[MDEV-28945] SIGSEGV in AGGR_OP::put_record and Assertion `aggr != __null' failed in sub_select_postjoin_aggr Created: 2022-06-25  Updated: 2023-10-14  Resolved: 2023-10-14

Status: Closed
Project: MariaDB Server
Component/s: Optimizer, Optimizer - Window functions, Storage Engine - InnoDB
Affects Version/s: 10.4, 10.5, 10.6, 10.7, 10.8, 10.9, 10.10, 10.11
Fix Version/s: N/A

Type: Bug Priority: Critical
Reporter: Roel Van de Paar Assignee: Unassigned
Resolution: Cannot Reproduce Votes: 0
Labels: not-10.3, regression-10.4

Issue Links:
Relates
relates to MDEV-23809 Server crash in JOIN_CACHE::free or i... Closed
relates to MDEV-25761 Assertion `aggr != __null' failed in ... Closed

 Description    

CREATE TABLE t(c INT) ENGINE=InnoDB;
 
INSERT INTO t(c) VALUES (0);
 
SELECT * FROM t WHERE(c,c)<(0,(SELECT 1 FROM t WINDOW y AS(PARTITION BY c AND 1 BETWEEN (SELECT 1 FROM t AS v WINDOW z AS(PARTITION BY c AND + 1 BETWEEN(SELECT c GROUP BY c>c + 1 WINDOW d AS(PARTITION BY c)) AND 0)) AND 0)));

Leads to:

10.10.0 081a284712bb661349e2e3802077b12211cede3e (Optimized)

 
Core was generated by `/test/MD310522-mariadb-10.10.0-linux-x86_64-opt/bin/mysqld --no-defaults --core'.
 
Program terminated with signal SIGSEGV, Segmentation fault.
 
#0  0x0000558f9422dcc0 in AGGR_OP::put_record (this=0x0, end_of_records=false)
 
    at /test/10.10_opt/sql/sql_select.cc:29576
 
[Current thread is 1 (Thread 0x14df582a9700 (LWP 755745))]
 
(gdb) bt
 
#0  0x0000558f9422dcc0 in AGGR_OP::put_record (this=0x0, end_of_records=false) at /test/10.10_opt/sql/sql_select.cc:29576
 
#1  0x0000558f941f8173 in evaluate_join_record (join=join@entry=0x14df2c048a28, join_tab=join_tab@entry=0x14df2c053540, error=<optimized out>) at /test/10.10_opt/sql/sql_select.cc:21421
 
#2  0x0000558f9420aebb in sub_select (end_of_records=false, join_tab=0x14df2c053540, join=0x14df2c048a28) at /test/10.10_opt/sql/sql_select.cc:21191
 
#3  sub_select (join=0x14df2c048a28, join_tab=0x14df2c053540, end_of_records=false) at /test/10.10_opt/sql/sql_select.cc:21120
 
#4  0x0000558f94237681 in do_select (procedure=<optimized out>, join=0x14df2c048a28) at /test/10.10_opt/sql/sql_select.cc:20736
 
#5  JOIN::exec_inner (this=0x14df2c048a28) at /test/10.10_opt/sql/sql_select.cc:4786
 
#6  0x0000558f94237a48 in JOIN::exec (this=0x14df2c048a28) at /test/10.10_opt/sql/sql_select.cc:4564
 
#7  0x0000558f944d8d46 in subselect_single_select_engine::exec (this=0x14df2c0474a0) at /test/10.10_opt/sql/item_subselect.cc:4144
 
#8  0x0000558f944d839c in Item_subselect::exec (this=0x14df2c047318) at /test/10.10_opt/sql/item_subselect.cc:854
 
#9  0x0000558f944d9887 in Item_singlerow_subselect::bring_value (this=0x14df2c047318) at /test/10.10_opt/sql/item_subselect.cc:1462
 
#10 0x0000558f944a0f66 in Item_row::bring_value (this=0x14df2c047518) at /test/10.10_opt/sql/item_row.cc:179
 
