Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-28515

Assertion `field->table == table' failed in Create_tmp_table::finalize and create_tmp_table and SIGSEGV in hp_rec_hashnr

Details

    Description

      Whilst reducing the testcase for MDEV-28501, I discovered another bug. Testcase can likely be improved further later. Possibly connected with MDEV-25490.

      CREATE TABLE t(v817 TEXT) ENGINE=InnoDB;
      		 
      SELECT v817 / 1.0 AS v818 FROM (SELECT DISTINCT 42 FROM (SELECT DISTINCT v817 FROM t)AS v819,t AS v820,t AS v821,t AS v822 JOIN t) AS v823 NATURAL JOIN t AS v824 NATURAL JOIN t WINDOW v832 AS (PARTITION BY (v817 OR NOT v817) BETWEEN (((NOT (((v817='')) * NULL)))) AND 1.0 ORDER BY''BETWEEN (((SELECT v817 FROM t GROUP BY v817 WINDOW v833 AS (PARTITION BY v817 ORDER BY  1  DESC RANGE BETWEEN 1.0 FOLLOWING AND 1.0 FOLLOWING) ORDER BY v817 + v817,v817 + v817)=3)) AND (CASE v817 WHEN (v817 IN (0,0,11,0 / v817=v817 + CASE v817 WHEN TRUE THEN 128 ELSE 99 END OR v817=v817 OR v817=v817)) THEN 2 ELSE 2147483647 END=128));

      Leads to:

      10.9.0 0b14dbd45b5a1c02616d611876158d44b92b77bf (Debug)

      		 
      mysqld: /test/10.9_dbg/sql/sql_select.cc:19379: bool Create_tmp_table::finalize(THD*, TABLE*, TMP_TABLE_PARAM*, bool, bool): Assertion `field->table == table' failed.

      10.9.0 0b14dbd45b5a1c02616d611876158d44b92b77bf (Debug)

      		 
      Core was generated by `/test/MD030522-mariadb-10.9.0-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
      		 
      Program terminated with signal SIGABRT, Aborted.
      		 
      #0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
      		 
      [Current thread is 1 (Thread 0x148f4812d700 (LWP 1977878))]
      		 
      (gdb) bt
      		 
      #0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
      		 
      #1  0x0000148f6e2e4859 in __GI_abort () at abort.c:79
      		 
      #2  0x0000148f6e2e4729 in __assert_fail_base (fmt=0x148f6e47a588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x55ae21f244b1 "field->table == table", file=0x55ae21f3fcb8 "/test/10.9_dbg/sql/sql_select.cc", line=19379, function=<optimized out>) at assert.c:92
      		 
      #3  0x0000148f6e2f6006 in __GI___assert_fail (assertion=assertion@entry=0x55ae21f244b1 "field->table == table", file=file@entry=0x55ae21f3fcb8 "/test/10.9_dbg/sql/sql_select.cc", line=line@entry=19379, function=function@entry=0x55ae21f41b08 "bool Create_tmp_table::finalize(THD*, TABLE*, TMP_TABLE_PARAM*, bool, bool)") at assert.c:101
      		 
      #4  0x000055ae213b4e68 in Create_tmp_table::finalize (this=this@entry=0x148f4812b5c0, thd=thd@entry=0x148ebc000db8, table=table@entry=0x148ebc0a2be0, param=param@entry=0x148ebc09e5c8, do_not_open=do_not_open@entry=true, keep_row_order=keep_row_order@entry=false) at /test/10.9_dbg/sql/sql_select.cc:19379
      		 
      #5  0x000055ae213b54e8 in create_tmp_table (thd=0x148ebc000db8, param=0x148ebc09e5c8, fields=@0x148ebc032cc8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x148ebc08a7c8, last = 0x148ebc014838, elements = 4}, <No data fields>}, group=group@entry=0x148ebc02e3e0, distinct=distinct@entry=false, save_sum_fields=save_sum_fields@entry=false, select_options=2147748608, rows_limit=18446744073709551615, table_alias=0x55ae226034a0 <empty_clex_str>, do_not_open=true, keep_row_order=false) at /test/10.9_dbg/sql/sql_select.cc:19674
      		 
      #6  0x000055ae213c3a0b in JOIN::create_postjoin_aggr_table (this=this@entry=0x148ebc032960, tab=tab@entry=0x148ebc09d610, table_fields=table_fields@entry=0x148ebc032cc8, table_group=0x148ebc02e3e0, save_sum_fields=<optimized out>, distinct=distinct@entry=false, keep_row_order=false) at /test/10.9_dbg/sql/sql_select.cc:4055
      		 
      #7  0x000055ae213c4b12 in JOIN::make_aggr_tables_info (this=this@entry=0x148ebc032960) at /test/10.9_dbg/sql/sql_select.cc:3634
      		 
      #8  0x000055ae213d6cd2 in JOIN::optimize_stage2 (this=this@entry=0x148ebc032960) at /test/10.9_dbg/sql/sql_select.cc:3262
      		 
      #9  0x000055ae213d85a7 in JOIN::optimize_inner (this=this@entry=0x148ebc032960) at /test/10.9_dbg/sql/sql_select.cc:2521
      		 
      #10 0x000055ae213d896c in JOIN::optimize (this=this@entry=0x148ebc032960) at /test/10.9_dbg/sql/sql_select.cc:1837
      		 
      #11 0x000055ae213d8a5f in mysql_select (thd=thd@entry=0x148ebc000db8, tables=0x148ebc02a6d8, fields=@0x148ebc0143c0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x148ebc014838, last = 0x148ebc014838, elements = 1}, <No data fields>}, conds=0x0, og_num=1, order=0x0, group=0x148ebc02e3e0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x148ebc032938, unit=0x148ebc004fd8, select_lex=0x148ebc014120) at /test/10.9_dbg/sql/sql_select.cc:5022
      		 
      #12 0x000055ae213d92a8 in handle_select (thd=thd@entry=0x148ebc000db8, lex=lex@entry=0x148ebc004f00, result=result@entry=0x148ebc032938, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.9_dbg/sql/sql_select.cc:570
      		 
      #13 0x000055ae213456c8 in execute_sqlcom_select (thd=thd@entry=0x148ebc000db8, all_tables=0x148ebc02a6d8) at /test/10.9_dbg/sql/sql_parse.cc:6271
      		 
      #14 0x000055ae21351935 in mysql_execute_command (thd=thd@entry=0x148ebc000db8, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.9_dbg/sql/sql_parse.cc:3961
      		 
      #15 0x000055ae2133f67b in mysql_parse (thd=thd@entry=0x148ebc000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x148f4812c470) at /test/10.9_dbg/sql/sql_parse.cc:8046
      		 
      #16 0x000055ae2134cf79 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x148ebc000db8, packet=packet@entry=0x148ebc00b699 "SELECT v817 / 1.0 AS v818 FROM (SELECT DISTINCT 42 FROM (SELECT DISTINCT v817 FROM t)AS v819,t AS v820,t AS v821,t AS v822 JOIN t) AS v823 NATURAL JOIN t AS v824 NATURAL JOIN t WINDOW v832 AS (PARTITI"..., packet_length=packet_length@entry=617, blocking=blocking@entry=true) at /test/10.9_dbg/sql/sql_class.h:1364
      		 
      #17 0x000055ae2134f686 in do_command (thd=0x148ebc000db8, blocking=blocking@entry=true) at /test/10.9_dbg/sql/sql_parse.cc:1408
      		 
      #18 0x000055ae214acd02 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55ae23d3b7c8, put_in_cache=put_in_cache@entry=true) at /test/10.9_dbg/sql/sql_connect.cc:1418
      		 
      #19 0x000055ae214ad20b in handle_one_connection (arg=0x55ae23d3b7c8) at /test/10.9_dbg/sql/sql_connect.cc:1312
      		 
      #20 0x0000148f6e7f5609 in start_thread (arg=<optimized out>) at pthread_create.c:477
      		 
      #21 0x0000148f6e3e1163 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

      Bug confirmed present in:
      MariaDB: 10.2.44 (dbg), 10.3.35 (dbg), 10.4.25 (dbg), 10.5.16 (dbg), 10.6.8 (dbg), 10.7.4 (dbg), 10.8.3 (dbg), 10.9.0 (dbg)

