Details
Description
Original testcase (reduced version in comments below):
CREATE TABLE v1071 ( v1072 BOOLEAN NOT NULL ) ; |
( ( SELECT v1072 FROM v1071 ORDER BY v1072 + v1072 , v1072 + v1072 ) ) ; |
UPDATE v1071 SET v1072 = 'x' WHERE v1072 = CASE WHEN v1072 * ( SELECT 0 FROM v1071 AS v1073 WHERE v1072 BETWEEN 70743860.000000 AND 22 WINDOW v1086 AS ( PARTITION BY v1072 ORDER BY ( SELECT DISTINCT 0 FROM ( SELECT v1072 FROM ( SELECT DISTINCT ( ( NOT ( 87472356.000000 AND v1072 = 0 ) ) = 49 AND v1072 = 30 ) % 0 , ( v1072 = 255 OR v1072 > 'x' ) FROM v1071 WHERE v1072 = 46 AND ( v1072 = 10 OR v1072 = 80 OR v1072 = -1 ) ) AS v1074 NATURAL JOIN v1071 WHERE ( v1072 = 127 OR v1072 = 16 ) NOT LIKE 'x' AND CASE v1072 * 8 = 0 WHEN 2147483647 THEN 'x' WHEN -128 THEN 'x' ELSE 8 END != 4 GROUP BY v1072 , 71777162.000000 / 91619124.000000 WINDOW v1087 AS ( PARTITION BY v1072 ORDER BY ( SELECT DISTINCT 76 FROM v1071 AS v1083 , v1071 AS v1084 , v1071 AS v1085 , v1071 ) DESC RANGE BETWEEN 66948404.000000 FOLLOWING AND 67858344.000000 FOLLOWING ) ) AS v1079 NATURAL JOIN v1071 AS v1080 , v1071 AS v1081 , v1071 AS v1082 JOIN v1071 ) DESC RANGE BETWEEN 26683913.000000 FOLLOWING AND 30593825.000000 FOLLOWING ) ) ^ v1072 THEN 'x' ELSE v1072 END / 16 ; |
INSERT INTO v1071 ( v1072 ) VALUES ( 86 ) , ( -32768 ) ; |
SELECT STDDEV_SAMP ( v1072 ) OVER v1088 , STDDEV_SAMP ( v1072 ) OVER v1088 FROM v1071 WINDOW v1088 AS ( PARTITION BY v1072 ORDER BY v1072 DESC ) ; |
Leads to:
10.9.0 0b14dbd45b5a1c02616d611876158d44b92b77bf (Optimized) |
Core was generated by `/test/MD030522-mariadb-10.9.0-linux-x86_64-opt/bin/mysqld --no-defaults --core-'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 get_sort_by_table (const_tables=0, tables=..., b=<optimized out>, a=0x0)
|
at /test/10.9_opt/sql/sql_select.cc:25516
|
[Current thread is 1 (Thread 0x14c418129700 (LWP 3725953))]
|
(gdb) bt
|
#0 get_sort_by_table (const_tables=0, tables=@0x14c374011cb0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14c37406ea28, last = 0x14c37406ea28, elements = 1}, <No data fields>}, b=<optimized out>, a=0x0) at /test/10.9_opt/sql/sql_select.cc:25516
|
#1 make_join_statistics (keyuse_array=0x14c37406e790, tables_list=@0x14c374011cb0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14c37406ea28, last = 0x14c37406ea28, elements = 1}, <No data fields>}, join=0x14c37406e470) at /test/10.9_opt/sql/sql_select.cc:5643
|
#2 JOIN::optimize_inner (this=0x14c37406e470) at /test/10.9_opt/sql/sql_select.cc:2495
|
#3 0x0000562a257cc6d3 in JOIN::optimize (this=this@entry=0x14c37406e470) at /test/10.9_opt/sql/sql_select.cc:1837
|
#4 0x0000562a25730464 in st_select_lex::optimize_unflattened_subqueries (this=0x14c3740054b0, const_only=const_only@entry=true) at /test/10.9_opt/sql/sql_lex.cc:4916
|
#5 0x0000562a258b2455 in JOIN::optimize_constant_subqueries (this=this@entry=0x14c37406d238) at /test/10.9_opt/sql/opt_subselect.cc:5622
|
#6 0x0000562a257c8f67 in JOIN::optimize_inner (this=0x14c37406d238) at /test/10.9_opt/sql/sql_select.cc:2157
|
