Details
-
Bug
-
Status: Open (View Workflow)
-
Major
-
Resolution: Unresolved
-
11.8, 12.3, 13.0
-
None
-
Can result in hang or crash
-
Q3/2026 Server Maintenance
Description
CREATE TABLE t1 (c1 INT KEY,c2 VECTOR(1)) ; |
CREATE TABLE t2 (c1 JSON) ; |
(SELECT * FROM t1 WHERE MATCH(c1) AGAINST ('' IN BOOLEAN MODE)) INTERSECT (SELECT '',NULLIF(c1,c1) FROM t2); |
|
|
# Clean up
|
DROP TABLE t1, t2; |
Leads to:
|
CS 13.0.1 96b3dd0c34427e9338dda1375575a0e05a7cd267 (Optimized, Clang 18.1.3-11) Build 12/05/2026 |
Core was generated by `/test/MD120526-mariadb-13.0.1-linux-x86_64-opt/bin/mariadbd --no-defaults --loo'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 __memset_evex_unaligned_erms ()at ../sysdeps/x86_64/multiarch/memset-vec-unaligned-erms.S:228
|
|
|
[Current thread is 1 (LWP 3237355)]
|
(gdb) bt
|
#0 __memset_evex_unaligned_erms ()at ../sysdeps/x86_64/multiarch/memset-vec-unaligned-erms.S:228
|
#1 0x0000582f3b538f10 in memset (__dest=0x6dc184075000, __ch=0, __len=120677911158791)at /usr/include/x86_64-linux-gnu/bits/string_fortified.h:59
|
#2 Field_varstring::reset (this=0x6dc18406d918)at /test/13.0_opt/sql/field.h:4339
|
#3 Field_vector::reset (this=0x6dc18406d918)at /test/13.0_opt/sql/sql_type_vector.cc:254
|
#4 0x0000582f3b3ca373 in Create_tmp_table::finalize (this=this@entry=0x75dc803282b8, thd=thd@entry=0x6dc184000c68, table=table@entry=0x6dc18406c870, param=param@entry=0x6dc18401f000, do_not_open=false, keep_row_order=false)at /test/13.0_opt/sql/sql_select.cc:22604
|
#5 0x0000582f3b3ad4da in create_tmp_table (thd=thd@entry=0x6dc184000c68, param=param@entry=0x6dc18401f000, fields=@0x6dc18401cff0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x6dc18401f8c0, last = 0x6dc18401f8b0, elements = 3}, <No data fields>}, group=group@entry=0x0, distinct=<optimized out>, save_sum_fields=<optimized out>, select_options=2201187785472, rows_limit=18446744073709551615, table_alias=0x582f3c4d9970 <empty_clex_str>, do_not_open=<optimized out>, keep_row_order=<optimized out>) at /test/13.0_opt/sql/sql_select.cc:23031
|
#6 0x0000582f3b430f5f in select_unit::create_result_table (this=0x6dc18401efc8, thd_arg=0x6dc184000c68, column_types=0x6dc18401cff0, is_union_distinct=true, options=2201187785472, alias=0x582f3c4d9970 <empty_clex_str>, bit_fields_as_long=<optimized out>, create_table=<optimized out>, keep_row_order=<optimized out>, hidden=1)at /test/13.0_opt/sql/sql_union.cc:355
|
#7 0x0000582f3b42fe5d in st_select_lex_unit::prepare (this=0x6dc18401c7a0, derived_arg=0x6dc18401d688, sel_result=0x6dc18401eed8, additional_options=<optimized out>) at /test/13.0_opt/sql/sql_union.cc:1899
|
#8 0x0000582f3b31666b in mysql_derived_prepare (thd=0x6dc184000c68, lex=<optimized out>, derived=0x6dc18401d688)at /test/13.0_opt/sql/sql_derived.cc:843
|
