Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-28958

Crash when checking whether condition can be pushed into view

Details

    Description

      CREATE TABLE c(c INT) ENGINE=InnoDB;
      		 
      SELECT * FROM(SELECT * FROM c GROUP BY NOT c=c) AS c NATURAL JOIN c AS c GROUP BY c HAVING c=c OR c=c;

      Leads to:

      10.10.0 081a284712bb661349e2e3802077b12211cede3e (Optimized)

      		 
      Core was generated by `/test/MD310522-mariadb-10.10.0-linux-x86_64-opt/bin/mysqld --no-defaults --core'.
      		 
      Program terminated with signal SIGSEGV, Segmentation fault.
      		 
      #0  0x000055ae368d5e44 in Item::clear_extraction_flag (this=0x149bb20a4090)
      		 
          at /test/10.10_opt/sql/item.h:2664
      		 
      [Current thread is 1 (Thread 0x149b98d48700 (LWP 3347048))]
      		 
      (gdb) bt
      		 
      #0  0x000055ae368d5e44 in Item::clear_extraction_flag (this=0x149bb20a4090) at /test/10.10_opt/sql/item.h:2664
      		 
      #1  Item::check_pushable_cond (this=0x149bb20a4090, checker=(bool (Item::*)(Item * const, uchar *)) 0x55ae3662aec0 <Item::pushable_cond_checker_for_derived(unsigned char*)>, arg=0x149b5404b128 "\001") at /test/10.10_opt/sql/item.cc:7505
      		 
      #2  0x000055ae368d5f99 in Item::check_pushable_cond (this=0x149b5401fa68, checker=<optimized out>, arg=0x149b5404b128 "\001") at /test/10.10_opt/sql/item.cc:7514
      		 
      #3  0x000055ae368d5eea in Item::check_pushable_cond (this=this@entry=0x149b540220a8, checker=<optimized out>, arg=0x149b5404b128 "\001") at /test/10.10_opt/sql/item.cc:7514
      		 
      #4  0x000055ae36629be1 in pushdown_cond_for_derived (thd=0x149b54000c58, cond=0x149b540220a8, derived=derived@entry=0x149b540129e0) at /test/10.10_opt/sql/sql_derived.cc:1538
      		 
      #5  0x000055ae366e0b45 in JOIN::optimize_inner (this=0x149b54020458) at /test/10.10_opt/sql/sql_select.cc:2318
      		 
      #6  0x000055ae366e3b13 in JOIN::optimize (this=this@entry=0x149b54020458) at /test/10.10_opt/sql/sql_select.cc:1845
      		 
      #7  0x000055ae366e3bfe in mysql_select (thd=0x149b54000c58, tables=0x149b540129e0, fields=@0x149b54010ad8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x149b54010dc8, last = 0x149b54010dc8, elements = 1}, <No data fields>}, conds=0x0, og_num=1, order=0x0, group=0x149b540140c8, having=0x149b5401fa68, proc_param=0x0, select_options=<optimized out>, result=0x149b54020430, unit=0x149b54004cb8, select_lex=0x149b54010838) at /test/10.10_opt/sql/sql_select.cc:5030
      		 
      #8  0x000055ae366e4397 in handle_select (thd=thd@entry=0x149b54000c58, lex=lex@entry=0x149b54004be0, result=result@entry=0x149b54020430, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.10_opt/sql/sql_select.cc:578
      		 
      #9  0x000055ae366679b1 in execute_sqlcom_select (thd=0x149b54000c58, all_tables=0x149b540129e0) at /test/10.10_opt/sql/sql_parse.cc:6260
      		 
      #10 0x000055ae3667552d in mysql_execute_command (thd=0x149b54000c58, is_called_from_prepared_stmt=<optimized out>) at /test/10.10_opt/sql/sql_parse.cc:3944
      		 
      #11 0x000055ae36662bb5 in mysql_parse (rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, thd=0x149b54000c58) at /test/10.10_opt/sql/sql_parse.cc:8036
      		 
      #12 mysql_parse (thd=0x149b54000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/10.10_opt/sql/sql_parse.cc:7958
      		 
      #13 0x000055ae3666e6ca in dispatch_command (command=COM_QUERY, thd=0x149b54000c58, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/10.10_opt/sql/sql_class.h:1364
      		 
      #14 0x000055ae366705f2 in do_command (thd=0x149b54000c58, blocking=blocking@entry=true) at /test/10.10_opt/sql/sql_parse.cc:1407
      		 
      #15 0x000055ae367868af in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55ae39b31eb8, put_in_cache=put_in_cache@entry=true) at /test/10.10_opt/sql/sql_connect.cc:1418
      		 
      #16 0x000055ae36786b8d in handle_one_connection (arg=0x55ae39b31eb8) at /test/10.10_opt/sql/sql_connect.cc:1312
      		 
      #17 0x0000149bb1f88609 in start_thread (arg=<optimized out>) at pthread_create.c:477
      		 
      #18 0x0000149bb1b74133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

      10.10.2 5deccac4aaf1be948a0ae10f40bb5f668ac37a4d (Debug)

      		 
      Core was generated by `/test/MD190922-mariadb-10.10.2-linux-x86_64-dbg/bin/mysqld --no-defaults --core'.
      		 