#7 0x0000562a257cc6d3 in JOIN::optimize (this=this@entry=0x14c37406d238) at /test/10.9_opt/sql/sql_select.cc:1837
|
#8 0x0000562a257cc7be in mysql_select (thd=thd@entry=0x14c374000c58, tables=tables@entry=0x14c374010fa0, fields=@0x14c418127ec0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x562a267d16d0 <end_of_list>, last = 0x14c418127ec0, elements = 0}, <No data fields>}, conds=conds@entry=0x14c374053f20, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x14c37406d128, unit=0x14c374004cb8, select_lex=0x14c3740054b0) at /test/10.9_opt/sql/sql_select.cc:5022
|
#9 0x0000562a2582ce05 in mysql_multi_update (thd=thd@entry=0x14c374000c58, table_list=0x14c374010fa0, fields=fields@entry=0x14c374005750, values=values@entry=0x14c374005b80, conds=0x14c374053f20, options=0, handle_duplicates=DUP_ERROR, ignore=false, unit=0x14c374004cb8, select_lex=0x14c3740054b0, result=0x14c4181280b0) at /test/10.9_opt/sql/sql_update.cc:1969
|
#10 0x0000562a2575cda1 in mysql_execute_command (thd=0x14c374000c58, is_called_from_prepared_stmt=<optimized out>) at /test/10.9_opt/sql/sql_parse.cc:4504
|
#11 0x0000562a2574ba55 in mysql_parse (rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, thd=0x14c374000c58) at /test/10.9_opt/sql/sql_parse.cc:8046
|
#12 mysql_parse (thd=0x14c374000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/10.9_opt/sql/sql_parse.cc:7968
|
#13 0x0000562a2575771a in dispatch_command (command=COM_QUERY, thd=0x14c374000c58, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/10.9_opt/sql/sql_class.h:1364
|
#14 0x0000562a25759642 in do_command (thd=0x14c374000c58, blocking=blocking@entry=true) at /test/10.9_opt/sql/sql_parse.cc:1408
|
#15 0x0000562a2586e5bf in do_handle_one_connection (connect=<optimized out>, connect@entry=0x562a28fe5d38, put_in_cache=put_in_cache@entry=true) at /test/10.9_opt/sql/sql_connect.cc:1418
|
#16 0x0000562a2586e89d in handle_one_connection (arg=0x562a28fe5d38) at /test/10.9_opt/sql/sql_connect.cc:1312
|
#17 0x000014c43d5d0609 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
#18 0x000014c43d1bc133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
10.9.0 0b14dbd45b5a1c02616d611876158d44b92b77bf (Debug) |
Core was generated by `/test/MD030522-mariadb-10.9.0-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 get_sort_by_table (const_tables=<optimized out>, tables=...,
|
b=<optimized out>, a=0x0) at /test/10.9_dbg/sql/sql_select.cc:25516
|
[Current thread is 1 (Thread 0x15000412d700 (LWP 3726887))]
|
(gdb) bt
|
#0 get_sort_by_table (const_tables=<optimized out>, tables=@0x14ff880151d0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14ff88097750, last = 0x14ff88097750, elements = 1}, <No data fields>}, b=<optimized out>, a=0x0) at /test/10.9_dbg/sql/sql_select.cc:25516
|
#1 make_join_statistics (join=join@entry=0x14ff88097198, tables_list=@0x14ff880151d0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14ff88097750, last = 0x14ff88097750, elements = 1}, <No data fields>}, keyuse_array=keyuse_array@entry=0x14ff880974b8) at /test/10.9_dbg/sql/sql_select.cc:5643
|
