[MDEV-27195] SIGSEGV in Table_scope_and_contents_source_st::vers_check_system_fields Created: 2021-12-08  Updated: 2021-12-22  Resolved: 2021-12-22

Status: Closed
Project: MariaDB Server
Component/s: Character Sets, Versioned Tables
Affects Version/s: 10.3, 10.4, 10.5, 10.6, 10.7, 10.8
Fix Version/s: 10.8.0, 10.3.33, 10.4.23, 10.5.14, 10.6.6, 10.7.2

Type: Bug Priority: Critical
Reporter: Ramesh Sivaraman Assignee: Alexander Barkov
Resolution: Fixed Votes: 0
Labels: not-10.2

Issue Links:
Relates
relates to MDEV-27009 Add UCA-14.0.0 collations Closed

 Description    

# mysqld options required for replay: --character_set_server=utf8mb4 --collation_server=utf8mb4_unicode_1400_ci
 
CREATE TABLE t0 ENGINE=InnoDB WITH SYSTEM VERSIONING AS SELECT 0;

Leads to:

10.8.0 7afdb33d7e6fea26355455eade8245863267477b

 
Core was generated by `/test/mtest/mariadb-10.8.0-linux-x86_64-uca-1400/bin/mysqld --no-defaults --cha'.
 
Program terminated with signal SIGSEGV, Segmentation fault.
 
#0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=11)
 
    at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
 
[Current thread is 1 (Thread 0x15133c49d700 (LWP 2277449))]
 
(gdb) bt
 
#0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=11) at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
 
#1  0x000055fea79afc4f in my_write_core (sig=sig@entry=11) at /test/mtest/10.8_opt/mysys/stacktrace.c:424
 
#2  0x000055fea7457fb0 in handle_fatal_signal (sig=11) at /test/mtest/10.8_opt/sql/signal_handler.cc:345
 
#3  <signal handler called>
 
#4  0x0000000000000000 in ?? ()
 
#5  0x000055fea7468d45 in Table_scope_and_contents_source_st::vers_check_system_fields (thd=<optimized out>, select_count=1, db=@0x15133c49af80: {<Lex_cstring> = {<st_mysql_const_lex_string> = {str = 0x1512f00110b8 "test", length = 4}, <No data fields>}, <No data fields>}, table_name=@0x15133c49af70: {<Lex_cstring> = {<st_mysql_const_lex_string> = {str = 0x1512f00109a0 "t0", length = 2}, <No data fields>}, <No data fields>}, alter_info=0x15133c49bb60, this=0x15133c49bc50) at /test/mtest/10.8_opt/sql/handler.cc:8344
 
#6  Table_scope_and_contents_source_st::vers_check_system_fields (this=0x15133c49bc50, thd=<optimized out>, alter_info=0x15133c49bb60, table_name=@0x15133c49af70: {<Lex_cstring> = {<st_mysql_const_lex_string> = {str = 0x1512f00109a0 "t0", length = 2}, <No data fields>}, <No data fields>}, db=@0x15133c49af80: {<Lex_cstring> = {<st_mysql_const_lex_string> = {str = 0x1512f00110b8 "test", length = 4}, <No data fields>}, <No data fields>}, select_count=1) at /test/mtest/10.8_opt/sql/handler.cc:8318
 
#7  0x000055fea74694e0 in Table_scope_and_contents_source_st::check_fields (this=0x15133c49bc50, thd=thd@entry=0x1512f0000c58, alter_info=0x15133c49bb60, table_name=@0x15133c49af70: {<Lex_cstring> = {<st_mysql_const_lex_string> = {str = 0x1512f00109a0 "t0", length = 2}, <No data fields>}, <No data fields>}, db=@0x15133c49af80: {<Lex_cstring> = {<st_mysql_const_lex_string> = {str = 0x1512f00110b8 "test", length = 4}, <No data fields>}, <No data fields>}, select_count=select_count@entry=1) at /test/mtest/10.8_opt/sql/handler.cc:8751
 
#8  0x000055fea71de1c3 in select_create::create_table_from_items (this=0x1512f0011fc8, thd=0x1512f0000c58, items=<optimized out>, lock=0x15133c49b858, hooks=0x15133c49b880) at /test/mtest/10.8_opt/sql/lex_string.h:40
 
#9  0x000055fea71de67d in select_create::prepare (this=0x1512f0011fc8, _values=<optimized out>, u=0x1512f0004ea0) at /test/mtest/10.8_opt/sql/sql_insert.cc:4721
 
