Details
-
Bug
-
Status: Open (View Workflow)
-
Major
-
Resolution: Unresolved
-
11.8, 12.3, 13.0, 13.1
-
Can result in hang or crash
-
Q4/2026 Replic. Maintenance
Description
CLI Testcase:
# mysqld options required for replay: --log_bin |
INSTALL SONAME 'ha_rocksdb'; |
CREATE TABLE t (c INT) ENGINE=MEMORY; |
SET GLOBAL default_storage_engine=RocksDB; |
UNINSTALL SONAME 'ha_rocksdb'; |
INSTALL SONAME 'ha_mroonga'; |
INSERT DELAYED INTO t VALUES (1); |
SET GLOBAL default_storage_engine=Mroonga; |
FLUSH TABLES;
|
RESET MASTER;
|
MTR Testcase:
--source include/have_rocksdb.inc
|
--source include/have_log_bin.inc
|
--disable_abort_on_error
|
INSTALL SONAME 'ha_rocksdb'; |
CREATE TABLE t (c INT) ENGINE=MEMORY; |
SET GLOBAL default_storage_engine=RocksDB; |
UNINSTALL SONAME 'ha_rocksdb'; |
INSTALL SONAME 'ha_mroonga'; |
INSERT DELAYED INTO t VALUES (1); |
SET GLOBAL default_storage_engine=Mroonga; |
FLUSH TABLES;
|
RESET MASTER;
|
Leads to:
|
CS 13.1.0 02e1853c894906737fe0ea5f836adb087b1a72ad (Optimized, Clang 22.1.6-20260529) Build 05/06/2026 |
Core was generated by `/test/MD050626-mariadb-13.1.0-linux-x86_64-opt/bin/mariadbd --no-defaults --loo'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 plugin_hton (plugin=0x0) at /test/13.0_opt/sql/handler.h:1917
|
 |
warning: Source file is more recent than executable.
|
1917 return plugin_data(plugin, handlerton *);
|
[Current thread is 1 (LWP 53716)]
|
(gdb) bt
|
#0 plugin_hton (plugin=0x0) at /test/13.0_opt/sql/handler.h:1917
|
#1 tp_foreach (thd=0x0, func=<optimized out>, arg=<optimized out>)at /test/13.0_opt/sql/handler.cc:897
|
#2 ha_commit_checkpoint_request (cookie=cookie@entry=0x654b92cd4550, pre_hook=0x654b90b84b00 <binlog_checkpoint_callback(void*)>)at /test/13.0_opt/sql/handler.cc:954
|
#3 0x0000654b90b7edcc in MYSQL_BIN_LOG::do_checkpoint_request (this=this@entry=0x654b91bd4c38 <mysql_bin_log>, binlog_id=1)at /test/13.0_opt/sql/log.cc:9260
|
#4 0x0000654b90b7dee2 in MYSQL_BIN_LOG::reset_logs (this=0x654b91bd4c38 <mysql_bin_log>, thd=thd@entry=0x750118000c70, create_new_log=true, init_state=init_state@entry=0x0, init_state_len=init_state_len@entry=0, next_log_number=next_log_number@entry=0) at /test/13.0_opt/sql/log.cc:5511
|
#5 0x0000654b9081c5d8 in reset_master (thd=thd@entry=0x750118000c70, init_state=init_state@entry=0x0, init_state_len=init_state_len@entry=0, next_log_number=0) at /test/13.0_opt/sql/sql_repl.cc:4917
|
#6 0x0000654b9092c559 in reload_acl_and_cache (thd=thd@entry=0x750118000c70, options=128, tables=tables@entry=0x0, write_to_binlog=write_to_binlog@entry=0x7d0200a4b160)at /test/13.0_opt/sql/sql_reload.cc:413
|
