Details
-
Bug
-
Status: Confirmed (View Workflow)
-
Major
-
Resolution: Unresolved
-
11.3.0, 10.4(EOL), 10.5, 10.6, 10.9(EOL), 10.10(EOL), 10.11, 11.0(EOL), 11.1(EOL), 11.2(EOL)
-
None
-
Ubuntu 20.04
Description
Run these queries in release build:
CREATE TABLE t0 ( c48 INT , c31 INT ) ;
INSERT INTO t0 VALUES ( DEFAULT , DEFAULT ) , ( DEFAULT , DEFAULT ) ;
DELETE FROM t0 WHERE c31 = 83 ;
SELECT t1 . c2 AS c7 FROM ( SELECT CONVERT ( CONVERT ( 100 , UNSIGNED ) % RAND ( ) & STD( c31 ) OVER ( PARTITION BY c31 , c31 , c31 , c48 , c31 , c48 , c31 , TRIM( TRAILING FROM + EXP ( 41 ) NOT REGEXP IF ( 90 , -3 , -85 ) IS NULL ) * RTRIM ( c31 ) / EXP ( c48 ) + TRUNCATE ( -50 , -9 ) - STD( 52.391113 ) OVER ( ) ) - ASCII ( t0 . c48 ) * SUBSTRING_INDEX ( c31 , '<eZe#U@*wo$=Mv`mfO6r7qQQb,iDId/AM
",OM+UBz' , c48 = c48 IS FALSE ) , UNSIGNED ) / RAND ( ) % HEX ( c48 ) IS TRUE AS c2 FROM t0 GROUP BY c31 , c48 ) AS t1 ;
Will trigger Segmentation fault.
GDB info:
Thread 16 "mariadbd" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffe011a700 (LWP 46188)]
Item::save_real_in_field (this=0x7fff94015d80, field=0x0, no_conversions=<optimized out>)
at /home/wx/mariadb-11.3.0/sql/item.cc:6826
6826 field->set_notnull();
(gdb) p field
$36 = (Field *) 0x0
#0 Item::save_real_in_field (this=0x7fff94015d80, field=0x0, no_conversions=<optimized out>)
at /home/wx/mariadb-11.3.0/sql/item.cc:6826
#1 0x0000555555ff36d7 in Item::save_in_field (this=0x7fff94015d80, field=0x0,
no_conversions=<optimized out>) at /home/wx/mariadb-11.3.0/sql/item.cc:6853
#2 0x0000555555f420af in save_window_function_values (
rowid_buf=0x7fff94026a28 "\2108\b\224\377\177", tbl=0x7fff9403c7e0, window_functions=...)
at /home/wx/mariadb-11.3.0/sql/sql_window.cc:2775
#3 compute_window_func (thd=thd@entry=0x7fff94000c58, window_functions=...,
cursor_managers=..., tbl=tbl@entry=0x7fff9403c7e0,
filesort_result=filesort_result@entry=0x7fff9403e040)
at /home/wx/mariadb-11.3.0/sql/sql_window.cc:2927
#4 0x0000555555f4249e in Window_func_runner::exec (this=this@entry=0x7fff9407ab18,
thd=thd@entry=0x7fff94000c58, tbl=0x7fff9403c7e0, filesort_result=0x7fff9403e040)
at /home/wx/mariadb-11.3.0/sql/sql_window.cc:3039
#5 0x0000555555f425c6 in Window_funcs_sort::exec (this=0x7fff9407ab10,
join=join@entry=0x7fff94074770, keep_filesort_result=<optimized out>)
at /home/wx/mariadb-11.3.0/sql/sql_window.cc:3067
#6 0x0000555555f42efb in Window_funcs_computation::exec (this=0x7fff9407aaf0,
join=join@entry=0x7fff94074770,
keep_last_filesort_result=keep_last_filesort_result@entry=false)
at /home/wx/mariadb-11.3.0/sql/sql_window.cc:3196
#7 0x0000555555de7e01 in AGGR_OP::end_send (this=0x7fff940791b0)
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:32300
#8 0x0000555555de8150 in sub_select_postjoin_aggr (join=0x7fff94074770,
join_tab=0x7fff940784e8, end_of_records=<optimized out>)
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:23128
#9 0x0000555555df1814 in do_select (procedure=<optimized out>, join=0x7fff94074770)
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:22963
#10 JOIN::exec_inner (this=this@entry=0x7fff94074770)
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4941
#11 0x0000555555df1d78 in JOIN::exec (this=this@entry=0x7fff94074770)
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4718
#12 0x0000555555defe1c in mysql_select (thd=thd@entry=0x7fff94000c58, tables=0x7fff94071bc8,