#2 0x000056217facd52c in JOIN::optimize_inner (this=this@entry=0x14ff88097198) at /test/10.9_dbg/sql/sql_select.cc:2495
|
#3 0x000056217facd96c in JOIN::optimize (this=this@entry=0x14ff88097198) at /test/10.9_dbg/sql/sql_select.cc:1837
|
#4 0x000056217fa12462 in st_select_lex::optimize_unflattened_subqueries (this=0x14ff880057d0, const_only=const_only@entry=true) at /test/10.9_dbg/sql/sql_lex.cc:4916
|
#5 0x000056217fbfef3d in JOIN::optimize_constant_subqueries (this=this@entry=0x14ff88095f60) at /test/10.9_dbg/sql/opt_subselect.cc:5622
|
#6 0x000056217facc490 in JOIN::optimize_inner (this=this@entry=0x14ff88095f60) at /test/10.9_dbg/sql/sql_select.cc:2157
|
#7 0x000056217facd96c in JOIN::optimize (this=this@entry=0x14ff88095f60) at /test/10.9_dbg/sql/sql_select.cc:1837
|
#8 0x000056217facda5f in mysql_select (thd=thd@entry=0x14ff88000db8, tables=tables@entry=0x14ff880144c0, fields=@0x15000412bea0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x562180f10bc0 <end_of_list>, last = 0x15000412bea0, elements = 0}, <No data fields>}, conds=conds@entry=0x14ff8807c970, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2200096997504, result=0x14ff88095e50, unit=0x14ff88004fd8, select_lex=0x14ff880057d0) at /test/10.9_dbg/sql/sql_select.cc:5022
|
#9 0x000056217fb4692d in mysql_multi_update (thd=thd@entry=0x14ff88000db8, table_list=0x14ff880144c0, fields=fields@entry=0x14ff88005a70, values=values@entry=0x14ff88005ea0, conds=0x14ff8807c970, options=0, handle_duplicates=DUP_ERROR, ignore=false, unit=0x14ff88004fd8, select_lex=0x14ff880057d0, result=0x15000412c080) at /test/10.9_dbg/sql/sql_update.cc:1969
|
#10 0x000056217fa47e60 in mysql_execute_command (thd=thd@entry=0x14ff88000db8, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.9_dbg/sql/sql_parse.cc:4504
|
#11 0x000056217fa3467b in mysql_parse (thd=thd@entry=0x14ff88000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x15000412c470) at /test/10.9_dbg/sql/sql_parse.cc:8046
|
#12 0x000056217fa41f79 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14ff88000db8, packet=packet@entry=0x14ff8800b699 "UPDATE v1071 SET v1072 = 'x' WHERE v1072 = CASE WHEN v1072 * ( SELECT 0 FROM v1071 AS v1073 WHERE v1072 BETWEEN 70743860.000000 AND 22 WINDOW v1086 AS ( PARTITION BY v1072 ORDER BY ( SELECT DISTINCT 0"..., packet_length=packet_length@entry=1044, blocking=blocking@entry=true) at /test/10.9_dbg/sql/sql_class.h:1364
|
#13 0x000056217fa44686 in do_command (thd=0x14ff88000db8, blocking=blocking@entry=true) at /test/10.9_dbg/sql/sql_parse.cc:1408
|
#14 0x000056217fba1d02 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x562182aba788, put_in_cache=put_in_cache@entry=true) at /test/10.9_dbg/sql/sql_connect.cc:1418
|
#15 0x000056217fba220b in handle_one_connection (arg=0x562182aba788) at /test/10.9_dbg/sql/sql_connect.cc:1312
|
#16 0x00001500321f1609 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
#17 0x0000150031ddd133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
Bug confirmed present in:
MariaDB: 10.3.35 (dbg), 10.3.35 (opt), 10.4.25 (dbg), 10.4.25 (opt), 10.5.16 (dbg), 10.5.16 (opt), 10.6.8 (dbg), 10.6.8 (opt), 10.7.4 (dbg), 10.7.4 (opt), 10.8.3 (dbg), 10.8.3 (opt), 10.9.0 (dbg), 10.9.0 (opt), 10.10.0 (dbg), 10.10.0 (opt)
Bug (or feature/syntax) confirmed not present in:
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.37 (dbg), 5.7.37 (opt), 8.0.28 (dbg), 8.0.28 (opt)
Attachments
Issue Links
- duplicates
-
MDEV-28506 SIGSEGV's in find_field_in_table[s][_ref], Item_field::fix_fields, create_view_field and MemcmpInterceptorCommon | Assertions `(*select_ref)->fixed' or '->is_fixed' and `table_list->table' failed
-
- Stalled
-
- is duplicated by
-
MDEV-28516 SIGSEGV in get_sort_by_table, UBSAN: runtime error: member access within null pointer of type 'struct TABLE_LIST'
-
- Closed
-
- is part of
-
MDEV-30052 Crash with a query containing nested WINDOW clauses
-
- Closed
-
- relates to
-
MDEV-19569 Assertion `table_list->table' failed in find_field_in_table_ref and Assertion `table_ref->table || table_ref->view' in Field_iterator_table_ref::set_field_iterator
-
- Closed
-
-
MDEV-28505 Server crash in sql/sql_select.cc:19830 in sub_select(JOIN*, st_join_table*, bool)
-
- Closed
-
-
MDEV-29935 Server crashes in get_sort_by_table/make_join_statistics after INSERT into a view with ORDER BY
-
- Closed
-
test is derived from the reported test case, but I added table t2, because otherwise in 10.2 "target for 'UPDATE' and as a separate source for data":
bb-10.2-release 84984b79f27399d01
220518 14:47:43 [ERROR] mysqld got signal 11 ;
Server version: 10.2.44-MariaDB-debug-log
mysys/stacktrace.c:172(my_print_stacktrace)[0x55e5589d2f90]
sql/signal_handler.cc:221(handle_fatal_signal)[0x55e5577096c0]
sql/sql_select.cc:23196(get_sort_by_table(st_order*, st_order*, List<TABLE_LIST>&, unsigned long long))[0x55e5571ee3f9]
sql/sql_select.cc:4356(make_join_statistics(JOIN*, List<TABLE_LIST>&, st_dynamic_array*))[0x55e557167661]
sql/sql_select.cc:1597(JOIN::optimize_inner())[0x55e55714c1c7]
sql/sql_select.cc:1127(JOIN::optimize())[0x55e5571474d4]
sql/sql_lex.cc:3867(st_select_lex::optimize_unflattened_subqueries(bool))[0x55e557077efe]
sql/sql_update.cc:393(mysql_update(THD*, TABLE_LIST*, List<Item>&, List<Item>&, Item*, unsigned int, st_order*, unsigned long long, enum_duplicates, bool, unsigned long long*, unsigned long long*))[0x55e557338ddb]
sql/sql_parse.cc:4056(mysql_execute_command(THD*))[0x55e5570a0923]
sql/sql_parse.cc:7793(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x55e5570bb8ae]
sql/sql_parse.cc:1830(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x55e5570928fb]
sql/sql_parse.cc:1381(do_command(THD*))[0x55e55708f32c]
sql/sql_connect.cc:1336(do_handle_one_connection(CONNECT*))[0x55e55743c1f2]
sql/sql_connect.cc:1242(handle_one_connection)[0x55e55743bab3]
perfschema/pfs.cc:1871(pfs_spawn_thread)[0x55e5588d7766]
nptl/pthread_create.c:487(start_thread)[0x7f770672bfa3]
x86_64/clone.S:97(clone)[0x7f7705ad2eff]
Query (0x62b000000290): UPDATE t2 SET a = 5 WHERE
(SELECT 1 FROM t1
WINDOW w1 AS (ORDER BY (SELECT 1 FROM
(SELECT 1 FROM (SELECT a=10 FROM t1) dt1 NATURAL JOIN t1 GROUP BY a
WINDOW w2 AS (order by a)) dt )))