#11 0x0000558f94415fa0 in Item_cache_row::bring_value (this=0x14df2c059550) at /test/10.10_opt/sql/item.cc:10651
 
#12 0x0000558f94436e27 in Arg_comparator::compare_row (this=0x14df2c047670) at /test/10.10_opt/sql/item_cmpfunc.cc:1050
 
#13 0x0000558f94437254 in Arg_comparator::compare (this=0x14df2c047670) at /test/10.10_opt/sql/item_cmpfunc.h:103
 
#14 Item_func_lt::val_int (this=0x14df2c0475c0) at /test/10.10_opt/sql/item_cmpfunc.cc:1817
 
#15 0x0000558f941f7fa1 in evaluate_join_record (join=join@entry=0x14df2c0480f0, join_tab=join_tab@entry=0x14df2c058ca0, error=<optimized out>) at /test/10.10_opt/sql/sql_select.cc:21289
 
#16 0x0000558f9420aebb in sub_select (end_of_records=false, join_tab=0x14df2c058ca0, join=0x14df2c0480f0) at /test/10.10_opt/sql/sql_select.cc:21191
 
#17 sub_select (join=0x14df2c0480f0, join_tab=0x14df2c058ca0, end_of_records=false) at /test/10.10_opt/sql/sql_select.cc:21120
 
#18 0x0000558f94237681 in do_select (procedure=<optimized out>, join=0x14df2c0480f0) at /test/10.10_opt/sql/sql_select.cc:20736
 
#19 JOIN::exec_inner (this=0x14df2c0480f0) at /test/10.10_opt/sql/sql_select.cc:4786
 
#20 0x0000558f94237a48 in JOIN::exec (this=this@entry=0x14df2c0480f0) at /test/10.10_opt/sql/sql_select.cc:4564
 
#21 0x0000558f94235c51 in mysql_select (thd=0x14df2c000c58, tables=0x14df2c010f08, fields=@0x14df2c010bd0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14df2c010ec0, last = 0x14df2c010ec0, elements = 1}, <No data fields>}, conds=0x14df2c0475c0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x14df2c0480c8, unit=0x14df2c004cb8, select_lex=0x14df2c010930) at /test/10.10_opt/sql/sql_select.cc:5044
 
#22 0x0000558f94236397 in handle_select (thd=thd@entry=0x14df2c000c58, lex=lex@entry=0x14df2c004be0, result=result@entry=0x14df2c0480c8, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.10_opt/sql/sql_select.cc:578
 
#23 0x0000558f941b99b1 in execute_sqlcom_select (thd=0x14df2c000c58, all_tables=0x14df2c010f08) at /test/10.10_opt/sql/sql_parse.cc:6260
 
#24 0x0000558f941c752d in mysql_execute_command (thd=0x14df2c000c58, is_called_from_prepared_stmt=<optimized out>) at /test/10.10_opt/sql/sql_parse.cc:3944
 
#25 0x0000558f941b4bb5 in mysql_parse (rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, thd=0x14df2c000c58) at /test/10.10_opt/sql/sql_parse.cc:8036
 
#26 mysql_parse (thd=0x14df2c000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/10.10_opt/sql/sql_parse.cc:7958
 
#27 0x0000558f941c06ca in dispatch_command (command=COM_QUERY, thd=0x14df2c000c58, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/10.10_opt/sql/sql_class.h:1364
 
#28 0x0000558f941c25f2 in do_command (thd=0x14df2c000c58, blocking=blocking@entry=true) at /test/10.10_opt/sql/sql_parse.cc:1407
 
#29 0x0000558f942d88af in do_handle_one_connection (connect=<optimized out>, connect@entry=0x558f96be1ef8, put_in_cache=put_in_cache@entry=true) at /test/10.10_opt/sql/sql_connect.cc:1418
 
#30 0x0000558f942d8b8d in handle_one_connection (arg=0x558f96be1ef8) at /test/10.10_opt/sql/sql_connect.cc:1312
 
#31 0x000014df84d3e609 in start_thread (arg=<optimized out>) at pthread_create.c:477
 
#32 0x000014df8492a133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

10.10.0 081a284712bb661349e2e3802077b12211cede3e (Debug)

 
mysqld: /test/10.10_dbg/sql/sql_select.cc:20888: enum_nested_loop_state sub_select_postjoin_aggr(JOIN*, JOIN_TAB*, bool): Assertion `aggr != __null' failed.