      Program terminated with signal SIGSEGV, Segmentation fault.
      		 
      #0  Item::clear_extraction_flag (this=0x14dcb199d090)
      		 
          at /test/10.10_dbg/sql/item.h:2674
      		 
      [Current thread is 1 (Thread 0x14dc9880d700 (LWP 620908))]
      		 
      (gdb) bt
      		 
      #0  Item::clear_extraction_flag (this=0x14dcb199d090) at /test/10.10_dbg/sql/item.h:2674
      		 
      #1  Item::check_pushable_cond (this=0x14dcb199d090, checker=(bool (Item::*)(Item * const, uchar *)) 0x558ff487bd8a <Item::pushable_cond_checker_for_derived(unsigned char*)>, arg=0x14dc5806c5e8 "\001") at /test/10.10_dbg/sql/item.cc:7521
      		 
      #2  0x0000558ff4be982e in Item::check_pushable_cond (this=0x14dc58027278, checker=<optimized out>, arg=0x14dc5806c5e8 "\001") at /test/10.10_dbg/sql/item.cc:7530
      		 
      #3  0x0000558ff4be982e in Item::check_pushable_cond (this=this@entry=0x14dc58029920, checker=<optimized out>, arg=0x14dc5806c5e8 "\001") at /test/10.10_dbg/sql/item.cc:7530
      		 
      #4  0x0000558ff487a5d6 in pushdown_cond_for_derived (thd=0x14dc58000d48, cond=0x14dc58029920, derived=derived@entry=0x14dc580153b0) at /test/10.10_dbg/sql/sql_derived.cc:1538
      		 
      #5  0x0000558ff4958f15 in JOIN::optimize_inner (this=this@entry=0x14dc58027c68) at /test/10.10_dbg/sql/sql_select.cc:2339
      		 
      #6  0x0000558ff49599f6 in JOIN::optimize (this=this@entry=0x14dc58027c68) at /test/10.10_dbg/sql/sql_select.cc:1863
      		 
      #7  0x0000558ff4959ae9 in mysql_select (thd=thd@entry=0x14dc58000d48, tables=0x14dc580153b0, fields=@0x14dc580134a8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14dc58013798, last = 0x14dc58013798, elements = 1}, <No data fields>}, conds=0x0, og_num=1, order=0x0, group=0x14dc58016aa0, having=0x14dc58027278, proc_param=0x0, select_options=2164525824, result=0x14dc58027c40, unit=0x14dc58004f80, select_lex=0x14dc58013208) at /test/10.10_dbg/sql/sql_select.cc:5056
      		 
      #8  0x0000558ff495a332 in handle_select (thd=thd@entry=0x14dc58000d48, lex=lex@entry=0x14dc58004ea8, result=result@entry=0x14dc58027c40, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.10_dbg/sql/sql_select.cc:581
      		 
      #9  0x0000558ff48c43e7 in execute_sqlcom_select (thd=thd@entry=0x14dc58000d48, all_tables=0x14dc580153b0) at /test/10.10_dbg/sql/sql_parse.cc:6261
      		 
      #10 0x0000558ff48d0755 in mysql_execute_command (thd=thd@entry=0x14dc58000d48, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.10_dbg/sql/sql_parse.cc:3945
      		 
      #11 0x0000558ff48be68d in mysql_parse (thd=thd@entry=0x14dc58000d48, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14dc9880c330) at /test/10.10_dbg/sql/sql_parse.cc:8035
      		 
      #12 0x0000558ff48cbcbf in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14dc58000d48, packet=packet@entry=0x14dc5800adb9 "SELECT * FROM(SELECT * FROM c GROUP BY NOT c=c) AS c NATURAL JOIN c AS c GROUP BY c HAVING c=c OR c=c", packet_length=packet_length@entry=101, blocking=blocking@entry=true) at /test/10.10_dbg/sql/sql_class.h:1345
      		 
