Bug #112772 Assertion `is_nullable()' failed in MySQL 8.1.0
Submitted: 19 Oct 2023 8:37 Modified: 19 Oct 2023 8:41
Reporter: Wang Ke Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Server: Optimizer Severity:S6 (Debug Builds)
Version:8.1.0, 8.0.34 OS:Any
Assigned to: CPU Architecture:Any
Tags: assertion failure

[19 Oct 2023 8:37] Wang Ke
Description:
Hello, I found a test case triggered an assertion failure in MySQL 8.1.0 debug build, which is similar to Bug #112712:

```
mysqld: /home/mysql-8.1.0/sql/item_func.cc:1888: virtual longlong Item_typecast_signed::val_int(): Assertion `is_nullable()' failed.
2023-10-19T08:15:38Z UTC - mysqld got signal 6 ;
Most likely, you have hit a bug, but this error can also be caused by malfunctioning hardware.
BuildID[sha1]=d41d0359075d9acaf807cea3acc3b128cdec5219
Thread pointer: 0x6270002bc100
Attempting backtrace. You can use the following information to find out
where mysqld died. If you see no messages after this, something went
terribly wrong...
stack_bottom = 7fe08b203a20 thread_stack 0x100000
/home/mysql-8.1.0-origin/bin/mysqld(__interceptor_backtrace+0x5b) [0x649134b]
/home/mysql-8.1.0-origin/bin/mysqld(my_print_stacktrace(unsigned char const*, unsigned long)+0x10d) [0xbfde8ed]
/home/mysql-8.1.0-origin/bin/mysqld(print_fatal_signal(int)+0x552) [0x8979ee2]
/home/mysql-8.1.0-origin/bin/mysqld(handle_fatal_signal+0x175) [0x897a5c5]
/lib/x86_64-linux-gnu/libpthread.so.0(+0x11390) [0x7fe0bcb64390]
/lib/x86_64-linux-gnu/libc.so.6(gsignal+0x38) [0x7fe0bae4d438]
/lib/x86_64-linux-gnu/libc.so.6(abort+0x16a) [0x7fe0bae4f03a]
/lib/x86_64-linux-gnu/libc.so.6(+0x2dbe7) [0x7fe0bae45be7]
/lib/x86_64-linux-gnu/libc.so.6(+0x2dc92) [0x7fe0bae45c92]
/home/mysql-8.1.0-origin/bin/mysqld(Item_typecast_signed::val_int()+0x2ca) [0x68dc98a]
/home/mysql-8.1.0-origin/bin/mysqld(Item_func::val_decimal(my_decimal*)+0xd1) [0x68cd661]
/home/mysql-8.1.0-origin/bin/mysqld(Arg_comparator::compare_decimal()+0x18a) [0x6d6abaa]
/home/mysql-8.1.0-origin/bin/mysqld(Item_func_eq::val_int()+0x93) [0x6d6fb13]
/home/mysql-8.1.0-origin/bin/mysqld(Item_cache_int::cache_value()+0xf8) [0x6829868]
/home/mysql-8.1.0-origin/bin/mysqld(Item_cache::has_value()+0xb4) [0x6829474]
/home/mysql-8.1.0-origin/bin/mysqld(Item_cache_int::val_int()+0xa6) [0x682a406]
/home/mysql-8.1.0-origin/bin/mysqld(Item::val_bool()+0x192) [0x67ad3b2]
/home/mysql-8.1.0-origin/bin/mysqld() [0x7d1f448]
/home/mysql-8.1.0-origin/bin/mysqld() [0x7d02f93]
/home/mysql-8.1.0-origin/bin/mysqld(ConnectJoins(int, int, int, QEP_TAB*, THD*, CallingContext, std::vector<PendingCondition, std::allocator<PendingCondition> >*, std::vector<PendingInvalidator, std::allocator<PendingInvalidator> >*, std::vector<PendingCondition, std::allocator<PendingCondition> >*, unsigned long*, unsigned long*)+0x2cdb) [0x7cfa97b]
/home/mysql-8.1.0-origin/bin/mysqld(JOIN::create_root_access_path_for_join()+0x775) [0x7d07c65]
/home/mysql-8.1.0-origin/bin/mysqld(JOIN::create_access_paths()+0x90) [0x7d07460]
/home/mysql-8.1.0-origin/bin/mysqld(JOIN::optimize(bool)+0x8fb1) [0x7e31ca1]
/home/mysql-8.1.0-origin/bin/mysqld(Query_block::optimize(THD*, bool)+0x330) [0x82ca8c0]
/home/mysql-8.1.0-origin/bin/mysqld(Query_expression::optimize(THD*, TABLE*, bool, bool)+0x492) [0x8573972]
/home/mysql-8.1.0-origin/bin/mysqld(Sql_cmd_dml::execute_inner(THD*)+0x9a) [0x82c05ea]
/home/mysql-8.1.0-origin/bin/mysqld(Sql_cmd_dml::execute(THD*)+0x13f8) [0x82bd348]
/home/mysql-8.1.0-origin/bin/mysqld(mysql_execute_command(THD*, bool)+0x3875) [0x809efd5]
/home/mysql-8.1.0-origin/bin/mysqld(dispatch_sql_command(THD*, Parser_state*)+0x1b28) [0x8094e68]
/home/mysql-8.1.0-origin/bin/mysqld(dispatch_command(THD*, COM_DATA const*, enum_server_command)+0x377a) [0x808522a]
/home/mysql-8.1.0-origin/bin/mysqld(do_command(THD*)+0x12ee) [0x80902be]
/home/mysql-8.1.0-origin/bin/mysqld() [0x88ff832]
/home/mysql-8.1.0-origin/bin/mysqld() [0xeb1629a]
/lib/x86_64-linux-gnu/libpthread.so.0(+0x76ba) [0x7fe0bcb5a6ba]
/lib/x86_64-linux-gnu/libc.so.6(clone+0x6d) [0x7fe0baf1f51d]

Trying to get some variables.
Some pointers may be invalid and cause the dump to abort.
Query (6110000bae70): SELECT ra0.c1 AS ca2 FROM t0 ra0 LEFT JOIN t0 ra1 ON ( CAST( CAST( 4294967295 AS YEAR ) AS UNSIGNED ) = ra0.c0 AND CAST( ra0.c0 AS SIGNED ) = 0.100000 )
Connection ID (thread ID): 8
Status: NOT_KILLED
```

