Details
-
Bug
-
Status: Confirmed (View Workflow)
-
Major
-
Resolution: Unresolved
-
10.5, 10.6, 10.11, 10.1(EOL), 10.2(EOL), 10.3(EOL), 10.4(EOL), 10.7(EOL), 10.8(EOL), 10.9(EOL), 10.10(EOL)
Description
USE test;
|
CREATE TABLE t1(a CHAR BINARY);
|
SELECT(SELECT a FROM (SELECT 1 FROM t1)e ORDER BY (@f:=a)) FROM t1 GROUP BY a;
|
Leads to:
10.5.4 8569dac1ec9f6853a0b2f3ea9bcbda67644ead24 |
mysqld: /test/10.5_dbg/sql/item.cc:5315: Item** resolve_ref_in_select_and_group(THD*, Item_ident*, SELECT_LEX*): Assertion `(*select_ref)->is_fixed()' failed.
|
10.5.4 8569dac1ec9f6853a0b2f3ea9bcbda67644ead24 |
Core was generated by `/test/MD260520-mariadb-10.5.4-linux-x86_64-dbg/bin/mysqld --no-defaults --core-
|
'.
|
Program terminated with signal SIGABRT, Aborted.
|
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=6)
|
at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
|
[Current thread is 1 (Thread 0x14e965e0c700 (LWP 125805))]
|
(gdb) bt
|
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=6) at ../sysdeps/unix/sysv/linux/pthre
|
ad_kill.c:57
|
#1 0x000055e6ca243d7a in my_write_core (sig=sig@entry=6) at /test/10.5_dbg/mysys/stacktrace.c:518
|
#2 0x000055e6c99e9385 in handle_fatal_signal (sig=6) at /test/10.5_dbg/sql/signal_handler.cc:330
|
#3 <signal handler called>
|
#4 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
|
#5 0x000014e964550801 in __GI_abort () at abort.c:79
|
#6 0x000014e96454039a in __assert_fail_base (fmt=0x14e9646c77d8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x55e6ca55d795 "(*select_ref)->is_fixed()", file=file@entry=0x55e6ca55d128 "/test/10.5_dbg/sql/item.cc", line=line@entry=5315, function=function@entry=0x55e6ca55b040 <resolve_ref_in_select_and_group(THD*, Item_ident*, st_select_lex*)::__PRETTY_FUNCTION__> "Item** resolve_ref_in_select_and_group(THD*, Item_ident*, SELECT_LEX*)") at assert.c:92
|
#7 0x000014e964540412 in __GI___assert_fail (assertion=assertion@entry=0x55e6ca55d795 "(*select_ref)->is_fixed()", file=file@entry=0x55e6ca55d128 "/test/10.5_dbg/sql/item.cc", line=line@entry=5315, function=function@entry=0x55e6ca55b040 <resolve_ref_in_select_and_group(THD*, Item_ident*, st_select_lex*)::__PRETTY_FUNCTION__> "Item** resolve_ref_in_select_and_group(THD*, Item_ident*, SELECT_LEX*)") at assert.c:101
|
#8 0x000055e6c9a20c24 in resolve_ref_in_select_and_group (thd=thd@entry=0x14e943815088, ref=ref@entry=0x14e943879de8, select=<optimized out>) at /test/10.5_dbg/sql/item.cc:5315
|
#9 0x000055e6c9a20e83 in Item_ref::fix_fields (this=0x14e943879de8, thd=0x14e943815088, reference=0x14e965e09e68) at /test/10.5_dbg/sql/item.cc:7764
|
#10 0x000055e6c9a22c5b in Item_field::fix_fields (this=0x14e943876f68, thd=0x14e943815088, reference=0x14e943877140) at /test/10.5_dbg/sql/item.cc:5851
|
#11 0x000055e6c9a69abd in Item::fix_fields_if_needed (ref=0x14e943877140, thd=0x14e943815088, this=0x14e943876f68) at /test/10.5_dbg/sql/item.h:978
|
#12 Item_func::fix_fields (this=this@entry=0x14e9438770a8, thd=thd@entry=0x14e943815088, ref=ref@entry=0x14e943877248) at /test/10.5_dbg/sql/item_func.cc:352