      #13 0x0000558ff48ce3e2 in do_command (thd=0x14dc58000d48, blocking=blocking@entry=true) at /test/10.10_dbg/sql/sql_parse.cc:1407
      		 
      #14 0x0000558ff4a30abd in do_handle_one_connection (connect=<optimized out>, connect@entry=0x558ff77ab1a8, put_in_cache=put_in_cache@entry=true) at /test/10.10_dbg/sql/sql_connect.cc:1416
      		 
      #15 0x0000558ff4a30fc7 in handle_one_connection (arg=0x558ff77ab1a8) at /test/10.10_dbg/sql/sql_connect.cc:1318
      		 
      #16 0x000014dcb1881609 in start_thread (arg=<optimized out>) at pthread_create.c:477
      		 
      #17 0x000014dcb146d133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

      Bug confirmed present in:
      MariaDB: 10.7.5 (dbg), 10.7.5 (opt), 10.8.4 (dbg), 10.8.4 (opt), 10.9.2 (dbg), 10.9.2 (opt), 10.10.0 (dbg), 10.10.0 (opt)

      Bug (or feature/syntax) confirmed not present in:
      MariaDB: 10.3.36 (dbg), 10.3.36 (opt), 10.4.26 (dbg), 10.4.26 (opt), 10.5.17 (dbg), 10.5.17 (opt), 10.6.9 (dbg), 10.6.9 (opt)
      MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.38 (dbg), 5.7.38 (opt), 8.0.29 (dbg), 8.0.29 (opt)

      Attachments

        Issue Links

          causes

          Bug - A problem which impairs or prevents the functions of the product. MDEV-32412 Pushdown from HAVING: Item_func is immutable while arguments are not

          • Major - Major loss of function.
          • Stalled

          Activity

            Ascending order - Click to sort in descending order
            Roel Roel Van de Paar created issue -
            Roel Roel Van de Paar made changes -
            Field Original Value New Value
            Summary SIGSEGV in Item::clear_extraction_flag SIGSEGV in Item::clear_extraction_flag on SELECT
            psergei Sergei Petrunia made changes -
            Labels not-10.3 not-10.4 not-10.5 not-10.6 regression-10.7 not-10.3 not-10.4 not-10.5 not-10.6 pushdown_from_having regression-10.7
            Roel Roel Van de Paar made changes -
            Description {code:sql}
            CREATE TABLE c(c INT) ENGINE=InnoDB;
            SELECT * FROM(SELECT * FROM c GROUP BY NOT c=c) AS c NATURAL JOIN c AS c GROUP BY c HAVING c=c OR c=c;
            {code}

            Leads to:

            {noformat:title=10.10.0 081a284712bb661349e2e3802077b12211cede3e (Optimized)}
            Core was generated by `/test/MD310522-mariadb-10.10.0-linux-x86_64-opt/bin/mysqld --no-defaults --core'.
            Program terminated with signal SIGSEGV, Segmentation fault.
            #0 0x000055ae368d5e44 in Item::clear_extraction_flag (this=0x149bb20a4090)
                at /test/10.10_opt/sql/item.h:2664
            [Current thread is 1 (Thread 0x149b98d48700 (LWP 3347048))]
            (gdb) bt
            #0 0x000055ae368d5e44 in Item::clear_extraction_flag (this=0x149bb20a4090) at /test/10.10_opt/sql/item.h:2664
            #1 Item::check_pushable_cond (this=0x149bb20a4090, checker=(bool (Item::*)(Item * const, uchar *)) 0x55ae3662aec0 <Item::pushable_cond_checker_for_derived(unsigned char*)>, arg=0x149b5404b128 "\001") at /test/10.10_opt/sql/item.cc:7505
            #2 0x000055ae368d5f99 in Item::check_pushable_cond (this=0x149b5401fa68, checker=<optimized out>, arg=0x149b5404b128 "\001") at /test/10.10_opt/sql/item.cc:7514
            #3 0x000055ae368d5eea in Item::check_pushable_cond (this=this@entry=0x149b540220a8, checker=<optimized out>, arg=0x149b5404b128 "\001") at /test/10.10_opt/sql/item.cc:7514
            #4 0x000055ae36629be1 in pushdown_cond_for_derived (thd=0x149b54000c58, cond=0x149b540220a8, derived=derived@entry=0x149b540129e0) at /test/10.10_opt/sql/sql_derived.cc:1538
            #5 0x000055ae366e0b45 in JOIN::optimize_inner (this=0x149b54020458) at /test/10.10_opt/sql/sql_select.cc:2318
            #6 0x000055ae366e3b13 in JOIN::optimize (this=this@entry=0x149b54020458) at /test/10.10_opt/sql/sql_select.cc:1845
            #7 0x000055ae366e3bfe in mysql_select (thd=0x149b54000c58, tables=0x149b540129e0, fields=@0x149b54010ad8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x149b54010dc8, last = 0x149b54010dc8, elements = 1}, <No data fields>}, conds=0x0, og_num=1, order=0x0, group=0x149b540140c8, having=0x149b5401fa68, proc_param=0x0, select_options=<optimized out>, result=0x149b54020430, unit=0x149b54004cb8, select_lex=0x149b54010838) at /test/10.10_opt/sql/sql_select.cc:5030
            #8 0x000055ae366e4397 in handle_select (thd=thd@entry=0x149b54000c58, lex=lex@entry=0x149b54004be0, result=result@entry=0x149b54020430, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.10_opt/sql/sql_select.cc:578
            #9 0x000055ae366679b1 in execute_sqlcom_select (thd=0x149b54000c58, all_tables=0x149b540129e0) at /test/10.10_opt/sql/sql_parse.cc:6260
            #10 0x000055ae3667552d in mysql_execute_command (thd=0x149b54000c58, is_called_from_prepared_stmt=<optimized out>) at /test/10.10_opt/sql/sql_parse.cc:3944
            #11 0x000055ae36662bb5 in mysql_parse (rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, thd=0x149b54000c58) at /test/10.10_opt/sql/sql_parse.cc:8036
            #12 mysql_parse (thd=0x149b54000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/10.10_opt/sql/sql_parse.cc:7958
            #13 0x000055ae3666e6ca in dispatch_command (command=COM_QUERY, thd=0x149b54000c58, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/10.10_opt/sql/sql_class.h:1364
            #14 0x000055ae366705f2 in do_command (thd=0x149b54000c58, blocking=blocking@entry=true) at /test/10.10_opt/sql/sql_parse.cc:1407
            #15 0x000055ae367868af in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55ae39b31eb8, put_in_cache=put_in_cache@entry=true) at /test/10.10_opt/sql/sql_connect.cc:1418
            #16 0x000055ae36786b8d in handle_one_connection (arg=0x55ae39b31eb8) at /test/10.10_opt/sql/sql_connect.cc:1312
            #17 0x0000149bb1f88609 in start_thread (arg=<optimized out>) at pthread_create.c:477
            #18 0x0000149bb1b74133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
            {noformat}
            {noformat:title=10.10.0 081a284712bb661349e2e3802077b12211cede3e (Debug)}
            Core was generated by `/test/MD310522-mariadb-10.10.0-linux-x86_64-dbg/bin/mariadbd --no-defaults --lc'.
            Program terminated with signal SIGABRT, Aborted.
            #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
            [Current thread is 1 (Thread 0x14591ccf6800 (LWP 3342364))]
            (gdb) bt
            #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
            #1 0x000014591cecf859 in __GI_abort () at abort.c:79
