Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-36220

ASAN unknown-crash in loose index scan of MIN with IS NULL

Details

    Description

      Testcase:

      CREATE TABLE t1 (a int, b int, KEY (a, b));
      		 
      insert into t1 values (4, NULL), (1, 14), (4, 3);
      		 
      # "b = 3 OR " is not needed for the crash
      		 
      SELECT MIN(b) FROM t1 WHERE b = 3 OR b IS NULL GROUP BY a;
      		 
      drop table t1;

      The crash happens at the memcpy in the if (cur_range->flag & NULL_RANGE) in next_min_in_range.

      Likely an old bug as it is present in 10.5.26 from 2024-08.

      stack (10.11 43c5d1303f5c7c726db276815c459436110f342f):

      Thread 1 (Thread 0x7f82ee8946c0 (LWP 3291941)):
      		 
      #0  __pthread_kill_implementation (threadid=<optimized out>, signo=6, no_tid=<optimized out>) at ./nptl/pthread_kill.c:44
      		 
      #1  0x000055861f039548 in my_write_core (sig=6) at /home/ycp/source/mariadb-server/10.11/src/mysys/stacktrace.c:424
      		 
      #2  0x000055861daa53eb in handle_fatal_signal (sig=6) at /home/ycp/source/mariadb-server/10.11/src/sql/signal_handler.cc:298
      		 
      #3  <signal handler called>
      		 
      #4  __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at ./nptl/pthread_kill.c:44
      		 
      #5  0x00007f82fb79de8f in __pthread_kill_internal (signo=6, threadid=<optimized out>) at ./nptl/pthread_kill.c:78
      		 
      #6  0x00007f82fb74efb2 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
      		 
      #7  0x00007f82fb739472 in __GI_abort () at ./stdlib/abort.c:79
      		 
      #8  0x00007f82fbf12f6f in __sanitizer::Abort () at ../../../../src/libsanitizer/sanitizer_common/sanitizer_posix_libcdep.cpp:143
      		 
      #9  0x00007f82fbf2276c in __sanitizer::Die () at ../../../../src/libsanitizer/sanitizer_common/sanitizer_termination.cpp:58
      		 
      #10 0x00007f82fbefdc5f in __asan::ScopedInErrorReport::~ScopedInErrorReport (this=0x7f82ee88f376, __in_chrg=<optimized out>) at ../../../../src/libsanitizer/asan/asan_report.cpp:192
      		 
      #11 0x00007f82fbefd2c0 in __asan::ReportGenericError (pc=140200549226678, bp=140200324433952, sp=sp@entry=140200324431840, addr=90503553188281, is_write=is_write@entry=false, access_size=16, fatal=false, exp=<optimized out>) at ../../../../src/libsanitizer/asan/asan_report.cpp:497
      		 
      #12 0x00007f82fbefd42e in __asan::ReportGenericError (pc=<optimized out>, bp=bp@entry=140200324433952, sp=sp@entry=140200324431840, addr=addr@entry=90503553188281, is_write=is_write@entry=false, access_size=access_size@entry=16, exp=<optimized out>, fatal=false) at ../../../../src/libsanitizer/asan/asan_report.cpp:497
      		 
      #13 0x00007f82fbef18d1 in ___interceptor_memcpy (dst=0x5250002381c0, src=0x5250002381b0, size=16) at ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors_memintrinsics.inc:115
      		 
      #14 0x000055861ce82bd2 in QUICK_GROUP_MIN_MAX_SELECT::next_min_in_range (this=0x5130000512c0) at /home/ycp/source/mariadb-server/10.11/src/sql/opt_range.cc:16009
      		 
      #15 0x000055861ce80c9e in QUICK_GROUP_MIN_MAX_SELECT::next_min (this=0x5130000512c0) at /home/ycp/source/mariadb-server/10.11/src/sql/opt_range.cc:15685
      		 
      #16 0x000055861ce80397 in QUICK_GROUP_MIN_MAX_SELECT::get_next (this=0x5130000512c0) at /home/ycp/source/mariadb-server/10.11/src/sql/opt_range.cc:15619
      		 
      #17 0x000055861cec7c82 in rr_quick (info=0x52d000068df8) at /home/ycp/source/mariadb-server/10.11/src/sql/records.cc:403
      		 
      #18 0x000055861ce9504a in READ_RECORD::read_record (this=0x52d000068df8) at /home/ycp/source/mariadb-server/10.11/src/sql/records.h:81
      		 
      #19 0x000055861d353774 in join_init_read_record (tab=0x52d000068d20) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_select.cc:23957
      		 
      #20 0x000055861d34c5cb in sub_select (join=0x52d000066688, join_tab=0x52d000068d20, end_of_records=false) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_select.cc:22921
      		 
      #21 0x000055861d34a53b in do_select (join=0x52d000066688, procedure=0x0) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_select.cc:22447
      		 
      #22 0x000055861d2cd854 in JOIN::exec_inner (this=0x52d000066688) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_select.cc:4974
      		 
      #23 0x000055861d2cad0c in JOIN::exec (this=0x52d000066688) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_select.cc:4752
      		 
      #24 0x000055861d2cf1a6 in mysql_select (thd=0x52c0000b0288, tables=0x52d000064d78, fields=@0x52d000064848: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x52d000064ce0, last = 0x52d000064ce0, elements = 1}, <No data fields>}, conds=0x52d000065a88, og_num=1, order=0x0, group=0x52d000065cc0, having=0x0, proc_param=0x0, select_options=2164525824, result=0x52d000066658, unit=0x52c0000b4748, select_lex=0x52d000064588) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_select.cc:5232
      		 
      #25 0x000055861d29db44 in handle_select (thd=0x52c0000b0288, lex=0x52c0000b4670, result=0x52d000066658, setup_tables_done_option=0) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_select.cc:600
      		 
      #26 0x000055861d1c1eb2 in execute_sqlcom_select (thd=0x52c0000b0288, all_tables=0x52d000064d78) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_parse.cc:6426
      		 
      #27 0x000055861d1afe9d in mysql_execute_command (thd=0x52c0000b0288, is_called_from_prepared_stmt=false) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_parse.cc:4012
      		 
      #28 0x000055861d1cc7d0 in mysql_parse (thd=0x52c0000b0288, rawbuf=0x52d0000644a8 "SELECT MIN(b) FROM t1 WHERE b = 3 OR b IS NULL GROUP BY a", length=57, parser_state=0x7f82eda45250) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_parse.cc:8188
      		 
      #29 0x000055861d1a1da8 in dispatch_command (command=COM_QUERY, thd=0x52c0000b0288, packet=0x52900024e289 "", packet_length=57, blocking=true) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_parse.cc:1905
      		 
      #30 0x000055861d19eaf6 in do_command (thd=0x52c0000b0288, blocking=true) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_parse.cc:1418
      		 
      #31 0x000055861d66896e in do_handle_one_connection (connect=0x5110000212c8, put_in_cache=true) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_connect.cc:1386
      		 
      #32 0x000055861d6684d2 in handle_one_connection (arg=0x511000021188) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_connect.cc:1298
      		 
      #33 0x000055861e292df6 in pfs_spawn_thread (arg=0x518000004908) at /home/ycp/source/mariadb-server/10.11/src/storage/perfschema/pfs.cc:2201
      		 
      #34 0x00007f82fbe5ae56 in asan_thread_start (arg=0x7f82ee895000) at ../../../../src/libsanitizer/asan/asan_interceptors.cpp:234
      		 
      #35 0x00007f82fb79c134 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
      		 
      #36 0x00007f82fb81c7dc in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

      More complete output

      ==3369712==ERROR: AddressSanitizer: unknown-crash on address 0x52500023fa11 at pc 0x7f33088f18b6 bp 0x7f32f4a14790 sp 0x7f32f4a13f50
      		 
      READ of size 16 at 0x52500023fa11 thread T5
      		 
          #0 0x7f33088f18b5 in memcpy ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors_memintrinsics.inc:115
      		 
          #1 0x562b5193ff88 in QUICK_GROUP_MIN_MAX_SELECT::next_min_max_in_range(bool, bool) /home/ycp/source/mariadb-server/main/src/sql/opt_range.cc:16679
      		 
          #2 0x562b5193e409 in QUICK_GROUP_MIN_MAX_SELECT::next_min_max(bool, bool) /home/ycp/source/mariadb-server/main/src/sql/opt_range.cc:16365
      		 
          #3 0x562b5193db5b in QUICK_GROUP_MIN_MAX_SELECT::get_next() /home/ycp/source/mariadb-server/main/src/sql/opt_range.cc:16240
      		 
          #4 0x562b5198748b in rr_quick /home/ycp/source/mariadb-server/main/src/sql/records.cc:398
      		 
          #5 0x562b51951cad in READ_RECORD::read_record() /home/ycp/source/mariadb-server/main/src/sql/records.h:77
      		 
          #6 0x562b51db3798 in join_init_read_record(st_join_table*) /home/ycp/source/mariadb-server/main/src/sql/sql_select.cc:25251
      		 
          #7 0x562b51daceff in sub_select(JOIN*, st_join_table*, bool) /home/ycp/source/mariadb-server/main/src/sql/sql_select.cc:24183
      		 
          #8 0x562b51dab30b in do_select /home/ycp/source/mariadb-server/main/src/sql/sql_select.cc:23697
      		 
          #9 0x562b51d2c517 in JOIN::exec_inner() /home/ycp/source/mariadb-server/main/src/sql/sql_select.cc:5059
      		 
          #10 0x562b51d29c87 in JOIN::exec() /home/ycp/source/mariadb-server/main/src/sql/sql_select.cc:4842
      		 
          #11 0x562b51d2d962 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /home/ycp/source/mariadb-server/main/src/sql/sql_select.cc:5375
      		 
          #12 0x562b51d01064 in handle_select(THD*, LEX*, select_result*, unsigned long long) /home/ycp/source/mariadb-server/main/src/sql/sql_select.cc:633
      		 
          #13 0x562b51c3fa92 in execute_sqlcom_select /home/ycp/source/mariadb-server/main/src/sql/sql_parse.cc:6191
      		 
          #14 0x562b51c2faee in mysql_execute_command(THD*, bool) /home/ycp/source/mariadb-server/main/src/sql/sql_parse.cc:3979
      		 
          #15 0x562b51c49370 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /home/ycp/source/mariadb-server/main/src/sql/sql_parse.cc:7915
      		 
          #16 0x562b51c22255 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /home/ycp/source/mariadb-server/main/src/sql/sql_parse.cc:1902
      		 
          #17 0x562b51c1f649 in do_command(THD*, bool) /home/ycp/source/mariadb-server/main/src/sql/sql_parse.cc:1415
      		 
          #18 0x562b520ae457 in do_handle_one_connection(CONNECT*, bool) /home/ycp/source/mariadb-server/main/src/sql/sql_connect.cc:1415
      		 
          #19 0x562b520adfec in handle_one_connection /home/ycp/source/mariadb-server/main/src/sql/sql_connect.cc:1327
      		 
          #20 0x562b52c75c4d in pfs_spawn_thread /home/ycp/source/mariadb-server/main/src/storage/perfschema/pfs.cc:2198
      		 
          #21 0x7f330885ae55 in asan_thread_start ../../../../src/libsanitizer/asan/asan_interceptors.cpp:234
      		 
          #22 0x7f33080a8133 in start_thread nptl/pthread_create.c:442
      		 
          #23 0x7f33081287db in clone3 ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
      		 
       
      		 
      0x52500023fa11 is located 2321 bytes inside of 8300-byte region [0x52500023f100,0x52500024116c)
      		 
      allocated by thread T5 here:
      		 
          #0 0x7f33088f3bc7 in malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69
      		 
          #1 0x562b539b0668 in sf_malloc /home/ycp/source/mariadb-server/main/src/mysys/safemalloc.c:126
      		 
          #2 0x562b53987a12 in my_malloc /home/ycp/source/mariadb-server/main/src/mysys/my_malloc.c:93
      		 
          #3 0x562b5395fa39 in root_alloc /home/ycp/source/mariadb-server/main/src/mysys/my_alloc.c:66
      		 
          #4 0x562b539601f5 in init_alloc_root /home/ycp/source/mariadb-server/main/src/mysys/my_alloc.c:178
      		 
          #5 0x562b52010d2e in init_sql_alloc(unsigned int, st_mem_root*, unsigned int, unsigned int, unsigned long) /home/ycp/source/mariadb-server/main/src/sql/thr_malloc.cc:64
      		 
          #6 0x562b51fd988f in open_table_from_share(THD*, TABLE_SHARE*, st_mysql_const_lex_string const*, unsigned int, unsigned int, unsigned int, TABLE*, bool, List<String>*) /home/ycp/source/mariadb-server/main/src/sql/table.cc:4362
      		 
          #7 0x562b51a95275 in open_table(THD*, TABLE_LIST*, Open_table_context*) /home/ycp/source/mariadb-server/main/src/sql/sql_base.cc:2257
      		 
          #8 0x562b51a9f9e7 in open_and_process_table /home/ycp/source/mariadb-server/main/src/sql/sql_base.cc:4195
      		 
          #9 0x562b51aa1d36 in open_tables(THD*, DDL_options_st const&, TABLE_LIST**, unsigned int*, unsigned int, Prelocking_strategy*) /home/ycp/source/mariadb-server/main/src/sql/sql_base.cc:4681
      		 
          #10 0x562b51aa5f31 in open_and_lock_tables(THD*, DDL_options_st const&, TABLE_LIST*, bool, unsigned int, Prelocking_strategy*) /home/ycp/source/mariadb-server/main/src/sql/sql_base.cc:5650
      		 
          #11 0x562b51ac8b8c in open_and_lock_tables(THD*, TABLE_LIST*, bool, unsigned int) /home/ycp/source/mariadb-server/main/src/sql/sql_base.h:535
      		 
          #12 0x562b51b69f99 in mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicates, bool, select_result*) /home/ycp/source/mariadb-server/main/src/sql/sql_insert.cc:784
      		 
          #13 0x562b51c32c60 in mysql_execute_command(THD*, bool) /home/ycp/source/mariadb-server/main/src/sql/sql_parse.cc:4484
      		 
          #14 0x562b51c49370 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /home/ycp/source/mariadb-server/main/src/sql/sql_parse.cc:7915
      		 
          #15 0x562b51c22255 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /home/ycp/source/mariadb-server/main/src/sql/sql_parse.cc:1902
      		 
          #16 0x562b51c1f649 in do_command(THD*, bool) /home/ycp/source/mariadb-server/main/src/sql/sql_parse.cc:1415
      		 
          #17 0x562b520ae457 in do_handle_one_connection(CONNECT*, bool) /home/ycp/source/mariadb-server/main/src/sql/sql_connect.cc:1415
      		 
          #18 0x562b520adfec in handle_one_connection /home/ycp/source/mariadb-server/main/src/sql/sql_connect.cc:1327
      		 
          #19 0x562b52c75c4d in pfs_spawn_thread /home/ycp/source/mariadb-server/main/src/storage/perfschema/pfs.cc:2198
      		 
          #20 0x7f330885ae55 in asan_thread_start ../../../../src/libsanitizer/asan/asan_interceptors.cpp:234
      		 
       
      		 
      Thread T5 created by T0 here:
      		 
          #0 0x7f33088ebae1 in pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:245
      		 
          #1 0x562b52c719f1 in my_thread_create /home/ycp/source/mariadb-server/main/src/storage/perfschema/my_thread.h:38
      		 
          #2 0x562b52c7603c in pfs_spawn_thread_v1 /home/ycp/source/mariadb-server/main/src/storage/perfschema/pfs.cc:2249
      		 
          #3 0x562b51891fe0 in inline_mysql_thread_create /home/ycp/source/mariadb-server/main/src/include/mysql/psi/mysql_thread.h:1139
      		 
          #4 0x562b518a860e in create_thread_to_handle_connection(CONNECT*) /home/ycp/source/mariadb-server/main/src/sql/mysqld.cc:6261
      		 
          #5 0x562b518a8967 in create_new_thread(CONNECT*) /home/ycp/source/mariadb-server/main/src/sql/mysqld.cc:6323
      		 