|
#13 0x000055e6c9a7e67d in Item_func_set_user_var::fix_fields (this=0x14e9438770a8, thd=0x14e943815088, ref=0x14e943877248) at /test/10.5_dbg/sql/item_func.cc:4496
|
#14 0x000055e6c979e306 in Item::fix_fields_if_needed (ref=0x14e943877248, thd=0x14e943815088, this=0x14e9438770a8) at /test/10.5_dbg/sql/item.h:978
|
#15 Item::fix_fields_if_needed_for_scalar (ref=0x14e943877248, thd=0x14e943815088, this=0x14e9438770a8) at /test/10.5_dbg/sql/item.h:982
|
#16 Item::fix_fields_if_needed_for_order_by (ref=0x14e943877248, thd=0x14e943815088, this=0x14e9438770a8) at /test/10.5_dbg/sql/item.h:990
|
#17 find_order_in_list (thd=thd@entry=0x14e943815088, ref_pointer_array=..., tables=tables@entry=0x14e943876068, order=order@entry=0x14e943877238, fields=..., all_fields=..., is_group_field=false, add_to_all_fields=true, from_window_spec=false) at /test/10.5_dbg/sql/sql_select.cc:24454
|
#18 0x000055e6c979e599 in setup_order (thd=thd@entry=0x14e943815088, ref_pointer_array=..., tables=tables@entry=0x14e943876068, fields=..., all_fields=..., order=0x14e943877238, from_window_spec=false) at /test/10.5_dbg/sql/sql_select.cc:24498
|
#19 0x000055e6c97adf9f in setup_without_group (reserved=0x14e94387491c, hidden_group_fields=0x14e943879137, win_funcs=..., win_specs=..., group=0x0, order=0x14e943877238, conds=0x14e943879260, all_fields=..., fields=..., leaves=..., tables=0x14e943876068, ref_pointer_array=..., thd=0x14e943815088) at /test/10.5_dbg/sql/sql_select.cc:709
|
#20 JOIN::prepare (this=0x14e943878e50, tables_init=<optimized out>, conds_init=<optimized out>, og_num=<optimized out>, order_init=<optimized out>, skip_order_by=skip_order_by@entry=false, group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x14e943874610, unit_arg=0x14e943876758) at /test/10.5_dbg/sql/sql_select.cc:1246
|
#21 0x000055e6c9ad8b25 in subselect_single_select_engine::prepare (this=0x14e943877468, thd=0x14e943815088) at /test/10.5_dbg/sql/item_subselect.cc:3725
|
#22 0x000055e6c9ad7c79 in Item_subselect::fix_fields (this=0x14e9438772c0, thd_param=<optimized out>, ref=0x14e9438774b0) at /test/10.5_dbg/sql/item_subselect.cc:285
|
#23 0x000055e6c96c40cd in Item::fix_fields_if_needed (ref=0x14e9438774b0, thd=0x14e943815088, this=0x14e9438772c0) at /test/10.5_dbg/sql/item.h:978
|
#24 Item::fix_fields_if_needed_for_scalar (ref=0x14e9438774b0, thd=0x14e943815088, this=0x14e9438772c0) at /test/10.5_dbg/sql/item.h:982
|
#25 setup_fields (thd=0x14e943815088, ref_pointer_array=..., fields=..., column_usage=column_usage@entry=MARK_COLUMNS_READ, sum_func_list=sum_func_list@entry=0x14e943878a78, pre_fix=0x14e943874308, allow_sum_func=true) at /test/10.5_dbg/sql/sql_base.cc:7525
|
#26 0x000055e6c97adcd5 in JOIN::prepare (this=this@entry=0x14e943878750, tables_init=tables_init@entry=0x14e943877528, conds_init=conds_init@entry=0x0, og_num=og_num@entry=1, order_init=order_init@entry=0x0, skip_order_by=skip_order_by@entry=false, group_init=0x14e943877d58, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x14e9438741a0, unit_arg=0x14e9438190a0) at /test/10.5_dbg/sql/sql_select.cc:1241
