Bug #112907 Assertion `to->field_ptr() != from->field_ptr()' failed in MySQL 8.1.0
Submitted: 1 Nov 2023 6:31 Modified: 1 Nov 2023 7:10
Reporter: Wang Ke Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Server: DML Severity:S6 (Debug Builds)
Version:8.1.0, 8.0.35, 8.2 OS:Any
Assigned to: CPU Architecture:Any
Tags: assertion failure

[1 Nov 2023 6:31] Wang Ke
Description:
Hello, an assertion failure was founded in MySQL 8.1.0 debug build:

```
2023-11-01T06:18:32.353470Z 0 [System] [MY-010931] [Server] /home/mysql-8.1.0-origin/bin/mysqld: ready for connections. Version: '8.1.0-debug-asan'  socket: '/tmp/mysql.sock'  port: 3306  Source distribution.
mysqld: /home/mysql-8.1.0/sql/item.cc:6667: type_conversion_status field_conv_with_cache(Field *, Field *, Field **, uint32_t *): Assertion `to->field_ptr() != from->field_ptr()' failed.
2023-11-01T06:19:04Z UTC - mysqld got signal 6 ;
Most likely, you have hit a bug, but this error can also be caused by malfunctioning hardware.
BuildID[sha1]=d41d0359075d9acaf807cea3acc3b128cdec5219
Thread pointer: 0x6270002bc100
Attempting backtrace. You can use the following information to find out
where mysqld died. If you see no messages after this, something went
terribly wrong...
stack_bottom = 7fdee483ea20 thread_stack 0x100000
/home/mysql-8.1.0-origin/bin/mysqld(__interceptor_backtrace+0x5b) [0x649134b]
/home/mysql-8.1.0-origin/bin/mysqld(my_print_stacktrace(unsigned char const*, unsigned long)+0x10d) [0xbfde8ed]
/home/mysql-8.1.0-origin/bin/mysqld(print_fatal_signal(int)+0x552) [0x8979ee2]
/home/mysql-8.1.0-origin/bin/mysqld(handle_fatal_signal+0x175) [0x897a5c5]
/lib/x86_64-linux-gnu/libpthread.so.0(+0x11390) [0x7fdf161b0390]
/lib/x86_64-linux-gnu/libc.so.6(gsignal+0x38) [0x7fdf14499438]
/lib/x86_64-linux-gnu/libc.so.6(abort+0x16a) [0x7fdf1449b03a]
/lib/x86_64-linux-gnu/libc.so.6(+0x2dbe7) [0x7fdf14491be7]
/lib/x86_64-linux-gnu/libc.so.6(+0x2dc92) [0x7fdf14491c92]
/home/mysql-8.1.0-origin/bin/mysqld() [0x6802ea3]
/home/mysql-8.1.0-origin/bin/mysqld(Item_field::save_in_field_inner(Field*, bool)+0x2cb) [0x68031ab]
/home/mysql-8.1.0-origin/bin/mysqld(Item::save_in_field(Field*, bool)+0x1d1) [0x67c8cf1]
/home/mysql-8.1.0-origin/bin/mysqld(fill_record(THD*, TABLE*, mem_root_deque<Item*> const&, mem_root_deque<Item*> const&, MY_BITMAP*, MY_BITMAP*, bool)+0xa35) [0x7a90de5]
/home/mysql-8.1.0-origin/bin/mysqld(fill_record_n_invoke_before_triggers(THD*, COPY_INFO*, mem_root_deque<Item*> const&, mem_root_deque<Item*> const&, TABLE*, enum_trigger_event_type, int, bool, bool*)+0x4cb) [0x7a92c8b]
/home/mysql-8.1.0-origin/bin/mysqld(Sql_cmd_insert_values::execute_inner(THD*)+0x1347) [0x7d6b0e7]
/home/mysql-8.1.0-origin/bin/mysqld(Sql_cmd_dml::execute(THD*)+0x13f8) [0x82bd348]
/home/mysql-8.1.0-origin/bin/mysqld(mysql_execute_command(THD*, bool)+0x5331) [0x80a0a91]
/home/mysql-8.1.0-origin/bin/mysqld(dispatch_sql_command(THD*, Parser_state*)+0x1b28) [0x8094e68]
/home/mysql-8.1.0-origin/bin/mysqld(dispatch_command(THD*, COM_DATA const*, enum_server_command)+0x377a) [0x808522a]
/home/mysql-8.1.0-origin/bin/mysqld(do_command(THD*)+0x12ee) [0x80902be]
/home/mysql-8.1.0-origin/bin/mysqld() [0x88ff832]
/home/mysql-8.1.0-origin/bin/mysqld() [0xeb1629a]
/lib/x86_64-linux-gnu/libpthread.so.0(+0x76ba) [0x7fdf161a66ba]
/lib/x86_64-linux-gnu/libc.so.6(clone+0x6d) [0x7fdf1456b51d]

Trying to get some variables.
Some pointers may be invalid and cause the dump to abort.
Query (6120002ebf70): INSERT IGNORE INTO t0 ( c0 , c1 ) VALUES ( 'fixme' , 'fixme' ) , ( 'SH' , 'SH' ) , ( t0.c1 , 'fixme' ) , ( NOW( ) - INTERVAL 1 SQL_TSI_DAY , CAST( t0.c2 + 1 + t0.c2 AS CHAR ) ) , ( CAST( + 0.000001 AS CHAR ) , 'honeypot' )
Connection ID (thread ID): 8
Status: NOT_KILLED
```

