Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-21245

Assertion `0' failed in row_sel_convert_mysql_key_to_innobase upon UPDATE using a partial-field key prefix in search

Details

    Description

      Note: There have been numerous bug reports with the same assertion failure, but they are all closed as fixed by now: MDEV-16240, MDEV-19677, MDEV-19634, MDEV-18793.

      --source include/have_innodb.inc
       
      CREATE  TABLE t1 (f VARCHAR(256) NOT NULL, KEY(f)) ENGINE=InnoDB;
      ALTER IGNORE TABLE t1 MODIFY COLUMN f VARCHAR(4096) NOT NULL;
      INSERT INTO t1 VALUES ('a'),('b'); # Optional, fails either way
      UPDATE t1 SET f = 'foo' WHERE f < 'bar';
       
      # Cleanup
      DROP TABLE t1;
      

      10.2 3cc0e0be

      2019-12-07 15:13:32 140488604239616 [Warning] InnoDB: Using a partial-field key prefix in search, index `f` of table `test`.`t1`. Last data field length 4098 bytes, key ptr now exceeds key end by 1024 bytes. Key value in the MySQL format:
       len 3074; hex 0300626172000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000; asc   bar                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             ;
      mysqld: /data/src/10.2/storage/innobase/row/row0sel.cc:2738: void row_sel_convert_mysql_key_to_innobase(dtuple_t*, byte*, ulint, dict_index_t*, const byte*, ulint, trx_t*): Assertion `0' failed.
      191207 15:13:32 [ERROR] mysqld got signal 6 ;
       
      #7  0x00007fc612f4ef12 in __GI___assert_fail (assertion=0x5621ea3954d3 "0", file=0x5621ea395160 "/data/src/10.2/storage/innobase/row/row0sel.cc", line=2738, function=0x5621ea398e60 <row_sel_convert_mysql_key_to_innobase(dtuple_t*, unsigned char*, unsigned long, dict_index_t*, unsigned char const*, unsigned long, trx_t*)::__PRETTY_FUNCTION__> "void row_sel_convert_mysql_key_to_innobase(dtuple_t*, byte*, ulint, dict_index_t*, const byte*, ulint, trx_t*)") at assert.c:101
      #8  0x00005621e9d6aaa8 in row_sel_convert_mysql_key_to_innobase (tuple=0x7fc5b8185958, buf=0x0, buf_len=0, index=0x7fc5b8183488, key_ptr=0x7fc5b803cd5a '\217' <repeats 200 times>..., key_len=3074, trx=0x7fc60e161140) at /data/src/10.2/storage/innobase/row/row0sel.cc:2738
      #9  0x00005621e9c05c07 in ha_innobase::records_in_range (this=0x7fc5b8186e88, keynr=0, min_key=0x0, max_key=0x7fc60d599010) at /data/src/10.2/storage/innobase/handler/ha_innodb.cc:14027
      #10 0x00005621e9904b1d in handler::multi_range_read_info_const (this=0x7fc5b8186e88, keyno=0, seq=0x7fc60d5991a0, seq_init_param=0x7fc60d5991d0, n_ranges_arg=0, bufsz=0x7fc60d599094, flags=0x7fc60d599090, cost=0x7fc60d5997d0) at /data/src/10.2/sql/multi_range_read.cc:107
      #11 0x00005621e9907de2 in DsMrr_impl::dsmrr_info_const (this=0x7fc5b81872b8, keyno=0, seq=0x7fc60d5991a0, seq_init_param=0x7fc60d5991d0, n_ranges=0, bufsz=0x7fc60d599760, flags=0x7fc60d59975c, cost=0x7fc60d5997d0) at /data/src/10.2/sql/multi_range_read.cc:1470
      #12 0x00005621e9c12728 in ha_innobase::multi_range_read_info_const (this=0x7fc5b8186e88, keyno=0, seq=0x7fc60d5991a0, seq_init_param=0x7fc60d5991d0, n_ranges=0, bufsz=0x7fc60d599760, flags=0x7fc60d59975c, cost=0x7fc60d5997d0) at /data/src/10.2/storage/innobase/handler/ha_innodb.cc:21613
      #13 0x00005621e9b44ee2 in check_quick_select (param=0x7fc60d599980, idx=0, index_only=false, tree=0x7fc5b80859e8, update_tbl_stats=true, mrr_flags=0x7fc60d59975c, bufsize=0x7fc60d599760, cost=0x7fc60d5997d0) at /data/src/10.2/sql/opt_range.cc:10386
      #14 0x00005621e9b3c86d in get_key_scans_params (param=0x7fc60d599980, tree=0x7fc5b8085968, index_read_must_be_used=false, update_tbl_stats=true, read_time=3.5) at /data/src/10.2/sql/opt_range.cc:6823
      #15 0x00005621e9b32fdf in SQL_SELECT::test_quick_select (this=0x7fc5b8013270, thd=0x7fc5b8000af0, keys_to_use=..., prev_tables=0, limit=18446744073709551615, force_quick_range=false, ordered_output=false, remove_false_parts_of_where=false) at /data/src/10.2/sql/opt_range.cc:2594
      #16 0x00005621e98604e6 in SQL_SELECT::check_quick (this=0x7fc5b8013270, thd=0x7fc5b8000af0, force_quick_range=false, limit=18446744073709551615) at /data/src/10.2/sql/opt_range.h:1622
      #17 0x00005621e98594fb in mysql_update (thd=0x7fc5b8000af0, table_list=0x7fc5b8012550, fields=..., values=..., conds=0x7fc5b8012ef0, order_num=0, order=0x0, limit=18446744073709551615, handle_duplicates=DUP_ERROR, ignore=false, found_return=0x7fc60d59a870, updated_return=0x7fc60d59a920) at /data/src/10.2/sql/sql_update.cc:431
      #18 0x00005621e976ab65 in mysql_execute_command (thd=0x7fc5b8000af0) at /data/src/10.2/sql/sql_parse.cc:4014
      #19 0x00005621e97769d4 in mysql_parse (thd=0x7fc5b8000af0, rawbuf=0x7fc5b8012458 "UPDATE t1 SET f = 'foo' WHERE f < 'bar'", length=39, parser_state=0x7fc60d59b200, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:7740
      #20 0x00005621e9764cef in dispatch_command (command=COM_QUERY, thd=0x7fc5b8000af0, packet=0x7fc5b8096361 "UPDATE t1 SET f = 'foo' WHERE f < 'bar'", packet_length=39, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:1831
      #21 0x00005621e9763643 in do_command (thd=0x7fc5b8000af0) at /data/src/10.2/sql/sql_parse.cc:1384
      #22 0x00005621e98b8d0b in do_handle_one_connection (connect=0x5621ec1971e0) at /data/src/10.2/sql/sql_connect.cc:1336
      #23 0x00005621e98b8a76 in handle_one_connection (arg=0x5621ec1971e0) at /data/src/10.2/sql/sql_connect.cc:1241
      #24 0x00005621ea0eb07e in pfs_spawn_thread (arg=0x5621ec1ba490) at /data/src/10.2/storage/perfschema/pfs.cc:1862
      #25 0x00007fc614ac44a4 in start_thread (arg=0x7fc60d59c700) at pthread_create.c:456
      #26 0x00007fc61300bd0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97
      

