[MDEV-32710] Assertion Failed at /mariadb-11.3.0/sql/item_subselect.cc:1936 Created: 2023-11-07  Updated: 2023-12-04

Status: Confirmed
Project: MariaDB Server
Component/s: Server
Affects Version/s: 10.4, 10.5, 10.6, 10.9, 10.10, 10.11, 11.0, 11.1, 11.2, 11.3.0
Fix Version/s: 10.4, 10.5, 10.6, 10.11, 11.0, 11.1, 11.2

Type: Bug Priority: Major
Reporter: Xin Wen Assignee: Sergei Petrunia
Resolution: Unresolved Votes: 0
Labels: None
Environment:

Ubuntu 20.04


 Description   

Run these queries in debug build:

CREATE TABLE t0 ( c31 DECIMAL ( 53 ) DEFAULT ( 71 ) ) ;
INSERT INTO t0 VALUES ( 1106158570540604767 ) , ( -71 ) ;
ALTER TABLE t0 ADD COLUMN c15 INT AFTER c31 ;
INSERT INTO t0 VALUES ( 6 , -72 ) , ( 34 , 104 ) ;
SELECT AVG ( c25 ) IN ( SELECT c25 AS c14 FROM t0 GROUP BY c25 , c31 HAVING - BIT_LENGTH ( 125 ) % EXISTS ( SELECT REPLACE ( -14 , 'NbhB#kV"/5AcCP6:aP\'B\'HnQqZB)Z?d`rue{Krdf|f;v?|S' NOT BETWEEN RTRIM ( ( CONVERT ( t2 . c31 , UNSIGNED ) ) / ASIN ( t0 . c15 ) OR LOCATE ( t2 . c31 , 'C 3{=:dinZ2]C&nBiGF' , '`y`=H %R=ZN{=)x,_e.rAK%4fJ%D8{G Io>|*
9a34^*Z%q|aP/itd|^W' ) NOT BETWEEN 80 AND 77 ) AND + ROUND ( t2 . c15 <= 109 ) , '_2gx~GcXTg0' ) REGEXP NULLIF ( 16130075208405570 , -16 IS FALSE ) & ATAN ( 32 , -111 ) | DEGREES ( -81 ) = DEGREES ( t2 . c15 ) - UNHEX ( t2 . c31 ) AS c22 FROM t0 CROSS JOIN t0 AS t2 INTERSECT SELECT - ( SQRT ( CONVERT ( -10 , UNSIGNED ) % RAND ( ) - RAND ( -69 ) << + EXISTS ( SELECT 88 AS c22 ) IS NULL ) << 25 ) AS c25 FROM t0 ) ) AS c61 FROM ( SELECT c31 AS c25 FROM t0 ) AS t1 JOIN t0 ON t0 . c15 = t0 . c15 GROUP BY c25 WITH ROLLUP ;

