[#MDEV-18496] Crashes, asserts, errors and hangs when Aria encryption is enabled/used, but plugin is not loaded

[MDEV-18496] Crashes, asserts, errors and hangs when Aria encryption is enabled/used, but plugin is not loaded Created: 2019-02-06 Updated: 2021-07-28 Resolved: 2020-07-29
Status:	Closed
Project:	MariaDB Server
Component/s:	Encryption, Storage Engine - Aria
Affects Version/s:	10.1, 10.2, 10.3, 10.4, 10.5
Fix Version/s:	10.1.46, 10.2.33, 10.3.24, 10.4.14, 10.5.5

Type:

Bug

Priority:

Critical

Reporter:

Elena Stepanova

Assignee:

Sergei Golubchik

Resolution:

Fixed

Votes:

Labels:

affects-tests, corruption

Issue Links:

Relates
relates to	~~MDEV-23222~~	MDEV-23222 SIGSEG in maria_create() b...	Closed
relates to	~~MDEV-26258~~	Various crashes/asserts/corruptions w...	Closed
relates to	~~MDEV-21460~~	ER_NOT_KEYFILE or Assertion `! is_set...	Closed
relates to	MDEV-23977	FK Reference issue in Aria (or InnoDB...	Open
relates to	MDEV-24640	ALTER on Aria table with aria_encrypt...	Confirmed

Description

SET @aria.encrypt= @@aria_encrypt_tables;

SET GLOBAL aria_encrypt_tables= 1;

CREATE TABLE t1 (pk INT PRIMARY KEY, a INT, KEY(a)) ENGINE=Aria TRANSACTIONAL=1;

ALTER TABLE t1 DISABLE KEYS;

INSERT INTO t1 VALUES  (1,1);

ALTER TABLE t1 ENABLE KEYS;

# Cleanup

DROP TABLE t1;

SET GLOBAL aria_encrypt_tables= @aria.encrypt;

On 10.2 and higher, it causes double free or corruption / server crash / assertion failure:

10.2 e84dc567 RelWithDebInfo
#4 0x00007fcc63cb83fa in abort () from /lib/x86_64-linux-gnu/libc.so.6
#5 0x00007fcc63cf4bd0 in __libc_message () from /lib/x86_64-linux-gnu/libc.so.6
#6 0x00007fcc63cfaf96 in malloc_printerr () from /lib/x86_64-linux-gnu/libc.so.6
#7 0x00007fcc63cfb78e in _int_free () from /lib/x86_64-linux-gnu/libc.so.6
#8 0x000055658523b607 in ma_crypt_post_write_hook (res=0, args=0x7fcc5df843f0) at /data/src/10.2/storage/maria/ma_crypt.c:322
#9 0x0000556585266203 in write_page (share=0x7fcc4c0a58b8, file=56, buff=<optimized out>, block_size=<optimized out>, pos=pos@entry=16384, myf_rw=myf_rw@entry=20) at /data/src/10.2/storage/maria/ma_check.c:3204
#10 0x000055658526e902 in _ma_flush_pending_blocks (sort_param=sort_param@entry=0x7fcc5df849f0) at /data/src/10.2/storage/maria/ma_check.c:5935
#11 0x0000556585276bfe in _ma_create_index_by_sort (info=0x7fcc5df849f0, no_messages=<optimized out>, sortbuff_size=<optimized out>) at /data/src/10.2/storage/maria/ma_sort.c:269
#12 0x0000556585273ec8 in maria_repair_by_sort (param=0x7fcc4c029ab0, info=0x7fcc4c03a510, name=0x0, rep_quick=-1 '\377') at /data/src/10.2/storage/maria/ma_check.c:3895
#13 0x000055658521f19d in ha_maria::repair (this=this@entry=0x7fcc4c0a51c0, thd=thd@entry=0x7fcc4c0009a8, param=param@entry=0x7fcc4c029ab0, do_optimize=do_optimize@entry=false) at /data/src/10.2/storage/maria/ha_maria.cc:1675
#14 0x000055658521f89a in ha_maria::enable_indexes (this=0x7fcc4c0a51c0, mode=<optimized out>) at /data/src/10.2/storage/maria/ha_maria.cc:2033
#15 0x0000556584e59f70 in alter_table_manage_keys (table=0x7fcc4c0922c8, indexes_were_disabled=1576549984, keys_onoff=Alter_info::LEAVE_AS_IS, keys_onoff@entry=Alter_info::ENABLE) at /data/src/10.2/sql/sql_table.cc:7081
#16 0x0000556584f9cd56 in simple_rename_or_index_change (alter_ctx=0x7fcc5df868b0, keys_onoff=Alter_info::ENABLE, table_list=0x7fcc4c00f188, thd=0x7fcc4c0009a8) at /data/src/10.2/sql/sql_table.cc:8620
#17 mysql_alter_table (thd=<optimized out>, new_db=<optimized out>, new_name=<optimized out>, create_info=<optimized out>, table_list=0x7fcc4c00f188, alter_info=<optimized out>, order_num=0, order=0x0, ignore=false) at /data/src/10.2/sql/sql_table.cc:9088
#18 0x0000556584fe6f0d in Sql_cmd_alter_table::execute (this=0x2, thd=0x7fcc4c0009a8) at /data/src/10.2/sql/sql_alter.cc:329
#19 0x0000556584f101c7 in mysql_execute_command (thd=0x7fcc4c0009a8) at /data/src/10.2/sql/sql_parse.cc:6231
#20 0x0000556584f16f49 in mysql_parse (thd=0x7fcc4c0009a8, rawbuf=<optimized out>, length=26, parser_state=0x7fcc5df89240, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /data/src/10.2/sql/sql_parse.cc:8018
#21 0x0000556584f19c1a in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x7fcc4c0009a8, packet=packet@entry=0x7fcc4c006cf9 "ALTER TABLE t1 ENABLE KEYS", packet_length=packet_length@entry=26, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /data/src/10.2/sql/sql_parse.cc:1829
#22 0x0000556584f1a468 in do_command (thd=0x7fcc4c0009a8) at /data/src/10.2/sql/sql_parse.cc:1379
#23 0x0000556584fe4224 in do_handle_one_connection (connect=connect@entry=0x5565886f9d48) at /data/src/10.2/sql/sql_connect.cc:1336
#24 0x0000556584fe43c4 in handle_one_connection (arg=arg@entry=0x5565886f9d48) at /data/src/10.2/sql/sql_connect.cc:1242
#25 0x00005565852a9d54 in pfs_spawn_thread (arg=0x5565886bc668) at /data/src/10.2/storage/perfschema/pfs.cc:1862
#26 0x00007fcc65986494 in start_thread (arg=0x7fcc5df8a700) at pthread_create.c:333
#27 0x00007fcc63d6c93f in clone () from /lib/x86_64-linux-gnu/libc.so.6