#7 0x0000654b907ecd98 in mysql_execute_command (thd=thd@entry=0x750118000c70, is_called_from_prepared_stmt=false) at /test/13.0_opt/sql/sql_parse.cc:5397
|
#8 0x0000654b907e5dad in mysql_parse (thd=thd@entry=0x750118000c70, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x7d0200a4b4f0)at /test/13.0_opt/sql/sql_parse.cc:7945
|
#9 0x0000654b907e457f in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x750118000c70, packet=packet@entry=0x750118008e41 "RESET MASTER", packet_length=packet_length@entry=12, blocking=true)at /test/13.0_opt/sql/sql_parse.cc:1903
|
#10 0x0000654b907e6230 in do_command (thd=thd@entry=0x750118000c70, blocking=true) at /test/13.0_opt/sql/sql_parse.cc:1437
|
#11 0x0000654b9090e1fd in do_handle_one_connection (connect=<optimized out>, connect@entry=0x654b92e47fe0, put_in_cache=true)at /test/13.0_opt/sql/sql_connect.cc:1503
|
#12 0x0000654b9090e032 in handle_one_connection (arg=arg@entry=0x654b92e47fe0)at /test/13.0_opt/sql/sql_connect.cc:1415
|
#13 0x0000654b90cb0163 in pfs_spawn_thread (arg=0x654b92ebe320)at /test/13.0_opt/storage/perfschema/pfs.cc:2198
|
#14 0x00007d020389ca94 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447
|
#15 0x00007d0203929c3c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
|
CS 13.1.0 02e1853c894906737fe0ea5f836adb087b1a72ad (Debug, Clang 22.1.6-20260529) Build 05/06/2026 |
Core was generated by `/test/MD050626-mariadb-13.1.0-linux-x86_64-dbg/bin/mariadbd --no-defaults --loo'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 0x000061cd349ba22c in plugin_hton (plugin=0x0)at /test/13.0_dbg/sql/handler.h:1917
|
 |
warning: Source file is more recent than executable.
|
1917 return plugin_data(plugin, handlerton *);
|
[Current thread is 1 (LWP 53847)]
|
(gdb) bt
|
#0 0x000061cd349ba22c in plugin_hton (plugin=0x0)at /test/13.0_dbg/sql/handler.h:1917
|
#1 0x000061cd349bbf0f in tp_foreach (thd=0x0, func=0x61cd349bbf80 <commit_checkpoint_request_handlerton(THD*, transaction_participant*, void*)>, arg=0x74f4b4e7d4f0) at /test/13.0_dbg/sql/handler.cc:897
|
#2 0x000061cd349bbe54 in ha_commit_checkpoint_request (cookie=0x61cd371e5260, pre_hook=0x61cd34b63270 <binlog_checkpoint_callback(void*)>)at /test/13.0_dbg/sql/handler.cc:954
|
#3 0x000061cd34b5a11b in MYSQL_BIN_LOG::do_checkpoint_request (this=0x61cd362a62b8 <mysql_bin_log>, binlog_id=1)at /test/13.0_dbg/sql/log.cc:9260
|
#4 0x000061cd34b59388 in MYSQL_BIN_LOG::reset_logs (this=0x61cd362a62b8 <mysql_bin_log>, thd=0x6cf3c8000d60, create_new_log=true, init_state=0x0, init_state_len=0, next_log_number=0)at /test/13.0_dbg/sql/log.cc:5511
|
#5 0x000061cd3460ecc0 in reset_master (thd=0x6cf3c8000d60, init_state=0x0, init_state_len=0, next_log_number=0) at /test/13.0_dbg/sql/sql_repl.cc:4917
|