          #6 0x562b518a8b5e in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /home/ycp/source/mariadb-server/main/src/sql/mysqld.cc:6385
      		 
          #7 0x562b518a9745 in handle_connections_sockets() /home/ycp/source/mariadb-server/main/src/sql/mysqld.cc:6497
      		 
          #8 0x562b518a6adb in run_main_loop /home/ycp/source/mariadb-server/main/src/sql/mysqld.cc:5739
      		 
          #9 0x562b518a81df in mysqld_main(int, char**) /home/ycp/source/mariadb-server/main/src/sql/mysqld.cc:6162
      		 
          #10 0x562b518912a8 in main /home/ycp/source/mariadb-server/main/src/sql/main.cc:34
      		 
          #11 0x7f3308046249 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
      		 
       
      		 
      SUMMARY: AddressSanitizer: unknown-crash ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors_memintrinsics.inc:115 in memcpy
      		 
      Shadow bytes around the buggy address:
      		 
        0x52500023f780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      		 
        0x52500023f800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      		 
        0x52500023f880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      		 
        0x52500023f900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      		 
        0x52500023f980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      		 
      =>0x52500023fa00: f7 00[01]00 01 f7 00 00 00 f7 00 00 00 00 00 00
      		 
        0x52500023fa80: 00 00 00 00 00 00 00 00 00 00 f7 00 f7 f7 00 00
      		 
        0x52500023fb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      		 
        0x52500023fb80: 00 00 00 00 00 00 00 00 f7 00 00 00 00 00 00 00
      		 
        0x52500023fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      		 
        0x52500023fc80: 00 00 00 f7 00 00 00 00 00 00 00 00 00 00 00 00
      		 
      Shadow byte legend (one shadow byte represents 8 application bytes):
      		 
        Addressable:           00
      		 
        Partially addressable: 01 02 03 04 05 06 07 
        Heap left redzone:       fa
      		 
        Freed heap region:       fd
      		 
        Stack left redzone:      f1
      		 
        Stack mid redzone:       f2
      		 
        Stack right redzone:     f3
      		 
        Stack after return:      f5
      		 
        Stack use after scope:   f8
      		 
        Global redzone:          f9
      		 
        Global init order:       f6
      		 
        Poisoned by user:        f7
      		 
        Container overflow:      fc
      		 
        Array cookie:            ac
      		 
        Intra object redzone:    bb
      		 
        ASan internal:           fe
      		 
        Left alloca redzone:     ca
      		 
        Right alloca redzone:    cb
      		 
      ==3369712==ABORTING
      		 
      250306 10:41:31 [ERROR] /home/ycp/source/mariadb-server/main/build/sql/mariadbd got signal 6 ;
      		 
      Sorry, we probably made a mistake, and this is a bug.
      		 
       
      		 
      Your assistance in bug reporting will enable us to fix this for the next release.
      		 
      To report this bug, see https://mariadb.com/kb/en/reporting-bugs about how to report
      		 
      a bug on https://jira.mariadb.org/.
      		 
       
      		 
      Please include the information from the server start above, to the end of the
      		 
      information below.
      		 
       
      		 
      Server version: 12.0.0-MariaDB-debug-log source revision: 2cf9fec6bb86b0784d49f16661403cf48a6d3b9e
      		 
       
      		 
      The information page at https://mariadb.com/kb/en/how-to-produce-a-full-stack-trace-for-mariadbd/
      		 
      contains instructions to obtain a better version of the backtrace below.
      		 
      Following these instructions will help MariaDB developers provide a fix quicker.
      		 
       
      		 
      Attempting backtrace. Include this in the bug report.
      		 
      (note: Retrieving this information may fail)
      		 
       
      		 
      Thread pointer: 0x52c0000b0288
      		 
      stack_bottom = 0x7f32f4a19000 thread_stack 0xb00000
      		 
      sanitizer_common/sanitizer_common_interceptors.inc:4358(___interceptor_backtrace.part.0)[0x7f330887dd33]
      		 
      mysys/stacktrace.c:215(my_print_stacktrace)[0x562b53994a5d]
      		 
      sql/signal_handler.cc:230(handle_fatal_signal)[0x562b525218ad]
      		 
      libc_sigaction.c:0(__restore_rt)[0x7f330805b050]
      		 
      nptl/pthread_kill.c:44(__pthread_kill_implementation)[0x7f33080a9e2c]
      		 
      posix/raise.c:27(__GI_raise)[0x7f330805afb2]
      		 
      stdlib/abort.c:81(__GI_abort)[0x7f3308045472]
      		 
      sanitizer_common/sanitizer_libc.h:52(__sanitizer::internal_memset(void*, int, unsigned long))[0x7f3308912f6f]
      		 
      sanitizer_common/sanitizer_termination.cpp:59(__sanitizer::Die())[0x7f330892276c]
      		 
      asan/asan_report.cpp:192(__asan::ScopedInErrorReport::~ScopedInErrorReport())[0x7f33088fdc5f]
      		 
      asan/asan_report.cpp:497(__asan::ReportGenericError(unsigned long, unsigned long, unsigned long, unsigned long, bool, unsigned long, unsigned int, bool))[0x7f33088fd2c0]
      		 
      sanitizer_common/sanitizer_common_interceptors_memintrinsics.inc:115(___interceptor_memcpy)[0x7f33088f18d1]
      		 
      sql/opt_range.cc:16680(QUICK_GROUP_MIN_MAX_SELECT::next_min_max_in_range(bool, bool))[0x562b5193ff89]
      		 
      sql/opt_range.cc:16365(QUICK_GROUP_MIN_MAX_SELECT::next_min_max(bool, bool))[0x562b5193e40a]
      		 
      sql/opt_range.cc:16240(QUICK_GROUP_MIN_MAX_SELECT::get_next())[0x562b5193db5c]
      		 
      sql/records.cc:398(rr_quick(READ_RECORD*))[0x562b5198748c]
      		 
      sql/records.h:77(READ_RECORD::read_record())[0x562b51951cae]
      		 
      sql/sql_select.cc:25251(join_init_read_record(st_join_table*))[0x562b51db3799]
      		 
      sql/sql_select.cc:24183(sub_select(JOIN*, st_join_table*, bool))[0x562b51dacf00]
      		 
      sql/sql_select.cc:23697(do_select(JOIN*, Procedure*))[0x562b51dab30c]
      		 
      sql/sql_select.cc:5059(JOIN::exec_inner())[0x562b51d2c518]
      		 
      sql/sql_select.cc:4842(JOIN::exec())[0x562b51d29c88]
      		 
      sql/sql_select.cc:5375(mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x562b51d2d963]
      		 
      sql/sql_select.cc:633(handle_select(THD*, LEX*, select_result*, unsigned long long))[0x562b51d01065]
      		 
      sql/sql_parse.cc:6191(execute_sqlcom_select(THD*, TABLE_LIST*))[0x562b51c3fa93]
      		 
      sql/sql_parse.cc:3979(mysql_execute_command(THD*, bool))[0x562b51c2faef]
      		 
      sql/sql_parse.cc:7915(mysql_parse(THD*, char*, unsigned int, Parser_state*))[0x562b51c49371]
      		 
      sql/sql_parse.cc:1904(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool))[0x562b51c22256]
      		 
      sql/sql_parse.cc:1415(do_command(THD*, bool))[0x562b51c1f64a]
      		 
      sql/sql_connect.cc:1415(do_handle_one_connection(CONNECT*, bool))[0x562b520ae458]
      		 
      sql/sql_connect.cc:1333(handle_one_connection)[0x562b520adfed]
      		 
      perfschema/pfs.cc:2200(pfs_spawn_thread)[0x562b52c75c4e]
      		 
      asan/asan_interceptors.cpp:234(asan_thread_start(void*))[0x7f330885ae56]
      		 
      nptl/pthread_create.c:442(start_thread)[0x7f33080a8134]
      		 
      x86_64/clone3.S:83(clone3)[0x7f33081287dc]
      		 
       
      		 
      Connection ID (thread ID): 4
      		 
      Status: NOT_KILLED
      		 
      Query (0x52d0003524a8): SELECT MIN(b) FROM t1 WHERE b = 3 OR b IS NULL GROUP BY a
      		 
      Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on,not_null_range_scan=off,hash_join_cardinality=on,cset_narrowing=on,sargable_casefold=on
      		 
       
      		 
      Writing a core file...
      		 
      Working directory at /home/ycp/source/mariadb-server/main/build/mysql-test/var/mysqld.1/data
      		 
      Resource Limits (excludes unlimited resources):
      		 
      Limit                     Soft Limit           Hard Limit           Units     
      Max stack size            10022912             unlimited            bytes     
      Max processes             124970               124970               processes 
      Max open files            1024                 1024                 files     
      Max locked memory         4106170368           4106170368           bytes     
      Max pending signals       124970               124970               signals   
      Max msgqueue size         819200               819200               bytes     
      Max nice priority         0                    0                    
      Max realtime priority     0                    0                    
      Core pattern: core
      		 
       
      		 
      Kernel version: Linux version 6.1.0-22-amd64 (debian-kernel@lists.debian.org) (gcc-12 (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40) #1 SMP PREEMPT_DYNAMIC Debian 6.1.94-1 (2024-06-21)
      		 
       
      		 
      ----------SERVER LOG END-------------
      		 
       
      		 
       
      		 
       - found 'core' (0/5)
      		 
      Core generated by '/home/ycp/source/mariadb-server/main/build/sql/mariadbd'
      		 
      Output from gdb follows. The first stack trace is from the failing thread.
      		 
      The following stack traces are from all threads (so the failing one is
      		 
      duplicated).
      		 
      --------------------------
      		 
      No symbol table is loaded.  Use the "file" command.
      		 
      Make breakpoint pending on future shared library load? (y or [n]) [answered N; input not from terminal]
      		 
      [New LWP 3369721]
      		 
      [New LWP 3369718]
      		 
      [New LWP 3369716]
      		 
      [New LWP 3369715]
      		 
      [New LWP 3369717]
      		 
      [New LWP 3369712]
      		 
      [Thread debugging using libthread_db enabled]
      		 
      Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
      		 
      Core was generated by `/home/ycp/source/mariadb-server/main/build/sql/mariadbd --defaults-group-suffix'.
      		 
      Program terminated with signal SIGABRT, Aborted.
      		 
      #0  __pthread_kill_implementation (threadid=<optimized out>, signo=6, no_tid=<optimized out>) at ./nptl/pthread_kill.c:44
      		 
      44	./nptl/pthread_kill.c: No such file or directory.
      		 
      [Current thread is 1 (Thread 0x7f32f4a186c0 (LWP 3369721))]
      		 
       
      		 
      Thread 6 (Thread 0x7f3308490a40 (LWP 3369712)):
      		 
      #0  0x00007f330811b15f in __GI___poll (fds=0x512000007148, nfds=3, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
      		 
      #1  0x00007f33088d4206 in ___interceptor_poll (fds=0x512000007148, nfds=3, timeout=-1) at ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:4124
      		 
      #2  0x0000562b518a93ad in handle_connections_sockets () at /home/ycp/source/mariadb-server/main/src/sql/mysqld.cc:6457
      		 
      #3  0x0000562b518a6adc in run_main_loop () at /home/ycp/source/mariadb-server/main/src/sql/mysqld.cc:5739
      		 
      #4  0x0000562b518a81e0 in mysqld_main (argc=141, argv=0x521000005310) at /home/ycp/source/mariadb-server/main/src/sql/mysqld.cc:6162
      		 
      #5  0x0000562b518912a9 in main (argc=6, argv=0x7fff6b5c1c78) at /home/ycp/source/mariadb-server/main/src/sql/main.cc:34
      		 
       
      		 
      Thread 5 (Thread 0x7f32f896b6c0 (LWP 3369717)):
      		 
      #0  __futex_abstimed_wait_common64 (private=0, cancel=true, abstime=0x0, op=393, expected=0, futex_word=0x562b56730308 <COND_manager+40>) at ./nptl/futex-internal.c:57
      		 
      #1  __futex_abstimed_wait_common (futex_word=futex_word@entry=0x562b56730308 <COND_manager+40>, expected=expected@entry=0, clockid=clockid@entry=0, abstime=abstime@entry=0x0, private=private@entry=0, cancel=cancel@entry=true) at ./nptl/futex-internal.c:87
      		 
      #2  0x00007f33080a4efb in __GI___futex_abstimed_wait_cancelable64 (futex_word=futex_word@entry=0x562b56730308 <COND_manager+40>, expected=expected@entry=0, clockid=clockid@entry=0, abstime=abstime@entry=0x0, private=private@entry=0) at ./nptl/futex-internal.c:139
      		 
      #3  0x00007f33080a7558 in __pthread_cond_wait_common (abstime=0x0, clockid=0, mutex=0x562b56730228 <LOCK_manager+40>, cond=0x562b567302e0 <COND_manager>) at ./nptl/pthread_cond_wait.c:503
      		 
      #4  ___pthread_cond_wait (cond=0x562b567302e0 <COND_manager>, mutex=0x562b56730228 <LOCK_manager+40>) at ./nptl/pthread_cond_wait.c:618
      		 
      #5  0x0000562b5399ef30 in safe_cond_wait (cond=0x562b567302e0 <COND_manager>, mp=0x562b56730200 <LOCK_manager>, file=0x562b55037a20 "/home/ycp/source/mariadb-server/main/src/mysys/my_thr_init.c", line=580) at /home/ycp/source/mariadb-server/main/src/mysys/thr_mutex.c:489
      		 
      #6  0x0000562b53990618 in psi_cond_wait (that=0x562b567302e0 <COND_manager>, mutex=0x562b56730200 <LOCK_manager>, file=0x562b54067840 "/home/ycp/source/mariadb-server/main/src/sql/sql_manager.cc", line=110) at /home/ycp/source/mariadb-server/main/src/mysys/my_thr_init.c:580
      		 
      #7  0x0000562b51c16b46 in inline_mysql_cond_wait (that=0x562b567302e0 <COND_manager>, mutex=0x562b56730200 <LOCK_manager>, src_file=0x562b54067840 "/home/ycp/source/mariadb-server/main/src/sql/sql_manager.cc", src_line=110) at /home/ycp/source/mariadb-server/main/src/include/mysql/psi/mysql_thread.h:1070
      		 
      #8  0x0000562b51c171a0 in handle_manager (arg=0x0) at /home/ycp/source/mariadb-server/main/src/sql/sql_manager.cc:110
      		 
      #9  0x0000562b52c75c4e in pfs_spawn_thread (arg=0x518000001508) at /home/ycp/source/mariadb-server/main/src/storage/perfschema/pfs.cc:2198
      		 
      #10 0x00007f330885ae56 in asan_thread_start (arg=0x7f32f896c000) at ../../../../src/libsanitizer/asan/asan_interceptors.cpp:234
      		 
      #11 0x00007f33080a8134 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
      		 
      #12 0x00007f33081287dc in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
      		 
       
      		 
      Thread 4 (Thread 0x7f3305c136c0 (LWP 3369715)):
      		 
      #0  __futex_abstimed_wait_common64 (private=0, cancel=true, abstime=0x7f32faffdac0, op=393, expected=0, futex_word=0x562b570650c8 <COND_timer+40>) at ./nptl/futex-internal.c:57
      		 
      #1  __futex_abstimed_wait_common (futex_word=futex_word@entry=0x562b570650c8 <COND_timer+40>, expected=expected@entry=0, clockid=clockid@entry=0, abstime=abstime@entry=0x7f32faffdac0, private=private@entry=0, cancel=cancel@entry=true) at ./nptl/futex-internal.c:87
      		 
      #2  0x00007f33080a4efb in __GI___futex_abstimed_wait_cancelable64 (futex_word=futex_word@entry=0x562b570650c8 <COND_timer+40>, expected=expected@entry=0, clockid=clockid@entry=0, abstime=abstime@entry=0x7f32faffdac0, private=private@entry=0) at ./nptl/futex-internal.c:139
      		 
      #3  0x00007f33080a783c in __pthread_cond_wait_common (abstime=0x7f32faffdac0, clockid=0, mutex=0x562b57064fe8 <LOCK_timer+40>, cond=0x562b570650a0 <COND_timer>) at ./nptl/pthread_cond_wait.c:503
      		 