#10 0x000055fea727cb58 in JOIN::prepare (this=0x1512f0012110, tables_init=<optimized out>, conds_init=<optimized out>, og_num=<optimized out>, order_init=<optimized out>, skip_order_by=<optimized out>, group_init=<optimized out>, having_init=<optimized out>, proc_param_init=<optimized out>, select_lex_arg=<optimized out>, unit_arg=<optimized out>) at /test/mtest/10.8_opt/sql/sql_select.cc:1630
 
#11 0x000055fea728ee28 in mysql_select (thd=0x1512f0000c58, tables=0x0, fields=@0x1512f0011360: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x1512f00115b8, last = 0x1512f00115b8, elements = 1}, <No data fields>}, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x1512f0011fc8, unit=0x1512f0004ea0, select_lex=0x1512f00110c0) at /test/mtest/10.8_opt/sql/sql_select.cc:4968
 
#12 0x000055fea728f107 in handle_select (thd=thd@entry=0x1512f0000c58, lex=lex@entry=0x1512f0004dc8, result=result@entry=0x1512f0011fc8, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/mtest/10.8_opt/sql/sql_select.cc:545
 
#13 0x000055fea72cebe4 in Sql_cmd_create_table_like::execute (this=<optimized out>, thd=0x1512f0000c58) at /test/mtest/10.8_opt/sql/sql_table.cc:11869
 
#14 0x000055fea721a416 in mysql_execute_command (thd=0x1512f0000c58, is_called_from_prepared_stmt=<optimized out>) at /test/mtest/10.8_opt/sql/sql_parse.cc:5989
 
#15 0x000055fea720a127 in mysql_parse (thd=0x1512f0000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/mtest/10.8_opt/sql/sql_parse.cc:8028
 
#16 0x000055fea7216365 in dispatch_command (command=COM_QUERY, thd=0x1512f0000c58, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/mtest/10.8_opt/sql/sql_class.h:1360
 
#17 0x000055fea7218568 in do_command (thd=0x1512f0000c58, blocking=blocking@entry=true) at /test/mtest/10.8_opt/sql/sql_parse.cc:1402
 
#18 0x000055fea7337a27 in do_handle_one_connection (connect=<optimized out>, put_in_cache=true) at /test/mtest/10.8_opt/sql/sql_connect.cc:1418
 
#19 0x000055fea7337d7d in handle_one_connection (arg=arg@entry=0x55feaadb0c18) at /test/mtest/10.8_opt/sql/sql_connect.cc:1312
 
#20 0x000055fea76a3a3d in pfs_spawn_thread (arg=0x55feaadb0c88) at /test/mtest/10.8_opt/storage/perfschema/pfs.cc:2201
 
#21 0x000015133f679609 in start_thread (arg=<optimized out>) at pthread_create.c:477
 
#22 0x000015133f268293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Bug confirmed present in:
MariaDB: 10.8.0 (opt), 10.8.0 (dbg)

 Comments   
Comment by Roel Van de Paar [ 2021-12-12 ]

The 

#4  0x0000000000000000 in ?? ()

Is a bit surprising? Any idea bar?

Comment by Alexander Barkov [ 2021-12-22 ]

The problem is also repeatable with

mariadbd --character_set_server=utf8mb4 --collation_server=utf8mb4_unicode_ci

with all versions starting from 10.3.

It's not related to MDEV-27009. I'm removing the 10.8V1 flag.

Comment by Alexander Barkov [ 2021-12-22 ]

Also repeatable with MyISAM instead of InnoDB.

It also crashes with MTR if I put the following files:
mysql-test/main/ctype_utf8mb4_unicode_ci_def.opt with this content:

--character-set-server=utf8mb4,latin1 --collation-server=utf8mb4_unicode_ci

mysql-test/main/ctype_utf8mb4_unicode_ci_def.test with this content:

CREATE TABLE t1 ENGINE=MyISAM WITH SYSTEM VERSIONING AS SELECT 0;
 
DROP TABLE t1;


$ ./mtr  ctype_utf8mb4_unicode_ci_def
 
...
 
...
 
TEST                                      RESULT   TIME (ms) or COMMENT
 
--------------------------------------------------------------------------
 
 
 
worker[1] Using MTR_BUILD_THREAD 300, with reserved ports 16000..16019
 
CREATE TABLE t1 ENGINE=MyISAM WITH SYSTEM VERSIONING AS SELECT 0;
 
main.ctype_utf8mb4_unicode_ci_def        [ fail ]
 
        Test ended at 2021-12-22 11:35:45
 
 
 
CURRENT_TEST: main.ctype_utf8mb4_unicode_ci_def
 
mysqltest: At line 1: query 'CREATE TABLE t1 ENGINE=MyISAM WITH SYSTEM VERSIONING AS SELECT 0' failed: <Unknown> (2013): Lost connection to server during query

Generated at Thu Feb 08 09:51:03 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.