#9 0x0000582f3b318112 in mysql_handle_single_derived (lex=lex@entry=0x6dc1840050d0, derived=derived@entry=0x6dc18401d688, phases=phases@entry=2) at /test/13.0_opt/sql/sql_derived.cc:203
|
#10 0x0000582f3b45bdb2 in TABLE_LIST::handle_derived (this=0x6dc18401d688, lex=0x6dc1840050d0, phases=2) at /test/13.0_opt/sql/table.cc:10050
|
#11 0x0000582f3b333c7f in LEX::handle_list_of_derived (table_list=<optimized out>, this=<optimized out>, phases=<optimized out>)at /test/13.0_opt/sql/sql_lex.h:4820
|
#12 st_select_lex::handle_derived (this=<optimized out>, lex=0x6dc1840050d0, phases=2) at /test/13.0_opt/sql/sql_lex.cc:5246
|
#13 0x0000582f3b39a726 in JOIN::prepare (this=0x6dc18401e8e0, tables_init=<optimized out>, conds_init=<optimized out>, og_num=0, order_init=<optimized out>, skip_order_by=true, group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x6dc18401c2b8, unit_arg=0x6dc1840051b0) at /test/13.0_opt/sql/sql_select.cc:1471
|
#14 0x0000582f3b432540 in st_select_lex_unit::prepare_join (this=this@entry=0x6dc1840051b0, thd_arg=0x6dc184000c68, sl=sl@entry=0x6dc18401c2b8, tmp_result=tmp_result@entry=0x6dc18401dfa0, additional_options=additional_options@entry=2199023255552, is_union_select=true) at /test/13.0_opt/sql/sql_union.cc:1112
|
#15 0x0000582f3b42f7cd in st_select_lex_unit::prepare (this=this@entry=0x6dc1840051b0, derived_arg=0x0, sel_result=sel_result@entry=0x6dc18401df78, additional_options=2199023255552) at /test/13.0_opt/sql/sql_union.cc:1691
|
#16 0x0000582f3b42edb6 in mysql_union (thd=thd@entry=0x6dc184000c68, lex=<optimized out>, result=0x6dc18406e007, result@entry=0x6dc18401df78, unit=0x6dc1840051b0, setup_tables_done_option=setup_tables_done_option@entry=0)at /test/13.0_opt/sql/sql_union.cc:43
|
#17 0x0000582f3b3968e3 in handle_select (thd=thd@entry=0x6dc184000c68, lex=0x0, lex@entry=0x6dc1840050d0, result=result@entry=0x6dc18401df78, setup_tables_done_option=setup_tables_done_option@entry=0)at /test/13.0_opt/sql/sql_select.cc:626
|
#18 0x0000582f3b361b6f in execute_sqlcom_select (thd=thd@entry=0x6dc184000c68, all_tables=0x6dc184018f50) at /test/13.0_opt/sql/sql_parse.cc:6214
|
#19 0x0000582f3b360389 in mysql_execute_command (thd=thd@entry=0x6dc184000c68, is_called_from_prepared_stmt=false) at /test/13.0_opt/sql/sql_parse.cc:3988
|
#20 0x0000582f3b3586f1 in mysql_parse (thd=thd@entry=0x6dc184000c68, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x75dc80329410)at /test/13.0_opt/sql/sql_parse.cc:7942
|
#21 0x0000582f3b356b0d in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x6dc184000c68, packet=packet@entry=0x6dc184008cf9 "(SELECT 1) UNION (SELECT * FROM t4 WHERE MATCH(c1) AGAINST ('' IN BOOLEAN MODE)) INTERSECT (SELECT'',NULLIF(c2,c2) FROM t1)", packet_length=packet_length@entry=123, blocking=true)at /test/13.0_opt/sql/sql_parse.cc:1898