      #4  ___pthread_cond_timedwait64 (cond=0x562b570650a0 <COND_timer>, mutex=0x562b57064fe8 <LOCK_timer+40>, abstime=0x7f32faffdac0) at ./nptl/pthread_cond_wait.c:643
      		 
      #5  0x0000562b5399f817 in safe_cond_timedwait (cond=0x562b570650a0 <COND_timer>, mp=0x562b57064fc0 <LOCK_timer>, abstime=0x7f32faffdac0, file=0x562b55037a20 "/home/ycp/source/mariadb-server/main/src/mysys/my_thr_init.c", line=593) at /home/ycp/source/mariadb-server/main/src/mysys/thr_mutex.c:543
      		 
      #6  0x0000562b539908af in psi_cond_timedwait (that=0x562b570650a0 <COND_timer>, mutex=0x562b57064fc0 <LOCK_timer>, abstime=0x7f32faffdac0, file=0x562b5503a340 "/home/ycp/source/mariadb-server/main/src/mysys/thr_timer.c", line=329) at /home/ycp/source/mariadb-server/main/src/mysys/my_thr_init.c:593
      		 
      #7  0x0000562b539a1579 in inline_mysql_cond_timedwait (that=0x562b570650a0 <COND_timer>, mutex=0x562b57064fc0 <LOCK_timer>, abstime=0x7f32faffdac0, src_file=0x562b5503a340 "/home/ycp/source/mariadb-server/main/src/mysys/thr_timer.c", src_line=329) at /home/ycp/source/mariadb-server/main/src/include/mysql/psi/mysql_thread.h:1086
      		 
      #8  0x0000562b539a2c37 in timer_handler (arg=0x0) at /home/ycp/source/mariadb-server/main/src/mysys/thr_timer.c:329
      		 
      #9  0x0000562b52c75c4e in pfs_spawn_thread (arg=0x518000000108) at /home/ycp/source/mariadb-server/main/src/storage/perfschema/pfs.cc:2198
      		 
      #10 0x00007f330885ae56 in asan_thread_start (arg=0x7f3307202000) at ../../../../src/libsanitizer/asan/asan_interceptors.cpp:234
      		 
      #11 0x00007f33080a8134 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
      		 
      #12 0x00007f33081287dc in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
      		 
       
      		 
      Thread 3 (Thread 0x7f32fa0d46c0 (LWP 3369716)):
      		 
      #0  __futex_abstimed_wait_common64 (private=0, cancel=true, abstime=0x7f32f8c453e0, op=393, expected=0, futex_word=0x562b56f97028 <COND_checkpoint+40>) at ./nptl/futex-internal.c:57
      		 
      #1  __futex_abstimed_wait_common (futex_word=futex_word@entry=0x562b56f97028 <COND_checkpoint+40>, expected=expected@entry=0, clockid=clockid@entry=0, abstime=abstime@entry=0x7f32f8c453e0, private=private@entry=0, cancel=cancel@entry=true) at ./nptl/futex-internal.c:87
      		 
      #2  0x00007f33080a4efb in __GI___futex_abstimed_wait_cancelable64 (futex_word=futex_word@entry=0x562b56f97028 <COND_checkpoint+40>, expected=expected@entry=0, clockid=clockid@entry=0, abstime=abstime@entry=0x7f32f8c453e0, private=private@entry=0) at ./nptl/futex-internal.c:139
      		 
      #3  0x00007f33080a783c in __pthread_cond_wait_common (abstime=0x7f32f8c453e0, clockid=0, mutex=0x562b56f96f48 <LOCK_checkpoint+40>, cond=0x562b56f97000 <COND_checkpoint>) at ./nptl/pthread_cond_wait.c:503
      		 
      #4  ___pthread_cond_timedwait64 (cond=0x562b56f97000 <COND_checkpoint>, mutex=0x562b56f96f48 <LOCK_checkpoint+40>, abstime=0x7f32f8c453e0) at ./nptl/pthread_cond_wait.c:643
      		 
      #5  0x0000562b5399f817 in safe_cond_timedwait (cond=0x562b56f97000 <COND_checkpoint>, mp=0x562b56f96f20 <LOCK_checkpoint>, abstime=0x7f32f8c453e0, file=0x562b55037a20 "/home/ycp/source/mariadb-server/main/src/mysys/my_thr_init.c", line=593) at /home/ycp/source/mariadb-server/main/src/mysys/thr_mutex.c:543
      		 
      #6  0x0000562b539908af in psi_cond_timedwait (that=0x562b56f97000 <COND_checkpoint>, mutex=0x562b56f96f20 <LOCK_checkpoint>, abstime=0x7f32f8c453e0, file=0x562b547c56e0 "/home/ycp/source/mariadb-server/main/src/storage/maria/ma_servicethread.c", line=115) at /home/ycp/source/mariadb-server/main/src/mysys/my_thr_init.c:593
      		 
      #7  0x0000562b52ace4e2 in inline_mysql_cond_timedwait (that=0x562b56f97000 <COND_checkpoint>, mutex=0x562b56f96f20 <LOCK_checkpoint>, abstime=0x7f32f8c453e0, src_file=0x562b547c56e0 "/home/ycp/source/mariadb-server/main/src/storage/maria/ma_servicethread.c", src_line=115) at /home/ycp/source/mariadb-server/main/src/include/mysql/psi/mysql_thread.h:1086
      		 
      #8  0x0000562b52aced40 in my_service_thread_sleep (control=0x562b55e50900 <checkpoint_control>, sleep_time=29000000000) at /home/ycp/source/mariadb-server/main/src/storage/maria/ma_servicethread.c:115
      		 
      #9  0x0000562b52ab464c in ma_checkpoint_background (arg=0x1e) at /home/ycp/source/mariadb-server/main/src/storage/maria/ma_checkpoint.c:726
      		 
      #10 0x0000562b52c75c4e in pfs_spawn_thread (arg=0x518000000d08) at /home/ycp/source/mariadb-server/main/src/storage/perfschema/pfs.cc:2198
      		 
      #11 0x00007f330885ae56 in asan_thread_start (arg=0x7f32fa0d5000) at ../../../../src/libsanitizer/asan/asan_interceptors.cpp:234
      		 
      #12 0x00007f33080a8134 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
      		 
      #13 0x00007f33081287dc in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
      		 
       
      		 
      Thread 2 (Thread 0x7f32f60406c0 (LWP 3369718)):
      		 
      #0  0x00007f330805bc82 in __GI___sigtimedwait (set=0x7f32f4c3f060, info=0x7f32f4c3f820, timeout=0x0) at ../sysdeps/unix/sysv/linux/sigtimedwait.c:31
      		 
      #1  0x00007f3308885aeb in ___interceptor_sigwaitinfo (set=0x7f32f4c3f060, info=0x7f32f4c3f820) at ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:4204
      		 
      #2  0x0000562b518914cb in my_sigwait (set=0x7f32f4c3f060, sig=0x7f32f4c3f030, code=0x7f32f4c3f040) at /home/ycp/source/mariadb-server/main/src/include/my_pthread.h:180
      		 
      #3  0x0000562b5189e7e8 in signal_hand () at /home/ycp/source/mariadb-server/main/src/sql/mysqld.cc:3277
      		 
      #4  0x0000562b52c75c4e in pfs_spawn_thread (arg=0x518000002508) at /home/ycp/source/mariadb-server/main/src/storage/perfschema/pfs.cc:2198
      		 
      #5  0x00007f330885ae56 in asan_thread_start (arg=0x7f32f6041000) at ../../../../src/libsanitizer/asan/asan_interceptors.cpp:234
      		 
      #6  0x00007f33080a8134 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
      		 
      #7  0x00007f33081287dc in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
      		 
       
      		 
      Thread 1 (Thread 0x7f32f4a186c0 (LWP 3369721)):
      		 
      #0  __pthread_kill_implementation (threadid=<optimized out>, signo=6, no_tid=<optimized out>) at ./nptl/pthread_kill.c:44
      		 
      #1  0x0000562b53994bbf in my_write_core (sig=6) at /home/ycp/source/mariadb-server/main/src/mysys/stacktrace.c:424
      		 
      #2  0x0000562b52521c8e in handle_fatal_signal (sig=6) at /home/ycp/source/mariadb-server/main/src/sql/signal_handler.cc:298
      		 
      #3  <signal handler called>
      		 
      #4  __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at ./nptl/pthread_kill.c:44
      		 
      #5  0x00007f33080a9e8f in __pthread_kill_internal (signo=6, threadid=<optimized out>) at ./nptl/pthread_kill.c:78
      		 
      #6  0x00007f330805afb2 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
      		 
      #7  0x00007f3308045472 in __GI_abort () at ./stdlib/abort.c:79
      		 
      #8  0x00007f3308912f6f in __sanitizer::Abort () at ../../../../src/libsanitizer/sanitizer_common/sanitizer_posix_libcdep.cpp:143
      		 
      #9  0x00007f330892276c in __sanitizer::Die () at ../../../../src/libsanitizer/sanitizer_common/sanitizer_termination.cpp:58
      		 
      #10 0x00007f33088fdc5f in __asan::ScopedInErrorReport::~ScopedInErrorReport (this=0x7f32f4a132e6, __in_chrg=<optimized out>) at ../../../../src/libsanitizer/asan/asan_report.cpp:192
      		 
      #11 0x00007f33088fd2c0 in __asan::ReportGenericError (pc=139857163655350, bp=139856829302672, sp=sp@entry=139856829300560, addr=90503553219089, is_write=is_write@entry=false, access_size=16, fatal=false, exp=<optimized out>) at ../../../../src/libsanitizer/asan/asan_report.cpp:497
      		 
      #12 0x00007f33088fd42e in __asan::ReportGenericError (pc=<optimized out>, bp=bp@entry=139856829302672, sp=sp@entry=139856829300560, addr=addr@entry=90503553219089, is_write=is_write@entry=false, access_size=access_size@entry=16, exp=<optimized out>, fatal=false) at ../../../../src/libsanitizer/asan/asan_report.cpp:497
      		 
      #13 0x00007f33088f18d1 in ___interceptor_memcpy (dst=0x52500023fa18, src=0x52500023fa08, size=16) at ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors_memintrinsics.inc:115
      		 
      #14 0x0000562b5193ff89 in QUICK_GROUP_MIN_MAX_SELECT::next_min_max_in_range (this=0x513000051100, min=true, reverse=false) at /home/ycp/source/mariadb-server/main/src/sql/opt_range.cc:16679
      		 
      #15 0x0000562b5193e40a in QUICK_GROUP_MIN_MAX_SELECT::next_min_max (this=0x513000051100, min=true, reverse=false) at /home/ycp/source/mariadb-server/main/src/sql/opt_range.cc:16365
      		 
      #16 0x0000562b5193db5c in QUICK_GROUP_MIN_MAX_SELECT::get_next (this=0x513000051100) at /home/ycp/source/mariadb-server/main/src/sql/opt_range.cc:16240
      		 
      #17 0x0000562b5198748c in rr_quick (info=0x52d000357140) at /home/ycp/source/mariadb-server/main/src/sql/records.cc:398
      		 
      #18 0x0000562b51951cae in READ_RECORD::read_record (this=0x52d000357140) at /home/ycp/source/mariadb-server/main/src/sql/records.h:77
      		 
      #19 0x0000562b51db3799 in join_init_read_record (tab=0x52d000357070) at /home/ycp/source/mariadb-server/main/src/sql/sql_select.cc:25251
      		 
      #20 0x0000562b51dacf00 in sub_select (join=0x52d000354700, join_tab=0x52d000357070, end_of_records=false) at /home/ycp/source/mariadb-server/main/src/sql/sql_select.cc:24183
      		 
      #21 0x0000562b51dab30c in do_select (join=0x52d000354700, procedure=0x0) at /home/ycp/source/mariadb-server/main/src/sql/sql_select.cc:23697
      		 
      #22 0x0000562b51d2c518 in JOIN::exec_inner (this=0x52d000354700) at /home/ycp/source/mariadb-server/main/src/sql/sql_select.cc:5059
      		 
      #23 0x0000562b51d29c88 in JOIN::exec (this=0x52d000354700) at /home/ycp/source/mariadb-server/main/src/sql/sql_select.cc:4842
      		 
      #24 0x0000562b51d2d963 in mysql_select (thd=0x52c0000b0288, tables=0x52d000352d80, fields=@0x52d000352840: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x52d000352ce8, last = 0x52d000352ce8, elements = 1}, <No data fields>}, conds=0x52d000353ac8, og_num=1, order=0x0, group=0x52d000353d10, having=0x0, proc_param=0x0, select_options=2164525824, result=0x52d0003546d0, unit=0x52c0000b47b0, select_lex=0x52d000352588) at /home/ycp/source/mariadb-server/main/src/sql/sql_select.cc:5375
      		 
      #25 0x0000562b51d01065 in handle_select (thd=0x52c0000b0288, lex=0x52c0000b46d0, result=0x52d0003546d0, setup_tables_done_option=0) at /home/ycp/source/mariadb-server/main/src/sql/sql_select.cc:633
      		 
      #26 0x0000562b51c3fa93 in execute_sqlcom_select (thd=0x52c0000b0288, all_tables=0x52d000352d80) at /home/ycp/source/mariadb-server/main/src/sql/sql_parse.cc:6191
      		 
      #27 0x0000562b51c2faef in mysql_execute_command (thd=0x52c0000b0288, is_called_from_prepared_stmt=false) at /home/ycp/source/mariadb-server/main/src/sql/sql_parse.cc:3979
      		 
      #28 0x0000562b51c49371 in mysql_parse (thd=0x52c0000b0288, rawbuf=0x52d0003524a8 "SELECT MIN(b) FROM t1 WHERE b = 3 OR b IS NULL GROUP BY a", length=57, parser_state=0x7f32f3b29280) at /home/ycp/source/mariadb-server/main/src/sql/sql_parse.cc:7915
      		 
      #29 0x0000562b51c22256 in dispatch_command (command=COM_QUERY, thd=0x52c0000b0288, packet=0x529000253289 "", packet_length=57, blocking=true) at /home/ycp/source/mariadb-server/main/src/sql/sql_parse.cc:1902
      		 
      #30 0x0000562b51c1f64a in do_command (thd=0x52c0000b0288, blocking=true) at /home/ycp/source/mariadb-server/main/src/sql/sql_parse.cc:1415
      		 
      #31 0x0000562b520ae458 in do_handle_one_connection (connect=0x511000024388, put_in_cache=true) at /home/ycp/source/mariadb-server/main/src/sql/sql_connect.cc:1415
      		 
      #32 0x0000562b520adfed in handle_one_connection (arg=0x511000024248) at /home/ycp/source/mariadb-server/main/src/sql/sql_connect.cc:1327
      		 
      #33 0x0000562b52c75c4e in pfs_spawn_thread (arg=0x518000004d08) at /home/ycp/source/mariadb-server/main/src/storage/perfschema/pfs.cc:2198
      		 
      #34 0x00007f330885ae56 in asan_thread_start (arg=0x7f32f4a19000) at ../../../../src/libsanitizer/asan/asan_interceptors.cpp:234
      		 
      #35 0x00007f33080a8134 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
      		 
      #36 0x00007f33081287dc in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
      		 
       
      		 
       - saving '/home/ycp/source/mariadb-server/main/build/mysql-test/var/log/temp.mdev_32732_asan/' to '/home/ycp/source/mariadb-server/main/build/mysql-test/var/log/temp.mdev_32732_asan/'
      		 
      ***Warnings generated in error logs during shutdown after running tests: temp.mdev_32732_asan
      		 
       
      		 
      ==3369712==ERROR: AddressSanitizer: unknown-crash on address 0x52500023fa11 at pc 0x7f33088f18b6 bp 0x7f32f4a14790 sp 0x7f32f4a13f50
      		 
      SUMMARY: AddressSanitizer: unknown-crash ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors_memintrinsics.inc:115 in memcpy
      		 
      250306 10:41:31 [ERROR] /home/ycp/source/mariadb-server/main/build/sql/mariadbd got signal 6 ;
      		 
      Attempting backtrace. Include this in the bug report.

