[MDEV-39556] SIGSEGV in ha_mroonga::storage_set_keys_in_use on SELECT - Jira

--source include/have_innodb.inc

CREATE TABLE t (c INT KEY,c2 GEOMETRY NOT NULL,SPATIAL INDEX idx_sp (c2)) ENGINE=InnoDB;

INSTALL SONAME 'ha_mroonga';

ALTER TABLE t ENGINE=Mroonga;

CHECK TABLE t;

SELECT * FROM information_schema.STATISTICS;

CS 11.4.11 0d9db6bbcc5532e0bde0a63e5991cb5ebee060eb (Debug, UBASAN, Clang 18.1.3-11) Build 23/04/2026

Version: '11.4.11-MariaDB-asan-debug' socket: '/test/UBASAN_MD230426-mariadb-11.4.11-linux-x86_64-dbg/socket.sock' port: 11751 MariaDB Server
/test/11.4_dbg_san/storage/mroonga/ha_mroonga.cpp:5237:10: runtime error: applying non-zero offset 8 to null pointer
#0 0x71db8f1a9bd9 in ha_mroonga::storage_set_keys_in_use() /test/11.4_dbg_san/storage/mroonga/ha_mroonga.cpp:5237:10
#1 0x71db8f1b0db1 in ha_mroonga::storage_info(unsigned int) /test/11.4_dbg_san/storage/mroonga/ha_mroonga.cpp:5324:5
#2 0x574243e3daa0 in get_schema_stat_record(THD, TABLE_LIST, TABLE, bool, st_mysql_const_lex_string const, st_mysql_const_lex_string const*) /test/11.4_dbg_san/sql/sql_show.cc:7220:25
#3 0x574243dfa588 in fill_schema_table_by_open(THD, st_mem_root, bool, TABLE, st_schema_table, st_mysql_const_lex_string, st_mysql_const_lex_string, Open_tables_backup*, bool) /test/11.4_dbg_san/sql/sql_show.cc:4873:13
#4 0x574243df82c8 in get_all_tables(THD, TABLE_LIST, Item*) /test/11.4_dbg_san/sql/sql_show.cc:5599:17
#5 0x574243e299ed in get_schema_tables_result(JOIN*, enum_schema_table_state) /test/11.4_dbg_san/sql/sql_show.cc:9472:11
#6 0x574243c7e5df in JOIN::exec_inner() /test/11.4_dbg_san/sql/sql_select.cc:5066:7
#7 0x574243c7d486 in JOIN::exec() /test/11.4_dbg_san/sql/sql_select.cc:4893:8
#8 0x574243bf5e76 in mysql_select(THD, TABLE_LIST, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex) /test/11.4_dbg_san/sql/sql_select.cc:5416:21
#9 0x574243bf47da in handle_select(THD, LEX, select_result*, unsigned long long) /test/11.4_dbg_san/sql/sql_select.cc:643:10
#10 0x574243abd3e7 in execute_sqlcom_select(THD, TABLE_LIST) /test/11.4_dbg_san/sql/sql_parse.cc:6224:12
#11 0x574243aa7f0c in mysql_execute_command(THD*, bool) /test/11.4_dbg_san/sql/sql_parse.cc:4012:12
#12 0x574243a79424 in mysql_parse(THD, char, unsigned int, Parser_state*) /test/11.4_dbg_san/sql/sql_parse.cc:7945:18
#13 0x574243a72465 in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /test/11.4_dbg_san/sql/sql_parse.cc:1925:7
#14 0x574243a7abb8 in do_command(THD*, bool) /test/11.4_dbg_san/sql/sql_parse.cc:1433:17
#15 0x5742441ed57c in do_handle_one_connection(CONNECT*, bool) /test/11.4_dbg_san/sql/sql_connect.cc:1497:11
#16 0x5742441ece51 in handle_one_connection /test/11.4_dbg_san/sql/sql_connect.cc:1409:5
#17 0x57424294a3ec in asan_thread_start(void*) crtstuff.c
#18 0x79dc5d69caa3 in start_thread nptl/pthread_create.c:447:8
#19 0x79dc5d729c6b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

