[MDEV-32609] Derived subquery selecting from dummy table causes segv - Jira

XML

Word

Printable

Details

Type: Bug
Status: Confirmed (View Workflow)
Priority: Critical
Resolution: Unresolved
Affects Version/s: 10.4(EOL), 10.5, 10.6, 10.9(EOL), 10.10(EOL), 10.11, 11.1(EOL), 11.2(EOL)
Fix Version/s: 10.5, 10.6, 10.11
Component/s: Optimizer - Window functions, Parser
Labels:
None

Description

CREATE TABLE v0 ( v1 INTEGER ) ENGINE = InnoDB ;

INSERT INTO v0 ( v1 ) ( SELECT 2231626 <= NULL v1 FROM v0 WHERE v1 IN ( v1 ) ORDER BY v1 ) ORDER BY v1 , AVG ( v1 ) OVER ( ) DESC ;

DROP SHOW CREATE TABLE v0 ;

Attempting backtrace. You can use the following information to find out

where mysqld died. If you see no messages after this, something went

terribly wrong...

stack_bottom = 0x7f1f87d04880 thread_stack 0x5fc00

/usr/local/mysql/bin/mariadbd(__interceptor_backtrace+0x5b)[0x781b5b]

mysys/stacktrace.c:215(my_print_stacktrace)[0x228cfae]

sql/signal_handler.cc:0(handle_fatal_signal)[0x12bd0d2]

sigaction.c:0(__restore_rt)[0x7f1faba9a420]

sql/item.cc:3028(Item_field)[0x1315c2a]

sql/sql_window.cc:3135(Window_funcs_sort::setup(THD*, SQL_SELECT*, List_iterator<Item_window_func>&, st_join_table*))[0x1113ef3]

sql/sql_window.cc:3174(Window_funcs_computation::setup(THD*, List<Item_window_func>*, st_join_table*))[0x1115585]

/usr/local/mysql/bin/mariadbd(_ZN4JOIN21make_aggr_tables_infoEv+0x3d67)[0xc34837]

/usr/local/mysql/bin/mariadbd(_ZN4JOIN15optimize_stage2Ev+0xc891)[0xc0c5d1]

/usr/local/mysql/bin/mariadbd(_ZN4JOIN14optimize_innerEv+0x3919)[0xc17249]

/usr/local/mysql/bin/mariadbd(_ZN4JOIN8optimizeEv+0x176)[0xbffb46]

sql/sql_derived.cc:1037(mysql_derived_optimize(THD*, LEX*, TABLE_LIST*))[0xa5bf21]

/usr/local/mysql/bin/mariadbd(_Z27mysql_handle_single_derivedP3LEXP10TABLE_LISTj+0x172)[0xa5f042]

/usr/local/mysql/bin/mariadbd(_ZN4JOIN14optimize_innerEv+0x3138)[0xc16a68]

/usr/local/mysql/bin/mariadbd(_ZN4JOIN8optimizeEv+0x176)[0xbffb46]

sql/sql_select.cc:5237(mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0xbe886f]

sql/sql_select.cc:628(handle_select(THD*, LEX*, select_result*, unsigned long long))[0xbe7e59]

/usr/local/mysql/bin/mariadbd(_Z21mysql_execute_commandP3THDb+0x9d8c)[0xb39e7c]

sql/sql_class.h:2830(THD::enter_stage(PSI_stage_info_v1 const*, char const*, char const*, unsigned int))[0xb24c79]

/usr/local/mysql/bin/mariadbd(_Z16dispatch_command19enum_server_commandP3THDPcjb+0x2cf8)[0xb1e648]

sql/sql_parse.cc:1407(do_command(THD*, bool))[0xb25971]

sql/sql_connect.cc:1416(do_handle_one_connection(CONNECT*, bool))[0xf0d066]

sql/sql_connect.cc:1322(handle_one_connection)[0xf0caa9]

perfschema/pfs.cc:2203(pfs_spawn_thread)[0x19d710b]

nptl/pthread_create.c:478(start_thread)[0x7f1faba8e609]

addr2line: DWARF error: section .debug_info is larger than its filesize! (0x93ef57 vs 0x530f28)

/lib/x86_64-linux-gnu/libc.so.6(clone+0x43)[0x7f1fab7a6133]

Attachments

Issue Links

relates to

MDEV-28619 Server crash in /sql/sql_window.cc:3033 in Window_funcs_sort::setup(THD*, SQL_SELECT*, List_iterator<Item_window_func>&, st_join_table*)

Stalled

MDEV-29681 Server crashes when optimizing SQL with ORDER BY

Closed

Activity

People

Assignee:: Igor Babaev

Reporter:: csfuzz

Votes:: 1 Vote for this issue

Watchers:: 9 Start watching this issue

Dates

Created:: 2023-10-27 10:00

Updated:: 2024-11-22 17:06

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.