[MDEV-35176] ASAN errors in Field_vector::store with optimizer_trace enabled - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Critical
Resolution: Fixed
Affects Version/s: N/A
Fix Version/s: 11.7.1
Component/s: Optimizer, Vector search
Labels:
None

Description

SET optimizer_trace="enabled=on";

CREATE TABLE t (pk INT PRIMARY KEY, v VECTOR(2) NOT NULL, KEY(v(6)));

INSERT INTO t VALUES (1,VEC_FromText('[1,2]')),(2,VEC_FromText('[3,4]'));

SELECT pk FROM t WHERE v LIKE VEC_FromText('[1,2]');

# Cleanup

DROP TABLE t;

bb-11.6-MDEV-32887-vector eff6bc39fcb6e1f691fa08b153d9ea44b9f77b54
==2901792==ERROR: AddressSanitizer: unknown-crash on address 0x621000140196 at pc 0x55721391cb5d bp 0x7f752b102c20 sp 0x7f752b102c18
READ of size 4 at 0x621000140196 thread T5
#0 0x55721391cb5c in get_float /data/bld/preview-11.7-bb-11.6-MDEV-32887-vector-asan/include/my_byteorder.h:59
#1 0x55721391e73d in Field_vector::store(char const, unsigned long, charset_info_st const) /data/bld/preview-11.7-bb-11.6-MDEV-32887-vector-asan/sql/sql_type_vector.cc:319
#2 0x557213ad88e3 in Field_varstring::set_key_image(unsigned char const*, unsigned int) /data/bld/preview-11.7-bb-11.6-MDEV-32887-vector-asan/sql/field.cc:8381
#3 0x557213af4503 in Field::print_key_part_value(String, unsigned char const, unsigned int) /data/bld/preview-11.7-bb-11.6-MDEV-32887-vector-asan/sql/field.cc:11672
#4 0x557212e7f95b in print_key_value /data/bld/preview-11.7-bb-11.6-MDEV-32887-vector-asan/sql/opt_range.cc:17232
#5 0x557212e7e8cc in print_range /data/bld/preview-11.7-bb-11.6-MDEV-32887-vector-asan/sql/opt_range.cc:17109
#6 0x557212e7f558 in trace_ranges /data/bld/preview-11.7-bb-11.6-MDEV-32887-vector-asan/sql/opt_range.cc:17201
#7 0x557212e3e883 in get_key_scans_params /data/bld/preview-11.7-bb-11.6-MDEV-32887-vector-asan/sql/opt_range.cc:7883
#8 0x557212e1fe63 in SQL_SELECT::test_quick_select(THD*, Bitmap<64u>, unsigned long long, unsigned long long, bool, bool, bool, bool, Item_func::Bitmap) /data/bld/preview-11.7-bb-11.6-MDEV-32887-vector-asan/sql/opt_range.cc:3001
#9 0x5572132ce09e in get_quick_record_count /data/bld/preview-11.7-bb-11.6-MDEV-32887-vector-asan/sql/sql_select.cc:5403
#10 0x5572132d5778 in make_join_statistics /data/bld/preview-11.7-bb-11.6-MDEV-32887-vector-asan/sql/sql_select.cc:6180
#11 0x5572132b245e in JOIN::optimize_inner() /data/bld/preview-11.7-bb-11.6-MDEV-32887-vector-asan/sql/sql_select.cc:2687
#12 0x5572132aae74 in JOIN::optimize() /data/bld/preview-11.7-bb-11.6-MDEV-32887-vector-asan/sql/sql_select.cc:1985
#13 0x5572132cd805 in mysql_select(THD, TABLE_LIST, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex) /data/bld/preview-11.7-bb-11.6-MDEV-32887-vector-asan/sql/sql_select.cc:5328
#14 0x55721329bf32 in handle_select(THD, LEX, select_result*, unsigned long long) /data/bld/preview-11.7-bb-11.6-MDEV-32887-vector-asan/sql/sql_select.cc:624
#15 0x5572131beae8 in execute_sqlcom_select /data/bld/preview-11.7-bb-11.6-MDEV-32887-vector-asan/sql/sql_parse.cc:6151
#16 0x5572131ae713 in mysql_execute_command(THD*, bool) /data/bld/preview-11.7-bb-11.6-MDEV-32887-vector-asan/sql/sql_parse.cc:3953
#17 0x5572131c9539 in mysql_parse(THD, char, unsigned int, Parser_state*) /data/bld/preview-11.7-bb-11.6-MDEV-32887-vector-asan/sql/sql_parse.cc:7873
#18 0x5572131a055b in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /data/bld/preview-11.7-bb-11.6-MDEV-32887-vector-asan/sql/sql_parse.cc:1892
#19 0x55721319d26f in do_command(THD*, bool) /data/bld/preview-11.7-bb-11.6-MDEV-32887-vector-asan/sql/sql_parse.cc:1405
#20 0x55721368cc4a in do_handle_one_connection(CONNECT*, bool) /data/bld/preview-11.7-bb-11.6-MDEV-32887-vector-asan/sql/sql_connect.cc:1448
#21 0x55721368c60b in handle_one_connection /data/bld/preview-11.7-bb-11.6-MDEV-32887-vector-asan/sql/sql_connect.cc:1350
#22 0x5572143323db in pfs_spawn_thread /data/bld/preview-11.7-bb-11.6-MDEV-32887-vector-asan/storage/perfschema/pfs.cc:2198
#23 0x7f75366a8043 in start_thread nptl/pthread_create.c:442
#24 0x7f753672861b in clone3 ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