SUMMARY: UndefinedBehaviorSanitizer: nullptr-with-nonzero-offset /test/11.4_dbg_san/storage/mroonga/ha_mroonga.cpp:5237:10
/test/11.4_dbg_san/storage/mroonga/ha_mroonga.cpp:5237:10: runtime error: load of address 0x000000000008 with insufficient space for an object of type 'grn_obj ' (aka '_grn_obj ')
0x000000000008: note: pointer points here
<memory cannot be printed>

    #0 0x71db8f1a9c0b in ha_mroonga::storage_set_keys_in_use() /test/11.4_dbg_san/storage/mroonga/ha_mroonga.cpp:5237:10

    #1 0x71db8f1b0db1 in ha_mroonga::storage_info(unsigned int) /test/11.4_dbg_san/storage/mroonga/ha_mroonga.cpp:5324:5

    #2 0x574243e3daa0 in get_schema_stat_record(THD*, TABLE_LIST*, TABLE*, bool, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*) /test/11.4_dbg_san/sql/sql_show.cc:7220:25

    #3 0x574243dfa588 in fill_schema_table_by_open(THD*, st_mem_root*, bool, TABLE*, st_schema_table*, st_mysql_const_lex_string*, st_mysql_const_lex_string*, Open_tables_backup*, bool) /test/11.4_dbg_san/sql/sql_show.cc:4873:13

    #4 0x574243df82c8 in get_all_tables(THD*, TABLE_LIST*, Item*) /test/11.4_dbg_san/sql/sql_show.cc:5599:17

    #5 0x574243e299ed in get_schema_tables_result(JOIN*, enum_schema_table_state) /test/11.4_dbg_san/sql/sql_show.cc:9472:11

    #6 0x574243c7e5df in JOIN::exec_inner() /test/11.4_dbg_san/sql/sql_select.cc:5066:7

    #7 0x574243c7d486 in JOIN::exec() /test/11.4_dbg_san/sql/sql_select.cc:4893:8

    #8 0x574243bf5e76 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/11.4_dbg_san/sql/sql_select.cc:5416:21

    #9 0x574243bf47da in handle_select(THD*, LEX*, select_result*, unsigned long long) /test/11.4_dbg_san/sql/sql_select.cc:643:10

    #10 0x574243abd3e7 in execute_sqlcom_select(THD*, TABLE_LIST*) /test/11.4_dbg_san/sql/sql_parse.cc:6224:12

    #11 0x574243aa7f0c in mysql_execute_command(THD*, bool) /test/11.4_dbg_san/sql/sql_parse.cc:4012:12

    #12 0x574243a79424 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.4_dbg_san/sql/sql_parse.cc:7945:18

    #13 0x574243a72465 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.4_dbg_san/sql/sql_parse.cc:1925:7

    #14 0x574243a7abb8 in do_command(THD*, bool) /test/11.4_dbg_san/sql/sql_parse.cc:1433:17

    #15 0x5742441ed57c in do_handle_one_connection(CONNECT*, bool) /test/11.4_dbg_san/sql/sql_connect.cc:1497:11

    #16 0x5742441ece51 in handle_one_connection /test/11.4_dbg_san/sql/sql_connect.cc:1409:5

    #17 0x57424294a3ec in asan_thread_start(void*) crtstuff.c

    #18 0x79dc5d69caa3 in start_thread nptl/pthread_create.c:447:8

    #19 0x79dc5d729c6b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

SUMMARY: UndefinedBehaviorSanitizer: insufficient-object-size /test/11.4_dbg_san/storage/mroonga/ha_mroonga.cpp:5237:10

Compiled with a recent version of Clang and LLVM. Ubuntu instructions for Clang/LLVM 18:

  # Note: It is strongly recommended to uninstall all old Clang & LLVM packages (ref  dpkg --list | grep -iE 'clang|llvm'  and use  apt purge  and  dpkg --purge  to remove the packages), before installing Clang/LLVM 18

     sudo apt install clang llvm-18 llvm-18-linker-tools llvm-18-runtime llvm-18-tools llvm-18-dev libstdc++-14-dev llvm-dev lld-18