      Reproducible with 10.2-10.5.
      Not reproducible with 10.1.
      No obvious problem on a non-debug build.

      Attachments

        Issue Links

          Activity

            Some of the linked items have a preliminary analysis from InnoDB, and all ended up being fixed and closed by other teams. So this time I'm jumping over InnoDB and assigning directly to the server. Please reassign if needed.

            elenst Elena Stepanova added a comment - Some of the linked items have a preliminary analysis from InnoDB, and all ended up being fixed and closed by other teams. So this time I'm jumping over InnoDB and assigning directly to the server. Please reassign if needed.
            Roel Roel Van de Paar added a comment - - edited

            Re-tested testcase against newer versions also.

            CREATE  TABLE t1 (f VARCHAR(256) NOT NULL, KEY(f)) ENGINE=InnoDB;
            ALTER IGNORE TABLE t1 MODIFY COLUMN f VARCHAR(4096) NOT NULL;
            INSERT INTO t1 VALUES ('a'),('b'); # Optional, fails either way
            UPDATE t1 SET f = 'foo' WHERE f < 'bar';
            

            Leads to:

            10.6.0 bfb4761ca04704d68dba51f76d7c9967f880a6ee (Debug)

            2021-02-17 19:24:43 4 [Warning] InnoDB: Using a partial-field key prefix in search, index `f` of table `test`.`t1`. Last data field length 4098 bytes, key ptr now exceeds key end by 1024 bytes. Key value in the MySQL format:  len 3074; hex 03006261720000000000 .... lots of zeroes ... 0000000000000000; asc   bar
            mysqld: /test/10.6_dbg/storage/innobase/row/row0sel.cc:2652: void row_sel_convert_mysql_key_to_innobase(dtuple_t*, byte*, ulint, dict_index_t*, const byte*, ulint): Assertion `0' failed.
            

            10.6.0 bfb4761ca04704d68dba51f76d7c9967f880a6ee (Debug)

