Description:
the mysql client tool of MySQL 5.6.11 was crashed quickly after logining the  server. mysql client included in  5.5 is ok.

$ gdb --args /u01/project/mysql-5.6.11/client/mysql -uroot
GNU gdb (GDB) Red Hat Enterprise Linux (7.2-48.el6)
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /u01/project/mysql-5.6.11/client/mysql...done.
(gdb) r
Starting program: /u01/project/mysql-5.6.11/client/mysql -uroot
[Thread debugging using libthread_db enabled]
[New Thread 0x7ffff7fe6700 (LWP 35509)]
[Thread 0x7ffff7fe6700 (LWP 35509) exited]
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 871
Server version: 5.6.11-log Source distribution

Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> show processlist;

Program received signal SIGSEGV, Segmentation fault.
0x0000000000000000 in ?? ()
Missing separate debuginfos, use: debuginfo-install glibc-2.12-1.25.el6.x86_64 libgcc-4.4.5-6.el6.x86_64 libstdc++-4.4.5-6.el6.x86_64 ncurses-libs-5.7-3.20090208.el6.x86_64
(gdb) bt
#0  0x0000000000000000 in ?? ()
#1  0x00000000004861b6 in my_wildcmp_mb_impl (cs=0x911a20, str=<value optimized out>, str_end=0xa0a5c1 "", wildstr=0xa062c1 "IDENTIFIED*", wildend=0xa06249 "", escape=0, w_one=63, w_many=42,
    recurse_level=1) at /u01/project/mysql-5.6.11/strings/ctype-mb.c:326
#2  0x0000000000486382 in my_wildcmp_mb (cs=<value optimized out>, str=<value optimized out>, str_end=<value optimized out>, wildstr=<value optimized out>, wildend=<value optimized out>,
    escape=<value optimized out>, w_one=63, w_many=42) at /u01/project/mysql-5.6.11/strings/ctype-mb.c:370
#3  0x000000000040c239 in check_histignore (string=0xa0a5b0 "show processlist;") at /u01/project/mysql-5.6.11/client/mysql.cc:2998
#4  0x000000000040efb1 in add_filtered_history (string=0xa0a5b0 "show processlist;") at /u01/project/mysql-5.6.11/client/mysql.cc:2969
#5  0x0000000000410e2e in add_line (buffer=..., line=0xa0a5b0 "show processlist;", line_length=17, in_string=0x7fffffffdccf "", ml_comment=0x7fffffffdcce, truncated=false)
    at /u01/project/mysql-5.6.11/client/mysql.cc:2324
#6  0x00000000004113ad in read_and_execute (interactive=true) at /u01/project/mysql-5.6.11/client/mysql.cc:2166
#7  0x000000000041337e in main (argc=5, argv=0x9e6350) at /u01/project/mysql-5.6.11/client/mysql.cc:1395
(gdb) f1
Undefined command: "f1".  Try "help".
(gdb) f 1
#1  0x00000000004861b6 in my_wildcmp_mb_impl (cs=0x911a20, str=<value optimized out>, str_end=0xa0a5c1 "", wildstr=0xa062c1 "IDENTIFIED*", wildend=0xa06249 "", escape=0, w_one=63, w_many=42,
    recurse_level=1) at /u01/project/mysql-5.6.11/strings/ctype-mb.c:326
326           mb_len= my_ismbchar(cs, wildstr, wildend);
(gdb) p *cs
$1 = {number = 8, primary_number = 0, binary_number = 0, state = 545, csname = 0x9ecde0 "latin1", name = 0x9ecde8 "latin1_swedish_ci", comment = 0x9ebeb0 "cp1252 West European", tailoring = 0x0,
  ctype = 0x910d00 "", to_lower = 0x910e20 "", to_upper = 0x910f20 "", sort_order = 0x911020 "", uca = 0x0, tab_to_uni = 0x9103e0, tab_from_uni = 0x0, caseinfo = 0x92e3e0,
  state_map = 0x9e9ce0 "\022\001\001\001\001\001\001\001\001\032\032\032\032\032", '\001' <repeats 18 times>, "\032\b!\v\002\001\021\n\001\001\025\001\001\001\020\024\016\016\016\016\016\016\016\016\016\016\027\026\t\b\b\001\030\002\037", '\002' <repeats 11 times>, " \002\002\002\002\002\002\002\002\002\036\002\002\001\023\001\001\002\033\002\037", '\002' <repeats 11 times>, " \002\002\002\002\002\002\002\002\002\036\002\002\001\021\001\001\001\001\001\001\002\001\001\001\001\001\001\002\001\002\001\002", '\001' <repeats 11 times>, "\002\001\002\001\002\002\032", '\001' <repeats 31 times>, "\002\002\002\002\002\002\002\002"..., ident_map = 0x9e9ee0 "", strxfrm_multiply = 1, caseup_multiply = 1 '\001', casedn_multiply = 1 '\001', mbminlen = 1, mbmaxlen = 1,
  min_sort_char = 0, max_sort_char = 255, pad_char = 32 ' ', escape_with_backslash_is_dangerous = 0 '\000', levels_for_compare = 1 '\001', levels_for_order = 1 '\001', cset = 0x911c60,
  coll = 0x9399c0}
(gdb) p wildstr
$2 = 0xa062c1 "IDENTIFIED*"
(gdb) p wildend
$3 = 0xa06249 ""
((gdb) p cs->cset->ismbchar
$4 = (uint (*)(const struct charset_info_st *, const char *, const char *)) 0
(gdb) p *cs->cset->ismbchar
Cannot access memory at address 0x0

How to repeat:
I can repeat such crash everytime in my server.

Suggested fix:
check cs->cset->ismbchar before calling it

Hello zhai weixiang,

Thank you for the report.
Verified as described.

Thanks,
Umesh

mysql client trace..

Attachment: mysqld.trace.txt (text/plain), 32.32 KiB.

Is it same #68107 ?

Hi,

I am not able to reproduce this bug. Could you please provide
me with the client status just before the crash? (the client
distribution version and charsets in specific)

-- Nirbhay

$ /u01/project/mysql-5.6.11/client/mysql --version
/u01/project/mysql-5.6.11/client/mysql  Ver 14.14 Distrib 5.6.11, for Linux (x86_64) using  EditLine wrapper

I can't execute any command using the mysql client of this version. But 5.5 is ok.

$ /u01/project/mysql-5.5.18/client/mysql --version
/u01/project/mysql-5.5.18/client/mysql  Ver 14.14 Distrib 5.5.18, for Linux (x86_64) using  EditLine wrapper

$ /u01/project/mysql-5.5.18/client/mysql -uroot
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 786
Server version: 5.6.11-log Source distribution

Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> show variables like '%char%'
    -> ;
+--------------------------+----------------------------+
| Variable_name            | Value                      |
+--------------------------+----------------------------+
| character_set_client     | gbk                        |
| character_set_connection | gbk                        |
| character_set_database   | gbk                        |
| character_set_filesystem | binary                     |
| character_set_results    | gbk                        |
| character_set_server     | gbk                        |
| character_set_system     | utf8                       |
| character_sets_dir       | /u01/mysql/share/charsets/ |
+--------------------------+----------------------------+
8 rows in set (0.00 sec)

Posted by developer:
 
For the record I also don't get this with nether of the charsets quoted in 5.7.

Please do not submit the same bug more than once. An existing bug report already describes this very problem. Even if you feel that your issue is somewhat different, the resolution is likely
to be the same. Because of this, we hope you add your comments to the original bug instead.

Thank you for your interest in MySQL.

This is the same call stack as bug #68107