Details
-
Bug
-
Status: Confirmed (View Workflow)
-
Blocker
-
Resolution: Unresolved
-
12.3
-
Can result in hang or crash
-
Q2/2026 Server Maintenance
Description
The following testcase crashes even with the MDEV-38716 patch applied.
CREATE TEMPORARY TABLE t (c INT KEY); |
INSERT INTO t VALUES (1); |
ALTER TABLE t ADD COLUMN (d TIMESTAMP ON UPDATE CURRENT_TIMESTAMP); |
UPDATE t SET c=c; |
Leads to:
|
CS 12.3.1 21a0714a118614982d20bfa504763d7247800091 (Debug, Clang 21.1.3-20250923) Build 13/02/2026 |
Core was generated by `/test/git-bisect/MD130226-mariadb-12.3.1-linux-x86_64-dbg/bin/mariadbd --defaul'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 0x000055d7d232fb93 in TABLE::evaluate_update_default_function (this=0x7f924c03b758) at /test/git-bisect/12.3_dbg/sql/table.cc:9615
|
|
|
[Current thread is 1 (LWP 3389981)]
|
(gdb) bt
|
#0 0x000055d7d232fb93 in TABLE::evaluate_update_default_function (this=0x7f924c03b758) at /test/git-bisect/12.3_dbg/sql/table.cc:9615
|
#1 0x000055d7d20370c5 in fill_record (thd=0x7f924c000d58, table_arg=0x7f924c03b758, fields=@0x7f924c005db8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x7f924c017860, last = 0x7f924c017860, elements = 1}, <No data fields>}, values=@0x7f924c006240: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x7f924c017870, last = 0x7f924c017870, elements = 1}, <No data fields>}, ignore_errors=false, update=true)at /test/git-bisect/12.3_dbg/sql/sql_base.cc:9231
|
#2 0x000055d7d20377e7 in fill_record_n_invoke_before_triggers (thd=0x7f924c000d58, table=0x7f924c03b758, fields=@0x7f924c005db8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x7f924c017860, last = 0x7f924c017860, elements = 1}, <No data fields>}, values=@0x7f924c006240: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x7f924c017870, last = 0x7f924c017870, elements = 1}, <No data fields>}, ignore_errors=false, event=TRG_EVENT_UPDATE, skip_row_indicator=0x7f9285817aa7)at /test/git-bisect/12.3_dbg/sql/sql_base.cc:9411
|
#3 0x000055d7d2303a7d in Sql_cmd_update::update_single_table (this=0x7f924c017880, thd=0x7f924c000d58)at /test/git-bisect/12.3_dbg/sql/sql_update.cc:991
|
#4 0x000055d7d230af17 in Sql_cmd_update::execute_inner (this=0x7f924c017880, thd=0x7f924c000d58) at /test/git-bisect/12.3_dbg/sql/sql_update.cc:3237
|
#5 0x000055d7d224a7b9 in Sql_cmd_dml::execute (this=0x7f924c017880, thd=0x7f924c000d58) at /test/git-bisect/12.3_dbg/sql/sql_select.cc:34848
|
#6 0x000055d7d219824b in mysql_execute_command (thd=0x7f924c000d58, is_called_from_prepared_stmt=false)at /test/git-bisect/12.3_dbg/sql/sql_parse.cc:4442
|
#7 0x000055d7d218f638 in mysql_parse (thd=0x7f924c000d58, rawbuf=0x7f924c016dd0 "UPDATE t SET c=c", length=16, parser_state=0x7f92858199f0)at /test/git-bisect/12.3_dbg/sql/sql_parse.cc:7940
|
#8 0x000055d7d218cdee in dispatch_command (command=COM_QUERY, thd=0x7f924c000d58, packet=0x7f924c1caba9 "UPDATE t SET c=c", packet_length=16, blocking=true)at /test/git-bisect/12.3_dbg/sql/sql_parse.cc:1896
|
#9 0x000055d7d21900ba in do_command (thd=0x7f924c000d58, blocking=true)at /test/git-bisect/12.3_dbg/sql/sql_parse.cc:1432
|
#10 0x000055d7d238f95e in do_handle_one_connection (connect=0x55d7d5cc3b48, put_in_cache=true) at /test/git-bisect/12.3_dbg/sql/sql_connect.cc:1503
|
#11 0x000055d7d238f741 in handle_one_connection (arg=0x55d7d5ca73e8)at /test/git-bisect/12.3_dbg/sql/sql_connect.cc:1415
|
#12 0x00007f928709ca94 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447
|
#13 0x00007f9287129c3c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
It also shows an UBSAN null-pointer-use issue:
|
CS 12.3.1 21a0714a118614982d20bfa504763d7247800091 (Optimized, UBASAN, Clang 21.1.3-20250923) Build 13/02/2026 |
/test/12.3_opt_san/sql/table.cc:9615:44: runtime error: load of null pointer of type 'Field *'
|
#0 0x62a25dadfd2e in TABLE::evaluate_update_default_function() /test/12.3_opt_san/sql/table.cc:9615:44
|
#1 0x62a25cf2fd56 in fill_record(THD*, TABLE*, List<Item>&, List<Item>&, bool, bool) /test/12.3_opt_san/sql/sql_base.cc:9231:16
|
#2 0x62a25cf32410 in fill_record_n_invoke_before_triggers(THD*, TABLE*, List<Item>&, List<Item>&, bool, trg_event_type, bool*) /test/12.3_opt_san/sql/sql_base.cc:9411:11
|
#3 0x62a25da19c1e in Sql_cmd_update::update_single_table(THD*) /test/12.3_opt_san/sql/sql_update.cc:991:11
|
#4 0x62a25da43ec2 in Sql_cmd_update::execute_inner(THD*) /test/12.3_opt_san/sql/sql_update.cc:3237:10
|
#5 0x62a25d72cbcf in Sql_cmd_dml::execute(THD*) /test/12.3_opt_san/sql/sql_select.cc:34848:9
|
#6 0x62a25d40d0ce in mysql_execute_command(THD*, bool) /test/12.3_opt_san/sql/sql_parse.cc:4442:27
|
#7 0x62a25d3f0275 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/12.3_opt_san/sql/sql_parse.cc:7940:18
|
#8 0x62a25d3e82a0 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/12.3_opt_san/sql/sql_parse.cc:1896:7
|
#9 0x62a25d3f21d0 in do_command(THD*, bool) /test/12.3_opt_san/sql/sql_parse.cc:1432:17
|
#10 0x62a25dc40f0c in do_handle_one_connection(CONNECT*, bool) /test/12.3_opt_san/sql/sql_connect.cc:1503:11
|
#11 0x62a25dc40a26 in handle_one_connection /test/12.3_opt_san/sql/sql_connect.cc:1415:5
|
#12 0x62a25c324f4a in asan_thread_start(void*) crtstuff.c
|
#13 0x72c8f409ca93 in start_thread nptl/pthread_create.c:447:8
|
#14 0x72c8f4129c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
|
|
SUMMARY: UndefinedBehaviorSanitizer: null-pointer-use /test/12.3_opt_san/sql/table.cc:9615:44
|
Testcase is MTR and CLI compatible. Likely caused by MDEV-36290. Can bisect if deemed necessary.
Attachments
Issue Links
- is caused by
-
MDEV-36290 improved support of replication between tables of different structure
-
- Closed
-
- relates to
-
-
- Open
-
-
-
- Closed
-