            Core was generated by `/test/MD110221-mariadb-10.6.0-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
            Program terminated with signal SIGABRT, Aborted.
            #0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=6)
                at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
            [Current thread is 1 (Thread 0x150d8c0bd700 (LWP 3573922))]
            (gdb) bt
            #0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=6) at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
            #1  0x000055b9a301c55c in my_write_core (sig=sig@entry=6) at /test/10.6_dbg/mysys/stacktrace.c:424
            #2  0x000055b9a27b44de in handle_fatal_signal (sig=6) at /test/10.6_dbg/sql/signal_handler.cc:330
            #3  <signal handler called>
            #4  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
            #5  0x0000150d8c723859 in __GI_abort () at abort.c:79
            #6  0x0000150d8c723729 in __assert_fail_base (fmt=0x150d8c8b9588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x55b9a3333b16 "0", file=0x55b9a341e580 "/test/10.6_dbg/storage/innobase/row/row0sel.cc", line=2652, function=<optimized out>) at assert.c:92
            #7  0x0000150d8c734f36 in __GI___assert_fail (assertion=assertion@entry=0x55b9a3333b16 "0", file=file@entry=0x55b9a341e580 "/test/10.6_dbg/storage/innobase/row/row0sel.cc", line=line@entry=2652, function=function@entry=0x55b9a341f3d8 "void row_sel_convert_mysql_key_to_innobase(dtuple_t*, byte*, ulint, dict_index_t*, const byte*, ulint)") at assert.c:101
            #8  0x000055b9a2d781e3 in row_sel_convert_mysql_key_to_innobase (tuple=tuple@entry=0x150d400284c8, buf=0x0, buf_len=0, index=index@entry=0x150d40022048, key_ptr=<optimized out>, key_len=3074) at /test/10.6_dbg/storage/innobase/row/row0sel.cc:2652
            #9  0x000055b9a2bb40a5 in ha_innobase::records_in_range (this=0x150d40024f80, keynr=<optimized out>, min_key=0x0, max_key=0x150d8c0ba870, pages=0x150d8c0ba820) at /test/10.6_dbg/storage/innobase/handler/ha_innodb.cc:13572
            #10 0x000055b9a26965b2 in handler::multi_range_read_info_const (this=0x150d40024f80, keyno=keyno@entry=0, seq=0x150d8c0baa30, seq_init_param=<optimized out>, n_ranges_arg=<optimized out>, bufsz=bufsz@entry=0x150d8c0ba8fc, flags=0x150d8c0ba8f8, cost=0x150d8c0baa60) at /test/10.6_dbg/sql/multi_range_read.cc:177
            #11 0x000055b9a2699d77 in DsMrr_impl::dsmrr_info_const (this=0x150d40025458, keyno=0, seq=<optimized out>, seq_init_param=<optimized out>, n_ranges=<optimized out>, bufsz=0x150d8c0ba9ec, flags=0x150d8c0ba9e8, cost=0x150d8c0baa60) at /test/10.6_dbg/sql/multi_range_read.cc:1708
            #12 0x000055b9a2ba11ce in ha_innobase::multi_range_read_info_const (this=<optimized out>, keyno=<optimized out>, seq=<optimized out>, seq_init_param=<optimized out>, n_ranges=<optimized out>, bufsz=<optimized out>, flags=0x150d8c0ba9e8, cost=0x150d8c0baa60) at /test/10.6_dbg/storage/innobase/handler/ha_innodb.cc:19425
            #13 0x000055b9a296de2f in check_quick_select (is_ror_scan=<synthetic pointer>, cost=0x150d8c0baa60, bufsize=0x150d8c0ba9ec, mrr_flags=0x150d8c0ba9e8, update_tbl_stats=true, tree=0x150d40082e60, index_only=false, idx=0, param=0x150d8c0bb120) at /test/10.6_dbg/sql/opt_range.cc:11505
            #14 get_key_scans_params (param=param@entry=0x150d8c0bb120, tree=tree@entry=0x150d40082de0, index_read_must_be_used=index_read_must_be_used@entry=false, for_range_access=for_range_access@entry=true, read_time=read_time@entry=3.3999999999999999) at /test/10.6_dbg/sql/opt_range.cc:7462
            #15 0x000055b9a298101a in SQL_SELECT::test_quick_select (this=this@entry=0x150d400137a0, thd=thd@entry=0x150d40000db8, keys_to_use=<optimized out>, keys_to_use@entry={static BITS_PER_ELEMENT = 64, static ARRAY_ELEMENTS = 1, static ALL_BITS_SET = 18446744073709551615, buffer = {18446744073709551615}}, prev_tables=prev_tables@entry=0, limit=limit@entry=18446744073709551615, force_quick_range=force_quick_range@entry=false, ordered_output=false, remove_false_parts_of_where=false, only_single_index_range_scan=false) at /test/10.6_dbg/sql/opt_range.cc:2930
            #16 0x000055b9a25ea7d7 in SQL_SELECT::check_quick (limit=18446744073709551615, force_quick_range=<optimized out>, thd=0x150d40000db8, this=0x150d400137a0) at /test/10.6_dbg/sql/opt_range.h:1716
            #17 mysql_update (thd=thd@entry=0x150d40000db8, table_list=<optimized out>, fields=@0x150d400058d8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x150d40013080, last = 0x150d40013080, elements = 1}, <No data fields>}, values=@0x150d40005e48: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x150d40013090, last = 0x150d40013090, elements = 1}, <No data fields>}, conds=<optimized out>, order_num=<optimized out>, order=0x0, limit=18446744073709551615, ignore=false, found_return=0x150d8c0bbe90, updated_return=0x150d8c0bbf60) at /test/10.6_dbg/sql/sql_update.cc:573
            #18 0x000055b9a24f1237 in mysql_execute_command (thd=thd@entry=0x150d40000db8) at /test/10.6_dbg/sql/sql_limit.h:67
            #19 0x000055b9a24dc21a in mysql_parse (thd=thd@entry=0x150d40000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x150d8c0bc3d0) at /test/10.6_dbg/sql/sql_parse.cc:7906
            #20 0x000055b9a24ea30b in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x150d40000db8, packet=packet@entry=0x150d4001aac9 "UPDATE t1 SET f = 'foo' WHERE f < 'bar'", packet_length=packet_length@entry=39) at /test/10.6_dbg/sql/sql_class.h:1295
            #21 0x000055b9a24ed63d in do_command (thd=0x150d40000db8) at /test/10.6_dbg/sql/sql_parse.cc:1365
            #22 0x000055b9a26491ab in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55b9a5d0cdf8, put_in_cache=put_in_cache@entry=true) at /test/10.6_dbg/sql/sql_connect.cc:1410
            #23 0x000055b9a26498af in handle_one_connection (arg=arg@entry=0x55b9a5d0cdf8) at /test/10.6_dbg/sql/sql_connect.cc:1312
            #24 0x000055b9a2afd27d in pfs_spawn_thread (arg=0x55b9a5c40ef8) at /test/10.6_dbg/storage/perfschema/pfs.cc:2201
            #25 0x0000150d8cc31609 in start_thread (arg=<optimized out>) at pthread_create.c:477
            #26 0x0000150d8c820293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
            