fields=..., conds=0x0, og_num=9, order=0x0, group=0x7fff940141a0, having=0x0,
proc_param=0x0, select_options=<optimized out>, result=0x7fff94074680,
unit=0x7fff94072600, select_lex=0x7fff940136b0)
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:5249
#13 0x0000555555d2f54b in mysql_derived_fill (thd=<optimized out>, lex=0x7fff94004e08,
derived=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_derived.cc:1266
#14 0x0000555555d2f1fc in mysql_handle_single_derived (lex=0x7fff94004e08,
derived=derived@entry=0x7fff94072e78, phases=phases@entry=96)
at /home/wx/mariadb-11.3.0/sql/sql_derived.cc:200
#15 0x0000555555dbf4f0 in st_join_table::preread_init (this=this@entry=0x7fff9407c3c8)
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:16029
#16 0x0000555555dbf758 in sub_select (join=0x7fff94073ec8, join_tab=0x7fff9407c3c8,
end_of_records=false) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:23392
#17 0x0000555555df19b2 in do_select (procedure=<optimized out>, join=0x7fff94073ec8)
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:22961
#18 JOIN::exec_inner (this=this@entry=0x7fff94073ec8)
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4941
#19 0x0000555555df1d78 in JOIN::exec (this=this@entry=0x7fff94073ec8)
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4718
#20 0x0000555555defe1c in mysql_select (thd=thd@entry=0x7fff94000c58, tables=0x7fff94072e78,
fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0,
select_options=<optimized out>, result=0x7fff94073ea0, unit=0x7fff94004ee8,
select_lex=0x7fff940130a8) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:5249
#21 0x0000555555df0607 in handle_select (thd=thd@entry=0x7fff94000c58,
lex=lex@entry=0x7fff94004e08, result=result@entry=0x7fff94073ea0,
setup_tables_done_option=setup_tables_done_option@entry=0)
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:628
#22 0x0000555555d6de41 in execute_sqlcom_select (thd=thd@entry=0x7fff94000c58,
all_tables=0x7fff94072e78) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:6013
#23 0x0000555555d7c2aa in mysql_execute_command (thd=thd@entry=0x7fff94000c58,
is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false)
at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:3912
#24 0x0000555555d68c27 in mysql_parse (thd=0x7fff94000c58, rawbuf=<optimized out>,
length=<optimized out>, parser_state=<optimized out>)
at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:7734
#25 0x0000555555d74fdd in dispatch_command (command=command@entry=COM_QUERY,
thd=thd@entry=0x7fff94000c58, packet=packet@entry=0x7fff94008509 "",
packet_length=packet_length@entry=519, blocking=blocking@entry=true)
at /home/wx/mariadb-11.3.0/sql/sql_class.h:251
#26 0x0000555555d7721e in do_command (thd=0x7fff94000c58, blocking=blocking@entry=true)
at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:1406
#27 0x0000555555e9a617 in do_handle_one_connection (connect=<optimized out>,
connect@entry=0x555557e11588, put_in_cache=put_in_cache@entry=true)
at /home/wx/mariadb-11.3.0/sql/sql_connect.cc:1445
#28 0x0000555555e9a94d in handle_one_connection (arg=arg@entry=0x555557e11588)
at /home/wx/mariadb-11.3.0/sql/sql_connect.cc:1347
#29 0x00005555561e658d in pfs_spawn_thread (arg=0x555557dbafb8)
at /home/wx/mariadb-11.3.0/storage/perfschema/pfs.cc:2201