|
#27 0x000055e6c97bb273 in mysql_select (thd=thd@entry=0x14e943815088, tables=0x14e943877528, fields=..., conds=0x0, og_num=1, order=0x0, group=0x14e943877d58, having=0x0, proc_param=0x0, select_options=2147748608, result=0x14e943878728, unit=0x14e9438190a0, select_lex=0x14e9438741a0) at /test/10.5_dbg/sql/sql_select.cc:4634
|
#28 0x000055e6c97bb675 in handle_select (thd=thd@entry=0x14e943815088, lex=lex@entry=0x14e943818fd8, result=result@entry=0x14e943878728, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.5_dbg/sql/sql_select.cc:417
|
#29 0x000055e6c97460bf in execute_sqlcom_select (thd=thd@entry=0x14e943815088, all_tables=0x14e943877528) at /test/10.5_dbg/sql/sql_parse.cc:6207
|
#30 0x000055e6c973f1f4 in mysql_execute_command (thd=thd@entry=0x14e943815088) at /test/10.5_dbg/sql/sql_parse.cc:3939
|
#31 0x000055e6c974c02e in mysql_parse (thd=thd@entry=0x14e943815088, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14e965e0b3d0, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_dbg/sql/sql_parse.cc:7991
|
#32 0x000055e6c9738b42 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14e943815088, packet=packet@entry=0x14e943867089 "SELECT(SELECT a FROM (SELECT 1 FROM t1)e ORDER BY (@f:=a)) FROM t1 GROUP BY a", packet_length=packet_length@entry=77, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_dbg/sql/sql_parse.cc:1874
|
#33 0x000055e6c973731c in do_command (thd=0x14e943815088) at /test/10.5_dbg/sql/sql_parse.cc:1355
|
#34 0x000055e6c989173f in do_handle_one_connection (connect=<optimized out>, connect@entry=0x14e9450453a8, put_in_cache=put_in_cache@entry=true) at /test/10.5_dbg/sql/sql_connect.cc:1411
|
#35 0x000055e6c9891e5b in handle_one_connection (arg=arg@entry=0x14e9450453a8) at /test/10.5_dbg/sql/sql_connect.cc:1313
|
#36 0x000055e6c9cf114e in pfs_spawn_thread (arg=0x14e963845888) at /test/10.5_dbg/storage/perfschema/pfs.cc:2201
|
#37 0x000014e9652336db in start_thread (arg=0x14e965e0c700) at pthread_create.c:463
|
#38 0x000014e96463188f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
Bug confirmed present in:
MariaDB: 10.1.46 (dbg), 10.2.33 (dbg), 10.3.24 (dbg), 10.4.14 (dbg), 10.5.4 (dbg)
MySQL: 5.5.62 (dbg)
Bug confirmed not present in:
MariaDB: 10.1.46 (opt), 10.2.33 (opt), 10.3.24 (opt), 10.4.14 (opt), 10.5.4 (opt)
MySQL: 5.5.62 (opt), 5.6.47 (dbg), 5.6.47 (opt), 5.7.29 (dbg), 5.7.29 (opt), 8.0.19 (dbg), 8.0.19 (opt)
Attachments
Issue Links
- relates to
-
MDEV-26944 Server crash on selecting some data from information_schema
- Confirmed
-
MDEV-28623 Server crash in sql/item.cc:5721: Item** resolve_ref_in_select_and_group(THD*, Item_ident*, SELECT_LEX*)
- Closed
-
MDEV-28917 SIGSEGV in resolve_ref_in_select_and_group and Assertion `n < m_size' failed in Bounds_checked_array on INSERT
- Confirmed
-
MDEV-29351 SIGSEGV in Used_tables_and_const_cache::used_tables_and_const_cache_join on UPDATE, UBSAN: runtime error: member call on address ... which does not point to an object of type 'Item' (object has invalid vptr), ASAN use-after-poison
- Confirmed