This crash looks strongly correlated with MDEV-24066. The SIGSEGV described here seems specific to using partitioning. However, here window functions are also used and no *SAN build is needed to reproduce the SIGSEGV in hp_rec_hashnr. Furthermore, replaying this testcase on debug builds leads to various stacks from MDEV-28515, yet the testcase from MDEV-28515 does not produce the SIGSEGV in hp_rec_hashnr. It seems that an optimizer/window fix for MDEV-28515 would be needed, and a partitioning fix for this SIGEGV in hp_rec_hashnr.
Core was generated by `/test/MD290622-mariadb-10.10.0-linux-x86_64-opt/bin/mysqld --no-defaults --core'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x000055acdb2892a1 in hp_rec_hashnr (keydef=keydef@entry=0x1551c0053ab8,
rec=rec@entry=0x1551c0052c10 "\377")
at /test/10.10_opt/storage/heap/hp_hash.c:303
303 if (rec[seg->null_pos] & seg->null_bit)
[Current thread is 1 (Thread 0x1551e2efc700 (LWP 2131648))]
(gdb) bt
#0 0x000055acdb2892a1 in hp_rec_hashnr (keydef=keydef@entry=0x1551c0053ab8, rec=rec@entry=0x1551c0052c10 "\377") at /test/10.10_opt/storage/heap/hp_hash.c:303
#1 0x000055acdb28c576 in hp_write_key (info=<optimized out>, keyinfo=0x1551c0053ab8, record=0x1551c0052c10 "\377", recpos=0x1551c005ec68 "") at /test/10.10_opt/storage/heap/hp_write.c:349
#2 0x000055acdb28c0a4 in heap_write (info=0x1551c0053ed8, record=0x1551c0052c10 "\377") at /test/10.10_opt/storage/heap/hp_write.c:52
#3 0x000055acdb287440 in ha_heap::write_row (this=0x1551c0052e90, buf=<optimized out>) at /test/10.10_opt/storage/heap/ha_heap.cc:239
#4 0x000055acdae3fc08 in handler::ha_write_tmp_row (buf=0x1551c0052c10 "\377", this=0x1551c0052e90) at /test/10.10_opt/include/mysql/psi/mysql_thread.h:795
#5 end_write (join=0x1551c0013b30, join_tab=0x1551c004e140, end_of_records=<optimized out>) at /test/10.10_opt/sql/sql_select.cc:22771
#6 0x000055acdae16023 in evaluate_join_record (join=join@entry=0x1551c0013b30, join_tab=join_tab@entry=0x1551c004dd90, error=<optimized out>) at /test/10.10_opt/sql/sql_select.cc:21508
#7 0x000055acdae290fb in sub_select (end_of_records=false, join_tab=0x1551c004dd90, join=0x1551c0013b30) at /test/10.10_opt/sql/sql_select.cc:21278
#8 sub_select (join=0x1551c0013b30, join_tab=0x1551c004dd90, end_of_records=false) at /test/10.10_opt/sql/sql_select.cc:21207
#9 0x000055acdae55891 in do_select (procedure=<optimized out>, join=0x1551c0013b30) at /test/10.10_opt/sql/sql_select.cc:20823
#10 JOIN::exec_inner (this=0x1551c0013b30) at /test/10.10_opt/sql/sql_select.cc:4787
#11 0x000055acdae55c58 in JOIN::exec (this=this@entry=0x1551c0013b30) at /test/10.10_opt/sql/sql_select.cc:4565
#12 0x000055acdae53e61 in mysql_select (thd=0x1551c0000c58, tables=0x1551c0010d78, fields=@0x1551c0010ad8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x1551c0010d30, last = 0x1551c0010d30, elements = 1}, <No data fields>}, conds=0x0, og_num=1, order=0x0, group=0x1551c0012290, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x1551c0013b08, unit=0x1551c0004cb8, select_lex=0x1551c0010838) at /test/10.10_opt/sql/sql_select.cc:5045
#13 0x000055acdae545a7 in handle_select (thd=thd@entry=0x1551c0000c58, lex=lex@entry=0x1551c0004be0, result=result@entry=0x1551c0013b08, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.10_opt/sql/sql_select.cc:579
#14 0x000055acdadd7591 in execute_sqlcom_select (thd=0x1551c0000c58, all_tables=0x1551c0010d78) at /test/10.10_opt/sql/sql_parse.cc:6260
#15 0x000055acdade50fd in mysql_execute_command (thd=0x1551c0000c58, is_called_from_prepared_stmt=<optimized out>) at /test/10.10_opt/sql/sql_parse.cc:3944
#16 0x000055acdadd2795 in mysql_parse (rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, thd=0x1551c0000c58) at /test/10.10_opt/sql/sql_parse.cc:8036
#18 0x000055acdadde2aa in dispatch_command (command=COM_QUERY, thd=0x1551c0000c58, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/10.10_opt/sql/sql_class.h:1364
#19 0x000055acdade01d2 in do_command (thd=0x1551c0000c58, blocking=blocking@entry=true) at /test/10.10_opt/sql/sql_parse.cc:1407
#20 0x000055acdaef6ddf in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55acdda57c58, put_in_cache=put_in_cache@entry=true) at /test/10.10_opt/sql/sql_connect.cc:1418
#21 0x000055acdaef70bd in handle_one_connection (arg=0x55acdda57c58) at /test/10.10_opt/sql/sql_connect.cc:1312
#22 0x000015520f79b609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#23 0x000015520f387133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
MDEV-30052Crash with a query containing nested WINDOW clauses
Closed
relates to
MDEV-24066ASAN unknown-crash in hp_rec_hashnr after replace into partition +invisible columns and runtime error: load of value 25264, which is not a valid value for type 'geometry_type' in make_empty_rec
Closed
MDEV-28506SIGSEGV's in find_field_in_table[s][_ref], Item_field::fix_fields, create_view_field and MemcmpInterceptorCommon | Assertions `(*select_ref)->fixed' or '->is_fixed' and `table_list->table' failed
Stalled
MDEV-28515Assertion `field->table == table' failed in Create_tmp_table::finalize and create_tmp_table and SIGSEGV in hp_rec_hashnr
Closed
MDEV-29353SIGSEGV's in _ma_unique_hash, _ma_make_key and _ma_calc_blob_length on SELECT (on optimized builds)
Closed
MDEV-30575SIGSEGV in my_charlen_utf8mb3 (corruption)
MDEV-30052 Crash with a query containing nested WINDOW clauses
