[MDEV-33197] SIGSEGV and UBSAN member access within null pointer in spider_db_get_row_from_tmp_tbl, Assertion `((&(&conn->mta_conn_mutex)->m_mutex)->count > 0 && pthread_equal(pthread_self(), (&(&conn->mta_conn_mutex)->m_mutex)->thread))' failed in spider_db_errorno Created: 2024-01-07  Updated: 2024-01-14

Status: Confirmed
Project: MariaDB Server
Component/s: Storage Engine - Spider
Affects Version/s: 10.4, 10.6, 10.11, 11.0, 11.1, 11.2, 11.3, 11.4
Fix Version/s: 10.4, 10.6, 10.11, 11.0, 11.1, 11.2, 11.3

Type: Bug Priority: Major
Reporter: Roel Van de Paar Assignee: Yuchen Pei
Resolution: Unresolved Votes: 0
Labels: UBSAN, memory_not_freed, mutex, sporadic

Issue Links:
Relates
relates to MDEV-32238 Add a switch to disable spider group ... Closed

 Description    

INSTALL PLUGIN Spider SONAME 'ha_spider.so';
 
CREATE SERVER srv FOREIGN DATA WRAPPER MYSQL OPTIONS (SOCKET '../socket.sock',DATABASE'',USER'',PASSWORD'');
 
CREATE TABLE t (c INT KEY,c1 BLOB,c2 TEXT) ENGINE=InnoDB;
 
INSERT INTO t VALUES (1,0,0),(2,0,0);
 
CREATE TABLE t1 (c INT KEY,c1 BLOB,c2 TEXT) ENGINE=Spider COMMENT='WRAPPER "mysql",SRV "srv",TABLE "t"';
 
SET spider_disable_group_by_handler=1, spider_quick_page_byte=0, spider_bgs_mode=1;
 
SELECT * FROM t1;

Leads to:

11.4.0 9bd95e914f3f12d0d9d93e7a1f2c49e6e8841f17 (Optimized)

 
Core was generated by `/test/MD271223-mariadb-11.4.0-linux-x86_64-opt/bin/mariadbd --no-defaults --cor'.
 
Program terminated with signal SIGSEGV, Segmentation fault.
 
#0  0x000014e33c0679e1 in spider_db_get_row_from_tmp_tbl (
 
    current=0x14e2a0015a48, row=row@entry=0x14e33c165938)
 
    at /test/11.4_opt/storage/spider/spd_db_conn.cc:2326
 
[Current thread is 1 (Thread 0x14e33c168640 (LWP 1622666))]
 
(gdb) bt
 
#0  0x000014e33c0679e1 in spider_db_get_row_from_tmp_tbl (current=0x14e2a0015a48, row=row@entry=0x14e33c165938) at /test/11.4_opt/storage/spider/spd_db_conn.cc:2326
 
#1  0x000014e33c0683c9 in spider_db_fetch_minimum_columns (spider=spider@entry=0x14e30c05cbe0, buf=0x14e30c212af8 "\374\002", table=0x14e30c2126e8, result_list=0x14e30c05d1a8) at /test/11.4_opt/storage/spider/spd_db_conn.cc:2655
 
#2  0x000014e33c06b9ab in spider_db_fetch (buf=<optimized out>, spider=0x14e30c05cbe0, table=<optimized out>) at /test/11.4_opt/storage/spider/spd_db_conn.cc:3956
 
#3  0x000014e33c06bc69 in spider_db_seek_next (buf=buf@entry=0x14e30c212af8 "\374\002", spider=spider@entry=0x14e30c05cbe0, link_idx=<optimized out>, table=0x14e30c212af8) at /test/11.4_opt/storage/spider/spd_db_conn.cc:4406
 
#4  0x000014e33c0b6c90 in ha_spider::rnd_next_internal (this=0x14e30c05cbe0, buf=<optimized out>) at /test/11.4_opt/storage/spider/ha_spider.cc:5772
 
#5  0x00005615b2311cf7 in handler::ha_rnd_next (this=0x14e30c05cbe0, buf=0x14e30c212af8 "\374\002") at /test/11.4_opt/sql/handler.cc:3627
 
#6  0x00005615b1fb9144 in rr_sequential (info=0x14e30c023660) at /test/11.4_opt/sql/records.cc:513
 
#7  0x00005615b20d89d7 in READ_RECORD::read_record (this=0x14e30c023660) at /test/11.4_opt/sql/records.h:81
 
