Bug #112502 Assertion Failure in /mysql-8.0.34/sql/item_sum.cc:1598
Submitted: 26 Sep 2023 11:46 Modified: 26 Sep 2023 11:48
Reporter: xin wen Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Server: DML Severity:S6 (Debug Builds)
Version:8.0.34 OS:Ubuntu (20.04)
Assigned to: CPU Architecture:Any

[26 Sep 2023 11:46] xin wen 
Description:
Run these queries:

CREATE TABLE t0 ( c30 TINYBLOB , INDEX i0 ( ( c30 + -77 ) ) ) ;
INSERT INTO t0 VALUES ( -29 ) , ( 84 ) ;
ALTER TABLE t0 RENAME TO t1 ;
INSERT INTO t1 VALUES ( -99 ) , ( -12 ) ;
SELECT BIT_OR( t2 . c44 ) AS c50 , CONVERT ( NOT RAND ( ) IN ( ( SELECT t3 . * FROM ( SELECT RPAD ( t2 . c44 , ASIN ( t1 . c30 ) IS NOT NULL IS NOT NULL <= ALL ( SELECT t2 . c44 AS c14 ) , 'e[19729%0>k]@5[=%&-U8BgD4!`:`}qG18M0Vl' ) | ACOS ( -47 ) NOT REGEXP ROW_NUMBER ( ) OVER ( ) >> SQRT ( t1 . c30 ) + FORMAT ( -1 , -73 ) & NTH_VALUE ( -41 IN ( 102 , -29 , 123 ) , 1036942576391486611 ) FROM FIRST RESPECT NULLS OVER ( ) AS c30 FROM t1 ) AS t3 GROUP BY c30 , c44 , c30 WITH ROLLUP HAVING ~ LPAD ( t2 . c44 , '+~w~7@]x.J$c;~' , BIT_XOR( c44 ) & BIT_OR( 113 ) ) = 108 WINDOW w0 AS ( PARTITION BY t3 . c30 ROWS BETWEEN UNBOUNDED PRECEDING AND UNBOUNDED FOLLOWING ) ) ) , UNSIGNED ) AS c16 FROM ( SELECT c30 AS c44 FROM t1 GROUP BY c30 WITH ROLLUP ) AS t2 JOIN t1 ON t1 . c30 = t1 . c30 GROUP BY c44 , c44 ;

Will trigger assertion failure:
/home/wx/mysql-8.0.34/sql/item_sum.cc:1598: bool Item_sum_bit::add_bits(const String*, ulonglong): Assertion `value_buff.length() > 0' failed.

GDB info:
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007ffff6af2859 in __GI_abort () at abort.c:79
#2  0x00007ffff6af2729 in __assert_fail_base (fmt=0x7ffff6c88588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x55555dfdfb60 "value_buff.length() > 0", file=0x55555dfdbc60 "/home/wx/mysql-8.0.34/sql/item_sum.cc", line=1598, function=<optimized out>) at assert.c:92
#3  0x00007ffff6b03fd6 in __GI___assert_fail (assertion=assertion@entry=0x55555dfdfb60 "value_buff.length() > 0", file=file@entry=0x55555dfdbc60 "/home/wx/mysql-8.0.34/sql/item_sum.cc", line=line@entry=1598, function=function@entry=0x55555dfe20c0 "bool Item_sum_bit::add_bits(const String*, ulonglong)") at assert.c:101
#4  0x0000555559e63e01 in Item_sum_bit::add_bits (this=this@entry=0x614000162470, s1=s1@entry=0x613000e17c48, b1=b1@entry=0) at /home/wx/mysql-8.0.34/sql/item_sum.cc:1619
#5  0x0000555559e64ca1 in Item_sum_bit::add (this=0x614000162470) at /home/wx/mysql-8.0.34/sql/item_sum.cc:1693
#6  0x0000555559e3f6a5 in Item_sum_bit::update_field (this=0x614000162470) at /home/wx/mysql-8.0.34/sql/item_sum.cc:3444
#7  0x00005555593e0415 in update_tmptable_sum_func (func_ptr=0x608001394bd8, tmp_table=<optimized out>) at /home/wx/mysql-8.0.34/sql/sql_executor.cc:408
#8  0x000055555a2a1dd4 in TemptableAggregateIterator<DummyIteratorProfiler>::Init (this=0x60c00013b670) at /usr/include/x86_64-linux-gnu/bits/string_fortified.h:34
#9  0x00005555597138da in Query_expression::ExecuteIteratorQuery (this=this@entry=0x61200031a2f0, thd=thd@entry=0x6270002bf900) at /home/wx/mysql-8.0.34/sql/sql_union.cc:1763
#10 0x0000555559713ecd in Query_expression::execute (this=this@entry=0x61200031a2f0, thd=thd@entry=0x6270002bf900) at /home/wx/mysql-8.0.34/sql/sql_union.cc:1823
#11 0x00005555595b1f79 in Sql_cmd_dml::execute_inner (this=0x60b0001586c0, thd=0x6270002bf900) at /home/wx/mysql-8.0.34/sql/sql_select.cc:1022
#12 0x00005555595ce209 in Sql_cmd_dml::execute (this=0x60b0001586c0, thd=0x6270002bf900) at /home/wx/mysql-8.0.34/sql/sql_select.cc:793
#13 0x00005555594bd568 in mysql_execute_command (thd=thd@entry=0x6270002bf900, first_level=first_level@entry=true) at /home/wx/mysql-8.0.34/sql/sql_parse.cc:4719
#14 0x00005555594c0bfe in dispatch_sql_command (thd=0x6270002bf900, parser_state=parser_state@entry=0x7fffc706ec00) at /home/wx/mysql-8.0.34/sql/sql_parse.cc:5368
#15 0x00005555594c38e2 in dispatch_command (thd=thd@entry=0x6270002bf900, com_data=com_data@entry=0x7fffc7070200, command=<optimized out>) at /home/wx/mysql-8.0.34/sql/sql_parse.cc:2054
#16 0x00005555594c7392 in do_command (thd=thd@entry=0x6270002bf900) at /home/wx/mysql-8.0.34/sql/sql_parse.cc:1439
#17 0x000055555989b7be in handle_connection (arg=arg@entry=0x6030001722d0) at /home/wx/mysql-8.0.34/sql/conn_handler/connection_handler_per_thread.cc:302
#18 0x000055555cc724e9 in pfs_spawn_thread (arg=0x614000140a60) at /home/wx/mysql-8.0.34/storage/perfschema/pfs.cc:3042
#19 0x00007ffff7568609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#20 0x00007ffff6bef133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

How to repeat:
Run the queries above.
[26 Sep 2023 11:48] MySQL Verification Team 
Hello xin wen,

Thank you for the report and test case.
Observed that 8.0.34 debug build is affected.

regards,
Umesh