* Error in `/data/bld/10.2-rel/bin/mysqld': double free or corruption (out): 0x00007fcc4c0c7750 *
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x70bcb)[0x7fcc63cf4bcb]
/lib/x86_64-linux-gnu/libc.so.6(+0x76f96)[0x7fcc63cfaf96]
/lib/x86_64-linux-gnu/libc.so.6(+0x7778e)[0x7fcc63cfb78e]
/data/bld/10.2-rel/bin/mysqld(+0x7f0607)[0x55658523b607]
/data/bld/10.2-rel/bin/mysqld(+0x81b203)[0x556585266203]
/data/bld/10.2-rel/bin/mysqld(+0x823902)[0x55658526e902]
/data/bld/10.2-rel/bin/mysqld(+0x82bbfe)[0x556585276bfe]
/data/bld/10.2-rel/bin/mysqld(+0x828ec8)[0x556585273ec8]
/data/bld/10.2-rel/bin/mysqld(+0x7d419d)[0x55658521f19d]
/data/bld/10.2-rel/bin/mysqld(+0x7d489a)[0x55658521f89a]
/data/bld/10.2-rel/bin/mysqld(+0x40ef70)[0x556584e59f70]
/data/bld/10.2-rel/bin/mysqld(_Z17mysql_alter_tableP3THDPcS1_P14HA_CREATE_INFOP10TABLE_LISTP10Alter_infojP8st_orderb+0x10b6)[0x556584f9cd56]
/data/bld/10.2-rel/bin/mysqld(_ZN19Sql_cmd_alter_table7executeEP3THD+0x64d)[0x556584fe6f0d]
/data/bld/10.2-rel/bin/mysqld(_Z21mysql_execute_commandP3THD+0x1347)[0x556584f101c7]
/data/bld/10.2-rel/bin/mysqld(_Z11mysql_parseP3THDPcjP12Parser_statebb+0x279)[0x556584f16f49]
/data/bld/10.2-rel/bin/mysqld(_Z16dispatch_command19enum_server_commandP3THDPcjbb+0x1f3a)[0x556584f19c1a]
/data/bld/10.2-rel/bin/mysqld(_Z10do_commandP3THD+0x168)[0x556584f1a468]
/data/bld/10.2-rel/bin/mysqld(_Z24do_handle_one_connectionP7CONNECT+0x234)[0x556584fe4224]
/data/bld/10.2-rel/bin/mysqld(handle_one_connection+0x34)[0x556584fe43c4]
/data/bld/10.2-rel/bin/mysqld(+0x85ed54)[0x5565852a9d54]
/lib/x86_64-linux-gnu/libpthread.so.0(+0x7494)[0x7fcc65986494]
/lib/x86_64-linux-gnu/libc.so.6(clone+0x3f)[0x7fcc63d6c93f]
======= Memory map: ========
556584a4b000-556585ace000 r-xp 00000000 08:11 35261781 /data/bld/10.2-rel/bin/mysqld
556585cce000-556585dad000 r--p 01083000 08:11 35261781 /data/bld/10.2-rel/bin/mysqld
556585dad000-556585e66000 rw-p 01162000 08:11 35261781 /data/bld/10.2-rel/bin/mysqld
556585e66000-5565866fd000 rw-p 00000000 00:00 0
556588466000-556588744000 rw-p 00000000 00:00 0 [heap]
7fcc48000000-7fcc48021000 rw-p 00000000 00:00 0
7fcc48021000-7fcc4c000000 ---p 00000000 00:00 0
7fcc4c000000-7fcc4c18e000 rw-p 00000000 00:00 0
7fcc4c18e000-7fcc50000000 ---p 00000000 00:00 0
7fcc50000000-7fcc50021000 rw-p 00000000 00:00 0
7fcc50021000-7fcc54000000 ---p 00000000 00:00 0
7fcc54000000-7fcc54021000 rw-p 00000000 00:00 0
7fcc54021000-7fcc58000000 ---p 00000000 00:00 0
7fcc58000000-7fcc58021000 rw-p 00000000 00:00 0
7fcc58021000-7fcc5c000000 ---p 00000000 00:00 0
7fcc5df41000-7fcc5df42000 ---p 00000000 00:00 0
7fcc5df42000-7fcc5df8b000 rw-p 00000000 00:00 0 [stack:13267]
7fcc5df8b000-7fcc5df8c000 ---p 00000000 00:00 0
7fcc5df8c000-7fcc5dfd5000 rw-p 00000000 00:00 0 [stack:13264]
7fcc5dfd5000-7fcc5dfd6000 ---p 00000000 00:00 0
7fcc5dfd6000-7fcc5e01f000 rw-p 00000000 00:00 0 [stack:13263]
7fcc5e01f000-7fcc5e020000 ---p 00000000 00:00 0
7fcc5e020000-7fcc5f38b000 rw-p 00000000 00:00 0 [stack:13262]
7fcc5f38b000-7fcc5f38c000 ---p 00000000 00:00 0
7fcc5f38c000-7fcc63c84000 rw-p 00000000 00:00 0 [stack:13261]
7fcc63c84000-7fcc63e19000 r-xp 00000000 08:05 3152648 /lib/x86_64-linux-gnu/libc-2.24.so
7fcc63e19000-7fcc64018000 ---p 00195000 08:05 3152648 /lib/x86_64-linux-gnu/libc-2.24.so
7fcc64018000-7fcc6401c000 r--p 00194000 08:05 3152648 /lib/x86_64-linux-gnu/libc-2.24.so
7fcc6401c000-7fcc6401e000 rw-p 00198000 08:05 3152648 /lib/x86_64-linux-gnu/libc-2.24.so
7fcc6401e000-7fcc64022000 rw-p 00000000 00:00 0
7fcc64022000-7fcc64038000 r-xp 00000000 08:05 3145732 /lib/x86_64-linux-gnu/libgcc_s.so.1
7fcc64038000-7fcc64237000 ---p 00016000 08:05 3145732 /lib/x86_64-linux-gnu/libgcc_s.so.1
7fcc64237000-7fcc64238000 rw-p 00015000 08:05 3145732 /lib/x86_64-linux-gnu/libgcc_s.so.1
7fcc64238000-7fcc6433b000 r-xp 00000000 08:05 3152660 /lib/x86_64-linux-gnu/libm-2.24.so
7fcc6433b000-7fcc6453a000 ---p 00103000 08:05 3152660 /lib/x86_64-linux-gnu/libm-2.24.so
7fcc6453a000-7fcc6453b000 r--p 00102000 08:05 3152660 /lib/x86_64-linux-gnu/libm-2.24.so
7fcc6453b000-7fcc6453c000 rw-p 00103000 08:05 3152660 /lib/x86_64-linux-gnu/libm-2.24.so
7fcc6453c000-7fcc646ae000 r-xp 00000000 08:05 1577675 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.22
7fcc646ae000-7fcc648ae000 ---p 00172000 08:05 1577675 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.22
7fcc648ae000-7fcc648b8000 r--p 00172000 08:05 1577675 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.22
7fcc648b8000-7fcc648ba000 rw-p 0017c000 08:05 1577675 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.22
7fcc648ba000-7fcc648be000 rw-p 00000000 00:00 0
7fcc648be000-7fcc648c1000 r-xp 00000000 08:05 3152657 /lib/x86_64-linux-gnu/libdl-2.24.so
7fcc648c1000-7fcc64ac0000 ---p 00003000 08:05 3152657 /lib/x86_64-linux-gnu/libdl-2.24.so
7fcc64ac0000-7fcc64ac1000 r--p 00002000 08:05 3152657 /lib/x86_64-linux-gnu/libdl-2.24.so
7fcc64ac1000-7fcc64ac2000 rw-p 00003000 08:05 3152657 /lib/x86_64-linux-gnu/libdl-2.24.so
7fcc64ac2000-7fcc64c8f000 r-xp 00000000 08:05 1576357 /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0
7fcc64c8f000-7fcc64e8e000 ---p 001cd000 08:05 1576357 /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0
7fcc64e8e000-7fcc64eab000 r--p 001cc000 08:05 1576357 /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0
7fcc64eab000-7fcc64ebb000 rw-p 001e9000 08:05 1576357 /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0
7fcc64ebb000-7fcc64ebe000 rw-p 00000000 00:00 0
7fcc64ebe000-7fcc64f15000 r-xp 00000000 08:05 1576361 /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0
7fcc64f15000-7fcc65115000 ---p 00057000 08:05 1576361 /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0
7fcc65115000-7fcc65118000 r--p 00057000 08:05 1576361 /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0
7fcc65118000-7fcc6511e000 rw-p 0005a000 08:05 1576361 /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0
7fcc6511e000-7fcc6511f000 rw-p 00000000 00:00 0
7fcc6511f000-7fcc65127000 r-xp 00000000 08:05 3152654 /lib/x86_64-linux-gnu/libcrypt-2.24.so
7fcc65127000-7fcc65327000 ---p 00008000 08:05 3152654 /lib/x86_64-linux-gnu/libcrypt-2.24.so
7fcc65327000-7fcc65328000 r--p 00008000 08:05 3152654 /lib/x86_64-linux-gnu/libcrypt-2.24.so
7fcc65328000-7fcc65329000 rw-p 00009000 08:05 3152654 /lib/x86_64-linux-gnu/libcrypt-2.24.so
7fcc65329000-7fcc65357000 rw-p 00000000 00:00 0
7fcc65357000-7fcc65371000 r-xp 00000000 08:05 3145828 /lib/x86_64-linux-gnu/libz.so.1.2.8
7fcc65371000-7fcc65570000 ---p 0001a000 08:05 3145828 /lib/x86_64-linux-gnu/libz.so.1.2.8
7fcc65570000-7fcc65571000 r--p 00019000 08:05 3145828 /lib/x86_64-linux-gnu/libz.so.1.2.8
7fcc65571000-7fcc65572000 rw-p 0001a000 08:05 3145828 /lib/x86_64-linux-gnu/libz.so.1.2.8
7fcc65572000-7fcc6557c000 r-xp 00000000 08:05 1586559 /usr/lib/x86_64-linux-gnu/libnuma.so.1.0.0
7fcc6557c000-7fcc6577b000 ---p 0000a000 08:05 1586559 /usr/lib/x86_64-linux-gnu/libnuma.so.1.0.0
7fcc6577b000-7fcc6577c000 r--p 00009000 08:05 1586559 /usr/lib/x86_64-linux-gnu/libnuma.so.1.0.0
7fcc6577c000-7fcc6577d000 rw-p 0000a000 08:05 1586559 /usr/lib/x86_64-linux-gnu/libnuma.so.1.0.0
7fcc6577d000-7fcc6577e000 r-xp 00000000 08:05 3152558 /lib/x86_64-linux-gnu/libaio.so.1.0.1
7fcc6577e000-7fcc6597d000 ---p 00001000 08:05 3152558 /lib/x86_64-linux-gnu/libaio.so.1.0.1
7fcc6597d000-7fcc6597e000 r--p 00000000 08:05 3152558 /lib/x86_64-linux-gnu/libaio.so.1.0.1
7fcc6597e000-7fcc6597f000 rw-p 00001000 08:05 3152558 /lib/x86_64-linux-gnu/libaio.so.1.0.1
7fcc6597f000-7fcc65997000 r-xp 00000000 08:05 3152800 /lib/x86_64-linux-gnu/libpthread-2.24.so
7fcc65997000-7fcc65b96000 ---p 00018000 08:05 3152800 /lib/x86_64-linux-gnu/libpthread-2.24.so
7fcc65b96000-7fcc65b97000 r--p 00017000 08:05 3152800 /lib/x86_64-linux-gnu/libpthread-2.24.so
7fcc65b97000-7fcc65b98000 rw-p 00018000 08:05 3152800 /lib/x86_64-linux-gnu/libpthread-2.24.so
7fcc65b98000-7fcc65b9c000 rw-p 00000000 00:00 0
7fcc65b9c000-7fcc65bbf000 r-xp 00000000 08:05 3145795 /lib/x86_64-linux-gnu/ld-2.24.so
7fcc65bd3000-7fcc65da4000 rw-p 00000000 00:00 0
7fcc65dbb000-7fcc65dbf000 rw-p 00000000 00:00 0
7fcc65dbf000-7fcc65dc0000 r--p 00023000 08:05 3145795 /lib/x86_64-linux-gnu/ld-2.24.so
7fcc65dc0000-7fcc65dc1000 rw-p 00024000 08:05 3145795 /lib/x86_64-linux-gnu/ld-2.24.so
7fcc65dc1000-7fcc65dc2000 rw-p 00000000 00:00 0
7ffd6a7ac000-7ffd6a7cf000 rw-p 00000000 00:00 0 [stack]
7ffd6a7ea000-7ffd6a7ec000 r-xp 00000000 00:00 0 [vdso]
7ffd6a7ec000-7ffd6a7ee000 r--p 00000000 00:00 0 [vvar]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]

10.2 e84dc567
2019-02-06 23:47:08 140615339529984 [ERROR] mysqld: Unknown key id 1. Can't continue!
2019-02-06 23:47:08 140615339529984 [ERROR] mysqld: Unknown key id 1. Can't continue!
Error: Freeing unallocated data or underrun buffer mysys/safemalloc.c:194, mysys/my_malloc.c:220, maria/ma_crypt.c:325, maria/ma_check.c:3205, maria/ma_check.c:5935, maria/ma_sort.c:269, maria/ma_check.c:3895, maria/ha_maria.cc:1675
mysqld: /data/src/10.2/sql/sql_error.cc:380: void Diagnostics_area::set_ok_status(ulonglong, ulonglong, const char*): Assertion `!is_set() \|\| (m_status == DA_OK_BULK && is_bulk_op())' failed.
190206 23:47:08 [ERROR] mysqld got signal 6 ;

#8 0x0000563a36220583 in Diagnostics_area::set_ok_status (this=0x7fe378005ca0, affected_rows=0, last_insert_id=0, message=0x0) at /data/src/10.2/sql/sql_error.cc:380
#9 0x0000563a361d2ba5 in my_ok (thd=0x7fe378000b00, affected_rows=0, id=0, message=0x0) at /data/src/10.2/sql/sql_class.h:4509
#10 0x0000563a36322a32 in simple_rename_or_index_change (thd=0x7fe378000b00, table_list=0x7fe378012540, keys_onoff=Alter_info::ENABLE, alter_ctx=0x7fe38f5ca240) at /data/src/10.2/sql/sql_table.cc:8671
#11 0x0000563a36323b67 in mysql_alter_table (thd=0x7fe378000b00, new_db=0x7fe378012b50 "test", new_name=0x0, create_info=0x7fe38f5cae50, table_list=0x7fe378012540, alter_info=0x7fe38f5cada0, order_num=0, order=0x0, ignore=false) at /data/src/10.2/sql/sql_table.cc:9088
#12 0x0000563a3639fdd7 in Sql_cmd_alter_table::execute (this=0x7fe378012b58, thd=0x7fe378000b00) at /data/src/10.2/sql/sql_alter.cc:329
#13 0x0000563a36256520 in mysql_execute_command (thd=0x7fe378000b00) at /data/src/10.2/sql/sql_parse.cc:6231
#14 0x0000563a3625b381 in mysql_parse (thd=0x7fe378000b00, rawbuf=0x7fe378012458 "ALTER TABLE t1 ENABLE KEYS", length=26, parser_state=0x7fe38f5cc200, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:8018
#15 0x0000563a36248cbb in dispatch_command (command=COM_QUERY, thd=0x7fe378000b00, packet=0x7fe37808ddb1 "ALTER TABLE t1 ENABLE KEYS", packet_length=26, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:1829
#16 0x0000563a362475c6 in do_command (thd=0x7fe378000b00) at /data/src/10.2/sql/sql_parse.cc:1379
#17 0x0000563a3639aa6e in do_handle_one_connection (connect=0x563a391a0a60) at /data/src/10.2/sql/sql_connect.cc:1336
#18 0x0000563a3639a7fb in handle_one_connection (arg=0x563a391a0a60) at /data/src/10.2/sql/sql_connect.cc:1242
#19 0x0000563a367c1f3e in pfs_spawn_thread (arg=0x563a391ab7b0) at /data/src/10.2/storage/perfschema/pfs.cc:1862
#20 0x00007fe39aff6494 in start_thread (arg=0x7fe38f5cd700) at pthread_create.c:333
#21 0x00007fe3993dc93f in clone () from /lib/x86_64-linux-gnu/libc.so.6

10.1 does not crash for me on a release build, but the debug assertion fails and Freeing unallocated data or underrun buffer is reported

10.1 5eb3e4d8
Error: Freeing unallocated data or underrun buffer 0x55737552201e, 0x55737550f885, 0x5573750b373c, 0x55737510a68a, mysys/safemalloc.c:191, mysys/my_malloc.c:220, maria/ma_crypt.c:325, maria/ma_check.c:3204
mysqld: /data/src/10.1/sql/sql_error.cc:378: void Diagnostics_area::set_ok_status(ulonglong, ulonglong, const char*): Assertion `! is_set()' failed.
190206 23:48:43 [ERROR] mysqld got signal 6 ;