#8  sub_select (join=0x14e30c012330, join_tab=0x14e30c023590, end_of_records=false) at /test/11.4_opt/sql/sql_select.cc:23517
 
#9  0x00005615b210ba9f in do_select (procedure=<optimized out>, join=0x14e30c012330) at /test/11.4_opt/sql/sql_select.cc:23017
 
#10 JOIN::exec_inner (this=0x14e30c012330) at /test/11.4_opt/sql/sql_select.cc:4940
 
#11 0x00005615b210beee in JOIN::exec (this=this@entry=0x14e30c012330) at /test/11.4_opt/sql/sql_select.cc:4726
 
#12 0x00005615b2109e6c in mysql_select (thd=0x14e30c000c68, tables=0x14e30c0111a0, fields=<optimized out>, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x14e30c012308, unit=0x14e30c004f20, select_lex=0x14e30c010b80) at /test/11.4_opt/sql/sql_select.cc:5249
 
#13 0x00005615b210a664 in handle_select (thd=thd@entry=0x14e30c000c68, lex=lex@entry=0x14e30c004e40, result=result@entry=0x14e30c012308, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/11.4_opt/sql/sql_select.cc:628
 
#14 0x00005615b207edd5 in execute_sqlcom_select (thd=0x14e30c000c68, all_tables=0x14e30c0111a0) at /test/11.4_opt/sql/sql_parse.cc:6029
 
#15 0x00005615b208df72 in mysql_execute_command (thd=0x14e30c000c68, is_called_from_prepared_stmt=<optimized out>) at /test/11.4_opt/sql/sql_parse.cc:3924
 
#16 0x00005615b208f346 in mysql_parse (thd=0x14e30c000c68, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/11.4_opt/sql/sql_parse.cc:7748
 
#17 0x00005615b2091aed in dispatch_command (command=COM_QUERY, thd=0x14e30c000c68, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/11.4_opt/sql/sql_parse.cc:1992
 
#18 0x00005615b20938a0 in do_command (thd=0x14e30c000c68, blocking=blocking@entry=true) at /test/11.4_opt/sql/sql_parse.cc:1406
 
#19 0x00005615b21bda1f in do_handle_one_connection (connect=<optimized out>, put_in_cache=true) at /test/11.4_opt/sql/sql_connect.cc:1418
 
#20 0x00005615b21bdd6d in handle_one_connection (arg=arg@entry=0x5615b44b2188) at /test/11.4_opt/sql/sql_connect.cc:1320
 
#21 0x00005615b2567561 in pfs_spawn_thread (arg=0x5615b44d9b38) at /test/11.4_opt/storage/perfschema/pfs.cc:2201
 
#22 0x000014e354c94ac3 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
 
#23 0x000014e354d26660 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

11.4.0 9bd95e914f3f12d0d9d93e7a1f2c49e6e8841f17 (Debug)

 
mariadbd: /test/11.4_dbg/storage/spider/spd_db_conn.cc:672: int spider_db_errorno(SPIDER_CONN*): Assertion `((&(&conn->mta_conn_mutex)->m_mutex)->count > 0 && pthread_equal(pthread_self(), (&(&conn->mta_conn_mutex)->m_mutex)->thread))' failed.

11.4.0 9bd95e914f3f12d0d9d93e7a1f2c49e6e8841f17 (Debug)

 
Core was generated by `/test/MD271223-mariadb-11.4.0-linux-x86_64-dbg/bin/mariadbd --no-defaults --max'.
 
Program terminated with signal SIGABRT, Aborted.
 
#0  __pthread_kill_implementation (no_tid=0, signo=6, threadid=23427545036352)
 
    at ./nptl/pthread_kill.c:44
 
[Current thread is 1 (Thread 0x154ea67ff640 (LWP 1630543))]
 
(gdb) bt
 
#0  __pthread_kill_implementation (no_tid=0, signo=6, threadid=23427545036352) at ./nptl/pthread_kill.c:44
 
#1  __pthread_kill_internal (signo=6, threadid=23427545036352) at ./nptl/pthread_kill.c:78
 
#2  __GI___pthread_kill (threadid=23427545036352, signo=signo@entry=6) at ./nptl/pthread_kill.c:89
 
