Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
10.3, 10.4, 10.5, 10.6, 10.7
Description
Assertion `dec == 6' failure or server crash in Field_timestampf::set_max upon column-specific versioning with wrong timestamp precision
CREATE TABLE t (a INT WITH SYSTEM VERSIONING, s TIMESTAMP GENERATED ALWAYS AS ROW START, e TIMESTAMP GENERATED ALWAYS AS ROW END, PERIOD FOR SYSTEM_TIME (s,e)); |
INSERT INTO t () VALUES (),(); |
|
|
# Cleanup
|
DROP TABLE t; |
|
10.3 25f598f5 |
mysqld: /data/src/10.3/sql/field.cc:5560: virtual void Field_timestampf::set_max(): Assertion `dec == 6' failed.
|
220109 19:05:27 [ERROR] mysqld got signal 6 ;
|
|
|
#7 0x00007fa36a197662 in __GI___assert_fail (assertion=0x55724dcdaf7f "dec == 6", file=0x55724dcd91d1 "/data/src/10.3/sql/field.cc", line=5560, function=0x55724dcdaf30 "virtual void Field_timestampf::set_max()") at assert.c:101
|
#8 0x000055724d2159f9 in Field_timestampf::set_max (this=0x7fa35409d3c0) at /data/src/10.3/sql/field.cc:5560
|
#9 0x000055724d054814 in TABLE::vers_update_fields (this=0x7fa3540ad200) at /data/src/10.3/sql/table.cc:8157
|
#10 0x000055724ce9a86e in fill_record (thd=0x7fa354000d90, table_arg=0x7fa3540ad200, fields=..., values=..., ignore_errors=false, update=false) at /data/src/10.3/sql/sql_base.cc:8461
|
#11 0x000055724ce9ace2 in fill_record_n_invoke_before_triggers (thd=0x7fa354000d90, table=0x7fa3540ad200, fields=..., values=..., ignore_errors=false, event=TRG_EVENT_INSERT) at /data/src/10.3/sql/sql_base.cc:8588
|
#12 0x000055724cee081e in mysql_insert (thd=0x7fa354000d90, table_list=0x7fa354012bb8, fields=..., values_list=..., update_fields=..., update_values=..., duplic=DUP_ERROR, ignore=false) at /data/src/10.3/sql/sql_insert.cc:968
|
#13 0x000055724cf25340 in mysql_execute_command (thd=0x7fa354000d90) at /data/src/10.3/sql/sql_parse.cc:4504
|
#14 0x000055724cf30bfa in mysql_parse (thd=0x7fa354000d90, rawbuf=0x7fa354012ad8 "INSERT INTO t () VALUES (),()", length=29, parser_state=0x7fa3641be5b0, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:7870
|
#15 0x000055724cf1d42f in dispatch_command (command=COM_QUERY, thd=0x7fa354000d90, packet=0x7fa354008f31 "INSERT INTO t () VALUES (),()", packet_length=29, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:1852
|
#16 0x000055724cf1bded in do_command (thd=0x7fa354000d90) at /data/src/10.3/sql/sql_parse.cc:1398
|
#17 0x000055724d098602 in do_handle_one_connection (connect=0x5572503a1c40) at /data/src/10.3/sql/sql_connect.cc:1403
|
#18 0x000055724d09836d in handle_one_connection (arg=0x5572503a1c40) at /data/src/10.3/sql/sql_connect.cc:1308
|
#19 0x000055724da48090 in pfs_spawn_thread (arg=0x557250446880) at /data/src/10.3/storage/perfschema/pfs.cc:1869
|
#20 0x00007fa36a330ea7 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
#21 0x00007fa36a260def in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
==3401257==ERROR: AddressSanitizer: unknown-crash on address 0x6190000820c7 at pc 0x55e40c1a2a71 bp 0x7f6f220274f0 sp 0x7f6f220274e8
|
WRITE of size 1 at 0x6190000820c7 thread T5
|
#0 0x55e40c1a2a70 in Field_timestampf::set_max() /data/src/10.3/sql/field.cc:5564
|
#1 0x55e40be80da9 in TABLE::vers_update_fields() /data/src/10.3/sql/table.cc:8157
|
#2 0x55e40baa3b1d in fill_record(THD*, TABLE*, List<Item>&, List<Item>&, bool, bool) /data/src/10.3/sql/sql_base.cc:8461
|
#3 0x55e40baa4399 in fill_record_n_invoke_before_triggers(THD*, TABLE*, List<Item>&, List<Item>&, bool, trg_event_type) /data/src/10.3/sql/sql_base.cc:8588
|
#4 0x55e40bb3bdab in mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicates, bool) /data/src/10.3/sql/sql_insert.cc:968
|
#5 0x55e40bbd242e in mysql_execute_command(THD*) /data/src/10.3/sql/sql_parse.cc:4504
|
#6 0x55e40bbe1847 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.3/sql/sql_parse.cc:7870
|
#7 0x55e40bbe653f in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.3/sql/sql_parse.cc:1852
|
#8 0x55e40bbec2dd in do_command(THD*) /data/src/10.3/sql/sql_parse.cc:1398
|
#9 0x55e40bf07a46 in do_handle_one_connection(CONNECT*) /data/src/10.3/sql/sql_connect.cc:1403
|
#10 0x55e40bf082aa in handle_one_connection /data/src/10.3/sql/sql_connect.cc:1308
|
#11 0x55e40d14bc84 in pfs_spawn_thread /data/src/10.3/storage/perfschema/pfs.cc:1869
|
#12 0x7f6f2ca47ea6 in start_thread nptl/pthread_create.c:477
|
#13 0x7f6f2c977dee in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xfddee)
|
|
|