      Bug (or feature/syntax) confirmed not present in:
      MariaDB: 10.2.44 (opt), 10.3.35 (opt), 10.4.25 (opt), 10.5.16 (opt), 10.6.8 (opt), 10.7.4 (opt), 10.8.3 (opt), 10.9.0 (opt)
      MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.37 (dbg), 5.7.37 (opt), 8.0.28 (dbg), 8.0.28 (opt)

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. MDEV-30052 Crash with a query containing nested WINDOW clauses

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed
          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. MDEV-28508 Server crash in /sql/sql_select.cc:18212: TABLE* create_tmp_table

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-30230 Crash bug on evaluate_join_record

          • Major - Major loss of function.
          • Closed

          Task - A task that needs to be done. MDEV-30381 investigate group by window issues

          • Major - Major loss of function.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-28501 SIGSEGV in update_depend_map_for_order on SELECT, UBSAN: runtime error: member access within null pointer of type 'struct JOIN_TAB'

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-29052 SIGSEGV's in hp_rec_hashnr and my_hash_sort_simple (from hp_rec_hashnr and my_ci_hash_sort) on SELECT when using window functions

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-25490 Memory leaks after INSERT .. RETURNING with subquery

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-28506 SIGSEGV's in find_field_in_table[s][_ref], Item_field::fix_fields, create_view_field and MemcmpInterceptorCommon | Assertions `(*select_ref)->fixed' or '->is_fixed' and `table_list->table' failed

          • Major - Major loss of function.
          • Stalled

          Bug - A problem which impairs or prevents the functions of the product. MDEV-28957 Assertion `table->no_keyread || !table->covering_keys.is_set(tab->index) || table->file->keyread == tab->index' failed and SIGSEGV in JOIN_CACHE::reset_join

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-29353 SIGSEGV's in _ma_unique_hash, _ma_make_key and _ma_calc_blob_length on SELECT (on optimized builds)

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-29359 Server crashed with heap-use-after-free in in Field::is_null(long long) const

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-30575 SIGSEGV in my_charlen_utf8mb3 (corruption)

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-32329 (patch) pushdown from having into where: Server crashes at sub_select

          • Major - Major loss of function.
          • Closed

          Activity

            Ascending order - Click to sort in descending order
            Roel Roel Van de Paar added a comment -

            The best reduced/optimized testcase thus far:

            CREATE TABLE t (c INT) ENGINE=InnoDB;
            		 
            SELECT * FROM (SELECT * FROM t) AS a JOIN t WINDOW b AS (PARTITION BY t.c AND 1 BETWEEN (SELECT * FROM t GROUP BY t.c WINDOW d AS (PARTITION BY t.c)) AND 1);

            Leads to:

            10.9.0 0b14dbd45b5a1c02616d611876158d44b92b77bf (Debug)

            		 
            mysqld: /test/10.9_dbg/sql/sql_select.cc:19379: bool Create_tmp_table::finalize(THD*, TABLE*, TMP_TABLE_PARAM*, bool, bool): Assertion `field->table == table' failed.

            10.9.0 0b14dbd45b5a1c02616d611876158d44b92b77bf (Debug)

            		 
            Core was generated by `/test/MD030522-mariadb-10.9.0-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
            		 
            Program terminated with signal SIGABRT, Aborted.
            		 
            #0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
            		 
            [Current thread is 1 (Thread 0x150d6bfff700 (LWP 1878654))]
            		 
            (gdb) bt
            		 
            #0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
            		 
            #1  0x0000150db43a0859 in __GI_abort () at abort.c:79
            		 
            #2  0x0000150db43a0729 in __assert_fail_base (fmt=0x150db4536588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x562a9aded4b1 "field->table == table", file=0x562a9ae08cb8 "/test/10.9_dbg/sql/sql_select.cc", line=19379, function=<optimized out>) at assert.c:92
            		 
            #3  0x0000150db43b2006 in __GI___assert_fail (assertion=assertion@entry=0x562a9aded4b1 "field->table == table", file=file@entry=0x562a9ae08cb8 "/test/10.9_dbg/sql/sql_select.cc", line=line@entry=19379, function=function@entry=0x562a9ae0ab08 "bool Create_tmp_table::finalize(THD*, TABLE*, TMP_TABLE_PARAM*, bool, bool)") at assert.c:101
            		 
            #4  0x0000562a9a27de68 in Create_tmp_table::finalize (this=this@entry=0x150d6bffd5c0, thd=thd@entry=0x150d60000db8, table=table@entry=0x150d6007fa00, param=param@entry=0x150d600799d8, do_not_open=do_not_open@entry=true, keep_row_order=keep_row_order@entry=false) at /test/10.9_dbg/sql/sql_select.cc:19379
            		 
            #5  0x0000562a9a27e4e8 in create_tmp_table (thd=0x150d60000db8, param=0x150d600799d8, fields=@0x150d60026018: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x150d60027c60, last = 0x150d60014318, elements = 4}, <No data fields>}, group=group@entry=0x150d600176b8, distinct=distinct@entry=false, save_sum_fields=save_sum_fields@entry=false, select_options=2147748608, rows_limit=18446744073709551615, table_alias=0x562a9b4cc4a0 <empty_clex_str>, do_not_open=true, keep_row_order=false) at /test/10.9_dbg/sql/sql_select.cc:19674
            		 
            #6  0x0000562a9a28ca0b in JOIN::create_postjoin_aggr_table (this=this@entry=0x150d60025cb0, tab=tab@entry=0x150d6007c0d0, table_fields=table_fields@entry=0x150d60026018, table_group=0x150d600176b8, save_sum_fields=<optimized out>, distinct=distinct@entry=false, keep_row_order=false) at /test/10.9_dbg/sql/sql_select.cc:4055
            		 
            #7  0x0000562a9a28db12 in JOIN::make_aggr_tables_info (this=this@entry=0x150d60025cb0) at /test/10.9_dbg/sql/sql_select.cc:3634
            		 
            #8  0x0000562a9a29fcd2 in JOIN::optimize_stage2 (this=this@entry=0x150d60025cb0) at /test/10.9_dbg/sql/sql_select.cc:3262
            		 
            #9  0x0000562a9a2a15a7 in JOIN::optimize_inner (this=this@entry=0x150d60025cb0) at /test/10.9_dbg/sql/sql_select.cc:2521
            		 
            #10 0x0000562a9a2a196c in JOIN::optimize (this=this@entry=0x150d60025cb0) at /test/10.9_dbg/sql/sql_select.cc:1837
            		 
            #11 0x0000562a9a2a1a5f in mysql_select (thd=thd@entry=0x150d60000db8, tables=0x150d60015840, fields=@0x150d60014028: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x150d60014318, last = 0x150d60026e08, elements = 2}, <No data fields>}, conds=0x0, og_num=1, order=0x0, group=0x150d600176b8, having=0x0, proc_param=0x0, select_options=2147748608, result=0x150d60025c88, unit=0x150d60004fd8, select_lex=0x150d60013d88) at /test/10.9_dbg/sql/sql_select.cc:5022
            		 
            #12 0x0000562a9a2a22a8 in handle_select (thd=thd@entry=0x150d60000db8, lex=lex@entry=0x150d60004f00, result=result@entry=0x150d60025c88, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.9_dbg/sql/sql_select.cc:570
            		 
            #13 0x0000562a9a20e6c8 in execute_sqlcom_select (thd=thd@entry=0x150d60000db8, all_tables=0x150d60015840) at /test/10.9_dbg/sql/sql_parse.cc:6271
            		 
            #14 0x0000562a9a21a935 in mysql_execute_command (thd=thd@entry=0x150d60000db8, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.9_dbg/sql/sql_parse.cc:3961
            		 
            #15 0x0000562a9a20867b in mysql_parse (thd=thd@entry=0x150d60000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x150d6bffe470) at /test/10.9_dbg/sql/sql_parse.cc:8046
            		 
            #16 0x0000562a9a215f79 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x150d60000db8, packet=packet@entry=0x150d6000b699 "SELECT * FROM (SELECT * FROM t) AS a JOIN t WINDOW b AS (PARTITION BY t.c AND 1 BETWEEN (SELECT * FROM t GROUP BY t.c WINDOW d AS (PARTITION BY t.c)) AND 1)", packet_length=packet_length@entry=156, blocking=blocking@entry=true) at /test/10.9_dbg/sql/sql_class.h:1364
            		 