#3  0x0000154f11842476 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
 
#4  0x0000154f118287f3 in __GI_abort () at ./stdlib/abort.c:79
 
#5  0x0000154f1182871b in __assert_fail_base (fmt=0x154f119dd130 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x154efc1c88d0 "((&(&conn->mta_conn_mutex)->m_mutex)->count > 0 && pthread_equal(pthread_self(), (&(&conn->mta_conn_mutex)->m_mutex)->thread))", file=0x154efc1c87b0 "/test/11.4_dbg/storage/spider/spd_db_conn.cc", line=672, function=<optimized out>) at ./assert/assert.c:92
 
#6  0x0000154f11839e96 in __GI___assert_fail (assertion=0x154efc1c88d0 "((&(&conn->mta_conn_mutex)->m_mutex)->count > 0 && pthread_equal(pthread_self(), (&(&conn->mta_conn_mutex)->m_mutex)->thread))", file=0x154efc1c87b0 "/test/11.4_dbg/storage/spider/spd_db_conn.cc", line=672, function=0x154efc1c89a8 "int spider_db_errorno(SPIDER_CONN*)") at ./assert/assert.c:101
 
#7  0x0000154efc125cfb in spider_db_errorno (conn=conn@entry=0x154ec423ea58) at /test/11.4_dbg/storage/spider/spd_db_conn.cc:672
 
#8  0x0000154efc12b642 in spider_db_store_result (spider=spider@entry=0x154ec40aaca0, link_idx=0, table=0x154ec40c0968) at /test/11.4_dbg/storage/spider/spd_db_conn.cc:3304
 
#9  0x0000154efc1434af in spider_bg_conn_action (arg=0x154ec423ea58) at /test/11.4_dbg/storage/spider/spd_conn.cc:2672
 
#10 0x0000154f11894ac3 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
 
#11 0x0000154f11926660 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

Bug confirmed present in:
MariaDB: 10.11.7 (dbg), 10.11.7 (opt), 11.0.5 (dbg), 11.0.5 (opt), 11.1.4 (dbg), 11.1.4 (opt), 11.2.3 (dbg), 11.2.3 (opt), 11.3.2 (dbg), 11.3.2 (opt), 11.4.0 (dbg), 11.4.0 (opt)

 Comments   
Comment by Roel Van de Paar [ 2024-01-08 ]

With the same testcase, occasionally we will see this assertion/stack on debug instead:

11.4.0 9bd95e914f3f12d0d9d93e7a1f2c49e6e8841f17 (Debug)

 
mariadbd: /test/11.4_dbg/sql/mysqld.cc:3790: void my_malloc_size_cb_func(long long int, my_bool): Assertion `(longlong) thd->status_var.local_memory_used >= 0 || !debug_assert_on_not_freed_memory' failed.

11.4.0 9bd95e914f3f12d0d9d93e7a1f2c49e6e8841f17 (Debug)

 
Core was generated by `/test/MD271223-mariadb-11.4.0-linux-x86_64-dbg/bin/mariadbd --no-defaults --max'.
 
Program terminated with signal SIGABRT, Aborted.
 
#0  __pthread_kill_implementation (no_tid=0, signo=6, threadid=22624882714176)
 
    at ./nptl/pthread_kill.c:44
 
[Current thread is 1 (Thread 0x1493c418e640 (LWP 2957547))]
 
(gdb) bt
 
#0  __pthread_kill_implementation (no_tid=0, signo=6, threadid=22624882714176) at ./nptl/pthread_kill.c:44
 
#1  __pthread_kill_internal (signo=6, threadid=22624882714176) at ./nptl/pthread_kill.c:78
 
#2  __GI___pthread_kill (threadid=22624882714176, signo=signo@entry=6) at ./nptl/pthread_kill.c:89
 
#3  0x00001493cfa42476 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
 
#4  0x00001493cfa287f3 in __GI_abort () at ./stdlib/abort.c:79
 
#5  0x00001493cfa2871b in __assert_fail_base (fmt=0x1493cfbdd130 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x55fcf1f0e468 "(longlong) thd->status_var.local_memory_used >= 0 || !debug_assert_on_not_freed_memory", file=0x55fcf1f0a004 "/test/11.4_dbg/sql/mysqld.cc", line=3790, function=<optimized out>) at ./assert/assert.c:92
 
#6  0x00001493cfa39e96 in __GI___assert_fail (assertion=0x55fcf1f0e468 "(longlong) thd->status_var.local_memory_used >= 0 || !debug_assert_on_not_freed_memory", file=0x55fcf1f0a004 "/test/11.4_dbg/sql/mysqld.cc", line=3790, function=0x55fcf1f0e3f0 "void my_malloc_size_cb_func(long long int, my_bool)") at ./assert/assert.c:101
 