10.10.0 081a284712bb661349e2e3802077b12211cede3e (Debug)

 
Core was generated by `/test/MD310522-mariadb-10.10.0-linux-x86_64-dbg/bin/mysqld --no-defaults --core'.
 
Program terminated with signal SIGABRT, Aborted.
 
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
 
[Current thread is 1 (Thread 0x152d0a60d700 (LWP 755900))]
 
(gdb) bt
 
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
 
#1  0x0000152d26d88859 in __GI_abort () at abort.c:79
 
#2  0x0000152d26d88729 in __assert_fail_base (fmt=0x152d26f1e588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x55852f7e92c2 "aggr != __null", file=0x55852f7e9768 "/test/10.10_dbg/sql/sql_select.cc", line=20888, function=<optimized out>) at assert.c:92
 
#3  0x0000152d26d99fd6 in __GI___assert_fail (assertion=assertion@entry=0x55852f7e92c2 "aggr != __null", file=file@entry=0x55852f7e9768 "/test/10.10_dbg/sql/sql_select.cc", line=line@entry=20888, function=function@entry=0x55852f7ec838 "enum_nested_loop_state sub_select_postjoin_aggr(JOIN*, JOIN_TAB*, bool)") at assert.c:101
 
#4  0x000055852ec71bb3 in sub_select_postjoin_aggr (join=0x152cd406f9b8, join_tab=0x152cd407d850, end_of_records=<optimized out>) at /test/10.10_dbg/sql/sql_select.cc:20888
 
#5  0x000055852ec3502e in evaluate_join_record (join=join@entry=0x152cd406f9b8, join_tab=join_tab@entry=0x152cd407d4a0, error=error@entry=0) at /test/10.10_dbg/sql/sql_select.cc:21421
 
#6  0x000055852ec4a999 in sub_select (join=0x152cd406f9b8, join_tab=0x152cd407d4a0, end_of_records=false) at /test/10.10_dbg/sql/sql_select.cc:21191
 
#7  0x000055852ec7e27b in do_select (procedure=<optimized out>, join=0x152cd406f9b8) at /test/10.10_dbg/sql/sql_select.cc:20736
 
#8  JOIN::exec_inner (this=this@entry=0x152cd406f9b8) at /test/10.10_dbg/sql/sql_select.cc:4786
 
#9  0x000055852ec7e814 in JOIN::exec (this=0x152cd406f9b8) at /test/10.10_dbg/sql/sql_select.cc:4564
 
#10 0x000055852efe4e22 in subselect_single_select_engine::exec (this=0x152cd406e430) at /test/10.10_dbg/sql/item_subselect.cc:4144
 
#11 0x000055852efe4470 in Item_subselect::exec (this=0x152cd406e2a8) at /test/10.10_dbg/sql/item_subselect.cc:854
 
#12 0x000055852efe235d in Item_singlerow_subselect::bring_value (this=0x152cd406e2a8) at /test/10.10_dbg/sql/item_subselect.cc:1462
 
#13 0x000055852efa892a in Item_row::bring_value (this=0x152cd406e4a8) at /test/10.10_dbg/sql/item_row.cc:179
 
#14 0x000055852eeefd3a in Item_cache_row::bring_value (this=0x152cd40832f0) at /test/10.10_dbg/sql/item.cc:10651
 
