Bug #119425 mysqld crash in JOIN::make_sum_func_list()
Submitted: 19 Nov 6:59 Modified: 20 Nov 13:13
Reporter: Xingyu Yang (OCA) Email Updates:
Status: Can't repeat Impact on me:
None 
Category:MySQL Server: Optimizer Severity:S3 (Non-critical)
Version:8.0.22 OS:Any
Assigned to: CPU Architecture:Any

[19 Nov 6:59] Xingyu Yang 
Description:
Mysqld crashed in JOIN::make_sum_func_list().
Here is the backtrace:
#7  0x0000000000f48245 in JOIN::make_sum_func_list (this=this@entry=0x7f2aa7841430, fields=..., before_group_by=before_group_by@entry=true, 
    recompute=recompute@entry=false) at /data1/bluedon/8_0/srctxsql/MO_20211202_release/sql/sql_select.cc:4196
#8  0x0000000000ed305b in is_indexed_agg_distinct (join=join@entry=0x7f2aa7841430, out_args=out_args@entry=0x0)
    at /data1/bluedon/8_0/srctxsql/MO_20211202_release/sql/sql_optimizer.cc:7799
#9  0x0000000000ed73d8 in JOIN::optimize_distinct_group_order (this=this@entry=0x7f2aa7841430)
    at /data1/bluedon/8_0/srctxsql/MO_20211202_release/sql/sql_optimizer.cc:1428
#10 0x0000000000ee0140 in JOIN::optimize (this=0x7f2aa7841430) at /data1/bluedon/8_0/srctxsql/MO_20211202_release/sql/sql_optimizer.cc:614
#11 0x0000000000f4566c in SELECT_LEX::optimize (this=this@entry=0x7f2ac23cae20, thd=thd@entry=0x7f2aa789d000)
    at /data1/bluedon/8_0/srctxsql/MO_20211202_release/sql/sql_select.cc:2015
#12 0x0000000000fbe02f in SELECT_LEX_UNIT::optimize (this=this@entry=0x7f2ac23ca6d8, thd=thd@entry=0x7f2aa789d000, 
    materialize_destination=materialize_destination@entry=0x0, create_iterators=create_iterators@entry=true)
    at /data1/bluedon/8_0/srctxsql/MO_20211202_release/sql/sql_union.cc:681
#13 0x0000000000f43cde in Sql_cmd_dml::execute_inner (this=0x7f2aa7841108, thd=0x7f2aa789d000)
    at /data1/bluedon/8_0/srctxsql/MO_20211202_release/sql/sql_select.cc:984
#14 0x0000000000f4adf0 in Sql_cmd_dml::execute (this=0x7f2aa7841108, thd=0x7f2aa789d000)
    at /data1/bluedon/8_0/srctxsql/MO_20211202_release/sql/sql_select.cc:779
#15 0x0000000000eec54b in mysql_execute_command (thd=thd@entry=0x7f2aa789d000, first_level=first_level@entry=true)
    at /data1/bluedon/8_0/srctxsql/MO_20211202_release/sql/sql_parse.cc:4942

the item pointer seems to have been written over.
This version is old. I wonder if this is a known bug that has been hidden.

How to repeat:
At present, I haven't found a way to reproduce it. This is an occasional issue that has occurred a few times.

The statement that caused the crash was a "select for update" statement, but even when executed directly, it was not possible to reproduce the crash.

Here is the statement:
SELECT dag_run.state AS dag_run_state, dag_run.id AS dag_run_id, dag_run.dag_id AS dag_run_dag_id, dag_run.queued_at AS dag_run_queued_at, dag_run.execution_date AS dag_run_execution_date, dag_run.start_date AS dag_run_start_date, dag_run.end_date AS dag_run_end_date, dag_run.run_id AS dag_run_run_id, dag_run.creating_job_id AS dag_run_creating_job_id, dag_run.external_trigger AS dag_run_external_trigger, dag_run.run_type AS dag_run_run_type, dag_run.conf AS dag_run_conf, dag_run.data_interval_start AS dag_run_data_interval_start, dag_run.data_interval_end AS dag_run_data_interval_end, dag_run.last_scheduling_decision AS dag_run_last_scheduling_decision, dag_run.dag_hash AS dag_run_dag_hash FROM dag_run WHERE dag_run.dag_id = 'ods_xxx' AND dag_run.run_id = 'scheduled__2025-11-16T00:00:00+00:00' FOR UPDATE;
[20 Nov 13:13] MySQL Verification Team 
Please check if 8.0.44 or 8.4.7 crashes, and reopen this report if so.