            #2 0x000014591cecf729 in __assert_fail_base (fmt=0x14591d065588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x563e5fbb56c0 "! is_set() || m_can_overwrite_status", file=0x563e5fbb5428 "/test/10.10_dbg/sql/sql_error.cc", line=457, function=<optimized out>) at assert.c:92
            #3 0x000014591cee0fd6 in __GI___assert_fail (assertion=assertion@entry=0x563e5fbb56c0 "! is_set() || m_can_overwrite_status", file=file@entry=0x563e5fbb5428 "/test/10.10_dbg/sql/sql_error.cc", line=line@entry=457, function=function@entry=0x563e5fbb5638 "void Diagnostics_area::set_error_status(uint, const char*, const char*, const Sql_user_condition_identity&, const Sql_condition*)") at assert.c:101
            #4 0x0000563e5ef822ce in Diagnostics_area::set_error_status (this=this@entry=0x563e615de230, sql_errno=sql_errno@entry=6, message=message@entry=0x7ffc8e43c0a0 "Error on delete of '/tmp/#sql-temptable-33001c-1-2.MAD' (Errcode: 2 \"No such file or directory\")", sqlstate=sqlstate@entry=0x563e5fbd37d8 "HY000", ucid=@0x7ffc8e43be80: {m_user_condition_value = 0x0}, error_condition=0x0) at /test/10.10_dbg/sql/sql_error.h:1019
            #5 0x0000563e5ef5fe4e in THD::raise_condition (this=this@entry=0x563e615d8478, cond=cond@entry=0x7ffc8e43be70) at /test/10.10_dbg/sql/sql_class.cc:1119
            #6 0x0000563e5eea79aa in THD::raise_condition (this=this@entry=0x563e615d8478, sql_errno=sql_errno@entry=6, sqlstate=sqlstate@entry=0x563e5fb95e38 "", level=<optimized out>, msg=msg@entry=0x7ffc8e43c0a0 "Error on delete of '/tmp/#sql-temptable-33001c-1-2.MAD' (Errcode: 2 \"No such file or directory\")") at /test/10.10_dbg/sql/sql_class.h:4867
            #7 0x0000563e5ee9c12b in my_message_sql (error=6, str=0x7ffc8e43c0a0 "Error on delete of '/tmp/#sql-temptable-33001c-1-2.MAD' (Errcode: 2 \"No such file or directory\")", MyFlags=4) at /test/10.10_dbg/sql/mysqld.cc:3315
            #8 0x0000563e5fa013e9 in my_error (nr=nr@entry=6, MyFlags=MyFlags@entry=4) at /test/10.10_dbg/mysys/my_error.c:124
            #9 0x0000563e5fa01082 in my_delete (name=name@entry=0x7ffc8e43c600 "/tmp/#sql-temptable-33001c-1-2.MAD", MyFlags=MyFlags@entry=16) at /test/10.10_dbg/mysys/my_delete.c:53
            #10 0x0000563e5fa0996a in my_handler_delete_with_symlink (filename=0x7ffc8e43c600 "/tmp/#sql-temptable-33001c-1-2.MAD", sync_dir=sync_dir@entry=16) at /test/10.10_dbg/mysys/my_symlink2.c:190
            #11 0x0000563e5f541cfd in inline_mysql_file_delete_with_symlink (name=name@entry=0x563e61616e38 "/tmp/#sql-temptable-33001c-1-2", ext=ext@entry=0x563e5fda90f6 ".MAD", flags=flags@entry=16) at /test/10.10_dbg/include/mysql/psi/mysql_file.h:1396
            #12 0x0000563e5f541d55 in maria_delete_table_files (name=name@entry=0x563e61616e38 "/tmp/#sql-temptable-33001c-1-2", temporary=temporary@entry=1 '\001', flags=flags@entry=16) at /test/10.10_dbg/storage/maria/ma_delete_table.c:103
            #13 0x0000563e5f4db497 in ha_maria::drop_table (this=0x563e6161a2c0, name=0x563e61616e38 "/tmp/#sql-temptable-33001c-1-2") at /test/10.10_dbg/storage/maria/ha_maria.cc:2809
            #14 0x0000563e5f2c1b39 in handler::ha_drop_table (this=0x563e6161a2c0, name=0x563e61616e38 "/tmp/#sql-temptable-33001c-1-2") at /test/10.10_dbg/sql/handler.cc:5348
            #15 0x0000563e5f0382b9 in free_tmp_table (thd=thd@entry=0x563e615d8478, entry=0x563e61615d00) at /test/10.10_dbg/sql/sql_select.cc:20482
            #16 0x0000563e5ef4431a in close_thread_tables (thd=thd@entry=0x563e615d8478) at /test/10.10_dbg/sql/sql_base.cc:861
            #17 0x0000563e5ef445c1 in close_thread_tables_for_query (thd=thd@entry=0x563e615d8478) at /test/10.10_dbg/sql/sql_base.cc:771
            #18 0x0000563e5efdc13c in mysql_execute_command (thd=thd@entry=0x563e615d8478, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.10_dbg/sql/sql_parse.cc:6062
            #19 0x0000563e5efc3e3a in mysql_parse (thd=0x563e615d8478, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x7ffc8e43ce50) at /test/10.10_dbg/sql/sql_parse.cc:8036
            #20 0x0000563e5efcf619 in bootstrap (file=0x563e60d2efc0 <instrumented_stdin>) at /test/10.10_dbg/sql/sql_class.h:1361
            #21 0x0000563e5eea4b0d in mysqld_main (argc=<optimized out>, argv=<optimized out>) at /test/10.10_dbg/sql/mysqld.cc:5834
            #22 0x0000563e5ee98b66 in main (argc=<optimized out>, argv=<optimized out>) at /test/10.10_dbg/sql/main.cc:34
            {noformat}