#15 0x000055852ef1eb4f in Arg_comparator::compare_row (this=0x152cd406e600) at /test/10.10_dbg/sql/item_cmpfunc.cc:1050
 
#16 0x000055852ef1efb6 in Arg_comparator::compare (this=0x152cd406e600) at /test/10.10_dbg/sql/item_cmpfunc.h:103
 
#17 Item_func_lt::val_int (this=0x152cd406e550) at /test/10.10_dbg/sql/item_cmpfunc.cc:1817
 
#18 0x000055852ec34d76 in evaluate_join_record (join=join@entry=0x152cd406f080, join_tab=join_tab@entry=0x152cd40829b0, error=error@entry=0) at /test/10.10_dbg/sql/sql_select.cc:21289
 
#19 0x000055852ec4a999 in sub_select (join=0x152cd406f080, join_tab=0x152cd40829b0, end_of_records=false) at /test/10.10_dbg/sql/sql_select.cc:21191
 
#20 0x000055852ec7e27b in do_select (procedure=<optimized out>, join=0x152cd406f080) at /test/10.10_dbg/sql/sql_select.cc:20736
 
#21 JOIN::exec_inner (this=this@entry=0x152cd406f080) at /test/10.10_dbg/sql/sql_select.cc:4786
 
#22 0x000055852ec7e814 in JOIN::exec (this=this@entry=0x152cd406f080) at /test/10.10_dbg/sql/sql_select.cc:4564
 
#23 0x000055852ec7c598 in mysql_select (thd=thd@entry=0x152cd4000db8, tables=0x152cd4014428, fields=@0x152cd40140f0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x152cd40143e0, last = 0x152cd40143e0, elements = 1}, <No data fields>}, conds=0x152cd406e550, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x152cd406f058, unit=0x152cd4004fd8, select_lex=0x152cd4013e50) at /test/10.10_dbg/sql/sql_select.cc:5044
 
#24 0x000055852ec7cd8e in handle_select (thd=thd@entry=0x152cd4000db8, lex=lex@entry=0x152cd4004f00, result=result@entry=0x152cd406f058, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.10_dbg/sql/sql_select.cc:578
 
#25 0x000055852ebe8b5e in execute_sqlcom_select (thd=thd@entry=0x152cd4000db8, all_tables=0x152cd4014428) at /test/10.10_dbg/sql/sql_parse.cc:6260
 
#26 0x000055852ebf4e70 in mysql_execute_command (thd=thd@entry=0x152cd4000db8, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.10_dbg/sql/sql_parse.cc:3944
 
#27 0x000055852ebe2e3a in mysql_parse (thd=thd@entry=0x152cd4000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x152d0a60c470) at /test/10.10_dbg/sql/sql_parse.cc:8036
 
#28 0x000055852ebf0422 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x152cd4000db8, packet=packet@entry=0x152cd400b6d9 "", packet_length=packet_length@entry=224, blocking=blocking@entry=true) at /test/10.10_dbg/sql/sql_class.h:1364
 
#29 0x000055852ebf2b2c in do_command (thd=0x152cd4000db8, blocking=blocking@entry=true) at /test/10.10_dbg/sql/sql_parse.cc:1407
 
#30 0x000055852ed523c0 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55853124fa28, put_in_cache=put_in_cache@entry=true) at /test/10.10_dbg/sql/sql_connect.cc:1418
 
#31 0x000055852ed528c9 in handle_one_connection (arg=0x55853124fa28) at /test/10.10_dbg/sql/sql_connect.cc:1312
 
#32 0x0000152d27299609 in start_thread (arg=<optimized out>) at pthread_create.c:477
 
#33 0x0000152d26e85133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Bug confirmed present in:
MariaDB: 10.4.26 (dbg), 10.4.26 (opt), 10.5.17 (dbg), 10.5.17 (opt), 10.6.9 (dbg), 10.6.9 (opt), 10.7.5 (dbg), 10.7.5 (opt), 10.8.4 (dbg), 10.8.4 (opt), 10.9.2 (dbg), 10.9.2 (opt), 10.10.0 (dbg), 10.10.0 (opt)

Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.3.36 (dbg), 10.3.36 (opt)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.38 (dbg), 5.7.38 (opt), 8.0.29 (dbg), 8.0.29 (opt)

 Comments   
Comment by Sergei Petrunia [ 2022-08-09 ]

Note: this is not fixed by MDEV-23809. Also, assert added in MDEV-23809 doesn't fire.

