[MDEV-29400] Assertion `args[0] == args[2] || thd->stmt_arena->is_stmt_execute()' failed at item_cmpfunc.cc:2584 Created: 2022-08-27  Updated: 2022-08-27  Resolved: 2022-08-27

Status: Closed
Project: MariaDB Server
Component/s: Data Manipulation - Insert
Affects Version/s: 10.8.3
Fix Version/s: N/A

Type: Bug Priority: Critical
Reporter: Zuming Jiang Assignee: Unassigned
Resolution: Duplicate Votes: 0
Labels: crash
Environment:

Ubuntu 20.04

Attachments: Text File bug_report.txt     File mariadb_reproduce.cc     File mysql_bk.sql     File stmts.sql     Text File tid.txt    
Issue Links:
Duplicate
duplicates MDEV-19091 Assertion `args[0] == args[2] || thd-... Confirmed

 Description   

I used my fuzzing tool to test Mariadb , and found a bug that can result in an abortion.

Mariadb installation:
1) cd mariadb-10.8.3
2) mkdir build; cd build
3) cmake .. -DCMAKE_BUILD_TYPE=Debug
4) make -j12 && sudo make install

Test driver compilation:
Note: "mariadb_reproduce" sets up several transactions and execute SQL statements according to /tmp/mysql_bk.sql, /tmp/stmts.sql and /tmp/tid.txt
1) g++ -I/usr/local/mysql/include/ mariadb_reproduce.cc -o mariadb_reproduce -lmysqlclient -g

Reproduce the bug:
1) cp mysql_bk.sql /tmp; cp stmts.sql /tmp; cp tid.txt /tmp
2) export ASAN_OPTIONS=detect_leaks=0
3) /usr/local/mysql/bin/mysqld --basedir=/usr/local/mysql --datadir=/usr/local/mysql/data --plugin-dir=/usr/local/mysql/lib/plugin --user=mysql &
4) ./mariadb_reproduce — crash the server
I have simplified the content of stmts.sql, and I hope stmts.sql can help you reproduce and fix the bug. In addition, I attached the failure report (which has its stack trace).

It is necessary to use "./mariadb_reproduce". When I just used "/usr/local/mysql/bin/mysql -uroot -Dtestdb < stmts.sql", the bug cannot be triggered
Generated at Thu Feb 08 10:08:17 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.