#7 0x00007faaaa65fee2 in __assert_fail () from /lib/x86_64-linux-gnu/libc.so.6
#8 0x0000557374c481ec in Diagnostics_area::set_ok_status (this=0x7faaa34da000, affected_rows=0, last_insert_id=0, message=0x0) at /data/src/10.1/sql/sql_error.cc:378
#9 0x0000557374c00acb in my_ok (thd=0x7faaa34d5070, affected_rows=0, id=0, message=0x0) at /data/src/10.1/sql/sql_class.h:4183
#10 0x0000557374d38a31 in simple_rename_or_index_change (thd=0x7faaa34d5070, table_list=0x7faaa1843170, keys_onoff=Alter_info::ENABLE, alter_ctx=0x7faaac6e0710) at /data/src/10.1/sql/sql_table.cc:8337
#11 0x0000557374d3982c in mysql_alter_table (thd=0x7faaa34d5070, new_db=0x7faaa1843760 "test", new_name=0x0, create_info=0x7faaac6e1300, table_list=0x7faaa1843170, alter_info=0x7faaac6e1270, order_num=0, order=0x0, ignore=false) at /data/src/10.1/sql/sql_table.cc:8679
#12 0x0000557374dac1a3 in Sql_cmd_alter_table::execute (this=0x7faaa1843768, thd=0x7faaa34d5070) at /data/src/10.1/sql/sql_alter.cc:330
#13 0x0000557374c7a739 in mysql_execute_command (thd=0x7faaa34d5070) at /data/src/10.1/sql/sql_parse.cc:5701
#14 0x0000557374c7efdd in mysql_parse (thd=0x7faaa34d5070, rawbuf=0x7faaa1843088 "ALTER TABLE t1 ENABLE KEYS", length=26, parser_state=0x7faaac6e25e0) at /data/src/10.1/sql/sql_parse.cc:7468
#15 0x0000557374c6d82e in dispatch_command (command=COM_QUERY, thd=0x7faaa34d5070, packet=0x7faaa5ff9071 "ALTER TABLE t1 ENABLE KEYS", packet_length=26) at /data/src/10.1/sql/sql_parse.cc:1496
#16 0x0000557374c6c5a7 in do_command (thd=0x7faaa34d5070) at /data/src/10.1/sql/sql_parse.cc:1124
#17 0x0000557374da76de in do_handle_one_connection (thd_arg=0x7faaa34d5070) at /data/src/10.1/sql/sql_connect.cc:1330
#18 0x0000557374da7442 in handle_one_connection (arg=0x7faaa34d5070) at /data/src/10.1/sql/sql_connect.cc:1242
#19 0x000055737516598a in pfs_spawn_thread (arg=0x7faaa9c39ef0) at /data/src/10.1/storage/perfschema/pfs.cc:1861
#20 0x00007faaac363494 in start_thread (arg=0x7faaac6e3b00) at pthread_create.c:333
#21 0x00007faaaa71c93f in clone () from /lib/x86_64-linux-gnu/libc.so.6

Even when it doesn't crash, behaviorally it is strange, because the error is only returned on ALTER TABLE ENABLE KEYS, not on CREATE TABLE or a previous ALTER:

CREATE TABLE t1 (pk INT PRIMARY KEY, a INT, KEY(a)) ENGINE=Aria TRANSACTIONAL=1;

ALTER TABLE t1 DISABLE KEYS;

INSERT INTO t1 VALUES  (1,1);

ALTER TABLE t1 ENABLE KEYS;

bug.crashed2                             [ fail ]

        Test ended at 2019-02-06 23:51:34

CURRENT_TEST: bug.crashed2

mysqltest: At line 7: query 'ALTER TABLE t1 ENABLE KEYS' failed: 192: Unknown key id 1. Can't continue!

Comments

Comment by Roel Van de Paar [ 2020-05-16 ]

USE test;

CREATE TABLE t(c1 INT,KEY(c1))ENGINE=InnoDB;

INSERT INTO t VALUES(55997),(3942);

ALTER TABLE t ENGINE=Aria;

SET GLOBAL aria_encrypt_tables=1;

REPAIR TABLE t USE_FRM;

REPAIR TABLE t USE_FRM;

Leads to:

10.5.3 cfe5ee90c8e4b9dfa98a41fcd299197a59261be7

mysqld: /test/10.5_dbg/sql/mysqld.cc:3519: void my_malloc_size_cb_func(long long int, my_bool): Asserti

on `(longlong) thd->status_var.local_memory_used >= 0 || !debug_assert_on_not_freed_memory' failed.

10.5.3 cfe5ee90c8e4b9dfa98a41fcd299197a59261be7
Core was generated by `/test/MD110520-mariadb-10.5.3-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'
.
Program terminated with signal SIGABRT, Aborted.
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=6)
at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
[Current thread is 1 (Thread 0x1532354b3700 (LWP 231988))]
(gdb) bt
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=6) at ../sysdeps/unix/sysv/linux/pthrea
d_kill.c:57
#1 0x000055fca066fc11 in my_write_core (sig=sig@entry=6) at /test/10.5_dbg/mysys/stacktrace.c:518
#2 0x000055fc9fe14f8d in handle_fatal_signal (sig=6) at /test/10.5_dbg/sql/signal_handler.cc:329
#3 <signal handler called>
#4 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#5 0x0000153233bf7801 in __GI_abort () at abort.c:79
#6 0x0000153233be739a in __assert_fail_base (fmt=0x153233d6e7d8 "%s%s%s:%u: %s%sAssertion `%s' failed.
\n%n", assertion=assertion@entry=0x55fca07b7dc0 "(longlong) thd->status_var.local_memory_used >= 0 \|\| !
debug_assert_on_not_freed_memory", file=file@entry=0x55fca07b4004 "/test/10.5_dbg/sql/mysqld.cc", line=
line@entry=3519, function=function@entry=0x55fca07bdf40 <my_malloc_size_cb_func::__PRETTY_FUNCTION__> "
void my_malloc_size_cb_func(long long int, my_bool)") at assert.c:92
#7 0x0000153233be7412 in __GI___assert_fail (assertion=assertion@entry=0x55fca07b7dc0 "(longlong) thd->status_var.local_memory_used >= 0 \|\| !debug_assert_on_not_freed_memory", file=file@entry=0x55fca07b4004 "/test/10.5_dbg/sql/mysqld.cc", line=line@entry=3519, function=function@entry=0x55fca07bdf40 <my_malloc_size_cb_func::__PRETTY_FUNCTION__> "void my_malloc_size_cb_func(long long int, my_bool)") at assert.c:101
#8 0x000055fc9fa67c1e in my_malloc_size_cb_func (size=<optimized out>, is_thread_specific=<optimized out>) at /test/10.5_dbg/sql/mysqld.cc:3518
#9 0x000055fca066af83 in my_free (ptr=0x153211db7188) at /test/10.5_dbg/mysys/my_malloc.c:200
#10 0x000055fca009b64e in ma_crypt_post_write_hook (res=0, args=0x1532354af2b0) at /test/10.5_dbg/storage/maria/ma_crypt.c:321
#11 0x000055fca00d87fa in write_page (share=0x153211d74088, file=39, buff=<optimized out>, block_size=8192, pos=pos@entry=8192, myf_rw=myf_rw@entry=52) at /test/10.5_dbg/storage/maria/ma_check.c:3215
#12 0x000055fca00e04fd in _ma_flush_pending_blocks (sort_param=sort_param@entry=0x1532354afa90) at /test/10.5_dbg/storage/maria/ma_check.c:5954
#13 0x000055fca00eb494 in _ma_create_index_by_sort (info=info@entry=0x1532354afa90, no_messages=<optimized out>, sortbuff_size=<optimized out>) at /test/10.5_dbg/storage/maria/ma_sort.c:267
#14 0x000055fca00e4a67 in maria_repair_by_sort (param=param@entry=0x153211d820a0, info=0x153211d76088, name=name@entry=0x1532354b1120 "./test/t", rep_quick=<optimized out>) at /test/10.5_dbg/storage/maria/ma_check.c:3908
#15 0x000055fca00656df in ha_maria::repair (this=this@entry=0x153211d618a0, thd=thd@entry=0x153211c15088, param=param@entry=0x153211d820a0, do_optimize=do_optimize@entry=false) at /test/10.5_dbg/storage/maria/ha_maria.cc:1656
#16 0x000055fca0065fb4 in ha_maria::repair (this=0x153211d618a0, thd=0x153211c15088, check_opt=0x153211c1a330) at /test/10.5_dbg/storage/maria/ha_maria.cc:1451
#17 0x000055fc9fe22c6b in handler::ha_repair (this=0x153211d618a0, thd=0x153211c15088, check_opt=0x153211c1a330) at /test/10.5_dbg/sql/handler.cc:4527
#18 0x000055fc9fccfbab in mysql_admin_table (thd=thd@entry=0x153211c15088, tables=tables@entry=0x153211c74168, check_opt=check_opt@entry=0x153211c1a330, operator_name=operator_name@entry=0x55fca0b4e026 "repair", lock_type=lock_type@entry=TL_WRITE, org_open_for_modify=org_open_for_modify@entry=true, repair_table_use_frm=true, extra_open_options=32, prepare_func=0x55fc9fccdc5d <prepare_for_repair(THD, TABLE_LIST, HA_CHECK_OPT)>, operator_func=(int (handler::)(handler * const, THD , HA_CHECK_OPT )) 0x55fc9fe22c3a <handler::ha_repair(THD, st_ha_check_opt)>, view_operator_func=0x55fc9fc67fa2 <view_repair(THD, TABLE_LIST, st_ha_check_opt*)>) at /test/10.5_dbg/sql/sql_admin.cc:806
#19 0x000055fc9fcd1852 in Sql_cmd_repair_table::execute (this=<optimized out>, thd=0x153211c15088) at /test/10.5_dbg/sql/sql_admin.cc:1407
#20 0x000055fc9fb70eda in mysql_execute_command (thd=thd@entry=0x153211c15088) at /test/10.5_dbg/sql/sql_parse.cc:5912
#21 0x000055fc9fb78804 in mysql_parse (thd=thd@entry=0x153211c15088, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x1532354b23e0, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_dbg/sql/sql_parse.cc:7957
#22 0x000055fc9fb64ffd in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x153211c15088, packet=packet@entry=0x153211c67089 "", packet_length=packet_length@entry=22, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_dbg/sql/sql_parse.cc:1839
#23 0x000055fc9fb638cc in do_command (thd=0x153211c15088) at /test/10.5_dbg/sql/sql_parse.cc:1358
#24 0x000055fc9fcbd99d in do_handle_one_connection (connect=<optimized out>, connect@entry=0x1532140433a8, put_in_cache=put_in_cache@entry=true) at /test/10.5_dbg/sql/sql_connect.cc:1411
#25 0x000055fc9fcbe0b9 in handle_one_connection (arg=arg@entry=0x1532140433a8) at /test/10.5_dbg/sql/sql_connect.cc:1313
#26 0x000055fca011c10a in pfs_spawn_thread (arg=0x153233045888) at /test/10.5_dbg/storage/perfschema/pfs.cc:2201
#27 0x00001532348da6db in start_thread (arg=0x1532354b3700) at pthread_create.c:463
#28 0x0000153233cd888f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Bug confirmed present in:
MariaDB: 10.1.45 (dbg), 10.1.45 (opt), 10.2.32 (dbg), 10.2.32 (opt), 10.3.23 (dbg), 10.3.23 (opt), 10.4.13 (dbg), 10.4.13 (opt), 10.5.2 (dbg), 10.5.2 (opt), 10.5.3 (dbg), 10.5.3 (opt), 10.5.4 (dbg), 10.5.4 (opt)

Bug confirmed not present in:
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.47 (dbg), 5.6.47 (opt), 5.7.29 (dbg), 5.7.29 (opt), 8.0.19 (dbg), 8.0.19 (opt)

Comment by Roel Van de Paar [ 2020-05-16 ]

Propose to disallow any operations on an Aria table if the necessary things for such an operation are not in place and aria_encrypt_tables is enabled.

Comment by Roel Van de Paar [ 2020-05-20 ]

Seeing many related other issues in this area. A few examples;

USE test;

SET GLOBAL aria_encrypt_tables=1;

CREATE TABLE t1(id int,key GEN_CLUST_INDEX(id))engine=Aria;

INSERT INTO t1 SELECT timediff(timestamp'2008-12-31 23:59:59.000001',timestamp'2008-12-30 01:01:01.000002');

# Then shutdown server

Will crash opt+dbg on shutdown, as well as make mysqldadmin shutdown hang, both without writing a coredump.

From the error log:

10.5.4 69077dea25f6e7cab4ff8927e4429ad62af9de49
Version: '10.5.4-MariaDB' socket: '/test/MD160520-mariadb-10.5.4-linux-x86_64-dbg/socket.sock' port: 13309 MariaDB Server
2020-05-20 13:09:03 4 [ERROR] mysqld: Unknown key id 1. Can't continue!
2020-05-20 13:09:06 0 [Note] /test/MD160520-mariadb-10.5.4-linux-x86_64-dbg/bin/mysqld (initiated by: root[root] @ localhost []): Normal shutdown
200520 13:09:06 [ERROR] mysqld got signal 11 ;
...
2020-05-20 13:09:06 0 [Note] Event Scheduler: Purging the queue. 0 events
Server version: 10.5.4-MariaDB
key_buffer_size=134217728
read_buffer_size=131072
max_used_connections=1
max_threads=153
thread_count=1
It is possible that mysqld could use up to
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 467821 K bytes of memory
Hope that's ok; if not, decrease some variables in the equation.

Thread pointer: 0x0
Attempting backtrace. You can use the following information to find out
where mysqld died. If you see no messages after this, something went
terribly wrong...
stack_bottom = 0x0 thread_stack 0x49000
2020-05-20 13:09:06 0 [Note] InnoDB: FTS optimize thread exiting.

