[MDEV-18486] Database crash on a table with indexed virtual column Created: 2019-02-05  Updated: 2020-06-29  Resolved: 2019-03-01

Status: Closed
Project: MariaDB Server
Component/s: Virtual Columns
Affects Version/s: 10.2.15, 10.3.11, 10.2, 10.3, 10.4
Fix Version/s: 10.2.23, 10.3.14, 10.4.4

Type: Bug Priority: Critical
Reporter: Syed Tausiff Assignee: Sergei Golubchik
Resolution: Fixed Votes: 0
Labels: crash
Environment:

NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"

CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"

Attachments: Text File mysql_error.log    
Issue Links:
Duplicate
is duplicated by MDEV-15881 Assertion `is_valid_value_slow()' fai... Closed
is duplicated by MDEV-18695 Corruption (?) with multi-value inser... Closed
PartOf
is part of MDEV-17221 Production Database restarted Closed
Relates
relates to MDEV-15881 Assertion `is_valid_value_slow()' fai... Closed
relates to MDEV-17834 Server crashes in row_upd_build_diffe... Closed
relates to MDEV-18270 ASAN heap-use-after-free in Field_lon... Closed
relates to MDEV-18366 Crash on SELECT on a table that conta... Closed
relates to MDEV-18414 Server crash or ASAN heap-use-after-f... Closed
relates to MDEV-18449 ASAN heap-use-after-free in my_strnnc... Closed
relates to MDEV-23018 Database corruption involving an inde... Confirmed

 Description   

Database crashed with queries executed on tables with stored generated fields.
DB was highly inconsistent and crashing on random select, insert and truncate statements. Attached logs

 Comments   
Comment by Elena Stepanova [ 2019-02-05 ]

Likely candidates are MDEV-18414 and MDEV-18449; there are probably more.

Could you please provide the output of 

SHOW CREATE TABLE product_smart_field_tmp;
 
SHOW INDEX IN product_smart_field_tmp;
 
CHECK TABLE product_smart_field_tmp EXTENDED;

?

Parts of stack traces from the attached log, to make them searchable:

0.2.15-MariaDB-log

 
heap/hp_block.c:147(hp_free_level)[0x55ea60e686b4]
 
heap/hp_clear.c:89(hp_clear_keys)[0x55ea60e69aab]
 
heap/hp_create.c:353(hp_free)[0x55ea60e68ccd]
 
heap/hp_close.c:49(hp_close)[0x55ea60b4e645]
 
sql/sql_select.cc:18008(free_tmp_table(THD*, TABLE*))[0x55ea60b4eabd]
 
/usr/sbin/mysqld(_ZN4JOIN9join_freeEv+0x4c)[0x55ea60b4f05c]
 
/usr/sbin/mysqld(_ZN4JOIN10exec_innerEv+0x9b5)[0x55ea60b64385]
 
/usr/sbin/mysqld(_ZN4JOIN4execEv+0x33)[0x55ea60b64623]
 
/usr/sbin/mysqld(_Z12mysql_selectP3THDP10TABLE_LISTjR4ListI4ItemEPS4_jP8st_orderS9_S7_S9_yP13select_resultP18st_select_lex_unitP13st_select_lex+0x11a)[0x55ea60b6477a]

0.2.15-MariaDB-log

 
:0(__memcpy_ssse3_back)[0x7faa16e17d15]
 
/usr/sbin/mysqld(_ZN6String6appendERKS_+0x47)[0x55daf3259b27]
 
sql/sql_string.cc:436(String::append(String const&))[0x55daf34092eb]
 
sql/item_strfunc.cc:620(Item_func_concat::val_str(String*))[0x55daf338190f]
 
sql/item.cc:6459(Item::save_in_field(Field*, bool))[0x55daf328e108]
 
sql/table.cc:7491(TABLE::update_virtual_fields(handler*, enum_vcol_update_mode))[0x55daf3122027]
 
sql/sql_table.cc:9981(copy_data_between_tables(THD*, TABLE*, TABLE*, List<Create_field>&, bool, unsigned int, st_order*, unsigned long long*, unsigned long long*, Alter_info::enum_enable_or_disable, Alter_table_ctx*))[0x55daf326b9e4]