      Attachments

        Issue Links

          is part of

          New Feature - A new feature of the product, which has yet to be developed. MDEV-32732 Support DESC indexes in loose scan optimization

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed
          relates to

          New Feature - A new feature of the product, which has yet to be developed. MDEV-32732 Support DESC indexes in loose scan optimization

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            Ascending order - Click to sort in descending order
            ycp Yuchen Pei created issue -
            ycp Yuchen Pei made changes -
            Field Original Value New Value
            Description Testcase:

            {code:sql}
            CREATE TABLE t1 (a int, b int, KEY (a, b));
            insert into t1 values (4, NULL), (1, 14), (4, 3);
            # "b = 3 OR " is not needed for the crash
            SELECT MIN(b) FROM t1 WHERE b = 3 OR b IS NULL GROUP BY a;
            drop table t1;
            {code}

            More to follow.             		Testcase:

            {code:sql}
            CREATE TABLE t1 (a int, b int, KEY (a, b));
            insert into t1 values (4, NULL), (1, 14), (4, 3);
            # "b = 3 OR " is not needed for the crash
            SELECT MIN(b) FROM t1 WHERE b = 3 OR b IS NULL GROUP BY a;
            drop table t1;
            {code}

            The crash happens at the memcpy in the if (cur_range->flag & NULL_RANGE) in next_min_in_range.
            ycp Yuchen Pei made changes -
            Affects Version/s 10.5 [ 23123 ]
            Affects Version/s 10.11 [ 27614 ]
            ycp Yuchen Pei made changes -
            Description Testcase:

            {code:sql}
            CREATE TABLE t1 (a int, b int, KEY (a, b));
            insert into t1 values (4, NULL), (1, 14), (4, 3);
            # "b = 3 OR " is not needed for the crash
            SELECT MIN(b) FROM t1 WHERE b = 3 OR b IS NULL GROUP BY a;
            drop table t1;
            {code}

            The crash happens at the memcpy in the if (cur_range->flag & NULL_RANGE) in next_min_in_range.             		Testcase:

            {code:sql}
            CREATE TABLE t1 (a int, b int, KEY (a, b));
            insert into t1 values (4, NULL), (1, 14), (4, 3);
            # "b = 3 OR " is not needed for the crash
            SELECT MIN(b) FROM t1 WHERE b = 3 OR b IS NULL GROUP BY a;
            drop table t1;
            {code}

            The crash happens at the memcpy in the if (cur_range->flag & NULL_RANGE) in next_min_in_range.

            Likely an old bug as it is present in 10.5.26 from 2024-08.
            ycp Yuchen Pei made changes -
            Description Testcase:

            {code:sql}
            CREATE TABLE t1 (a int, b int, KEY (a, b));
            insert into t1 values (4, NULL), (1, 14), (4, 3);
            # "b = 3 OR " is not needed for the crash
            SELECT MIN(b) FROM t1 WHERE b = 3 OR b IS NULL GROUP BY a;
            drop table t1;
            {code}

            The crash happens at the memcpy in the if (cur_range->flag & NULL_RANGE) in next_min_in_range.

            Likely an old bug as it is present in 10.5.26 from 2024-08.             		Testcase:

            {code:sql}
            CREATE TABLE t1 (a int, b int, KEY (a, b));
            insert into t1 values (4, NULL), (1, 14), (4, 3);
            # "b = 3 OR " is not needed for the crash
            SELECT MIN(b) FROM t1 WHERE b = 3 OR b IS NULL GROUP BY a;
            drop table t1;
            {code}

            The crash happens at the memcpy in the if (cur_range->flag & NULL_RANGE) in next_min_in_range.

            Likely an old bug as it is present in 10.5.26 from 2024-08.

            stack:

            {noformat}
            Thread 1 (Thread 0x7f103e2946c0 (LWP 3288992)):
            #0 __pthread_kill_implementation (threadid=<optimized out>, signo=6, no_tid=<optimized out>) at ./nptl/pthread_kill.c:44
            #1 0x000055b488f4cc54 in my_write_core (sig=6) at /home/ycp/source/mariadb-server/10.11/src/mysys/stacktrace.c:424
            #2 0x000055b4879b83eb in handle_fatal_signal (sig=6) at /home/ycp/source/mariadb-server/10.11/src/sql/signal_handler.cc:298
            #3 <signal handler called>
            #4 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at ./nptl/pthread_kill.c:44
            #5 0x00007f104b19de8f in __pthread_kill_internal (signo=6, threadid=<optimized out>) at ./nptl/pthread_kill.c:78
            #6 0x00007f104b14efb2 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
            #7 0x00007f104b139472 in __GI_abort () at ./stdlib/abort.c:79
            #8 0x00007f104b912f6f in __sanitizer::Abort () at ../../../../src/libsanitizer/sanitizer_common/sanitizer_posix_libcdep.cpp:143
            #9 0x00007f104b92276c in __sanitizer::Die () at ../../../../src/libsanitizer/sanitizer_common/sanitizer_termination.cpp:58
            #10 0x00007f104b8fdc5f in __asan::ScopedInErrorReport::~ScopedInErrorReport (this=0x7f103e28f376, __in_chrg=<optimized out>) at ../../../../src/libsanitizer/asan/asan_report.cpp:192
            #11 0x00007f104b8fd2c0 in __asan::ReportGenericError (pc=139707963873462, bp=139707739080736, sp=sp@entry=139707739078624, addr=90503553188281, is_write=is_write@entry=false, access_size=16, fatal=false, exp=<optimized out>) at ../../../../src/libsanitizer/asan/asan_report.cpp:497
            #12 0x00007f104b8fd42e in __asan::ReportGenericError (pc=<optimized out>, bp=bp@entry=139707739080736, sp=sp@entry=139707739078624, addr=addr@entry=90503553188281, is_write=is_write@entry=false, access_size=access_size@entry=16, exp=<optimized out>, fatal=false) at ../../../../src/libsanitizer/asan/asan_report.cpp:497
            #13 0x00007f104b8f18d1 in ___interceptor_memcpy (dst=0x5250002381c0, src=0x5250002381b0, size=16) at ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors_memintrinsics.inc:115
            #14 0x000055b486d95bd2 in QUICK_GROUP_MIN_MAX_SELECT::next_min_in_range (this=0x5130000512c0) at /home/ycp/source/mariadb-server/10.11/src/sql/opt_range.cc:16009
            #15 0x000055b486d93c9e in QUICK_GROUP_MIN_MAX_SELECT::next_min (this=0x5130000512c0) at /home/ycp/source/mariadb-server/10.11/src/sql/opt_range.cc:15685
            #16 0x000055b486d93397 in QUICK_GROUP_MIN_MAX_SELECT::get_next (this=0x5130000512c0) at /home/ycp/source/mariadb-server/10.11/src/sql/opt_range.cc:15619
            #17 0x000055b486ddac82 in rr_quick (info=0x52d000068df8) at /home/ycp/source/mariadb-server/10.11/src/sql/records.cc:403
            #18 0x000055b486da804a in READ_RECORD::read_record (this=0x52d000068df8) at /home/ycp/source/mariadb-server/10.11/src/sql/records.h:81
            #19 0x000055b487266774 in join_init_read_record (tab=0x52d000068d20) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_select.cc:23957
            #20 0x000055b48725f5cb in sub_select (join=0x52d000066688, join_tab=0x52d000068d20, end_of_records=false) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_select.cc:22921
            #21 0x000055b48725d53b in do_select (join=0x52d000066688, procedure=0x0) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_select.cc:22447
            #22 0x000055b4871e0854 in JOIN::exec_inner (this=0x52d000066688) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_select.cc:4974
            #23 0x000055b4871ddd0c in JOIN::exec (this=0x52d000066688) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_select.cc:4752
            #24 0x000055b4871e21a6 in mysql_select (thd=0x52c0000b0288, tables=0x52d000064d78, fields=@0x52d000064848: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x52d000064ce0, last = 0x52d000064ce0, elements = 1}, <No data fields>}, conds=0x52d000065a88, og_num=1, order=0x0, group=0x52d000065cc0, having=0x0, proc_param=0x0, select_options=2164525824, result=0x52d000066658, unit=0x52c0000b4748, select_lex=0x52d000064588) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_select.cc:5232
            #25 0x000055b4871b0b44 in handle_select (thd=0x52c0000b0288, lex=0x52c0000b4670, result=0x52d000066658, setup_tables_done_option=0) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_select.cc:600
            #26 0x000055b4870d4eb2 in execute_sqlcom_select (thd=0x52c0000b0288, all_tables=0x52d000064d78) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_parse.cc:6426
            #27 0x000055b4870c2e9d in mysql_execute_command (thd=0x52c0000b0288, is_called_from_prepared_stmt=false) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_parse.cc:4012
            #28 0x000055b4870df7d0 in mysql_parse (thd=0x52c0000b0288, rawbuf=0x52d0000644a8 "SELECT MIN(b) FROM t1 WHERE b = 3 OR b IS NULL GROUP BY a", length=57, parser_state=0x7f103d445250) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_parse.cc:8188
            #29 0x000055b4870b4da8 in dispatch_command (command=COM_QUERY, thd=0x52c0000b0288, packet=0x52900024e289 "", packet_length=57, blocking=true) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_parse.cc:1905
            #30 0x000055b4870b1af6 in do_command (thd=0x52c0000b0288, blocking=true) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_parse.cc:1418
            #31 0x000055b48757b96e in do_handle_one_connection (connect=0x5110000212c8, put_in_cache=true) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_connect.cc:1386
            #32 0x000055b48757b4d2 in handle_one_connection (arg=0x511000021188) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_connect.cc:1298
            #33 0x000055b4881a5df6 in pfs_spawn_thread (arg=0x518000004908) at /home/ycp/source/mariadb-server/10.11/src/storage/perfschema/pfs.cc:2201
            #34 0x00007f104b85ae56 in asan_thread_start (arg=0x7f103e295000) at ../../../../src/libsanitizer/asan/asan_interceptors.cpp:234
            #35 0x00007f104b19c134 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
            #36 0x00007f104b21c7dc in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
            {noformat}
            ycp Yuchen Pei made changes -
            Description Testcase:

            {code:sql}
            CREATE TABLE t1 (a int, b int, KEY (a, b));
            insert into t1 values (4, NULL), (1, 14), (4, 3);
            # "b = 3 OR " is not needed for the crash
            SELECT MIN(b) FROM t1 WHERE b = 3 OR b IS NULL GROUP BY a;
            drop table t1;
            {code}

            The crash happens at the memcpy in the if (cur_range->flag & NULL_RANGE) in next_min_in_range.

            Likely an old bug as it is present in 10.5.26 from 2024-08.

            stack:

            {noformat}
            Thread 1 (Thread 0x7f103e2946c0 (LWP 3288992)):
            #0 __pthread_kill_implementation (threadid=<optimized out>, signo=6, no_tid=<optimized out>) at ./nptl/pthread_kill.c:44
            #1 0x000055b488f4cc54 in my_write_core (sig=6) at /home/ycp/source/mariadb-server/10.11/src/mysys/stacktrace.c:424
            #2 0x000055b4879b83eb in handle_fatal_signal (sig=6) at /home/ycp/source/mariadb-server/10.11/src/sql/signal_handler.cc:298
            #3 <signal handler called>
            #4 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at ./nptl/pthread_kill.c:44
            #5 0x00007f104b19de8f in __pthread_kill_internal (signo=6, threadid=<optimized out>) at ./nptl/pthread_kill.c:78
            #6 0x00007f104b14efb2 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
            #7 0x00007f104b139472 in __GI_abort () at ./stdlib/abort.c:79
            #8 0x00007f104b912f6f in __sanitizer::Abort () at ../../../../src/libsanitizer/sanitizer_common/sanitizer_posix_libcdep.cpp:143
            #9 0x00007f104b92276c in __sanitizer::Die () at ../../../../src/libsanitizer/sanitizer_common/sanitizer_termination.cpp:58
            #10 0x00007f104b8fdc5f in __asan::ScopedInErrorReport::~ScopedInErrorReport (this=0x7f103e28f376, __in_chrg=<optimized out>) at ../../../../src/libsanitizer/asan/asan_report.cpp:192
            #11 0x00007f104b8fd2c0 in __asan::ReportGenericError (pc=139707963873462, bp=139707739080736, sp=sp@entry=139707739078624, addr=90503553188281, is_write=is_write@entry=false, access_size=16, fatal=false, exp=<optimized out>) at ../../../../src/libsanitizer/asan/asan_report.cpp:497
            #12 0x00007f104b8fd42e in __asan::ReportGenericError (pc=<optimized out>, bp=bp@entry=139707739080736, sp=sp@entry=139707739078624, addr=addr@entry=90503553188281, is_write=is_write@entry=false, access_size=access_size@entry=16, exp=<optimized out>, fatal=false) at ../../../../src/libsanitizer/asan/asan_report.cpp:497
            #13 0x00007f104b8f18d1 in ___interceptor_memcpy (dst=0x5250002381c0, src=0x5250002381b0, size=16) at ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors_memintrinsics.inc:115
            #14 0x000055b486d95bd2 in QUICK_GROUP_MIN_MAX_SELECT::next_min_in_range (this=0x5130000512c0) at /home/ycp/source/mariadb-server/10.11/src/sql/opt_range.cc:16009
            #15 0x000055b486d93c9e in QUICK_GROUP_MIN_MAX_SELECT::next_min (this=0x5130000512c0) at /home/ycp/source/mariadb-server/10.11/src/sql/opt_range.cc:15685
            #16 0x000055b486d93397 in QUICK_GROUP_MIN_MAX_SELECT::get_next (this=0x5130000512c0) at /home/ycp/source/mariadb-server/10.11/src/sql/opt_range.cc:15619
            #17 0x000055b486ddac82 in rr_quick (info=0x52d000068df8) at /home/ycp/source/mariadb-server/10.11/src/sql/records.cc:403
            #18 0x000055b486da804a in READ_RECORD::read_record (this=0x52d000068df8) at /home/ycp/source/mariadb-server/10.11/src/sql/records.h:81
            #19 0x000055b487266774 in join_init_read_record (tab=0x52d000068d20) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_select.cc:23957
            #20 0x000055b48725f5cb in sub_select (join=0x52d000066688, join_tab=0x52d000068d20, end_of_records=false) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_select.cc:22921
            #21 0x000055b48725d53b in do_select (join=0x52d000066688, procedure=0x0) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_select.cc:22447
            #22 0x000055b4871e0854 in JOIN::exec_inner (this=0x52d000066688) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_select.cc:4974
            #23 0x000055b4871ddd0c in JOIN::exec (this=0x52d000066688) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_select.cc:4752
            #24 0x000055b4871e21a6 in mysql_select (thd=0x52c0000b0288, tables=0x52d000064d78, fields=@0x52d000064848: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x52d000064ce0, last = 0x52d000064ce0, elements = 1}, <No data fields>}, conds=0x52d000065a88, og_num=1, order=0x0, group=0x52d000065cc0, having=0x0, proc_param=0x0, select_options=2164525824, result=0x52d000066658, unit=0x52c0000b4748, select_lex=0x52d000064588) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_select.cc:5232
            #25 0x000055b4871b0b44 in handle_select (thd=0x52c0000b0288, lex=0x52c0000b4670, result=0x52d000066658, setup_tables_done_option=0) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_select.cc:600
            #26 0x000055b4870d4eb2 in execute_sqlcom_select (thd=0x52c0000b0288, all_tables=0x52d000064d78) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_parse.cc:6426
            #27 0x000055b4870c2e9d in mysql_execute_command (thd=0x52c0000b0288, is_called_from_prepared_stmt=false) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_parse.cc:4012
            #28 0x000055b4870df7d0 in mysql_parse (thd=0x52c0000b0288, rawbuf=0x52d0000644a8 "SELECT MIN(b) FROM t1 WHERE b = 3 OR b IS NULL GROUP BY a", length=57, parser_state=0x7f103d445250) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_parse.cc:8188
            #29 0x000055b4870b4da8 in dispatch_command (command=COM_QUERY, thd=0x52c0000b0288, packet=0x52900024e289 "", packet_length=57, blocking=true) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_parse.cc:1905
            #30 0x000055b4870b1af6 in do_command (thd=0x52c0000b0288, blocking=true) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_parse.cc:1418
            #31 0x000055b48757b96e in do_handle_one_connection (connect=0x5110000212c8, put_in_cache=true) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_connect.cc:1386
            #32 0x000055b48757b4d2 in handle_one_connection (arg=0x511000021188) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_connect.cc:1298
            #33 0x000055b4881a5df6 in pfs_spawn_thread (arg=0x518000004908) at /home/ycp/source/mariadb-server/10.11/src/storage/perfschema/pfs.cc:2201
            #34 0x00007f104b85ae56 in asan_thread_start (arg=0x7f103e295000) at ../../../../src/libsanitizer/asan/asan_interceptors.cpp:234
            #35 0x00007f104b19c134 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
            #36 0x00007f104b21c7dc in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
            {noformat}             		Testcase:

            {code:sql}
            CREATE TABLE t1 (a int, b int, KEY (a, b));
            insert into t1 values (4, NULL), (1, 14), (4, 3);
            # "b = 3 OR " is not needed for the crash
            SELECT MIN(b) FROM t1 WHERE b = 3 OR b IS NULL GROUP BY a;
            drop table t1;
            {code}

            The crash happens at the memcpy in the if (cur_range->flag & NULL_RANGE) in next_min_in_range.