0x621000140196 is located 150 bytes inside of 4112-byte region [0x621000140100,0x621000141110)
allocated by thread T5 here:
#0 0x7f75370b89cf in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x5572150b2733 in my_malloc /data/bld/preview-11.7-bb-11.6-MDEV-32887-vector-asan/mysys/my_malloc.c:93
#2 0x557215084d04 in root_alloc /data/bld/preview-11.7-bb-11.6-MDEV-32887-vector-asan/mysys/my_alloc.c:66
#3 0x5572150866f4 in alloc_root /data/bld/preview-11.7-bb-11.6-MDEV-32887-vector-asan/mysys/my_alloc.c:333
#4 0x557212e1e44f in SQL_SELECT::test_quick_select(THD*, Bitmap<64u>, unsigned long long, unsigned long long, bool, bool, bool, bool, Item_func::Bitmap) /data/bld/preview-11.7-bb-11.6-MDEV-32887-vector-asan/sql/opt_range.cc:2822
#5 0x5572132ce09e in get_quick_record_count /data/bld/preview-11.7-bb-11.6-MDEV-32887-vector-asan/sql/sql_select.cc:5403
#6 0x5572132d5778 in make_join_statistics /data/bld/preview-11.7-bb-11.6-MDEV-32887-vector-asan/sql/sql_select.cc:6180
#7 0x5572132b245e in JOIN::optimize_inner() /data/bld/preview-11.7-bb-11.6-MDEV-32887-vector-asan/sql/sql_select.cc:2687
#8 0x5572132aae74 in JOIN::optimize() /data/bld/preview-11.7-bb-11.6-MDEV-32887-vector-asan/sql/sql_select.cc:1985
#9 0x5572132cd805 in mysql_select(THD, TABLE_LIST, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex) /data/bld/preview-11.7-bb-11.6-MDEV-32887-vector-asan/sql/sql_select.cc:5328
#10 0x55721329bf32 in handle_select(THD, LEX, select_result*, unsigned long long) /data/bld/preview-11.7-bb-11.6-MDEV-32887-vector-asan/sql/sql_select.cc:624
#11 0x5572131beae8 in execute_sqlcom_select /data/bld/preview-11.7-bb-11.6-MDEV-32887-vector-asan/sql/sql_parse.cc:6151
#12 0x5572131ae713 in mysql_execute_command(THD*, bool) /data/bld/preview-11.7-bb-11.6-MDEV-32887-vector-asan/sql/sql_parse.cc:3953
#13 0x5572131c9539 in mysql_parse(THD, char, unsigned int, Parser_state*) /data/bld/preview-11.7-bb-11.6-MDEV-32887-vector-asan/sql/sql_parse.cc:7873
#14 0x5572131a055b in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /data/bld/preview-11.7-bb-11.6-MDEV-32887-vector-asan/sql/sql_parse.cc:1892
#15 0x55721319d26f in do_command(THD*, bool) /data/bld/preview-11.7-bb-11.6-MDEV-32887-vector-asan/sql/sql_parse.cc:1405
#16 0x55721368cc4a in do_handle_one_connection(CONNECT*, bool) /data/bld/preview-11.7-bb-11.6-MDEV-32887-vector-asan/sql/sql_connect.cc:1448
#17 0x55721368c60b in handle_one_connection /data/bld/preview-11.7-bb-11.6-MDEV-32887-vector-asan/sql/sql_connect.cc:1350
#18 0x5572143323db in pfs_spawn_thread /data/bld/preview-11.7-bb-11.6-MDEV-32887-vector-asan/storage/perfschema/pfs.cc:2198
#19 0x7f75366a8043 in start_thread nptl/pthread_create.c:442