0.2.15-MariaDB-log

 
sigaction.c:0(__restore_rt)[0x7f5975dda5e0]
 
/usr/sbin/mysqld(my_convert+0x2b)[0x560bf836fdeb]
 
/usr/sbin/mysqld(_ZN6String4copyEPKcjPK15charset_info_stS4_Pj+0x80)[0x560bf7ca7840]
 
strings/ctype.c:1109(my_convert)[0x560bf7bac54b]
 
sql/sql_string.cc:371(String::copy(char const*, unsigned int, charset_info_st const*, charset_info_st const*, unsigned int*))[0x560bf7bade3e]
 
sql/protocol.cc:105(Protocol::net_store_data_cs(unsigned char const*, unsigned long, charset_info_st const*, charset_info_st const*))[0x560bf7bad12b]
 
/usr/sbin/mysqld(_ZN11select_send9send_dataER4ListI4ItemE+0x53)[0x560bf7c04e33]
 
/usr/sbin/mysqld(+0x525adf)[0x560bf7c76adf]
 
sql/sql_class.cc:2800(select_send::send_data(List<Item>&))[0x560bf7c5f3a3]
 
sql/sql_select.cc:19863(end_send(JOIN*, st_join_table*, bool))[0x560bf7c66fb9]
 
sql_select.cc:0(evaluate_join_record(JOIN*, st_join_table*, int))[0x560bf7c8440f]

0.2.15-MariaDB-log

 
:0(__memcpy_ssse3_back)[0x7f1a45807d89]
 
/usr/sbin/mysqld(_ZN6String6appendERKS_+0x47)[0x55a59af07b27]
 
sql/sql_string.cc:436(String::append(String const&))[0x55a59b0b72eb]
 
sql/item_strfunc.cc:620(Item_func_concat::val_str(String*))[0x55a59b04fd00]
 
sql/item_cmpfunc.cc:2351(Item_func_ifnull::str_op(String*))[0x55a59b087640]
 
sql/item_func.cc:888(Item_func_hybrid_field_type::val_str(String*))[0x55a59b02f90f]
 
sql/item.cc:6459(Item::save_in_field(Field*, bool))[0x55a59af3c108]
 
sql/table.cc:7491(TABLE::update_virtual_fields(handler*, enum_vcol_update_mode))[0x55a59add0027]
 
sql/sql_table.cc:9981(copy_data_between_tables(THD*, TABLE*, TABLE*, List<Create_field>&, bool, unsigned int, st_order*, unsigned long long*, unsigned long long*, Alter_info::enum_enable_or_disable, Alter_table_ctx*))

Comment by Syed Tausiff [ 2019-02-05 ] 

CREATE TABLE `product_smart_field_tmp` (
 
  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
 
  `dist_id` varchar(255) NOT NULL,
 
  `product_id` int(10) unsigned DEFAULT NULL,
 
  `last_trx_date` date DEFAULT NULL,
 
  `3yr_dollar_sales` decimal(12,2) DEFAULT NULL,
 
  `3yr_qty_sold` int(10) DEFAULT NULL,
 
  `last_trs_id` int(10) unsigned DEFAULT NULL,
 
  `last_trs_manufacturer` varchar(255) DEFAULT NULL,
 
  `last_trs_product_desc` text DEFAULT '',
 
  `last_trs_product_desc_pct_match` decimal(5,2) DEFAULT NULL,
 
  `last_trs_product_desc_combined` varchar(500) GENERATED ALWAYS AS (concat('(',cast(cast(100 * `last_trs_product_desc_pct_match` as signed) as char(500) charset utf8),'%) ',`last_trs_product_desc`)) STORED,
 
  `last_trs_manufacturer_part_no` varchar(255) DEFAULT NULL,
 
  `uom` varchar(255) DEFAULT NULL,
 
  `create_ts` timestamp NOT NULL DEFAULT current_timestamp(),
 
  `ts` timestamp NOT NULL DEFAULT current_timestamp() ON UPDATE current_timestamp(),
 