            Bug confirmed present in:
            MariaDB: 10.2.37 (dbg), 10.3.28 (dbg), 10.4.18 (dbg), 10.5.9 (dbg), 10.6.0 (dbg)

            Bug (or feature/syntax) confirmed not present in:
            MariaDB: 10.2.37 (opt), 10.3.28 (opt), 10.4.18 (opt), 10.5.9 (opt), 10.6.0 (opt)
            MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.33 (dbg), 5.7.33 (opt), 8.0.23 (dbg), 8.0.23 (opt)

            Roel Roel Van de Paar added a comment - - edited Re-tested testcase against newer versions also. CREATE TABLE t1 (f VARCHAR(256) NOT NULL, KEY(f)) ENGINE=InnoDB; ALTER IGNORE TABLE t1 MODIFY COLUMN f VARCHAR(4096) NOT NULL; INSERT INTO t1 VALUES ('a'),('b'); # Optional, fails either way UPDATE t1 SET f = 'foo' WHERE f < 'bar'; Leads to: 10.6.0 bfb4761ca04704d68dba51f76d7c9967f880a6ee (Debug) 2021-02-17 19:24:43 4 [Warning] InnoDB: Using a partial-field key prefix in search, index `f` of table `test`.`t1`. Last data field length 4098 bytes, key ptr now exceeds key end by 1024 bytes. Key value in the MySQL format: len 3074; hex 03006261720000000000 .... lots of zeroes ... 0000000000000000; asc bar mysqld: /test/10.6_dbg/storage/innobase/row/row0sel.cc:2652: void row_sel_convert_mysql_key_to_innobase(dtuple_t*, byte*, ulint, dict_index_t*, const byte*, ulint): Assertion `0' failed. 10.6.0 bfb4761ca04704d68dba51f76d7c9967f880a6ee (Debug) Core was generated by `/test/MD110221-mariadb-10.6.0-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'. Program terminated with signal SIGABRT, Aborted. #0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=6) at ../sysdeps/unix/sysv/linux/pthread_kill.c:56 [Current thread is 1 (Thread 0x150d8c0bd700 (LWP 3573922))] (gdb) bt #0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=6) at ../sysdeps/unix/sysv/linux/pthread_kill.c:56 #1 0x000055b9a301c55c in my_write_core (sig=sig@entry=6) at /test/10.6_dbg/mysys/stacktrace.c:424 #2 0x000055b9a27b44de in handle_fatal_signal (sig=6) at /test/10.6_dbg/sql/signal_handler.cc:330 #3 <signal handler called> #4 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 #5 0x0000150d8c723859 in __GI_abort () at abort.c:79 #6 0x0000150d8c723729 in __assert_fail_base (fmt=0x150d8c8b9588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x55b9a3333b16 "0", file=0x55b9a341e580 "/test/10.6_dbg/storage/innobase/row/row0sel.cc", line=2652, function=<optimized out>) at assert.c:92 #7 0x0000150d8c734f36 in __GI___assert_fail (assertion=assertion@entry=0x55b9a3333b16 "0", file=file@entry=0x55b9a341e580 "/test/10.6_dbg/storage/innobase/row/row0sel.cc", line=line@entry=2652, function=function@entry=0x55b9a341f3d8 "void row_sel_convert_mysql_key_to_innobase(dtuple_t*, byte*, ulint, dict_index_t*, const byte*, ulint)") at assert.c:101 #8 0x000055b9a2d781e3 in row_sel_convert_mysql_key_to_innobase (tuple=tuple@entry=0x150d400284c8, buf=0x0, buf_len=0, index=index@entry=0x150d40022048, key_ptr=<optimized out>, key_len=3074) at /test/10.6_dbg/storage/innobase/row/row0sel.cc:2652 #9 0x000055b9a2bb40a5 in ha_innobase::records_in_range (this=0x150d40024f80, keynr=<optimized out>, min_key=0x0, max_key=0x150d8c0ba870, pages=0x150d8c0ba820) at /test/10.6_dbg/storage/innobase/handler/ha_innodb.cc:13572 #10 0x000055b9a26965b2 in handler::multi_range_read_info_const (this=0x150d40024f80, keyno=keyno@entry=0, seq=0x150d8c0baa30, seq_init_param=<optimized out>, n_ranges_arg=<optimized out>, bufsz=bufsz@entry=0x150d8c0ba8fc, flags=0x150d8c0ba8f8, cost=0x150d8c0baa60) at /test/10.6_dbg/sql/multi_range_read.cc:177 #11 0x000055b9a2699d77 in DsMrr_impl::dsmrr_info_const (this=0x150d40025458, keyno=0, seq=<optimized out>, seq_init_param=<optimized out>, n_ranges=<optimized out>, bufsz=0x150d8c0ba9ec, flags=0x150d8c0ba9e8, cost=0x150d8c0baa60) at /test/10.6_dbg/sql/multi_range_read.cc:1708 #12 0x000055b9a2ba11ce in ha_innobase::multi_range_read_info_const (this=<optimized out>, keyno=<optimized out>, seq=<optimized out>, seq_init_param=<optimized out>, n_ranges=<optimized out>, bufsz=<optimized out>, flags=0x150d8c0ba9e8, cost=0x150d8c0baa60) at /test/10.6_dbg/storage/innobase/handler/ha_innodb.cc:19425 #13 0x000055b9a296de2f in check_quick_select (is_ror_scan=<synthetic pointer>, cost=0x150d8c0baa60, bufsize=0x150d8c0ba9ec, mrr_flags=0x150d8c0ba9e8, update_tbl_stats=true, tree=0x150d40082e60, index_only=false, idx=0, param=0x150d8c0bb120) at /test/10.6_dbg/sql/opt_range.cc:11505 #14 get_key_scans_params (param=param@entry=0x150d8c0bb120, tree=tree@entry=0x150d40082de0, index_read_must_be_used=index_read_must_be_used@entry=false, for_range_access=for_range_access@entry=true, read_time=read_time@entry=3.3999999999999999) at /test/10.6_dbg/sql/opt_range.cc:7462 #15 0x000055b9a298101a in SQL_SELECT::test_quick_select (this=this@entry=0x150d400137a0, thd=thd@entry=0x150d40000db8, keys_to_use=<optimized out>, keys_to_use@entry={static BITS_PER_ELEMENT = 64, static ARRAY_ELEMENTS = 1, static ALL_BITS_SET = 18446744073709551615, buffer = {18446744073709551615}}, prev_tables=prev_tables@entry=0, limit=limit@entry=18446744073709551615, force_quick_range=force_quick_range@entry=false, ordered_output=false, remove_false_parts_of_where=false, only_single_index_range_scan=false) at /test/10.6_dbg/sql/opt_range.cc:2930 #16 0x000055b9a25ea7d7 in SQL_SELECT::check_quick (limit=18446744073709551615, force_quick_range=<optimized out>, thd=0x150d40000db8, this=0x150d400137a0) at /test/10.6_dbg/sql/opt_range.h:1716 #17 mysql_update (thd=thd@entry=0x150d40000db8, table_list=<optimized out>, fields=@0x150d400058d8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x150d40013080, last = 0x150d40013080, elements = 1}, <No data fields>}, values=@0x150d40005e48: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x150d40013090, last = 0x150d40013090, elements = 1}, <No data fields>}, conds=<optimized out>, order_num=<optimized out>, order=0x0, limit=18446744073709551615, ignore=false, found_return=0x150d8c0bbe90, updated_return=0x150d8c0bbf60) at /test/10.6_dbg/sql/sql_update.cc:573 #18 0x000055b9a24f1237 in mysql_execute_command (thd=thd@entry=0x150d40000db8) at /test/10.6_dbg/sql/sql_limit.h:67 #19 0x000055b9a24dc21a in mysql_parse (thd=thd@entry=0x150d40000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x150d8c0bc3d0) at /test/10.6_dbg/sql/sql_parse.cc:7906 #20 0x000055b9a24ea30b in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x150d40000db8, packet=packet@entry=0x150d4001aac9 "UPDATE t1 SET f = 'foo' WHERE f < 'bar'", packet_length=packet_length@entry=39) at /test/10.6_dbg/sql/sql_class.h:1295 #21 0x000055b9a24ed63d in do_command (thd=0x150d40000db8) at /test/10.6_dbg/sql/sql_parse.cc:1365 #22 0x000055b9a26491ab in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55b9a5d0cdf8, put_in_cache=put_in_cache@entry=true) at /test/10.6_dbg/sql/sql_connect.cc:1410 #23 0x000055b9a26498af in handle_one_connection (arg=arg@entry=0x55b9a5d0cdf8) at /test/10.6_dbg/sql/sql_connect.cc:1312 #24 0x000055b9a2afd27d in pfs_spawn_thread (arg=0x55b9a5c40ef8) at /test/10.6_dbg/storage/perfschema/pfs.cc:2201 #25 0x0000150d8cc31609 in start_thread (arg=<optimized out>) at pthread_create.c:477 #26 0x0000150d8c820293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 Bug confirmed present in: MariaDB: 10.2.37 (dbg), 10.3.28 (dbg), 10.4.18 (dbg), 10.5.9 (dbg), 10.6.0 (dbg) Bug (or feature/syntax) confirmed not present in: MariaDB: 10.2.37 (opt), 10.3.28 (opt), 10.4.18 (opt), 10.5.9 (opt), 10.6.0 (opt) MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.33 (dbg), 5.7.33 (opt), 8.0.23 (dbg), 8.0.23 (opt)

