[MDEV-29283] Assertion `0' failed -or- Assertion `item->maybe_null()' failed - both in virtual void Type_handler_string_result::make_sort_key_part - on UPDATE ... ORDER BY ... LIMIT 0 Created: 2022-08-10  Updated: 2024-02-07

Status: Confirmed
Project: MariaDB Server
Component/s: None
Affects Version/s: 10.3, 10.4, 10.5, 10.6, 10.7, 10.8, 10.9, 10.10, 10.11, 11.0, 11.1
Fix Version/s: 10.4, 10.5, 10.6, 10.11, 11.0, 11.1

Type: Bug Priority: Major
Reporter: Ramesh Sivaraman Assignee: Oleksandr Byelkin
Resolution: Unresolved Votes: 0
Labels: debug, upstream-5.5

Issue Links:
Duplicate
is duplicated by MDEV-30371 Assertion `0' failed in Type_handler_... Closed
Relates
relates to MDEV-28686 Assertion `0' in Type_handler_string_... Confirmed
relates to MDEV-33392 Server crashes when using RANDOM_BYTE... Closed

 Description   

The stack is almost similar to MDEV-28686, but this test case also crashes the 10.3 build.

CREATE TABLE t(c CHAR (1)KEY ) ENGINE=MYISAM;
 
INSERT INTO t VALUES(3);
 
UPDATE t SET c= 1 ORDER BY(SELECT c LIMIT 0);

Leads to:

10.9.2 bfdc4ff22ecf626eb46479e1a0dc1049d61a8d78 (Debug)

 
mysqld: /test/10.9_dbg/sql/filesort.cc:1143: virtual void Type_handler_string_result::make_sort_key_part(uchar*, Item*, const SORT_FIELD_ATTR*, Sort_param*) const: Assertion `0' failed.

10.9.2 bfdc4ff22ecf626eb46479e1a0dc1049d61a8d78 (Debug)

 
Core was generated by `/test/MD090822-mariadb-10.9.2-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
 
Program terminated with signal SIGABRT, Aborted.
 
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
 
[Current thread is 1 (Thread 0x1535019c6700 (LWP 1158032))]
 
(gdb) bt
 
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
 
#1  0x000015351a367859 in __GI_abort () at abort.c:79
 
#2  0x000015351a367729 in __assert_fail_base (fmt=0x15351a4fd588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x56214f1e94f8 "0", file=0x56214f1c8760 "/test/10.9_dbg/sql/filesort.cc", line=1143, function=<optimized out>) at assert.c:92
 
#3  0x000015351a378fd6 in __GI___assert_fail (assertion=assertion@entry=0x56214f1e94f8 "0", file=file@entry=0x56214f1c8760 "/test/10.9_dbg/sql/filesort.cc", line=line@entry=1143, function=function@entry=0x56214f1c89f8 "virtual void Type_handler_string_result::make_sort_key_part(uchar*, Item*, const SORT_FIELD_ATTR*, Sort_param*) const") at assert.c:101
 
#4  0x000056214e7256d2 in Type_handler_string_result::make_sort_key_part (this=<optimized out>, to=0x1534cc06cdf8 '\245' <repeats 200 times>..., item=0x1534cc015448, sort_field=0x1534cc016560, param=<optimized out>) at /test/10.9_dbg/sql/filesort.cc:1143
 
#5  0x000056214e7277ba in make_sortkey (to=0x1534cc06cdf8 '\245' <repeats 200 times>..., param=0x1535019c40d0) at /test/10.9_dbg/sql/filesort.cc:3041
 
#6  make_sortkey (param=param@entry=0x1535019c40d0, to=0x1534cc06cdf8 '\245' <repeats 200 times>..., ref_pos=ref_pos@entry=0x1534cc025af0 "3", '\245' <repeats 15 times>, '\217' <repeats 184 times>..., using_packed_sortkeys=using_packed_sortkeys@entry=false) at /test/10.9_dbg/sql/filesort.cc:1363
 
#7  0x000056214e72aaf5 in find_all_keys (found_rows=0x1534cc06cd60, pq=0x0, tempfile=0x1535019c4190, buffpek_pointers=0x1535019c4300, fs_info=0x1534cc06cb70, select=0x0, param=0x1535019c40d0, thd=0x1534cc000db8) at /test/10.9_dbg/sql/filesort.cc:978
 
#8  filesort (thd=thd@entry=0x1534cc000db8, table=table@entry=0x1534cc025458, filesort=filesort@entry=0x1535019c49f0, tracker=0x1534cc0164d8, join=join@entry=0x0, first_table_bit=first_table_bit@entry=0) at /test/10.9_dbg/sql/filesort.cc:357
 
#9  0x000056214e550e29 in mysql_update (thd=thd@entry=0x1534cc000db8, table_list=<optimized out>, fields=@0x1534cc005a78: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x1534cc0145c0, last = 0x1534cc0145c0, elements = 1}, <No data fields>}, values=@0x1534cc005ea8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x1534cc0145d0, last = 0x1534cc0145d0, elements = 1}, <No data fields>}, conds=<optimized out>, order_num=<optimized out>, order=0x1534cc015628, limit=18446744073709551615, ignore=<optimized out>, found_return=<optimized out>, updated_return=<optimized out>) at /test/10.9_dbg/sql/sql_update.cc:813
 