Comment by Roel Van de Paar [ 2022-09-15 ]

Additional testcase with 2 differing stacks

CREATE TEMPORARY TABLE t (c INT NOT NULL) ENGINE=CSV;
 
INSERT INTO t VALUES (1),(2),(3),(4);
 
SELECT * FROM t WHERE (c,c)< (0, (SELECT 1 FROM t WINDOW y AS (PARTITION BY c AND 1 BETWEEN (SELECT 1 FROM t AS v WINDOW z AS (PARTITION BY c AND + 1 BETWEEN (SELECT c GROUP BY c>c + 1 WINDOW d AS (PARTITION BY c)) AND 0)) AND 0)));

Leads to:

10.11.0 bc563f1a4b0b38de3b41fd0f0d3d8b7f1aacbd8b (Optimized)

 
Core was generated by `/test/MD190822-mariadb-10.11.0-linux-x86_64-opt/bin/mysqld --no-defaults --core'.
 
Program terminated with signal SIGSEGV, Segmentation fault.
 
#0  0x0000564fd01e139d in AGGR_OP::end_send (this=0x0)
 
    at /test/10.11_opt/sql/sql_select.cc:30167
 
[Current thread is 1 (Thread 0x14f10807b700 (LWP 1540940))]
 
(gdb) bt
 
#0  0x0000564fd01e139d in AGGR_OP::end_send (this=0x0) at /test/10.11_opt/sql/sql_select.cc:30167
 
#1  0x0000564fd01e1790 in sub_select_postjoin_aggr (join=0x14f06001c378, join_tab=0x14f060034888, end_of_records=<optimized out>) at /test/10.11_opt/sql/sql_select.cc:21473
 
#2  0x0000564fd01ea9ff in do_select (procedure=<optimized out>, join=0x14f06001c378) at /test/10.11_opt/sql/sql_select.cc:21310
 
#3  JOIN::exec_inner (this=0x14f06001c378) at /test/10.11_opt/sql/sql_select.cc:4812
 
#4  0x0000564fd01eaf68 in JOIN::exec (this=0x14f06001c378) at /test/10.11_opt/sql/sql_select.cc:4590
 
#5  0x0000564fd048df56 in subselect_single_select_engine::exec (this=0x14f06001ade0) at /test/10.11_opt/sql/item_subselect.cc:4144
 
#6  0x0000564fd048d5ac in Item_subselect::exec (this=0x14f06001ac58) at /test/10.11_opt/sql/item_subselect.cc:854
 
#7  0x0000564fd048ea97 in Item_singlerow_subselect::bring_value (this=0x14f06001ac58) at /test/10.11_opt/sql/item_subselect.cc:1462
 
#8  0x0000564fd0455c96 in Item_row::bring_value (this=0x14f06001ae58) at /test/10.11_opt/sql/item_row.cc:179
 
#9  0x0000564fd03caac0 in Item_cache_row::bring_value (this=0x14f0600372c8) at /test/10.11_opt/sql/item.cc:10669
 
#10 0x0000564fd03eb9b7 in Arg_comparator::compare_row (this=0x14f06001afb0) at /test/10.11_opt/sql/item_cmpfunc.cc:1063
 
#11 0x0000564fd03ebde4 in Arg_comparator::compare (this=0x14f06001afb0) at /test/10.11_opt/sql/item_cmpfunc.h:103
 
#12 Item_func_lt::val_int (this=0x14f06001af00) at /test/10.11_opt/sql/item_cmpfunc.cc:1830
 
