MySQL Bugs: #112500: Assertion Failure in /mysql-8.0.34/sql/item

Bug #112500	Assertion Failure in /mysql-8.0.34/sql/item_sum.cc:4127
Submitted:	26 Sep 11:41	Modified:	26 Sep 11:50
Reporter:	xin wen	Email Updates:
Status:	Verified	Impact on me:	None
Category:	MySQL Server: DML	Severity:	S6 (Debug Builds)
Version:	8.0.34	OS:	Ubuntu (20.04)
Assigned to:		CPU Architecture:	Any

Description:
Run these queries:

CREATE TABLE t0 ( c12 INT , c10 INT ) ;
CREATE TABLE t1 ( c12 INT , c57 INT ) ;
INSERT INTO t1 VALUES ( DEFAULT , DEFAULT ) , ( DEFAULT , DEFAULT ) ;
INSERT INTO t0 VALUES ( 95 , 37 ) , ( 8489235317894739569 BETWEEN TRUE AND -87 NOT REGEXP RAND ( ) - RAND ( ) * RAND ( ) , 44 ) ;
SELECT IF ( t3 . c12 = RAND ( ) % ( EXISTS ( SELECT 85 AS c29 WHERE 23 REGEXP -44.428795 HAVING GROUP_CONCAT( c36 , 28 ORDER BY c12 SEPARATOR 'EJ)`~Q}vYMOQ0ej*jWk@u\'R.' ) LIMIT 1 ) ) NOT IN ( 3472772923252129926 , 48 , -12 ) = SOME ( SELECT IFNULL ( RAND ( ) % LN ( t3 . c57 ) , COS ( RAND ( ) = TAN ( -56 ) IN ( 68 , 5 , 101 ) ) ) AS c31 ) , 1442353584302851172 , -88 ) AS c12 FROM ( ( SELECT 96 AS c36 ) ) AS t2 LEFT OUTER JOIN t1 AS t3 ON t2 . c36 = t3 . c12 GROUP BY c57 , c12 , c36 WITH ROLLUP LIMIT 59 , 15 ;

Will trigger assertion failure:
mysqld: /home/wx/mysql-8.0.34/sql/item_sum.cc:4127: int dump_leaf_key(void*, element_count, void*): Assertion `offset < table->s->reclength' failed.