Additionally, I see these two malloc stacks;

10.5.4 69077dea25f6e7cab4ff8927e4429ad62af9de49
(gdb) bt
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=6)
at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
#1 0x0000559feb82d617 in my_write_core (sig=sig@entry=6) at /test/10.5_opt/mysys/stacktrace.c:518
#2 0x0000559feb1f00fa in handle_fatal_signal (sig=6) at /test/10.5_opt/sql/signal_handler.cc:329
#3 <signal handler called>
#4 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#5 0x000014cba08a5801 in __GI_abort () at abort.c:79
#6 0x000014cba08ee897 in __libc_message (action=action@entry=do_abort,
fmt=fmt@entry=0x14cba0a1bb9a "%s\n") at ../sysdeps/posix/libc_fatal.c:181
#7 0x000014cba08f590a in malloc_printerr (
str=str@entry=0x14cba0a1d7a8 "munmap_chunk(): invalid pointer") at malloc.c:5350
#8 0x000014cba08fcecc in munmap_chunk (p=0x14cb54cd8ca0) at malloc.c:2846
#9 __GI___libc_free (mem=0x14cb54cd8cb0) at malloc.c:3117
#10 0x0000559feb829b23 in my_free (ptr=<optimized out>) at /test/10.5_opt/mysys/my_malloc.c:209
#11 0x0000559feb3e648b in ma_crypt_post_write_hook (res=0, args=0x14cb8c0d90d0)
at /test/10.5_opt/storage/maria/ma_crypt.c:321
#12 0x0000559feb42a1b8 in write_page (myf_rw=52, pos=8192, block_size=<optimized out>,
buff=<optimized out>, file=<optimized out>, share=0x14cb543197f8)
at /test/10.5_opt/storage/maria/ma_check.c:3215
#13 _ma_flush_pending_blocks (sort_param=sort_param@entry=0x14cb8c0d9810)
at /test/10.5_opt/storage/maria/ma_check.c:5954
#14 0x0000559feb430792 in _ma_create_index_by_sort (info=info@entry=0x14cb8c0d9810,
no_messages=<optimized out>, sortbuff_size=<optimized out>)
at /test/10.5_opt/storage/maria/ma_sort.c:267
#15 0x0000559feb4279bd in maria_repair_by_sort (param=param@entry=0x14cb54a15b10,
info=0x14cb54469c98, name=name@entry=0x14cb8c0db5a0 "./test/t1", rep_quick=<optimized out>)
at /test/10.5_opt/storage/maria/ma_check.c:3908
#16 0x0000559feb3bd6f9 in ha_maria::repair (this=this@entry=0x14cb549eb200, thd=thd@entry=
0x14cb54000c18, param=param@entry=0x14cb54a15b10, do_optimize=do_optimize@entry=false)
at /test/10.5_opt/storage/maria/ha_maria.cc:1656
#17 0x0000559feb3be158 in ha_maria::repair (this=0x14cb549eb200, thd=0x14cb54000c18,
check_opt=0x14cb8c0db8b0) at /test/10.5_opt/storage/maria/ha_maria.cc:1451
#18 0x0000559feb3bd2a5 in ha_maria::check_and_repair (this=0x14cb549eb200, thd=0x14cb54000c18)
at /test/10.5_opt/storage/maria/ha_maria.cc:2325
#19 0x0000559feaf942b5 in auto_repair_table (thd=0x14cb54000c18, table_list=<optimized out>)
at /test/10.5_opt/sql/sql_base.cc:2930
#20 0x0000559feaf9914a in Open_table_context::recover_from_failed_open (
this=this@entry=0x14cb8c0dc840) at /test/10.5_opt/sql/sql_base.cc:3142
#21 0x0000559feaf9a800 in open_tables (thd=thd@entry=0x14cb54000c18, options=...,
start=start@entry=0x14cb8c0dca98, counter=counter@entry=0x14cb8c0dcaac, flags=flags@entry=0,
prelocking_strategy=prelocking_strategy@entry=0x14cb8c0dcb00)
at /test/10.5_opt/sql/sql_base.cc:4238
#22 0x0000559feaf9bb55 in open_and_lock_tables (thd=thd@entry=0x14cb54000c18, options=...,
tables=<optimized out>, tables@entry=0x14cb541ecb18, derived=derived@entry=true,
flags=flags@entry=0, prelocking_strategy=prelocking_strategy@entry=0x14cb8c0dcb00)
at /test/10.5_opt/sql/sql_base.cc:5112
#23 0x0000559feaffe72d in open_and_lock_tables (flags=0, derived=true, tables=0x14cb541ecb18,
thd=0x14cb54000c18) at /test/10.5_opt/sql/sql_base.h:510
#24 execute_sqlcom_select (thd=thd@entry=0x14cb54000c18, all_tables=0x14cb541ecb18)
at /test/10.5_opt/sql/sql_parse.cc:6093
#25 0x0000559feaffa6a2 in mysql_execute_command (thd=thd@entry=0x14cb54000c18)
at /test/10.5_opt/sql/sql_parse.cc:3901
#26 0x0000559feb00182c in mysql_parse (thd=0x14cb54000c18, rawbuf=<optimized out>, length=63,
parser_state=0x14cb8c0dd4f0, is_com_multi=<optimized out>, is_next_command=<optimized out>)
at /test/10.5_opt/sql/sql_parse.cc:7957
#27 0x0000559feaff6e75 in dispatch_command (command=command@entry=COM_QUERY,
thd=thd@entry=0x14cb54000c18,
packet=packet@entry=0x14cb54561a19 "SELECT a, a+1 as b FROM t1 GROUP BY a WITH ROLLUP HAVING b > 2;", packet_length=packet_length@entry=64, is_com_multi=is_com_multi@entry=false,
is_next_command=is_next_command@entry=false) at /test/10.5_opt/sql/sql_parse.cc:1839
#28 0x0000559feaff5106 in do_command (thd=0x14cb54000c18) at /test/10.5_opt/sql/sql_parse.cc:1358
#29 0x0000559feb0e9bf1 in do_handle_one_connection (connect=<optimized out>,
connect@entry=0x559fee4faac8, put_in_cache=put_in_cache@entry=true)
at /test/10.5_opt/sql/sql_connect.cc:1411
#30 0x0000559feb0e9f54 in handle_one_connection (arg=arg@entry=0x559fee4faac8)
at /test/10.5_opt/sql/sql_connect.cc:1313
#31 0x0000559feb45543a in pfs_spawn_thread (arg=0x559fedaee7b8)
at /test/10.5_opt/storage/perfschema/pfs.cc:2201
#32 0x000014cba15886db in start_thread (arg=0x14cb8c0de700) at pthread_create.c:463
#33 0x000014cba098688f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

And

10.5.4 69077dea25f6e7cab4ff8927e4429ad62af9de49
(gdb) bt
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=6)
at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
#1 0x00005603acea7617 in my_write_core (sig=sig@entry=6) at /test/10.5_opt/mysys/stacktrace.c:518
#2 0x00005603ac86a0fa in handle_fatal_signal (sig=6) at /test/10.5_opt/sql/signal_handler.cc:329
#3 <signal handler called>
#4 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#5 0x000014d306e59801 in __GI_abort () at abort.c:79
#6 0x000014d306ea2897 in __libc_message (action=action@entry=do_abort,
fmt=fmt@entry=0x14d306fcfb9a "%s\n") at ../sysdeps/posix/libc_fatal.c:181
#7 0x000014d306ea990a in malloc_printerr (str=str@entry=0x14d306fcdd88 "free(): invalid pointer")
at malloc.c:5350
#8 0x000014d306eb0e1c in _int_free (have_lock=0, p=0x14d284405830, av=0x14d307204c40 <main_arena>)
at malloc.c:4157
#9 __GI___libc_free (mem=0x14d284405840) at malloc.c:3124
#10 0x00005603acea3b23 in my_free (ptr=<optimized out>) at /test/10.5_opt/mysys/my_malloc.c:209
#11 0x00005603aca6048b in ma_crypt_post_write_hook (res=0, args=0x14d304379080)
at /test/10.5_opt/storage/maria/ma_crypt.c:321
#12 0x00005603acaa41b8 in write_page (myf_rw=52, pos=8192, block_size=<optimized out>,
buff=<optimized out>, file=<optimized out>, share=0x14d2840b5b68)
at /test/10.5_opt/storage/maria/ma_check.c:3215
#13 _ma_flush_pending_blocks (sort_param=sort_param@entry=0x14d3043797c0)
at /test/10.5_opt/storage/maria/ma_check.c:5954
#14 0x00005603acaaa792 in _ma_create_index_by_sort (info=info@entry=0x14d3043797c0,
no_messages=<optimized out>, sortbuff_size=<optimized out>)
at /test/10.5_opt/storage/maria/ma_sort.c:267
#15 0x00005603acaa19bd in maria_repair_by_sort (param=param@entry=0x14d2843dca40,
info=0x14d2840102e8, name=name@entry=0x14d30437b550 "./test/t1", rep_quick=<optimized out>)
at /test/10.5_opt/storage/maria/ma_check.c:3908
#16 0x00005603aca376f9 in ha_maria::repair (this=this@entry=0x14d284188c10, thd=thd@entry=
0x14d284000c18, param=param@entry=0x14d2843dca40, do_optimize=do_optimize@entry=false)
at /test/10.5_opt/storage/maria/ha_maria.cc:1656
#17 0x00005603aca38158 in ha_maria::repair (this=0x14d284188c10, thd=0x14d284000c18,
check_opt=0x14d284005d00) at /test/10.5_opt/storage/maria/ha_maria.cc:1451
#18 0x00005603ac8725f1 in handler::ha_repair (this=0x14d284188c10, thd=<optimized out>,
check_opt=<optimized out>) at /test/10.5_opt/sql/handler.cc:4527
#19 0x00005603ac770a12 in mysql_admin_table (thd=thd@entry=0x14d284000c18,
tables=tables@entry=0x14d2842e2b40, check_opt=check_opt@entry=0x14d284005d00,
operator_name=operator_name@entry=0x5603ad1f0793 "repair", lock_type=lock_type@entry=TL_WRITE,
org_open_for_modify=org_open_for_modify@entry=true, repair_table_use_frm=false,
extra_open_options=32,
prepare_func=0x5603ac76f0b0 <prepare_for_repair(THD, TABLE_LIST, HA_CHECK_OPT*)>,
operator_func=<optimized out>, view_operator_func=
0x5603ac726ee0 <view_repair(THD, TABLE_LIST, st_ha_check_opt*)>)
at /test/10.5_opt/sql/sql_admin.cc:781
#20 0x00005603ac7715e2 in Sql_cmd_repair_table::execute (this=<optimized out>, thd=0x14d284000c18)
at /test/10.5_opt/sql/sql_admin.cc:1403
#21 0x00005603ac6745d0 in mysql_execute_command (thd=thd@entry=0x14d284000c18)
at /test/10.5_opt/sql/sql_parse.cc:5912
#22 0x00005603ac67b82c in mysql_parse (thd=0x14d284000c18, rawbuf=<optimized out>, length=15,
parser_state=0x14d30437c4f0, is_com_multi=<optimized out>, is_next_command=<optimized out>)
at /test/10.5_opt/sql/sql_parse.cc:7957
#23 0x00005603ac670e75 in dispatch_command (command=command@entry=COM_QUERY,
thd=thd@entry=0x14d284000c18, packet=packet@entry=0x14d284194c79 "",
packet_length=packet_length@entry=16, is_com_multi=is_com_multi@entry=false,
is_next_command=is_next_command@entry=false) at /test/10.5_opt/sql/sql_parse.cc:1839
#24 0x00005603ac66f106 in do_command (thd=0x14d284000c18) at /test/10.5_opt/sql/sql_parse.cc:1358
#25 0x00005603ac763bf1 in do_handle_one_connection (connect=<optimized out>,
connect@entry=0x5603afec52b8, put_in_cache=put_in_cache@entry=true)
at /test/10.5_opt/sql/sql_connect.cc:1411
#26 0x00005603ac763f54 in handle_one_connection (arg=arg@entry=0x5603afec52b8)
at /test/10.5_opt/sql/sql_connect.cc:1313
#27 0x00005603acacf43a in pfs_spawn_thread (arg=0x5603af4b8718)
at /test/10.5_opt/storage/perfschema/pfs.cc:2201
#28 0x000014d307b3c6db in start_thread (arg=0x14d30437d700) at pthread_create.c:463
#29 0x000014d306f3a88f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Comment by Roel Van de Paar [ 2020-05-20 ]

Additional testcase for testing.

