Details
Description
This crash looks strongly correlated with MDEV-24066. The SIGSEGV described here seems specific to using partitioning. However, here window functions are also used and no *SAN build is needed to reproduce the SIGSEGV in hp_rec_hashnr. Furthermore, replaying this testcase on debug builds leads to various stacks from MDEV-28515, yet the testcase from MDEV-28515 does not produce the SIGSEGV in hp_rec_hashnr. It seems that an optimizer/window fix for MDEV-28515 would be needed, and a partitioning fix for this SIGEGV in hp_rec_hashnr.
CREATE TABLE c(c DOUBLE,v2 TEXT,v3 INT) ENGINE=InnoDB; |
INSERT INTO c(v2)VALUES (1); |
SELECT 1 FROM c WINDOW v9 AS(ORDER BY (SELECT c FROM c GROUP BY c WINDOW c3 AS(PARTITION BY v2 ORDER BY - c))); |
Leads to:
|
10.10.0 63961a08a6203f4d58363a9321e4cf9c8b07a9fe (Optimized) |
Core was generated by `/test/MD290622-mariadb-10.10.0-linux-x86_64-opt/bin/mysqld --no-defaults --core'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 0x000055acdb2892a1 in hp_rec_hashnr (keydef=keydef@entry=0x1551c0053ab8,
|
rec=rec@entry=0x1551c0052c10 "\377")
|
at /test/10.10_opt/storage/heap/hp_hash.c:303
|
303 if (rec[seg->null_pos] & seg->null_bit)
|
[Current thread is 1 (Thread 0x1551e2efc700 (LWP 2131648))]
|
(gdb) bt
|
#0 0x000055acdb2892a1 in hp_rec_hashnr (keydef=keydef@entry=0x1551c0053ab8, rec=rec@entry=0x1551c0052c10 "\377") at /test/10.10_opt/storage/heap/hp_hash.c:303
|
#1 0x000055acdb28c576 in hp_write_key (info=<optimized out>, keyinfo=0x1551c0053ab8, record=0x1551c0052c10 "\377", recpos=0x1551c005ec68 "") at /test/10.10_opt/storage/heap/hp_write.c:349
|
#2 0x000055acdb28c0a4 in heap_write (info=0x1551c0053ed8, record=0x1551c0052c10 "\377") at /test/10.10_opt/storage/heap/hp_write.c:52
|
#3 0x000055acdb287440 in ha_heap::write_row (this=0x1551c0052e90, buf=<optimized out>) at /test/10.10_opt/storage/heap/ha_heap.cc:239
|
#4 0x000055acdae3fc08 in handler::ha_write_tmp_row (buf=0x1551c0052c10 "\377", this=0x1551c0052e90) at /test/10.10_opt/include/mysql/psi/mysql_thread.h:795
|
#5 end_write (join=0x1551c0013b30, join_tab=0x1551c004e140, end_of_records=<optimized out>) at /test/10.10_opt/sql/sql_select.cc:22771
|
#6 0x000055acdae16023 in evaluate_join_record (join=join@entry=0x1551c0013b30, join_tab=join_tab@entry=0x1551c004dd90, error=<optimized out>) at /test/10.10_opt/sql/sql_select.cc:21508
|
#7 0x000055acdae290fb in sub_select (end_of_records=false, join_tab=0x1551c004dd90, join=0x1551c0013b30) at /test/10.10_opt/sql/sql_select.cc:21278
|
#8 sub_select (join=0x1551c0013b30, join_tab=0x1551c004dd90, end_of_records=false) at /test/10.10_opt/sql/sql_select.cc:21207
|
#9 0x000055acdae55891 in do_select (procedure=<optimized out>, join=0x1551c0013b30) at /test/10.10_opt/sql/sql_select.cc:20823
|
#10 JOIN::exec_inner (this=0x1551c0013b30) at /test/10.10_opt/sql/sql_select.cc:4787
|
#11 0x000055acdae55c58 in JOIN::exec (this=this@entry=0x1551c0013b30) at /test/10.10_opt/sql/sql_select.cc:4565
|
#12 0x000055acdae53e61 in mysql_select (thd=0x1551c0000c58, tables=0x1551c0010d78, fields=@0x1551c0010ad8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x1551c0010d30, last = 0x1551c0010d30, elements = 1}, <No data fields>}, conds=0x0, og_num=1, order=0x0, group=0x1551c0012290, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x1551c0013b08, unit=0x1551c0004cb8, select_lex=0x1551c0010838) at /test/10.10_opt/sql/sql_select.cc:5045
|
#13 0x000055acdae545a7 in handle_select (thd=thd@entry=0x1551c0000c58, lex=lex@entry=0x1551c0004be0, result=result@entry=0x1551c0013b08, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.10_opt/sql/sql_select.cc:579
|
#14 0x000055acdadd7591 in execute_sqlcom_select (thd=0x1551c0000c58, all_tables=0x1551c0010d78) at /test/10.10_opt/sql/sql_parse.cc:6260
|
#15 0x000055acdade50fd in mysql_execute_command (thd=0x1551c0000c58, is_called_from_prepared_stmt=<optimized out>) at /test/10.10_opt/sql/sql_parse.cc:3944
|
#16 0x000055acdadd2795 in mysql_parse (rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, thd=0x1551c0000c58) at /test/10.10_opt/sql/sql_parse.cc:8036
|
#17 mysql_parse (thd=0x1551c0000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/10.10_opt/sql/sql_parse.cc:7958
|
#18 0x000055acdadde2aa in dispatch_command (command=COM_QUERY, thd=0x1551c0000c58, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/10.10_opt/sql/sql_class.h:1364
|
#19 0x000055acdade01d2 in do_command (thd=0x1551c0000c58, blocking=blocking@entry=true) at /test/10.10_opt/sql/sql_parse.cc:1407
|
#20 0x000055acdaef6ddf in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55acdda57c58, put_in_cache=put_in_cache@entry=true) at /test/10.10_opt/sql/sql_connect.cc:1418
|
#21 0x000055acdaef70bd in handle_one_connection (arg=0x55acdda57c58) at /test/10.10_opt/sql/sql_connect.cc:1312
|
#22 0x000015520f79b609 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
#23 0x000015520f387133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
Bug confirmed present in:
MariaDB: 10.3.36 (dbg), 10.3.36 (opt), 10.4.26 (dbg), 10.4.26 (opt), 10.5.17 (dbg), 10.5.17 (opt), 10.6.9 (dbg), 10.6.9 (opt), 10.7.5 (dbg), 10.7.5 (opt), 10.8.4 (dbg), 10.8.4 (opt), 10.9.2 (dbg), 10.9.2 (opt), 10.10.0 (dbg), 10.10.0 (opt)
(Debug builds crash with the stacks in MDEV-28515)
Bug (or feature/syntax) confirmed not present in:
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.38 (dbg), 5.7.38 (opt), 8.0.29 (dbg), 8.0.29 (opt)
Attachments
Issue Links
- is part of
-
MDEV-30052 Crash with a query containing nested WINDOW clauses
-
- Closed
-
- relates to
-
-
- Closed
-
-
-
- Stalled
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-