            #17 0x0000562a9a218686 in do_command (thd=0x150d60000db8, blocking=blocking@entry=true) at /test/10.9_dbg/sql/sql_parse.cc:1408
            		 
            #18 0x0000562a9a375d02 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x562a9dc43958, put_in_cache=put_in_cache@entry=true) at /test/10.9_dbg/sql/sql_connect.cc:1418
            		 
            #19 0x0000562a9a37620b in handle_one_connection (arg=0x562a9dc43958) at /test/10.9_dbg/sql/sql_connect.cc:1312
            		 
            #20 0x0000150db48b1609 in start_thread (arg=<optimized out>) at pthread_create.c:477
            		 
            #21 0x0000150db449d163 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

            Bug confirmed present in:
            MariaDB: 10.2.44 (dbg), 10.3.35 (dbg), 10.4.25 (dbg), 10.5.16 (dbg), 10.6.8 (dbg), 10.7.4 (dbg), 10.8.3 (dbg), 10.9.0 (dbg)

            Bug (or feature/syntax) confirmed not present in:
            MariaDB: 10.2.44 (opt), 10.3.35 (opt), 10.4.25 (opt), 10.5.16 (opt), 10.6.8 (opt), 10.7.4 (opt), 10.8.3 (opt), 10.9.0 (opt)
            MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.37 (dbg), 5.7.37 (opt), 8.0.28 (dbg), 8.0.28 (opt)

            Roel Roel Van de Paar added a comment - The best reduced/optimized testcase thus far: CREATE TABLE t (c INT ) ENGINE=InnoDB; SELECT * FROM ( SELECT * FROM t) AS a JOIN t WINDOW b AS (PARTITION BY t.c AND 1 BETWEEN ( SELECT * FROM t GROUP BY t.c WINDOW d AS (PARTITION BY t.c)) AND 1); Leads to: 10.9.0 0b14dbd45b5a1c02616d611876158d44b92b77bf (Debug) mysqld: /test/10.9_dbg/sql/sql_select.cc:19379: bool Create_tmp_table::finalize(THD*, TABLE*, TMP_TABLE_PARAM*, bool, bool): Assertion `field->table == table' failed. 10.9.0 0b14dbd45b5a1c02616d611876158d44b92b77bf (Debug) Core was generated by `/test/MD030522-mariadb-10.9.0-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'. Program terminated with signal SIGABRT, Aborted. #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 [Current thread is 1 (Thread 0x150d6bfff700 (LWP 1878654))] (gdb) bt #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 #1 0x0000150db43a0859 in __GI_abort () at abort.c:79 #2 0x0000150db43a0729 in __assert_fail_base (fmt=0x150db4536588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x562a9aded4b1 "field->table == table", file=0x562a9ae08cb8 "/test/10.9_dbg/sql/sql_select.cc", line=19379, function=<optimized out>) at assert.c:92 #3 0x0000150db43b2006 in __GI___assert_fail (assertion=assertion@entry=0x562a9aded4b1 "field->table == table", file=file@entry=0x562a9ae08cb8 "/test/10.9_dbg/sql/sql_select.cc", line=line@entry=19379, function=function@entry=0x562a9ae0ab08 "bool Create_tmp_table::finalize(THD*, TABLE*, TMP_TABLE_PARAM*, bool, bool)") at assert.c:101 #4 0x0000562a9a27de68 in Create_tmp_table::finalize (this=this@entry=0x150d6bffd5c0, thd=thd@entry=0x150d60000db8, table=table@entry=0x150d6007fa00, param=param@entry=0x150d600799d8, do_not_open=do_not_open@entry=true, keep_row_order=keep_row_order@entry=false) at /test/10.9_dbg/sql/sql_select.cc:19379 #5 0x0000562a9a27e4e8 in create_tmp_table (thd=0x150d60000db8, param=0x150d600799d8, fields=@0x150d60026018: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x150d60027c60, last = 0x150d60014318, elements = 4}, <No data fields>}, group=group@entry=0x150d600176b8, distinct=distinct@entry=false, save_sum_fields=save_sum_fields@entry=false, select_options=2147748608, rows_limit=18446744073709551615, table_alias=0x562a9b4cc4a0 <empty_clex_str>, do_not_open=true, keep_row_order=false) at /test/10.9_dbg/sql/sql_select.cc:19674 #6 0x0000562a9a28ca0b in JOIN::create_postjoin_aggr_table (this=this@entry=0x150d60025cb0, tab=tab@entry=0x150d6007c0d0, table_fields=table_fields@entry=0x150d60026018, table_group=0x150d600176b8, save_sum_fields=<optimized out>, distinct=distinct@entry=false, keep_row_order=false) at /test/10.9_dbg/sql/sql_select.cc:4055 #7 0x0000562a9a28db12 in JOIN::make_aggr_tables_info (this=this@entry=0x150d60025cb0) at /test/10.9_dbg/sql/sql_select.cc:3634 #8 0x0000562a9a29fcd2 in JOIN::optimize_stage2 (this=this@entry=0x150d60025cb0) at /test/10.9_dbg/sql/sql_select.cc:3262 #9 0x0000562a9a2a15a7 in JOIN::optimize_inner (this=this@entry=0x150d60025cb0) at /test/10.9_dbg/sql/sql_select.cc:2521 #10 0x0000562a9a2a196c in JOIN::optimize (this=this@entry=0x150d60025cb0) at /test/10.9_dbg/sql/sql_select.cc:1837 #11 0x0000562a9a2a1a5f in mysql_select (thd=thd@entry=0x150d60000db8, tables=0x150d60015840, fields=@0x150d60014028: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x150d60014318, last = 0x150d60026e08, elements = 2}, <No data fields>}, conds=0x0, og_num=1, order=0x0, group=0x150d600176b8, having=0x0, proc_param=0x0, select_options=2147748608, result=0x150d60025c88, unit=0x150d60004fd8, select_lex=0x150d60013d88) at /test/10.9_dbg/sql/sql_select.cc:5022 #12 0x0000562a9a2a22a8 in handle_select (thd=thd@entry=0x150d60000db8, lex=lex@entry=0x150d60004f00, result=result@entry=0x150d60025c88, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.9_dbg/sql/sql_select.cc:570 #13 0x0000562a9a20e6c8 in execute_sqlcom_select (thd=thd@entry=0x150d60000db8, all_tables=0x150d60015840) at /test/10.9_dbg/sql/sql_parse.cc:6271 #14 0x0000562a9a21a935 in mysql_execute_command (thd=thd@entry=0x150d60000db8, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.9_dbg/sql/sql_parse.cc:3961 #15 0x0000562a9a20867b in mysql_parse (thd=thd@entry=0x150d60000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x150d6bffe470) at /test/10.9_dbg/sql/sql_parse.cc:8046 #16 0x0000562a9a215f79 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x150d60000db8, packet=packet@entry=0x150d6000b699 "SELECT * FROM (SELECT * FROM t) AS a JOIN t WINDOW b AS (PARTITION BY t.c AND 1 BETWEEN (SELECT * FROM t GROUP BY t.c WINDOW d AS (PARTITION BY t.c)) AND 1)", packet_length=packet_length@entry=156, blocking=blocking@entry=true) at /test/10.9_dbg/sql/sql_class.h:1364 #17 0x0000562a9a218686 in do_command (thd=0x150d60000db8, blocking=blocking@entry=true) at /test/10.9_dbg/sql/sql_parse.cc:1408 #18 0x0000562a9a375d02 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x562a9dc43958, put_in_cache=put_in_cache@entry=true) at /test/10.9_dbg/sql/sql_connect.cc:1418 #19 0x0000562a9a37620b in handle_one_connection (arg=0x562a9dc43958) at /test/10.9_dbg/sql/sql_connect.cc:1312 #20 0x0000150db48b1609 in start_thread (arg=<optimized out>) at pthread_create.c:477 #21 0x0000150db449d163 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 Bug confirmed present in: MariaDB: 10.2.44 (dbg), 10.3.35 (dbg), 10.4.25 (dbg), 10.5.16 (dbg), 10.6.8 (dbg), 10.7.4 (dbg), 10.8.3 (dbg), 10.9.0 (dbg) Bug (or feature/syntax) confirmed not present in: MariaDB: 10.2.44 (opt), 10.3.35 (opt), 10.4.25 (opt), 10.5.16 (opt), 10.6.8 (opt), 10.7.4 (opt), 10.8.3 (opt), 10.9.0 (opt) MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.37 (dbg), 5.7.37 (opt), 8.0.28 (dbg), 8.0.28 (opt)
            Roel Roel Van de Paar added a comment -

            No futher info from ASAN/UBSAN.

