[MDEV-38860] Assertion `null_ptr < ptr' failed in virtual void Field::move_field_offset(my_ptrdiff_t) - Jira

Details

Type: Bug
Status: Open (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: 10.6, 10.11, 11.4, 11.8, 12.2, 12.3
Fix Version/s: 10.6, 10.11, 11.4, 11.8, 12.2
Component/s: Triggers
Labels:
- debug

Bug Category:
Can result in hang or crash

Description

This is a similar assertion to ~~MDEV-37341~~, which has already been fixed.

CREATE TABLE t0 (a INT NOT NULL DEFAULT 0);

CREATE TRIGGER trg BEFORE INSERT ON t0 FOR EACH ROW ROLLBACK TO SAVEPOINT s;

UPDATE t0 SET a=((SELECT MAX(a) FROM t0));

#cleanup

DROP TRIGGER trg;

DROP TABLE t0;

DROP

Leads to:

CS 11.4.11 78201a41b5e88b94c27f5ecc16c9e5486e2e50c3 (Debug, Clang 18.1.3-11) Build 11/02/2026
mariadbd: /test/11.4_dbg/sql/field.h:1553: virtual void Field::move_field_offset(my_ptrdiff_t): Assertion `null_ptr < ptr' failed.

CS 11.4.11 78201a41b5e88b94c27f5ecc16c9e5486e2e50c3 (Debug, Clang 18.1.3-11) Build 11/02/2026
Core was generated by `/test/MD110226-mariadb-11.4.11-linux-x86_64-dbg/bin/mariadbd --no-defaults --ma'.
Program terminated with signal SIGABRT, Aborted.
Download failed: Invalid argument. Continuing without source file ./nptl/./nptl/pthread_kill.c.
#0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=<optimized out>)at ./nptl/pthread_kill.c:44

[Current thread is 1 (LWP 3813136)]
(gdb) bt
#0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=<optimized out>)at ./nptl/pthread_kill.c:44
#1 __pthread_kill_internal (signo=6, threadid=<optimized out>)at ./nptl/pthread_kill.c:78
#2 __GI___pthread_kill (threadid=<optimized out>, signo=signo@entry=6)at ./nptl/pthread_kill.c:89
#3 0x000078d68624527e in __GI_raise (sig=sig@entry=6)at ../sysdeps/posix/raise.c:26
#4 0x000078d6862288ff in __GI_abort () at ./stdlib/abort.c:79
#5 0x000078d68622881b in __assert_fail_base (fmt=0x78d6863d01e8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x63dc7f4daf81 "null_ptr < ptr", file=file@entry=0x63dc7f49b87c "/test/11.4_dbg/sql/field.h", line=line@entry=1553, function=function@entry=0x63dc7f4daf90 "virtual void Field::move_field_offset(my_ptrdiff_t)") at ./assert/assert.c:96
#6 0x000078d68623b517 in __assert_fail (assertion=0x63dc7f4daf81 "null_ptr < ptr", file=0x63dc7f49b87c "/test/11.4_dbg/sql/field.h", line=1553, function=0x63dc7f4daf90 "virtual void Field::move_field_offset(my_ptrdiff_t)") at ./assert/assert.c:105
#7 0x000063dc7e65fc54 in Field::move_field_offset (this=0x78b79c02f6c0, ptr_diff=-8520) at /test/11.4_dbg/sql/field.h:1553
#8 0x000063dc7e547369 in Create_tmp_table::finalize (this=0x78d2a0f37948, thd=0x78b79c000d58, table=0x78b79c0931e0, param=0x78b79c01ea40, do_not_open=false, keep_row_order=false)at /test/11.4_dbg/sql/sql_select.cc:22423
#9 0x000063dc7e520bbf in create_tmp_table (thd=0x78b79c000d58, param=0x78b79c01ea40, fields=@0x78d2a0f37bd0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x78b79c021530, last = 0x78b79c01eb28, elements = 2}, <No data fields>}, group=0x78d2a0f37b40, distinct=false, save_sum_fields=false, select_options=4096, rows_limit=18446744073709551615, table_alias=0x63dc7fc7ee00 <empty_clex_str>, do_not_open=false, keep_row_order=false) at /test/11.4_dbg/sql/sql_select.cc:22822
#10 0x000063dc7e604398 in multi_update::initialize_tables (this=0x78b79c01cec8, join=0x78b79c01cfd8)at /test/11.4_dbg/sql/sql_update.cc:2197
#11 0x000063dc7e50b91f in JOIN::optimize_stage2 (this=0x78b79c01cfd8)at /test/11.4_dbg/sql/sql_select.cc:2835
#12 0x000063dc7e50b503 in JOIN::optimize_inner (this=0x78b79c01cfd8)at /test/11.4_dbg/sql/sql_select.cc:2770
#13 0x000063dc7e508e0d in JOIN::optimize (this=0x78b79c01cfd8)at /test/11.4_dbg/sql/sql_select.cc:2016
#14 0x000063dc7e559512 in Sql_cmd_dml::execute_inner (this=0x78b79c01bca0, thd=0x78b79c000d58) at /test/11.4_dbg/sql/sql_select.cc:34629
#15 0x000063dc7e6079f5 in Sql_cmd_update::execute_inner (this=0x78b79c01bca0, thd=0x78b79c000d58) at /test/11.4_dbg/sql/sql_update.cc:3152
#16 0x000063dc7e559116 in Sql_cmd_dml::execute (this=0x78b79c01bca0, thd=0x78b79c000d58) at /test/11.4_dbg/sql/sql_select.cc:34573
#17 0x000063dc7e49e40f in mysql_execute_command (thd=0x78b79c000d58, is_called_from_prepared_stmt=false) at /test/11.4_dbg/sql/sql_parse.cc:4461
#18 0x000063dc7e494684 in mysql_parse (thd=0x78b79c000d58, rawbuf=0x78b79c019a40 "UPDATE t0 SET a=((SELECT MAX(a) FROM t0))", length=41, parser_state=0x78d2a0f39a30)at /test/11.4_dbg/sql/sql_parse.cc:7945
#19 0x000063dc7e491b09 in dispatch_command (command=COM_QUERY, thd=0x78b79c000d58, packet=0x78b79c00af99 "UPDATE t0 SET a=((SELECT MAX(a) FROM t0))", packet_length=41, blocking=true) at /test/11.4_dbg/sql/sql_parse.cc:1925
#20 0x000063dc7e495233 in do_command (thd=0x78b79c000d58, blocking=true)at /test/11.4_dbg/sql/sql_parse.cc:1433
#21 0x000063dc7e679db9 in do_handle_one_connection (connect=0x63dc83adbdf8, put_in_cache=true) at /test/11.4_dbg/sql/sql_connect.cc:1497
#22 0x000063dc7e679b52 in handle_one_connection (arg=0x63dc83bccca8)at /test/11.4_dbg/sql/sql_connect.cc:1409
#23 0x000078d68629caa4 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447
#24 0x000078d686329c6c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