#7  0x000055fcf1201641 in my_malloc_size_cb_func (size=<optimized out>, is_thread_specific=<optimized out>) at /test/11.4_dbg/sql/mysqld.cc:3790
 
#8  0x000055fcf1d64eef in my_free (ptr=0x149318017ef8) at /test/11.4_dbg/mysys/my_malloc.c:212
 
#9  0x000055fcf1d5c423 in root_free (root=root@entry=0x1493c418be70, ptr=<optimized out>, size=<optimized out>) at /test/11.4_dbg/mysys/my_alloc.c:83
 
#10 0x000055fcf1d5cc0d in free_root (root=0x1493c418be70, MyFlags=<optimized out>) at /test/11.4_dbg/mysys/my_alloc.c:516
 
#11 0x000055fcf1397894 in free_tmp_table (thd=0x149318000f98, entry=0x149318017f10) at /test/11.4_dbg/sql/sql_select.cc:22770
 
#12 0x00001493c4065161 in spider_rm_sys_tmp_table_for_result (thd=<optimized out>, tmp_table=<optimized out>, tmp_tbl_prm=tmp_tbl_prm@entry=0x149318028390) at /test/11.4_dbg/storage/spider/spd_sys_table.cc:3709
 
#13 0x00001493c4072def in spider_db_free_one_result (result_list=result_list@entry=0x14938c0ab088, result=0x149318028348) at /test/11.4_dbg/storage/spider/spd_db_conn.cc:2832
 
#14 0x00001493c40776cc in spider_db_seek_next (buf=buf@entry=0x14938c05a368 "\374\002", spider=spider@entry=0x14938c0aaac0, link_idx=0, table=0x14938c0bb498) at /test/11.4_dbg/storage/spider/spd_db_conn.cc:4014
 
#15 0x00001493c40d0be2 in ha_spider::rnd_next_internal (this=this@entry=0x14938c0aaac0, buf=buf@entry=0x14938c05a368 "\374\002") at /test/11.4_dbg/storage/spider/ha_spider.cc:5772
 
#16 0x00001493c40d1932 in ha_spider::rnd_next (this=0x14938c0aaac0, buf=0x14938c05a368 "\374\002") at /test/11.4_dbg/storage/spider/ha_spider.cc:5811
 
#17 0x000055fcf16356af in handler::ha_rnd_next (this=0x14938c0aaac0, buf=0x14938c05a368 "\374\002") at /test/11.4_dbg/sql/handler.cc:3627
 
#18 0x000055fcf12467af in rr_sequential (info=0x14938c0a0fc0) at /test/11.4_dbg/sql/records.cc:513
 
#19 0x000055fcf1388b51 in READ_RECORD::read_record (this=0x14938c0a0fc0) at /test/11.4_dbg/sql/records.h:81
 
#20 sub_select (join=0x14938c014d30, join_tab=0x14938c0a0ef0, end_of_records=false) at /test/11.4_dbg/sql/sql_select.cc:23517
 
#21 0x000055fcf13c01bf in do_select (procedure=0x0, join=0x14938c014d30) at /test/11.4_dbg/sql/sql_select.cc:23017
 
#22 JOIN::exec_inner (this=this@entry=0x14938c014d30) at /test/11.4_dbg/sql/sql_select.cc:4940
 
#23 0x000055fcf13c0754 in JOIN::exec (this=this@entry=0x14938c014d30) at /test/11.4_dbg/sql/sql_select.cc:4726
 
#24 0x000055fcf13be55f in mysql_select (thd=thd@entry=0x14938c000d58, tables=0x14938c013ba0, fields=@0x14938c013838: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14938c013b58, last = 0x14938c0158b8, elements = 3}, <No data fields>}, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2164525824, result=0x14938c014d08, unit=0x14938c0051d0, select_lex=0x14938c013580) at /test/11.4_dbg/sql/sql_select.cc:5249
 
#25 0x000055fcf13bed88 in handle_select (thd=thd@entry=0x14938c000d58, lex=lex@entry=0x14938c0050f0, result=result@entry=0x14938c014d08, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/11.4_dbg/sql/sql_select.cc:628
 