            10.9.0 161fd2d29cc2f8390fa3bf7e739c52bc8d5c39df (Debug, UBASAN)

            		 
            2022-05-09 14:59:06 0 [Note] /test/UBASAN_MD090422-mariadb-10.9.0-linux-x86_64-dbg/bin/mysqld: ready for connections.
            		 
            Version: '10.9.0-MariaDB-debug'  socket: '/test/UBASAN_MD090422-mariadb-10.9.0-linux-x86_64-dbg/socket.sock'  port: 11078  MariaDB Server
            		 
            mysqld: /test/10.9_dbg_san/sql/sql_select.cc:19348: bool Create_tmp_table::finalize(THD*, TABLE*, TMP_TABLE_PARAM*, bool, bool): Assertion `field->table == table' failed.

            Roel Roel Van de Paar added a comment - No futher info from ASAN/UBSAN. 10.9.0 161fd2d29cc2f8390fa3bf7e739c52bc8d5c39df (Debug, UBASAN) 2022-05-09 14:59:06 0 [Note] /test/UBASAN_MD090422-mariadb-10.9.0-linux-x86_64-dbg/bin/mysqld: ready for connections. Version: '10.9.0-MariaDB-debug' socket: '/test/UBASAN_MD090422-mariadb-10.9.0-linux-x86_64-dbg/socket.sock' port: 11078 MariaDB Server mysqld: /test/10.9_dbg_san/sql/sql_select.cc:19348: bool Create_tmp_table::finalize(THD*, TABLE*, TMP_TABLE_PARAM*, bool, bool): Assertion `field->table == table' failed.
            Roel Roel Van de Paar added a comment - - edited

            See MDEV-29052 in connection with partitioning and a SIGEGV crash in hp_rec_hashnr

            Roel Roel Van de Paar added a comment - - edited See MDEV-29052 in connection with partitioning and a SIGEGV crash in hp_rec_hashnr
            psergei Sergei Petrunia added a comment -

            Note: this is not fixed by MDEV-23809. Also, assert added in MDEV-23809 doesn't fire.

            psergei Sergei Petrunia added a comment - Note: this is not fixed by MDEV-23809 . Also, assert added in MDEV-23809 doesn't fire.
            Roel Roel Van de Paar added a comment -

            Additional stable testcase which also crashes optimized builds.

            CREATE TABLE c(c DOUBLE,v2 TEXT,v3 INT);
            		 
            INSERT INTO c(v2)VALUES (1);
            		 
            SELECT 1 FROM c WINDOW v9 AS(ORDER BY (SELECT c FROM c GROUP BY c WINDOW c3 AS(PARTITION BY v2 ORDER BY - c)));

            Leads to:

            10.10.0 e1caa4bd5e8b4645944b85d4b603bf9fc9ef6ca4 (Optimized)

            		 
            Core was generated by `/test/MD290722-mariadb-10.10.0-linux-x86_64-opt/bin/mysqld --no-defaults --core'.
            		 
            Program terminated with signal SIGSEGV, Segmentation fault.
            		 
            #0  0x000055cf43a3eec1 in hp_rec_hashnr (keydef=keydef@entry=0x152074053ab8, 
                rec=rec@entry=0x152074052c10 "\377")
            		 
                at /test/10.10_opt/storage/heap/hp_hash.c:303
            		 
            303	      if (rec[seg->null_pos] & seg->null_bit)
            		 
            [Current thread is 1 (Thread 0x1520f8eaa700 (LWP 1480827))]
            		 
            (gdb) bt
            		 
            #0  0x000055cf43a3eec1 in hp_rec_hashnr (keydef=keydef@entry=0x152074053ab8, rec=rec@entry=0x152074052c10 "\377") at /test/10.10_opt/storage/heap/hp_hash.c:303
            		 
            #1  0x000055cf43a42196 in hp_write_key (info=<optimized out>, keyinfo=0x152074053ab8, record=0x152074052c10 "\377", recpos=0x15207405ec98 "") at /test/10.10_opt/storage/heap/hp_write.c:349
            		 
            #2  0x000055cf43a41cc4 in heap_write (info=0x152074053ed8, record=0x152074052c10 "\377") at /test/10.10_opt/storage/heap/hp_write.c:52
            		 
            #3  0x000055cf43a3d060 in ha_heap::write_row (this=0x152074052e90, buf=<optimized out>) at /test/10.10_opt/storage/heap/ha_heap.cc:239
            		 
            #4  0x000055cf435f55a8 in handler::ha_write_tmp_row (buf=0x152074052c10 "\377", this=0x152074052e90) at /test/10.10_opt/include/mysql/psi/mysql_thread.h:795
            		 
            #5  end_write (join=0x152074013b50, join_tab=0x15207404e148, end_of_records=<optimized out>) at /test/10.10_opt/sql/sql_select.cc:23233
            		 
            #6  0x000055cf435ca9d3 in evaluate_join_record (join=join@entry=0x152074013b50, join_tab=join_tab@entry=0x15207404dd90, error=<optimized out>) at /test/10.10_opt/sql/sql_select.cc:21970
            		 
            #7  0x000055cf435dc57b in sub_select (end_of_records=false, join_tab=0x15207404dd90, join=0x152074013b50) at /test/10.10_opt/sql/sql_select.cc:21740
            		 
            #8  sub_select (join=0x152074013b50, join_tab=0x15207404dd90, end_of_records=false) at /test/10.10_opt/sql/sql_select.cc:21669
            		 
            #9  0x000055cf4360b131 in do_select (procedure=<optimized out>, join=0x152074013b50) at /test/10.10_opt/sql/sql_select.cc:21285
            		 
            #10 JOIN::exec_inner (this=0x152074013b50) at /test/10.10_opt/sql/sql_select.cc:4804
            		 
            #11 0x000055cf4360b4f8 in JOIN::exec (this=this@entry=0x152074013b50) at /test/10.10_opt/sql/sql_select.cc:4582
            		 
            #12 0x000055cf43609701 in mysql_select (thd=0x152074000c58, tables=0x152074010d98, fields=@0x152074010af8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x152074010d50, last = 0x152074010d50, elements = 1}, <No data fields>}, conds=0x0, og_num=1, order=0x0, group=0x1520740122b0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x152074013b28, unit=0x152074004cd0, select_lex=0x152074010858) at /test/10.10_opt/sql/sql_select.cc:5062
            		 
            #13 0x000055cf43609e47 in handle_select (thd=thd@entry=0x152074000c58, lex=lex@entry=0x152074004bf8, result=result@entry=0x152074013b28, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.10_opt/sql/sql_select.cc:581
            		 
            #14 0x000055cf4358bb81 in execute_sqlcom_select (thd=0x152074000c58, all_tables=0x152074010d98) at /test/10.10_opt/sql/sql_parse.cc:6261
            		 
            #15 0x000055cf435996ed in mysql_execute_command (thd=0x152074000c58, is_called_from_prepared_stmt=<optimized out>) at /test/10.10_opt/sql/sql_parse.cc:3945
            		 
            #16 0x000055cf43586d85 in mysql_parse (rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, thd=0x152074000c58) at /test/10.10_opt/sql/sql_parse.cc:8037
            		 
            #17 mysql_parse (thd=0x152074000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/10.10_opt/sql/sql_parse.cc:7959
            		 
            #18 0x000055cf4359289a in dispatch_command (command=COM_QUERY, thd=0x152074000c58, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/10.10_opt/sql/sql_class.h:1366
            		 
            #19 0x000055cf435947c2 in do_command (thd=0x152074000c58, blocking=blocking@entry=true) at /test/10.10_opt/sql/sql_parse.cc:1407
            		 
            #20 0x000055cf436ac6ef in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55cf46392558, put_in_cache=put_in_cache@entry=true) at /test/10.10_opt/sql/sql_connect.cc:1418
            		 
            #21 0x000055cf436ac9cd in handle_one_connection (arg=0x55cf46392558) at /test/10.10_opt/sql/sql_connect.cc:1312
            		 
            #22 0x000015211ff73609 in start_thread (arg=<optimized out>) at pthread_create.c:477
            		 
            #23 0x000015211fb5f133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

            10.10.0 e1caa4bd5e8b4645944b85d4b603bf9fc9ef6ca4 (Debug)

            		 
            mysqld: /test/10.10_dbg/sql/sql_select.cc:19993: bool Create_tmp_table::finalize(THD*, TABLE*, TMP_TABLE_PARAM*, bool, bool): Assertion `field->table == table' failed.