USE test;

SET GLOBAL table_open_cache=FALSE;

SET default_storage_engine=Aria;

SET GLOBAL aria_encrypt_tables=ON;

CREATE TABLE t(GRADE DECIMAL PRIMARY KEY);

INSERT INTO t VALUES(0);

CREATE TEMPORARY TABLE t SELECT 1 f1;

CREATE USER a@localhost IDENTIFIED WITH '';

DROP TABLE t,t2;

ANALYZE NO_WRITE_TO_BINLOG TABLE t;

10.5.4 69077dea25f6e7cab4ff8927e4429ad62af9de49
10.5.4>DROP TABLE t,t2;
ERROR 192 (HY000): Unknown key id 1. Can't continue!
10.5.4>ANALYZE NO_WRITE_TO_BINLOG TABLE t;
+--------+---------+----------+------------------------------------------------+
\| Table \| Op \| Msg_type \| Msg_text \|
+--------+---------+----------+------------------------------------------------+
\| test.t \| analyze \| error \| Wrong base information on indexpage at page: 1 \|
\| test.t \| analyze \| error \| Corrupt \|
+--------+---------+----------+------------------------------------------------+
2 rows in set (0.003 sec)

Changing the testcase a little, by for example removing the CREATE USER statement produces a different outcome;

10.5.4 69077dea25f6e7cab4ff8927e4429ad62af9de49
10.5.4>DROP TABLE t,t2;
ERROR 1051 (42S02): Unknown table 'test.t2'
10.5.4>ANALYZE NO_WRITE_TO_BINLOG TABLE t;
ERROR 192 (HY000): Unknown key id 1. Can't continue!

Comment by Roel Van de Paar [ 2020-05-21 ]

Also saw the same assert as Elena above.

USE test;

SET SQL_MODE='';

CREATE TABLE t2(a INT KEY) ROW_FORMAT=REDUNDANT;

SET GLOBAL aria_encrypt_tables=ON;

CREATE TABLE t1(c1 DECIMAL KEY,c2 DECIMAL) ENGINE=Aria;

INSERT INTO t1 VALUES(0,x'');

DROP TABLES t1,t2;

Leads to:

10.5.3 cfe5ee90c8e4b9dfa98a41fcd299197a59261be7
mysqld: /test/10.5_dbg/sql/sql_error.cc:335: void Diagnostics_area::set_ok_status(ulonglong, ulonglong, const char*): Assertion `!is_set() \|\| (m_status == DA_OK_BULK && is_bulk_op())' failed.

10.5.3 cfe5ee90c8e4b9dfa98a41fcd299197a59261be7
Core was generated by `/test/MD110520-mariadb-10.5.3-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
Program terminated with signal SIGABRT, Aborted.
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=6)
at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
[Current thread is 1 (Thread 0x151ffc9b5700 (LWP 981745))]
(gdb) bt
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=6) at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
#1 0x000055628c650c11 in my_write_core (sig=sig@entry=6) at /test/10.5_dbg/mysys/stacktrace.c:518
#2 0x000055628bdf5f8d in handle_fatal_signal (sig=6) at /test/10.5_dbg/sql/signal_handler.cc:329
#3 <signal handler called>
#4 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#5 0x0000151ffb0f9801 in __GI_abort () at abort.c:79
#6 0x0000151ffb0e939a in __assert_fail_base (fmt=0x151ffb2707d8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x55628c7bf118 "!is_set() \|\| (m_status == DA_OK_BULK && is_bulk_op())", file=file@entry=0x55628c7bf0c0 "/test/10.5_dbg/sql/sql_error.cc", line=line@entry=335, function=function@entry=0x55628c7bfc40 <Diagnostics_area::set_ok_status(unsigned long long, unsigned long long, char const)::__PRETTY_FUNCTION__> "void Diagnostics_area::set_ok_status(ulonglong, ulonglong, const char)") at assert.c:92
#7 0x0000151ffb0e9412 in __GI___assert_fail (assertion=assertion@entry=0x55628c7bf118 "!is_set() \|\| (m_status == DA_OK_BULK && is_bulk_op())", file=file@entry=0x55628c7bf0c0 "/test/10.5_dbg/sql/sql_error.cc", line=line@entry=335, function=function@entry=0x55628c7bfc40 <Diagnostics_area::set_ok_status(unsigned long long, unsigned long long, char const)::__PRETTY_FUNCTION__> "void Diagnostics_area::set_ok_status(ulonglong, ulonglong, const char)") at assert.c:101
#8 0x000055628bb02b19 in Diagnostics_area::set_ok_status (this=0x151fd9c1ab88, affected_rows=affected_rows@entry=0, last_insert_id=last_insert_id@entry=0, message=message@entry=0x0) at /test/10.5_dbg/sql/sql_error.cc:335
#9 0x000055628bc0f5e7 in my_ok (message=0x0, id=0, affected_rows_arg=0, thd=0x151fd9c15088) at /test/10.5_dbg/sql/sql_class.h:5156
#10 mysql_rm_table (thd=thd@entry=0x151fd9c15088, tables=tables@entry=0x151fd9c74160, if_exists=<optimized out>, drop_temporary=<optimized out>, drop_sequence=<optimized out>, dont_log_query=dont_log_query@entry=false) at /test/10.5_dbg/sql/sql_table.cc:2145
#11 0x000055628bb4f3d4 in mysql_execute_command (thd=thd@entry=0x151fd9c15088) at /test/10.5_dbg/sql/sql_parse.cc:4889
#12 0x000055628bb59804 in mysql_parse (thd=thd@entry=0x151fd9c15088, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x151ffc9b43e0, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_dbg/sql/sql_parse.cc:7957
#13 0x000055628bb45ffd in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x151fd9c15088, packet=packet@entry=0x151fd9c67089 "DROP TABLES t1,t2", packet_length=packet_length@entry=17, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_dbg/sql/sql_parse.cc:1839
#14 0x000055628bb448cc in do_command (thd=0x151fd9c15088) at /test/10.5_dbg/sql/sql_parse.cc:1358
#15 0x000055628bc9e99d in do_handle_one_connection (connect=<optimized out>, connect@entry=0x151fdb8433a8, put_in_cache=put_in_cache@entry=true) at /test/10.5_dbg/sql/sql_connect.cc:1411
#16 0x000055628bc9f0b9 in handle_one_connection (arg=arg@entry=0x151fdb8433a8) at /test/10.5_dbg/sql/sql_connect.cc:1313
#17 0x000055628c0fd10a in pfs_spawn_thread (arg=0x151ffa445888) at /test/10.5_dbg/storage/perfschema/pfs.cc:2201
#18 0x0000151ffbddc6db in start_thread (arg=0x151ffc9b5700) at pthread_create.c:463
#19 0x0000151ffb1da88f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Bug confirmed present in:
MariaDB: 10.1.45 (dbg), 10.2.32 (dbg), 10.3.23 (dbg), 10.4.13 (dbg), 10.5.2 (dbg), 10.5.3 (dbg)

Bug confirmed not present in:
MariaDB: 10.1.45 (opt), 10.2.32 (opt), 10.3.23 (opt), 10.4.13 (opt), 10.5.2 (opt), 10.5.3 (opt), 10.5.4 (dbg), 10.5.4 (opt)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.47 (dbg), 5.6.47 (opt), 5.7.29 (dbg), 5.7.29 (opt), 8.0.19 (dbg), 8.0.19 (opt)

Comment by Roel Van de Paar [ 2020-05-21 ]

Summary of unique bug id's seen so far.

(longlong) thd->status_var.local_memory_used >= 0 || !debug_assert_on_not_freed_memory|SIGABRT|my_malloc_size_cb_func|my_free|ma_crypt_post_write_hook|write_page  ## MDEV-18496

!is_set() || (m_status == DA_OK_BULK && is_bulk_op())|SIGABRT|Diagnostics_area::set_ok_status|my_ok|mysql_load|mysql_execute_command  ## MDEV-18496

!is_set() || (m_status == DA_OK_BULK && is_bulk_op())|SIGABRT|Diagnostics_area::set_ok_status|my_ok|drop_routine|mysql_execute_command  ## MDEV-18496

!is_set() || (m_status == DA_OK_BULK && is_bulk_op())|SIGABRT|Diagnostics_area::set_ok_status|my_ok|simple_rename_or_index_change|mysql_alter_table  ## MDEV-18496

!is_set() || (m_status == DA_OK_BULK && is_bulk_op())|SIGABRT|Diagnostics_area::set_ok_status|my_ok|mysql_rm_table|mysql_execute_command  ## MDEV-18496

!is_set() || (m_status == DA_OK_BULK && is_bulk_op())|SIGABRT|Diagnostics_area::set_ok_status|my_ok|mysql_create_or_drop_trigger|mysql_execute_command  ## MDEV-18496

!is_set()|SIGABRT|Diagnostics_area::set_eof_status|my_eof|mysql_admin_table|Sql_cmd_analyze_table::execute  ## MDEV-18496

status_var.local_memory_used == 0 || !debug_assert_on_not_freed_memory|SIGABRT|THD::~THD|THD::~THD|one_thread_per_connection_end|do_handle_one_connection  ## MDEV-18496

SIGABRT|__libc_message|malloc_printerr|munmap_chunk|__GI___libc_free  ## MDEV-18496

SIGABRT|__libc_message|malloc_printerr|_int_free|__GI___libc_free  ## MDEV-18496

(key_del_current != 0) && ((key_del_current == (~ (my_off_t) 0)) || (key_del_current <= (share->state.state.key_file_length - block_size)))|SIGABRT|_ma_new|_ma_enlarge_root|_ma_ck_real_write_btree|_ma_ck_write_btree_with_log  ## MDEV-18496

When possible, a fix (or fixes) would help for testing as well as preventing the masking/filtering of other bugs.

Corruption now proven (on debug ftm) mixing various testcases;

10.5.4>select * from t1;

ERROR 1034 (HY000): Index for table 't1' is corrupt; try to repair it

Comment by Roel Van de Paar [ 2020-06-10 ]

Another strongly correlated assert, please check bug fix against this one also

USE test;

SET SQL_MODE='';

SET GLOBAL aria_encrypt_tables=1;

CREATE TABLE t1 (c1 INT PRIMARY KEY) ENGINE=Aria;

INSERT INTO t1 VALUES (1);

CREATE TRIGGER t1_ai AFTER INSERT ON t1 FOR EACH ROW SET @a:='a';

Note the Primary key is required, it does not (immediately) crash without it.

Leads to:

10.5.4 6877ef9a7c9c7ee55d67e4baaf4e8f7b874c9f89
10.5.4>USE test;
Database changed
10.5.4>SET SQL_MODE='';
Query OK, 0 rows affected (0.000 sec)
10.5.4>SET GLOBAL aria_encrypt_tables=1;
Query OK, 0 rows affected (0.000 sec)
10.5.4>CREATE TABLE t1 (c1 INT PRIMARY KEY) ENGINE=Aria;
Query OK, 0 rows affected (0.012 sec)
10.5.4>INSERT INTO t1 VALUES (1);
Query OK, 1 row affected (0.008 sec)
10.5.4>CREATE TRIGGER t1_ai AFTER INSERT ON t1 FOR EACH ROW SET @a:='a'; # Delayed crash
ERROR 2013 (HY000): Lost connection to MySQL server during query

10.5.4 6877ef9a7c9c7ee55d67e4baaf4e8f7b874c9f89
mysqld: /test/10.5_dbg/sql/sql_error.cc:335: void Diagnostics_area::set_ok_status(ulonglong, ulonglong, const char*): Assertion `!is_set() \|\| (m_status == DA_OK_BULK && is_bulk_op())' failed.

