[MDEV-32411] INSERT...SELECT+window func, SEGV at /mariadb-11.3.0/sql/field.h:902 Created: 2023-10-10  Updated: 2023-11-28

Status: Confirmed
Project: MariaDB Server
Component/s: Optimizer, Server
Affects Version/s: 10.5, 10.6, 10.9, 10.10, 10.11, 11.0, 11.1, 11.2, 11.3.0
Fix Version/s: 10.5, 10.6, 10.11, 11.0, 11.1, 11.2

Type: Bug Priority: Major
Reporter: Xin Wen Assignee: Oleg Smirnov
Resolution: Unresolved Votes: 0
Labels: None
Environment:

Ubuntu 20.04

Issue Links:
Relates
relates to MDEV-32410 make_aggr_tables_info: Use-After-Pois... Confirmed

 Description   

Run these queries in release build:

CREATE TABLE t0 ( c51 TEXT DEFAULT ( ATAN ( 109 ) ) ) ;
INSERT INTO t0 VALUES ( -19 ) , ( 122 ) ;
ALTER TABLE t0 MODIFY COLUMN c51 INT NOT NULL ;
INSERT INTO t0 VALUES ( -83 ) , ( ATAN ( -89 LIKE EXISTS ( SELECT ROW_NUMBER ( ) OVER ( PARTITION BY c51 ORDER BY CASE c51 WHEN -107 THEN COUNT( DISTINCT c51 , + TRIM( TRAILING c51 FROM '/{;sxMhm&X$8fg7_ga#RG+7,>%)qs`b-Z7_\\><_k\'ML' ) NOT IN ( RAND ( ) NOT BETWEEN 69 AND -122 ) ) - - COS ( t0 . c51 ) ELSE 39 END IS TRUE ) NOT IN ( 107 , 15 , 57 ) AS c1 ) ) ) ;

Will trigger Segmentation fault.
GDB info:
Thread 16 "mariadbd" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffd242e300 (LWP 3369)]
0x00000000013316dd in Field::type_std_attributes (this=0x6190000a3458) at /home/wx/mariadb-11.3.0/sql/field.h:902
902 return Type_std_attributes(type_numeric_attributes(), dtcollation());

#0 0x00000000013316dd in Field::type_std_attributes (this=0x619000159258) at /home/wx/mariadb-11.3.0/sql/field.h:902
#1 Item_field::set_field (this=0x6290000bc7e0, field_par=<optimized out>) at /home/wx/mariadb-11.3.0/sql/item.cc:3141
#2 0x000000000133122a in Item_field::Item_field (this=0x6290000bc7e0, thd=<optimized out>, f=<optimized out>) at /home/wx/mariadb-11.3.0/sql/item.cc:3046
#3 0x00000000015ef5ab in Item_sum::get_tmp_table_item (this=<optimized out>, thd=0x62b00016c218) at /home/wx/mariadb-11.3.0/sql/item_sum.cc:563
#4 0x0000000000c2f1a9 in change_refs_to_tmp_fields (thd=<optimized out>, ref_pointer_array=..., res_selected_fields=..., res_all_fields=..., elements=1, all_fields=...) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:28691
#5 JOIN::make_aggr_tables_info (this=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:3798
#6 0x0000000000bfc660 in JOIN::optimize_stage2 (this=0x6290000ba0c8) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:3438
#7 0x0000000000c13911 in JOIN::optimize_inner (this=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:2650
#8 0x0000000000bfc156 in JOIN::optimize (this=0x6290000ba0c8) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:1944
#9 0x0000000000ab5421 in st_select_lex::optimize_unflattened_subqueries (this=<optimized out>, const_only=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_lex.cc:4916
#10 0x0000000000a688a6 in mysql_insert (thd=<optimized out>, table_list=0x6290000915e0, fields=..., values_list=..., update_fields=..., update_values=..., duplic=<optimized out>, ignore=<optimized out>, result=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_insert.cc:875
#11 0x0000000000b36566 in mysql_execute_command (thd=0x62b00016c218, is_called_from_prepared_stmt=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:4417
#12 0x0000000000b1fe79 in mysql_parse (thd=thd@entry=0x62b00016c218, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, parser_state@entry=0x7fffd242ca80) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:7734
#13 0x0000000000b19069 in dispatch_command (command=<optimized out>, thd=0x62b00016c218, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:1893
#14 0x0000000000b20b71 in do_command (thd=0x62b00016c218, blocking=true) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:1406
#15 0x0000000000f03476 in do_handle_one_connection (connect=<optimized out>, put_in_cache=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_connect.cc:1445
#16 0x0000000000f02eb9 in handle_one_connection (arg=arg@entry=0x608001c51cb8) at /home/wx/mariadb-11.3.0/sql/sql_connect.cc:1347
#17 0x0000000001a00c1b in pfs_spawn_thread (arg=0x617000005498) at /home/wx/mariadb-11.3.0/storage/perfschema/pfs.cc:2201
#18 0x00007ffff79f7609 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
#19 0x00007ffff770f133 in clone () from /lib/x86_64-linux-gnu/libc.so.6