#10 0x000056214e44e6f3 in mysql_execute_command (thd=thd@entry=0x1534cc000db8, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.9_dbg/sql/sql_limit.h:85
 
#11 0x000056214e43b23e in mysql_parse (thd=thd@entry=0x1534cc000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x1535019c5330) at /test/10.9_dbg/sql/sql_parse.cc:8037
 
#12 0x000056214e44880c in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x1534cc000db8, packet=packet@entry=0x1534cc00b6c9 "UPDATE t SET c= 1 ORDER BY(SELECT c LIMIT 0)", packet_length=packet_length@entry=44, blocking=blocking@entry=true) at /test/10.9_dbg/sql/sql_class.h:1364
 
#13 0x000056214e44af14 in do_command (thd=0x1534cc000db8, blocking=blocking@entry=true) at /test/10.9_dbg/sql/sql_parse.cc:1407
 
#14 0x000056214e5aab68 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x562151418848, put_in_cache=put_in_cache@entry=true) at /test/10.9_dbg/sql/sql_connect.cc:1418
 
#15 0x000056214e5ab071 in handle_one_connection (arg=0x562151418848) at /test/10.9_dbg/sql/sql_connect.cc:1312
 
#16 0x000015351a878609 in start_thread (arg=<optimized out>) at pthread_create.c:477
 
#17 0x000015351a464133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Bug confirmed present in:
MariaDB: 10.3.36 (dbg), 10.4.26 (dbg), 10.5.17 (dbg), 10.6.9 (dbg), 10.7.5 (dbg), 10.8.4 (dbg), 10.9.2 (dbg), 10.10.0 (dbg)

Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.3.36 (opt), 10.4.26 (opt), 10.5.17 (opt), 10.6.9 (opt), 10.7.5 (opt), 10.8.4 (opt), 10.9.2 (opt), 10.10.0 (opt)

 Comments   
Comment by Roel Van de Paar [ 2023-07-08 ]

Additional testcase, with a new assert.

CREATE TABLE t (c DATE NOT NULL);
 
INSERT INTO t VALUES (0);
 
UPDATE t SET c=1 ORDER BY (SELECT c LIMIT 0);

Leads to:

11.1.2 3883eb63dc5e663558571c33d086c9fd3aa0cf8f (Debug)

 
mariadbd: /test/11.1_dbg/sql/filesort.cc:1262: virtual void Type_handler_temporal_result::make_sort_key_part(uchar*, Item*, const SORT_FIELD_ATTR*, String*) const: Assertion `item->maybe_null()' failed.

11.1.2 3883eb63dc5e663558571c33d086c9fd3aa0cf8f (Debug)

 
Core was generated by `/test/MD220623-mariadb-11.1.2-linux-x86_64-dbg/bin/mariadbd --no-defaults --cor'.
 
Program terminated with signal SIGABRT, Aborted.
 
#0  __pthread_kill_implementation (no_tid=0, signo=6, threadid=23139204048448)
 
    at ./nptl/pthread_kill.c:44
 
[Current thread is 1 (Thread 0x150b8409a640 (LWP 1496056))]
 
(gdb) bt
 
#0  __pthread_kill_implementation (no_tid=0, signo=6, threadid=23139204048448) at ./nptl/pthread_kill.c:44
 
#1  __pthread_kill_internal (signo=6, threadid=23139204048448) at ./nptl/pthread_kill.c:78
 
#2  __GI___pthread_kill (threadid=23139204048448, signo=signo@entry=6) at ./nptl/pthread_kill.c:89
 
#3  0x0000150b9a642476 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
 
#4  0x0000150b9a6287f3 in __GI_abort () at ./stdlib/abort.c:79
 
#5  0x0000150b9a62871b in __assert_fail_base (fmt=0x150b9a7dd150 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x55b9a167d716 "item->maybe_null()", file=0x55b9a167d8b0 "/test/11.1_dbg/sql/filesort.cc", line=1262, function=<optimized out>) at ./assert/assert.c:92
 
#6  0x0000150b9a639e96 in __GI___assert_fail (assertion=0x55b9a167d716 "item->maybe_null()", file=0x55b9a167d8b0 "/test/11.1_dbg/sql/filesort.cc", line=1262, function=0x55b9a167dce8 "virtual void Type_handler_temporal_result::make_sort_key_part(uchar*, Item*, const SORT_FIELD_ATTR*, String*) const") at ./assert/assert.c:101
 
#7  0x000055b9a0c8f78c in Type_handler_temporal_result::make_sort_key_part (this=0x55b9a1f09550 <type_handler_newdate>, to=0x150adc066e98 '\245' <repeats 200 times>..., item=0x150adc014ad8, sort_field=<optimized out>, tmp_buffer=<optimized out>) at /test/11.1_dbg/sql/filesort.cc:1262
 