Compiled with: "-DCMAKE_C_COMPILER=/usr/bin/clang -DCMAKE_CXX_COMPILER=/usr/bin/clang++ -DCMAKE_C{,XX}_FLAGS='-march=native -mtune=native'" and:

    -DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWSREP_LIB_WITH_ASAN=ON

Set before execution:

    export UBSAN_OPTIONS=print_stacktrace=1:report_error_type=1   # And you may also want to supress UBSAN startup issues using 'suppressions=UBSAN.filter' in UBSAN_OPTIONS. For an example of UBSAN.filter, which includes current startup issues see: https://github.com/mariadb-corporation/mariadb-qa/blob/master/UBSAN.filter

SAN Bug Detection Matrix
Rel o/d Build Commit UniqueID observed
CS 10.6 dbg 230426 855ee88362e3664caafccb734b8196a77e4d7e68 UBSAN\|applying non-zero offset X to null pointer\|storage/mroonga/ha_mroonga.cpp\|ha_mroonga::storage_set_keys_in_use\|ha_mroonga::storage_info\|get_schema_stat_record\|fill_schema_table_by_open
CS 10.6 opt 230426 855ee88362e3664caafccb734b8196a77e4d7e68 UBSAN\|applying non-zero offset X to null pointer\|storage/mroonga/ha_mroonga.cpp\|ha_mroonga::storage_set_keys_in_use\|ha_mroonga::storage_info\|get_schema_stat_record\|fill_schema_table_by_open
CS 10.11 dbg 230426 c44f9c456f3b1761c8300d237ce6c139756a3fd9 UBSAN\|applying non-zero offset X to null pointer\|storage/mroonga/ha_mroonga.cpp\|ha_mroonga::storage_set_keys_in_use\|ha_mroonga::storage_info\|get_schema_stat_record\|fill_schema_table_by_open
CS 10.11 opt 230426 c44f9c456f3b1761c8300d237ce6c139756a3fd9 UBSAN\|applying non-zero offset X to null pointer\|storage/mroonga/ha_mroonga.cpp\|ha_mroonga::storage_set_keys_in_use\|ha_mroonga::storage_info\|get_schema_stat_record\|fill_schema_table_by_open
CS 11.4 dbg 230426 0d9db6bbcc5532e0bde0a63e5991cb5ebee060eb UBSAN\|applying non-zero offset X to null pointer\|storage/mroonga/ha_mroonga.cpp\|ha_mroonga::storage_set_keys_in_use\|ha_mroonga::storage_info\|get_schema_stat_record\|fill_schema_table_by_open
CS 11.4 opt 230426 0d9db6bbcc5532e0bde0a63e5991cb5ebee060eb UBSAN\|applying non-zero offset X to null pointer\|storage/mroonga/ha_mroonga.cpp\|ha_mroonga::storage_set_keys_in_use\|ha_mroonga::storage_info\|get_schema_stat_record\|fill_schema_table_by_open
CS 11.8 dbg 230426 d3767f9649a21a6478e8e784805f894497b93eaa UBSAN\|applying non-zero offset X to null pointer\|storage/mroonga/ha_mroonga.cpp\|ha_mroonga::storage_set_keys_in_use\|ha_mroonga::storage_info\|get_schema_stat_record\|fill_schema_table_by_open
CS 11.8 opt 230426 d3767f9649a21a6478e8e784805f894497b93eaa UBSAN\|applying non-zero offset X to null pointer\|storage/mroonga/ha_mroonga.cpp\|ha_mroonga::storage_set_keys_in_use\|ha_mroonga::storage_info\|get_schema_stat_record\|fill_schema_table_by_open
CS 12.3 dbg 230426 5d234b2aa891ad6be34fcfb2cf607f48efd93272 UBSAN\|applying non-zero offset X to null pointer\|storage/mroonga/ha_mroonga.cpp\|ha_mroonga::storage_set_keys_in_use\|ha_mroonga::storage_info\|get_schema_stat_record\|fill_schema_table_by_open
