[MDEV-34984] Assertion `length <= copy->to_length - 2' failed in void do_varstring2_no_truncation(const Copy_field*) - Jira

Details

Type: Bug
Status: Open (View Workflow)
Priority: Critical
Resolution: Unresolved
Affects Version/s: 11.8, 11.6(EOL), 11.7(EOL)
Fix Version/s: 11.8
Component/s: Virtual Columns
Labels:
- regression

Description

--source include/have_sequence.inc

SET SQL_MODE='';

CREATE TABLE t1 (a int,b varchar(100) GENERATED ALWAYS AS (a)) ;

insert INTO t1 select seq,0 from seq_1_to_71424;

SELECT DISTINCT a,sum(b) FROM t1 GROUP BY a,b WITH ROLLUP;

Leads to:

CS 11.7.0 5bbda9711131845ae6b4315a268b4d1710943a85 (Optimized)
Core was generated by `/test/MD090924-mariadb-11.7.0-linux-x86_64-opt/bin/mariadbd --no-defaults --max'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 next_free_record_pos (info=0x151bbc05fac8)at /test/11.7_opt/storage/heap/hp_write.c:143
[Current thread is 1 (Thread 0x151bfc0db700 (LWP 2828498))]
(gdb) bt
#0 next_free_record_pos (info=0x151bbc05fac8) at /test/11.7_opt/storage/heap/hp_write.c:143
#1 heap_write (info=0x151bbc046378, record=0x151bbc05f2a0 "\361\067\062\066") at /test/11.7_opt/storage/heap/hp_write.c:45
#2 0x00005607d2fc2190 in ha_heap::write_row (this=0x151bbc05ecb0, buf=<optimized out>) at /test/11.7_opt/storage/heap/ha_heap.cc:298
#3 0x00005607d2a7da99 in handler::ha_write_tmp_row (buf=0x151bbc05f2a0 "\361\067\062\066", this=0x151bbc05ecb0) at /test/11.7_opt/sql/sql_class.h:7960
#4 end_write_group (join=0x151bbc019e00, join_tab=0x151bbc050f40, end_of_records=<optimized out>) at /test/11.7_opt/sql/sql_select.cc:25495
#5 0x00005607d2a488d7 in evaluate_join_record (join=0x151bbc019e00, join_tab=0x151bbc050ad0, error=<optimized out>) at /test/11.7_opt/sql/sql_select.cc:23897
#6 0x00005607d2a5ac04 in sub_select (join=0x151bbc019e00, join_tab=0x151bbc050ad0, end_of_records=false) at /test/11.7_opt/sql/sql_select.cc:23701
#7 0x00005607d2a8e46d in do_select (procedure=<optimized out>, join=0x151bbc019e00) at /test/11.7_opt/sql/sql_select.cc:23175
#8 JOIN::exec_inner (this=0x151bbc019e00) at /test/11.7_opt/sql/sql_select.cc:5029
#9 0x00005607d2a8e88e in JOIN::exec (this=this@entry=0x151bbc019e00) at /test/11.7_opt/sql/sql_select.cc:4812
#10 0x00005607d2a8c8b0 in mysql_select (thd=0x151bbc000c58, tables=0x151bbc018ab0, fields=<optimized out>, conds=0x0, og_num=2, order=0x0, group=0x151bbc0192f8, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x151bbc019dd8, unit=0x151bbc004f88, select_lex=0x151bbc018120) at /test/11.7_opt/sql/sql_select.cc:5345
#11 0x00005607d2a8d0b7 in handle_select (thd=thd@entry=0x151bbc000c58, lex=lex@entry=0x151bbc004ea8, result=result@entry=0x151bbc019dd8, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/11.7_opt/sql/sql_select.cc:628
#12 0x00005607d2a0476e in execute_sqlcom_select (thd=0x151bbc000c58, all_tables=0x151bbc018ab0) at /test/11.7_opt/sql/sql_parse.cc:6154
#13 0x00005607d2a12eda in mysql_execute_command (thd=0x151bbc000c58, is_called_from_prepared_stmt=<optimized out>) at /test/11.7_opt/sql/sql_parse.cc:3954
#14 0x00005607d29feca6 in mysql_parse (thd=0x151bbc000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/11.7_opt/sql/sql_parse.cc:7876
#15 0x00005607d2a0b9fd in dispatch_command (command=COM_QUERY, thd=0x151bbc000c58, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/11.7_opt/sql/sql_class.h:1639
#16 0x00005607d2a0de6e in do_command (thd=0x151bbc000c58, blocking=blocking@entry=true) at /test/11.7_opt/sql/sql_parse.cc:1405
#17 0x00005607d2b43a77 in do_handle_one_connection (connect=<optimized out>, put_in_cache=true) at /test/11.7_opt/sql/sql_connect.cc:1448
#18 0x00005607d2b43dcd in handle_one_connection (arg=arg@entry=0x5607d66a4e18) at /test/11.7_opt/sql/sql_connect.cc:1350
#19 0x00005607d2f168d8 in pfs_spawn_thread (arg=0x5607d6662128) at /test/11.7_opt/storage/perfschema/pfs.cc:2198
#20 0x0000151c0753c609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#21 0x0000151c07128133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