10.5.4 6877ef9a7c9c7ee55d67e4baaf4e8f7b874c9f89
Core was generated by `/test/MD060620-mariadb-10.5.4-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
Program terminated with signal SIGABRT, Aborted.
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=6)
at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
[Current thread is 1 (Thread 0x150135cc1700 (LWP 434867))]
(gdb) bt
(gdb) (gdb) #0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=6) at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
#1 0x00005559a9b3600d in my_write_core (sig=sig@entry=6) at /test/10.5_dbg/mysys/stacktrace.c:518
#2 0x00005559a92dfbbc in handle_fatal_signal (sig=6) at /test/10.5_dbg/sql/signal_handler.cc:330
#3 <signal handler called>
#4 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#5 0x000015013e41a801 in __GI_abort () at abort.c:79
#6 0x000015013e40a39a in __assert_fail_base (fmt=0x15013e5917d8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x5559a9cac318 "!is_set() \|\| (m_status == DA_OK_BULK && is_bulk_op())", file=file@entry=0x5559a9cac2c0 "/test/10.5_dbg/sql/sql_error.cc", line=line@entry=335, function=function@entry=0x5559a9cace40 <Diagnostics_area::set_ok_status(unsigned long long, unsigned long long, char const)::__PRETTY_FUNCTION__> "void Diagnostics_area::set_ok_status(ulonglong, ulonglong, const char)") at assert.c:92
#7 0x000015013e40a412 in __GI___assert_fail (assertion=assertion@entry=0x5559a9cac318 "!is_set() \|\| (m_status == DA_OK_BULK && is_bulk_op())", file=file@entry=0x5559a9cac2c0 "/test/10.5_dbg/sql/sql_error.cc", line=line@entry=335, function=function@entry=0x5559a9cace40 <Diagnostics_area::set_ok_status(unsigned long long, unsigned long long, char const)::__PRETTY_FUNCTION__> "void Diagnostics_area::set_ok_status(ulonglong, ulonglong, const char)") at assert.c:101
#8 0x00005559a8feb531 in Diagnostics_area::set_ok_status (this=0x15011d81ab98, affected_rows=affected_rows@entry=0, last_insert_id=last_insert_id@entry=0, message=message@entry=0x0) at /test/10.5_dbg/sql/sql_error.cc:335
#9 0x00005559a9117ce8 in my_ok (message=0x0, id=0, affected_rows_arg=0, thd=0x15011d815088) at /test/10.5_dbg/sql/sql_class.h:5203
#10 mysql_create_or_drop_trigger (thd=thd@entry=0x15011d815088, tables=<optimized out>, create=create@entry=true) at /test/10.5_dbg/sql/sql_trigger.cc:627
#11 0x00005559a903a368 in mysql_execute_command (thd=thd@entry=0x15011d815088) at /test/10.5_dbg/sql/sql_parse.cc:5778
#12 0x00005559a9042322 in mysql_parse (thd=thd@entry=0x15011d815088, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x150135cc0350, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_dbg/sql/sql_parse.cc:7992
#13 0x00005559a902ee1c in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x15011d815088, packet=packet@entry=0x15011d867089 "CREATE TRIGGER t1_ai AFTER INSERT ON t1 FOR EACH ROW SET @a:='a'", packet_length=packet_length@entry=64, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_dbg/sql/sql_parse.cc:1874
#14 0x00005559a902d5f6 in do_command (thd=0x15011d815088) at /test/10.5_dbg/sql/sql_parse.cc:1355
#15 0x00005559a91889f9 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x15011f915808, put_in_cache=put_in_cache@entry=true) at /test/10.5_dbg/sql/sql_connect.cc:1411
#16 0x00005559a9189115 in handle_one_connection (arg=arg@entry=0x15011f915808) at /test/10.5_dbg/sql/sql_connect.cc:1313
#17 0x00005559a95e8104 in pfs_spawn_thread (arg=0x15013d045888) at /test/10.5_dbg/storage/perfschema/pfs.cc:2201
#18 0x000015013f0fd6db in start_thread (arg=0x150135cc1700) at pthread_create.c:463
#19 0x000015013e4fb88f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Bug confirmed present in:
MariaDB: 10.1.46 (dbg), 10.2.33 (dbg), 10.3.24 (dbg), 10.4.14 (dbg), 10.5.4 (dbg)

Bug confirmed not present in:
MariaDB: 10.1.46 (opt), 10.2.33 (opt), 10.3.24 (opt), 10.4.14 (opt), 10.5.4 (opt)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.47 (dbg), 5.6.47 (opt), 5.7.29 (dbg), 5.7.29 (opt), 8.0.19 (dbg), 8.0.19 (opt)

Comment by Roel Van de Paar [ 2020-06-10 ]

One more with yet another stack/codepath.

10.5.4 6877ef9a7c9c7ee55d67e4baaf4e8f7b874c9f89
USE test;
SET SQL_MODE='';
SET @@global.table_open_cache = 0;
CREATE TABLE ti (a SMALLINT UNSIGNED, b SMALLINT NOT NULL, c BINARY(15), d VARBINARY(5), e VARCHAR(3), f VARCHAR(42), g MEDIUMBLOB NOT NULL, h MEDIUMBLOB, id BIGINT NOT NULL, KEY(b), KEY(e), PRIMARY KEY(id));
CREATE PROCEDURE p2 (OUT i1 VARCHAR(2037) BINARY CHARACTER SET 'Binary' COLLATE 'Binary') CONTAINS SQL SET @@GLOBAL.OPTIMIZER_SWITCH="loosescan=OFF";
set global aria_encrypt_tables=ON;
INSERT INTO ti VALUES (0,0,'a','a','a','a','a','D',6);
CREATE TABLE t(a TINYINT NOT NULL,b TINYINT,PRIMARY KEY(b)) ENGINE=Aria;
INSERT INTO t VALUES (1,1),(2,2),(3,3),(4,4),(5,5),(6,6),(7,7),(8,8),(9,9),(10,10);
CREATE TABLE t3 (a CHAR(2), KEY (a)) ENGINE = MEMORY;
ALTER TABLE t3 ADD INDEX (c1);
INSERT INTO ti VALUES (0,0,'a','a','a','a','a','a',3);
DROP PROCEDURE IF EXISTS p2;

Comment by Roel Van de Paar [ 2020-06-15 ]

Another testcase leading to a different codepath (crashes 10.5.4 latest revision @ 4080e3acefd7e58d88c2f3539fb6a0fb359cf057 dbg)

USE test;

SET GLOBAL aria_encrypt_tables=1;

CREATE TABLE t (a INT AUTO_INCREMENT PRIMARY KEY, b INT) ENGINE=Aria;

INSERT INTO t VALUES (6,2);

ANALYZE NO_WRITE_TO_BINLOG TABLE t;

Comment by Roel Van de Paar [ 2020-06-15 ]

On 10.5.4 at revision 4080e3acefd7e58d88c2f3539fb6a0fb359cf057 some changes observed:

USE test;

SET SQL_MODE='';

set global aria_encrypt_tables=1;

SET @@session.enforce_storage_engine = Aria;

CREATE TABLE ti (a TINYINT, b TINYINT, c CHAR(79), d VARCHAR(63), e VARCHAR(24) NOT NULL, f VARBINARY(8) NOT NULL, g BLOB, h MEDIUMBLOB NOT NULL, id BIGINT NOT NULL, KEY(b), KEY(e), PRIMARY KEY(id)) ;

create temporary table t1(a int not null primary key, b int, key(b)) ;

INSERT INTO t1 VALUES(0, 0);

DELETE FROM t1  WHERE a BETWEEN 0 AND 20 OR b BETWEEN 10 AND 20;

INSERT INTO t1 SELECT a, b+8192    FROM t1;

INSERT INTO ti VALUES (3290419791330308384,3170882006491468321,'abcdefghijklmnopqrstuvwxyz','abcdefghijklmnopqrstuvwxyz','abcdefghijklmnopqrstuvwxyz','abcdefghijklmnopqrstuvwxyz','abcdefghijklmnopqrstuvwxyz','abcdefghijklmnopqrstuvwxyz',2);

INSERT INTO t1 VALUES(4, 'abcdefghijklmnopqrstuvwxyz'); ;

INSERT INTO t1 VALUES(4, 'abcdefghijklmnopqrstuvwxyz'); ;

Leads to (on debug) this new assert:

10.5.4 4080e3acefd7e58d88c2f3539fb6a0fb359cf057 (dbg)

mysqld: /test/10.5_dbg/storage/maria/ma_page.c:452: _ma_new: Assertion `(key_del_current != 0) && ((key_del_current == (~ (my_off_t) 0)) || (key_del_current <= (share->state.state.key_file_length - block_size)))' failed.

10.5.4 4080e3acefd7e58d88c2f3539fb6a0fb359cf057 (dbg)
Core was generated by `/test/MD150620-mariadb-10.5.4-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
Program terminated with signal SIGABRT, Aborted.
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=6)
at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
[Current thread is 1 (Thread 0x150b4692c700 (LWP 996936))]
(gdb) bt
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=6) at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
#1 0x0000559cba4674c6 in my_write_core (sig=sig@entry=6) at /test/10.5_dbg/mysys/stacktrace.c:518
#2 0x0000559cb9c09d60 in handle_fatal_signal (sig=6) at /test/10.5_dbg/sql/signal_handler.cc:330
#3 <signal handler called>
#4 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#5 0x0000150b4759f801 in __GI_abort () at abort.c:79
#6 0x0000150b4758f39a in __assert_fail_base (fmt=0x150b477167d8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x559cba7f6700 "(key_del_current != 0) && ((key_del_current == (~ (my_off_t) 0)) \|\| (key_del_current <= (share->state.state.key_file_length - block_size)))", file=file@entry=0x559cba7f6578 "/test/10.5_dbg/storage/maria/ma_page.c", line=line@entry=452, function=function@entry=0x559cba7f68f8 <__PRETTY_FUNCTION__.19168> "_ma_new") at assert.c:92
#7 0x0000150b4758f412 in __GI___assert_fail (assertion=assertion@entry=0x559cba7f6700 "(key_del_current != 0) && ((key_del_current == (~ (my_off_t) 0)) \|\| (key_del_current <= (share->state.state.key_file_length - block_size)))", file=file@entry=0x559cba7f6578 "/test/10.5_dbg/storage/maria/ma_page.c", line=line@entry=452, function=function@entry=0x559cba7f68f8 <__PRETTY_FUNCTION__.19168> "_ma_new") at assert.c:101
#8 0x0000559cb9ea4d7d in _ma_new (info=info@entry=0x150b264e2088, level=level@entry=6, page_link=page_link@entry=0x150b46929a18) at /test/10.5_dbg/storage/maria/ma_page.c:449
#9 0x0000559cb9ec5b28 in _ma_enlarge_root (info=info@entry=0x150b264e2088, key=key@entry=0x150b4692a620, root=root@entry=0x150b46929b98) at /test/10.5_dbg/storage/maria/ma_write.c:580
#10 0x0000559cb9ec8a47 in _ma_ck_real_write_btree (info=info@entry=0x150b264e2088, key=key@entry=0x150b4692a620, root=root@entry=0x150b46929b98, comp_flag=comp_flag@entry=131137) at /test/10.5_dbg/storage/maria/ma_write.c:534
#11 0x0000559cb9ec8af8 in _ma_ck_write_btree_with_log (info=info@entry=0x150b264e2088, key=key@entry=0x150b4692a620, root=root@entry=0x150b264d5240, comp_flag=131137) at /test/10.5_dbg/storage/maria/ma_write.c:498
#12 0x0000559cb9ec8c9b in _ma_ck_write_btree (info=info@entry=0x150b264e2088, key=key@entry=0x150b4692a620) at /test/10.5_dbg/storage/maria/ma_write.c:456
#13 0x0000559cb9ec8d65 in _ma_ck_write (info=info@entry=0x150b264e2088, key=0x150b4692a620) at /test/10.5_dbg/storage/maria/ma_write.c:441
#14 0x0000559cb9ec4c53 in maria_write (info=0x150b264e2088, record=record@entry=0x150b26452aa8 "\375\004") at /test/10.5_dbg/storage/maria/ma_write.c:189
#15 0x0000559cb9e57f8c in ha_maria::write_row (this=0x150b2643c6a0, buf=0x150b26452aa8 "\375\004") at /test/10.5_dbg/storage/maria/ha_maria.cc:1259
#16 0x0000559cb9c1df3e in handler::ha_write_row (this=0x150b2643c6a0, buf=0x150b26452aa8 "\375\004") at /test/10.5_dbg/sql/handler.cc:7131
#17 0x0000559cb991ea2f in write_record (thd=thd@entry=0x150b26415088, table=table@entry=0x150b264e7088, info=info@entry=0x150b4692a9e0, sink=sink@entry=0x0) at /test/10.5_dbg/sql/sql_insert.cc:2091
#18 0x0000559cb9929a68 in mysql_insert (thd=thd@entry=0x150b26415088, table_list=0x150b264741b8, fields=@0x150b26419f50: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x559cbb1bb5e0 <end_of_list>, last = 0x150b26419f50, elements = 0}, <No data fields>}, values_list=@0x150b26419f98: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x150b26474ea8, last = 0x150b26474ea8, elements = 1}, <No data fields>}, update_fields=@0x150b26419f80: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x559cbb1bb5e0 <end_of_list>, last = 0x150b26419f80, elements = 0}, <No data fields>}, update_values=@0x150b26419f68: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x559cbb1bb5e0 <end_of_list>, last = 0x150b26419f68, elements = 0}, <No data fields>}, duplic=DUP_ERROR, ignore=false, result=0x0) at /test/10.5_dbg/sql/sql_insert.cc:1088
#19 0x0000559cb9960b64 in mysql_execute_command (thd=thd@entry=0x150b26415088) at /test/10.5_dbg/sql/sql_parse.cc:4553
#20 0x0000559cb996c15c in mysql_parse (thd=thd@entry=0x150b26415088, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x150b4692b350, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_dbg/sql/sql_parse.cc:7993
#21 0x0000559cb9958c60 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x150b26415088, packet=packet@entry=0x150b26467089 "INSERT INTO t1 VALUES(4, 'abcdefghijklmnopqrstuvwxyz')", packet_length=packet_length@entry=54, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_dbg/sql/sql_parse.cc:1874
#22 0x0000559cb995743a in do_command (thd=0x150b26415088) at /test/10.5_dbg/sql/sql_parse.cc:1355
#23 0x0000559cb9ab2c47 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x150b2897a808, put_in_cache=put_in_cache@entry=true) at /test/10.5_dbg/sql/sql_connect.cc:1411
#24 0x0000559cb9ab3363 in handle_one_connection (arg=arg@entry=0x150b2897a808) at /test/10.5_dbg/sql/sql_connect.cc:1313
#25 0x0000559cb9f14902 in pfs_spawn_thread (arg=0x150b46046c88) at /test/10.5_dbg/storage/perfschema/pfs.cc:2201
#26 0x0000150b482826db in start_thread (arg=0x150b4692c700) at pthread_create.c:463
#27 0x0000150b4768088f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

