[MDEV-19304] Segfault in ALTER TABLE after UPDATE for SIMULTANEOUS_ASSIGNMENT - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Critical
Resolution: Fixed
Affects Version/s: 10.3(EOL), 10.4(EOL)
Fix Version/s: 10.3.18, 10.4.8
Component/s: Data Definition - Alter Table, Versioned Tables
Labels:
- affects-tests

Description

SIGSEGV / ASAN unknown-crash in row_sel_field_store_in_mysql_format_func or create_tmp_table or my_timestamp_from_binary or Field::cmp_binary or calc_row_difference upon action on system-versioned table with SIMULTANEOUS_ASSIGNMENT.

With MyISAM or Aria
CREATE TABLE t1 (a INT, s TIMESTAMP(6) AS ROW START, e TIMESTAMP(6) AS ROW END, PERIOD FOR SYSTEM_TIME(s,e)) ENGINE=MyISAM WITH SYSTEM VERSIONING;
REPLACE INTO t1 () VALUES (),();
SET SQL_MODE= CONCAT(@@sql_mode,',SIMULTANEOUS_ASSIGNMENT');
UPDATE IGNORE t1 SET e = 1;
ALTER TABLE t1 FORCE;

# Cleanup
DROP TABLE t1;

10.3 ASAN 765ae6e8
==31680==ERROR: AddressSanitizer: unknown-crash on address 0x61900009e7b7 at pc 0x55b4ad0ff184 bp 0x7f6245a018a0 sp 0x7f6245a01898
READ of size 1 at 0x61900009e7b7 thread T5
#0 0x55b4ad0ff183 in my_timestamp_from_binary(timeval, unsigned char const, unsigned int) /data/src/10.3/sql/compat56.cc:394
#1 0x55b4ad144336 in Field_timestampf::get_timestamp(unsigned char const, unsigned long) const /data/src/10.3/sql/field.cc:5574
#2 0x55b4ad18ecd6 in Field_timestamp::get_timestamp(unsigned long*) const /data/src/10.3/sql/field.h:2678
#3 0x55b4ad14068c in Field_timestamp::get_date(st_mysql_time*, unsigned long long) /data/src/10.3/sql/field.cc:5307
#4 0x55b4ad13f85f in Field_timestamp::val_str(String, String) /data/src/10.3/sql/field.cc:5232
#5 0x55b4ac8463ed in Field::val_str(String*) /data/src/10.3/sql/field.h:840
#6 0x55b4ad18a023 in Field::val_str(String, unsigned char const) /data/src/10.3/sql/field.h:1328
#7 0x55b4ad183d7b in Column_definition::Column_definition(THD, Field, Field*) /data/src/10.3/sql/field.cc:11018
#8 0x55b4aca29c43 in Create_field::Create_field(THD, Field, Field*) /data/src/10.3/sql/field.h:4754
#9 0x55b4accbe91c in mysql_prepare_alter_table(THD, TABLE, HA_CREATE_INFO, Alter_info, Alter_table_ctx*) /data/src/10.3/sql/sql_table.cc:8023
#10 0x55b4accc73bc in mysql_alter_table(THD, st_mysql_const_lex_string const, st_mysql_const_lex_string const, HA_CREATE_INFO, TABLE_LIST, Alter_info, unsigned int, st_order*, bool) /data/src/10.3/sql/sql_table.cc:9440
#11 0x55b4ace1441d in Sql_cmd_alter_table::execute(THD*) /data/src/10.3/sql/sql_alter.cc:494
#12 0x55b4acaaf84e in mysql_execute_command(THD*) /data/src/10.3/sql/sql_parse.cc:6285
#13 0x55b4acaba6dd in mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool) /data/src/10.3/sql/sql_parse.cc:8091
#14 0x55b4aca94805 in dispatch_command(enum_server_command, THD, char, unsigned int, bool, bool) /data/src/10.3/sql/sql_parse.cc:1857
#15 0x55b4aca9185b in do_command(THD*) /data/src/10.3/sql/sql_parse.cc:1403
#16 0x55b4ace054cf in do_handle_one_connection(CONNECT*) /data/src/10.3/sql/sql_connect.cc:1402
#17 0x55b4ace04edb in handle_one_connection /data/src/10.3/sql/sql_connect.cc:1308
#18 0x55b4ad731269 in pfs_spawn_thread /data/src/10.3/storage/perfschema/pfs.cc:1862
#19 0x7f6252414493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
#20 0x7f62503dc93e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e)