CS 12.3 opt 230426 5d234b2aa891ad6be34fcfb2cf607f48efd93272 UBSAN\|applying non-zero offset X to null pointer\|storage/mroonga/ha_mroonga.cpp\|ha_mroonga::storage_set_keys_in_use\|ha_mroonga::storage_info\|get_schema_stat_record\|fill_schema_table_by_open
CS 13.0 dbg 230426 2c6903675f1c23363188ac3db039e4ba1cd1a670 UBSAN\|applying non-zero offset X to null pointer\|storage/mroonga/ha_mroonga.cpp\|ha_mroonga::storage_set_keys_in_use\|ha_mroonga::storage_info\|get_schema_stat_record\|fill_schema_table_by_open
CS 13.0 opt 230426 2c6903675f1c23363188ac3db039e4ba1cd1a670 UBSAN\|applying non-zero offset X to null pointer\|storage/mroonga/ha_mroonga.cpp\|ha_mroonga::storage_set_keys_in_use\|ha_mroonga::storage_info\|get_schema_stat_record\|fill_schema_table_by_open
ES 10.6 dbg 230426 55cfada6c54d1b08f2372adc1369a5e5e76f472d UBSAN\|applying non-zero offset X to null pointer\|storage/mroonga/ha_mroonga.cpp\|ha_mroonga::storage_set_keys_in_use\|ha_mroonga::storage_info\|get_schema_stat_record\|fill_schema_table_by_open
ES 10.6 opt 230426 55cfada6c54d1b08f2372adc1369a5e5e76f472d UBSAN\|applying non-zero offset X to null pointer\|storage/mroonga/ha_mroonga.cpp\|ha_mroonga::storage_set_keys_in_use\|ha_mroonga::storage_info\|get_schema_stat_record\|fill_schema_table_by_open
ES 11.4 dbg 230426 90f707057d44f1b5c013a0c3672fd12f32ea7085 UBSAN\|applying non-zero offset X to null pointer\|storage/mroonga/ha_mroonga.cpp\|ha_mroonga::storage_set_keys_in_use\|ha_mroonga::storage_info\|get_schema_stat_record\|fill_schema_table_by_open
ES 11.4 opt 230426 90f707057d44f1b5c013a0c3672fd12f32ea7085 UBSAN\|applying non-zero offset X to null pointer\|storage/mroonga/ha_mroonga.cpp\|ha_mroonga::storage_set_keys_in_use\|ha_mroonga::storage_info\|get_schema_stat_record\|fill_schema_table_by_open
ES 11.8 dbg 230426 1499789de285a8109d68d79347de0281865b28f4 UBSAN\|applying non-zero offset X to null pointer\|storage/mroonga/ha_mroonga.cpp\|ha_mroonga::storage_set_keys_in_use\|ha_mroonga::storage_info\|get_schema_stat_record\|fill_schema_table_by_open
ES 11.8 opt 230426 1499789de285a8109d68d79347de0281865b28f4 UBSAN\|applying non-zero offset X to null pointer\|storage/mroonga/ha_mroonga.cpp\|ha_mroonga::storage_set_keys_in_use\|ha_mroonga::storage_info\|get_schema_stat_record\|fill_schema_table_by_open
ES 12.3 dbg 230426 613a6253fe9efc12e166f83a97663ba263db8317 UBSAN\|applying non-zero offset X to null pointer\|storage/mroonga/ha_mroonga.cpp\|ha_mroonga::storage_set_keys_in_use\|ha_mroonga::storage_info\|get_schema_stat_record\|fill_schema_table_by_open
ES 12.3 opt 230426 613a6253fe9efc12e166f83a97663ba263db8317 UBSAN\|applying non-zero offset X to null pointer\|storage/mroonga/ha_mroonga.cpp\|ha_mroonga::storage_set_keys_in_use\|ha_mroonga::storage_info\|get_schema_stat_record\|fill_schema_table_by_open