            A non-debug ASAN version of the failure with a slightly different test case. On debug it returns the originally reported one.

            10.4 8a2b4d53 non-debug ASAN

            2021-06-17  1:55:40 9 [Warning] InnoDB: Using a partial-field key prefix in search, index `col_varchar_1024_latin1_key` of table `test`.`D`. Last data field length 16564 bytes, key ptr now exceeds key end by 13489 bytes. Key value in the MySQL format:
            ...
            ==386564==ERROR: AddressSanitizer: use-after-poison on address 0x629000248078 at pc 0x55b77bb948c8 bp 0x7f794e7ebb10 sp 0x7f794e7ebb00
            READ of size 1 at 0x629000248078 thread T27
                #0 0x55b77bb948c7 in ut_fold_binary /data/src/10.4/storage/innobase/include/ut0rnd.ic:121
                #1 0x55b77bb948c7 in dtuple_fold /data/src/10.4/storage/innobase/include/data0data.ic:566
                #2 0x55b77bb948c7 in btr_search_guess_on_hash(dict_index_t*, btr_search_t*, dtuple_t const*, unsigned long, unsigned long, btr_cur_t*, rw_lock_t*, mtr_t*) /data/src/10.4/storage/innobase/btr/btr0sea.cc:940
                #3 0x55b77bb74594 in btr_cur_search_to_nth_level_func(dict_index_t*, unsigned long, dtuple_t const*, page_cur_mode_t, unsigned long, btr_cur_t*, rw_lock_t*, char const*, unsigned int, mtr_t*, unsigned long) /data/src/10.4/storage/innobase/btr/btr0cur.cc:1443
                #4 0x55b77b9e2202 in btr_pcur_open_with_no_init_func /data/src/10.4/storage/innobase/include/btr0pcur.ic:504
                #5 0x55b77b9e2202 in row_search_mvcc(unsigned char*, page_cur_mode_t, row_prebuilt_t*, unsigned long, unsigned long) /data/src/10.4/storage/innobase/row/row0sel.cc:4726
                #6 0x55b77b703fcc in ha_innobase::index_read(unsigned char*, unsigned char const*, unsigned int, ha_rkey_function) /data/src/10.4/storage/innobase/handler/ha_innodb.cc:9368
                #7 0x55b77b0a2ea5 in handler::ha_index_read_map(unsigned char*, unsigned char const*, unsigned long, ha_rkey_function) /data/src/10.4/sql/handler.cc:2923
                #8 0x55b77aa573c0 in join_read_always_key /data/src/10.4/sql/sql_select.cc:21305
                #9 0x55b77aa02d1f in sub_select(JOIN*, st_join_table*, bool) /data/src/10.4/sql/sql_select.cc:20544
                #10 0x55b77aa02d1f in sub_select(JOIN*, st_join_table*, bool) /data/src/10.4/sql/sql_select.cc:20480
                #11 0x55b77a9c77a9 in evaluate_join_record /data/src/10.4/sql/sql_select.cc:20767
                #12 0x55b77aa02dfd in sub_select(JOIN*, st_join_table*, bool) /data/src/10.4/sql/sql_select.cc:20547
                #13 0x55b77aa02dfd in sub_select(JOIN*, st_join_table*, bool) /data/src/10.4/sql/sql_select.cc:20480
                #14 0x55b77aab3439 in do_select /data/src/10.4/sql/sql_select.cc:20085
                #15 0x55b77aab3439 in JOIN::exec_inner() /data/src/10.4/sql/sql_select.cc:4525
                #16 0x55b77aab4962 in JOIN::exec() /data/src/10.4/sql/sql_select.cc:4307
                #17 0x55b77aaac2d7 in mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/10.4/sql/sql_select.cc:4745
                #18 0x55b77aaaeed4 in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.4/sql/sql_select.cc:436
                #19 0x55b77a90c3a2 in execute_sqlcom_select /data/src/10.4/sql/sql_parse.cc:6446
                #20 0x55b77a93cd47 in mysql_execute_command(THD*) /data/src/10.4/sql/sql_parse.cc:3965
                #21 0x55b77a94705f in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.4/sql/sql_parse.cc:7992
                #22 0x55b77a94ff79 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.4/sql/sql_parse.cc:1857
                #23 0x55b77a955dd9 in do_command(THD*) /data/src/10.4/sql/sql_parse.cc:1373
                #24 0x55b77acc42a6 in do_handle_one_connection(CONNECT*) /data/src/10.4/sql/sql_connect.cc:1412
                #25 0x55b77acc482e in handle_one_connection /data/src/10.4/sql/sql_connect.cc:1316
                #26 0x55b77c155088 in pfs_spawn_thread /data/src/10.4/storage/perfschema/pfs.cc:1869
                #27 0x7f79652a2608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477
                #28 0x7f7964e78292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)
             
            0x629000248078 is located 15992 bytes inside of 16352-byte region [0x629000244200,0x6290002481e0)
            allocated by thread T27 here:
                #0 0x7f7965916bc8 in malloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10dbc8)
                #1 0x55b77c226366 in my_malloc /data/src/10.4/mysys/my_malloc.c:101
                #2 0x55b77c211ffb in alloc_root /data/src/10.4/mysys/my_alloc.c:251
                #3 0x55b77c2123ff in multi_alloc_root /data/src/10.4/mysys/my_alloc.c:325
                #4 0x55b77aa9fe88 in make_join_statistics /data/src/10.4/sql/sql_select.cc:4937
                #5 0x55b77aa9fe88 in JOIN::optimize_inner() /data/src/10.4/sql/sql_select.cc:2315
                #6 0x55b77aaa9c20 in JOIN::optimize() /data/src/10.4/sql/sql_select.cc:1658
                #7 0x55b77aaac18a in mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/10.4/sql/sql_select.cc:4731
                #8 0x55b77aaaeed4 in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.4/sql/sql_select.cc:436
                #9 0x55b77a90c3a2 in execute_sqlcom_select /data/src/10.4/sql/sql_parse.cc:6446
                #10 0x55b77a93cd47 in mysql_execute_command(THD*) /data/src/10.4/sql/sql_parse.cc:3965
                #11 0x55b77a94705f in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.4/sql/sql_parse.cc:7992
                #12 0x55b77a94ff79 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.4/sql/sql_parse.cc:1857
                #13 0x55b77a955dd9 in do_command(THD*) /data/src/10.4/sql/sql_parse.cc:1373
                #14 0x55b77acc42a6 in do_handle_one_connection(CONNECT*) /data/src/10.4/sql/sql_connect.cc:1412
                #15 0x55b77acc482e in handle_one_connection /data/src/10.4/sql/sql_connect.cc:1316
                #16 0x55b77c155088 in pfs_spawn_thread /data/src/10.4/storage/perfschema/pfs.cc:1869
                #17 0x7f79652a2608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477
             