This is similar to where Bug #112712 triggers, and the cause is presumably the same, but given that it's a different assertion failure, it's better to report it again separately.

How to repeat:
Test case:

```
CREATE TABLE t0 ( c0 INT , c1 VARCHAR ( 1 ) NOT NULL , PRIMARY KEY ( c0 ) ) ;
SELECT ra0.c1 AS ca2 FROM t0 ra0 LEFT JOIN t0 ra1 ON ( CAST( CAST( 4294967295 AS YEAR ) AS UNSIGNED ) = ra0.c0 AND CAST( ra0.c0 AS SIGNED ) = 0.100000 );
```
[19 Oct 2023 8:41] MySQL Verification Team
Hello Wang Ke,

Thank you for the report and test case.
Observed that 8.0.34 debug build is affected with provided test case.

regards,
Umesh
[19 Oct 2023 8:42] MySQL Verification Team
-- 8.0.34 release build - not affected
 ./mtr --nocheck-testcases bug112772
Logging: ./mtr  --nocheck-testcases bug112772
MySQL Version 8.0.34
Checking supported features
Using 'all' suites
Collecting tests
Checking leftover processes
Removing old var directory
Creating var directory '/export/home/tmp/ushastry/mysql-8.0.34/mysql-test/var'
Installing system database
Using parallel: 1

==============================================================================
                  TEST NAME                       RESULT  TIME (ms) COMMENT
------------------------------------------------------------------------------
CREATE TABLE t0 ( c0 INT , c1 VARCHAR ( 1 ) NOT NULL , PRIMARY KEY ( c0 ) ) ;
SELECT ra0.c1 AS ca2 FROM t0 ra0 LEFT JOIN t0 ra1 ON ( CAST( CAST( 4294967295 AS YEAR ) AS UNSIGNED ) = ra0.c0 AND CAST( ra0.c0 AS SIGNED ) = 0.100000 );
ca2
Warnings:
Warning 1292    Truncated incorrect YEAR value: '4294967295'
[ 50%] main.bug112772                            [ pass ]     23
[100%] shutdown_report                           [ pass ]

-- 8.0.34 debug build - affected

 ./mtr --nocheck-testcases bug112772 --debug-server
Logging: ./mtr  --nocheck-testcases bug112772 --debug-server
MySQL Version 8.0.34
Checking supported features
 - Binaries are debug compiled
Using 'all' suites
Collecting tests
Checking leftover processes
Removing old var directory
Creating var directory '/export/home/tmp/ushastry/mysql-8.0.34/mysql-test/var'
Installing system database
Using parallel: 1

