[MDEV-25070] SIGSEGV in fts_create_in_mem_aux_table Created: 2021-03-06  Updated: 2021-03-11  Resolved: 2021-03-10

Status: Closed
Project: MariaDB Server
Component/s: Full-text Search, Storage Engine - InnoDB
Affects Version/s: 10.3, 10.4, 10.5, 10.6
Fix Version/s: 10.3.29, 10.4.19, 10.5.10

Type: Bug Priority: Critical
Reporter: Roel Van de Paar Assignee: Thirunarayanan Balathandayuthapani
Resolution: Fixed Votes: 0
Labels: not-10.2, regression

Issue Links:
Relates
relates to MDEV-23236 [draft] ASAN heap-use-after-free in d... Closed

 Description   

Partially matching stack with MDEV-23236, though different lead crashing frame, and may not be related.

CREATE TABLE t (a CHAR,FULLTEXT KEY(a)) ENGINE=InnoDB;
 
ALTER TABLE t DISCARD TABLESPACE;
 
ALTER TABLE t ADD FULLTEXT INDEX (a);

Leads to:

10.6.0 03ff588d153f22f00ff00923e82498cbac63505f (Optimized)

 
Core was generated by `/test/MD060321-mariadb-10.6.0-linux-x86_64-opt/bin/mysqld --no-defaults --core-'.
 
Program terminated with signal SIGSEGV, Segmentation fault.
 
#0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=11)
 
    at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
 
[Current thread is 1 (Thread 0x14dd1052a700 (LWP 359730))]
 
(gdb) bt
 
#0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=11) at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
 
#1  0x00005643a016ff6f in my_write_core (sig=sig@entry=11) at /test/10.6_opt/mysys/stacktrace.c:424
 
#2  0x000056439fbf8b90 in handle_fatal_signal (sig=11) at /test/10.6_opt/sql/signal_handler.cc:331
 
#3  <signal handler called>
 
#4  0x00005643a00c8661 in fts_create_in_mem_aux_table (aux_table_name=aux_table_name@entry=0x14dd10525400 "test/FTS_", '0' <repeats 14 times>, "1e_", '0' <repeats 14 times>, "25_INDEX_1", table=0x14dcd4019170, n_cols=n_cols@entry=5) at /test/10.6_opt/storage/innobase/fts/fts0fts.cc:1719
 
#5  0x00005643a00c9da8 in fts_create_one_index_table (trx=0x14dd24254130, fts_table=0x14dd10525730, heap=0x14dcd4027038, index=<optimized out>) at /test/10.6_opt/storage/innobase/fts/fts0fts.cc:1959
 
#6  0x00005643a00d2507 in fts_create_index_tables (trx=0x14dd24254130, index=index@entry=0x14dcd4024890, id=<optimized out>) at /test/10.6_opt/storage/innobase/fts/fts0fts.cc:2068
 
#7  0x000056439ff33339 in prepare_inplace_alter_table_dict (ha_alter_info=<optimized out>, altered_table=<optimized out>, old_table=<optimized out>, table_name=<optimized out>, flags=<optimized out>, flags2=<optimized out>, fts_doc_id_col=<optimized out>, add_fts_doc_id=<optimized out>, add_fts_doc_id_idx=<optimized out>) at /test/10.6_opt/storage/innobase/handler/handler0alter.cc:7032
 
#8  0x000056439ff386ed in ha_innobase::prepare_inplace_alter_table (this=<optimized out>, altered_table=<optimized out>, ha_alter_info=<optimized out>) at /test/10.6_opt/storage/innobase/handler/ha_innodb.h:707
 
#9  0x000056439fa8b31b in mysql_inplace_alter_table (thd=0x14dcd4000c58, table_list=0x14dcd4010580, table=0x14dcd40337f8, altered_table=0x14dd10526a30, ha_alter_info=0x14dd10526980, alter_ctx=0x14dd105279e0, target_mdl_request=<optimized out>) at /test/10.6_opt/sql/sql_table.cc:8106
 
#10 0x000056439fa98925 in mysql_alter_table (thd=thd@entry=0x14dcd4000c58, new_db=new_db@entry=0x14dcd4005510, new_name=new_name@entry=0x14dcd4005910, create_info=create_info@entry=0x14dd10528610, table_list=<optimized out>, table_list@entry=0x14dcd4010580, alter_info=alter_info@entry=0x14dd10528520, order_num=0, order=0x0, ignore=false, if_exists=false) at /test/10.6_opt/sql/sql_table.cc:10780
 
#11 0x000056439faf7053 in Sql_cmd_alter_table::execute (this=<optimized out>, thd=0x14dcd4000c58) at /test/10.6_opt/sql/structs.h:563
 
#12 0x000056439f9f1d56 in mysql_execute_command (thd=0x14dcd4000c58) at /test/10.6_opt/sql/sql_parse.cc:5972
 
#13 0x000056439f9e24b4 in mysql_parse (thd=0x14dcd4000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/10.6_opt/sql/sql_parse.cc:7998
 
#14 0x000056439f9ee2a5 in dispatch_command (command=COM_QUERY, thd=0x14dcd4000c58, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/10.6_opt/sql/sql_class.h:1318
 
#15 0x000056439f9f02f0 in do_command (thd=0x14dcd4000c58, blocking=blocking@entry=true) at /test/10.6_opt/sql/sql_parse.cc:1397
 
#16 0x000056439faf25d7 in do_handle_one_connection (connect=<optimized out>, put_in_cache=true) at /test/10.6_opt/sql/sql_connect.cc:1410
 
#17 0x000056439faf293d in handle_one_connection (arg=arg@entry=0x5643a2ebc678) at /test/10.6_opt/sql/sql_connect.cc:1312
 
#18 0x000056439fe710f9 in pfs_spawn_thread (arg=0x5643a2e2a218) at /test/10.6_opt/storage/perfschema/pfs.cc:2201
 
#19 0x000014dd258d1609 in start_thread (arg=<optimized out>) at pthread_create.c:477
 
#20 0x000014dd254c0293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Bug confirmed present in:
MariaDB: 10.3.29 (dbg), 10.3.29 (opt), 10.4.19 (dbg), 10.5.10 (dbg), 10.5.10 (opt), 10.6.0 (dbg), 10.6.0 (opt)

Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.2.38 (dbg), 10.2.38 (opt), 10.4.19 (opt)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.33 (dbg), 5.7.33 (opt), 8.0.23 (dbg), 8.0.23 (opt)

10.2 Does not fail:

10.2.38 (Debug)

 
10.2.38>ALTER TABLE t ADD FULLTEXT INDEX (a);
 
Query OK, 0 rows affected, 1 warning (0.04 sec)
 
Records: 0  Duplicates: 0  Warnings: 1


Generated at Thu Feb 08 09:34:55 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.