  PRIMARY KEY (`id`),
 
  UNIQUE KEY `dist_id` (`dist_id`),
 
  KEY `product_id` (`product_id`),
 
  KEY `last_trs_product_desc_pct_match` (`last_trs_product_desc_pct_match`),
 
  KEY `last_trs_product_desc_combined` (`last_trs_product_desc_combined`),
 
  KEY `last_trx_date` (`last_trx_date`),
 
  KEY `3yr_dollar_sales` (`3yr_dollar_sales`),
 
  KEY `last_trs_id` (`last_trs_id`),
 
  KEY `3yr_qty_sold` (`3yr_qty_sold`),
 
  FULLTEXT KEY `last_trs_product_desc` (`last_trs_product_desc`)
 
) ENGINE=MyISAM AUTO_INCREMENT=11687 DEFAULT CHARSET=latin1;


MariaDB [pts]> SHOW INDEX IN product_smart_field_tmp;
 
+-------------------------+------------+---------------------------------+--------------+---------------------------------+-----------+-------------+----------+--------+------+------------+---------+---------------+
 
| Table                   | Non_unique | Key_name                        | Seq_in_index | Column_name                     | Collation | Cardinality | Sub_part | Packed | Null | Index_type | Comment | Index_comment |
 
+-------------------------+------------+---------------------------------+--------------+---------------------------------+-----------+-------------+----------+--------+------+------------+---------+---------------+
 
| product_smart_field_tmp |          0 | PRIMARY                         |            1 | id                              | A         |       11686 |     NULL | NULL   |      | BTREE      |         |               |
 
| product_smart_field_tmp |          0 | dist_id                         |            1 | dist_id                         | A         |       11686 |     NULL | NULL   |      | BTREE      |         |               |
 
| product_smart_field_tmp |          1 | product_id                      |            1 | product_id                      | A         |       11686 |     NULL | NULL   | YES  | BTREE      |         |               |
 
| product_smart_field_tmp |          1 | last_trs_product_desc_pct_match |            1 | last_trs_product_desc_pct_match | A         |       11686 |     NULL | NULL   | YES  | BTREE      |         |               |
 
| product_smart_field_tmp |          1 | last_trs_product_desc_combined  |            1 | last_trs_product_desc_combined  | A         |       11686 |     NULL | NULL   | YES  | BTREE      |         |               |
 
| product_smart_field_tmp |          1 | last_trx_date                   |            1 | last_trx_date                   | A         |          67 |     NULL | NULL   | YES  | BTREE      |         |               |
 
| product_smart_field_tmp |          1 | 3yr_dollar_sales                |            1 | 3yr_dollar_sales                | A         |       11686 |     NULL | NULL   | YES  | BTREE      |         |               |
 
| product_smart_field_tmp |          1 | last_trs_id                     |            1 | last_trs_id                     | A         |       11686 |     NULL | NULL   | YES  | BTREE      |         |               |
 
| product_smart_field_tmp |          1 | 3yr_qty_sold                    |            1 | 3yr_qty_sold                    | A         |        1460 |     NULL | NULL   | YES  | BTREE      |         |               |
 
| product_smart_field_tmp |          1 | last_trs_product_desc           |            1 | last_trs_product_desc           | NULL      |           1 |     NULL | NULL   | YES  | FULLTEXT   |         |               |
 
+-------------------------+------------+---------------------------------+--------------+---------------------------------+-----------+-------------+----------+--------+------+------------+---------+---------------+
 
10 rows in set (0.00 sec)


MariaDB [pts]> CHECK TABLE product_smart_field_tmp EXTENDED;
 
+-----------------------------+-------+----------+----------+
 
| Table                       | Op    | Msg_type | Msg_text |
 
+-----------------------------+-------+----------+----------+
 
| pts.product_smart_field_tmp | check | status   | OK       |

Comment by Elena Stepanova [ 2019-02-05 ]

Thanks for the report and provided information.
There is very clearly a problem. It can be reproduced easily on an ASAN build by running, for example,

DROP TABLE IF EXISTS `product_smart_field_tmp`;
 
 
 