#8  0x000055b9a0c911fb in make_sortkey (to=0x150adc066e98 '\245' <repeats 200 times>..., param=0x150b84098050) at /test/11.1_dbg/sql/filesort.cc:2954
 
#9  make_sortkey (param=param@entry=0x150b84098050, to=0x150adc066e98 '\245' <repeats 200 times>..., ref_pos=ref_pos@entry=0x150adc024300 "", using_packed_sortkeys=using_packed_sortkeys@entry=false) at /test/11.1_dbg/sql/filesort.cc:1414
 
#10 0x000055b9a0c940fa in find_all_keys (found_rows=0x150adc066e70, pq=0x0, tempfile=0x150b84098110, buffpek_pointers=0x150b84098280, fs_info=0x150adc066c80, select=0x0, param=0x150b84098050, thd=0x150adc000d58) at /test/11.1_dbg/sql/filesort.cc:1030
 
#11 filesort (thd=thd@entry=0x150adc000d58, table=table@entry=0x150adc01cda8, filesort=filesort@entry=0x150b84098930, tracker=0x150adc016c10, join=join@entry=0x0, first_table_bit=first_table_bit@entry=0) at /test/11.1_dbg/sql/filesort.cc:408
 
#12 0x000055b9a0abed00 in Sql_cmd_update::update_single_table (this=0x150adc013b98, thd=0x150adc000d58) at /test/11.1_dbg/sql/sql_update.cc:702
 
#13 0x000055b9a0ac0a9e in Sql_cmd_update::execute_inner (this=0x150adc013b98, thd=0x150adc000d58) at /test/11.1_dbg/sql/sql_update.cc:3059
 
#14 0x000055b9a09f7ad4 in Sql_cmd_dml::execute (this=0x150adc013b98, thd=0x150adc000d58) at /test/11.1_dbg/sql/sql_select.cc:33338
 
#15 0x000055b9a09b849d in mysql_execute_command (thd=thd@entry=0x150adc000d58, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/11.1_dbg/sql/sql_parse.cc:4393
 
#16 0x000055b9a09bd849 in mysql_parse (thd=thd@entry=0x150adc000d58, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x150b84099240) at /test/11.1_dbg/sql/sql_parse.cc:7769
 
#17 0x000055b9a09bf9dd in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x150adc000d58, packet=packet@entry=0x150adc00ae69 "UPDATE t SET c=1 ORDER BY (SELECT c LIMIT 0)", packet_length=packet_length@entry=44, blocking=blocking@entry=true) at /test/11.1_dbg/sql/sql_class.h:242
 
#18 0x000055b9a09c18bc in do_command (thd=0x150adc000d58, blocking=blocking@entry=true) at /test/11.1_dbg/sql/sql_parse.cc:1405
 
#19 0x000055b9a0b17010 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55b9a368e8a8, put_in_cache=put_in_cache@entry=true) at /test/11.1_dbg/sql/sql_connect.cc:1416
 
#20 0x000055b9a0b1726f in handle_one_connection (arg=0x55b9a368e8a8) at /test/11.1_dbg/sql/sql_connect.cc:1318
 
#21 0x0000150b9a694b43 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
 
#22 0x0000150b9a726a00 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

Bug confirmed present in:
MariaDB: 10.4.31 (dbg), 10.5.22 (dbg), 10.6.15 (dbg), 10.9.8 (dbg), 10.10.6 (dbg), 10.11.5 (dbg), 11.0.3 (dbg), 11.1.2 (dbg)
MySQL: 5.5.62 (dbg)

Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.4.31 (opt), 10.5.22 (opt), 10.6.15 (opt), 10.9.8 (opt), 10.10.6 (opt), 10.11.5 (opt), 11.0.3 (opt), 11.1.2 (opt)
MySQL: 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.40 (dbg), 8.0.33 (dbg), 8.0.33 (opt)

New UniqueID's/stacks observed with this testcase across failing versions:

item->maybe_null()|SIGABRT|Type_handler_temporal_result::make_sort_key_part|make_sortkey|make_sortkey|find_all_keys
 
item->maybe_null|SIGABRT|Type_handler_temporal_result::make_sort_key_part|make_sortkey|make_sortkey|find_all_keys
 
item->maybe_null|SIGABRT|Type_handler_temporal_result::make_sort_key|make_sortkey|find_all_keys|filesort

Comment by Oleksandr Byelkin [ 2023-07-12 ] 

commit 658bafb79f1c59266a82f0670d34f80ceb7afd65 (HEAD -> bb-10.4-MDEV-29283, origin/bb-10.4-MDEV-29283)
 
Author: Oleksandr Byelkin <sanja@mariadb.com>
 
Date:   Tue Jul 11 11:53:11 2023 +0200
 
 
 
    MDEV-29283 Assertion `0' failed -or- Assertion `item->maybe_null()' failed - both in virtual void Type_handler_string_result::make_sort_key_part - on UPDATE ... ORDER BY ... LIMIT 0
 
    
    LIMIT & OFFSET also can influence one raw subselect NULL

Generated at Thu Feb 08 10:07:19 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.