Will trigger Assertion Failed.
GDB info:
#0 0x00007ffff6c0c00b in raise () from /lib/x86_64-linux-gnu/libc.so.6
#1 0x00007ffff6beb859 in abort () from /lib/x86_64-linux-gnu/libc.so.6
#2 0x00007ffff6beb729 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#3 0x00007ffff6bfcfd6 in __assert_fail () from /lib/x86_64-linux-gnu/libc.so.6
#4 0x0000555557db5315 in Item_in_subselect::val_int (this=0x6290001a73c0) at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:1936
#5 0x0000555557ba521f in Item::save_int_in_field (this=0x6290001a73c0, field=0x61a0001b6e08, no_conversions=true) at /home/wx/mariadb-11.3.0/sql/item.cc:6843
#6 0x00005555578b2242 in Type_handler_int_result::Item_save_in_field (this=0x55555b7b68c0 <type_handler_bool>, item=0x6290001a73c0, field=0x61a0001b6e08, no_conversions=true) at /home/wx/mariadb-11.3.0/sql/sql_type.cc:4341
#7 0x0000555557ba540b in Item::save_in_field (this=0x6290001a73c0, field=0x61a0001b6e08, no_conversions=true) at /home/wx/mariadb-11.3.0/sql/item.cc:6853
#8 0x0000555556ea7174 in Item_result_field::save_in_result_field (this=0x6290001a73c0, no_conversions=true) at /home/wx/mariadb-11.3.0/sql/item.h:3490
#9 0x00005555573879d1 in copy_funcs (func_ptr=0x621000167880, thd=0x62c0001e0288) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:28843
#10 0x000055555736c428 in end_write (join=0x6290001ac4a8, join_tab=0x62d000023958, end_of_records=false) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:24979
#11 0x00005555573a1a77 in AGGR_OP::put_record (this=0x62d00001c430, end_of_records=false) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:32254
#12 0x00005555573b632d in AGGR_OP::put_record (this=0x62d00001c430) at /home/wx/mariadb-11.3.0/sql/sql_select.h:1180
#13 0x000055555735ec6a in sub_select_postjoin_aggr (join=0x6290001ac4a8, join_tab=0x62d000023958, end_of_records=false) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:23134
#14 0x000055555775be68 in JOIN_CACHE::generate_full_extensions (this=0x62d0000248b0, rec_ptr=0x6140000b92c8 <incomplete sequence \375\200>) at /home/wx/mariadb-11.3.0/sql/sql_join_cache.cc:2511
#15 0x000055555775b6ca in JOIN_CACHE::join_matching_records (this=0x62d0000248b0, skip_last=false) at /home/wx/mariadb-11.3.0/sql/sql_join_cache.cc:2403
#16 0x0000555557759951 in JOIN_CACHE::join_records (this=0x62d0000248b0, skip_last=false) at /home/wx/mariadb-11.3.0/sql/sql_join_cache.cc:2158
#17 0x000055555735ef49 in sub_select_cache (join=0x6290001ac4a8, join_tab=0x62d0000234e0, end_of_records=true) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:23192
#18 0x000055555735f713 in sub_select (join=0x6290001ac4a8, join_tab=0x62d000023068, end_of_records=true) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:23378
#19 0x000055555735dbe3 in do_select (join=0x6290001ac4a8, procedure=0x0) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:22963
#20 0x00005555572dbfe9 in JOIN::exec_inner (this=0x6290001ac4a8) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4941
#21 0x00005555572d93a0 in JOIN::exec (this=0x6290001ac4a8) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4718
#22 0x00005555572ddbab in mysql_select (thd=0x62c0001e0288, tables=0x6290001aa200, fields=..., conds=0x0, og_num=1, order=0x0, group=0x6290001a81d0, having=0x0, proc_param=0x0, select_options=2165049856, result=0x6290001ac478, unit=0x62c0001e46d8, select_lex=0x6290001139e0) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:5249
#23 0x00005555572ad18a in handle_select (thd=0x62c0001e0288, lex=0x62c0001e45f8, result=0x6290001ac478, setup_tables_done_option=0) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:628
#24 0x00005555571ce583 in execute_sqlcom_select (thd=0x62c0001e0288, all_tables=0x6290001aa200) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:6013
#25 0x00005555571becf6 in mysql_execute_command (thd=0x62c0001e0288, is_called_from_prepared_stmt=false) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:3912
#26 0x00005555571d95e2 in mysql_parse (thd=0x62c0001e0288, rawbuf=0x6290001132a8 "SELECT AVG ( c25 ) IN ( SELECT c25 AS c14 FROM t0 GROUP BY c25 , c31 HAVING - BIT_LENGTH ( 125 ) % EXISTS ( SELECT REPLACE ( -14 , 'NbhB#kV\"/5AcCP6:aP\\'B
'HnQqZB)Z?d`rue{Krdf|f;v?^|S' NOT BETWEEN RTRI"..., length=868, parser_state=0x7fffd0fde870) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:7734
#27 0x00005555571b1237 in dispatch_command (command=COM_QUERY, thd=0x62c0001e0288, packet=0x6290000ff289 "", packet_length=871, blocking=true) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:1893
#28 0x00005555571adf7c in do_command (thd=0x62c0001e0288, blocking=true) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:1406
#29 0x000055555768e557 in do_handle_one_connection (connect=0x611000050708, put_in_cache=true) at /home/wx/mariadb-11.3.0/sql/sql_connect.cc:1445
#30 0x000055555768deb4 in handle_one_connection (arg=0x611000050708) at /home/wx/mariadb-11.3.0/sql/sql_connect.cc:1347
#31 0x00005555582fa350 in pfs_spawn_thread (arg=0x618000005508) at /home/wx/mariadb-11.3.0/storage/perfschema/pfs.cc:2201
#32 0x00007ffff7115609 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
#33 0x00007ffff6ce8133 in clone () from /lib/x86_64-linux-gnu/libc.so.6

 Comments   
Comment by Alice Sherepa [ 2023-11-07 ]

Thanks!
Repeatable on 10.4-11.3

Version: '10.4.32-MariaDB-debug-log'
 
mysqld: /10.4/src/sql/item_subselect.cc:1831: virtual longlong Item_in_subselect::val_int(): Assertion `0' failed.
 