#6 0x000061cd347bec64 in reload_acl_and_cache (thd=0x6cf3c8000d60, options=128, tables=0x0, write_to_binlog=0x74f4b4e7eb24)at /test/13.0_dbg/sql/sql_reload.cc:413
|
#7 0x000061cd345bf08c in mysql_execute_command (thd=0x6cf3c8000d60, is_called_from_prepared_stmt=false) at /test/13.0_dbg/sql/sql_parse.cc:5397
|
#8 0x000061cd345b2208 in mysql_parse (thd=0x6cf3c8000d60, rawbuf=0x6cf3c801a470 "RESET MASTER", length=12, parser_state=0x74f4b4e7f9f0) at /test/13.0_dbg/sql/sql_parse.cc:7945
|
#9 0x000061cd345af95e in dispatch_command (command=COM_QUERY, thd=0x6cf3c8000d60, packet=0x6cf3c800b6a1 "RESET MASTER", packet_length=12, blocking=true) at /test/13.0_dbg/sql/sql_parse.cc:1903
|
#10 0x000061cd345b2c8a in do_command (thd=0x6cf3c8000d60, blocking=true)at /test/13.0_dbg/sql/sql_parse.cc:1437
|
#11 0x000061cd34783fae in do_handle_one_connection (connect=0x61cd374894c0, put_in_cache=true) at /test/13.0_dbg/sql/sql_connect.cc:1503
|
#12 0x000061cd34783d91 in handle_one_connection (arg=0x61cd37400680)at /test/13.0_dbg/sql/sql_connect.cc:1415
|
#13 0x000074f4b649ca94 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447
|
#14 0x000074f4b6529c3c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
|
CS 13.1.0 02e1853c894906737fe0ea5f836adb087b1a72ad (Debug, UBASAN, Clang 22.1.6-20260529) Build 05/06/2026 |
/test/13.0_dbg_san/sql/handler.h:1917:10: runtime error: load of null pointer of type 'struct st_plugin_int *'
|
#0 0x5c869cd8bc72 in plugin_hton(st_plugin_int**) /test/13.0_dbg_san/sql/handler.h:1917:10
|
#1 0x5c869cd8bc72 in tp_foreach(THD*, bool (*)(THD*, transaction_participant*, void*), void*) /test/13.0_dbg_san/sql/handler.cc:897:27
|
#2 0x5c869cd8b867 in ha_commit_checkpoint_request(void*, void (*)(void*)) /test/13.0_dbg_san/sql/handler.cc:954:3
|
#3 0x5c869cd25345 in MYSQL_BIN_LOG::do_checkpoint_request(unsigned long) /test/13.0_dbg_san/sql/log.cc:9260:3
|
#4 0x5c869cd22c0f in MYSQL_BIN_LOG::reset_logs(THD*, bool, rpl_gtid*, unsigned int, unsigned long) /test/13.0_dbg_san/sql/log.cc:5511:5
|
#5 0x5c869ded9452 in reset_master(THD*, rpl_gtid*, unsigned int, unsigned long) /test/13.0_dbg_san/sql/sql_repl.cc:4917:22
|
#6 0x5c869e660583 in reload_acl_and_cache(THD*, unsigned long long, TABLE_LIST*, int*) /test/13.0_dbg_san/sql/sql_reload.cc:413:9
|
#7 0x5c869dd8f196 in mysql_execute_command(THD*, bool) /test/13.0_dbg_san/sql/sql_parse.cc:5397:10
|
#8 0x5c869dd5f55a in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/13.0_dbg_san/sql/sql_parse.cc:7945:18
|
#9 0x5c869dd573dc in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/13.0_dbg_san/sql/sql_parse.cc:1903:7
|
#10 0x5c869dd61946 in do_command(THD*, bool) /test/13.0_dbg_san/sql/sql_parse.cc:1437:17
|