And on optimized to:

10.5.4 4080e3acefd7e58d88c2f3539fb6a0fb359cf057 (opt)
10.5.4>INSERT INTO t1 VALUES(4, 'abcdefghijklmnopqrstuvwxyz'); ;
ERROR 192 (HY000): failed to decrypt '/test/MD150620-mariadb-10.5.4-linux-x86_64-opt/data/#sql-temptable-129383-4-0' rc: -1 dstlen: 0 size: 4294967281

ERROR: No query specified

10.5.4>INSERT INTO t1 VALUES(4, 'abcdefghijklmnopqrstuvwxyz'); ;
ERROR 192 (HY000): failed to decrypt '/test/MD150620-mariadb-10.5.4-linux-x86_64-opt/data/#sql-temptable-129383-4-0' rc: -1 dstlen: 0 size: 1777

Comment by Roel Van de Paar [ 2020-06-19 ]

Slightly different stack with:

USE test;

SET SQL_MODE='';

CREATE TABLE t (a INT PRIMARY KEY, b INT, KEY b_idx(b)) ;

INSERT INTO t VALUES(1, 'abcdefghijklmnopqrstuvwxyz');

SET SESSION enforce_storage_engine=Aria;

SELECT * FROM t INTO OUTFILE 'abcdefghijklmnopqrstuvwxyz';

set global aria_encrypt_tables=ON;

CREATE TEMPORARY TABLE t (c1 INT, INDEX(c1)) UNION=(t1,t2);

LOAD DATA INFILE 'abcdefghijklmnopqrstuvwxyz' INTO TABLE t;

10.5.4 4080e3acefd7e58d88c2f3539fb6a0fb359cf057 (dbg)
ERROR 2013 (HY000): Lost connection to MySQL server during query
10.5.4>LOAD DATA INFILE 'abcdefghijklmnopqrstuvwxyz' INTO TABLE t;
Stage: 2 of 2 'End bulk insert' 0% of stage done # Seconds later replaced with:
ERROR 2013 (HY000): Lost connection to MySQL server during query

Comment by Roel Van de Paar [ 2020-07-21 ]

Completely new stack:

USE test;

SET SQL_MODE='';

SET GLOBAL aria_encrypt_tables=ON;

CREATE TABLE t (a SERIAL) ENGINE=Aria;

CREATE TRIGGER tt BEFORE DELETE ON t FOR EACH ROW SAVEPOINT s;

INSERT INTO t VALUES ('abcdefghijklmnopqrstuvwxyz');

DROP TABLE IF EXISTS t;

Leads to:

10.5.5 30e7a0a866dce530d8328c6d614e48d39a264f9b (Debug)

mysqld: /test/10.5_dbg/sql/sql_trigger.cc:1460: static bool Table_triggers_list::check_n_load(THD*, const LEX_CSTRING*, const LEX_CSTRING*, TABLE*, bool): Assertion `!parse_error || lex.sphead == 0' failed.

10.5.5 30e7a0a866dce530d8328c6d614e48d39a264f9b (Debug)
Core was generated by `/test/MD140720-mariadb-10.5.5-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
Program terminated with signal SIGABRT, Aborted.
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=6)
at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
[Current thread is 1 (Thread 0x1549894fa700 (LWP 4086299))]
(gdb) bt
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=6) at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
#1 0x00005583f2cea4d7 in my_write_core (sig=sig@entry=6) at /test/10.5_dbg/mysys/stacktrace.c:518
#2 0x00005583f24a49ba in handle_fatal_signal (sig=6) at /test/10.5_dbg/sql/signal_handler.cc:330
#3 <signal handler called>
#4 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#5 0x00001549877908b1 in __GI_abort () at abort.c:79
#6 0x000015498778042a in __assert_fail_base (fmt=0x154987907a38 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x5583f2e87880 "!parse_error \|\| lex.sphead == 0", file=file@entry=0x5583f2e874e0 "/test/10.5_dbg/sql/sql_trigger.cc", line=line@entry=1460, function=function@entry=0x5583f2e88200 <Table_triggers_list::check_n_load(THD, st_mysql_const_lex_string const, st_mysql_const_lex_string const, TABLE, bool)::__PRETTY_FUNCTION__> "static bool Table_triggers_list::check_n_load(THD, const LEX_CSTRING, const LEX_CSTRING, TABLE, bool)") at assert.c:92
#7 0x00001549877804a2 in __GI___assert_fail (assertion=assertion@entry=0x5583f2e87880 "!parse_error \|\| lex.sphead == 0", file=file@entry=0x5583f2e874e0 "/test/10.5_dbg/sql/sql_trigger.cc", line=line@entry=1460, function=function@entry=0x5583f2e88200 <Table_triggers_list::check_n_load(THD, st_mysql_const_lex_string const, st_mysql_const_lex_string const, TABLE, bool)::__PRETTY_FUNCTION__> "static bool Table_triggers_list::check_n_load(THD, const LEX_CSTRING, const LEX_CSTRING, TABLE, bool)") at assert.c:101
#8 0x00005583f22d9e06 in Table_triggers_list::check_n_load (thd=thd@entry=0x154965815088, db=db@entry=0x1549894f8320, table_name=table_name@entry=0x1549894f8330, table=table@entry=0x1549894f7c70, names_only=names_only@entry=true) at /test/10.5_dbg/sql/sql_trigger.cc:1460
#9 0x00005583f22daa3e in Table_triggers_list::drop_all_triggers (thd=thd@entry=0x154965815088, db=db@entry=0x1549894f8320, name=name@entry=0x1549894f8330, MyFlags=MyFlags@entry=48) at /test/10.5_dbg/sql/sql_trigger.cc:1835
#10 0x00005583f22bc004 in mysql_rm_table_no_locks (thd=thd@entry=0x154965815088, tables=tables@entry=0x154965874168, if_exists=if_exists@entry=true, drop_temporary=drop_temporary@entry=false, drop_view=drop_view@entry=false, drop_sequence=drop_sequence@entry=false, dont_log_query=false, dont_free_locks=false) at /test/10.5_dbg/sql/sql_table.cc:2578
#11 0x00005583f22bda03 in mysql_rm_table (thd=thd@entry=0x154965815088, tables=tables@entry=0x154965874168, if_exists=<optimized out>, drop_temporary=<optimized out>, drop_sequence=<optimized out>, dont_log_query=dont_log_query@entry=false) at /test/10.5_dbg/sql/sql_table.cc:2143
#12 0x00005583f21fb307 in mysql_execute_command (thd=thd@entry=0x154965815088) at /test/10.5_dbg/sql/sql_parse.cc:4921
#13 0x00005583f2205752 in mysql_parse (thd=thd@entry=0x154965815088, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x1549894f9350, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_dbg/sql/sql_parse.cc:7993
#14 0x00005583f21f2204 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x154965815088, packet=packet@entry=0x154965867089 "DROP TABLE IF EXISTS t", packet_length=packet_length@entry=22, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_dbg/sql/sql_parse.cc:1866
#15 0x00005583f21f09de in do_command (thd=0x154965815088) at /test/10.5_dbg/sql/sql_parse.cc:1347
#16 0x00005583f234cc3b in do_handle_one_connection (connect=<optimized out>, connect@entry=0x1549684c7808, put_in_cache=put_in_cache@entry=true) at /test/10.5_dbg/sql/sql_connect.cc:1411
#17 0x00005583f234d357 in handle_one_connection (arg=arg@entry=0x1549684c7808) at /test/10.5_dbg/sql/sql_connect.cc:1313
#18 0x00005583f27b0ca8 in pfs_spawn_thread (arg=0x154986046508) at /test/10.5_dbg/storage/perfschema/pfs.cc:2201
#19 0x00001549884736db in start_thread (arg=0x1549894fa700) at pthread_create.c:463
#20 0x0000154987871a3f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Bug confirmed present in:
MariaDB: 10.1.46 (dbg), 10.2.33 (dbg), 10.3.24 (dbg), 10.4.14 (dbg), 10.5.5 (dbg)

Bug confirmed not present in:
MariaDB: 10.1.46 (opt), 10.2.33 (opt), 10.3.24 (opt), 10.4.14 (opt), 10.5.5 (opt)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.47 (dbg), 5.6.47 (opt), 5.7.29 (dbg), 5.7.29 (opt), 8.0.19 (dbg), 8.0.19 (opt)

On optimized this gives:

10.5.5 30e7a0a866dce530d8328c6d614e48d39a264f9b (Optimized)
10.5.5>DROP TABLE IF EXISTS t;
ERROR 192 (HY000): Unknown key id 1. Can't continue!

Comment by Roel Van de Paar [ 2020-07-21 ]

Unique ID's seen so far:

SIGABRT|__libc_message|malloc_printerr|munmap_chunk|__GI___libc_free

SIGABRT|__libc_message|malloc_printerr|_int_free|__GI___libc_free

(key_del_current != 0) && ((key_del_current == (~ (my_off_t) 0)) || (key_del_current <= (share->state.state.key_file_length - block_size)))|SIGABRT|_ma_new|_ma_enlarge_root|_ma_ck_real_write_btree|_ma_ck_write_btree_with_log

(longlong) thd->status_var.local_memory_used >= 0 || !debug_assert_on_not_freed_memory|SIGABRT|my_malloc_size_cb_func|my_free|ma_crypt_post_write_hook|write_page

!is_set() || (m_status == DA_OK_BULK && is_bulk_op())|SIGABRT|Diagnostics_area::set_ok_status|my_ok|mysql_load|mysql_execute_command

!is_set() || (m_status == DA_OK_BULK && is_bulk_op())|SIGABRT|Diagnostics_area::set_ok_status|my_ok|Sql_cmd_truncate_table::execute|mysql_execute_command

!is_set() || (m_status == DA_OK_BULK && is_bulk_op())|SIGABRT|Diagnostics_area::set_ok_status|my_ok|drop_routine|mysql_execute_command

!is_set() || (m_status == DA_OK_BULK && is_bulk_op())|SIGABRT|Diagnostics_area::set_ok_status|my_ok|simple_rename_or_index_change|mysql_alter_table

!is_set() || (m_status == DA_OK_BULK && is_bulk_op())|SIGABRT|Diagnostics_area::set_ok_status|my_ok|mysql_rm_table|mysql_execute_command

!is_set() || (m_status == DA_OK_BULK && is_bulk_op())|SIGABRT|Diagnostics_area::set_ok_status|my_ok|mysql_create_or_drop_trigger|mysql_execute_command

! is_set()|SIGABRT|Diagnostics_area::set_eof_status|my_eof|mysql_admin_table|Sql_cmd_analyze_table::execute

status_var.local_memory_used == 0 || !debug_assert_on_not_freed_memory|SIGABRT|THD::~THD|THD::~THD|one_thread_per_connection_end|do_handle_one_connection

!parse_error || lex.sphead == 0|SIGABRT|Table_triggers_list::check_n_load|Table_triggers_list::drop_all_triggers|mysql_rm_table_no_locks|mysql_rm_table

!(offset < ((7 + 1 + 1 + 2 + 1) + (share)->crypt_page_header_space))|SIGABRT|_ma_scan_block_record|sort_get_next_record|sort_key_read|find_all_keys

Comment by Roel Van de Paar [ 2020-08-13 ]

Note to self; one more to test with (crashes 10.4 dbg, unknown key id 1 on 10.4 opt and 10.5);

USE test;

SET GLOBAL aria_encrypt_tables=ON;

CREATE TABLE t(a INT PRIMARY KEY) ENGINE=Aria KEY_BLOCK_SIZE=1 ROW_FORMAT=COMPACT;

INSERT INTO t VALUES (0),(1),(2),(3);

TRUNCATE t;

Leads to:

10.4.15 eae968f62d285de97ed607c87bc131cd863d5d03 (Debug)
mysqld: /test/10.4_dbg/sql/sql_error.cc:335: void Diagnostics_area::set_ok_status(ulonglong, ulonglong, const char*): Assertion `!is_set() \|\| (m_status == DA_OK_BULK && is_bulk_op())' failed.