#26 0x000055fcf131ef22 in execute_sqlcom_select (thd=thd@entry=0x14938c000d58, all_tables=0x14938c013ba0) at /test/11.4_dbg/sql/sql_parse.cc:6029
 
#27 0x000055fcf132af7a in mysql_execute_command (thd=thd@entry=0x14938c000d58, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/11.4_dbg/sql/sql_parse.cc:3924
 
#28 0x000055fcf13314bb in mysql_parse (thd=thd@entry=0x14938c000d58, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x1493c418d1e0) at /test/11.4_dbg/sql/sql_parse.cc:7748
 
#29 0x000055fcf1333831 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14938c000d58, packet=packet@entry=0x14938c00b1c9 "", packet_length=packet_length@entry=16, blocking=blocking@entry=true) at /test/11.4_dbg/sql/sql_class.h:253
 
#30 0x000055fcf1335956 in do_command (thd=0x14938c000d58, blocking=blocking@entry=true) at /test/11.4_dbg/sql/sql_parse.cc:1406
 
#31 0x000055fcf149a8b7 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55fcf4978ba8, put_in_cache=put_in_cache@entry=true) at /test/11.4_dbg/sql/sql_connect.cc:1418
 
#32 0x000055fcf149abac in handle_one_connection (arg=arg@entry=0x55fcf4978ba8) at /test/11.4_dbg/sql/sql_connect.cc:1320
 
#33 0x000055fcf18df73a in pfs_spawn_thread (arg=0x55fcf48e5cf8) at /test/11.4_dbg/storage/perfschema/pfs.cc:2201
 
#34 0x00001493cfa94ac3 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
 
#35 0x00001493cfb26660 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

Comment by Roel Van de Paar [ 2024-01-08 ]

On an UBSAN (optimized build) we also see:

11.3.0 126157061b4376496c034a809ea4943e863d1465 (Optimized, UBASAN)

 
2024-01-08 11:04:34 0 [Note] /test/UBASAN_MD021123-mariadb-11.3.0-linux-x86_64-opt/bin/mariadbd: ready for connections.
 
Version: '11.3.0-MariaDB'  socket: '/test/UBASAN_MD021123-mariadb-11.3.0-linux-x86_64-opt/socket.sock'  port: 10323  MariaDB Server
 
/test/11.3_opt_san/storage/spider/spd_db_conn.cc:2331:30: runtime error: member access within null pointer of type 'struct TABLE'
 
    #0 0x14c898e9b779 in spider_db_get_row_from_tmp_tbl(st_spider_result*, spider_db_row**) /test/11.3_opt_san/storage/spider/spd_db_conn.cc:2331
 
    #1 0x14c898ea1cb5 in spider_db_fetch_minimum_columns(ha_spider*, unsigned char*, TABLE*, st_spider_result_list*) /test/11.3_opt_san/storage/spider/spd_db_conn.cc:2655
 
    #2 0x14c898ebe400 in spider_db_fetch(unsigned char*, ha_spider*, TABLE*) /test/11.3_opt_san/storage/spider/spd_db_conn.cc:3956
 
    #3 0x14c89909bdb7 in ha_spider::rnd_next_internal(unsigned char*) /test/11.3_opt_san/storage/spider/ha_spider.cc:5772
 
    #4 0x5584642b0b0d in handler::ha_rnd_next(unsigned char*) /test/11.3_opt_san/sql/handler.cc:3627
 
    #5 0x558462619b53 in rr_sequential(READ_RECORD*) /test/11.3_opt_san/sql/records.cc:513
 
    #6 0x558462ef57cb in READ_RECORD::read_record() /test/11.3_opt_san/sql/records.h:81
 
    #7 0x558462ef57cb in sub_select(JOIN*, st_join_table*, bool) /test/11.3_opt_san/sql/sql_select.cc:23527
 
    #8 0x5584630dbffe in do_select /test/11.3_opt_san/sql/sql_select.cc:23027
 
    #9 0x5584630dbffe in JOIN::exec_inner() /test/11.3_opt_san/sql/sql_select.cc:4949
 
    #10 0x5584630e1163 in JOIN::exec() /test/11.3_opt_san/sql/sql_select.cc:4726
 
    #11 0x5584630ce71d in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/11.3_opt_san/sql/sql_select.cc:5257
 
    #12 0x5584630d2320 in handle_select(THD*, LEX*, select_result*, unsigned long long) /test/11.3_opt_san/sql/sql_select.cc:628
 
