[#MDEV-27572] Wrong result with DISTINCT and indexes

10.5 851816532b39b4bf04b1d352
Version: '10.5.19-MariaDB-debug-log'
=================================================================
==766958==ERROR: AddressSanitizer: use-after-poison on address 0x6210000dc4e2 at pc 0x55c621d61197 bp 0x7f8111a1c760 sp 0x7f8111a1c750
READ of size 1 at 0x6210000dc4e2 thread T21
#0 0x55c621d61196 in row_sel_convert_mysql_key_to_innobase(dtuple_t, unsigned char, unsigned long, dict_index_t, unsigned char const, unsigned long) /10.5/src/storage/innobase/row/row0sel.cc:2596
#1 0x55c621932c67 in ha_innobase::index_read(unsigned char, unsigned char const, unsigned int, ha_rkey_function) /10.5/src/storage/innobase/handler/ha_innodb.cc:8853
#2 0x55c620ee0f48 in handler::index_read_map(unsigned char, unsigned char const, unsigned long, ha_rkey_function) /10.5/src/sql/handler.h:3779
#3 0x55c620eb06d3 in handler::ha_index_read_map(unsigned char, unsigned char const, unsigned long, ha_rkey_function) /10.5/src/sql/handler.cc:3152
#4 0x55c620ecba2d in handler::read_range_first(st_key_range const, st_key_range const, bool, bool) /10.5/src/sql/handler.cc:6241
#5 0x55c6212d9370 in QUICK_RANGE_SELECT::get_next_prefix(unsigned int, unsigned int, unsigned char*) /10.5/src/sql/opt_range.cc:12760
#6 0x55c6212ec98c in QUICK_GROUP_MIN_MAX_SELECT::next_prefix() /10.5/src/sql/opt_range.cc:15591
#7 0x55c6212eb091 in QUICK_GROUP_MIN_MAX_SELECT::get_next() /10.5/src/sql/opt_range.cc:15333
#8 0x55c62130e157 in rr_quick /10.5/src/sql/records.cc:403
#9 0x55c6204b55a1 in READ_RECORD::read_record() /10.5/src/sql/records.h:80
#10 0x55c6207d1229 in join_init_read_record(st_join_table*) /10.5/src/sql/sql_select.cc:22008
#11 0x55c6207ca34b in sub_select(JOIN, st_join_table, bool) /10.5/src/sql/sql_select.cc:21041
#12 0x55c6207c83c3 in do_select /10.5/src/sql/sql_select.cc:20574
#13 0x55c62075334d in JOIN::exec_inner() /10.5/src/sql/sql_select.cc:4569
#14 0x55c620750957 in JOIN::exec() /10.5/src/sql/sql_select.cc:4349
#15 0x55c620754d9c in mysql_select(THD, TABLE_LIST, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex) /10.5/src/sql/sql_select.cc:4826
#16 0x55c620725bfc in handle_select(THD, LEX, select_result*, unsigned long) /10.5/src/sql/sql_select.cc:445
#17 0x55c62068d457 in execute_sqlcom_select /10.5/src/sql/sql_parse.cc:6317
#18 0x55c62067c400 in mysql_execute_command(THD*) /10.5/src/sql/sql_parse.cc:4008
#19 0x55c6206986ca in mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool) /10.5/src/sql/sql_parse.cc:8089
#20 0x55c62066e5bd in dispatch_command(enum_server_command, THD, char, unsigned int, bool, bool) /10.5/src/sql/sql_parse.cc:1891
#21 0x55c62066af3b in do_command(THD*) /10.5/src/sql/sql_parse.cc:1375
#22 0x55c620abcc5a in do_handle_one_connection(CONNECT*, bool) /10.5/src/sql/sql_connect.cc:1415
#23 0x55c620abc5be in handle_one_connection /10.5/src/sql/sql_connect.cc:1317
#24 0x55c621734d0b in pfs_spawn_thread /10.5/src/storage/perfschema/pfs.cc:2201
#25 0x7f8125180608 in start_thread /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_create.c:477
#26 0x7f8124d51132 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x11f132)