            Likely an old bug as it is present in 10.5.26 from 2024-08.

            stack (10.11 43c5d1303f5c7c726db276815c459436110f342f):

            {noformat}
            Thread 1 (Thread 0x7f82ee8946c0 (LWP 3291941)):
            #0 __pthread_kill_implementation (threadid=<optimized out>, signo=6, no_tid=<optimized out>) at ./nptl/pthread_kill.c:44
            #1 0x000055861f039548 in my_write_core (sig=6) at /home/ycp/source/mariadb-server/10.11/src/mysys/stacktrace.c:424
            #2 0x000055861daa53eb in handle_fatal_signal (sig=6) at /home/ycp/source/mariadb-server/10.11/src/sql/signal_handler.cc:298
            #3 <signal handler called>
            #4 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at ./nptl/pthread_kill.c:44
            #5 0x00007f82fb79de8f in __pthread_kill_internal (signo=6, threadid=<optimized out>) at ./nptl/pthread_kill.c:78
            #6 0x00007f82fb74efb2 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
            #7 0x00007f82fb739472 in __GI_abort () at ./stdlib/abort.c:79
            #8 0x00007f82fbf12f6f in __sanitizer::Abort () at ../../../../src/libsanitizer/sanitizer_common/sanitizer_posix_libcdep.cpp:143
            #9 0x00007f82fbf2276c in __sanitizer::Die () at ../../../../src/libsanitizer/sanitizer_common/sanitizer_termination.cpp:58
            #10 0x00007f82fbefdc5f in __asan::ScopedInErrorReport::~ScopedInErrorReport (this=0x7f82ee88f376, __in_chrg=<optimized out>) at ../../../../src/libsanitizer/asan/asan_report.cpp:192
            #11 0x00007f82fbefd2c0 in __asan::ReportGenericError (pc=140200549226678, bp=140200324433952, sp=sp@entry=140200324431840, addr=90503553188281, is_write=is_write@entry=false, access_size=16, fatal=false, exp=<optimized out>) at ../../../../src/libsanitizer/asan/asan_report.cpp:497
            #12 0x00007f82fbefd42e in __asan::ReportGenericError (pc=<optimized out>, bp=bp@entry=140200324433952, sp=sp@entry=140200324431840, addr=addr@entry=90503553188281, is_write=is_write@entry=false, access_size=access_size@entry=16, exp=<optimized out>, fatal=false) at ../../../../src/libsanitizer/asan/asan_report.cpp:497
            #13 0x00007f82fbef18d1 in ___interceptor_memcpy (dst=0x5250002381c0, src=0x5250002381b0, size=16) at ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors_memintrinsics.inc:115
            #14 0x000055861ce82bd2 in QUICK_GROUP_MIN_MAX_SELECT::next_min_in_range (this=0x5130000512c0) at /home/ycp/source/mariadb-server/10.11/src/sql/opt_range.cc:16009
            #15 0x000055861ce80c9e in QUICK_GROUP_MIN_MAX_SELECT::next_min (this=0x5130000512c0) at /home/ycp/source/mariadb-server/10.11/src/sql/opt_range.cc:15685
            #16 0x000055861ce80397 in QUICK_GROUP_MIN_MAX_SELECT::get_next (this=0x5130000512c0) at /home/ycp/source/mariadb-server/10.11/src/sql/opt_range.cc:15619
            #17 0x000055861cec7c82 in rr_quick (info=0x52d000068df8) at /home/ycp/source/mariadb-server/10.11/src/sql/records.cc:403
            #18 0x000055861ce9504a in READ_RECORD::read_record (this=0x52d000068df8) at /home/ycp/source/mariadb-server/10.11/src/sql/records.h:81
            #19 0x000055861d353774 in join_init_read_record (tab=0x52d000068d20) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_select.cc:23957
            #20 0x000055861d34c5cb in sub_select (join=0x52d000066688, join_tab=0x52d000068d20, end_of_records=false) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_select.cc:22921
            #21 0x000055861d34a53b in do_select (join=0x52d000066688, procedure=0x0) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_select.cc:22447
            #22 0x000055861d2cd854 in JOIN::exec_inner (this=0x52d000066688) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_select.cc:4974
            #23 0x000055861d2cad0c in JOIN::exec (this=0x52d000066688) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_select.cc:4752
            #24 0x000055861d2cf1a6 in mysql_select (thd=0x52c0000b0288, tables=0x52d000064d78, fields=@0x52d000064848: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x52d000064ce0, last = 0x52d000064ce0, elements = 1}, <No data fields>}, conds=0x52d000065a88, og_num=1, order=0x0, group=0x52d000065cc0, having=0x0, proc_param=0x0, select_options=2164525824, result=0x52d000066658, unit=0x52c0000b4748, select_lex=0x52d000064588) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_select.cc:5232
            #25 0x000055861d29db44 in handle_select (thd=0x52c0000b0288, lex=0x52c0000b4670, result=0x52d000066658, setup_tables_done_option=0) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_select.cc:600
            #26 0x000055861d1c1eb2 in execute_sqlcom_select (thd=0x52c0000b0288, all_tables=0x52d000064d78) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_parse.cc:6426
            #27 0x000055861d1afe9d in mysql_execute_command (thd=0x52c0000b0288, is_called_from_prepared_stmt=false) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_parse.cc:4012
            #28 0x000055861d1cc7d0 in mysql_parse (thd=0x52c0000b0288, rawbuf=0x52d0000644a8 "SELECT MIN(b) FROM t1 WHERE b = 3 OR b IS NULL GROUP BY a", length=57, parser_state=0x7f82eda45250) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_parse.cc:8188
            #29 0x000055861d1a1da8 in dispatch_command (command=COM_QUERY, thd=0x52c0000b0288, packet=0x52900024e289 "", packet_length=57, blocking=true) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_parse.cc:1905
            #30 0x000055861d19eaf6 in do_command (thd=0x52c0000b0288, blocking=true) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_parse.cc:1418
            #31 0x000055861d66896e in do_handle_one_connection (connect=0x5110000212c8, put_in_cache=true) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_connect.cc:1386
            #32 0x000055861d6684d2 in handle_one_connection (arg=0x511000021188) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_connect.cc:1298
            #33 0x000055861e292df6 in pfs_spawn_thread (arg=0x518000004908) at /home/ycp/source/mariadb-server/10.11/src/storage/perfschema/pfs.cc:2201
            #34 0x00007f82fbe5ae56 in asan_thread_start (arg=0x7f82ee895000) at ../../../../src/libsanitizer/asan/asan_interceptors.cpp:234
            #35 0x00007f82fb79c134 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
            #36 0x00007f82fb81c7dc in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
            {noformat}
            ycp Yuchen Pei made changes -
            Assignee Yuchen Pei [ JIRAUSER52627 ]
            ycp Yuchen Pei made changes -
            ycp Yuchen Pei added a comment - - edited

            If we remove all the NULL_RANGE treatment in next_min_in_range, although no existing tests fail, the following does fail with the same wrong results as in the MDEV-32732 comment https://jira.mariadb.org/browse/MDEV-32732?focusedCommentId=300857&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-300857

            --source include/have_sequence.inc
            		 
            create table t20 (
            		 
              kp1 int,
            		 
              kp2 int,
            		 
              index (kp1, kp2)
            		 
            );
            		 
             
            		 
            insert into t20 select A.seq, B.seq from seq_1_to_10 A, seq_1_to_10 B;
            		 
            insert into t20 values (1, NULL);
            		 
            insert into t20 values (10, NULL);
            		 
            select min(kp2) from t20 where kp2=3 or kp2=5 or kp2 is null group by kp1;
            		 
             
            		 
            drop table t20;

            ycp Yuchen Pei added a comment - - edited If we remove all the NULL_RANGE treatment in next_min_in_range, although no existing tests fail, the following does fail with the same wrong results as in the MDEV-32732 comment https://jira.mariadb.org/browse/MDEV-32732?focusedCommentId=300857&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-300857 --source include/have_sequence.inc create table t20 ( kp1 int , kp2 int , index (kp1, kp2) );   insert into t20 select A.seq, B.seq from seq_1_to_10 A, seq_1_to_10 B; insert into t20 values (1, NULL ); insert into t20 values (10, NULL ); select min (kp2) from t20 where kp2=3 or kp2=5 or kp2 is null group by kp1;   drop table t20;
            psergei Sergei Petrunia made changes -
            Fix Version/s 10.11 [ 27614 ]
            ycp Yuchen Pei made changes -
            ycp Yuchen Pei made changes -
            Description Testcase:

            {code:sql}
            CREATE TABLE t1 (a int, b int, KEY (a, b));
            insert into t1 values (4, NULL), (1, 14), (4, 3);
            # "b = 3 OR " is not needed for the crash
            SELECT MIN(b) FROM t1 WHERE b = 3 OR b IS NULL GROUP BY a;
            drop table t1;
            {code}

            The crash happens at the memcpy in the if (cur_range->flag & NULL_RANGE) in next_min_in_range.

            Likely an old bug as it is present in 10.5.26 from 2024-08.

            stack (10.11 43c5d1303f5c7c726db276815c459436110f342f):

            {noformat}
            Thread 1 (Thread 0x7f82ee8946c0 (LWP 3291941)):
            #0 __pthread_kill_implementation (threadid=<optimized out>, signo=6, no_tid=<optimized out>) at ./nptl/pthread_kill.c:44
            #1 0x000055861f039548 in my_write_core (sig=6) at /home/ycp/source/mariadb-server/10.11/src/mysys/stacktrace.c:424
            #2 0x000055861daa53eb in handle_fatal_signal (sig=6) at /home/ycp/source/mariadb-server/10.11/src/sql/signal_handler.cc:298
            #3 <signal handler called>
            #4 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at ./nptl/pthread_kill.c:44
            #5 0x00007f82fb79de8f in __pthread_kill_internal (signo=6, threadid=<optimized out>) at ./nptl/pthread_kill.c:78
            #6 0x00007f82fb74efb2 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
            #7 0x00007f82fb739472 in __GI_abort () at ./stdlib/abort.c:79
            #8 0x00007f82fbf12f6f in __sanitizer::Abort () at ../../../../src/libsanitizer/sanitizer_common/sanitizer_posix_libcdep.cpp:143
            #9 0x00007f82fbf2276c in __sanitizer::Die () at ../../../../src/libsanitizer/sanitizer_common/sanitizer_termination.cpp:58
            #10 0x00007f82fbefdc5f in __asan::ScopedInErrorReport::~ScopedInErrorReport (this=0x7f82ee88f376, __in_chrg=<optimized out>) at ../../../../src/libsanitizer/asan/asan_report.cpp:192
            #11 0x00007f82fbefd2c0 in __asan::ReportGenericError (pc=140200549226678, bp=140200324433952, sp=sp@entry=140200324431840, addr=90503553188281, is_write=is_write@entry=false, access_size=16, fatal=false, exp=<optimized out>) at ../../../../src/libsanitizer/asan/asan_report.cpp:497
            #12 0x00007f82fbefd42e in __asan::ReportGenericError (pc=<optimized out>, bp=bp@entry=140200324433952, sp=sp@entry=140200324431840, addr=addr@entry=90503553188281, is_write=is_write@entry=false, access_size=access_size@entry=16, exp=<optimized out>, fatal=false) at ../../../../src/libsanitizer/asan/asan_report.cpp:497
            #13 0x00007f82fbef18d1 in ___interceptor_memcpy (dst=0x5250002381c0, src=0x5250002381b0, size=16) at ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors_memintrinsics.inc:115
            #14 0x000055861ce82bd2 in QUICK_GROUP_MIN_MAX_SELECT::next_min_in_range (this=0x5130000512c0) at /home/ycp/source/mariadb-server/10.11/src/sql/opt_range.cc:16009
            #15 0x000055861ce80c9e in QUICK_GROUP_MIN_MAX_SELECT::next_min (this=0x5130000512c0) at /home/ycp/source/mariadb-server/10.11/src/sql/opt_range.cc:15685
            #16 0x000055861ce80397 in QUICK_GROUP_MIN_MAX_SELECT::get_next (this=0x5130000512c0) at /home/ycp/source/mariadb-server/10.11/src/sql/opt_range.cc:15619
            #17 0x000055861cec7c82 in rr_quick (info=0x52d000068df8) at /home/ycp/source/mariadb-server/10.11/src/sql/records.cc:403
            #18 0x000055861ce9504a in READ_RECORD::read_record (this=0x52d000068df8) at /home/ycp/source/mariadb-server/10.11/src/sql/records.h:81
            #19 0x000055861d353774 in join_init_read_record (tab=0x52d000068d20) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_select.cc:23957
            #20 0x000055861d34c5cb in sub_select (join=0x52d000066688, join_tab=0x52d000068d20, end_of_records=false) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_select.cc:22921
            #21 0x000055861d34a53b in do_select (join=0x52d000066688, procedure=0x0) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_select.cc:22447
            #22 0x000055861d2cd854 in JOIN::exec_inner (this=0x52d000066688) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_select.cc:4974
            #23 0x000055861d2cad0c in JOIN::exec (this=0x52d000066688) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_select.cc:4752
            #24 0x000055861d2cf1a6 in mysql_select (thd=0x52c0000b0288, tables=0x52d000064d78, fields=@0x52d000064848: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x52d000064ce0, last = 0x52d000064ce0, elements = 1}, <No data fields>}, conds=0x52d000065a88, og_num=1, order=0x0, group=0x52d000065cc0, having=0x0, proc_param=0x0, select_options=2164525824, result=0x52d000066658, unit=0x52c0000b4748, select_lex=0x52d000064588) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_select.cc:5232
            #25 0x000055861d29db44 in handle_select (thd=0x52c0000b0288, lex=0x52c0000b4670, result=0x52d000066658, setup_tables_done_option=0) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_select.cc:600
            #26 0x000055861d1c1eb2 in execute_sqlcom_select (thd=0x52c0000b0288, all_tables=0x52d000064d78) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_parse.cc:6426
            #27 0x000055861d1afe9d in mysql_execute_command (thd=0x52c0000b0288, is_called_from_prepared_stmt=false) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_parse.cc:4012
            #28 0x000055861d1cc7d0 in mysql_parse (thd=0x52c0000b0288, rawbuf=0x52d0000644a8 "SELECT MIN(b) FROM t1 WHERE b = 3 OR b IS NULL GROUP BY a", length=57, parser_state=0x7f82eda45250) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_parse.cc:8188
            #29 0x000055861d1a1da8 in dispatch_command (command=COM_QUERY, thd=0x52c0000b0288, packet=0x52900024e289 "", packet_length=57, blocking=true) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_parse.cc:1905
            #30 0x000055861d19eaf6 in do_command (thd=0x52c0000b0288, blocking=true) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_parse.cc:1418
            #31 0x000055861d66896e in do_handle_one_connection (connect=0x5110000212c8, put_in_cache=true) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_connect.cc:1386
            #32 0x000055861d6684d2 in handle_one_connection (arg=0x511000021188) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_connect.cc:1298
            #33 0x000055861e292df6 in pfs_spawn_thread (arg=0x518000004908) at /home/ycp/source/mariadb-server/10.11/src/storage/perfschema/pfs.cc:2201
            #34 0x00007f82fbe5ae56 in asan_thread_start (arg=0x7f82ee895000) at ../../../../src/libsanitizer/asan/asan_interceptors.cpp:234
            #35 0x00007f82fb79c134 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
            #36 0x00007f82fb81c7dc in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
            {noformat}             		Testcase:

            {code:sql}
            CREATE TABLE t1 (a int, b int, KEY (a, b));
            insert into t1 values (4, NULL), (1, 14), (4, 3);
            # "b = 3 OR " is not needed for the crash
            SELECT MIN(b) FROM t1 WHERE b = 3 OR b IS NULL GROUP BY a;
            drop table t1;
            {code}

            The crash happens at the memcpy in the if (cur_range->flag & NULL_RANGE) in next_min_in_range.