            10.10.0 e1caa4bd5e8b4645944b85d4b603bf9fc9ef6ca4 (Debug)

            		 
            Core was generated by `/test/MD290722-mariadb-10.10.0-linux-x86_64-dbg/bin/mysqld --no-defaults --core'.
            		 
            Program terminated with signal SIGABRT, Aborted.
            		 
            #0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
            		 
            [Current thread is 1 (Thread 0x1525ac0af700 (LWP 1482368))]
            		 
            (gdb) bt
            		 
            #0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
            		 
            #1  0x00001525c342f859 in __GI_abort () at abort.c:79
            		 
            #2  0x00001525c342f729 in __assert_fail_base (fmt=0x1525c35c5588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x55e5484059ea "field->table == table", file=0x55e548421a20 "/test/10.10_dbg/sql/sql_select.cc", line=19993, function=<optimized out>) at assert.c:92
            		 
            #3  0x00001525c3440fd6 in __GI___assert_fail (assertion=assertion@entry=0x55e5484059ea "field->table == table", file=file@entry=0x55e548421a20 "/test/10.10_dbg/sql/sql_select.cc", line=line@entry=19993, function=function@entry=0x55e548423b50 "bool Create_tmp_table::finalize(THD*, TABLE*, TMP_TABLE_PARAM*, bool, bool)") at assert.c:101
            		 
            #4  0x000055e547895944 in Create_tmp_table::finalize (this=this@entry=0x1525ac0ad440, thd=thd@entry=0x15254c000db8, table=table@entry=0x15254c0795d0, param=param@entry=0x15254c073308, do_not_open=do_not_open@entry=true, keep_row_order=keep_row_order@entry=false) at /test/10.10_dbg/sql/sql_select.cc:19993
            		 
            #5  0x000055e547895fc4 in create_tmp_table (thd=0x15254c000db8, param=0x15254c073308, fields=@0x15254c017400: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x15254c017a98, last = 0x15254c014270, elements = 3}, <No data fields>}, group=group@entry=0x15254c0157d0, distinct=distinct@entry=false, save_sum_fields=save_sum_fields@entry=false, select_options=2147748608, rows_limit=18446744073709551615, table_alias=0x55e548aeecc0 <empty_clex_str>, do_not_open=true, keep_row_order=false) at /test/10.10_dbg/sql/sql_select.cc:20288
            		 
            #6  0x000055e5478a455f in JOIN::create_postjoin_aggr_table (this=this@entry=0x15254c017070, tab=tab@entry=0x15254c0758f8, table_fields=table_fields@entry=0x15254c017400, table_group=0x15254c0157d0, save_sum_fields=<optimized out>, distinct=distinct@entry=false, keep_row_order=false) at /test/10.10_dbg/sql/sql_select.cc:4081
            		 
            #7  0x000055e5478a5666 in JOIN::make_aggr_tables_info (this=this@entry=0x15254c017070) at /test/10.10_dbg/sql/sql_select.cc:3660
            		 
            #8  0x000055e5478b78bf in JOIN::optimize_stage2 (this=this@entry=0x15254c017070) at /test/10.10_dbg/sql/sql_select.cc:3288
            		 
            #9  0x000055e5478b91a9 in JOIN::optimize_inner (this=this@entry=0x15254c017070) at /test/10.10_dbg/sql/sql_select.cc:2547
            		 
            #10 0x000055e5478b956e in JOIN::optimize (this=this@entry=0x15254c017070) at /test/10.10_dbg/sql/sql_select.cc:1863
            		 
            #11 0x000055e5478b9661 in mysql_select (thd=thd@entry=0x15254c000db8, tables=0x15254c0142b8, fields=@0x15254c014018: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x15254c014270, last = 0x15254c014270, elements = 1}, <No data fields>}, conds=0x0, og_num=1, order=0x0, group=0x15254c0157d0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x15254c017048, unit=0x15254c004ff0, select_lex=0x15254c013d78) at /test/10.10_dbg/sql/sql_select.cc:5048
            		 
            #12 0x000055e5478b9eaa in handle_select (thd=thd@entry=0x15254c000db8, lex=lex@entry=0x15254c004f18, result=result@entry=0x15254c017048, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.10_dbg/sql/sql_select.cc:581
            		 
            #13 0x000055e547824258 in execute_sqlcom_select (thd=thd@entry=0x15254c000db8, all_tables=0x15254c0142b8) at /test/10.10_dbg/sql/sql_parse.cc:6261
            		 
            #14 0x000055e54783056a in mysql_execute_command (thd=thd@entry=0x15254c000db8, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.10_dbg/sql/sql_parse.cc:3945
            		 
            #15 0x000055e54781e534 in mysql_parse (thd=thd@entry=0x15254c000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x1525ac0ae330) at /test/10.10_dbg/sql/sql_parse.cc:8037
            		 
            #16 0x000055e54782bb1c in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x15254c000db8, packet=packet@entry=0x15254c00b6e9 "SELECT 1 FROM c WINDOW v9 AS(ORDER BY (SELECT c FROM c GROUP BY c WINDOW c3 AS(PARTITION BY v2 ORDER BY - c)))", packet_length=packet_length@entry=110, blocking=blocking@entry=true) at /test/10.10_dbg/sql/sql_class.h:1366
            		 
            #17 0x000055e54782e226 in do_command (thd=0x15254c000db8, blocking=blocking@entry=true) at /test/10.10_dbg/sql/sql_parse.cc:1407
            		 
            #18 0x000055e54798f744 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55e549db4e08, put_in_cache=put_in_cache@entry=true) at /test/10.10_dbg/sql/sql_connect.cc:1418
            		 
            #19 0x000055e54798fc4d in handle_one_connection (arg=0x55e549db4e08) at /test/10.10_dbg/sql/sql_connect.cc:1312
            		 
            #20 0x00001525c3940609 in start_thread (arg=<optimized out>) at pthread_create.c:477
            		 
            #21 0x00001525c352c133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

            Bug confirmed present in:
            MariaDB: 10.3.36 (dbg), 10.3.36 (opt), 10.4.26 (dbg), 10.4.26 (opt), 10.5.17 (dbg), 10.5.17 (opt), 10.6.9 (dbg), 10.6.9 (opt), 10.7.5 (dbg), 10.7.5 (opt), 10.8.4 (dbg), 10.8.4 (opt), 10.9.2 (dbg), 10.9.2 (opt), 10.10.0 (dbg), 10.10.0 (opt)

            Bug (or feature/syntax) confirmed not present in:
            MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.38 (dbg), 5.7.38 (opt), 8.0.29 (dbg), 8.0.29 (opt)

            UniqueID's seen with this testcase across MariaDB versions

            SIGSEGV|hp_rec_hashnr|hp_write_key|heap_write|ha_heap::write_row
            		 
            field->table == table|SIGABRT|Create_tmp_table::finalize|create_tmp_table|JOIN::create_postjoin_aggr_table|JOIN::make_aggr_tables_info
            		 
            field->table == table|SIGABRT|create_tmp_table|JOIN::create_postjoin_aggr_table|JOIN::make_aggr_tables_info|JOIN::optimize_stage2