            Thread T27 created by T0 here:
                #0 0x7f7965843805 in pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x3a805)
                #1 0x55b77c15cbde in spawn_thread_v1 /data/src/10.4/storage/perfschema/pfs.cc:1919
                #2 0x55b77a6a749e in inline_mysql_thread_create /data/src/10.4/include/mysql/psi/mysql_thread.h:1275
                #3 0x55b77a6a749e in create_thread_to_handle_connection(CONNECT*) /data/src/10.4/sql/mysqld.cc:6238
                #4 0x55b77a6b3a32 in create_new_thread(CONNECT*) /data/src/10.4/sql/mysqld.cc:6308
                #5 0x55b77a6b4052 in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/src/10.4/sql/mysqld.cc:6406
                #6 0x55b77a6b517d in handle_connections_sockets() /data/src/10.4/sql/mysqld.cc:6564
                #7 0x55b77a6b6bf4 in mysqld_main(int, char**) /data/src/10.4/sql/mysqld.cc:5896
                #8 0x7f7964d7d0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
             
            SUMMARY: AddressSanitizer: use-after-poison /data/src/10.4/storage/innobase/include/ut0rnd.ic:121 in ut_fold_binary
            Shadow bytes around the buggy address:
              0x0c5280040fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
              0x0c5280040fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
              0x0c5280040fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
              0x0c5280040fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
              0x0c5280040ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
            =>0x0c5280041000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00[f7]
              0x0c5280041010: 00 00 f7 00 f7 00 f7 00 00 00 00 06 f7 00 00 00
              0x0c5280041020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
              0x0c5280041030: 00 00 f7 00 00 f7 00 00 f7 00 00 f7 fa fa fa fa
              0x0c5280041040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
              0x0c5280041050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
            Shadow byte legend (one shadow byte represents 8 application bytes):
              Addressable:           00
              Partially addressable: 01 02 03 04 05 06 07 
              Heap left redzone:       fa
              Freed heap region:       fd
              Stack left redzone:      f1
              Stack mid redzone:       f2
              Stack right redzone:     f3
              Stack after return:      f5
              Stack use after scope:   f8
              Global redzone:          f9
              Global init order:       f6
              Poisoned by user:        f7
              Container overflow:      fc
              Array cookie:            ac
              Intra object redzone:    bb
              ASan internal:           fe
              Left alloca redzone:     ca
              Right alloca redzone:    cb
              Shadow gap:              cc
            ==386564==ABORTING
            

