Details
-
Bug
-
Status: Open (View Workflow)
-
Critical
-
Resolution: Unresolved
-
None
-
None
-
None
-
Can result in hang or crash
Description
NESTED SELECT GROUP BY ORDER BY on temporary table crashes. This was found while testing MDEV-37608.
Branch preview-13.0-preview
Commit c5f6fd3e7c8a430f8d27a505bb8d2ae00f6396a6
CREATE TEMPORARY TABLE t (c INT,c2 INT,c3 INT,KEY(c)); |
(SELECT * FROM t GROUP BY EXISTS((SELECT 0) LOCK IN SHARE MODE)=c SOUNDS LIKE c=c=c IS NOT UNKNOWN FOR UPDATE SKIP LOCKED) ORDER BY c=c=AVG(DISTINCT ALL TRUE)=c IS NOT UNKNOWN && c SOUNDS LIKE c IS NOT UNKNOWN; |
Leads to:
(gdb) bt
|
#0 0x0000000000000000 in ?? ()
|
#1 0x00005f19d3bf6151 in Item::delete_self (this=0xb51bc029948) at /test/preview-13.0-preview_opt/sql/item.h:2672
|
#2 Query_arena::free_items (this=this@entry=0xb51bc000c80) at /test/preview-13.0-preview_opt/sql/sql_class.cc:4295
|
#3 0x00005f19d3bf8a26 in THD::cleanup_after_query (this=0xb51bc000c68) at /test/preview-13.0-preview_opt/sql/sql_class.cc:2577
|
#4 0x00005f19d3c660b5 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0xb51bc000c68, packet=packet@entry=0xb51bc008de9 "",
|
packet_length=packet_length@entry=209, blocking=blocking@entry=true) at /test/preview-13.0-preview_opt/sql/sql_parse.cc:1995
|
#5 0x00005f19d3c682f5 in do_command (thd=thd@entry=0xb51bc000c68, blocking=blocking@entry=true) at /test/preview-13.0-preview_opt/sql/sql_parse.cc:1432
|
#6 0x00005f19d3db033d in do_handle_one_connection (connect=<optimized out>, connect@entry=0x5f1a0b995608, put_in_cache=put_in_cache@entry=true)
|
at /test/preview-13.0-preview_opt/sql/sql_connect.cc:1503
|
#7 0x00005f19d3db0695 in handle_one_connection (arg=arg@entry=0x5f1a0b995608) at /test/preview-13.0-preview_opt/sql/sql_connect.cc:1415
|
#8 0x00005f19d41d30f4 in pfs_spawn_thread (arg=0x5f1a0b9c0e38) at /test/preview-13.0-preview_opt/storage/perfschema/pfs.cc:2198
|
#9 0x000013520869caa4 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:447
|
#10 0x0000135208729c6c in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
(gdb)
|
|
Bug Detection Matrix |
Rel o/d Build Commit UniqueID observed
|
CS 10.6 dbg 030126 b64db51ad89d78e6a6f8bc238dd2e208b5f7aa92 n < m_size|SIGABRT|Bounds_checked_array<Item*>::operator[]|Item::split_sum_func2|Item_func::split_sum_func|Item::split_sum_func2
|
CS 10.6 dbg 240925 e1f12f149c198829e130eacbeddc19dce3f55b3b n < m_size|SIGABRT|Bounds_checked_array<Item*>::operator[]|Item::split_sum_func2|Item_func::split_sum_func|Item::split_sum_func2
|
CS 10.6 opt 030126 b64db51ad89d78e6a6f8bc238dd2e208b5f7aa92 No bug found
|
CS 10.6 opt 240925 e1f12f149c198829e130eacbeddc19dce3f55b3b No bug found
|