#13 0x0000564fd01aa301 in evaluate_join_record (join=join@entry=0x14f06001ba18, join_tab=join_tab@entry=0x14f06003a0d0, error=<optimized out>) at /test/10.11_opt/sql/sql_select.cc:21861
 
#14 0x0000564fd01bbfeb in sub_select (end_of_records=false, join_tab=0x14f06003a0d0, join=0x14f06001ba18) at /test/10.11_opt/sql/sql_select.cc:21763
 
#15 sub_select (join=0x14f06001ba18, join_tab=0x14f06003a0d0, end_of_records=false) at /test/10.11_opt/sql/sql_select.cc:21692
 
#16 0x0000564fd01eaba1 in do_select (procedure=<optimized out>, join=0x14f06001ba18) at /test/10.11_opt/sql/sql_select.cc:21308
 
#17 JOIN::exec_inner (this=0x14f06001ba18) at /test/10.11_opt/sql/sql_select.cc:4812
 
#18 0x0000564fd01eaf68 in JOIN::exec (this=this@entry=0x14f06001ba18) at /test/10.11_opt/sql/sql_select.cc:4590
 
#19 0x0000564fd01e9171 in mysql_select (thd=0x14f060000c58, tables=0x14f060010f20, fields=@0x14f060010be8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14f060010ed8, last = 0x14f060010ed8, elements = 1}, <No data fields>}, conds=0x14f06001af00, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x14f06001b9f0, unit=0x14f060004cd0, select_lex=0x14f060010948) at /test/10.11_opt/sql/sql_select.cc:5070
 
#20 0x0000564fd01e98b7 in handle_select (thd=thd@entry=0x14f060000c58, lex=lex@entry=0x14f060004bf8, result=result@entry=0x14f06001b9f0, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.11_opt/sql/sql_select.cc:581
 
#21 0x0000564fd016b5b1 in execute_sqlcom_select (thd=0x14f060000c58, all_tables=0x14f060010f20) at /test/10.11_opt/sql/sql_parse.cc:6261
 
#22 0x0000564fd01791f8 in mysql_execute_command (thd=0x14f060000c58, is_called_from_prepared_stmt=<optimized out>) at /test/10.11_opt/sql/sql_parse.cc:3945
 
#23 0x0000564fd01667b5 in mysql_parse (rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, thd=0x14f060000c58) at /test/10.11_opt/sql/sql_parse.cc:8035
 
#24 mysql_parse (thd=0x14f060000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/10.11_opt/sql/sql_parse.cc:7957
 
#25 0x0000564fd01722ca in dispatch_command (command=COM_QUERY, thd=0x14f060000c58, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/10.11_opt/sql/sql_class.h:1339
 
#26 0x0000564fd01741f2 in do_command (thd=0x14f060000c58, blocking=blocking@entry=true) at /test/10.11_opt/sql/sql_parse.cc:1407
 
#27 0x0000564fd028c46f in do_handle_one_connection (connect=<optimized out>, connect@entry=0x564fd3dd5e98, put_in_cache=put_in_cache@entry=true) at /test/10.11_opt/sql/sql_connect.cc:1418
 
#28 0x0000564fd028c74d in handle_one_connection (arg=0x564fd3dd5e98) at /test/10.11_opt/sql/sql_connect.cc:1312
 
#29 0x000014f122eff609 in start_thread (arg=<optimized out>) at pthread_create.c:477
 
#30 0x000014f122aeb133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

10.11.0 bc563f1a4b0b38de3b41fd0f0d3d8b7f1aacbd8b (Debug)

 
mysqld: /test/10.11_dbg/sql/sql_select.cc:21460: enum_nested_loop_state sub_select_postjoin_aggr(JOIN*, JOIN_TAB*, bool): Assertion `aggr != __null' failed.

10.11.0 bc563f1a4b0b38de3b41fd0f0d3d8b7f1aacbd8b (Debug)

 
Core was generated by `/test/MD190822-mariadb-10.11.0-linux-x86_64-dbg/bin/mysqld --no-defaults --core'.
 
