[MDEV-17021] Server crash or assertion `length <= column->length' failure in write_block_record Created: 2018-08-19  Updated: 2019-08-21  Resolved: 2018-08-24

Status: Closed
Project: MariaDB Server
Component/s: Storage Engine - Aria
Affects Version/s: 5.5, 10.0, 10.1, 10.2, 10.3
Fix Version/s: 10.0.37, 10.1.36, 10.2.18, 10.3.10

Type: Bug Priority: Major
Reporter: Elena Stepanova Assignee: Michael Widenius
Resolution: Fixed Votes: 0
Labels: None

Issue Links:
Duplicate
is duplicated by MDEV-20367 SIGSEGV with "Found wrong key definit... Closed

 Description   

Reproducible on 5.5, 10.0, 10.1.
10.2, 10.3 and 10.4 don't seem to be affected.

CREATE TABLE t1 ( 
  f1 DECIMAL(43,0) NOT NULL,
 
  f2 TIME(4) NULL,
 
  f3 BINARY(101) NULL,
 
  f4 TIMESTAMP(4) NULL,
 
  f5 DATETIME(1) NULL,
 
  f6 SET('a','b','c') NOT NULL DEFAULT 'a',
 
  f7 VARBINARY(2332) NOT NULL DEFAULT '',
 
  f8 DATE NULL,
 
  f9 BLOB NULL,
 
  f10 MEDIUMINT(45) NOT NULL DEFAULT 0,
 
  f11 YEAR NULL,
 
  f12 BIT(58) NULL,
 
  v2 TIME(1) AS (f2) VIRTUAL,
 
  v3 BINARY(115) AS (f3) VIRTUAL,
 
  v4 TIMESTAMP(3) AS (f4) VIRTUAL,
 
  v7 VARBINARY(658) AS (f7) PERSISTENT,
 
  v8 DATE AS (f8) PERSISTENT,
 
  v9 TINYTEXT AS (f9) PERSISTENT,
 
  v11 YEAR AS (f11) VIRTUAL
 
) ENGINE=Aria;
 
INSERT IGNORE INTO t1 (f1,f2,f3,f4,f5,f6,f7,f8,f9,f10,f11,f12) VALUES
 
 (0.8,'16:01:46',NULL,'2006-03-01 12:44:34','2029-10-10 21:27:53','a','foo','1989-12-24','bar',9,1975,b'1');
 
 
 
# Cleanup
 
DROP TABLE t1;

10.0 bcc677bb7 debug

 
mysqld: /data/src/10.0/storage/maria/ma_blockrec.c:2770: write_block_record: Assertion `length <= column->length' failed.
 
180820  2:48:35 [ERROR] mysqld got signal 6 ;
 
 
 
#7  0x00007ff04584bee2 in __assert_fail () from /lib/x86_64-linux-gnu/libc.so.6
 
#8  0x0000000000a4a158 in write_block_record (info=0x7ff03dd4a070, old_record=0x0, record=0x7ff03dda6088 "\002\034\200", row=0x7ff03dd4a0d8, bitmap_blocks=0x7ff03dd4a0d8, head_block_is_read=0 '\000', row_pos=0x7ff0478d1660, undo_lsn=1, old_record_checksum=0) at /data/src/10.0/storage/maria/ma_blockrec.c:2770
 
#9  0x0000000000a4bf56 in allocate_and_write_block_record (info=0x7ff03dd4a070, record=0x7ff03dda6088 "\002\034\200", row=0x7ff03dd4a0d8, undo_lsn=1) at /data/src/10.0/storage/maria/ma_blockrec.c:3529
 
#10 0x0000000000a4c069 in _ma_write_init_block_record (info=0x7ff03dd4a070, record=0x7ff03dda6088 "\002\034\200") at /data/src/10.0/storage/maria/ma_blockrec.c:3569
 
#11 0x0000000000a5c6e0 in maria_write (info=0x7ff03dd4a070, record=0x7ff03dda6088 "\002\034\200") at /data/src/10.0/storage/maria/ma_write.c:156
 
#12 0x00000000009ebf79 in ha_maria::write_row (this=0x7ff03dc7d888, buf=0x7ff03dda6088 "\002\034\200") at /data/src/10.0/storage/maria/ha_maria.cc:1281
 
#13 0x0000000000848064 in handler::ha_write_row (this=0x7ff03dc7d888, buf=0x7ff03dda6088 "\002\034\200") at /data/src/10.0/sql/handler.cc:6033
 
#14 0x0000000000631bb0 in write_record (thd=0x7ff03f8ce070, table=0x7ff03dca0870, info=0x7ff0478d1a70) at /data/src/10.0/sql/sql_insert.cc:1849
 
#15 0x000000000062f86d in mysql_insert (thd=0x7ff03f8ce070, table_list=0x7ff03dcfa298, fields=..., values_list=..., update_fields=..., update_values=..., duplic=DUP_ERROR, ignore=true) at /data/src/10.0/sql/sql_insert.cc:964
 
#16 0x000000000064f622 in mysql_execute_command (thd=0x7ff03f8ce070) at /data/src/10.0/sql/sql_parse.cc:3453
 
#17 0x0000000000657d64 in mysql_parse (thd=0x7ff03f8ce070, rawbuf=0x7ff03dcfa088 "INSERT IGNORE INTO t1 (f1,f2,f3,f4,f5,f6,f7,f8,f9,f10,f11,f12) VALUES\n(0.8,'16:01:46',NULL,'2006-03-01 12:44:34','2029-10-10 21:27:53','a','foo','1989-12-24','bar',9,1975,b'1')", length=176, parser_state=0x7ff0478d2640) at /data/src/10.0/sql/sql_parse.cc:6637
 