            Bug confirmed present in:
            MariaDB: 10.7.5 (dbg), 10.7.5 (opt), 10.8.4 (dbg), 10.8.4 (opt), 10.9.2 (dbg), 10.9.2 (opt), 10.10.0 (dbg), 10.10.0 (opt)

            Bug (or feature/syntax) confirmed not present in:
            MariaDB: 10.3.36 (dbg), 10.3.36 (opt), 10.4.26 (dbg), 10.4.26 (opt), 10.5.17 (dbg), 10.5.17 (opt), 10.6.9 (dbg), 10.6.9 (opt)
            MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.38 (dbg), 5.7.38 (opt), 8.0.29 (dbg), 8.0.29 (opt)             		{code:sql}
            CREATE TABLE c(c INT) ENGINE=InnoDB;
            SELECT * FROM(SELECT * FROM c GROUP BY NOT c=c) AS c NATURAL JOIN c AS c GROUP BY c HAVING c=c OR c=c;
            {code}

            Leads to:

            {noformat:title=10.10.0 081a284712bb661349e2e3802077b12211cede3e (Optimized)}
            Core was generated by `/test/MD310522-mariadb-10.10.0-linux-x86_64-opt/bin/mysqld --no-defaults --core'.
            Program terminated with signal SIGSEGV, Segmentation fault.
            #0 0x000055ae368d5e44 in Item::clear_extraction_flag (this=0x149bb20a4090)
                at /test/10.10_opt/sql/item.h:2664
            [Current thread is 1 (Thread 0x149b98d48700 (LWP 3347048))]
            (gdb) bt
            #0 0x000055ae368d5e44 in Item::clear_extraction_flag (this=0x149bb20a4090) at /test/10.10_opt/sql/item.h:2664
            #1 Item::check_pushable_cond (this=0x149bb20a4090, checker=(bool (Item::*)(Item * const, uchar *)) 0x55ae3662aec0 <Item::pushable_cond_checker_for_derived(unsigned char*)>, arg=0x149b5404b128 "\001") at /test/10.10_opt/sql/item.cc:7505
            #2 0x000055ae368d5f99 in Item::check_pushable_cond (this=0x149b5401fa68, checker=<optimized out>, arg=0x149b5404b128 "\001") at /test/10.10_opt/sql/item.cc:7514
            #3 0x000055ae368d5eea in Item::check_pushable_cond (this=this@entry=0x149b540220a8, checker=<optimized out>, arg=0x149b5404b128 "\001") at /test/10.10_opt/sql/item.cc:7514
            #4 0x000055ae36629be1 in pushdown_cond_for_derived (thd=0x149b54000c58, cond=0x149b540220a8, derived=derived@entry=0x149b540129e0) at /test/10.10_opt/sql/sql_derived.cc:1538
            #5 0x000055ae366e0b45 in JOIN::optimize_inner (this=0x149b54020458) at /test/10.10_opt/sql/sql_select.cc:2318
            #6 0x000055ae366e3b13 in JOIN::optimize (this=this@entry=0x149b54020458) at /test/10.10_opt/sql/sql_select.cc:1845
            #7 0x000055ae366e3bfe in mysql_select (thd=0x149b54000c58, tables=0x149b540129e0, fields=@0x149b54010ad8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x149b54010dc8, last = 0x149b54010dc8, elements = 1}, <No data fields>}, conds=0x0, og_num=1, order=0x0, group=0x149b540140c8, having=0x149b5401fa68, proc_param=0x0, select_options=<optimized out>, result=0x149b54020430, unit=0x149b54004cb8, select_lex=0x149b54010838) at /test/10.10_opt/sql/sql_select.cc:5030
            #8 0x000055ae366e4397 in handle_select (thd=thd@entry=0x149b54000c58, lex=lex@entry=0x149b54004be0, result=result@entry=0x149b54020430, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.10_opt/sql/sql_select.cc:578
            #9 0x000055ae366679b1 in execute_sqlcom_select (thd=0x149b54000c58, all_tables=0x149b540129e0) at /test/10.10_opt/sql/sql_parse.cc:6260
            #10 0x000055ae3667552d in mysql_execute_command (thd=0x149b54000c58, is_called_from_prepared_stmt=<optimized out>) at /test/10.10_opt/sql/sql_parse.cc:3944
            #11 0x000055ae36662bb5 in mysql_parse (rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, thd=0x149b54000c58) at /test/10.10_opt/sql/sql_parse.cc:8036
            #12 mysql_parse (thd=0x149b54000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/10.10_opt/sql/sql_parse.cc:7958
            #13 0x000055ae3666e6ca in dispatch_command (command=COM_QUERY, thd=0x149b54000c58, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/10.10_opt/sql/sql_class.h:1364
            #14 0x000055ae366705f2 in do_command (thd=0x149b54000c58, blocking=blocking@entry=true) at /test/10.10_opt/sql/sql_parse.cc:1407
            #15 0x000055ae367868af in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55ae39b31eb8, put_in_cache=put_in_cache@entry=true) at /test/10.10_opt/sql/sql_connect.cc:1418