            Likely an old bug as it is present in 10.5.26 from 2024-08.

            stack (10.11 43c5d1303f5c7c726db276815c459436110f342f):

            {noformat}
            Thread 1 (Thread 0x7f82ee8946c0 (LWP 3291941)):
            #0 __pthread_kill_implementation (threadid=<optimized out>, signo=6, no_tid=<optimized out>) at ./nptl/pthread_kill.c:44
            #1 0x000055861f039548 in my_write_core (sig=6) at /home/ycp/source/mariadb-server/10.11/src/mysys/stacktrace.c:424
            #2 0x000055861daa53eb in handle_fatal_signal (sig=6) at /home/ycp/source/mariadb-server/10.11/src/sql/signal_handler.cc:298
            #3 <signal handler called>
            #4 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at ./nptl/pthread_kill.c:44
            #5 0x00007f82fb79de8f in __pthread_kill_internal (signo=6, threadid=<optimized out>) at ./nptl/pthread_kill.c:78
            #6 0x00007f82fb74efb2 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
            #7 0x00007f82fb739472 in __GI_abort () at ./stdlib/abort.c:79
            #8 0x00007f82fbf12f6f in __sanitizer::Abort () at ../../../../src/libsanitizer/sanitizer_common/sanitizer_posix_libcdep.cpp:143
            #9 0x00007f82fbf2276c in __sanitizer::Die () at ../../../../src/libsanitizer/sanitizer_common/sanitizer_termination.cpp:58
            #10 0x00007f82fbefdc5f in __asan::ScopedInErrorReport::~ScopedInErrorReport (this=0x7f82ee88f376, __in_chrg=<optimized out>) at ../../../../src/libsanitizer/asan/asan_report.cpp:192
            #11 0x00007f82fbefd2c0 in __asan::ReportGenericError (pc=140200549226678, bp=140200324433952, sp=sp@entry=140200324431840, addr=90503553188281, is_write=is_write@entry=false, access_size=16, fatal=false, exp=<optimized out>) at ../../../../src/libsanitizer/asan/asan_report.cpp:497
            #12 0x00007f82fbefd42e in __asan::ReportGenericError (pc=<optimized out>, bp=bp@entry=140200324433952, sp=sp@entry=140200324431840, addr=addr@entry=90503553188281, is_write=is_write@entry=false, access_size=access_size@entry=16, exp=<optimized out>, fatal=false) at ../../../../src/libsanitizer/asan/asan_report.cpp:497
            #13 0x00007f82fbef18d1 in ___interceptor_memcpy (dst=0x5250002381c0, src=0x5250002381b0, size=16) at ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors_memintrinsics.inc:115
            #14 0x000055861ce82bd2 in QUICK_GROUP_MIN_MAX_SELECT::next_min_in_range (this=0x5130000512c0) at /home/ycp/source/mariadb-server/10.11/src/sql/opt_range.cc:16009
            #15 0x000055861ce80c9e in QUICK_GROUP_MIN_MAX_SELECT::next_min (this=0x5130000512c0) at /home/ycp/source/mariadb-server/10.11/src/sql/opt_range.cc:15685
            #16 0x000055861ce80397 in QUICK_GROUP_MIN_MAX_SELECT::get_next (this=0x5130000512c0) at /home/ycp/source/mariadb-server/10.11/src/sql/opt_range.cc:15619
            #17 0x000055861cec7c82 in rr_quick (info=0x52d000068df8) at /home/ycp/source/mariadb-server/10.11/src/sql/records.cc:403
            #18 0x000055861ce9504a in READ_RECORD::read_record (this=0x52d000068df8) at /home/ycp/source/mariadb-server/10.11/src/sql/records.h:81
            #19 0x000055861d353774 in join_init_read_record (tab=0x52d000068d20) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_select.cc:23957
            #20 0x000055861d34c5cb in sub_select (join=0x52d000066688, join_tab=0x52d000068d20, end_of_records=false) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_select.cc:22921
            #21 0x000055861d34a53b in do_select (join=0x52d000066688, procedure=0x0) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_select.cc:22447
            #22 0x000055861d2cd854 in JOIN::exec_inner (this=0x52d000066688) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_select.cc:4974
            #23 0x000055861d2cad0c in JOIN::exec (this=0x52d000066688) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_select.cc:4752
            #24 0x000055861d2cf1a6 in mysql_select (thd=0x52c0000b0288, tables=0x52d000064d78, fields=@0x52d000064848: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x52d000064ce0, last = 0x52d000064ce0, elements = 1}, <No data fields>}, conds=0x52d000065a88, og_num=1, order=0x0, group=0x52d000065cc0, having=0x0, proc_param=0x0, select_options=2164525824, result=0x52d000066658, unit=0x52c0000b4748, select_lex=0x52d000064588) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_select.cc:5232
            #25 0x000055861d29db44 in handle_select (thd=0x52c0000b0288, lex=0x52c0000b4670, result=0x52d000066658, setup_tables_done_option=0) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_select.cc:600
            #26 0x000055861d1c1eb2 in execute_sqlcom_select (thd=0x52c0000b0288, all_tables=0x52d000064d78) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_parse.cc:6426
            #27 0x000055861d1afe9d in mysql_execute_command (thd=0x52c0000b0288, is_called_from_prepared_stmt=false) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_parse.cc:4012
            #28 0x000055861d1cc7d0 in mysql_parse (thd=0x52c0000b0288, rawbuf=0x52d0000644a8 "SELECT MIN(b) FROM t1 WHERE b = 3 OR b IS NULL GROUP BY a", length=57, parser_state=0x7f82eda45250) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_parse.cc:8188
            #29 0x000055861d1a1da8 in dispatch_command (command=COM_QUERY, thd=0x52c0000b0288, packet=0x52900024e289 "", packet_length=57, blocking=true) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_parse.cc:1905
            #30 0x000055861d19eaf6 in do_command (thd=0x52c0000b0288, blocking=true) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_parse.cc:1418
            #31 0x000055861d66896e in do_handle_one_connection (connect=0x5110000212c8, put_in_cache=true) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_connect.cc:1386
            #32 0x000055861d6684d2 in handle_one_connection (arg=0x511000021188) at /home/ycp/source/mariadb-server/10.11/src/sql/sql_connect.cc:1298
            #33 0x000055861e292df6 in pfs_spawn_thread (arg=0x518000004908) at /home/ycp/source/mariadb-server/10.11/src/storage/perfschema/pfs.cc:2201
            #34 0x00007f82fbe5ae56 in asan_thread_start (arg=0x7f82ee895000) at ../../../../src/libsanitizer/asan/asan_interceptors.cpp:234
            #35 0x00007f82fb79c134 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
            #36 0x00007f82fb81c7dc in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
            {noformat}

            More complete output
            {noformat}
            ==3369712==ERROR: AddressSanitizer: unknown-crash on address 0x52500023fa11 at pc 0x7f33088f18b6 bp 0x7f32f4a14790 sp 0x7f32f4a13f50
            READ of size 16 at 0x52500023fa11 thread T5
                #0 0x7f33088f18b5 in memcpy ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors_memintrinsics.inc:115
                #1 0x562b5193ff88 in QUICK_GROUP_MIN_MAX_SELECT::next_min_max_in_range(bool, bool) /home/ycp/source/mariadb-server/main/src/sql/opt_range.cc:16679
                #2 0x562b5193e409 in QUICK_GROUP_MIN_MAX_SELECT::next_min_max(bool, bool) /home/ycp/source/mariadb-server/main/src/sql/opt_range.cc:16365
                #3 0x562b5193db5b in QUICK_GROUP_MIN_MAX_SELECT::get_next() /home/ycp/source/mariadb-server/main/src/sql/opt_range.cc:16240
                #4 0x562b5198748b in rr_quick /home/ycp/source/mariadb-server/main/src/sql/records.cc:398
                #5 0x562b51951cad in READ_RECORD::read_record() /home/ycp/source/mariadb-server/main/src/sql/records.h:77
                #6 0x562b51db3798 in join_init_read_record(st_join_table*) /home/ycp/source/mariadb-server/main/src/sql/sql_select.cc:25251
                #7 0x562b51daceff in sub_select(JOIN*, st_join_table*, bool) /home/ycp/source/mariadb-server/main/src/sql/sql_select.cc:24183
                #8 0x562b51dab30b in do_select /home/ycp/source/mariadb-server/main/src/sql/sql_select.cc:23697
                #9 0x562b51d2c517 in JOIN::exec_inner() /home/ycp/source/mariadb-server/main/src/sql/sql_select.cc:5059
                #10 0x562b51d29c87 in JOIN::exec() /home/ycp/source/mariadb-server/main/src/sql/sql_select.cc:4842
                #11 0x562b51d2d962 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /home/ycp/source/mariadb-server/main/src/sql/sql_select.cc:5375
                #12 0x562b51d01064 in handle_select(THD*, LEX*, select_result*, unsigned long long) /home/ycp/source/mariadb-server/main/src/sql/sql_select.cc:633
                #13 0x562b51c3fa92 in execute_sqlcom_select /home/ycp/source/mariadb-server/main/src/sql/sql_parse.cc:6191
                #14 0x562b51c2faee in mysql_execute_command(THD*, bool) /home/ycp/source/mariadb-server/main/src/sql/sql_parse.cc:3979
                #15 0x562b51c49370 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /home/ycp/source/mariadb-server/main/src/sql/sql_parse.cc:7915
                #16 0x562b51c22255 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /home/ycp/source/mariadb-server/main/src/sql/sql_parse.cc:1902
                #17 0x562b51c1f649 in do_command(THD*, bool) /home/ycp/source/mariadb-server/main/src/sql/sql_parse.cc:1415
                #18 0x562b520ae457 in do_handle_one_connection(CONNECT*, bool) /home/ycp/source/mariadb-server/main/src/sql/sql_connect.cc:1415
                #19 0x562b520adfec in handle_one_connection /home/ycp/source/mariadb-server/main/src/sql/sql_connect.cc:1327
                #20 0x562b52c75c4d in pfs_spawn_thread /home/ycp/source/mariadb-server/main/src/storage/perfschema/pfs.cc:2198
                #21 0x7f330885ae55 in asan_thread_start ../../../../src/libsanitizer/asan/asan_interceptors.cpp:234
                #22 0x7f33080a8133 in start_thread nptl/pthread_create.c:442
                #23 0x7f33081287db in clone3 ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

            0x52500023fa11 is located 2321 bytes inside of 8300-byte region [0x52500023f100,0x52500024116c)
            allocated by thread T5 here:
                #0 0x7f33088f3bc7 in malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69
                #1 0x562b539b0668 in sf_malloc /home/ycp/source/mariadb-server/main/src/mysys/safemalloc.c:126
                #2 0x562b53987a12 in my_malloc /home/ycp/source/mariadb-server/main/src/mysys/my_malloc.c:93
                #3 0x562b5395fa39 in root_alloc /home/ycp/source/mariadb-server/main/src/mysys/my_alloc.c:66
                #4 0x562b539601f5 in init_alloc_root /home/ycp/source/mariadb-server/main/src/mysys/my_alloc.c:178
                #5 0x562b52010d2e in init_sql_alloc(unsigned int, st_mem_root*, unsigned int, unsigned int, unsigned long) /home/ycp/source/mariadb-server/main/src/sql/thr_malloc.cc:64
                #6 0x562b51fd988f in open_table_from_share(THD*, TABLE_SHARE*, st_mysql_const_lex_string const*, unsigned int, unsigned int, unsigned int, TABLE*, bool, List<String>*) /home/ycp/source/mariadb-server/main/src/sql/table.cc:4362
                #7 0x562b51a95275 in open_table(THD*, TABLE_LIST*, Open_table_context*) /home/ycp/source/mariadb-server/main/src/sql/sql_base.cc:2257
                #8 0x562b51a9f9e7 in open_and_process_table /home/ycp/source/mariadb-server/main/src/sql/sql_base.cc:4195
                #9 0x562b51aa1d36 in open_tables(THD*, DDL_options_st const&, TABLE_LIST**, unsigned int*, unsigned int, Prelocking_strategy*) /home/ycp/source/mariadb-server/main/src/sql/sql_base.cc:4681
                #10 0x562b51aa5f31 in open_and_lock_tables(THD*, DDL_options_st const&, TABLE_LIST*, bool, unsigned int, Prelocking_strategy*) /home/ycp/source/mariadb-server/main/src/sql/sql_base.cc:5650
                #11 0x562b51ac8b8c in open_and_lock_tables(THD*, TABLE_LIST*, bool, unsigned int) /home/ycp/source/mariadb-server/main/src/sql/sql_base.h:535
                #12 0x562b51b69f99 in mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicates, bool, select_result*) /home/ycp/source/mariadb-server/main/src/sql/sql_insert.cc:784
                #13 0x562b51c32c60 in mysql_execute_command(THD*, bool) /home/ycp/source/mariadb-server/main/src/sql/sql_parse.cc:4484
                #14 0x562b51c49370 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /home/ycp/source/mariadb-server/main/src/sql/sql_parse.cc:7915
                #15 0x562b51c22255 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /home/ycp/source/mariadb-server/main/src/sql/sql_parse.cc:1902
                #16 0x562b51c1f649 in do_command(THD*, bool) /home/ycp/source/mariadb-server/main/src/sql/sql_parse.cc:1415
                #17 0x562b520ae457 in do_handle_one_connection(CONNECT*, bool) /home/ycp/source/mariadb-server/main/src/sql/sql_connect.cc:1415
                #18 0x562b520adfec in handle_one_connection /home/ycp/source/mariadb-server/main/src/sql/sql_connect.cc:1327
                #19 0x562b52c75c4d in pfs_spawn_thread /home/ycp/source/mariadb-server/main/src/storage/perfschema/pfs.cc:2198
                #20 0x7f330885ae55 in asan_thread_start ../../../../src/libsanitizer/asan/asan_interceptors.cpp:234

            Thread T5 created by T0 here:
                #0 0x7f33088ebae1 in pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:245
                #1 0x562b52c719f1 in my_thread_create /home/ycp/source/mariadb-server/main/src/storage/perfschema/my_thread.h:38
                #2 0x562b52c7603c in pfs_spawn_thread_v1 /home/ycp/source/mariadb-server/main/src/storage/perfschema/pfs.cc:2249
                #3 0x562b51891fe0 in inline_mysql_thread_create /home/ycp/source/mariadb-server/main/src/include/mysql/psi/mysql_thread.h:1139
                #4 0x562b518a860e in create_thread_to_handle_connection(CONNECT*) /home/ycp/source/mariadb-server/main/src/sql/mysqld.cc:6261
                #5 0x562b518a8967 in create_new_thread(CONNECT*) /home/ycp/source/mariadb-server/main/src/sql/mysqld.cc:6323
                #6 0x562b518a8b5e in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /home/ycp/source/mariadb-server/main/src/sql/mysqld.cc:6385
                #7 0x562b518a9745 in handle_connections_sockets() /home/ycp/source/mariadb-server/main/src/sql/mysqld.cc:6497
                #8 0x562b518a6adb in run_main_loop /home/ycp/source/mariadb-server/main/src/sql/mysqld.cc:5739
                #9 0x562b518a81df in mysqld_main(int, char**) /home/ycp/source/mariadb-server/main/src/sql/mysqld.cc:6162
                #10 0x562b518912a8 in main /home/ycp/source/mariadb-server/main/src/sql/main.cc:34
                #11 0x7f3308046249 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58

            SUMMARY: AddressSanitizer: unknown-crash ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors_memintrinsics.inc:115 in memcpy
            Shadow bytes around the buggy address:
              0x52500023f780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
              0x52500023f800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
              0x52500023f880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
              0x52500023f900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
              0x52500023f980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
            =>0x52500023fa00: f7 00[01]00 01 f7 00 00 00 f7 00 00 00 00 00 00
              0x52500023fa80: 00 00 00 00 00 00 00 00 00 00 f7 00 f7 f7 00 00
              0x52500023fb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
              0x52500023fb80: 00 00 00 00 00 00 00 00 f7 00 00 00 00 00 00 00
              0x52500023fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
              0x52500023fc80: 00 00 00 f7 00 00 00 00 00 00 00 00 00 00 00 00
            Shadow byte legend (one shadow byte represents 8 application bytes):
              Addressable: 00
              Partially addressable: 01 02 03 04 05 06 07
              Heap left redzone: fa
              Freed heap region: fd
              Stack left redzone: f1
              Stack mid redzone: f2
              Stack right redzone: f3
              Stack after return: f5
              Stack use after scope: f8
              Global redzone: f9
              Global init order: f6
              Poisoned by user: f7
              Container overflow: fc
              Array cookie: ac
              Intra object redzone: bb
              ASan internal: fe
              Left alloca redzone: ca
              Right alloca redzone: cb
            ==3369712==ABORTING
            250306 10:41:31 [ERROR] /home/ycp/source/mariadb-server/main/build/sql/mariadbd got signal 6 ;
            Sorry, we probably made a mistake, and this is a bug.