==============================================================================
                  TEST NAME                       RESULT  TIME (ms) COMMENT
------------------------------------------------------------------------------
CREATE TABLE t0 ( c0 INT , c1 VARCHAR ( 1 ) NOT NULL , PRIMARY KEY ( c0 ) ) ;
SELECT ra0.c1 AS ca2 FROM t0 ra0 LEFT JOIN t0 ra1 ON ( CAST( CAST( 4294967295 AS YEAR ) AS UNSIGNED ) = ra0.c0 AND CAST( ra0.c0 AS SIGNED ) = 0.100000 );
[ 50%] main.bug112772                            [ fail ]
        Test ended at 2023-10-19 10:41:28

CURRENT_TEST: main.bug112772
mysqltest: At line 2: Query 'SELECT ra0.c1 AS ca2 FROM t0 ra0 LEFT JOIN t0 ra1 ON ( CAST( CAST( 4294967295 AS YEAR ) AS UNSIGNED ) = ra0.c0 AND CAST( ra0.c0 AS SIGNED ) = 0.100000 )' failed.
ERROR 2013 (HY000): Lost connection to MySQL server during query

-bt
#0  0x00007f75571b5aa1 in pthread_kill () from /lib64/libpthread.so.0
#1  0x000000000402c28e in my_write_core(int) ()
#2  0x00000000032d235e in handle_fatal_signal ()
#3  <signal handler called>
#4  0x00007f7555500387 in raise () from /lib64/libc.so.6
#5  0x00007f7555501a78 in abort () from /lib64/libc.so.6
#6  0x00007f75554f91a6 in __assert_fail_base () from /lib64/libc.so.6
#7  0x00007f75554f9252 in __assert_fail () from /lib64/libc.so.6
#8  0x0000000003489599 in Item_typecast_signed::val_int() ()
#9  0x0000000003475ccd in Item_func::val_decimal(my_decimal*) ()
#10 0x00000000034389f5 in Arg_comparator::compare_decimal() ()
#11 0x0000000003445401 in Arg_comparator::compare() ()
#12 0x00000000034343e9 in Item_func_eq::val_int() ()
#13 0x000000000341261c in Item_cache_int::cache_value() ()
#14 0x000000000341bad4 in Item_cache::has_value() ()
#15 0x000000000341bcae in Item_cache_int::val_int() ()
#16 0x0000000003414d52 in Item::val_bool() ()
#17 0x000000000310e551 in ConditionIsAlwaysTrue(Item*) ()
#18 0x0000000003117c78 in CreateHashJoinAccessPath(THD*, QEP_TAB*, AccessPath*, unsigned long, AccessPath*, unsigned long, JoinType, std::vector<Item*, std::allocator<Item*> >*, unsigned long*) ()
#19 0x0000000003118fe9 in ConnectJoins(int, int, int, QEP_TAB*, THD*, CallingContext, std::vector<PendingCondition, std::allocator<PendingCondition> >*, std::vector<PendingInvalidator, std::allocator<PendingInvalidator> >*, std::vector<PendingCondition, std::allocator<PendingCondition> >*, unsigned long*, unsigned long*) [clone .localalias] ()
#20 0x000000000311a05e in JOIN::create_root_access_path_for_join() ()
#21 0x000000000311acaf in JOIN::create_access_paths() ()
#22 0x00000000031513cd in JOIN::optimize(bool) ()
#23 0x00000000031b755f in Query_block::optimize(THD*, bool) ()
#24 0x000000000322d695 in Query_expression::optimize(THD*, TABLE*, bool, bool) ()
#25 0x00000000031b7187 in Sql_cmd_dml::execute_inner(THD*) ()
#26 0x00000000031c0beb in Sql_cmd_dml::execute(THD*) ()
#27 0x0000000003161263 in mysql_execute_command(THD*, bool) ()
#28 0x00000000031626a2 in dispatch_sql_command(THD*, Parser_state*) ()
#29 0x0000000003163cd5 in dispatch_command(THD*, COM_DATA const*, enum_server_command) ()
#30 0x000000000316596c in do_command(THD*) ()
#31 0x00000000032c437c in handle_connection ()
#32 0x00000000047e1af5 in pfs_spawn_thread ()
#33 0x00007f75571b0ea5 in start_thread () from /lib64/libpthread.so.0
#34 0x00007f75555c8b2d in clone () from /lib64/libc.so.6