbg 220426 613a6253fe9efc12e166f83a97663ba263db8317 UBSAN|member access within null pointer of type 'ha_table_option_struct'|storage/sphinx/ha_sphinx.cc|ha_sphinx::create|handler::ha_create|ha_create_table_from_share|ha_create_table
|
ES 12.3 opt 220426 613a6253fe9efc12e166f83a97663ba263db8317 UBSAN|member access within null pointer of type 'ha_table_option_struct'|storage/sphinx/ha_sphinx.cc|ha_sphinx::create|handler::ha_create|ha_create_table_from_share|ha_create_table
|
Git bisect found:
Finished: e054d8b874f17e1f0b7199aaed43bd7e4e78250f is the first bad commit
|
commit e054d8b874f17e1f0b7199aaed43bd7e4e78250f
|
Author: Sergei Golubchik <serg@mariadb.org>
|
Date: Tue Oct 7 21:57:05 2025 +0200
|
 |
MDEV-37815 connect_string in partitioning is broken
|
Attachments
Issue Links
- is caused by
-
MDEV-37815 refactor engine attributes in partitioning
-
- Closed
-
- is duplicated by
-
-
- Closed
-