            Your assistance in bug reporting will enable us to fix this for the next release.
            To report this bug, see https://mariadb.com/kb/en/reporting-bugs about how to report
            a bug on https://jira.mariadb.org/.

            Please include the information from the server start above, to the end of the
            information below.

            Server version: 12.0.0-MariaDB-debug-log source revision: 2cf9fec6bb86b0784d49f16661403cf48a6d3b9e

            The information page at https://mariadb.com/kb/en/how-to-produce-a-full-stack-trace-for-mariadbd/
            contains instructions to obtain a better version of the backtrace below.
            Following these instructions will help MariaDB developers provide a fix quicker.

            Attempting backtrace. Include this in the bug report.
            (note: Retrieving this information may fail)

            Thread pointer: 0x52c0000b0288
            stack_bottom = 0x7f32f4a19000 thread_stack 0xb00000
            sanitizer_common/sanitizer_common_interceptors.inc:4358(___interceptor_backtrace.part.0)[0x7f330887dd33]
            mysys/stacktrace.c:215(my_print_stacktrace)[0x562b53994a5d]
            sql/signal_handler.cc:230(handle_fatal_signal)[0x562b525218ad]
            libc_sigaction.c:0(__restore_rt)[0x7f330805b050]
            nptl/pthread_kill.c:44(__pthread_kill_implementation)[0x7f33080a9e2c]
            posix/raise.c:27(__GI_raise)[0x7f330805afb2]
            stdlib/abort.c:81(__GI_abort)[0x7f3308045472]
            sanitizer_common/sanitizer_libc.h:52(__sanitizer::internal_memset(void*, int, unsigned long))[0x7f3308912f6f]
            sanitizer_common/sanitizer_termination.cpp:59(__sanitizer::Die())[0x7f330892276c]
            asan/asan_report.cpp:192(__asan::ScopedInErrorReport::~ScopedInErrorReport())[0x7f33088fdc5f]
            asan/asan_report.cpp:497(__asan::ReportGenericError(unsigned long, unsigned long, unsigned long, unsigned long, bool, unsigned long, unsigned int, bool))[0x7f33088fd2c0]
            sanitizer_common/sanitizer_common_interceptors_memintrinsics.inc:115(___interceptor_memcpy)[0x7f33088f18d1]
            sql/opt_range.cc:16680(QUICK_GROUP_MIN_MAX_SELECT::next_min_max_in_range(bool, bool))[0x562b5193ff89]
            sql/opt_range.cc:16365(QUICK_GROUP_MIN_MAX_SELECT::next_min_max(bool, bool))[0x562b5193e40a]
            sql/opt_range.cc:16240(QUICK_GROUP_MIN_MAX_SELECT::get_next())[0x562b5193db5c]
            sql/records.cc:398(rr_quick(READ_RECORD*))[0x562b5198748c]
            sql/records.h:77(READ_RECORD::read_record())[0x562b51951cae]
            sql/sql_select.cc:25251(join_init_read_record(st_join_table*))[0x562b51db3799]
            sql/sql_select.cc:24183(sub_select(JOIN*, st_join_table*, bool))[0x562b51dacf00]
            sql/sql_select.cc:23697(do_select(JOIN*, Procedure*))[0x562b51dab30c]
            sql/sql_select.cc:5059(JOIN::exec_inner())[0x562b51d2c518]
            sql/sql_select.cc:4842(JOIN::exec())[0x562b51d29c88]
            sql/sql_select.cc:5375(mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x562b51d2d963]
            sql/sql_select.cc:633(handle_select(THD*, LEX*, select_result*, unsigned long long))[0x562b51d01065]
            sql/sql_parse.cc:6191(execute_sqlcom_select(THD*, TABLE_LIST*))[0x562b51c3fa93]
            sql/sql_parse.cc:3979(mysql_execute_command(THD*, bool))[0x562b51c2faef]
            sql/sql_parse.cc:7915(mysql_parse(THD*, char*, unsigned int, Parser_state*))[0x562b51c49371]
            sql/sql_parse.cc:1904(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool))[0x562b51c22256]
            sql/sql_parse.cc:1415(do_command(THD*, bool))[0x562b51c1f64a]
            sql/sql_connect.cc:1415(do_handle_one_connection(CONNECT*, bool))[0x562b520ae458]
            sql/sql_connect.cc:1333(handle_one_connection)[0x562b520adfed]
            perfschema/pfs.cc:2200(pfs_spawn_thread)[0x562b52c75c4e]
            asan/asan_interceptors.cpp:234(asan_thread_start(void*))[0x7f330885ae56]
            nptl/pthread_create.c:442(start_thread)[0x7f33080a8134]
            x86_64/clone3.S:83(clone3)[0x7f33081287dc]

            Connection ID (thread ID): 4
            Status: NOT_KILLED
            Query (0x52d0003524a8): SELECT MIN(b) FROM t1 WHERE b = 3 OR b IS NULL GROUP BY a
            Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on,not_null_range_scan=off,hash_join_cardinality=on,cset_narrowing=on,sargable_casefold=on

            Writing a core file...
            Working directory at /home/ycp/source/mariadb-server/main/build/mysql-test/var/mysqld.1/data
            Resource Limits (excludes unlimited resources):
            Limit Soft Limit Hard Limit Units
            Max stack size 10022912 unlimited bytes
            Max processes 124970 124970 processes
            Max open files 1024 1024 files
            Max locked memory 4106170368 4106170368 bytes
            Max pending signals 124970 124970 signals
            Max msgqueue size 819200 819200 bytes
            Max nice priority 0 0
            Max realtime priority 0 0
            Core pattern: core

            Kernel version: Linux version 6.1.0-22-amd64 (debian-kernel@lists.debian.org) (gcc-12 (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40) #1 SMP PREEMPT_DYNAMIC Debian 6.1.94-1 (2024-06-21)

            ----------SERVER LOG END-------------


             - found 'core' (0/5)
            Core generated by '/home/ycp/source/mariadb-server/main/build/sql/mariadbd'
            Output from gdb follows. The first stack trace is from the failing thread.
            The following stack traces are from all threads (so the failing one is
            duplicated).
            --------------------------
            No symbol table is loaded. Use the "file" command.
            Make breakpoint pending on future shared library load? (y or [n]) [answered N; input not from terminal]
            [New LWP 3369721]
            [New LWP 3369718]
            [New LWP 3369716]
            [New LWP 3369715]
            [New LWP 3369717]
            [New LWP 3369712]
            [Thread debugging using libthread_db enabled]
            Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
            Core was generated by `/home/ycp/source/mariadb-server/main/build/sql/mariadbd --defaults-group-suffix'.
            Program terminated with signal SIGABRT, Aborted.
            #0 __pthread_kill_implementation (threadid=<optimized out>, signo=6, no_tid=<optimized out>) at ./nptl/pthread_kill.c:44
            44 ./nptl/pthread_kill.c: No such file or directory.
            [Current thread is 1 (Thread 0x7f32f4a186c0 (LWP 3369721))]

            Thread 6 (Thread 0x7f3308490a40 (LWP 3369712)):
            #0 0x00007f330811b15f in __GI___poll (fds=0x512000007148, nfds=3, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29
            #1 0x00007f33088d4206 in ___interceptor_poll (fds=0x512000007148, nfds=3, timeout=-1) at ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:4124
            #2 0x0000562b518a93ad in handle_connections_sockets () at /home/ycp/source/mariadb-server/main/src/sql/mysqld.cc:6457
            #3 0x0000562b518a6adc in run_main_loop () at /home/ycp/source/mariadb-server/main/src/sql/mysqld.cc:5739
            #4 0x0000562b518a81e0 in mysqld_main (argc=141, argv=0x521000005310) at /home/ycp/source/mariadb-server/main/src/sql/mysqld.cc:6162
            #5 0x0000562b518912a9 in main (argc=6, argv=0x7fff6b5c1c78) at /home/ycp/source/mariadb-server/main/src/sql/main.cc:34

            Thread 5 (Thread 0x7f32f896b6c0 (LWP 3369717)):
            #0 __futex_abstimed_wait_common64 (private=0, cancel=true, abstime=0x0, op=393, expected=0, futex_word=0x562b56730308 <COND_manager+40>) at ./nptl/futex-internal.c:57
            #1 __futex_abstimed_wait_common (futex_word=futex_word@entry=0x562b56730308 <COND_manager+40>, expected=expected@entry=0, clockid=clockid@entry=0, abstime=abstime@entry=0x0, private=private@entry=0, cancel=cancel@entry=true) at ./nptl/futex-internal.c:87
            #2 0x00007f33080a4efb in __GI___futex_abstimed_wait_cancelable64 (futex_word=futex_word@entry=0x562b56730308 <COND_manager+40>, expected=expected@entry=0, clockid=clockid@entry=0, abstime=abstime@entry=0x0, private=private@entry=0) at ./nptl/futex-internal.c:139
            #3 0x00007f33080a7558 in __pthread_cond_wait_common (abstime=0x0, clockid=0, mutex=0x562b56730228 <LOCK_manager+40>, cond=0x562b567302e0 <COND_manager>) at ./nptl/pthread_cond_wait.c:503
            #4 ___pthread_cond_wait (cond=0x562b567302e0 <COND_manager>, mutex=0x562b56730228 <LOCK_manager+40>) at ./nptl/pthread_cond_wait.c:618
            #5 0x0000562b5399ef30 in safe_cond_wait (cond=0x562b567302e0 <COND_manager>, mp=0x562b56730200 <LOCK_manager>, file=0x562b55037a20 "/home/ycp/source/mariadb-server/main/src/mysys/my_thr_init.c", line=580) at /home/ycp/source/mariadb-server/main/src/mysys/thr_mutex.c:489
            #6 0x0000562b53990618 in psi_cond_wait (that=0x562b567302e0 <COND_manager>, mutex=0x562b56730200 <LOCK_manager>, file=0x562b54067840 "/home/ycp/source/mariadb-server/main/src/sql/sql_manager.cc", line=110) at /home/ycp/source/mariadb-server/main/src/mysys/my_thr_init.c:580
            #7 0x0000562b51c16b46 in inline_mysql_cond_wait (that=0x562b567302e0 <COND_manager>, mutex=0x562b56730200 <LOCK_manager>, src_file=0x562b54067840 "/home/ycp/source/mariadb-server/main/src/sql/sql_manager.cc", src_line=110) at /home/ycp/source/mariadb-server/main/src/include/mysql/psi/mysql_thread.h:1070
            #8 0x0000562b51c171a0 in handle_manager (arg=0x0) at /home/ycp/source/mariadb-server/main/src/sql/sql_manager.cc:110
            #9 0x0000562b52c75c4e in pfs_spawn_thread (arg=0x518000001508) at /home/ycp/source/mariadb-server/main/src/storage/perfschema/pfs.cc:2198
            #10 0x00007f330885ae56 in asan_thread_start (arg=0x7f32f896c000) at ../../../../src/libsanitizer/asan/asan_interceptors.cpp:234
            #11 0x00007f33080a8134 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
            #12 0x00007f33081287dc in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

            Thread 4 (Thread 0x7f3305c136c0 (LWP 3369715)):
            #0 __futex_abstimed_wait_common64 (private=0, cancel=true, abstime=0x7f32faffdac0, op=393, expected=0, futex_word=0x562b570650c8 <COND_timer+40>) at ./nptl/futex-internal.c:57
            #1 __futex_abstimed_wait_common (futex_word=futex_word@entry=0x562b570650c8 <COND_timer+40>, expected=expected@entry=0, clockid=clockid@entry=0, abstime=abstime@entry=0x7f32faffdac0, private=private@entry=0, cancel=cancel@entry=true) at ./nptl/futex-internal.c:87
            #2 0x00007f33080a4efb in __GI___futex_abstimed_wait_cancelable64 (futex_word=futex_word@entry=0x562b570650c8 <COND_timer+40>, expected=expected@entry=0, clockid=clockid@entry=0, abstime=abstime@entry=0x7f32faffdac0, private=private@entry=0) at ./nptl/futex-internal.c:139
            #3 0x00007f33080a783c in __pthread_cond_wait_common (abstime=0x7f32faffdac0, clockid=0, mutex=0x562b57064fe8 <LOCK_timer+40>, cond=0x562b570650a0 <COND_timer>) at ./nptl/pthread_cond_wait.c:503
            #4 ___pthread_cond_timedwait64 (cond=0x562b570650a0 <COND_timer>, mutex=0x562b57064fe8 <LOCK_timer+40>, abstime=0x7f32faffdac0) at ./nptl/pthread_cond_wait.c:643
            #5 0x0000562b5399f817 in safe_cond_timedwait (cond=0x562b570650a0 <COND_timer>, mp=0x562b57064fc0 <LOCK_timer>, abstime=0x7f32faffdac0, file=0x562b55037a20 "/home/ycp/source/mariadb-server/main/src/mysys/my_thr_init.c", line=593) at /home/ycp/source/mariadb-server/main/src/mysys/thr_mutex.c:543
            #6 0x0000562b539908af in psi_cond_timedwait (that=0x562b570650a0 <COND_timer>, mutex=0x562b57064fc0 <LOCK_timer>, abstime=0x7f32faffdac0, file=0x562b5503a340 "/home/ycp/source/mariadb-server/main/src/mysys/thr_timer.c", line=329) at /home/ycp/source/mariadb-server/main/src/mysys/my_thr_init.c:593
            #7 0x0000562b539a1579 in inline_mysql_cond_timedwait (that=0x562b570650a0 <COND_timer>, mutex=0x562b57064fc0 <LOCK_timer>, abstime=0x7f32faffdac0, src_file=0x562b5503a340 "/home/ycp/source/mariadb-server/main/src/mysys/thr_timer.c", src_line=329) at /home/ycp/source/mariadb-server/main/src/include/mysql/psi/mysql_thread.h:1086
            #8 0x0000562b539a2c37 in timer_handler (arg=0x0) at /home/ycp/source/mariadb-server/main/src/mysys/thr_timer.c:329
            #9 0x0000562b52c75c4e in pfs_spawn_thread (arg=0x518000000108) at /home/ycp/source/mariadb-server/main/src/storage/perfschema/pfs.cc:2198
            #10 0x00007f330885ae56 in asan_thread_start (arg=0x7f3307202000) at ../../../../src/libsanitizer/asan/asan_interceptors.cpp:234
            #11 0x00007f33080a8134 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
            #12 0x00007f33081287dc in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