CS 11.7.0 5bbda9711131845ae6b4315a268b4d1710943a85 (Debug)
mariadbd: /test/11.7_dbg/sql/field_conv.cc:578: void do_varstring2_no_truncation(const Copy_field*): Assertion `length <= copy->to_length - 2' failed.

CS 11.7.0 5bbda9711131845ae6b4315a268b4d1710943a85 (Debug)
Core was generated by `/test/MD090924-mariadb-11.7.0-linux-x86_64-dbg/bin/mariadbd --no-defaults --max'.
Program terminated with signal SIGABRT, Aborted.
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
[Current thread is 1 (Thread 0x14669c0bd700 (LWP 2827044))]
(gdb) bt
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1 0x00001466a7447859 in __GI_abort () at abort.c:79
#2 0x00001466a7447729 in __assert_fail_base (fmt=0x1466a75dd588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x562960cb0ff0 "length <= copy->to_length - 2", file=0x562960cb1030 "/test/11.7_dbg/sql/field_conv.cc", line=578, function=<optimized out>) at assert.c:92
#3 0x00001466a7458fd6 in __GI___assert_fail (assertion=assertion@entry=0x562960cb0ff0 "length <= copy->to_length - 2", file=file@entry=0x562960cb1030 "/test/11.7_dbg/sql/field_conv.cc", line=line@entry=578, function=function@entry=0x562960cb10b0 "void do_varstring2_no_truncation(const Copy_field*)") at assert.c:101
#4 0x00005629600e07c7 in do_varstring2_no_truncation (copy=0x146658079a68) at /test/11.7_dbg/sql/field_conv.cc:578
#5 0x00005629600e006f in do_copy_null (copy=<optimized out>) at /test/11.7_dbg/sql/field_conv.cc:246
#6 0x000056295fe2737f in copy_fields (param=0x14665801e788) at /test/11.7_dbg/sql/sql_select.cc:28766
#7 0x000056295fe305d2 in end_write_group (join=0x14665801c808, join_tab=0x146658079180, end_of_records=<optimized out>) at /test/11.7_dbg/sql/sql_select.cc:25527
#8 0x000056295fe37df9 in AGGR_OP::put_record (this=this@entry=0x14665807a408, end_of_records=end_of_records@entry=false) at /test/11.7_dbg/sql/sql_select.cc:32678
#9 0x000056295fe382bf in AGGR_OP::put_record (this=0x14665807a408) at /test/11.7_dbg/sql/sql_select.h:1186
#10 sub_select_postjoin_aggr (join=0x14665801c808, join_tab=0x146658079180, end_of_records=<optimized out>) at /test/11.7_dbg/sql/sql_select.cc:23348
#11 0x000056295fdf2473 in evaluate_join_record (join=join@entry=0x14665801c808, join_tab=join_tab@entry=0x146658078d10, error=error@entry=0) at /test/11.7_dbg/sql/sql_select.cc:23897
#12 0x000056295fe098ed in sub_select (join=0x14665801c808, join_tab=0x146658078d10, end_of_records=false) at /test/11.7_dbg/sql/sql_select.cc:23701
#13 0x000056295fe45163 in do_select (procedure=<optimized out>, join=0x14665801c808) at /test/11.7_dbg/sql/sql_select.cc:23175
#14 JOIN::exec_inner (this=this@entry=0x14665801c808) at /test/11.7_dbg/sql/sql_select.cc:5029
#15 0x000056295fe456d2 in JOIN::exec (this=this@entry=0x14665801c808) at /test/11.7_dbg/sql/sql_select.cc:4812