 Comments   
Comment by Alice Sherepa [ 2023-11-03 ]

This is probably related to MDEV-32410

CREATE TABLE t0 ( a int not null ) ;
 
INSERT INTO t0 VALUES ( EXISTS ( SELECT avg(3) OVER ( ORDER BY COUNT( DISTINCT a , hex(a))) ))  ;

on 10.4 - ERROR 42S22: Unknown column 'a' in 'order clause'
but 10.5-11.2:

Version: '10.5.23-MariaDB-debug-log'  
231103 15:43:55 [ERROR] mysqld got signal 11 ;
 
 
 
Server version: 10.5.23-MariaDB-debug-log source revision: b06ac9a8cd2146e89270cc2150d306d8ed1b33fb
 
 
 
sql/signal_handler.cc:241(handle_fatal_signal)[0x5617ed729dd8]
 
sigaction.c:0(__restore_rt)[0x7f962565b420]
 
sql/field.h:905(Field::type_std_attributes() const)[0x5617ed7e4370]
 
sql/item.cc:3103(Item_field::set_field(Field*))[0x5617ed79c922]
 
sql/item.cc:3012(Item_field::Item_field(THD*, Field*))[0x5617ed79b73d]
 
sql/item.h:3680(Item_temptable_field::Item_temptable_field(THD*, Field*))[0x5617ed09ac15]
 
sql/item_sum.cc:540(Item_sum::get_tmp_table_item(THD*))[0x5617ed9b1d99]
 
sql/sql_select.cc:26311(change_refs_to_tmp_fields(THD*, Bounds_checked_array<Item*>, List<Item>&, List<Item>&, unsigned int, List<Item>&))[0x5617ed076463]
 
sql/sql_select.cc:3507(JOIN::make_aggr_tables_info())[0x5617ecfcb84d]
 
sql/sql_select.cc:3146(JOIN::optimize_stage2())[0x5617ecfc70d8]
 
sql/sql_select.cc:2389(JOIN::optimize_inner())[0x5617ecfbf37f]
 
sql/sql_select.cc:1721(JOIN::optimize())[0x5617ecfb854d]
 
sql/sql_lex.cc:4848(st_select_lex::optimize_unflattened_subqueries(bool))[0x5617ece854d8]
 
sql/sql_insert.cc:850(mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicates, bool, select_result*))[0x5617ece361a7]
 
sql/sql_parse.cc:4641(mysql_execute_command(THD*))[0x5617ecf02275]
 
sql/sql_parse.cc:8120(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x5617ecf1a9bf]
 
sql/sql_parse.cc:1894(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x5617ecef03ed]
 
sql/sql_parse.cc:1375(do_command(THD*))[0x5617eceecd55]
 
sql/sql_connect.cc:1416(do_handle_one_connection(CONNECT*, bool))[0x5617ed34b9a3]
 
sql/sql_connect.cc:1320(handle_one_connection)[0x5617ed34b307]
 
perfschema/pfs.cc:2203(pfs_spawn_thread)[0x5617edfd7b02]
 
nptl/pthread_create.c:478(start_thread)[0x7f962564f609]
 
 
 
Query (0x62b0000852a8): INSERT INTO t0 VALUES ( EXISTS ( SELECT avg(3) OVER ( ORDER BY COUNT( DISTINCT a , hex(a))) ))

Generated at Thu Feb 08 10:31:09 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.