CREATE TABLE `product_smart_field_tmp` (
 
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
 
`dist_id` varchar(255) NOT NULL,
 
`product_id` int(10) unsigned DEFAULT NULL,
 
`last_trx_date` date DEFAULT NULL,
 
`3yr_dollar_sales` decimal(12,2) DEFAULT NULL,
 
`3yr_qty_sold` int(10) DEFAULT NULL,
 
`last_trs_id` int(10) unsigned DEFAULT NULL,
 
`last_trs_manufacturer` varchar(255) DEFAULT NULL,
 
`last_trs_product_desc` text DEFAULT '',
 
`last_trs_product_desc_pct_match` decimal(5,2) DEFAULT NULL,
 
`last_trs_product_desc_combined` varchar(500) GENERATED ALWAYS AS (concat('(',cast(cast(100 * `last_trs_product_desc_pct_match` as signed) as char(500) charset utf8),'%) ',`last_trs_product_desc`)) STORED,
 
`last_trs_manufacturer_part_no` varchar(255) DEFAULT NULL,
 
`uom` varchar(255) DEFAULT NULL,
 
`create_ts` timestamp NOT NULL DEFAULT current_timestamp(),
 
`ts` timestamp NOT NULL DEFAULT current_timestamp() ON UPDATE current_timestamp(),
 
PRIMARY KEY (`id`),
 
UNIQUE KEY `dist_id` (`dist_id`),
 
KEY `product_id` (`product_id`),
 
KEY `last_trs_product_desc_pct_match` (`last_trs_product_desc_pct_match`),
 
KEY `last_trs_product_desc_combined` (`last_trs_product_desc_combined`),
 
KEY `last_trx_date` (`last_trx_date`),
 
KEY `3yr_dollar_sales` (`3yr_dollar_sales`),
 
KEY `last_trs_id` (`last_trs_id`),
 
KEY `3yr_qty_sold` (`3yr_qty_sold`),
 
FULLTEXT KEY `last_trs_product_desc` (`last_trs_product_desc`)
 
) ENGINE=MyISAM AUTO_INCREMENT=11687 DEFAULT CHARSET=latin1;
 
 
 
INSERT INTO `product_smart_field_tmp` (dist_id) SELECT seq FROM seq_1_to_10;
 
SELECT * FROM `product_smart_field_tmp` LIMIT 1;

It crashes with

10.2 22737998

 
==11582==ERROR: AddressSanitizer: heap-use-after-free on address 0x61c00003210a at pc 0x55a0130c93f9 bp 0x7ff41b55c610 sp 0x7ff41b55c608
 
READ of size 4 at 0x61c00003210a thread T32
 
    #0 0x55a0130c93f8 in Field_long::val_str(String*, String*) /data/src/10.2/sql/field.cc:4283
 
    #1 0x55a01297641f in Field::val_str(String*) /data/src/10.2/sql/field.h:866
 
    #2 0x55a012970fad in Protocol_text::store(Field*) /data/src/10.2/sql/protocol.cc:1245
 
    #3 0x55a01319a7ae in Item_field::send(Protocol*, String*) /data/src/10.2/sql/item.cc:7029
 
    #4 0x55a01296e96c in Protocol::send_result_set_row(List<Item>*) /data/src/10.2/sql/protocol.cc:979
 
    #5 0x55a012a938f9 in select_send::send_data(List<Item>&) /data/src/10.2/sql/sql_class.cc:2710
 
    #6 0x55a012c5b146 in end_send /data/src/10.2/sql/sql_select.cc:19930
 
    #7 0x55a012c53979 in evaluate_join_record /data/src/10.2/sql/sql_select.cc:18978
 
    #8 0x55a012c52510 in sub_select(JOIN*, st_join_table*, bool) /data/src/10.2/sql/sql_select.cc:18758
 
    #9 0x55a012c50862 in do_select /data/src/10.2/sql/sql_select.cc:18302
 
    #10 0x55a012bf0a9a in JOIN::exec_inner() /data/src/10.2/sql/sql_select.cc:3623
 
    #11 0x55a012bee72f in JOIN::exec() /data/src/10.2/sql/sql_select.cc:3418
 
    #12 0x55a012bf1b17 in mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/10.2/sql/sql_select.cc:3818
 
    #13 0x55a012bd0af2 in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.2/sql/sql_select.cc:376
 
