Bug #32482 crash with GROUP BY alias_of_user_variable WITH ROLLUP
Submitted: 18 Nov 2007 17:45 Modified: 14 Jan 2008 19:09
Reporter: Takashi Ichii Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: DML Severity:S2 (Serious)
Version:5.1.22-rc-log OS:Linux
Assigned to: Evgeny Potemkin CPU Architecture:Any
Tags: Contribution, got signal 11, user variable, with rollup

[18 Nov 2007 17:45] Takashi Ichii
Description:
"SELECT @i := 1 AS j FROM foo GROUP BY j WITH ROLLUP" query crashes mysqld with the following error:

071119  2:07:07 - mysqld got signal 11;
This could be because you hit a bug. It is also possible that this binary
or one of the libraries it was linked against is corrupt, improperly built,
or misconfigured. This error can also be caused by malfunctioning hardware.
We will try our best to scrape up some info that will hopefully help diagnose
the problem, but since we have already crashed, something is definitely wrong
and this may fail.

key_buffer_size=8388600
read_buffer_size=131072
max_used_connections=1
max_threads=151
threads_connected=1
It is possible that mysqld could use up to
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 337619 K
bytes of memory
Hope that's ok; if not, decrease some variables in the equation.

thd: 0x9ef4178
Attempting backtrace. You can use the following information to find out
where mysqld died. If you see no messages after this, something went
terribly wrong...
Cannot determine thread, fp=0xb, backtrace may not be correct.
Bogus stack limit or frame pointer, fp=0xb, stack_bottom=0xaa550000, thread_stack=196608, aborting backtrace.
Trying to get some variables.
Some pointers may be invalid and cause the dump to abort...
thd->query at 0x9f400b8 = select @i := 0 as j from foo group by j with rollup
thd->thread_id=1
The manual page at http://www.mysql.com/doc/en/Crashing.html contains
information that should help you find out what is causing the crash.

server has 2Gbytes memory, so not out of memory. and, never crash with mysql-5.0.45-log.

How to repeat:
mysql> create table foo (bar int);
Query OK, 0 rows affected (0.00 sec)

mysql> insert into foo (bar) values (1), (2);
Query OK, 2 rows affected (0.00 sec)
Records: 2  Duplicates: 0  Warnings: 0

mysql> select @i := 0 as j from foo group by j with rollup;
ERROR 2013 (HY000): Lost connection to MySQL server during query

note: if foo is empty (before insert), it doesn't happen to crash.
[19 Nov 2007 7:40] Sveta Smirnova
Thank you for the report.

Verified as described.
[22 Nov 2007 9:52] Sergei Golubchik
the patch: http://lists.mysql.com/internals/35177
[7 Dec 2007 14:34] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/39532

ChangeSet@1.2671, 2007-12-07 16:28:44+03:00, evgen@moonbone.local +3 -0
  Bug#32482: Unchecked NULL caused server crash.
  
  The Item_func_set_user_var::register_field_in_read_map() wasn't checking 
  the result_filed to being null. This led to a server crash on queries which
  has ordering by such field and which don't employ temporary table.
  
  The Item_func_set_user_var::register_field_in_read_map() now checks the
  result_field to be not null.
[7 Dec 2007 21:00] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/39573

ChangeSet@1.2671, 2007-12-07 22:54:47+03:00, evgen@moonbone.local +3 -0
  Bug#32482: Crash for a query with ORDER BY a user variable.
  
  The Item_func_set_user_var::register_field_in_read_map() did not check 
  that the result_field was null.This caused server crashes for queries that
  required order by such a field and were executed without using a temporary
  table.
  
  The Item_func_set_user_var::register_field_in_read_map() now checks the
  result_field to be not null.
[14 Dec 2007 8:17] Bugs System
Pushed into 5.1.23-rc
[14 Dec 2007 8:20] Bugs System
Pushed into 6.0.5-alpha
[14 Jan 2008 19:09] Jon Stephens
Documented bugfix in the 5.1.23 and 6.0.5 changelogs as follows:

      A query of the form SELECT @user_variable := constant AS alias
      FROM table GROUP BY alias WITH ROLLUP crashed the server.