#11 0x5c869e58dfbc in do_handle_one_connection(CONNECT*, bool) /test/13.0_dbg_san/sql/sql_connect.cc:1503:11
|
#12 0x5c869e58dae5 in handle_one_connection /test/13.0_dbg_san/sql/sql_connect.cc:1415:5
|
#13 0x5c869cc552d6 in asan_thread_start(void*) /test/llvm-build/llvm-project/compiler-rt/lib/asan/asan_interceptors.cpp:246:28
|
#14 0x7dc1b9a9ca93 in start_thread nptl/pthread_create.c:447:8
|
#15 0x7dc1b9b29c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
 |
SUMMARY: UndefinedBehaviorSanitizer: null-pointer-use /test/13.0_dbg_san/sql/handler.h:1917:10
|
Setup:
Compiled with a recent version of Clang and LLVM. Ubuntu instructions for Clang/LLVM 18:
|
# Note: It is strongly recommended to uninstall all old Clang & LLVM packages (ref dpkg --list | grep -iE 'clang|llvm' and use apt purge and dpkg --purge to remove the packages), before installing Clang/LLVM 18
|
sudo apt install clang llvm-18 llvm-18-linker-tools llvm-18-runtime llvm-18-tools llvm-18-dev libstdc++-14-dev llvm-dev lld-18
|
Compiled with: "-DCMAKE_C_COMPILER=/usr/bin/clang -DCMAKE_CXX_COMPILER=/usr/bin/clang++ -DCMAKE_C{,XX}_FLAGS='-march=native -mtune=native'" and:
|
-DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWSREP_LIB_WITH_ASAN=ON
|
Set before execution:
|
export UBSAN_OPTIONS=print_stacktrace=1:report_error_type=1 # And you may also want to supress UBSAN startup issues using 'suppressions=UBSAN.filter' in UBSAN_OPTIONS. For an example of UBSAN.filter, which includes current startup issues see: https://github.com/mariadb-corporation/mariadb-qa/blob/master/UBSAN.filter
|
|
SAN Bug Detection Matrix |
Rel o/d Build Commit UniqueID observed
|
CS 10.6 dbg 100426 f39b634db715cd9dc1835653d1ce544df2aa1613 No bug found
|
CS 10.6 opt 100426 f39b634db715cd9dc1835653d1ce544df2aa1613 No bug found
|
CS 10.11 dbg 100426 ba774a0a90fac0163babe9d7a964aa36503e1711 No bug found
|
CS 10.11 opt 100426 ba774a0a90fac0163babe9d7a964aa36503e1711 No bug found
|
CS 11.4 dbg 100426 dc89915ad9bf3dcb67e66d2844c77ec0403373de No bug found
|
CS 11.4 opt 100426 dc89915ad9bf3dcb67e66d2844c77ec0403373de No bug found
|
CS 11.8 dbg 100426 e47db94aea7f0d6e0177e948486fc8860331f05f UBSAN|load of null pointer of type 'struct st_plugin_int *'|sql/handler.h
|
CS 11.8 opt 100426 e47db94aea7f0d6e0177e948486fc8860331f05f UBSAN|member access within null pointer of type 'struct st_plugin_int'|sql/handler.h
|
CS 12.3 dbg 100426 f5bb9922107672e88f7b5cbdb3d25151cc5744bb UBSAN|load of null pointer of type 'struct st_plugin_int *'|sql/handler.h
|
CS 12.3 opt 100426 f5bb9922107672e88f7b5cbdb3d25151cc5744bb UBSAN|member access within null pointer of type 'struct st_plugin_int'|sql/handler.h
|