CS 11.4.11 f279551013d1319f27344080e2c0758f3959cebf (Optimized, Clang 18.1.3-11) Build 10/05/2026
Core was generated by `/test/MD100526-mariadb-11.4.11-linux-x86_64-opt/bin/mariadbd --no-defaults --ma'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 ha_mroonga::storage_set_keys_in_use (this=this@entry=0x7783cb3af768)at /test/11.4_opt/storage/mroonga/ha_mroonga.cpp:5237
5237 if (!grn_index_tables[i]) {
[Current thread is 1 (LWP 2023219)]
(gdb) bt
#0 ha_mroonga::storage_set_keys_in_use (this=this@entry=0x7783cb3af768)at /test/11.4_opt/storage/mroonga/ha_mroonga.cpp:5237
#1 0x00007f84992954f4 in ha_mroonga::storage_info (this=0x7783cb3af768, flag=30) at /test/11.4_opt/storage/mroonga/ha_mroonga.cpp:5324
#2 0x00005ce3a08b3532 in get_schema_stat_record (thd=0x7783c8000c68, tables=0x7783c96a2ee0, table=0x7783bd53ca70, res=false, db_name=0x7783c801dc60, table_name=0x7783bd517958)at /test/11.4_opt/sql/sql_show.cc:7220
#3 0x00005ce3a08a81d1 in fill_schema_table_by_open (thd=0x7783c8000c68, mem_root=mem_root@entry=0x7f849bb1b750, is_show_fields_or_keys=false, table=table@entry=0x7783bd53ca70, schema_table=schema_table@entry=0x5ce3a19b2670 <schema_tables+2368>, orig_db_name=orig_db_name@entry=0x7783c801dc60, orig_table_name=0x7783bd517958, open_tables_state_backup=0x7f849bb1b6c0, can_deadlock=<optimized out>) at /test/11.4_opt/sql/sql_show.cc:4873
#4 0x00005ce3a08a7d73 in get_all_tables (thd=0x7783c8000c68, tables=0x7783c8017970, cond=<optimized out>)at /test/11.4_opt/sql/sql_show.cc:5599
#5 0x00005ce3a08afad1 in get_schema_tables_result (join=join@entry=0x7783c8019278, executed_place=executed_place@entry=PROCESSED_BY_JOIN_EXEC)at /test/11.4_opt/sql/sql_show.cc:9472
#6 0x00005ce3a0870965 in JOIN::exec_inner (this=this@entry=0x7783c8019278)at /test/11.4_opt/sql/sql_select.cc:5066
#7 0x00005ce3a0857930 in JOIN::exec (this=0x7783c8019278)at /test/11.4_opt/sql/sql_select.cc:4893
#8 mysql_select (thd=thd@entry=0x7783c8000c68, tables=<optimized out>, fields=@0x7783c80175d0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x7783c8017900, last = 0x7783c801b1e8, elements = 17}, <No data fields>}, conds=<optimized out>, og_num=<optimized out>, order=<optimized out>, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x7783c8019250, unit=0x7783c8004f58, select_lex=0x7783c8017318)at /test/11.4_opt/sql/sql_select.cc:5416
#9 0x00005ce3a08575b9 in handle_select (thd=thd@entry=0x7783c8000c68, lex=lex@entry=0x7783c8004e78, result=result@entry=0x7783c8019250, setup_tables_done_option=setup_tables_done_option@entry=0)at /test/11.4_opt/sql/sql_select.cc:643
#10 0x00005ce3a0826914 in execute_sqlcom_select (thd=thd@entry=0x7783c8000c68, all_tables=0x7783c8017970) at /test/11.4_opt/sql/sql_parse.cc:6224
#11 0x00005ce3a0821b54 in mysql_execute_command (thd=thd@entry=0x7783c8000c68, is_called_from_prepared_stmt=false) at /test/11.4_opt/sql/sql_parse.cc:4012
#12 0x00005ce3a081d4a2 in mysql_parse (thd=thd@entry=0x7783c8000c68, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x7f849bb1d540)at /test/11.4_opt/sql/sql_parse.cc:7945
#13 0x00005ce3a081b98e in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x7783c8000c68, packet=packet@entry=0x7783c80087b9 "SELECT * FROM information_schema.STATISTICS", packet_length=packet_length@entry=43, blocking=true)at /test/11.4_opt/sql/sql_parse.cc:1925
#14 0x00005ce3a081d921 in do_command (thd=thd@entry=0x7783c8000c68, blocking=true) at /test/11.4_opt/sql/sql_parse.cc:1433
#15 0x00005ce3a093a29d in do_handle_one_connection (connect=<optimized out>, connect@entry=0x5ce3b7b13858, put_in_cache=true)at /test/11.4_opt/sql/sql_connect.cc:1497
#16 0x00005ce3a093a0c6 in handle_one_connection (arg=arg@entry=0x5ce3b7b13858)at /test/11.4_opt/sql/sql_connect.cc:1409
#17 0x00005ce3a0c8bdbe in pfs_spawn_thread (arg=0x5ce3b7a89718)at /test/11.4_opt/storage/perfschema/pfs.cc:2201
#18 0x00007f84c8e9caa4 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447
#19 0x00007f84c8f29c6c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

