Bug #85070 handle_fatal_signal (sig=11) in Gcalc_operation_reducer::free_result
Submitted: 20 Feb 2017 6:09 Modified: 20 Feb 2017 6:40
Reporter: Roel Van de Paar Email Updates:
Status: Duplicate Impact on me:
None 
Category:MySQL Server: GIS Severity:S1 (Critical)
Version:5.6.35 OS:Any
Assigned to: CPU Architecture:Any

[20 Feb 2017 6:09] Roel Van de Paar 
Description:
Core was generated by `/sda/MS020217-mysql-5.6.35-linux-x86_64-debug/bin/mysqld --no-defaults --core -'.
Program terminated with signal 11, Segmentation fault.
#0  0x00007fd4e615b741 in __pthread_kill (threadid=<optimized out>, signo=11) at ../nptl/sysdeps/unix/sysv/linux/pthread_kill.c:61
61        val = INTERNAL_SYSCALL (tgkill, err, 3, THREAD_GETMEM (THREAD_SELF, pid),
(gdb) bt
#0  0x00007fd4e615b741 in __pthread_kill (threadid=<optimized out>, signo=11) at ../nptl/sysdeps/unix/sysv/linux/pthread_kill.c:61
#1  0x0000000000a9cf79 in my_write_core (sig=11) at /git/MS-5.6.35_dbg/mysys/stacktrace.c:424
#2  0x000000000072c620 in handle_fatal_signal (sig=11) at /git/MS-5.6.35_dbg/sql/signal_handler.cc:230
#3  <signal handler called>
#4  0x000000000092ecd3 in Gcalc_operation_reducer::free_result (this=0x7fd4a1c20c30, res=0x7fd4a1c7d318) at /git/MS-5.6.35_dbg/sql/gcalc_tools.cc:1099
#5  0x000000000092d0dc in Gcalc_operation_reducer::get_result_thread (this=0x7fd4a1c20c30, cur=0x7fd4a1c7d318, storage=0x7fd4a1c20bc8, move_upward=1)
    at /git/MS-5.6.35_dbg/sql/gcalc_tools.cc:1164
#6  0x000000000092d280 in Gcalc_operation_reducer::get_line_result (this=0x7fd4a1c20c30, cur=0x7fd4a1c7d2c8, storage=0x7fd4a1c20bc8) at /git/MS-5.6.35_dbg/sql/gcalc_tools.cc:1206
#7  0x000000000092d6ba in Gcalc_operation_reducer::get_result (this=0x7fd4a1c20c30, storage=0x7fd4a1c20bc8) at /git/MS-5.6.35_dbg/sql/gcalc_tools.cc:1301
#8  0x00000000006cc61c in Item_func_spatial_operation::val_str (this=0x7fd4a1c20a48, str_value=0x7fd4e674bb80) at /git/MS-5.6.35_dbg/sql/item_geofunc.cc:1061
#9  0x00000000006c930a in Item_func_as_wkt::val_str_ascii (this=0x7fd4a1c20db0, str=0x7fd4e674bd40) at /git/MS-5.6.35_dbg/sql/item_geofunc.cc:146
#10 0x00000000006d311c in Item_str_func::val_str_from_val_str_ascii (this=0x7fd4a1c20db0, str=0x7fd4e674bd40, str2=0x7fd4a1c20e80) at /git/MS-5.6.35_dbg/sql/item_strfunc.cc:78
#11 0x00000000006a0396 in Item_str_ascii_func::val_str (this=0x7fd4a1c20db0, str=0x7fd4e674bd40) at /git/MS-5.6.35_dbg/sql/item_strfunc.h:81
#12 0x00000000006666cd in Item::send (this=0x7fd4a1c20db0, protocol=0x7fd4bdb874d8, buffer=0x7fd4e674bd40) at /git/MS-5.6.35_dbg/sql/item.cc:6898
#13 0x0000000000724484 in Protocol::send_result_set_row (this=0x7fd4bdb874d8, row_items=0x7fd4bdb895f0) at /git/MS-5.6.35_dbg/sql/protocol.cc:844
#14 0x0000000000791f15 in select_send::send_data (this=0x7fd4a1c87010, items=...) at /git/MS-5.6.35_dbg/sql/sql_class.cc:2543
