Details
-
Bug
-
Status: Confirmed (View Workflow)
-
Critical
-
Resolution: Unresolved
-
10.6, 10.11, 11.4, 11.8, 12.1, 12.2
-
None
Description
CREATE TABLE t (a INT PRIMARY KEY); |
INSERT INTO t VALUES (1); |
|
|
CREATE TRIGGER tr BEFORE INSERT ON t FOR EACH ROW BEGIN END; |
SET sql_mode= SIMULTANEOUS_ASSIGNMENT; |
UPDATE t SET a = 2; |
|
|
DROP TABLE t; |
|
bb-10.6-release fe8047caf26d20e98ea7f6ec1dce3924e696703f |
mariadbd: /data/bld/Q3/bb-10.6-release-asan/sql/field.h:1544: virtual void Field::move_field_offset(my_ptrdiff_t): Assertion `null_ptr < ptr' failed.
|
250729 17:32:45 [ERROR] /share8t/bld/Q3/bb-10.6-release-asan/sql/mariadbd got signal 6 ;
|
|
|
#9 0x00007f7c7ec53eb2 in __GI___assert_fail (assertion=0x563b97cf2940 "null_ptr < ptr", file=0x563b97cf24c0 "/data/bld/Q3/bb-10.6-release-asan/sql/field.h", line=1544, function=0x563b97cf2980 "virtual void Field::move_field_offset(my_ptrdiff_t)") at ./assert/assert.c:101
|
#10 0x0000563b95dcf765 in Field::move_field_offset (this=0x625000247b88, ptr_diff=8) at /data/bld/Q3/bb-10.6-release-asan/sql/field.h:1544
|
#11 0x0000563b9581a695 in fill_record (thd=0x62b00007e218, table_arg=0x61900005b998, fields=..., values=..., ignore_errors=false, update=true) at /data/bld/Q3/bb-10.6-release-asan/sql/sql_base.cc:8762
|
#12 0x0000563b9581b5b4 in fill_record_n_invoke_before_triggers (thd=0x62b00007e218, table=0x61900005b998, fields=..., values=..., ignore_errors=false, event=TRG_EVENT_UPDATE) at /data/bld/Q3/bb-10.6-release-asan/sql/sql_base.cc:8918
|
#13 0x0000563b95cdf592 in mysql_update (thd=0x62b00007e218, table_list=0x62d00005a548, fields=..., values=..., conds=0x0, order_num=0, order=0x0, limit=18446744073709551615, ignore=false, found_return=0x7f7c7579dea0, updated_return=0x7f7c7579dec0) at /data/bld/Q3/bb-10.6-release-asan/sql/sql_update.cc:1045
|
#14 0x0000563b959a2043 in mysql_execute_command (thd=0x62b00007e218, is_called_from_prepared_stmt=false) at /data/bld/Q3/bb-10.6-release-asan/sql/sql_parse.cc:4477
|
#15 0x0000563b959bbd8e in mysql_parse (thd=0x62b00007e218, rawbuf=0x62d00005a438 "UPDATE t SET a = 2", length=18, parser_state=0x7f7c7579ea90) at /data/bld/Q3/bb-10.6-release-asan/sql/sql_parse.cc:8200
|
#16 0x0000563b959911d7 in dispatch_command (command=COM_QUERY, thd=0x62b00007e218, packet=0x62900024e219 "UPDATE t SET a = 2", packet_length=18, blocking=true) at /data/bld/Q3/bb-10.6-release-asan/sql/sql_parse.cc:1908
|
#17 0x0000563b9598df0b in do_command (thd=0x62b00007e218, blocking=true) at /data/bld/Q3/bb-10.6-release-asan/sql/sql_parse.cc:1421
|
#18 0x0000563b95e13c41 in do_handle_one_connection (connect=0x608000002e38, put_in_cache=true) at /data/bld/Q3/bb-10.6-release-asan/sql/sql_connect.cc:1386
|
#19 0x0000563b95e137a0 in handle_one_connection (arg=0x608000002db8) at /data/bld/Q3/bb-10.6-release-asan/sql/sql_connect.cc:1298
|
#20 0x0000563b96a914c0 in pfs_spawn_thread (arg=0x617000005b98) at /data/bld/Q3/bb-10.6-release-asan/storage/perfschema/pfs.cc:2201
|
#21 0x00007f7c7eca81c4 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
|
#22 0x00007f7c7ed2885c in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
|
A more complicated test case triggers another assertion. Here is one example of it. The test case is dirty, apparently it depends on the length of statements, even removing blank space converts it into the assertion failure like above; so I didn't simplify it further.