CS 11.4.11 0d9db6bbcc5532e0bde0a63e5991cb5ebee060eb (Debug, Clang 18.1.3-11) Build 23/04/2026
Core was generated by `/test/MD230426-mariadb-11.4.11-linux-x86_64-dbg/bin/mariadbd --no-defaults --ma'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x000076c404ec5df5 in ha_mroonga::storage_set_keys_in_use (this=0x6ec3356b90d8) at /test/11.4_dbg/storage/mroonga/ha_mroonga.cpp:5237
5237 if (!grn_index_tables[i]) {
[Current thread is 1 (LWP 266673)]
(gdb) bt
#0 0x000076c404ec5df5 in ha_mroonga::storage_set_keys_in_use (this=0x6ec3356b90d8) at /test/11.4_dbg/storage/mroonga/ha_mroonga.cpp:5237
#1 0x000076c404ec7b09 in ha_mroonga::storage_info (this=0x6ec3356b90d8, flag=30) at /test/11.4_dbg/storage/mroonga/ha_mroonga.cpp:5324
#2 0x000076c404ec8327 in ha_mroonga::info (this=0x6ec3356b90d8, flag=30)at /test/11.4_dbg/storage/mroonga/ha_mroonga.cpp:5383
#3 0x00005c7bb2356f3b in get_schema_stat_record (thd=0x6ec334000d58, tables=0x6ec3295174b0, table=0x6ec32953ced0, res=false, db_name=0x6ec3340205a0, table_name=0x6ec3340205f8)at /test/11.4_dbg/sql/sql_show.cc:7220
#4 0x00005c7bb2345c7f in fill_schema_table_by_open (thd=0x6ec334000d58, mem_root=0x76c424540d20, is_show_fields_or_keys=false, table=0x6ec32953ced0, schema_table=0x5c7bb3bcd8b0 <schema_tables+2368>, orig_db_name=0x6ec3340205a0, orig_table_name=0x6ec3340205f8, open_tables_state_backup=0x76c424540d80, can_deadlock=false)at /test/11.4_dbg/sql/sql_show.cc:4873
#5 0x00005c7bb2345468 in get_all_tables (thd=0x6ec334000d58, tables=0x6ec33401a160, cond=0x0) at /test/11.4_dbg/sql/sql_show.cc:5599
#6 0x00005c7bb23524ca in get_schema_tables_result (join=0x6ec33401ba68, executed_place=PROCESSED_BY_JOIN_EXEC)at /test/11.4_dbg/sql/sql_show.cc:9472
#7 0x00005c7bb22ed218 in JOIN::exec_inner (this=0x6ec33401ba68)at /test/11.4_dbg/sql/sql_select.cc:5066
#8 0x00005c7bb22ec6d0 in JOIN::exec (this=0x6ec33401ba68)at /test/11.4_dbg/sql/sql_select.cc:4893
#9 0x00005c7bb22c73fc in mysql_select (thd=0x6ec334000d58, tables=0x6ec33401a160, fields=@0x6ec334019dc0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x6ec33401a0f0, last = 0x6ec33401d9e8, elements = 17}, <No data fields>}, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2701396736, result=0x6ec33401ba40, unit=0x6ec334005018, select_lex=0x6ec334019b08) at /test/11.4_dbg/sql/sql_select.cc:5416
#10 0x00005c7bb22c6e75 in handle_select (thd=0x6ec334000d58, lex=0x6ec334004f38, result=0x6ec33401ba40, setup_tables_done_option=0)at /test/11.4_dbg/sql/sql_select.cc:643
#11 0x00005c7bb226d9a1 in execute_sqlcom_select (thd=0x6ec334000d58, all_tables=0x6ec33401a160) at /test/11.4_dbg/sql/sql_parse.cc:6224
#12 0x00005c7bb2262972 in mysql_execute_command (thd=0x6ec334000d58, is_called_from_prepared_stmt=false) at /test/11.4_dbg/sql/sql_parse.cc:4012
#13 0x00005c7bb225a9f4 in mysql_parse (thd=0x6ec334000d58, rawbuf=0x6ec334019a50 "SELECT * FROM information_schema.STATISTICS", length=43, parser_state=0x76c424543a30)at /test/11.4_dbg/sql/sql_parse.cc:7945
#14 0x00005c7bb2257e19 in dispatch_command (command=COM_QUERY, thd=0x6ec334000d58, packet=0x6ec33400afa9 "SELECT * FROM information_schema.STATISTICS", packet_length=43, blocking=true) at /test/11.4_dbg/sql/sql_parse.cc:1925
#15 0x00005c7bb225b5a3 in do_command (thd=0x6ec334000d58, blocking=true)at /test/11.4_dbg/sql/sql_parse.cc:1433
#16 0x00005c7bb2441439 in do_handle_one_connection (connect=0x5c7bda8da198, put_in_cache=true) at /test/11.4_dbg/sql/sql_connect.cc:1497
#17 0x00005c7bb24411d2 in handle_one_connection (arg=0x5c7bda9179d8)at /test/11.4_dbg/sql/sql_connect.cc:1409
#18 0x000076c451a9caa4 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447
#19 0x000076c451b29c6c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