0x61900009e7b7 is located 55 bytes inside of 992-byte region [0x61900009e780,0x61900009eb60)
allocated by thread T5 here:
#0 0x7f625267e73f in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5473f)
#1 0x55b4ae2c0046 in my_malloc /data/src/10.3/mysys/my_malloc.c:101
#2 0x55b4ae29f89e in alloc_root /data/src/10.3/mysys/my_alloc.c:250
#3 0x55b4ae2a1410 in memdup_root /data/src/10.3/mysys/my_alloc.c:491
#4 0x55b4acd37568 in TABLE_SHARE::init_from_binary_frm_image(THD, bool, unsigned char const, unsigned long) /data/src/10.3/sql/table.cc:1273
#5 0x55b4acd32d15 in open_table_def(THD, TABLE_SHARE, unsigned int) /data/src/10.3/sql/table.cc:677
#6 0x55b4acfb7578 in tdc_acquire_share(THD, TABLE_LIST, unsigned int, TABLE**) /data/src/10.3/sql/table_cache.cc:840
#7 0x55b4ac946ea2 in open_table(THD, TABLE_LIST, Open_table_context*) /data/src/10.3/sql/sql_base.cc:1831
#8 0x55b4ac94f2a8 in open_and_process_table /data/src/10.3/sql/sql_base.cc:3619
#9 0x55b4ac951c8a in open_tables(THD, DDL_options_st const&, TABLE_LIST, unsigned int, unsigned int, Prelocking_strategy*) /data/src/10.3/sql/sql_base.cc:4144
#10 0x55b4ac9564a3 in open_and_lock_tables(THD, DDL_options_st const&, TABLE_LIST, bool, unsigned int, Prelocking_strategy*) /data/src/10.3/sql/sql_base.cc:5019
#11 0x55b4ac8c74d6 in open_and_lock_tables(THD, TABLE_LIST, bool, unsigned int) /data/src/10.3/sql/sql_base.h:502
#12 0x55b4aca07e2d in mysql_insert(THD, TABLE_LIST, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicates, bool) /data/src/10.3/sql/sql_insert.cc:760
#13 0x55b4acaa48e9 in mysql_execute_command(THD*) /data/src/10.3/sql/sql_parse.cc:4730
#14 0x55b4acaba6dd in mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool) /data/src/10.3/sql/sql_parse.cc:8091
#15 0x55b4aca94805 in dispatch_command(enum_server_command, THD, char, unsigned int, bool, bool) /data/src/10.3/sql/sql_parse.cc:1857
#16 0x55b4aca9185b in do_command(THD*) /data/src/10.3/sql/sql_parse.cc:1403
#17 0x55b4ace054cf in do_handle_one_connection(CONNECT*) /data/src/10.3/sql/sql_connect.cc:1402
#18 0x55b4ace04edb in handle_one_connection /data/src/10.3/sql/sql_connect.cc:1308
#19 0x55b4ad731269 in pfs_spawn_thread /data/src/10.3/storage/perfschema/pfs.cc:1862
#20 0x7f6252414493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)

Thread T5 created by T0 here:
#0 0x7f625264dbba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)
#1 0x55b4ad731831 in spawn_thread_v1 /data/src/10.3/storage/perfschema/pfs.cc:1912
#2 0x55b4ac7fcf48 in inline_mysql_thread_create /data/src/10.3/include/mysql/psi/mysql_thread.h:1268
#3 0x55b4ac812801 in create_thread_to_handle_connection(CONNECT*) /data/src/10.3/sql/mysqld.cc:6589
#4 0x55b4ac812f06 in create_new_thread /data/src/10.3/sql/mysqld.cc:6659
#5 0x55b4ac813f1d in handle_connections_sockets() /data/src/10.3/sql/mysqld.cc:6934
#6 0x55b4ac811cbe in mysqld_main(int, char**) /data/src/10.3/sql/mysqld.cc:6211
#7 0x55b4ac7fafcf in main /data/src/10.3/sql/main.cc:25
#8 0x7f62503142b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)