            Roel Roel Van de Paar added a comment - Additional stable testcase which also crashes optimized builds. CREATE TABLE c(c DOUBLE ,v2 TEXT,v3 INT ); INSERT INTO c(v2) VALUES (1); SELECT 1 FROM c WINDOW v9 AS ( ORDER BY ( SELECT c FROM c GROUP BY c WINDOW c3 AS (PARTITION BY v2 ORDER BY - c))); Leads to: 10.10.0 e1caa4bd5e8b4645944b85d4b603bf9fc9ef6ca4 (Optimized) Core was generated by `/test/MD290722-mariadb-10.10.0-linux-x86_64-opt/bin/mysqld --no-defaults --core'. Program terminated with signal SIGSEGV, Segmentation fault. #0 0x000055cf43a3eec1 in hp_rec_hashnr (keydef=keydef@entry=0x152074053ab8, rec=rec@entry=0x152074052c10 "\377") at /test/10.10_opt/storage/heap/hp_hash.c:303 303 if (rec[seg->null_pos] & seg->null_bit) [Current thread is 1 (Thread 0x1520f8eaa700 (LWP 1480827))] (gdb) bt #0 0x000055cf43a3eec1 in hp_rec_hashnr (keydef=keydef@entry=0x152074053ab8, rec=rec@entry=0x152074052c10 "\377") at /test/10.10_opt/storage/heap/hp_hash.c:303 #1 0x000055cf43a42196 in hp_write_key (info=<optimized out>, keyinfo=0x152074053ab8, record=0x152074052c10 "\377", recpos=0x15207405ec98 "") at /test/10.10_opt/storage/heap/hp_write.c:349 #2 0x000055cf43a41cc4 in heap_write (info=0x152074053ed8, record=0x152074052c10 "\377") at /test/10.10_opt/storage/heap/hp_write.c:52 #3 0x000055cf43a3d060 in ha_heap::write_row (this=0x152074052e90, buf=<optimized out>) at /test/10.10_opt/storage/heap/ha_heap.cc:239 #4 0x000055cf435f55a8 in handler::ha_write_tmp_row (buf=0x152074052c10 "\377", this=0x152074052e90) at /test/10.10_opt/include/mysql/psi/mysql_thread.h:795 #5 end_write (join=0x152074013b50, join_tab=0x15207404e148, end_of_records=<optimized out>) at /test/10.10_opt/sql/sql_select.cc:23233 #6 0x000055cf435ca9d3 in evaluate_join_record (join=join@entry=0x152074013b50, join_tab=join_tab@entry=0x15207404dd90, error=<optimized out>) at /test/10.10_opt/sql/sql_select.cc:21970 #7 0x000055cf435dc57b in sub_select (end_of_records=false, join_tab=0x15207404dd90, join=0x152074013b50) at /test/10.10_opt/sql/sql_select.cc:21740 #8 sub_select (join=0x152074013b50, join_tab=0x15207404dd90, end_of_records=false) at /test/10.10_opt/sql/sql_select.cc:21669 #9 0x000055cf4360b131 in do_select (procedure=<optimized out>, join=0x152074013b50) at /test/10.10_opt/sql/sql_select.cc:21285 #10 JOIN::exec_inner (this=0x152074013b50) at /test/10.10_opt/sql/sql_select.cc:4804 #11 0x000055cf4360b4f8 in JOIN::exec (this=this@entry=0x152074013b50) at /test/10.10_opt/sql/sql_select.cc:4582 #12 0x000055cf43609701 in mysql_select (thd=0x152074000c58, tables=0x152074010d98, fields=@0x152074010af8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x152074010d50, last = 0x152074010d50, elements = 1}, <No data fields>}, conds=0x0, og_num=1, order=0x0, group=0x1520740122b0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x152074013b28, unit=0x152074004cd0, select_lex=0x152074010858) at /test/10.10_opt/sql/sql_select.cc:5062 #13 0x000055cf43609e47 in handle_select (thd=thd@entry=0x152074000c58, lex=lex@entry=0x152074004bf8, result=result@entry=0x152074013b28, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.10_opt/sql/sql_select.cc:581 #14 0x000055cf4358bb81 in execute_sqlcom_select (thd=0x152074000c58, all_tables=0x152074010d98) at /test/10.10_opt/sql/sql_parse.cc:6261 #15 0x000055cf435996ed in mysql_execute_command (thd=0x152074000c58, is_called_from_prepared_stmt=<optimized out>) at /test/10.10_opt/sql/sql_parse.cc:3945 #16 0x000055cf43586d85 in mysql_parse (rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, thd=0x152074000c58) at /test/10.10_opt/sql/sql_parse.cc:8037 #17 mysql_parse (thd=0x152074000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/10.10_opt/sql/sql_parse.cc:7959 #18 0x000055cf4359289a in dispatch_command (command=COM_QUERY, thd=0x152074000c58, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/10.10_opt/sql/sql_class.h:1366 #19 0x000055cf435947c2 in do_command (thd=0x152074000c58, blocking=blocking@entry=true) at /test/10.10_opt/sql/sql_parse.cc:1407 #20 0x000055cf436ac6ef in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55cf46392558, put_in_cache=put_in_cache@entry=true) at /test/10.10_opt/sql/sql_connect.cc:1418 #21 0x000055cf436ac9cd in handle_one_connection (arg=0x55cf46392558) at /test/10.10_opt/sql/sql_connect.cc:1312 #22 0x000015211ff73609 in start_thread (arg=<optimized out>) at pthread_create.c:477 #23 0x000015211fb5f133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 10.10.0 e1caa4bd5e8b4645944b85d4b603bf9fc9ef6ca4 (Debug) mysqld: /test/10.10_dbg/sql/sql_select.cc:19993: bool Create_tmp_table::finalize(THD*, TABLE*, TMP_TABLE_PARAM*, bool, bool): Assertion `field->table == table' failed. 10.10.0 e1caa4bd5e8b4645944b85d4b603bf9fc9ef6ca4 (Debug) Core was generated by `/test/MD290722-mariadb-10.10.0-linux-x86_64-dbg/bin/mysqld --no-defaults --core'. Program terminated with signal SIGABRT, Aborted. #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 [Current thread is 1 (Thread 0x1525ac0af700 (LWP 1482368))] (gdb) bt #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 #1 0x00001525c342f859 in __GI_abort () at abort.c:79 #2 0x00001525c342f729 in __assert_fail_base (fmt=0x1525c35c5588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x55e5484059ea "field->table == table", file=0x55e548421a20 "/test/10.10_dbg/sql/sql_select.cc", line=19993, function=<optimized out>) at assert.c:92 #3 0x00001525c3440fd6 in __GI___assert_fail (assertion=assertion@entry=0x55e5484059ea "field->table == table", file=file@entry=0x55e548421a20 "/test/10.10_dbg/sql/sql_select.cc", line=line@entry=19993, function=function@entry=0x55e548423b50 "bool Create_tmp_table::finalize(THD*, TABLE*, TMP_TABLE_PARAM*, bool, bool)") at assert.c:101 #4 0x000055e547895944 in Create_tmp_table::finalize (this=this@entry=0x1525ac0ad440, thd=thd@entry=0x15254c000db8, table=table@entry=0x15254c0795d0, param=param@entry=0x15254c073308, do_not_open=do_not_open@entry=true, keep_row_order=keep_row_order@entry=false) at /test/10.10_dbg/sql/sql_select.cc:19993 #5 0x000055e547895fc4 in create_tmp_table (thd=0x15254c000db8, param=0x15254c073308, fields=@0x15254c017400: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x15254c017a98, last = 0x15254c014270, elements = 3}, <No data fields>}, group=group@entry=0x15254c0157d0, distinct=distinct@entry=false, save_sum_fields=save_sum_fields@entry=false, select_options=2147748608, rows_limit=18446744073709551615, table_alias=0x55e548aeecc0 <empty_clex_str>, do_not_open=true, keep_row_order=false) at /test/10.10_dbg/sql/sql_select.cc:20288 #6 0x000055e5478a455f in JOIN::create_postjoin_aggr_table (this=this@entry=0x15254c017070, tab=tab@entry=0x15254c0758f8, table_fields=table_fields@entry=0x15254c017400, table_group=0x15254c0157d0, save_sum_fields=<optimized out>, distinct=distinct@entry=false, keep_row_order=false) at /test/10.10_dbg/sql/sql_select.cc:4081 #7 0x000055e5478a5666 in JOIN::make_aggr_tables_info (this=this@entry=0x15254c017070) at /test/10.10_dbg/sql/sql_select.cc:3660 #8 0x000055e5478b78bf in JOIN::optimize_stage2 (this=this@entry=0x15254c017070) at /test/10.10_dbg/sql/sql_select.cc:3288 #9 0x000055e5478b91a9 in JOIN::optimize_inner (this=this@entry=0x15254c017070) at /test/10.10_dbg/sql/sql_select.cc:2547 #10 0x000055e5478b956e in JOIN::optimize (this=this@entry=0x15254c017070) at /test/10.10_dbg/sql/sql_select.cc:1863 #11 0x000055e5478b9661 in mysql_select (thd=thd@entry=0x15254c000db8, tables=0x15254c0142b8, fields=@0x15254c014018: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x15254c014270, last = 0x15254c014270, elements = 1}, <No data fields>}, conds=0x0, og_num=1, order=0x0, group=0x15254c0157d0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x15254c017048, unit=0x15254c004ff0, select_lex=0x15254c013d78) at /test/10.10_dbg/sql/sql_select.cc:5048 #12 0x000055e5478b9eaa in handle_select (thd=thd@entry=0x15254c000db8, lex=lex@entry=0x15254c004f18, result=result@entry=0x15254c017048, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.10_dbg/sql/sql_select.cc:581 #13 0x000055e547824258 in execute_sqlcom_select (thd=thd@entry=0x15254c000db8, all_tables=0x15254c0142b8) at /test/10.10_dbg/sql/sql_parse.cc:6261 #14 0x000055e54783056a in mysql_execute_command (thd=thd@entry=0x15254c000db8, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.10_dbg/sql/sql_parse.cc:3945 #15 0x000055e54781e534 in mysql_parse (thd=thd@entry=0x15254c000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x1525ac0ae330) at /test/10.10_dbg/sql/sql_parse.cc:8037 #16 0x000055e54782bb1c in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x15254c000db8, packet=packet@entry=0x15254c00b6e9 "SELECT 1 FROM c WINDOW v9 AS(ORDER BY (SELECT c FROM c GROUP BY c WINDOW c3 AS(PARTITION BY v2 ORDER BY - c)))", packet_length=packet_length@entry=110, blocking=blocking@entry=true) at /test/10.10_dbg/sql/sql_class.h:1366 #17 0x000055e54782e226 in do_command (thd=0x15254c000db8, blocking=blocking@entry=true) at /test/10.10_dbg/sql/sql_parse.cc:1407 #18 0x000055e54798f744 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55e549db4e08, put_in_cache=put_in_cache@entry=true) at /test/10.10_dbg/sql/sql_connect.cc:1418 #19 0x000055e54798fc4d in handle_one_connection (arg=0x55e549db4e08) at /test/10.10_dbg/sql/sql_connect.cc:1312 #20 0x00001525c3940609 in start_thread (arg=<optimized out>) at pthread_create.c:477 #21 0x00001525c352c133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 Bug confirmed present in: MariaDB: 10.3.36 (dbg), 10.3.36 (opt), 10.4.26 (dbg), 10.4.26 (opt), 10.5.17 (dbg), 10.5.17 (opt), 10.6.9 (dbg), 10.6.9 (opt), 10.7.5 (dbg), 10.7.5 (opt), 10.8.4 (dbg), 10.8.4 (opt), 10.9.2 (dbg), 10.9.2 (opt), 10.10.0 (dbg), 10.10.0 (opt) Bug (or feature/syntax) confirmed not present in: MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.38 (dbg), 5.7.38 (opt), 8.0.29 (dbg), 8.0.29 (opt) UniqueID's seen with this testcase across MariaDB versions SIGSEGV|hp_rec_hashnr|hp_write_key|heap_write|ha_heap::write_row field->table == table|SIGABRT|Create_tmp_table::finalize|create_tmp_table|JOIN::create_postjoin_aggr_table|JOIN::make_aggr_tables_info field->table == table|SIGABRT|create_tmp_table|JOIN::create_postjoin_aggr_table|JOIN::make_aggr_tables_info|JOIN::optimize_stage2
            Johnston Rex Johnston added a comment - 