Bug Detection Matrix
Rel o/d Build Commit UniqueID observed
CS 10.6 dbg 230426 855ee88362e3664caafccb734b8196a77e4d7e68 SIGSEGV\|ha_mroonga::storage_set_keys_in_use\|ha_mroonga::storage_info\|ha_mroonga::info\|get_schema_stat_record
CS 10.6 opt 230426 855ee88362e3664caafccb734b8196a77e4d7e68 SIGSEGV\|ha_mroonga::storage_set_keys_in_use\|ha_mroonga::storage_info\|get_schema_stat_record\|fill_schema_table_by_open
CS 10.11 dbg 230426 c44f9c456f3b1761c8300d237ce6c139756a3fd9 SIGSEGV\|ha_mroonga::storage_set_keys_in_use\|ha_mroonga::storage_info\|ha_mroonga::info\|get_schema_stat_record
CS 10.11 opt 230426 c44f9c456f3b1761c8300d237ce6c139756a3fd9 SIGSEGV\|ha_mroonga::storage_set_keys_in_use\|ha_mroonga::storage_info\|get_schema_stat_record\|fill_schema_table_by_open
CS 11.4 dbg 230426 0d9db6bbcc5532e0bde0a63e5991cb5ebee060eb SIGSEGV\|ha_mroonga::storage_set_keys_in_use\|ha_mroonga::storage_info\|ha_mroonga::info\|get_schema_stat_record
CS 11.4 opt 230426 0d9db6bbcc5532e0bde0a63e5991cb5ebee060eb SIGSEGV\|ha_mroonga::storage_set_keys_in_use\|ha_mroonga::storage_info\|get_schema_stat_record\|fill_schema_table_by_open
CS 11.8 dbg 230426 d3767f9649a21a6478e8e784805f894497b93eaa SIGSEGV\|ha_mroonga::storage_set_keys_in_use\|ha_mroonga::storage_info\|ha_mroonga::info\|get_schema_stat_record
CS 11.8 opt 230426 d3767f9649a21a6478e8e784805f894497b93eaa SIGSEGV\|ha_mroonga::storage_set_keys_in_use\|ha_mroonga::storage_info\|get_schema_stat_record\|fill_schema_table_by_open
CS 12.3 dbg 230426 5d234b2aa891ad6be34fcfb2cf607f48efd93272 SIGSEGV\|ha_mroonga::storage_set_keys_in_use\|ha_mroonga::storage_info\|ha_mroonga::info\|get_schema_stat_record
CS 12.3 opt 230426 5d234b2aa891ad6be34fcfb2cf607f48efd93272 SIGSEGV\|ha_mroonga::storage_set_keys_in_use\|ha_mroonga::storage_info\|get_schema_stat_record\|fill_schema_table_by_open