    #13 0x558462c4f280 in execute_sqlcom_select /test/11.3_opt_san/sql/sql_parse.cc:6023
 
    #14 0x558462cb37c3 in mysql_execute_command(THD*, bool) /test/11.3_opt_san/sql/sql_parse.cc:3923
 
    #15 0x558462cc2302 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.3_opt_san/sql/sql_parse.cc:7742
 
    #16 0x558462ccd925 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.3_opt_san/sql/sql_parse.cc:1893
 
    #17 0x558462cd9698 in do_command(THD*, bool) /test/11.3_opt_san/sql/sql_parse.cc:1406
 
    #18 0x55846361be0c in do_handle_one_connection(CONNECT*, bool) /test/11.3_opt_san/sql/sql_connect.cc:1418
 
    #19 0x55846361e40c in handle_one_connection /test/11.3_opt_san/sql/sql_connect.cc:1320
 
    #20 0x14c8bb894ac2 in start_thread nptl/pthread_create.c:442
 
    #21 0x14c8bb92665f  (/lib/x86_64-linux-gnu/libc.so.6+0x12665f)
 
 
 
240108 11:04:46 [ERROR] mysqld got signal 11 ;

Comment by Roel Van de Paar [ 2024-01-08 ]

MTR Testcase:

--source include/have_innodb.inc
 
--let $SOCKET= `SELECT @@global.socket`
 
INSTALL PLUGIN Spider SONAME 'ha_spider.so';
 
CREATE USER spider@localhost IDENTIFIED BY 'pwd';
 
GRANT ALL ON test.* TO spider@localhost;
 
eval CREATE SERVER srv FOREIGN DATA WRAPPER MYSQL OPTIONS (SOCKET "$SOCKET",DATABASE 'test',USER 'spider',PASSWORD 'pwd');
 
CREATE TABLE t (c INT KEY,c1 BLOB,c2 TEXT) ENGINE=InnoDB;
 
INSERT INTO t VALUES (1,0,0),(2,0,0);
 
CREATE TABLE t1 (c INT KEY,c1 BLOB,c2 TEXT) ENGINE=Spider COMMENT='WRAPPER "mysql",SRV "srv",TABLE "t"';
 
SET spider_disable_group_by_handler=1, spider_quick_page_byte=0, spider_bgs_mode=1;
 
SELECT * FROM t1;

Produces a slightly different stack/UniqueID (pfs_spawn_thread instead of start_thread):

((&(&conn->mta_conn_mutex)->m_mutex)->count > 0 && pthread_equal(pthread_self(), (&(&conn->mta_conn_mutex)->m_mutex)->thread))|SIGABRT|spider_db_errorno|spider_db_store_result|spider_bg_conn_action|pfs_spawn_thread

Comment by Yuchen Pei [ 2024-01-09 ]

I could reproduce at 10.11 09049fe496eea1c19cd3ce80a788fa4b75d9609e
with the following case. The reason this is a "10.11-regression" is
because spider_disable_group_by_handler was introduced to 10.10+
in MDEV-32238. As mentioned in the description of that ticket, we
could replace spider_disable_group_by_handler with
spider_use_handler and get the same failure in lower versions
(in my case, 10.6 6538a91e945bebabba8fe4fb00d283994df9cb60 and 10.4
ca276a0f3fcb45ff0abc011e334c700e0c5d4315). I did not need UBSAN.

--disable_query_log
 
--disable_result_log
 
--source ../../t/test_init.inc
 
--enable_result_log
 
--enable_query_log
 
evalp CREATE SERVER srv FOREIGN DATA WRAPPER mysql
 
OPTIONS (SOCKET "$MASTER_1_MYSOCK", DATABASE 'test',user 'root');
 
CREATE TABLE t (c INT KEY,c1 BLOB,c2 TEXT) ENGINE=InnoDB;
 
INSERT INTO t VALUES (1,0,0),(2,0,0);
 
CREATE TABLE t1 (c INT KEY,c1 BLOB,c2 TEXT) ENGINE=Spider COMMENT='WRAPPER "mysql",SRV "srv",TABLE "t"';
 
SET spider_disable_group_by_handler=1, spider_quick_page_byte=0, spider_bgs_mode=1;
 
SELECT * FROM t1;
 
drop server srv;
 
--disable_query_log
 
--disable_result_log
 
--source ../../t/test_deinit.inc
 
--enable_result_log
 
--enable_query_log

Generated at Thu Feb 08 10:37:06 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.