|
#22 0x0000582f3b358b01 in do_command (thd=thd@entry=0x6dc184000c68, blocking=true) at /test/13.0_opt/sql/sql_parse.cc:1432
|
#23 0x0000582f3b48afed in do_handle_one_connection (connect=<optimized out>, connect@entry=0x582f53cfad78, put_in_cache=true)at /test/13.0_opt/sql/sql_connect.cc:1503
|
#24 0x0000582f3b48adaf in handle_one_connection (arg=arg@entry=0x582f53cfad78)at /test/13.0_opt/sql/sql_connect.cc:1415
|
#25 0x0000582f3b84fab3 in pfs_spawn_thread (arg=0x582f53cfade8)at /test/13.0_opt/storage/perfschema/pfs.cc:2198
|
#26 0x000075dc8389caa4 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447
|
#27 0x000075dc83929c6c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
|
CS 13.0.1 96b3dd0c34427e9338dda1375575a0e05a7cd267 (Debug, Clang 18.1.3-11) Build 12/05/2026 |
Core was generated by `/test/MD120526-mariadb-13.0.1-linux-x86_64-dbg/bin/mariadbd --no-defaults --loo'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 __memset_evex_unaligned_erms ()at ../sysdeps/x86_64/multiarch/memset-vec-unaligned-erms.S:228
|
|
|
[Current thread is 1 (LWP 3235542)]
|
(gdb) bt
|
#0 __memset_evex_unaligned_erms ()at ../sysdeps/x86_64/multiarch/memset-vec-unaligned-erms.S:228
|
#1 0x00005a8b99e32dbb in Field_varstring::reset (this=0x6ca9f809cc20)at /test/13.0_dbg/sql/field.h:4339
|
#2 0x00005a8b99e32119 in Field_vector::reset (this=0x6ca9f809cc20)at /test/13.0_dbg/sql/sql_type_vector.cc:254
|
#3 0x00005a8b99bc3ebf in Create_tmp_table::finalize (this=0x74c4f03e8a48, thd=0x6ca9f8000d58, table=0x6ca9f809b980, param=0x6ca9f8021818, do_not_open=false, keep_row_order=false)at /test/13.0_dbg/sql/sql_select.cc:22604
|
#4 0x00005a8b99b9cc1f in create_tmp_table (thd=0x6ca9f8000d58, param=0x6ca9f8021818, fields=@0x6ca9f801f7f0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x6ca9f80220e0, last = 0x6ca9f80220d0, elements = 3}, <No data fields>}, group=0x0, distinct=true, save_sum_fields=true, select_options=2201187785472, rows_limit=18446744073709551615, table_alias=0x5a8b9b5319d0 <empty_clex_str>, do_not_open=false, keep_row_order=false) at /test/13.0_dbg/sql/sql_select.cc:23031
|
#5 0x00005a8b99c717b0 in select_unit::create_result_table (this=0x6ca9f80217e0, thd_arg=0x6ca9f8000d58, column_types=0x6ca9f801f7f0, is_union_distinct=true, options=2201187785472, alias=0x5a8b9b5319d0 <empty_clex_str>, bit_fields_as_long=false, create_table=true, keep_row_order=false, hidden=1)at /test/13.0_dbg/sql/sql_union.cc:355
|
#6 0x00005a8b99c6f7e4 in st_select_lex_unit::prepare (this=0x6ca9f801efa0, derived_arg=0x6ca9f801fe88, sel_result=0x6ca9f80216f0, additional_options=0) at /test/13.0_dbg/sql/sql_union.cc:1899
|
#7 0x00005a8b99a9a6c3 in mysql_derived_prepare (thd=0x6ca9f8000d58, lex=0x6ca9f8005198, derived=0x6ca9f801fe88)at /test/13.0_dbg/sql/sql_derived.cc:843
