Bug #31157 crash when select+order by the avg of some field within the group by
Submitted: 23 Sep 2007 14:12 Modified: 9 Nov 2007 21:13
Reporter: Shane Bester (Platinum Quality Contributor) Email Updates:
Status: Closed Impact on me:
Category:MySQL Server: Data Types Severity:S2 (Serious)
Version:5.1.23-debug OS:Linux (suse 9.3 x86)
Assigned to: Georgi Kodinov CPU Architecture:Any
Tags: crash

[23 Sep 2007 14:12] Shane Bester
Version: '5.1.23-beta-debug'  socket: '/tmp/mysql.sock'  port: 3306  yes
070923 15:49:46 - mysqld got signal 11;
This could be because you hit a bug. It is also possible that this binary
or one of the libraries it was linked against is corrupt, improperly built,
or misconfigured. This error can also be caused by malfunctioning hardware.
We will try our best to scrape up some info that will hopefully help diagnose
the problem, but since we have already crashed, something is definitely wrong
and this may fail.

It is possible that mysqld could use up to 
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 337620 K
bytes of memory
Hope that's ok; if not, decrease some variables in the equation.

thd: 0x87bc4a0
Attempting backtrace. You can use the following information to find out
where mysqld died. If you see no messages after this, something went
terribly wrong...
Cannot determine thread, fp=0x40ca863c, backtrace may not be correct.
Stack range sanity check OK, backtrace follows:
0x820111b handle_segfault + 541
0x8318a38 set_field_to_null(Field*) + 10
0x815a7f6 Item::save_in_field(Field*, bool) + 446
0x8163384 Item_result_field::save_in_result_field(bool) + 32
0x827ad0b copy_sum_funcs(Item_sum**, Item_sum**) + 39
0x827553c end_write_group(JOIN*, st_join_table*, bool) + 342
0x827281f sub_select(JOIN*, st_join_table*, bool) + 55
0x827241e do_select(JOIN*, List<Item>*, st_table*, Procedure*) + 786
0x825fe54 JOIN::exec() + 1826
0x81c2797 subselect_single_select_engine::exec() + 843
0x81bd9a8 Item_subselect::exec() + 38
0x81be511 Item_singlerow_subselect::val_str(String*) + 21
0x8157ae4 Item_copy_string::copy() + 36
0x827a3cc copy_fields(TMP_TABLE_PARAM*) + 66
0x82749a5 end_send_group(JOIN*, st_join_table*, bool) + 865
0x8272ad3 evaluate_join_record(JOIN*, st_join_table*, int, char*) + 445
0x82728b9 sub_select(JOIN*, st_join_table*, bool) + 209
0x8272400 do_select(JOIN*, List<Item>*, st_table*, Procedure*) + 756
0x82612bf JOIN::exec() + 7053
0x826181e _Z12mysql_selectP3THDPPP4ItemP10TABLE_LISTjR4ListIS1_ES2_jP8st_orderSB_S2_SB_yP13select_resultP18st_select_lex_unitP13st_select + 638
0x825c33d handle_select(THD*, st_lex*, select_result*, unsigned long) + 365
0x8215af4 execute_sqlcom_select(THD*, TABLE_LIST*) + 772
0x820e7d5 mysql_execute_command(THD*) + 1701
0x8217550 mysql_parse(THD*, char const*, unsigned int, char const**) + 372
0x820cc00 dispatch_command(enum_server_command, THD*, char*, unsigned int) + 2354
0x820c2c2 do_command(THD*) + 600
0x820acbd handle_one_connection + 255
0x40038aa7 _end + 931807543
0x4017ec2e _end + 933143230
New value of fp=(nil) failed sanity check, terminating stack trace!
Please read http://dev.mysql.com/doc/refman/5.1/en/resolve-stack-dump.html
and follow instructions on how to resolve the stack trace.
Resolved stack trace is much more helpful in diagnosing the
problem, so please do resolve it
Trying to get some variables.
Some pointers may be invalid and cause the dump to abort...
thd->query at 0x87ec230 = select 1 from t1 group by (select 1 from t1 order by avg(last_insert_id()))

How to repeat:
#i didn't repeat on 5.0.48 release or debug builds.  only 5.1.23-debug crashed on #my test.

drop table if exists t1;
create table `t1` (`a` enum('rainbow'))engine=myisam;
insert into t1 values (),(),(),(),();
select 1 from t1 group by (select 1 from t1 order by avg(last_insert_id()));
[27 Sep 2007 14:22] MySQL Verification Team
min/max also have the problems.  another testcase:

drop table if exists `t1`;
create table `t1` (`col007` longblob)engine=myisam;
insert into `t1` set `col007` = 'aaaa';
insert into `t1` set `col007` = 'aaaa';
select 1 from t1 group by (select last_insert_id() from t1 order by min(`col007`) asc limit 1);
[19 Oct 2007 12:43] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:


ChangeSet@1.2586, 2007-10-19 15:43:19+03:00, gkodinov@magare.gmz +4 -0
  Bug #31157: crash when select+order by the avg of some field within the group by
  The uncacheable flag should be set at fix_fields() stage.
  Fixed by moving the flag setting to match the one in 5.1
[29 Oct 2007 8:45] Bugs System
Pushed into 5.1.23-beta
[29 Oct 2007 8:49] Bugs System
Pushed into 6.0.4-alpha
[9 Nov 2007 21:13] Paul Dubois
Noted in 5.1.23, 6.0.4 changelogs.

LAST_INSERT_ID() execution could be handled improperly in subqueries.