            elenst Elena Stepanova added a comment - A non-debug ASAN version of the failure with a slightly different test case. On debug it returns the originally reported one. 10.4 8a2b4d53 non-debug ASAN 2021-06-17 1:55:40 9 [Warning] InnoDB: Using a partial-field key prefix in search, index `col_varchar_1024_latin1_key` of table `test`.`D`. Last data field length 16564 bytes, key ptr now exceeds key end by 13489 bytes. Key value in the MySQL format: ... ==386564==ERROR: AddressSanitizer: use-after-poison on address 0x629000248078 at pc 0x55b77bb948c8 bp 0x7f794e7ebb10 sp 0x7f794e7ebb00 READ of size 1 at 0x629000248078 thread T27 #0 0x55b77bb948c7 in ut_fold_binary /data/src/10.4/storage/innobase/include/ut0rnd.ic:121 #1 0x55b77bb948c7 in dtuple_fold /data/src/10.4/storage/innobase/include/data0data.ic:566 #2 0x55b77bb948c7 in btr_search_guess_on_hash(dict_index_t*, btr_search_t*, dtuple_t const*, unsigned long, unsigned long, btr_cur_t*, rw_lock_t*, mtr_t*) /data/src/10.4/storage/innobase/btr/btr0sea.cc:940 #3 0x55b77bb74594 in btr_cur_search_to_nth_level_func(dict_index_t*, unsigned long, dtuple_t const*, page_cur_mode_t, unsigned long, btr_cur_t*, rw_lock_t*, char const*, unsigned int, mtr_t*, unsigned long) /data/src/10.4/storage/innobase/btr/btr0cur.cc:1443 #4 0x55b77b9e2202 in btr_pcur_open_with_no_init_func /data/src/10.4/storage/innobase/include/btr0pcur.ic:504 #5 0x55b77b9e2202 in row_search_mvcc(unsigned char*, page_cur_mode_t, row_prebuilt_t*, unsigned long, unsigned long) /data/src/10.4/storage/innobase/row/row0sel.cc:4726 #6 0x55b77b703fcc in ha_innobase::index_read(unsigned char*, unsigned char const*, unsigned int, ha_rkey_function) /data/src/10.4/storage/innobase/handler/ha_innodb.cc:9368 #7 0x55b77b0a2ea5 in handler::ha_index_read_map(unsigned char*, unsigned char const*, unsigned long, ha_rkey_function) /data/src/10.4/sql/handler.cc:2923 #8 0x55b77aa573c0 in join_read_always_key /data/src/10.4/sql/sql_select.cc:21305 #9 0x55b77aa02d1f in sub_select(JOIN*, st_join_table*, bool) /data/src/10.4/sql/sql_select.cc:20544 #10 0x55b77aa02d1f in sub_select(JOIN*, st_join_table*, bool) /data/src/10.4/sql/sql_select.cc:20480 #11 0x55b77a9c77a9 in evaluate_join_record /data/src/10.4/sql/sql_select.cc:20767 #12 0x55b77aa02dfd in sub_select(JOIN*, st_join_table*, bool) /data/src/10.4/sql/sql_select.cc:20547 #13 0x55b77aa02dfd in sub_select(JOIN*, st_join_table*, bool) /data/src/10.4/sql/sql_select.cc:20480 #14 0x55b77aab3439 in do_select /data/src/10.4/sql/sql_select.cc:20085 #15 0x55b77aab3439 in JOIN::exec_inner() /data/src/10.4/sql/sql_select.cc:4525 #16 0x55b77aab4962 in JOIN::exec() /data/src/10.4/sql/sql_select.cc:4307 #17 0x55b77aaac2d7 in mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/10.4/sql/sql_select.cc:4745 #18 0x55b77aaaeed4 in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.4/sql/sql_select.cc:436 #19 0x55b77a90c3a2 in execute_sqlcom_select /data/src/10.4/sql/sql_parse.cc:6446 #20 0x55b77a93cd47 in mysql_execute_command(THD*) /data/src/10.4/sql/sql_parse.cc:3965 #21 0x55b77a94705f in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.4/sql/sql_parse.cc:7992 #22 0x55b77a94ff79 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.4/sql/sql_parse.cc:1857 #23 0x55b77a955dd9 in do_command(THD*) /data/src/10.4/sql/sql_parse.cc:1373 #24 0x55b77acc42a6 in do_handle_one_connection(CONNECT*) /data/src/10.4/sql/sql_connect.cc:1412 #25 0x55b77acc482e in handle_one_connection /data/src/10.4/sql/sql_connect.cc:1316 #26 0x55b77c155088 in pfs_spawn_thread /data/src/10.4/storage/perfschema/pfs.cc:1869 #27 0x7f79652a2608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477 #28 0x7f7964e78292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)   0x629000248078 is located 15992 bytes inside of 16352-byte region [0x629000244200,0x6290002481e0) allocated by thread T27 here: #0 0x7f7965916bc8 in malloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10dbc8) #1 0x55b77c226366 in my_malloc /data/src/10.4/mysys/my_malloc.c:101 #2 0x55b77c211ffb in alloc_root /data/src/10.4/mysys/my_alloc.c:251 #3 0x55b77c2123ff in multi_alloc_root /data/src/10.4/mysys/my_alloc.c:325 #4 0x55b77aa9fe88 in make_join_statistics /data/src/10.4/sql/sql_select.cc:4937 #5 0x55b77aa9fe88 in JOIN::optimize_inner() /data/src/10.4/sql/sql_select.cc:2315 #6 0x55b77aaa9c20 in JOIN::optimize() /data/src/10.4/sql/sql_select.cc:1658 #7 0x55b77aaac18a in mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/10.4/sql/sql_select.cc:4731 #8 0x55b77aaaeed4 in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.4/sql/sql_select.cc:436 #9 0x55b77a90c3a2 in execute_sqlcom_select /data/src/10.4/sql/sql_parse.cc:6446 #10 0x55b77a93cd47 in mysql_execute_command(THD*) /data/src/10.4/sql/sql_parse.cc:3965 #11 0x55b77a94705f in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.4/sql/sql_parse.cc:7992 #12 0x55b77a94ff79 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.4/sql/sql_parse.cc:1857 #13 0x55b77a955dd9 in do_command(THD*) /data/src/10.4/sql/sql_parse.cc:1373 #14 0x55b77acc42a6 in do_handle_one_connection(CONNECT*) /data/src/10.4/sql/sql_connect.cc:1412 #15 0x55b77acc482e in handle_one_connection /data/src/10.4/sql/sql_connect.cc:1316 #16 0x55b77c155088 in pfs_spawn_thread /data/src/10.4/storage/perfschema/pfs.cc:1869 #17 0x7f79652a2608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477   Thread T27 created by T0 here: #0 0x7f7965843805 in pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x3a805) #1 0x55b77c15cbde in spawn_thread_v1 /data/src/10.4/storage/perfschema/pfs.cc:1919 #2 0x55b77a6a749e in inline_mysql_thread_create /data/src/10.4/include/mysql/psi/mysql_thread.h:1275 #3 0x55b77a6a749e in create_thread_to_handle_connection(CONNECT*) /data/src/10.4/sql/mysqld.cc:6238 #4 0x55b77a6b3a32 in create_new_thread(CONNECT*) /data/src/10.4/sql/mysqld.cc:6308 #5 0x55b77a6b4052 in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/src/10.4/sql/mysqld.cc:6406 #6 0x55b77a6b517d in handle_connections_sockets() /data/src/10.4/sql/mysqld.cc:6564 #7 0x55b77a6b6bf4 in mysqld_main(int, char**) /data/src/10.4/sql/mysqld.cc:5896 #8 0x7f7964d7d0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)   SUMMARY: AddressSanitizer: use-after-poison /data/src/10.4/storage/innobase/include/ut0rnd.ic:121 in ut_fold_binary Shadow bytes around the buggy address: 0x0c5280040fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c5280040fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c5280040fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c5280040fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c5280040ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0c5280041000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00[f7] 0x0c5280041010: 00 00 f7 00 f7 00 f7 00 00 00 00 06 f7 00 00 00 0x0c5280041020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c5280041030: 00 00 f7 00 00 f7 00 00 f7 00 00 f7 fa fa fa fa 0x0c5280041040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c5280041050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==386564==ABORTING

            This shares a root cause with MDEV-24902.

            marko Marko Mäkelä added a comment - This shares a root cause with MDEV-24902 .

            People

              marko Marko Mäkelä
              elenst Elena Stepanova
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.