**Observed that release build is not affected:**

```
mysql> CREATE TABLE t0 ( c0 CHAR ( 0 ) CHAR SET koi8r DEFAULT NULL , c1 VARCHAR ( 1 ) PRIMARY KEY , c2 INT GENERATED ALWAYS AS ( CAST( ( false < true ) AS FLOAT ) + 8.000000 ) STORED ) ENGINE = InnoDB ;
Query OK, 0 rows affected (0.12 sec)

mysql> INSERT IGNORE INTO t0 ( c0 , c1 ) VALUES ( 'fixme' , 'fixme' ) , ( 'SH' , 'SH' ) , ( t0.c1 , 'fixme' ) , ( NOW( ) - INTERVAL 1 SQL_TSI_DAY , CAST( t0.c2 + 1 + t0.c2 AS CHAR ) ) , ( CAST( + 0.000001 AS CHAR ) , 'honeypot' ) ;
Query OK, 4 rows affected, 10 warnings (0.01 sec)
Records: 5  Duplicates: 1  Warnings: 10

mysql> show warnings;
+---------+------+------------------------------------------+
| Level   | Code | Message                                  |
+---------+------+------------------------------------------+
| Warning | 1265 | Data truncated for column 'c0' at row 1  |
| Warning | 1265 | Data truncated for column 'c1' at row 1  |
| Warning | 1265 | Data truncated for column 'c0' at row 2  |
| Warning | 1265 | Data truncated for column 'c1' at row 2  |
| Warning | 1265 | Data truncated for column 'c1' at row 3  |
| Warning | 1062 | Duplicate entry 'f' for key 't0.PRIMARY' |
| Warning | 1265 | Data truncated for column 'c0' at row 4  |
| Warning | 1048 | Column 'c1' cannot be null               |
| Warning | 1265 | Data truncated for column 'c0' at row 5  |
| Warning | 1265 | Data truncated for column 'c1' at row 5  |
+---------+------+------------------------------------------+
10 rows in set (0.00 sec)

```

How to repeat:
Test case:

```
CREATE TABLE t0 ( c0 CHAR ( 0 ) CHAR SET koi8r DEFAULT NULL , c1 VARCHAR ( 1 ) PRIMARY KEY , c2 INT GENERATED ALWAYS AS ( CAST( ( false < true ) AS FLOAT ) + 8.000000 ) STORED ) ENGINE = InnoDB ;
INSERT IGNORE INTO t0 ( c0 , c1 ) VALUES ( 'fixme' , 'fixme' ) , ( 'SH' , 'SH' ) , ( t0.c1 , 'fixme' ) , ( NOW( ) - INTERVAL 1 SQL_TSI_DAY , CAST( t0.c2 + 1 + t0.c2 AS CHAR ) ) , ( CAST( + 0.000001 AS CHAR ) , 'honeypot' ) ;
```
[1 Nov 2023 7:10] MySQL Verification Team
Hello Wang Ke,

Thank you for the report and test case.
Observed that 8.0.35 debug build is affected with provided test case.

regards,
Umesh
[1 Nov 2023 7:11] MySQL Verification Team
- debug build affected

 ./mtr --nocheck-testcases bug112907 --debug-server
Logging: ./mtr  --nocheck-testcases bug112907 --debug-server
MySQL Version 8.0.35
Checking supported features
 - Binaries are debug compiled
Using 'all' suites
Collecting tests
Checking leftover processes
Removing old var directory
Creating var directory '/export/home/tmp/ushastry/mysql-8.0.35/mysql-test/var'
Installing system database
Using parallel: 1

==============================================================================
                  TEST NAME                       RESULT  TIME (ms) COMMENT
------------------------------------------------------------------------------
CREATE TABLE t0 ( c0 CHAR ( 0 ) CHAR SET koi8r DEFAULT NULL , c1 VARCHAR ( 1 ) PRIMARY KEY , c2 INT GENERATED ALWAYS AS ( CAST( ( false < true ) AS FLOAT ) + 8.000000 ) STORED ) ENGINE = InnoDB ;
INSERT IGNORE INTO t0 ( c0 , c1 ) VALUES ( 'fixme' , 'fixme' ) , ( 'SH' , 'SH' ) , ( t0.c1 , 'fixme' ) , ( NOW( ) - INTERVAL 1 SQL_TSI_DAY , CAST( t0.c2 + 1 + t0.c2 AS CHAR ) ) , ( CAST( + 0.000001 AS CHAR ) , 'honeypot' ) ;
[ 50%] main.bug112907                            [ fail ]
        Test ended at 2023-11-01 08:10:08