#18 0x000000000064a684 in dispatch_command (command=COM_QUERY, thd=0x7ff03f8ce070, packet=0x7ff040fe5071 "INSERT IGNORE INTO t1 (f1,f2,f3,f4,f5,f6,f7,f8,f9,f10,f11,f12) VALUES\n(0.8,'16:01:46',NULL,'2006-03-01 12:44:34','2029-10-10 21:27:53','a','foo','1989-12-24','bar',9,1975,b'1')", packet_length=176) at /data/src/10.0/sql/sql_parse.cc:1300
 
#19 0x0000000000649984 in do_command (thd=0x7ff03f8ce070) at /data/src/10.0/sql/sql_parse.cc:1003
 
#20 0x000000000076acdc in do_handle_one_connection (thd_arg=0x7ff03f8ce070) at /data/src/10.0/sql/sql_connect.cc:1377
 
#21 0x000000000076aa4e in handle_one_connection (arg=0x7ff03f8ce070) at /data/src/10.0/sql/sql_connect.cc:1292
 
#22 0x0000000000accef0 in pfs_spawn_thread (arg=0x7ff03fbc25f0) at /data/src/10.0/storage/perfschema/pfs.cc:1861
 
#23 0x00007ff04754f494 in start_thread (arg=0x7ff0478d3700) at pthread_create.c:333
 
#24 0x00007ff04590893f in clone () from /lib/x86_64-linux-gnu/libc.so.6

10.0 bcc677bb non-debug

 
#2  <signal handler called>
 
#3  0x00007fe523dfdd8c in __memmove_avx_unaligned_erms () from /lib/x86_64-linux-gnu/libc.so.6
 
#4  0x000000000083ec96 in write_tail (info=0x7fe51c19b008, block=0x7fe51c050780, row_part=0x900007fe51ca0c4 <error: Cannot access memory at address 0x900007fe51ca0c4>, org_length=2108) at /data/src/10.0/storage/maria/ma_blockrec.c:1965
 
#5  0x00000000008412a7 in write_block_record (info=0x7fe51c19b008, old_record=0x900007fe51ca0c4 <error: Cannot access memory at address 0x900007fe51ca0c4>, record=0x7fe51c1dcd70 "\377\377\377\377", row=0x1, bitmap_blocks=0x7fe5253ad534 <realloc+724>, head_block_is_read=2 '\002', row_pos=0x7fe525d86330, undo_lsn=1, old_record_checksum=0) at /data/src/10.0/storage/maria/ma_blockrec.c:2896
 
#6  0x0000000000842def in allocate_and_write_block_record (undo_lsn=<optimized out>, row=<optimized out>, record=<optimized out>, info=<optimized out>) at /data/src/10.0/storage/maria/ma_blockrec.c:3529
 
#7  _ma_write_init_block_record (info=0x7fe51c19b008, record=0x7fe51c00c020 "\002\034\200") at /data/src/10.0/storage/maria/ma_blockrec.c:3569
 
#8  0x000000000084a334 in maria_write (info=0x7fe51c19b008, record=0x7fe51c00c020 "\002\034\200") at /data/src/10.0/storage/maria/ma_write.c:156
 
#9  0x00000000006eafac in handler::ha_write_row (this=0x7fe51c050020, buf=0x7fe51c00c020 "\002\034\200") at /data/src/10.0/sql/handler.cc:6033
 
#10 0x000000000058dafb in write_record (thd=0x7fe51deff008, table=0x7fe51c062208, info=0x7fe525d86610) at /data/src/10.0/sql/sql_insert.cc:1849
 
#11 0x000000000059121b in mysql_insert (thd=0x7fe51deff008, table_list=0x7fe51c22d230, fields=..., values_list=..., update_fields=..., update_values=..., duplic=DUP_ERROR, ignore=true) at /data/src/10.0/sql/sql_insert.cc:964
 
#12 0x00000000005a59a4 in mysql_execute_command (thd=0x7fe51deff008) at /data/src/10.0/sql/sql_parse.cc:3453
 
#13 0x00000000005ab998 in mysql_parse (thd=0x7fe51deff008, rawbuf=<optimized out>, length=176, parser_state=0x7fe525d876e0) at /data/src/10.0/sql/sql_parse.cc:6637
 
#14 0x00000000005ad57f in dispatch_command (command=<optimized out>, thd=0x7fe51deff008, packet=<optimized out>, packet_length=<optimized out>) at /data/src/10.0/sql/sql_parse.cc:1300
 
#15 0x00000000005adf7f in do_command (thd=<optimized out>) at /data/src/10.0/sql/sql_parse.cc:1003
 
#16 0x000000000065dc94 in do_handle_one_connection (thd_arg=thd_arg@entry=0x7fe51deff008) at /data/src/10.0/sql/sql_connect.cc:1377
 
#17 0x000000000065dcd8 in handle_one_connection (arg=arg@entry=0x7fe51deff008) at /data/src/10.0/sql/sql_connect.cc:1292
 
#18 0x0000000000892d84 in pfs_spawn_thread (arg=0x7fe52343f808) at /data/src/10.0/storage/perfschema/pfs.cc:1861
 
#19 0x00007fe525a04494 in start_thread (arg=0x7fe525d88700) at pthread_create.c:333
 
#20 0x00007fe523dbd93f in clone () from /lib/x86_64-linux-gnu/libc.so.6



 Comments   
Comment by Michael Widenius [ 2018-08-24 ]

Problem was that the number of NULL bit's was record wrong in the .frm
file because there could be more fields marked NOT_NULL after the
number of not_null fields where recorded.

Fixed by copying test for virtual fields from prepare_create_field()

This problem doesn't exist in 10.3 or later

Comment by Michael Widenius [ 2018-08-24 ]

Pushed into 10.0

Generated at Thu Feb 08 08:33:19 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.