Program terminated with signal SIGABRT, Aborted.
 
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
 
[Current thread is 1 (Thread 0x1488f01ae700 (LWP 1543964))]
 
(gdb) bt
 
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
 
#1  0x000014891432f859 in __GI_abort () at abort.c:79
 
#2  0x000014891432f729 in __assert_fail_base (fmt=0x1489144c5588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x562a8ae3f57c "aggr != __null", file=0x562a8ae3fa20 "/test/10.11_dbg/sql/sql_select.cc", line=21460, function=<optimized out>) at assert.c:92
 
#3  0x0000148914340fd6 in __GI___assert_fail (assertion=assertion@entry=0x562a8ae3f57c "aggr != __null", file=file@entry=0x562a8ae3fa20 "/test/10.11_dbg/sql/sql_select.cc", line=line@entry=21460, function=function@entry=0x562a8ae42db8 "enum_nested_loop_state sub_select_postjoin_aggr(JOIN*, JOIN_TAB*, bool)") at assert.c:101
 
#4  0x0000562a8a2ca139 in sub_select_postjoin_aggr (join=0x14887c02efb0, join_tab=0x14887c03f7a8, end_of_records=<optimized out>) at /test/10.11_dbg/sql/sql_select.cc:21460
 
#5  0x0000562a8a2a05d7 in sub_select (join=0x14887c02efb0, join_tab=0x14887c03f3f0, end_of_records=true) at /test/10.11_dbg/sql/sql_select.cc:21707
 
#6  0x0000562a8a2d68c5 in do_select (procedure=<optimized out>, join=0x14887c02efb0) at /test/10.11_dbg/sql/sql_select.cc:21310
 
#7  JOIN::exec_inner (this=this@entry=0x14887c02efb0) at /test/10.11_dbg/sql/sql_select.cc:4812
 
#8  0x0000562a8a2d6e28 in JOIN::exec (this=0x14887c02efb0) at /test/10.11_dbg/sql/sql_select.cc:4590
 
#9  0x0000562a8a640722 in subselect_single_select_engine::exec (this=0x14887c02da10) at /test/10.11_dbg/sql/item_subselect.cc:4144
 
#10 0x0000562a8a63fd70 in Item_subselect::exec (this=0x14887c02d888) at /test/10.11_dbg/sql/item_subselect.cc:854
 
#11 0x0000562a8a63dc5d in Item_singlerow_subselect::bring_value (this=0x14887c02d888) at /test/10.11_dbg/sql/item_subselect.cc:1462
 
#12 0x0000562a8a603922 in Item_row::bring_value (this=0x14887c02da88) at /test/10.11_dbg/sql/item_row.cc:179
 
#13 0x0000562a8a54ab28 in Item_cache_row::bring_value (this=0x14887c045ea8) at /test/10.11_dbg/sql/item.cc:10669
 
#14 0x0000562a8a579979 in Arg_comparator::compare_row (this=0x14887c02dbe0) at /test/10.11_dbg/sql/item_cmpfunc.cc:1063
 
#15 0x0000562a8a579de0 in Arg_comparator::compare (this=0x14887c02dbe0) at /test/10.11_dbg/sql/item_cmpfunc.h:103
 
#16 Item_func_lt::val_int (this=0x14887c02db30) at /test/10.11_dbg/sql/item_cmpfunc.cc:1830
 
#17 0x0000562a8a28bddf in evaluate_join_record (join=join@entry=0x14887c02e648, join_tab=join_tab@entry=0x14887c0451b0, error=error@entry=0) at /test/10.11_dbg/sql/sql_select.cc:21861
 
#18 0x0000562a8a2a059f in sub_select (join=0x14887c02e648, join_tab=0x14887c0451b0, end_of_records=false) at /test/10.11_dbg/sql/sql_select.cc:21763
 