10.4.15 eae968f62d285de97ed607c87bc131cd863d5d03 (Debug)
Core was generated by `/test/MD110820-mariadb-10.4.15-linux-x86_64-dbg/bin/mysqld --no-defaults --core'.
Program terminated with signal SIGABRT, Aborted.
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=6)
at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
[Current thread is 1 (Thread 0x14e59c442700 (LWP 3348885))]
(gdb) bt
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=6) at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
#1 0x0000563954dd98a6 in my_write_core (sig=sig@entry=6) at /test/10.4_dbg/mysys/stacktrace.c:482
#2 0x0000563954555cdc in handle_fatal_signal (sig=6) at /test/10.4_dbg/sql/signal_handler.cc:343
#3 <signal handler called>
#4 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#5 0x000014e59a6d98b1 in __GI_abort () at abort.c:79
#6 0x000014e59a6c942a in __assert_fail_base (fmt=0x14e59a850a38 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x563954ec7458 "!is_set() \|\| (m_status == DA_OK_BULK && is_bulk_op())", file=file@entry=0x563954ec7400 "/test/10.4_dbg/sql/sql_error.cc", line=line@entry=335, function=function@entry=0x563954ec7f00 <Diagnostics_area::set_ok_status(unsigned long long, unsigned long long, char const)::__PRETTY_FUNCTION__> "void Diagnostics_area::set_ok_status(ulonglong, ulonglong, const char)") at assert.c:92
#7 0x000014e59a6c94a2 in __GI___assert_fail (assertion=assertion@entry=0x563954ec7458 "!is_set() \|\| (m_status == DA_OK_BULK && is_bulk_op())", file=file@entry=0x563954ec7400 "/test/10.4_dbg/sql/sql_error.cc", line=line@entry=335, function=function@entry=0x563954ec7f00 <Diagnostics_area::set_ok_status(unsigned long long, unsigned long long, char const)::__PRETTY_FUNCTION__> "void Diagnostics_area::set_ok_status(ulonglong, ulonglong, const char)") at assert.c:101
#8 0x000056395425a6df in Diagnostics_area::set_ok_status (this=0x14e574c1aa58, affected_rows=affected_rows@entry=0, last_insert_id=last_insert_id@entry=0, message=message@entry=0x0) at /test/10.4_dbg/sql/sql_error.cc:335
#9 0x000056395440fc39 in my_ok (message=0x0, id=0, affected_rows_arg=0, thd=0x14e574c15070) at /test/10.4_dbg/sql/sql_class.h:5033
#10 Sql_cmd_truncate_table::execute (this=0x14e574c6d808, thd=0x14e574c15070) at /test/10.4_dbg/sql/sql_truncate.cc:506
#11 0x00005639542aaa3d in mysql_execute_command (thd=thd@entry=0x14e574c15070) at /test/10.4_dbg/sql/sql_parse.cc:6098
#12 0x00005639542ad090 in mysql_parse (thd=thd@entry=0x14e574c15070, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14e59c441460, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.4_dbg/sql/sql_parse.cc:7896
#13 0x00005639542af920 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14e574c15070, packet=packet@entry=0x14e574c57071 "TRUNCATE t", packet_length=packet_length@entry=10, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.4_dbg/sql/sql_parse.cc:1834
#14 0x00005639542b335b in do_command (thd=0x14e574c15070) at /test/10.4_dbg/sql/sql_parse.cc:1352
#15 0x00005639543df8b6 in do_handle_one_connection (connect=connect@entry=0x14e599035790) at /test/10.4_dbg/sql/sql_connect.cc:1412
#16 0x00005639543df9d6 in handle_one_connection (arg=0x14e599035790) at /test/10.4_dbg/sql/sql_connect.cc:1316
#17 0x000014e59b6406db in start_thread (arg=0x14e59c442700) at pthread_create.c:463
#18 0x000014e59a7baa3f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Bug confirmed present in:
MariaDB: 10.1.47 (dbg), 10.2.34 (dbg), 10.3.25 (dbg), 10.4.15 (dbg), 10.5.6 (dbg)

Bug confirmed not present in:
MariaDB: 10.1.47 (opt), 10.2.34 (opt), 10.3.25 (opt), 10.4.15 (opt), 10.5.6 (opt)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.47 (dbg), 5.6.47 (opt), 5.7.29 (dbg), 5.7.29 (opt), 8.0.19 (dbg), 8.0.19 (opt)

Comment by Roel Van de Paar [ 2020-08-14 ]

Note to self; one more to test with which causes corruption in various ways it seems.

USE test;

SET storage_engine=Aria;

CREATE TABLE t(c1 NUMERIC NULL, c2 CHAR(25) NOT NULL, c3 INT(4) NULL, c4 CHAR(15) NOT NULL PRIMARY KEY, c5 NUMERIC NOT NULL UNIQUE KEY,c6 NUMERIC(10,8) NOT NULL DEFAULT 3.141592);

INSERT INTO t VALUES (3,2,3,4,5,6);

SET GLOBAL Aria_encrypt_TABLEs=ON;

REPAIR NO_WRITE_TO_BINLOG TABLE t QUICK USE_FRM;

Leads to:

10.4.15 eae968f62d285de97ed607c87bc131cd863d5d03 (Debug)
mysqld: /test/10.4_dbg/storage/maria/ma_blockrec.c:5466: _ma_scan_block_record: Assertion `!(offset < ((7 + 1 + 1 + 2 + 1) + (share)->crypt_page_header_space))' failed.

10.4.15 eae968f62d285de97ed607c87bc131cd863d5d03 (Debug)
Core was generated by `/test/MD110820-mariadb-10.4.15-linux-x86_64-dbg/bin/mysqld --no-defaults --core'.
Program terminated with signal SIGABRT, Aborted.
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=6)
at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
[Current thread is 1 (Thread 0x14772ca97700 (LWP 1539572))]
(gdb) bt
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=6) at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
#1 0x0000564efe97d8a6 in my_write_core (sig=sig@entry=6) at /test/10.4_dbg/mysys/stacktrace.c:482
#2 0x0000564efe0f9cdc in handle_fatal_signal (sig=6) at /test/10.4_dbg/sql/signal_handler.cc:343
#3 <signal handler called>
#4 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#5 0x000014772ad2e8b1 in __GI_abort () at abort.c:79
#6 0x000014772ad1e42a in __assert_fail_base (fmt=0x14772aea5a38 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x564efed50a40 "!(offset < ((7 + 1 + 1 + 2 + 1) + (share)->crypt_page_header_space))", file=file@entry=0x564efed4fc88 "/test/10.4_dbg/storage/maria/ma_blockrec.c", line=line@entry=5466, function=function@entry=0x564efed521d0 <__PRETTY_FUNCTION__.19958> "_ma_scan_block_record") at assert.c:92
#7 0x000014772ad1e4a2 in __GI___assert_fail (assertion=assertion@entry=0x564efed50a40 "!(offset < ((7 + 1 + 1 + 2 + 1) + (share)->crypt_page_header_space))", file=file@entry=0x564efed4fc88 "/test/10.4_dbg/storage/maria/ma_blockrec.c", line=line@entry=5466, function=function@entry=0x564efed521d0 <__PRETTY_FUNCTION__.19958> "_ma_scan_block_record") at assert.c:101
#8 0x0000564efe7d6809 in _ma_scan_block_record (info=info@entry=0x1477058d1070, record=0x147705862f30 '\245' <repeats 72 times>, "h4z\025", record_pos=0, skip_deleted=skip_deleted@entry=1 '\001') at /test/10.4_dbg/storage/maria/ma_blockrec.c:5466
#9 0x0000564efe8009a7 in sort_get_next_record (sort_param=sort_param@entry=0x14772ca92190) at /test/10.4_dbg/storage/maria/ma_check.c:4868
#10 0x0000564efe802e6b in sort_key_read (sort_param=0x14772ca92190, key=0x1477058665b8 '\245' <repeats 200 times>...) at /test/10.4_dbg/storage/maria/ma_check.c:4703
#11 0x0000564efe805a25 in find_all_keys (tempfile_for_exceptions=0x14772ca91d40, tempfile=0x14772ca91bd0, maxbuffer=0x14772ca91b6c, buffpek=0x14772ca91b70, sort_keys=0x1477058665b0, keys=<optimized out>, info=0x14772ca92190) at /test/10.4_dbg/storage/maria/ma_sort.c:324
#12 _ma_create_index_by_sort (info=info@entry=0x14772ca92190, no_messages=<optimized out>, sortbuff_size=<optimized out>) at /test/10.4_dbg/storage/maria/ma_sort.c:231
#13 0x0000564efe7ff0d5 in maria_repair_by_sort (param=param@entry=0x14770596b088, info=0x1477058d1070, name=name@entry=0x14772ca937e0 "./test/t", rep_quick=<optimized out>) at /test/10.4_dbg/storage/maria/ma_check.c:3902
#14 0x0000564efe7812c7 in ha_maria::repair (this=this@entry=0x14770588b088, thd=thd@entry=0x147705815070, param=param@entry=0x14770596b088, do_optimize=do_optimize@entry=false) at /test/10.4_dbg/storage/maria/ha_maria.cc:1652
#15 0x0000564efe781bbc in ha_maria::repair (this=0x14770588b088, thd=0x147705815070, check_opt=0x14770581a248) at /test/10.4_dbg/storage/maria/ha_maria.cc:1447
#16 0x0000564efe1073e3 in handler::ha_repair (this=0x14770588b088, thd=0x147705815070, check_opt=0x14770581a248) at /test/10.4_dbg/sql/handler.cc:4395
#17 0x0000564efdf945dd in mysql_admin_table (thd=thd@entry=0x147705815070, tables=tables@entry=0x14770586d180, check_opt=check_opt@entry=0x14770581a248, operator_name=operator_name@entry=0x564efed58ca6 "repair", lock_type=lock_type@entry=TL_WRITE, org_open_for_modify=org_open_for_modify@entry=true, repair_table_use_frm=true, extra_open_options=32, prepare_func=0x564efdf92938 <prepare_for_repair(THD, TABLE_LIST, HA_CHECK_OPT)>, operator_func=(int (handler::)(handler * const, THD , HA_CHECK_OPT )) 0x564efe1073b2 <handler::ha_repair(THD, st_ha_check_opt)>, view_operator_func=0x564efdf327e2 <view_repair(THD, TABLE_LIST, st_ha_check_opt*)>) at /test/10.4_dbg/sql/sql_admin.cc:791
#18 0x0000564efdf96314 in Sql_cmd_repair_table::execute (this=<optimized out>, thd=0x147705815070) at /test/10.4_dbg/sql/sql_admin.cc:1415
#19 0x0000564efde4ea3d in mysql_execute_command (thd=thd@entry=0x147705815070) at /test/10.4_dbg/sql/sql_parse.cc:6098
#20 0x0000564efde51090 in mysql_parse (thd=thd@entry=0x147705815070, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14772ca96460, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.4_dbg/sql/sql_parse.cc:7896
#21 0x0000564efde53920 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x147705815070, packet=packet@entry=0x147705857071 "", packet_length=packet_length@entry=47, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.4_dbg/sql/sql_parse.cc:1834
#22 0x0000564efde5735b in do_command (thd=0x147705815070) at /test/10.4_dbg/sql/sql_parse.cc:1352
#23 0x0000564efdf838b6 in do_handle_one_connection (connect=connect@entry=0x147729835790) at /test/10.4_dbg/sql/sql_connect.cc:1412
#24 0x0000564efdf839d6 in handle_one_connection (arg=0x147729835790) at /test/10.4_dbg/sql/sql_connect.cc:1316
#25 0x000014772bc956db in start_thread (arg=0x14772ca97700) at pthread_create.c:463
#26 0x000014772ae0fa3f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Bug confirmed present in:
MariaDB: 10.1.47 (dbg), 10.2.34 (dbg), 10.3.25 (dbg), 10.4.15 (dbg), 10.5.6 (dbg)

Generated at Thu Feb 08 08:44:33 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MDEV-18496] Crashes, asserts, errors and hangs when Aria encryption is enabled/used, but plugin is not loaded Created: 2019-02-06 Updated: 2021-07-28 Resolved: 2020-07-29