    #14 0x55a012b53860 in execute_sqlcom_select /data/src/10.2/sql/sql_parse.cc:6484
 
    #15 0x55a012b40549 in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:3490
 
    #16 0x55a012b5c54b in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:8018
 
    #17 0x55a012b36f38 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1829
 
    #18 0x55a012b33f57 in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1379
 
    #19 0x55a012e7aedf in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1336
 
    #20 0x55a012e7a8f4 in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1242
 
    #21 0x7ff444691493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
 
    #22 0x7ff442a7793e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e)
 
 
 
0x61c00003210a is located 138 bytes inside of 1804-byte region [0x61c000032080,0x61c00003278c)
 
freed by thread T32 here:
 
    #0 0x7ff4448fb527 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x54527)
 
    #1 0x55a0141ba5bb in free_memory /data/src/10.2/mysys/safemalloc.c:279
 
    #2 0x55a0141b9bc1 in sf_free /data/src/10.2/mysys/safemalloc.c:197
 
    #3 0x55a014188e50 in my_free /data/src/10.2/mysys/my_malloc.c:218
 
    #4 0x55a013fbc308 in mi_repair_by_sort /data/src/10.2/storage/myisam/mi_check.c:2553
 
    #5 0x55a013f99a22 in ha_myisam::repair(THD*, st_handler_check_param&, bool) /data/src/10.2/storage/myisam/ha_myisam.cc:1268
 
    #6 0x55a013f9c4ea in ha_myisam::enable_indexes(unsigned int) /data/src/10.2/storage/myisam/ha_myisam.cc:1606
 
    #7 0x55a013f9d39e in ha_myisam::end_bulk_insert() /data/src/10.2/storage/myisam/ha_myisam.cc:1756
 
    #8 0x55a012affa58 in handler::ha_end_bulk_insert() /data/src/10.2/sql/handler.h:2917
 
    #9 0x55a012af74da in select_insert::prepare_eof() /data/src/10.2/sql/sql_insert.cc:3819
 
    #10 0x55a012af8a35 in select_insert::send_eof() /data/src/10.2/sql/sql_insert.cc:3912
 
    #11 0x55a012c50ed3 in do_select /data/src/10.2/sql/sql_select.cc:18356
 
    #12 0x55a012bf0a9a in JOIN::exec_inner() /data/src/10.2/sql/sql_select.cc:3623
 
    #13 0x55a012bee72f in JOIN::exec() /data/src/10.2/sql/sql_select.cc:3418
 
    #14 0x55a012bf1b17 in mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/10.2/sql/sql_select.cc:3818
 
    #15 0x55a012bd0af2 in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.2/sql/sql_select.cc:376
 
    #16 0x55a012b45f4f in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:4548
 
    #17 0x55a012b5c54b in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:8018
 
    #18 0x55a012b36f38 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1829
 
    #19 0x55a012b33f57 in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1379
 
    #20 0x55a012e7aedf in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1336
 
    #21 0x55a012e7a8f4 in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1242
 
    #22 0x7ff444691493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
 
 
 
previously allocated by thread T32 here:
 
    #0 0x7ff4448fb73f in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5473f)
 
    #1 0x55a0141b9331 in sf_malloc /data/src/10.2/mysys/safemalloc.c:118
 
    #2 0x55a0141884b7 in my_malloc /data/src/10.2/mysys/my_malloc.c:101
 
    #3 0x55a0141889e9 in my_realloc /data/src/10.2/mysys/my_malloc.c:156
 
    #4 0x55a014012282 in mi_alloc_rec_buff /data/src/10.2/storage/myisam/mi_open.c:762
 
    #5 0x55a013fb9454 in mi_repair_by_sort /data/src/10.2/storage/myisam/mi_check.c:2236
 
    #6 0x55a013f99a22 in ha_myisam::repair(THD*, st_handler_check_param&, bool) /data/src/10.2/storage/myisam/ha_myisam.cc:1268
 
    #7 0x55a013f9c4ea in ha_myisam::enable_indexes(unsigned int) /data/src/10.2/storage/myisam/ha_myisam.cc:1606
 