0x6190000820c7 is located 71 bytes inside of 992-byte region [0x619000082080,0x619000082460)
|
allocated by thread T5 here:
|
#0 0x7f6f2d2e9e8f in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145
|
#1 0x55e40d21b942 in my_malloc /data/src/10.3/mysys/my_malloc.c:101
|
#2 0x55e40d207e7b in alloc_root /data/src/10.3/mysys/my_alloc.c:251
|
#3 0x55e40d208b95 in strmake_root /data/src/10.3/mysys/my_alloc.c:481
|
#4 0x55e40be77e04 in open_table_from_share(THD*, TABLE_SHARE*, st_mysql_const_lex_string const*, unsigned int, unsigned int, unsigned int, TABLE*, bool, List<String>*) /data/src/10.3/sql/table.cc:3238
|
#5 0x55e40ba8b54c in open_table(THD*, TABLE_LIST*, Open_table_context*) /data/src/10.3/sql/sql_base.cc:1992
|
#6 0x55e40ba94ce9 in open_and_process_table /data/src/10.3/sql/sql_base.cc:3715
|
#7 0x55e40ba94ce9 in open_tables(THD*, DDL_options_st const&, TABLE_LIST**, unsigned int*, unsigned int, Prelocking_strategy*) /data/src/10.3/sql/sql_base.cc:4190
|
#8 0x55e40ba9697e in open_and_lock_tables(THD*, DDL_options_st const&, TABLE_LIST*, bool, unsigned int, Prelocking_strategy*) /data/src/10.3/sql/sql_base.cc:5129
|
#9 0x55e40bb39c42 in open_and_lock_tables(THD*, TABLE_LIST*, bool, unsigned int) /data/src/10.3/sql/sql_base.h:503
|
#10 0x55e40bb39c42 in mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicates, bool) /data/src/10.3/sql/sql_insert.cc:760
|
#11 0x55e40bbd242e in mysql_execute_command(THD*) /data/src/10.3/sql/sql_parse.cc:4504
|
#12 0x55e40bbe1847 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.3/sql/sql_parse.cc:7870
|
#13 0x55e40bbe653f in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.3/sql/sql_parse.cc:1852
|
#14 0x55e40bbec2dd in do_command(THD*) /data/src/10.3/sql/sql_parse.cc:1398
|
#15 0x55e40bf07a46 in do_handle_one_connection(CONNECT*) /data/src/10.3/sql/sql_connect.cc:1403
|
#16 0x55e40bf082aa in handle_one_connection /data/src/10.3/sql/sql_connect.cc:1308
|
#17 0x55e40d14bc84 in pfs_spawn_thread /data/src/10.3/storage/perfschema/pfs.cc:1869
|
#18 0x7f6f2ca47ea6 in start_thread nptl/pthread_create.c:477
|
|
|
Thread T5 created by T0 here:
|
#0 0x7f6f2d2952a2 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:214
|
#1 0x55e40d1502da in spawn_thread_v1 /data/src/10.3/storage/perfschema/pfs.cc:1919
|
#2 0x55e40b97ae6b in inline_mysql_thread_create /data/src/10.3/include/mysql/psi/mysql_thread.h:1275
|
#3 0x55e40b97ae6b in create_thread_to_handle_connection(CONNECT*) /data/src/10.3/sql/mysqld.cc:6666
|
#4 0x55e40b98b18d in create_new_thread /data/src/10.3/sql/mysqld.cc:6736
|
#5 0x55e40b98b18d in handle_connections_sockets() /data/src/10.3/sql/mysqld.cc:6994
|
#6 0x55e40b98d135 in mysqld_main(int, char**) /data/src/10.3/sql/mysqld.cc:6288
|
#7 0x7f6f2c8a0d09 in __libc_start_main ../csu/libc-start.c:308
|
|
|
SUMMARY: AddressSanitizer: unknown-crash /data/src/10.3/sql/field.cc:5564 in Field_timestampf::set_max()
|
Shadow bytes around the buggy address:
|
0x0c32800083c0: 00 00 00 00 00 00 00 00 00 f7 00 00 00 00 00 00
|
0x0c32800083d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0c32800083e0: 00 00 00 00 00 f7 04 f7 f7 f7 f7 f7 fa fa fa fa
|
0x0c32800083f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c3280008400: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
=>0x0c3280008410: 00 00 00 00 f7 02 f7 00[05]00 05 00 05 f7 00 00
|
0x0c3280008420: 00 00 f7 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0c3280008430: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f7 00
|
0x0c3280008440: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0c3280008450: 00 00 00 00 00 00 00 00 00 00 f7 00 00 00 00 00
|
0x0c3280008460: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
Addressable: 00
|
Partially addressable: 01 02 03 04 05 06 07
|
Heap left redzone: fa
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack after return: f5
|
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
Container overflow: fc
|
Array cookie: ac
|
Intra object redzone: bb
|
ASan internal: fe
|
Left alloca redzone: ca
|
Right alloca redzone: cb
|
Shadow gap: cc
|
==3401257==ABORTING
|
The failure appeared in 10.3 after this commit
commit c8cece91440edb77aa43b8ba20930fa91514308e (origin/bb-10.3-midenok)
|
Author: Aleksey Midenkov
|
Date: Tue Nov 2 04:52:04 2021 +0300
|
|
|
MDEV-26928 Column-inclusive WITH SYSTEM VERSIONING doesn't work with explicit system fields
|
Attachments
Issue Links
- is caused by
-
-
- Closed
-
- is duplicated by
-
-
- Closed
-
- relates to
-
-
- Closed
-