--source include/have_innodb.inc
|
|
|
CREATE DATABASE IF NOT EXISTS db; |
CREATE TABLE long_enough_name ( |
pk INTEGER AUTO_INCREMENT, |
col_int_nokey INTEGER, |
col_int_key INTEGER, |
col_date_key DATE, |
col_date_nokey DATE, |
col_datetime_key DATETIME,
|
col_datetime_nokey DATETIME,
|
col_varchar_key VARCHAR(1), |
col_varchar_nokey VARCHAR(1), |
PRIMARY KEY (pk), |
KEY (col_int_key DESC), |
KEY (col_datetime_key), |
KEY (col_varchar_key, col_int_key DESC) |
) ENGINE=InnoDB;
|
|
|
INSERT IGNORE INTO long_enough_name ( `pk` ) VALUES ( NULL ); |
--delimiter $
|
CREATE TRIGGER e BEFORE INSERT ON long_enough_name FOR EACH ROW BEGIN |
DELETE FROM `partition_by_columns_db`.`PP_C` WHERE `col_varchar_5_utf8_key` < 'jazz'; |
INSERT INTO `optimizer_no_indexes_db`.`view_table20_aria_merge` ( `col_char_255_null` ) VALUES ( 'relief' ) ; |
UPDATE IGNORE `partition_by_columns_db`.`PP_L` SET `col_varchar_32_utf8_key` = NULL WHERE `col_varchar_32_latin1_key` > 7 ; |
CALL q () ;
|
END $ |
--delimiter ;
|
UPDATE long_enough_name SET pk = 2; |
SET sql_mode= SIMULTANEOUS_ASSIGNMENT; |
UPDATE long_enough_name SET `pk` = 3; |
mariadbd: /data/bld/Q3/bb-10.6-release-asan/sql/field.h:1545: virtual void Field::move_field_offset(my_ptrdiff_t): Assertion `ptr - null_ptr <= (int)table->s->rec_buff_length' failed.
|
250729 17:37:21 [ERROR] /share8t/bld/Q3/bb-10.6-release-asan/sql/mariadbd got signal 6 ;
|
|
|
#9 0x00007f45d7653eb2 in __GI___assert_fail (assertion=0x5557386d39e0 "ptr - null_ptr <= (int)table->s->rec_buff_length", file=0x5557386d34c0 "/data/bld/Q3/bb-10.6-release-asan/sql/field.h", line=1545, function=0x5557386d3980 "virtual void Field::move_field_offset(my_ptrdiff_t)") at ./assert/assert.c:101
|
#10 0x00005557367b09cb in Field::move_field_offset (this=0x6210000d5da0, ptr_diff=40) at /data/bld/Q3/bb-10.6-release-asan/sql/field.h:1545
|
#11 0x00005557361fb695 in fill_record (thd=0x62b0000bd218, table_arg=0x6190000aeb98, fields=..., values=..., ignore_errors=false, update=true) at /data/bld/Q3/bb-10.6-release-asan/sql/sql_base.cc:8762
|
#12 0x00005557361fc5b4 in fill_record_n_invoke_before_triggers (thd=0x62b0000bd218, table=0x6190000aeb98, fields=..., values=..., ignore_errors=false, event=TRG_EVENT_UPDATE) at /data/bld/Q3/bb-10.6-release-asan/sql/sql_base.cc:8918
|
#13 0x00005557366c0592 in mysql_update (thd=0x62b0000bd218, table_list=0x62d0000a0588, fields=..., values=..., conds=0x0, order_num=0, order=0x0, limit=18446744073709551615, ignore=false, found_return=0x7f45c87faea0, updated_return=0x7f45c87faec0) at /data/bld/Q3/bb-10.6-release-asan/sql/sql_update.cc:1045
|
#14 0x0000555736383043 in mysql_execute_command (thd=0x62b0000bd218, is_called_from_prepared_stmt=false) at /data/bld/Q3/bb-10.6-release-asan/sql/sql_parse.cc:4477
|
#15 0x000055573639cd8e in mysql_parse (thd=0x62b0000bd218, rawbuf=0x62d0000a0438 "UPDATE long_enough_name SET `pk` = 3", length=36, parser_state=0x7f45c87fba90) at /data/bld/Q3/bb-10.6-release-asan/sql/sql_parse.cc:8200
|
#16 0x00005557363721d7 in dispatch_command (command=COM_QUERY, thd=0x62b0000bd218, packet=0x629000276219 "UPDATE long_enough_name SET `pk` = 3", packet_length=36, blocking=true) at /data/bld/Q3/bb-10.6-release-asan/sql/sql_parse.cc:1908
|
#17 0x000055573636ef0b in do_command (thd=0x62b0000bd218, blocking=true) at /data/bld/Q3/bb-10.6-release-asan/sql/sql_parse.cc:1421
|
#18 0x00005557367f4c41 in do_handle_one_connection (connect=0x608000018638, put_in_cache=true) at /data/bld/Q3/bb-10.6-release-asan/sql/sql_connect.cc:1386
|
#19 0x00005557367f47a0 in handle_one_connection (arg=0x6080000185b8) at /data/bld/Q3/bb-10.6-release-asan/sql/sql_connect.cc:1298
|
#20 0x00005557374724c0 in pfs_spawn_thread (arg=0x617000007e98) at /data/bld/Q3/bb-10.6-release-asan/storage/perfschema/pfs.cc:2201
|
#21 0x00007f45d76a81c4 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
|
#22 0x00007f45d772885c in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
|
The assertions were added by this commit in soon-to-be 10.6.23
commit fe8047caf26d20e98ea7f6ec1dce3924e696703f (grafted, HEAD -> bb-10.6-release, origin/bb-10.6-release)
|
Author: Sergei Golubchik
|
Date: Mon Jul 28 15:45:51 2025 +0200
|
|
|
MDEV-37320 ASAN errors in Field::is_null / Item_param::assign_default
|
Attachments
Issue Links
- relates to
-
-
- Closed
-
-
-
- Closed
-