[#MDEV-10780] Server crashes in in create_tmp

Stack trace from 10.0 b34d7fba31
#3 <signal handler called>
#4 __memcpy_sse2_unaligned () at ../sysdeps/x86_64/multiarch/memcpy-sse2-unaligned.S:166
#5 0x00000000006a37fd in create_tmp_table (thd=0x7fce94aa1070, param=0x7fce9282ef98, fields=..., group=0x0, distinct=false, save_sum_fields=true, select_options=2147748609, rows_limit=18446744073709551615, table_alias=0xe9b7ff "", do_not_open=false, keep_row_order=false) at /data/src/10.0/sql/sql_select.cc:16319
#6 0x00000000006827e2 in JOIN::exec_inner (this=0x7fce92825048) at /data/src/10.0/sql/sql_select.cc:2756
#7 0x0000000000681216 in JOIN::exec (this=0x7fce92825048) at /data/src/10.0/sql/sql_select.cc:2373
#8 0x000000000068457e in mysql_select (thd=0x7fce94aa1070, rref_pointer_array=0x7fce94aa5378, tables=0x7fce92824428, wild_num=0, fields=..., conds=0x0, og_num=1, order=0x0, group=0x7fce92824f38, having=0x0, proc_param=0x0, select_options=2147748609, result=0x7fce92825028, unit=0x7fce94aa4a10, select_lex=0x7fce94aa5100) at /data/src/10.0/sql/sql_select.cc:3308
#9 0x000000000067a93a in handle_select (thd=0x7fce94aa1070, lex=0x7fce94aa4948, result=0x7fce92825028, setup_tables_done_option=0) at /data/src/10.0/sql/sql_select.cc:373
#10 0x000000000064f197 in execute_sqlcom_select (thd=0x7fce94aa1070, all_tables=0x7fce92824428) at /data/src/10.0/sql/sql_parse.cc:5294
#11 0x00000000006476c2 in mysql_execute_command (thd=0x7fce94aa1070) at /data/src/10.0/sql/sql_parse.cc:2563
#12 0x0000000000651e18 in mysql_parse (thd=0x7fce94aa1070, rawbuf=0x7fce92824088 "SELECT DISTINCT DEFAULT( `pk` ) FROM t1 GROUP BY @A := 1 WITH ROLLUP", length=68, parser_state=0x7fce9cc2c650) at /data/src/10.0/sql/sql_parse.cc:6576
#13 0x0000000000644918 in dispatch_command (command=COM_QUERY, thd=0x7fce94aa1070, packet=0x7fce94aa7071 "SELECT DISTINCT DEFAULT( `pk` ) FROM t1 GROUP BY @A := 1 WITH ROLLUP", packet_length=68) at /data/src/10.0/sql/sql_parse.cc:1309
#14 0x0000000000643bdb in do_command (thd=0x7fce94aa1070) at /data/src/10.0/sql/sql_parse.cc:999
#15 0x0000000000761efa in do_handle_one_connection (thd_arg=0x7fce94aa1070) at /data/src/10.0/sql/sql_connect.cc:1378
#16 0x0000000000761c6c in handle_one_connection (arg=0x7fce94aa1070) at /data/src/10.0/sql/sql_connect.cc:1293
#17 0x00000000009faa88 in pfs_spawn_thread (arg=0x7fce9498fa70) at /data/src/10.0/storage/perfschema/pfs.cc:1860
#18 0x00007fce9c8b20a4 in start_thread (arg=0x7fce9cc2d700) at pthread_create.c:309
#19 0x00007fce9aa6a87d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

MTR test (run with --repeat=N)
DROP TABLE IF EXISTS t1;

CREATE TABLE t1 (pk INT AUTO_INCREMENT PRIMARY KEY) ENGINE=MyISAM;
INSERT INTO t1 () VALUES
(),(),(),(),(),(),(),(),(),(),(),(),(),(),(),(),(),(),(),(),
(),(),(),(),(),(),(),(),(),(),(),(),(),(),(),(),(),(),(),(),
(),(),(),(),(),(),(),(),(),(),(),(),(),(),(),(),(),(),(),(),
(),(),(),(),(),(),(),(),(),(),(),(),(),(),(),(),(),(),(),(),
(),(),(),(),(),(),(),(),(),(),(),(),(),(),(),(),(),(),(),();

--connect (con1,127.0.0.1,root,,test)
--send
SELECT * FROM t1;

--connect (con2,127.0.0.1,root,,test)
SELECT DISTINCT DEFAULT( `pk` ) FROM t1 GROUP BY @A := 1 WITH ROLLUP;

--connection con1
--reap

--disconnect con1
--disconnect con2

--connection default
DROP TABLE t1;

Reproducible on 10.0, 10.1.
Not reproducible on 5.5.
Not reproducible with this test on 10.2, but see ~~MDEV-10806~~.

[MDEV-10780] Server crashes in in create_tmp_table Created: 2016-09-09 Updated: 2022-04-15 Resolved: 2016-11-10
Status:	Closed
Project:	MariaDB Server
Component/s:	Data Definition - Temporary
Affects Version/s:	10.0, 10.1
Fix Version/s:	10.0.29, 10.1.20, 10.2.3

[MDEV-10780] Server crashes in in create_tmp_table Created: 2016-09-09 Updated: 2022-04-15 Resolved: 2016-11-10