CS 13.0 dbg 100426 3a2f8e27981b76b99d2b87cc3bcec5ef022b2b23 UBSAN|load of null pointer of type 'struct st_plugin_int *'|sql/handler.h
|
CS 13.0 opt 100426 3a2f8e27981b76b99d2b87cc3bcec5ef022b2b23 UBSAN|member access within null pointer of type 'struct st_plugin_int'|sql/handler.h
|
CS 13.1 dbg 050626 02e1853c894906737fe0ea5f836adb087b1a72ad UBSAN|load of null pointer of type 'struct st_plugin_int *'|sql/handler.h|plugin_hton|tp_foreach|ha_commit_checkpoint_request|MYSQL_BIN_LOG::do_checkpoint_request
|
CS 13.1 opt 050626 02e1853c894906737fe0ea5f836adb087b1a72ad UBSAN|member access within null pointer of type 'struct st_plugin_int'|sql/handler.h|plugin_hton|tp_foreach|ha_commit_checkpoint_request|MYSQL_BIN_LOG::do_checkpoint_request
|
ES 10.6 dbg 100426 84a80c8b38208d362225496da08d86d8d454e453 No bug found
|
ES 10.6 opt 100426 84a80c8b38208d362225496da08d86d8d454e453 No bug found
|
ES 11.4 dbg 100426 8b2bf17b733262409422ce7d039a0c021fc47077 UBSAN|load of null pointer of type 'struct st_plugin_int *'|sql/handler.h
|
ES 11.4 opt 100426 8b2bf17b733262409422ce7d039a0c021fc47077 UBSAN|member access within null pointer of type 'struct st_plugin_int'|sql/handler.h
|
ES 11.8 dbg 100426 854cae81f52e477c7777a51db26ba640d8755b81 UBSAN|load of null pointer of type 'struct st_plugin_int *'|sql/handler.h
|
ES 11.8 opt 100426 854cae81f52e477c7777a51db26ba640d8755b81 UBSAN|member access within null pointer of type 'struct st_plugin_int'|sql/handler.h
|
ES 12.3 dbg 220426 613a6253fe9efc12e166f83a97663ba263db8317 UBSAN|load of null pointer of type 'struct st_plugin_int *'|sql/handler.h
|
ES 12.3 opt 220426 613a6253fe9efc12e166f83a97663ba263db8317 UBSAN|member access within null pointer of type 'struct st_plugin_int'|sql/handler.h
|
|
Bug Detection Matrix |
Rel o/d Build Commit UniqueID observed
|
CS 10.6 dbg 100426 f39b634db715cd9dc1835653d1ce544df2aa1613 No bug found
|
CS 10.6 opt 100426 f39b634db715cd9dc1835653d1ce544df2aa1613 No bug found
|
CS 10.11 dbg 100426 ba774a0a90fac0163babe9d7a964aa36503e1711 No bug found
|
CS 10.11 opt 100426 ba774a0a90fac0163babe9d7a964aa36503e1711 No bug found
|
CS 11.4 dbg 100426 dc89915ad9bf3dcb67e66d2844c77ec0403373de No bug found
|
CS 11.4 opt 100426 dc89915ad9bf3dcb67e66d2844c77ec0403373de No bug found
|
CS 11.8 dbg 100426 e47db94aea7f0d6e0177e948486fc8860331f05f SIGSEGV|plugin_hton|tp_foreach|ha_commit_checkpoint_request|MYSQL_BIN_LOG::do_checkpoint_request
|
CS 11.8 opt 100426 e47db94aea7f0d6e0177e948486fc8860331f05f SIGSEGV|tp_foreach|ha_commit_checkpoint_request|MYSQL_BIN_LOG::do_checkpoint_request|MYSQL_BIN_LOG::reset_logs
|
CS 12.3 dbg 100426 f5bb9922107672e88f7b5cbdb3d25151cc5744bb SIGSEGV|plugin_hton|tp_foreach|ha_commit_checkpoint_request|MYSQL_BIN_LOG::do_checkpoint_request
|