            #16 0x000055ae36786b8d in handle_one_connection (arg=0x55ae39b31eb8) at /test/10.10_opt/sql/sql_connect.cc:1312
            #17 0x0000149bb1f88609 in start_thread (arg=<optimized out>) at pthread_create.c:477
            #18 0x0000149bb1b74133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
            {noformat}
            {noformat:title=10.10.2 5deccac4aaf1be948a0ae10f40bb5f668ac37a4d (Debug)}
            Core was generated by `/test/MD190922-mariadb-10.10.2-linux-x86_64-dbg/bin/mysqld --no-defaults --core'.
            Program terminated with signal SIGSEGV, Segmentation fault.
            #0 Item::clear_extraction_flag (this=0x14dcb199d090)
                at /test/10.10_dbg/sql/item.h:2674
            [Current thread is 1 (Thread 0x14dc9880d700 (LWP 620908))]
            (gdb) bt
            #0 Item::clear_extraction_flag (this=0x14dcb199d090) at /test/10.10_dbg/sql/item.h:2674
            #1 Item::check_pushable_cond (this=0x14dcb199d090, checker=(bool (Item::*)(Item * const, uchar *)) 0x558ff487bd8a <Item::pushable_cond_checker_for_derived(unsigned char*)>, arg=0x14dc5806c5e8 "\001") at /test/10.10_dbg/sql/item.cc:7521
            #2 0x0000558ff4be982e in Item::check_pushable_cond (this=0x14dc58027278, checker=<optimized out>, arg=0x14dc5806c5e8 "\001") at /test/10.10_dbg/sql/item.cc:7530
            #3 0x0000558ff4be982e in Item::check_pushable_cond (this=this@entry=0x14dc58029920, checker=<optimized out>, arg=0x14dc5806c5e8 "\001") at /test/10.10_dbg/sql/item.cc:7530
            #4 0x0000558ff487a5d6 in pushdown_cond_for_derived (thd=0x14dc58000d48, cond=0x14dc58029920, derived=derived@entry=0x14dc580153b0) at /test/10.10_dbg/sql/sql_derived.cc:1538
            #5 0x0000558ff4958f15 in JOIN::optimize_inner (this=this@entry=0x14dc58027c68) at /test/10.10_dbg/sql/sql_select.cc:2339
            #6 0x0000558ff49599f6 in JOIN::optimize (this=this@entry=0x14dc58027c68) at /test/10.10_dbg/sql/sql_select.cc:1863
            #7 0x0000558ff4959ae9 in mysql_select (thd=thd@entry=0x14dc58000d48, tables=0x14dc580153b0, fields=@0x14dc580134a8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14dc58013798, last = 0x14dc58013798, elements = 1}, <No data fields>}, conds=0x0, og_num=1, order=0x0, group=0x14dc58016aa0, having=0x14dc58027278, proc_param=0x0, select_options=2164525824, result=0x14dc58027c40, unit=0x14dc58004f80, select_lex=0x14dc58013208) at /test/10.10_dbg/sql/sql_select.cc:5056
            #8 0x0000558ff495a332 in handle_select (thd=thd@entry=0x14dc58000d48, lex=lex@entry=0x14dc58004ea8, result=result@entry=0x14dc58027c40, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.10_dbg/sql/sql_select.cc:581
            #9 0x0000558ff48c43e7 in execute_sqlcom_select (thd=thd@entry=0x14dc58000d48, all_tables=0x14dc580153b0) at /test/10.10_dbg/sql/sql_parse.cc:6261
            #10 0x0000558ff48d0755 in mysql_execute_command (thd=thd@entry=0x14dc58000d48, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.10_dbg/sql/sql_parse.cc:3945
            #11 0x0000558ff48be68d in mysql_parse (thd=thd@entry=0x14dc58000d48, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14dc9880c330) at /test/10.10_dbg/sql/sql_parse.cc:8035
            #12 0x0000558ff48cbcbf in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14dc58000d48, packet=packet@entry=0x14dc5800adb9 "SELECT * FROM(SELECT * FROM c GROUP BY NOT c=c) AS c NATURAL JOIN c AS c GROUP BY c HAVING c=c OR c=c", packet_length=packet_length@entry=101, blocking=blocking@entry=true) at /test/10.10_dbg/sql/sql_class.h:1345
            #13 0x0000558ff48ce3e2 in do_command (thd=0x14dc58000d48, blocking=blocking@entry=true) at /test/10.10_dbg/sql/sql_parse.cc:1407
            #14 0x0000558ff4a30abd in do_handle_one_connection (connect=<optimized out>, connect@entry=0x558ff77ab1a8, put_in_cache=put_in_cache@entry=true) at /test/10.10_dbg/sql/sql_connect.cc:1416
            #15 0x0000558ff4a30fc7 in handle_one_connection (arg=0x558ff77ab1a8) at /test/10.10_dbg/sql/sql_connect.cc:1318
            #16 0x000014dcb1881609 in start_thread (arg=<optimized out>) at pthread_create.c:477
            #17 0x000014dcb146d133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
            {noformat}