            CREATE TABLE t1 (i1 int );
            		 
            CREATE TABLE t2 (i2 int, j2 int );
            		 
            INSERT INTO t1 VALUES (-1),(0),(84);
            		 
            SELECT 1 FROM t1 WINDOW w AS (ORDER BY (SELECT i2 FROM t2 GROUP BY i2 WINDOW w2 AS (ORDER BY 1) ));

            causes

            10.3

            #1  0x00007ffff76d6537 in __GI_abort () at abort.c:79
            		 
            #2  0x00007ffff76d640f in __assert_fail_base (fmt=0x7ffff784e6a8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x55555687214e "field->table == table", 
                file=0x55555686f810 "/home/rex/src/mariadb/server/sql/sql_select.cc", line=18274, function=<optimized out>) at assert.c:92
            		 
            #3  0x00007ffff76e5662 in __GI___assert_fail (assertion=0x55555687214e "field->table == table", file=0x55555686f810 "/home/rex/src/mariadb/server/sql/sql_select.cc", line=18274, 
                function=0x555556872038 "TABLE* create_tmp_table(THD*, TMP_TABLE_PARAM*, List<Item>&, ORDER*, bool, bool, ulonglong, ha_rows, const LEX_CSTRING*, bool, bool)") at assert.c:101
            		 
            #4  0x0000555555cb6ecf in create_tmp_table (thd=0x7fff68000d90, param=0x7fff6806fb98, fields=..., group=0x7fff68015580, distinct=false, save_sum_fields=false, 
                select_options=2147748608, rows_limit=18446744073709551615, table_alias=0x555556f54c00 <empty_clex_str>, do_not_open=true, keep_row_order=false)
            		 
                at /home/rex/src/mariadb/server/sql/sql_select.cc:18274
            		 
            #5  0x0000555555c90aa9 in JOIN::create_postjoin_aggr_table (this=0x7fff68015b28, tab=0x7fff6806f0d8, table_fields=0x7fff68015e48, table_group=0x7fff68015580, 
                save_sum_fields=false, distinct=false, keep_row_order=false) at /home/rex/src/mariadb/server/sql/sql_select.cc:3491
            		 
            #6  0x0000555555c8f0c2 in JOIN::make_aggr_tables_info (this=0x7fff68015b28) at /home/rex/src/mariadb/server/sql/sql_select.cc:3090
            		 
            #7  0x0000555555c8da39 in JOIN::optimize_stage2 (this=0x7fff68015b28) at /home/rex/src/mariadb/server/sql/sql_select.cc:2725
            		 
            #8  0x0000555555c8b4d0 in JOIN::optimize_inner (this=0x7fff68015b28) at /home/rex/src/mariadb/server/sql/sql_select.cc:2031
            		 
            #9  0x0000555555c89919 in JOIN::optimize (this=0x7fff68015b28) at /home/rex/src/mariadb/server/sql/sql_select.cc:1547
            		 
            #10 0x0000555555c939d0 in mysql_select...