SUMMARY: AddressSanitizer: unknown-crash /data/src/10.3/sql/compat56.cc:394 my_timestamp_from_binary(timeval, unsigned char const, unsigned int)
Shadow bytes around the buggy address:
0x0c328000bca0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c328000bcb0: 00 00 00 00 00 00 00 00 00 04 00 00 f7 f7 f7 f7
0x0c328000bcc0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 fa fa fa fa
0x0c328000bcd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c328000bce0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c328000bcf0: 00 00 00 00 00 00[01]02 00 00 03 01 00 00 00 00
0x0c328000bd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c328000bd10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c328000bd20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c328000bd30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c328000bd40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Contiguous container OOB:fc
ASan internal: fe
==31680==ABORTING

With InnoDB
--source include/have_innodb.inc

CREATE TABLE t1 (a INT, s TIMESTAMP(6) AS ROW START, e TIMESTAMP(6) AS ROW END, PERIOD FOR SYSTEM_TIME(s,e)) ENGINE=InnoDB WITH SYSTEM VERSIONING;
REPLACE INTO t1 () VALUES (),();
SET SQL_MODE= CONCAT(@@sql_mode,',SIMULTANEOUS_ASSIGNMENT');
UPDATE IGNORE t1 SET e = 1;
ALTER TABLE t1 FORCE;

# Cleanup
DROP TABLE t1;

10.3 ASAN 765ae6e8
==31919==ERROR: AddressSanitizer: SEGV on unknown address 0x61910010b8b4 (pc 0x7f3cc9c53a20 sp 0x7f3caf85de08 bp 0x7f3caf85de50 T27)
#0 0x7f3cc9c53a1f (/lib/x86_64-linux-gnu/libc.so.6+0x144a1f)
#1 0x7f3ccbe7f23e in memcmp (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x3a23e)
#2 0x55dac54f2eab in calc_row_difference /data/src/10.3/storage/innobase/handler/ha_innodb.cc:8491
#3 0x55dac54f4ff7 in ha_innobase::update_row(unsigned char const, unsigned char const) /data/src/10.3/storage/innobase/handler/ha_innodb.cc:8838
#4 0x55dac4f56533 in handler::ha_update_row(unsigned char const, unsigned char const) /data/src/10.3/sql/handler.cc:6351
#5 0x55dac4a8168e in mysql_update(THD, TABLE_LIST, List<Item>&, List<Item>&, Item, unsigned int, st_order, unsigned long long, bool, unsigned long long, unsigned long long) /data/src/10.3/sql/sql_update.cc:946
#6 0x55dac4819d61 in mysql_execute_command(THD*) /data/src/10.3/sql/sql_parse.cc:4584
#7 0x55dac48306dd in mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool) /data/src/10.3/sql/sql_parse.cc:8091
#8 0x55dac480a805 in dispatch_command(enum_server_command, THD, char, unsigned int, bool, bool) /data/src/10.3/sql/sql_parse.cc:1857
#9 0x55dac480785b in do_command(THD*) /data/src/10.3/sql/sql_parse.cc:1403
#10 0x55dac4b7b4cf in do_handle_one_connection(CONNECT*) /data/src/10.3/sql/sql_connect.cc:1402
#11 0x55dac4b7aedb in handle_one_connection /data/src/10.3/sql/sql_connect.cc:1308
#12 0x55dac54a7269 in pfs_spawn_thread /data/src/10.3/storage/perfschema/pfs.cc:1862
#13 0x7f3ccbc2f493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
#14 0x7f3cc9bf793e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV ??:0 ??
Thread T27 created by T0 here:
#0 0x7f3ccbe68bba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)
#1 0x55dac54a7831 in spawn_thread_v1 /data/src/10.3/storage/perfschema/pfs.cc:1912
#2 0x55dac4572f48 in inline_mysql_thread_create /data/src/10.3/include/mysql/psi/mysql_thread.h:1268
#3 0x55dac4588801 in create_thread_to_handle_connection(CONNECT*) /data/src/10.3/sql/mysqld.cc:6589
#4 0x55dac4588f06 in create_new_thread /data/src/10.3/sql/mysqld.cc:6659
#5 0x55dac4589f1d in handle_connections_sockets() /data/src/10.3/sql/mysqld.cc:6934
#6 0x55dac4587cbe in mysqld_main(int, char**) /data/src/10.3/sql/mysqld.cc:6211
#7 0x55dac4570fcf in main /data/src/10.3/sql/main.cc:25
#8 0x7f3cc9b2f2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)