#16 0x000056295fe434fc in mysql_select (thd=thd@entry=0x146658000d48, tables=0x14665801b4b8, fields=@0x14665801adc8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14665801b100, last = 0x14665801b450, elements = 2}, <No data fields>}, conds=0x0, og_num=2, order=0x0, group=0x14665801bd00, having=0x0, proc_param=0x0, select_options=2164525825, result=0x14665801c7e0, unit=0x146658005240, select_lex=0x14665801ab10) at /test/11.7_dbg/sql/sql_select.cc:5345
#17 0x000056295fe43d25 in handle_select (thd=thd@entry=0x146658000d48, lex=lex@entry=0x146658005160, result=result@entry=0x14665801c7e0, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/11.7_dbg/sql/sql_select.cc:628
#18 0x000056295fd9f4a4 in execute_sqlcom_select (thd=thd@entry=0x146658000d48, all_tables=0x14665801b4b8) at /test/11.7_dbg/sql/sql_parse.cc:6154
#19 0x000056295fda7b9c in mysql_execute_command (thd=thd@entry=0x146658000d48, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/11.7_dbg/sql/sql_parse.cc:3954
#20 0x000056295fd98652 in mysql_parse (thd=thd@entry=0x146658000d48, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14669c0bc270) at /test/11.7_dbg/sql/sql_parse.cc:7876
#21 0x000056295fdafad1 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x146658000d48, packet=packet@entry=0x14665800b249 "", packet_length=packet_length@entry=57, blocking=blocking@entry=true) at /test/11.7_dbg/sql/sql_class.h:1639
#22 0x000056295fdb25d4 in do_command (thd=0x146658000d48, blocking=blocking@entry=true) at /test/11.7_dbg/sql/sql_parse.cc:1405
#23 0x000056295ff3c067 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x56296292b5e8, put_in_cache=put_in_cache@entry=true) at /test/11.7_dbg/sql/sql_connect.cc:1448
#24 0x000056295ff3c628 in handle_one_connection (arg=arg@entry=0x56296292b5e8) at /test/11.7_dbg/sql/sql_connect.cc:1350
#25 0x00005629603ca0fe in pfs_spawn_thread (arg=0x56296287b398) at /test/11.7_dbg/storage/perfschema/pfs.cc:2198
#26 0x00001466a7958609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#27 0x00001466a7544133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Bug confirmed present in:
MariaDB: 11.6.0 (dbg), 11.6.0 (opt), 11.7.0 (dbg), 11.7.0 (opt)

Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.5.27 (dbg), 10.5.27 (opt), 10.6.20 (dbg), 10.6.20 (opt), 10.11.10 (dbg), 10.11.10 (opt), 11.1.7 (dbg), 11.1.7 (opt), 11.2.6 (dbg), 11.2.6 (opt), 11.4.4 (dbg), 11.4.4 (opt)

Attachments

Issue Links

is caused by

MDEV-34571 Add page accessed and pages read from disk to table_stats

Closed

relates to

MDEV-24899 ASAN use-after-poison in get_suffix or wrong result and corrupt values upon GROUP_CONCAT with virtual columns

Confirmed

Assertion `length <= copy->to_length - 2' failed in void do_varstring2_no_truncation(const Copy_field*)

Details

Description

Attachments

Issue Links

Activity

People

Dates