CS 10.11 dbg 240925 990b44495c6345fa1198d2f7cb61839d1ada97ef n < m_size|SIGABRT|Bounds_checked_array<Item*>::operator[]|Item::split_sum_func2|Item_func::split_sum_func|Item::split_sum_func2
|
CS 10.11 opt 240925 990b44495c6345fa1198d2f7cb61839d1ada97ef No bug found
|
CS 11.4 dbg 240925 e8ef8c005545f0163d76077e285c700e2822f533 n < m_size|SIGABRT|Bounds_checked_array<Item*>::operator[]|Item::split_sum_func2|Item_cond::split_sum_func|JOIN::prepare
|
CS 11.4 opt 240925 e8ef8c005545f0163d76077e285c700e2822f533 No bug found
|
CS 11.8 dbg 240925 d203a8a5df95e2c5778a304a885fb7aedfbc095e n < m_size|SIGABRT|Bounds_checked_array<Item*>::operator[]|Item::split_sum_func2|Item_cond::split_sum_func|JOIN::prepare
|
CS 11.8 opt 240925 d203a8a5df95e2c5778a304a885fb7aedfbc095e No bug found
|
CS 12.1 dbg 240925 667c5e0b002a24bc595d60955950200a588f4fb7 n < m_size|SIGABRT|Bounds_checked_array<Item*>::operator[]|Item::split_sum_func2|Item_cond::split_sum_func|JOIN::prepare
|
CS 12.1 opt 240925 667c5e0b002a24bc595d60955950200a588f4fb7 No bug found
|
CS 12.2 dbg 141025 16c8bcc09a22709fdb770ee267317dac1e033984 n < m_size|SIGABRT|Bounds_checked_array<Item*>::operator[]|Item::split_sum_func2|Item_cond::split_sum_func|JOIN::prepare
|
CS 12.2 dbg 240925 b8a77289639a3b10ada64cf892f02b5cecdb1603 n < m_size|SIGABRT|Bounds_checked_array<Item*>::operator[]|Item::split_sum_func2|Item_cond::split_sum_func|JOIN::prepare
|
CS 12.2 opt 141025 16c8bcc09a22709fdb770ee267317dac1e033984 No bug found
|
CS 12.2 opt 240925 b8a77289639a3b10ada64cf892f02b5cecdb1603 No bug found
|
CS 12.3 dbg 200126 e79ed898a613d0f2914eb539a62ea688e347daab n < m_size|SIGABRT|Bounds_checked_array<Item*>::operator[]|Item::split_sum_func2|Item_cond::split_sum_func|JOIN::prepare
|
CS 12.3 opt 200126 e79ed898a613d0f2914eb539a62ea688e347daab No bug found
|
ES 10.6 dbg 240925 ed866636069dda51daa8570497926ae43af8aa24 n < m_size|SIGABRT|Bounds_checked_array<Item*>::operator[]|Item::split_sum_func2|Item_func::split_sum_func|Item::split_sum_func2
|
ES 10.6 opt 240925 ed866636069dda51daa8570497926ae43af8aa24 SIGSEGV|Item::delete_self|Query_arena::free_items|THD::cleanup_after_query|dispatch_command
|
ES 11.4 dbg 240925 0ddbffaced6c2b50ef4c6e0d8685b1fa25148875 n < m_size|SIGABRT|Bounds_checked_array<Item*>::operator[]|Item::split_sum_func2|Item_cond::split_sum_func|JOIN::prepare
|
ES 11.4 opt 240925 0ddbffaced6c2b50ef4c6e0d8685b1fa25148875 No bug found
|
ES 11.8 dbg 240925 543157202acd67ac9b0bb50e0b35bf7790e5467d n < m_size|SIGABRT|Bounds_checked_array<Item*>::operator[]|Item::split_sum_func2|Item_cond::split_sum_func|JOIN::prepare
|
ES 11.8 opt 240925 543157202acd67ac9b0bb50e0b35bf7790e5467d No bug found
|
Attachments
Issue Links
- relates to
-
MDEV-37608 Increase binlog_row_event_max_size
-
- In Testing
-