            Bug confirmed present in:
            MariaDB: 10.7.5 (dbg), 10.7.5 (opt), 10.8.4 (dbg), 10.8.4 (opt), 10.9.2 (dbg), 10.9.2 (opt), 10.10.0 (dbg), 10.10.0 (opt)

            Bug (or feature/syntax) confirmed not present in:
            MariaDB: 10.3.36 (dbg), 10.3.36 (opt), 10.4.26 (dbg), 10.4.26 (opt), 10.5.17 (dbg), 10.5.17 (opt), 10.6.9 (dbg), 10.6.9 (opt)
            MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.38 (dbg), 5.7.38 (opt), 8.0.29 (dbg), 8.0.29 (opt)
            psergei Sergei Petrunia made changes -
            Assignee Sergei Petrunia [ psergey ] Rex [ JIRAUSER52533 ]
            Johnston Rex Johnston made changes -
            Status Open [ 1 ] In Progress [ 3 ]
            Johnston Rex Johnston made changes -
            Assignee Rex Johnston [ JIRAUSER52533 ] Sergei Petrunia [ psergey ]
            Johnston Rex Johnston made changes -
            Status In Progress [ 3 ] In Testing [ 10301 ]
            Johnston Rex Johnston made changes -
            Status In Testing [ 10301 ] Stalled [ 10000 ]
            Johnston Rex Johnston made changes -
            Assignee Sergei Petrunia [ psergey ] Rex Johnston [ JIRAUSER52533 ]
            Johnston Rex Johnston made changes -
            Assignee Rex Johnston [ JIRAUSER52533 ] Sergei Petrunia [ psergey ]
            Status Stalled [ 10000 ] In Review [ 10002 ]
            monty Michael Widenius made changes -
            Attachment diff [ 67160 ]
            Johnston Rex Johnston made changes -
            Assignee Sergei Petrunia [ psergey ] Rex Johnston [ JIRAUSER52533 ]
            Roel Roel Van de Paar made changes -
            Affects Version/s 10.11 [ 27614 ]
            Roel Roel Van de Paar made changes -
            Fix Version/s 10.9 [ 26905 ]
            Fix Version/s 10.10 [ 27530 ]
            psergei Sergei Petrunia made changes -
            Assignee Rex Johnston [ JIRAUSER52533 ] Sergei Petrunia [ psergey ]
            psergei Sergei Petrunia made changes -
            Status In Review [ 10002 ] Stalled [ 10000 ]
            psergei Sergei Petrunia made changes -
            Assignee Sergei Petrunia [ psergey ] Igor Babaev [ igor ]
            igor Igor Babaev (Inactive) made changes -
            Summary SIGSEGV in Item::clear_extraction_flag on SELECT Crash when checking whether condition can be pushed into view
            igor Igor Babaev (Inactive) made changes -
            Status Stalled [ 10000 ] In Progress [ 3 ]
            igor Igor Babaev (Inactive) made changes -
            Assignee Igor Babaev [ igor ] Oleksandr Byelkin [ sanja ]
            Status In Progress [ 3 ] In Review [ 10002 ]
            sanja Oleksandr Byelkin made changes -
            Assignee Oleksandr Byelkin [ sanja ] Igor Babaev [ igor ]
            Status In Review [ 10002 ] Stalled [ 10000 ]
            julien.fritsch Julien Fritsch made changes -
            Fix Version/s 10.7 [ 24805 ]
            igor Igor Babaev (Inactive) made changes -
            Fix Version/s 10.8.8 [ 28518 ]
            Fix Version/s 10.9.6 [ 28520 ]
            Fix Version/s 10.10.4 [ 28522 ]
            Fix Version/s 10.11.3 [ 28524 ]
            Fix Version/s 11.1.0 [ 28705 ]
            Fix Version/s 10.8 [ 26121 ]
            Fix Version/s 10.9 [ 26905 ]
            Fix Version/s 10.10 [ 27530 ]
            Resolution Fixed [ 1 ]
            Status Stalled [ 10000 ] Closed [ 6 ]
            oleg.smirnov Oleg Smirnov made changes -

            People

              igor Igor Babaev (Inactive)
              Roel Roel Van de Paar
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.