CS 12.3 opt 100426 f5bb9922107672e88f7b5cbdb3d25151cc5744bb SIGSEGV|tp_foreach|ha_commit_checkpoint_request|MYSQL_BIN_LOG::do_checkpoint_request|MYSQL_BIN_LOG::reset_logs
|
CS 13.0 dbg 210526 c8e8d33309606e682c98675d594dbd23ebc2ddf6 SIGSEGV|plugin_hton|tp_foreach|ha_commit_checkpoint_request|MYSQL_BIN_LOG::do_checkpoint_request
|
CS 13.0 opt 210526 c8e8d33309606e682c98675d594dbd23ebc2ddf6 SIGSEGV|tp_foreach|ha_commit_checkpoint_request|MYSQL_BIN_LOG::do_checkpoint_request|MYSQL_BIN_LOG::reset_logs
|
CS 13.1 dbg 050626 02e1853c894906737fe0ea5f836adb087b1a72ad SIGSEGV|plugin_hton|tp_foreach|ha_commit_checkpoint_request|MYSQL_BIN_LOG::do_checkpoint_request
|
CS 13.1 opt 050626 02e1853c894906737fe0ea5f836adb087b1a72ad SIGSEGV|plugin_hton|tp_foreach|ha_commit_checkpoint_request|MYSQL_BIN_LOG::do_checkpoint_request
|
ES 10.6 dbg 100426 84a80c8b38208d362225496da08d86d8d454e453 No bug found
|
ES 10.6 opt 100426 84a80c8b38208d362225496da08d86d8d454e453 No bug found
|
ES 11.4 dbg 100426 8b2bf17b733262409422ce7d039a0c021fc47077 SIGSEGV|plugin_hton|tp_foreach|ha_commit_checkpoint_request|MYSQL_BIN_LOG::do_checkpoint_request
|
ES 11.4 opt 100426 8b2bf17b733262409422ce7d039a0c021fc47077 SIGSEGV|tp_foreach|ha_commit_checkpoint_request|MYSQL_BIN_LOG::do_checkpoint_request|MYSQL_BIN_LOG::reset_logs
|
ES 11.8 dbg 100426 854cae81f52e477c7777a51db26ba640d8755b81 SIGSEGV|plugin_hton|tp_foreach|ha_commit_checkpoint_request|MYSQL_BIN_LOG::do_checkpoint_request
|
ES 11.8 opt 100426 854cae81f52e477c7777a51db26ba640d8755b81 SIGSEGV|tp_foreach|ha_commit_checkpoint_request|MYSQL_BIN_LOG::do_checkpoint_request|MYSQL_BIN_LOG::reset_logs
|
ES 12.3 dbg 220426 613a6253fe9efc12e166f83a97663ba263db8317 SIGSEGV|plugin_hton|tp_foreach|ha_commit_checkpoint_request|MYSQL_BIN_LOG::do_checkpoint_request
|
ES 12.3 opt 220426 613a6253fe9efc12e166f83a97663ba263db8317 SIGSEGV|tp_foreach|ha_commit_checkpoint_request|MYSQL_BIN_LOG::do_checkpoint_request|MYSQL_BIN_LOG::reset_logs
|
MS 5.5 dbg 070123 bac287c315b1792e7ae33f91add6a60292f9bae8 No bug found
|
MS 5.5 opt 070123 bac287c315b1792e7ae33f91add6a60292f9bae8 No bug found
|
MS 5.6 dbg 070123 dab95781a1244104d6b87020ac2fc4d190ba2946 No bug found
|
MS 5.6 opt 070123 dab95781a1244104d6b87020ac2fc4d190ba2946 No bug found
|
MS 5.7 dbg 070525 f7680e98b6bbe3500399fbad465d08a6b75d7a5c No bug found
|
MS 5.7 opt 070525 f7680e98b6bbe3500399fbad465d08a6b75d7a5c No bug found
|
MS 8.0 dbg 060224 49ef33f7edadef3ae04665e73d1babd40179a4f1 No bug found
|
MS 8.0 opt 060224 49ef33f7edadef3ae04665e73d1babd40179a4f1 No bug found
|
MS 9.1 dbg 211024 61a3a1d8ef15512396b4c2af46e922a19bf2b174 No bug found
|
MS 9.1 opt 211024 61a3a1d8ef15512396b4c2af46e922a19bf2b174 No bug found
|