Thread T5 created by T0 here:
#0 0x7f7537049726 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:207
#1 0x55721432e17d in my_thread_create /data/bld/preview-11.7-bb-11.6-MDEV-32887-vector-asan/storage/perfschema/my_thread.h:38
#2 0x5572143327ca in pfs_spawn_thread_v1 /data/bld/preview-11.7-bb-11.6-MDEV-32887-vector-asan/storage/perfschema/pfs.cc:2249
#3 0x557212db9c23 in inline_mysql_thread_create /data/bld/preview-11.7-bb-11.6-MDEV-32887-vector-asan/include/mysql/psi/mysql_thread.h:1139
#4 0x557212dd23ea in create_thread_to_handle_connection(CONNECT*) /data/bld/preview-11.7-bb-11.6-MDEV-32887-vector-asan/sql/mysqld.cc:6267
#5 0x557212dd2a0f in create_new_thread(CONNECT*) /data/bld/preview-11.7-bb-11.6-MDEV-32887-vector-asan/sql/mysqld.cc:6329
#6 0x557212dd2cfa in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/bld/preview-11.7-bb-11.6-MDEV-32887-vector-asan/sql/mysqld.cc:6391
#7 0x557212dd3982 in handle_connections_sockets() /data/bld/preview-11.7-bb-11.6-MDEV-32887-vector-asan/sql/mysqld.cc:6504
#8 0x557212dd1c67 in mysqld_main(int, char**) /data/bld/preview-11.7-bb-11.6-MDEV-32887-vector-asan/sql/mysqld.cc:6162
#9 0x557212db8d48 in main /data/bld/preview-11.7-bb-11.6-MDEV-32887-vector-asan/sql/main.cc:34
#10 0x7f75366461c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58

SUMMARY: AddressSanitizer: unknown-crash /data/bld/preview-11.7-bb-11.6-MDEV-32887-vector-asan/include/my_byteorder.h:59 in get_float
Shadow bytes around the buggy address:
0x0c428001ffe0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c428001fff0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4280020000: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4280020010: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c4280020020: 00 00 00 00 00 00 f7 00 00 00 00 00 00 00 00 f7
=>0x0c4280020030: 00 f7[00]01 f7 00 01 f7 00 00 00 00 00 00 00 00
0x0c4280020040: 00 00 00 00 00 00 00 f7 00 f7 00 00 04 f7 00 00
0x0c4280020050: 00 00 00 00 00 00 00 00 00 00 00 00 f7 00 f7 00
0x0c4280020060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c4280020070: 00 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
0x0c4280020080: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==2901792==ABORTING

Attachments

Issue Links

is caused by

MDEV-34939 vector search in 11.7

Closed

Activity

People

Assignee:: Sergei Golubchik

Reporter:: Elena Stepanova

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2024-10-16 12:26

Updated:: 6 days ago 13:53

Resolved:: 6 days ago 13:53

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.