231107 18:16:09 [ERROR] mysqld got signal 6 ;
 
 
 
 
 
Server version: 10.4.32-MariaDB-debug-log source revision: e5a5573f782723e40c372f38346a60b1ccc644d6
 
 
 
/lib/x86_64-linux-gnu/libc.so.6(+0x33fd6)[0x7f4c9ed4efd6]
 
sql/item_subselect.cc:1832(Item_in_subselect::val_int())[0x5589b931d473]
 
sql/item.cc:6718(Item::save_int_in_field(Field*, bool))[0x5589b9164165]
 
sql/sql_type.cc:3847(Type_handler_int_result::Item_save_in_field(Item*, Field*, bool) const)[0x5589b8e9b794]
 
sql/item.cc:6728(Item::save_in_field(Field*, bool))[0x5589b9164349]
 
sql/item.h:3284(Item_result_field::save_in_result_field(bool))[0x5589b87b2669]
 
sql/sql_select.cc:26211(copy_funcs(Item**, THD const*))[0x5589b8a8ed3b]
 
sql/sql_select.cc:22374(end_write(JOIN*, st_join_table*, bool))[0x5589b8a72d16]
 
sql/sql_select.cc:29651(AGGR_OP::put_record(bool))[0x5589b8aa940f]
 
sql/sql_select.h:1085(AGGR_OP::put_record())[0x5589b8ab8edd]
 
sql/sql_select.cc:20627(sub_select_postjoin_aggr(JOIN*, st_join_table*, bool))[0x5589b8a65ef1]
 
sql/sql_join_cache.cc:2528(JOIN_CACHE::generate_full_extensions(unsigned char*))[0x5589b8dce3ac]
 
sql/sql_join_cache.cc:2420(JOIN_CACHE::join_matching_records(bool))[0x5589b8dcdc0f]
 
sql/sql_join_cache.cc:2173(JOIN_CACHE::join_records(bool))[0x5589b8dcbf6d]
 
sql/sql_select.cc:20685(sub_select_cache(JOIN*, st_join_table*, bool))[0x5589b8a661d0]
 
sql/sql_select.cc:20867(sub_select(JOIN*, st_join_table*, bool))[0x5589b8a6695a]
 
sql/sql_select.cc:20445(do_select(JOIN*, Procedure*))[0x5589b8a6505a]
 
sql/sql_select.cc:4625(JOIN::exec_inner())[0x5589b89f2a9c]
 
sql/sql_select.cc:4408(JOIN::exec())[0x5589b89f00cc]
 
sql/sql_select.cc:4848(mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x5589b89f42a8]
 
sql/sql_select.cc:442(handle_select(THD*, LEX*, select_result*, unsigned long))[0x5589b89c4b1e]
 
sql/sql_parse.cc:6475(execute_sqlcom_select(THD*, TABLE_LIST*))[0x5589b8930886]
 
sql/sql_parse.cc:3978(mysql_execute_command(THD*))[0x5589b891dffd]
 
sql/sql_parse.cc:8013(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x5589b8939dc5]
 
sql/sql_parse.cc:1860(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x5589b8910187]
 
sql/sql_parse.cc:1378(do_command(THD*))[0x5589b890ccb2]
 
sql/sql_connect.cc:1420(do_handle_one_connection(CONNECT*))[0x5589b8d1c5b5]
 
sql/sql_connect.cc:1325(handle_one_connection)[0x5589b8d1be59]
 
perfschema/pfs.cc:1871(pfs_spawn_thread)[0x5589b99b847e]
 
nptl/pthread_create.c:478(start_thread)[0x7f4c9f269609]
 
 
 
Query (0x62b0000a1290): SELECT AVG ( c25 ) IN ( SELECT c25 AS c14 FROM t0 GROUP BY c25 , c31 HAVING - BIT_LENGTH ( 125 ) % EXISTS ( SELECT REPLACE ( -14 , 'NbhB#kV"/5AcCP6:aP\'B\'HnQqZB)Z?d`rue{Krdf|f;v?|S' NOT BETWEEN RTRIM ( ( CONVERT ( t2 . c31 , UNSIGNED ) ) / ASIN ( t0 . c15 ) OR LOCATE ( t2 . c31 , 'C 3{=:dinZ2]C&nBiGF' , '`y`=H %R=ZN{=)x,_e.rAK%4fJ%D8{G Io>|*
 
9a34^*Z%q|aP/itd|^W' ) NOT BETWEEN 80 AND 77 ) AND + ROUND ( t2 . c15 <= 109 ) , '_2gx~GcXTg0' ) REGEXP NULLIF ( 16130075208405570 , -16 IS FALSE ) & ATAN ( 32 , -111 ) | DEGREES ( -81 ) = DEGREES ( t2 . c15 ) - UNHEX ( t2 . c31 ) AS c22 FROM t0 CROSS JOIN t0 AS t2 INTERSECT SELECT - ( SQRT ( CONVERT ( -10 , UNSIGNED ) % RAND ( ) - RAND ( -69 ) << + EXISTS ( SELECT 88 AS c22 ) IS NULL ) << 25 ) AS c25 FROM t0 ) ) AS c61 FROM ( SELECT c31 AS c25 FROM t0 ) AS t1 JOIN t0 ON t0 . c15 = t0 . c15 GROUP BY c25 WITH ROLLUP

Generated at Thu Feb 08 10:33:25 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.