GDB info:
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007ffff6af2859 in __GI_abort () at abort.c:79
#2  0x00007ffff6af2729 in __assert_fail_base (fmt=0x7ffff6c88588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x55555dfde940 "offset < table->s->reclength", file=0x55555dfdbc60 "/home/wx/mysql-8.0.34/sql/item_sum.cc", line=4127, function=<optimized out>) at assert.c:92
#3  0x00007ffff6b03fd6 in __GI___assert_fail (assertion=assertion@entry=0x55555dfde940 "offset < table->s->reclength", file=file@entry=0x55555dfdbc60 "/home/wx/mysql-8.0.34/sql/item_sum.cc", line=line@entry=4127, function=function@entry=0x55555dfde8e0 "int dump_leaf_key(void*, element_count, void*)") at assert.c:101
#4  0x0000555559e46d1e in dump_leaf_key (key_arg=<optimized out>, count=<optimized out>, item_arg=0x61a0004320b0) at /home/wx/mysql-8.0.34/sql/item_sum.cc:4128
#5  0x000055555be5a0e8 in tree_walk_left_root_right (tree=0x61a000432228, element=0x60700038e600, action=action@entry=0x555559e46806 <dump_leaf_key(void*, unsigned int, void*)>, argument=argument@entry=0x61a0004320b0) at /home/wx/mysql-8.0.34/mysys/tree.cc:503
#6  0x000055555be5d445 in tree_walk (tree=<optimized out>, action=action@entry=0x555559e46806 <dump_leaf_key(void*, unsigned int, void*)>, argument=argument@entry=0x61a0004320b0, visit=visit@entry=left_root_right) at /home/wx/mysql-8.0.34/mysys/tree.cc:491
#7  0x0000555559e47249 in Item_func_group_concat::val_str (this=0x61a0004320b0) at /home/wx/mysql-8.0.34/sql/item_sum.cc:4642
#8  0x0000555559e5512c in Item_rollup_sum_switcher::val_str (this=0x613000de4230, str=0x613000de4248) at /home/wx/mysql-8.0.34/sql/item_sum.cc:6320
#9  0x0000555559c65bf6 in Item::save_in_field_inner (this=0x613000de4230, field=0x614000160270, no_conversions=<optimized out>) at /home/wx/mysql-8.0.34/sql/item.cc:6730
#10 0x00005555593ff0ba in Item::save_in_field_no_error_check (this=this@entry=0x613000de4230, field=0x614000160270, no_conversions=no_conversions@entry=true) at /home/wx/mysql-8.0.34/sql/item.h:1321
#11 0x00005555593e753c in copy_funcs (param=<optimized out>, thd=<optimized out>, type=type@entry=CFT_ALL) at /home/wx/mysql-8.0.34/sql/sql_executor.cc:436
#12 0x000055555a29e05b in MaterializeIterator<DummyIteratorProfiler>::MaterializeQueryBlock (this=this@entry=0x611000114970, query_block=..., stored_rows=stored_rows@entry=0x7fffc707bb60) at /home/wx/mysql-8.0.34/sql/iterators/composite_iterators.cc:1170
#13 0x000055555a2a5500 in MaterializeIterator<DummyIteratorProfiler>::Init (this=0x611000114970) at /home/wx/mysql-8.0.34/sql/iterators/composite_iterators.cc:928
#14 0x000055555a293b23 in LimitOffsetIterator::Init (this=0x60c0001436b0) at /home/wx/mysql-8.0.34/sql/iterators/composite_iterators.cc:100
#15 0x00005555597138da in Query_expression::ExecuteIteratorQuery (this=this@entry=0x6120002ed470, thd=thd@entry=0x6270002bf900) at /home/wx/mysql-8.0.34/sql/sql_union.cc:1763
#16 0x0000555559713ecd in Query_expression::execute (this=this@entry=0x6120002ed470, thd=thd@entry=0x6270002bf900) at /home/wx/mysql-8.0.34/sql/sql_union.cc:1823
#17 0x00005555595b1f79 in Sql_cmd_dml::execute_inner (this=0x60b0001577a0, thd=0x6270002bf900) at /home/wx/mysql-8.0.34/sql/sql_select.cc:1022
#18 0x00005555595ce209 in Sql_cmd_dml::execute (this=0x60b0001577a0, thd=0x6270002bf900) at /home/wx/mysql-8.0.34/sql/sql_select.cc:793
#19 0x00005555594bd568 in mysql_execute_command (thd=thd@entry=0x6270002bf900, first_level=first_level@entry=true) at /home/wx/mysql-8.0.34/sql/sql_parse.cc:4719
#20 0x00005555594c0bfe in dispatch_sql_command (thd=0x6270002bf900, parser_state=parser_state@entry=0x7fffc707ec00) at /home/wx/mysql-8.0.34/sql/sql_parse.cc:5368
#21 0x00005555594c38e2 in dispatch_command (thd=thd@entry=0x6270002bf900, com_data=com_data@entry=0x7fffc7080200, command=<optimized out>) at /home/wx/mysql-8.0.34/sql/sql_parse.cc:2054
#22 0x00005555594c7392 in do_command (thd=thd@entry=0x6270002bf900) at /home/wx/mysql-8.0.34/sql/sql_parse.cc:1439
#23 0x000055555989b7be in handle_connection (arg=arg@entry=0x603000166b40) at /home/wx/mysql-8.0.34/sql/conn_handler/connection_handler_per_thread.cc:302
#24 0x000055555cc724e9 in pfs_spawn_thread (arg=0x614000140a60) at /home/wx/mysql-8.0.34/storage/perfschema/pfs.cc:3042
#25 0x00007ffff7568609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#26 0x00007ffff6bef133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

How to repeat:
Run the queries above.

Hello xin wen,

Thank you for the report and test case.
Observed that 8.0.34 debug build is affected.

regards,
Umesh