Bug Detection Matrix
Rel o/d Build Commit UniqueID observed
CS 10.6 dbg 110226 1758b2578a8cc7e193bb35de0d8dc9a5e517c89c null_ptr < ptr\|SIGABRT\|Field::move_field_offset\|Create_tmp_table::finalize\|create_tmp_table\|multi_update::initialize_tables
CS 10.6 opt 110226 1758b2578a8cc7e193bb35de0d8dc9a5e517c89c No bug found
CS 10.11 dbg 110226 67fceadfa45b3f14921114544734455ecbdd480e null_ptr < ptr\|SIGABRT\|Field::move_field_offset\|Create_tmp_table::finalize\|create_tmp_table\|multi_update::initialize_tables
CS 10.11 opt 110226 67fceadfa45b3f14921114544734455ecbdd480e No bug found
CS 11.4 dbg 110226 78201a41b5e88b94c27f5ecc16c9e5486e2e50c3 null_ptr < ptr\|SIGABRT\|Field::move_field_offset\|Create_tmp_table::finalize\|create_tmp_table\|multi_update::initialize_tables
CS 11.4 opt 110226 78201a41b5e88b94c27f5ecc16c9e5486e2e50c3 No bug found
CS 11.8 dbg 110226 65ee9a7b4694d1b6f366b5a7a3d1b0549e5a3671 null_ptr < ptr\|SIGABRT\|Field::move_field_offset\|Create_tmp_table::finalize\|create_tmp_table\|multi_update::initialize_tables
CS 11.8 opt 110226 65ee9a7b4694d1b6f366b5a7a3d1b0549e5a3671 No bug found
CS 12.2 dbg 110226 d26a6f44c1f2119377e79a9540886c6d8c01472f null_ptr < ptr\|SIGABRT\|Field::move_field_offset\|Create_tmp_table::finalize\|create_tmp_table\|multi_update::initialize_tables
CS 12.2 opt 110226 d26a6f44c1f2119377e79a9540886c6d8c01472f No bug found
CS 12.3 dbg 110226 21a0714a118614982d20bfa504763d7247800091 null_ptr < ptr\|SIGABRT\|Field::move_field_offset\|Create_tmp_table::finalize\|create_tmp_table\|multi_update::initialize_tables
CS 12.3 opt 110226 21a0714a118614982d20bfa504763d7247800091 No bug found
ES 10.6 dbg 170226 22e626b9c17e9969925c54f14d30e39e25320b22 null_ptr < ptr\|SIGABRT\|Field::move_field_offset\|Create_tmp_table::finalize\|create_tmp_table\|multi_update::initialize_tables
ES 10.6 opt 170226 22e626b9c17e9969925c54f14d30e39e25320b22 No bug found
ES 11.4 dbg 170226 34f616d5fd2c649d0c79acb4e2423c90b8f10436 null_ptr < ptr\|SIGABRT\|Field::move_field_offset\|Create_tmp_table::finalize\|create_tmp_table\|multi_update::initialize_tables
ES 11.4 opt 170226 34f616d5fd2c649d0c79acb4e2423c90b8f10436 No bug found
ES 11.8 dbg 170226 405ee76b60c4ab82155f339136ed20d3b7363717 null_ptr < ptr\|SIGABRT\|Field::move_field_offset\|Create_tmp_table::finalize\|create_tmp_table\|multi_update::initialize_tables
ES 11.8 opt 170226 405ee76b60c4ab82155f339136ed20d3b7363717 No bug found

Assertion `null_ptr < ptr' failed in virtual void Field::move_field_offset(my_ptrdiff_t)

Details

Description

Attachments

Activity

People

Dates

Git Integration