CS 13.0 dbg 230426 2c6903675f1c23363188ac3db039e4ba1cd1a670 SIGSEGV\|ha_mroonga::storage_set_keys_in_use\|ha_mroonga::storage_info\|ha_mroonga::info\|get_schema_stat_record
CS 13.0 opt 230426 2c6903675f1c23363188ac3db039e4ba1cd1a670 SIGSEGV\|ha_mroonga::storage_set_keys_in_use\|ha_mroonga::storage_info\|get_schema_stat_record\|fill_schema_table_by_open
ES 10.6 dbg 230426 55cfada6c54d1b08f2372adc1369a5e5e76f472d SIGSEGV\|ha_mroonga::storage_set_keys_in_use\|ha_mroonga::storage_info\|ha_mroonga::info\|get_schema_stat_record
ES 10.6 opt 230426 55cfada6c54d1b08f2372adc1369a5e5e76f472d SIGSEGV\|ha_mroonga::storage_set_keys_in_use\|ha_mroonga::storage_info\|get_schema_stat_record\|fill_schema_table_by_open
ES 11.4 dbg 230426 90f707057d44f1b5c013a0c3672fd12f32ea7085 SIGSEGV\|ha_mroonga::storage_set_keys_in_use\|ha_mroonga::storage_info\|ha_mroonga::info\|get_schema_stat_record
ES 11.4 opt 230426 90f707057d44f1b5c013a0c3672fd12f32ea7085 SIGSEGV\|ha_mroonga::storage_set_keys_in_use\|ha_mroonga::storage_info\|get_schema_stat_record\|fill_schema_table_by_open
ES 11.8 dbg 230426 1499789de285a8109d68d79347de0281865b28f4 SIGSEGV\|ha_mroonga::storage_set_keys_in_use\|ha_mroonga::storage_info\|ha_mroonga::info\|get_schema_stat_record
ES 11.8 opt 230426 1499789de285a8109d68d79347de0281865b28f4 SIGSEGV\|ha_mroonga::storage_set_keys_in_use\|ha_mroonga::storage_info\|get_schema_stat_record\|fill_schema_table_by_open
ES 12.3 dbg 230426 613a6253fe9efc12e166f83a97663ba263db8317 SIGSEGV\|ha_mroonga::storage_set_keys_in_use\|ha_mroonga::storage_info\|ha_mroonga::info\|get_schema_stat_record
ES 12.3 opt 230426 613a6253fe9efc12e166f83a97663ba263db8317 SIGSEGV\|ha_mroonga::storage_set_keys_in_use\|ha_mroonga::storage_info\|get_schema_stat_record\|fill_schema_table_by_open

SIGSEGV in ha_mroonga::storage_set_keys_in_use on SELECT

Details

Description

Attachments

Activity

People

Dates

Time Tracking

Git Integration