            10.9

            #2  0x00007ffff778d40f in __assert_fail_base (fmt=0x7ffff79056a8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x555556f0929e "field->table == table", 
                file=0x555556f05c88 "/home/rex/src/mariadb/server.30081/sql/sql_select.cc", line=19644, function=<optimized out>) at assert.c:92
            		 
            #3  0x00007ffff779c662 in __GI___assert_fail (assertion=0x555556f0929e "field->table == table", file=0x555556f05c88 "/home/rex/src/mariadb/server.30081/sql/sql_select.cc", 
                line=19644, function=0x555556f091d0 "bool Create_tmp_table::finalize(THD*, TABLE*, TMP_TABLE_PARAM*, bool, bool)") at assert.c:101
            		 
            #4  0x00005555560169ba in Create_tmp_table::finalize (this=0x7fffdc106f20, thd=0x7fff74000db8, table=0x7fff742e4120, param=0x7fff743d3ec0, do_not_open=true, keep_row_order=false)
            		 
                at /home/rex/src/mariadb/server.30081/sql/sql_select.cc:19644
            		 
            #5  0x0000555556017f1f in create_tmp_table (thd=0x7fff74000db8, param=0x7fff743d3ec0, fields=..., group=0x7fff74018410, distinct=false, save_sum_fields=false, 
                select_options=2147748608, rows_limit=18446744073709551615, table_alias=0x5555577d6c80 <empty_clex_str>, do_not_open=true, keep_row_order=false)
            		 
                at /home/rex/src/mariadb/server.30081/sql/sql_select.cc:19941
            		 
            #6  0x0000555555fece8b in JOIN::create_postjoin_aggr_table (this=0x7fff74019ab8, tab=0x7fff743d3570, table_fields=0x7fff74019e20, table_group=0x7fff74018410, 
                save_sum_fields=false, distinct=false, keep_row_order=false) at /home/rex/src/mariadb/server.30081/sql/sql_select.cc:4094
            		 
            #7  0x0000555555feb3d2 in JOIN::make_aggr_tables_info (this=0x7fff74019ab8) at /home/rex/src/mariadb/server.30081/sql/sql_select.cc:3672
            		 
            #8  0x0000555555fe9ceb in JOIN::optimize_stage2 (this=0x7fff74019ab8) at /home/rex/src/mariadb/server.30081/sql/sql_select.cc:3296
            		 
            #9  0x0000555555fe73de in JOIN::optimize_inner (this=0x7fff74019ab8) at /home/rex/src/mariadb/server.30081/sql/sql_select.cc:2555
            		 
            #10 0x0000555555fe4c30 in JOIN::optimize (this=0x7fff74019ab8) at /home/rex/src/mariadb/server.30081/sql/sql_select.cc:1868
            		 
            #11 0x0000555555ff04a7 in mysql_select...

            Johnston Rex Johnston added a comment - CREATE TABLE t1 (i1 int ); CREATE TABLE t2 (i2 int , j2 int ); INSERT INTO t1 VALUES (-1),(0),(84); SELECT 1 FROM t1 WINDOW w AS ( ORDER BY ( SELECT i2 FROM t2 GROUP BY i2 WINDOW w2 AS ( ORDER BY 1) )); causes 10.3 #1 0x00007ffff76d6537 in __GI_abort () at abort.c:79 #2 0x00007ffff76d640f in __assert_fail_base (fmt=0x7ffff784e6a8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x55555687214e "field->table == table", file=0x55555686f810 "/home/rex/src/mariadb/server/sql/sql_select.cc", line=18274, function=<optimized out>) at assert.c:92 #3 0x00007ffff76e5662 in __GI___assert_fail (assertion=0x55555687214e "field->table == table", file=0x55555686f810 "/home/rex/src/mariadb/server/sql/sql_select.cc", line=18274, function=0x555556872038 "TABLE* create_tmp_table(THD*, TMP_TABLE_PARAM*, List<Item>&, ORDER*, bool, bool, ulonglong, ha_rows, const LEX_CSTRING*, bool, bool)") at assert.c:101 #4 0x0000555555cb6ecf in create_tmp_table (thd=0x7fff68000d90, param=0x7fff6806fb98, fields=..., group=0x7fff68015580, distinct=false, save_sum_fields=false, select_options=2147748608, rows_limit=18446744073709551615, table_alias=0x555556f54c00 <empty_clex_str>, do_not_open=true, keep_row_order=false) at /home/rex/src/mariadb/server/sql/sql_select.cc:18274 #5 0x0000555555c90aa9 in JOIN::create_postjoin_aggr_table (this=0x7fff68015b28, tab=0x7fff6806f0d8, table_fields=0x7fff68015e48, table_group=0x7fff68015580, save_sum_fields=false, distinct=false, keep_row_order=false) at /home/rex/src/mariadb/server/sql/sql_select.cc:3491 #6 0x0000555555c8f0c2 in JOIN::make_aggr_tables_info (this=0x7fff68015b28) at /home/rex/src/mariadb/server/sql/sql_select.cc:3090 #7 0x0000555555c8da39 in JOIN::optimize_stage2 (this=0x7fff68015b28) at /home/rex/src/mariadb/server/sql/sql_select.cc:2725 #8 0x0000555555c8b4d0 in JOIN::optimize_inner (this=0x7fff68015b28) at /home/rex/src/mariadb/server/sql/sql_select.cc:2031 #9 0x0000555555c89919 in JOIN::optimize (this=0x7fff68015b28) at /home/rex/src/mariadb/server/sql/sql_select.cc:1547 #10 0x0000555555c939d0 in mysql_select... 10.9 #2 0x00007ffff778d40f in __assert_fail_base (fmt=0x7ffff79056a8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x555556f0929e "field->table == table", file=0x555556f05c88 "/home/rex/src/mariadb/server.30081/sql/sql_select.cc", line=19644, function=<optimized out>) at assert.c:92 #3 0x00007ffff779c662 in __GI___assert_fail (assertion=0x555556f0929e "field->table == table", file=0x555556f05c88 "/home/rex/src/mariadb/server.30081/sql/sql_select.cc", line=19644, function=0x555556f091d0 "bool Create_tmp_table::finalize(THD*, TABLE*, TMP_TABLE_PARAM*, bool, bool)") at assert.c:101 #4 0x00005555560169ba in Create_tmp_table::finalize (this=0x7fffdc106f20, thd=0x7fff74000db8, table=0x7fff742e4120, param=0x7fff743d3ec0, do_not_open=true, keep_row_order=false) at /home/rex/src/mariadb/server.30081/sql/sql_select.cc:19644 #5 0x0000555556017f1f in create_tmp_table (thd=0x7fff74000db8, param=0x7fff743d3ec0, fields=..., group=0x7fff74018410, distinct=false, save_sum_fields=false, select_options=2147748608, rows_limit=18446744073709551615, table_alias=0x5555577d6c80 <empty_clex_str>, do_not_open=true, keep_row_order=false) at /home/rex/src/mariadb/server.30081/sql/sql_select.cc:19941 #6 0x0000555555fece8b in JOIN::create_postjoin_aggr_table (this=0x7fff74019ab8, tab=0x7fff743d3570, table_fields=0x7fff74019e20, table_group=0x7fff74018410, save_sum_fields=false, distinct=false, keep_row_order=false) at /home/rex/src/mariadb/server.30081/sql/sql_select.cc:4094 #7 0x0000555555feb3d2 in JOIN::make_aggr_tables_info (this=0x7fff74019ab8) at /home/rex/src/mariadb/server.30081/sql/sql_select.cc:3672 #8 0x0000555555fe9ceb in JOIN::optimize_stage2 (this=0x7fff74019ab8) at /home/rex/src/mariadb/server.30081/sql/sql_select.cc:3296 #9 0x0000555555fe73de in JOIN::optimize_inner (this=0x7fff74019ab8) at /home/rex/src/mariadb/server.30081/sql/sql_select.cc:2555 #10 0x0000555555fe4c30 in JOIN::optimize (this=0x7fff74019ab8) at /home/rex/src/mariadb/server.30081/sql/sql_select.cc:1868 #11 0x0000555555ff04a7 in mysql_select...
            Johnston Rex Johnston added a comment -

            Igor's patch currently in MDEV-30052/comments fixes this issue.

            Johnston Rex Johnston added a comment - Igor's patch currently in MDEV-30052 /comments fixes this issue.
            psergei Sergei Petrunia added a comment -

            Johnston, if this is so, this bug needs to be closed with Status=Duplicate and a note saying "Duplicate of MDEV-nnnn".

            One more thing:
            does the testcase for this bug add more coverage as opposed to MDEV-30052?

            At the first glance, it seems like the answer is No. (If it is actually "yes", we should push a commit with just the testcase (and again a note that the bug was fixed by MDEV-30052).

            psergei Sergei Petrunia added a comment - Johnston , if this is so, this bug needs to be closed with Status=Duplicate and a note saying "Duplicate of MDEV-nnnn". One more thing: does the testcase for this bug add more coverage as opposed to MDEV-30052 ? At the first glance, it seems like the answer is No. (If it is actually "yes", we should push a commit with just the testcase (and again a note that the bug was fixed by MDEV-30052 ).

            People

              Johnston Rex Johnston
              Roel Roel Van de Paar
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.