#30 0x00007ffff7b48609 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
#31 0x00007ffff7719133 in clone () from /lib/x86_64-linux-gnu/libc.so.6
Thanks! I repeated on 10.4-11.2
Version: '10.4.32-MariaDB-debug-log'mysqld: /10.4/src/sql/item_sum.cc:2100: virtual double Item_sum_std::val_real(): Assertion `fixed == 1' failed.231024 11:57:17 [ERROR] mysqld got signal 6 ;Server version: 10.4.32-MariaDB-debug-log source revision: babd833685e1fd1da4411a0874ba1c98bb0b631d/lib/x86_64-linux-gnu/libc.so.6(+0x33fd6)[0x7f47c2c11fd6]sql/item_sum.cc:2101(Item_sum_std::val_real())[0x56117f1a23f1]sql/item_windowfunc.h:1228(Item_window_func::val_real())[0x56117f4922e1]sql/item.cc:6696(Item::save_real_in_field(Field*, bool))[0x56117efa2367]sql/sql_type.cc:3833(Type_handler_real_result::Item_save_in_field(Item*, Field*, bool) const)[0x56117ecd8d30]sql/item.cc:6726(Item::save_in_field(Field*, bool))[0x56117efa28e7]sql/sql_window.cc:2775(save_window_function_values(List<Item_window_func>&, TABLE*, unsigned char*))[0x56117ed1da2c]sql/sql_window.cc:2929(compute_window_func(THD*, List<Item_window_func>&, List<Cursor_manager>&, TABLE*, SORT_INFO*))[0x56117ed1e4fc]sql/sql_window.cc:3030(Window_func_runner::exec(THD*, TABLE*, SORT_INFO*))[0x56117ed1eb78]sql/sql_window.cc:3058(Window_funcs_sort::exec(JOIN*, bool))[0x56117ed1edc6]sql/sql_window.cc:3185(Window_funcs_computation::exec(JOIN*, bool))[0x56117ed1fbce]sql/sql_select.cc:29661(AGGR_OP::end_send())[0x56117e8e85ea]sql/sql_select.cc:20601(sub_select_postjoin_aggr(JOIN*, st_join_table*, bool))[0x56117e8a503b]sql/sql_select.cc:20847(sub_select(JOIN*, st_join_table*, bool))[0x56117e8a5b36]sql/sql_select.cc:20425(do_select(JOIN*, Procedure*))[0x56117e8a4236]sql/sql_select.cc:4605(JOIN::exec_inner())[0x56117e831c78]sql/sql_select.cc:4388(JOIN::exec())[0x56117e82f2a8]sql/sql_select.cc:4828(mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x56117e833484]sql/sql_derived.cc:1265(mysql_derived_fill(THD*, LEX*, TABLE_LIST*))[0x56117e6880c3]sql/sql_derived.cc:200(mysql_handle_single_derived(LEX*, TABLE_LIST*, unsigned int))[0x56117e680b38]sql/sql_select.cc:13865(st_join_table::preread_init())[0x56117e874e63]sql/sql_select.cc:20864(sub_select(JOIN*, st_join_table*, bool))[0x56117e8a5cff]sql/sql_select.cc:20423(do_select(JOIN*, Procedure*))[0x56117e8a4130]sql/sql_select.cc:4605(JOIN::exec_inner())[0x56117e831c78]sql/sql_select.cc:4388(JOIN::exec())[0x56117e82f2a8]sql/sql_select.cc:4828(mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x56117e833484]sql/sql_select.cc:442(handle_select(THD*, LEX*, select_result*, unsigned long))[0x56117e803f7c]sql/sql_parse.cc:6475(execute_sqlcom_select(THD*, TABLE_LIST*))[0x56117e76fd80]sql/sql_parse.cc:3978(mysql_execute_command(THD*))[0x56117e75d4f7]sql/sql_parse.cc:8012(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x56117e77925b]sql/sql_parse.cc:1860(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x56117e74f681]sql/sql_parse.cc:1378(do_command(THD*))[0x56117e74c1ac]sql/sql_connect.cc:1420(do_handle_one_connection(CONNECT*))[0x56117eb5a56d]sql/sql_connect.cc:1325(handle_one_connection)[0x56117eb59e11]perfschema/pfs.cc:1871(pfs_spawn_thread)[0x56117f804d8a]nptl/pthread_create.c:478(start_thread)[0x7f47c312c609]Query (0x62b0000a1290): SELECT * FROM ( SELECT STD(b) OVER (PARTITION BY b,a - STD(5) OVER () ) FROM t0 GROUP BY a )dt