Another one with InnoDB, DOUBLE instead of INT, different stack trace
--source include/have_innodb.inc

CREATE TABLE t1 (a DOUBLE, s TIMESTAMP(6) AS ROW START, e TIMESTAMP(6) AS ROW END, PERIOD FOR SYSTEM_TIME(s,e)) ENGINE=InnoDB WITH SYSTEM VERSIONING;
REPLACE INTO t1 () VALUES (),();
SET SQL_MODE= CONCAT(@@sql_mode,',SIMULTANEOUS_ASSIGNMENT');
UPDATE IGNORE t1 SET e = 1;
ALTER TABLE t1 FORCE;

# Cleanup
DROP TABLE t1;

10.3 ASAN 765ae6e8
==32361==ERROR: AddressSanitizer: unknown-crash on address 0x6190000fbea0 at pc 0x560a21e0e168 bp 0x7f0fc34f2420 sp 0x7f0fc34f2418
READ of size 7 at 0x6190000fbea0 thread T27
#0 0x560a21e0e167 in Field::cmp_binary(unsigned char const, unsigned char const, unsigned int) /data/src/10.3/sql/field.h:1083
#1 0x560a21e0e347 in Field::cmp_binary_offset(unsigned int) /data/src/10.3/sql/field.h:1087
#2 0x560a2198aeb5 in compare_record(TABLE const*) /data/src/10.3/sql/sql_update.cc:92
#3 0x560a219903e3 in mysql_update(THD, TABLE_LIST, List<Item>&, List<Item>&, Item, unsigned int, st_order, unsigned long long, bool, unsigned long long, unsigned long long) /data/src/10.3/sql/sql_update.cc:888
#4 0x560a21728d61 in mysql_execute_command(THD*) /data/src/10.3/sql/sql_parse.cc:4584
#5 0x560a2173f6dd in mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool) /data/src/10.3/sql/sql_parse.cc:8091
#6 0x560a21719805 in dispatch_command(enum_server_command, THD, char, unsigned int, bool, bool) /data/src/10.3/sql/sql_parse.cc:1857
#7 0x560a2171685b in do_command(THD*) /data/src/10.3/sql/sql_parse.cc:1403
#8 0x560a21a8a4cf in do_handle_one_connection(CONNECT*) /data/src/10.3/sql/sql_connect.cc:1402
#9 0x560a21a89edb in handle_one_connection /data/src/10.3/sql/sql_connect.cc:1308
#10 0x560a223b6269 in pfs_spawn_thread /data/src/10.3/storage/perfschema/pfs.cc:1862
#11 0x7f0fdf8c3493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
#12 0x7f0fdd88b93e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e)