            Thread 3 (Thread 0x7f32fa0d46c0 (LWP 3369716)):
            #0 __futex_abstimed_wait_common64 (private=0, cancel=true, abstime=0x7f32f8c453e0, op=393, expected=0, futex_word=0x562b56f97028 <COND_checkpoint+40>) at ./nptl/futex-internal.c:57
            #1 __futex_abstimed_wait_common (futex_word=futex_word@entry=0x562b56f97028 <COND_checkpoint+40>, expected=expected@entry=0, clockid=clockid@entry=0, abstime=abstime@entry=0x7f32f8c453e0, private=private@entry=0, cancel=cancel@entry=true) at ./nptl/futex-internal.c:87
            #2 0x00007f33080a4efb in __GI___futex_abstimed_wait_cancelable64 (futex_word=futex_word@entry=0x562b56f97028 <COND_checkpoint+40>, expected=expected@entry=0, clockid=clockid@entry=0, abstime=abstime@entry=0x7f32f8c453e0, private=private@entry=0) at ./nptl/futex-internal.c:139
            #3 0x00007f33080a783c in __pthread_cond_wait_common (abstime=0x7f32f8c453e0, clockid=0, mutex=0x562b56f96f48 <LOCK_checkpoint+40>, cond=0x562b56f97000 <COND_checkpoint>) at ./nptl/pthread_cond_wait.c:503
            #4 ___pthread_cond_timedwait64 (cond=0x562b56f97000 <COND_checkpoint>, mutex=0x562b56f96f48 <LOCK_checkpoint+40>, abstime=0x7f32f8c453e0) at ./nptl/pthread_cond_wait.c:643
            #5 0x0000562b5399f817 in safe_cond_timedwait (cond=0x562b56f97000 <COND_checkpoint>, mp=0x562b56f96f20 <LOCK_checkpoint>, abstime=0x7f32f8c453e0, file=0x562b55037a20 "/home/ycp/source/mariadb-server/main/src/mysys/my_thr_init.c", line=593) at /home/ycp/source/mariadb-server/main/src/mysys/thr_mutex.c:543
            #6 0x0000562b539908af in psi_cond_timedwait (that=0x562b56f97000 <COND_checkpoint>, mutex=0x562b56f96f20 <LOCK_checkpoint>, abstime=0x7f32f8c453e0, file=0x562b547c56e0 "/home/ycp/source/mariadb-server/main/src/storage/maria/ma_servicethread.c", line=115) at /home/ycp/source/mariadb-server/main/src/mysys/my_thr_init.c:593
            #7 0x0000562b52ace4e2 in inline_mysql_cond_timedwait (that=0x562b56f97000 <COND_checkpoint>, mutex=0x562b56f96f20 <LOCK_checkpoint>, abstime=0x7f32f8c453e0, src_file=0x562b547c56e0 "/home/ycp/source/mariadb-server/main/src/storage/maria/ma_servicethread.c", src_line=115) at /home/ycp/source/mariadb-server/main/src/include/mysql/psi/mysql_thread.h:1086
            #8 0x0000562b52aced40 in my_service_thread_sleep (control=0x562b55e50900 <checkpoint_control>, sleep_time=29000000000) at /home/ycp/source/mariadb-server/main/src/storage/maria/ma_servicethread.c:115
            #9 0x0000562b52ab464c in ma_checkpoint_background (arg=0x1e) at /home/ycp/source/mariadb-server/main/src/storage/maria/ma_checkpoint.c:726
            #10 0x0000562b52c75c4e in pfs_spawn_thread (arg=0x518000000d08) at /home/ycp/source/mariadb-server/main/src/storage/perfschema/pfs.cc:2198
            #11 0x00007f330885ae56 in asan_thread_start (arg=0x7f32fa0d5000) at ../../../../src/libsanitizer/asan/asan_interceptors.cpp:234
            #12 0x00007f33080a8134 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
            #13 0x00007f33081287dc in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

            Thread 2 (Thread 0x7f32f60406c0 (LWP 3369718)):
            #0 0x00007f330805bc82 in __GI___sigtimedwait (set=0x7f32f4c3f060, info=0x7f32f4c3f820, timeout=0x0) at ../sysdeps/unix/sysv/linux/sigtimedwait.c:31
            #1 0x00007f3308885aeb in ___interceptor_sigwaitinfo (set=0x7f32f4c3f060, info=0x7f32f4c3f820) at ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:4204
            #2 0x0000562b518914cb in my_sigwait (set=0x7f32f4c3f060, sig=0x7f32f4c3f030, code=0x7f32f4c3f040) at /home/ycp/source/mariadb-server/main/src/include/my_pthread.h:180
            #3 0x0000562b5189e7e8 in signal_hand () at /home/ycp/source/mariadb-server/main/src/sql/mysqld.cc:3277
            #4 0x0000562b52c75c4e in pfs_spawn_thread (arg=0x518000002508) at /home/ycp/source/mariadb-server/main/src/storage/perfschema/pfs.cc:2198
            #5 0x00007f330885ae56 in asan_thread_start (arg=0x7f32f6041000) at ../../../../src/libsanitizer/asan/asan_interceptors.cpp:234
            #6 0x00007f33080a8134 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
            #7 0x00007f33081287dc in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

            Thread 1 (Thread 0x7f32f4a186c0 (LWP 3369721)):
            #0 __pthread_kill_implementation (threadid=<optimized out>, signo=6, no_tid=<optimized out>) at ./nptl/pthread_kill.c:44
            #1 0x0000562b53994bbf in my_write_core (sig=6) at /home/ycp/source/mariadb-server/main/src/mysys/stacktrace.c:424
            #2 0x0000562b52521c8e in handle_fatal_signal (sig=6) at /home/ycp/source/mariadb-server/main/src/sql/signal_handler.cc:298
            #3 <signal handler called>
            #4 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at ./nptl/pthread_kill.c:44
            #5 0x00007f33080a9e8f in __pthread_kill_internal (signo=6, threadid=<optimized out>) at ./nptl/pthread_kill.c:78
            #6 0x00007f330805afb2 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
            #7 0x00007f3308045472 in __GI_abort () at ./stdlib/abort.c:79
            #8 0x00007f3308912f6f in __sanitizer::Abort () at ../../../../src/libsanitizer/sanitizer_common/sanitizer_posix_libcdep.cpp:143
            #9 0x00007f330892276c in __sanitizer::Die () at ../../../../src/libsanitizer/sanitizer_common/sanitizer_termination.cpp:58
            #10 0x00007f33088fdc5f in __asan::ScopedInErrorReport::~ScopedInErrorReport (this=0x7f32f4a132e6, __in_chrg=<optimized out>) at ../../../../src/libsanitizer/asan/asan_report.cpp:192
            #11 0x00007f33088fd2c0 in __asan::ReportGenericError (pc=139857163655350, bp=139856829302672, sp=sp@entry=139856829300560, addr=90503553219089, is_write=is_write@entry=false, access_size=16, fatal=false, exp=<optimized out>) at ../../../../src/libsanitizer/asan/asan_report.cpp:497
            #12 0x00007f33088fd42e in __asan::ReportGenericError (pc=<optimized out>, bp=bp@entry=139856829302672, sp=sp@entry=139856829300560, addr=addr@entry=90503553219089, is_write=is_write@entry=false, access_size=access_size@entry=16, exp=<optimized out>, fatal=false) at ../../../../src/libsanitizer/asan/asan_report.cpp:497
            #13 0x00007f33088f18d1 in ___interceptor_memcpy (dst=0x52500023fa18, src=0x52500023fa08, size=16) at ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors_memintrinsics.inc:115
            #14 0x0000562b5193ff89 in QUICK_GROUP_MIN_MAX_SELECT::next_min_max_in_range (this=0x513000051100, min=true, reverse=false) at /home/ycp/source/mariadb-server/main/src/sql/opt_range.cc:16679
            #15 0x0000562b5193e40a in QUICK_GROUP_MIN_MAX_SELECT::next_min_max (this=0x513000051100, min=true, reverse=false) at /home/ycp/source/mariadb-server/main/src/sql/opt_range.cc:16365
            #16 0x0000562b5193db5c in QUICK_GROUP_MIN_MAX_SELECT::get_next (this=0x513000051100) at /home/ycp/source/mariadb-server/main/src/sql/opt_range.cc:16240
            #17 0x0000562b5198748c in rr_quick (info=0x52d000357140) at /home/ycp/source/mariadb-server/main/src/sql/records.cc:398
            #18 0x0000562b51951cae in READ_RECORD::read_record (this=0x52d000357140) at /home/ycp/source/mariadb-server/main/src/sql/records.h:77
            #19 0x0000562b51db3799 in join_init_read_record (tab=0x52d000357070) at /home/ycp/source/mariadb-server/main/src/sql/sql_select.cc:25251
            #20 0x0000562b51dacf00 in sub_select (join=0x52d000354700, join_tab=0x52d000357070, end_of_records=false) at /home/ycp/source/mariadb-server/main/src/sql/sql_select.cc:24183
            #21 0x0000562b51dab30c in do_select (join=0x52d000354700, procedure=0x0) at /home/ycp/source/mariadb-server/main/src/sql/sql_select.cc:23697
            #22 0x0000562b51d2c518 in JOIN::exec_inner (this=0x52d000354700) at /home/ycp/source/mariadb-server/main/src/sql/sql_select.cc:5059
            #23 0x0000562b51d29c88 in JOIN::exec (this=0x52d000354700) at /home/ycp/source/mariadb-server/main/src/sql/sql_select.cc:4842
            #24 0x0000562b51d2d963 in mysql_select (thd=0x52c0000b0288, tables=0x52d000352d80, fields=@0x52d000352840: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x52d000352ce8, last = 0x52d000352ce8, elements = 1}, <No data fields>}, conds=0x52d000353ac8, og_num=1, order=0x0, group=0x52d000353d10, having=0x0, proc_param=0x0, select_options=2164525824, result=0x52d0003546d0, unit=0x52c0000b47b0, select_lex=0x52d000352588) at /home/ycp/source/mariadb-server/main/src/sql/sql_select.cc:5375
            #25 0x0000562b51d01065 in handle_select (thd=0x52c0000b0288, lex=0x52c0000b46d0, result=0x52d0003546d0, setup_tables_done_option=0) at /home/ycp/source/mariadb-server/main/src/sql/sql_select.cc:633
            #26 0x0000562b51c3fa93 in execute_sqlcom_select (thd=0x52c0000b0288, all_tables=0x52d000352d80) at /home/ycp/source/mariadb-server/main/src/sql/sql_parse.cc:6191
            #27 0x0000562b51c2faef in mysql_execute_command (thd=0x52c0000b0288, is_called_from_prepared_stmt=false) at /home/ycp/source/mariadb-server/main/src/sql/sql_parse.cc:3979
            #28 0x0000562b51c49371 in mysql_parse (thd=0x52c0000b0288, rawbuf=0x52d0003524a8 "SELECT MIN(b) FROM t1 WHERE b = 3 OR b IS NULL GROUP BY a", length=57, parser_state=0x7f32f3b29280) at /home/ycp/source/mariadb-server/main/src/sql/sql_parse.cc:7915
            #29 0x0000562b51c22256 in dispatch_command (command=COM_QUERY, thd=0x52c0000b0288, packet=0x529000253289 "", packet_length=57, blocking=true) at /home/ycp/source/mariadb-server/main/src/sql/sql_parse.cc:1902
            #30 0x0000562b51c1f64a in do_command (thd=0x52c0000b0288, blocking=true) at /home/ycp/source/mariadb-server/main/src/sql/sql_parse.cc:1415
            #31 0x0000562b520ae458 in do_handle_one_connection (connect=0x511000024388, put_in_cache=true) at /home/ycp/source/mariadb-server/main/src/sql/sql_connect.cc:1415
            #32 0x0000562b520adfed in handle_one_connection (arg=0x511000024248) at /home/ycp/source/mariadb-server/main/src/sql/sql_connect.cc:1327
            #33 0x0000562b52c75c4e in pfs_spawn_thread (arg=0x518000004d08) at /home/ycp/source/mariadb-server/main/src/storage/perfschema/pfs.cc:2198
            #34 0x00007f330885ae56 in asan_thread_start (arg=0x7f32f4a19000) at ../../../../src/libsanitizer/asan/asan_interceptors.cpp:234
            #35 0x00007f33080a8134 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
            #36 0x00007f33081287dc in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

             - saving '/home/ycp/source/mariadb-server/main/build/mysql-test/var/log/temp.mdev_32732_asan/' to '/home/ycp/source/mariadb-server/main/build/mysql-test/var/log/temp.mdev_32732_asan/'
            ***Warnings generated in error logs during shutdown after running tests: temp.mdev_32732_asan

            ==3369712==ERROR: AddressSanitizer: unknown-crash on address 0x52500023fa11 at pc 0x7f33088f18b6 bp 0x7f32f4a14790 sp 0x7f32f4a13f50
            SUMMARY: AddressSanitizer: unknown-crash ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors_memintrinsics.inc:115 in memcpy
            250306 10:41:31 [ERROR] /home/ycp/source/mariadb-server/main/build/sql/mariadbd got signal 6 ;
            Attempting backtrace. Include this in the bug report.
            {noformat}
            ycp Yuchen Pei made changes -
            Status Open [ 1 ] Confirmed [ 10101 ]
            ycp Yuchen Pei added a comment -

            Hi psergei, ptal thanks:

            005f958e24d upstream/bb-10.11-mdev-36220 MDEV-36220 Correct length in memcpy saving and restoring found NULL record in loose index scan of min

            ycp Yuchen Pei added a comment - Hi psergei , ptal thanks: 005f958e24d upstream/bb-10.11-mdev-36220 MDEV-36220 Correct length in memcpy saving and restoring found NULL record in loose index scan of min
            ycp Yuchen Pei made changes -
            Assignee Yuchen Pei [ JIRAUSER52627 ] Sergei Petrunia [ psergey ]
            Status Confirmed [ 10101 ] In Review [ 10002 ]
            psergei Sergei Petrunia added a comment -

            ycp, this patch looks good.
            Re the comment about

            If we remove all the NULL_RANGE treatment in next_min_in_range...

            let me get to that separately.

            psergei Sergei Petrunia added a comment - ycp , this patch looks good. Re the comment about If we remove all the NULL_RANGE treatment in next_min_in_range... let me get to that separately.
            psergei Sergei Petrunia made changes -
            Assignee Sergei Petrunia [ psergey ] Yuchen Pei [ JIRAUSER52627 ]
            Status In Review [ 10002 ] Stalled [ 10000 ]
            ycp Yuchen Pei added a comment -

            I believe the NULL_RANGE treatment has been studied and understood in MDEV-32732, and there's nothing to do about it in this MDEV. The patch is a minimal change not touching that either. Will push soon.

            ycp Yuchen Pei added a comment - I believe the NULL_RANGE treatment has been studied and understood in MDEV-32732 , and there's nothing to do about it in this MDEV. The patch is a minimal change not touching that either. Will push soon.
            ycp Yuchen Pei added a comment -

            Pushed b50df7bbd4f189ac6117b3ff5eb1d79fe83fa7e2 to 10.11

            ycp Yuchen Pei added a comment - Pushed b50df7bbd4f189ac6117b3ff5eb1d79fe83fa7e2 to 10.11
            ycp Yuchen Pei made changes -
            Fix Version/s 10.11.12 [ 29998 ]
            Fix Version/s 10.11 [ 27614 ]
            Resolution Fixed [ 1 ]
            Status Stalled [ 10000 ] Closed [ 6 ]
            JIraAutomate JiraAutomate made changes -
            Fix Version/s 11.4.6 [ 29999 ]
            Fix Version/s 11.8.2 [ 30001 ]

            People

              ycp Yuchen Pei
              ycp Yuchen Pei
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.