    #8 0x55a013f9d39e in ha_myisam::end_bulk_insert() /data/src/10.2/storage/myisam/ha_myisam.cc:1756
 
    #9 0x55a012affa58 in handler::ha_end_bulk_insert() /data/src/10.2/sql/handler.h:2917
 
    #10 0x55a012af74da in select_insert::prepare_eof() /data/src/10.2/sql/sql_insert.cc:3819
 
    #11 0x55a012af8a35 in select_insert::send_eof() /data/src/10.2/sql/sql_insert.cc:3912
 
    #12 0x55a012c50ed3 in do_select /data/src/10.2/sql/sql_select.cc:18356
 
    #13 0x55a012bf0a9a in JOIN::exec_inner() /data/src/10.2/sql/sql_select.cc:3623
 
    #14 0x55a012bee72f in JOIN::exec() /data/src/10.2/sql/sql_select.cc:3418
 
    #15 0x55a012bf1b17 in mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/10.2/sql/sql_select.cc:3818
 
    #16 0x55a012bd0af2 in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.2/sql/sql_select.cc:376
 
    #17 0x55a012b45f4f in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:4548
 
    #18 0x55a012b5c54b in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:8018
 
    #19 0x55a012b36f38 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1829
 
    #20 0x55a012b33f57 in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1379
 
    #21 0x55a012e7aedf in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1336
 
    #22 0x55a012e7a8f4 in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1242
 
    #23 0x7ff444691493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
 
 
 
Thread T32 created by T0 here:
 
    #0 0x7ff4448cabba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)
 
    #1 0x55a0141e3df1 in spawn_thread_noop /data/src/10.2/mysys/psi_noop.c:187
 
    #2 0x55a01293067e in inline_mysql_thread_create /data/src/10.2/include/mysql/psi/mysql_thread.h:1239
 
    #3 0x55a01294561b in create_thread_to_handle_connection(CONNECT*) /data/src/10.2/sql/mysqld.cc:6466
 
    #4 0x55a012945d20 in create_new_thread /data/src/10.2/sql/mysqld.cc:6536
 
    #5 0x55a012946d37 in handle_connections_sockets() /data/src/10.2/sql/mysqld.cc:6811
 
    #6 0x55a012944b70 in mysqld_main(int, char**) /data/src/10.2/sql/mysqld.cc:6085
 
    #7 0x55a01292ea1f in main /data/src/10.2/sql/main.cc:25
 
    #8 0x7ff4429af2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
 
 
 
SUMMARY: AddressSanitizer: heap-use-after-free /data/src/10.2/sql/field.cc:4283 Field_long::val_str(String*, String*)
 
Shadow bytes around the buggy address:
 
  0x0c387fffe3d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
 
  0x0c387fffe3e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
 
  0x0c387fffe3f0: fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa
 
  0x0c387fffe400: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
 
  0x0c387fffe410: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
 
=>0x0c387fffe420: fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd
 
  0x0c387fffe430: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
 
  0x0c387fffe440: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
 
  0x0c387fffe450: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
 
  0x0c387fffe460: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
 
  0x0c387fffe470: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
 
Shadow byte legend (one shadow byte represents 8 application bytes):
 
  Addressable:           00
 
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
 
  Heap right redzone:      fb
 
  Freed heap region:       fd
 
  Stack left redzone:      f1
 
  Stack mid redzone:       f2
 
  Stack right redzone:     f3
 
  Stack partial redzone:   f4
 
  Stack after return:      f5
 
  Stack use after scope:   f8
 
  Global redzone:          f9
 
  Global init order:       f6
 
  Poisoned by user:        f7
 
  Contiguous container OOB:fc
 
  ASan internal:           fe
 
==11582==ABORTING

We have a number of open bugs in the area, in addition to the already mentioned two. Most of them probably have the same root cause, but since I have no way to make sure of that, I will keep this one as well, especially since it comes from a real-life use rather than from artificial tests.

s.tausiff@animalytix.com,

Meanwhile, for a workaround please try to get rid of the key on the virtual column (last_trs_product_desc_combined).
It probably won't let you run ALTER, so you'll need to re-create the table without it. Hopefully it will help.
It's an ugly workaround, as keys are there on purpose, but it's better than crashing all the time.