0x6190000fbea0 is located 32 bytes inside of 992-byte region [0x6190000fbe80,0x6190000fc260)
allocated by thread T27 here:
#0 0x7f0fdfb2d73f in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5473f)
#1 0x560a22f45046 in my_malloc /data/src/10.3/mysys/my_malloc.c:101
#2 0x560a22f2489e in alloc_root /data/src/10.3/mysys/my_alloc.c:250
#3 0x560a22f2629a in strmake_root /data/src/10.3/mysys/my_alloc.c:479
#4 0x560a219ccaa0 in open_table_from_share(THD, TABLE_SHARE, st_mysql_const_lex_string const, unsigned int, unsigned int, unsigned int, TABLE, bool, List<String>*) /data/src/10.3/sql/table.cc:3173
#5 0x560a215cc98e in open_table(THD, TABLE_LIST, Open_table_context*) /data/src/10.3/sql/sql_base.cc:1975
#6 0x560a215d42a8 in open_and_process_table /data/src/10.3/sql/sql_base.cc:3619
#7 0x560a215d6c8a in open_tables(THD, DDL_options_st const&, TABLE_LIST, unsigned int, unsigned int, Prelocking_strategy*) /data/src/10.3/sql/sql_base.cc:4144
#8 0x560a215db4a3 in open_and_lock_tables(THD, DDL_options_st const&, TABLE_LIST, bool, unsigned int, Prelocking_strategy*) /data/src/10.3/sql/sql_base.cc:5019
#9 0x560a2154c4d6 in open_and_lock_tables(THD, TABLE_LIST, bool, unsigned int) /data/src/10.3/sql/sql_base.h:502
#10 0x560a2168ce2d in mysql_insert(THD, TABLE_LIST, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicates, bool) /data/src/10.3/sql/sql_insert.cc:760
#11 0x560a217298e9 in mysql_execute_command(THD*) /data/src/10.3/sql/sql_parse.cc:4730
#12 0x560a2173f6dd in mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool) /data/src/10.3/sql/sql_parse.cc:8091
#13 0x560a21719805 in dispatch_command(enum_server_command, THD, char, unsigned int, bool, bool) /data/src/10.3/sql/sql_parse.cc:1857
#14 0x560a2171685b in do_command(THD*) /data/src/10.3/sql/sql_parse.cc:1403
#15 0x560a21a8a4cf in do_handle_one_connection(CONNECT*) /data/src/10.3/sql/sql_connect.cc:1402
#16 0x560a21a89edb in handle_one_connection /data/src/10.3/sql/sql_connect.cc:1308
#17 0x560a223b6269 in pfs_spawn_thread /data/src/10.3/storage/perfschema/pfs.cc:1862
#18 0x7f0fdf8c3493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)

Thread T27 created by T0 here:
#0 0x7f0fdfafcbba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)
#1 0x560a223b6831 in spawn_thread_v1 /data/src/10.3/storage/perfschema/pfs.cc:1912
#2 0x560a21481f48 in inline_mysql_thread_create /data/src/10.3/include/mysql/psi/mysql_thread.h:1268
#3 0x560a21497801 in create_thread_to_handle_connection(CONNECT*) /data/src/10.3/sql/mysqld.cc:6589
#4 0x560a21497f06 in create_new_thread /data/src/10.3/sql/mysqld.cc:6659
#5 0x560a21498f1d in handle_connections_sockets() /data/src/10.3/sql/mysqld.cc:6934
#6 0x560a21496cbe in mysqld_main(int, char**) /data/src/10.3/sql/mysqld.cc:6211
#7 0x560a2147ffcf in main /data/src/10.3/sql/main.cc:25
#8 0x7f0fdd7c32b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)

SUMMARY: AddressSanitizer: unknown-crash /data/src/10.3/sql/field.h:1083 Field::cmp_binary(unsigned char const, unsigned char const, unsigned int)
Shadow bytes around the buggy address:
0x0c3280017780: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c3280017790: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c32800177a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c32800177b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c32800177c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c32800177d0: 00 00 00 00[03]00 00 07 00 00 07 00 00 07 00 00
0x0c32800177e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c32800177f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c3280017800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c3280017810: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c3280017820: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Contiguous container OOB:fc
ASan internal: fe
==32361==ABORTING

InnoDB variations also crash on debug and release:

10.3 debug 765ae6e8
Thread 1 (Thread 0x7fae4c58c700 (LWP 32502)):
#0 __pthread_kill (threadid=<optimized out>, signo=11) at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
#1 0x00005613e2b0127b in my_write_core (sig=11) at /data/src/10.3/mysys/stacktrace.c:481
#2 0x00005613e235bca0 in handle_fatal_signal (sig=11) at /data/src/10.3/sql/signal_handler.cc:305
#3 <signal handler called>
#4 0x00007fae5cee1a20 in __memcmp_sse4_1 () from /lib/x86_64-linux-gnu/libc.so.6
#5 0x00005613e25bd66f in calc_row_difference (uvect=0x7fae000a87b0, old_row=0x7fae0000cba8 "\377", new_row=0x7fae0000cb90 "\377", table=0x7fae000a6770, upd_buff=0x7fae000ab340 '\245' <repeats 120 times>, "h4z\025", '\217' <repeats 12 times>, "\025\001", buff_len=119, prebuilt=0x7fae000a7b58, auto_inc=@0x7fae4c589ea8: 0) at /data/src/10.3/storage/innobase/handler/ha_innodb.cc:8491
#6 0x00005613e25be613 in ha_innobase::update_row (this=0x7fae000a73b8, old_row=0x7fae0000cba8 "\377", new_row=0x7fae0000cb90 "\377") at /data/src/10.3/storage/innobase/handler/ha_innodb.cc:8838
#7 0x00005613e236cd57 in handler::ha_update_row (this=0x7fae000a73b8, old_data=0x7fae0000cba8 "\377", new_data=0x7fae0000cb90 "\377") at /data/src/10.3/sql/handler.cc:6351
#8 0x00005613e215e23c in mysql_update (thd=0x7fae00000b00, table_list=0x7fae00014dd0, fields=..., values=..., conds=0x0, order_num=0, order=0x0, limit=18446744073709551615, ignore=true, found_return=0x7fae4c58a700, updated_return=0x7fae4c58a7c0) at /data/src/10.3/sql/sql_update.cc:946
#9 0x00005613e2065480 in mysql_execute_command (thd=0x7fae00000b00) at /data/src/10.3/sql/sql_parse.cc:4584
#10 0x00005613e207084b in mysql_parse (thd=0x7fae00000b00, rawbuf=0x7fae00014ce8 "UPDATE IGNORE t1 SET e = 1", length=26, parser_state=0x7fae4c58b5f0, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:8091
#11 0x00005613e205db1a in dispatch_command (command=COM_QUERY, thd=0x7fae00000b00, packet=0x7fae001624e1 "UPDATE IGNORE t1 SET e = 1", packet_length=26, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:1857
#12 0x00005613e205c504 in do_command (thd=0x7fae00000b00) at /data/src/10.3/sql/sql_parse.cc:1403
#13 0x00005613e21c515b in do_handle_one_connection (connect=0x5613e64cdfd0) at /data/src/10.3/sql/sql_connect.cc:1402
#14 0x00005613e21c4edf in handle_one_connection (arg=0x5613e64cdfd0) at /data/src/10.3/sql/sql_connect.cc:1308
#15 0x00005613e259c04d in pfs_spawn_thread (arg=0x5613e64d66c0) at /data/src/10.3/storage/perfschema/pfs.cc:1862
#16 0x00007fae5eebd494 in start_thread (arg=0x7fae4c58c700) at pthread_create.c:333
#17 0x00007fae5ce8593f in clone () from /lib/x86_64-linux-gnu/libc.so.6

MyISAM version doesn't crash without ASAN for me, but on a debug build ALTER produces a strange failure:

mysqltest: At line 5: query 'ALTER TABLE t1 FORCE' failed: 1292: Incorrect datetime value: '2046-04-28 20:44:47.486223' for column ``.``.`e` at row 1

Attachments

Issue Links

duplicates

MDEV-18217 [Draft] [ERROR] InnoDB: Apparent corruption and ASAN row_sel_field_store_in_mysql_format_func

Closed

is caused by

MDEV-14792 INSERT without column list into table with explicit versioning columns produces bad data

Closed

is duplicated by

MDEV-19644 Server crashes in ha_partition::try_semi_consistent_read upon attempt to update ROW END column of a partitioned table under SIMULTANEOUS_ASSIGNMENT

Closed

MDEV-20121 Server crashes in handler::ha_write_row or handler::mark_trx_read_write

Closed

relates to

MDEV-13417 UPDATE produces wrong values if an updated column is later used as an update source

Closed

MDEV-16937 Strict SQL with system versioned tables causes issues

Closed

MDEV-19597 Refactor TABLE::vers_update_fields() via stored virtual columns

Stalled

MDEV-20120 Server crashes in extra_cb or in ha_partition::try_semi_consistent_read or in ha_partition::info

Closed

MDEV-20121 Server crashes in handler::ha_write_row or handler::mark_trx_read_write

Closed

(4 relates to)

Activity

People

Assignee:: Aleksey Midenkov

Reporter:: Elena Stepanova

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2019-04-22 14:34

Updated:: 2020-05-13 09:10

Resolved:: 2019-08-11 11:39

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.