#19 0x0000562a8a2d688f in do_select (procedure=<optimized out>, join=0x14887c02e648) at /test/10.11_dbg/sql/sql_select.cc:21308
 
#20 JOIN::exec_inner (this=this@entry=0x14887c02e648) at /test/10.11_dbg/sql/sql_select.cc:4812
 
#21 0x0000562a8a2d6e28 in JOIN::exec (this=this@entry=0x14887c02e648) at /test/10.11_dbg/sql/sql_select.cc:4590
 
#22 0x0000562a8a2d4bac in mysql_select (thd=thd@entry=0x14887c000db8, tables=0x14887c014440, fields=@0x14887c014108: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14887c0143f8, last = 0x14887c0143f8, elements = 1}, <No data fields>}, conds=0x14887c02db30, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2164525824, result=0x14887c02e620, unit=0x14887c004ff0, select_lex=0x14887c013e68) at /test/10.11_dbg/sql/sql_select.cc:5070
 
#23 0x0000562a8a2d53a2 in handle_select (thd=thd@entry=0x14887c000db8, lex=lex@entry=0x14887c004f18, result=result@entry=0x14887c02e620, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.11_dbg/sql/sql_select.cc:581
 
#24 0x0000562a8a23f5a6 in execute_sqlcom_select (thd=thd@entry=0x14887c000db8, all_tables=0x14887c014440) at /test/10.11_dbg/sql/sql_parse.cc:6261
 
#25 0x0000562a8a24b8c7 in mysql_execute_command (thd=thd@entry=0x14887c000db8, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.11_dbg/sql/sql_parse.cc:3945
 
#26 0x0000562a8a239882 in mysql_parse (thd=thd@entry=0x14887c000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x1488f01ad330) at /test/10.11_dbg/sql/sql_parse.cc:8035
 
#27 0x0000562a8a246e6a in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14887c000db8, packet=packet@entry=0x14887c00b6e9 "", packet_length=packet_length@entry=231, blocking=blocking@entry=true) at /test/10.11_dbg/sql/sql_class.h:1339
 
#28 0x0000562a8a249574 in do_command (thd=0x14887c000db8, blocking=blocking@entry=true) at /test/10.11_dbg/sql/sql_parse.cc:1407
 
#29 0x0000562a8a3ab1da in do_handle_one_connection (connect=<optimized out>, connect@entry=0x562a8d8d0758, put_in_cache=put_in_cache@entry=true) at /test/10.11_dbg/sql/sql_connect.cc:1418
 
#30 0x0000562a8a3ab6e3 in handle_one_connection (arg=0x562a8d8d0758) at /test/10.11_dbg/sql/sql_connect.cc:1312
 
#31 0x0000148914840609 in start_thread (arg=<optimized out>) at pthread_create.c:477
 
#32 0x000014891442c133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Bug confirmed present in:
MariaDB: 10.4.27 (dbg), 10.4.27 (opt), 10.5.18 (dbg), 10.5.18 (opt), 10.6.10 (dbg), 10.6.10 (opt), 10.7.6 (dbg), 10.7.6 (opt), 10.8.5 (dbg), 10.8.5 (opt), 10.9.2 (dbg), 10.9.2 (opt), 10.10.2 (dbg), 10.10.2 (opt), 10.11.0 (dbg), 10.11.0 (opt)

Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.3.37 (dbg), 10.3.37 (opt)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.38 (dbg), 5.7.38 (opt), 8.0.29 (dbg), 8.0.29 (opt)

Comment by Alice Sherepa [ 2023-10-09 ]

not repeatable on current 10.4 (0c7af6a2a19343cb9d4fedbd7165b8f73bc4cf96)-11.2

Comment by Roel Van de Paar [ 2023-10-14 ]

Confirmed not reproducible anymore 10.4-11.3(905c3d61e18ae6222d0d195c43d335046eec65d9) dbg+opt.

Generated at Thu Feb 08 10:04:40 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.