Comment by Syed Tausiff [ 2019-02-08 ]

Thanks Elena Stepanova,

We have implemented the work around. Kindly update the incident if you have a permanent fix for this.
Also, we are monitoring our production database with implemented work around and notify you if we face further crash because of this bug.

Comment by Alice Sherepa [ 2019-02-28 ]

the test case from MDEV-18695. 

--source include/have_sequence.inc
 
create table t1 ( id int primary key,
 
        hexid  varchar(10) generated always as ( hex(id) ) stored,
 
        key (hexid)) engine=myisam;
 
 
 
insert into t1 (id) select seq from seq_1_to_100;
 
select * from t1;

10.2 cac14b92252b3e7bcbebb8090

 
ERROR: AddressSanitizer: heap-use-after-free on address 0x611000052b49 at pc 0x558e88a31035 bp 0x7f8324351440 sp 0x7f8324351430
 
READ of size 4 at 0x611000052b49 thread T27
 
    #0 0x558e88a31034 in Field_long::val_str(String*, String*) /10.2/sql/field.cc:4350
 
    #1 0x558e8831a521 in Field::val_str(String*) /10.2/sql/field.h:866
 
    #2 0x558e8831548f in Protocol_text::store(Field*) /10.2/sql/protocol.cc:1245
 
    #3 0x558e88afbc24 in Item_field::send(Protocol*, String*) /10.2/sql/item.cc:7054
 
    #4 0x558e88312f33 in Protocol::send_result_set_row(List<Item>*) /10.2/sql/protocol.cc:979
 
    #5 0x558e8842cd1d in select_send::send_data(List<Item>&) /10.2/sql/sql_class.cc:2710
 
    #6 0x558e885e7796 in end_send /10.2/sql/sql_select.cc:19930
 
    #7 0x558e885e085f in evaluate_join_record /10.2/sql/sql_select.cc:18978
 
    #8 0x558e885df42e in sub_select(JOIN*, st_join_table*, bool) /10.2/sql/sql_select.cc:18758
 
    #9 0x558e885dd8ff in do_select /10.2/sql/sql_select.cc:18302
 
    #10 0x558e8858021d in JOIN::exec_inner() /10.2/sql/sql_select.cc:3623
 
    #11 0x558e8857df23 in JOIN::exec() /10.2/sql/sql_select.cc:3418
 
    #12 0x558e88581270 in mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /10.2/sql/sql_select.cc:3818
 
    #13 0x558e88560a3c in handle_select(THD*, LEX*, select_result*, unsigned long) /10.2/sql/sql_select.cc:376
 
    #14 0x558e884e75e2 in execute_sqlcom_select /10.2/sql/sql_parse.cc:6484
 
    #15 0x558e884d45df in mysql_execute_command(THD*) /10.2/sql/sql_parse.cc:3490
 
    #16 0x558e884efd46 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /10.2/sql/sql_parse.cc:8018
 
    #17 0x558e884cb232 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /10.2/sql/sql_parse.cc:1829
 
    #18 0x558e884c8361 in do_command(THD*) /10.2/sql/sql_parse.cc:1379
 
    #19 0x558e887f096c in do_handle_one_connection(CONNECT*) /10.2/sql/sql_connect.cc:1336
 
    #20 0x558e887f0374 in handle_one_connection /10.2/sql/sql_connect.cc:1242
 
    #21 0x558e899a05c7 in pfs_spawn_thread /10.2/storage/perfschema/pfs.cc:1862
 
    #22 0x7f833b92a6b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
 
    #23 0x7f833adbf41c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x10741c)

Comment by Syed Tausiff [ 2019-02-28 ]

Alice Sherepa,

Can you help me understand if this issue has a permanent fix?

Comment by Sergei Golubchik [ 2019-03-01 ]

Yes, it was fixed by the commit https://github.com/mariadb/server/commit/4ca2079142e and the fix should be in the next 10.2 release. You can see the planned release schedule at https://jira.mariadb.org

Comment by Alexander Barkov [ 2019-04-26 ]

This patch also fixed MDEV-15881

Generated at Thu Feb 08 08:44:28 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.