0x6210000dc4e2 is located 994 bytes inside of 4196-byte region [0x6210000dc100,0x6210000dd164)
allocated by thread T21 here:
#0 0x7f812579c808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144
#1 0x55c6223d9aea in sf_malloc /10.5/src/mysys/safemalloc.c:121
#2 0x55c6223a72ef in my_malloc /10.5/src/mysys/my_malloc.c:90
#3 0x55c62238308f in alloc_root /10.5/src/mysys/my_alloc.c:244
#4 0x55c6212e87f6 in QUICK_GROUP_MIN_MAX_SELECT::init() /10.5/src/sql/opt_range.cc:14991
#5 0x55c6212e7647 in TRP_GROUP_MIN_MAX::make_quick(PARAM, bool, st_mem_root) /10.5/src/sql/opt_range.cc:14832
#6 0x55c621296285 in SQL_SELECT::test_quick_select(THD*, Bitmap<64u>, unsigned long long, unsigned long long, bool, bool, bool, bool) /10.5/src/sql/opt_range.cc:3059
#7 0x55c6207554a2 in get_quick_record_count /10.5/src/sql/sql_select.cc:4870
#8 0x55c62075c370 in make_join_statistics /10.5/src/sql/sql_select.cc:5597
#9 0x55c62073a9e4 in JOIN::optimize_inner() /10.5/src/sql/sql_select.cc:2337
#10 0x55c620733ebe in JOIN::optimize() /10.5/src/sql/sql_select.cc:1695
#11 0x55c620754ba7 in mysql_select(THD, TABLE_LIST, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex) /10.5/src/sql/sql_select.cc:4812
#12 0x55c620725bfc in handle_select(THD, LEX, select_result*, unsigned long) /10.5/src/sql/sql_select.cc:445
#13 0x55c62068d457 in execute_sqlcom_select /10.5/src/sql/sql_parse.cc:6317
#14 0x55c62067c400 in mysql_execute_command(THD*) /10.5/src/sql/sql_parse.cc:4008
#15 0x55c6206986ca in mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool) /10.5/src/sql/sql_parse.cc:8089
#16 0x55c62066e5bd in dispatch_command(enum_server_command, THD, char, unsigned int, bool, bool) /10.5/src/sql/sql_parse.cc:1891
#17 0x55c62066af3b in do_command(THD*) /10.5/src/sql/sql_parse.cc:1375
#18 0x55c620abcc5a in do_handle_one_connection(CONNECT*, bool) /10.5/src/sql/sql_connect.cc:1415
#19 0x55c620abc5be in handle_one_connection /10.5/src/sql/sql_connect.cc:1317
#20 0x55c621734d0b in pfs_spawn_thread /10.5/src/storage/perfschema/pfs.cc:2201
#21 0x7f8125180608 in start_thread /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_create.c:477

Thread T21 created by T0 here:
#0 0x7f81256c9815 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cc:208
#1 0x55c6217308e0 in my_thread_create /10.5/src/storage/perfschema/my_thread.h:52
#2 0x55c6217350fe in pfs_spawn_thread_v1 /10.5/src/storage/perfschema/pfs.cc:2252
#3 0x55c6203555f2 in inline_mysql_thread_create /10.5/src/include/mysql/psi/mysql_thread.h:1323
#4 0x55c62036bcdd in create_thread_to_handle_connection(CONNECT*) /10.5/src/sql/mysqld.cc:6067
#5 0x55c62036c35c in create_new_thread(CONNECT*) /10.5/src/sql/mysqld.cc:6126
#6 0x55c62036c6b9 in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /10.5/src/sql/mysqld.cc:6191
#7 0x55c62036d31b in handle_connections_sockets() /10.5/src/sql/mysqld.cc:6318
#8 0x55c62036b4ea in mysqld_main(int, char**) /10.5/src/sql/mysqld.cc:5713
#9 0x55c6203540bc in main /10.5/src/sql/main.cc:25
#10 0x7f8124c56082 in __libc_start_main ../csu/libc-start.c:308

SUMMARY: AddressSanitizer: use-after-poison /10.5/src/storage/innobase/row/row0sel.cc:2596 in row_sel_convert_mysql_key_to_innobase(dtuple_t, unsigned char, unsigned long, dict_index_t, unsigned char const, unsigned long)
Shadow bytes around the buggy address:
0x0c4280013840: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 f7
0x0c4280013850: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c4280013860: 00 00 00 00 00 00 00 00 00 05 f7 00 00 00 00 00
0x0c4280013870: 00 00 00 00 00 00 00 00 00 00 00 f7 04 f7 00 00
0x0c4280013880: 00 00 00 f7 06 f7 06 f7 00 00 00 00 00 00 00 00
=>0x0c4280013890: 00 00 00 00 00 00 00 00 00 00 00 00[f7]f7 f7 f7
0x0c42800138a0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
0x0c42800138b0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
0x0c42800138c0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
0x0c42800138d0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
0x0c42800138e0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==766958==ABORTING

[MDEV-27572] Wrong result with DISTINCT and indexes Created: 2022-01-22 Updated: 2023-11-28
Status:	Confirmed
Project:	MariaDB Server
Component/s:	Optimizer, Storage Engine - InnoDB
Affects Version/s:	10.5, 10.6, 10.7, 10.8, 10.9, 10.10, 10.11
Fix Version/s:	10.5, 10.6

[MDEV-27572] Wrong result with DISTINCT and indexes Created: 2022-01-22 Updated: 2023-11-28