CURRENT_TEST: main.bug112907
mysqltest: At line 2: Query 'INSERT IGNORE INTO t0 ( c0 , c1 ) VALUES ( 'fixme' , 'fixme' ) , ( 'SH' , 'SH' ) , ( t0.c1 , 'fixme' ) , ( NOW( ) - INTERVAL 1 SQL_TSI_DAY , CAST( t0.c2 + 1 + t0.c2 AS CHAR ) ) , ( CAST( + 0.000001 AS CHAR ) , 'honeypot' ) ' failed.
ERROR 2013 (HY000): Lost connection to MySQL server during query

-- release build - not affected

 ./mtr --nocheck-testcases bug112907
Logging: ./mtr  --nocheck-testcases bug112907
MySQL Version 8.0.35
Checking supported features
Using 'all' suites
Collecting tests
Checking leftover processes
Removing old var directory
Creating var directory '/export/home/tmp/ushastry/mysql-8.0.35/mysql-test/var'
Installing system database
Using parallel: 1

==============================================================================
                  TEST NAME                       RESULT  TIME (ms) COMMENT
------------------------------------------------------------------------------
CREATE TABLE t0 ( c0 CHAR ( 0 ) CHAR SET koi8r DEFAULT NULL , c1 VARCHAR ( 1 ) PRIMARY KEY , c2 INT GENERATED ALWAYS AS ( CAST( ( false < true ) AS FLOAT ) + 8.000000 ) STORED ) ENGINE = InnoDB ;
INSERT IGNORE INTO t0 ( c0 , c1 ) VALUES ( 'fixme' , 'fixme' ) , ( 'SH' , 'SH' ) , ( t0.c1 , 'fixme' ) , ( NOW( ) - INTERVAL 1 SQL_TSI_DAY , CAST( t0.c2 + 1 + t0.c2 AS CHAR ) ) , ( CAST( + 0.000001 AS CHAR ) , 'honeypot' ) ;
Warnings:
Warning 1265    Data truncated for column 'c0' at row 1
Warning 1265    Data truncated for column 'c1' at row 1
Warning 1265    Data truncated for column 'c0' at row 2
Warning 1265    Data truncated for column 'c1' at row 2
Warning 1265    Data truncated for column 'c1' at row 3
Warning 1062    Duplicate entry 'f' for key 't0.PRIMARY'
Warning 1265    Data truncated for column 'c0' at row 4
Warning 1048    Column 'c1' cannot be null
Warning 1265    Data truncated for column 'c0' at row 5
Warning 1265    Data truncated for column 'c1' at row 5
[ 50%] main.bug112907                            [ pass ]     28
[100%] shutdown_report                           [ pass ]
------------------------------------------------------------------------------
The servers were restarted 0 times
The servers were reinitialized 0 times
Spent 0.028 of 9 seconds executing testcases

Completed: All 2 tests were successful.
[1 Nov 2023 7:11] MySQL Verification Team
- debug build

#0  0x00007fb0de44eaa1 in pthread_kill () from /lib64/libpthread.so.0
#1  0x0000000003fbbfa6 in my_write_core(int) ()
#2  0x00000000032595e3 in handle_fatal_signal ()
#3  <signal handler called>
#4  0x00007fb0dc513387 in raise () from /lib64/libc.so.6
#5  0x00007fb0dc514a78 in abort () from /lib64/libc.so.6
#6  0x00007fb0dc50c1a6 in __assert_fail_base () from /lib64/libc.so.6
#7  0x00007fb0dc50c252 in __assert_fail () from /lib64/libc.so.6
#8  0x000000000339fb29 in field_conv_with_cache(Field*, Field*, Field**, unsigned int*) ()
#9  0x000000000339fcf8 in Item_field::save_in_field_inner(Field*, bool) ()
#10 0x00000000033b60cf in Item::save_in_field(Field*, bool) ()
#11 0x000000000302f573 in fill_record(THD*, TABLE*, mem_root_deque<Item*> const&, mem_root_deque<Item*> const&, MY_BITMAP*, MY_BITMAP*, bool) ()
#12 0x000000000302f9dc in fill_record_n_invoke_before_triggers(THD*, COPY_INFO*, mem_root_deque<Item*> const&, mem_root_deque<Item*> const&, TABLE*, enum_trigger_event_type, int, bool, bool*) ()
#13 0x00000000035b3797 in Sql_cmd_insert_values::execute_inner(THD*) ()
#14 0x00000000031467cd in Sql_cmd_dml::execute(THD*) ()
#15 0x00000000030e497b in mysql_execute_command(THD*, bool) ()
#16 0x00000000030e8295 in dispatch_sql_command(THD*, Parser_state*) ()
#17 0x00000000030e99f9 in dispatch_command(THD*, COM_DATA const*, enum_server_command) ()
#18 0x00000000030eb737 in do_command(THD*) ()
#19 0x000000000324ab8b in handle_connection ()
#20 0x0000000004776b03 in pfs_spawn_thread ()
#21 0x00007fb0de449ea5 in start_thread () from /lib64/libpthread.so.0
#22 0x00007fb0dc5dbb2d in clone () from /lib64/libc.so.6