#15 0x00000000007a78fa in JOIN::exec (this=0x7fd4a1c87038) at /git/MS-5.6.35_dbg/sql/sql_executor.cc:151
#16 0x0000000000807fb7 in mysql_execute_select (thd=0x7fd4bdb87000, select_lex=0x7fd4bdb894d0, free_join=true) at /git/MS-5.6.35_dbg/sql/sql_select.cc:1101
#17 0x00000000008082a9 in mysql_select (thd=0x7fd4bdb87000, tables=0x0, wild_num=0, fields=..., conds=0x0, order=0x7fd4bdb89698, group=0x7fd4bdb895d0, having=0x0,
    select_options=2147748608, result=0x7fd4a1c87010, unit=0x7fd4bdb88e88, select_lex=0x7fd4bdb894d0) at /git/MS-5.6.35_dbg/sql/sql_select.cc:1222
#18 0x0000000000806391 in handle_select (thd=0x7fd4bdb87000, result=0x7fd4a1c87010, setup_tables_done_option=0) at /git/MS-5.6.35_dbg/sql/sql_select.cc:110
#19 0x00000000007e0488 in execute_sqlcom_select (thd=0x7fd4bdb87000, all_tables=0x0) at /git/MS-5.6.35_dbg/sql/sql_parse.cc:5181
#20 0x00000000007d918f in mysql_execute_command (thd=0x7fd4bdb87000) at /git/MS-5.6.35_dbg/sql/sql_parse.cc:2689
#21 0x00000000007e2ff8 in mysql_parse (thd=0x7fd4bdb87000,
    rawbuf=0x7fd4a1c1f010 "SELECT ST_ASTEXT(ST_SYMDIFFERENCE(LINESTRING(POINT(0,0),POINT(POW(2,32),POW(2,32)),POINT(POW(2,32),70)),ST_ENVELOPE(LINESTRING(POINT(POW(2,64),POWER(2,64)),POINT(4294967211,0)))))", length=179, parser_state=0x7fd4e674d590) at /git/MS-5.6.35_dbg/sql/sql_parse.cc:6433
#22 0x00000000007d6110 in dispatch_command (command=COM_QUERY, thd=0x7fd4bdb87000, packet=0x7fd4bdb6b001 "", packet_length=179) at /git/MS-5.6.35_dbg/sql/sql_parse.cc:1372
#23 0x00000000007d50d4 in do_command (thd=0x7fd4bdb87000) at /git/MS-5.6.35_dbg/sql/sql_parse.cc:1039
#24 0x000000000079ca7c in do_handle_one_connection (thd_arg=0x7fd4bdb87000) at /git/MS-5.6.35_dbg/sql/sql_connect.cc:982
#25 0x000000000079c7ec in handle_one_connection (arg=0x7fd4bdb87000) at /git/MS-5.6.35_dbg/sql/sql_connect.cc:899
#26 0x0000000000ae9335 in pfs_spawn_thread (arg=0x7fd4e2bf46a0) at /git/MS-5.6.35_dbg/storage/perfschema/pfs.cc:1860
#27 0x00007fd4e6156dc5 in start_thread (arg=0x7fd4e674e700) at pthread_create.c:308
#28 0x00007fd4e47b973d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113

How to repeat:
DROP DATABASE test;
SET @@session.query_alloc_block_size=20000;
SELECT ST_ASTEXT(ST_BUFFER(ST_GEOMFROMTEXT('POLYGON((0 0,0 10,10 10,10 0,0 0),(4 4,4 6,6 6,6 4,4 4))'),-2));
SELECT ST_ASTEXT(ST_SYMDIFFERENCE(LINESTRING(POINT(0,0),POINT(POW(2,32),POW(2,32)),POINT(POW(2,32),70)),ST_ENVELOPE(LINESTRING(POINT(POW(2,64),POWER(2,64)),POINT(4294967211,0)))));
[20 Feb 2017 6:26] MySQL Verification Team 
This is the third duplicate I've seen.
https://bugs.mysql.com/bug.php?id=84834
[20 Feb 2017 6:38] MySQL Verification Team 
Thank you Shane, this looks like duplicate of Bug #84834
[20 Feb 2017 6:40] Roel Van de Paar 
Thank you. The stack is slightly different so our filter didn't pick it up.