|
#8 0x00005a8b99a9cef5 in mysql_handle_single_derived (lex=0x6ca9f8005198, derived=0x6ca9f801fe88, phases=2) at /test/13.0_dbg/sql/sql_derived.cc:203
|
#9 0x00005a8b99cb6abf in TABLE_LIST::handle_derived (this=0x6ca9f801fe88, lex=0x6ca9f8005198, phases=2) at /test/13.0_dbg/sql/table.cc:10050
|
#10 0x00005a8b99ab6894 in LEX::handle_list_of_derived (this=0x6ca9f8005198, table_list=0x6ca9f801fe88, phases=2) at /test/13.0_dbg/sql/sql_lex.h:4820
|
#11 0x00005a8b99ac7cba in st_select_lex::handle_derived (this=0x6ca9f801eab8, lex=0x6ca9f8005198, phases=2) at /test/13.0_dbg/sql/sql_lex.cc:5246
|
#12 0x00005a8b99b806e8 in JOIN::prepare (this=0x6ca9f80210f0, tables_init=0x6ca9f801fe88, conds_init=0x0, og_num=0, order_init=0x0, skip_order_by=true, group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x6ca9f801eab8, unit_arg=0x6ca9f8005278)at /test/13.0_dbg/sql/sql_select.cc:1471
|
#13 0x00005a8b99c739eb in st_select_lex_unit::prepare_join (this=0x6ca9f8005278, thd_arg=0x6ca9f8000d58, sl=0x6ca9f801eab8, tmp_result=0x6ca9f80207a0, additional_options=2199023255552, is_union_select=true) at /test/13.0_dbg/sql/sql_union.cc:1112
|
#14 0x00005a8b99c6ecb5 in st_select_lex_unit::prepare (this=0x6ca9f8005278, derived_arg=0x0, sel_result=0x6ca9f8020778, additional_options=2199023255552) at /test/13.0_dbg/sql/sql_union.cc:1691
|
#15 0x00005a8b99c6da52 in mysql_union (thd=0x6ca9f8000d58, lex=0x6ca9f8005198, result=0x6ca9f8020778, unit=0x6ca9f8005278, setup_tables_done_option=0)at /test/13.0_dbg/sql/sql_union.cc:43
|
#16 0x00005a8b99b7c2cf in handle_select (thd=0x6ca9f8000d58, lex=0x6ca9f8005198, result=0x6ca9f8020778, setup_tables_done_option=0)at /test/13.0_dbg/sql/sql_select.cc:626
|
#17 0x00005a8b99b1ee1d in execute_sqlcom_select (thd=0x6ca9f8000d58, all_tables=0x6ca9f801b750) at /test/13.0_dbg/sql/sql_parse.cc:6214
|
#18 0x00005a8b99b13b50 in mysql_execute_command (thd=0x6ca9f8000d58, is_called_from_prepared_stmt=false) at /test/13.0_dbg/sql/sql_parse.cc:3988
|
#19 0x00005a8b99b0bce4 in mysql_parse (thd=0x6ca9f8000d58, rawbuf=0x6ca9f801a150 "(SELECT 1) UNION (SELECT * FROM t4 WHERE MATCH(c1) AGAINST ('' IN BOOLEAN MODE)) INTERSECT (SELECT'',NULLIF(c2,c2) FROM t1)", length=123, parser_state=0x74c4f03eb9f0)at /test/13.0_dbg/sql/sql_parse.cc:7942
|
#20 0x00005a8b99b0902d in dispatch_command (command=COM_QUERY, thd=0x6ca9f8000d58, packet=0x6ca9f800b4f9 "(SELECT 1) UNION (SELECT * FROM t4 WHERE MATCH(c1) AGAINST ('' IN BOOLEAN MODE)) INTERSECT (SELECT'',NULLIF(c2,c2) FROM t1)", packet_length=123, blocking=true) at /test/13.0_dbg/sql/sql_parse.cc:1898
|
#21 0x00005a8b99b0c893 in do_command (thd=0x6ca9f8000d58, blocking=true)at /test/13.0_dbg/sql/sql_parse.cc:1432
|
#22 0x00005a8b99d0a569 in do_handle_one_connection (connect=0x5a8bd80c4548, put_in_cache=true) at /test/13.0_dbg/sql/sql_connect.cc:1503
|
#23 0x00005a8b99d0a30e in handle_one_connection (arg=0x5a8bd7fdff08)at /test/13.0_dbg/sql/sql_connect.cc:1415
|
#24 0x000074c8d0e9caa4 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447
|
#25 0x000074c8d0f29c6c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
|
Bug Detection Matrix |
Rel o/d Build Commit UniqueID observed
|
CS 10.11 dbg 220526 6f1204ad849b72a997fd34ce44a522d76716c24d No bug found
|
CS 10.11 opt 220526 6f1204ad849b72a997fd34ce44a522d76716c24d No bug found
|
CS 11.4 dbg 220526 19c59f2c79637cc360cc6d6b219ed9131124500d No bug found
|
CS 11.4 opt 220526 19c59f2c79637cc360cc6d6b219ed9131124500d No bug found
|
CS 11.8 dbg 220526 b494164767979072713fdeccc175ce3b3f5b1983 SIGSEGV|__memset_evex_unaligned_erms|Field_varstring::reset|Field_vector::reset|Create_tmp_table::finalize
|
CS 11.8 opt 220526 b494164767979072713fdeccc175ce3b3f5b1983 SIGSEGV|__memset_evex_unaligned_erms|memset|Field_varstring::reset|Field_vector::reset
|
CS 12.3 dbg 220526 66b3c6784689fbb65110a5b21efcb815a8bcde24 SIGSEGV|__memset_evex_unaligned_erms|Field_varstring::reset|Field_vector::reset|Create_tmp_table::finalize
|
CS 12.3 opt 220526 66b3c6784689fbb65110a5b21efcb815a8bcde24 SIGSEGV|__memset_evex_unaligned_erms|memset|Field_varstring::reset|Field_vector::reset
|
CS 13.0 dbg 220526 c8e8d33309606e682c98675d594dbd23ebc2ddf6 SIGSEGV|__memset_evex_unaligned_erms|Field_varstring::reset|Field_vector::reset|Create_tmp_table::finalize
|
CS 13.0 opt 220526 c8e8d33309606e682c98675d594dbd23ebc2ddf6 SIGSEGV|__memset_evex_unaligned_erms|memset|Field_varstring::reset|Field_vector::reset
|
ES 10.6 dbg 040825 9b794f34b48fb7eee490b6da44edc0f33a947447 No bug found
|
ES 10.6 opt 040825 9b794f34b48fb7eee490b6da44edc0f33a947447 No bug found
|
ES 11.4 dbg 040825 a1c03ccd54b582e75506687ee19b273ca897f261 SIGSEGV|__memset_evex_unaligned_erms|Field_varstring::reset|Field_vector::reset|Create_tmp_table::finalize
|
ES 11.4 opt 040825 a1c03ccd54b582e75506687ee19b273ca897f261 SIGSEGV|__memset_evex_unaligned_erms|memset|Field_varstring::reset|Field_vector::reset
|
ES 11.8 dbg 151025 780565c207e9ce0ebf7d8e3d59f223801447b619 SIGABRT|__memset_evex_unaligned_erms|Field_varstring::reset|Field_vector::reset|Create_tmp_table::finalize
|
ES 11.8 opt 151025 780565c207e9ce0ebf7d8e3d59f223801447b619 SIGSEGV|__memset_evex_unaligned_erms|memset|Field_varstring::reset|Field_vector::reset
|
----- UBASAN Execution of the testcase ----- (Builds used: /test/UBASAN_MD220526-mariadb-12.3.2-linux-x86_64-opt and _dbg)
|
opt: ASAN|use-after-poison|sql/field.h|__asan_memset|Field_varstring::reset|Field_vector::reset|Create_tmp_table::finalize
|
dbg: ASAN|use-after-poison|sql/field.h|__asan_memset|Field_varstring::reset|Field_vector::reset|Create_tmp_table::finalize
|